| /* |
| * WPA Supplicant / Crypto wrapper for Microsoft CryptoAPI |
| * Copyright (c) 2005-2006, Jouni Malinen <[email protected]> |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License version 2 as |
| * published by the Free Software Foundation. |
| * |
| * Alternatively, this software may be distributed under the terms of BSD |
| * license. |
| * |
| * See README and COPYING for more details. |
| */ |
| |
| #include "includes.h" |
| #include <windows.h> |
| #include <wincrypt.h> |
| |
| #include "common.h" |
| #include "crypto.h" |
| |
| #ifndef MS_ENH_RSA_AES_PROV |
| #ifdef UNICODE |
| #define MS_ENH_RSA_AES_PROV \ |
| L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" |
| #else |
| #define MS_ENH_RSA_AES_PROV \ |
| "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" |
| #endif |
| #endif /* MS_ENH_RSA_AES_PROV */ |
| |
| #ifndef CALG_HMAC |
| #define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC) |
| #endif |
| |
| #ifdef CONFIG_TLS_INTERNAL |
| #ifdef __MINGW32_VERSION |
| /* |
| * MinGW does not yet include all the needed definitions for CryptoAPI, so |
| * define here whatever extra is needed. |
| */ |
| |
| static PCCERT_CONTEXT WINAPI |
| (*CertCreateCertificateContext)(DWORD dwCertEncodingType, |
| const BYTE *pbCertEncoded, |
| DWORD cbCertEncoded) |
| = NULL; /* to be loaded from crypt32.dll */ |
| |
| static BOOL WINAPI |
| (*CryptImportPublicKeyInfo)(HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, |
| PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey) |
| = NULL; /* to be loaded from crypt32.dll */ |
| |
| |
| static int mingw_load_crypto_func(void) |
| { |
| HINSTANCE dll; |
| |
| /* MinGW does not yet have full CryptoAPI support, so load the needed |
| * function here. */ |
| |
| if (CertCreateCertificateContext) |
| return 0; |
| |
| dll = LoadLibrary("crypt32"); |
| if (dll == NULL) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: Could not load crypt32 " |
| "library"); |
| return -1; |
| } |
| |
| CertCreateCertificateContext = (void *) GetProcAddress( |
| dll, "CertCreateCertificateContext"); |
| if (CertCreateCertificateContext == NULL) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get " |
| "CertCreateCertificateContext() address from " |
| "crypt32 library"); |
| return -1; |
| } |
| |
| CryptImportPublicKeyInfo = GetProcAddress( |
| dll, "CryptImportPublicKeyInfo"); |
| if (CryptImportPublicKeyInfo == NULL) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get " |
| "CryptImportPublicKeyInfo() address from " |
| "crypt32 library"); |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| #else /* __MINGW32_VERSION */ |
| |
| static int mingw_load_crypto_func(void) |
| { |
| return 0; |
| } |
| |
| #endif /* __MINGW32_VERSION */ |
| #endif /* CONFIG_TLS_INTERNAL */ |
| |
| |
| static void cryptoapi_report_error(const char *msg) |
| { |
| char *s, *pos; |
| DWORD err = GetLastError(); |
| |
| if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | |
| FORMAT_MESSAGE_FROM_SYSTEM, |
| NULL, err, 0, (LPTSTR) &s, 0, NULL) == 0) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: %s: %d", msg, (int) err); |
| } |
| |
| pos = s; |
| while (*pos) { |
| if (*pos == '\n' || *pos == '\r') { |
| *pos = '\0'; |
| break; |
| } |
| pos++; |
| } |
| |
| wpa_printf(MSG_DEBUG, "CryptoAPI: %s: %d: (%s)", msg, (int) err, s); |
| LocalFree(s); |
| } |
| |
| |
| int cryptoapi_hash_vector(ALG_ID alg, size_t hash_len, size_t num_elem, |
| const u8 *addr[], const size_t *len, u8 *mac) |
| { |
| HCRYPTPROV prov; |
| HCRYPTHASH hash; |
| size_t i; |
| DWORD hlen; |
| int ret = 0; |
| |
| if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, 0)) { |
| cryptoapi_report_error("CryptAcquireContext"); |
| return -1; |
| } |
| |
| if (!CryptCreateHash(prov, alg, 0, 0, &hash)) { |
| cryptoapi_report_error("CryptCreateHash"); |
| CryptReleaseContext(prov, 0); |
| return -1; |
| } |
| |
| for (i = 0; i < num_elem; i++) { |
| if (!CryptHashData(hash, (BYTE *) addr[i], len[i], 0)) { |
| cryptoapi_report_error("CryptHashData"); |
| CryptDestroyHash(hash); |
| CryptReleaseContext(prov, 0); |
| } |
| } |
| |
| hlen = hash_len; |
| if (!CryptGetHashParam(hash, HP_HASHVAL, mac, &hlen, 0)) { |
| cryptoapi_report_error("CryptGetHashParam"); |
| ret = -1; |
| } |
| |
| CryptDestroyHash(hash); |
| CryptReleaseContext(prov, 0); |
| |
| return ret; |
| } |
| |
| |
| void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| { |
| cryptoapi_hash_vector(CALG_MD4, 16, num_elem, addr, len, mac); |
| } |
| |
| |
| void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) |
| { |
| u8 next, tmp; |
| int i; |
| HCRYPTPROV prov; |
| HCRYPTKEY ckey; |
| DWORD dlen; |
| struct { |
| BLOBHEADER hdr; |
| DWORD len; |
| BYTE key[8]; |
| } key_blob; |
| DWORD mode = CRYPT_MODE_ECB; |
| |
| key_blob.hdr.bType = PLAINTEXTKEYBLOB; |
| key_blob.hdr.bVersion = CUR_BLOB_VERSION; |
| key_blob.hdr.reserved = 0; |
| key_blob.hdr.aiKeyAlg = CALG_DES; |
| key_blob.len = 8; |
| |
| /* Add parity bits to the key */ |
| next = 0; |
| for (i = 0; i < 7; i++) { |
| tmp = key[i]; |
| key_blob.key[i] = (tmp >> i) | next | 1; |
| next = tmp << (7 - i); |
| } |
| key_blob.key[i] = next | 1; |
| |
| if (!CryptAcquireContext(&prov, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, |
| CRYPT_VERIFYCONTEXT)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptAcquireContext failed: " |
| "%d", (int) GetLastError()); |
| return; |
| } |
| |
| if (!CryptImportKey(prov, (BYTE *) &key_blob, sizeof(key_blob), 0, 0, |
| &ckey)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptImportKey failed: %d", |
| (int) GetLastError()); |
| CryptReleaseContext(prov, 0); |
| return; |
| } |
| |
| if (!CryptSetKeyParam(ckey, KP_MODE, (BYTE *) &mode, 0)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptSetKeyParam(KP_MODE) " |
| "failed: %d", (int) GetLastError()); |
| CryptDestroyKey(ckey); |
| CryptReleaseContext(prov, 0); |
| return; |
| } |
| |
| os_memcpy(cypher, clear, 8); |
| dlen = 8; |
| if (!CryptEncrypt(ckey, 0, FALSE, 0, cypher, &dlen, 8)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptEncrypt failed: %d", |
| (int) GetLastError()); |
| os_memset(cypher, 0, 8); |
| } |
| |
| CryptDestroyKey(ckey); |
| CryptReleaseContext(prov, 0); |
| } |
| |
| |
| #ifdef EAP_TLS_FUNCS |
