You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
293 lines
8.8 KiB
293 lines
8.8 KiB
/* context.h */
|
|
|
|
#ifndef DSSCSP_CONTEXT_H
|
|
#define DSSCSP_CONTEXT_H
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <crypt.h>
|
|
#include <windows.h>
|
|
#include <crtdbg.h>
|
|
#include <csp.h>
|
|
#include <randlib.h>
|
|
#include <des.h>
|
|
#include <sha.h>
|
|
|
|
#ifdef CSP_USE_MD5
|
|
#include "md5.h"
|
|
#endif
|
|
#ifdef CSP_USE_SHA1
|
|
#include "sha.h"
|
|
#endif
|
|
|
|
// definition for disabling encryption in France
|
|
#define CRYPT_DISABLE_CRYPT 0x1
|
|
|
|
/*********************************/
|
|
/* Definitions */
|
|
/*********************************/
|
|
|
|
#define KEY_MAGIC 0xBADF
|
|
|
|
/* State definitions */
|
|
#define KEY_INIT 0x0001
|
|
|
|
#define MAX_BLOCKLEN 8
|
|
|
|
// types of key storage
|
|
#define PROTECTED_STORAGE_KEYS 1
|
|
#define PROTECTION_API_KEYS 2
|
|
|
|
#define HASH_MAGIC 0xBADE
|
|
|
|
/* State Flags */
|
|
#define HASH_INIT 0x0001
|
|
#define HASH_DATA 0x0002
|
|
#define HASH_FINISH 0x0004
|
|
|
|
#define MAX_HASH_LEN 20
|
|
|
|
#define CRYPT_BLKLEN 8
|
|
|
|
#define HMAC_DEFAULT_STRING_LEN 64
|
|
#define HMAC_STARTED 1
|
|
#define HMAC_FINISHED 2
|
|
|
|
|
|
/*********************************/
|
|
/* Structure Definitions */
|
|
/*********************************/
|
|
|
|
typedef struct _Key_t_ {
|
|
int magic; // Magic number
|
|
void *pContext;
|
|
int state; // State of object
|
|
ALG_ID algId; // Algorithm Id
|
|
DWORD flags; // General flags associated with key
|
|
void *algParams; // Parameters for algorithm
|
|
uchar IV[MAX_BLOCKLEN];
|
|
uchar Temp_IV[MAX_BLOCKLEN];
|
|
uchar *pbKey;
|
|
DWORD cbKey;
|
|
uchar *pbSalt;
|
|
DWORD cbSalt;
|
|
BYTE *pbData;
|
|
DWORD cbData;
|
|
DWORD cbEffectiveKeyLen;
|
|
int mode;
|
|
int pad;
|
|
int mode_bits;
|
|
BOOL InProgress; // if key is being used
|
|
BOOL fUIOnKey; // flag to indicate if UI was to be set on the key
|
|
} Key_t;
|
|
|
|
|
|
// Packed version of Key_t. This is used when building opaque
|
|
// blobs, and is necessary to properly support WOW64 operation.
|
|
typedef struct _Packed_Key_t_ {
|
|
// BLOBHEADER
|
|
int magic; // Magic number
|
|
int state; // State of object
|
|
ALG_ID algId; // Algorithm Id
|
|
DWORD flags; // General flags associated with key
|
|
uchar IV[MAX_BLOCKLEN];
|
|
uchar Temp_IV[MAX_BLOCKLEN];
|
|
DWORD cbKey;
|
|
DWORD cbData;
|
|
DWORD cbEffectiveKeyLen;
|
|
int mode;
|
|
int pad;
|
|
int mode_bits;
|
|
BOOL InProgress; // if key is being used
|
|
BOOL fUIOnKey; // flag to indicate if UI was to be set on the key
|
|
// cbKey data bytes
|
|
// cbData data bytes
|
|
} Packed_Key_t;
|
|
|
|
|
|
typedef struct {
|
|
int magic; // Magic number
|
|
void *pContext; // associated context
|
|
int state; // State of hash object
|
|
ALG_ID algId; // Algorithm Id
|
|
DWORD size; // Size of hash
|
|
void *pMAC; // pointer to mac state
|
|
BYTE hashval[MAX_HASH_LEN];
|
|
BYTE *pbData;
|
|
DWORD cbData;
|
|
Key_t *pKey;
|
|
BOOL fInternalKey;
|
|
ALG_ID HMACAlgid;
|
|
DWORD HMACState;
|
|
BYTE *pbHMACInner;
|
|
DWORD cbHMACInner;
|
|
BYTE *pbHMACOuter;
|
|
DWORD cbHMACOuter;
|
|
union {
|
|
#if _WIN64
|
|
//
|
|
// fake member to cause 8byte alignment.
