Use the Data Protection API to protect the users private keys.

This commit is contained in:
Michael Jung 2005-05-27 19:23:19 +00:00 committed by Alexandre Julliard
parent 2d18c3aad3
commit dd5b70b4bd
2 changed files with 48 additions and 9 deletions

View File

@ -5,7 +5,7 @@ SRCDIR = @srcdir@
VPATH = @srcdir@ VPATH = @srcdir@
MODULE = rsaenh.dll MODULE = rsaenh.dll
IMPORTLIB = librsaenh.$(IMPLIBEXT) IMPORTLIB = librsaenh.$(IMPLIBEXT)
IMPORTS = advapi32 kernel32 IMPORTS = crypt32 advapi32 kernel32
C_SRCS = \ C_SRCS = \
des.c \ des.c \

View File

@ -857,8 +857,7 @@ static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTK
/****************************************************************************** /******************************************************************************
* destroy_key_container [Internal] * destroy_key_container [Internal]
* *
* Destructor for key containers. The user's signature and key exchange private * Destructor for key containers.
* keys are stored in the registry _IN_PLAINTEXT_.
* *
* PARAMS * PARAMS
* pObjectHdr [I] Pointer to the key container to be destroyed. * pObjectHdr [I] Pointer to the key container to be destroyed.
@ -866,6 +865,7 @@ static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTK
static void destroy_key_container(OBJECTHDR *pObjectHdr) static void destroy_key_container(OBJECTHDR *pObjectHdr)
{ {
KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr; KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr;
DATA_BLOB blobIn, blobOut;
CRYPTKEY *pKey; CRYPTKEY *pKey;
CHAR szRSABase[MAX_PATH]; CHAR szRSABase[MAX_PATH];
HKEY hKey, hRootKey; HKEY hKey, hRootKey;
@ -899,7 +899,18 @@ static void destroy_key_container(OBJECTHDR *pObjectHdr)
if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hKeyExchangeKeyPair, 0, if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hKeyExchangeKeyPair, 0,
PRIVATEKEYBLOB, 0, pbKey, &dwLen)) PRIVATEKEYBLOB, 0, pbKey, &dwLen))
{ {
RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY, pbKey, dwLen); blobIn.pbData = pbKey;
blobIn.cbData = dwLen;
if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
(pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ?
CRYPTPROTECT_LOCAL_MACHINE : 0,
&blobOut))
{
RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY,
blobOut.pbData, blobOut.cbData);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
} }
HeapFree(GetProcessHeap(), 0, pbKey); HeapFree(GetProcessHeap(), 0, pbKey);
} }
@ -920,7 +931,18 @@ static void destroy_key_container(OBJECTHDR *pObjectHdr)
if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hSignatureKeyPair, 0, if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hSignatureKeyPair, 0,
PRIVATEKEYBLOB, 0, pbKey, &dwLen)) PRIVATEKEYBLOB, 0, pbKey, &dwLen))
{ {
RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY, pbKey, dwLen); blobIn.pbData = pbKey;
blobIn.cbData = dwLen;
if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
(pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ?
CRYPTPROTECT_LOCAL_MACHINE : 0,
&blobOut))
{
RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY,
blobOut.pbData, blobOut.cbData);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
} }
HeapFree(GetProcessHeap(), 0, pbKey); HeapFree(GetProcessHeap(), 0, pbKey);
} }
@ -1021,6 +1043,7 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
DWORD dwValueType, dwLen; DWORD dwValueType, dwLen;
KEYCONTAINER *pKeyContainer; KEYCONTAINER *pKeyContainer;
HCRYPTPROV hKeyContainer; HCRYPTPROV hKeyContainer;
DATA_BLOB blobIn, blobOut;
sprintf(szRSABase, RSAENH_REGKEY, pszContainerName); sprintf(szRSABase, RSAENH_REGKEY, pszContainerName);
@ -1052,8 +1075,16 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
if (RegQueryValueExA(hKey, "KeyExchangeKeyPair", 0, &dwValueType, pbKey, &dwLen) == if (RegQueryValueExA(hKey, "KeyExchangeKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
ERROR_SUCCESS) ERROR_SUCCESS)
{ {
RSAENH_CPImportKey(hKeyContainer, pbKey, dwLen, 0, 0, blobIn.pbData = pbKey;
&pKeyContainer->hKeyExchangeKeyPair); blobIn.cbData = dwLen;
if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
(dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
{
RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
&pKeyContainer->hKeyExchangeKeyPair);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
} }
HeapFree(GetProcessHeap(), 0, pbKey); HeapFree(GetProcessHeap(), 0, pbKey);
} }
@ -1068,8 +1099,16 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
if (RegQueryValueExA(hKey, "SignatureKeyPair", 0, &dwValueType, pbKey, &dwLen) == if (RegQueryValueExA(hKey, "SignatureKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
ERROR_SUCCESS) ERROR_SUCCESS)
{ {
RSAENH_CPImportKey(hKeyContainer, pbKey, dwLen, 0, 0, blobIn.pbData = pbKey;
&pKeyContainer->hSignatureKeyPair); blobIn.cbData = dwLen;
if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
(dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
{
RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
&pKeyContainer->hSignatureKeyPair);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
} }
HeapFree(GetProcessHeap(), 0, pbKey); HeapFree(GetProcessHeap(), 0, pbKey);
} }