comctl32/listview: Edit box should be destroyed on invalid index too (LVM_EDITLABEL).
[wine] / dlls / rsaenh / rsaenh.c
1 /*
2  * dlls/rsaenh/rsaenh.c
3  * RSAENH - RSA encryption for Wine
4  *
5  * Copyright 2002 TransGaming Technologies (David Hammerton)
6  * Copyright 2004 Mike McCormack for CodeWeavers
7  * Copyright 2004, 2005 Michael Jung
8  * Copyright 2007 Vijay Kiran Kamuju
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2.1 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, write to the Free Software
22  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23  */
24
25 #include "config.h"
26 #include "wine/port.h"
27 #include "wine/library.h"
28 #include "wine/debug.h"
29
30 #include <stdarg.h>
31 #include <stdio.h>
32
33 #include "windef.h"
34 #include "winbase.h"
35 #include "winreg.h"
36 #include "wincrypt.h"
37 #include "handle.h"
38 #include "implglue.h"
39 #include "objbase.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
42
43 /******************************************************************************
44  * CRYPTHASH - hash objects
45  */
46 #define RSAENH_MAGIC_HASH           0x85938417u
47 #define RSAENH_MAX_HASH_SIZE        104
48 #define RSAENH_HASHSTATE_HASHING    1
49 #define RSAENH_HASHSTATE_FINISHED   2
50 typedef struct _RSAENH_TLS1PRF_PARAMS
51 {
52     CRYPT_DATA_BLOB blobLabel;
53     CRYPT_DATA_BLOB blobSeed;
54 } RSAENH_TLS1PRF_PARAMS;
55
56 typedef struct tagCRYPTHASH
57 {
58     OBJECTHDR    header;
59     ALG_ID       aiAlgid;
60     HCRYPTKEY    hKey;
61     HCRYPTPROV   hProv;
62     DWORD        dwHashSize;
63     DWORD        dwState;
64     HASH_CONTEXT context;
65     BYTE         abHashValue[RSAENH_MAX_HASH_SIZE];
66     PHMAC_INFO   pHMACInfo;
67     RSAENH_TLS1PRF_PARAMS tpPRFParams;
68 } CRYPTHASH;
69
70 /******************************************************************************
71  * CRYPTKEY - key objects
72  */
73 #define RSAENH_MAGIC_KEY           0x73620457u
74 #define RSAENH_MAX_KEY_SIZE        48
75 #define RSAENH_MAX_BLOCK_SIZE      24
76 #define RSAENH_KEYSTATE_IDLE       0
77 #define RSAENH_KEYSTATE_ENCRYPTING 1
78 #define RSAENH_KEYSTATE_MASTERKEY  2
79 typedef struct _RSAENH_SCHANNEL_INFO 
80 {
81     SCHANNEL_ALG saEncAlg;
82     SCHANNEL_ALG saMACAlg;
83     CRYPT_DATA_BLOB blobClientRandom;
84     CRYPT_DATA_BLOB blobServerRandom;
85 } RSAENH_SCHANNEL_INFO;
86
87 typedef struct tagCRYPTKEY
88 {
89     OBJECTHDR   header;
90     ALG_ID      aiAlgid;
91     HCRYPTPROV  hProv;
92     DWORD       dwMode;
93     DWORD       dwModeBits;
94     DWORD       dwPermissions;
95     DWORD       dwKeyLen;
96     DWORD       dwEffectiveKeyLen;
97     DWORD       dwSaltLen;
98     DWORD       dwBlockLen;
99     DWORD       dwState;
100     KEY_CONTEXT context;    
101     BYTE        abKeyValue[RSAENH_MAX_KEY_SIZE];
102     BYTE        abInitVector[RSAENH_MAX_BLOCK_SIZE];
103     BYTE        abChainVector[RSAENH_MAX_BLOCK_SIZE];
104     RSAENH_SCHANNEL_INFO siSChannelInfo;
105 } CRYPTKEY;
106
107 /******************************************************************************
108  * KEYCONTAINER - key containers
109  */
110 #define RSAENH_PERSONALITY_BASE        0u
111 #define RSAENH_PERSONALITY_STRONG      1u
112 #define RSAENH_PERSONALITY_ENHANCED    2u
113 #define RSAENH_PERSONALITY_SCHANNEL    3u
114 #define RSAENH_PERSONALITY_AES         4u
115
116 #define RSAENH_MAGIC_CONTAINER         0x26384993u
117 typedef struct tagKEYCONTAINER
118 {
119     OBJECTHDR    header;
120     DWORD        dwFlags;
121     DWORD        dwPersonality;
122     DWORD        dwEnumAlgsCtr;
123     DWORD        dwEnumContainersCtr;
124     CHAR         szName[MAX_PATH];
125     CHAR         szProvName[MAX_PATH];
126     HCRYPTKEY    hKeyExchangeKeyPair;
127     HCRYPTKEY    hSignatureKeyPair;
128 } KEYCONTAINER;
129
130 /******************************************************************************
131  * Some magic constants
132  */
133 #define RSAENH_ENCRYPT                    1
134 #define RSAENH_DECRYPT                    0    
135 #define RSAENH_HMAC_DEF_IPAD_CHAR      0x36
136 #define RSAENH_HMAC_DEF_OPAD_CHAR      0x5c
137 #define RSAENH_HMAC_DEF_PAD_LEN          64
138 #define RSAENH_DES_EFFECTIVE_KEYLEN      56
139 #define RSAENH_DES_STORAGE_KEYLEN        64
140 #define RSAENH_3DES112_EFFECTIVE_KEYLEN 112
141 #define RSAENH_3DES112_STORAGE_KEYLEN   128
142 #define RSAENH_3DES_EFFECTIVE_KEYLEN    168
143 #define RSAENH_3DES_STORAGE_KEYLEN      192
144 #define RSAENH_MAGIC_RSA2        0x32415352
145 #define RSAENH_MAGIC_RSA1        0x31415352
146 #define RSAENH_PKC_BLOCKTYPE           0x02
147 #define RSAENH_SSL3_VERSION_MAJOR         3
148 #define RSAENH_SSL3_VERSION_MINOR         0
149 #define RSAENH_TLS1_VERSION_MAJOR         3
150 #define RSAENH_TLS1_VERSION_MINOR         1
151 #define RSAENH_REGKEY "Software\\Wine\\Crypto\\RSA\\%s"
152
153 #define RSAENH_MIN(a,b) ((a)<(b)?(a):(b))
154 /******************************************************************************
155  * aProvEnumAlgsEx - Defines the capabilities of the CSP personalities.
156  */
157 #define RSAENH_MAX_ENUMALGS 24
158 #define RSAENH_PCT1_SSL2_SSL3_TLS1 (CRYPT_FLAG_PCT1|CRYPT_FLAG_SSL2|CRYPT_FLAG_SSL3|CRYPT_FLAG_TLS1)
159 static const PROV_ENUMALGS_EX aProvEnumAlgsEx[5][RSAENH_MAX_ENUMALGS+1] =
160 {
161  {
162   {CALG_RC2,       40, 40,   56,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
163   {CALG_RC4,       40, 40,   56,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
164   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
165   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
166   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
167   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
168   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
169   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
170   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
171   {CALG_RSA_SIGN, 512,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
172   {CALG_RSA_KEYX, 512,384, 1024,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
173   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
174   {0,               0,  0,    0,0,                    1,"",         1,""}
175  },
176  {
177   {CALG_RC2,      128, 40,  128,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
178   {CALG_RC4,      128, 40,  128,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
179   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
180   {CALG_3DES_112, 112,112,  112,0,                   13,"3DES TWO KEY",19,"Two Key Triple DES"},
181   {CALG_3DES,     168,168,  168,0,                    5,"3DES",    21,"Three Key Triple DES"},
182   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
183   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
184   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
185   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
186   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
187   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
188   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
189   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
190   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
191   {0,               0,  0,    0,0,                    1,"",         1,""}
192  },
193  {
194   {CALG_RC2,      128, 40,  128,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
195   {CALG_RC4,      128, 40,  128,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
196   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
197   {CALG_3DES_112, 112,112,  112,0,                   13,"3DES TWO KEY",19,"Two Key Triple DES"},
198   {CALG_3DES,     168,168,  168,0,                    5,"3DES",    21,"Three Key Triple DES"},
199   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
200   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
201   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
202   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
203   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
204   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
205   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
206   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
207   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
208   {0,               0,  0,    0,0,                    1,"",         1,""}
209  },
210  {
211   {CALG_RC2,      128, 40,  128,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"RC2",        24,"RSA Data Security's RC2"},
212   {CALG_RC4,      128, 40,  128,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"RC4",        24,"RSA Data Security's RC4"},
213   {CALG_DES,       56, 56,   56,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"DES",        31,"Data Encryption Standard (DES)"},
214   {CALG_3DES_112, 112,112,  112,RSAENH_PCT1_SSL2_SSL3_TLS1,13,"3DES TWO KEY",19,"Two Key Triple DES"},
215   {CALG_3DES,     168,168,  168,RSAENH_PCT1_SSL2_SSL3_TLS1, 5,"3DES",       21,"Three Key Triple DES"},
216   {CALG_SHA,160,160,160,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,6,"SHA-1",30,"Secure Hash Algorithm (SHA-1)"},
217   {CALG_MD5,128,128,128,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,4,"MD5",23,"Message Digest 5 (MD5)"},
218   {CALG_SSL3_SHAMD5,288,288,288,0,                         12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
219   {CALG_MAC,        0,  0,    0,0,                          4,"MAC",        28,"Message Authentication Code"},
220   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,9,"RSA_SIGN",14,"RSA Signature"},
221   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,9,"RSA_KEYX",17,"RSA Key Exchange"},
222   {CALG_HMAC,       0,  0,    0,0,                          5,"HMAC",       18,"Hugo's MAC (HMAC)"},
223   {CALG_PCT1_MASTER,128,128,128,CRYPT_FLAG_PCT1,           12,"PCT1 MASTER",12,"PCT1 Master"},
224   {CALG_SSL2_MASTER,40,40,  192,CRYPT_FLAG_SSL2,           12,"SSL2 MASTER",12,"SSL2 Master"},
225   {CALG_SSL3_MASTER,384,384,384,CRYPT_FLAG_SSL3,           12,"SSL3 MASTER",12,"SSL3 Master"},
226   {CALG_TLS1_MASTER,384,384,384,CRYPT_FLAG_TLS1,           12,"TLS1 MASTER",12,"TLS1 Master"},
227   {CALG_SCHANNEL_MASTER_HASH,0,0,-1,0,                     16,"SCH MASTER HASH",21,"SChannel Master Hash"},
228   {CALG_SCHANNEL_MAC_KEY,0,0,-1,0,                         12,"SCH MAC KEY",17,"SChannel MAC Key"},
229   {CALG_SCHANNEL_ENC_KEY,0,0,-1,0,                         12,"SCH ENC KEY",24,"SChannel Encryption Key"},
230   {CALG_TLS1PRF,    0,  0,   -1,0,                          9,"TLS1 PRF",   28,"TLS1 Pseudo Random Function"},
231   {0,               0,  0,    0,0,                          1,"",            1,""}
232  },
233  {
234   {CALG_RC2,      128, 40,  128,0,                    4,"RC2",     24,"RSA Data Security's RC2"},
235   {CALG_RC4,      128, 40,  128,0,                    4,"RC4",     24,"RSA Data Security's RC4"},
236   {CALG_DES,       56, 56,   56,0,                    4,"DES",     31,"Data Encryption Standard (DES)"},
237   {CALG_3DES_112, 112,112,  112,0,                   13,"3DES TWO KEY",19,"Two Key Triple DES"},
238   {CALG_3DES,     168,168,  168,0,                    5,"3DES",    21,"Three Key Triple DES"},
239   {CALG_AES,      128,128,  128,0,                    4,"AES",     35,"Advanced Encryption Standard (AES)"},
240   {CALG_AES_128,  128,128,  128,0,                    8,"AES-128", 39,"Advanced Encryption Standard (AES-128)"},
241   {CALG_AES_192,  192,192,  192,0,                    8,"AES-192", 39,"Advanced Encryption Standard (AES-192)"},
242   {CALG_AES_256,  256,256,  256,0,                    8,"AES-256", 39,"Advanced Encryption Standard (AES-256)"},
243   {CALG_SHA,      160,160,  160,CRYPT_FLAG_SIGNING,   6,"SHA-1",   30,"Secure Hash Algorithm (SHA-1)"},
244   {CALG_MD2,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD2",     23,"Message Digest 2 (MD2)"},
245   {CALG_MD4,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD4",     23,"Message Digest 4 (MD4)"},
246   {CALG_MD5,      128,128,  128,CRYPT_FLAG_SIGNING,   4,"MD5",     23,"Message Digest 5 (MD5)"},
247   {CALG_SSL3_SHAMD5,288,288,288,0,                   12,"SSL3 SHAMD5",12,"SSL3 SHAMD5"},
248   {CALG_MAC,        0,  0,    0,0,                    4,"MAC",     28,"Message Authentication Code"},
249   {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
250   {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
251   {CALG_HMAC,       0,  0,    0,0,                    5,"HMAC",    18,"Hugo's MAC (HMAC)"},
252   {0,               0,  0,    0,0,                    1,"",         1,""}
253  }
254 };
255
256 /******************************************************************************
257  * API forward declarations
258  */
259 BOOL WINAPI 
260 RSAENH_CPGetKeyParam(
261     HCRYPTPROV hProv, 
262     HCRYPTKEY hKey, 
263     DWORD dwParam, 
264     BYTE *pbData, 
265     DWORD *pdwDataLen, 
266     DWORD dwFlags
267 );
268
269 BOOL WINAPI 
270 RSAENH_CPEncrypt(
271     HCRYPTPROV hProv, 
272     HCRYPTKEY hKey, 
273     HCRYPTHASH hHash, 
274     BOOL Final, 
275     DWORD dwFlags, 
276     BYTE *pbData,
277     DWORD *pdwDataLen, 
278     DWORD dwBufLen
279 );
280
281 BOOL WINAPI 
282 RSAENH_CPCreateHash(
283     HCRYPTPROV hProv, 
284     ALG_ID Algid, 
285     HCRYPTKEY hKey, 
286     DWORD dwFlags, 
287     HCRYPTHASH *phHash
288 );
289
290 BOOL WINAPI 
291 RSAENH_CPSetHashParam(
292     HCRYPTPROV hProv, 
293     HCRYPTHASH hHash, 
294     DWORD dwParam, 
295     BYTE *pbData, DWORD dwFlags
296 );
297
298 BOOL WINAPI 
299 RSAENH_CPGetHashParam(
300     HCRYPTPROV hProv, 
301     HCRYPTHASH hHash, 
302     DWORD dwParam, 
303     BYTE *pbData, 
304     DWORD *pdwDataLen, 
305     DWORD dwFlags
306 );
307
308 BOOL WINAPI 
309 RSAENH_CPDestroyHash(
310     HCRYPTPROV hProv, 
311     HCRYPTHASH hHash
312 );
313
314 static BOOL crypt_export_key(
315     CRYPTKEY *pCryptKey,
316     HCRYPTKEY hPubKey, 
317     DWORD dwBlobType, 
318     DWORD dwFlags, 
319     BOOL force,
320     BYTE *pbData, 
321     DWORD *pdwDataLen
322 );
323
324 static BOOL import_key(
325     HCRYPTPROV hProv, 
326     CONST BYTE *pbData, 
327     DWORD dwDataLen, 
328     HCRYPTKEY hPubKey, 
329     DWORD dwFlags, 
330     BOOL fStoreKey,
331     HCRYPTKEY *phKey
332 );
333
334 BOOL WINAPI 
335 RSAENH_CPHashData(
336     HCRYPTPROV hProv, 
337     HCRYPTHASH hHash, 
338     CONST BYTE *pbData, 
339     DWORD dwDataLen, 
340     DWORD dwFlags
341 );
342
343 /******************************************************************************
344  * CSP's handle table (used by all acquired key containers)
345  */
346 static struct handle_table handle_table;
347
348 /******************************************************************************
349  * DllMain (RSAENH.@)
350  *
351  * Initializes and destroys the handle table for the CSP's handles.
352  */
353 int WINAPI DllMain(HINSTANCE hInstance, DWORD fdwReason, PVOID pvReserved)
354 {
355     switch (fdwReason)
356     {
357         case DLL_PROCESS_ATTACH:
358             DisableThreadLibraryCalls(hInstance);
359             init_handle_table(&handle_table);
360             break;
361
362         case DLL_PROCESS_DETACH:
363             destroy_handle_table(&handle_table);
364             break;
365     }
366     return 1;
367 }
368
369 /******************************************************************************
370  * copy_param [Internal]
371  *
372  * Helper function that supports the standard WINAPI protocol for querying data
373  * of dynamic size.
374  *
375  * PARAMS
376  *  pbBuffer      [O]   Buffer where the queried parameter is copied to, if it is large enough.
377  *                      May be NUL if the required buffer size is to be queried only.
378  *  pdwBufferSize [I/O] In: Size of the buffer at pbBuffer
379  *                      Out: Size of parameter pbParam
380  *  pbParam       [I]   Parameter value.
381  *  dwParamSize   [I]   Size of pbParam
382  *
383  * RETURN
384  *  Success: TRUE (pbParam was copied into pbBuffer or pbBuffer is NULL)
385  *  Failure: FALSE (pbBuffer is not large enough to hold pbParam). Last error: ERROR_MORE_DATA
386  */
387 static inline BOOL copy_param(
388     BYTE *pbBuffer, DWORD *pdwBufferSize, CONST BYTE *pbParam, DWORD dwParamSize) 
389 {
390     if (pbBuffer) 
391     {
392         if (dwParamSize > *pdwBufferSize) 
393         {
394             SetLastError(ERROR_MORE_DATA);
395             *pdwBufferSize = dwParamSize;
396             return FALSE;
397         }
398         memcpy(pbBuffer, pbParam, dwParamSize);
399     }
400     *pdwBufferSize = dwParamSize;
401     return TRUE;
402 }
403
404 /******************************************************************************
405  * get_algid_info [Internal]
406  *
407  * Query CSP capabilities for a given crypto algorithm.
408  * 
409  * PARAMS
410  *  hProv [I] Handle to a key container of the CSP whose capabilities are to be queried.
411  *  algid [I] Identifier of the crypto algorithm about which information is requested.
412  *
413  * RETURNS
414  *  Success: Pointer to a PROV_ENUMALGS_EX struct containing information about the crypto algorithm.
415  *  Failure: NULL (algid not supported)
416  */
417 static inline const PROV_ENUMALGS_EX* get_algid_info(HCRYPTPROV hProv, ALG_ID algid) {
418     const PROV_ENUMALGS_EX *iterator;
419     KEYCONTAINER *pKeyContainer;
420
421     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER, (OBJECTHDR**)&pKeyContainer)) {
422         SetLastError(NTE_BAD_UID);
423         return NULL;
424     }
425
426     for (iterator = aProvEnumAlgsEx[pKeyContainer->dwPersonality]; iterator->aiAlgid; iterator++) {
427         if (iterator->aiAlgid == algid) return iterator;
428     }
429
430     SetLastError(NTE_BAD_ALGID);
431     return NULL;
432 }
433
434 /******************************************************************************
435  * copy_data_blob [Internal] 
436  *
437  * deeply copies a DATA_BLOB
438  *
439  * PARAMS
440  *  dst [O] That's where the blob will be copied to
441  *  src [I] Source blob
442  *
443  * RETURNS
444  *  Success: TRUE
445  *  Failure: FALSE (GetLastError() == NTE_NO_MEMORY
446  *
447  * NOTES
448  *  Use free_data_blob to release resources occupied by copy_data_blob.
