archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/rras/ras/ppp/eaptls/scard.c

565 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*
  3. Copyright (c) 1997, Microsoft Corporation, all rights reserved
  5. Description:
  6. Smart card helper functions.
  8. History:
  9. 13 Dec 1997: Amanda Matlosz created original version.
  10. 12 May 1998: Vijay Baliga moved things around.
  12. */
  14. #undef UNICODE
  16. #include <winscard.h>
  17. #include <wincrypt.h>
  18. #include <rtutils.h>
  21. VOID
  22. EapTlsTrace(
  23. IN CHAR* Format,
  24. ...
  25. );
  28. typedef
  29. WINSCARDAPI LONG
  30. (WINAPI *GETOPENCARDNAMEA)(
  31. OPENCARDNAMEA*
  32. );
  34. GETOPENCARDNAMEA g_fnGetOpenCardNameA = NULL;
  35. HINSTANCE g_hInstanceScardDlg = NULL;
  37. /*
  39. Returns:
  41. Notes:
  43. */
  45. DWORD
  46. LoadScardDlgDll(
  47. VOID
  48. )
  49. {
  50. DWORD dwErr = NO_ERROR;
  52. if (NULL == g_hInstanceScardDlg)
  53. {
  54. g_hInstanceScardDlg = LoadLibrary("scarddlg.dll");
  55. }
  57. if (NULL == g_hInstanceScardDlg)
  58. {
  59. dwErr = GetLastError();
  60. EapTlsTrace("LoadLibrary(scarddlg.dll) failed and returned 0x%x",
  61. dwErr);
  62. goto LDone;
  63. }
  65. if (NULL == g_fnGetOpenCardNameA)
  66. {
  67. g_fnGetOpenCardNameA = (GETOPENCARDNAMEA)
  68. GetProcAddress(g_hInstanceScardDlg, "GetOpenCardNameA");
  69. }
  71. if (NULL == g_fnGetOpenCardNameA)
  72. {
  73. dwErr = GetLastError();
  74. EapTlsTrace("GetProcAddress(GetOpenCardNameA) failed and returned 0x%x",
  75. dwErr);
  76. goto LDone;
  77. }
  79. LDone:
  81. return(dwErr);
  82. }
  84. /*
  86. Returns:
  88. Notes:
  90. */
  92. VOID
  93. FreeScardDlgDll(
  94. VOID
  95. )
  96. {
  97. if (NULL != g_hInstanceScardDlg)
  98. {
  99. FreeLibrary(g_hInstanceScardDlg);
  100. g_hInstanceScardDlg = NULL;
  101. g_fnGetOpenCardNameA = NULL;
  102. }
  103. }
  105. /*
  107. Returns:
  109. Notes:
  111. */
  113. DWORD
  114. LocalCryptGetProvParamW(
  115. IN HCRYPTPROV hProv,
  116. IN DWORD dwParam,
  117. OUT WCHAR** ppwsz
  118. )
  119. {
  120. CHAR* psz = NULL;
  121. WCHAR* pwszTemp = NULL;
  122. DWORD cb;
  123. int count;
  124. BOOL fSuccess;
  125. DWORD dwErr = NO_ERROR;
  127. fSuccess = CryptGetProvParam(hProv, dwParam, NULL, &cb, 0);
  129. if (!fSuccess)
  130. {
  131. dwErr = GetLastError();
  132. EapTlsTrace("CryptGetProvParam failed and returned 0x%x", dwErr);
  133. goto LDone;
  134. }
  136. psz = (CHAR*)LocalAlloc(LPTR, cb);
  138. if (NULL == psz)
  139. {
  140. dwErr = GetLastError();
  141. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  142. goto LDone;
  143. }
  145. fSuccess = CryptGetProvParam(hProv, dwParam, (BYTE*)psz, &cb, 0);
  147. if (!fSuccess)
  148. {
  149. dwErr = GetLastError();
  150. EapTlsTrace("CryptGetProvParam failed and returned 0x%x", dwErr);
  151. goto LDone;
  152. }
  154. count = MultiByteToWideChar(CP_UTF8, 0, psz, -1, NULL, 0);
  156. if (0 == count)
  157. {
  158. dwErr = GetLastError();
  159. EapTlsTrace("MultiByteToWideChar(%s) failed: %d", psz, dwErr);
  160. goto LDone;
  161. }
  163. pwszTemp = (WCHAR*)LocalAlloc(LPTR, count * sizeof(WCHAR));
  165. if (NULL == pwszTemp)
  166. {
  167. dwErr = GetLastError();
  168. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  169. goto LDone;
  170. }
  172. count = MultiByteToWideChar(CP_UTF8, 0, psz, -1, pwszTemp, count);
  174. if (0 == count)
  175. {
  176. dwErr = GetLastError();
  177. EapTlsTrace("MultiByteToWideChar(%s) failed: %d", psz, dwErr);
  178. goto LDone;
  179. }
  181. *ppwsz = pwszTemp;
  182. pwszTemp = NULL;
  184. LDone:
  186. LocalFree(pwszTemp);
  187. LocalFree(psz);
  188. return(dwErr);
  189. }
  191. /*
  193. Returns:
  195. Notes:
  196. This internal routine generates a certificate context with (static)
  197. keyprov info suitable for CertStore-based operations.
