|
|
// *****************************************************************************
//
// Purpose : Multithreaded stress test
//
// Created : arunm 03/20/96
// Modified: dangriff 11/6/00
//
// *****************************************************************************
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <wincrypt.h>
#include "strestst.h"
#include <pincache.h>
#include <sha2.h>
// ===========================================================================
int Usage(void){ printf("%s -c <CSP Index> [options]\n", APP_NAME) ; printf(" -?: This message\n") ; printf(" -n <N>: # of threads to create (Def: %d)\n", StressGetDefaultThreadCount()); printf(" -t <N>: End test in N minutes (Def: never end)\n"); printf(" -e: Ephemeral keys\n"); printf(" -u: User-protected keys (cannot be used with -e)\n"); printf(" -r: Run regression tests\n"); printf(" -s: Skip PinCache attack test\n"); printf(" -d: Delete all key containers\n"); printf(" -a<Flags> <Container>: Call CryptAcquireContext with Flags\n");
printf("\nCryptAcquireContext Flags:\n"); printf(" v - CRYPT_VERIFYCONTEXT (don't specify <Container>)\n"); printf(" n - CRYPT_NEWKEYSET\n"); printf(" l - CRYPT_MACHINE_KEYSET\n"); printf(" d - CRYPT_DELETEKEYSET\n"); printf(" q - CRYPT_SILENT\n"); printf(" x - create a Key Exchange keyset\n"); printf(" s - create a Signature keyset\n"); printf(" u - request keyset to be User Protected\n"); printf(" e - request keyset to be Exportable\n"); return 1;}
//
// Function: StressGetDefaultThreadCount
//
DWORD StressGetDefaultThreadCount(void){ SYSTEM_INFO SystemInfo;
ZeroMemory(&SystemInfo, sizeof(SystemInfo)); GetSystemInfo(&SystemInfo);
return SystemInfo.dwNumberOfProcessors == 1 ? STRESS_DEFAULT_THREAD_COUNT : SystemInfo.dwNumberOfProcessors;}
//
// Function: MyAlloc
//
LPVOID MyAlloc(SIZE_T dwBytes){ return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwBytes);}
//
// Function: MyFree
//
BOOL MyFree(LPVOID lpMem){ return HeapFree(GetProcessHeap(), 0, lpMem);}
//
// Function: PrintBytes
//
#define CROW 8
void PrintBytes(LPSTR pszHdr, BYTE *pb, DWORD cbSize){ ULONG cb, i; CHAR rgsz[1024];
printf("\n %s, %d bytes ::\n", pszHdr, cbSize);
while (cbSize > 0) { // Start every row with an extra space
printf(" ");
cb = min(CROW, cbSize); cbSize -= cb; for (i = 0; i < cb; i++) printf(" %02x", pb[i]); for (i = cb; i < CROW; i++) printf(" "); printf(" '"); for (i = 0; i < cb; i++) { if (pb[i] >= 0x20 && pb[i] <= 0x7f) printf("%c", pb[i]); else printf("."); } printf("\n"); pb += cb; }}
typedef struct { DWORD dwSignFlags; DWORD dwKeySize; ALG_ID aiHash; BOOL fExpectSuccess;} SHA_SIGN_INFO, *PSHA_SIGN_INFO;
DWORD DoShaSigning(PTHREAD_DATA pThreadData, PSHA_SIGN_INFO pShaSignInfo){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HCRYPTKEY hKey = 0; HCRYPTHASH hHash = 0; CHAR rgHashData [] = "Hash This"; DWORD cbHashData = sizeof(rgHashData); PBYTE pbSign = NULL; DWORD cbSign = 0; BOOL fPrint = pShaSignInfo->fExpectSuccess;
#define TPrint(X) { if (fPrint) { printf(X); } }
if (! CryptCreateHash( pThreadData->hVerifyCtx, pShaSignInfo->aiHash, 0, 0, &hHash)) { TPrint("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, (PBYTE) rgHashData, cbHashData, 0)) { TPrint("CryptHashData "); goto Ret; }
if (! CryptGenKey( pThreadData->hVerifyCtx, AT_SIGNATURE, pShaSignInfo->dwKeySize << 16, &hKey)) { TPrint("CryptGenKey "); goto Ret; }
if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, pShaSignInfo->dwSignFlags, NULL, &cbSign)) { TPrint("CryptSignHash size "); goto Ret; }
if (NULL == (pbSign = (PBYTE) MyAlloc(cbSign))) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); goto Ret; }
if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, pShaSignInfo->dwSignFlags, pbSign, &cbSign)) { TPrint("CryptSignHash "); goto Ret; }
//
// No expected errors should occur from here on
//
pShaSignInfo->fExpectSuccess = TRUE;
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
if (! CryptCreateHash( pThreadData->hVerifyCtx, pShaSignInfo->aiHash, 0, 0, &hHash)) { printf("CryptCreateHash 2 "); goto Ret; }
if (! CryptHashData( hHash, (PBYTE) rgHashData, cbHashData, 0)) { printf("CryptHashData 2 "); goto Ret; }
if (! CryptVerifySignature( hHash, pbSign, cbSign, hKey, NULL, pShaSignInfo->dwSignFlags)) { printf("CryptVerifySignature "); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError();
if (0 == dwError) dwError = -1; }
if (hHash) CryptDestroyHash(hHash); if (hKey) CryptDestroyKey(hKey); if (pbSign) MyFree(pbSign); return dwError;}
#define cbSHA256_PKCS1_ENCODING 0x13
#define cbSHA384_PKCS1_ENCODING 0x13
#define cbSHA512_PKCS1_ENCODING 0x13
#define cbPKCS1_PADDING 0x3
#define cbSHA256_MIN_SIGNING_KEY_NOOID \
SHA256_DIGEST_LEN + cbPKCS1_PADDING#define cbSHA256_MIN_SIGNING_KEY \
SHA256_DIGEST_LEN + cbSHA256_PKCS1_ENCODING + cbPKCS1_PADDING #define cbSHA384_MIN_SIGNING_KEY_NOOID \
SHA384_DIGEST_LEN + cbPKCS1_PADDING#define cbSHA384_MIN_SIGNING_KEY \
SHA384_DIGEST_LEN + cbSHA384_PKCS1_ENCODING + cbPKCS1_PADDING
#define cbSHA512_MIN_SIGNING_KEY_NOOID \
SHA512_DIGEST_LEN + cbPKCS1_PADDING#define cbSHA512_MIN_SIGNING_KEY \
SHA512_DIGEST_LEN + cbSHA512_PKCS1_ENCODING + cbPKCS1_PADDING
//
// Function: NewShaModesSigningRegression
//
DWORD NewShaModesSigningRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; SHA_SIGN_INFO ShaSignInfo; DWORD dwMinSigKeySize = 0; PALGNODE pAlgNode = NULL;
for ( pAlgNode = pThreadData->pAlgList; pAlgNode != NULL && CALG_RSA_KEYX != pAlgNode->EnumalgsEx.aiAlgid; pAlgNode = pAlgNode->pNext);
if (NULL == pAlgNode) { printf("ERROR: Could not find CALG_RSA_KEYX alg info "); goto Ret; }
dwMinSigKeySize = pAlgNode->EnumalgsEx.dwMinLen / 8;
//
// Test 1A:
// SHA-256
// Positive
//
ShaSignInfo.aiHash = CALG_SHA_256; ShaSignInfo.dwSignFlags = 0; ShaSignInfo.fExpectSuccess = TRUE; ShaSignInfo.dwKeySize = 8 * (max(dwMinSigKeySize, cbSHA256_MIN_SIGNING_KEY));
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (ERROR_SUCCESS != dwError) { printf("ERROR: Test1A "); goto Ret; }
//
// Test 1B:
// SHA-256
// Negative
//
if (cbSHA256_MIN_SIGNING_KEY > dwMinSigKeySize) { ShaSignInfo.fExpectSuccess = FALSE; ShaSignInfo.dwKeySize = 8 * (cbSHA256_MIN_SIGNING_KEY - 1);
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (NTE_BAD_LEN != dwError) { printf("ERROR: Test1B "); goto Ret; } }
//
// Test 1C:
// SHA-256
// NOHASHOID
// Positive
//
ShaSignInfo.dwSignFlags = CRYPT_NOHASHOID; ShaSignInfo.fExpectSuccess = TRUE; ShaSignInfo.dwKeySize = 8 * (max(dwMinSigKeySize, cbSHA256_MIN_SIGNING_KEY_NOOID));
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (ERROR_SUCCESS != dwError) { printf("ERROR: Test1C "); goto Ret; }
//
// Test 1D:
// SHA-256
// NOHASHOID
// Negative
//
if (cbSHA256_MIN_SIGNING_KEY_NOOID > dwMinSigKeySize) { ShaSignInfo.fExpectSuccess = FALSE; ShaSignInfo.dwKeySize = 8 * (cbSHA256_MIN_SIGNING_KEY_NOOID - 1);
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (NTE_BAD_LEN != dwError) { printf("ERROR: Test1D "); goto Ret; } }
//
// Test 2A:
// SHA-384
// Positive
//
ShaSignInfo.aiHash = CALG_SHA_384; ShaSignInfo.dwSignFlags = 0; ShaSignInfo.fExpectSuccess = TRUE; ShaSignInfo.dwKeySize = 8 * (max(dwMinSigKeySize, cbSHA384_MIN_SIGNING_KEY));
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (ERROR_SUCCESS != dwError) { printf("ERROR: Test2A "); goto Ret; }
//
// Test 2B:
// SHA-384
// Negative
//
if (cbSHA384_MIN_SIGNING_KEY > dwMinSigKeySize) { ShaSignInfo.fExpectSuccess = FALSE; ShaSignInfo.dwKeySize = 8 * (cbSHA384_MIN_SIGNING_KEY - 1);
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (NTE_BAD_LEN != dwError) { printf("ERROR: Test2B "); goto Ret; } }
//
// Test 2C:
// SHA-384
// NOHASHOID
// Positive
//
ShaSignInfo.dwSignFlags = CRYPT_NOHASHOID; ShaSignInfo.fExpectSuccess = TRUE; ShaSignInfo.dwKeySize = 8 * (max(dwMinSigKeySize, cbSHA384_MIN_SIGNING_KEY_NOOID));
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (ERROR_SUCCESS != dwError) { printf("ERROR: Test2C "); goto Ret; }
//
// Test 2D:
// SHA-384
// NOHASHOID
// Negative
//
if (cbSHA384_MIN_SIGNING_KEY_NOOID > dwMinSigKeySize) { ShaSignInfo.fExpectSuccess = FALSE; ShaSignInfo.dwKeySize = 8 * (cbSHA384_MIN_SIGNING_KEY_NOOID - 1);
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (NTE_BAD_LEN != dwError) { printf("ERROR: Test2D "); goto Ret; } }
//
// Test 3A:
// SHA-512
// Positive
//
ShaSignInfo.aiHash = CALG_SHA_512; ShaSignInfo.dwSignFlags = 0; ShaSignInfo.fExpectSuccess = TRUE; ShaSignInfo.dwKeySize = 8 * (max(dwMinSigKeySize, cbSHA512_MIN_SIGNING_KEY));
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (ERROR_SUCCESS != dwError) { printf("ERROR: Test3A "); goto Ret; }
//
// Test 3B:
// SHA-512
// Negative
//
if (cbSHA512_MIN_SIGNING_KEY > dwMinSigKeySize) { ShaSignInfo.fExpectSuccess = FALSE; ShaSignInfo.dwKeySize = 8 * (cbSHA512_MIN_SIGNING_KEY - 1);
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (NTE_BAD_LEN != dwError) { printf("ERROR: Test3B "); goto Ret; } }
//
// Test 3C:
// SHA-512
// NOHASHOID
// Positive
//
ShaSignInfo.dwSignFlags = CRYPT_NOHASHOID; ShaSignInfo.fExpectSuccess = TRUE; ShaSignInfo.dwKeySize = 8 * (max(dwMinSigKeySize, cbSHA512_MIN_SIGNING_KEY_NOOID));
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (ERROR_SUCCESS != dwError) { printf("ERROR: Test3C "); goto Ret; }
//
// Test 3D:
// SHA-512
// NOHASHOID
// Negative
//
if (cbSHA512_MIN_SIGNING_KEY_NOOID > dwMinSigKeySize) { ShaSignInfo.fExpectSuccess = FALSE; ShaSignInfo.dwKeySize = 8 * (cbSHA512_MIN_SIGNING_KEY_NOOID - 1);
dwError = ERROR_SUCCESS; dwError = DoShaSigning(pThreadData, &ShaSignInfo);
if (NTE_BAD_LEN != dwError) { printf("ERROR: Test3D "); goto Ret; } }
fSuccess = TRUE; dwError = ERROR_SUCCESS;
Ret: if (! fSuccess) { if (0 == dwError) dwError = -1; } return dwError;}
//
// Function: NewShaModesHmacRegression
//
DWORD NewShaModesHmacRegression(PTHREAD_DATA pThreadData){ BYTE rgbHmacKeyShaNew [20]; // set bytes to 0x0b
BYTE rgbHmacDataShaNew [] = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 };
// Hmac SHA-256 Result
BYTE rgbHmacSha256 [] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 };
// Hmac SHA-384 Result
BYTE rgbHmacSha384 [] = { 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 }; // Hmac SHA-512 Result
BYTE rgbHmacSha512 [] = { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 };
DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HCRYPTKEY hKey = 0; HCRYPTHASH hHash = 0; BYTE rgbKey[1000]; BYTE rgbResult[64]; DWORD cb = 0; BLOBHEADER *pHeader = NULL; PDWORD pdw = NULL; PBYTE pb = NULL; HMAC_INFO HmacInfo;
memset(&HmacInfo, 0, sizeof(HmacInfo));
pHeader = (BLOBHEADER *) rgbKey; pdw = (PDWORD)(rgbKey + sizeof(BLOBHEADER)); pb = rgbKey + sizeof(BLOBHEADER) + sizeof(DWORD);
pHeader->aiKeyAlg = CALG_RC2; pHeader->bType = PLAINTEXTKEYBLOB; pHeader->bVersion = CUR_BLOB_VERSION; pHeader->reserved = 0x0000; *pdw = sizeof(rgbHmacKeyShaNew);
memset(rgbHmacKeyShaNew, 0x0b, sizeof(rgbHmacKeyShaNew)); memcpy(pb, rgbHmacKeyShaNew, sizeof(rgbHmacKeyShaNew));
cb = sizeof(BLOBHEADER) + sizeof(DWORD) + sizeof(rgbHmacKeyShaNew); if (! CryptImportKey( pThreadData->hVerifyCtx, rgbKey, cb, 0, CRYPT_IPSEC_HMAC_KEY, &hKey)) { printf("CryptImportKey "); goto Ret; }
//
// Hmac SHA-256 Tests
//
HmacInfo.HashAlgid = CALG_SHA_256;
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_HMAC, hKey, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptSetHashParam( hHash, HP_HMAC_INFO, (PBYTE) &HmacInfo, 0)) { printf("CryptSetHashParam "); goto Ret; }
if (! CryptHashData( hHash, rgbHmacDataShaNew, sizeof(rgbHmacDataShaNew), 0)) { printf("CryptHashData "); goto Ret; }
cb = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cb, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, rgbHmacSha256, sizeof(rgbHmacSha256))) { printf("ERROR: Incorrect Hmac result for SHA 256 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
//
// Hmac SHA-384 Tests
//
HmacInfo.HashAlgid = CALG_SHA_384;
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_HMAC, hKey, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptSetHashParam( hHash, HP_HMAC_INFO, (PBYTE) &HmacInfo, 0)) { printf("CryptSetHashParam "); goto Ret; }
if (! CryptHashData( hHash, rgbHmacDataShaNew, sizeof(rgbHmacDataShaNew), 0)) { printf("CryptHashData "); goto Ret; }
cb = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cb, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, rgbHmacSha384, sizeof(rgbHmacSha384))) { printf("ERROR: Incorrect Hmac result for SHA 384 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
//
// Hmac SHA-512 Tests
//
HmacInfo.HashAlgid = CALG_SHA_512;
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_HMAC, hKey, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptSetHashParam( hHash, HP_HMAC_INFO, (PBYTE) &HmacInfo, 0)) { printf("CryptSetHashParam "); goto Ret; }
if (! CryptHashData( hHash, rgbHmacDataShaNew, sizeof(rgbHmacDataShaNew), 0)) { printf("CryptHashData "); goto Ret; }
cb = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cb, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, rgbHmacSha512, sizeof(rgbHmacSha512))) { printf("ERROR: Incorrect Hmac result for SHA 512 "); goto Ret; }
fSuccess = TRUE;
Ret: if (! fSuccess) { dwError = GetLastError();
if (0 == dwError) dwError = -1; } if (hHash) CryptDestroyHash(hHash); if (hKey) CryptDestroyKey(hKey); return dwError;}
// SHA 256 Vectors
CHAR l_rgSha256Test1[] = "abc";DWORD l_cbSha256Test1 = sizeof(l_rgSha256Test1) - 1;BYTE l_rgbSha256Result1[] = { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad};
CHAR l_rgSha256Test2[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";DWORD l_cbSha256Test2 = sizeof(l_rgSha256Test2) - 1;BYTE l_rgbSha256Result2[] = { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1};
// SHA 384 Vectors
BYTE l_rgSha384Test1[] = "abc";DWORD l_cbSha384Test1 = sizeof(l_rgSha384Test1) - 1;BYTE l_rgbSha384Result1[] = { 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7};
BYTE l_rgSha384Test2[] = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";DWORD l_cbSha384Test2 = sizeof(l_rgSha384Test2) - 1;BYTE l_rgbSha384Result2[] = { 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39};
// SHA 512 Vectors
BYTE l_rgSha512Test1[] = "abc";DWORD l_cbSha512Test1 = sizeof(l_rgSha512Test1) - 1;BYTE l_rgbSha512Result1[] = { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f};
BYTE l_rgSha512Test2[] = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";DWORD l_cbSha512Test2 = sizeof(l_rgSha512Test2) - 1;BYTE l_rgbSha512Result2[] = { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09};
typedef struct { ALG_ID aiKey; ALG_ID aiHash; PBYTE pbBaseData; DWORD cbBaseData; PBYTE pbExpectedKeyData;} DERIVE_KEY_INFO, *PDERIVE_KEY_INFO;
DWORD DoDeriveKey( PTHREAD_DATA pThreadData, PDERIVE_KEY_INFO pDeriveKeyInfo){ BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS; HCRYPTKEY hKey = 0; HCRYPTHASH hHash = 0; BYTE rgbKey [1000]; DWORD cbKey = 0; DWORD cb = 0;
if (! CryptCreateHash( pThreadData->hVerifyCtx, pDeriveKeyInfo->aiHash, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, pDeriveKeyInfo->pbBaseData, pDeriveKeyInfo->cbBaseData, 0)) { printf("CryptHashData "); goto Ret; }
if (! CryptDeriveKey( pThreadData->hVerifyCtx, pDeriveKeyInfo->aiKey, hHash, CRYPT_EXPORTABLE, &hKey)) { printf("CryptDeriveKey "); goto Ret; }
cbKey = sizeof(rgbKey); if (! CryptExportKey( hKey, 0, PLAINTEXTKEYBLOB, 0, rgbKey, &cbKey)) { printf("CryptExportKey "); goto Ret; }
cb = sizeof(DWORD); if (! CryptGetKeyParam( hKey, KP_KEYLEN, (PBYTE) &cbKey, &cb, 0)) { printf("CryptGetKeyParam "); goto Ret; }
if (memcmp( pDeriveKeyInfo->pbExpectedKeyData, rgbKey + sizeof(BLOBHEADER) + sizeof(DWORD), cbKey / 8)) { printf( "ERROR: Incorrect key data for key alg %x; hash alg %x ", pDeriveKeyInfo->aiKey, pDeriveKeyInfo->aiHash); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError();
if (0 == dwError) dwError = -1; } if (hKey) CryptDestroyKey(hKey); if (hHash) CryptDestroyHash(hHash); return dwError;}
//
// Function: NewShaModesDeriveKeyRegression
//
DWORD NewShaModesDeriveKeyRegression(PTHREAD_DATA pThreadData){ DERIVE_KEY_INFO DeriveKeyInfo; BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS; ALG_ID rgKeyAlgs [] = { CALG_AES_128, CALG_AES_192, CALG_AES_256 }; DWORD dw;
for (dw = 0; dw < (sizeof(rgKeyAlgs) / sizeof(ALG_ID)); dw++) { DeriveKeyInfo.aiKey = rgKeyAlgs[dw];
//
// SHA-256 Derive Key Test
//
DeriveKeyInfo.aiHash = CALG_SHA_256; DeriveKeyInfo.cbBaseData = l_cbSha256Test1; DeriveKeyInfo.pbBaseData = l_rgSha256Test1; DeriveKeyInfo.pbExpectedKeyData = l_rgbSha256Result1;
dwError = DoDeriveKey(pThreadData, &DeriveKeyInfo);
if (ERROR_SUCCESS != dwError) goto Ret;
//
// SHA-384 Derive Key Test
//
DeriveKeyInfo.aiHash = CALG_SHA_384; DeriveKeyInfo.cbBaseData = l_cbSha384Test1; DeriveKeyInfo.pbBaseData = l_rgSha384Test1; DeriveKeyInfo.pbExpectedKeyData = l_rgbSha384Result1;
dwError = DoDeriveKey(pThreadData, &DeriveKeyInfo);
if (ERROR_SUCCESS != dwError) goto Ret;
//
// SHA-512 Derive Key Test
//
DeriveKeyInfo.aiHash = CALG_SHA_512; DeriveKeyInfo.cbBaseData = l_cbSha512Test1; DeriveKeyInfo.pbBaseData = l_rgSha512Test1; DeriveKeyInfo.pbExpectedKeyData = l_rgbSha512Result1;
dwError = DoDeriveKey(pThreadData, &DeriveKeyInfo);
if (ERROR_SUCCESS != dwError) goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { if (0 == dwError) dwError = -1; } return dwError;}
typedef struct { ALG_ID aiHash; PBYTE pbKeyData; DWORD cbKeyData; PBYTE pbExpectedHash;} HASH_SESSION_KEY_INFO, *PHASH_SESSION_KEY_INFO;
DWORD DoHashSessionKey( PTHREAD_DATA pThreadData, PHASH_SESSION_KEY_INFO pHashSessionKeyInfo){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HCRYPTHASH hHash = 0; HCRYPTKEY hKey = 0; BYTE rgbHash [1000]; DWORD cbHash = 0; BYTE rgbKey [1000]; DWORD cbKey = 0; BLOBHEADER *pBlobHeader = (BLOBHEADER *) rgbKey; DWORD *pdw = (DWORD *)(rgbKey + sizeof(BLOBHEADER));
