diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index 3fda0fb..dba9253 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -209,78 +209,6 @@ namespace eap /// @} - /// \name Encryption - /// @{ - - /// - /// Encrypts data - /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to encrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] enc Encrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object - /// - /// \returns - /// - \c ERROR_SUCCESS if succeeded - /// - error code otherwise - /// - DWORD encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const; - - /// - /// Decrypts data - /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] enc Decrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object - /// - /// \returns - /// - \c ERROR_SUCCESS if succeeded - /// - error code otherwise - /// - template - DWORD decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const - { - assert(ppEapError); - DWORD dwResult; - - // Import the private key. - HRSRC res = FindResource(m_module.m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PRIVATE), RT_RCDATA); - assert(res); - HGLOBAL res_handle = LoadResource(m_module.m_instance, res); - assert(res_handle); - crypt_key key; - unique_ptr > keyinfo_data; - DWORD keyinfo_size = 0; - if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_module.m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."), NULL); - return dwResult; - } - - if (!key.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Private key import failed."), NULL); - return dwResult; - } - - // Decrypt the data using our private key. - vector > buf(size); - memcpy(buf.data(), data, size); - if (!CryptDecrypt(key, hHash, TRUE, 0, buf)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Decrypting password failed."), NULL); - return dwResult; - } - - dec.assign(buf.begin(), buf.end()); - - return ERROR_SUCCESS; - } - - /// @} - public: std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.) }; diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h index 28826f1..135811b 100644 --- a/lib/EAPBase/include/Module.h +++ b/lib/EAPBase/include/Module.h @@ -60,6 +60,7 @@ namespace eap #include #include // Must include after #include +#include #include // Must include after @@ -79,6 +80,9 @@ namespace eap /// virtual ~module(); + /// \name Memory management + /// @{ + /// /// Allocate a EAP_ERROR and fill it according to dwErrorCode /// @@ -99,6 +103,341 @@ namespace eap /// void free_error_memory(_In_ EAP_ERROR *err); + /// @} + + + /// \name Encryption + /// @{ + + /// + /// Encrypts data + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to encrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] enc Encrypted data + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[out] hHash Handle of hashing object + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + DWORD encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const; + + + /// + /// Encrypts a string + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt + /// \param[out] enc Encrypted data + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[out] hHash Handle of hashing object + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + { + return encrypt(hProv, val.c_str(), val.length*sizeof(_Elem), enc, ppEapError, hHash); + } + + + /// + /// Encrypts a wide string + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt + /// \param[out] enc Encrypted data + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[out] hHash Handle of hashing object + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + { + winstd::sanitizing_string val_utf8; + WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL); + return encrypt(hProv, val_utf8, enc, ppEapError, hHash); + } + + + /// + /// Encrypts data and add MD5 hash for integrity check + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to encrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] enc Encrypted data with 16B MD5 hash appended + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + DWORD encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const; + + + /// + /// Encrypts a string and add MD5 hash for integrity check + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt + /// \param[out] enc Encrypted data with 16B MD5 hash appended + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const + { + return encrypt_md5(hProv, val.c_str(), val.length()*sizeof(_Elem), enc, ppEapError); + } + + + /// + /// Encrypts a wide string and add MD5 hash for integrity check + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt + /// \param[out] enc Encrypted data with 16B MD5 hash appended + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const + { + winstd::sanitizing_string val_utf8; + WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL); + return encrypt_md5(hProv, val_utf8, enc, ppEapError); + } + + + /// + /// Decrypts data + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] dec Decrypted data + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[out] hHash Handle of hashing object + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + { + assert(ppEapError); + DWORD dwResult; + + // Import the private key. + HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PRIVATE), RT_RCDATA); + assert(res); + HGLOBAL res_handle = LoadResource(m_instance, res); + assert(res_handle); + crypt_key key; + unique_ptr > keyinfo_data; + DWORD keyinfo_size = 0; + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."), NULL); + return dwResult; + } + + if (!key.