449  */
450 static inline BOOL copy_data_blob(PCRYPT_DATA_BLOB dst, CONST PCRYPT_DATA_BLOB src) {
451     dst->pbData = HeapAlloc(GetProcessHeap(), 0, src->cbData);
452     if (!dst->pbData) {
453         SetLastError(NTE_NO_MEMORY);
454         return FALSE;
455     }    
456     dst->cbData = src->cbData;
457     memcpy(dst->pbData, src->pbData, src->cbData);
458     return TRUE;
459 }
460
461 /******************************************************************************
462  * concat_data_blobs [Internal]
463  *
464  * Concatenates two blobs
465  *
466  * PARAMS
467  *  dst  [O] The new blob will be copied here
468  *  src1 [I] Prefix blob
469  *  src2 [I] Appendix blob
470  *
471  * RETURNS
472  *  Success: TRUE
473  *  Failure: FALSE (GetLastError() == NTE_NO_MEMORY)
474  *
475  * NOTES
476  *  Release resources occupied by concat_data_blobs with free_data_blobs
477  */
478 static inline BOOL concat_data_blobs(PCRYPT_DATA_BLOB dst, CONST PCRYPT_DATA_BLOB src1, 
479                                      CONST PCRYPT_DATA_BLOB src2) 
480 {
481     dst->cbData = src1->cbData + src2->cbData;
482     dst->pbData = HeapAlloc(GetProcessHeap(), 0, dst->cbData);
483     if (!dst->pbData) {
484         SetLastError(NTE_NO_MEMORY);
485         return FALSE;
486     }
487     memcpy(dst->pbData, src1->pbData, src1->cbData);
488     memcpy(dst->pbData + src1->cbData, src2->pbData, src2->cbData);
489     return TRUE;
490 }
491
492 /******************************************************************************
493  * free_data_blob [Internal]
494  *
495  * releases resource occupied by a dynamically allocated CRYPT_DATA_BLOB
496  * 
497  * PARAMS
498  *  pBlob [I] Heap space occupied by pBlob->pbData is released
499  */
500 static inline void free_data_blob(PCRYPT_DATA_BLOB pBlob) {
501     HeapFree(GetProcessHeap(), 0, pBlob->pbData);
502 }
503
504 /******************************************************************************
505  * init_data_blob [Internal]
506  */
507 static inline void init_data_blob(PCRYPT_DATA_BLOB pBlob) {
508     pBlob->pbData = NULL;
509     pBlob->cbData = 0;
510 }
511
512 /******************************************************************************
513  * free_hmac_info [Internal]
514  *
515  * Deeply free an HMAC_INFO struct.
516  *
517  * PARAMS
518  *  hmac_info [I] Pointer to the HMAC_INFO struct to be freed.
519  *
520  * NOTES
521  *  See Internet RFC 2104 for details on the HMAC algorithm.
522  */
523 static inline void free_hmac_info(PHMAC_INFO hmac_info) {
524     if (!hmac_info) return;
525     HeapFree(GetProcessHeap(), 0, hmac_info->pbInnerString);
526     HeapFree(GetProcessHeap(), 0, hmac_info->pbOuterString);
527     HeapFree(GetProcessHeap(), 0, hmac_info);
528 }
529
530 /******************************************************************************
531  * copy_hmac_info [Internal]
532  *
533  * Deeply copy an HMAC_INFO struct
534  *
535  * PARAMS
536  *  dst [O] Pointer to a location where the pointer to the HMAC_INFO copy will be stored.
537  *  src [I] Pointer to the HMAC_INFO struct to be copied.
538  *
539  * RETURNS
540  *  Success: TRUE
541  *  Failure: FALSE
542  *
543  * NOTES
544  *  See Internet RFC 2104 for details on the HMAC algorithm.
545  */
546 static BOOL copy_hmac_info(PHMAC_INFO *dst, const HMAC_INFO *src) {
547     if (!src) return FALSE;
548     *dst = HeapAlloc(GetProcessHeap(), 0, sizeof(HMAC_INFO));
549     if (!*dst) return FALSE;
550     **dst = *src;
551     (*dst)->pbInnerString = NULL;
552     (*dst)->pbOuterString = NULL;
553     if ((*dst)->cbInnerString == 0) (*dst)->cbInnerString = RSAENH_HMAC_DEF_PAD_LEN;
554     (*dst)->pbInnerString = HeapAlloc(GetProcessHeap(), 0, (*dst)->cbInnerString);
555     if (!(*dst)->pbInnerString) {
556         free_hmac_info(*dst);
557         return FALSE;
558     }
559     if (src->cbInnerString) 
560         memcpy((*dst)->pbInnerString, src->pbInnerString, src->cbInnerString);
561     else 
562         memset((*dst)->pbInnerString, RSAENH_HMAC_DEF_IPAD_CHAR, RSAENH_HMAC_DEF_PAD_LEN);
563     if ((*dst)->cbOuterString == 0) (*dst)->cbOuterString = RSAENH_HMAC_DEF_PAD_LEN;
564     (*dst)->pbOuterString = HeapAlloc(GetProcessHeap(), 0, (*dst)->cbOuterString);
565     if (!(*dst)->pbOuterString) {
566         free_hmac_info(*dst);
567         return FALSE;
568     }
569     if (src->cbOuterString) 
570         memcpy((*dst)->pbOuterString, src->pbOuterString, src->cbOuterString);
571     else 
572         memset((*dst)->pbOuterString, RSAENH_HMAC_DEF_OPAD_CHAR, RSAENH_HMAC_DEF_PAD_LEN);
573     return TRUE;
574 }
575
576 /******************************************************************************
577  * destroy_hash [Internal]
578  *
579  * Destructor for hash objects
580  *
581  * PARAMS
582  *  pCryptHash [I] Pointer to the hash object to be destroyed. 
583  *                 Will be invalid after function returns!
584  */
585 static void destroy_hash(OBJECTHDR *pObject)
586 {
587     CRYPTHASH *pCryptHash = (CRYPTHASH*)pObject;
588         
589     free_hmac_info(pCryptHash->pHMACInfo);
590     free_data_blob(&pCryptHash->tpPRFParams.blobLabel);
591     free_data_blob(&pCryptHash->tpPRFParams.blobSeed);
592     HeapFree(GetProcessHeap(), 0, pCryptHash);
593 }
594
595 /******************************************************************************
596  * init_hash [Internal]
597  *
598  * Initialize (or reset) a hash object
599  *
600  * PARAMS
601  *  pCryptHash    [I] The hash object to be initialized.
602  */
603 static inline BOOL init_hash(CRYPTHASH *pCryptHash) {
604     DWORD dwLen;
605         
606     switch (pCryptHash->aiAlgid) 
607     {
608         case CALG_HMAC:
609             if (pCryptHash->pHMACInfo) { 
610                 const PROV_ENUMALGS_EX *pAlgInfo;
611                 
612                 pAlgInfo = get_algid_info(pCryptHash->hProv, pCryptHash->pHMACInfo->HashAlgid);
613                 if (!pAlgInfo) return FALSE;
614                 pCryptHash->dwHashSize = pAlgInfo->dwDefaultLen >> 3;
615                 init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context);
616                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
617                                  pCryptHash->pHMACInfo->pbInnerString, 
618                                  pCryptHash->pHMACInfo->cbInnerString);
619             }
620             return TRUE;
621             
622         case CALG_MAC:
623             dwLen = sizeof(DWORD);
624             RSAENH_CPGetKeyParam(pCryptHash->hProv, pCryptHash->hKey, KP_BLOCKLEN, 
625                                  (BYTE*)&pCryptHash->dwHashSize, &dwLen, 0);
626             pCryptHash->dwHashSize >>= 3;
627             return TRUE;
628
629         default:
630             return init_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context);
631     }
632 }
633
634 /******************************************************************************
635  * update_hash [Internal]
636  *
637  * Hashes the given data and updates the hash object's state accordingly
638  *
639  * PARAMS
640  *  pCryptHash [I] Hash object to be updated.
641  *  pbData     [I] Pointer to data stream to be hashed.
642  *  dwDataLen  [I] Length of data stream.
643  */
644 static inline void update_hash(CRYPTHASH *pCryptHash, CONST BYTE *pbData, DWORD dwDataLen) {
645     BYTE *pbTemp;
646
647     switch (pCryptHash->aiAlgid)
648     {
649         case CALG_HMAC:
650             if (pCryptHash->pHMACInfo) 
651                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context, 
652                                  pbData, dwDataLen);
653             break;
654
655         case CALG_MAC:
656             pbTemp = HeapAlloc(GetProcessHeap(), 0, dwDataLen);
657             if (!pbTemp) return;
658             memcpy(pbTemp, pbData, dwDataLen);
659             RSAENH_CPEncrypt(pCryptHash->hProv, pCryptHash->hKey, 0, FALSE, 0,
660                              pbTemp, &dwDataLen, dwDataLen);
661             HeapFree(GetProcessHeap(), 0, pbTemp);
662             break;
663
664         default:
665             update_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context, pbData, dwDataLen);
666     }
667 }
668
669 /******************************************************************************
670  * finalize_hash [Internal]
671  *
672  * Finalizes the hash, after all data has been hashed with update_hash.
673  * No additional data can be hashed afterwards until the hash gets initialized again.
674  *
675  * PARAMS
676  *  pCryptHash [I] Hash object to be finalized.
677  */
678 static inline void finalize_hash(CRYPTHASH *pCryptHash) {
679     DWORD dwDataLen;
680         
681     switch (pCryptHash->aiAlgid)
682     {
683         case CALG_HMAC:
684             if (pCryptHash->pHMACInfo) {
685                 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
686
687                 finalize_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context, 
688                                    pCryptHash->abHashValue);
689                 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
690                 init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context);
691                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
692                                  pCryptHash->pHMACInfo->pbOuterString, 
693                                  pCryptHash->pHMACInfo->cbOuterString);
694                 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
695                                  abHashValue, pCryptHash->dwHashSize);
696                 finalize_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
697                                    pCryptHash->abHashValue);
698             } 
699             break;
700
701         case CALG_MAC:
702             dwDataLen = 0;
703             RSAENH_CPEncrypt(pCryptHash->hProv, pCryptHash->hKey, 0, TRUE, 0,
704                              pCryptHash->abHashValue, &dwDataLen, pCryptHash->dwHashSize);
705             break;
706
707         default:
708             finalize_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context, pCryptHash->abHashValue);
709     }
710 }
711
712 /******************************************************************************
713  * destroy_key [Internal]
714  *
715  * Destructor for key objects
716  *
717  * PARAMS
718  *  pCryptKey [I] Pointer to the key object to be destroyed. 
719  *                Will be invalid after function returns!
720  */
721 static void destroy_key(OBJECTHDR *pObject)
722 {
723     CRYPTKEY *pCryptKey = (CRYPTKEY*)pObject;
724         
725     free_key_impl(pCryptKey->aiAlgid, &pCryptKey->context);
726     free_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom);
727     free_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom);
728     HeapFree(GetProcessHeap(), 0, pCryptKey);
729 }
730
731 /******************************************************************************
732  * setup_key [Internal]
733  *
734  * Initialize (or reset) a key object
735  *
736  * PARAMS
737  *  pCryptKey    [I] The key object to be initialized.
738  */
739 static inline void setup_key(CRYPTKEY *pCryptKey) {
740     pCryptKey->dwState = RSAENH_KEYSTATE_IDLE;
741     memcpy(pCryptKey->abChainVector, pCryptKey->abInitVector, sizeof(pCryptKey->abChainVector));
742     setup_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen, 
743                    pCryptKey->dwEffectiveKeyLen, pCryptKey->dwSaltLen,
744                    pCryptKey->abKeyValue);
745 }
746
747 /******************************************************************************
748  * new_key [Internal]
749  *
750  * Creates a new key object without assigning the actual binary key value. 
751  * This is done by CPDeriveKey, CPGenKey or CPImportKey, which call this function.
752  *
753  * PARAMS
754  *  hProv      [I] Handle to the provider to which the created key will belong.
755  *  aiAlgid    [I] The new key shall use the crypto algorithm idenfied by aiAlgid.
756  *  dwFlags    [I] Upper 16 bits give the key length.
757  *                 Lower 16 bits: CRYPT_EXPORTABLE, CRYPT_CREATE_SALT,
758  *                 CRYPT_NO_SALT
759  *  ppCryptKey [O] Pointer to the created key
760  *
761  * RETURNS
762  *  Success: Handle to the created key.
763  *  Failure: INVALID_HANDLE_VALUE
764  */
765 static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTKEY **ppCryptKey)
766 {
767     HCRYPTKEY hCryptKey;
768     CRYPTKEY *pCryptKey;
769     DWORD dwKeyLen = HIWORD(dwFlags);
770     const PROV_ENUMALGS_EX *peaAlgidInfo;
771
772     *ppCryptKey = NULL;
773     
774     /* 
775      * Retrieve the CSP's capabilities for the given ALG_ID value
776      */
777     peaAlgidInfo = get_algid_info(hProv, aiAlgid);
778     if (!peaAlgidInfo) return (HCRYPTKEY)INVALID_HANDLE_VALUE;
779
780     /*
781      * Assume the default key length, if none is specified explicitly
782      */
783     if (dwKeyLen == 0) dwKeyLen = peaAlgidInfo->dwDefaultLen;
784     
785     /*
786      * Check if the requested key length is supported by the current CSP.
787      * Adjust key length's for DES algorithms.
788      */
789     switch (aiAlgid) {
790         case CALG_DES:
791             if (dwKeyLen == RSAENH_DES_EFFECTIVE_KEYLEN) {
792                 dwKeyLen = RSAENH_DES_STORAGE_KEYLEN;
793             }
794             if (dwKeyLen != RSAENH_DES_STORAGE_KEYLEN) {
795                 SetLastError(NTE_BAD_FLAGS);
796                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
797             }
798             break;
799
800         case CALG_3DES_112:
801             if (dwKeyLen == RSAENH_3DES112_EFFECTIVE_KEYLEN) {
802                 dwKeyLen = RSAENH_3DES112_STORAGE_KEYLEN;
803             }
804             if (dwKeyLen != RSAENH_3DES112_STORAGE_KEYLEN) {
805                 SetLastError(NTE_BAD_FLAGS);
806                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
807             }
808             break;
809
810         case CALG_3DES:
811             if (dwKeyLen == RSAENH_3DES_EFFECTIVE_KEYLEN) {
812                 dwKeyLen = RSAENH_3DES_STORAGE_KEYLEN;
813             }
814             if (dwKeyLen != RSAENH_3DES_STORAGE_KEYLEN) {
815                 SetLastError(NTE_BAD_FLAGS);
816                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
817             }
818             break;
819         
820         default:
821             if (dwKeyLen % 8 || 
822                 dwKeyLen > peaAlgidInfo->dwMaxLen || 
823                 dwKeyLen < peaAlgidInfo->dwMinLen) 
824             {
825                 SetLastError(NTE_BAD_FLAGS);
826                 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
827             }
828     }
829
830     hCryptKey = new_object(&handle_table, sizeof(CRYPTKEY), RSAENH_MAGIC_KEY,
831                            destroy_key, (OBJECTHDR**)&pCryptKey);
832     if (hCryptKey != (HCRYPTKEY)INVALID_HANDLE_VALUE)
833     {
834         pCryptKey->aiAlgid = aiAlgid;
835         pCryptKey->hProv = hProv;
836         pCryptKey->dwModeBits = 0;
837         pCryptKey->dwPermissions = CRYPT_ENCRYPT | CRYPT_DECRYPT | CRYPT_READ | CRYPT_WRITE | 
838                                    CRYPT_MAC;
839         if (dwFlags & CRYPT_EXPORTABLE)
840             pCryptKey->dwPermissions |= CRYPT_EXPORT;
841         pCryptKey->dwKeyLen = dwKeyLen >> 3;
842         pCryptKey->dwEffectiveKeyLen = 0;
843         if ((dwFlags & CRYPT_CREATE_SALT) || (dwKeyLen == 40 && !(dwFlags & CRYPT_NO_SALT))) 
844             pCryptKey->dwSaltLen = 16 /*FIXME*/ - pCryptKey->dwKeyLen;
845         else
846             pCryptKey->dwSaltLen = 0;
847         memset(pCryptKey->abKeyValue, 0, sizeof(pCryptKey->abKeyValue));
848         memset(pCryptKey->abInitVector, 0, sizeof(pCryptKey->abInitVector));
849         init_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom);
850         init_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom);
851             
852         switch(aiAlgid)
853         {
854             case CALG_PCT1_MASTER:
855             case CALG_SSL2_MASTER:
856             case CALG_SSL3_MASTER:
857             case CALG_TLS1_MASTER:
858             case CALG_RC4:
859                 pCryptKey->dwBlockLen = 0;
860                 pCryptKey->dwMode = 0;
861                 break;
862
863             case CALG_RC2:
864             case CALG_DES:
865             case CALG_3DES_112:
866             case CALG_3DES:
867                 pCryptKey->dwBlockLen = 8;
868                 pCryptKey->dwMode = CRYPT_MODE_CBC;
869                 break;
870
871             case CALG_AES:
872             case CALG_AES_128:
873             case CALG_AES_192:
874             case CALG_AES_256:
875                 pCryptKey->dwBlockLen = 16;
876                 pCryptKey->dwMode = CRYPT_MODE_ECB;
877                 break;
878
879             case CALG_RSA_KEYX:
880             case CALG_RSA_SIGN:
881                 pCryptKey->dwBlockLen = dwKeyLen >> 3;
882                 pCryptKey->dwMode = 0;
883                 break;
884         }
885
886         *ppCryptKey = pCryptKey;
887     }
888
889     return hCryptKey;
890 }
891
892 /******************************************************************************
893  * map_key_spec_to_key_pair_name [Internal]
894  *
895  * Returns the name of the registry value associated with a key spec.
896  *
897  * PARAMS
898  *  dwKeySpec     [I] AT_KEYEXCHANGE or AT_SIGNATURE
899  *
900  * RETURNS
901  *  Success: Name of registry value.
902  *  Failure: NULL
903  */
904 static LPCSTR map_key_spec_to_key_pair_name(DWORD dwKeySpec)
905 {
906     LPCSTR szValueName;
907
908     switch (dwKeySpec)
909     {
910     case AT_KEYEXCHANGE:
911         szValueName = "KeyExchangeKeyPair";
912         break;
913     case AT_SIGNATURE:
914         szValueName = "SignatureKeyPair";
915         break;
916     default:
917         WARN("invalid key spec %d\n", dwKeySpec);
918         szValueName = NULL;
919     }
920     return szValueName;
921 }
922
923 /******************************************************************************
924  * store_key_pair [Internal]
925  *
926  * Stores a key pair to the registry
927  * 
928  * PARAMS
929  *  hCryptKey     [I] Handle to the key to be stored
930  *  hKey          [I] Registry key where the key pair is to be stored
931  *  dwKeySpec     [I] AT_KEYEXCHANGE or AT_SIGNATURE
932  *  dwFlags       [I] Flags for protecting the key
933  */
934 static void store_key_pair(HCRYPTKEY hCryptKey, HKEY hKey, DWORD dwKeySpec, DWORD dwFlags)
935 {
936     LPCSTR szValueName;
937     DATA_BLOB blobIn, blobOut;
938     CRYPTKEY *pKey;
939     DWORD dwLen;
940     BYTE *pbKey;
941
942     if (!(szValueName = map_key_spec_to_key_pair_name(dwKeySpec)))
943         return;
944     if (lookup_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY,
945                       (OBJECTHDR**)&pKey))
946     {
947         if (crypt_export_key(pKey, 0, PRIVATEKEYBLOB, 0, TRUE, 0, &dwLen))
948         {
949             pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
950             if (pbKey)
951             {
952                 if (crypt_export_key(pKey, 0, PRIVATEKEYBLOB, 0, TRUE, pbKey,
953                     &dwLen))
954                 {
955                     blobIn.pbData = pbKey;
956                     blobIn.cbData = dwLen;
957
958                     if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
959                         dwFlags, &blobOut))
960                     {
961                         RegSetValueExA(hKey, szValueName, 0, REG_BINARY,
962                                        blobOut.pbData, blobOut.cbData);
963                         LocalFree(blobOut.pbData);
964                     }
965                 }
966                 HeapFree(GetProcessHeap(), 0, pbKey);
967             }
968         }
969     }
970 }
971
972 /******************************************************************************
973  * map_key_spec_to_permissions_name [Internal]
974  *
975  * Returns the name of the registry value associated with the permissions for
976  * a key spec.
977  *
978  * PARAMS
979  *  dwKeySpec     [I] AT_KEYEXCHANGE or AT_SIGNATURE
980  *
981  * RETURNS
982  *  Success: Name of registry value.