pBlobHeader->aiKeyAlg = CALG_RC2; pBlobHeader->bType = PLAINTEXTKEYBLOB; pBlobHeader->bVersion = CUR_BLOB_VERSION; pBlobHeader->reserved = 0x0000;
*pdw = pHashSessionKeyInfo->cbKeyData;
memcpy( rgbKey + sizeof(BLOBHEADER) + sizeof(DWORD), pHashSessionKeyInfo->pbKeyData, pHashSessionKeyInfo->cbKeyData);
if (! CryptImportKey( pThreadData->hVerifyCtx, rgbKey, sizeof(BLOBHEADER) + sizeof(DWORD) + pHashSessionKeyInfo->cbKeyData, 0, CRYPT_IPSEC_HMAC_KEY, &hKey)) { printf("CryptImportKey "); goto Ret; }
if (! CryptCreateHash( pThreadData->hVerifyCtx, pHashSessionKeyInfo->aiHash, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashSessionKey( hHash, hKey, CRYPT_LITTLE_ENDIAN)) { printf("CryptHashSessionKey "); goto Ret; }
cbHash = sizeof(rgbHash); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbHash, &cbHash, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (0 == cbHash || memcmp( rgbHash, pHashSessionKeyInfo->pbExpectedHash, cbHash)) { printf( "ERROR: Incorrect hash result for hash alg 0x%x ", pHashSessionKeyInfo->aiHash); goto Ret; } fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError();
if (0 == dwError) dwError = -1; } if (hHash) CryptDestroyHash(hHash); if (hKey) CryptDestroyKey(hKey); return dwError;}
//
// Function: NewShaModesHashSessionKeyRegression
//
DWORD NewShaModesHashSessionKeyRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HASH_SESSION_KEY_INFO HashSessionKeyInfo;
//
// SHA-256 CryptHashSessionKey Test
//
HashSessionKeyInfo.aiHash = CALG_SHA_256; HashSessionKeyInfo.pbKeyData = l_rgSha256Test2; HashSessionKeyInfo.cbKeyData = l_cbSha256Test2; HashSessionKeyInfo.pbExpectedHash = l_rgbSha256Result2;
dwError = DoHashSessionKey(pThreadData, &HashSessionKeyInfo);
if (ERROR_SUCCESS != dwError) goto Ret;
//
// SHA-384 CryptHashSessionKey Test
//
HashSessionKeyInfo.aiHash = CALG_SHA_384; HashSessionKeyInfo.pbKeyData = l_rgSha384Test2; HashSessionKeyInfo.cbKeyData = l_cbSha384Test2; HashSessionKeyInfo.pbExpectedHash = l_rgbSha384Result2;
dwError = DoHashSessionKey(pThreadData, &HashSessionKeyInfo);
if (ERROR_SUCCESS != dwError) goto Ret; //
// SHA-512 CryptHashSessionKey Test
//
HashSessionKeyInfo.aiHash = CALG_SHA_512; HashSessionKeyInfo.pbKeyData = l_rgSha512Test2; HashSessionKeyInfo.cbKeyData = l_cbSha512Test2; HashSessionKeyInfo.pbExpectedHash = l_rgbSha512Result2;
dwError = DoHashSessionKey(pThreadData, &HashSessionKeyInfo);
if (ERROR_SUCCESS != dwError) goto Ret;
fSuccess = TRUE;
Ret: if (! fSuccess) { if (0 == dwError) dwError = -1; } return dwError;}
//
// Function: NewShaModesBasicRegression
//
DWORD NewShaModesBasicRegression(PTHREAD_DATA pThreadData){ HCRYPTHASH hHash = 0; BYTE rgbResult[64]; DWORD cbResult = 0; BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS;
//
// SHA-256 Tests
//
// Test 1
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_SHA_256, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, l_rgSha256Test1, l_cbSha256Test1, 0)) { printf("CryptHashData "); goto Ret; }
cbResult = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cbResult, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, l_rgbSha256Result1, sizeof(l_rgbSha256Result1))) { printf("ERROR: Incorrect hash result for SHA-256 1 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
// Test 2
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_SHA_256, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, l_rgSha256Test2, l_cbSha256Test2, 0)) { printf("CryptHashData "); goto Ret; }
cbResult = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cbResult, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, l_rgbSha256Result2, sizeof(l_rgbSha256Result2))) { printf("ERROR: Incorrect hash result for SHA-256 2 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
//
// SHA-384 Tests
//
// Test 1
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_SHA_384, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, l_rgSha384Test1, l_cbSha384Test1, 0)) { printf("CryptHashData "); goto Ret; }
cbResult = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cbResult, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, l_rgbSha384Result1, sizeof(l_rgbSha384Result1))) { printf("ERROR: Incorrect hash result for SHA-384 1 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
// Test 2
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_SHA_384, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, l_rgSha384Test2, l_cbSha384Test2, 0)) { printf("CryptHashData "); goto Ret; }
cbResult = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cbResult, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, l_rgbSha384Result2, sizeof(l_rgbSha384Result2))) { printf("ERROR: Incorrect hash result for SHA-384 2 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
//
// SHA-512 Tests
//
// Test 1
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_SHA_512, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, l_rgSha512Test1, l_cbSha512Test1, 0)) { printf("CryptHashData "); goto Ret; }
cbResult = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cbResult, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, l_rgbSha512Result1, sizeof(l_rgbSha512Result1))) { printf("ERROR: Incorrect hash result for SHA-512 1 "); goto Ret; }
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash "); goto Ret; } hHash = 0;
// Test 2
if (! CryptCreateHash( pThreadData->hVerifyCtx, CALG_SHA_512, 0, 0, &hHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hHash, l_rgSha512Test2, l_cbSha512Test2, 0)) { printf("CryptHashData "); goto Ret; }
cbResult = sizeof(rgbResult); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbResult, &cbResult, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (memcmp(rgbResult, l_rgbSha512Result2, sizeof(l_rgbSha512Result2))) { printf("ERROR: Incorrect hash result for SHA-512 2 "); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError();
if (0 == dwError) dwError = -1; } if (hHash) CryptDestroyHash(hHash); return dwError;}
typedef struct _DERIVE_KEY_DATA{ ALG_ID aiKey; ALG_ID aiHash; PBYTE pbPassword; DWORD cbPassword; PBYTE pbPlaintext; DWORD cbPlaintext;} DERIVE_KEY_DATA, *PDERIVE_KEY_DATA;
DWORD DeriveAndCompareAesKey( PTHREAD_DATA pThreadData, PDERIVE_KEY_DATA pDeriveKeyData){ HCRYPTKEY hDeriveKey = 0; HCRYPTKEY hCompareKey = 0; HCRYPTHASH hDeriveHash = 0; HCRYPTHASH hCompareHash = 0; BYTE rgbStringA[64]; BYTE rgbStringB[64]; BYTE rgbKey[64]; BYTE rgbHashA[20]; BYTE rgbHashB[20]; PBYTE pbDeriveCiphertext = NULL; DWORD cbDeriveCiphertext = 0; PBYTE pbCompareCiphertext = NULL; DWORD cbCompareCiphertext = 0; DWORD cbHash = 0; DWORD cb = 0; DWORD cbKey = 0; BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS; unsigned int i;
memset(rgbStringA, 0, sizeof(rgbStringA)); memset(rgbStringB, 0, sizeof(rgbStringB)); memset(rgbKey, 0, sizeof(rgbKey)); memset(rgbHashA, 0, sizeof(rgbHashA)); memset(rgbHashB, 0, sizeof(rgbHashB));
//
// Derive a key from hashed password and encrypt.
//
if (! CryptCreateHash( pThreadData->hVerifyCtx, pDeriveKeyData->aiHash, 0, 0, &hDeriveHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hDeriveHash, pDeriveKeyData->pbPassword, pDeriveKeyData->cbPassword, 0)) { printf("CryptHashData "); goto Ret; }
if (! CryptDeriveKey( pThreadData->hVerifyCtx, pDeriveKeyData->aiKey, hDeriveHash, 0, &hDeriveKey)) { printf("CryptDeriveKey "); goto Ret; }
cbDeriveCiphertext = pDeriveKeyData->cbPlaintext; if (! CryptEncrypt( hDeriveKey, 0, TRUE, 0, NULL, &cbDeriveCiphertext, 0)) { printf("CryptEncrypt size "); goto Ret; }
if (NULL == (pbDeriveCiphertext = (PBYTE) MyAlloc(cbDeriveCiphertext))) return ERROR_NOT_ENOUGH_MEMORY;
memcpy( pbDeriveCiphertext, pDeriveKeyData->pbPlaintext, pDeriveKeyData->cbPlaintext);
cb = pDeriveKeyData->cbPlaintext; if (! CryptEncrypt( hDeriveKey, 0, TRUE, 0, pbDeriveCiphertext, &cb, cbDeriveCiphertext)) { printf("CryptEncrypt "); goto Ret; }
//
// Now do the derive "manually" and compare
// the result.
//
if (! CryptCreateHash( pThreadData->hVerifyCtx, pDeriveKeyData->aiHash, 0, 0, &hCompareHash)) { printf("CryptCreateHash "); goto Ret; }
if (! CryptHashData( hCompareHash, pDeriveKeyData->pbPassword, pDeriveKeyData->cbPassword, 0)) { printf("CryptHashData "); goto Ret; }
cbHash = sizeof(rgbHashA); if (! CryptGetHashParam( hCompareHash, HP_HASHVAL, rgbHashA, &cbHash, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (! CryptDestroyHash(hCompareHash)) { printf("CryptDestroyHash "); goto Ret; } hCompareHash = 0;
memset(rgbStringA, 0x36, sizeof(rgbStringA)); memset(rgbStringB, 0x5c, sizeof(rgbStringB));
for (i = 0; i < cbHash; i++) { rgbStringA[i] ^= rgbHashA[i]; rgbStringB[i] ^= rgbHashA[i]; }
((BLOBHEADER *) rgbKey)->aiKeyAlg = pDeriveKeyData->aiKey; ((BLOBHEADER *) rgbKey)->bType = PLAINTEXTKEYBLOB; ((BLOBHEADER *) rgbKey)->bVersion = CUR_BLOB_VERSION; switch (pDeriveKeyData->aiKey) { case CALG_AES_128: cbKey = 16; break; case CALG_AES_192: cbKey = 24; break; case CALG_AES_256: cbKey = 32; break; default: printf("Bad Key Alg "); goto Ret; }
*(DWORD *)(rgbKey + sizeof(BLOBHEADER)) = cbKey;
if (! CryptCreateHash( pThreadData->hVerifyCtx, pDeriveKeyData->aiHash, 0, 0, &hCompareHash)) { printf("CryptCreateHash compare "); goto Ret; }
if (! CryptHashData( hCompareHash, rgbStringA, sizeof(rgbStringA), 0)) { printf("CryptHashData compare "); goto Ret; }
memset(rgbHashA, 0, sizeof(rgbHashA)); cbHash = sizeof(rgbHashA); if (! CryptGetHashParam( hCompareHash, HP_HASHVAL, rgbHashA, &cbHash, 0)) { printf("CryptGetHashParam "); goto Ret; }
if (! CryptDestroyHash(hCompareHash)) { printf("CryptDestroyHash "); goto Ret; } hCompareHash = 0;
if (! CryptCreateHash( pThreadData->hVerifyCtx, pDeriveKeyData->aiHash, 0, 0, &hCompareHash)) { printf("CryptCreateHash compare 2 "); goto Ret; }
if (! CryptHashData( hCompareHash, rgbStringB, sizeof(rgbStringB), 0)) { printf("CryptHashData compare 2 "); goto Ret; }
cbHash = sizeof(rgbHashB); if (! CryptGetHashParam( hCompareHash, HP_HASHVAL, rgbHashB, &cbHash, 0)) { printf("CryptGetHashParam 2 "); goto Ret; }
cb = sizeof(BLOBHEADER) + sizeof(DWORD); memcpy( rgbKey + cb, rgbHashA, min(cbKey, cbHash));
if (cbKey > cbHash) { cb += cbHash; memcpy( rgbKey + cb, rgbHashB, min(cbKey - cbHash, cbHash)); }
if (! CryptImportKey( pThreadData->hVerifyCtx, rgbKey, sizeof(BLOBHEADER) + sizeof(DWORD) + cbKey, 0, 0, &hCompareKey)) { printf("CryptImportKey "); goto Ret; }
cbCompareCiphertext = pDeriveKeyData->cbPlaintext; if (! CryptEncrypt( hCompareKey, 0, TRUE, 0, NULL, &cbCompareCiphertext, 0)) { printf("CryptEncrypt size compare "); goto Ret; }
if (NULL == (pbCompareCiphertext = (PBYTE) MyAlloc(cbCompareCiphertext))) return ERROR_NOT_ENOUGH_MEMORY;
memcpy( pbCompareCiphertext, pDeriveKeyData->pbPlaintext, pDeriveKeyData->cbPlaintext);
cb = pDeriveKeyData->cbPlaintext; if (! CryptEncrypt( hCompareKey, 0, TRUE, 0, pbCompareCiphertext, &cb, cbCompareCiphertext)) { printf("CryptEncrypt compare "); goto Ret; }
//
// Now compare cipher results for the two methods.
//
if (cbCompareCiphertext != cbDeriveCiphertext || 0 != memcmp( pbCompareCiphertext, pbDeriveCiphertext, cbDeriveCiphertext)) { printf( "Cipher result mismatch for KeyAlg %x ; HashAlg %x", pDeriveKeyData->aiKey, pDeriveKeyData->aiHash);
PrintBytes( "Derived ciphertext", pbDeriveCiphertext, cbDeriveCiphertext);
PrintBytes( "Compare ciphertext", pbCompareCiphertext, cbCompareCiphertext); }
//
// Now decrypt with both keys and compare result.
//
if (! CryptDecrypt( hDeriveKey, 0, TRUE, 0, pbDeriveCiphertext, &cbDeriveCiphertext)) { printf("CryptDecrypt "); goto Ret; }
if (! CryptDecrypt( hCompareKey, 0, TRUE, 0, pbCompareCiphertext, &cbCompareCiphertext)) { printf("CryptDecrypt compare "); goto Ret; }
if (cbCompareCiphertext != cbDeriveCiphertext || 0 != memcmp( pbCompareCiphertext, pbDeriveCiphertext, cbDeriveCiphertext)) { printf( "Decrypt result mismatch for KeyAlg %x ; HashAlg %x", pDeriveKeyData->aiKey, pDeriveKeyData->aiHash);
PrintBytes( "Derived plaintext", pbDeriveCiphertext, cbDeriveCiphertext);
PrintBytes( "Compare plaintext", pbCompareCiphertext, cbCompareCiphertext); }
fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError();
if (0 == dwError) dwError = -1; } if (hDeriveKey) CryptDestroyKey(hDeriveKey); if (hCompareKey) CryptDestroyKey(hCompareKey); if (hDeriveHash) CryptDestroyHash(hDeriveHash); if (hCompareHash) CryptDestroyHash(hCompareHash); if (pbDeriveCiphertext) MyFree(pbDeriveCiphertext); if (pbCompareCiphertext) MyFree(pbCompareCiphertext); return dwError;}
//
// Function: AesDeriveKeyRegression
//
DWORD AesDeriveKeyRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; DERIVE_KEY_DATA DeriveKeyData; BYTE rgbPlaintext[99]; LPSTR pszPassword = "My Password"; ALG_ID Hashes[] = { CALG_SHA, CALG_MD5 }; DWORD cHashes = sizeof(Hashes) / sizeof(ALG_ID); ALG_ID Keys[] = { CALG_AES_128, CALG_AES_192, CALG_AES_256 }; DWORD cKeys = sizeof(Keys) / sizeof(ALG_ID); unsigned int i, iHash, iKey;
for (i = 0; i < sizeof(rgbPlaintext); i++) rgbPlaintext[i] = (BYTE) i;
DeriveKeyData.pbPlaintext = rgbPlaintext; DeriveKeyData.cbPlaintext = sizeof(rgbPlaintext); DeriveKeyData.pbPassword = (PBYTE) pszPassword; DeriveKeyData.cbPassword = strlen(pszPassword);
for (iHash = 0; iHash < cHashes; iHash++) { DeriveKeyData.aiHash = Hashes[iHash];
for (iKey = 0; iKey < cKeys; iKey++) { DeriveKeyData.aiKey = Keys[iKey];
if (ERROR_SUCCESS != (dwError = DeriveAndCompareAesKey( pThreadData, &DeriveKeyData))) { printf("DeriveAndCompareAesKey "); goto Ret; } } }
fSuccess = TRUE;Ret: if (! fSuccess) { printf("- error 0x%x\n", dwError);
if (0 == dwError) dwError = -1; }
return dwError;}
//
// Function: UnalignedImportExportRegression
//
DWORD UnalignedImportExportRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BYTE rgbKeyBuf[2000]; DWORD cbKeyBuf = sizeof(rgbKeyBuf); PBYTE pbKeyBuf = NULL; HCRYPTKEY hKey = 0; HCRYPTKEY hWrapKey = 0; BOOL fSuccess = FALSE;
if (! CryptGenKey( pThreadData->hProv, CALG_RC2, 0, &hWrapKey)) { printf("CryptGenKey CALG_RC2 "); goto Ret; }
//
// 1a) Exchange key pair PRIVATEKEYBLOB
//
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( pThreadData->hExchangeKey, 0, PRIVATEKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey KeyEx PRIVATEKEYBLOB "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, 0, CRYPT_EXPORTABLE, &hKey)) { printf("CryptImportKey KeyEx PRIVATEKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey KeyEx PRIVATEKEYBLOB "); goto Ret; }
//
// 1b) Exchange key pair PRIVATEKEYBLOB, encrypted
//
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( pThreadData->hExchangeKey, hWrapKey, PRIVATEKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey KeyEx PRIVATEKEYBLOB b "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, hWrapKey, CRYPT_EXPORTABLE, &hKey)) { printf("CryptImportKey KeyEx PRIVATEKEYBLOB b "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey KeyEx PRIVATEKEYBLOB b "); goto Ret; }
//
// 2) Exchange key pair PUBLICKEYBLOB
//
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( pThreadData->hExchangeKey, 0, PUBLICKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey KeyEx PUBLICKEYBLOB "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, pThreadData->dwProvType == PROV_DSS_DH ? pThreadData->hExchangeKey : 0, 0, &hKey)) { printf("CryptImportKey KeyEx PUBLICKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey KeyEx PUBLICKEYBLOB "); goto Ret; }
//
// 3a) Signature key pair PRIVATEKEYBLOB
//
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( pThreadData->hSignatureKey, 0, PRIVATEKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey Sig PRIVATEKEYBLOB "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, 0, CRYPT_EXPORTABLE, &hKey)) { printf("CryptImportKey Sig PRIVATEKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey Sig PRIVATEKEYBLOB "); goto Ret; }
//
// 3b) Signature key pair PRIVATEKEYBLOB, encrypted
//
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( pThreadData->hSignatureKey, hWrapKey, PRIVATEKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey Sig PRIVATEKEYBLOB b "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, hWrapKey, CRYPT_EXPORTABLE, &hKey)) { printf("CryptImportKey Sig PRIVATEKEYBLOB b "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey Sig PRIVATEKEYBLOB b "); goto Ret; }
if (! CryptDestroyKey(hWrapKey)) { printf("CryptDestroyKey CALG_RC2 "); goto Ret; }
//
// 4) Signature key pair PUBLICKEYBLOB
//
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( pThreadData->hSignatureKey, 0, PUBLICKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey Sig PUBLICKEYBLOB "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, 0, 0, &hKey)) { printf("CryptImportKey Sig PUBLICKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey Sig PUBLICKEYBLOB "); goto Ret; }
//
// 5) SIMPLEBLOB
//
if (pThreadData->dwProvType != PROV_DSS_DH && pThreadData->dwProvType != PROV_DSS) { //
// 5.1) Use PKCS2 padding.
//
if (! CryptGenKey( pThreadData->hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) { printf("CryptGenKey CALG_RC2 SIMPLEBLOB "); goto Ret; } // Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1; if (! CryptExportKey( hKey, pThreadData->hExchangeKey, SIMPLEBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey SIMPLEBLOB "); goto Ret; } if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 A SIMPLEBLOB "); goto Ret; } if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, pThreadData->hExchangeKey, 0, &hKey)) { printf("CryptImportKey SIMPLEBLOB "); goto Ret; } if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 B SIMPLEBLOB "); goto Ret; } //
// 5.2) Use OAEP padding.