  199. */
  201. DWORD
  202. BuildCertContext(
  203. IN HCRYPTPROV hProv,
  204. IN BYTE* pbCert,
  205. IN DWORD dwCertLen,
  206. OUT PCCERT_CONTEXT* ppCertContext
  207. )
  208. {
  209. CRYPT_KEY_PROV_INFO KeyProvInfo;
  210. WCHAR* pwszContainerName = NULL;
  211. WCHAR* pwszProviderName = NULL;
  212. BOOL fCertContextCreated = FALSE;
  213. BOOL fSuccess;
  214. DWORD dwErr = NO_ERROR;
  216. if ( (0 == hProv)
  217. || (NULL == pbCert)
  218. || (0 == dwCertLen))
  219. {
  220. dwErr = ERROR_INVALID_PARAMETER;
  221. goto LDone;
  222. }
  224. RTASSERT(NULL != ppCertContext);
  226. // Convert the certificate into a cert context.
  228. *ppCertContext = CertCreateCertificateContext(
  229. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  230. pbCert, dwCertLen);
  232. if (NULL == *ppCertContext)
  233. {
  234. dwErr = GetLastError();
  235. EapTlsTrace("CertCreateCertificateContext failed and returned 0x%x",
  236. dwErr);
  237. goto LDone;
  238. }
  240. fCertContextCreated = TRUE;
  242. // Associate cryptprovider w/ the private key property of this cert
  244. dwErr = LocalCryptGetProvParamW(hProv, PP_CONTAINER, &pwszContainerName);
  246. if (NO_ERROR != dwErr)
  247. {
  248. goto LDone;
  249. }
  251. EapTlsTrace("Container: %ws", pwszContainerName);
  253. dwErr = LocalCryptGetProvParamW(hProv, PP_NAME, &pwszProviderName);
  255. if (NO_ERROR != dwErr)
  256. {
  257. goto LDone;
  258. }
  260. EapTlsTrace("Provider: %ws", pwszProviderName);
  262. // Set the cert context properties to reflect the prov info
  264. KeyProvInfo.pwszContainerName = pwszContainerName;
  265. KeyProvInfo.pwszProvName = pwszProviderName;
  266. KeyProvInfo.dwProvType = PROV_RSA_FULL;
  267. KeyProvInfo.dwFlags = 0;
  268. KeyProvInfo.cProvParam = 0;
  269. KeyProvInfo.rgProvParam = NULL;
  270. KeyProvInfo.dwKeySpec = AT_KEYEXCHANGE;
  272. fSuccess = CertSetCertificateContextProperty(
  273. *ppCertContext,
  274. CERT_KEY_PROV_INFO_PROP_ID,
  275. 0,
  276. (void *)&KeyProvInfo);
  278. if (!fSuccess)
  279. {
  280. dwErr = GetLastError();
  281. EapTlsTrace("CertSetCertificateContextProperty failed and returned "
  282. "0x%x", dwErr);
  283. goto LDone;
  284. }
  287. LDone:
  289. if (NO_ERROR != dwErr)
  290. {
  291. if (fCertContextCreated)
  292. {
  293. CertFreeCertificateContext(*ppCertContext);
  294. }
  296. *ppCertContext = NULL;
  297. }
  299. LocalFree(pwszContainerName);
  300. LocalFree(pwszProviderName);
  302. return(dwErr);
  303. }
  305. /*
  307. Returns:
  309. Notes:
  310. The "Select Card" common dialog is raised, then the certificate is read
  311. from the card, a certificate context complete with key prov info is
  312. migrated to the cert store and also returned to the caller.
