secur32: Remove unneeded function from the Negotiate provider.
[wine] / dlls / rsaenh / rsaenh.c
1 /*
2  * dlls/rsaenh/rsaenh.c
3  * RSAENH - RSA encryption for Wine
4  *
5  * Copyright 2002 TransGaming Technologies (David Hammerton)
6  * Copyright 2004 Mike McCormack for CodeWeavers
7  * Copyright 2004, 2005 Michael Jung
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public 
11  * License as published by the Free Software Foundation; either
12  * version 2.1 of the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22  */
23
24 #include "config.h"
25 #include "wine/port.h"
26 #include "wine/library.h"
27 #include "wine/debug.h"
28
29 #include <stdarg.h>
30 #include <stdio.h>
31
32 #include "windef.h"
33 #include "winbase.h"
34 #include "winreg.h"
35 #include "wincrypt.h"
36 #include "lmcons.h"
37 #include "handle.h"
38 #include "implglue.h"
39 #include "objbase.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
42
43 /******************************************************************************
44  * CRYPTHASH - hash objects
45  */
46 #define RSAENH_MAGIC_HASH           0x85938417u
47 #define RSAENH_MAX_HASH_SIZE        104
48 #define RSAENH_HASHSTATE_IDLE       0
49 #define RSAENH_HASHSTATE_HASHING    1
50 #define RSAENH_HASHSTATE_FINISHED   2
51 typedef struct _RSAENH_TLS1PRF_PARAMS
52 {
53     CRYPT_DATA_BLOB blobLabel;
54     CRYPT_DATA_BLOB blobSeed;
55 } RSAENH_TLS1PRF_PARAMS;
56
57 typedef struct tagCRYPTHASH
58 {
59     OBJECTHDR    header;
60     ALG_ID       aiAlgid;
61     HCRYPTKEY    hKey;
62     HCRYPTPROV   hProv;
63     DWORD        dwHashSize;
64     DWORD        dwState;
65     HASH_CONTEXT context;
66     BYTE         abHashValue[RSAENH_MAX_HASH_SIZE];
67     PHMAC_INFO   pHMACInfo;
68     RSAENH_TLS1PRF_PARAMS tpPRFParams;
69 } CRYPTHASH;
70
71 /******************************************************************************
72  * CRYPTKEY - key objects
73  */
74 #define RSAENH_MAGIC_KEY           0x73620457u
75 #define RSAENH_MAX_KEY_SIZE        48
76 #define RSAENH_MAX_BLOCK_SIZE      24
77 #define RSAENH_KEYSTATE_IDLE       0
78 #define RSAENH_KEYSTATE_ENCRYPTING 1
79 #define RSAENH_KEYSTATE_DECRYPTING 2
80 #define RSAENH_KEYSTATE_MASTERKEY  3
81 typedef struct _RSAENH_SCHANNEL_INFO 
82 {
83     SCHANNEL_ALG saEncAlg;
84     SCHANNEL_ALG saMACAlg;
85     CRYPT_DATA_BLOB blobClientRandom;
86     CRYPT_DATA_BLOB blobServerRandom;
87 } RSAENH_SCHANNEL_INFO;
88
89 typedef struct tagCRYPTKEY
90 {
91     OBJECTHDR   header;
92     ALG_ID      aiAlgid;
93     HCRYPTPROV  hProv;
94     DWORD       dwMode;
95     DWORD       dwModeBits;
96     DWORD       dwPermissions;
97     DWORD       dwKeyLen;
98     DWORD       dwSaltLen;
99     DWORD       dwBlockLen;
100     DWORD       dwState;
101     KEY_CONTEXT context;    
102     BYTE        abKeyValue[RSAENH_MAX_KEY_SIZE];
103     BYTE        abInitVector[RSAENH_MAX_BLOCK_SIZE];
104     BYTE        abChainVector[RSAENH_MAX_BLOCK_SIZE];
105     RSAENH_SCHANNEL_INFO siSChannelInfo;
106 } CRYPTKEY;
107
108 /******************************************************************************
109  * KEYCONTAINER - key containers
110  */
111 #define RSAENH_PERSONALITY_BASE        0u
112 #define RSAENH_PERSONALITY_STRONG      1u
113 #define RSAENH_PERSONALITY_ENHANCED    2u
114 #define RSAENH_PERSONALITY_SCHANNEL    3u
115
116 #define RSAENH_MAGIC_CONTAINER         0x26384993u
117 typedef struct tagKEYCONTAINER
118 {
119     OBJECTHDR    header;
120     DWORD        dwFlags;
121     DWORD        dwPersonality;
122     DWORD        dwEnumAlgsCtr;
123     DWORD        dwEnumContainersCtr;
124     CHAR         szName[MAX_PATH];
125     CHAR         szProvName[MAX_PATH];
126     HCRYPTKEY    hKeyExchangeKeyPair;
127     HCRYPTKEY    hSignatureKeyPair;
128 } KEYCONTAINER;
129
130 /******************************************************************************
131  * Some magic constants
132  */
133 #define RSAENH_ENCRYPT                    1
134 #define RSAENH_DECRYPT                    0    
135 #define RSAENH_HMAC_DEF_IPAD_CHAR      0x36
136 #define RSAENH_HMAC_DEF_OPAD_CHAR      0x5c
137 #define RSAENH_HMAC_DEF_PAD_LEN          64
138 #define RSAENH_DES_EFFECTIVE_KEYLEN      56
139 #define RSAENH_DES_STORAGE_KEYLEN        64
140 #define RSAENH_3DES112_EFFECTIVE_KEYLEN 112
141 #define RSAENH_3DES112_STORAGE_KEYLEN   128
142 #define RSAENH_3DES_EFFECTIVE_KEYLEN    168
143 #define RSAENH_3DES_STORAGE_KEYLEN      192
144 #define RSAENH_MAGIC_RSA2        0x32415352
145 #define RSAENH_MAGIC_RSA1        0x31415352
146 #define RSAENH_PKC_BLOCKTYPE           0x02
147 #define RSAENH_SSL3_VERSION_MAJOR         3
148 #define RSAENH_SSL3_VERSION_MINOR         0
149 #define RSAENH_TLS1_VERSION_MAJOR         3
150 #define RSAENH_TLS1_VERSION_MINOR         1
151 #define RSAENH_REGKEY "Software\\Wine\\Crypto\\RSA\\%s"
152
153 #define RSAENH_MIN(a,b) ((a)<(b)?(a):(b))
154 /******************************************************************************
155  * aProvEnumAlgsEx - Defines the capabilities of the CSP personalities.
156  */
157 #define RSAENH_MAX_ENUMALGS 20
158 #define RSAENH_PCT1_SSL2_SSL3_TLS1 (CRYPT_FLAG_PCT1|CRYPT_FLAG_SSL2|CRYPT_FLAG_SSL3|CRYPT_FLAG_TLS1)
159 PROV_ENUMALGS_EX aProvEnumAlgsEx[4][RSAENH_MAX_ENUMALGS+1] =
160 {
161  {
162   {CALG_RC2,       40, 40,   56,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
163   {CALG_RC4,       40, 40,   56,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
164   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
165   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
166   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
167   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
168   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
169   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
170   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
171   {CALG_RSA_SIGN, 512,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
172   {CALG_RSA_KEYX, 512,384, 1024,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
173   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
174   {0,               0,  0,    0,0,                    1,"",         1,""}
175  },
176  {
177   {CALG_RC2,      128, 40,  128,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
178   {CALG_RC4,      128, 40,  128,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
179   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
180   {CALG_3DES_112, 112,112,  112,0,                   13,"3DES TWO KEY",19,"Two Key Triple DES"},
181   {CALG_3DES,     168,168,  168,0,                    5,"3DES",    21,"Three Key Triple DES"},
182   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
183   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
184   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
185   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
186   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
187   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
188   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
189   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
190   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
191   {0,               0,  0,    0,0,                    1,"",         1,""}
192  },
193  {
194   {CALG_RC2,      128, 40,  128,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
195   {CALG_RC4,      128, 40,  128,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
196   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
197   {CALG_3DES_112, 112,112,  112,0,                   13,"3DES TWO KEY",19,"Two Key Triple DES"},
198   {CALG_3DES,     168,168,  168,0,                    5,"3DES",    21,"Three Key Triple DES"},
199   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
200   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
201   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
202   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
203   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
204   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
205   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
206   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
207   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
208   {0,               0,  0,    0,0,                    1,"",         1,""}
209  },
210  {
211   {CALG_RC2,      128, 40,  128,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"RC2",        24,"RSA Data Security's RC2"},
212   {CALG_RC4,      128, 40,  128,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"RC4",        24,"RSA Data Security's RC4"},
213   {CALG_DES,       56, 56,   56,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"DES",        31,"Data Encryption Standard (DES)"},
214   {CALG_3DES_112, 112,112,  112,RSAENH_PCT1_SSL2_SSL3_TLS1,13,"3DES TWO KEY",19,"Two Key Triple DES"},
215   {CALG_3DES,     168,168,  168,RSAENH_PCT1_SSL2_SSL3_TLS1, 5,"3DES",       21,"Three Key Triple DES"},
216   {CALG_SHA,160,160,160,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,6,"SHA-1",30,"Secure Hash Algorithm (SHA-1)"},
217   {CALG_MD5,128,128,128,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,4,"MD5",23,"Message Digest 5 (MD5)"},
218   {CALG_SSL3_SHAMD5,288,288,288,0,                         12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
219   {CALG_MAC,        0,  0,    0,0,                          4,"MAC",        28,"Message Authentication Code"},
220   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,9,"RSA_SIGN",14,"RSA Signature"},
221   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,9,"RSA_KEYX",17,"RSA Key Exchange"},
222   {CALG_HMAC,       0,  0,    0,0,                          5,"HMAC",       18,"Hugo's MAC (HMAC)"},
223   {CALG_PCT1_MASTER,128,128,128,CRYPT_FLAG_PCT1,           12,"PCT1 MASTER",12,"PCT1 Master"},
224   {CALG_SSL2_MASTER,40,40,  192,CRYPT_FLAG_SSL2,           12,"SSL2 MASTER",12,"SSL2 Master"},
225   {CALG_SSL3_MASTER,384,384,384,CRYPT_FLAG_SSL3,           12,"SSL3 MASTER",12,"SSL3 Master"},
226   {CALG_TLS1_MASTER,384,384,384,CRYPT_FLAG_TLS1,           12,"TLS1 MASTER",12,"TLS1 Master"},
227   {CALG_SCHANNEL_MASTER_HASH,0,0,-1,0,                     16,"SCH MASTER HASH",21,"SChannel Master Hash"},
228   {CALG_SCHANNEL_MAC_KEY,0,0,-1,0,                         12,"SCH MAC KEY",17,"SChannel MAC Key"},
229   {CALG_SCHANNEL_ENC_KEY,0,0,-1,0,                         12,"SCH ENC KEY",24,"SChannel Encryption Key"},
230   {CALG_TLS1PRF,    0,  0,   -1,0,                          9,"TLS1 PRF",   28,"TLS1 Pseudo Random Function"},
231   {0,               0,  0,    0,0,                          1,"",            1,""}
232  }
233 };
234
235 /******************************************************************************
236  * API forward declarations
237  */
238 BOOL WINAPI 
239 RSAENH_CPGetKeyParam(
240     HCRYPTPROV hProv, 
241     HCRYPTKEY hKey, 
242     DWORD dwParam, 
243     BYTE *pbData, 
244     DWORD *pdwDataLen, 
245     DWORD dwFlags
246 );
247
248 BOOL WINAPI 
249 RSAENH_CPEncrypt(
250     HCRYPTPROV hProv, 
251     HCRYPTKEY hKey, 
252     HCRYPTHASH hHash, 
253     BOOL Final, 
254     DWORD dwFlags, 
255     BYTE *pbData,
256     DWORD *pdwDataLen, 
257     DWORD dwBufLen
258 );
259
260 BOOL WINAPI 
261 RSAENH_CPCreateHash(
262     HCRYPTPROV hProv, 
263     ALG_ID Algid, 
264     HCRYPTKEY hKey, 
265     DWORD dwFlags, 
266     HCRYPTHASH *phHash
267 );
268
269 BOOL WINAPI 
270 RSAENH_CPSetHashParam(
271     HCRYPTPROV hProv, 
272     HCRYPTHASH hHash, 
273     DWORD dwParam, 
274     BYTE *pbData, DWORD dwFlags
275 );
276
277 BOOL WINAPI 
278 RSAENH_CPGetHashParam(
279     HCRYPTPROV hProv, 
280     HCRYPTHASH hHash, 
281     DWORD dwParam, 
282     BYTE *pbData, 
283     DWORD *pdwDataLen, 
284     DWORD dwFlags
285 );
286
287 BOOL WINAPI 
288 RSAENH_CPDestroyHash(
289     HCRYPTPROV hProv, 
290     HCRYPTHASH hHash
291 );
292
293 BOOL WINAPI 
294 RSAENH_CPExportKey(
295     HCRYPTPROV hProv, 
296     HCRYPTKEY hKey, 
297     HCRYPTKEY hPubKey, 
298     DWORD dwBlobType, 
299     DWORD dwFlags, 
300     BYTE *pbData, 
301     DWORD *pdwDataLen
302 );
303
304 BOOL WINAPI 
305 RSAENH_CPImportKey(
306     HCRYPTPROV hProv, 
307     CONST BYTE *pbData, 
308     DWORD dwDataLen, 
309     HCRYPTKEY hPubKey, 
310     DWORD dwFlags, 
311     HCRYPTKEY *phKey
312 );
313
314 BOOL WINAPI 
315 RSAENH_CPHashData(
316     HCRYPTPROV hProv, 
317     HCRYPTHASH hHash, 
318     CONST BYTE *pbData, 
319     DWORD dwDataLen, 
320     DWORD dwFlags
321 );
322
323 /******************************************************************************
324  * CSP's handle table (used by all acquired key containers)
325  */
326 static HANDLETABLE handle_table;
327
328 /******************************************************************************
329  * DllMain (RSAENH.@)
330  *
331  * Initializes and destroys the handle table for the CSP's handles.
332  */
333 int WINAPI DllMain(HINSTANCE hInstance, DWORD fdwReason, PVOID pvReserved)
334 {
335     switch (fdwReason)
336     {
337         case DLL_PROCESS_ATTACH:
338             DisableThreadLibraryCalls(hInstance);
339             init_handle_table(&handle_table);
340             break;
341
342         case DLL_PROCESS_DETACH:
343             destroy_handle_table(&handle_table);
344             break;
345     }
346     return 1;
347 }
348
349 /******************************************************************************
350  * copy_param [Internal]
351  *
352  * Helper function that supports the standard WINAPI protocol for querying data
353  * of dynamic size.
354  *
355  * PARAMS
356  *  pbBuffer      [O]   Buffer where the queried parameter is copied to, if it is large enough.
357  *                      May be NUL if the required buffer size is to be queried only.
358  *  pdwBufferSize [I/O] In: Size of the buffer at pbBuffer
359  *                      Out: Size of parameter pbParam
360  *  pbParam       [I]   Parameter value.
361  *  dwParamSize   [I]   Size of pbParam
362  *
363  * RETURN
364  *  Success: TRUE (pbParam was copied into pbBuffer or pbBuffer is NULL)
365  *  Failure: FALSE (pbBuffer is not large enough to hold pbParam). Last error: ERROR_MORE_DATA
366  */
367 static inline BOOL copy_param(
368     BYTE *pbBuffer, DWORD *pdwBufferSize, CONST BYTE *pbParam, DWORD dwParamSize) 
369 {
370     if (pbBuffer) 
371     {
372         if (dwParamSize > *pdwBufferSize) 
373         {
374             SetLastError(ERROR_MORE_DATA);
375             *pdwBufferSize = dwParamSize;
376             return FALSE;
377         }
378         memcpy(pbBuffer, pbParam, dwParamSize);
379     }
380     *pdwBufferSize = dwParamSize;
381     return TRUE;
382 }
383
384 /******************************************************************************
385  * get_algid_info [Internal]
386  *
387  * Query CSP capabilities for a given crypto algorithm.
388  * 
389  * PARAMS
390  *  hProv [I] Handle to a key container of the CSP whose capabilities are to be queried.
391  *  algid [I] Identifier of the crypto algorithm about which information is requested.
392  *
393  * RETURNS
394  *  Success: Pointer to a PROV_ENUMALGS_EX struct containing information about the crypto algorithm.
395  *  Failure: NULL (algid not supported)
396  */
397 static inline const PROV_ENUMALGS_EX* get_algid_info(HCRYPTPROV hProv, ALG_ID algid) {
398     PROV_ENUMALGS_EX *iterator;
399     KEYCONTAINER *pKeyContainer;
400
401     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER, (OBJECTHDR**)&pKeyContainer)) {
402         SetLastError(NTE_BAD_UID);
403         return NULL;
404     }
405
406     for (iterator = aProvEnumAlgsEx[pKeyContainer->dwPersonality]; iterator->aiAlgid; iterator++) {
407         if (iterator->aiAlgid == algid) return iterator;
408     }
409
410     SetLastError(NTE_BAD_ALGID);
411     return NULL;
412 }
413
414 /******************************************************************************
415  * copy_data_blob [Internal] 
416  *
417  * deeply copies a DATA_BLOB
418  *
419  * PARAMS
420  *  dst [O] That's where the blob will be copied to
421  *  src [I] Source blob
422  *
423  * RETURNS
424  *  Success: TRUE
425  *  Failure: FALSE (GetLastError() == NTE_NO_MEMORY
426  *
427  * NOTES
428  *  Use free_data_blob to release resources occupied by copy_data_blob.
429  */
430 static inline BOOL copy_data_blob(PCRYPT_DATA_BLOB dst, CONST PCRYPT_DATA_BLOB src) {
431     dst->pbData = HeapAlloc(GetProcessHeap(), 0, src->cbData);
432     if (!dst->pbData) {
433         SetLastError(NTE_NO_MEMORY);
434         return FALSE;
435     }    
436     dst->cbData = src->cbData;
437     memcpy(dst->pbData, src->pbData, src->cbData);
438     return TRUE;
439 }
440
441 /******************************************************************************
442  * concat_data_blobs [Internal]
443  *
444  * Concatenates two blobs
445  *
446  * PARAMS
447  *  dst  [O] The new blob will be copied here
448  *  src1 [I] Prefix blob
449  *  src2 [I] Appendix blob
450  *
451  * RETURNS
452  *  Success: TRUE
453  *  Failure: FALSE (GetLastError() == NTE_NO_MEMORY)
454  *
455  * NOTES
456  *  Release resources occupied by concat_data_blobs with free_data_blobs
457  */
458 static inline BOOL concat_data_blobs(PCRYPT_DATA_BLOB dst, CONST PCRYPT_DATA_BLOB src1, 
459                                      CONST PCRYPT_DATA_BLOB src2) 
460 {
461     dst->cbData = src1->cbData + src2->cbData;
462     dst->pbData = HeapAlloc(GetProcessHeap(), 0, dst->cbData);
463     if (!dst->pbData) {
464         SetLastError(NTE_NO_MEMORY);
465         return FALSE;
466     }
467     memcpy(dst->pbData, src1->pbData, src1->cbData);
468     memcpy(dst->pbData + src1->cbData, src2->pbData, src2->cbData);
469     return TRUE;
470 }
471
472 /******************************************************************************
473  * free_data_blob [Internal]
474  *
475  * releases resource occupied by a dynamically allocated CRYPT_DATA_BLOB
476  * 
477  * PARAMS
478  *  pBlob [I] Heap space occupied by pBlob->pbData is released
479  */
480 static inline void free_data_blob(PCRYPT_DATA_BLOB pBlob) {
481     HeapFree(GetProcessHeap(), 0, pBlob->pbData);
482 }
483
484 /******************************************************************************
485  * init_data_blob [Internal]
486  */
487 static inline void init_data_blob(PCRYPT_DATA_BLOB pBlob) {
488     pBlob->pbData = NULL;
489     pBlob->cbData = 0;
490 }
491
492 /******************************************************************************
493  * free_hmac_info [Internal]
494  *
495  * Deeply free an HMAC_INFO struct.