//
if (! CryptGenKey( pThreadData->hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) { printf("CryptGenKey CALG_RC2 SIMPLEBLOB OAEP "); goto Ret; } // Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1; if (! CryptExportKey( hKey, pThreadData->hExchangeKey, SIMPLEBLOB, CRYPT_OAEP, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey SIMPLEBLOB OAEP "); goto Ret; } if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 A SIMPLEBLOB OAEP "); goto Ret; } if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, pThreadData->hExchangeKey, CRYPT_OAEP, &hKey)) { printf("CryptImportKey SIMPLEBLOB OAEP "); goto Ret; } if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 B SIMPLEBLOB OAEP "); goto Ret; } }
//
// 6) SYMMETRICWRAPKEYBLOB
//
if (! CryptGenKey( pThreadData->hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) { printf("CryptGenKey CALG_RC2 SYMMETRICWRAPKEYBLOB A "); goto Ret; }
if (! CryptGenKey( pThreadData->hProv, CALG_RC2, CRYPT_EXPORTABLE, &hWrapKey)) { printf("CryptGenKey CALG_RC2 SYMMETRICWRAPKEYBLOB B "); goto Ret; }
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( hKey, hWrapKey, SYMMETRICWRAPKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey SYMMETRICWRAPKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 A SYMMETRICWRAPKEYBLOB "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, hWrapKey, 0, &hKey)) { printf("CryptImportKey SYMMETRICWRAPKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 B SYMMETRICWRAPKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hWrapKey)) { printf("CryptDestroyKey CALG_RC2 C SYMMETRICWRAPKEYBLOB "); goto Ret; }
//
// 7) PLAINTEXTKEYBLOB
//
if (! CryptGenKey( pThreadData->hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) { printf("CryptGenKey CALG_RC2 PLAINTEXTKEYBLOB "); goto Ret; }
// Unalign the output buffer
pbKeyBuf = rgbKeyBuf + 1; cbKeyBuf = sizeof(rgbKeyBuf) - 1;
if (! CryptExportKey( hKey, 0, PLAINTEXTKEYBLOB, 0, pbKeyBuf, &cbKeyBuf)) { printf("CryptExportKey PLAINTEXTKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 A PLAINTEXTKEYBLOB "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKeyBuf, cbKeyBuf, 0, 0, &hKey)) { printf("CryptImportKey PLAINTEXTKEYBLOB "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey CALG_RC2 B PLAINTEXTKEYBLOB "); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) printf("- error 0x%x\n", dwError = GetLastError()); return dwError;}
static BYTE rgbPrivateKeyWithExponentOfOne[] ={ 0x07, 0x02, 0x00, 0x00, 0x00, 0xA4, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xAB, 0xEF, 0xFA, 0xC6, 0x7D, 0xE8, 0xDE, 0xFB, 0x68, 0x38, 0x09, 0x92, 0xD9, 0x42, 0x7E, 0x6B, 0x89, 0x9E, 0x21, 0xD7, 0x52, 0x1C, 0x99, 0x3C, 0x17, 0x48, 0x4E, 0x3A, 0x44, 0x02, 0xF2, 0xFA, 0x74, 0x57, 0xDA, 0xE4, 0xD3, 0xC0, 0x35, 0x67, 0xFA, 0x6E, 0xDF, 0x78, 0x4C, 0x75, 0x35, 0x1C, 0xA0, 0x74, 0x49, 0xE3, 0x20, 0x13, 0x71, 0x35, 0x65, 0xDF, 0x12, 0x20, 0xF5, 0xF5, 0xF5, 0xC1, 0xED, 0x5C, 0x91, 0x36, 0x75, 0xB0, 0xA9, 0x9C, 0x04, 0xDB, 0x0C, 0x8C, 0xBF, 0x99, 0x75, 0x13, 0x7E, 0x87, 0x80, 0x4B, 0x71, 0x94, 0xB8, 0x00, 0xA0, 0x7D, 0xB7, 0x53, 0xDD, 0x20, 0x63, 0xEE, 0xF7, 0x83, 0x41, 0xFE, 0x16, 0xA7, 0x6E, 0xDF, 0x21, 0x7D, 0x76, 0xC0, 0x85, 0xD5, 0x65, 0x7F, 0x00, 0x23, 0x57, 0x45, 0x52, 0x02, 0x9D, 0xEA, 0x69, 0xAC, 0x1F, 0xFD, 0x3F, 0x8C, 0x4A, 0xD0,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x64, 0xD5, 0xAA, 0xB1, 0xA6, 0x03, 0x18, 0x92, 0x03, 0xAA, 0x31, 0x2E, 0x48, 0x4B, 0x65, 0x20, 0x99, 0xCD, 0xC6, 0x0C, 0x15, 0x0C, 0xBF, 0x3E, 0xFF, 0x78, 0x95, 0x67, 0xB1, 0x74, 0x5B, 0x60,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,};
//
// 64-bit and 56-bit DES SIMPLEBLOB's exported with
// above public key. These keys are functionally
// equivalent on Windows 2000 due to a buffer overrun
// bug.
//
static BYTE g_rgbDes56BitKeyBlob[] = { 0x01, 0x02, 0x00, 0x00, 0x01, 0x66, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x29, 0x32, 0xc4, 0xd0, 0x75, 0x25, 0xa4, 0x00, 0xa8, 0x6f, 0x02, 0x35, 0x0e, 0x53, 0x75, 0xaa, 0xad, 0x8d, 0x21, 0x67, 0xf6, 0x8a, 0x93, 0x78, 0x12, 0x27, 0x5c, 0xd1, 0xa2, 0x13, 0x0f, 0xab, 0xe4, 0x68, 0x8e, 0x28, 0xcc, 0x3e, 0xf1, 0xa5, 0x52, 0xe4, 0xf7, 0xa4, 0x57, 0xaa, 0x86, 0x93, 0xc8, 0x73, 0xb1, 0x9f, 0x77, 0xc8, 0x84, 0x97, 0xe4, 0xad, 0x63, 0xad, 0x5d, 0x76, 0x02, 0x00};static BYTE g_rgbDes64BitKeyBlob[] = { 0x01, 0x02, 0x00, 0x00, 0x01, 0x66, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x29, 0x32, 0xc4, 0xd0, 0x75, 0x25, 0xa4, 0x00, 0xa8, 0x6f, 0x02, 0x0e, 0x53, 0x75, 0xaa, 0xad, 0x8d, 0x21, 0x67, 0xf6, 0x8a, 0x93, 0x78, 0x12, 0x27, 0x5c, 0xd1, 0xa2, 0x13, 0x0f, 0xab, 0xe4, 0x68, 0x8e, 0x28, 0xcc, 0x3e, 0xf1, 0xa5, 0x52, 0xe4, 0xf7, 0xa4, 0x57, 0xaa, 0x86, 0x93, 0xc8, 0x73, 0xb1, 0x9f, 0x77, 0xc8, 0x84, 0x97, 0xe4, 0xad, 0x63, 0xad, 0x5d, 0x76, 0x02, 0x00};static BYTE g_rgbDesPlainText[] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};static BYTE g_rgbDesCipherText[] ={ 0x3b, 0xd9, 0x09, 0xfb, 0xd6, 0xa7, 0x9c, 0x37, 0xf6, 0x5d, 0xe1, 0x50, 0x6d, 0x39, 0xb0, 0x0c};
//
// 112 and 128 bit "equivalent" 3Des-2Key blobs
//
static BYTE g_rgbDes112BitKeyBlob[] = { 0x01, 0x02, 0x00, 0x00, 0x09, 0x66, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x29, 0x32, 0xc4, 0xd0, 0x75, 0x25, 0xa4, 0x75, 0xa8, 0x6f, 0x02, 0x35, 0x0e, 0x53, 0x00, 0xaa, 0xad, 0x8d, 0x21, 0x67, 0xf6, 0x8a, 0x93, 0x78, 0x12, 0x27, 0x5c, 0xd1, 0xa2, 0x13, 0x0f, 0xab, 0xe4, 0x68, 0x8e, 0x28, 0xcc, 0x3e, 0xf1, 0xa5, 0x52, 0xe4, 0xf7, 0xa4, 0x57, 0xaa, 0x86, 0x93, 0xc8, 0x73, 0xb1, 0x9f, 0x77, 0xc8, 0x84, 0x97, 0xe4, 0xad, 0x63, 0xad, 0x5d, 0x76, 0x02, 0x00};static BYTE g_rgbDes128BitKeyBlob[] = { 0x01, 0x02, 0x00, 0x00, 0x09, 0x66, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, 0x29, 0x32, 0xc4, 0xd0, 0x75, 0x25, 0xa4, 0x75, 0xa8, 0x6f, 0x02, 0x35, 0x0e, 0x53, 0x00, 0xaa, 0xad, 0x8d, 0xf6, 0x8a, 0x93, 0x78, 0x12, 0x27, 0x5c, 0xd1, 0xa2, 0x13, 0x0f, 0xab, 0xe4, 0x68, 0x8e, 0x28, 0xcc, 0x3e, 0xf1, 0xa5, 0x52, 0xe4, 0xf7, 0xa4, 0x57, 0xaa, 0x86, 0x93, 0xc8, 0x73, 0xb1, 0x9f, 0x77, 0xc8, 0x84, 0x97, 0xe4, 0xad, 0x63, 0xad, 0x5d, 0x76, 0x02, 0x00};static BYTE g_rgb2DesCipherText[] ={ 0x56, 0x03, 0xdf, 0x55, 0xeb, 0xfb, 0x76, 0x1f, 0x93, 0x38, 0xd7, 0xef, 0x8f, 0x38, 0x76, 0x49};
//
// 168 and 192 bit "equivalent" 3Des blobs
//
static BYTE g_rgbDes168BitKeyBlob[] = { 0x01, 0x02, 0x00, 0x00, 0x03, 0x66, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x29, 0x32, 0xc4, 0xd0, 0x75, 0x25, 0xa4, 0x8a, 0xa8, 0x6f, 0x02, 0x35, 0x0e, 0x53, 0x75, 0xaa, 0xad, 0x8d, 0x21, 0x67, 0xf6, 0x00, 0x93, 0x78, 0x12, 0x27, 0x5c, 0xd1, 0xa2, 0x13, 0x0f, 0xab, 0xe4, 0x68, 0x8e, 0x28, 0xcc, 0x3e, 0xf1, 0xa5, 0x52, 0xe4, 0xf7, 0xa4, 0x57, 0xaa, 0x86, 0x93, 0xc8, 0x73, 0xb1, 0x9f, 0x77, 0xc8, 0x84, 0x97, 0xe4, 0xad, 0x63, 0xad, 0x5d, 0x76, 0x02, 0x00};static BYTE g_rgbDes192BitKeyBlob[] = { 0x01, 0x02, 0x00, 0x00, 0x03, 0x66, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x32, 0xc4, 0xd0, 0x75, 0x25, 0xa4, 0x8a, 0xa8, 0x6f, 0x02, 0x35, 0x0e, 0x53, 0x75, 0xaa, 0xad, 0x8d, 0x21, 0x67, 0xf6, 0x00, 0x93, 0x78, 0x12, 0xa2, 0x13, 0x0f, 0xab, 0xe4, 0x68, 0x8e, 0x28, 0xcc, 0x3e, 0xf1, 0xa5, 0x52, 0xe4, 0xf7, 0xa4, 0x57, 0xaa, 0x86, 0x93, 0xc8, 0x73, 0xb1, 0x9f, 0x77, 0xc8, 0x84, 0x97, 0xe4, 0xad, 0x63, 0xad, 0x5d, 0x76, 0x02, 0x00};static BYTE g_rgb3DesCipherText[] ={ 0x25, 0x25, 0x14, 0x94, 0x6b, 0xe0, 0x69, 0x21, 0xea, 0x3d, 0xb5, 0xa6, 0x5b, 0xaa, 0x6c, 0x87};
//
// Function: DesImportEquivalenceTest
// Purpose: Verify that the provided des key correctly
// encrypts the above rgbDesPlainText.
//
DWORD DesImportEquivalenceTest( PTHREAD_DATA pThreadData, PBYTE pbDesKey, DWORD cbDesKey, PBYTE pbDesShortKey, DWORD cbDesShortKey, PBYTE pbCipherText, DWORD cbCipherText){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HCRYPTKEY hPubKey = 0; HCRYPTKEY hDesKey = 0; PBYTE pb = NULL; DWORD cb = 0; BYTE rgbPlain[sizeof(g_rgbDesPlainText) * 2]; DWORD cbPlain = sizeof(rgbPlain); BOOL fBlobError = FALSE; PBYTE p1 = NULL, p2 = NULL, p3 = NULL;
if (! CryptImportKey( pThreadData->hVerifyCtx, rgbPrivateKeyWithExponentOfOne, sizeof(rgbPrivateKeyWithExponentOfOne), 0, 0, &hPubKey)) { printf("CryptImportKey privatekeywithexponentofone "); goto Ret; }
// Try to import the short key; should fail
if (CryptImportKey( pThreadData->hVerifyCtx, pbDesShortKey, cbDesShortKey, hPubKey, 0, &hDesKey)) { printf("CryptImportKey ShortDesKey should've failed "); goto Ret; }
PrintBytes("Testing this des key SIMPLEBLOB", pbDesKey, cbDesKey);
if (! CryptImportKey( pThreadData->hVerifyCtx, pbDesKey, cbDesKey, hPubKey, CRYPT_EXPORTABLE, &hDesKey)) { printf("CryptImportKey deskeyblob "); goto Ret; }
cb = sizeof(g_rgbDesPlainText); memcpy(rgbPlain, g_rgbDesPlainText, cb); if (! CryptEncrypt( hDesKey, 0, TRUE, 0, rgbPlain, &cb, cbPlain)) { printf("CryptEncrypt "); goto Ret; }
if (0 != memcmp(rgbPlain, pbCipherText, cbCipherText)) { printf("Cipher text doesn't match\n"); PrintBytes("Expected cipher text", pbCipherText, cbCipherText); PrintBytes("Actual cipher text", rgbPlain, sizeof(rgbPlain)); fBlobError = TRUE; }
if (! CryptExportKey( hDesKey, hPubKey, SIMPLEBLOB, 0, NULL, &cb)) { printf("CryptExportKey size "); goto Ret; }
if (NULL == (pb = (PBYTE) MyAlloc(cb))) return ERROR_NOT_ENOUGH_MEMORY;
if (! CryptExportKey( hDesKey, hPubKey, SIMPLEBLOB, 0, pb, &cb)) { printf("CryptExportKey "); goto Ret; }
if (0 != memcmp( pb, pbDesKey, sizeof(SIMPLEBLOB) + sizeof(ALG_ID) + 8)) { printf("Header + key portion of blob doesn't match\n"); PrintBytes("Expected key blob", pbDesKey, cbDesKey); PrintBytes("Actual key blob", pb, cb); fBlobError = TRUE; }
fSuccess = TRUE;Ret: if (fBlobError) dwError = -1; if (! fSuccess) printf("- error 0x%x\n", dwError = GetLastError()); if (hDesKey) CryptDestroyKey(hDesKey); if (hPubKey) CryptDestroyKey(hPubKey); if (pb) MyFree(pb);
return dwError;}
//
// Function: DesImportRegression
//
DWORD DesImportRegression(PTHREAD_DATA pThreadData){ DWORD dwSts; DWORD dwError = ERROR_SUCCESS;
if (ERROR_SUCCESS != (dwSts = DesImportEquivalenceTest( pThreadData, g_rgbDes64BitKeyBlob, sizeof(g_rgbDes64BitKeyBlob), g_rgbDes56BitKeyBlob, sizeof(g_rgbDes56BitKeyBlob), g_rgbDesCipherText, sizeof(g_rgbDesCipherText)))) dwError = dwSts;
if (ERROR_SUCCESS != (dwSts = DesImportEquivalenceTest( pThreadData, g_rgbDes128BitKeyBlob, sizeof(g_rgbDes128BitKeyBlob), g_rgbDes112BitKeyBlob, sizeof(g_rgbDes112BitKeyBlob), g_rgb2DesCipherText, sizeof(g_rgb2DesCipherText)))) dwError = dwSts;
if (ERROR_SUCCESS != (dwSts = DesImportEquivalenceTest( pThreadData, g_rgbDes192BitKeyBlob, sizeof(g_rgbDes192BitKeyBlob), g_rgbDes168BitKeyBlob, sizeof(g_rgbDes168BitKeyBlob), g_rgb3DesCipherText, sizeof(g_rgb3DesCipherText)))) dwError = dwSts;
return dwError;}
static BYTE rgbPlainText[] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};static BYTE rgbIV[] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
BYTE rgbRC2PlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x02, 0x66, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x62, 0x0a, 0x8a, 0x6b, 0x0d, 0x60, 0xbe, 0xf3, 0x94, 0x99, 0x12, 0xef, 0x39, 0xbf, 0x4f};
BYTE rgbRC2CipherText [] = { 0xfd, 0x25, 0x3e, 0x7a, 0xff, 0xb5, 0xc2, 0x6e, 0x13, 0xcf, 0x52, 0xf1, 0xba, 0xa3, 0x9a, 0xef, 0x1c, 0xfb, 0x91, 0x88, 0x9d, 0xf7, 0xe5, 0x12 };
BYTE rgbDESPlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x01, 0x66, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0xef, 0x8f, 0x10, 0xec, 0xea, 0x7a, 0x2c, 0x01};
BYTE rgbDESCipherText [] = { 0x13, 0x68, 0x16, 0xc5, 0x15, 0x3d, 0x59, 0x1f, 0x8e, 0x9c, 0x9c, 0x4f, 0x03, 0x7b, 0xb2, 0x12, 0x24, 0xa7, 0x81, 0x5e, 0x68, 0xb1, 0x58, 0xaa};
BYTE rgb3DES112PlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x09, 0x66, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x6d, 0x07, 0xcd, 0xe9, 0xa4, 0x23, 0xc7, 0x97, 0x4a, 0x4f, 0x5b, 0x2f, 0x34, 0x92, 0xb5, 0x92};
BYTE rgb3DES112CipherText [] = { 0xf4, 0xfd, 0xde, 0x15, 0xfd, 0x50, 0xaa, 0x3c, 0x02, 0xb1, 0x07, 0x3b, 0x0f, 0x0f, 0x93, 0x23, 0xc2, 0x23, 0xda, 0x1f, 0x65, 0x81, 0x59, 0x24};
BYTE rgb3DESCipherText [] = { 0xa6, 0xae, 0xa2, 0x97, 0xc4, 0x85, 0xda, 0xa7, 0x43, 0xc8, 0x5d, 0xf4, 0x97, 0xb4, 0xbc, 0x03, 0x96, 0xf9, 0xa2, 0x66, 0x9e, 0x18, 0x91, 0x4a};
BYTE rgb3DESPlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x03, 0x66, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0xdc, 0x0d, 0x20, 0xf2, 0xcb, 0xa8, 0xb6, 0x15, 0x3e, 0x23, 0x38, 0xb6, 0x31, 0x62, 0x4a, 0x16, 0xa4, 0x49, 0xe5, 0xe5, 0x61, 0x76, 0x75, 0x23};
BYTE rgbAES128PlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x0e, 0x66, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, };
BYTE rgbAES128CipherText [] = { 0xc6, 0xa1, 0x3b, 0x37, 0x87, 0x8f, 0x5b, 0x82, 0x6f, 0x4f, 0x81, 0x62, 0xa1, 0xc8, 0xd8, 0x79, 0xb1, 0xa2, 0x92, 0x73, 0xbe, 0x2c, 0x42, 0x07, 0xa5, 0xac, 0xe3, 0x93, 0x39, 0x8c, 0xb6, 0xfb};
BYTE rgbAES192PlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x0f, 0x66, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, };
BYTE rgbAES192CipherText [] = { 0x91, 0x62, 0x51, 0x82, 0x1c, 0x73, 0xa5, 0x22, 0xc3, 0x96, 0xd6, 0x27, 0x38, 0x01, 0x96, 0x07, 0x5f, 0x9d, 0x65, 0x29, 0x74, 0x04, 0x30, 0x7e, 0x94, 0x97, 0xf4, 0x56, 0x25, 0xd5, 0xfd, 0x48};
BYTE rgbAES256PlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x10, 0x66, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
BYTE rgbAES256CipherText [] = { 0xf2, 0x90, 0x00, 0xb6, 0x2a, 0x49, 0x9f, 0xd0, 0xa9, 0xf3, 0x9a, 0x6a, 0xdd, 0x2e, 0x77, 0x80, 0x53, 0xc8, 0x74, 0x2d, 0x0e, 0xa2, 0x9b, 0x27, 0x12, 0xf6, 0xc7, 0xaf, 0x40, 0x48, 0xf4, 0xb4};
typedef struct _KnownBlockCipherResult { ALG_ID ai; BYTE *pbKey; DWORD cbKey; BYTE *pbCipherText; DWORD cbCipherText;} KnownBlockCipherResult, *pKnownBlockCipherResult;
KnownBlockCipherResult g_rgKnownBlockCipherResults [] = { { CALG_RC2, rgbRC2PlainTextKey, sizeof(rgbRC2PlainTextKey), rgbRC2CipherText, sizeof(rgbRC2CipherText) }, { CALG_DES, rgbDESPlainTextKey, sizeof(rgbDESPlainTextKey), rgbDESCipherText, sizeof(rgbDESCipherText) }, { CALG_3DES_112, rgb3DES112PlainTextKey, sizeof(rgb3DES112PlainTextKey), rgb3DES112CipherText, sizeof(rgb3DES112CipherText) }, { CALG_3DES, rgb3DESPlainTextKey, sizeof(rgb3DESPlainTextKey), rgb3DESCipherText, sizeof(rgb3DESCipherText) }, { CALG_AES_128, rgbAES128PlainTextKey, sizeof(rgbAES128PlainTextKey), rgbAES128CipherText, sizeof(rgbAES128CipherText) }, { CALG_AES_192, rgbAES192PlainTextKey, sizeof(rgbAES192PlainTextKey), rgbAES192CipherText, sizeof(rgbAES192CipherText) }, { CALG_AES_256, rgbAES256PlainTextKey, sizeof(rgbAES256PlainTextKey), rgbAES256CipherText, sizeof(rgbAES256CipherText) }};
static const unsigned g_cKnownBlockCipherResults = sizeof(g_rgKnownBlockCipherResults) / sizeof(KnownBlockCipherResult);
//
// Function: KnownSymKeyRegression
//
DWORD KnownBlockCipherKeyRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; BOOL fBlobError = FALSE; HCRYPTKEY hPubKey = 0; HCRYPTKEY hSymKey = 0; PALGNODE pAlgNode = NULL; PBYTE pb = NULL; DWORD cb = 0; DWORD cbBuf = 0; DWORD dw = 0; CHAR rgsz[1024]; unsigned u;
for ( pAlgNode = pThreadData->pAlgList; pAlgNode != NULL; pAlgNode = pAlgNode->pNext) { if ((ALG_CLASS_DATA_ENCRYPT != GET_ALG_CLASS(pAlgNode->EnumalgsEx.aiAlgid)) || (ALG_TYPE_BLOCK != GET_ALG_TYPE(pAlgNode->EnumalgsEx.aiAlgid))) continue;
for ( u = 0; u < g_cKnownBlockCipherResults && pAlgNode->EnumalgsEx.aiAlgid != g_rgKnownBlockCipherResults[u].ai; u++);
// CYLINK_MEK is not supported with PLAINTEXTKEYBLOB's
if (CALG_CYLINK_MEK == pAlgNode->EnumalgsEx.aiAlgid) continue;
sprintf( rgsz, "Importing 0x%x blob for CSP alg %s (0x%x)", g_rgKnownBlockCipherResults[u].ai, pAlgNode->EnumalgsEx.szName, pAlgNode->EnumalgsEx.aiAlgid);
PrintBytes( rgsz, g_rgKnownBlockCipherResults[u].pbKey, g_rgKnownBlockCipherResults[u].cbKey);
if (! CryptImportKey( pThreadData->hProv, g_rgKnownBlockCipherResults[u].pbKey, g_rgKnownBlockCipherResults[u].cbKey, 0, 0, &hSymKey)) { printf("CryptImportKey "); goto Ret; }
if (! CryptSetKeyParam(hSymKey, KP_IV, rgbIV, 0)) { printf("CryptSetKeyParam "); goto Ret; }
dw = CRYPT_MODE_CBC; if (! CryptSetKeyParam(hSymKey, KP_MODE, (PBYTE) &dw, 0)) { printf("CryptSetKeyParam "); goto Ret; }
cb = sizeof(rgbPlainText); if (! CryptEncrypt(hSymKey, 0, TRUE, 0, NULL, &cb, 0)) { printf("CryptEncrypt "); goto Ret; }
if (NULL == (pb = (PBYTE) MyAlloc(cb))) return ERROR_NOT_ENOUGH_MEMORY;
cbBuf = cb; cb = sizeof(rgbPlainText); memcpy(pb, rgbPlainText, cb);
if (! CryptEncrypt(hSymKey, 0, TRUE, 0, pb, &cb, cbBuf)) { printf("CryptEncrypt "); goto Ret; }
