1.1 --- a/GateKeeper.cpp Tue Jun 28 00:29:46 2016 +0200
1.2 +++ b/GateKeeper.cpp Tue Jun 28 02:50:31 2016 +0200
1.3 @@ -6,7 +6,7 @@
1.4
1.5 using namespace std;
1.6
1.7 -// https://gist.github.com/mcdurdin/5626617
1.8 +// from https://msdn.microsoft.com/en-us/library/windows/desktop/dd388945(v=vs.85).aspx
1.9
1.10 struct PUBLIC_KEY_VALUES {
1.11 BLOBHEADER blobheader;
1.12 @@ -291,18 +291,9 @@
1.13 throw runtime_error("BCryptExportKey: delivery_key");
1.14 }
1.15
1.16 - static random_device rd;
1.17 - static mt19937 gen(rd());
1.18 - uniform_int_distribution<int64_t> dist(0, UINT32_MAX);
1.19 - uint32_t r[64];
1.20 - for (int i = 0; i < 64; i++)
1.21 - r[i] = (uint32_t) dist(gen);
1.22 -
1.23 BCRYPT_OAEP_PADDING_INFO pi;
1.24 memset(&pi, 0, sizeof(BCRYPT_OAEP_PADDING_INFO));
1.25 pi.pszAlgId = BCRYPT_SHA256_ALGORITHM;
1.26 - pi.pbLabel = (PUCHAR) r;
1.27 - pi.cbLabel = sizeof(r);
1.28
1.29 ULONG result_size;
1.30 PUCHAR _result = NULL;
1.31 @@ -385,15 +376,19 @@
1.32 string crypted;
1.33 string unencrypted;
1.34
1.35 - do {
1.36 - static char buffer[32768];
1.37 - DWORD reading;
1.38 - BOOL bResult = InternetReadFile(hUrl, buffer, 32768, &reading);
1.39 - if (!bResult || !reading)
1.40 - break;
1.41 - crypted += string(buffer, reading);
1.42 - } while (1);
1.43 -
1.44 + try {
1.45 + do {
1.46 + static char buffer[1024*1024];
1.47 + DWORD reading;
1.48 + BOOL bResult = InternetReadFile(hUrl, buffer, 1024*1024, &reading);
1.49 + if (!bResult || !reading)
1.50 + break;
1.51 + crypted += string(buffer, reading);
1.52 + } while (1);
1.53 + }
1.54 + catch (exception& e) {
1.55 + MessageBox(NULL, utility::utf16_string(e.what()).c_str(), _T("exception"), MB_ICONSTOP);
1.56 + }
1.57 InternetCloseHandle(hUrl);
1.58 hUrl = NULL;
1.59
1.60 @@ -401,18 +396,27 @@
1.61 HANDLE hFile = NULL;
1.62 char *unencrypted_buffer = NULL;
1.63
1.64 - char nonce[12];
1.65 + UCHAR nonce[16];
1.66 + memset(nonce, 0, 16);
1.67 + UCHAR iv[16];
1.68 + memset(iv, 0, 16);
1.69 +
1.70 + BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO authInfo;
1.71 + BCRYPT_INIT_AUTH_MODE_INFO(authInfo);
1.72 +
1.73 + authInfo.pbNonce = nonce;
1.74 + authInfo.cbNonce = sizeof(nonce);
1.75
1.76 ULONG unencrypted_size;
1.77 NTSTATUS status = BCryptDecrypt(dk, (PUCHAR) crypted.data(), crypted.size(),
1.78 - NULL, NULL, 0, NULL, 0, &unencrypted_size, 0);
1.79 + &authInfo, iv, 16, NULL, 0, &unencrypted_size, 0);
1.80 if (status)
1.81 goto closing;
1.82
1.83 unencrypted_buffer = new char[unencrypted_size];
1.84
1.85 status = BCryptDecrypt(dk, (PUCHAR) crypted.data(), crypted.size(),
1.86 - NULL, NULL, 0, (PUCHAR) unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
1.87 + &authInfo, iv, 16, (PUCHAR) unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
1.88 if (status)
1.89 goto closing;
1.90
1.91 @@ -456,7 +460,7 @@
1.92 assert(status == 0);
1.93 if (status)
1.94 goto closing;
1.95 - status = BCryptSetProperty(hAES, BCRYPT_CHAINING_MODE, (PUCHAR) BCRYPT_CHAIN_MODE_CCM, sizeof(BCRYPT_CHAIN_MODE_CCM), 0);
1.96 + status = BCryptSetProperty(hAES, BCRYPT_CHAINING_MODE, (PUCHAR) BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
1.97 if (status)
1.98 goto closing;
1.99