496  *
497  * PARAMS
498  *  hmac_info [I] Pointer to the HMAC_INFO struct to be freed.
499  *
500  * NOTES
501  *  See Internet RFC 2104 for details on the HMAC algorithm.
502  */
503 static inline void free_hmac_info(PHMAC_INFO hmac_info) {
504     if (!hmac_info) return;
505     HeapFree(GetProcessHeap(), 0, hmac_info->pbInnerString);
506     HeapFree(GetProcessHeap(), 0, hmac_info->pbOuterString);
507     HeapFree(GetProcessHeap(), 0, hmac_info);
508 }
509
510 /******************************************************************************
511  * copy_hmac_info [Internal]
512  *
513  * Deeply copy an HMAC_INFO struct
514  *
515  * PARAMS
516  *  dst [O] Pointer to a location where the pointer to the HMAC_INFO copy will be stored.
517  *  src [I] Pointer to the HMAC_INFO struct to be copied.
518  *
519  * RETURNS
520  *  Success: TRUE
521  *  Failure: FALSE
522  *
523  * NOTES
524  *  See Internet RFC 2104 for details on the HMAC algorithm.
525  */
526 static BOOL copy_hmac_info(PHMAC_INFO *dst, PHMAC_INFO src) {
527     if (!src) return FALSE;
528     *dst = HeapAlloc(GetProcessHeap(), 0, sizeof(HMAC_INFO));
529     if (!*dst) return FALSE;
530     memcpy(*dst, src, sizeof(HMAC_INFO));
531     (*dst)->pbInnerString = NULL;
532     (*dst)->pbOuterString = NULL;
533     if ((*dst)->cbInnerString == 0) (*dst)->cbInnerString = RSAENH_HMAC_DEF_PAD_LEN;
534     (*dst)->pbInnerString = HeapAlloc(GetProcessHeap(), 0, (*dst)->cbInnerString);
535     if (!(*dst)->pbInnerString) {
536         free_hmac_info(*dst);
537         return FALSE;
538     }
539     if (src->cbInnerString) 
540         memcpy((*dst)->pbInnerString, src->pbInnerString, src->cbInnerString);
541     else 
542         memset((*dst)->pbInnerString, RSAENH_HMAC_DEF_IPAD_CHAR, RSAENH_HMAC_DEF_PAD_LEN);
543     if ((*dst)->cbOuterString == 0) (*dst)->cbOuterString = RSAENH_HMAC_DEF_PAD_LEN;
544     (*dst)->pbOuterString = HeapAlloc(GetProcessHeap(), 0, (*dst)->cbOuterString);
545     if (!(*dst)->pbOuterString) {
546         free_hmac_info(*dst);
547         return FALSE;
548     }
549     if (src->cbOuterString) 
550         memcpy((*dst)->pbOuterString, src->pbOuterString, src->cbOuterString);
551     else 
552         memset((*dst)->pbOuterString, RSAENH_HMAC_DEF_OPAD_CHAR, RSAENH_HMAC_DEF_PAD_LEN);
553     return TRUE;
554 }
555
556 /******************************************************************************
557  * destroy_hash [Internal]
558  *
559  * Destructor for hash objects
560  *
561  * PARAMS
562  *  pCryptHash [I] Pointer to the hash object to be destroyed. 
563  *                 Will be invalid after function returns!
564  */
565 static void destroy_hash(OBJECTHDR *pObject)
566 {
567     CRYPTHASH *pCryptHash = (CRYPTHASH*)pObject;
568         
569     free_hmac_info(pCryptHash->pHMACInfo);
570     free_data_blob(&pCryptHash->tpPRFParams.blobLabel);
571     free_data_blob(&pCryptHash->tpPRFParams.blobSeed);
572     HeapFree(GetProcessHeap(), 0, pCryptHash);
573 }
574
575 /******************************************************************************
576  * init_hash [Internal]
577  *
578  * Initialize (or reset) a hash object
579  *
580  * PARAMS
581  *  pCryptHash    [I] The hash object to be initialized.
582  */
583 static inline BOOL init_hash(CRYPTHASH *pCryptHash) {
584     DWORD dwLen;
585         
586     switch (pCryptHash->aiAlgid) 
587     {
588         case CALG_HMAC:
589             if (pCryptHash->pHMACInfo) { 
590                 const PROV_ENUMALGS_EX *pAlgInfo;
591                 
592                 pAlgInfo = get_algid_info(pCryptHash->hProv, pCryptHash->pHMACInfo->HashAlgid);
593                 if (!pAlgInfo) return FALSE;
594                 pCryptHash->dwHashSize = pAlgInfo->dwDefaultLen >> 3;
595                 init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context);
596                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
597                                  pCryptHash->pHMACInfo->pbInnerString, 
598                                  pCryptHash->pHMACInfo->cbInnerString);
599             }
600             return TRUE;
601             
602         case CALG_MAC:
603             dwLen = sizeof(DWORD);
604             RSAENH_CPGetKeyParam(pCryptHash->hProv, pCryptHash->hKey, KP_BLOCKLEN, 
605                                  (BYTE*)&pCryptHash->dwHashSize, &dwLen, 0);
606             pCryptHash->dwHashSize >>= 3;
607             return TRUE;
608
609         default:
610             return init_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context);
611     }
612 }
613
614 /******************************************************************************
615  * update_hash [Internal]
616  *
617  * Hashes the given data and updates the hash object's state accordingly
618  *
619  * PARAMS
620  *  pCryptHash [I] Hash object to be updated.
621  *  pbData     [I] Pointer to data stream to be hashed.
622  *  dwDataLen  [I] Length of data stream.
623  */
624 static inline void update_hash(CRYPTHASH *pCryptHash, CONST BYTE *pbData, DWORD dwDataLen) {
625     BYTE *pbTemp;
626
627     switch (pCryptHash->aiAlgid)
628     {
629         case CALG_HMAC:
630             if (pCryptHash->pHMACInfo) 
631                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context, 
632                                  pbData, dwDataLen);
633             break;
634
635         case CALG_MAC:
636             pbTemp = HeapAlloc(GetProcessHeap(), 0, dwDataLen);
637             if (!pbTemp) return;
638             memcpy(pbTemp, pbData, dwDataLen);
639             RSAENH_CPEncrypt(pCryptHash->hProv, pCryptHash->hKey, (HCRYPTHASH)NULL, FALSE, 0, 
640                              pbTemp, &dwDataLen, dwDataLen);
641             HeapFree(GetProcessHeap(), 0, pbTemp);
642             break;
643
644         default:
645             update_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context, pbData, dwDataLen);
646     }
647 }
648
649 /******************************************************************************
650  * finalize_hash [Internal]
651  *
652  * Finalizes the hash, after all data has been hashed with update_hash.
653  * No additional data can be hashed afterwards until the hash gets initialized again.
654  *
655  * PARAMS
656  *  pCryptHash [I] Hash object to be finalized.
657  */
658 static inline void finalize_hash(CRYPTHASH *pCryptHash) {
659     DWORD dwDataLen;
660         
661     switch (pCryptHash->aiAlgid)
662     {
663         case CALG_HMAC:
664             if (pCryptHash->pHMACInfo) {
665                 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
666
667                 finalize_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context, 
668                                    pCryptHash->abHashValue);
669                 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
670                 init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context);
671                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
672                                  pCryptHash->pHMACInfo->pbOuterString, 
673                                  pCryptHash->pHMACInfo->cbOuterString);
674                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
675                                  abHashValue, pCryptHash->dwHashSize);
676                 finalize_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
677                                    pCryptHash->abHashValue);
678             } 
679             break;
680
681         case CALG_MAC:
682             dwDataLen = 0;
683             RSAENH_CPEncrypt(pCryptHash->hProv, pCryptHash->hKey, (HCRYPTHASH)NULL, TRUE, 0, 
684                              pCryptHash->abHashValue, &dwDataLen, pCryptHash->dwHashSize);
685             break;
686
687         default:
688             finalize_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context, pCryptHash->abHashValue);
689     }
690 }
691
692 /******************************************************************************
693  * destroy_key [Internal]
694  *
695  * Destructor for key objects
696  *
697  * PARAMS
698  *  pCryptKey [I] Pointer to the key object to be destroyed. 
699  *                Will be invalid after function returns!
700  */
701 static void destroy_key(OBJECTHDR *pObject)
702 {
703     CRYPTKEY *pCryptKey = (CRYPTKEY*)pObject;
704         
705     free_key_impl(pCryptKey->aiAlgid, &pCryptKey->context);
706     free_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom);
707     free_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom);
708     HeapFree(GetProcessHeap(), 0, pCryptKey);
709 }
710
711 /******************************************************************************
712  * setup_key [Internal]
713  *
714  * Initialize (or reset) a key object
715  *
716  * PARAMS
717  *  pCryptKey    [I] The key object to be initialized.
718  */
719 static inline void setup_key(CRYPTKEY *pCryptKey) {
720     pCryptKey->dwState = RSAENH_KEYSTATE_IDLE;
721     memcpy(pCryptKey->abChainVector, pCryptKey->abInitVector, sizeof(pCryptKey->abChainVector));
722     setup_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen, 
723                    pCryptKey->dwSaltLen, pCryptKey->abKeyValue);
724 }
725
726 /******************************************************************************
727  * new_key [Internal]
728  *
729  * Creates a new key object without assigning the actual binary key value. 
730  * This is done by CPDeriveKey, CPGenKey or CPImportKey, which call this function.
731  *
732  * PARAMS
733  *  hProv      [I] Handle to the provider to which the created key will belong.
734  *  aiAlgid    [I] The new key shall use the crypto algorithm idenfied by aiAlgid.
735  *  dwFlags    [I] Upper 16 bits give the key length.
736  *                 Lower 16 bits: CRYPT_CREATE_SALT, CRYPT_NO_SALT
737  *  ppCryptKey [O] Pointer to the created key
738  *
739  * RETURNS
740  *  Success: Handle to the created key.
741  *  Failure: INVALID_HANDLE_VALUE
742  */
743 static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTKEY **ppCryptKey)
744 {
745     HCRYPTKEY hCryptKey;
746     CRYPTKEY *pCryptKey;
747     DWORD dwKeyLen = HIWORD(dwFlags);
748     const PROV_ENUMALGS_EX *peaAlgidInfo;
749
750     *ppCryptKey = NULL;
751     
752     /* 
753      * Retrieve the CSP's capabilities for the given ALG_ID value
754      */
755     peaAlgidInfo = get_algid_info(hProv, aiAlgid);
756     if (!peaAlgidInfo) return (HCRYPTKEY)INVALID_HANDLE_VALUE;
757
758     /*
759      * Assume the default key length, if none is specified explicitly
760      */
761     if (dwKeyLen == 0) dwKeyLen = peaAlgidInfo->dwDefaultLen;
762     
763     /*
764      * Check if the requested key length is supported by the current CSP.
765      * Adjust key length's for DES algorithms.
766      */
767     switch (aiAlgid) {
768         case CALG_DES:
769             if (dwKeyLen == RSAENH_DES_EFFECTIVE_KEYLEN) {
770                 dwKeyLen = RSAENH_DES_STORAGE_KEYLEN;
771             }
772             if (dwKeyLen != RSAENH_DES_STORAGE_KEYLEN) {
773                 SetLastError(NTE_BAD_FLAGS);
774                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
775             }
776             break;
777
778         case CALG_3DES_112:
779             if (dwKeyLen == RSAENH_3DES112_EFFECTIVE_KEYLEN) {
780                 dwKeyLen = RSAENH_3DES112_STORAGE_KEYLEN;
781             }
782             if (dwKeyLen != RSAENH_3DES112_STORAGE_KEYLEN) {
783                 SetLastError(NTE_BAD_FLAGS);
784                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
785             }
786             break;
787
788         case CALG_3DES:
789             if (dwKeyLen == RSAENH_3DES_EFFECTIVE_KEYLEN) {
790                 dwKeyLen = RSAENH_3DES_STORAGE_KEYLEN;
791             }
792             if (dwKeyLen != RSAENH_3DES_STORAGE_KEYLEN) {
793                 SetLastError(NTE_BAD_FLAGS);
794                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
795             }
796             break;
797         
798         default:
799             if (dwKeyLen % 8 || 
800                 dwKeyLen > peaAlgidInfo->dwMaxLen || 
801                 dwKeyLen < peaAlgidInfo->dwMinLen) 
802             {
803                 SetLastError(NTE_BAD_FLAGS);
804                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
805             }
806     }
807
808     hCryptKey = (HCRYPTKEY)new_object(&handle_table, sizeof(CRYPTKEY), RSAENH_MAGIC_KEY, 
809                                       destroy_key, (OBJECTHDR**)&pCryptKey);
810     if (hCryptKey != (HCRYPTKEY)INVALID_HANDLE_VALUE)
811     {
812         pCryptKey->aiAlgid = aiAlgid;
813         pCryptKey->hProv = hProv;
814         pCryptKey->dwModeBits = 0;
815         pCryptKey->dwPermissions = CRYPT_ENCRYPT | CRYPT_DECRYPT | CRYPT_READ | CRYPT_WRITE | 
816                                    CRYPT_MAC;
817         pCryptKey->dwKeyLen = dwKeyLen >> 3;
818         if ((dwFlags & CRYPT_CREATE_SALT) || (dwKeyLen == 40 && !(dwFlags & CRYPT_NO_SALT))) 
819             pCryptKey->dwSaltLen = 16 /*FIXME*/ - pCryptKey->dwKeyLen;
820         else
821             pCryptKey->dwSaltLen = 0;
822         memset(pCryptKey->abKeyValue, 0, sizeof(pCryptKey->abKeyValue));
823         memset(pCryptKey->abInitVector, 0, sizeof(pCryptKey->abInitVector));
824         init_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom);
825         init_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom);
826             
827         switch(aiAlgid)
828         {
829             case CALG_PCT1_MASTER:
830             case CALG_SSL2_MASTER:
831             case CALG_SSL3_MASTER:
832             case CALG_TLS1_MASTER:
833             case CALG_RC4:
834                 pCryptKey->dwBlockLen = 0;
835                 pCryptKey->dwMode = 0;
836                 break;
837
838             case CALG_RC2:
839             case CALG_DES:
840             case CALG_3DES_112:
841             case CALG_3DES:
842                 pCryptKey->dwBlockLen = 8;
843                 pCryptKey->dwMode = CRYPT_MODE_CBC;
844                 break;
845
846             case CALG_RSA_KEYX:
847             case CALG_RSA_SIGN:
848                 pCryptKey->dwBlockLen = dwKeyLen >> 3;
849                 pCryptKey->dwMode = 0;
850                 break;
851         }
852
853         *ppCryptKey = pCryptKey;
854     }
855
856     return hCryptKey;
857 }
858
859 /******************************************************************************
860  * destroy_key_container [Internal]
861  *
862  * Destructor for key containers.
863  * 
864  * PARAMS
865  *  pObjectHdr [I] Pointer to the key container to be destroyed.
866  */
867 static void destroy_key_container(OBJECTHDR *pObjectHdr)
868 {
869     KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr;
870     DATA_BLOB blobIn, blobOut;
871     CRYPTKEY *pKey;
872     CHAR szRSABase[MAX_PATH];
873     HKEY hKey, hRootKey;
874     DWORD dwLen;
875     BYTE *pbKey;
876
877     if (!(pKeyContainer->dwFlags & CRYPT_VERIFYCONTEXT)) {
878         /* On WinXP, persistent keys are stored in a file located at: 
879          * $AppData$\\Microsoft\\Crypto\\RSA\\$SID$\\some_hex_string 
880          */
881         sprintf(szRSABase, RSAENH_REGKEY, pKeyContainer->szName);
882
883         if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) {
884             hRootKey = HKEY_LOCAL_MACHINE;
885         } else {
886             hRootKey = HKEY_CURRENT_USER;
887         }
888         
889         /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
890         /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
891         if (RegCreateKeyExA(hRootKey, szRSABase, 0, NULL, REG_OPTION_NON_VOLATILE, 
892                             KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS)
893         {
894             if (lookup_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair, RSAENH_MAGIC_KEY, 
895                               (OBJECTHDR**)&pKey))
896             {
897                 if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hKeyExchangeKeyPair, 0, 
898                                        PRIVATEKEYBLOB, 0, 0, &dwLen)) 
899                 {
900                     pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
901                     if (pbKey) 
902                     {
903                         if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hKeyExchangeKeyPair, 0,
904                                                PRIVATEKEYBLOB, 0, pbKey, &dwLen))
905                         {
906                             blobIn.pbData = pbKey;
907                             blobIn.cbData = dwLen;
908                                     
909                             if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL, 
910                                  (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ? 
911                                    CRYPTPROTECT_LOCAL_MACHINE : 0, 
912                                  &blobOut)) 
913                             {
914                                 RegSetValueExA(hKey, "KeyExchangeKeyPair", 0, REG_BINARY,
915                                                blobOut.pbData, blobOut.cbData);
916                                 HeapFree(GetProcessHeap(), 0, blobOut.pbData);
917                             }
918                         }
919                         HeapFree(GetProcessHeap(), 0, pbKey);
920                     }
921                 }
922                 release_handle(&handle_table, (unsigned int)pKeyContainer->hKeyExchangeKeyPair, 
923                                RSAENH_MAGIC_KEY);
924             }
925
926             if (lookup_handle(&handle_table, pKeyContainer->hSignatureKeyPair, RSAENH_MAGIC_KEY, 
927                               (OBJECTHDR**)&pKey))
928             {
929                 if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hSignatureKeyPair, 0, 
930                                        PRIVATEKEYBLOB, 0, 0, &dwLen)) 
931                 {
932                     pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
933                     if (pbKey) 
934                     {
935                         if (RSAENH_CPExportKey(pKey->hProv, pKeyContainer->hSignatureKeyPair, 0, 
936                                                PRIVATEKEYBLOB, 0, pbKey, &dwLen))
937                         {
938                             blobIn.pbData = pbKey;
939                             blobIn.cbData = dwLen;
940                                     
941                             if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL, 
942                                  (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) ? 
943                                    CRYPTPROTECT_LOCAL_MACHINE : 0, 
944                                  &blobOut)) 
945                             {
946                                 RegSetValueExA(hKey, "SignatureKeyPair", 0, REG_BINARY, 
947                                                blobOut.pbData, blobOut.cbData);
948                                 HeapFree(GetProcessHeap(), 0, blobOut.pbData);
949                             }
950                         }
951                         HeapFree(GetProcessHeap(), 0, pbKey);
952                     }
953                 }
954                 release_handle(&handle_table, (unsigned int)pKeyContainer->hSignatureKeyPair, 
955                                RSAENH_MAGIC_KEY);
956             }
957         
958             RegCloseKey(hKey);
959         }
960     }
961     
962     HeapFree( GetProcessHeap(), 0, pKeyContainer );
963 }
964
965 /******************************************************************************
966  * new_key_container [Internal]
967  *
968  * Create a new key container. The personality (RSA Base, Strong or Enhanced CP) 
969  * of the CSP is determined via the pVTable->pszProvName string.
970  *
971  * PARAMS
972  *  pszContainerName [I] Name of the key container.
973  *  pVTable          [I] Callback functions and context info provided by the OS
974  *
975  * RETURNS
976  *  Success: Handle to the new key container.