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Private key import failed."), NULL); + return dwResult; + } + + // Decrypt the data using our private key. + vector > buf(size); + memcpy(buf.data(), data, size); + if (!CryptDecrypt(key, hHash, TRUE, 0, buf)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Decrypting password failed."), NULL); + return dwResult; + } + + dec.assign(buf.begin(), buf.end()); + + return ERROR_SUCCESS; + } + + + /// + /// Decrypts a string + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] dec Decrypted string + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[out] hHash Handle of hashing object + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<_Elem, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + { + DWORD dwResult; + + std::vector<_Elem, sanitizing_allocator<_Elem> > buf; + if ((dwResult = decrypt(hProv, data, size, buf, ppEapError, hHash)) != ERROR_SUCCESS) + return dwResult; + dec.assign((const _Elem*)buf.begin(), (const _Elem*)buf.end()); + + return ERROR_SUCCESS; + } + + + /// + /// Decrypts a wide string + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] dec Decrypted string + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[out] hHash Handle of hashing object + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + { + DWORD dwResult; + + winstd::sanitizing_string buf; + if ((dwResult = decrypt(hProv, data, size, buf, ppEapError, hHash)) != ERROR_SUCCESS) + return dwResult; + MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec); + + return ERROR_SUCCESS; + } + + + /// + /// Decrypts data with MD5 integrity check + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] dec Decrypted data + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const + { + DWORD dwResult; + + // Create hash. + crypt_hash hash; + if (!hash.create(hProv, CALG_MD5)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Creating MD5 hash failed."), NULL); + return dwResult; + } + DWORD dwHashSize, dwHashSizeSize = sizeof(dwHashSize); + CryptGetHashParam(hash, HP_HASHSIZE, (LPBYTE)&dwHashSize, &dwHashSizeSize, 0); + if (size < dwHashSize) { + *ppEapError = make_error(dwResult = ERROR_INVALID_DATA, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Encrypted data too short."), NULL); + return dwResult; + } + size_t enc_size = size - dwHashSize; + + // Decrypt data. + if ((dwResult = decrypt(hProv, data, enc_size, dec, ppEapError, hash)) != ERROR_SUCCESS) + return dwResult; + + // Calculate MD5 hash and verify it. + vector hash_bin; + if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Calculating MD5 hash failed."), NULL); + return dwResult; + } + if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0) { + *ppEapError = make_error(dwResult = ERROR_INVALID_DATA, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Invalid encrypted data."), NULL); + return dwResult; + } + + return ERROR_SUCCESS; + } + + + /// + /// Decrypts a string with MD5 integrity check + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] dec Decrypted string + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<_Elem, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const + { + DWORD dwResult; + + std::vector<_Elem, sanitizing_allocator<_Elem> > buf; + if ((dwResult = decrypt_md5(hProv, data, size, buf, ppEapError)) != ERROR_SUCCESS) + return dwResult; + dec.assign(buf.data(), buf.size()); + + return ERROR_SUCCESS; + } + + + /// + /// Decrypts a wide string with MD5 integrity check + /// + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] dec Decrypted string + /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// + /// \returns + /// - \c ERROR_SUCCESS if succeeded + /// - error code otherwise + /// + template + DWORD decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string &dec, _Out_ EAP_ERROR **ppEapError) const + { + DWORD dwResult; + + winstd::sanitizing_string buf; + if ((dwResult = decrypt_md5(hProv, data, size, buf, ppEapError)) != ERROR_SUCCESS) + return dwResult; + MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec); + + return ERROR_SUCCESS; + } + + /// @} + public: HINSTANCE m_instance; ///< Windows module instance const type_t m_eap_method; ///< EAP method type diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 386a2f6..9292cca 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -83,49 +83,6 @@ bool eap::credentials::empty() const } -DWORD eap::credentials::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const -{ - assert(ppEapError); - DWORD dwResult; - - // Import the public key. - HRSRC res = FindResource(m_module.m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PUBLIC), RT_RCDATA); - assert(res); - HGLOBAL res_handle = LoadResource(m_module.m_instance, res); - assert(res_handle); - crypt_key key; - unique_ptr > keyinfo_data; - DWORD keyinfo_size = 0; - if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_module.m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."), NULL); - return dwResult; - } - - if (!key.