983  *  Failure: NULL
984  */
985 static LPCSTR map_key_spec_to_permissions_name(DWORD dwKeySpec)
986 {
987     LPCSTR szValueName;
988
989     switch (dwKeySpec)
990     {
991     case AT_KEYEXCHANGE:
992         szValueName = "KeyExchangePermissions";
993         break;
994     case AT_SIGNATURE:
995         szValueName = "SignaturePermissions";
996         break;
997     default:
998         WARN("invalid key spec %d\n", dwKeySpec);
999         szValueName = NULL;
1000     }
1001     return szValueName;
1002 }
1003
1004 /******************************************************************************
1005  * store_key_permissions [Internal]
1006  *
1007  * Stores a key's permissions to the registry
1008  *
1009  * PARAMS
1010  *  hCryptKey     [I] Handle to the key whose permissions are to be stored
1011  *  hKey          [I] Registry key where the key permissions are to be stored
1012  *  dwKeySpec     [I] AT_KEYEXCHANGE or AT_SIGNATURE
1013  */
1014 static void store_key_permissions(HCRYPTKEY hCryptKey, HKEY hKey, DWORD dwKeySpec)
1015 {
1016     LPCSTR szValueName;
1017     CRYPTKEY *pKey;
1018
1019     if (!(szValueName = map_key_spec_to_permissions_name(dwKeySpec)))
1020         return;
1021     if (lookup_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY,
1022                       (OBJECTHDR**)&pKey))
1023         RegSetValueExA(hKey, szValueName, 0, REG_DWORD,
1024                        (BYTE *)&pKey->dwPermissions,
1025                        sizeof(pKey->dwPermissions));
1026 }
1027
1028 /******************************************************************************
1029  * create_container_key [Internal]
1030  *
1031  * Creates the registry key for a key container's persistent storage.
1032  * 
1033  * PARAMS
1034  *  pKeyContainer [I] Pointer to the key container
1035  *  sam           [I] Desired registry access
1036  *  phKey         [O] Returned key
1037  */
1038 static BOOL create_container_key(KEYCONTAINER *pKeyContainer, REGSAM sam, HKEY *phKey)
1039 {
1040     CHAR szRSABase[MAX_PATH];
1041     HKEY hRootKey;
1042
1043     sprintf(szRSABase, RSAENH_REGKEY, pKeyContainer->szName);
1044
1045     if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET)
1046         hRootKey = HKEY_LOCAL_MACHINE;
1047     else
1048         hRootKey = HKEY_CURRENT_USER;
1049
1050     /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1051     /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1052     return RegCreateKeyExA(hRootKey, szRSABase, 0, NULL,
1053                            REG_OPTION_NON_VOLATILE, sam, NULL, phKey, NULL)
1054                            == ERROR_SUCCESS;
1055 }
1056
1057 /******************************************************************************
1058  * open_container_key [Internal]
1059  *
1060  * Opens a key container's persistent storage for reading.
1061  *
1062  * PARAMS
1063  *  pszContainerName [I] Name of the container to be opened.  May be the empty
1064  *                       string if the parent key of all containers is to be
1065  *                       opened.
1066  *  dwFlags          [I] Flags indicating which keyset to be opened.
1067  *  phKey            [O] Returned key
1068  */
1069 static BOOL open_container_key(LPCSTR pszContainerName, DWORD dwFlags, HKEY *phKey)
1070 {
1071     CHAR szRSABase[MAX_PATH];
1072     HKEY hRootKey;
1073
1074     sprintf(szRSABase, RSAENH_REGKEY, pszContainerName);
1075
1076     if (dwFlags & CRYPT_MACHINE_KEYSET)
1077         hRootKey = HKEY_LOCAL_MACHINE;
1078     else
1079         hRootKey = HKEY_CURRENT_USER;
1080
1081     /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1082     /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1083     return RegOpenKeyExA(hRootKey, szRSABase, 0, KEY_READ, phKey) ==
1084                          ERROR_SUCCESS;
1085 }
1086
1087 /******************************************************************************
1088  * delete_container_key [Internal]
1089  *
1090  * Deletes a key container's persistent storage.
1091  *
1092  * PARAMS
1093  *  pszContainerName [I] Name of the container to be opened.
1094  *  dwFlags          [I] Flags indicating which keyset to be opened.
1095  */
1096 static BOOL delete_container_key(LPCSTR pszContainerName, DWORD dwFlags)
1097 {
1098     CHAR szRegKey[MAX_PATH];
1099
1100     if (snprintf(szRegKey, MAX_PATH, RSAENH_REGKEY, pszContainerName) >= MAX_PATH) {
1101         SetLastError(NTE_BAD_KEYSET_PARAM);
1102         return FALSE;
1103     } else {
1104         HKEY hRootKey;
1105         if (dwFlags & CRYPT_MACHINE_KEYSET)
1106             hRootKey = HKEY_LOCAL_MACHINE;
1107         else
1108             hRootKey = HKEY_CURRENT_USER;
1109         if (!RegDeleteKeyA(hRootKey, szRegKey)) {
1110             SetLastError(ERROR_SUCCESS);
1111             return TRUE;
1112         } else {
1113             SetLastError(NTE_BAD_KEYSET);
1114             return FALSE;
1115         }
1116     }
1117 }
1118
1119 /******************************************************************************
1120  * store_key_container_keys [Internal]
1121  *
1122  * Stores key container's keys in a persistent location.
1123  *
1124  * PARAMS
1125  *  pKeyContainer [I] Pointer to the key container whose keys are to be saved
1126  */
1127 static void store_key_container_keys(KEYCONTAINER *pKeyContainer)
1128 {
1129     HKEY hKey;
1130     DWORD dwFlags;
1131
1132     /* On WinXP, persistent keys are stored in a file located at:
1133      * $AppData$\\Microsoft\\Crypto\\RSA\\$SID$\\some_hex_string
1134      */
1135
1136     if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET)
1137         dwFlags = CRYPTPROTECT_LOCAL_MACHINE;
1138     else
1139         dwFlags = 0;
1140
1141     if (create_container_key(pKeyContainer, KEY_WRITE, &hKey))
1142     {
1143         store_key_pair(pKeyContainer->hKeyExchangeKeyPair, hKey,
1144                        AT_KEYEXCHANGE, dwFlags);
1145         store_key_pair(pKeyContainer->hSignatureKeyPair, hKey,
1146                        AT_SIGNATURE, dwFlags);
1147         RegCloseKey(hKey);
1148     }
1149 }
1150
1151 /******************************************************************************
1152  * store_key_container_permissions [Internal]
1153  *
1154  * Stores key container's key permissions in a persistent location.
1155  *
1156  * PARAMS
1157  *  pKeyContainer [I] Pointer to the key container whose key permissions are to
1158  *                    be saved
1159  */
1160 static void store_key_container_permissions(KEYCONTAINER *pKeyContainer)
1161 {
1162     HKEY hKey;
1163     DWORD dwFlags;
1164
1165     /* On WinXP, persistent keys are stored in a file located at:
1166      * $AppData$\\Microsoft\\Crypto\\RSA\\$SID$\\some_hex_string
1167      */
1168
1169     if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET)
1170         dwFlags = CRYPTPROTECT_LOCAL_MACHINE;
1171     else
1172         dwFlags = 0;
1173
1174     if (create_container_key(pKeyContainer, KEY_WRITE, &hKey))
1175     {
1176         store_key_permissions(pKeyContainer->hKeyExchangeKeyPair, hKey,
1177                        AT_KEYEXCHANGE);
1178         store_key_permissions(pKeyContainer->hSignatureKeyPair, hKey,
1179                        AT_SIGNATURE);
1180         RegCloseKey(hKey);
1181     }
1182 }
1183
1184 /******************************************************************************
1185  * release_key_container_keys [Internal]
1186  *
1187  * Releases key container's keys.
1188  *
1189  * PARAMS
1190  *  pKeyContainer [I] Pointer to the key container whose keys are to be released.
1191  */
1192 static void release_key_container_keys(KEYCONTAINER *pKeyContainer)
1193 {
1194     release_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair,
1195                    RSAENH_MAGIC_KEY);
1196     release_handle(&handle_table, pKeyContainer->hSignatureKeyPair,
1197                    RSAENH_MAGIC_KEY);
1198 }
1199
1200 /******************************************************************************
1201  * destroy_key_container [Internal]
1202  *
1203  * Destructor for key containers.
1204  *
1205  * PARAMS
1206  *  pObjectHdr [I] Pointer to the key container to be destroyed.
1207  */
1208 static void destroy_key_container(OBJECTHDR *pObjectHdr)
1209 {
1210     KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr;
1211
1212     if (!(pKeyContainer->dwFlags & CRYPT_VERIFYCONTEXT))
1213     {
1214         store_key_container_keys(pKeyContainer);
1215         store_key_container_permissions(pKeyContainer);
1216         release_key_container_keys(pKeyContainer);
1217     }
1218     HeapFree( GetProcessHeap(), 0, pKeyContainer );
1219 }
1220
1221 /******************************************************************************
1222  * new_key_container [Internal]
1223  *
1224  * Create a new key container. The personality (RSA Base, Strong or Enhanced CP) 
1225  * of the CSP is determined via the pVTable->pszProvName string.
1226  *
1227  * PARAMS
1228  *  pszContainerName [I] Name of the key container.
1229  *  pVTable          [I] Callback functions and context info provided by the OS
1230  *
1231  * RETURNS
1232  *  Success: Handle to the new key container.
1233  *  Failure: INVALID_HANDLE_VALUE
1234  */
1235 static HCRYPTPROV new_key_container(PCCH pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1236 {
1237     KEYCONTAINER *pKeyContainer;
1238     HCRYPTPROV hKeyContainer;
1239
1240     hKeyContainer = new_object(&handle_table, sizeof(KEYCONTAINER), RSAENH_MAGIC_CONTAINER,
1241                                destroy_key_container, (OBJECTHDR**)&pKeyContainer);
1242     if (hKeyContainer != (HCRYPTPROV)INVALID_HANDLE_VALUE)
1243     {
1244         lstrcpynA(pKeyContainer->szName, pszContainerName, MAX_PATH);
1245         pKeyContainer->dwFlags = dwFlags;
1246         pKeyContainer->dwEnumAlgsCtr = 0;
1247         pKeyContainer->hKeyExchangeKeyPair = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1248         pKeyContainer->hSignatureKeyPair = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1249         if (pVTable && pVTable->pszProvName) {
1250             lstrcpynA(pKeyContainer->szProvName, pVTable->pszProvName, MAX_PATH);
1251             if (!strcmp(pVTable->pszProvName, MS_DEF_PROV_A)) {
1252                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_BASE;
1253             } else if (!strcmp(pVTable->pszProvName, MS_ENHANCED_PROV_A)) {
1254                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_ENHANCED;
1255             } else if (!strcmp(pVTable->pszProvName, MS_DEF_RSA_SCHANNEL_PROV_A)) { 
1256                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_SCHANNEL;
1257             } else if (!strcmp(pVTable->pszProvName, MS_ENH_RSA_AES_PROV_A)) {
1258                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_AES;
1259             } else {
1260                 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_STRONG;
1261             }
1262         }
1263
1264         /* The new key container has to be inserted into the CSP immediately 
1265          * after creation to be available for CPGetProvParam's PP_ENUMCONTAINERS. */
1266         if (!(dwFlags & CRYPT_VERIFYCONTEXT)) {
1267             HKEY hKey;
1268
1269             if (create_container_key(pKeyContainer, KEY_WRITE, &hKey))
1270                 RegCloseKey(hKey);
1271         }
1272     }
1273
1274     return hKeyContainer;
1275 }
1276
1277 /******************************************************************************
1278  * read_key_value [Internal]
1279  *
1280  * Reads a key pair value from the registry
1281  *
1282  * PARAMS
1283  *  hKeyContainer [I] Crypt provider to use to import the key
1284  *  hKey          [I] Registry key from which to read the key pair
1285  *  dwKeySpec     [I] AT_KEYEXCHANGE or AT_SIGNATURE
1286  *  dwFlags       [I] Flags for unprotecting the key
1287  *  phCryptKey    [O] Returned key
1288  */
1289 static BOOL read_key_value(HCRYPTPROV hKeyContainer, HKEY hKey, DWORD dwKeySpec, DWORD dwFlags, HCRYPTKEY *phCryptKey)
1290 {
1291     LPCSTR szValueName;
1292     DWORD dwValueType, dwLen;
1293     BYTE *pbKey;
1294     DATA_BLOB blobIn, blobOut;
1295     BOOL ret = FALSE;
1296
1297     if (!(szValueName = map_key_spec_to_key_pair_name(dwKeySpec)))
1298         return FALSE;
1299     if (RegQueryValueExA(hKey, szValueName, 0, &dwValueType, NULL, &dwLen) ==
1300         ERROR_SUCCESS)
1301     {
1302         pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
1303         if (pbKey)
1304         {
1305             if (RegQueryValueExA(hKey, szValueName, 0, &dwValueType, pbKey, &dwLen) ==
1306                 ERROR_SUCCESS)
1307             {
1308                 blobIn.pbData = pbKey;
1309                 blobIn.cbData = dwLen;
1310
1311                 if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
1312                     dwFlags, &blobOut))
1313                 {
1314                     ret = import_key(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
1315                                      FALSE, phCryptKey);
1316                     LocalFree(blobOut.pbData);
1317                 }
1318             }
1319             HeapFree(GetProcessHeap(), 0, pbKey);
1320         }
1321     }
1322     if (ret)
1323     {
1324         CRYPTKEY *pKey;
1325
1326         if (lookup_handle(&handle_table, *phCryptKey, RSAENH_MAGIC_KEY,
1327                           (OBJECTHDR**)&pKey))
1328         {
1329             if ((szValueName = map_key_spec_to_permissions_name(dwKeySpec)))
1330             {
1331                 dwLen = sizeof(pKey->dwPermissions);
1332                 RegQueryValueExA(hKey, szValueName, 0, NULL,
1333                                  (BYTE *)&pKey->dwPermissions, &dwLen);
1334             }
1335         }
1336     }
1337     return ret;
1338 }
1339
1340 /******************************************************************************
1341  * read_key_container [Internal]
1342  *
1343  * Tries to read the persistent state of the key container (mainly the signature
1344  * and key exchange private keys) given by pszContainerName.
1345  *
1346  * PARAMS
1347  *  pszContainerName [I] Name of the key container to read from the registry
1348  *  pVTable          [I] Pointer to context data provided by the operating system
1349  *
1350  * RETURNS
1351  *  Success: Handle to the key container read from the registry
1352  *  Failure: INVALID_HANDLE_VALUE
1353  */
1354 static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1355 {
1356     HKEY hKey;
1357     KEYCONTAINER *pKeyContainer;
1358     HCRYPTPROV hKeyContainer;
1359     HCRYPTKEY hCryptKey;
1360
1361     if (!open_container_key(pszContainerName, dwFlags, &hKey))
1362     {
1363         SetLastError(NTE_BAD_KEYSET);
1364         return (HCRYPTPROV)INVALID_HANDLE_VALUE;
1365     }
1366
1367     hKeyContainer = new_key_container(pszContainerName, dwFlags, pVTable);
1368     if (hKeyContainer != (HCRYPTPROV)INVALID_HANDLE_VALUE)
1369     {
1370         DWORD dwProtectFlags = (dwFlags & CRYPT_MACHINE_KEYSET) ?
1371             CRYPTPROTECT_LOCAL_MACHINE : 0;
1372
1373         if (!lookup_handle(&handle_table, hKeyContainer, RSAENH_MAGIC_CONTAINER, 
1374                            (OBJECTHDR**)&pKeyContainer))
1375             return (HCRYPTPROV)INVALID_HANDLE_VALUE;
1376     
1377         if (read_key_value(hKeyContainer, hKey, AT_KEYEXCHANGE,
1378             dwProtectFlags, &hCryptKey))
1379             pKeyContainer->hKeyExchangeKeyPair = hCryptKey;
1380         if (read_key_value(hKeyContainer, hKey, AT_SIGNATURE,
1381             dwProtectFlags, &hCryptKey))
1382             pKeyContainer->hSignatureKeyPair = hCryptKey;
1383     }
1384
1385     return hKeyContainer;
1386 }
1387
1388 /******************************************************************************
1389  * build_hash_signature [Internal]
1390  *
1391  * Builds a padded version of a hash to match the length of the RSA key modulus.
1392  *
1393  * PARAMS
1394  *  pbSignature [O] The padded hash object is stored here.
1395  *  dwLen       [I] Length of the pbSignature buffer.
1396  *  aiAlgid     [I] Algorithm identifier of the hash to be padded.
1397  *  abHashValue [I] The value of the hash object.
1398  *  dwHashLen   [I] Length of the hash value.
1399  *  dwFlags     [I] Selection of padding algorithm.
1400  *
1401  * RETURNS
1402  *  Success: TRUE
1403  *  Failure: FALSE (NTE_BAD_ALGID)
1404  */
1405 static BOOL build_hash_signature(BYTE *pbSignature, DWORD dwLen, ALG_ID aiAlgid, 
1406                                  CONST BYTE *abHashValue, DWORD dwHashLen, DWORD dwFlags) 
1407 {
1408     /* These prefixes are meant to be concatenated with hash values of the
1409      * respective kind to form a PKCS #7 DigestInfo. */
1410     static const struct tagOIDDescriptor {
1411         ALG_ID aiAlgid;
1412         DWORD dwLen;
1413         CONST BYTE abOID[18];
1414     } aOIDDescriptor[5] = {
1415         { CALG_MD2, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1416                           0x86, 0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10 } },
1417         { CALG_MD4, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 
1418                           0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 } },
1419         { CALG_MD5, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1420                           0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 } },
1421         { CALG_SHA, 15, { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 
1422                           0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 } },
1423         { 0,        0,  { 0 } }
1424     };
1425     DWORD dwIdxOID, i, j;
1426
1427     for (dwIdxOID = 0; aOIDDescriptor[dwIdxOID].aiAlgid; dwIdxOID++) {
1428         if (aOIDDescriptor[dwIdxOID].aiAlgid == aiAlgid) break;
1429     }
1430     
1431     if (!aOIDDescriptor[dwIdxOID].aiAlgid) {
1432         SetLastError(NTE_BAD_ALGID);
1433         return FALSE;
1434     }
1435
1436     /* Build the padded signature */
1437     if (dwFlags & CRYPT_X931_FORMAT) {
1438         pbSignature[0] = 0x6b;
1439         for (i=1; i < dwLen - dwHashLen - 3; i++) {
1440             pbSignature[i] = 0xbb;
1441         }
1442         pbSignature[i++] = 0xba;
1443         for (j=0; j < dwHashLen; j++, i++) {
1444             pbSignature[i] = abHashValue[j];
1445         }
1446         pbSignature[i++] = 0x33;
1447         pbSignature[i++] = 0xcc;
1448     } else {
1449         pbSignature[0] = 0x00;
1450         pbSignature[1] = 0x01;
1451         if (dwFlags & CRYPT_NOHASHOID) {
1452             for (i=2; i < dwLen - 1 - dwHashLen; i++) {
1453                 pbSignature[i] = 0xff;
1454             }
1455             pbSignature[i++] = 0x00;
1456         } else {
1457             for (i=2; i < dwLen - 1 - aOIDDescriptor[dwIdxOID].dwLen - dwHashLen; i++) {
1458                 pbSignature[i] = 0xff;
1459             }
1460             pbSignature[i++] = 0x00;
1461             for (j=0; j < aOIDDescriptor[dwIdxOID].dwLen; j++) {
1462                 pbSignature[i++] = aOIDDescriptor[dwIdxOID].abOID[j];
1463             }
1464         }
1465         for (j=0; j < dwHashLen; j++) {
1466             pbSignature[i++] = abHashValue[j];
1467         }
1468     }
1469     
1470     return TRUE;
1471 }
1472
1473 /******************************************************************************
1474  * tls1_p [Internal]
1475  *
1476  * This is an implementation of the 'P_hash' helper function for TLS1's PRF.
1477  * It is used exclusively by tls1_prf. For details see RFC 2246, chapter 5.
1478  * The pseudo random stream generated by this function is exclusive or'ed with
1479  * the data in pbBuffer.