if (0 != memcmp(pb, g_rgKnownBlockCipherResults[u].pbCipherText, cb) || 0 == cb) { printf( "\nCiphertext is wrong for alg %s\n", pAlgNode->EnumalgsEx.szName); PrintBytes( "Expected ciphertext", g_rgKnownBlockCipherResults[u].pbCipherText, cb); PrintBytes( "Actual ciphertext", pb, cb); fBlobError = TRUE; }
// Verify decryption as well
if (! CryptDecrypt(hSymKey, 0, TRUE, 0, pb, &cb)) { printf("CryptDecrypt "); goto Ret; }
if (0 != memcmp(pb, rgbPlainText, sizeof(rgbPlainText))) { printf( "\nPlaintext is wrong for alg %s\n", pAlgNode->EnumalgsEx.szName); PrintBytes( "Expected plaintext", rgbPlainText, sizeof(rgbPlainText)); PrintBytes( "Actual plaintext", pb, cb); fBlobError = TRUE; }
MyFree(pb); pb = NULL; }
fSuccess = TRUE;Ret: if (fBlobError) dwError = -1; if ((! fSuccess) && (! fBlobError)) printf("- error 0x%x\n", dwError = GetLastError());
return dwError;}
#define MY_AES_BLOCKSIZE 16
#define MY_HALF_AES_BLOCKSIZE 8
//
// Function: AESMonteCarloCBCRegression
//
DWORD AESMonteCarloCBCRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; BYTE rgbAESPlainTextKey [] = { 0x08, 0x02, 0x00, 0x00, 0x10, 0x66, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; BLOBHEADER *pBlobHeader = NULL; DWORD cbKey = 0, cb = 0, dwParam = 0; BYTE rgbData [MY_AES_BLOCKSIZE * 2]; unsigned il, ol; HCRYPTKEY hKey = 0; BOOL fError = FALSE; PBYTE pbPT = NULL, pbCV = NULL, pbCT = NULL; fpos_t fpos;
BYTE rgbCBC_E_128_Result [] = { 0x2F, 0x84, 0x4C, 0xBF, 0x78, 0xEB, 0xA7, 0x0D, 0xA7, 0xA4, 0x96, 0x01, 0x38, 0x8F, 0x1A, 0xB6 //0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
//0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D
}; BYTE rgbCBC_E_192_Result [] = { //0xBA, 0x50, 0xC9, 0x44, 0x40, 0xC0, 0x4A, 0x8C,
//0x08, 0x99, 0xD4, 0x26, 0x58, 0xE2, 0x54, 0x37
0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 }; BYTE rgbCBC_E_256_Result [] = { //0xC0, 0xFE, 0xFF, 0xF0, 0x75, 0x06, 0xA0, 0xB4,
//0xCD, 0x7B, 0x8B, 0x0C, 0xF2, 0x5D, 0x36, 0x64
0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 };
BYTE rgbCBC_D_128_Result [] = { //0x9B, 0x8F, 0xB7, 0x1E, 0x03, 0x5C, 0xEF, 0xF9,
//0xCB, 0xFA, 0x13, 0x46, 0xE5, 0xAC, 0xEF, 0xE0
0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 }; BYTE rgbCBC_D_192_Result [] = { //0x63, 0x42, 0xBF, 0xDD, 0xD2, 0xF6, 0x61, 0x03,
//0x50, 0x45, 0x8B, 0x66, 0x95, 0x46, 0x34, 0x84
0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B }; BYTE rgbCBC_D_256_Result [] = { //0xCD, 0x64, 0x29, 0xCF, 0x3F, 0x81, 0xF8, 0xB4,
//0xF8, 0x2B, 0xC6, 0x27, 0xA8, 0x28, 0x30, 0x96
0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 };
memset(rgbData, 0, sizeof(rgbData));
pBlobHeader = (BLOBHEADER *) rgbAESPlainTextKey; pBlobHeader->aiKeyAlg = CALG_AES_128; cbKey = 16; *((PDWORD) (rgbAESPlainTextKey + sizeof(BLOBHEADER))) = cbKey;
pbCV = rgbData; pbPT = rgbData; pbCT = rgbData; cb = MY_AES_BLOCKSIZE;
printf("\n");
for (ol = 0; ol < 400; ol++) { if (hKey) { if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey "); goto Ret; } hKey = 0; }
((PUINT64) (rgbAESPlainTextKey + sizeof(BLOBHEADER) + sizeof(DWORD)))[0] ^= ((PUINT64) pbCT)[0]; ((PUINT64) (rgbAESPlainTextKey + sizeof(BLOBHEADER) + sizeof(DWORD)))[1] ^= ((PUINT64) pbCT)[1];
if (! CryptImportKey( pThreadData->hProv, rgbAESPlainTextKey, sizeof(BLOBHEADER) + sizeof(DWORD) + cbKey, 0, 0, &hKey)) { printf("CryptImportKey "); goto Ret; } dwParam = CRYPT_MODE_CBC; if (! CryptSetKeyParam(hKey, KP_MODE, (PBYTE) &dwParam, 0)) { printf("CryptSetKeyParam "); goto Ret; }
for (il = 0; il < 10000; il++) { ((PUINT64) pbPT)[0] ^= ((PUINT64) pbCV)[0]; ((PUINT64) pbPT)[1] ^= ((PUINT64) pbCV)[1]; if (! CryptEncrypt(hKey, 0, FALSE, 0, pbPT, &cb, sizeof(rgbData))) { printf("CryptEncrypt "); goto Ret; } pbCT = pbPT; if (0 == il && 0 == ol) pbPT += MY_AES_BLOCKSIZE; else { if (rgbData + MY_AES_BLOCKSIZE == pbPT) pbPT = rgbData; else pbPT += MY_AES_BLOCKSIZE; if (rgbData + MY_AES_BLOCKSIZE == pbCV) pbCV = rgbData; else pbCV += MY_AES_BLOCKSIZE; } } }
if (0 != memcmp(pbCT, rgbCBC_E_128_Result, sizeof(rgbCBC_E_128_Result))) { printf("\nCiphertext is wrong for CBC E 128\n"); PrintBytes( "Expected", rgbCBC_E_128_Result, sizeof(rgbCBC_E_128_Result)); PrintBytes( "Actual", pbCT, sizeof(rgbCBC_E_128_Result)); fError = TRUE; } fSuccess = TRUE;Ret: if (! fSuccess) dwError = GetLastError(); if (fError && 0 == dwError) dwError = -1; if (hKey) CryptDestroyKey(hKey); return dwError;}//
// Function: CFBCipherModeRegression
//
DWORD CFBCipherModeRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; BOOL fBlobError = FALSE; HCRYPTKEY hSymKey = 0; PALGNODE pAlgNode = NULL; DWORD dw = 0; DWORD cb = 0; DWORD cbBuf = 0; PBYTE pb = NULL; CHAR rgsz[1024]; unsigned u; BYTE rgbCFBPlainText[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10 };
for ( pAlgNode = pThreadData->pAlgList; pAlgNode != NULL; pAlgNode = pAlgNode->pNext) { if ((ALG_CLASS_DATA_ENCRYPT != GET_ALG_CLASS(pAlgNode->EnumalgsEx.aiAlgid)) || (ALG_TYPE_BLOCK != GET_ALG_TYPE(pAlgNode->EnumalgsEx.aiAlgid))) continue;
for ( u = 0; u < g_cKnownBlockCipherResults && pAlgNode->EnumalgsEx.aiAlgid != g_rgKnownBlockCipherResults[u].ai; u++);
// CYLINK_MEK is not supported with PLAINTEXTKEYBLOB's
if (CALG_CYLINK_MEK == pAlgNode->EnumalgsEx.aiAlgid) continue;
sprintf( rgsz, "Importing 0x%x blob for CSP alg %s (0x%x)", g_rgKnownBlockCipherResults[u].ai, pAlgNode->EnumalgsEx.szName, pAlgNode->EnumalgsEx.aiAlgid);
PrintBytes( rgsz, g_rgKnownBlockCipherResults[u].pbKey, g_rgKnownBlockCipherResults[u].cbKey);
if (! CryptImportKey( pThreadData->hProv, g_rgKnownBlockCipherResults[u].pbKey, g_rgKnownBlockCipherResults[u].cbKey, 0, 0, &hSymKey)) { printf("CryptImportKey "); goto Ret; }
if (! CryptSetKeyParam(hSymKey, KP_IV, rgbIV, 0)) { printf("CryptSetKeyParam "); goto Ret; }
dw = CRYPT_MODE_CFB; if (! CryptSetKeyParam(hSymKey, KP_MODE, (PBYTE) &dw, 0)) { printf("CryptSetKeyParam "); goto Ret; } cb = sizeof(rgbPlainText); if (! CryptEncrypt(hSymKey, 0, TRUE, 0, NULL, &cb, 0)) { printf("CryptEncrypt "); goto Ret; }
if (NULL == (pb = (PBYTE) MyAlloc(cb))) return ERROR_NOT_ENOUGH_MEMORY;
cbBuf = cb; cb = sizeof(rgbCFBPlainText); memcpy(pb, rgbCFBPlainText, cb);
if (! CryptEncrypt(hSymKey, 0, TRUE, 0, pb, &cb, cbBuf)) { printf("CryptEncrypt "); goto Ret; }
if (0 == memcmp(pb, rgbCFBPlainText, sizeof(rgbCFBPlainText))) { printf("Ciphertext matches plaintext "); goto Ret; } // Verify decryption
if (! CryptDecrypt(hSymKey, 0, TRUE, 0, pb, &cb)) { printf("CryptDecrypt "); goto Ret; }
if (0 != memcmp(pb, rgbCFBPlainText, sizeof(rgbCFBPlainText))) { printf( "Plaintext is wrong for alg %s\n", pAlgNode->EnumalgsEx.szName); PrintBytes( "Expected plaintext", rgbCFBPlainText, sizeof(rgbCFBPlainText)); PrintBytes( "Actual plaintext", pb, cb); fBlobError = TRUE; }
MyFree(pb); pb = NULL; } fSuccess = TRUE;Ret: if (fBlobError) dwError = -1; if ((! fSuccess) && (! fBlobError)) printf("- error 0x%x\n", dwError = GetLastError());
return dwError;}
typedef struct _HMAC_TEST{ PBYTE pbKey; DWORD cbKey; PBYTE pbData; DWORD cbData; PBYTE pbData2; DWORD cbData2; PBYTE pbHmac; DWORD cbHmac; ALG_ID aiHash;} HMAC_TEST, *PHMAC_TEST;
//
// Function: DoHmacTestCase
//
DWORD DoHmacTestCase( IN PTHREAD_DATA pThreadData, IN PHMAC_TEST pHmac){ HCRYPTKEY hKey = 0; HCRYPTHASH hHash = 0; DWORD cb = 0; BLOBHEADER *pHeader = NULL; BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS; BYTE rgBuf[1024]; HMAC_INFO HmacInfo;
ZeroMemory(rgBuf, sizeof(rgBuf)); ZeroMemory(&HmacInfo, sizeof(HmacInfo));
pHeader = (BLOBHEADER *) rgBuf; pHeader->bType = PLAINTEXTKEYBLOB; pHeader->bVersion = CUR_BLOB_VERSION; pHeader->aiKeyAlg = CALG_RC2;
*(DWORD*)(rgBuf + sizeof(BLOBHEADER)) = pHmac->cbKey; memcpy( rgBuf + sizeof(BLOBHEADER) + sizeof(DWORD), pHmac->pbKey, pHmac->cbKey);
if (! CryptImportKey( pThreadData->hProv, rgBuf, sizeof(BLOBHEADER) + sizeof(DWORD) + pHmac->cbKey, 0, CRYPT_IPSEC_HMAC_KEY, &hKey)) { printf("CryptImportKey"); goto Ret; }
if (! CryptCreateHash( pThreadData->hProv, CALG_HMAC, hKey, 0, &hHash)) { printf("CryptCreateHash"); goto Ret; }
HmacInfo.HashAlgid = pHmac->aiHash; if (! CryptSetHashParam( hHash, HP_HMAC_INFO, (PBYTE) &HmacInfo, 0)) { printf("CryptSetHashParam"); goto Ret; }
if (! CryptHashData( hHash, pHmac->pbData, pHmac->cbData, 0)) { printf("CryptHashData"); goto Ret; }
if (pHmac->cbData2) { if (! CryptHashData( hHash, pHmac->pbData2, pHmac->cbData2, 0)) { printf("CryptHashData 2"); goto Ret; } }
cb = sizeof(rgBuf); ZeroMemory(rgBuf, sizeof(rgBuf)); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgBuf, &cb, 0)) { printf("CryptGetHashParam"); goto Ret; }
PrintBytes("Expected Hmac", pHmac->pbHmac, pHmac->cbHmac); PrintBytes("Actual Hmac", rgBuf, cb);
if ( 0 != memcmp(rgBuf, pHmac->pbHmac, cb) || cb != pHmac->cbHmac) goto Ret;
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey"); goto Ret; } hKey = 0;
if (! CryptDestroyHash(hHash)) { printf("CryptDestroyHash"); goto Ret; } hHash = 0;
fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError(); printf(" error - 0x%x\n", dwError); if (0 == dwError) dwError = -1; }
if (hKey) CryptDestroyKey(hKey); if (hHash) CryptDestroyHash(hHash); return dwError;}
//
// Function: HmacRegression
//
DWORD HmacRegression(PTHREAD_DATA pThreadData){ BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS; HMAC_TEST Hmac; // SHA Test case 1
BYTE rgKey1 [] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; LPSTR pszData1 = "Hi There"; BYTE rgHmac1 [] = { 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 0xf1, 0x46, 0xbe, 0x00 };
// SHA Test case 2
BYTE rgKey2 [] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19 }; BYTE rgData2 [50]; BYTE rgHmac2 [] = { 0x4c, 0x90, 0x07, 0xf4, 0x02, 0x62, 0x50, 0xc6, 0xbc, 0x84, 0x14, 0xf9, 0xbf, 0x50, 0xc8, 0x6c, 0x2d, 0x72, 0x35, 0xda };
// SHA Test case 3
BYTE rgKey3 [80]; LPSTR pszData3 = "Test Using Larger Than Block-Size Key - Hash Key First"; BYTE rgHmac3 [] = { 0xaa, 0x4a, 0xe5, 0xe1, 0x52, 0x72, 0xd0, 0x0e, 0x95, 0x70, 0x56, 0x37, 0xce, 0x8a, 0x3b, 0x55, 0xed, 0x40, 0x21, 0x12 };
// MD5 Test case 1
// use rgKey1 (16 bytes only) and pszData1
BYTE rgHmacMD1 [] = { 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d };
// MD5 Test case 2
// use rgKey3 (full length) and pszData3
BYTE rgHmacMD2 [] = { 0x6b, 0x1a, 0xb7, 0xfe, 0x4b, 0xd7, 0xbf, 0x8f, 0x0b, 0x62, 0xe6, 0xce, 0x61, 0xb9, 0xd0, 0xcd };
// IPSec MD5 vectors
BYTE rgKeyIpsec [] = { 0x66, 0x6f, 0x6f }; BYTE rgDataIpsecA [] = { 0x38, 0x8e, 0x5e, 0x8a, 0xb0, 0x79, 0x16, 0x47, 0x29, 0x1b, 0xf0, 0x02, 0x78, 0x5e, 0x38, 0xe5, 0x82, 0x3c, 0x17, 0x0d }; BYTE rgDataIpsecB [] = { 0x34, 0xdd, 0xdb, 0x22, 0x9e, 0x21, 0x75, 0x28, 0x5e, 0x4d, 0x7d, 0xdf, 0xea, 0x35, 0xc5, 0xfc, 0x44, 0xdb, 0x62, 0xad }; BYTE rgHmacIpsec [] = { 0x52, 0x07, 0x38, 0x15, 0xef, 0xb0, 0x68, 0x43, 0x89, 0x8e, 0x0b, 0xdc, 0x58, 0xc0, 0x70, 0xc0 };
memset(rgData2, 0xcd, sizeof(rgData2)); memset(rgKey3, 0xaa, sizeof(rgKey3));
// SHA 1
ZeroMemory(&Hmac, sizeof(HMAC_TEST)); Hmac.cbData = strlen(pszData1) * sizeof(CHAR); Hmac.pbData = (PBYTE) pszData1; Hmac.cbHmac = sizeof(rgHmac1); Hmac.pbHmac = rgHmac1; Hmac.cbKey = sizeof(rgKey1); Hmac.pbKey = rgKey1; Hmac.aiHash = CALG_SHA1;
if (ERROR_SUCCESS != (dwError = DoHmacTestCase(pThreadData, &Hmac))) { printf("ERROR: DoHmacTestCase SHA 1\n"); return dwError; }
// SHA 2
ZeroMemory(&Hmac, sizeof(HMAC_TEST)); Hmac.cbData = sizeof(rgData2); Hmac.pbData = rgData2; Hmac.cbHmac = sizeof(rgHmac2); Hmac.pbHmac = rgHmac2; Hmac.cbKey = sizeof(rgKey2); Hmac.pbKey = rgKey2; Hmac.aiHash = CALG_SHA1;
if (ERROR_SUCCESS != (dwError = DoHmacTestCase(pThreadData, &Hmac))) { printf("ERROR: DoHmacTestCase SHA 2\n"); return dwError; }
// SHA 3
ZeroMemory(&Hmac, sizeof(HMAC_TEST)); Hmac.cbData = strlen(pszData3) * sizeof(CHAR); Hmac.pbData = (PBYTE) pszData3; Hmac.cbHmac = sizeof(rgHmac3); Hmac.pbHmac = rgHmac3; Hmac.cbKey = sizeof(rgKey3); Hmac.pbKey = rgKey3; Hmac.aiHash = CALG_SHA1;
if (ERROR_SUCCESS != (dwError = DoHmacTestCase(pThreadData, &Hmac))) { printf("ERROR: DoHmacTestCase SHA 3\n"); return dwError; }
// MD5 1
ZeroMemory(&Hmac, sizeof(HMAC_TEST)); Hmac.cbData = strlen(pszData1) * sizeof(CHAR); Hmac.pbData = (PBYTE) pszData1; Hmac.cbHmac = sizeof(rgHmacMD1); Hmac.pbHmac = rgHmacMD1; Hmac.cbKey = 16; // only 16-byte key for this one
Hmac.pbKey = rgKey1; Hmac.aiHash = CALG_MD5;
if (ERROR_SUCCESS != (dwError = DoHmacTestCase(pThreadData, &Hmac))) { printf("ERROR: DoHmacTestCase MD5 1\n"); return dwError; }
// MD5 2
ZeroMemory(&Hmac, sizeof(HMAC_TEST)); Hmac.cbData = strlen(pszData3) * sizeof(CHAR); Hmac.pbData = (PBYTE) pszData3; Hmac.cbHmac = sizeof(rgHmacMD2); Hmac.pbHmac = rgHmacMD2; Hmac.cbKey = sizeof(rgKey3); Hmac.pbKey = rgKey3; Hmac.aiHash = CALG_MD5;
if (ERROR_SUCCESS != (dwError = DoHmacTestCase(pThreadData, &Hmac))) { printf("ERROR: DoHmacTestCase MD5 2\n"); return dwError; }
// MD5 Ipsec vector
ZeroMemory(&Hmac, sizeof(HMAC_TEST)); Hmac.cbData = sizeof(rgDataIpsecA); Hmac.pbData = rgDataIpsecA; Hmac.cbData2 = sizeof(rgDataIpsecB); Hmac.pbData2 = rgDataIpsecB; Hmac.cbHmac = sizeof(rgHmacIpsec); Hmac.pbHmac = rgHmacIpsec; Hmac.cbKey = sizeof(rgKeyIpsec); Hmac.pbKey = rgKeyIpsec; Hmac.aiHash = CALG_MD5;
if (ERROR_SUCCESS != (dwError = DoHmacTestCase(pThreadData, &Hmac))) { printf("ERROR: DoHmacTestCase MD5 Ipsec\n"); return dwError; }
return ERROR_SUCCESS;}
//
// Function: KeyArchiveRegression
//
// Not thread safe
//
DWORD KeyArchiveRegression(PTHREAD_DATA pThreadData){ HCRYPTPROV hProv = 0; HCRYPTKEY hKey = 0; DWORD dwError = 0; LPSTR pszContainer = "KeyArchiveRegression"; BYTE rgbKey[2048]; DWORD cbKey; DWORD dwData; DWORD cbData; BOOL fSuccess = FALSE;
CryptAcquireContext( &hProv, pszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_DELETEKEYSET);
if (! CryptAcquireContext( &hProv, pszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_NEWKEYSET)) { printf("CryptAcquireContext newkeyset "); goto Ret; }
if (! CryptGenKey( hProv, AT_SIGNATURE, CRYPT_ARCHIVABLE, &hKey)) { printf("CryptGenKey archivable "); goto Ret; }
cbData = sizeof(dwData); if (! CryptGetKeyParam( hKey, KP_PERMISSIONS, (PBYTE) &dwData, &cbData, 0)) { printf("CryptGetKeyParam "); goto Ret; }
if (! ((CRYPT_ARCHIVE & dwData) && (! (CRYPT_EXPORT & dwData)))) { printf("incorrect KP_PERMISSIONS "); goto Ret; }
cbKey = sizeof(rgbKey); if (! CryptExportKey( hKey, 0, PRIVATEKEYBLOB, 0, rgbKey, &cbKey)) { printf("CryptExportKey privatekeyblob "); goto Ret; }
if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey "); goto Ret; }
if (! CryptReleaseContext(hProv, 0)) { printf("CryptReleaseContext "); goto Ret; }
if (! CryptAcquireContext( &hProv, pszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, 0)) { printf("CryptAcquireContext "); goto Ret; }
if (! CryptGetUserKey(hProv, AT_SIGNATURE, &hKey)) { printf("CryptGetUserKey "); goto Ret; }
// try to set the key export/archive perms; should fail
cbData = sizeof(dwData); if (! CryptGetKeyParam( hKey, KP_PERMISSIONS, (PBYTE) &dwData, &cbData, 0)) { printf("CryptGetKeyParam "); goto Ret; }
dwData |= CRYPT_EXPORT | CRYPT_ARCHIVE;
// should fail
if (CryptSetKeyParam(hKey, KP_PERMISSIONS, (PBYTE) &dwData, 0)) { printf("CryptSetKeyParam should have failed "); goto Ret; } // should fail
cbKey = sizeof(rgbKey); if (CryptExportKey( hKey, 0, PRIVATEKEYBLOB, 0, rgbKey, &cbKey)) { printf("CryptExportKey should have failed "); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) printf("- error 0x%x\n", dwError = GetLastError()); if (hKey) CryptDestroyKey(hKey); if (hProv) CryptReleaseContext(hProv, 0);
return dwError;}
//
// Function: PlaintextBlobRegression
//
DWORD PlaintextBlobRegression(PTHREAD_DATA pThreadData){ HCRYPTKEY hKey = 0; DWORD cbKey = 0; PBYTE pbKey = NULL; PALGNODE pAlgNode = NULL; BLOBHEADER *header = NULL; PBYTE pbTemp = NULL; DWORD cbData, cb; BYTE rgbData[1024]; BOOL fSuccess = FALSE; DWORD dwError = ERROR_SUCCESS; DWORD cbKeySize = 0;
// try an invalid key type
if (CryptExportKey( pThreadData->hSignatureKey, 0, PLAINTEXTKEYBLOB, 0, NULL, &cbKey)) { printf("CryptExportKey plaintextkeyblob should have failed "); goto Ret; }
// try all the valid key types
for (pAlgNode = pThreadData->pAlgList; pAlgNode != NULL; pAlgNode = pAlgNode->pNext) { if (ALG_CLASS_DATA_ENCRYPT != GET_ALG_CLASS(pAlgNode->EnumalgsEx.aiAlgid) || (ALG_TYPE_BLOCK != GET_ALG_TYPE(pAlgNode->EnumalgsEx.aiAlgid) && ALG_TYPE_STREAM != GET_ALG_TYPE(pAlgNode->EnumalgsEx.aiAlgid))) continue;
// Plaintext import not supported for CYLINK_MEK
if (CALG_CYLINK_MEK == pAlgNode->EnumalgsEx.aiAlgid) continue;