  314. */
  316. DWORD
  317. GetCertFromCard(
  318. OUT PCCERT_CONTEXT* ppCertContext
  319. )
  320. {
  321. CHAR* pszReader = NULL;
  322. CHAR* pszCard = NULL;
  323. DWORD cbReaderOrCard = MAX_PATH;
  324. SCARDCONTEXT hContext = 0;
  325. OPENCARDNAMEA OpenCardName;
  326. CHAR* pszProviderName = NULL;
  327. DWORD cchProvider;
  328. HCRYPTPROV hProv = 0;
  329. HCRYPTKEY hKey = 0;
  330. DWORD cbCertLen;
  331. BYTE* pbCert = NULL;
  332. HCERTSTORE hCertStore = NULL;
  334. BOOL fSuccess;
  335. LONG lErr;
  336. DWORD dwErr = NO_ERROR;
  338. EapTlsTrace("GetCertFromCard");
  340. RTASSERT(NULL != ppCertContext);
  342. dwErr = LoadScardDlgDll();
  344. if (NO_ERROR != dwErr)
  345. {
  346. goto LDone;
  347. }
  349. pszReader = (BYTE*)LocalAlloc(LPTR, cbReaderOrCard);
  351. if (NULL == pszReader)
  352. {
  353. dwErr = GetLastError();
  354. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  355. goto LDone;
  356. }
  358. pszCard = (BYTE*)LocalAlloc(LPTR, cbReaderOrCard);
  360. if (NULL == pszCard)
  361. {
  362. dwErr = GetLastError();
  363. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  364. goto LDone;
  365. }
  367. lErr = SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &hContext);
  369. if (SCARD_S_SUCCESS != lErr)
  370. {
  371. dwErr = lErr;
  372. EapTlsTrace("SCardEstablishContext failed and returned 0x%x", dwErr);
  373. goto LDone;
  374. }
  376. ZeroMemory(&OpenCardName, sizeof(OpenCardName));
  378. OpenCardName.dwStructSize = sizeof(OpenCardName);
  379. OpenCardName.hSCardContext = hContext;
  380. OpenCardName.lpstrCardNames = NULL;
  381. OpenCardName.lpstrRdr = pszReader;
  382. OpenCardName.nMaxRdr = cbReaderOrCard;
  383. OpenCardName.lpstrCard = pszCard;
  384. OpenCardName.nMaxCard = cbReaderOrCard;
  385. OpenCardName.lpstrTitle = "Select smartcard";
  386. OpenCardName.dwFlags = SC_DLG_MINIMAL_UI;
  387. OpenCardName.dwShareMode = 0;
  388. OpenCardName.dwPreferredProtocols = 0;
  390. lErr = g_fnGetOpenCardNameA(&OpenCardName);
  392. if (SCARD_S_SUCCESS != lErr)
  393. {
  394. dwErr = lErr;
  395. EapTlsTrace("GetOpenCardNameA failed and returned 0x%x", dwErr);
  396. goto LDone;
  397. }
  399. EapTlsTrace("Reader: %s, Card: %s", pszReader, pszCard);
  401. RTASSERT(0 == OpenCardName.hCardHandle);
  403. pszProviderName = NULL;
  404. cchProvider = SCARD_AUTOALLOCATE;
  406. lErr = SCardGetCardTypeProviderNameA(hContext, OpenCardName.lpstrCard,
  407. SCARD_PROVIDER_CSP, (CHAR*) &pszProviderName, &cchProvider);
  409. if (SCARD_S_SUCCESS != lErr)
  410. {
  411. dwErr = lErr;
  412. EapTlsTrace("SCardGetCardTypeProviderNameA failed and returned 0x%x",
  413. dwErr);
  414. goto LDone;
  415. }
  417. if (NULL != pszProviderName)
  418. {
  419. EapTlsTrace("Provider: %s", pszProviderName);
  420. }
  422. // Load the CSP
  424. fSuccess = CryptAcquireContext(&hProv, NULL /* default container */,
  425. pszProviderName, PROV_RSA_FULL,
  426. CRYPT_SILENT /* or 0, to show CSP UI as needed */);
  428. if (!fSuccess)
  429. {
  430. dwErr = GetLastError();
  431. EapTlsTrace("CryptAcquireContext failed and returned 0x%x", dwErr);
  432. goto LDone;
  433. }
  435. // Get the key handle.
  437. fSuccess = CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hKey);
  439. if (!fSuccess)
  440. {
  441. dwErr = GetLastError();
  442. EapTlsTrace("CryptGetUserKey failed and returned 0x%x", dwErr);
  443. goto LDone;
  444. }
  446. // Upload the certificate.
  448. cbCertLen = 0;
  450. fSuccess = CryptGetKeyParam(hKey, KP_CERTIFICATE, NULL, &cbCertLen, 0);
  452. if (!fSuccess)
  453. {
  454. dwErr = GetLastError();
  456. if (ERROR_MORE_DATA != dwErr)
  457. {
  458. EapTlsTrace("CryptGetKeyParam(KP_CERTIFICATE) failed and returned "
  459. "0x%x", dwErr);
  460. goto LDone;
  461. }
  463. dwErr = NO_ERROR;
  464. }
  466. pbCert = (BYTE*)LocalAlloc(LPTR, cbCertLen);
  468. if (NULL == pbCert)
  469. {
  470. dwErr = GetLastError();
  471. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  472. goto LDone;
  473. }
  475. fSuccess = CryptGetKeyParam(hKey, KP_CERTIFICATE, pbCert, &cbCertLen, 0);
  477. if (!fSuccess)
  478. {
  479. dwErr = GetLastError();
  480. EapTlsTrace("CryptGetKeyParam(KP_CERTIFICATE) failed and returned "
  481. "0x%x", dwErr);
  482. goto LDone;
  483. }
  485. // Get the cert context...
  487. dwErr = BuildCertContext(hProv, pbCert, cbCertLen, ppCertContext);
  489. if (NO_ERROR != dwErr)
  490. {
  491. goto LDone;
  492. }
  494. // ...and migrate it to the My store
  496. hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, hProv,
  497. CERT_SYSTEM_STORE_CURRENT_USER, "MY");
  499. if (NULL == hCertStore)
  500. {
  501. dwErr = GetLastError();
  502. EapTlsTrace("CertOpenStore failed and returned 0x%x", dwErr);
  503. goto LDone;
  504. }
  506. fSuccess = CertAddCertificateContextToStore(hCertStore, *ppCertContext,
  507. CERT_STORE_ADD_REPLACE_EXISTING, NULL);
  509. if (!fSuccess)
  510. {
  511. // This is OK. Don't return an error.
  513. EapTlsTrace("CertAddCertificateContextToStore failed and returned 0x%x",
  514. GetLastError());
  515. }
  517. LDone:
  519. LocalFree(pszReader);
  520. LocalFree(pszCard);
  521. LocalFree(pbCert);
  523. if (0 != hProv)
  524. {
  525. CryptReleaseContext(hProv, 0);
  526. }
  528. if (NULL != hCertStore)
  529. {
  530. CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
  531. }
  533. if (NULL != pszProviderName)
  534. {
  535. SCardFreeMemory(hContext, pszProviderName);
  536. }
  538. if (0 != hContext)
  539. {
  540. SCardReleaseContext(hContext);
  541. }
  543. if (0 != hKey)
  544. {
  545. CryptDestroyKey(hKey);
  546. }
  548. RTASSERT( (NO_ERROR == dwErr)
  549. || (NULL == *ppCertContext));
  551. if ( (NULL == *ppCertContext)
  552. && (NO_ERROR == dwErr))
  553. {
  554. EapTlsTrace("CertContext is NULL. Returning E_FAIL");
  555. dwErr = E_FAIL;
  556. }
  558. if ( (SCARD_W_CANCELLED_BY_USER == dwErr)
  559. || (SCARD_E_NO_READERS_AVAILABLE == dwErr))
  560. {
  561. dwErr = ERROR_CANCELLED;
  562. }
  564. return(dwErr);
  565. }