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Public key import failed."), NULL); - return dwResult; - } - - // Pre-allocate memory to allow space, as encryption will grow the data. - DWORD dwBlockLen; - vector > buf(size); - memcpy(buf.data(), data, size); - if (!CryptGetKeyParam(key, KP_BLOCKLEN, dwBlockLen, 0)) dwBlockLen = 0; - buf.reserve((size + dwBlockLen - 1) / dwBlockLen * dwBlockLen); - - // Encrypt the data using our public key. - if (!CryptEncrypt(key, hHash, TRUE, 0, buf)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Encrypting data failed."), NULL); - return dwResult; - } - - // Copy encrypted data. - enc.assign(buf.begin(), buf.end()); - - return ERROR_SUCCESS; -} - - ////////////////////////////////////////////////////////////////////// // eap::credentials_pass ////////////////////////////////////////////////////////////////////// @@ -241,27 +198,11 @@ DWORD eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR * return dwResult; } - // Convert password to UTF-8. - sanitizing_string password_utf8; - WideCharToMultiByte(CP_UTF8, 0, m_password.c_str(), (int)m_password.length(), password_utf8, NULL, NULL); - - // Create hash. - crypt_hash hash; - if (!hash.create(cp, CALG_MD5)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Creating MD5 hash failed."), NULL); - return dwResult; - } - // Encrypt password. vector password; - if ((dwResult = encrypt(cp, password_utf8.c_str(), password_utf8.length(), password, ppEapError, hash)) != ERROR_SUCCESS) + if ((dwResult = m_module.encrypt_md5(cp, m_password, password, ppEapError)) != ERROR_SUCCESS) return dwResult; - // Calculate MD5 hash and append it. - vector hash_bin; - CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0); - password.insert(password.end(), hash_bin.begin(), hash_bin.end()); - // Convert encrypted password to Base64, since CredProtectA() fail for binary strings. string password_base64; base64_enc enc; @@ -336,38 +277,9 @@ DWORD eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERRO return dwResult; } - // Create hash. - crypt_hash hash; - if (!hash.create(cp, CALG_MD5)) { - *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Creating MD5 hash failed."), NULL); - return dwResult; - } - DWORD dwHashSize, dwHashSizeSize = sizeof(dwHashSize); - CryptGetHashParam(hash, HP_HASHSIZE, (LPBYTE)&dwHashSize, &dwHashSizeSize, 0); - if (password.size() < dwHashSize) { - *ppEapError = m_module.make_error(dwResult = ERROR_INVALID_DATA, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Encrypted password too short."), NULL); - return dwResult; - } - - // Extract hash from encrypted password. - vector hash_bin; - size_t enc_size = password.size() - dwHashSize; - hash_bin.assign(password.begin() + enc_size, password.end()); - // Decrypt password. - if ((dwResult = decrypt(cp, password.data(), enc_size, password, ppEapError, hash)) != ERROR_SUCCESS) + if ((dwResult = m_module.decrypt_md5(cp, password.data(), password.size(), m_password, ppEapError)) != ERROR_SUCCESS) return dwResult; - // Calculate MD5 hash and verify it. - vector hash2_bin; - CryptGetHashParam(hash, HP_HASHVAL, hash2_bin, 0); - if (hash_bin != hash2_bin) { - *ppEapError = m_module.make_error(dwResult = ERROR_INVALID_DATA, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Invalid password data."), NULL); - return dwResult; - } - - // Convert password from UTF-8. - MultiByteToWideChar(CP_UTF8, 0, password.data(), (int)password.size(), m_password); - return ERROR_SUCCESS; } diff --git a/lib/EAPBase/src/Module.cpp b/lib/EAPBase/src/Module.cpp index 7f21016..39ed71c 100644 --- a/lib/EAPBase/src/Module.cpp +++ b/lib/EAPBase/src/Module.cpp @@ -121,3 +121,73 @@ void eap::module::free_error_memory(_In_ EAP_ERROR *err) // pRootCauseString and pRepairString always trail the ppEapError to reduce number of (de)allocations. HeapFree(m_heap, 0, err); } + + +DWORD eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const +{ + assert(ppEapError); + DWORD dwResult; + + // Import the public key. + HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PUBLIC), RT_RCDATA); + assert(res); + HGLOBAL res_handle = LoadResource(m_instance, res); + assert(res_handle); + crypt_key key; + unique_ptr > keyinfo_data; + DWORD keyinfo_size = 0; + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."), NULL); + return dwResult; + } + + if (!key.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Public key import failed."), NULL); + return dwResult; + } + + // Pre-allocate memory to allow space, as encryption will grow the data. + DWORD dwBlockLen; + vector > buf(size); + memcpy(buf.data(), data, size); + if (!CryptGetKeyParam(key, KP_BLOCKLEN, dwBlockLen, 0)) dwBlockLen = 0; + buf.reserve((size + dwBlockLen - 1) / dwBlockLen * dwBlockLen); + + // Encrypt the data using our public key. + if (!CryptEncrypt(key, hHash, TRUE, 0, buf)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Encrypting data failed."), NULL); + return dwResult; + } + + // Copy encrypted data. + enc.assign(buf.begin(), buf.end()); + + return ERROR_SUCCESS; +} + + +DWORD eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const +{ + DWORD dwResult; + + // Create hash. + crypt_hash hash; + if (!hash.create(hProv, CALG_MD5)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Creating MD5 hash failed."), NULL); + return dwResult; + } + + // Encrypt data. + if ((dwResult = encrypt(hProv, data, size, enc, ppEapError, hash)) != ERROR_SUCCESS) + return dwResult; + + // Calculate MD5 hash and append it. + vector hash_bin; + if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) { + *ppEapError = make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Calculating MD5 hash failed."), NULL); + return dwResult; + } + enc.insert(enc.end(), hash_bin.begin(), hash_bin.end()); + + return ERROR_SUCCESS; +} diff --git a/lib/WinStd b/lib/WinStd index e4f5b63..385986f 160000 --- a/lib/WinStd +++ b/lib/WinStd @@ -1 +1 @@ -Subproject commit e4f5b63a85bba6364327b2b7161f934b0f80287a +Subproject commit 385986f704e96025cc7111b74094579ceb0b7380