977  *  Failure: INVALID_HANDLE_VALUE
978  */
979 static HCRYPTPROV new_key_container(PCCH pszContainerName, DWORD dwFlags, PVTableProvStruc pVTable)
980 {
981     KEYCONTAINER *pKeyContainer;
982     HCRYPTPROV hKeyContainer;
983
984     hKeyContainer = (HCRYPTPROV)new_object(&handle_table, sizeof(KEYCONTAINER), RSAENH_MAGIC_CONTAINER,
985                                            destroy_key_container, (OBJECTHDR**)&pKeyContainer);
986     if (hKeyContainer != (HCRYPTPROV)INVALID_HANDLE_VALUE)
987     {
988         lstrcpynA(pKeyContainer->szName, pszContainerName, MAX_PATH);
989         pKeyContainer->dwFlags = dwFlags;
990         pKeyContainer->dwEnumAlgsCtr = 0;
991         pKeyContainer->hKeyExchangeKeyPair = (HCRYPTKEY)INVALID_HANDLE_VALUE;
992         pKeyContainer->hSignatureKeyPair = (HCRYPTKEY)INVALID_HANDLE_VALUE;
993         if (pVTable && pVTable->pszProvName) {
994             lstrcpynA(pKeyContainer->szProvName, pVTable->pszProvName, MAX_PATH);
995             if (!strcmp(pVTable->pszProvName, MS_DEF_PROV_A)) {
996                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_BASE;
997             } else if (!strcmp(pVTable->pszProvName, MS_ENHANCED_PROV_A)) {
998                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_ENHANCED;
999             } else if (!strcmp(pVTable->pszProvName, MS_DEF_RSA_SCHANNEL_PROV_A)) { 
1000                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_SCHANNEL;
1001             } else {
1002                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_STRONG;
1003             }
1004         }
1005
1006         /* The new key container has to be inserted into the CSP immediately 
1007          * after creation to be available for CPGetProvParam's PP_ENUMCONTAINERS. */
1008         if (!(dwFlags & CRYPT_VERIFYCONTEXT)) {
1009             CHAR szRSABase[MAX_PATH];
1010             HKEY hRootKey, hKey;
1011
1012             sprintf(szRSABase, RSAENH_REGKEY, pKeyContainer->szName);
1013
1014             if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET) {
1015                 hRootKey = HKEY_LOCAL_MACHINE;
1016             } else {
1017                 hRootKey = HKEY_CURRENT_USER;
1018             }
1019
1020             /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1021             /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1022             RegCreateKeyA(hRootKey, szRSABase, &hKey);
1023             RegCloseKey(hKey);
1024         }
1025     }
1026
1027     return hKeyContainer;
1028 }
1029
1030 /******************************************************************************
1031  * read_key_container [Internal]
1032  *
1033  * Tries to read the persistent state of the key container (mainly the signature
1034  * and key exchange private keys) given by pszContainerName.
1035  *
1036  * PARAMS
1037  *  pszContainerName [I] Name of the key container to read from the registry
1038  *  pVTable          [I] Pointer to context data provided by the operating system
1039  *
1040  * RETURNS
1041  *  Success: Handle to the key container read from the registry
1042  *  Failure: INVALID_HANDLE_VALUE
1043  */
1044 static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, PVTableProvStruc pVTable)
1045 {
1046     CHAR szRSABase[MAX_PATH];
1047     BYTE *pbKey;
1048     HKEY hKey, hRootKey;
1049     DWORD dwValueType, dwLen;
1050     KEYCONTAINER *pKeyContainer;
1051     HCRYPTPROV hKeyContainer;
1052     DATA_BLOB blobIn, blobOut;
1053     
1054     sprintf(szRSABase, RSAENH_REGKEY, pszContainerName);
1055
1056     if (dwFlags & CRYPT_MACHINE_KEYSET) {
1057         hRootKey = HKEY_LOCAL_MACHINE;
1058     } else {
1059         hRootKey = HKEY_CURRENT_USER;
1060     }
1061
1062     /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1063     /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1064     if (RegOpenKeyExA(hRootKey, szRSABase, 0, KEY_READ, &hKey) != ERROR_SUCCESS)
1065     {
1066         SetLastError(NTE_BAD_KEYSET);
1067         return (HCRYPTPROV)INVALID_HANDLE_VALUE;
1068     }
1069
1070     hKeyContainer = new_key_container(pszContainerName, dwFlags, pVTable);
1071     if (hKeyContainer != (HCRYPTPROV)INVALID_HANDLE_VALUE)
1072     {
1073         if (!lookup_handle(&handle_table, hKeyContainer, RSAENH_MAGIC_CONTAINER, 
1074                            (OBJECTHDR**)&pKeyContainer))
1075             return (HCRYPTPROV)INVALID_HANDLE_VALUE;
1076     
1077         if (RegQueryValueExA(hKey, "KeyExchangeKeyPair", 0, &dwValueType, NULL, &dwLen) == 
1078             ERROR_SUCCESS) 
1079         {
1080             pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
1081             if (pbKey) 
1082             {
1083                 if (RegQueryValueExA(hKey, "KeyExchangeKeyPair", 0, &dwValueType, pbKey, &dwLen) ==
1084                     ERROR_SUCCESS)
1085                 {
1086                     blobIn.pbData = pbKey;
1087                     blobIn.cbData = dwLen;
1088
1089                     if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL, 
1090                          (dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
1091                     {
1092                         RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
1093                                            &pKeyContainer->hKeyExchangeKeyPair);
1094                         HeapFree(GetProcessHeap(), 0, blobOut.pbData);
1095                     }
1096                 }
1097                 HeapFree(GetProcessHeap(), 0, pbKey);
1098             }
1099         }
1100
1101         if (RegQueryValueExA(hKey, "SignatureKeyPair", 0, &dwValueType, NULL, &dwLen) == 
1102             ERROR_SUCCESS) 
1103         {
1104             pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
1105             if (pbKey) 
1106             {
1107                 if (RegQueryValueExA(hKey, "SignatureKeyPair", 0, &dwValueType, pbKey, &dwLen) == 
1108                     ERROR_SUCCESS)
1109                 {
1110                     blobIn.pbData = pbKey;
1111                     blobIn.cbData = dwLen;
1112
1113                     if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL, 
1114                          (dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPTPROTECT_LOCAL_MACHINE : 0, &blobOut))
1115                     {
1116                         RSAENH_CPImportKey(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
1117                                            &pKeyContainer->hSignatureKeyPair);
1118                         HeapFree(GetProcessHeap(), 0, blobOut.pbData);
1119                     }
1120                 }
1121                 HeapFree(GetProcessHeap(), 0, pbKey);
1122             }
1123         }
1124     }
1125
1126     return hKeyContainer;
1127 }
1128
1129 /******************************************************************************
1130  * build_hash_signature [Internal]
1131  *
1132  * Builds a padded version of a hash to match the length of the RSA key modulus.
1133  *
1134  * PARAMS
1135  *  pbSignature [O] The padded hash object is stored here.
1136  *  dwLen       [I] Length of the pbSignature buffer.
1137  *  aiAlgid     [I] Algorithm identifier of the hash to be padded.
1138  *  abHashValue [I] The value of the hash object.
1139  *  dwHashLen   [I] Length of the hash value.
1140  *  dwFlags     [I] Selection of padding algorithm.
1141  *
1142  * RETURNS
1143  *  Success: TRUE
1144  *  Failure: FALSE (NTE_BAD_ALGID)
1145  */
1146 static BOOL build_hash_signature(BYTE *pbSignature, DWORD dwLen, ALG_ID aiAlgid, 
1147                                  CONST BYTE *abHashValue, DWORD dwHashLen, DWORD dwFlags) 
1148 {
1149     /* These prefixes are meant to be concatenated with hash values of the
1150      * respective kind to form a PKCS #7 DigestInfo. */
1151     static const struct tagOIDDescriptor {
1152         ALG_ID aiAlgid;
1153         DWORD dwLen;
1154         CONST BYTE abOID[18];
1155     } aOIDDescriptor[5] = {
1156         { CALG_MD2, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1157                           0x86, 0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10 } },
1158         { CALG_MD4, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 
1159                           0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 } },
1160         { CALG_MD5, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1161                           0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 } },
1162         { CALG_SHA, 15, { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 
1163                           0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 } },
1164         { 0,        0,  {} }
1165     };
1166     DWORD dwIdxOID, i, j;
1167
1168     for (dwIdxOID = 0; aOIDDescriptor[dwIdxOID].aiAlgid; dwIdxOID++) {
1169         if (aOIDDescriptor[dwIdxOID].aiAlgid == aiAlgid) break;
1170     }
1171     
1172     if (!aOIDDescriptor[dwIdxOID].aiAlgid) {
1173         SetLastError(NTE_BAD_ALGID);
1174         return FALSE;
1175     }
1176
1177     /* Build the padded signature */
1178     if (dwFlags & CRYPT_X931_FORMAT) {
1179         pbSignature[0] = 0x6b;
1180         for (i=1; i < dwLen - dwHashLen - 3; i++) {
1181             pbSignature[i] = 0xbb;
1182         }
1183         pbSignature[i++] = 0xba;
1184         for (j=0; j < dwHashLen; j++, i++) {
1185             pbSignature[i] = abHashValue[j];
1186         }
1187         pbSignature[i++] = 0x33;
1188         pbSignature[i++] = 0xcc;
1189     } else {
1190         pbSignature[0] = 0x00;
1191         pbSignature[1] = 0x01;
1192         if (dwFlags & CRYPT_NOHASHOID) {
1193             for (i=2; i < dwLen - 1 - dwHashLen; i++) {
1194                 pbSignature[i] = 0xff;
1195             }
1196             pbSignature[i++] = 0x00;
1197         } else {
1198             for (i=2; i < dwLen - 1 - aOIDDescriptor[dwIdxOID].dwLen - dwHashLen; i++) {
1199                 pbSignature[i] = 0xff;
1200             }
1201             pbSignature[i++] = 0x00;
1202             for (j=0; j < aOIDDescriptor[dwIdxOID].dwLen; j++) {
1203                 pbSignature[i++] = aOIDDescriptor[dwIdxOID].abOID[j];
1204             }
1205         }
1206         for (j=0; j < dwHashLen; j++) {
1207             pbSignature[i++] = abHashValue[j];
1208         }
1209     }
1210     
1211     return TRUE;
1212 }
1213
1214 /******************************************************************************
1215  * tls1_p [Internal]
1216  *
1217  * This is an implementation of the 'P_hash' helper function for TLS1's PRF.
1218  * It is used exclusively by tls1_prf. For details see RFC 2246, chapter 5.
1219  * The pseudo random stream generated by this function is exclusive or'ed with
1220  * the data in pbBuffer.
1221  *
1222  * PARAMS
1223  *  hHMAC       [I]   HMAC object, which will be used in pseudo random generation
1224  *  pblobSeed   [I]   Seed value
1225  *  pbBuffer    [I/O] Pseudo random stream will be xor'ed to the provided data
1226  *  dwBufferLen [I]   Number of pseudo random bytes desired
1227  *
1228  * RETURNS
1229  *  Success: TRUE
1230  *  Failure: FALSE
1231  */
1232 static BOOL tls1_p(HCRYPTHASH hHMAC, CONST PCRYPT_DATA_BLOB pblobSeed, PBYTE pbBuffer, DWORD dwBufferLen)
1233 {
1234     CRYPTHASH *pHMAC;
1235     BYTE abAi[RSAENH_MAX_HASH_SIZE];
1236     DWORD i = 0;
1237
1238     if (!lookup_handle(&handle_table, hHMAC, RSAENH_MAGIC_HASH, (OBJECTHDR**)&pHMAC)) {
1239         SetLastError(NTE_BAD_HASH);
1240         return FALSE;
1241     }
1242     
1243     /* compute A_1 = HMAC(seed) */
1244     init_hash(pHMAC);
1245     update_hash(pHMAC, pblobSeed->pbData, pblobSeed->cbData);
1246     finalize_hash(pHMAC);
1247     memcpy(abAi, pHMAC->abHashValue, pHMAC->dwHashSize);
1248
1249     do {
1250         /* compute HMAC(A_i + seed) */
1251         init_hash(pHMAC);
1252         update_hash(pHMAC, abAi, pHMAC->dwHashSize);
1253         update_hash(pHMAC, pblobSeed->pbData, pblobSeed->cbData);
1254         finalize_hash(pHMAC);
1255
1256         /* pseudo random stream := CONCAT_{i=1..n} ( HMAC(A_i + seed) ) */
1257         do {
1258             if (i >= dwBufferLen) break;
1259             pbBuffer[i] ^= pHMAC->abHashValue[i % pHMAC->dwHashSize];
1260             i++;
1261         } while (i % pHMAC->dwHashSize);
1262
1263         /* compute A_{i+1} = HMAC(A_i) */
1264         init_hash(pHMAC);
1265         update_hash(pHMAC, abAi, pHMAC->dwHashSize);
1266         finalize_hash(pHMAC);
1267         memcpy(abAi, pHMAC->abHashValue, pHMAC->dwHashSize);
1268     } while (i < dwBufferLen);
1269
1270     return TRUE;
1271 }
1272
1273 /******************************************************************************
1274  * tls1_prf [Internal]
1275  *
1276  * TLS1 pseudo random function as specified in RFC 2246, chapter 5
1277  *
1278  * PARAMS
1279  *  hProv       [I] Key container used to compute the pseudo random stream
1280  *  hSecret     [I] Key that holds the (pre-)master secret
1281  *  pblobLabel  [I] Descriptive label
1282  *  pblobSeed   [I] Seed value
1283  *  pbBuffer    [O] Pseudo random numbers will be stored here
1284  *  dwBufferLen [I] Number of pseudo random bytes desired
1285  *
1286  * RETURNS
1287  *  Success: TRUE
1288  *  Failure: FALSE
1289  */ 
1290 static BOOL tls1_prf(HCRYPTPROV hProv, HCRYPTPROV hSecret, CONST PCRYPT_DATA_BLOB pblobLabel,
1291                      CONST PCRYPT_DATA_BLOB pblobSeed, PBYTE pbBuffer, DWORD dwBufferLen)
1292 {
1293     HMAC_INFO hmacInfo = { 0, NULL, 0, NULL, 0 };
1294     HCRYPTHASH hHMAC = (HCRYPTHASH)INVALID_HANDLE_VALUE;
1295     HCRYPTKEY hHalfSecret = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1296     CRYPTKEY *pHalfSecret, *pSecret;
1297     DWORD dwHalfSecretLen;
1298     BOOL result = FALSE;
1299     CRYPT_DATA_BLOB blobLabelSeed;
1300
1301     TRACE("(hProv=%08lx, hSecret=%08lx, pblobLabel=%p, pblobSeed=%p, pbBuffer=%p, dwBufferLen=%ld)\n",
1302           hProv, hSecret, pblobLabel, pblobSeed, pbBuffer, dwBufferLen);
1303
1304     if (!lookup_handle(&handle_table, hSecret, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pSecret)) {
1305         SetLastError(NTE_FAIL);
1306         return FALSE;
1307     }
1308
1309     dwHalfSecretLen = (pSecret->dwKeyLen+1)/2;
1310     
1311     /* concatenation of the label and the seed */
1312     if (!concat_data_blobs(&blobLabelSeed, pblobLabel, pblobSeed)) goto exit;
1313    
1314     /* zero out the buffer, since two random streams will be xor'ed into it. */
1315     memset(pbBuffer, 0, dwBufferLen);
1316    
1317     /* build a 'fake' key, to hold the secret. CALG_SSL2_MASTER is used since it provides
1318      * the biggest range of valid key lengths. */
1319     hHalfSecret = new_key(hProv, CALG_SSL2_MASTER, MAKELONG(0,dwHalfSecretLen*8), &pHalfSecret);
1320     if (hHalfSecret == (HCRYPTKEY)INVALID_HANDLE_VALUE) goto exit;
1321
1322     /* Derive an HMAC_MD5 hash and call the helper function. */
1323     memcpy(pHalfSecret->abKeyValue, pSecret->abKeyValue, dwHalfSecretLen);
1324     if (!RSAENH_CPCreateHash(hProv, CALG_HMAC, hHalfSecret, 0, &hHMAC)) goto exit;
1325     hmacInfo.HashAlgid = CALG_MD5;
1326     if (!RSAENH_CPSetHashParam(hProv, hHMAC, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0)) goto exit;
1327     if (!tls1_p(hHMAC, &blobLabelSeed, pbBuffer, dwBufferLen)) goto exit;
1328
1329     /* Reconfigure to HMAC_SHA hash and call helper function again. */
1330     memcpy(pHalfSecret->abKeyValue, pSecret->abKeyValue + (pSecret->dwKeyLen/2), dwHalfSecretLen);
1331     hmacInfo.HashAlgid = CALG_SHA;
1332     if (!RSAENH_CPSetHashParam(hProv, hHMAC, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0)) goto exit;
1333     if (!tls1_p(hHMAC, &blobLabelSeed, pbBuffer, dwBufferLen)) goto exit;
1334     
1335     result = TRUE;
1336 exit:
1337     release_handle(&handle_table, hHalfSecret, RSAENH_MAGIC_KEY);
1338     if (hHMAC != (HCRYPTHASH)INVALID_HANDLE_VALUE) RSAENH_CPDestroyHash(hProv, hHMAC);
1339     free_data_blob(&blobLabelSeed);
1340     return result;
1341 }
1342
1343 /******************************************************************************
1344  * pad_data [Internal]
1345  *
1346  * Helper function for data padding according to PKCS1 #2
1347  *
1348  * PARAMS
1349  *  abData      [I] The data to be padded
1350  *  dwDataLen   [I] Length of the data 
1351  *  abBuffer    [O] Padded data will be stored here
1352  *  dwBufferLen [I] Length of the buffer (also length of padded data)
1353  *  dwFlags     [I] Padding format (CRYPT_SSL2_FALLBACK)
1354  *
1355  * RETURN
1356  *  Success: TRUE
1357  *  Failure: FALSE (NTE_BAD_LEN, too much data to pad)
1358  */
1359 static BOOL pad_data(CONST BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD dwBufferLen, 
1360                      DWORD dwFlags)
1361 {
1362     DWORD i;
1363     
1364     /* Ensure there is enough space for PKCS1 #2 padding */
1365     if (dwDataLen > dwBufferLen-11) {
1366         SetLastError(NTE_BAD_LEN);
1367         return FALSE;
1368     }
1369
1370     memmove(abBuffer + dwBufferLen - dwDataLen, abData, dwDataLen);            
1371     
1372     abBuffer[0] = 0x00;
1373     abBuffer[1] = RSAENH_PKC_BLOCKTYPE; 
1374     for (i=2; i < dwBufferLen - dwDataLen - 1; i++) 
1375         do gen_rand_impl(&abBuffer[i], 1); while (!abBuffer[i]);
1376     if (dwFlags & CRYPT_SSL2_FALLBACK) 
1377         for (i-=8; i < dwBufferLen - dwDataLen - 1; i++) 
1378             abBuffer[i] = 0x03;
1379     abBuffer[i] = 0x00;
1380     
1381     return TRUE; 
1382 }
1383
1384 /******************************************************************************
1385  * unpad_data [Internal]
1386  *
1387  * Remove the PKCS1 padding from RSA decrypted data
1388  *
1389  * PARAMS
1390  *  abData      [I]   The padded data
1391  *  dwDataLen   [I]   Length of the padded data
1392  *  abBuffer    [O]   Data without padding will be stored here
1393  *  dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
1394  *  dwFlags     [I]   Currently none defined
1395  *
1396  * RETURNS
1397  *  Success: TRUE
1398  *  Failure: FALSE, (NTE_BAD_DATA, no valid PKCS1 padding or buffer too small)
1399  */
1400 static BOOL unpad_data(CONST BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen, 
1401                        DWORD dwFlags)
1402 {
1403     DWORD i;
1404     
1405     for (i=2; i<dwDataLen; i++)
1406         if (!abData[i])
1407             break;
1408
1409     if ((i == dwDataLen) || (*dwBufferLen < dwDataLen - i - 1) ||
1410         (abData[0] != 0x00) || (abData[1] != RSAENH_PKC_BLOCKTYPE))
1411     {
1412         SetLastError(NTE_BAD_DATA);
1413         return FALSE;
1414     }
1415
1416     *dwBufferLen = dwDataLen - i - 1;
1417     memmove(abBuffer, abData + i + 1, *dwBufferLen);
1418     return TRUE;
1419 }
1420
1421 /******************************************************************************
1422  * CPAcquireContext (RSAENH.@)
1423  *
1424  * Acquire a handle to the key container specified by pszContainer
1425  *
1426  * PARAMS
1427  *  phProv       [O] Pointer to the location the acquired handle will be written to.
1428  *  pszContainer [I] Name of the desired key container. See Notes
1429  *  dwFlags      [I] Flags. See Notes.
1430  *  pVTable      [I] Pointer to a PVTableProvStruct containing callbacks.
1431  * 
1432  * RETURNS
1433  *  Success: TRUE
1434  *  Failure: FALSE
1435  *
1436  * NOTES
1437  *  If pszContainer is NULL or points to a zero length string the user's login 
1438  *  name will be used as the key container name.
1439  *
1440  *  If the CRYPT_NEW_KEYSET flag is set in dwFlags a new keyset will be created.
1441  *  If a keyset with the given name already exists, the function fails and sets
1442  *  last error to NTE_EXISTS. If CRYPT_NEW_KEYSET is not set and the specified
1443  *  key container does not exist, function fails and sets last error to 
1444  *  NTE_BAD_KEYSET.
1445  */                         
1446 BOOL WINAPI RSAENH_CPAcquireContext(HCRYPTPROV *phProv, LPSTR pszContainer,
1447                    DWORD dwFlags, PVTableProvStruc pVTable)
1448 {
1449     CHAR szKeyContainerName[MAX_PATH];
1450     CHAR szRegKey[MAX_PATH];
1451
1452     TRACE("(phProv=%p, pszContainer=%s, dwFlags=%08lx, pVTable=%p)\n", phProv, 
1453           debugstr_a(pszContainer), dwFlags, pVTable);
1454
1455     if (pszContainer && *pszContainer)
1456     {
1457         lstrcpynA(szKeyContainerName, pszContainer, MAX_PATH);
1458     } 
1459     else
1460     {
1461         DWORD dwLen = sizeof(szKeyContainerName);
1462         if (!GetUserNameA(szKeyContainerName, &dwLen)) return FALSE;
1463     }
1464
1465     switch (dwFlags & (CRYPT_NEWKEYSET|CRYPT_VERIFYCONTEXT|CRYPT_DELETEKEYSET)) 
1466     {
1467         case 0:
1468             *phProv = read_key_container(szKeyContainerName, dwFlags, pVTable);
1469             break;
1470
1471         case CRYPT_DELETEKEYSET:
1472             if (snprintf(szRegKey, MAX_PATH, RSAENH_REGKEY, pszContainer) >= MAX_PATH) {
1473                 SetLastError(NTE_BAD_KEYSET_PARAM);
1474                 return FALSE;
1475             } else {
1476                 RegDeleteKeyA(HKEY_CURRENT_USER, szRegKey);
1477                 SetLastError(ERROR_SUCCESS);
1478                 return TRUE;
1479             }
1480             break;
1481
1482         case CRYPT_NEWKEYSET:
1483             *phProv = read_key_container(szKeyContainerName, dwFlags, pVTable);
1484             if (*phProv != (HCRYPTPROV)INVALID_HANDLE_VALUE) 
1485             {
1486                 release_handle(&handle_table, (unsigned int)*phProv, RSAENH_MAGIC_CONTAINER);
1487                 SetLastError(NTE_EXISTS);
1488                 return FALSE;
1489             }
1490             *phProv = new_key_container(szKeyContainerName, dwFlags, pVTable);
1491             break;
1492
1493         case CRYPT_VERIFYCONTEXT:
1494             if (pszContainer) {
1495                 SetLastError(NTE_BAD_FLAGS);
1496                 return FALSE;
1497             }
1498             *phProv = new_key_container("", dwFlags, pVTable);
1499             break;
1500             
1501         default:
1502             *phProv = (unsigned int)INVALID_HANDLE_VALUE;
1503             SetLastError(NTE_BAD_FLAGS);
1504             return FALSE;
1505     }
1506                 
1507     if (*phProv != (unsigned int)INVALID_HANDLE_VALUE) {
1508         SetLastError(ERROR_SUCCESS);
1509         return TRUE;
1510     } else {
1511         return FALSE;
1512     }
1513 }
1514
1515 /******************************************************************************
1516  * CPCreateHash (RSAENH.@)
1517  *
1518  * CPCreateHash creates and initalizes a new hash object.
1519  *
1520  * PARAMS
1521  *  hProv   [I] Handle to the key container to which the new hash will belong.
1522  *  Algid   [I] Identifies the hash algorithm, which will be used for the hash.
1523  *  hKey    [I] Handle to a session key applied for keyed hashes.
1524  *  dwFlags [I] Currently no flags defined. Must be zero.
1525  *  phHash  [O] Points to the location where a handle to the new hash will be stored.
1526  *
1527  * RETURNS
1528  *  Success: TRUE
1529  *  Failure: FALSE
1530  *
1531  * NOTES
1532  *  hKey is a handle to a session key applied in keyed hashes like MAC and HMAC.
1533  *  If a normal hash object is to be created (like e.g. MD2 or SHA1) hKey must be zero.
1534  */
1535 BOOL WINAPI RSAENH_CPCreateHash(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey, DWORD dwFlags, 
1536                                 HCRYPTHASH *phHash)
1537 {
1538     CRYPTKEY *pCryptKey;
1539     CRYPTHASH *pCryptHash;
1540     const PROV_ENUMALGS_EX *peaAlgidInfo;
1541         
1542     TRACE("(hProv=%08lx, Algid=%08x, hKey=%08lx, dwFlags=%08lx, phHash=%p)\n", hProv, Algid, hKey, 
1543           dwFlags, phHash);
1544
1545     peaAlgidInfo = get_algid_info(hProv, Algid);
1546     if (!peaAlgidInfo) return FALSE;
1547
1548     if (dwFlags)
1549     {
1550         SetLastError(NTE_BAD_FLAGS);
1551         return FALSE;
1552     }
1553
1554     if (Algid == CALG_MAC || Algid == CALG_HMAC || Algid == CALG_SCHANNEL_MASTER_HASH || 
1555         Algid == CALG_TLS1PRF) 
1556     {
1557         if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey)) {
1558             SetLastError(NTE_BAD_KEY);
1559             return FALSE;
1560         }
1561
1562         if ((Algid == CALG_MAC) && (GET_ALG_TYPE(pCryptKey->aiAlgid) != ALG_TYPE_BLOCK)) {
1563             SetLastError(NTE_BAD_KEY);
1564             return FALSE;
1565         }
1566
1567         if ((Algid == CALG_SCHANNEL_MASTER_HASH || Algid == CALG_TLS1PRF) && 
1568             (pCryptKey->aiAlgid != CALG_TLS1_MASTER)) 
1569         {
1570             SetLastError(NTE_BAD_KEY);
1571             return FALSE;
1572         }
1573
1574         if ((Algid == CALG_TLS1PRF) && (pCryptKey->dwState != RSAENH_KEYSTATE_MASTERKEY)) {
1575             SetLastError(NTE_BAD_KEY_STATE);
1576             return FALSE;
1577         }
1578     }
1579
1580     *phHash = (HCRYPTHASH)new_object(&handle_table, sizeof(CRYPTHASH), RSAENH_MAGIC_HASH,
1581                                      destroy_hash, (OBJECTHDR**)&pCryptHash);
1582     if (!pCryptHash) return FALSE;
1583     
1584     pCryptHash->aiAlgid = Algid;
1585     pCryptHash->hKey = hKey;
1586     pCryptHash->hProv = hProv;
1587     pCryptHash->dwState = RSAENH_HASHSTATE_IDLE;
1588     pCryptHash->pHMACInfo = (PHMAC_INFO)NULL;
1589     pCryptHash->dwHashSize = peaAlgidInfo->dwDefaultLen >> 3;
1590     init_data_blob(&pCryptHash->tpPRFParams.blobLabel);
1591     init_data_blob(&pCryptHash->tpPRFParams.blobSeed);
1592
1593     if (Algid == CALG_SCHANNEL_MASTER_HASH) {
1594         static const char keyex[] = "key expansion";
1595         BYTE key_expansion[sizeof keyex];
1596         CRYPT_DATA_BLOB blobRandom, blobKeyExpansion = { 13, key_expansion };
1597
1598         memcpy( key_expansion, keyex, sizeof keyex );
1599         
1600         if (pCryptKey->dwState != RSAENH_KEYSTATE_MASTERKEY) {
1601             static const char msec[] = "master secret";
1602             BYTE master_secret[sizeof msec];
1603             CRYPT_DATA_BLOB blobLabel = { 13, master_secret };
1604             BYTE abKeyValue[48];
1605
1606             memcpy( master_secret, msec, sizeof msec );
1607     
1608             /* See RFC 2246, chapter 8.1 */
1609             if (!concat_data_blobs(&blobRandom, 
1610                                    &pCryptKey->siSChannelInfo.blobClientRandom, 
1611                                    &pCryptKey->siSChannelInfo.blobServerRandom))
1612             {
1613                 return FALSE;
1614             }
1615             tls1_prf(hProv, hKey, &blobLabel, &blobRandom, abKeyValue, 48);
1616             pCryptKey->dwState = RSAENH_KEYSTATE_MASTERKEY; 
1617             memcpy(pCryptKey->abKeyValue, abKeyValue, 48);
1618             free_data_blob(&blobRandom);
1619         }
1620
1621         /* See RFC 2246, chapter 6.3 */
1622         if (!concat_data_blobs(&blobRandom, 
1623                                   &pCryptKey->siSChannelInfo.blobServerRandom, 
1624                                   &pCryptKey->siSChannelInfo.blobClientRandom))
1625         {
1626             return FALSE;
1627         }
1628         tls1_prf(hProv, hKey, &blobKeyExpansion, &blobRandom, pCryptHash->abHashValue, 
1629                  RSAENH_MAX_HASH_SIZE);
1630         free_data_blob(&blobRandom);
1631     }
1632
1633     return init_hash(pCryptHash);
1634 }
1635
1636 /******************************************************************************
1637  * CPDestroyHash (RSAENH.@)
1638  * 
1639  * Releases the handle to a hash object. The object is destroyed if it's reference
1640  * count reaches zero.
1641  *
1642  * PARAMS
1643  *  hProv [I] Handle to the key container to which the hash object belongs.
1644  *  hHash [I] Handle to the hash object to be released.
1645  *
1646  * RETURNS
1647  *  Success: TRUE
1648  *  Failure: FALSE 
1649  */
1650 BOOL WINAPI RSAENH_CPDestroyHash(HCRYPTPROV hProv, HCRYPTHASH hHash)
1651 {
1652     TRACE("(hProv=%08lx, hHash=%08lx)\n", hProv, hHash);
1653      
1654     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1655     {
1656         SetLastError(NTE_BAD_UID);
1657         return FALSE;
1658     }
1659         
1660     if (!release_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) 
1661     {
1662         SetLastError(NTE_BAD_HASH);
1663         return FALSE;
1664     }
1665     
1666     return TRUE;
1667 }
1668
1669 /******************************************************************************
1670  * CPDestroyKey (RSAENH.@)
1671  *
1672  * Releases the handle to a key object. The object is destroyed if it's reference
1673  * count reaches zero.
1674  *
1675  * PARAMS
1676  *  hProv [I] Handle to the key container to which the key object belongs.
1677  *  hKey  [I] Handle to the key object to be released.
1678  *
1679  * RETURNS
1680  *  Success: TRUE
1681  *  Failure: FALSE
1682  */
1683 BOOL WINAPI RSAENH_CPDestroyKey(HCRYPTPROV hProv, HCRYPTKEY hKey)
1684 {
1685     TRACE("(hProv=%08lx, hKey=%08lx)\n", hProv, hKey);
1686         
1687     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1688     {
1689         SetLastError(NTE_BAD_UID);
1690         return FALSE;
1691     }
1692         
1693     if (!release_handle(&handle_table, hKey, RSAENH_MAGIC_KEY)) 
1694     {
1695         SetLastError(NTE_BAD_KEY);
1696         return FALSE;
1697     }
1698     
1699     return TRUE;
1700 }
1701
1702 /******************************************************************************
1703  * CPDuplicateHash (RSAENH.@)
1704  *
1705  * Clones a hash object including it's current state.
1706  *
1707  * PARAMS
1708  *  hUID        [I] Handle to the key container the hash belongs to.
1709  *  hHash       [I] Handle to the hash object to be cloned.
1710  *  pdwReserved [I] Reserved. Must be NULL.
1711  *  dwFlags     [I] No flags are currently defined. Must be 0.
1712  *  phHash      [O] Handle to the cloned hash object.
1713  *
1714  * RETURNS
1715  *  Success: TRUE.
1716  *  Failure: FALSE.
1717  */
1718 BOOL WINAPI RSAENH_CPDuplicateHash(HCRYPTPROV hUID, HCRYPTHASH hHash, DWORD *pdwReserved, 
1719                                    DWORD dwFlags, HCRYPTHASH *phHash)
1720 {
1721     CRYPTHASH *pSrcHash, *pDestHash;
1722     
1723     TRACE("(hUID=%08lx, hHash=%08lx, pdwReserved=%p, dwFlags=%08lx, phHash=%p)\n", hUID, hHash, 
1724            pdwReserved, dwFlags, phHash);
1725
1726     if (!is_valid_handle(&handle_table, hUID, RSAENH_MAGIC_CONTAINER))
1727     {
1728         SetLastError(NTE_BAD_UID);
1729         return FALSE;
1730     }
1731
1732     if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH, (OBJECTHDR**)&pSrcHash))
1733     {
1734         SetLastError(NTE_BAD_HASH);
1735         return FALSE;
1736     }
1737
1738     if (!phHash || pdwReserved || dwFlags) 
1739     {
1740         SetLastError(ERROR_INVALID_PARAMETER);
1741         return FALSE;
1742     }
1743
1744     *phHash = (HCRYPTHASH)new_object(&handle_table, sizeof(CRYPTHASH), RSAENH_MAGIC_HASH, 
1745                                      destroy_hash, (OBJECTHDR**)&pDestHash);
1746     if (*phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE)
1747     {
1748         memcpy(pDestHash, pSrcHash, sizeof(CRYPTHASH));
1749         duplicate_hash_impl(pSrcHash->aiAlgid, &pSrcHash->context, &pDestHash->context);
1750         copy_hmac_info(&pDestHash->pHMACInfo, pSrcHash->pHMACInfo);
1751         copy_data_blob(&pDestHash->tpPRFParams.blobLabel, &pSrcHash->tpPRFParams.blobLabel);
1752         copy_data_blob(&pDestHash->tpPRFParams.blobSeed, &pSrcHash->tpPRFParams.blobSeed);
1753     }
1754
1755     return *phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE;
1756 }
1757
1758 /******************************************************************************
1759  * CPDuplicateKey (RSAENH.@)
1760  *
1761  * Clones a key object including it's current state.
1762  *
1763  * PARAMS
1764  *  hUID        [I] Handle to the key container the hash belongs to.
1765  *  hKey        [I] Handle to the key object to be cloned.
1766  *  pdwReserved [I] Reserved. Must be NULL.
1767  *  dwFlags     [I] No flags are currently defined. Must be 0.
1768  *  phHash      [O] Handle to the cloned key object.
1769  *
1770  * RETURNS
1771  *  Success: TRUE.
1772  *  Failure: FALSE.
1773  */
1774 BOOL WINAPI RSAENH_CPDuplicateKey(HCRYPTPROV hUID, HCRYPTKEY hKey, DWORD *pdwReserved, 
1775                                   DWORD dwFlags, HCRYPTKEY *phKey)
1776 {
1777     CRYPTKEY *pSrcKey, *pDestKey;
1778     
1779     TRACE("(hUID=%08lx, hKey=%08lx, pdwReserved=%p, dwFlags=%08lx, phKey=%p)\n", hUID, hKey, 
1780           pdwReserved, dwFlags, phKey);
1781
1782     if (!is_valid_handle(&handle_table, hUID, RSAENH_MAGIC_CONTAINER))
1783     {
1784         SetLastError(NTE_BAD_UID);
1785         return FALSE;
1786     }
1787
1788     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pSrcKey))
1789     {
1790         SetLastError(NTE_BAD_KEY);
1791         return FALSE;
1792     }
1793
1794     if (!phKey || pdwReserved || dwFlags) 
1795     {
1796         SetLastError(ERROR_INVALID_PARAMETER);
1797         return FALSE;
1798     }
1799
1800     *phKey = (HCRYPTKEY)new_object(&handle_table, sizeof(CRYPTKEY), RSAENH_MAGIC_KEY, destroy_key, 
1801                                    (OBJECTHDR**)&pDestKey);
1802     if (*phKey != (HCRYPTKEY)INVALID_HANDLE_VALUE)
1803     {
1804         memcpy(pDestKey, pSrcKey, sizeof(CRYPTKEY));
1805         copy_data_blob(&pDestKey->siSChannelInfo.blobServerRandom,
1806                        &pSrcKey->siSChannelInfo.blobServerRandom);
1807         copy_data_blob(&pDestKey->siSChannelInfo.blobClientRandom, 
1808                        &pSrcKey->siSChannelInfo.blobClientRandom);
1809         duplicate_key_impl(pSrcKey->aiAlgid, &pSrcKey->context, &pDestKey->context);
1810         return TRUE;
1811     }
1812     else
1813     {
1814         return FALSE;
1815     }
1816 }
1817
1818 /******************************************************************************
1819  * CPEncrypt (RSAENH.@)
1820  *
1821  * Encrypt data.
1822  *
1823  * PARAMS
1824  *  hProv      [I]   The key container hKey and hHash belong to.
1825  *  hKey       [I]   The key used to encrypt the data.
1826  *  hHash      [I]   An optional hash object for parallel hashing. See notes.
1827  *  Final      [I]   Indicates if this is the last block of data to encrypt.
1828  *  dwFlags    [I]   Currently no flags defined. Must be zero.
1829  *  pbData     [I/O] Pointer to the data to encrypt. Encrypted data will also be stored there. 
1830  *  pdwDataLen [I/O] I: Length of data to encrypt, O: Length of encrypted data.
1831  *  dwBufLen   [I]   Size of the buffer at pbData.
1832  *
1833  * RETURNS
1834  *  Success: TRUE.
1835  *  Failure: FALSE.
1836  *
1837  * NOTES
1838  *  If a hash object handle is provided in hHash, it will be updated with the plaintext. 
1839  *  This is useful for message signatures.
1840  *
1841  *  This function uses the standard WINAPI protocol for querying data of dynamic length. 
1842  */
1843 BOOL WINAPI RSAENH_CPEncrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, 
1844                              DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen, DWORD dwBufLen)
1845 {
1846     CRYPTKEY *pCryptKey;
1847     BYTE *in, out[RSAENH_MAX_BLOCK_SIZE], o[RSAENH_MAX_BLOCK_SIZE];
1848     DWORD dwEncryptedLen, i, j, k;
1849         
1850     TRACE("(hProv=%08lx, hKey=%08lx, hHash=%08lx, Final=%d, dwFlags=%08lx, pbData=%p, "
1851           "pdwDataLen=%p, dwBufLen=%ld)\n", hProv, hKey, hHash, Final, dwFlags, pbData, pdwDataLen,
1852           dwBufLen);
1853     
1854     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1855     {
1856         SetLastError(NTE_BAD_UID);
1857         return FALSE;
1858     }
1859
1860     if (dwFlags)
1861     {
1862         SetLastError(NTE_BAD_FLAGS);
1863         return FALSE;
1864     }
1865
1866     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
1867     {
1868         SetLastError(NTE_BAD_KEY);
1869         return FALSE;
1870     }
1871
1872     if (pCryptKey->dwState == RSAENH_KEYSTATE_IDLE) 
1873         pCryptKey->dwState = RSAENH_KEYSTATE_ENCRYPTING;
1874
1875     if (pCryptKey->dwState != RSAENH_KEYSTATE_ENCRYPTING) 
1876     {
1877         SetLastError(NTE_BAD_DATA);
1878         return FALSE;
1879     }
1880
1881     if (is_valid_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) {
1882         if (!RSAENH_CPHashData(hProv, hHash, pbData, *pdwDataLen, 0)) return FALSE;
1883     }
1884     
1885     if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
1886         if (!Final && (*pdwDataLen % pCryptKey->dwBlockLen)) {
1887             SetLastError(NTE_BAD_DATA);
1888             return FALSE;
1889         }
1890
1891         dwEncryptedLen = (*pdwDataLen/pCryptKey->dwBlockLen+(Final?1:0))*pCryptKey->dwBlockLen;
1892         for (i=*pdwDataLen; i<dwEncryptedLen && i<dwBufLen; i++) pbData[i] = dwEncryptedLen - *pdwDataLen;
1893         *pdwDataLen = dwEncryptedLen; 
1894
1895         if (*pdwDataLen > dwBufLen) 
1896         {
1897             SetLastError(ERROR_MORE_DATA);
1898             return FALSE;
1899         }
1900     
1901         for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
1902             switch (pCryptKey->dwMode) {
1903                 case CRYPT_MODE_ECB:
1904                     encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, in, out, 
1905                                        RSAENH_ENCRYPT);
1906                     break;
1907                 
1908                 case CRYPT_MODE_CBC:
1909                     for (j=0; j<pCryptKey->dwBlockLen; j++) in[j] ^= pCryptKey->abChainVector[j];
1910                     encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, in, out, 
1911                                        RSAENH_ENCRYPT);
1912                     memcpy(pCryptKey->abChainVector, out, pCryptKey->dwBlockLen);
1913                     break;
1914
1915                 case CRYPT_MODE_CFB:
1916                     for (j=0; j<pCryptKey->dwBlockLen; j++) {
1917                         encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, 
1918                                            pCryptKey->abChainVector, o, RSAENH_ENCRYPT);
1919                         out[j] = in[j] ^ o[0];
1920                         for (k=0; k<pCryptKey->dwBlockLen-1; k++) 
1921                             pCryptKey->abChainVector[k] = pCryptKey->abChainVector[k+1];
1922                         pCryptKey->abChainVector[k] = out[j];
1923                     }
1924                     break;
1925                     
1926                 default:
1927                     SetLastError(NTE_BAD_ALGID);
1928                     return FALSE;
1929             }
1930             memcpy(in, out, pCryptKey->dwBlockLen); 
1931         }
1932     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_STREAM) {
1933         encrypt_stream_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, *pdwDataLen);
1934     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_RSA) {
1935         if (pCryptKey->aiAlgid == CALG_RSA_SIGN) {
1936             SetLastError(NTE_BAD_KEY);
1937             return FALSE;
1938         }
1939         if (dwBufLen < pCryptKey->dwBlockLen) {
1940             SetLastError(ERROR_MORE_DATA);
1941             return FALSE;
1942         }
1943         if (!pad_data(pbData, *pdwDataLen, pbData, pCryptKey->dwBlockLen, dwFlags)) return FALSE;
1944         encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, pbData, RSAENH_ENCRYPT);
1945         *pdwDataLen = pCryptKey->dwBlockLen;
1946         Final = TRUE;
1947     } else {
1948         SetLastError(NTE_BAD_TYPE);
1949         return FALSE;
1950     }
1951
1952     if (Final) setup_key(pCryptKey);
1953
1954     return TRUE;
1955 }
1956
1957 /******************************************************************************
1958  * CPDecrypt (RSAENH.@)
1959  *
1960  * Decrypt data.
1961  *
1962  * PARAMS
1963  *  hProv      [I]   The key container hKey and hHash belong to.
1964  *  hKey       [I]   The key used to decrypt the data.
1965  *  hHash      [I]   An optional hash object for parallel hashing. See notes.
1966  *  Final      [I]   Indicates if this is the last block of data to decrypt.
1967  *  dwFlags    [I]   Currently no flags defined. Must be zero.
1968  *  pbData     [I/O] Pointer to the data to decrypt. Plaintext will also be stored there. 
1969  *  pdwDataLen [I/O] I: Length of ciphertext, O: Length of plaintext.
1970  *
1971  * RETURNS
1972  *  Success: TRUE.
1973  *  Failure: FALSE.
1974  *
1975  * NOTES
1976  *  If a hash object handle is provided in hHash, it will be updated with the plaintext. 
1977  *  This is useful for message signatures.
1978  *
1979  *  This function uses the standard WINAPI protocol for querying data of dynamic length. 
1980  */
1981 BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, 
1982                              DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
1983 {
1984     CRYPTKEY *pCryptKey;
1985     BYTE *in, out[RSAENH_MAX_BLOCK_SIZE], o[RSAENH_MAX_BLOCK_SIZE];
1986     DWORD i, j, k;
1987     DWORD dwMax;
1988
1989     TRACE("(hProv=%08lx, hKey=%08lx, hHash=%08lx, Final=%d, dwFlags=%08lx, pbData=%p, "
1990           "pdwDataLen=%p)\n", hProv, hKey, hHash, Final, dwFlags, pbData, pdwDataLen);
1991     
1992     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1993     {
1994         SetLastError(NTE_BAD_UID);
1995         return FALSE;
1996     }
1997
1998     if (dwFlags)
1999     {
2000         SetLastError(NTE_BAD_FLAGS);
2001         return FALSE;
2002     }
2003
2004     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2005     {
2006         SetLastError(NTE_BAD_KEY);
2007         return FALSE;
2008     }
2009
2010     if (pCryptKey->dwState == RSAENH_KEYSTATE_IDLE) 
2011         pCryptKey->dwState = RSAENH_KEYSTATE_DECRYPTING;
2012
2013     if (pCryptKey->dwState != RSAENH_KEYSTATE_DECRYPTING)
2014     {
2015         SetLastError(NTE_BAD_DATA);
2016         return FALSE;
2017     }
2018
2019     dwMax=*pdwDataLen;
2020
2021     if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
2022         for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
2023             switch (pCryptKey->dwMode) {
2024                 case CRYPT_MODE_ECB:
2025                     encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, in, out, 
2026                                        RSAENH_DECRYPT);
2027                     break;
2028                 
2029                 case CRYPT_MODE_CBC:
2030                     encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, in, out, 
2031                                        RSAENH_DECRYPT);
2032                     for (j=0; j<pCryptKey->dwBlockLen; j++) out[j] ^= pCryptKey->abChainVector[j];
2033                     memcpy(pCryptKey->abChainVector, in, pCryptKey->dwBlockLen);
2034                     break;
2035
2036                 case CRYPT_MODE_CFB:
2037                     for (j=0; j<pCryptKey->dwBlockLen; j++) {
2038                         encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, 
2039                                            pCryptKey->abChainVector, o, RSAENH_ENCRYPT);
2040                         out[j] = in[j] ^ o[0];
2041                         for (k=0; k<pCryptKey->dwBlockLen-1; k++) 
2042                             pCryptKey->abChainVector[k] = pCryptKey->abChainVector[k+1];
2043                         pCryptKey->abChainVector[k] = in[j];
2044                     }
2045                     break;
2046                     
2047                 default:
2048                     SetLastError(NTE_BAD_ALGID);
2049                     return FALSE;
2050             }
2051             memcpy(in, out, pCryptKey->dwBlockLen);
2052         }
2053         if (Final) *pdwDataLen -= pbData[*pdwDataLen-1]; 
2054
2055     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_STREAM) {
2056         encrypt_stream_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, *pdwDataLen);
2057     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_RSA) {
2058         if (pCryptKey->aiAlgid == CALG_RSA_SIGN) {
2059             SetLastError(NTE_BAD_KEY);
2060             return FALSE;
2061         }
2062         encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, pbData, RSAENH_DECRYPT);
2063         if (!unpad_data(pbData, pCryptKey->dwBlockLen, pbData, pdwDataLen, dwFlags)) return FALSE;
2064         Final = TRUE;
2065     } else {
2066         SetLastError(NTE_BAD_TYPE);
2067         return FALSE;
2068     } 
2069     
2070     if (Final) setup_key(pCryptKey);
2071
2072     if (is_valid_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) {
2073         if (*pdwDataLen>dwMax ||
2074             !RSAENH_CPHashData(hProv, hHash, pbData, *pdwDataLen, 0)) return FALSE;
2075     }
2076     
2077     return TRUE;
2078 }
2079
2080 /******************************************************************************
2081  * CPExportKey (RSAENH.@)
2082  *
2083  * Export a key into a binary large object (BLOB).
2084  *
2085  * PARAMS
2086  *  hProv      [I]   Key container from which a key is to be exported.
2087  *  hKey       [I]   Key to be exported.
2088  *  hPubKey    [I]   Key used to encrypt sensitive BLOB data.
2089  *  dwBlobType [I]   SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2090  *  dwFlags    [I]   Currently none defined.
2091  *  pbData     [O]   Pointer to a buffer where the BLOB will be written to.
2092  *  pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2093  *
2094  * RETURNS
2095  *  Success: TRUE.
2096  *  Failure: FALSE.
2097  */
2098 BOOL WINAPI RSAENH_CPExportKey(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTKEY hPubKey, 
2099                                DWORD dwBlobType, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2100 {
2101     CRYPTKEY *pCryptKey, *pPubKey;
2102     BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2103     RSAPUBKEY *pRSAPubKey = (RSAPUBKEY*)(pBlobHeader+1);
2104     ALG_ID *pAlgid = (ALG_ID*)(pBlobHeader+1);
2105     DWORD dwDataLen;
2106     
2107     TRACE("(hProv=%08lx, hKey=%08lx, hPubKey=%08lx, dwBlobType=%08lx, dwFlags=%08lx, pbData=%p,"
2108           "pdwDataLen=%p)\n", hProv, hKey, hPubKey, dwBlobType, dwFlags, pbData, pdwDataLen);
2109     
2110     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2111     {
2112         SetLastError(NTE_BAD_UID);
2113         return FALSE;
2114     }
2115
2116     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2117     {
2118         SetLastError(NTE_BAD_KEY);
2119         return FALSE;
2120     }
2121
2122     if (dwFlags & CRYPT_SSL2_FALLBACK) {
2123         if (pCryptKey->aiAlgid != CALG_SSL2_MASTER) {
2124             SetLastError(NTE_BAD_KEY);
2125             return FALSE;
2126         }
2127     }
2128     
2129     switch ((BYTE)dwBlobType)
2130     {
2131         case SIMPLEBLOB:
2132             if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pPubKey)){
2133                 SetLastError(NTE_BAD_PUBLIC_KEY); /* FIXME: error_code? */
2134                 return FALSE;
2135             }
2136
2137             if (!(GET_ALG_CLASS(pCryptKey->aiAlgid)&(ALG_CLASS_DATA_ENCRYPT|ALG_CLASS_MSG_ENCRYPT))) {
2138                 SetLastError(NTE_BAD_KEY); /* FIXME: error code? */
2139                 return FALSE;
2140             }
2141
2142             dwDataLen = sizeof(BLOBHEADER) + sizeof(ALG_ID) + pPubKey->dwBlockLen;
2143             if (pbData) {
2144                 if (*pdwDataLen < dwDataLen) {
2145                     SetLastError(ERROR_MORE_DATA);
2146                     *pdwDataLen = dwDataLen;
2147                     return FALSE;
2148                 }
2149
2150                 pBlobHeader->bType = SIMPLEBLOB;
2151                 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2152                 pBlobHeader->reserved = 0;
2153                 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2154
2155                 *pAlgid = pPubKey->aiAlgid;
2156        
2157                 if (!pad_data(pCryptKey->abKeyValue, pCryptKey->dwKeyLen, (BYTE*)(pAlgid+1), 
2158                               pPubKey->dwBlockLen, dwFlags))
2159                 {
2160                     return FALSE;
2161                 }
2162                 
2163                 encrypt_block_impl(pPubKey->aiAlgid, &pPubKey->context, (BYTE*)(pAlgid+1), 
2164                                    (BYTE*)(pAlgid+1), RSAENH_ENCRYPT); 
2165             }
2166             *pdwDataLen = dwDataLen;
2167             return TRUE;
2168             
2169         case PUBLICKEYBLOB:
2170             if (is_valid_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY)) {
2171                 SetLastError(NTE_BAD_KEY); /* FIXME: error code? */
2172                 return FALSE;
2173             }
2174
2175             if ((pCryptKey->aiAlgid != CALG_RSA_KEYX) && (pCryptKey->aiAlgid != CALG_RSA_SIGN)) {
2176                 SetLastError(NTE_BAD_KEY);
2177                 return FALSE;
2178             }
2179
2180             dwDataLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + pCryptKey->dwKeyLen;
2181             if (pbData) {
2182                 if (*pdwDataLen < dwDataLen) {
2183                     SetLastError(ERROR_MORE_DATA);
2184                     *pdwDataLen = dwDataLen;
2185                     return FALSE;
2186                 }
2187
2188                 pBlobHeader->bType = PUBLICKEYBLOB;
2189                 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2190                 pBlobHeader->reserved = 0;
2191                 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2192
2193                 pRSAPubKey->magic = RSAENH_MAGIC_RSA1; 
2194                 pRSAPubKey->bitlen = pCryptKey->dwKeyLen << 3;
2195         
2196                 export_public_key_impl((BYTE*)(pRSAPubKey+1), &pCryptKey->context, 
2197                                        pCryptKey->dwKeyLen, &pRSAPubKey->pubexp);
2198             }
2199             *pdwDataLen = dwDataLen;
2200             return TRUE;
2201
2202         case PRIVATEKEYBLOB:
2203             if ((pCryptKey->aiAlgid != CALG_RSA_KEYX) && (pCryptKey->aiAlgid != CALG_RSA_SIGN)) {
2204                 SetLastError(NTE_BAD_KEY);
2205                 return FALSE;
2206             }
2207     
2208             dwDataLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + 
2209                         2 * pCryptKey->dwKeyLen + 5 * ((pCryptKey->dwKeyLen + 1) >> 1);
2210             if (pbData) {
2211                 if (*pdwDataLen < dwDataLen) {
2212                     SetLastError(ERROR_MORE_DATA);
2213                     *pdwDataLen = dwDataLen;
2214                     return FALSE;
2215                 }
2216                 
2217                 pBlobHeader->bType = PRIVATEKEYBLOB;
2218                 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2219                 pBlobHeader->reserved = 0;
2220                 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2221
2222                 pRSAPubKey->magic = RSAENH_MAGIC_RSA2;
2223                 pRSAPubKey->bitlen = pCryptKey->dwKeyLen << 3;
2224                 
2225                 export_private_key_impl((BYTE*)(pRSAPubKey+1), &pCryptKey->context, 
2226                                         pCryptKey->dwKeyLen, &pRSAPubKey->pubexp);
2227             }
2228             *pdwDataLen = dwDataLen;
2229             return TRUE;
2230             
2231         default:
2232             SetLastError(NTE_BAD_TYPE); /* FIXME: error code? */
2233             return FALSE;
2234     }
2235 }
2236
2237 /******************************************************************************
2238  * CPImportKey (RSAENH.@)
2239  *
2240  * Import a BLOB'ed key into a key container.
2241  *
2242  * PARAMS
2243  *  hProv     [I] Key container into which the key is to be imported.
2244  *  pbData    [I] Pointer to a buffer which holds the BLOB.
2245  *  dwDataLen [I] Length of data in buffer at pbData.
2246  *  hPubKey   [I] Key used to decrypt sensitive BLOB data.
2247  *  dwFlags   [I] Currently none defined.
2248  *  phKey     [O] Handle to the imported key.
2249  *
2250  * RETURNS
2251  *  Success: TRUE.
2252  *  Failure: FALSE.
2253  */
2254 BOOL WINAPI RSAENH_CPImportKey(HCRYPTPROV hProv, CONST BYTE *pbData, DWORD dwDataLen, 
2255                                HCRYPTKEY hPubKey, DWORD dwFlags, HCRYPTKEY *phKey)
2256 {
2257     CRYPTKEY *pCryptKey, *pPubKey;
2258     CONST BLOBHEADER *pBlobHeader = (CONST BLOBHEADER*)pbData;
2259     CONST RSAPUBKEY *pRSAPubKey = (CONST RSAPUBKEY*)(pBlobHeader+1);
2260     CONST ALG_ID *pAlgid = (CONST ALG_ID*)(pBlobHeader+1);
2261     CONST BYTE *pbKeyStream = (CONST BYTE*)(pAlgid + 1);
2262     ALG_ID algID;
2263     BYTE *pbDecrypted;
2264     DWORD dwKeyLen;
2265
2266     TRACE("(hProv=%08lx, pbData=%p, dwDataLen=%ld, hPubKey=%08lx, dwFlags=%08lx, phKey=%p)\n", 
2267         hProv, pbData, dwDataLen, hPubKey, dwFlags, phKey);
2268     
2269     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2270     {
2271         SetLastError(NTE_BAD_UID);
2272         return FALSE;
2273     }
2274
2275     if (dwDataLen < sizeof(BLOBHEADER) || 
2276         pBlobHeader->bVersion != CUR_BLOB_VERSION ||
2277         pBlobHeader->reserved != 0) 
2278     {
2279         SetLastError(NTE_BAD_DATA);
2280         return FALSE;
2281     }
2282
2283     switch (pBlobHeader->bType)
2284     {
2285         case PRIVATEKEYBLOB:    
2286             if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)) || 
2287                 (pRSAPubKey->magic != RSAENH_MAGIC_RSA2) ||
2288                 (dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + 
2289                     (2 * pRSAPubKey->bitlen >> 3) + (5 * ((pRSAPubKey->bitlen+8)>>4)))) 
2290             {
2291                 SetLastError(NTE_BAD_DATA);
2292                 return FALSE;
2293             }
2294     
2295             *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, MAKELONG(0,pRSAPubKey->bitlen), &pCryptKey);
2296             if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
2297             setup_key(pCryptKey);
2298             return import_private_key_impl((CONST BYTE*)(pRSAPubKey+1), &pCryptKey->context, 
2299                                            pRSAPubKey->bitlen/8, pRSAPubKey->pubexp);
2300                 
2301         case PUBLICKEYBLOB:
2302             if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)) || 
2303                 (pRSAPubKey->magic != RSAENH_MAGIC_RSA1) ||
2304                 (dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + (pRSAPubKey->bitlen >> 3))) 
2305             {
2306                 SetLastError(NTE_BAD_DATA);
2307                 return FALSE;
2308             }
2309     
2310             /* Since this is a public key blob, only the public key is
2311              * available, so only signature verification is possible.
2312              */
2313             algID = pBlobHeader->aiKeyAlg;
2314             if (algID == CALG_RSA_KEYX)
2315                 algID = CALG_RSA_SIGN;
2316             *phKey = new_key(hProv, algID, MAKELONG(0,pRSAPubKey->bitlen), &pCryptKey); 
2317             if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE; 
2318             setup_key(pCryptKey);
2319             return import_public_key_impl((CONST BYTE*)(pRSAPubKey+1), &pCryptKey->context, 
2320                                           pRSAPubKey->bitlen >> 3, pRSAPubKey->pubexp);
2321                 
2322         case SIMPLEBLOB:
2323             if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pPubKey) ||
2324                 pPubKey->aiAlgid != CALG_RSA_KEYX) 
2325             {
2326                 SetLastError(NTE_BAD_PUBLIC_KEY); /* FIXME: error code? */
2327                 return FALSE;
2328             }
2329
2330             if (dwDataLen < sizeof(BLOBHEADER)+sizeof(ALG_ID)+pPubKey->dwBlockLen) 
2331             {
2332                 SetLastError(NTE_BAD_DATA); /* FIXME: error code */
2333                 return FALSE;
2334             }
2335
2336             pbDecrypted = HeapAlloc(GetProcessHeap(), 0, pPubKey->dwBlockLen);
2337             if (!pbDecrypted) return FALSE;
2338             encrypt_block_impl(pPubKey->aiAlgid, &pPubKey->context, pbKeyStream, pbDecrypted, 
2339                                RSAENH_DECRYPT);
2340
2341             dwKeyLen = RSAENH_MAX_KEY_SIZE;
2342             if (!unpad_data(pbDecrypted, pPubKey->dwBlockLen, pbDecrypted, &dwKeyLen, dwFlags)) {
2343                 HeapFree(GetProcessHeap(), 0, pbDecrypted);
2344                 return FALSE;
2345             }
2346             
2347             *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, dwKeyLen<<19, &pCryptKey);
2348             if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
2349             {
2350                 HeapFree(GetProcessHeap(), 0, pbDecrypted);
2351                 return FALSE;
2352             }
2353             memcpy(pCryptKey->abKeyValue, pbDecrypted, dwKeyLen);
2354             HeapFree(GetProcessHeap(), 0, pbDecrypted);
2355             setup_key(pCryptKey);
2356             return TRUE;
2357
2358         default:
2359             SetLastError(NTE_BAD_TYPE); /* FIXME: error code? */
2360             return FALSE;
2361     }
2362 }
2363
2364 /******************************************************************************
2365  * CPGenKey (RSAENH.@)
2366  *
2367  * Generate a key in the key container
2368  *
2369  * PARAMS
2370  *  hProv   [I] Key container for which a key is to be generated.
2371  *  Algid   [I] Crypto algorithm identifier for the key to be generated.
2372  *  dwFlags [I] Upper 16 bits: Binary length of key. Lower 16 bits: Flags. See Notes
2373  *  phKey   [O] Handle to the generated key.
2374  *
2375  * RETURNS
2376  *  Success: TRUE.
2377  *  Failure: FALSE.
2378  *
2379  * FIXME
2380  *  Flags currently not considered.
2381  *
2382  * NOTES
2383  *  Private key-exchange- and signature-keys can be generated with Algid AT_KEYEXCHANGE
2384  *  and AT_SIGNATURE values.
2385  */
2386 BOOL WINAPI RSAENH_CPGenKey(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags, HCRYPTKEY *phKey)
2387 {
2388     KEYCONTAINER *pKeyContainer;
2389     CRYPTKEY *pCryptKey;
2390
2391     TRACE("(hProv=%08lx, aiAlgid=%d, dwFlags=%08lx, phKey=%p)\n", hProv, Algid, dwFlags, phKey);
2392
2393     if (!lookup_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER, 
2394                        (OBJECTHDR**)&pKeyContainer)) 
2395     {
2396         /* MSDN: hProv not containing valid context handle */
2397         SetLastError(NTE_BAD_UID);
2398         return FALSE;
2399     }
2400     
2401     switch (Algid)
2402     {
2403         case AT_SIGNATURE:
2404         case CALG_RSA_SIGN:
2405             *phKey = new_key(hProv, CALG_RSA_SIGN, dwFlags, &pCryptKey);
2406             if (pCryptKey) { 
2407                 new_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen);
2408                 setup_key(pCryptKey);
2409                 if (Algid == AT_SIGNATURE) {
2410                     RSAENH_CPDestroyKey(hProv, pKeyContainer->hSignatureKeyPair);
2411                     copy_handle(&handle_table, *phKey, RSAENH_MAGIC_KEY,
2412                                 (unsigned int*)&pKeyContainer->hSignatureKeyPair);
2413                 }
2414             }
2415             break;
2416
2417         case AT_KEYEXCHANGE:
2418         case CALG_RSA_KEYX:
2419             *phKey = new_key(hProv, CALG_RSA_KEYX, dwFlags, &pCryptKey);
2420             if (pCryptKey) { 
2421                 new_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen);
2422                 setup_key(pCryptKey);
2423                 if (Algid == AT_KEYEXCHANGE) {
2424                     RSAENH_CPDestroyKey(hProv, pKeyContainer->hKeyExchangeKeyPair);
2425                     copy_handle(&handle_table, *phKey, RSAENH_MAGIC_KEY,
2426                                 (unsigned int*)&pKeyContainer->hKeyExchangeKeyPair);
2427                 }
2428             }
2429             break;
2430             
2431         case CALG_RC2:
2432         case CALG_RC4:
2433         case CALG_DES:
2434         case CALG_3DES_112:
2435         case CALG_3DES:
2436         case CALG_PCT1_MASTER:
2437         case CALG_SSL2_MASTER:
2438         case CALG_SSL3_MASTER:
2439         case CALG_TLS1_MASTER:
2440             *phKey = new_key(hProv, Algid, dwFlags, &pCryptKey);
2441             if (pCryptKey) {
2442                 gen_rand_impl(pCryptKey->abKeyValue, RSAENH_MAX_KEY_SIZE);
2443                 switch (Algid) {
2444                     case CALG_SSL3_MASTER:
2445                         pCryptKey->abKeyValue[0] = RSAENH_SSL3_VERSION_MAJOR;
2446                         pCryptKey->abKeyValue[1] = RSAENH_SSL3_VERSION_MINOR;
2447                         break;
2448
2449                     case CALG_TLS1_MASTER:
2450                         pCryptKey->abKeyValue[0] = RSAENH_TLS1_VERSION_MAJOR;
2451                         pCryptKey->abKeyValue[1] = RSAENH_TLS1_VERSION_MINOR;
2452                         break;
2453                 }
2454                 setup_key(pCryptKey);
2455             }
2456             break;
2457             
2458         default:
2459             /* MSDN: Algorithm not supported specified by Algid */
2460             SetLastError(NTE_BAD_ALGID);
2461             return FALSE;
2462     }
2463             
2464     return *phKey != (unsigned int)INVALID_HANDLE_VALUE;
2465 }
2466
2467 /******************************************************************************
2468  * CPGenRandom (RSAENH.@)
2469  *
2470  * Generate a random byte stream.
2471  *
2472  * PARAMS
2473  *  hProv    [I] Key container that is used to generate random bytes.
2474  *  dwLen    [I] Specifies the number of requested random data bytes.
2475  *  pbBuffer [O] Random bytes will be stored here.
2476  *
2477  * RETURNS
2478  *  Success: TRUE
2479  *  Failure: FALSE
2480  */
2481 BOOL WINAPI RSAENH_CPGenRandom(HCRYPTPROV hProv, DWORD dwLen, BYTE *pbBuffer)
2482 {
2483     TRACE("(hProv=%08lx, dwLen=%ld, pbBuffer=%p)\n", hProv, dwLen, pbBuffer);
2484     
2485     if (!is_valid_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER)) 
2486     {
2487         /* MSDN: hProv not containing valid context handle */
2488         SetLastError(NTE_BAD_UID);
2489         return FALSE;
2490     }
2491
2492     return gen_rand_impl(pbBuffer, dwLen);
2493 }
2494
2495 /******************************************************************************
2496  * CPGetHashParam (RSAENH.@)
2497  *
2498  * Query parameters of an hash object.
2499  *
2500  * PARAMS
2501  *  hProv      [I]   The kea container, which the hash belongs to.
2502  *  hHash      [I]   The hash object that is to be queried.
2503  *  dwParam    [I]   Specifies the parameter that is to be queried.
2504  *  pbData     [I]   Pointer to the buffer where the parameter value will be stored.
2505  *  pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
2506  *  dwFlags    [I]   None currently defined.
2507  *
2508  * RETURNS
2509  *  Success: TRUE
2510  *  Failure: FALSE
2511  *
2512  * NOTES
2513  *  Valid dwParams are: HP_ALGID, HP_HASHSIZE, HP_HASHVALUE. The hash will be 
2514  *  finalized if HP_HASHVALUE is queried.
2515  */
2516 BOOL WINAPI RSAENH_CPGetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, BYTE *pbData, 
2517                                   DWORD *pdwDataLen, DWORD dwFlags) 
2518 {
2519     CRYPTHASH *pCryptHash;
2520         
2521     TRACE("(hProv=%08lx, hHash=%08lx, dwParam=%08lx, pbData=%p, pdwDataLen=%p, dwFlags=%08lx)\n", 
2522         hProv, hHash, dwParam, pbData, pdwDataLen, dwFlags);
2523     
2524     if (!is_valid_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER)) 
2525     {
2526         SetLastError(NTE_BAD_UID);
2527         return FALSE;
2528     }
2529
2530     if (dwFlags)
2531     {
2532         SetLastError(NTE_BAD_FLAGS);
2533         return FALSE;
2534     }
2535     
2536     if (!lookup_handle(&handle_table, (unsigned int)hHash, RSAENH_MAGIC_HASH, 
2537                        (OBJECTHDR**)&pCryptHash))
2538     {
2539         SetLastError(NTE_BAD_HASH);
2540         return FALSE;
2541     }
2542
2543     if (!pdwDataLen)
2544     {
2545         SetLastError(ERROR_INVALID_PARAMETER);
2546         return FALSE;
2547     }
2548     
2549     switch (dwParam)
2550     {
2551         case HP_ALGID:
2552             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptHash->aiAlgid, 
2553                               sizeof(ALG_ID));
2554
2555         case HP_HASHSIZE:
2556             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptHash->dwHashSize, 
2557                               sizeof(DWORD));
2558
2559         case HP_HASHVAL:
2560             if (pCryptHash->aiAlgid == CALG_TLS1PRF) {
2561                 return tls1_prf(hProv, pCryptHash->hKey, &pCryptHash->tpPRFParams.blobLabel,
2562                                 &pCryptHash->tpPRFParams.blobSeed, pbData, *pdwDataLen);
2563             }
2564             
2565             if (pCryptHash->dwState == RSAENH_HASHSTATE_IDLE) {
2566                 SetLastError(NTE_BAD_HASH_STATE);
2567                 return FALSE;
2568             }
2569             
2570             if (pbData && (pCryptHash->dwState != RSAENH_HASHSTATE_FINISHED))
2571             {
2572                 finalize_hash(pCryptHash);
2573                 pCryptHash->dwState = RSAENH_HASHSTATE_FINISHED;
2574             }
2575             
2576             return copy_param(pbData, pdwDataLen, (CONST BYTE*)pCryptHash->abHashValue, 
2577                               pCryptHash->dwHashSize);
2578
2579         default:
2580             SetLastError(NTE_BAD_TYPE);
2581             return FALSE;
2582     }
2583 }
2584
2585 /******************************************************************************
2586  * CPSetKeyParam (RSAENH.@)
2587  *
2588  * Set a parameter of a key object
2589  *
2590  * PARAMS
2591  *  hProv   [I] The key container to which the key belongs.
2592  *  hKey    [I] The key for which a parameter is to be set.
2593  *  dwParam [I] Parameter type. See Notes.
2594  *  pbData  [I] Pointer to the parameter value.
2595  *  dwFlags [I] Currently none defined.
2596  *
2597  * RETURNS
2598  *  Success: TRUE.
2599  *  Failure: FALSE.
2600  *
2601  * NOTES:
2602  *  Defined dwParam types are:
2603  *   - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
2604  *   - KP_MODE_BITS: Shift width for cipher feedback mode. (Currently ignored by MS CSP's)
2605  *   - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT, 
2606  *                     CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
2607  *   - KP_IV: Initialization vector
2608  */
2609 BOOL WINAPI RSAENH_CPSetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData, 
2610                                  DWORD dwFlags)
2611 {
2612     CRYPTKEY *pCryptKey;
2613
2614     TRACE("(hProv=%08lx, hKey=%08lx, dwParam=%08lx, pbData=%p, dwFlags=%08lx)\n", hProv, hKey, 
2615           dwParam, pbData, dwFlags);
2616
2617     if (!is_valid_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER))
2618     {
2619         SetLastError(NTE_BAD_UID);
2620         return FALSE;
2621     }
2622
2623     if (dwFlags) {
2624         SetLastError(NTE_BAD_FLAGS);
2625         return FALSE;
2626     }
2627     
2628     if (!lookup_handle(&handle_table, (unsigned int)hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2629     {
2630         SetLastError(NTE_BAD_KEY);
2631         return FALSE;
2632     }
2633     
2634     switch (dwParam) {
2635         case KP_MODE:
2636             pCryptKey->dwMode = *(DWORD*)pbData;
2637             return TRUE;
2638
2639         case KP_MODE_BITS:
2640             pCryptKey->dwModeBits = *(DWORD*)pbData;
2641             return TRUE;
2642
2643         case KP_PERMISSIONS:
2644             pCryptKey->dwPermissions = *(DWORD*)pbData;
2645             return TRUE;
2646
2647         case KP_IV:
2648             memcpy(pCryptKey->abInitVector, pbData, pCryptKey->dwBlockLen);
2649             return TRUE;
2650
2651         case KP_SCHANNEL_ALG:
2652             switch (((PSCHANNEL_ALG)pbData)->dwUse) {
2653                 case SCHANNEL_ENC_KEY:
2654                     memcpy(&pCryptKey->siSChannelInfo.saEncAlg, pbData, sizeof(SCHANNEL_ALG));
2655                     break;
2656
2657                 case SCHANNEL_MAC_KEY:
2658                     memcpy(&pCryptKey->siSChannelInfo.saMACAlg, pbData, sizeof(SCHANNEL_ALG));
2659                     break;
2660
2661                 default:
2662                     SetLastError(NTE_FAIL); /* FIXME: error code */
2663                     return FALSE;
2664             }
2665             return TRUE;
2666
2667         case KP_CLIENT_RANDOM:
2668             return copy_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom, (PCRYPT_DATA_BLOB)pbData);
2669             
2670         case KP_SERVER_RANDOM:
2671             return copy_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom, (PCRYPT_DATA_BLOB)pbData);
2672
2673         default:
2674             SetLastError(NTE_BAD_TYPE);
2675             return FALSE;
2676     }
2677 }
2678
2679 /******************************************************************************
2680  * CPGetKeyParam (RSAENH.@)
2681  *
2682  * Query a key parameter.
2683  *
2684  * PARAMS
2685  *  hProv      [I]   The key container, which the key belongs to.
2686  *  hHash      [I]   The key object that is to be queried.
2687  *  dwParam    [I]   Specifies the parameter that is to be queried.
2688  *  pbData     [I]   Pointer to the buffer where the parameter value will be stored.
2689  *  pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
2690  *  dwFlags    [I]   None currently defined.
2691  *
2692  * RETURNS
2693  *  Success: TRUE
2694  *  Failure: FALSE
2695  *
2696  * NOTES
2697  *  Defined dwParam types are:
2698  *   - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
2699  *   - KP_MODE_BITS: Shift width for cipher feedback mode. 
2700  *                   (Currently ignored by MS CSP's - always eight)
2701  *   - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT, 
2702  *                     CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
2703  *   - KP_IV: Initialization vector.
2704  *   - KP_KEYLEN: Bitwidth of the key.
2705  *   - KP_BLOCKLEN: Size of a block cipher block.
2706  *   - KP_SALT: Salt value.
2707  */
2708 BOOL WINAPI RSAENH_CPGetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData, 
2709                                  DWORD *pdwDataLen, DWORD dwFlags)
2710 {
2711     CRYPTKEY *pCryptKey;
2712     DWORD dwBitLen;
2713         
2714     TRACE("(hProv=%08lx, hKey=%08lx, dwParam=%08lx, pbData=%p, pdwDataLen=%p dwFlags=%08lx)\n", 
2715           hProv, hKey, dwParam, pbData, pdwDataLen, dwFlags);
2716
2717     if (!is_valid_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER)) 
2718     {
2719         SetLastError(NTE_BAD_UID);
2720         return FALSE;
2721     }
2722
2723     if (dwFlags) {
2724         SetLastError(NTE_BAD_FLAGS);
2725         return FALSE;
2726     }
2727
2728     if (!lookup_handle(&handle_table, (unsigned int)hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2729     {
2730         SetLastError(NTE_BAD_KEY);
2731         return FALSE;
2732     }
2733
2734     switch (dwParam) 
2735     {
2736         case KP_IV:
2737             return copy_param(pbData, pdwDataLen, (CONST BYTE*)pCryptKey->abInitVector, 
2738                               pCryptKey->dwBlockLen);
2739         
2740         case KP_SALT:
2741             return copy_param(pbData, pdwDataLen, 
2742                     (CONST BYTE*)&pCryptKey->abKeyValue[pCryptKey->dwKeyLen], pCryptKey->dwSaltLen);
2743         
2744         case KP_KEYLEN:
2745             dwBitLen = pCryptKey->dwKeyLen << 3;
2746             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwBitLen, sizeof(DWORD));
2747         
2748         case KP_BLOCKLEN:
2749             dwBitLen = pCryptKey->dwBlockLen << 3;
2750             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwBitLen, sizeof(DWORD));
2751     
2752         case KP_MODE:
2753             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->dwMode, sizeof(DWORD));
2754
2755         case KP_MODE_BITS:
2756             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->dwModeBits, 
2757                               sizeof(DWORD));
2758     
2759         case KP_PERMISSIONS:
2760             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->dwPermissions, 
2761                               sizeof(DWORD));
2762
2763         case KP_ALGID:
2764             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->aiAlgid, sizeof(DWORD));
2765             
2766         default:
2767             SetLastError(NTE_BAD_TYPE);
2768             return FALSE;
2769     }
2770 }
2771                         
2772 /******************************************************************************
2773  * CPGetProvParam (RSAENH.@)
2774  *
2775  * Query a CSP parameter.
2776  *
2777  * PARAMS
2778  *  hProv      [I]   The key container that is to be queried.
2779  *  dwParam    [I]   Specifies the parameter that is to be queried.
2780  *  pbData     [I]   Pointer to the buffer where the parameter value will be stored.
2781  *  pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
2782  *  dwFlags    [I]   CRYPT_FIRST: Start enumeration (for PP_ENUMALGS{_EX}).
2783  *
2784  * RETURNS
2785  *  Success: TRUE
2786  *  Failure: FALSE
2787  * NOTES:
2788  *  Defined dwParam types:
2789  *   - PP_CONTAINER: Name of the key container.
2790  *   - PP_NAME: Name of the cryptographic service provider.
2791  *   - PP_SIG_KEYSIZE_INC: RSA signature keywidth granularity in bits.
2792  *   - PP_KEYX_KEYSIZE_INC: RSA key-exchange keywidth granularity in bits.
2793  *   - PP_ENUMALGS{_EX}: Query provider capabilities.
2794  */
2795 BOOL WINAPI RSAENH_CPGetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, 
2796                                   DWORD *pdwDataLen, DWORD dwFlags)
2797 {
2798     KEYCONTAINER *pKeyContainer;
2799     PROV_ENUMALGS provEnumalgs;
2800     DWORD dwTemp;
2801     CHAR szRSABase[MAX_PATH];
2802     HKEY hKey, hRootKey;
2803    
2804     /* This is for dwParam 41, which does not seem to be documented
2805      * on MSDN. IE6 SP1 asks for it in the 'About' dialog, however.
2806      * Returning this BLOB seems to satisfy IE. The marked 0x00 seem 
2807      * to be 'don't care's. If you know anything more specific about
2808      * provider parameter 41, please report to wine-devel@winehq.org */
2809     static CONST BYTE abWTF[96] = { 
2810         0xb0, 0x25,     0x63,     0x86, 0x9c, 0xab,     0xb6,     0x37, 
2811         0xe8, 0x82, /**/0x00,/**/ 0x72, 0x06, 0xb2, /**/0x00,/**/ 0x3b, 
2812         0x60, 0x35, /**/0x00,/**/ 0x3b, 0x88, 0xce, /**/0x00,/**/ 0x82, 
2813         0xbc, 0x7a, /**/0x00,/**/ 0xb7, 0x4f, 0x7e, /**/0x00,/**/ 0xde, 
2814         0x92, 0xf1, /**/0x00,/**/ 0x83, 0xea, 0x5e, /**/0x00,/**/ 0xc8, 
2815         0x12, 0x1e,     0xd4,     0x06, 0xf7, 0x66, /**/0x00,/**/ 0x01, 
2816         0x29, 0xa4, /**/0x00,/**/ 0xf8, 0x24, 0x0c, /**/0x00,/**/ 0x33, 
2817         0x06, 0x80, /**/0x00,/**/ 0x02, 0x46, 0x0b, /**/0x00,/**/ 0x6d, 
2818         0x5b, 0xca, /**/0x00,/**/ 0x9a, 0x10, 0xf0, /**/0x00,/**/ 0x05, 
2819         0x19, 0xd0, /**/0x00,/**/ 0x2c, 0xf6, 0x27, /**/0x00,/**/ 0xaa, 
2820         0x7c, 0x6f, /**/0x00,/**/ 0xb9, 0xd8, 0x72, /**/0x00,/**/ 0x03, 
2821         0xf3, 0x81, /**/0x00,/**/ 0xfa, 0xe8, 0x26, /**/0x00,/**/ 0xca 
2822     };
2823
2824     TRACE("(hProv=%08lx, dwParam=%08lx, pbData=%p, pdwDataLen=%p, dwFlags=%08lx)\n", 
2825            hProv, dwParam, pbData, pdwDataLen, dwFlags);
2826
2827     if (!pdwDataLen) {
2828         SetLastError(ERROR_INVALID_PARAMETER);
2829         return FALSE;
2830     }
2831     
2832     if (!lookup_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER, 
2833                        (OBJECTHDR**)&pKeyContainer)) 
2834     {
2835         /* MSDN: hProv not containing valid context handle */
2836         SetLastError(NTE_BAD_UID);
2837         return FALSE;
2838     }
2839
2840     switch (dwParam) 
2841     {
2842         case PP_CONTAINER:
2843             return copy_param(pbData, pdwDataLen, (CONST BYTE*)pKeyContainer->szName, 
2844                               strlen(pKeyContainer->szName)+1);
2845
2846         case PP_NAME:
2847             return copy_param(pbData, pdwDataLen, (CONST BYTE*)pKeyContainer->szProvName, 
2848                               strlen(pKeyContainer->szProvName)+1);
2849
2850         case PP_SIG_KEYSIZE_INC:
2851         case PP_KEYX_KEYSIZE_INC:
2852             dwTemp = 8;
2853             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
2854
2855         case PP_IMPTYPE:
2856             dwTemp = CRYPT_IMPL_SOFTWARE;
2857             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
2858
2859         case PP_VERSION:
2860             dwTemp = 0x00000200;
2861             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
2862             
2863         case PP_ENUMCONTAINERS:
2864             if ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) pKeyContainer->dwEnumContainersCtr = 0;
2865
2866             if (!pbData) {
2867                 *pdwDataLen = (DWORD)MAX_PATH + 1;
2868                 return TRUE;
2869             }
2870  
2871             sprintf(szRSABase, RSAENH_REGKEY, "");
2872
2873             if (dwFlags & CRYPT_MACHINE_KEYSET) {
2874                 hRootKey = HKEY_LOCAL_MACHINE;
2875             } else {
2876                 hRootKey = HKEY_CURRENT_USER;
2877             }
2878
2879             if (RegOpenKeyExA(hRootKey, szRSABase, 0, KEY_READ, &hKey) != ERROR_SUCCESS)
2880             {
2881                 SetLastError(ERROR_NO_MORE_ITEMS);
2882                 return FALSE;
2883             }
2884
2885             dwTemp = *pdwDataLen;
2886             switch (RegEnumKeyExA(hKey, pKeyContainer->dwEnumContainersCtr, (LPSTR)pbData, &dwTemp,
2887                     NULL, NULL, NULL, NULL))
2888             {
2889                 case ERROR_MORE_DATA:
2890                     *pdwDataLen = (DWORD)MAX_PATH + 1;
2891  
2892                 case ERROR_SUCCESS:
2893                     pKeyContainer->dwEnumContainersCtr++;
2894                     RegCloseKey(hKey);
2895                     return TRUE;
2896
2897                 case ERROR_NO_MORE_ITEMS:
2898                 default:
2899                     SetLastError(ERROR_NO_MORE_ITEMS);
2900                     RegCloseKey(hKey);
2901                     return FALSE;
2902             }
2903  
2904         case PP_ENUMALGS:
2905         case PP_ENUMALGS_EX:
2906             if (((pKeyContainer->dwEnumAlgsCtr >= RSAENH_MAX_ENUMALGS-1) ||
2907                  (!aProvEnumAlgsEx[pKeyContainer->dwPersonality]
2908                    [pKeyContainer->dwEnumAlgsCtr+1].aiAlgid)) && 
2909                 ((dwFlags & CRYPT_FIRST) != CRYPT_FIRST))
2910             {
2911                 SetLastError(ERROR_NO_MORE_ITEMS);
2912                 return FALSE;
2913             }
2914
2915             if (dwParam == PP_ENUMALGS) {    
2916                 if (pbData && (*pdwDataLen >= sizeof(PROV_ENUMALGS))) 
2917                     pKeyContainer->dwEnumAlgsCtr = ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) ? 
2918                         0 : pKeyContainer->dwEnumAlgsCtr+1;
2919             
2920                 provEnumalgs.aiAlgid = aProvEnumAlgsEx
2921                     [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].aiAlgid;
2922                 provEnumalgs.dwBitLen = aProvEnumAlgsEx
2923                     [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].dwDefaultLen;
2924                 provEnumalgs.dwNameLen = aProvEnumAlgsEx
2925                     [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].dwNameLen;
2926                 memcpy(provEnumalgs.szName, aProvEnumAlgsEx
2927                        [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].szName, 
2928                        20*sizeof(CHAR));
2929             
2930                 return copy_param(pbData, pdwDataLen, (CONST BYTE*)&provEnumalgs, 
2931                                   sizeof(PROV_ENUMALGS));
2932             } else {
2933                 if (pbData && (*pdwDataLen >= sizeof(PROV_ENUMALGS_EX))) 
2934                     pKeyContainer->dwEnumAlgsCtr = ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) ? 
2935                         0 : pKeyContainer->dwEnumAlgsCtr+1;
2936             
2937                 return copy_param(pbData, pdwDataLen, 
2938                                   (CONST BYTE*)&aProvEnumAlgsEx
2939                                       [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr], 
2940                                   sizeof(PROV_ENUMALGS_EX));
2941             }
2942
2943         case 41: /* Undocumented. Asked for by IE About dialog */
2944             return copy_param(pbData, pdwDataLen, abWTF, sizeof(abWTF));
2945
2946         default:
2947             /* MSDN: Unknown parameter number in dwParam */
2948             SetLastError(NTE_BAD_TYPE);
2949             return FALSE;
2950     }
2951 }
2952
2953 /******************************************************************************
2954  * CPDeriveKey (RSAENH.@)
2955  *
2956  * Derives a key from a hash value.
2957  *
2958  * PARAMS
2959  *  hProv     [I] Key container for which a key is to be generated.
2960  *  Algid     [I] Crypto algorithm identifier for the key to be generated.
2961  *  hBaseData [I] Hash from whose value the key will be derived.
2962  *  dwFlags   [I] See Notes.
2963  *  phKey     [O] The generated key.
2964  *
2965  * RETURNS
2966  *  Success: TRUE
2967  *  Failure: FALSE
2968  *
2969  * NOTES
2970  *  Defined flags:
2971  *   - CRYPT_EXPORTABLE: Key can be exported.
2972  *   - CRYPT_NO_SALT: No salt is used for 40 bit keys.
2973  *   - CRYPT_CREATE_SALT: Use remaining bits as salt value.
2974  */
2975 BOOL WINAPI RSAENH_CPDeriveKey(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTHASH hBaseData, 
2976                                DWORD dwFlags, HCRYPTKEY *phKey)
2977 {
2978     CRYPTKEY *pCryptKey, *pMasterKey;
2979     CRYPTHASH *pCryptHash;
2980     BYTE abHashValue[RSAENH_MAX_HASH_SIZE*2];
2981     DWORD dwLen;
2982     
2983     TRACE("(hProv=%08lx, Algid=%d, hBaseData=%08lx, dwFlags=%08lx phKey=%p)\n", hProv, Algid, 
2984            hBaseData, dwFlags, phKey);
2985     
2986     if (!is_valid_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER))
2987     {
2988         SetLastError(NTE_BAD_UID);
2989         return FALSE;
2990     }
2991
2992     if (!lookup_handle(&handle_table, (unsigned int)hBaseData, RSAENH_MAGIC_HASH, 
2993                        (OBJECTHDR**)&pCryptHash))
2994     {
2995         SetLastError(NTE_BAD_HASH);
2996         return FALSE;
2997     }
2998
2999     if (!phKey)
3000     {
3001         SetLastError(ERROR_INVALID_PARAMETER);
3002         return FALSE;
3003     }
3004
3005     switch (GET_ALG_CLASS(Algid))
3006     {
3007         case ALG_CLASS_DATA_ENCRYPT:
3008             *phKey = new_key(hProv, Algid, dwFlags, &pCryptKey);
3009             if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3010
3011             /* 
3012              * We derive the key material from the hash.
3013              * If the hash value is not large enough for the claimed key, we have to construct
3014              * a larger binary value based on the hash. This is documented in MSDN: CryptDeriveKey.
3015              */
3016             dwLen = RSAENH_MAX_HASH_SIZE;
3017             RSAENH_CPGetHashParam(pCryptHash->hProv, hBaseData, HP_HASHVAL, abHashValue, &dwLen, 0);
3018     
3019             if (dwLen < pCryptKey->dwKeyLen) {
3020                 BYTE pad1[RSAENH_HMAC_DEF_PAD_LEN], pad2[RSAENH_HMAC_DEF_PAD_LEN];
3021                 BYTE old_hashval[RSAENH_MAX_HASH_SIZE];
3022                 DWORD i;
3023
3024                 memcpy(old_hashval, pCryptHash->abHashValue, RSAENH_MAX_HASH_SIZE);
3025             
3026                 for (i=0; i<RSAENH_HMAC_DEF_PAD_LEN; i++) {
3027                     pad1[i] = RSAENH_HMAC_DEF_IPAD_CHAR ^ (i<dwLen ? abHashValue[i] : 0);
3028                     pad2[i] = RSAENH_HMAC_DEF_OPAD_CHAR ^ (i<dwLen ? abHashValue[i] : 0);
3029                 }
3030                 
3031                 init_hash(pCryptHash);
3032                 update_hash(pCryptHash, pad1, RSAENH_HMAC_DEF_PAD_LEN);
3033                 finalize_hash(pCryptHash);
3034                 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
3035
3036                 init_hash(pCryptHash);
3037                 update_hash(pCryptHash, pad2, RSAENH_HMAC_DEF_PAD_LEN);
3038                 finalize_hash(pCryptHash);
3039                 memcpy(abHashValue+pCryptHash->dwHashSize, pCryptHash->abHashValue, 
3040                        pCryptHash->dwHashSize);
3041
3042                 memcpy(pCryptHash->abHashValue, old_hashval, RSAENH_MAX_HASH_SIZE);
3043             }
3044     
3045             memcpy(pCryptKey->abKeyValue, abHashValue, 
3046                    RSAENH_MIN(pCryptKey->dwKeyLen, sizeof(pCryptKey->abKeyValue)));
3047             break;
3048
3049         case ALG_CLASS_MSG_ENCRYPT:
3050             if (!lookup_handle(&handle_table, pCryptHash->hKey, RSAENH_MAGIC_KEY,
3051                                (OBJECTHDR**)&pMasterKey)) 
3052             {
3053                 SetLastError(NTE_FAIL); /* FIXME error code */
3054                 return FALSE;
3055             }
3056                 
3057             switch (Algid) 
3058             {
3059                 /* See RFC 2246, chapter 6.3 Key calculation */
3060                 case CALG_SCHANNEL_ENC_KEY:
3061                     *phKey = new_key(hProv, pMasterKey->siSChannelInfo.saEncAlg.Algid, 
3062                                      MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saEncAlg.cBits),
3063                                      &pCryptKey);
3064                     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3065                     memcpy(pCryptKey->abKeyValue, 
3066                            pCryptHash->abHashValue + (
3067                                2 * (pMasterKey->siSChannelInfo.saMACAlg.cBits / 8) +
3068                                ((dwFlags & CRYPT_SERVER) ? 
3069                                    (pMasterKey->siSChannelInfo.saEncAlg.cBits / 8) : 0)),
3070                            pMasterKey->siSChannelInfo.saEncAlg.cBits / 8);
3071                     memcpy(pCryptKey->abInitVector,
3072                            pCryptHash->abHashValue + (
3073                                2 * (pMasterKey->siSChannelInfo.saMACAlg.cBits / 8) +
3074                                2 * (pMasterKey->siSChannelInfo.saEncAlg.cBits / 8) +
3075                                ((dwFlags & CRYPT_SERVER) ? pCryptKey->dwBlockLen : 0)),
3076                            pCryptKey->dwBlockLen);
3077                     break;
3078                     
3079                 case CALG_SCHANNEL_MAC_KEY:
3080                     *phKey = new_key(hProv, Algid, 
3081                                      MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saMACAlg.cBits),
3082                                      &pCryptKey);
3083                     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3084                     memcpy(pCryptKey->abKeyValue,
3085                            pCryptHash->abHashValue + ((dwFlags & CRYPT_SERVER) ? 
3086                                pMasterKey->siSChannelInfo.saMACAlg.cBits / 8 : 0),
3087                            pMasterKey->siSChannelInfo.saMACAlg.cBits / 8);
3088                     break;
3089                     
3090                 default:
3091                     SetLastError(NTE_BAD_ALGID);
3092                     return FALSE;
3093             }
3094             break;
3095
3096         default:
3097             SetLastError(NTE_BAD_ALGID);
3098             return FALSE;
3099     }
3100
3101     setup_key(pCryptKey);
3102     return TRUE;    
3103 }
3104
3105 /******************************************************************************
3106  * CPGetUserKey (RSAENH.@)
3107  *
3108  * Returns a handle to the user's private key-exchange- or signature-key.
3109  *
3110  * PARAMS
3111  *  hProv     [I] The key container from which a user key is requested.
3112  *  dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
3113  *  phUserKey [O] Handle to the requested key or INVALID_HANDLE_VALUE in case of failure.
3114  *
3115  * RETURNS
3116  *  Success: TRUE.
3117  *  Failure: FALSE.
3118  *
3119  * NOTE
3120  *  A newly created key container does not contain private user key. Create them with CPGenKey.
3121  */
3122 BOOL WINAPI RSAENH_CPGetUserKey(HCRYPTPROV hProv, DWORD dwKeySpec, HCRYPTKEY *phUserKey)
3123 {
3124     KEYCONTAINER *pKeyContainer;
3125
3126     TRACE("(hProv=%08lx, dwKeySpec=%08lx, phUserKey=%p)\n", hProv, dwKeySpec, phUserKey);
3127     
3128     if (!lookup_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER, 
3129                        (OBJECTHDR**)&pKeyContainer)) 
3130     {
3131         /* MSDN: hProv not containing valid context handle */
3132         SetLastError(NTE_BAD_UID);
3133         return FALSE;
3134     }
3135
3136     switch (dwKeySpec)
3137     {
3138         case AT_KEYEXCHANGE:
3139             copy_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair, RSAENH_MAGIC_KEY, 
3140                         (unsigned int*)phUserKey);
3141             break;
3142
3143         case AT_SIGNATURE:
3144             copy_handle(&handle_table, pKeyContainer->hSignatureKeyPair, RSAENH_MAGIC_KEY, 
3145                         (unsigned int*)phUserKey);
3146             break;
3147
3148         default:
3149             *phUserKey = (HCRYPTKEY)INVALID_HANDLE_VALUE;
3150     }
3151
3152     if (*phUserKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
3153     {
3154         /* MSDN: dwKeySpec parameter specifies nonexistent key */
3155         SetLastError(NTE_NO_KEY);
3156         return FALSE;
3157     }
3158
3159     return TRUE;
3160 }
3161
3162 /******************************************************************************
3163  * CPHashData (RSAENH.@)
3164  *
3165  * Updates a hash object with the given data.
3166  *
3167  * PARAMS
3168  *  hProv     [I] Key container to which the hash object belongs.
3169  *  hHash     [I] Hash object which is to be updated.
3170  *  pbData    [I] Pointer to data with which the hash object is to be updated.
3171  *  dwDataLen [I] Length of the data.
3172  *  dwFlags   [I] Currently none defined.
3173  *
3174  * RETURNS
3175  *  Success: TRUE.
3176  *  Failure: FALSE.
3177  *
3178  * NOTES
3179  *  The actual hash value is queried with CPGetHashParam, which will finalize 
3180  *  the hash. Updating a finalized hash will fail with a last error NTE_BAD_HASH_STATE.
3181  */
3182 BOOL WINAPI RSAENH_CPHashData(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST BYTE *pbData, 
3183                               DWORD dwDataLen, DWORD dwFlags)
3184 {
3185     CRYPTHASH *pCryptHash;
3186         
3187     TRACE("(hProv=%08lx, hHash=%08lx, pbData=%p, dwDataLen=%ld, dwFlags=%08lx)\n", 
3188           hProv, hHash, pbData, dwDataLen, dwFlags);
3189
3190     if (dwFlags)
3191     {
3192         SetLastError(NTE_BAD_FLAGS);
3193         return FALSE;
3194     }
3195
3196     if (!lookup_handle(&handle_table, (unsigned int)hHash, RSAENH_MAGIC_HASH, 
3197                        (OBJECTHDR**)&pCryptHash))
3198     {
3199         SetLastError(NTE_BAD_HASH);
3200         return FALSE;
3201     }
3202
3203     if (!get_algid_info(hProv, pCryptHash->aiAlgid) || pCryptHash->aiAlgid == CALG_SSL3_SHAMD5)
3204     {
3205         SetLastError(NTE_BAD_ALGID);
3206         return FALSE;
3207     }
3208     
3209     if (pCryptHash->dwState == RSAENH_HASHSTATE_IDLE)
3210         pCryptHash->dwState = RSAENH_HASHSTATE_HASHING;
3211     
3212     if (pCryptHash->dwState != RSAENH_HASHSTATE_HASHING)
3213     {
3214         SetLastError(NTE_BAD_HASH_STATE);
3215         return FALSE;
3216     }
3217
3218     update_hash(pCryptHash, pbData, dwDataLen);
3219     return TRUE;
3220 }
3221
3222 /******************************************************************************
3223  * CPHashSessionKey (RSAENH.@)
3224  *
3225  * Updates a hash object with the binary representation of a symmetric key.
3226  *
3227  * PARAMS
3228  *  hProv     [I] Key container to which the hash object belongs.
3229  *  hHash     [I] Hash object which is to be updated.
3230  *  hKey      [I] The symmetric key, whose binary value will be added to the hash.
3231  *  dwFlags   [I] CRYPT_LITTLE_ENDIAN, if the binary key value shall be interpreted as little endian.
3232  *
3233  * RETURNS
3234  *  Success: TRUE.
3235  *  Failure: FALSE.
