wrap delivery key
authorVolker Birk <vb@pep-project.org>
Wed, 22 Jun 2016 12:07:46 +0200
changeset 117a0bb0649aae8
parent 116 967ed8d930c1
child 118 397dc2da7805
wrap delivery key
GateKeeper.cpp
GateKeeper.h
pEpCOMServerAdapter.cpp
updatekey.bin
     1.1 --- a/GateKeeper.cpp	Wed Jun 22 09:01:21 2016 +0200
     1.2 +++ b/GateKeeper.cpp	Wed Jun 22 12:07:46 2016 +0200
     1.3 @@ -14,7 +14,7 @@
     1.4      const time_t GateKeeper::cycle = 7200;   // 7200 sec is 2 h
     1.5      const DWORD GateKeeper::waiting = 10000; // 10000 ms is 10 sec
     1.6  
     1.7 -    GateKeeper::GateKeeper(CpEpCOMServerAdapterModule * const self)
     1.8 +    GateKeeper::GateKeeper(CpEpCOMServerAdapterModule * self)
     1.9          : _self(self), now(time(NULL)), next(now + time_diff()), hkUpdater(NULL), internet(NULL), hAES(NULL), hRSA(NULL)
    1.10      {
    1.11          LONG lResult = RegOpenCurrentUser(KEY_READ, &cu);
    1.12 @@ -145,7 +145,43 @@
    1.13          string result;
    1.14  
    1.15          BCRYPT_KEY_HANDLE hUpdateKey;
    1.16 +        string _update_key = update_key();
    1.17  
    1.18 +        NTSTATUS status = BCryptImportKeyPair(hRSA, NULL, BCRYPT_RSAPUBLIC_BLOB, &hUpdateKey,
    1.19 +                (PUCHAR) _update_key.data(), _update_key.size(), 0);
    1.20 +        if (status)
    1.21 +            throw runtime_error("BCryptImportKeyPair: update_key");
    1.22 +
    1.23 +        static random_device rd;
    1.24 +        static mt19937 gen(rd());
    1.25 +        uniform_int_distribution<time_t> dist(0, UINT64_MAX);
    1.26 +        uint64_t r[32];
    1.27 +        for (int i = 0; i < 32; i++)
    1.28 +            r[i] = dist(gen);
    1.29 +
    1.30 +        BCRYPT_OAEP_PADDING_INFO pi;
    1.31 +        pi.pszAlgId = BCRYPT_SHA256_ALGORITHM;
    1.32 +        pi.pbLabel = (PUCHAR) r;
    1.33 +        pi.cbLabel = sizeof(r);
    1.34 +
    1.35 +        ULONG result_size;
    1.36 +        PUCHAR _result;
    1.37 +        status = BCryptEncrypt(hUpdateKey, (PUCHAR) _update_key.data(), _update_key.size(), &pi, NULL, 0, NULL, 0, &result_size, BCRYPT_PAD_OAEP);
    1.38 +        if (status)
    1.39 +            throw runtime_error("BCryptEncrypt: calculating result size");
    1.40 +
    1.41 +        _result = new UCHAR[result_size];
    1.42 +        ULONG copied;
    1.43 +        status = BCryptEncrypt(hUpdateKey, (PUCHAR) _update_key.data(), _update_key.size(), &pi, NULL, 0, _result, result_size, &copied, BCRYPT_PAD_OAEP);
    1.44 +        if (status)
    1.45 +            throw runtime_error("BCryptEncrypt: calculating result size");
    1.46 +
    1.47 +        stringstream s;
    1.48 +        s << hex << _result;
    1.49 +        delete[] _result;
    1.50 +        s >> result;
    1.51 +
    1.52 +        BCryptDestroyKey(hUpdateKey);
    1.53          return result;
    1.54      }
    1.55  
     2.1 --- a/GateKeeper.h	Wed Jun 22 09:01:21 2016 +0200
     2.2 +++ b/GateKeeper.h	Wed Jun 22 12:07:46 2016 +0200
     2.3 @@ -21,7 +21,7 @@
     2.4              uint64_t qw_key[2];
     2.5          };
     2.6  
     2.7 -        GateKeeper(CpEpCOMServerAdapterModule * const self);
     2.8 +        GateKeeper(CpEpCOMServerAdapterModule * self);
     2.9          ~GateKeeper();
    2.10  
    2.11          CpEpCOMServerAdapterModule * const module() const
     3.1 --- a/pEpCOMServerAdapter.cpp	Wed Jun 22 09:01:21 2016 +0200
     3.2 +++ b/pEpCOMServerAdapter.cpp	Wed Jun 22 12:07:46 2016 +0200
     3.3 @@ -11,7 +11,7 @@
     3.4  using namespace ATL;
     3.5  using namespace std;
     3.6  
     3.7 -void CpEpCOMServerAdapterModule::gatekeeper(CpEpCOMServerAdapterModule * const self)
     3.8 +void CpEpCOMServerAdapterModule::gatekeeper(CpEpCOMServerAdapterModule * self)
     3.9  {
    3.10      pEp::GateKeeper keeper(self);
    3.11      keeper.keep();
     4.1 Binary file updatekey.bin has changed