| void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| { |
| cryptoapi_hash_vector(CALG_MD5, 16, num_elem, addr, len, mac); |
| } |
| |
| |
| void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| { |
| cryptoapi_hash_vector(CALG_SHA, 20, num_elem, addr, len, mac); |
| } |
| |
| |
| struct aes_context { |
| HCRYPTPROV prov; |
| HCRYPTKEY ckey; |
| }; |
| |
| |
| void * aes_encrypt_init(const u8 *key, size_t len) |
| { |
| struct aes_context *akey; |
| struct { |
| BLOBHEADER hdr; |
| DWORD len; |
| BYTE key[16]; |
| } key_blob; |
| DWORD mode = CRYPT_MODE_ECB; |
| |
| if (len != 16) |
| return NULL; |
| |
| key_blob.hdr.bType = PLAINTEXTKEYBLOB; |
| key_blob.hdr.bVersion = CUR_BLOB_VERSION; |
| key_blob.hdr.reserved = 0; |
| key_blob.hdr.aiKeyAlg = CALG_AES_128; |
| key_blob.len = len; |
| os_memcpy(key_blob.key, key, len); |
| |
| akey = os_zalloc(sizeof(*akey)); |
| if (akey == NULL) |
| return NULL; |
| |
| if (!CryptAcquireContext(&akey->prov, NULL, |
| MS_ENH_RSA_AES_PROV, PROV_RSA_AES, |
| CRYPT_VERIFYCONTEXT)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptAcquireContext failed: " |
| "%d", (int) GetLastError()); |
| os_free(akey); |
| return NULL; |
| } |
| |
| if (!CryptImportKey(akey->prov, (BYTE *) &key_blob, sizeof(key_blob), |
| 0, 0, &akey->ckey)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptImportKey failed: %d", |
| (int) GetLastError()); |
| CryptReleaseContext(akey->prov, 0); |
| os_free(akey); |
| return NULL; |
| } |
| |
| if (!CryptSetKeyParam(akey->ckey, KP_MODE, (BYTE *) &mode, 0)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptSetKeyParam(KP_MODE) " |
| "failed: %d", (int) GetLastError()); |
| CryptDestroyKey(akey->ckey); |
| CryptReleaseContext(akey->prov, 0); |
| os_free(akey); |
| return NULL; |
| } |
| |
| return akey; |
| } |
| |
| |
| void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) |
| { |
| struct aes_context *akey = ctx; |
| DWORD dlen; |
| |
| os_memcpy(crypt, plain, 16); |
| dlen = 16; |
| if (!CryptEncrypt(akey->ckey, 0, FALSE, 0, crypt, &dlen, 16)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptEncrypt failed: %d", |
| (int) GetLastError()); |
| os_memset(crypt, 0, 16); |
| } |
| } |
| |
| |
| void aes_encrypt_deinit(void *ctx) |
| { |
| struct aes_context *akey = ctx; |
| if (akey) { |
| CryptDestroyKey(akey->ckey); |
| CryptReleaseContext(akey->prov, 0); |
| os_free(akey); |
| } |
| } |
| |
| |
| void * aes_decrypt_init(const u8 *key, size_t len) |
| { |
| return aes_encrypt_init(key, len); |
| } |
| |
| |
| void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) |
| { |
| struct aes_context *akey = ctx; |
| DWORD dlen; |
| |
| os_memcpy(plain, crypt, 16); |
| dlen = 16; |
| |
| if (!CryptDecrypt(akey->ckey, 0, FALSE, 0, plain, &dlen)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: CryptDecrypt failed: %d", |
| (int) GetLastError()); |
| } |
| } |
| |
| |
| void aes_decrypt_deinit(void *ctx) |
| { |
| aes_encrypt_deinit(ctx); |
| } |
| |
| #ifdef CONFIG_TLS_INTERNAL |
| |
| struct crypto_hash { |
| enum crypto_hash_alg alg; |
| int error; |
| HCRYPTPROV prov; |
| HCRYPTHASH hash; |
| HCRYPTKEY key; |