/*
if (PROV_DSS == pThreadData->dwProvType || PROV_DSS_DH == pThreadData->dwProvType) { cbKeySize = pAlgNode->EnumalgsEx.dwMaxLen / 8; } else { */ switch (pAlgNode->EnumalgsEx.aiAlgid) { case CALG_DES: cbKeySize = pAlgNode->EnumalgsEx.dwMaxLen / 8 + 1; break; case CALG_3DES_112: cbKeySize = pAlgNode->EnumalgsEx.dwMaxLen / 8 + 2; break; case CALG_3DES: cbKeySize = pAlgNode->EnumalgsEx.dwMaxLen / 8 + 3; break; default: cbKeySize = pAlgNode->EnumalgsEx.dwMaxLen / 8; } /*
} */
printf( "Importing Alg: %xh (%s), Size: %d bits\n", pAlgNode->EnumalgsEx.aiAlgid, pAlgNode->EnumalgsEx.szName, cbKeySize * 8);
cbKey = sizeof(BLOBHEADER) + sizeof(DWORD) + cbKeySize; if (NULL == (pbKey = (PBYTE) MyAlloc(cbKey))) return ERROR_NOT_ENOUGH_MEMORY;
header = (BLOBHEADER *) pbKey; header->aiKeyAlg = pAlgNode->EnumalgsEx.aiAlgid; header->bType = PLAINTEXTKEYBLOB; header->bVersion = CUR_BLOB_VERSION; header->reserved = 0;
pbTemp = pbKey + sizeof(BLOBHEADER); *((DWORD*)pbTemp) = cbKeySize; pbTemp += sizeof(DWORD);
// create some key data
if (! CryptGenRandom( pThreadData->hProv, cbKeySize, pbTemp)) { printf("CryptGenRandom "); goto Ret; }
if (! CryptImportKey( pThreadData->hProv, pbKey, cbKey, 0, CRYPT_EXPORTABLE, &hKey)) { printf("CryptImportKey "); goto Ret; }
MyFree(pbKey);
// create some data to encrypt
if (! CryptGenRandom( pThreadData->hProv, sizeof(rgbData), rgbData)) { printf("CryptGenRandom "); goto Ret; }
cbData = sizeof(rgbData); cb = cbData / 2; if (! CryptEncrypt( hKey, 0, TRUE, 0, rgbData, &cb, cbData)) { printf("CryptEncrypt "); goto Ret; }
if (! CryptExportKey( hKey, 0, PLAINTEXTKEYBLOB, 0, NULL, &cbKey)) { printf("CryptExportKey size "); goto Ret; }
if (NULL == (pbKey = (PBYTE) MyAlloc(cbKey))) return ERROR_NOT_ENOUGH_MEMORY;
if (! CryptExportKey( hKey, 0, PLAINTEXTKEYBLOB, 0, pbKey, &cbKey)) { printf("CryptExportKey "); goto Ret; }
// check the blob
header = (BLOBHEADER *) pbKey; if (pAlgNode->EnumalgsEx.aiAlgid != header->aiKeyAlg) { printf("header->aiKeyAlg is wrong "); goto Ret; } if (CUR_BLOB_VERSION != header->bVersion) { printf("header->bVersion is wrong "); goto Ret; } if (0 != header->reserved) { printf("header->reserved is wrong "); goto Ret; } if (PLAINTEXTKEYBLOB != header->bType) { printf("header->bType is wrong "); goto Ret; }
pbTemp = pbKey + sizeof(BLOBHEADER); if (cbKeySize != *((DWORD*)pbTemp)) { printf( "blob key size is %d, but should be %d ", *((DWORD*)pbTemp), cbKeySize); goto Ret; }
MyFree(pbKey); if (! CryptDestroyKey(hKey)) { printf("CryptDestroyKey "); hKey = 0; goto Ret; } hKey = 0; }
fSuccess = TRUE;Ret: if (! fSuccess) printf("- error 0x%x\n", dwError = GetLastError()); if (hKey) CryptDestroyKey(hKey);
return dwError;}
//
// Function: LoadAesCspRegression
//
DWORD LoadAesCspRegression(PTHREAD_DATA pThreadData){ DWORD dwError = 0; BOOL fSuccess = FALSE; HMODULE hMod = NULL;
if (NULL == (hMod = LoadLibraryEx(RSA_AES_CSP, NULL, 0))) { printf("LoadLibraryEx %s ", RSA_AES_CSP); goto Ret; }
if (! FreeLibrary(hMod)) { printf("FreeLibrary %s ", RSA_AES_CSP); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) printf("- error 0x%x\n", dwError = GetLastError());
return dwError;}
DWORD VerifyPinCallback(PPINCACHE_PINS pPins, PVOID pvData){ DWORD dwReturn = *(DWORD*)pvData;
PrintBytes( "VerifyPinCallback current pin", pPins->pbCurrentPin, pPins->cbCurrentPin); PrintBytes( "VerifyPinCallback new pin", pPins->pbNewPin, pPins->cbNewPin);
return dwReturn;}
static USHORT l_uTestLogonID;
void SetLogonID(USHORT uLogon){ l_uTestLogonID = uLogon; }
void GetLogonID(LUID *pLuid){ memset(pLuid, l_uTestLogonID, sizeof(LUID));}
BOOL MyGetTokenInformation( HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength){ NTSTATUS status = NtQueryInformationToken( TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength, ReturnLength);
if (TokenStatistics == TokenInformationClass) { printf("MyGetTokenInformation: intercepted TokenStatistics call\n"); GetLogonID(&((TOKEN_STATISTICS*) TokenInformation)->AuthenticationId); }
return (S_OK == status);}
//
// Function: PinCacheRegression
//
DWORD PinCacheRegression(PTHREAD_DATA pThreadData){ DWORD dwError = 0; BOOL fSuccess = FALSE; PINCACHE_HANDLE hCache = NULL; BYTE rgPin[] = { 1, 2, 3, 4 }; DWORD cbPin = sizeof(rgPin); BYTE rgPin2[] = { 5, 6, 7, 8, 9 }; BYTE *pbPin = NULL; PFN_VERIFYPIN_CALLBACK pfnVerifyPin = VerifyPinCallback; DWORD dwCallbackReturn; PINCACHE_PINS Pins; int i;
ZeroMemory(&Pins, sizeof(PINCACHE_PINS));
Pins.cbCurrentPin = sizeof(rgPin); Pins.pbCurrentPin = rgPin;
dwCallbackReturn = 0x7070; if (0x7070 != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd with callback fail "); goto Ret; }
//
// (0)
// Cache uninitialized
//
SetLogonID(1); dwCallbackReturn = ERROR_SUCCESS; if (ERROR_SUCCESS != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd "); goto Ret; }
if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, NULL, &cbPin))) { printf("PinCacheQuery NULL for size "); goto Ret; }
if (NULL == (pbPin = (PBYTE) MyAlloc(cbPin))) return ERROR_NOT_ENOUGH_MEMORY;
cbPin--; if (ERROR_SUCCESS == (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery insufficient size succeeded "); goto Ret; }
if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery "); goto Ret; }
if (sizeof(rgPin) != RtlCompareMemory(pbPin, rgPin, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin, sizeof(rgPin)); printf("Cache is incorrect "); goto Ret; }
PinCacheFlush(&hCache);
if (NULL != hCache) { printf("PinCacheFlush should set hCache=NULL "); goto Ret; }
// Re-initialize to continue tests
if (ERROR_SUCCESS != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd "); goto Ret; }
//
// (1)
// Same LogonID, same Pin
//
if (ERROR_SUCCESS != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 1 "); goto Ret; } cbPin = sizeof(rgPin); if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 1 "); goto Ret; }
if (sizeof(rgPin) != RtlCompareMemory(pbPin, rgPin, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin, sizeof(rgPin)); printf("Cache is incorrect 1 "); goto Ret; } // Try a pin change
Pins.cbNewPin = sizeof(rgPin2); Pins.pbNewPin = rgPin2;
if (ERROR_SUCCESS != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 1 change "); goto Ret; } if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, NULL, &cbPin))) { printf("PinCacheQuery 1 change query "); goto Ret; }
MyFree(pbPin); pbPin = NULL; if (NULL == (pbPin = (PBYTE) MyAlloc(cbPin))) return ERROR_NOT_ENOUGH_MEMORY;
if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 1 change "); goto Ret; }
if (sizeof(rgPin2) != RtlCompareMemory(pbPin, rgPin2, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin, sizeof(rgPin)); printf("Cache is incorrect 1 change "); goto Ret; }
// Try a failed pin change
Pins.cbCurrentPin = sizeof(rgPin2); Pins.pbCurrentPin = rgPin2; Pins.cbNewPin = sizeof(rgPin); Pins.pbNewPin = rgPin; dwCallbackReturn = -1;
if (-1 != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 1 change-fail "); goto Ret; }
// Cache should have been preserved
cbPin = sizeof(rgPin2); ZeroMemory(pbPin, sizeof(rgPin2));
if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 1 change-fail "); goto Ret; }
if (sizeof(rgPin2) != RtlCompareMemory(pbPin, rgPin2, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin2, sizeof(rgPin2)); printf("Cache is incorrect 1 change-fail "); goto Ret; }
//
// (2)
// Different LogonID, different Pin
//
SetLogonID(2); Pins.cbCurrentPin -= 1; Pins.cbNewPin = 0; Pins.pbNewPin = NULL; dwCallbackReturn = ERROR_SUCCESS; if (SCARD_W_WRONG_CHV != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 2 "); goto Ret; }
SetLogonID(1); cbPin = sizeof(rgPin2); if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 2 "); goto Ret; }
if (sizeof(rgPin2) != RtlCompareMemory(pbPin, rgPin2, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin2, sizeof(rgPin2)); printf("Cache is incorrect 2 "); goto Ret; }
//
// (3)
// Different LogonID, same Pin
//
SetLogonID(2); Pins.cbCurrentPin = sizeof(rgPin2); if (ERROR_SUCCESS != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 3 "); goto Ret; }
cbPin = sizeof(rgPin2); if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 3 "); goto Ret; }
if (sizeof(rgPin2) != RtlCompareMemory(pbPin, rgPin2, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin2, sizeof(rgPin2)); printf("Cache is incorrect 3 "); goto Ret; }
SetLogonID(1); if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 3,1 "); goto Ret; }
if (0 != cbPin) { printf("PinCacheQuery 3,1 should have returned NULL pin "); goto Ret; }
//
// (4)
// Same LogonID, different Pin
//
SetLogonID(2); Pins.cbCurrentPin -= 1; if (SCARD_W_WRONG_CHV != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 4 "); goto Ret; }
// cache should have been left intact
cbPin = sizeof(rgPin2); if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 4 "); goto Ret; }
if (sizeof(rgPin2) != RtlCompareMemory(pbPin, rgPin2, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin2, sizeof(rgPin2)); printf("Cache is incorrect 4 "); goto Ret; }
if (! pThreadData->fSkipPinAttackTest) { //
// (5)
// Pin discovery attack
//
SetLogonID(2); Pins.cbCurrentPin -= 1; for (i = 0; i < 6; i++) { printf("PinCacheAdd should not delay ...\n"); if (SCARD_W_WRONG_CHV != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 5 . %d ", i); goto Ret; } } SetLogonID(1); for (i = 0; i < 6; i++) { printf("PinCacheAdd should delay ...\n"); if (SCARD_W_WRONG_CHV != (dwError = PinCacheAdd(&hCache, &Pins, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCacheAdd 6 . %d ", i); goto Ret; } } // cache should have been left intact
SetLogonID(2); Pins.cbCurrentPin += 1; cbPin = sizeof(rgPin2); if (ERROR_SUCCESS != (dwError = PinCacheQuery(hCache, pbPin, &cbPin))) { printf("PinCacheQuery 5 "); goto Ret; } if (sizeof(rgPin2) != RtlCompareMemory(pbPin, rgPin2, cbPin)) { PrintBytes("Actual cache", pbPin, cbPin); PrintBytes("Expected cache", rgPin2, sizeof(rgPin2)); printf("Cache is incorrect 5 "); goto Ret; } //
// Test PinCachePresentPin
//
dwCallbackReturn = 0x7070; if (0x7070 != (dwError = PinCachePresentPin(hCache, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCachePresentPin fail "); goto Ret; } SetLogonID(1); if (SCARD_W_CARD_NOT_AUTHENTICATED != (dwError = PinCachePresentPin(hCache, pfnVerifyPin, (PVOID) &dwCallbackReturn))) { printf("PinCachePresentPin wrong luid fail "); goto Ret; } }
dwError = ERROR_SUCCESS; fSuccess = TRUE;Ret: if (pbPin) MyFree(pbPin); if (hCache) PinCacheFlush(&hCache);
if (! fSuccess) { printf("- error 0x%x\n", dwError); if (0 == dwError) return -1; }
return dwError;}
//
// Function: VerifyDesKeyParams
//
DWORD VerifyDesKeyParams( IN HCRYPTKEY hKey, IN DWORD dwExpectedKeyLen, IN DWORD dwExpectedEffectiveKeyLen){ DWORD dwError = 0; DWORD dwParam = 0; DWORD cb = sizeof(dwParam); BOOL fSuccess = FALSE;
if (! CryptGetKeyParam(hKey, KP_KEYLEN, (PBYTE) &dwParam, &cb, 0)) { dwError = GetLastError(); printf("CryptGetKeyParam KP_KEYLEN "); goto Ret; }
if (dwExpectedKeyLen != dwParam) { printf( "FAIL: VerifyDesKeyParams expected KP_KEYLEN=%d, actual=%d\n", dwExpectedKeyLen, dwParam); goto Ret; }
if (! CryptGetKeyParam(hKey, KP_EFFECTIVE_KEYLEN, (PBYTE) &dwParam, &cb, 0)) { dwError = GetLastError(); printf("CryptGetKeyParam KP_EFFECTIVE_KEYLEN "); goto Ret; }
if (dwExpectedEffectiveKeyLen != dwParam) { printf( "FAIL: VerifyDesKeyParams expected KP_EFFECTIVE_KEYLEN=%d, actual=%d\n", dwExpectedEffectiveKeyLen, dwParam); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { printf(" - error 0x%x\n", dwError); if (0 == dwError) dwError = -1; }
return dwError;}
//
// Function: DesGetKeyParamRegression
//
DWORD DesGetKeyParamRegression(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HCRYPTKEY hKey = 0;
if (! CryptGenKey(pThreadData->hProv, CALG_DES, 0, &hKey)) { dwError = GetLastError(); printf("CryptGenKey des "); goto Ret; }
if (ERROR_SUCCESS != (dwError = VerifyDesKeyParams(hKey, 64, 56))) { printf("VerifyDesKeyParams des "); goto Ret; }
if (! CryptDestroyKey(hKey)) { dwError = GetLastError(); printf("CryptDestroyKey des "); goto Ret; } hKey = 0;
if (! CryptGenKey(pThreadData->hProv, CALG_3DES_112, 0, &hKey)) { dwError = GetLastError(); printf("CryptGenKey 3des_112 "); goto Ret; }
if (ERROR_SUCCESS != (dwError = VerifyDesKeyParams(hKey, 128, 112))) { printf("VerifyDesKeyParams 3des_112 "); goto Ret; }
if (! CryptDestroyKey(hKey)) { dwError = GetLastError(); printf("CryptDestroyKey 3des_112 "); goto Ret; } hKey = 0;
if (! CryptGenKey(pThreadData->hProv, CALG_3DES, 0, &hKey)) { dwError = GetLastError(); printf("CryptGenKey 3des "); goto Ret; }
if (ERROR_SUCCESS != (dwError = VerifyDesKeyParams(hKey, 192, 168))) { printf("VerifyDesKeyParams 3des "); goto Ret; }
if (! CryptDestroyKey(hKey)) { dwError = GetLastError(); printf("CryptDestroyKey 3des "); goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { printf("- error 0x%x\n", dwError); if (0 == dwError) return -1; }
return dwError;}
//
// Function: MacEncryptRegression
//
DWORD MacEncryptRegression( IN PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; BOOL fSuccess = FALSE; HCRYPTKEY hSymKey = 0; HCRYPTKEY hMacKey = 0; HCRYPTKEY hMacKey2 = 0; HCRYPTHASH hMac = 0; BYTE rgPlaintext[31]; DWORD cb = sizeof(rgPlaintext); DWORD cbBuf = 0; PBYTE pbMac = NULL; DWORD cbMac = 0; PBYTE pb = NULL; DWORD cbAlign = 0;
#define GetNextAlignedValue(c, alignment) ((c + alignment) & ~(alignment - 1))
#define GetPtrAlignedSize(cb) (GetNextAlignedValue(cb, sizeof(ULONG_PTR)))
cbAlign = GetNextAlignedValue(60, 4); cbAlign = GetPtrAlignedSize(60);
if (! CryptGenKey(pThreadData->hProv, CALG_RC2, 0, &hSymKey)) { printf("CryptGenKey rc2"); goto Ret; }
if (! CryptGenKey(pThreadData->hProv, CALG_RC2, 0, &hMacKey)) { printf("CryptGenKey rc2 2"); goto Ret; }
if (! CryptDuplicateKey(hMacKey, NULL, 0, &hMacKey2)) { printf("CryptDuplicateKey"); goto Ret; }
if (! CryptCreateHash(pThreadData->hProv, CALG_MAC, hMacKey, 0, &hMac)) { printf("CryptCreateHash"); goto Ret; }
while (cb--) rgPlaintext[cb] = (BYTE) cb;
cb = sizeof(rgPlaintext); if (! CryptEncrypt(hSymKey, 0, TRUE, 0, NULL, &cb, 0)) { printf("CryptEncrypt size"); goto Ret; }
if (NULL == (pb = (PBYTE) MyAlloc(cb))) return ERROR_NOT_ENOUGH_MEMORY;
cbBuf = cb; cb = sizeof(rgPlaintext); if (! CryptEncrypt(hSymKey, hMac, TRUE, 0, pb, &cb, cbBuf)) { printf("CryptEncrypt"); goto Ret; }
if (! CryptGetHashParam(hMac, HP_HASHVAL, NULL, &cbMac, 0)) { printf("CryptGetHashParam size"); goto Ret; }
if (NULL == (pbMac = (PBYTE) MyAlloc(cbMac))) return ERROR_NOT_ENOUGH_MEMORY;
if (! CryptGetHashParam(hMac, HP_HASHVAL, pbMac, &cbMac, 0)) { printf("CryptGetHashParam"); goto Ret; }
if (! CryptDestroyHash(hMac)) { printf("CryptDestroyHash"); goto Ret; } hMac = 0;
if (! CryptCreateHash(pThreadData->hProv, CALG_MAC, hMacKey2, 0, &hMac)) { printf("CryptCreateHash 2"); goto Ret; }
if (! CryptDecrypt(hSymKey, hMac, TRUE, 0, pb, &cb)) { printf("CryptDecrypt"); goto Ret; }
MyFree(pb); pb = NULL;
if (! CryptGetHashParam(hMac, HP_HASHVAL, NULL, &cb, 0)) { printf("CryptGetHashParam size"); goto Ret; }
if (NULL == (pb = (PBYTE) MyAlloc(cb))) return ERROR_NOT_ENOUGH_MEMORY;
if (! CryptGetHashParam(hMac, HP_HASHVAL, pb, &cb, 0)) { printf("CryptGetHashParam"); goto Ret; }
PrintBytes("Expected Mac result", pbMac, cbMac); PrintBytes("Actual Mac result", pb, cb);
if (0 != memcmp(pb, pbMac, cb) || 0 == cb || cb != cbMac) { goto Ret; }
fSuccess = TRUE;Ret: if (! fSuccess) { dwError = GetLastError(); printf(" - error 0x%x\n", dwError); if (0 == dwError) dwError = -1; }
if (pb) MyFree(pb); if (pbMac) MyFree(pbMac); if (hSymKey) CryptDestroyKey(hSymKey); if (hMacKey) CryptDestroyKey(hMacKey); if (hMacKey2) CryptDestroyKey(hMacKey2); if (hMac) CryptDestroyHash(hMac); return dwError;}
//
// Function: StressEncryptionTest
//
DWORD StressEncryptionTest( IN HCRYPTPROV hProv, IN PENCRYPTION_TEST_DATA pTestData){ HCRYPTKEY hEncryptionKey = 0; HCRYPTKEY hHashKey1 = 0; HCRYPTKEY hHashKey2 = 0; HCRYPTHASH hHash = 0; PBYTE pbData = 0; DWORD dwData = 0; DWORD cbData = 0; DWORD cbPlainText = 0; DWORD cbCipherText = 0; DWORD cbProcessed = 0; DWORD dwKeyAlg = 0; DWORD dwBlockLen = 0; BOOL fFinal = FALSE; DWORD dwError = 0; BOOL fSuccess = FALSE; BYTE rgbHashVal1[200]; BYTE rgbHashVal2[200];
ZeroMemory(rgbHashVal1, 200); ZeroMemory(rgbHashVal2, 200);
if (! CryptGenKey( hProv, pTestData->aiEncryptionKey, 0, &hEncryptionKey)) { goto Cleanup; }
//
// Check for requested simultaneous encryption/hashing
//
if (pTestData->aiHash) { //
// Is this a keyed hash?