|
|
//
|
|
ULONGLONG Padding;
|
|
#endif
|
|
#ifdef CSP_USE_MD5
|
|
MD5_CTX md5;
|
|
#endif // CSP_USE_MD5
|
|
#ifdef CSP_USE_SHA1
|
|
A_SHA_CTX sha;
|
|
#endif // CSP_USE_SHA1
|
|
} algData;
|
|
} Hash_t;
|
|
|
|
|
|
/*********************************/
|
|
/* Definitions */
|
|
/*********************************/
|
|
|
|
#define CONTEXT_MAGIC 0xDEADBEEF
|
|
#define CONTEXT_RANDOM_LENGTH 20
|
|
|
|
|
|
typedef struct _PStore_Info
|
|
{
|
|
HINSTANCE hInst;
|
|
void *pProv;
|
|
GUID SigType;
|
|
GUID SigSubtype;
|
|
GUID ExchType;
|
|
GUID ExchSubtype;
|
|
LPWSTR szPrompt;
|
|
DWORD cbPrompt;
|
|
} PSTORE_INFO;
|
|
|
|
|
|
/*********************************/
|
|
/* Structure Definitions */
|
|
/*********************************/
|
|
|
|
typedef struct {
|
|
DWORD magic; // Magic number
|
|
DWORD dwProvType; // Type of provider being called as
|
|
LPSTR szProvName; // Name of provider being called as
|
|
BOOL fMachineKeyset; // TRUE if keyset is for machine
|
|
DWORD rights; // Privileges
|
|
BOOL fIsLocalSystem; // check if running as local system
|
|
KEY_CONTAINER_INFO ContInfo;
|
|
Key_t *pSigKey; // pointer to the DSS sig key
|
|
Key_t *pKExKey; // pointer to the DH key exchange key
|
|
HKEY hKeys; // Handle to registry
|
|
DWORD dwEnumalgs; // index for enumerating algorithms
|
|
DWORD dwEnumalgsEx; // index for enumerating algorithms
|
|
DWORD dwiSubKey; // index for enumerating containers
|
|
DWORD dwMaxSubKey; // max number of containers
|
|
void *contextData; // Context specific data
|
|
CRITICAL_SECTION CritSec; // critical section for decrypting keys
|
|
HWND hWnd; // handle to window for UI
|
|
PSTORE_INFO *pPStore; // pointer to PStore information
|
|
LPWSTR pwszPrompt; // UI prompt to be used
|
|
DWORD dwOldKeyFlags; // flags to tell how keys should be migrated
|
|
DWORD dwKeysetType; // type of storage used
|
|
HANDLE hRNGDriver; // handle to hardware RNG driver
|
|
EXPO_OFFLOAD_STRUCT *pOffloadInfo; // info for offloading modular expo
|
|
DWORD dwPolicyId; // Index into policy keylengh arrays.
|
|
BYTE rgbSigEncryptedX [RTL_ENCRYPT_MEMORY_SIZE + (SHA_DWORDS * sizeof(DWORD))];
|
|
BYTE rgbKExEncryptedX [RTL_ENCRYPT_MEMORY_SIZE + (DSA_P_MAXDWORDS * sizeof(DWORD))];
|
|
} Context_t;
|
|
|
|
|
|
/*********************************/
|
|
/* Policy Definitions */
|
|
/*********************************/
|
|
|
|
extern PROV_ENUMALGS_EX *g_AlgTables[];
|
|
// NOTE -- These definitions must match the order of entries in g_AlgTables.
|
|
#define POLICY_DSS_BASE 0 // Policy for MS_DEF_DSS_PROV
|
|
#define POLICY_DSSDH_BASE 1 // Policy for MS_DEF_DSS_DH_PROV
|
|
#define POLICY_DSSDH_ENHANCED 2 // Policy for MS_ENH_DSS_DH_PROV
|
|
#define POLICY_DSSDH_SCHANNEL 3 // Policy for MS_DEF_DH_SCHANNEL_PROV
|
|
|
|
|
|
/*********************************/
|
|
/* Function Definitions */
|
|
/*********************************/
|
|
|
|
extern void
|
|
freeContext(
|
|
Context_t *pContext);
|
|
|
|
extern Context_t *
|
|
checkContext(
|
|
HCRYPTPROV hProv);
|
|
|
|
extern Context_t *
|
|
allocContext(
|
|
void);
|
|
|
|
// Initialize a context
|
|
extern DWORD
|
|
initContext(
|
|
IN OUT Context_t *pContext,
|
|
IN DWORD dwFlags,
|
|
IN DWORD dwProvType,
|
|
IN LPCSTR szProvName,
|
|
IN DWORD dwPolicyId);
|
|
|
|
extern HCRYPTPROV
|
|
AddContext(
|
|
Context_t *pContext);
|
|
|
|
extern HCRYPTHASH
|
|
addContextHash(
|
|
Context_t *pContext,
|
|
Hash_t *pHash);
|
|
|
|
extern Hash_t *
|
|
checkContextHash(
|
|
Context_t *pContext,
|
|
HCRYPTHASH hHash);
|
|
|
|
// Add key to context
|
|
extern HCRYPTKEY
|
|
addContextKey(
|
|
Context_t *pContext,
|
|
Key_t *pKey);
|
|
|
|
// Check if key exists in context
|
|
extern Key_t *
|
|
checkContextKey(
|
|
IN Context_t *pContext,
|
|
IN HCRYPTKEY hKey);
|
|
|
|
// random number generation prototype
|
|
extern DWORD
|
|
FIPS186GenRandom(
|
|
IN HANDLE hRNGDriver,
|
|
IN BYTE **ppbContextSeed,
|
|
IN DWORD *pcbContextSeed,
|
|
IN OUT BYTE *pb,
|
|
IN DWORD cb);
|
|
|
|
// Scrub sensitive data from memory
|
|
extern void
|
|
memnuke(
|
|
volatile BYTE *pData,
|
|
DWORD dwLen);
|
|
|
|
#include "dh_key.h"
|
|
|
|
extern void ScrubPrivateKeyInMemory(
|
|
IN DHKey_t *pDH,
|
|
IN BOOL fSigKey);
|
|
|
|
extern DWORD EncryptPrivateKeyInMemory(
|
|
IN Context_t *pContext,
|
|
IN DHKey_t *pDH,
|
|
IN ALG_ID AlgId);
|
|
|
|
extern DWORD DecryptPrivateKeyInMemory(
|
|
IN Context_t *pContext,
|
|
IN DHKey_t *pDH,
|
|
IN ALG_ID AlgId);
|
|
|
|
#endif
|