| }; |
| |
| struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, |
| size_t key_len) |
| { |
| struct crypto_hash *ctx; |
| ALG_ID calg; |
| struct { |
| BLOBHEADER hdr; |
| DWORD len; |
| BYTE key[32]; |
| } key_blob; |
| |
| os_memset(&key_blob, 0, sizeof(key_blob)); |
| switch (alg) { |
| case CRYPTO_HASH_ALG_MD5: |
| calg = CALG_MD5; |
| break; |
| case CRYPTO_HASH_ALG_SHA1: |
| calg = CALG_SHA; |
| break; |
| case CRYPTO_HASH_ALG_HMAC_MD5: |
| case CRYPTO_HASH_ALG_HMAC_SHA1: |
| calg = CALG_HMAC; |
| key_blob.hdr.bType = PLAINTEXTKEYBLOB; |
| key_blob.hdr.bVersion = CUR_BLOB_VERSION; |
| key_blob.hdr.reserved = 0; |
| /* |
| * Note: RC2 is not really used, but that can be used to |
| * import HMAC keys of up to 16 byte long. |
| * CRYPT_IPSEC_HMAC_KEY flag for CryptImportKey() is needed to |
| * be able to import longer keys (HMAC-SHA1 uses 20-byte key). |
| */ |
| key_blob.hdr.aiKeyAlg = CALG_RC2; |
| key_blob.len = key_len; |
| if (key_len > sizeof(key_blob.key)) |
| return NULL; |
| os_memcpy(key_blob.key, key, key_len); |
| break; |
| default: |
| return NULL; |
| } |
| |
| ctx = os_zalloc(sizeof(*ctx)); |
| if (ctx == NULL) |
| return NULL; |
| |
| ctx->alg = alg; |
| |
| if (!CryptAcquireContext(&ctx->prov, NULL, NULL, PROV_RSA_FULL, 0)) { |
| cryptoapi_report_error("CryptAcquireContext"); |
| os_free(ctx); |
| return NULL; |
| } |
| |
| if (calg == CALG_HMAC) { |
| #ifndef CRYPT_IPSEC_HMAC_KEY |
| #define CRYPT_IPSEC_HMAC_KEY 0x00000100 |
| #endif |
| if (!CryptImportKey(ctx->prov, (BYTE *) &key_blob, |
| sizeof(key_blob), 0, CRYPT_IPSEC_HMAC_KEY, |
| &ctx->key)) { |
| cryptoapi_report_error("CryptImportKey"); |
| CryptReleaseContext(ctx->prov, 0); |
| os_free(ctx); |
| return NULL; |
| } |
| } |
| |
| if (!CryptCreateHash(ctx->prov, calg, ctx->key, 0, &ctx->hash)) { |
| cryptoapi_report_error("CryptCreateHash"); |
| CryptReleaseContext(ctx->prov, 0); |
| os_free(ctx); |
| return NULL; |
| } |
| |
| if (calg == CALG_HMAC) { |
| HMAC_INFO info; |
| os_memset(&info, 0, sizeof(info)); |
| switch (alg) { |
| case CRYPTO_HASH_ALG_HMAC_MD5: |
| info.HashAlgid = CALG_MD5; |
| break; |
| case CRYPTO_HASH_ALG_HMAC_SHA1: |
| info.HashAlgid = CALG_SHA; |
| break; |
| default: |
| /* unreachable */ |
| break; |
| } |
| |
| if (!CryptSetHashParam(ctx->hash, HP_HMAC_INFO, (BYTE *) &info, |
| 0)) { |
| cryptoapi_report_error("CryptSetHashParam"); |
| CryptDestroyHash(ctx->hash); |
| CryptReleaseContext(ctx->prov, 0); |
| os_free(ctx); |
| return NULL; |
| } |
| } |
| |
| return ctx; |
| } |
| |
| |
| void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len) |
| { |
| if (ctx == NULL || ctx->error) |
| return; |
| |
| if (!CryptHashData(ctx->hash, (BYTE *) data, len, 0)) { |
| cryptoapi_report_error("CryptHashData"); |
| ctx->error = 1; |
| } |
| } |
| |
| |
| int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) |
| { |
| int ret = 0; |
| DWORD hlen; |
| |
| if (ctx == NULL) |
| return -2; |
| |
| if (mac == NULL || len == NULL) |
| goto done; |
| |
| if (ctx->error) { |
| ret = -2; |
| goto done; |
| } |
| |
| hlen = *len; |
| if (!CryptGetHashParam(ctx->hash, HP_HASHVAL, mac, &hlen, 0)) { |