//
if (pTestData->aiHashKey) { if (! CryptGenKey( hProv, pTestData->aiHashKey, 0, &hHashKey1)) { goto Cleanup; }
//
// To verify the result of hashing the same data in two
// separate keyed hashes, the key must first be duplicated,
// since its state changes once it's used.
//
if (! CryptDuplicateKey( hHashKey1, NULL, 0, &hHashKey2)) { goto Cleanup; } }
if (! CryptCreateHash( hProv, pTestData->aiHash, hHashKey1, 0, &hHash)) { goto Cleanup; } }
//
// Is this a block encryption alg?
//
if (ALG_TYPE_BLOCK & pTestData->aiEncryptionKey) { //
// Get the block size of this encryption alg
//
cbData = sizeof(dwBlockLen); if (! CryptGetKeyParam( hEncryptionKey, KP_BLOCKLEN, (PBYTE) &dwBlockLen, &cbData, 0)) { goto Cleanup; }
//
// Choose an "interesting" plaintext length, based on the block length
// of this alg.
//
cbPlainText = 2 * dwBlockLen + 1; } else { //
// Plaintext length for a stream encryption alg
//
cbPlainText = 500; }
cbCipherText = cbPlainText;
//
// Determine size of ciphertext
//
if (! CryptEncrypt( hEncryptionKey, 0, TRUE, 0, NULL, &cbCipherText, 0)) { goto Cleanup; }
if (NULL == (pbData = (PBYTE) MyAlloc(cbCipherText))) { goto Cleanup; }
//
// Initialize the plaintext
//
memset(pbData, 0xDA, cbPlainText); memset(pbData + cbPlainText, 0, cbCipherText - cbPlainText);
//
// Encrypt
//
cbProcessed = 0; while (! fFinal) { if (0 == dwBlockLen) { cbData = cbPlainText; fFinal = TRUE; } else { if (cbPlainText - cbProcessed > dwBlockLen) { cbData = dwBlockLen; } else { cbData = cbPlainText % dwBlockLen; fFinal = TRUE; } }
if (! CryptEncrypt( hEncryptionKey, hHash, fFinal, 0, pbData + cbProcessed, &cbData, cbCipherText)) { goto Cleanup; }
cbProcessed += cbData; }
if (cbProcessed != cbCipherText) { goto Cleanup; }
if (0 != hHash) { //
// Get hash result from encryption
//
cbData = sizeof(rgbHashVal1); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbHashVal1, &cbData, 0)) { goto Cleanup; }
if (! CryptDestroyHash(hHash)) { goto Cleanup; }
if (! CryptCreateHash( hProv, pTestData->aiHash, hHashKey2, 0, &hHash)) { goto Cleanup; } }
//
// Decrypt
//
cbProcessed = 0; fFinal = FALSE; while (! fFinal) { if (0 == dwBlockLen) { cbData = cbCipherText; fFinal = TRUE; } else { if (cbCipherText - cbProcessed > dwBlockLen) { cbData = dwBlockLen; } else { cbData = cbCipherText - cbProcessed; fFinal = TRUE; } }
if (! CryptDecrypt( hEncryptionKey, hHash, fFinal, 0, pbData + cbProcessed, &cbData)) { goto Cleanup; }
cbProcessed += cbData; }
if (cbProcessed != cbPlainText) { goto Cleanup; }
while (cbPlainText) { if (0xDA != pbData[cbPlainText - 1]) { goto Cleanup; } cbPlainText--; }
if (0 != hHash) { //
// Get hash result from decryption
//
cbData = sizeof(rgbHashVal2); if (! CryptGetHashParam( hHash, HP_HASHVAL, rgbHashVal2, &cbData, 0)) { goto Cleanup; }
if (0 != memcmp(rgbHashVal1, rgbHashVal2, cbData)) { goto Cleanup; } }
fSuccess = TRUE;Cleanup: if (! fSuccess) { if (0 == (dwError = GetLastError())) { dwError = -1; } } if (hEncryptionKey) { CryptDestroyKey(hEncryptionKey); } if (hHashKey1) { CryptDestroyKey(hHashKey1); } if (hHashKey2) { CryptDestroyKey(hHashKey2); } if (hHash) { CryptDestroyHash(hHash); } if (pbData) { MyFree(pbData); }
return dwError;}
//
// Function: StressTestAllEncryptionAlgs
//
DWORD StressTestAllEncryptionAlgs( PTHREAD_DATA pThreadData, BOOL fContinueOnMacError, BOOL *pfMacErrorOccurred){ DWORD dwError = 0; ENCRYPTION_TEST_DATA TestData; PALGNODE pEncryptionAlg, pHashAlg, pBlockEncryptionAlg;
ZeroMemory(&TestData, sizeof(TestData));
for ( pEncryptionAlg = pThreadData->pAlgList; NULL != pEncryptionAlg; pEncryptionAlg = pEncryptionAlg->pNext) { if (! (pEncryptionAlg->EnumalgsEx.aiAlgid & ALG_CLASS_DATA_ENCRYPT)) continue;
TestData.aiEncryptionKey = pEncryptionAlg->EnumalgsEx.aiAlgid;
for ( pHashAlg = pThreadData->pAlgList; NULL != pHashAlg; pHashAlg = pHashAlg->pNext) { if ( (! (pHashAlg->EnumalgsEx.aiAlgid & ALG_CLASS_HASH && pHashAlg->EnumalgsEx.aiAlgid & ALG_TYPE_ANY)) || CALG_SSL3_SHAMD5 == pHashAlg->EnumalgsEx.aiAlgid || CALG_TLS1PRF == pHashAlg->EnumalgsEx.aiAlgid) continue;
TestData.aiHash = pHashAlg->EnumalgsEx.aiAlgid;
if (CALG_MAC == pHashAlg->EnumalgsEx.aiAlgid) { for ( pBlockEncryptionAlg = pThreadData->pAlgList; NULL != pBlockEncryptionAlg; pBlockEncryptionAlg = pBlockEncryptionAlg->pNext) { if (! ( pBlockEncryptionAlg->EnumalgsEx.aiAlgid & ALG_CLASS_DATA_ENCRYPT && pBlockEncryptionAlg->EnumalgsEx.aiAlgid & ALG_TYPE_BLOCK)) continue;
TestData.aiHashKey = pBlockEncryptionAlg->EnumalgsEx.aiAlgid;
if (ERROR_SUCCESS != (dwError = StressEncryptionTest(pThreadData->hProv, &TestData))) { if (fContinueOnMacError) *pfMacErrorOccurred = TRUE; else return dwError; } } } else { if (ERROR_SUCCESS != (dwError = StressEncryptionTest(pThreadData->hProv, &TestData))) return dwError; } } }
return dwError;}
//+ ===========================================================================
//- ===========================================================================
void L_ErrorBox(LPSTR pszMsg, DWORD dwThreadNum){ char szErrorMsg[256] ; sprintf(szErrorMsg, "Thread %d: %s in L_ErrorBox", dwThreadNum, pszMsg) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ;}
//+ ===========================================================================
//- ===========================================================================
void L_LastErrorBox(LPSTR pszMsg, DWORD dwThreadNum){ char szErrorMsg[256] ; sprintf(szErrorMsg, "Thread %d: %s 0x%x in L_LastErrorBox", dwThreadNum, pszMsg, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ;}
//+ =================================================================================
//
// L_GetKeyAlg
// Local function that given a key handle, returns the key Alg.
//
//- =================================================================================
DWORD L_GetKeyAlg(HCRYPTKEY hKey){ DWORD dwData = 0; DWORD cbData=0 ; char szErrorMsg[256];
cbData = sizeof(dwData) ; if (!CryptGetKeyParam( hKey, KP_ALGID, (PBYTE) &dwData, &cbData, 0)) { GENERIC_FAIL(CryptGetKeyParam) ; }
ErrorReturn: return dwData;}
//+ =================================================================================
//
// L_GetKeySize
// Local function that given a key handle, returns the key length.
//
//- =================================================================================
DWORD L_GetKeySize(HCRYPTKEY hKey){ DWORD dwData = 0; DWORD cbData=0 ; char szErrorMsg[256]; cbData = sizeof(dwData) ; if (!CryptGetKeyParam( hKey, KP_KEYLEN, (PBYTE) &dwData, &cbData, 0)) { GENERIC_FAIL(CryptGetKeyParam) ; }
ErrorReturn: return dwData;}
//+ ==============================================================================
//- ==============================================================================
DWORD Hlp_GetKeyAlgId(HCRYPTKEY hKey){ DWORD dwRetVal=0 ; PBYTE pbData=NULL ; DWORD cbData=sizeof(DWORD) ; char szErrorMsg[256] ; DWORD dwAlgId=0 ;
if (!CryptGetKeyParam( hKey, KP_ALGID, (PBYTE)&dwAlgId, &cbData, 0)) GENERIC_FAIL(CryptGetKeyParam) ;
dwRetVal=dwAlgId ; ErrorReturn : return dwRetVal ;}
//+ =================================================================================
//
// L_GetKeyParam
// Local function that given a key handle, retrieves the specified Key Param.
// The Key param is not of too much interest in this case. In a multithread scenario,
// we just care to see if the call succeeds.
//
//- =================================================================================
DWORD L_GetKeyParam(HCRYPTKEY hKey, DWORD dwParam){ DWORD dwRetVal=0 ; PBYTE pbData=NULL ; DWORD cbData=0 ; char szErrorMsg[256] ; DWORD dwAlgId=0 ; DWORD dwError=0 ;
if (!CryptGetKeyParam( hKey, dwParam, NULL, &cbData, 0)) GENERIC_FAIL(CryptGetKeyParam) ;
if (NULL == (pbData = (PBYTE) MyAlloc(cbData))) ALLOC_FAIL(pbData);
if (!CryptGetKeyParam( hKey, dwParam, pbData, &cbData, 0)) GENERIC_FAIL(CryptGetKeyParam) ;
dwRetVal=1 ; ErrorReturn : MyFree(pbData) ; return dwRetVal ;}
//+ ======================================================================================
// ProgramInit
// Acquire context
// Generate Keys that will be used by all the threads. (AT_SIGNATURE and AT_KEYEXCHANGE)
//- ======================================================================================
DWORD ProgramInit(PTHREAD_DATA pThreadData){ DWORD dwRetVal = 0; char szErrorMsg[256]; // defined for GENERIC_FAIL
LPSTR pszContainer = NULL; DWORD dwContextFlags = 0; DWORD dwKeyFlags = CRYPT_EXPORTABLE;
if (pThreadData->fEphemeralKeys) { dwContextFlags = CRYPT_VERIFYCONTEXT; } else { pszContainer = KEY_CONTAINER_NAME; dwContextFlags = CRYPT_NEWKEYSET;
CryptAcquireContext( &pThreadData->hProv, pszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_DELETEKEYSET);
// Create a Verify Context for some of the sub-tests to use
if (! CryptAcquireContext( &pThreadData->hVerifyCtx, NULL, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_VERIFYCONTEXT)) { pThreadData->hVerifyCtx = 0; GENERIC_FAIL(CryptAcquireContext_VERIFYCONTEXT); } }
if (pThreadData->fUserProtectedKeys) dwKeyFlags |= CRYPT_USER_PROTECTED; if (!CryptAcquireContext( &pThreadData->hProv, pszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, dwContextFlags)) { pThreadData->hProv = 0; GENERIC_FAIL(CryptAcquireContext_Init); } // Generate a sign and exchange key
if (!CryptGenKey( pThreadData->hProv, AT_SIGNATURE, dwKeyFlags, &pThreadData->hSignatureKey)) { GENERIC_FAIL(CryptGenKey_AT_SIGNATURE); CryptReleaseContext(pThreadData->hProv, 0); pThreadData->hProv = 0; pThreadData->hSignatureKey = 0; } if (PROV_RSA_FULL == pThreadData->dwProvType || PROV_RSA_AES == pThreadData->dwProvType || PROV_DSS_DH == pThreadData->dwProvType) { if (!CryptGenKey( pThreadData->hProv, AT_KEYEXCHANGE, dwKeyFlags, &pThreadData->hExchangeKey)) { GENERIC_FAIL(CryptGenKey_AT_KEYEXCHANGE); CryptReleaseContext(pThreadData->hProv, 0); pThreadData->hProv = 0; pThreadData->hExchangeKey = 0; } }
dwRetVal=1;
ErrorReturn: return dwRetVal;}
// ======================================================================================
// Terminates all the threads after the specified amount of time has elapsed (-t option)
// This thread sleeps for the specified amount of time and them then turns off the
// g_dwLoopSwitch.
// ======================================================================================
void WINAPI KillProgramTimer(LPVOID pvThreadData){ DWORD dwSleepTime=0; PTHREAD_DATA pThreadData = (PTHREAD_DATA) pvThreadData; if (pThreadData->dwProgramMins) { dwSleepTime = pThreadData->dwProgramMins * 60 * 1000;
SleepEx(dwSleepTime, FALSE);
if (! SetEvent(pThreadData->hEndTestEvent)) { printf("SetEvent() failed, 0x%x\n", GetLastError()); exit(1); }
printf("All threads should be shutting down now....\n"); }}
// ======================================================================================
// Prints the status of all the threads
// The status is represented in iteration count in ThreadStatus[i][0]
// ======================================================================================
void WINAPI PrintThreadStatus(LPVOID pvThreadData){ DWORD thread; PTHREAD_DATA pThreadData = (PTHREAD_DATA) pvThreadData; char rgStatus[256] ;
printf("\n\n\n") ; while (WAIT_TIMEOUT == WaitForSingleObject(pThreadData->hEndTestEvent, 0)) { Sleep(10000); ZeroMemory(rgStatus, sizeof(rgStatus));
for (thread = 0; thread < pThreadData->dwThreadCount; thread++) { sprintf( rgStatus + strlen(rgStatus), " %4x", pThreadData->rgdwThreadStatus[thread]); }
printf("%s\n", rgStatus); }}
//+ ========================================================================
//
// Function : L_GetAllKeyParams
// Purpose : Gets all the key params and does nothing with it
//
//- ========================================================================
DWORD L_GetAllKeyParams(HCRYPTKEY hKey, DWORD dwThreadNum) { char szErrorMsg[256] ; ALG_ID AlgId=0 ; DWORD dwRetVal=0 ;
AlgId = (ALG_ID)Hlp_GetKeyAlgId(hKey) ; // Get Keys Length
if (!L_GetKeyParam(hKey, KP_KEYLEN)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_KEYLEN error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
// Get ALGID
if (!L_GetKeyParam(hKey, KP_ALGID)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_ALGID error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
// Get KP_BLOCKLEN
// Although this is meaningful only for block cipher keys, it will not fail
// for RSA Keys. It'll just return 0 as the block len (which we don't care
// about for multi tests.
if (!L_GetKeyParam(hKey, KP_BLOCKLEN)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_BLOCKLEN error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
/*
if (! (ALG_CLASS_SIGNATURE == GET_ALG_CLASS(AlgId) || ALG_CLASS_KEY_EXCHANGE == GET_ALG_CLASS(AlgId))) { if (!L_GetKeyParam(hKey, KP_SALT)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_SALT error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; } } */
// Get KP_PERMISSIONS
if (!L_GetKeyParam(hKey, KP_PERMISSIONS)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_PERMISSION error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
// Effective KeyLen can be queried only for RC2 key
if (CALG_RC2 == AlgId) { // Get KP_EFFECTIVE_KEYLEN
if (!L_GetKeyParam(hKey, KP_EFFECTIVE_KEYLEN)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_EFFECTIVE_KEYLEN error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; } }
// These Key Params are good only for Block Cipher Keys
if (ALG_TYPE_BLOCK == GET_ALG_TYPE(AlgId) && ALG_CLASS_DATA_ENCRYPT == GET_ALG_CLASS(AlgId)) { // Get KP_IV
if (!L_GetKeyParam(hKey, KP_IV)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_IV error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
// Get KP_PADDING
if (!L_GetKeyParam(hKey, KP_PADDING)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_PADDING error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
// Get KP_MODE
if (!L_GetKeyParam(hKey, KP_MODE)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_MODE error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; }
// Get KP_MODE_BITS
if (!L_GetKeyParam(hKey, KP_MODE_BITS)) { sprintf(szErrorMsg, "Thread %d: L_GetKeyParam KP_MODE_BITS error 0x%x", dwThreadNum, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; goto ErrorReturn ; } }
dwRetVal=1 ; ErrorReturn : return dwRetVal ;}
/*
L_ProvParam2Text
dangriff -- Modifying this function so that caller must free the psz return value.*/char *L_ProvParam2Text(DWORD dwParam){ LPSTR pszProvParamText = NULL;
if (NULL == (pszProvParamText = (LPSTR) MyAlloc(PROV_PARAM_BUFFER_SIZE))) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); return NULL; }
switch(dwParam) { case PP_ENUMALGS : strcpy(pszProvParamText, "PP_ENUMALGS") ; break ; case PP_ENUMCONTAINERS : strcpy(pszProvParamText, "PP_ENUMCONTAINERS") ; break ; case PP_IMPTYPE : strcpy(pszProvParamText, "PP_IMPTYPE") ; break ; case PP_NAME : strcpy(pszProvParamText, "PP_NAME") ; break ; case PP_VERSION : strcpy(pszProvParamText, "PP_VERSION") ; break ; case PP_CONTAINER : strcpy(pszProvParamText, "PP_CONTAINER") ; break ; case PP_CHANGE_PASSWORD : strcpy(pszProvParamText, "PP_CHANGE_PASSWORD") ; break ; case PP_KEYSET_SEC_DESCR : strcpy(pszProvParamText, "PP_KEYSET_SEC_DESCR") ; break ; case PP_CERTCHAIN : strcpy(pszProvParamText, "PP_CERTCHAIN") ; break ; case PP_KEY_TYPE_SUBTYPE : strcpy(pszProvParamText, "PP_KEY_TYPE_SUBTYPE") ; break ; case PP_PROVTYPE : strcpy(pszProvParamText, "PP_PROVTYPE") ; break ; case PP_KEYSTORAGE : strcpy(pszProvParamText, "PP_KEYSTORAGE") ; break ; case PP_APPLI_CERT : strcpy(pszProvParamText, "PP_APPLI_CERT") ; break ; case PP_SYM_KEYSIZE : strcpy(pszProvParamText, "PP_SYM_KEYSIZE") ; break ; case PP_SESSION_KEYSIZE : strcpy(pszProvParamText, "PP_SESSION_KEYSIZE") ; break ; case PP_UI_PROMPT : strcpy(pszProvParamText, "PP_UI_PROMPT") ; break ; case PP_ENUMALGS_EX : strcpy(pszProvParamText, "PP_ENUMALGS_EX") ; break ; case PP_ENUMMANDROOTS : strcpy(pszProvParamText, "PP_ENUMMANDROOTS") ; break ; case PP_ENUMELECTROOTS : strcpy(pszProvParamText, "PP_ENUMELECTROOTS") ; break ; case PP_KEYSET_TYPE : strcpy(pszProvParamText, "PP_KEYSET_TYPE") ; break ; case PP_ADMIN_PIN : strcpy(pszProvParamText, "PP_ADMIN_PIN") ; break ; case PP_KEYEXCHANGE_PIN : strcpy(pszProvParamText, "PP_KEYEXCHANGE_PIN") ; break ; case PP_SIGNATURE_PIN : strcpy(pszProvParamText, "PP_SIGNATURE_PIN") ; break ; case PP_SIG_KEYSIZE_INC : strcpy(pszProvParamText, "PP_SIG_KEYSIZE_INC") ; break ; case PP_KEYX_KEYSIZE_INC : strcpy(pszProvParamText, "PP_KEYX_KEYSIZE_INC") ; break ; case PP_UNIQUE_CONTAINER : strcpy(pszProvParamText, "PP_UNIQUE_CONTAINER") ; break ; case PP_SGC_INFO : strcpy(pszProvParamText, "PP_SGC_INFO") ; break ; case PP_USE_HARDWARE_RNG : strcpy(pszProvParamText, "PP_USE_HARDWARE_RNG") ; break ; case PP_KEYSPEC : strcpy(pszProvParamText, "PP_KEYSPEC") ; break ; case PP_ENUMEX_SIGNING_PROT : strcpy(pszProvParamText, "PP_ENUMEX_SIGNING_PROT") ; break ; } return pszProvParamText ;}
//+ ==================================================================
//
// Function : L_GetProvParam
// Purpose : Gets the requested Prov Param
// Does nothing with the ProvParam
// Has special logic for all enumeration params
//
//- ==================================================================
DWORD L_GetProvParam(HCRYPTPROV hProv, DWORD dwParam, DWORD dwThreadNum){ PBYTE pbProvData=NULL ; DWORD cbProvData=0 ; DWORD dwFlags=0 ; DWORD dwEnumFlag=0 ; char szErrorMsg[256] ; DWORD dwRetVal=0 ; LPSTR pszProvParamText = NULL; DWORD dwError = 0;
if ((PP_ENUMALGS == dwParam) || (PP_ENUMALGS_EX == dwParam) || (PP_ENUMCONTAINERS == dwParam)) { dwEnumFlag = 1 ; dwFlags = CRYPT_FIRST ; }
// dwFlags needs to be set in the case of PP_KEYSET_SECR_DECR
if (PP_KEYSET_SEC_DESCR == dwParam) { dwFlags = SACL_SECURITY_INFORMATION ; }
if (!CryptGetProvParam( hProv, dwParam, NULL, &cbProvData, dwFlags)) { if ((ERROR_PRIVILEGE_NOT_HELD == (dwError = GetLastError())) && (PP_KEYSET_SEC_DESCR == dwParam)) { // At this point the test has done it's job. The call is an expected failure call
// so we aren't going to try and make any more.
// This call with fail with that expected LastError.
dwRetVal=1 ; goto ErrorReturn ; } else { pszProvParamText = L_ProvParam2Text(dwParam); sprintf(szErrorMsg, "Thread %d: CryptGetProvParam 1 %s error 0x%x", dwThreadNum, pszProvParamText, dwError) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; MyFree(pszProvParamText); goto ErrorReturn ; } }
if (NULL == (pbProvData = (PBYTE) MyAlloc(cbProvData))) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); return 0; } // If this is an enumeration, keep calling the function until
// the enumeration reaches the end.
do { if (!CryptGetProvParam( hProv, dwParam, pbProvData, &cbProvData, dwFlags)) { // Have we reached the end of the enumeration ? If yes, flag it.
if (ERROR_NO_MORE_ITEMS == (dwError = GetLastError())) { dwEnumFlag=0 ; } else { pszProvParamText = L_ProvParam2Text(dwParam); sprintf(szErrorMsg, "Thread %d: CryptGetProvParam 2 %s error 0x%x", dwThreadNum, pszProvParamText, dwError) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; MyFree(pszProvParamText); goto ErrorReturn ; } } dwFlags=0 ; } while (dwEnumFlag) ;
dwRetVal=1 ; ErrorReturn : MyFree(pbProvData) ; return dwRetVal ;}
//+ =================================================================================
//- =================================================================================
/*
DWORD L_GetAllProvParams(HCRYPTPROV hProv, DWORD dwThreadNum){ DWORD dwRetVal=0 ;
EnterCriticalSection(&g_CSEnumParam);
if (!L_GetProvParam(hProv, PP_ENUMALGS, dwThreadNum)) { LeaveCriticalSection(&g_CSEnumParam); goto ErrorReturn; }
LeaveCriticalSection(&g_CSEnumParam);
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_ENUMALGS")) goto ErrorReturn ;
EnterCriticalSection(&g_CSEnumParam);
if (!L_GetProvParam(hProv, PP_ENUMALGS, dwThreadNum)) { LeaveCriticalSection(&g_CSEnumParam); goto ErrorReturn ; }
LeaveCriticalSection(&g_CSEnumParam);
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_ENUMALGS")) goto ErrorReturn ;
EnterCriticalSection(&g_CSEnumParam); if (!L_GetProvParam(hProv, PP_ENUMCONTAINERS, dwThreadNum)) { LeaveCriticalSection(&g_CSEnumParam); goto ErrorReturn ; }
LeaveCriticalSection(&g_CSEnumParam);
if (!L_GetProvParam(hProv, PP_NAME, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_NAME")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_CONTAINER, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_CONTAINER")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_IMPTYPE, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_IMPTYPE")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_VERSION, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_VERSION")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_KEYSET_SEC_DESCR, dwThreadNum)) goto ErrorReturn ; if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_KEYSET_SEC_DESCR")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_UNIQUE_CONTAINER, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_UNIQUE_CONTAINER")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_PROVTYPE, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_PROVTYPE")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_SIG_KEYSIZE_INC, dwThreadNum)) goto ErrorReturn ;
if (!L_CheckHeap(dwThreadNum, "after L_GetProvParam PP_SIG_KEYSIZE_INC")) goto ErrorReturn ;
if (!L_GetProvParam(hProv, PP_KEYX_KEYSIZE_INC, dwThreadNum)) goto ErrorReturn ;
dwRetVal=1 ; ErrorReturn : return dwRetVal ;}*/
//+ ======================================================================
//- ======================================================================
DWORD L_ImportAndCheckSessionKeys( HCRYPTPROV hProv, HCRYPTKEY hKeyExch, PBYTE pbRCx_KeyBlob, DWORD cbRCx_KeyBlob, PBYTE pbRCx_CipherText, DWORD cbRCx_CipherText, PBYTE pbPlainText, DWORD cbPlainText, DWORD dwThreadNum){ DWORD dwRetVal=0 ; HCRYPTKEY hRCxKey=0 ;
if (!CryptImportKey(hProv, pbRCx_KeyBlob, cbRCx_KeyBlob, hKeyExch, 0, &hRCxKey)) L_LastErrorBox("Failed to import session Key", dwThreadNum) ;
if (!CryptDecrypt(hRCxKey, 0, TRUE, 0, pbRCx_CipherText, &cbRCx_CipherText)) L_LastErrorBox("Failed CryptDecrypt", dwThreadNum) ;
if (memcmp(pbRCx_CipherText, pbPlainText, cbPlainText)) L_ErrorBox("Ciphertext does not match plaintext after decrypting", dwThreadNum) ;
//ErrorReturn :
if (!CryptDestroyKey(hRCxKey)) L_LastErrorBox("Failed CryptDestroyKey sessionKey", dwThreadNum) ; dwRetVal=1 ; return dwRetVal ;}
//+ ======================================================================
//- ======================================================================
DWORD L_TestContextAddRef(HCRYPTPROV hProv, DWORD dwThreadNum){ DWORD dwRetVal=0 ; DWORD i=0 ; DWORD dwCount=50 ;
for (i=0; i<dwCount ; i++) { if (!CryptContextAddRef(hProv, NULL, 0)) { L_LastErrorBox("Failed CryptContextAddRef", dwThreadNum) ; goto ErrorReturn ; } }
for (i=0; i<dwCount ; i++) { if (!CryptReleaseContext(hProv, 0)) { L_LastErrorBox("Failed CryptReleaseContext (AddRef Test)", dwThreadNum) ; goto ErrorReturn ; } }
dwRetVal=1 ; ErrorReturn : return dwRetVal ;}
//+ ===========================================================================
// L_ExportKey
//
// Exports a session key, given the exchange key
// Mem Allocated here needs to be freed by the calling funtion.
//- ===========================================================================
DWORD L_ExportKey( HCRYPTKEY hRC_Key, HCRYPTKEY hKeyExch, DWORD dwType, DWORD dwMustBeZero, PBYTE *ppbRC_KeyBlob, DWORD *pcbRC_KeyBlob){ DWORD dwRetVal=0 ; char szErrorMsg[256] ;
if (!CryptExportKey(hRC_Key, hKeyExch, dwType, 0, NULL, pcbRC_KeyBlob)) GENERIC_FAIL(CryptExportKey_RC) ; if (NULL == (*ppbRC_KeyBlob = (PBYTE) MyAlloc(*pcbRC_KeyBlob))) return 0; memset(*ppbRC_KeyBlob, 33, *pcbRC_KeyBlob) ;
if (!CryptExportKey(hRC_Key, hKeyExch, SIMPLEBLOB, 0, *ppbRC_KeyBlob, pcbRC_KeyBlob)) GENERIC_FAIL(CryptExportKey_RC) ;
dwRetVal=1 ; ErrorReturn : return dwRetVal ;}
//+ ==========================================================================
//
//
//- ==========================================================================
DWORD L_GetHashParam(HCRYPTHASH hHash, DWORD dwParam){ DWORD dwRetVal=0 ; char szErrorMsg[256] ; PBYTE pbData=NULL ; DWORD cbData=0 ;
if (!CryptGetHashParam( hHash, dwParam, NULL, &cbData, 0)) GENERIC_FAIL(CryptGetHashParam) ;
if (NULL == (pbData = (PBYTE) MyAlloc(cbData))) return 0;
if (!CryptGetHashParam( hHash, dwParam, pbData, &cbData, 0)) GENERIC_FAIL(CryptGetHashParam) ;
dwRetVal=1 ; ErrorReturn : MyFree(pbData) ; return dwRetVal ;}
//+ ==========================================================================
//
//
//- ==========================================================================
DWORD L_GetAllHashParams(HCRYPTHASH hHash, DWORD dwThreadNum){ DWORD dwRetVal=0 ; char szErrorMsg[256] ;
if (!L_GetHashParam(hHash, HP_ALGID)) goto ErrorReturn ;
if (!L_GetHashParam(hHash, HP_HASHSIZE)) goto ErrorReturn ;
if (!L_GetHashParam(hHash, HP_HASHVAL)) goto ErrorReturn ;
dwRetVal=1 ; ErrorReturn : return dwRetVal ;}
//
// Function: ThreadAcquireContextTest
//
DWORD ThreadAcquireContextTest(PTHREAD_DATA pThreadData, DWORD dwThreadNum){ HCRYPTPROV hProv = 0; HCRYPTKEY hKey = 0; DWORD dwError = 0; CHAR rgsz[100];
ZeroMemory(rgsz, sizeof(rgsz)); sprintf(rgsz, "%s_%d", "ThreadContainer", dwThreadNum);
if (! CryptAcquireContext( &hProv, rgsz, pThreadData->rgszProvName, pThreadData->dwProvType, 0)) { dwError = GetLastError(); printf("CryptAcquireContext: %s, %d, 0x%x\n", rgsz, dwThreadNum, dwError);
if (NTE_BAD_KEYSET == dwError) { if (! CryptAcquireContext( &hProv, rgsz, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_NEWKEYSET)) { dwError = GetLastError(); printf("CryptAcquireContext CRYPT_NEWKEYSET: %s, %d, 0x%x\n", rgsz, dwThreadNum, dwError); goto Ret; } } else goto Ret; }
if (! CryptGetUserKey(hProv, AT_SIGNATURE, &hKey)) { if (NTE_NO_KEY == (dwError = GetLastError())) { if (! CryptGenKey(hProv, AT_SIGNATURE, 0, &hKey)) { dwError = GetLastError(); goto Ret; } } else goto Ret; }
if (! CryptDestroyKey(hKey)) { dwError = GetLastError(); goto Ret; }
if (! CryptReleaseContext(hProv, 0)) { dwError = GetLastError(); goto Ret; }
dwError = 0;Ret: return dwError;}
//
// Function: ThreadHashingTest
//
DWORD ThreadHashingTest(PTHREAD_DATA pThreadData, PBYTE pbData, DWORD cbData){ HCRYPTHASH hHash = 0; HCRYPTKEY hKey = 0; BYTE rgHash[100]; DWORD cb = 0; DWORD dwError = 0; PALGNODE pHashAlg;
for ( pHashAlg = pThreadData->pAlgList; NULL != pHashAlg; pHashAlg = pHashAlg->pNext) { if (CALG_SHA1 != pHashAlg->EnumalgsEx.aiAlgid && CALG_MD5 != pHashAlg->EnumalgsEx.aiAlgid) continue;
if (! CryptCreateHash(pThreadData->hProv, pHashAlg->EnumalgsEx.aiAlgid, 0, 0, &hHash)) { dwError = GetLastError(); goto Ret; }
if (! CryptHashData(hHash, pbData, cbData, 0)) { dwError = GetLastError(); goto Ret; }
if (! CryptHashData(hHash, pbData, cbData, 0)) { dwError = GetLastError(); goto Ret; }
cb = sizeof(rgHash); if (! CryptGetHashParam(hHash, HP_HASHVAL, rgHash, &cb, 0)) { dwError = GetLastError(); goto Ret; }
if (! CryptDestroyHash(hHash)) { dwError = GetLastError(); goto Ret; } hHash = 0; }
//dwError = HmacRegression(pThreadData);
Ret: return dwError;}
//
// Function: ThreadSignatureTest
//
DWORD ThreadSignatureTest(PTHREAD_DATA pThreadData){ HCRYPTHASH hHash = 0; PBYTE pbData = NULL; DWORD cbData = 0; PBYTE pbSignature = NULL; DWORD cbSignature = 0; DWORD dwError = 0; PALGNODE pHashAlg = NULL; //
// CALG_SHA1 Test
//
if (! CryptCreateHash( pThreadData->hProv, CALG_SHA1, 0, 0, &hHash)) { dwError = GetLastError(); goto Ret; } cbData = SIGN_DATA_SIZE; if (NULL == (pbData = (PBYTE) MyAlloc(cbData))) { dwError = ERROR_NOT_ENOUGH_MEMORY; goto Ret; } if (! CryptGenRandom( pThreadData->hProv, cbData, pbData)) { dwError = GetLastError(); goto Ret; } if (! CryptHashData( hHash, pbData, cbData, 0)) { dwError = GetLastError(); goto Ret; } if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, 0, NULL, &cbSignature)) { dwError = GetLastError(); goto Ret; } if (NULL == (pbSignature = (PBYTE) MyAlloc(cbSignature))) { dwError = ERROR_NOT_ENOUGH_MEMORY; goto Ret; } if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, 0, pbSignature, &cbSignature)) { dwError = GetLastError(); goto Ret; } if (! CryptVerifySignature( hHash, pbSignature, cbSignature, pThreadData->hSignatureKey, NULL, 0)) { dwError = GetLastError(); goto Ret; } if (! CryptDestroyHash(hHash)) { dwError = GetLastError(); goto Ret; } MyFree(pbData); pbData = NULL; MyFree(pbSignature); pbSignature = NULL;
//
// CALG_MD2 Test
//
