Commit dd5b70b4 authored by Michael Jung's avatar Michael Jung Committed by Alexandre Julliard

Use the Data Protection API to protect the users private keys.

parent 2d18c3aa
......@@ -5,7 +5,7 @@ SRCDIR = @srcdir@
VPATH = @srcdir@
MODULE = rsaenh.dll
IMPORTLIB = librsaenh.$(IMPLIBEXT)
IMPORTS = advapi32 kernel32
IMPORTS = crypt32 advapi32 kernel32
C_SRCS = \
des.c \
......
......@@ -857,8 +857,7 @@ static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTK
/******************************************************************************
* destroy_key_container [Internal]
*
* Destructor for key containers. The user's signature and key exchange private
* keys are stored in the registry _IN_PLAINTEXT_.
* Destructor for key containers.
*
* PARAMS
* pObjectHdr [I] Pointer to the key container to be destroyed.
......@@ -866,6 +865,7 @@ static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTK
static void destroy_key_container(OBJECTHDR *pObjectHdr)
{
KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr;
DATA_BLOB blobIn, blobOut;
CRYPTKEY *pKey;
CHAR szRSABase[MAX_PATH];
HKEY hKey, hRootKey;
......@@ -899,7 +899,18 @@ static void destroy_key_container(OBJECTHDR *pObjectHdr)
if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hKeyExchangeKeyPair, 0,
PRIVATEKEYBLOB, 0, pbKey, &dwLen))
{
RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY, pbKey, dwLen);
blobIn.pbData = pbKey;
blobIn.cbData = dwLen;
if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
(pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ?
CRYPTPROTECT_LOCAL_MACHINE : 0,
&blobOut))
{
RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY,
blobOut.pbData, blobOut.cbData);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
}
HeapFree(GetProcessHeap(), 0, pbKey);
}
......@@ -920,7 +931,18 @@ static void destroy_key_container(OBJECTHDR *pObjectHdr)
if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hSignatureKeyPair, 0,
PRIVATEKEYBLOB, 0, pbKey, &dwLen))
{
RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY, pbKey, dwLen);
blobIn.pbData = pbKey;
blobIn.cbData = dwLen;
if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
(pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ?
CRYPTPROTECT_LOCAL_MACHINE : 0,
&blobOut))
{
RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY,
blobOut.pbData, blobOut.cbData);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
}
HeapFree(GetProcessHeap(), 0, pbKey);
}
......@@ -1021,6 +1043,7 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
DWORD dwValueType, dwLen;
KEYCONTAINER *pKeyContainer;
HCRYPTPROV hKeyContainer;
DATA_BLOB blobIn, blobOut;
sprintf(szRSABase, RSAENH_REGKEY, pszContainerName);
......@@ -1052,8 +1075,16 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
if (RegQueryValueExA(hKey, "KeyExchangeKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
ERROR_SUCCESS)
{
RSAENH_CPImportKey(hKeyContainer, pbKey, dwLen, 0, 0,
&pKeyContainer->hKeyExchangeKeyPair);
blobIn.pbData = pbKey;
blobIn.cbData = dwLen;
if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
(dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
{
RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
&pKeyContainer->hKeyExchangeKeyPair);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
}
HeapFree(GetProcessHeap(), 0, pbKey);
}
......@@ -1068,8 +1099,16 @@ static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTa
if (RegQueryValueExA(hKey, "SignatureKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
ERROR_SUCCESS)
{
RSAENH_CPImportKey(hKeyContainer, pbKey, dwLen, 0, 0,
&pKeyContainer->hSignatureKeyPair);
blobIn.pbData = pbKey;
blobIn.cbData = dwLen;
if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
(dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
{
RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
&pKeyContainer->hSignatureKeyPair);
HeapFree(GetProcessHeap(), 0, blobOut.pbData);
}
}
HeapFree(GetProcessHeap(), 0, pbKey);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment