Use the Data Protection API to protect the users private keys.
This commit is contained in:
parent
2d18c3aad3
commit
dd5b70b4bd
|
@ -5,7 +5,7 @@ SRCDIR = @srcdir@
|
|||
VPATH = @srcdir@
|
||||
MODULE = rsaenh.dll
|
||||
IMPORTLIB = librsaenh.$(IMPLIBEXT)
|
||||
IMPORTS = advapi32 kernel32
|
||||
IMPORTS = crypt32 advapi32 kernel32
|
||||
|
||||
C_SRCS = \
|
||||
des.c \
|
||||
|
|
|
@ -857,8 +857,7 @@ static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTK
|
|||
/******************************************************************************
|
||||
* destroy_key_container [Internal]
|
||||
*
|
||||
* Destructor for key containers. The user's signature and key exchange private
|
||||
* keys are stored in the registry _IN_PLAINTEXT_.
|
||||
* Destructor for key containers.
|
||||
*
|
||||
* PARAMS
|
||||
* pObjectHdr [I] Pointer to the key container to be destroyed.
|
||||
|
@ -866,6 +865,7 @@ static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTK
|
|||
static void destroy_key_container(OBJECTHDR *pObjectHdr)
|
||||
{
|
||||
KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr;
|
||||
DATA_BLOB blobIn, blobOut;
|
||||
CRYPTKEY *pKey;
|
||||
CHAR szRSABase[MAX_PATH];
|
||||
HKEY hKey, hRootKey;
|
||||
|
@ -899,7 +899,18 @@ static void destroy_key_container(OBJECTHDR *pObjectHdr)
|
|||
if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hKeyExchangeKeyPair, 0,
|
||||
PRIVATEKEYBLOB, 0, pbKey, &dwLen))
|
||||
{
|
||||
RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY, pbKey, dwLen);
|
||||
blobIn.pbData = pbKey;
|
||||
blobIn.cbData = dwLen;
|
||||
|
||||
if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
|
||||
(pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ?
|
||||
CRYPTPROTECT_LOCAL_MACHINE : 0,
|
||||
&blobOut))
|
||||
{
|
||||
RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY,
|
||||
blobOut.pbData, blobOut.cbData);
|
||||
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
|
||||
}
|
||||
}
|
||||
HeapFree(GetProcessHeap(), 0, pbKey);
|
||||
}
|
||||
|
@ -920,7 +931,18 @@ static void destroy_key_container(OBJECTHDR *pObjectHdr)
|
|||
if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hSignatureKeyPair, 0,
|
||||
PRIVATEKEYBLOB, 0, pbKey, &dwLen))
|
||||
{
|
||||
RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY, pbKey, dwLen);
|
||||
blobIn.pbData = pbKey;
|
||||
blobIn.cbData = dwLen;
|
||||
|
||||
if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
|
||||
(pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ?
|
||||
CRYPTPROTECT_LOCAL_MACHINE : 0,
|
||||
&blobOut))
|
||||
{
|
||||
RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY,
|
||||
blobOut.pbData, blobOut.cbData);
|
||||
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
|
||||
}
|
||||
}
|
||||
HeapFree(GetProcessHeap(), 0, pbKey);
|
||||
}
|
||||
|
@ -1021,6 +1043,7 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
|
|||
DWORD dwValueType, dwLen;
|
||||
KEYCONTAINER *pKeyContainer;
|
||||
HCRYPTPROV hKeyContainer;
|
||||
DATA_BLOB blobIn, blobOut;
|
||||
|
||||
sprintf(szRSABase, RSAENH_REGKEY, pszContainerName);
|
||||
|
||||
|
@ -1052,8 +1075,16 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
|
|||
if (RegQueryValueExA(hKey, "KeyExchangeKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
|
||||
ERROR_SUCCESS)
|
||||
{
|
||||
RSAENH_CPImportKey(hKeyContainer, pbKey, dwLen, 0, 0,
|
||||
blobIn.pbData = pbKey;
|
||||
blobIn.cbData = dwLen;
|
||||
|
||||
if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
|
||||
(dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
|
||||
{
|
||||
RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
|
||||
&pKeyContainer->hKeyExchangeKeyPair);
|
||||
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
|
||||
}
|
||||
}
|
||||
HeapFree(GetProcessHeap(), 0, pbKey);
|
||||
}
|
||||
|
@ -1068,8 +1099,16 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
|
|||
if (RegQueryValueExA(hKey, "SignatureKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
|
||||
ERROR_SUCCESS)
|
||||
{
|
||||
RSAENH_CPImportKey(hKeyContainer, pbKey, dwLen, 0, 0,
|
||||
blobIn.pbData = pbKey;
|
||||
blobIn.cbData = dwLen;
|
||||
|
||||
if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
|
||||
(dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
|
||||
{
|
||||
RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
|
||||
&pKeyContainer->hSignatureKeyPair);
|
||||
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
|
||||
}
|
||||
}
|
||||
HeapFree(GetProcessHeap(), 0, pbKey);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue