this will probably not work - will switch to libcrypto++
authorVolker Birk <vb@pep-project.org>
Tue, 28 Jun 2016 00:29:46 +0200
changeset 1299985c2d61311
parent 128 a026de7eb3cd
child 130 e12d4e883f67
this will probably not work - will switch to libcrypto++
Whatever I do, when I'm encrypting with CNG on Windoze,
I'm never able to decrypt with anything else.
GateKeeper.cpp
GateKeeper.h
     1.1 --- a/GateKeeper.cpp	Fri Jun 24 22:52:55 2016 +0200
     1.2 +++ b/GateKeeper.cpp	Tue Jun 28 00:29:46 2016 +0200
     1.3 @@ -270,12 +270,26 @@
     1.4          if (hResult)
     1.5              throw runtime_error("ImportRsaPublicKey");
     1.6  
     1.7 -        aeskey_t _delivery_key;
     1.8 +        ULONG psize;
     1.9 +        NTSTATUS status = BCryptGetProperty(hUpdateKey, BCRYPT_ALGORITHM_NAME, NULL, 0, &psize, 0);
    1.10 +        char *prop = new char[psize];
    1.11 +        TCHAR *_prop = (TCHAR *) prop;
    1.12 +        BCryptGetProperty(hUpdateKey, BCRYPT_ALGORITHM_NAME, (PUCHAR) prop, psize, &psize, 0);
    1.13 +
    1.14 +        ULONG export_size;
    1.15 +        status = BCryptExportKey(hDeliveryKey, NULL, BCRYPT_KEY_DATA_BLOB, NULL, NULL,
    1.16 +            &export_size, 0);
    1.17 +        if (status)
    1.18 +            throw runtime_error("BCryptExportKey: measuring export size");
    1.19 +
    1.20 +        PUCHAR _delivery_key = new UCHAR[export_size];
    1.21          ULONG copied;
    1.22 -        NTSTATUS status = BCryptExportKey(hDeliveryKey, NULL, BCRYPT_KEY_DATA_BLOB, (PUCHAR) &_delivery_key, sizeof(aeskey_t),
    1.23 +        status = BCryptExportKey(hDeliveryKey, NULL, BCRYPT_KEY_DATA_BLOB, _delivery_key, export_size,
    1.24                  &copied, 0);
    1.25 -        if (status)
    1.26 +        if (status) {
    1.27 +            delete[] _delivery_key;
    1.28              throw runtime_error("BCryptExportKey: delivery_key");
    1.29 +        }
    1.30  
    1.31          static random_device rd;
    1.32          static mt19937 gen(rd());
    1.33 @@ -292,14 +306,18 @@
    1.34  
    1.35          ULONG result_size;
    1.36          PUCHAR _result = NULL;
    1.37 -        status = BCryptEncrypt(hUpdateKey, (PUCHAR) &_delivery_key, sizeof(aeskey_t), &pi, NULL, 0, NULL, 0, &result_size, BCRYPT_PAD_OAEP);
    1.38 +        ULONG blob_size = export_size - sizeof(BCRYPT_KEY_DATA_BLOB_HEADER);
    1.39 +        PUCHAR blob = _delivery_key + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER);
    1.40 +        status = BCryptEncrypt(hUpdateKey, blob, blob_size, &pi, NULL, 0, NULL, 0, &result_size, BCRYPT_PAD_OAEP);
    1.41          if (status) {
    1.42 +            delete[] _delivery_key;
    1.43              BCryptDestroyKey(hUpdateKey);
    1.44              throw runtime_error("BCryptEncrypt: calculating result size");
    1.45          }
    1.46  
    1.47          _result = new UCHAR[result_size];
    1.48 -        status = BCryptEncrypt(hUpdateKey, (PUCHAR) &_delivery_key, sizeof(aeskey_t), &pi, NULL, 0, _result, result_size, &copied, BCRYPT_PAD_OAEP);
    1.49 +        status = BCryptEncrypt(hUpdateKey, blob, blob_size, &pi, NULL, 0, _result, result_size, &copied, BCRYPT_PAD_OAEP);
    1.50 +        delete[] _delivery_key;
    1.51          if (status) {
    1.52              BCryptDestroyKey(hUpdateKey);
    1.53              delete[] _result;
    1.54 @@ -309,9 +327,10 @@
    1.55          BCryptDestroyKey(hUpdateKey);
    1.56  
    1.57          stringstream s;
    1.58 -        s << hex << setw(2) << setfill('0');
    1.59 -        for (ULONG i = 0; i < copied; i++)
    1.60 +        for (ULONG i = 0; i < copied; i++) {
    1.61 +            s << hex << setw(2) << setfill('0');
    1.62              s << (int) _result[i];
    1.63 +        }
    1.64          delete[] _result;
    1.65          s >> result;
    1.66  
    1.67 @@ -394,10 +413,8 @@
    1.68  
    1.69          status = BCryptDecrypt(dk, (PUCHAR) crypted.data(), crypted.size(),
    1.70              NULL, NULL, 0, (PUCHAR) unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
    1.71 -        if (status) {
    1.72 -            delete[] unencrypted_buffer;
    1.73 +        if (status)
    1.74              goto closing;
    1.75 -        }
    1.76  
    1.77          TCHAR temp_path[MAX_PATH + 1];
    1.78          GetTempPath(MAX_PATH, temp_path);
     2.1 --- a/GateKeeper.h	Fri Jun 24 22:52:55 2016 +0200
     2.2 +++ b/GateKeeper.h	Tue Jun 28 00:29:46 2016 +0200
     2.3 @@ -15,7 +15,7 @@
     2.4          typedef pair<tstring, tstring> product;
     2.5          typedef vector< product > product_list;
     2.6          union aeskey_t {
     2.7 -            uint8_t c_key[132];
     2.8 +            uint8_t c_key[32];
     2.9              uint16_t w_key[16];
    2.10              uint32_t dw_key[8];
    2.11              uint64_t qw_key[4];