f*ck Micro$oft - this API is a nightmare (literally)
authorVolker Birk <vb@pep-project.org>
Tue, 28 Jun 2016 02:50:31 +0200
changeset 130e12d4e883f67
parent 129 9985c2d61311
child 131 ca1c06f93f3a
f*ck Micro$oft - this API is a nightmare (literally)
GateKeeper.cpp
     1.1 --- a/GateKeeper.cpp	Tue Jun 28 00:29:46 2016 +0200
     1.2 +++ b/GateKeeper.cpp	Tue Jun 28 02:50:31 2016 +0200
     1.3 @@ -6,7 +6,7 @@
     1.4  
     1.5  using namespace std;
     1.6  
     1.7 -// https://gist.github.com/mcdurdin/5626617
     1.8 +// from https://msdn.microsoft.com/en-us/library/windows/desktop/dd388945(v=vs.85).aspx
     1.9  
    1.10  struct PUBLIC_KEY_VALUES {
    1.11      BLOBHEADER blobheader;
    1.12 @@ -291,18 +291,9 @@
    1.13              throw runtime_error("BCryptExportKey: delivery_key");
    1.14          }
    1.15  
    1.16 -        static random_device rd;
    1.17 -        static mt19937 gen(rd());
    1.18 -        uniform_int_distribution<int64_t> dist(0, UINT32_MAX);
    1.19 -        uint32_t r[64];
    1.20 -        for (int i = 0; i < 64; i++)
    1.21 -            r[i] = (uint32_t) dist(gen);
    1.22 -
    1.23          BCRYPT_OAEP_PADDING_INFO pi;
    1.24          memset(&pi, 0, sizeof(BCRYPT_OAEP_PADDING_INFO));
    1.25          pi.pszAlgId = BCRYPT_SHA256_ALGORITHM;
    1.26 -        pi.pbLabel = (PUCHAR) r;
    1.27 -        pi.cbLabel = sizeof(r);
    1.28  
    1.29          ULONG result_size;
    1.30          PUCHAR _result = NULL;
    1.31 @@ -385,15 +376,19 @@
    1.32          string crypted;
    1.33          string unencrypted;
    1.34  
    1.35 -        do {
    1.36 -            static char buffer[32768];
    1.37 -            DWORD reading;
    1.38 -            BOOL bResult = InternetReadFile(hUrl, buffer, 32768, &reading);
    1.39 -            if (!bResult || !reading)
    1.40 -                break;
    1.41 -            crypted += string(buffer, reading);
    1.42 -        } while (1);
    1.43 -
    1.44 +        try {
    1.45 +            do {
    1.46 +                static char buffer[1024*1024];
    1.47 +                DWORD reading;
    1.48 +                BOOL bResult = InternetReadFile(hUrl, buffer, 1024*1024, &reading);
    1.49 +                if (!bResult || !reading)
    1.50 +                    break;
    1.51 +                crypted += string(buffer, reading);
    1.52 +            } while (1);
    1.53 +        }
    1.54 +        catch (exception& e) {
    1.55 +            MessageBox(NULL, utility::utf16_string(e.what()).c_str(), _T("exception"), MB_ICONSTOP);
    1.56 +        }
    1.57          InternetCloseHandle(hUrl);
    1.58          hUrl = NULL;
    1.59  
    1.60 @@ -401,18 +396,27 @@
    1.61          HANDLE hFile = NULL;
    1.62          char *unencrypted_buffer = NULL;
    1.63  
    1.64 -        char nonce[12];
    1.65 +        UCHAR nonce[16];
    1.66 +        memset(nonce, 0, 16);
    1.67 +        UCHAR iv[16];
    1.68 +        memset(iv, 0, 16);
    1.69 +
    1.70 +        BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO authInfo;
    1.71 +        BCRYPT_INIT_AUTH_MODE_INFO(authInfo);
    1.72 +
    1.73 +        authInfo.pbNonce = nonce;
    1.74 +        authInfo.cbNonce = sizeof(nonce);
    1.75  
    1.76          ULONG unencrypted_size;
    1.77          NTSTATUS status = BCryptDecrypt(dk, (PUCHAR) crypted.data(), crypted.size(),
    1.78 -                NULL, NULL, 0, NULL, 0, &unencrypted_size, 0);
    1.79 +                &authInfo, iv, 16, NULL, 0, &unencrypted_size, 0);
    1.80          if (status)
    1.81              goto closing;
    1.82          
    1.83          unencrypted_buffer = new char[unencrypted_size];
    1.84  
    1.85          status = BCryptDecrypt(dk, (PUCHAR) crypted.data(), crypted.size(),
    1.86 -            NULL, NULL, 0, (PUCHAR) unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
    1.87 +            &authInfo, iv, 16, (PUCHAR) unencrypted_buffer, unencrypted_size, &unencrypted_size, 0);
    1.88          if (status)
    1.89              goto closing;
    1.90  
    1.91 @@ -456,7 +460,7 @@
    1.92          assert(status == 0);
    1.93          if (status)
    1.94              goto closing;
    1.95 -        status = BCryptSetProperty(hAES, BCRYPT_CHAINING_MODE, (PUCHAR) BCRYPT_CHAIN_MODE_CCM, sizeof(BCRYPT_CHAIN_MODE_CCM), 0);
    1.96 +        status = BCryptSetProperty(hAES, BCRYPT_CHAINING_MODE, (PUCHAR) BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
    1.97          if (status)
    1.98              goto closing;
    1.99