3236  */
3237 BOOL WINAPI RSAENH_CPHashSessionKey(HCRYPTPROV hProv, HCRYPTHASH hHash, HCRYPTKEY hKey, 
3238                                     DWORD dwFlags)
3239 {
3240     BYTE abKeyValue[RSAENH_MAX_KEY_SIZE], bTemp;
3241     CRYPTKEY *pKey;
3242     DWORD i;
3243
3244     TRACE("(hProv=%08lx, hHash=%08lx, hKey=%08lx, dwFlags=%08lx)\n", hProv, hHash, hKey, dwFlags);
3245
3246     if (!lookup_handle(&handle_table, (unsigned int)hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pKey) ||
3247         (GET_ALG_CLASS(pKey->aiAlgid) != ALG_CLASS_DATA_ENCRYPT)) 
3248     {
3249         SetLastError(NTE_BAD_KEY);
3250         return FALSE;
3251     }
3252
3253     if (dwFlags & ~CRYPT_LITTLE_ENDIAN) {
3254         SetLastError(NTE_BAD_FLAGS);
3255         return FALSE;
3256     }
3257
3258     memcpy(abKeyValue, pKey->abKeyValue, pKey->dwKeyLen);
3259     if (!(dwFlags & CRYPT_LITTLE_ENDIAN)) {
3260         for (i=0; i<pKey->dwKeyLen/2; i++) {
3261             bTemp = abKeyValue[i];
3262             abKeyValue[i] = abKeyValue[pKey->dwKeyLen-i-1];
3263             abKeyValue[pKey->dwKeyLen-i-1] = bTemp;
3264         }
3265     }
3266
3267     return RSAENH_CPHashData(hProv, hHash, abKeyValue, pKey->dwKeyLen, 0);
3268 }
3269
3270 /******************************************************************************
3271  * CPReleaseContext (RSAENH.@)
3272  *
3273  * Release a key container.
3274  *
3275  * PARAMS
3276  *  hProv   [I] Key container to be released.
3277  *  dwFlags [I] Currently none defined.
3278  *
3279  * RETURNS
3280  *  Success: TRUE
3281  *  Failure: FALSE
3282  */
3283 BOOL WINAPI RSAENH_CPReleaseContext(HCRYPTPROV hProv, DWORD dwFlags)
3284 {
3285     TRACE("(hProv=%08lx, dwFlags=%08lx)\n", hProv, dwFlags);
3286
3287     if (!release_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER)) 
3288     {
3289         /* MSDN: hProv not containing valid context handle */
3290         SetLastError(NTE_BAD_UID);
3291         return FALSE;
3292     }
3293
3294     if (dwFlags) {
3295         SetLastError(NTE_BAD_FLAGS);
3296         return FALSE;
3297     }
3298     
3299     return TRUE;
3300 }
3301
3302 /******************************************************************************
3303  * CPSetHashParam (RSAENH.@)
3304  * 
3305  * Set a parameter of a hash object
3306  *
3307  * PARAMS
3308  *  hProv   [I] The key container to which the key belongs.
3309  *  hHash   [I] The hash object for which a parameter is to be set.
3310  *  dwParam [I] Parameter type. See Notes.
3311  *  pbData  [I] Pointer to the parameter value.
3312  *  dwFlags [I] Currently none defined.
3313  *
3314  * RETURNS
3315  *  Success: TRUE.
3316  *  Failure: FALSE.
3317  *
3318  * NOTES
3319  *  Currently only the HP_HMAC_INFO dwParam type is defined. 
3320  *  The HMAC_INFO struct will be deep copied into the hash object.
3321  *  See Internet RFC 2104 for details on the HMAC algorithm.
3322  */
3323 BOOL WINAPI RSAENH_CPSetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, 
3324                                   BYTE *pbData, DWORD dwFlags)
3325 {
3326     CRYPTHASH *pCryptHash;
3327     CRYPTKEY *pCryptKey;
3328     int i;
3329
3330     TRACE("(hProv=%08lx, hHash=%08lx, dwParam=%08lx, pbData=%p, dwFlags=%08lx)\n", 
3331            hProv, hHash, dwParam, pbData, dwFlags);
3332
3333     if (!is_valid_handle(&handle_table, (unsigned int)hProv, RSAENH_MAGIC_CONTAINER))
3334     {
3335         SetLastError(NTE_BAD_UID);
3336         return FALSE;
3337     }
3338
3339     if (dwFlags) {
3340         SetLastError(NTE_BAD_FLAGS);
3341         return FALSE;
3342     }
3343     
3344     if (!lookup_handle(&handle_table, (unsigned int)hHash, RSAENH_MAGIC_HASH, 
3345                        (OBJECTHDR**)&pCryptHash))
3346     {
3347         SetLastError(NTE_BAD_HASH);
3348         return FALSE;
3349     }
3350     
3351     switch (dwParam) {
3352         case HP_HMAC_INFO:
3353             free_hmac_info(pCryptHash->pHMACInfo);
3354             if (!copy_hmac_info(&pCryptHash->pHMACInfo, (PHMAC_INFO)pbData)) return FALSE;
3355
3356             if (!lookup_handle(&handle_table, pCryptHash->hKey, RSAENH_MAGIC_KEY, 
3357                                (OBJECTHDR**)&pCryptKey)) 
3358             {
3359                 SetLastError(NTE_FAIL); /* FIXME: correct error code? */
3360                 return FALSE;
3361             }
3362
3363             for (i=0; i<RSAENH_MIN(pCryptKey->dwKeyLen,pCryptHash->pHMACInfo->cbInnerString); i++) {
3364                 pCryptHash->pHMACInfo->pbInnerString[i] ^= pCryptKey->abKeyValue[i];
3365             }
3366             for (i=0; i<RSAENH_MIN(pCryptKey->dwKeyLen,pCryptHash->pHMACInfo->cbOuterString); i++) {
3367                 pCryptHash->pHMACInfo->pbOuterString[i] ^= pCryptKey->abKeyValue[i];
3368             }
3369             
3370             init_hash(pCryptHash);
3371             return TRUE;
3372
3373         case HP_HASHVAL:
3374             memcpy(pCryptHash->abHashValue, pbData, pCryptHash->dwHashSize);
3375             pCryptHash->dwState = RSAENH_HASHSTATE_FINISHED;
3376             return TRUE;
3377            
3378         case HP_TLS1PRF_SEED:
3379             return copy_data_blob(&pCryptHash->tpPRFParams.blobSeed, (PCRYPT_DATA_BLOB)pbData);
3380
3381         case HP_TLS1PRF_LABEL:
3382             return copy_data_blob(&pCryptHash->tpPRFParams.blobLabel, (PCRYPT_DATA_BLOB)pbData);
3383             
3384         default:
3385             SetLastError(NTE_BAD_TYPE);
3386             return FALSE;
3387     }
3388 }
3389
3390 /******************************************************************************
3391  * CPSetProvParam (RSAENH.@)
3392  */
3393 BOOL WINAPI RSAENH_CPSetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, DWORD dwFlags)
3394 {
3395     FIXME("(stub)\n");
3396     return FALSE;
3397 }
3398
3399 /******************************************************************************
3400  * CPSignHash (RSAENH.@)
3401  *
3402  * Sign a hash object
3403  *
3404  * PARAMS
3405  *  hProv        [I]   The key container, to which the hash object belongs.
3406  *  hHash        [I]   The hash object to be signed.
3407  *  dwKeySpec    [I]   AT_SIGNATURE or AT_KEYEXCHANGE: Key used to generate the signature.
3408  *  sDescription [I]   Should be NULL for security reasons. 
3409  *  dwFlags      [I]   0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
3410  *  pbSignature  [O]   Buffer, to which the signature will be stored. May be NULL to query SigLen.
3411  *  pdwSigLen    [I/O] Size of the buffer (in), Length of the signature (out)
3412  *
3413  * RETURNS
3414  *  Success: TRUE
3415  *  Failure: FALSE
3416  */
3417 BOOL WINAPI RSAENH_CPSignHash(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwKeySpec, 
3418                               LPCWSTR sDescription, DWORD dwFlags, BYTE *pbSignature, 
3419                               DWORD *pdwSigLen)
3420 {
3421     HCRYPTKEY hCryptKey;
3422     CRYPTKEY *pCryptKey;
3423     DWORD dwHashLen;
3424     BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
3425     ALG_ID aiAlgid;
3426
3427     TRACE("(hProv=%08lx, hHash=%08lx, dwKeySpec=%08lx, sDescription=%s, dwFlags=%08lx, "
3428         "pbSignature=%p, pdwSigLen=%p)\n", hProv, hHash, dwKeySpec, debugstr_w(sDescription),
3429         dwFlags, pbSignature, pdwSigLen);
3430
3431     if (dwFlags & ~(CRYPT_NOHASHOID|CRYPT_X931_FORMAT)) {
3432         SetLastError(NTE_BAD_FLAGS);
3433         return FALSE;
3434     }
3435     
3436     if (!RSAENH_CPGetUserKey(hProv, dwKeySpec, &hCryptKey)) return FALSE;
3437             
3438     if (!lookup_handle(&handle_table, (unsigned int)hCryptKey, RSAENH_MAGIC_KEY, 
3439                        (OBJECTHDR**)&pCryptKey))
3440     {
3441         SetLastError(NTE_NO_KEY);
3442         return FALSE;
3443     }
3444
3445     if (!pbSignature) {
3446         *pdwSigLen = pCryptKey->dwKeyLen;
3447         return TRUE;
3448     }
3449     if (pCryptKey->dwKeyLen > *pdwSigLen)
3450     {
3451         SetLastError(ERROR_MORE_DATA);
3452         *pdwSigLen = pCryptKey->dwKeyLen;
3453         return FALSE;
3454     }
3455     *pdwSigLen = pCryptKey->dwKeyLen;
3456
3457     if (sDescription) {
3458         if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription, 
3459                                 (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
3460         {
3461             return FALSE;
3462         }
3463     }
3464     
3465     dwHashLen = sizeof(DWORD);
3466     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
3467     
3468     dwHashLen = RSAENH_MAX_HASH_SIZE;
3469     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
3470  
3471
3472     if (!build_hash_signature(pbSignature, *pdwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
3473         return FALSE;
3474     }
3475
3476     return encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbSignature, pbSignature, RSAENH_ENCRYPT);
3477 }
3478
3479 /******************************************************************************
3480  * CPVerifySignature (RSAENH.@)
3481  *
3482  * Verify the signature of a hash object.
3483  * 
3484  * PARAMS
3485  *  hProv        [I] The key container, to which the hash belongs.
3486  *  hHash        [I] The hash for which the signature is verified.
3487  *  pbSignature  [I] The binary signature.
3488  *  dwSigLen     [I] Length of the signature BLOB.
3489  *  hPubKey      [I] Public key used to verify the signature.
3490  *  sDescription [I] Should be NULL for security reasons.
3491  *  dwFlags      [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
3492  *
3493  * RETURNS
3494  *  Success: TRUE  (Signature is valid)
3495  *  Failure: FALSE (GetLastError() == NTE_BAD_SIGNATURE, if signature is invalid)
3496  */
3497 BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST BYTE *pbSignature, 
3498                                      DWORD dwSigLen, HCRYPTKEY hPubKey, LPCWSTR sDescription, 
3499                                      DWORD dwFlags)
3500 {
3501     BYTE *pbConstructed = NULL, *pbDecrypted = NULL;
3502     CRYPTKEY *pCryptKey;
3503     DWORD dwHashLen;
3504     ALG_ID aiAlgid;
3505     BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
3506     BOOL res = FALSE;
3507
3508     TRACE("(hProv=%08lx, hHash=%08lx, pbSignature=%p, dwSigLen=%ld, hPubKey=%08lx, sDescription=%s, "
3509           "dwFlags=%08lx)\n", hProv, hHash, pbSignature, dwSigLen, hPubKey, debugstr_w(sDescription),
3510           dwFlags);
3511         
3512     if (dwFlags & ~(CRYPT_NOHASHOID|CRYPT_X931_FORMAT)) {
3513         SetLastError(NTE_BAD_FLAGS);
3514         return FALSE;
3515     }
3516     
3517     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3518     {
3519         SetLastError(NTE_BAD_UID);
3520         return FALSE;
3521     }
3522  
3523     if (!lookup_handle(&handle_table, (unsigned int)hPubKey, RSAENH_MAGIC_KEY, 
3524                        (OBJECTHDR**)&pCryptKey))
3525     {
3526         SetLastError(NTE_BAD_KEY);
3527         return FALSE;
3528     }
3529
3530     if (sDescription) {
3531         if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription, 
3532                                 (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
3533         {
3534             return FALSE;
3535         }
3536     }
3537     
3538     dwHashLen = sizeof(DWORD);
3539     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
3540     
3541     dwHashLen = RSAENH_MAX_HASH_SIZE;
3542     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
3543
3544     pbConstructed = HeapAlloc(GetProcessHeap(), 0, dwSigLen);
3545     if (!pbConstructed) {
3546         SetLastError(NTE_NO_MEMORY);
3547         goto cleanup;
3548     }
3549
3550     pbDecrypted = HeapAlloc(GetProcessHeap(), 0, dwSigLen);
3551     if (!pbDecrypted) {
3552         SetLastError(NTE_NO_MEMORY);
3553         goto cleanup;
3554     }
3555
3556     if (!encrypt_block_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbSignature, pbDecrypted, 
3557                             RSAENH_DECRYPT)) 
3558     {
3559         goto cleanup;
3560     }
3561
3562     if (!build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
3563         goto cleanup;
3564     }
3565
3566     if (memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
3567         SetLastError(NTE_BAD_SIGNATURE);
3568         goto cleanup;
3569     }
3570     
3571     res = TRUE;
3572 cleanup:
3573     HeapFree(GetProcessHeap(), 0, pbConstructed);
3574     HeapFree(GetProcessHeap(), 0, pbDecrypted);
3575     return res;
3576 }
3577
3578 static const WCHAR szProviderKeys[4][97] = {
3579     {   'S','o','f','t','w','a','r','e','\\',
3580         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
3581         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
3582         'i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ','B','a','s',
3583         'e',' ','C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r',
3584         'o','v','i','d','e','r',' ','v','1','.','0',0 },
3585     {   'S','o','f','t','w','a','r','e','\\',
3586         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
3587         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
3588         'i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ',
3589         'E','n','h','a','n','c','e','d',
3590         ' ','C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r',
3591         'o','v','i','d','e','r',' ','v','1','.','0',0 },
3592     {   'S','o','f','t','w','a','r','e','\\',
3593         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
3594         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
3595         'i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ','S','t','r','o','n','g',
3596         ' ','C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r',
3597         'o','v','i','d','e','r',0 },
3598     {   'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
3599         'C','r','y','p','t','o','g','r','a','p','h','y','\\','D','e','f','a','u','l','t','s','\\',
3600         'P','r','o','v','i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ',
3601         'R','S','A',' ','S','C','h','a','n','n','e','l',' ',
3602         'C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r','o','v','i','d','e','r',0 }
3603 };
3604 static const WCHAR szDefaultKeys[2][65] = {
3605     {   'S','o','f','t','w','a','r','e','\\',
3606         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
3607         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
3608         'i','d','e','r',' ','T','y','p','e','s','\\','T','y','p','e',' ','0','0','1',0 },
3609     {   'S','o','f','t','w','a','r','e','\\',
3610         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
3611         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
3612         'i','d','e','r',' ','T','y','p','e','s','\\','T','y','p','e',' ','0','1','2',0 }
3613 };
3614
3615
3616 /******************************************************************************
3617  * DllRegisterServer (RSAENH.@)
3618  *
3619  * Dll self registration. 
3620  *
3621  * PARAMS
3622  *
3623  * RETURNS
3624  *  Success: S_OK.
3625  *    Failure: != S_OK
3626  * 
3627  * NOTES
3628  *  Registers the following keys:
3629  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider\
3630  *       Microsoft Base Cryptographic Provider v1.0
3631  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider\
3632  *       Microsoft Enhanced Cryptographic Provider
3633  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider\
3634  *       Microsoft Strong Cryptographpic Provider
3635  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001
3636  */
3637 HRESULT WINAPI DllRegisterServer(void)
3638 {
3639     HKEY key;
3640     DWORD dp;
3641     long apiRet;
3642     int i;
3643
3644     for (i=0; i<4; i++) {
3645         apiRet = RegCreateKeyExW(HKEY_LOCAL_MACHINE, szProviderKeys[i], 0, NULL,
3646             REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, &dp);
3647
3648         if (apiRet == ERROR_SUCCESS)
3649         {
3650             if (dp == REG_CREATED_NEW_KEY)
3651             {
3652                 static const WCHAR szImagePath[] = { 'I','m','a','g','e',' ','P','a','t','h',0 };
3653                 static const WCHAR szRSABase[] = { 'r','s','a','e','n','h','.','d','l','l',0 };
3654                 static const WCHAR szType[] = { 'T','y','p','e',0 };
3655                 static const WCHAR szSignature[] = { 'S','i','g','n','a','t','u','r','e',0 };
3656                 DWORD type = (i == 3) ? PROV_RSA_SCHANNEL : PROV_RSA_FULL;
3657                 DWORD sign = 0xdeadbeef;
3658                 RegSetValueExW(key, szImagePath, 0, REG_SZ, (LPBYTE)szRSABase, 
3659                                (lstrlenW(szRSABase) + 1) * sizeof(WCHAR));
3660                 RegSetValueExW(key, szType, 0, REG_DWORD, (LPBYTE)&type, sizeof(type));
3661                 RegSetValueExW(key, szSignature, 0, REG_BINARY, (LPBYTE)&sign, sizeof(sign));
3662             }
3663             RegCloseKey(key);
3664         }
3665     }
3666     
3667     for (i=0; i<2; i++) {
3668         apiRet = RegCreateKeyExW(HKEY_LOCAL_MACHINE, szDefaultKeys[i], 0, NULL, 
3669                                  REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, &dp);
3670         if (apiRet == ERROR_SUCCESS)
3671         {
3672             if (dp == REG_CREATED_NEW_KEY)
3673             {
3674                 static const WCHAR szName[] = { 'N','a','m','e',0 };
3675                 static const WCHAR szRSAName[2][46] = {
3676                   { 'M','i','c','r','o','s','o','f','t',' ', 'B','a','s','e',' ',
3677                     'C','r','y','p','t','o','g','r','a','p','h','i','c',' ', 
3678                     'P','r','o','v','i','d','e','r',' ','v','1','.','0',0 },
3679                   { 'M','i','c','r','o','s','o','f','t',' ','R','S','A',' ',
3680                     'S','C','h','a','n','n','e','l',' ',
3681                     'C','r','y','p','t','o','g','r','a','p','h','i','c',' ',
3682                     'P','r','o','v','i','d','e','r',0 } };
3683                 static const WCHAR szTypeName[] = { 'T','y','p','e','N','a','m','e',0 };
3684                 static const WCHAR szRSATypeName[2][38] = { 
3685                   { 'R','S','A',' ','F','u','l','l',' ',
3686                        '(','S','i','g','n','a','t','u','r','e',' ','a','n','d',' ',
3687                     'K','e','y',' ','E','x','c','h','a','n','g','e',')',0 },
3688                   { 'R','S','A',' ','S','C','h','a','n','n','e','l',0 } };
3689
3690                 RegSetValueExW(key, szName, 0, REG_SZ, 
3691                                 (LPBYTE)szRSAName[i], lstrlenW(szRSAName[i])*sizeof(WCHAR)+sizeof(WCHAR));
3692                 RegSetValueExW(key, szTypeName, 0, REG_SZ, 
3693                                 (LPBYTE)szRSATypeName[i], lstrlenW(szRSATypeName[i])*sizeof(WCHAR)+sizeof(WCHAR));
3694             }
3695         }
3696         RegCloseKey(key);
3697     }
3698     
3699     return HRESULT_FROM_WIN32(apiRet);
3700 }
3701
3702 /******************************************************************************
3703  * DllUnregisterServer (RSAENH.@)
3704  *
3705  * Dll self unregistration. 
3706  *
3707  * PARAMS
3708  *
3709  * RETURNS
3710  *  Success: S_OK
3711  *
3712  * NOTES
3713  *  For the relevant keys see DllRegisterServer.
3714  */
3715 HRESULT WINAPI DllUnregisterServer(void)
3716 {
3717     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[0]);
3718     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[1]);
3719     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[2]);
3720     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[3]);
3721     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szDefaultKeys[0]);
3722     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szDefaultKeys[1]);
3723     return S_OK;
3724 }