| cryptoapi_report_error("CryptGetHashParam"); |
| ret = -2; |
| } |
| *len = hlen; |
| |
| done: |
| if (ctx->alg == CRYPTO_HASH_ALG_HMAC_SHA1 || |
| ctx->alg == CRYPTO_HASH_ALG_HMAC_MD5) |
| CryptDestroyKey(ctx->key); |
| |
| os_free(ctx); |
| |
| return ret; |
| } |
| |
| |
| struct crypto_cipher { |
| HCRYPTPROV prov; |
| HCRYPTKEY key; |
| }; |
| |
| |
| struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, |
| const u8 *iv, const u8 *key, |
| size_t key_len) |
| { |
| struct crypto_cipher *ctx; |
| struct { |
| BLOBHEADER hdr; |
| DWORD len; |
| BYTE key[32]; |
| } key_blob; |
| DWORD mode = CRYPT_MODE_CBC; |
| |
| key_blob.hdr.bType = PLAINTEXTKEYBLOB; |
| key_blob.hdr.bVersion = CUR_BLOB_VERSION; |
| key_blob.hdr.reserved = 0; |
| key_blob.len = key_len; |
| if (key_len > sizeof(key_blob.key)) |
| return NULL; |
| os_memcpy(key_blob.key, key, key_len); |
| |
| switch (alg) { |
| case CRYPTO_CIPHER_ALG_AES: |
| if (key_len == 32) |
| key_blob.hdr.aiKeyAlg = CALG_AES_256; |
| else if (key_len == 24) |
| key_blob.hdr.aiKeyAlg = CALG_AES_192; |
| else |
| key_blob.hdr.aiKeyAlg = CALG_AES_128; |
| break; |
| case CRYPTO_CIPHER_ALG_3DES: |
| key_blob.hdr.aiKeyAlg = CALG_3DES; |
| break; |
| case CRYPTO_CIPHER_ALG_DES: |
| key_blob.hdr.aiKeyAlg = CALG_DES; |
| break; |
| case CRYPTO_CIPHER_ALG_RC2: |
| key_blob.hdr.aiKeyAlg = CALG_RC2; |
| break; |
| case CRYPTO_CIPHER_ALG_RC4: |
| key_blob.hdr.aiKeyAlg = CALG_RC4; |
| break; |
| default: |
| return NULL; |
| } |
| |
| ctx = os_zalloc(sizeof(*ctx)); |
| if (ctx == NULL) |
| return NULL; |
| |
| if (!CryptAcquireContext(&ctx->prov, NULL, MS_ENH_RSA_AES_PROV, |
| PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) { |
| cryptoapi_report_error("CryptAcquireContext"); |
| goto fail1; |
| } |
| |
| if (!CryptImportKey(ctx->prov, (BYTE *) &key_blob, |
| sizeof(key_blob), 0, 0, &ctx->key)) { |
| cryptoapi_report_error("CryptImportKey"); |
| goto fail2; |
| } |
| |
| if (!CryptSetKeyParam(ctx->key, KP_MODE, (BYTE *) &mode, 0)) { |
| cryptoapi_report_error("CryptSetKeyParam(KP_MODE)"); |
| goto fail3; |
| } |
| |
| if (iv && !CryptSetKeyParam(ctx->key, KP_IV, (BYTE *) iv, 0)) { |
| cryptoapi_report_error("CryptSetKeyParam(KP_IV)"); |
| goto fail3; |
| } |
| |
| return ctx; |
| |
| fail3: |
| CryptDestroyKey(ctx->key); |
| fail2: |
| CryptReleaseContext(ctx->prov, 0); |
| fail1: |
| os_free(ctx); |
| return NULL; |
| } |
| |
| |
| int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, |
| u8 *crypt, size_t len) |
| { |
| DWORD dlen; |
| |
| os_memcpy(crypt, plain, len); |
| dlen = len; |
| if (!CryptEncrypt(ctx->key, 0, FALSE, 0, crypt, &dlen, len)) { |
| cryptoapi_report_error("CryptEncrypt"); |
| os_memset(crypt, 0, len); |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| |
| int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, |
| u8 *plain, size_t len) |
| { |
| DWORD dlen; |
| |
| os_memcpy(plain, crypt, len); |
| dlen = len; |
| if (!CryptDecrypt(ctx->key, 0, FALSE, 0, plain, &dlen)) { |
| cryptoapi_report_error("CryptDecrypt"); |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| |
| void crypto_cipher_deinit(struct crypto_cipher *ctx) |
| { |
| CryptDestroyKey(ctx->key); |
| CryptReleaseContext(ctx->prov, 0); |
| os_free(ctx); |
| } |
| |
| |
| struct crypto_public_key { |
| HCRYPTPROV prov; |
| HCRYPTKEY rsa; |
| }; |
| |
| struct crypto_private_key { |
| HCRYPTPROV prov; |
| HCRYPTKEY rsa; |
| }; |
| |
| |
| struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len) |
| { |
| /* Use crypto_public_key_from_cert() instead. */ |
| return NULL; |
| } |
| |
| |
| struct crypto_private_key * crypto_private_key_import(const u8 *key, |
| size_t len) |
| { |
| /* TODO */ |
| return NULL; |
| } |
| |
| |
| struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, |
| size_t len) |
| { |
| struct crypto_public_key *pk; |
| PCCERT_CONTEXT cc; |
| |
| pk = os_zalloc(sizeof(*pk)); |
| if (pk == NULL) |
| return NULL; |
| |
| cc = CertCreateCertificateContext(X509_ASN_ENCODING | |
| PKCS_7_ASN_ENCODING, buf, len); |
| if (!cc) { |
| cryptoapi_report_error("CryptCreateCertificateContext"); |
| os_free(pk); |
| return NULL; |
| } |
| |
| if (!CryptAcquireContext(&pk->prov, NULL, MS_DEF_PROV, PROV_RSA_FULL, |
| 0)) { |
| cryptoapi_report_error("CryptAcquireContext"); |
| os_free(pk); |
| CertFreeCertificateContext(cc); |
| return NULL; |
| } |
| |
| if (!CryptImportPublicKeyInfo(pk->prov, X509_ASN_ENCODING | |
| PKCS_7_ASN_ENCODING, |
| &cc->pCertInfo->SubjectPublicKeyInfo, |
| &pk->rsa)) { |
| cryptoapi_report_error("CryptImportPublicKeyInfo"); |
| CryptReleaseContext(pk->prov, 0); |
| os_free(pk); |
| CertFreeCertificateContext(cc); |
| return NULL; |
| } |
| |
| CertFreeCertificateContext(cc); |
| |
| return pk; |
| } |
| |
| |
| int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key, |
| const u8 *in, size_t inlen, |
| u8 *out, size_t *outlen) |
| { |
| DWORD clen; |
| u8 *tmp; |
| size_t i; |
| |
| if (*outlen < inlen) |
| return -1; |
| tmp = malloc(*outlen); |
| if (tmp == NULL) |
| return -1; |
| |
| os_memcpy(tmp, in, inlen); |
| clen = inlen; |
| if (!CryptEncrypt(key->rsa, 0, TRUE, 0, tmp, &clen, *outlen)) { |
| wpa_printf(MSG_DEBUG, "CryptoAPI: Failed to encrypt using " |
| "public key: %d", (int) GetLastError()); |
| os_free(tmp); |
| return -1; |
| } |
| |
| *outlen = clen; |
| |
| /* Reverse the output */ |
| for (i = 0; i < *outlen; i++) |
| out[i] = tmp[*outlen - 1 - i]; |
| |
| os_free(tmp); |
| |
| return 0; |
| } |
| |
| |
| int crypto_private_key_sign_pkcs1(struct crypto_private_key *key, |
| const u8 *in, size_t inlen, |
| u8 *out, size_t *outlen) |
| { |
| /* TODO */ |
| return -1; |
| } |
| |
| |
| void crypto_public_key_free(struct crypto_public_key *key) |
| { |
| if (key) { |
| CryptDestroyKey(key->rsa); |
| CryptReleaseContext(key->prov, 0); |
| os_free(key); |
| } |
| } |
| |
| |
| void crypto_private_key_free(struct crypto_private_key *key) |
| { |
| if (key) { |
| CryptDestroyKey(key->rsa); |
| CryptReleaseContext(key->prov, 0); |
| os_free(key); |
| } |
| } |
| |
| |
| int crypto_global_init(void) |
| { |
| return mingw_load_crypto_func(); |
| } |
| |
| |
| void crypto_global_deinit(void) |
| { |
| } |
| |
| #endif /* CONFIG_TLS_INTERNAL */ |
| |
| #endif /* EAP_TLS_FUNCS */ |