if (! CryptCreateHash( pThreadData->hProv, CALG_MD2, 0, 0, &hHash)) { dwError = GetLastError(); goto Ret; } cbData = SIGN_DATA_SIZE; if (NULL == (pbData = (PBYTE) MyAlloc(cbData))) { dwError = ERROR_NOT_ENOUGH_MEMORY; goto Ret; } if (! CryptGenRandom( pThreadData->hProv, cbData, pbData)) { dwError = GetLastError(); goto Ret; } if (! CryptHashData( hHash, pbData, cbData, 0)) { dwError = GetLastError(); goto Ret; } if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, 0, NULL, &cbSignature)) { dwError = GetLastError(); goto Ret; } if (NULL == (pbSignature = (PBYTE) MyAlloc(cbSignature))) { dwError = ERROR_NOT_ENOUGH_MEMORY; goto Ret; } if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, 0, pbSignature, &cbSignature)) { dwError = GetLastError(); goto Ret; } if (! CryptVerifySignature( hHash, pbSignature, cbSignature, pThreadData->hSignatureKey, NULL, 0)) { dwError = GetLastError(); goto Ret; } if (! CryptDestroyHash(hHash)) { dwError = GetLastError(); goto Ret; } MyFree(pbData); pbData = NULL; MyFree(pbSignature); pbSignature = NULL;
//
// CALG_MD4 Test
//
if (! CryptCreateHash( pThreadData->hProv, CALG_MD4, 0, 0, &hHash)) { dwError = GetLastError(); goto Ret; } cbData = SIGN_DATA_SIZE; if (NULL == (pbData = (PBYTE) MyAlloc(cbData))) { dwError = ERROR_NOT_ENOUGH_MEMORY; goto Ret; } if (! CryptGenRandom( pThreadData->hProv, cbData, pbData)) { dwError = GetLastError(); goto Ret; } if (! CryptHashData( hHash, pbData, cbData, 0)) { dwError = GetLastError(); goto Ret; } if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, 0, NULL, &cbSignature)) { dwError = GetLastError(); goto Ret; } if (NULL == (pbSignature = (PBYTE) MyAlloc(cbSignature))) { dwError = ERROR_NOT_ENOUGH_MEMORY; goto Ret; } if (! CryptSignHash( hHash, AT_SIGNATURE, NULL, 0, pbSignature, &cbSignature)) { dwError = GetLastError(); goto Ret; } if (! CryptVerifySignature( hHash, pbSignature, cbSignature, pThreadData->hSignatureKey, NULL, 0)) { dwError = GetLastError(); goto Ret; } if (! CryptDestroyHash(hHash)) { dwError = GetLastError(); goto Ret; } MyFree(pbData); pbData = NULL; MyFree(pbSignature); pbSignature = NULL;
Ret:
if (pbData) MyFree(pbData); if (pbSignature) MyFree(pbSignature); return dwError;}
// ======================================================================================
// MULTITHREADED routine
// ======================================================================================
void WINAPI ThreadRoutine(LPVOID pvThreadData){ DWORD dwThreadNum = 0; DWORD dwError = 0; BOOL fMacErrorOccurred = FALSE; PTHREAD_DATA pThreadData = (PTHREAD_DATA) pvThreadData; CHAR szErrorMsg[256]; BYTE rgbData[HASH_DATA_SIZE]; // Get identifier for this thread
EnterCriticalSection(&pThreadData->CSThreadData); dwThreadNum = pThreadData->dwThreadID; pThreadData->dwThreadID++; LeaveCriticalSection(&pThreadData->CSThreadData);
if (! CryptGenRandom(pThreadData->hProv, sizeof(rgbData), rgbData)) { dwError = GetLastError(); goto ErrorReturn; } do { if (RUN_THREAD_SIGNATURE_TEST & pThreadData->dwTestsToRun) { if (ERROR_SUCCESS != (dwError = ThreadSignatureTest(pThreadData))) { sprintf( szErrorMsg, "Thread %d: ThreadSignatureTest error 0x%x", dwThreadNum, dwError); MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR); goto ErrorReturn; } }
if (RUN_STRESS_TEST_ALL_ENCRYPTION_ALGS & pThreadData->dwTestsToRun) { //
// Call new shared encryption stress tests
//
if (ERROR_SUCCESS != (dwError = StressTestAllEncryptionAlgs(pThreadData, TRUE, &fMacErrorOccurred))) { sprintf( szErrorMsg, "Thread %d: StressTestAllEncryptionAlgs error 0x%x", dwThreadNum, dwError); MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR); goto ErrorReturn; } }
if (RUN_THREAD_HASHING_TEST & pThreadData->dwTestsToRun) { if (ERROR_SUCCESS != (dwError = ThreadHashingTest(pThreadData, rgbData, sizeof(rgbData)))) { sprintf( szErrorMsg, "Thread %d: ThreadHashingTest error 0x%x", dwThreadNum, dwError); MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR); goto ErrorReturn; } }
if (RUN_THREAD_ACQUIRE_CONTEXT_TEST & pThreadData->dwTestsToRun) { if (ERROR_SUCCESS != (dwError = ThreadAcquireContextTest(pThreadData, dwThreadNum))) { sprintf( szErrorMsg, "Thread %d: ThreadAcquireContextTest error 0x%x", dwThreadNum, dwError); MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR); goto ErrorReturn; } }
pThreadData->rgdwThreadStatus[dwThreadNum]++; } while (WAIT_TIMEOUT == WaitForSingleObject(pThreadData->hEndTestEvent, 0)); ErrorReturn:
if (fMacErrorOccurred) { printf("ERROR: Mac bug 189368 is not fixed!\n"); }
return;}
//
// Function: GetNextRegisteredCSP
//
DWORD GetNextRegisteredCSP( LPSTR pszCsp, PDWORD pcbCsp, PDWORD pdwProvType, DWORD dwRequestedIndex){ static DWORD dwNextEnumIndex = 0; DWORD dwActualIndex = 0; DWORD dwError = 0;
dwActualIndex = (ENUMERATE_REGISTERED_CSP == dwRequestedIndex) ? dwNextEnumIndex : dwRequestedIndex;
if (! CryptEnumProviders( dwActualIndex, NULL, 0, pdwProvType, pszCsp, pcbCsp)) { dwError = GetLastError();
switch (dwError) { case ERROR_NO_MORE_ITEMS: dwNextEnumIndex = 0; break; } } else { if (ENUMERATE_REGISTERED_CSP == dwRequestedIndex) { dwNextEnumIndex++; } }
return dwError;}
//
// Function: InitializeAlgList
// Purpose: Create a list of algorithms supported by this CSP
//
DWORD InitializeAlgList(PTHREAD_DATA pThreadData){ PALGNODE pAlgNode = NULL, pPrevNode = NULL; DWORD dwError = 0; DWORD cbData = sizeof(ALGNODE); DWORD dwFlags = CRYPT_FIRST;
if (NULL == (pThreadData->pAlgList = (PALGNODE) MyAlloc(sizeof(ALGNODE)))) return ERROR_NOT_ENOUGH_MEMORY;
pAlgNode = pThreadData->pAlgList;
while (CryptGetProvParam( pThreadData->hProv, PP_ENUMALGS_EX, (PBYTE) &pAlgNode->EnumalgsEx, &cbData, dwFlags)) { dwFlags = 0;
if (NULL == (pAlgNode->pNext = (PALGNODE) MyAlloc(sizeof(ALGNODE)))) return ERROR_NOT_ENOUGH_MEMORY;
pPrevNode = pAlgNode; pAlgNode = pAlgNode->pNext; }
if (ERROR_NO_MORE_ITEMS != (dwError = GetLastError())) return dwError; MyFree(pAlgNode); pPrevNode->pNext = NULL; return ERROR_SUCCESS;}
//
// Function: RunRegressionTests
//
BOOL RunRegressionTests(PTHREAD_DATA pThreadData){ DWORD dwError = ERROR_SUCCESS; unsigned u; BOOL fAllPassed = TRUE;
for (u = 0; u < g_cRegressTests; u++) { if (pThreadData->dwProvType & g_rgRegressTests[u].dwExclude) { printf( "Skipping %s\n\n", g_rgRegressTests[u].pszDescription); continue; }
if (ERROR_SUCCESS != (dwError = (g_rgRegressTests[u].pfTest)(pThreadData))) { printf( "FAIL: %s, 0x%x\n\n", g_rgRegressTests[u].pszDescription, dwError); fAllPassed = FALSE; } else printf("PASS: %s\n\n", g_rgRegressTests[u].pszDescription); }
return fAllPassed;}
//
// Function: CallCryptAcquireContext
//
BOOL CallCryptAcquireContext( IN PTHREAD_DATA pThreadData, IN LPSTR pszOptions, IN LPSTR pszContainer){ HCRYPTPROV hProv = 0; HCRYPTKEY hKey = 0; HCRYPTKEY hSigKey = 0; HCRYPTKEY hExchKey = 0; DWORD dwFlags = 0; unsigned uLen = strlen(pszOptions); ALG_ID ai = 0; DWORD dwKeyFlags = 0; BOOL fSuccess = TRUE; BYTE rgbKeyBlob[5000]; DWORD cbKeyBlob = sizeof(rgbKeyBlob); DWORD dwErr = 0; CHAR rgszCtxFlags[MAX_PATH]; CHAR rgszKeyFlags[MAX_PATH];
memset(rgszCtxFlags, 0, sizeof(rgszCtxFlags)); memset(rgszKeyFlags, 0, sizeof(rgszKeyFlags));
printf(" pszContainer = %s\n", pszContainer); sprintf(rgszCtxFlags, " AcquireContext dwFlags ="); sprintf(rgszKeyFlags, " GenKey dwFlags ="); while (uLen) { switch (pszOptions[uLen - 1]) { case 'l': dwFlags |= CRYPT_MACHINE_KEYSET; strcat(rgszCtxFlags, " CRYPT_MACHINE_KEYSET"); break; case 'v': dwFlags |= CRYPT_VERIFYCONTEXT; strcat(rgszCtxFlags, " CRYPT_VERIFYCONTEXT"); break; case 'n': dwFlags |= CRYPT_NEWKEYSET; strcat(rgszCtxFlags, " CRYPT_NEWKEYSET"); break; case 'd': dwFlags |= CRYPT_DELETEKEYSET; strcat(rgszCtxFlags, " CRYPT_DELETEKEYSET"); break; case 'q': dwFlags |= CRYPT_SILENT; strcat(rgszCtxFlags, " CRYPT_SILENT"); break; case 'x': ai = AT_KEYEXCHANGE; break; case 's': ai = AT_SIGNATURE; break; case 'u': dwKeyFlags |= CRYPT_USER_PROTECTED; strcat(rgszKeyFlags, " CRYPT_USER_PROTECTED"); break; case 'e': dwKeyFlags |= CRYPT_EXPORTABLE; strcat(rgszKeyFlags, " CRYPT_EXPORTABLE"); break; default: printf(" Invalid!\n"); return FALSE; } uLen--; }
printf("%s\n", rgszCtxFlags);
if (CryptAcquireContext( &hProv, pszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, dwFlags)) { printf("Success\n");
// See if any keys are already in this container.
// If they exist, cause the private key to be accessed.
if (CryptGetUserKey(hProv, AT_SIGNATURE, &hSigKey)) { printf(" Found AT_SIGNATURE key in this container\n"); cbKeyBlob = sizeof(rgbKeyBlob); if (! CryptExportKey( hSigKey, 0, PRIVATEKEYBLOB, 0, rgbKeyBlob, &cbKeyBlob)) { printf(" Signature key export failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } else printf(" Successfully exported existing AT_SIGNATURE key\n");
if (! CryptDestroyKey(hSigKey)) { printf("ERROR: CryptDestroyKey failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } hSigKey = 0; } else { if (NTE_NO_KEY == (dwErr = GetLastError())) printf(" No AT_SIGNATURE key found in this container\n"); else { printf("ERROR: CryptGetUserKey AT_SIGNATURE failed - 0x%x\n", dwErr); fSuccess = FALSE; } }
if (CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey)) { printf(" Found AT_KEYEXCHANGE key in this container\n"); cbKeyBlob = sizeof(rgbKeyBlob); if (! CryptExportKey( hExchKey, 0, PRIVATEKEYBLOB, 0, rgbKeyBlob, &cbKeyBlob)) { printf(" Key Exchange key export failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } else printf(" Successfully exported existing AT_KEYEXCHANGE key\n");
if (! CryptDestroyKey(hExchKey)) { printf("ERROR: CryptDestroyKey failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } hExchKey = 0; } else { if (NTE_NO_KEY == (dwErr = GetLastError())) printf(" No AT_KEYEXCHANGE key found in this container\n"); else { printf("ERROR: CryptGetUserKey AT_KEYEXCHANGE failed - 0x%x\n", dwErr); fSuccess = FALSE; } }
if (0 != ai) { printf("\nCalling CryptGenKey ...\n"); if (AT_KEYEXCHANGE == ai) printf(" Algid = AT_KEYEXCHANGE\n"); else printf(" Algid = AT_SIGNATURE\n");
printf("%s\n", rgszKeyFlags);
if (CryptGenKey( hProv, ai, dwKeyFlags, &hKey)) { printf("Success\n");
if (PROV_DSS == pThreadData->dwProvType || PROV_DSS_DH == pThreadData->dwProvType) { if (! CryptSetKeyParam(hKey, KP_X, NULL, 0)) { printf("ERROR: CryptSetKeyParam KP_X failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } }
if (dwKeyFlags & CRYPT_EXPORTABLE) { cbKeyBlob = sizeof(rgbKeyBlob); if (! CryptExportKey( hKey, 0, PRIVATEKEYBLOB, 0, rgbKeyBlob, &cbKeyBlob)) { printf("ERROR: CryptExportKey PRIVATEKEYBLOB failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } else printf(" Successfully exported new key\n"); } } else { printf("ERROR: CryptGenKey failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } } } else { printf("ERROR: CryptAcquireContext failed - 0x%x\n", GetLastError()); fSuccess = FALSE; }
if (hKey) { if (! CryptDestroyKey(hKey)) { printf("ERROR: CryptDestroyKey failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } } if (hProv) { if ((! dwFlags & CRYPT_DELETEKEYSET) && FALSE == CryptReleaseContext(hProv, 0)) { printf("ERROR: CryptReleaseContext failed - 0x%x\n", GetLastError()); fSuccess = FALSE; } }
return fSuccess;}
//
// Function: DeleteAllContainers
//
BOOL DeleteAllContainers(THREAD_DATA *pThreadData){ HCRYPTPROV hDefProv = 0; HCRYPTPROV hProv = 0; CHAR rgszContainer[MAX_PATH]; CHAR rgszDefCont[MAX_PATH]; DWORD cbContainer = MAX_PATH; DWORD dwFlags = CRYPT_FIRST;
if (! CryptAcquireContext( &hDefProv, NULL, pThreadData->rgszProvName, pThreadData->dwProvType, 0)) { printf("CryptAcquireContext default keyset failed - 0x%x\n", GetLastError()); return FALSE; }
if (! CryptGetProvParam( hDefProv, PP_CONTAINER, (PBYTE) rgszDefCont, &cbContainer, 0)) { printf("CryptGetProvParam PP_CONTAINER failed - 0x%x\n", GetLastError()); return FALSE; }
cbContainer = MAX_PATH; while (CryptGetProvParam( hDefProv, PP_ENUMCONTAINERS, (PBYTE) rgszContainer, &cbContainer, dwFlags)) { if (dwFlags) dwFlags = 0;
// If the enumerated container is the same as the default
// container, skip it for now
if (0 == strcmp(rgszContainer, rgszDefCont)) continue;
printf("\"%s\" - ", rgszContainer); if (! CryptAcquireContext( &hProv, rgszContainer, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_DELETEKEYSET)) printf("CryptAcquireContext CRYPT_DELETEKEYSET failed - 0x%x\n", GetLastError()); else printf("Deleted\n");
cbContainer = MAX_PATH; }
if (! CryptReleaseContext(hDefProv, 0)) { printf("CryptReleaseContext failed - 0x%x\n", GetLastError()); return FALSE; }
// Now try to delete default keyset
printf("\"%s\" - ", rgszDefCont); if (! CryptAcquireContext( &hProv, rgszDefCont, pThreadData->rgszProvName, pThreadData->dwProvType, CRYPT_DELETEKEYSET)) printf("CryptAcquireContext CRYPT_DELETEKEYSET failed - 0x%x\n", GetLastError()); else printf("Deleted\n");
return TRUE; }
//*****************************************************
//
int _cdecl main(int argc, char * argv[]){ HANDLE rghThread[MAX_THREADS]; DWORD rgdwThreadID[MAX_THREADS]; DWORD threadID=0; DWORD thread_number=0; DWORD dwErr=0; DWORD dwArg = 0; DWORD cbCspName = 0; DWORD dwFreeHandle=0; DWORD i = 0 ; DWORD tick_StartTime=0; char szErrorMsg[256] ; THREAD_DATA ThreadData; BOOL fInvalidArgs = FALSE; PALGNODE pAlgNode = NULL; BOOL fRunRegressions = FALSE; BOOL fAcquireContext = FALSE; LPSTR pszOptions = NULL; LPSTR pszContainer = NULL; BOOL fDeleteContainers = FALSE;
// Set high-order bit on dwSpinCount param so that the event used
// by EnterCriticalSection() will be pre-allocated by
// InitializeCriticalSectionAndSpinCount()
DWORD dwSpinCount = 0x8000; ZeroMemory(&ThreadData, sizeof(ThreadData));
__try { InitializeCriticalSectionAndSpinCount(&ThreadData.CSThreadData, dwSpinCount); } __except (STATUS_NO_MEMORY == GetExceptionCode() ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH ) { printf("InitializeCriticalSectionAndSpinCount failed: STATUS_NO_MEMORY exception\n"); exit(1); }
// Setting all the defaults
ThreadData.dwThreadCount = StressGetDefaultThreadCount(); ThreadData.dwTestsToRun = RUN_ALL_TESTS;
while (--argc>0) { if (**++argv == '-') { switch(argv[0][1]) { case 'n': argv++; argc--; if (0 == argc || 0 == (dwArg = atoi(argv[0]))) { fInvalidArgs = TRUE; goto Ret; } ThreadData.dwThreadCount = dwArg; break;
case 't': argv++; argc--; if (0 == argc || 0 == (dwArg = atoi(argv[0]))) { fInvalidArgs = TRUE; goto Ret; } ThreadData.dwProgramMins = dwArg; break;
case 'c': argv++; argc--; if (0 == argc) { fInvalidArgs = TRUE; goto Ret; }
cbCspName = MAX_PATH; dwErr = GetNextRegisteredCSP( ThreadData.rgszProvName, &cbCspName, &ThreadData.dwProvType, atoi(*argv)); if (ERROR_SUCCESS != dwErr) { fInvalidArgs = TRUE; goto Ret; } break; case 'e': ThreadData.fEphemeralKeys = TRUE; break;
case 'u': ThreadData.fUserProtectedKeys = TRUE; break;
case 'r': fRunRegressions = TRUE; break;
case 's': ThreadData.fSkipPinAttackTest = TRUE; break;
case '?': fInvalidArgs = TRUE; goto Ret;
case 'a': fAcquireContext = TRUE; pszOptions = argv[0] + 2; if (NULL == strchr(pszOptions, 'v')) { argv++; argc--; pszContainer = *argv; } break;
case 'd': fDeleteContainers = TRUE; break;
case 'T': argv++; argc--; if (0 == argc || 0 == (dwArg = atoi(argv[0]))) { fInvalidArgs = TRUE; goto Ret; } ThreadData.dwTestsToRun = dwArg; break;
default: fInvalidArgs = TRUE; goto Ret; } } }
//
// Check arg validity
//
if ( 0 != argc || 0 == ThreadData.dwProvType || (ThreadData.fEphemeralKeys && ThreadData.fUserProtectedKeys) || (fRunRegressions && fAcquireContext)) { fInvalidArgs = TRUE; goto Ret; }
printf("Provider: %s, Type: %d\n\n", ThreadData.rgszProvName, ThreadData.dwProvType);
if (fDeleteContainers) { printf("Deleting all key containers ...\n"); if (! DeleteAllContainers(&ThreadData)) exit(1); goto Ret; } if (fAcquireContext) { printf("Calling CryptAcquireContext ...\n"); if (! CallCryptAcquireContext( &ThreadData, pszOptions, pszContainer)) exit(1); goto Ret; }
if (!ProgramInit(&ThreadData)) { printf("ProgramInit() failed\n"); exit(1) ; }
//
// Initialize list of supported algorithms
//
if (ERROR_SUCCESS != (dwErr = InitializeAlgList(&ThreadData))) { printf("InitializeAlgList failed, 0x%x\n", dwErr); exit(1); }
if (fRunRegressions) { printf("Running regression tests ...\n"); if (! RunRegressionTests(&ThreadData)) exit(1); goto Ret; }
//
// Summarize user options
//
printf("Number of threads: %d\n", ThreadData.dwThreadCount); if (ThreadData.dwProgramMins) printf(" - Timeout in %d minute(s)\n", ThreadData.dwProgramMins); if (ThreadData.fEphemeralKeys) printf(" - Using ephemeral keys\n"); if (ThreadData.fUserProtectedKeys) printf(" - Using user-protected keys\n");
// Create event that can be used by the timer thread to stop
// the worker threads.
if ((ThreadData.hEndTestEvent = CreateEvent(NULL, TRUE, FALSE, NULL)) == NULL) { printf("CreateEvent() failed, 0x%x\n", GetLastError()); exit(1); }
// Create the threads
tick_StartTime = GetTickCount() ; for (thread_number = 0; thread_number < ThreadData.dwThreadCount; thread_number++) { if ((rghThread[thread_number] = CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE) ThreadRoutine, &ThreadData, 0, &threadID)) != NULL) { rgdwThreadID[thread_number] = threadID ; } else { sprintf(szErrorMsg, "\n\nERROR creating thread number 0x%x. Error 0x%x", thread_number, GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; exit(0) ; } }
// Spawn PrintThreadStatus
rghThread[thread_number++] = CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)PrintThreadStatus, &ThreadData, 0, &threadID); // Spawn KillProgramTimer (This will shut down all the threads and kill the program)
rghThread[thread_number++] = CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)KillProgramTimer, &ThreadData, 0, &threadID);
// Done Creating all threads
// End multithreading
dwErr = WaitForMultipleObjects(thread_number, rghThread, TRUE, INFINITE) ; if (dwErr == WAIT_FAILED) printf("WaitForMultipleObjects() failed, 0x%x\n", GetLastError());
if (! CryptDestroyKey(ThreadData.hSignatureKey)) { sprintf(szErrorMsg, "FAILED CryptDestroyKey SIG error 0x%x\n", GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; } if (ThreadData.hExchangeKey && (! CryptDestroyKey(ThreadData.hExchangeKey))) { sprintf(szErrorMsg, "FAILED CryptDestroyKey KEYX error 0x%x\n", GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; } if (! CryptReleaseContext(ThreadData.hVerifyCtx, 0)) { sprintf(szErrorMsg, "FAILED CryptReleaseContext 1 error 0x%x\n", GetLastError()); MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR); } if (! CryptReleaseContext(ThreadData.hProv, 0)) { sprintf(szErrorMsg, "FAILED CryptReleaseContext 2 error 0x%x\n", GetLastError()) ; MessageBox(NULL, szErrorMsg, ERROR_CAPTION, MB_OK | MB_ICONERROR) ; } DeleteCriticalSection(&ThreadData.CSThreadData); CloseHandle(ThreadData.hEndTestEvent);
while (thread_number--) CloseHandle(rghThread[thread_number]);
Ret: while (ThreadData.pAlgList) { pAlgNode = ThreadData.pAlgList->pNext; MyFree(ThreadData.pAlgList); ThreadData.pAlgList = pAlgNode; }
if (fInvalidArgs) { Usage(); printf("\nRegistered CSP's:\n"); cbCspName = MAX_PATH; for ( i = 0; ERROR_SUCCESS == GetNextRegisteredCSP( ThreadData.rgszProvName, &cbCspName, &ThreadData.dwProvType, ENUMERATE_REGISTERED_CSP); i++, cbCspName = MAX_PATH) { printf(" %d: %s, Type %d\n", i, ThreadData.rgszProvName, ThreadData.dwProvType); } exit(1); }
return 0 ;}
|