1480  *
1481  * PARAMS
1482  *  hHMAC       [I]   HMAC object, which will be used in pseudo random generation
1483  *  pblobSeed   [I]   Seed value
1484  *  pbBuffer    [I/O] Pseudo random stream will be xor'ed to the provided data
1485  *  dwBufferLen [I]   Number of pseudo random bytes desired
1486  *
1487  * RETURNS
1488  *  Success: TRUE
1489  *  Failure: FALSE
1490  */
1491 static BOOL tls1_p(HCRYPTHASH hHMAC, CONST PCRYPT_DATA_BLOB pblobSeed, PBYTE pbBuffer, DWORD dwBufferLen)
1492 {
1493     CRYPTHASH *pHMAC;
1494     BYTE abAi[RSAENH_MAX_HASH_SIZE];
1495     DWORD i = 0;
1496
1497     if (!lookup_handle(&handle_table, hHMAC, RSAENH_MAGIC_HASH, (OBJECTHDR**)&pHMAC)) {
1498         SetLastError(NTE_BAD_HASH);
1499         return FALSE;
1500     }
1501     
1502     /* compute A_1 = HMAC(seed) */
1503     init_hash(pHMAC);
1504     update_hash(pHMAC, pblobSeed->pbData, pblobSeed->cbData);
1505     finalize_hash(pHMAC);
1506     memcpy(abAi, pHMAC->abHashValue, pHMAC->dwHashSize);
1507
1508     do {
1509         /* compute HMAC(A_i + seed) */
1510         init_hash(pHMAC);
1511         update_hash(pHMAC, abAi, pHMAC->dwHashSize);
1512         update_hash(pHMAC, pblobSeed->pbData, pblobSeed->cbData);
1513         finalize_hash(pHMAC);
1514
1515         /* pseudo random stream := CONCAT_{i=1..n} ( HMAC(A_i + seed) ) */
1516         do {
1517             if (i >= dwBufferLen) break;
1518             pbBuffer[i] ^= pHMAC->abHashValue[i % pHMAC->dwHashSize];
1519             i++;
1520         } while (i % pHMAC->dwHashSize);
1521
1522         /* compute A_{i+1} = HMAC(A_i) */
1523         init_hash(pHMAC);
1524         update_hash(pHMAC, abAi, pHMAC->dwHashSize);
1525         finalize_hash(pHMAC);
1526         memcpy(abAi, pHMAC->abHashValue, pHMAC->dwHashSize);
1527     } while (i < dwBufferLen);
1528
1529     return TRUE;
1530 }
1531
1532 /******************************************************************************
1533  * tls1_prf [Internal]
1534  *
1535  * TLS1 pseudo random function as specified in RFC 2246, chapter 5
1536  *
1537  * PARAMS
1538  *  hProv       [I] Key container used to compute the pseudo random stream
1539  *  hSecret     [I] Key that holds the (pre-)master secret
1540  *  pblobLabel  [I] Descriptive label
1541  *  pblobSeed   [I] Seed value
1542  *  pbBuffer    [O] Pseudo random numbers will be stored here
1543  *  dwBufferLen [I] Number of pseudo random bytes desired
1544  *
1545  * RETURNS
1546  *  Success: TRUE
1547  *  Failure: FALSE
1548  */ 
1549 static BOOL tls1_prf(HCRYPTPROV hProv, HCRYPTPROV hSecret, CONST PCRYPT_DATA_BLOB pblobLabel,
1550                      CONST PCRYPT_DATA_BLOB pblobSeed, PBYTE pbBuffer, DWORD dwBufferLen)
1551 {
1552     HMAC_INFO hmacInfo = { 0, NULL, 0, NULL, 0 };
1553     HCRYPTHASH hHMAC = (HCRYPTHASH)INVALID_HANDLE_VALUE;
1554     HCRYPTKEY hHalfSecret = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1555     CRYPTKEY *pHalfSecret, *pSecret;
1556     DWORD dwHalfSecretLen;
1557     BOOL result = FALSE;
1558     CRYPT_DATA_BLOB blobLabelSeed;
1559
1560     TRACE("(hProv=%08lx, hSecret=%08lx, pblobLabel=%p, pblobSeed=%p, pbBuffer=%p, dwBufferLen=%d)\n",
1561           hProv, hSecret, pblobLabel, pblobSeed, pbBuffer, dwBufferLen);
1562
1563     if (!lookup_handle(&handle_table, hSecret, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pSecret)) {
1564         SetLastError(NTE_FAIL);
1565         return FALSE;
1566     }
1567
1568     dwHalfSecretLen = (pSecret->dwKeyLen+1)/2;
1569     
1570     /* concatenation of the label and the seed */
1571     if (!concat_data_blobs(&blobLabelSeed, pblobLabel, pblobSeed)) goto exit;
1572    
1573     /* zero out the buffer, since two random streams will be xor'ed into it. */
1574     memset(pbBuffer, 0, dwBufferLen);
1575    
1576     /* build a 'fake' key, to hold the secret. CALG_SSL2_MASTER is used since it provides
1577      * the biggest range of valid key lengths. */
1578     hHalfSecret = new_key(hProv, CALG_SSL2_MASTER, MAKELONG(0,dwHalfSecretLen*8), &pHalfSecret);
1579     if (hHalfSecret == (HCRYPTKEY)INVALID_HANDLE_VALUE) goto exit;
1580
1581     /* Derive an HMAC_MD5 hash and call the helper function. */
1582     memcpy(pHalfSecret->abKeyValue, pSecret->abKeyValue, dwHalfSecretLen);
1583     if (!RSAENH_CPCreateHash(hProv, CALG_HMAC, hHalfSecret, 0, &hHMAC)) goto exit;
1584     hmacInfo.HashAlgid = CALG_MD5;
1585     if (!RSAENH_CPSetHashParam(hProv, hHMAC, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0)) goto exit;
1586     if (!tls1_p(hHMAC, &blobLabelSeed, pbBuffer, dwBufferLen)) goto exit;
1587
1588     /* Reconfigure to HMAC_SHA hash and call helper function again. */
1589     memcpy(pHalfSecret->abKeyValue, pSecret->abKeyValue + (pSecret->dwKeyLen/2), dwHalfSecretLen);
1590     hmacInfo.HashAlgid = CALG_SHA;
1591     if (!RSAENH_CPSetHashParam(hProv, hHMAC, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0)) goto exit;
1592     if (!tls1_p(hHMAC, &blobLabelSeed, pbBuffer, dwBufferLen)) goto exit;
1593     
1594     result = TRUE;
1595 exit:
1596     release_handle(&handle_table, hHalfSecret, RSAENH_MAGIC_KEY);
1597     if (hHMAC != (HCRYPTHASH)INVALID_HANDLE_VALUE) RSAENH_CPDestroyHash(hProv, hHMAC);
1598     free_data_blob(&blobLabelSeed);
1599     return result;
1600 }
1601
1602 /******************************************************************************
1603  * pad_data [Internal]
1604  *
1605  * Helper function for data padding according to PKCS1 #2
1606  *
1607  * PARAMS
1608  *  abData      [I] The data to be padded
1609  *  dwDataLen   [I] Length of the data 
1610  *  abBuffer    [O] Padded data will be stored here
1611  *  dwBufferLen [I] Length of the buffer (also length of padded data)
1612  *  dwFlags     [I] Padding format (CRYPT_SSL2_FALLBACK)
1613  *
1614  * RETURN
1615  *  Success: TRUE
1616  *  Failure: FALSE (NTE_BAD_LEN, too much data to pad)
1617  */
1618 static BOOL pad_data(CONST BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD dwBufferLen, 
1619                      DWORD dwFlags)
1620 {
1621     DWORD i;
1622     
1623     /* Ensure there is enough space for PKCS1 #2 padding */
1624     if (dwDataLen > dwBufferLen-11) {
1625         SetLastError(NTE_BAD_LEN);
1626         return FALSE;
1627     }
1628
1629     memmove(abBuffer + dwBufferLen - dwDataLen, abData, dwDataLen);            
1630     
1631     abBuffer[0] = 0x00;
1632     abBuffer[1] = RSAENH_PKC_BLOCKTYPE; 
1633     for (i=2; i < dwBufferLen - dwDataLen - 1; i++) 
1634         do gen_rand_impl(&abBuffer[i], 1); while (!abBuffer[i]);
1635     if (dwFlags & CRYPT_SSL2_FALLBACK) 
1636         for (i-=8; i < dwBufferLen - dwDataLen - 1; i++) 
1637             abBuffer[i] = 0x03;
1638     abBuffer[i] = 0x00;
1639     
1640     return TRUE; 
1641 }
1642
1643 /******************************************************************************
1644  * unpad_data [Internal]
1645  *
1646  * Remove the PKCS1 padding from RSA decrypted data
1647  *
1648  * PARAMS
1649  *  abData      [I]   The padded data
1650  *  dwDataLen   [I]   Length of the padded data
1651  *  abBuffer    [O]   Data without padding will be stored here
1652  *  dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
1653  *  dwFlags     [I]   Currently none defined
1654  *
1655  * RETURNS
1656  *  Success: TRUE
1657  *  Failure: FALSE, (NTE_BAD_DATA, no valid PKCS1 padding or buffer too small)
1658  */
1659 static BOOL unpad_data(CONST BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen, 
1660                        DWORD dwFlags)
1661 {
1662     DWORD i;
1663     
1664     for (i=2; i<dwDataLen; i++)
1665         if (!abData[i])
1666             break;
1667
1668     if ((i == dwDataLen) || (*dwBufferLen < dwDataLen - i - 1) ||
1669         (abData[0] != 0x00) || (abData[1] != RSAENH_PKC_BLOCKTYPE))
1670     {
1671         SetLastError(NTE_BAD_DATA);
1672         return FALSE;
1673     }
1674
1675     *dwBufferLen = dwDataLen - i - 1;
1676     memmove(abBuffer, abData + i + 1, *dwBufferLen);
1677     return TRUE;
1678 }
1679
1680 /******************************************************************************
1681  * CPAcquireContext (RSAENH.@)
1682  *
1683  * Acquire a handle to the key container specified by pszContainer
1684  *
1685  * PARAMS
1686  *  phProv       [O] Pointer to the location the acquired handle will be written to.
1687  *  pszContainer [I] Name of the desired key container. See Notes
1688  *  dwFlags      [I] Flags. See Notes.
1689  *  pVTable      [I] Pointer to a PVTableProvStruct containing callbacks.
1690  * 
1691  * RETURNS
1692  *  Success: TRUE
1693  *  Failure: FALSE
1694  *
1695  * NOTES
1696  *  If pszContainer is NULL or points to a zero length string the user's login 
1697  *  name will be used as the key container name.
1698  *
1699  *  If the CRYPT_NEW_KEYSET flag is set in dwFlags a new keyset will be created.
1700  *  If a keyset with the given name already exists, the function fails and sets
1701  *  last error to NTE_EXISTS. If CRYPT_NEW_KEYSET is not set and the specified
1702  *  key container does not exist, function fails and sets last error to 
1703  *  NTE_BAD_KEYSET.
1704  */                         
1705 BOOL WINAPI RSAENH_CPAcquireContext(HCRYPTPROV *phProv, LPSTR pszContainer,
1706                    DWORD dwFlags, PVTableProvStruc pVTable)
1707 {
1708     CHAR szKeyContainerName[MAX_PATH];
1709
1710     TRACE("(phProv=%p, pszContainer=%s, dwFlags=%08x, pVTable=%p)\n", phProv,
1711           debugstr_a(pszContainer), dwFlags, pVTable);
1712
1713     if (pszContainer && *pszContainer)
1714     {
1715         lstrcpynA(szKeyContainerName, pszContainer, MAX_PATH);
1716     } 
1717     else
1718     {
1719         DWORD dwLen = sizeof(szKeyContainerName);
1720         if (!GetUserNameA(szKeyContainerName, &dwLen)) return FALSE;
1721     }
1722
1723     switch (dwFlags & (CRYPT_NEWKEYSET|CRYPT_VERIFYCONTEXT|CRYPT_DELETEKEYSET)) 
1724     {
1725         case 0:
1726             *phProv = read_key_container(szKeyContainerName, dwFlags, pVTable);
1727             break;
1728
1729         case CRYPT_DELETEKEYSET:
1730             return delete_container_key(szKeyContainerName, dwFlags);
1731
1732         case CRYPT_NEWKEYSET:
1733             *phProv = read_key_container(szKeyContainerName, dwFlags, pVTable);
1734             if (*phProv != (HCRYPTPROV)INVALID_HANDLE_VALUE) 
1735             {
1736                 release_handle(&handle_table, *phProv, RSAENH_MAGIC_CONTAINER);
1737                 TRACE("Can't create new keyset, already exists\n");
1738                 SetLastError(NTE_EXISTS);
1739                 return FALSE;
1740             }
1741             *phProv = new_key_container(szKeyContainerName, dwFlags, pVTable);
1742             break;
1743
1744         case CRYPT_VERIFYCONTEXT|CRYPT_NEWKEYSET:
1745         case CRYPT_VERIFYCONTEXT:
1746             if (pszContainer && *pszContainer) {
1747                 TRACE("pszContainer should be empty\n");
1748                 SetLastError(NTE_BAD_FLAGS);
1749                 return FALSE;
1750             }
1751             *phProv = new_key_container("", dwFlags, pVTable);
1752             break;
1753             
1754         default:
1755             *phProv = (HCRYPTPROV)INVALID_HANDLE_VALUE;
1756             SetLastError(NTE_BAD_FLAGS);
1757             return FALSE;
1758     }
1759                 
1760     if (*phProv != (HCRYPTPROV)INVALID_HANDLE_VALUE) {
1761         SetLastError(ERROR_SUCCESS);
1762         return TRUE;
1763     } else {
1764         return FALSE;
1765     }
1766 }
1767
1768 /******************************************************************************
1769  * CPCreateHash (RSAENH.@)
1770  *
1771  * CPCreateHash creates and initalizes a new hash object.
1772  *
1773  * PARAMS
1774  *  hProv   [I] Handle to the key container to which the new hash will belong.
1775  *  Algid   [I] Identifies the hash algorithm, which will be used for the hash.
1776  *  hKey    [I] Handle to a session key applied for keyed hashes.
1777  *  dwFlags [I] Currently no flags defined. Must be zero.
1778  *  phHash  [O] Points to the location where a handle to the new hash will be stored.
1779  *
1780  * RETURNS
1781  *  Success: TRUE
1782  *  Failure: FALSE
1783  *
1784  * NOTES
1785  *  hKey is a handle to a session key applied in keyed hashes like MAC and HMAC.
1786  *  If a normal hash object is to be created (like e.g. MD2 or SHA1) hKey must be zero.
1787  */
1788 BOOL WINAPI RSAENH_CPCreateHash(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey, DWORD dwFlags, 
1789                                 HCRYPTHASH *phHash)
1790 {
1791     CRYPTKEY *pCryptKey;
1792     CRYPTHASH *pCryptHash;
1793     const PROV_ENUMALGS_EX *peaAlgidInfo;
1794         
1795     TRACE("(hProv=%08lx, Algid=%08x, hKey=%08lx, dwFlags=%08x, phHash=%p)\n", hProv, Algid, hKey,
1796           dwFlags, phHash);
1797
1798     peaAlgidInfo = get_algid_info(hProv, Algid);
1799     if (!peaAlgidInfo) return FALSE;
1800
1801     if (dwFlags)
1802     {
1803         SetLastError(NTE_BAD_FLAGS);
1804         return FALSE;
1805     }
1806
1807     if (Algid == CALG_MAC || Algid == CALG_HMAC || Algid == CALG_SCHANNEL_MASTER_HASH || 
1808         Algid == CALG_TLS1PRF) 
1809     {
1810         if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey)) {
1811             SetLastError(NTE_BAD_KEY);
1812             return FALSE;
1813         }
1814
1815         if ((Algid == CALG_MAC) && (GET_ALG_TYPE(pCryptKey->aiAlgid) != ALG_TYPE_BLOCK)) {
1816             SetLastError(NTE_BAD_KEY);
1817             return FALSE;
1818         }
1819
1820         if ((Algid == CALG_SCHANNEL_MASTER_HASH || Algid == CALG_TLS1PRF) && 
1821             (pCryptKey->aiAlgid != CALG_TLS1_MASTER)) 
1822         {
1823             SetLastError(NTE_BAD_KEY);
1824             return FALSE;
1825         }
1826
1827         if ((Algid == CALG_TLS1PRF) && (pCryptKey->dwState != RSAENH_KEYSTATE_MASTERKEY)) {
1828             SetLastError(NTE_BAD_KEY_STATE);
1829             return FALSE;
1830         }
1831     }
1832
1833     *phHash = new_object(&handle_table, sizeof(CRYPTHASH), RSAENH_MAGIC_HASH,
1834                          destroy_hash, (OBJECTHDR**)&pCryptHash);
1835     if (!pCryptHash) return FALSE;
1836
1837     pCryptHash->aiAlgid = Algid;
1838     pCryptHash->hKey = hKey;
1839     pCryptHash->hProv = hProv;
1840     pCryptHash->dwState = RSAENH_HASHSTATE_HASHING;
1841     pCryptHash->pHMACInfo = NULL;
1842     pCryptHash->dwHashSize = peaAlgidInfo->dwDefaultLen >> 3;
1843     init_data_blob(&pCryptHash->tpPRFParams.blobLabel);
1844     init_data_blob(&pCryptHash->tpPRFParams.blobSeed);
1845
1846     if (Algid == CALG_SCHANNEL_MASTER_HASH) {
1847         static const char keyex[] = "key expansion";
1848         BYTE key_expansion[sizeof keyex];
1849         CRYPT_DATA_BLOB blobRandom, blobKeyExpansion = { 13, key_expansion };
1850
1851         memcpy( key_expansion, keyex, sizeof keyex );
1852         
1853         if (pCryptKey->dwState != RSAENH_KEYSTATE_MASTERKEY) {
1854             static const char msec[] = "master secret";
1855             BYTE master_secret[sizeof msec];
1856             CRYPT_DATA_BLOB blobLabel = { 13, master_secret };
1857             BYTE abKeyValue[48];
1858
1859             memcpy( master_secret, msec, sizeof msec );
1860     
1861             /* See RFC 2246, chapter 8.1 */
1862             if (!concat_data_blobs(&blobRandom, 
1863                                    &pCryptKey->siSChannelInfo.blobClientRandom, 
1864                                    &pCryptKey->siSChannelInfo.blobServerRandom))
1865             {
1866                 return FALSE;
1867             }
1868             tls1_prf(hProv, hKey, &blobLabel, &blobRandom, abKeyValue, 48);
1869             pCryptKey->dwState = RSAENH_KEYSTATE_MASTERKEY; 
1870             memcpy(pCryptKey->abKeyValue, abKeyValue, 48);
1871             free_data_blob(&blobRandom);
1872         }
1873
1874         /* See RFC 2246, chapter 6.3 */
1875         if (!concat_data_blobs(&blobRandom, 
1876                                   &pCryptKey->siSChannelInfo.blobServerRandom, 
1877                                   &pCryptKey->siSChannelInfo.blobClientRandom))
1878         {
1879             return FALSE;
1880         }
1881         tls1_prf(hProv, hKey, &blobKeyExpansion, &blobRandom, pCryptHash->abHashValue, 
1882                  RSAENH_MAX_HASH_SIZE);
1883         free_data_blob(&blobRandom);
1884     }
1885
1886     return init_hash(pCryptHash);
1887 }
1888
1889 /******************************************************************************
1890  * CPDestroyHash (RSAENH.@)
1891  * 
1892  * Releases the handle to a hash object. The object is destroyed if it's reference
1893  * count reaches zero.
1894  *
1895  * PARAMS
1896  *  hProv [I] Handle to the key container to which the hash object belongs.
1897  *  hHash [I] Handle to the hash object to be released.
1898  *
1899  * RETURNS
1900  *  Success: TRUE
1901  *  Failure: FALSE 
1902  */
1903 BOOL WINAPI RSAENH_CPDestroyHash(HCRYPTPROV hProv, HCRYPTHASH hHash)
1904 {
1905     TRACE("(hProv=%08lx, hHash=%08lx)\n", hProv, hHash);
1906      
1907     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1908     {
1909         SetLastError(NTE_BAD_UID);
1910         return FALSE;
1911     }
1912         
1913     if (!release_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) 
1914     {
1915         SetLastError(NTE_BAD_HASH);
1916         return FALSE;
1917     }
1918     
1919     return TRUE;
1920 }
1921
1922 /******************************************************************************
1923  * CPDestroyKey (RSAENH.@)
1924  *
1925  * Releases the handle to a key object. The object is destroyed if it's reference
1926  * count reaches zero.
1927  *
1928  * PARAMS
1929  *  hProv [I] Handle to the key container to which the key object belongs.
1930  *  hKey  [I] Handle to the key object to be released.
1931  *
1932  * RETURNS
1933  *  Success: TRUE
1934  *  Failure: FALSE
1935  */
1936 BOOL WINAPI RSAENH_CPDestroyKey(HCRYPTPROV hProv, HCRYPTKEY hKey)
1937 {
1938     TRACE("(hProv=%08lx, hKey=%08lx)\n", hProv, hKey);
1939         
1940     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1941     {
1942         SetLastError(NTE_BAD_UID);
1943         return FALSE;
1944     }
1945         
1946     if (!release_handle(&handle_table, hKey, RSAENH_MAGIC_KEY)) 
1947     {
1948         SetLastError(NTE_BAD_KEY);
1949         return FALSE;
1950     }
1951     
1952     return TRUE;
1953 }
1954
1955 /******************************************************************************
1956  * CPDuplicateHash (RSAENH.@)
1957  *
1958  * Clones a hash object including it's current state.
1959  *
1960  * PARAMS
1961  *  hUID        [I] Handle to the key container the hash belongs to.
1962  *  hHash       [I] Handle to the hash object to be cloned.
1963  *  pdwReserved [I] Reserved. Must be NULL.
1964  *  dwFlags     [I] No flags are currently defined. Must be 0.
1965  *  phHash      [O] Handle to the cloned hash object.
1966  *
1967  * RETURNS
1968  *  Success: TRUE.
1969  *  Failure: FALSE.
1970  */
1971 BOOL WINAPI RSAENH_CPDuplicateHash(HCRYPTPROV hUID, HCRYPTHASH hHash, DWORD *pdwReserved, 
1972                                    DWORD dwFlags, HCRYPTHASH *phHash)
1973 {
1974     CRYPTHASH *pSrcHash, *pDestHash;
1975     
1976     TRACE("(hUID=%08lx, hHash=%08lx, pdwReserved=%p, dwFlags=%08x, phHash=%p)\n", hUID, hHash,
1977            pdwReserved, dwFlags, phHash);
1978
1979     if (!is_valid_handle(&handle_table, hUID, RSAENH_MAGIC_CONTAINER))
1980     {
1981         SetLastError(NTE_BAD_UID);
1982         return FALSE;
1983     }
1984
1985     if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH, (OBJECTHDR**)&pSrcHash))
1986     {
1987         SetLastError(NTE_BAD_HASH);
1988         return FALSE;
1989     }
1990
1991     if (!phHash || pdwReserved || dwFlags) 
1992     {
1993         SetLastError(ERROR_INVALID_PARAMETER);
1994         return FALSE;
1995     }
1996
1997     *phHash = new_object(&handle_table, sizeof(CRYPTHASH), RSAENH_MAGIC_HASH,
1998                          destroy_hash, (OBJECTHDR**)&pDestHash);
1999     if (*phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE)
2000     {
2001         *pDestHash = *pSrcHash;
2002         duplicate_hash_impl(pSrcHash->aiAlgid, &pSrcHash->context, &pDestHash->context);
2003         copy_hmac_info(&pDestHash->pHMACInfo, pSrcHash->pHMACInfo);
2004         copy_data_blob(&pDestHash->tpPRFParams.blobLabel, &pSrcHash->tpPRFParams.blobLabel);
2005         copy_data_blob(&pDestHash->tpPRFParams.blobSeed, &pSrcHash->tpPRFParams.blobSeed);
2006     }
2007
2008     return *phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE;
2009 }
2010
2011 /******************************************************************************
2012  * CPDuplicateKey (RSAENH.@)
2013  *
2014  * Clones a key object including it's current state.
2015  *
2016  * PARAMS
2017  *  hUID        [I] Handle to the key container the hash belongs to.
2018  *  hKey        [I] Handle to the key object to be cloned.
2019  *  pdwReserved [I] Reserved. Must be NULL.
2020  *  dwFlags     [I] No flags are currently defined. Must be 0.
2021  *  phHash      [O] Handle to the cloned key object.
2022  *
2023  * RETURNS
2024  *  Success: TRUE.
2025  *  Failure: FALSE.
2026  */
2027 BOOL WINAPI RSAENH_CPDuplicateKey(HCRYPTPROV hUID, HCRYPTKEY hKey, DWORD *pdwReserved, 
2028                                   DWORD dwFlags, HCRYPTKEY *phKey)
2029 {
2030     CRYPTKEY *pSrcKey, *pDestKey;
2031     
2032     TRACE("(hUID=%08lx, hKey=%08lx, pdwReserved=%p, dwFlags=%08x, phKey=%p)\n", hUID, hKey,
2033           pdwReserved, dwFlags, phKey);
2034
2035     if (!is_valid_handle(&handle_table, hUID, RSAENH_MAGIC_CONTAINER))
2036     {
2037         SetLastError(NTE_BAD_UID);
2038         return FALSE;
2039     }
2040
2041     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pSrcKey))
2042     {
2043         SetLastError(NTE_BAD_KEY);
2044         return FALSE;
2045     }
2046
2047     if (!phKey || pdwReserved || dwFlags) 
2048     {
2049         SetLastError(ERROR_INVALID_PARAMETER);
2050         return FALSE;
2051     }
2052
2053     *phKey = new_object(&handle_table, sizeof(CRYPTKEY), RSAENH_MAGIC_KEY, destroy_key,
2054                         (OBJECTHDR**)&pDestKey);
2055     if (*phKey != (HCRYPTKEY)INVALID_HANDLE_VALUE)
2056     {
2057         *pDestKey = *pSrcKey;
2058         copy_data_blob(&pDestKey->siSChannelInfo.blobServerRandom,
2059                        &pSrcKey->siSChannelInfo.blobServerRandom);
2060         copy_data_blob(&pDestKey->siSChannelInfo.blobClientRandom, 
2061                        &pSrcKey->siSChannelInfo.blobClientRandom);
2062         duplicate_key_impl(pSrcKey->aiAlgid, &pSrcKey->context, &pDestKey->context);
2063         return TRUE;
2064     }
2065     else
2066     {
2067         return FALSE;
2068     }
2069 }
2070
2071 /******************************************************************************
2072  * CPEncrypt (RSAENH.@)
2073  *
2074  * Encrypt data.
2075  *
2076  * PARAMS
2077  *  hProv      [I]   The key container hKey and hHash belong to.
2078  *  hKey       [I]   The key used to encrypt the data.
2079  *  hHash      [I]   An optional hash object for parallel hashing. See notes.
2080  *  Final      [I]   Indicates if this is the last block of data to encrypt.
2081  *  dwFlags    [I]   Currently no flags defined. Must be zero.
2082  *  pbData     [I/O] Pointer to the data to encrypt. Encrypted data will also be stored there. 
2083  *  pdwDataLen [I/O] I: Length of data to encrypt, O: Length of encrypted data.
2084  *  dwBufLen   [I]   Size of the buffer at pbData.
2085  *
2086  * RETURNS
2087  *  Success: TRUE.
2088  *  Failure: FALSE.
2089  *
2090  * NOTES
2091  *  If a hash object handle is provided in hHash, it will be updated with the plaintext. 
2092  *  This is useful for message signatures.
2093  *
2094  *  This function uses the standard WINAPI protocol for querying data of dynamic length. 
2095  */
2096 BOOL WINAPI RSAENH_CPEncrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, 
2097                              DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen, DWORD dwBufLen)
2098 {
2099     CRYPTKEY *pCryptKey;
2100     BYTE *in, out[RSAENH_MAX_BLOCK_SIZE], o[RSAENH_MAX_BLOCK_SIZE];
2101     DWORD dwEncryptedLen, i, j, k;
2102         
2103     TRACE("(hProv=%08lx, hKey=%08lx, hHash=%08lx, Final=%d, dwFlags=%08x, pbData=%p, "
2104           "pdwDataLen=%p, dwBufLen=%d)\n", hProv, hKey, hHash, Final, dwFlags, pbData, pdwDataLen,
2105           dwBufLen);
2106     
2107     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2108     {
2109         SetLastError(NTE_BAD_UID);
2110         return FALSE;
2111     }
2112
2113     if (dwFlags)
2114     {
2115         SetLastError(NTE_BAD_FLAGS);
2116         return FALSE;
2117     }
2118
2119     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2120     {
2121         SetLastError(NTE_BAD_KEY);
2122         return FALSE;
2123     }
2124
2125     if (pCryptKey->dwState == RSAENH_KEYSTATE_IDLE) 
2126         pCryptKey->dwState = RSAENH_KEYSTATE_ENCRYPTING;
2127
2128     if (pCryptKey->dwState != RSAENH_KEYSTATE_ENCRYPTING) 
2129     {
2130         SetLastError(NTE_BAD_DATA);
2131         return FALSE;
2132     }
2133
2134     if (is_valid_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) {
2135         if (!RSAENH_CPHashData(hProv, hHash, pbData, *pdwDataLen, 0)) return FALSE;
2136     }
2137     
2138     if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
2139         if (!Final && (*pdwDataLen % pCryptKey->dwBlockLen)) {
2140             SetLastError(NTE_BAD_DATA);
2141             return FALSE;
2142         }
2143
2144         dwEncryptedLen = (*pdwDataLen/pCryptKey->dwBlockLen+(Final?1:0))*pCryptKey->dwBlockLen;
2145
2146         if (pbData == NULL) {
2147             *pdwDataLen = dwEncryptedLen;
2148             return TRUE;
2149         }
2150         else if (dwEncryptedLen > dwBufLen) {
2151             *pdwDataLen = dwEncryptedLen;
2152             SetLastError(ERROR_MORE_DATA);
2153             return FALSE;
2154         }
2155
2156         /* Pad final block with length bytes */
2157         for (i=*pdwDataLen; i<dwEncryptedLen; i++) pbData[i] = dwEncryptedLen - *pdwDataLen;
2158         *pdwDataLen = dwEncryptedLen;
2159
2160         for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
2161             switch (pCryptKey->dwMode) {
2162                 case CRYPT_MODE_ECB:
2163                     encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out, 
2164                                        RSAENH_ENCRYPT);
2165                     break;
2166                 
2167                 case CRYPT_MODE_CBC:
2168                     for (j=0; j<pCryptKey->dwBlockLen; j++) in[j] ^= pCryptKey->abChainVector[j];
2169                     encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out, 
2170                                        RSAENH_ENCRYPT);
2171                     memcpy(pCryptKey->abChainVector, out, pCryptKey->dwBlockLen);
2172                     break;
2173
2174                 case CRYPT_MODE_CFB:
2175                     for (j=0; j<pCryptKey->dwBlockLen; j++) {
2176                         encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, 
2177                                            pCryptKey->abChainVector, o, RSAENH_ENCRYPT);
2178                         out[j] = in[j] ^ o[0];
2179                         for (k=0; k<pCryptKey->dwBlockLen-1; k++) 
2180                             pCryptKey->abChainVector[k] = pCryptKey->abChainVector[k+1];
2181                         pCryptKey->abChainVector[k] = out[j];
2182                     }
2183                     break;
2184                     
2185                 default:
2186                     SetLastError(NTE_BAD_ALGID);
2187                     return FALSE;
2188             }
2189             memcpy(in, out, pCryptKey->dwBlockLen); 
2190         }
2191     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_STREAM) {
2192         if (pbData == NULL) {
2193             *pdwDataLen = dwBufLen;
2194             return TRUE;
2195         }
2196         encrypt_stream_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, *pdwDataLen);
2197     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_RSA) {
2198         if (pCryptKey->aiAlgid == CALG_RSA_SIGN) {
2199             SetLastError(NTE_BAD_KEY);
2200             return FALSE;
2201         }
2202         if (!pbData) {
2203             *pdwDataLen = pCryptKey->dwBlockLen;
2204             return TRUE;
2205         }
2206         if (dwBufLen < pCryptKey->dwBlockLen) {
2207             SetLastError(ERROR_MORE_DATA);
2208             return FALSE;
2209         }
2210         if (!pad_data(pbData, *pdwDataLen, pbData, pCryptKey->dwBlockLen, dwFlags)) return FALSE;
2211         encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbData, pbData, RSAENH_ENCRYPT);
2212         *pdwDataLen = pCryptKey->dwBlockLen;
2213         Final = TRUE;
2214     } else {
2215         SetLastError(NTE_BAD_TYPE);
2216         return FALSE;
2217     }
2218
2219     if (Final) setup_key(pCryptKey);
2220
2221     return TRUE;
2222 }
2223
2224 /******************************************************************************
2225  * CPDecrypt (RSAENH.@)
2226  *
2227  * Decrypt data.
2228  *
2229  * PARAMS
2230  *  hProv      [I]   The key container hKey and hHash belong to.
2231  *  hKey       [I]   The key used to decrypt the data.
2232  *  hHash      [I]   An optional hash object for parallel hashing. See notes.
2233  *  Final      [I]   Indicates if this is the last block of data to decrypt.
2234  *  dwFlags    [I]   Currently no flags defined. Must be zero.
2235  *  pbData     [I/O] Pointer to the data to decrypt. Plaintext will also be stored there. 
2236  *  pdwDataLen [I/O] I: Length of ciphertext, O: Length of plaintext.
2237  *
2238  * RETURNS
2239  *  Success: TRUE.
2240  *  Failure: FALSE.
2241  *
2242  * NOTES
2243  *  If a hash object handle is provided in hHash, it will be updated with the plaintext. 
2244  *  This is useful for message signatures.
2245  *
2246  *  This function uses the standard WINAPI protocol for querying data of dynamic length. 
2247  */
2248 BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, 
2249                              DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2250 {
2251     CRYPTKEY *pCryptKey;
2252     BYTE *in, out[RSAENH_MAX_BLOCK_SIZE], o[RSAENH_MAX_BLOCK_SIZE];
2253     DWORD i, j, k;
2254     DWORD dwMax;
2255
2256     TRACE("(hProv=%08lx, hKey=%08lx, hHash=%08lx, Final=%d, dwFlags=%08x, pbData=%p, "
2257           "pdwDataLen=%p)\n", hProv, hKey, hHash, Final, dwFlags, pbData, pdwDataLen);
2258     
2259     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2260     {
2261         SetLastError(NTE_BAD_UID);
2262         return FALSE;
2263     }
2264
2265     if (dwFlags)
2266     {
2267         SetLastError(NTE_BAD_FLAGS);
2268         return FALSE;
2269     }
2270
2271     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2272     {
2273         SetLastError(NTE_BAD_KEY);
2274         return FALSE;
2275     }
2276
2277     if (pCryptKey->dwState == RSAENH_KEYSTATE_IDLE) 
2278         pCryptKey->dwState = RSAENH_KEYSTATE_ENCRYPTING;
2279
2280     if (pCryptKey->dwState != RSAENH_KEYSTATE_ENCRYPTING)
2281     {
2282         SetLastError(NTE_BAD_DATA);
2283         return FALSE;
2284     }
2285
2286     dwMax=*pdwDataLen;
2287
2288     if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
2289         for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
2290             switch (pCryptKey->dwMode) {
2291                 case CRYPT_MODE_ECB:
2292                     encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out, 
2293                                        RSAENH_DECRYPT);
2294                     break;
2295                 
2296                 case CRYPT_MODE_CBC:
2297                     encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out, 
2298                                        RSAENH_DECRYPT);
2299                     for (j=0; j<pCryptKey->dwBlockLen; j++) out[j] ^= pCryptKey->abChainVector[j];
2300                     memcpy(pCryptKey->abChainVector, in, pCryptKey->dwBlockLen);
2301                     break;
2302
2303                 case CRYPT_MODE_CFB:
2304                     for (j=0; j<pCryptKey->dwBlockLen; j++) {
2305                         encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, 
2306                                            pCryptKey->abChainVector, o, RSAENH_ENCRYPT);
2307                         out[j] = in[j] ^ o[0];
2308                         for (k=0; k<pCryptKey->dwBlockLen-1; k++) 
2309                             pCryptKey->abChainVector[k] = pCryptKey->abChainVector[k+1];
2310                         pCryptKey->abChainVector[k] = in[j];
2311                     }
2312                     break;
2313                     
2314                 default:
2315                     SetLastError(NTE_BAD_ALGID);
2316                     return FALSE;
2317             }
2318             memcpy(in, out, pCryptKey->dwBlockLen);
2319         }
2320         if (Final) {
2321             if (pbData[*pdwDataLen-1] &&
2322              pbData[*pdwDataLen-1] <= pCryptKey->dwBlockLen &&
2323              pbData[*pdwDataLen-1] < *pdwDataLen) {
2324                 BOOL padOkay = TRUE;
2325
2326                 /* check that every bad byte has the same value */
2327                 for (i = 1; padOkay && i < pbData[*pdwDataLen-1]; i++)
2328                     if (pbData[*pdwDataLen - i - 1] != pbData[*pdwDataLen - 1])
2329                         padOkay = FALSE;
2330                 if (padOkay)
2331                     *pdwDataLen -= pbData[*pdwDataLen-1];
2332                 else {
2333                     SetLastError(NTE_BAD_DATA);
2334                     return FALSE;
2335                 }
2336             }
2337             else {
2338                 SetLastError(NTE_BAD_DATA);
2339                 return FALSE;
2340             }
2341         }
2342
2343     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_STREAM) {
2344         encrypt_stream_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, *pdwDataLen);
2345     } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_RSA) {
2346         if (pCryptKey->aiAlgid == CALG_RSA_SIGN) {
2347             SetLastError(NTE_BAD_KEY);
2348             return FALSE;
2349         }
2350         encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbData, pbData, RSAENH_DECRYPT);
2351         if (!unpad_data(pbData, pCryptKey->dwBlockLen, pbData, pdwDataLen, dwFlags)) return FALSE;
2352         Final = TRUE;
2353     } else {
2354         SetLastError(NTE_BAD_TYPE);
2355         return FALSE;
2356     } 
2357     
2358     if (Final) setup_key(pCryptKey);
2359
2360     if (is_valid_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) {
2361         if (*pdwDataLen>dwMax ||
2362             !RSAENH_CPHashData(hProv, hHash, pbData, *pdwDataLen, 0)) return FALSE;
2363     }
2364     
2365     return TRUE;
2366 }
2367
2368 static BOOL crypt_export_simple(CRYPTKEY *pCryptKey, CRYPTKEY *pPubKey,
2369     DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2370 {
2371     BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2372     ALG_ID *pAlgid = (ALG_ID*)(pBlobHeader+1);
2373     DWORD dwDataLen;
2374
2375     if (!(GET_ALG_CLASS(pCryptKey->aiAlgid)&(ALG_CLASS_DATA_ENCRYPT|ALG_CLASS_MSG_ENCRYPT))) {
2376         SetLastError(NTE_BAD_KEY); /* FIXME: error code? */
2377         return FALSE;
2378     }
2379
2380     dwDataLen = sizeof(BLOBHEADER) + sizeof(ALG_ID) + pPubKey->dwBlockLen;
2381     if (pbData) {
2382         if (*pdwDataLen < dwDataLen) {
2383             SetLastError(ERROR_MORE_DATA);
2384             *pdwDataLen = dwDataLen;
2385             return FALSE;
2386         }
2387
2388         pBlobHeader->bType = SIMPLEBLOB;
2389         pBlobHeader->bVersion = CUR_BLOB_VERSION;
2390         pBlobHeader->reserved = 0;
2391         pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2392
2393         *pAlgid = pPubKey->aiAlgid;
2394
2395         if (!pad_data(pCryptKey->abKeyValue, pCryptKey->dwKeyLen, (BYTE*)(pAlgid+1),
2396                       pPubKey->dwBlockLen, dwFlags))
2397         {
2398             return FALSE;
2399         }
2400
2401         encrypt_block_impl(pPubKey->aiAlgid, PK_PUBLIC, &pPubKey->context, (BYTE*)(pAlgid+1),
2402                            (BYTE*)(pAlgid+1), RSAENH_ENCRYPT);
2403     }
2404     *pdwDataLen = dwDataLen;
2405     return TRUE;
2406 }
2407
2408 static BOOL crypt_export_public_key(CRYPTKEY *pCryptKey, BYTE *pbData,
2409     DWORD *pdwDataLen)
2410 {
2411     BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2412     RSAPUBKEY *pRSAPubKey = (RSAPUBKEY*)(pBlobHeader+1);
2413     DWORD dwDataLen;
2414
2415     if ((pCryptKey->aiAlgid != CALG_RSA_KEYX) && (pCryptKey->aiAlgid != CALG_RSA_SIGN)) {
2416         SetLastError(NTE_BAD_KEY);
2417         return FALSE;
2418     }
2419
2420     dwDataLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + pCryptKey->dwKeyLen;
2421     if (pbData) {
2422         if (*pdwDataLen < dwDataLen) {
2423             SetLastError(ERROR_MORE_DATA);
2424             *pdwDataLen = dwDataLen;
2425             return FALSE;
2426         }
2427
2428         pBlobHeader->bType = PUBLICKEYBLOB;
2429         pBlobHeader->bVersion = CUR_BLOB_VERSION;
2430         pBlobHeader->reserved = 0;
2431         pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2432
2433         pRSAPubKey->magic = RSAENH_MAGIC_RSA1;
2434         pRSAPubKey->bitlen = pCryptKey->dwKeyLen << 3;
2435
2436         export_public_key_impl((BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2437                                pCryptKey->dwKeyLen, &pRSAPubKey->pubexp);
2438     }
2439     *pdwDataLen = dwDataLen;
2440     return TRUE;
2441 }
2442
2443 static BOOL crypt_export_private_key(CRYPTKEY *pCryptKey, BOOL force,
2444     BYTE *pbData, DWORD *pdwDataLen)
2445 {
2446     BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2447     RSAPUBKEY *pRSAPubKey = (RSAPUBKEY*)(pBlobHeader+1);
2448     DWORD dwDataLen;
2449
2450     if ((pCryptKey->aiAlgid != CALG_RSA_KEYX) && (pCryptKey->aiAlgid != CALG_RSA_SIGN)) {
2451         SetLastError(NTE_BAD_KEY);
2452         return FALSE;
2453     }
2454     if (!force && !(pCryptKey->dwPermissions & CRYPT_EXPORT))
2455     {
2456         SetLastError(NTE_BAD_KEY_STATE);
2457         return FALSE;
2458     }
2459
2460     dwDataLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
2461                 2 * pCryptKey->dwKeyLen + 5 * ((pCryptKey->dwKeyLen + 1) >> 1);
2462     if (pbData) {
2463         if (*pdwDataLen < dwDataLen) {
2464             SetLastError(ERROR_MORE_DATA);
2465             *pdwDataLen = dwDataLen;
2466             return FALSE;
2467         }
2468
2469         pBlobHeader->bType = PRIVATEKEYBLOB;
2470         pBlobHeader->bVersion = CUR_BLOB_VERSION;
2471         pBlobHeader->reserved = 0;
2472         pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2473
2474         pRSAPubKey->magic = RSAENH_MAGIC_RSA2;
2475         pRSAPubKey->bitlen = pCryptKey->dwKeyLen << 3;
2476
2477         export_private_key_impl((BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2478                                 pCryptKey->dwKeyLen, &pRSAPubKey->pubexp);
2479     }
2480     *pdwDataLen = dwDataLen;
2481     return TRUE;
2482 }
2483
2484 /******************************************************************************
2485  * crypt_export_key [Internal]
2486  *
2487  * Export a key into a binary large object (BLOB).  Called by CPExportKey and
2488  * by store_key_pair.
2489  *
2490  * PARAMS
2491  *  pCryptKey  [I]   Key to be exported.
2492  *  hPubKey    [I]   Key used to encrypt sensitive BLOB data.
2493  *  dwBlobType [I]   SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2494  *  dwFlags    [I]   Currently none defined.
2495  *  force      [I]   If TRUE, the key is written no matter what the key's
2496  *                   permissions are.  Otherwise the key's permissions are
2497  *                   checked before exporting.
2498  *  pbData     [O]   Pointer to a buffer where the BLOB will be written to.
2499  *  pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2500  *
2501  * RETURNS
2502  *  Success: TRUE.
2503  *  Failure: FALSE.
2504  */
2505 static BOOL crypt_export_key(CRYPTKEY *pCryptKey, HCRYPTKEY hPubKey,
2506                              DWORD dwBlobType, DWORD dwFlags, BOOL force,
2507                              BYTE *pbData, DWORD *pdwDataLen)
2508 {
2509     CRYPTKEY *pPubKey;
2510     
2511     if (dwFlags & CRYPT_SSL2_FALLBACK) {
2512         if (pCryptKey->aiAlgid != CALG_SSL2_MASTER) {
2513             SetLastError(NTE_BAD_KEY);
2514             return FALSE;
2515         }
2516     }
2517     
2518     switch ((BYTE)dwBlobType)
2519     {
2520         case SIMPLEBLOB:
2521             if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pPubKey)){
2522                 SetLastError(NTE_BAD_PUBLIC_KEY); /* FIXME: error_code? */
2523                 return FALSE;
2524             }
2525             return crypt_export_simple(pCryptKey, pPubKey, dwFlags, pbData,
2526                                        pdwDataLen);
2527             
2528         case PUBLICKEYBLOB:
2529             if (is_valid_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY)) {
2530                 SetLastError(NTE_BAD_KEY); /* FIXME: error code? */
2531                 return FALSE;
2532             }
2533
2534             return crypt_export_public_key(pCryptKey, pbData, pdwDataLen);
2535
2536         case PRIVATEKEYBLOB:
2537             return crypt_export_private_key(pCryptKey, force, pbData, pdwDataLen);
2538             
2539         default:
2540             SetLastError(NTE_BAD_TYPE); /* FIXME: error code? */
2541             return FALSE;
2542     }
2543 }
2544
2545 /******************************************************************************
2546  * CPExportKey (RSAENH.@)
2547  *
2548  * Export a key into a binary large object (BLOB).
2549  *
2550  * PARAMS
2551  *  hProv      [I]   Key container from which a key is to be exported.
2552  *  hKey       [I]   Key to be exported.
2553  *  hPubKey    [I]   Key used to encrypt sensitive BLOB data.
2554  *  dwBlobType [I]   SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2555  *  dwFlags    [I]   Currently none defined.
2556  *  pbData     [O]   Pointer to a buffer where the BLOB will be written to.
2557  *  pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2558  *
2559  * RETURNS
2560  *  Success: TRUE.
2561  *  Failure: FALSE.
2562  */
2563 BOOL WINAPI RSAENH_CPExportKey(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTKEY hPubKey,
2564                                DWORD dwBlobType, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2565 {
2566     CRYPTKEY *pCryptKey;
2567
2568     TRACE("(hProv=%08lx, hKey=%08lx, hPubKey=%08lx, dwBlobType=%08x, dwFlags=%08x, pbData=%p,"
2569           "pdwDataLen=%p)\n", hProv, hKey, hPubKey, dwBlobType, dwFlags, pbData, pdwDataLen);
2570
2571     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2572     {
2573         SetLastError(NTE_BAD_UID);
2574         return FALSE;
2575     }
2576
2577     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2578     {
2579         SetLastError(NTE_BAD_KEY);
2580         return FALSE;
2581     }
2582
2583     return crypt_export_key(pCryptKey, hPubKey, dwBlobType, dwFlags, FALSE,
2584         pbData, pdwDataLen);
2585 }
2586
2587 /******************************************************************************
2588  * release_and_install_key [Internal]
2589  *
2590  * Release an existing key, if present, and replaces it with a new one.
2591  *
2592  * PARAMS
2593  *  hProv     [I] Key container into which the key is to be imported.
2594  *  src       [I] Key which will replace *dest
2595  *  dest      [I] Points to key to be released and replaced with src
2596  *  fStoreKey [I] If TRUE, the newly installed key is stored to the registry.
2597  */
2598 static void release_and_install_key(HCRYPTPROV hProv, HCRYPTKEY src,
2599                                     HCRYPTKEY *dest, DWORD fStoreKey)
2600 {
2601     RSAENH_CPDestroyKey(hProv, *dest);
2602     copy_handle(&handle_table, src, RSAENH_MAGIC_KEY, dest);
2603     if (fStoreKey)
2604     {
2605         KEYCONTAINER *pKeyContainer;
2606
2607         if (lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
2608                           (OBJECTHDR**)&pKeyContainer))
2609         {
2610             store_key_container_keys(pKeyContainer);
2611             store_key_container_permissions(pKeyContainer);
2612         }
2613     }
2614 }
2615
2616 /******************************************************************************
2617  * import_private_key [Internal]
2618  *
2619  * Import a BLOB'ed private key into a key container.
2620  *
2621  * PARAMS
2622  *  hProv     [I] Key container into which the private key is to be imported.
2623  *  pbData    [I] Pointer to a buffer which holds the private key BLOB.
2624  *  dwDataLen [I] Length of data in buffer at pbData.
2625  *  dwFlags   [I] One of:
2626  *                CRYPT_EXPORTABLE: the imported key is marked exportable
2627  *  fStoreKey [I] If TRUE, the imported key is stored to the registry.
2628  *  phKey     [O] Handle to the imported key.
2629  *
2630  *
2631  * NOTES
2632  *  Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2633  *  it's a PRIVATEKEYBLOB.
2634  *
2635  * RETURNS
2636  *  Success: TRUE.
2637  *  Failure: FALSE.
2638  */
2639 static BOOL import_private_key(HCRYPTPROV hProv, CONST BYTE *pbData, DWORD dwDataLen,
2640                                DWORD dwFlags, BOOL fStoreKey, HCRYPTKEY *phKey)
2641 {
2642     KEYCONTAINER *pKeyContainer;
2643     CRYPTKEY *pCryptKey;
2644     CONST BLOBHEADER *pBlobHeader = (CONST BLOBHEADER*)pbData;
2645     CONST RSAPUBKEY *pRSAPubKey = (CONST RSAPUBKEY*)(pBlobHeader+1);
2646     BOOL ret;
2647
2648     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
2649                        (OBJECTHDR**)&pKeyContainer))
2650     {
2651         SetLastError(NTE_BAD_UID);
2652         return FALSE;
2653     }
2654
2655     if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)) ||
2656         (pRSAPubKey->magic != RSAENH_MAGIC_RSA2) ||
2657         (dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
2658             (2 * pRSAPubKey->bitlen >> 3) + (5 * ((pRSAPubKey->bitlen+8)>>4))))
2659     {
2660         SetLastError(NTE_BAD_DATA);
2661         return FALSE;
2662     }
2663
2664     *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, MAKELONG(0,pRSAPubKey->bitlen), &pCryptKey);
2665     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
2666     setup_key(pCryptKey);
2667     ret = import_private_key_impl((CONST BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2668                                    pRSAPubKey->bitlen/8, pRSAPubKey->pubexp);
2669     if (ret) {
2670         if (dwFlags & CRYPT_EXPORTABLE)
2671             pCryptKey->dwPermissions |= CRYPT_EXPORT;
2672         switch (pBlobHeader->aiKeyAlg)
2673         {
2674         case AT_SIGNATURE:
2675         case CALG_RSA_SIGN:
2676             TRACE("installing signing key\n");
2677             release_and_install_key(hProv, *phKey, &pKeyContainer->hSignatureKeyPair,
2678                                     fStoreKey);
2679             break;
2680         case AT_KEYEXCHANGE:
2681         case CALG_RSA_KEYX:
2682             TRACE("installing key exchange key\n");
2683             release_and_install_key(hProv, *phKey, &pKeyContainer->hKeyExchangeKeyPair,
2684                                     fStoreKey);
2685             break;
2686         }
2687     }
2688     return ret;
2689 }
2690
2691 /******************************************************************************
2692  * import_public_key [Internal]
2693  *
2694  * Import a BLOB'ed public key into a key container.
2695  *
2696  * PARAMS
2697  *  hProv     [I] Key container into which the public key is to be imported.
2698  *  pbData    [I] Pointer to a buffer which holds the public key BLOB.
2699  *  dwDataLen [I] Length of data in buffer at pbData.
2700  *  dwFlags   [I] One of:
2701  *                CRYPT_EXPORTABLE: the imported key is marked exportable
2702  *  fStoreKey [I] If TRUE, the imported key is stored to the registry.
2703  *  phKey     [O] Handle to the imported key.
2704  *
2705  *
2706  * NOTES
2707  *  Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2708  *  it's a PUBLICKEYBLOB.
2709  *
2710  * RETURNS
2711  *  Success: TRUE.
2712  *  Failure: FALSE.
2713  */
2714 static BOOL import_public_key(HCRYPTPROV hProv, CONST BYTE *pbData, DWORD dwDataLen,
2715                               DWORD dwFlags, BOOL fStoreKey, HCRYPTKEY *phKey)
2716 {
2717     KEYCONTAINER *pKeyContainer;
2718     CRYPTKEY *pCryptKey;
2719     CONST BLOBHEADER *pBlobHeader = (CONST BLOBHEADER*)pbData;
2720     CONST RSAPUBKEY *pRSAPubKey = (CONST RSAPUBKEY*)(pBlobHeader+1);
2721     ALG_ID algID;
2722     BOOL ret;
2723
2724     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
2725                        (OBJECTHDR**)&pKeyContainer))
2726     {
2727         SetLastError(NTE_BAD_UID);
2728         return FALSE;
2729     }
2730
2731     if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)) ||
2732         (pRSAPubKey->magic != RSAENH_MAGIC_RSA1) ||
2733         (dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + (pRSAPubKey->bitlen >> 3)))
2734     {
2735         SetLastError(NTE_BAD_DATA);
2736         return FALSE;
2737     }
2738
2739     /* Since this is a public key blob, only the public key is
2740      * available, so only signature verification is possible.
2741      */
2742     algID = pBlobHeader->aiKeyAlg;
2743     *phKey = new_key(hProv, algID, MAKELONG(0,pRSAPubKey->bitlen), &pCryptKey);
2744     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
2745     setup_key(pCryptKey);
2746     ret = import_public_key_impl((CONST BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2747                                   pRSAPubKey->bitlen >> 3, pRSAPubKey->pubexp);
2748     if (ret) {
2749         if (dwFlags & CRYPT_EXPORTABLE)
2750             pCryptKey->dwPermissions |= CRYPT_EXPORT;
2751         switch (pBlobHeader->aiKeyAlg)
2752         {
2753         case AT_KEYEXCHANGE:
2754         case CALG_RSA_KEYX:
2755             TRACE("installing public key\n");
2756             release_and_install_key(hProv, *phKey, &pKeyContainer->hKeyExchangeKeyPair,
2757                                     fStoreKey);
2758             break;
2759         }
2760     }
2761     return ret;
2762 }
2763
2764 /******************************************************************************
2765  * import_symmetric_key [Internal]
2766  *
2767  * Import a BLOB'ed symmetric key into a key container.
2768  *
2769  * PARAMS
2770  *  hProv     [I] Key container into which the symmetric key is to be imported.
2771  *  pbData    [I] Pointer to a buffer which holds the symmetric key BLOB.
2772  *  dwDataLen [I] Length of data in buffer at pbData.
2773  *  hPubKey   [I] Key used to decrypt sensitive BLOB data.
2774  *  dwFlags   [I] One of:
2775  *                CRYPT_EXPORTABLE: the imported key is marked exportable
2776  *  phKey     [O] Handle to the imported key.
2777  *
2778  *
2779  * NOTES
2780  *  Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2781  *  it's a SIMPLEBLOB.
2782  *
2783  * RETURNS
2784  *  Success: TRUE.
2785  *  Failure: FALSE.
2786  */
2787 static BOOL import_symmetric_key(HCRYPTPROV hProv, CONST BYTE *pbData,
2788                                  DWORD dwDataLen, HCRYPTKEY hPubKey,
2789                                  DWORD dwFlags, HCRYPTKEY *phKey)
2790 {
2791     CRYPTKEY *pCryptKey, *pPubKey;
2792     CONST BLOBHEADER *pBlobHeader = (CONST BLOBHEADER*)pbData;
2793     CONST ALG_ID *pAlgid = (CONST ALG_ID*)(pBlobHeader+1);
2794     CONST BYTE *pbKeyStream = (CONST BYTE*)(pAlgid + 1);
2795     BYTE *pbDecrypted;
2796     DWORD dwKeyLen;
2797
2798     if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pPubKey) ||
2799         pPubKey->aiAlgid != CALG_RSA_KEYX)
2800     {
2801         SetLastError(NTE_BAD_PUBLIC_KEY); /* FIXME: error code? */
2802         return FALSE;
2803     }
2804
2805     if (dwDataLen < sizeof(BLOBHEADER)+sizeof(ALG_ID)+pPubKey->dwBlockLen)
2806     {
2807         SetLastError(NTE_BAD_DATA); /* FIXME: error code */
2808         return FALSE;
2809     }
2810
2811     pbDecrypted = HeapAlloc(GetProcessHeap(), 0, pPubKey->dwBlockLen);
2812     if (!pbDecrypted) return FALSE;
2813     encrypt_block_impl(pPubKey->aiAlgid, PK_PRIVATE, &pPubKey->context, pbKeyStream, pbDecrypted,
2814                        RSAENH_DECRYPT);
2815
2816     dwKeyLen = RSAENH_MAX_KEY_SIZE;
2817     if (!unpad_data(pbDecrypted, pPubKey->dwBlockLen, pbDecrypted, &dwKeyLen, dwFlags)) {
2818         HeapFree(GetProcessHeap(), 0, pbDecrypted);
2819         return FALSE;
2820     }
2821
2822     *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, dwKeyLen<<19, &pCryptKey);
2823     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
2824     {
2825         HeapFree(GetProcessHeap(), 0, pbDecrypted);
2826         return FALSE;
2827     }
2828     memcpy(pCryptKey->abKeyValue, pbDecrypted, dwKeyLen);
2829     HeapFree(GetProcessHeap(), 0, pbDecrypted);
2830     setup_key(pCryptKey);
2831     if (dwFlags & CRYPT_EXPORTABLE)
2832         pCryptKey->dwPermissions |= CRYPT_EXPORT;
2833     return TRUE;
2834 }
2835
2836 /******************************************************************************
2837  * import_key [Internal]
2838  *
2839  * Import a BLOB'ed key into a key container, optionally storing the key's
2840  * value to the registry.
2841  *
2842  * PARAMS
2843  *  hProv     [I] Key container into which the key is to be imported.
2844  *  pbData    [I] Pointer to a buffer which holds the BLOB.
2845  *  dwDataLen [I] Length of data in buffer at pbData.
2846  *  hPubKey   [I] Key used to decrypt sensitive BLOB data.
2847  *  dwFlags   [I] One of:
2848  *                CRYPT_EXPORTABLE: the imported key is marked exportable
2849  *  fStoreKey [I] If TRUE, the imported key is stored to the registry.
2850  *  phKey     [O] Handle to the imported key.
2851  *
2852  * RETURNS
2853  *  Success: TRUE.
2854  *  Failure: FALSE.
2855  */
2856 static BOOL import_key(HCRYPTPROV hProv, CONST BYTE *pbData, DWORD dwDataLen,
2857                        HCRYPTKEY hPubKey, DWORD dwFlags, BOOL fStoreKey,
2858                        HCRYPTKEY *phKey)
2859 {
2860     KEYCONTAINER *pKeyContainer;
2861     CONST BLOBHEADER *pBlobHeader = (CONST BLOBHEADER*)pbData;
2862
2863     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
2864                        (OBJECTHDR**)&pKeyContainer)) 
2865     {
2866         SetLastError(NTE_BAD_UID);
2867         return FALSE;
2868     }
2869
2870     if (dwDataLen < sizeof(BLOBHEADER) || 
2871         pBlobHeader->bVersion != CUR_BLOB_VERSION ||
2872         pBlobHeader->reserved != 0) 
2873     {
2874         SetLastError(NTE_BAD_DATA);
2875         return FALSE;
2876     }
2877
2878     /* If this is a verify-only context, the key is not persisted regardless of
2879      * fStoreKey's original value.
2880      */
2881     fStoreKey = fStoreKey && !(dwFlags & CRYPT_VERIFYCONTEXT);
2882     switch (pBlobHeader->bType)
2883     {
2884         case PRIVATEKEYBLOB:    
2885             return import_private_key(hProv, pbData, dwDataLen, dwFlags,
2886                                       fStoreKey, phKey);
2887                 
2888         case PUBLICKEYBLOB:
2889             return import_public_key(hProv, pbData, dwDataLen, dwFlags,
2890                                      fStoreKey, phKey);
2891                 
2892         case SIMPLEBLOB:
2893             return import_symmetric_key(hProv, pbData, dwDataLen, hPubKey,
2894                                         dwFlags, phKey);
2895
2896         default:
2897             SetLastError(NTE_BAD_TYPE); /* FIXME: error code? */
2898             return FALSE;
2899     }
2900 }
2901
2902 /******************************************************************************
2903  * CPImportKey (RSAENH.@)
2904  *
2905  * Import a BLOB'ed key into a key container.
2906  *
2907  * PARAMS
2908  *  hProv     [I] Key container into which the key is to be imported.
2909  *  pbData    [I] Pointer to a buffer which holds the BLOB.
2910  *  dwDataLen [I] Length of data in buffer at pbData.
2911  *  hPubKey   [I] Key used to decrypt sensitive BLOB data.
2912  *  dwFlags   [I] One of:
2913  *                CRYPT_EXPORTABLE: the imported key is marked exportable
2914  *  phKey     [O] Handle to the imported key.
2915  *
2916  * RETURNS
2917  *  Success: TRUE.
2918  *  Failure: FALSE.
2919  */
2920 BOOL WINAPI RSAENH_CPImportKey(HCRYPTPROV hProv, CONST BYTE *pbData, DWORD dwDataLen,
2921                                HCRYPTKEY hPubKey, DWORD dwFlags, HCRYPTKEY *phKey)
2922 {
2923     TRACE("(hProv=%08lx, pbData=%p, dwDataLen=%d, hPubKey=%08lx, dwFlags=%08x, phKey=%p)\n",
2924         hProv, pbData, dwDataLen, hPubKey, dwFlags, phKey);
2925
2926     return import_key(hProv, pbData, dwDataLen, hPubKey, dwFlags, TRUE, phKey);
2927 }
2928
2929 /******************************************************************************
2930  * CPGenKey (RSAENH.@)
2931  *
2932  * Generate a key in the key container
2933  *
2934  * PARAMS
2935  *  hProv   [I] Key container for which a key is to be generated.
2936  *  Algid   [I] Crypto algorithm identifier for the key to be generated.
2937  *  dwFlags [I] Upper 16 bits: Binary length of key. Lower 16 bits: Flags. See Notes
2938  *  phKey   [O] Handle to the generated key.
2939  *
2940  * RETURNS
2941  *  Success: TRUE.
2942  *  Failure: FALSE.
2943  *
2944  * FIXME
2945  *  Flags currently not considered.
2946  *
2947  * NOTES
2948  *  Private key-exchange- and signature-keys can be generated with Algid AT_KEYEXCHANGE
2949  *  and AT_SIGNATURE values.
2950  */
2951 BOOL WINAPI RSAENH_CPGenKey(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags, HCRYPTKEY *phKey)
2952 {
2953     KEYCONTAINER *pKeyContainer;
2954     CRYPTKEY *pCryptKey;
2955
2956     TRACE("(hProv=%08lx, aiAlgid=%d, dwFlags=%08x, phKey=%p)\n", hProv, Algid, dwFlags, phKey);
2957
2958     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
2959                        (OBJECTHDR**)&pKeyContainer)) 
2960     {
2961         /* MSDN: hProv not containing valid context handle */
2962         SetLastError(NTE_BAD_UID);
2963         return FALSE;
2964     }
2965     
2966     switch (Algid)
2967     {
2968         case AT_SIGNATURE:
2969         case CALG_RSA_SIGN:
2970             *phKey = new_key(hProv, CALG_RSA_SIGN, dwFlags, &pCryptKey);
2971             if (pCryptKey) { 
2972                 new_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen);
2973                 setup_key(pCryptKey);
2974                 if (Algid == AT_SIGNATURE) {
2975                     RSAENH_CPDestroyKey(hProv, pKeyContainer->hSignatureKeyPair);
2976                     copy_handle(&handle_table, *phKey, RSAENH_MAGIC_KEY,
2977                                 &pKeyContainer->hSignatureKeyPair);
2978                 }
2979             }
2980             break;
2981
2982         case AT_KEYEXCHANGE:
2983         case CALG_RSA_KEYX:
2984             *phKey = new_key(hProv, CALG_RSA_KEYX, dwFlags, &pCryptKey);
2985             if (pCryptKey) { 
2986                 new_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen);
2987                 setup_key(pCryptKey);
2988                 if (Algid == AT_KEYEXCHANGE) {
2989                     RSAENH_CPDestroyKey(hProv, pKeyContainer->hKeyExchangeKeyPair);
2990                     copy_handle(&handle_table, *phKey, RSAENH_MAGIC_KEY,
2991                                 &pKeyContainer->hKeyExchangeKeyPair);
2992                 }
2993             }
2994             break;
2995             
2996         case CALG_RC2:
2997         case CALG_RC4:
2998         case CALG_DES:
2999         case CALG_3DES_112:
3000         case CALG_3DES:
3001         case CALG_AES:
3002         case CALG_AES_128:
3003         case CALG_AES_192:
3004         case CALG_AES_256:
3005         case CALG_PCT1_MASTER:
3006         case CALG_SSL2_MASTER:
3007         case CALG_SSL3_MASTER:
3008         case CALG_TLS1_MASTER:
3009             *phKey = new_key(hProv, Algid, dwFlags, &pCryptKey);
3010             if (pCryptKey) {
3011                 gen_rand_impl(pCryptKey->abKeyValue, RSAENH_MAX_KEY_SIZE);
3012                 switch (Algid) {
3013                     case CALG_SSL3_MASTER:
3014                         pCryptKey->abKeyValue[0] = RSAENH_SSL3_VERSION_MAJOR;
3015                         pCryptKey->abKeyValue[1] = RSAENH_SSL3_VERSION_MINOR;
3016                         break;
3017
3018                     case CALG_TLS1_MASTER:
3019                         pCryptKey->abKeyValue[0] = RSAENH_TLS1_VERSION_MAJOR;
3020                         pCryptKey->abKeyValue[1] = RSAENH_TLS1_VERSION_MINOR;
3021                         break;
3022                 }
3023                 setup_key(pCryptKey);
3024             }
3025             break;
3026             
3027         default:
3028             /* MSDN: Algorithm not supported specified by Algid */
3029             SetLastError(NTE_BAD_ALGID);
3030             return FALSE;
3031     }
3032             
3033     return *phKey != (HCRYPTKEY)INVALID_HANDLE_VALUE;
3034 }
3035
3036 /******************************************************************************
3037  * CPGenRandom (RSAENH.@)
3038  *
3039  * Generate a random byte stream.
3040  *
3041  * PARAMS
3042  *  hProv    [I] Key container that is used to generate random bytes.
3043  *  dwLen    [I] Specifies the number of requested random data bytes.
3044  *  pbBuffer [O] Random bytes will be stored here.
3045  *
3046  * RETURNS
3047  *  Success: TRUE
3048  *  Failure: FALSE
3049  */
3050 BOOL WINAPI RSAENH_CPGenRandom(HCRYPTPROV hProv, DWORD dwLen, BYTE *pbBuffer)
3051 {
3052     TRACE("(hProv=%08lx, dwLen=%d, pbBuffer=%p)\n", hProv, dwLen, pbBuffer);
3053     
3054     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3055     {
3056         /* MSDN: hProv not containing valid context handle */
3057         SetLastError(NTE_BAD_UID);
3058         return FALSE;
3059     }
3060
3061     return gen_rand_impl(pbBuffer, dwLen);
3062 }
3063
3064 /******************************************************************************
3065  * CPGetHashParam (RSAENH.@)
3066  *
3067  * Query parameters of an hash object.
3068  *
3069  * PARAMS
3070  *  hProv      [I]   The kea container, which the hash belongs to.
3071  *  hHash      [I]   The hash object that is to be queried.
3072  *  dwParam    [I]   Specifies the parameter that is to be queried.
3073  *  pbData     [I]   Pointer to the buffer where the parameter value will be stored.
3074  *  pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3075  *  dwFlags    [I]   None currently defined.
3076  *
3077  * RETURNS
3078  *  Success: TRUE
3079  *  Failure: FALSE
3080  *
3081  * NOTES
3082  *  Valid dwParams are: HP_ALGID, HP_HASHSIZE, HP_HASHVALUE. The hash will be 
3083  *  finalized if HP_HASHVALUE is queried.
3084  */
3085 BOOL WINAPI RSAENH_CPGetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, BYTE *pbData, 
3086                                   DWORD *pdwDataLen, DWORD dwFlags) 
3087 {
3088     CRYPTHASH *pCryptHash;
3089         
3090     TRACE("(hProv=%08lx, hHash=%08lx, dwParam=%08x, pbData=%p, pdwDataLen=%p, dwFlags=%08x)\n",
3091         hProv, hHash, dwParam, pbData, pdwDataLen, dwFlags);
3092     
3093     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3094     {
3095         SetLastError(NTE_BAD_UID);
3096         return FALSE;
3097     }
3098
3099     if (dwFlags)
3100     {
3101         SetLastError(NTE_BAD_FLAGS);
3102         return FALSE;
3103     }
3104     
3105     if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH,
3106                        (OBJECTHDR**)&pCryptHash))
3107     {
3108         SetLastError(NTE_BAD_HASH);
3109         return FALSE;
3110     }
3111
3112     if (!pdwDataLen)
3113     {
3114         SetLastError(ERROR_INVALID_PARAMETER);
3115         return FALSE;
3116     }
3117     
3118     switch (dwParam)
3119     {
3120         case HP_ALGID:
3121             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptHash->aiAlgid, 
3122                               sizeof(ALG_ID));
3123
3124         case HP_HASHSIZE:
3125             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptHash->dwHashSize, 
3126                               sizeof(DWORD));
3127
3128         case HP_HASHVAL:
3129             if (pCryptHash->aiAlgid == CALG_TLS1PRF) {
3130                 return tls1_prf(hProv, pCryptHash->hKey, &pCryptHash->tpPRFParams.blobLabel,
3131                                 &pCryptHash->tpPRFParams.blobSeed, pbData, *pdwDataLen);
3132             }
3133
3134             if ( pbData == NULL ) {
3135                 *pdwDataLen = pCryptHash->dwHashSize;
3136                 return TRUE;
3137             }
3138
3139             if (pbData && (pCryptHash->dwState != RSAENH_HASHSTATE_FINISHED))
3140             {
3141                 finalize_hash(pCryptHash);
3142                 pCryptHash->dwState = RSAENH_HASHSTATE_FINISHED;
3143             }
3144
3145             return copy_param(pbData, pdwDataLen, pCryptHash->abHashValue,
3146                               pCryptHash->dwHashSize);
3147
3148         default:
3149             SetLastError(NTE_BAD_TYPE);
3150             return FALSE;
3151     }
3152 }
3153
3154 /******************************************************************************
3155  * CPSetKeyParam (RSAENH.@)
3156  *
3157  * Set a parameter of a key object
3158  *
3159  * PARAMS
3160  *  hProv   [I] The key container to which the key belongs.
3161  *  hKey    [I] The key for which a parameter is to be set.
3162  *  dwParam [I] Parameter type. See Notes.
3163  *  pbData  [I] Pointer to the parameter value.
3164  *  dwFlags [I] Currently none defined.
3165  *
3166  * RETURNS
3167  *  Success: TRUE.
3168  *  Failure: FALSE.
3169  *
3170  * NOTES:
3171  *  Defined dwParam types are:
3172  *   - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3173  *   - KP_MODE_BITS: Shift width for cipher feedback mode. (Currently ignored by MS CSP's)
3174  *   - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT, 
3175  *                     CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3176  *   - KP_IV: Initialization vector
3177  */
3178 BOOL WINAPI RSAENH_CPSetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData, 
3179                                  DWORD dwFlags)
3180 {
3181     CRYPTKEY *pCryptKey;
3182
3183     TRACE("(hProv=%08lx, hKey=%08lx, dwParam=%08x, pbData=%p, dwFlags=%08x)\n", hProv, hKey,
3184           dwParam, pbData, dwFlags);
3185
3186     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3187     {
3188         SetLastError(NTE_BAD_UID);
3189         return FALSE;
3190     }
3191
3192     if (dwFlags) {
3193         SetLastError(NTE_BAD_FLAGS);
3194         return FALSE;
3195     }
3196     
3197     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
3198     {
3199         SetLastError(NTE_BAD_KEY);
3200         return FALSE;
3201     }
3202     
3203     switch (dwParam) {
3204         case KP_PADDING:
3205             /* The MS providers only support PKCS5_PADDING */
3206             if (*(DWORD *)pbData != PKCS5_PADDING) {
3207                 SetLastError(NTE_BAD_DATA);
3208                 return FALSE;
3209             }
3210             return TRUE;
3211
3212         case KP_MODE:
3213             pCryptKey->dwMode = *(DWORD*)pbData;
3214             return TRUE;
3215
3216         case KP_MODE_BITS:
3217             pCryptKey->dwModeBits = *(DWORD*)pbData;
3218             return TRUE;
3219
3220         case KP_PERMISSIONS:
3221         {
3222             DWORD perms = *(DWORD *)pbData;
3223
3224             if ((perms & CRYPT_EXPORT) &&
3225                 !(pCryptKey->dwPermissions & CRYPT_EXPORT))
3226             {
3227                 SetLastError(NTE_BAD_DATA);
3228                 return FALSE;
3229             }
3230             else if (!(perms & CRYPT_EXPORT) &&
3231                 (pCryptKey->dwPermissions & CRYPT_EXPORT))
3232             {
3233                 /* Clearing the export permission appears to be ignored,
3234                  * see tests.
3235                  */
3236                 perms |= CRYPT_EXPORT;
3237             }
3238             pCryptKey->dwPermissions = perms;
3239             return TRUE;
3240         }
3241
3242         case KP_IV:
3243             memcpy(pCryptKey->abInitVector, pbData, pCryptKey->dwBlockLen);
3244             setup_key(pCryptKey);
3245             return TRUE;
3246
3247         case KP_SALT_EX:
3248         {
3249             CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)pbData;
3250
3251             /* salt length can't be greater than 184 bits = 24 bytes */
3252             if (blob->cbData > 24)
3253             {
3254                 SetLastError(NTE_BAD_DATA);
3255                 return FALSE;
3256             }
3257             memcpy(pCryptKey->abKeyValue + pCryptKey->dwKeyLen, blob->pbData,
3258                    blob->cbData);
3259             pCryptKey->dwSaltLen = blob->cbData;
3260             setup_key(pCryptKey);
3261             return TRUE;
3262         }
3263
3264         case KP_EFFECTIVE_KEYLEN:
3265             switch (pCryptKey->aiAlgid) {
3266                 case CALG_RC2:
3267                     if (!pbData)
3268                     {
3269                         SetLastError(ERROR_INVALID_PARAMETER);
3270                         return FALSE;
3271                     }
3272                     else if (!*(DWORD *)pbData || *(DWORD *)pbData > 1024)
3273                     {
3274                         SetLastError(NTE_BAD_DATA);
3275                         return FALSE;
3276                     }
3277                     else
3278                     {
3279                         pCryptKey->dwEffectiveKeyLen = *(DWORD *)pbData;
3280                         setup_key(pCryptKey);
3281                     }
3282                     break;
3283                 default:
3284                     SetLastError(NTE_BAD_TYPE);
3285                     return FALSE;
3286             }
3287             return TRUE;
3288
3289         case KP_SCHANNEL_ALG:
3290             switch (((PSCHANNEL_ALG)pbData)->dwUse) {
3291                 case SCHANNEL_ENC_KEY:
3292                     memcpy(&pCryptKey->siSChannelInfo.saEncAlg, pbData, sizeof(SCHANNEL_ALG));
3293                     break;
3294
3295                 case SCHANNEL_MAC_KEY:
3296                     memcpy(&pCryptKey->siSChannelInfo.saMACAlg, pbData, sizeof(SCHANNEL_ALG));
3297                     break;
3298
3299                 default:
3300                     SetLastError(NTE_FAIL); /* FIXME: error code */
3301                     return FALSE;
3302             }
3303             return TRUE;
3304
3305         case KP_CLIENT_RANDOM:
3306             return copy_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom, (PCRYPT_DATA_BLOB)pbData);
3307             
3308         case KP_SERVER_RANDOM:
3309             return copy_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom, (PCRYPT_DATA_BLOB)pbData);
3310
3311         default:
3312             SetLastError(NTE_BAD_TYPE);
3313             return FALSE;
3314     }
3315 }
3316
3317 /******************************************************************************
3318  * CPGetKeyParam (RSAENH.@)
3319  *
3320  * Query a key parameter.
3321  *
3322  * PARAMS
3323  *  hProv      [I]   The key container, which the key belongs to.
3324  *  hHash      [I]   The key object that is to be queried.
3325  *  dwParam    [I]   Specifies the parameter that is to be queried.
3326  *  pbData     [I]   Pointer to the buffer where the parameter value will be stored.
3327  *  pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3328  *  dwFlags    [I]   None currently defined.
3329  *
3330  * RETURNS
3331  *  Success: TRUE
3332  *  Failure: FALSE
3333  *
3334  * NOTES
3335  *  Defined dwParam types are:
3336  *   - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3337  *   - KP_MODE_BITS: Shift width for cipher feedback mode. 
3338  *                   (Currently ignored by MS CSP's - always eight)
3339  *   - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT, 
3340  *                     CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3341  *   - KP_IV: Initialization vector.
3342  *   - KP_KEYLEN: Bitwidth of the key.
3343  *   - KP_BLOCKLEN: Size of a block cipher block.
3344  *   - KP_SALT: Salt value.
3345  */
3346 BOOL WINAPI RSAENH_CPGetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData, 
3347                                  DWORD *pdwDataLen, DWORD dwFlags)
3348 {
3349     CRYPTKEY *pCryptKey;
3350     DWORD dwValue;
3351         
3352     TRACE("(hProv=%08lx, hKey=%08lx, dwParam=%08x, pbData=%p, pdwDataLen=%p dwFlags=%08x)\n",
3353           hProv, hKey, dwParam, pbData, pdwDataLen, dwFlags);
3354
3355     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3356     {
3357         SetLastError(NTE_BAD_UID);
3358         return FALSE;
3359     }
3360
3361     if (dwFlags) {
3362         SetLastError(NTE_BAD_FLAGS);
3363         return FALSE;
3364     }
3365
3366     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
3367     {
3368         SetLastError(NTE_BAD_KEY);
3369         return FALSE;
3370     }
3371
3372     switch (dwParam) 
3373     {
3374         case KP_IV:
3375             return copy_param(pbData, pdwDataLen, pCryptKey->abInitVector,
3376                               pCryptKey->dwBlockLen);
3377         
3378         case KP_SALT:
3379             return copy_param(pbData, pdwDataLen, 
3380                     &pCryptKey->abKeyValue[pCryptKey->dwKeyLen], pCryptKey->dwSaltLen);
3381
3382         case KP_PADDING:
3383             dwValue = PKCS5_PADDING;
3384             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwValue, sizeof(DWORD));
3385
3386         case KP_KEYLEN:
3387             dwValue = pCryptKey->dwKeyLen << 3;
3388             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwValue, sizeof(DWORD));
3389         
3390         case KP_EFFECTIVE_KEYLEN:
3391             if (pCryptKey->dwEffectiveKeyLen)
3392                 dwValue = pCryptKey->dwEffectiveKeyLen;
3393             else
3394                 dwValue = pCryptKey->dwKeyLen << 3;
3395             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwValue, sizeof(DWORD));
3396
3397         case KP_BLOCKLEN:
3398             dwValue = pCryptKey->dwBlockLen << 3;
3399             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwValue, sizeof(DWORD));
3400     
3401         case KP_MODE:
3402             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->dwMode, sizeof(DWORD));
3403
3404         case KP_MODE_BITS:
3405             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->dwModeBits, 
3406                               sizeof(DWORD));
3407     
3408         case KP_PERMISSIONS:
3409             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->dwPermissions, 
3410                               sizeof(DWORD));
3411
3412         case KP_ALGID:
3413             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&pCryptKey->aiAlgid, sizeof(DWORD));
3414             
3415         default:
3416             SetLastError(NTE_BAD_TYPE);
3417             return FALSE;
3418     }
3419 }
3420                         
3421 /******************************************************************************
3422  * CPGetProvParam (RSAENH.@)
3423  *
3424  * Query a CSP parameter.
3425  *
3426  * PARAMS
3427  *  hProv      [I]   The key container that is to be queried.
3428  *  dwParam    [I]   Specifies the parameter that is to be queried.
3429  *  pbData     [I]   Pointer to the buffer where the parameter value will be stored.
3430  *  pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3431  *  dwFlags    [I]   CRYPT_FIRST: Start enumeration (for PP_ENUMALGS{_EX}).
3432  *
3433  * RETURNS
3434  *  Success: TRUE
3435  *  Failure: FALSE
3436  * NOTES:
3437  *  Defined dwParam types:
3438  *   - PP_CONTAINER: Name of the key container.
3439  *   - PP_NAME: Name of the cryptographic service provider.
3440  *   - PP_SIG_KEYSIZE_INC: RSA signature keywidth granularity in bits.
3441  *   - PP_KEYX_KEYSIZE_INC: RSA key-exchange keywidth granularity in bits.
3442  *   - PP_ENUMALGS{_EX}: Query provider capabilities.
3443  */
3444 BOOL WINAPI RSAENH_CPGetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, 
3445                                   DWORD *pdwDataLen, DWORD dwFlags)
3446 {
3447     KEYCONTAINER *pKeyContainer;
3448     PROV_ENUMALGS provEnumalgs;
3449     DWORD dwTemp;
3450     HKEY hKey;
3451    
3452     /* This is for dwParam PP_CRYPT_COUNT_KEY_USE.
3453      * IE6 SP1 asks for it in the 'About' dialog.
3454      * Returning this BLOB seems to satisfy IE. The marked 0x00 seem 
3455      * to be 'don't care's. If you know anything more specific about
3456      * this provider parameter, please report to wine-devel@winehq.org */
3457     static CONST BYTE abWTF[96] = { 
3458         0xb0, 0x25,     0x63,     0x86, 0x9c, 0xab,     0xb6,     0x37, 
3459         0xe8, 0x82, /**/0x00,/**/ 0x72, 0x06, 0xb2, /**/0x00,/**/ 0x3b, 
3460         0x60, 0x35, /**/0x00,/**/ 0x3b, 0x88, 0xce, /**/0x00,/**/ 0x82, 
3461         0xbc, 0x7a, /**/0x00,/**/ 0xb7, 0x4f, 0x7e, /**/0x00,/**/ 0xde, 
3462         0x92, 0xf1, /**/0x00,/**/ 0x83, 0xea, 0x5e, /**/0x00,/**/ 0xc8, 
3463         0x12, 0x1e,     0xd4,     0x06, 0xf7, 0x66, /**/0x00,/**/ 0x01, 
3464         0x29, 0xa4, /**/0x00,/**/ 0xf8, 0x24, 0x0c, /**/0x00,/**/ 0x33, 
3465         0x06, 0x80, /**/0x00,/**/ 0x02, 0x46, 0x0b, /**/0x00,/**/ 0x6d, 
3466         0x5b, 0xca, /**/0x00,/**/ 0x9a, 0x10, 0xf0, /**/0x00,/**/ 0x05, 
3467         0x19, 0xd0, /**/0x00,/**/ 0x2c, 0xf6, 0x27, /**/0x00,/**/ 0xaa, 
3468         0x7c, 0x6f, /**/0x00,/**/ 0xb9, 0xd8, 0x72, /**/0x00,/**/ 0x03, 
3469         0xf3, 0x81, /**/0x00,/**/ 0xfa, 0xe8, 0x26, /**/0x00,/**/ 0xca 
3470     };
3471
3472     TRACE("(hProv=%08lx, dwParam=%08x, pbData=%p, pdwDataLen=%p, dwFlags=%08x)\n",
3473            hProv, dwParam, pbData, pdwDataLen, dwFlags);
3474
3475     if (!pdwDataLen) {
3476         SetLastError(ERROR_INVALID_PARAMETER);
3477         return FALSE;
3478     }
3479     
3480     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
3481                        (OBJECTHDR**)&pKeyContainer)) 
3482     {
3483         /* MSDN: hProv not containing valid context handle */
3484         SetLastError(NTE_BAD_UID);
3485         return FALSE;
3486     }
3487
3488     switch (dwParam) 
3489     {
3490         case PP_CONTAINER:
3491         case PP_UNIQUE_CONTAINER:/* MSDN says we can return the same value as PP_CONTAINER */
3492             return copy_param(pbData, pdwDataLen, (CONST BYTE*)pKeyContainer->szName, 
3493                               strlen(pKeyContainer->szName)+1);
3494
3495         case PP_NAME:
3496             return copy_param(pbData, pdwDataLen, (CONST BYTE*)pKeyContainer->szProvName, 
3497                               strlen(pKeyContainer->szProvName)+1);
3498
3499         case PP_PROVTYPE:
3500             dwTemp = PROV_RSA_FULL;
3501             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3502
3503         case PP_KEYSPEC:
3504             dwTemp = AT_SIGNATURE | AT_KEYEXCHANGE;
3505             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3506
3507         case PP_KEYSET_TYPE:
3508             dwTemp = pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET;
3509             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3510
3511         case PP_KEYSTORAGE:
3512             dwTemp = CRYPT_SEC_DESCR;
3513             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3514
3515         case PP_SIG_KEYSIZE_INC:
3516         case PP_KEYX_KEYSIZE_INC:
3517             dwTemp = 8;
3518             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3519
3520         case PP_IMPTYPE:
3521             dwTemp = CRYPT_IMPL_SOFTWARE;
3522             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3523
3524         case PP_VERSION:
3525             dwTemp = 0x00000200;
3526             return copy_param(pbData, pdwDataLen, (CONST BYTE*)&dwTemp, sizeof(dwTemp));
3527             
3528         case PP_ENUMCONTAINERS:
3529             if ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) pKeyContainer->dwEnumContainersCtr = 0;
3530
3531             if (!pbData) {
3532                 *pdwDataLen = (DWORD)MAX_PATH + 1;
3533                 return TRUE;
3534             }
3535  
3536             if (!open_container_key("", dwFlags, &hKey))
3537             {
3538                 SetLastError(ERROR_NO_MORE_ITEMS);
3539                 return FALSE;
3540             }
3541
3542             dwTemp = *pdwDataLen;
3543             switch (RegEnumKeyExA(hKey, pKeyContainer->dwEnumContainersCtr, (LPSTR)pbData, &dwTemp,
3544                     NULL, NULL, NULL, NULL))
3545             {
3546                 case ERROR_MORE_DATA:
3547                     *pdwDataLen = (DWORD)MAX_PATH + 1;
3548  
3549                 case ERROR_SUCCESS:
3550                     pKeyContainer->dwEnumContainersCtr++;
3551                     RegCloseKey(hKey);
3552                     return TRUE;
3553
3554                 case ERROR_NO_MORE_ITEMS:
3555                 default:
3556                     SetLastError(ERROR_NO_MORE_ITEMS);
3557                     RegCloseKey(hKey);
3558                     return FALSE;
3559             }
3560  
3561         case PP_ENUMALGS:
3562         case PP_ENUMALGS_EX:
3563             if (((pKeyContainer->dwEnumAlgsCtr >= RSAENH_MAX_ENUMALGS-1) ||
3564                  (!aProvEnumAlgsEx[pKeyContainer->dwPersonality]
3565                    [pKeyContainer->dwEnumAlgsCtr+1].aiAlgid)) && 
3566                 ((dwFlags & CRYPT_FIRST) != CRYPT_FIRST))
3567             {
3568                 SetLastError(ERROR_NO_MORE_ITEMS);
3569                 return FALSE;
3570             }
3571
3572             if (dwParam == PP_ENUMALGS) {    
3573                 if (pbData && (*pdwDataLen >= sizeof(PROV_ENUMALGS))) 
3574                     pKeyContainer->dwEnumAlgsCtr = ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) ? 
3575                         0 : pKeyContainer->dwEnumAlgsCtr+1;
3576             
3577                 provEnumalgs.aiAlgid = aProvEnumAlgsEx
3578                     [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].aiAlgid;
3579                 provEnumalgs.dwBitLen = aProvEnumAlgsEx
3580                     [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].dwDefaultLen;
3581                 provEnumalgs.dwNameLen = aProvEnumAlgsEx
3582                     [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].dwNameLen;
3583                 memcpy(provEnumalgs.szName, aProvEnumAlgsEx
3584                        [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].szName, 
3585                        20*sizeof(CHAR));
3586             
3587                 return copy_param(pbData, pdwDataLen, (CONST BYTE*)&provEnumalgs, 
3588                                   sizeof(PROV_ENUMALGS));
3589             } else {
3590                 if (pbData && (*pdwDataLen >= sizeof(PROV_ENUMALGS_EX))) 
3591                     pKeyContainer->dwEnumAlgsCtr = ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) ? 
3592                         0 : pKeyContainer->dwEnumAlgsCtr+1;
3593             
3594                 return copy_param(pbData, pdwDataLen, 
3595                                   (CONST BYTE*)&aProvEnumAlgsEx
3596                                       [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr], 
3597                                   sizeof(PROV_ENUMALGS_EX));
3598             }
3599
3600         case PP_CRYPT_COUNT_KEY_USE: /* Asked for by IE About dialog */
3601             return copy_param(pbData, pdwDataLen, abWTF, sizeof(abWTF));
3602
3603         default:
3604             /* MSDN: Unknown parameter number in dwParam */
3605             SetLastError(NTE_BAD_TYPE);
3606             return FALSE;
3607     }
3608 }
3609
3610 /******************************************************************************
3611  * CPDeriveKey (RSAENH.@)
3612  *
3613  * Derives a key from a hash value.
3614  *
3615  * PARAMS
3616  *  hProv     [I] Key container for which a key is to be generated.
3617  *  Algid     [I] Crypto algorithm identifier for the key to be generated.
3618  *  hBaseData [I] Hash from whose value the key will be derived.
3619  *  dwFlags   [I] See Notes.
3620  *  phKey     [O] The generated key.
3621  *
3622  * RETURNS
3623  *  Success: TRUE
3624  *  Failure: FALSE
3625  *
3626  * NOTES
3627  *  Defined flags:
3628  *   - CRYPT_EXPORTABLE: Key can be exported.
3629  *   - CRYPT_NO_SALT: No salt is used for 40 bit keys.
3630  *   - CRYPT_CREATE_SALT: Use remaining bits as salt value.
3631  */
3632 BOOL WINAPI RSAENH_CPDeriveKey(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTHASH hBaseData, 
3633                                DWORD dwFlags, HCRYPTKEY *phKey)
3634 {
3635     CRYPTKEY *pCryptKey, *pMasterKey;
3636     CRYPTHASH *pCryptHash;
3637     BYTE abHashValue[RSAENH_MAX_HASH_SIZE*2];
3638     DWORD dwLen;
3639     
3640     TRACE("(hProv=%08lx, Algid=%d, hBaseData=%08lx, dwFlags=%08x phKey=%p)\n", hProv, Algid,
3641            hBaseData, dwFlags, phKey);
3642     
3643     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3644     {
3645         SetLastError(NTE_BAD_UID);
3646         return FALSE;
3647     }
3648
3649     if (!lookup_handle(&handle_table, hBaseData, RSAENH_MAGIC_HASH,
3650                        (OBJECTHDR**)&pCryptHash))
3651     {
3652         SetLastError(NTE_BAD_HASH);
3653         return FALSE;
3654     }
3655
3656     if (!phKey)
3657     {
3658         SetLastError(ERROR_INVALID_PARAMETER);
3659         return FALSE;
3660     }
3661
3662     switch (GET_ALG_CLASS(Algid))
3663     {
3664         case ALG_CLASS_DATA_ENCRYPT:
3665             *phKey = new_key(hProv, Algid, dwFlags, &pCryptKey);
3666             if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3667
3668             /* 
3669              * We derive the key material from the hash.
3670              * If the hash value is not large enough for the claimed key, we have to construct
3671              * a larger binary value based on the hash. This is documented in MSDN: CryptDeriveKey.
3672              */
3673             dwLen = RSAENH_MAX_HASH_SIZE;
3674             RSAENH_CPGetHashParam(pCryptHash->hProv, hBaseData, HP_HASHVAL, abHashValue, &dwLen, 0);
3675     
3676             if (dwLen < pCryptKey->dwKeyLen) {
3677                 BYTE pad1[RSAENH_HMAC_DEF_PAD_LEN], pad2[RSAENH_HMAC_DEF_PAD_LEN];
3678                 BYTE old_hashval[RSAENH_MAX_HASH_SIZE];
3679                 DWORD i;
3680
3681                 memcpy(old_hashval, pCryptHash->abHashValue, RSAENH_MAX_HASH_SIZE);
3682             
3683                 for (i=0; i<RSAENH_HMAC_DEF_PAD_LEN; i++) {
3684                     pad1[i] = RSAENH_HMAC_DEF_IPAD_CHAR ^ (i<dwLen ? abHashValue[i] : 0);
3685                     pad2[i] = RSAENH_HMAC_DEF_OPAD_CHAR ^ (i<dwLen ? abHashValue[i] : 0);
3686                 }
3687                 
3688                 init_hash(pCryptHash);
3689                 update_hash(pCryptHash, pad1, RSAENH_HMAC_DEF_PAD_LEN);
3690                 finalize_hash(pCryptHash);
3691                 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
3692
3693                 init_hash(pCryptHash);
3694                 update_hash(pCryptHash, pad2, RSAENH_HMAC_DEF_PAD_LEN);
3695                 finalize_hash(pCryptHash);
3696                 memcpy(abHashValue+pCryptHash->dwHashSize, pCryptHash->abHashValue, 
3697                        pCryptHash->dwHashSize);
3698
3699                 memcpy(pCryptHash->abHashValue, old_hashval, RSAENH_MAX_HASH_SIZE);
3700             }
3701     
3702             memcpy(pCryptKey->abKeyValue, abHashValue, 
3703                    RSAENH_MIN(pCryptKey->dwKeyLen, sizeof(pCryptKey->abKeyValue)));
3704             break;
3705
3706         case ALG_CLASS_MSG_ENCRYPT:
3707             if (!lookup_handle(&handle_table, pCryptHash->hKey, RSAENH_MAGIC_KEY,
3708                                (OBJECTHDR**)&pMasterKey)) 
3709             {
3710                 SetLastError(NTE_FAIL); /* FIXME error code */
3711                 return FALSE;
3712             }
3713                 
3714             switch (Algid) 
3715             {
3716                 /* See RFC 2246, chapter 6.3 Key calculation */
3717                 case CALG_SCHANNEL_ENC_KEY:
3718                     *phKey = new_key(hProv, pMasterKey->siSChannelInfo.saEncAlg.Algid, 
3719                                      MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saEncAlg.cBits),
3720                                      &pCryptKey);
3721                     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3722                     memcpy(pCryptKey->abKeyValue, 
3723                            pCryptHash->abHashValue + (
3724                                2 * (pMasterKey->siSChannelInfo.saMACAlg.cBits / 8) +
3725                                ((dwFlags & CRYPT_SERVER) ? 
3726                                    (pMasterKey->siSChannelInfo.saEncAlg.cBits / 8) : 0)),
3727                            pMasterKey->siSChannelInfo.saEncAlg.cBits / 8);
3728                     memcpy(pCryptKey->abInitVector,
3729                            pCryptHash->abHashValue + (
3730                                2 * (pMasterKey->siSChannelInfo.saMACAlg.cBits / 8) +
3731                                2 * (pMasterKey->siSChannelInfo.saEncAlg.cBits / 8) +
3732                                ((dwFlags & CRYPT_SERVER) ? pCryptKey->dwBlockLen : 0)),
3733                            pCryptKey->dwBlockLen);
3734                     break;
3735                     
3736                 case CALG_SCHANNEL_MAC_KEY:
3737                     *phKey = new_key(hProv, Algid, 
3738                                      MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saMACAlg.cBits),
3739                                      &pCryptKey);
3740                     if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3741                     memcpy(pCryptKey->abKeyValue,
3742                            pCryptHash->abHashValue + ((dwFlags & CRYPT_SERVER) ? 
3743                                pMasterKey->siSChannelInfo.saMACAlg.cBits / 8 : 0),
3744                            pMasterKey->siSChannelInfo.saMACAlg.cBits / 8);
3745                     break;
3746                     
3747                 default:
3748                     SetLastError(NTE_BAD_ALGID);
3749                     return FALSE;
3750             }
3751             break;
3752
3753         default:
3754             SetLastError(NTE_BAD_ALGID);
3755             return FALSE;
3756     }
3757
3758     setup_key(pCryptKey);
3759     return TRUE;    
3760 }
3761
3762 /******************************************************************************
3763  * CPGetUserKey (RSAENH.@)
3764  *
3765  * Returns a handle to the user's private key-exchange- or signature-key.
3766  *
3767  * PARAMS
3768  *  hProv     [I] The key container from which a user key is requested.
3769  *  dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
3770  *  phUserKey [O] Handle to the requested key or INVALID_HANDLE_VALUE in case of failure.
3771  *
3772  * RETURNS
3773  *  Success: TRUE.
3774  *  Failure: FALSE.
3775  *
3776  * NOTE
3777  *  A newly created key container does not contain private user key. Create them with CPGenKey.
3778  */
3779 BOOL WINAPI RSAENH_CPGetUserKey(HCRYPTPROV hProv, DWORD dwKeySpec, HCRYPTKEY *phUserKey)
3780 {
3781     KEYCONTAINER *pKeyContainer;
3782
3783     TRACE("(hProv=%08lx, dwKeySpec=%08x, phUserKey=%p)\n", hProv, dwKeySpec, phUserKey);
3784     
3785     if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
3786                        (OBJECTHDR**)&pKeyContainer)) 
3787     {
3788         /* MSDN: hProv not containing valid context handle */
3789         SetLastError(NTE_BAD_UID);
3790         return FALSE;
3791     }
3792
3793     switch (dwKeySpec)
3794     {
3795         case AT_KEYEXCHANGE:
3796             copy_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair, RSAENH_MAGIC_KEY, 
3797                         phUserKey);
3798             break;
3799
3800         case AT_SIGNATURE:
3801             copy_handle(&handle_table, pKeyContainer->hSignatureKeyPair, RSAENH_MAGIC_KEY, 
3802                         phUserKey);
3803             break;
3804
3805         default:
3806             *phUserKey = (HCRYPTKEY)INVALID_HANDLE_VALUE;
3807     }
3808
3809     if (*phUserKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
3810     {
3811         /* MSDN: dwKeySpec parameter specifies nonexistent key */
3812         SetLastError(NTE_NO_KEY);
3813         return FALSE;
3814     }
3815
3816     return TRUE;
3817 }
3818
3819 /******************************************************************************
3820  * CPHashData (RSAENH.@)
3821  *
3822  * Updates a hash object with the given data.
3823  *
3824  * PARAMS
3825  *  hProv     [I] Key container to which the hash object belongs.
3826  *  hHash     [I] Hash object which is to be updated.
3827  *  pbData    [I] Pointer to data with which the hash object is to be updated.
3828  *  dwDataLen [I] Length of the data.
3829  *  dwFlags   [I] Currently none defined.
3830  *
3831  * RETURNS
3832  *  Success: TRUE.
3833  *  Failure: FALSE.
3834  *
3835  * NOTES
3836  *  The actual hash value is queried with CPGetHashParam, which will finalize 
3837  *  the hash. Updating a finalized hash will fail with a last error NTE_BAD_HASH_STATE.
3838  */
3839 BOOL WINAPI RSAENH_CPHashData(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST BYTE *pbData, 
3840                               DWORD dwDataLen, DWORD dwFlags)
3841 {
3842     CRYPTHASH *pCryptHash;
3843         
3844     TRACE("(hProv=%08lx, hHash=%08lx, pbData=%p, dwDataLen=%d, dwFlags=%08x)\n",
3845           hProv, hHash, pbData, dwDataLen, dwFlags);
3846
3847     if (dwFlags)
3848     {
3849         SetLastError(NTE_BAD_FLAGS);
3850         return FALSE;
3851     }
3852
3853     if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH,
3854                        (OBJECTHDR**)&pCryptHash))
3855     {
3856         SetLastError(NTE_BAD_HASH);
3857         return FALSE;
3858     }
3859
3860     if (!get_algid_info(hProv, pCryptHash->aiAlgid) || pCryptHash->aiAlgid == CALG_SSL3_SHAMD5)
3861     {
3862         SetLastError(NTE_BAD_ALGID);
3863         return FALSE;
3864     }
3865     
3866     if (pCryptHash->dwState != RSAENH_HASHSTATE_HASHING)
3867     {
3868         SetLastError(NTE_BAD_HASH_STATE);
3869         return FALSE;
3870     }
3871
3872     update_hash(pCryptHash, pbData, dwDataLen);
3873     return TRUE;
3874 }
3875
3876 /******************************************************************************
3877  * CPHashSessionKey (RSAENH.@)
3878  *
3879  * Updates a hash object with the binary representation of a symmetric key.
3880  *
3881  * PARAMS
3882  *  hProv     [I] Key container to which the hash object belongs.
3883  *  hHash     [I] Hash object which is to be updated.
3884  *  hKey      [I] The symmetric key, whose binary value will be added to the hash.
3885  *  dwFlags   [I] CRYPT_LITTLE_ENDIAN, if the binary key value shall be interpreted as little endian.
3886  *
3887  * RETURNS
3888  *  Success: TRUE.
3889  *  Failure: FALSE.
3890  */
3891 BOOL WINAPI RSAENH_CPHashSessionKey(HCRYPTPROV hProv, HCRYPTHASH hHash, HCRYPTKEY hKey, 
3892                                     DWORD dwFlags)
3893 {
3894     BYTE abKeyValue[RSAENH_MAX_KEY_SIZE], bTemp;
3895     CRYPTKEY *pKey;
3896     DWORD i;
3897
3898     TRACE("(hProv=%08lx, hHash=%08lx, hKey=%08lx, dwFlags=%08x)\n", hProv, hHash, hKey, dwFlags);
3899
3900     if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pKey) ||
3901         (GET_ALG_CLASS(pKey->aiAlgid) != ALG_CLASS_DATA_ENCRYPT)) 
3902     {
3903         SetLastError(NTE_BAD_KEY);
3904         return FALSE;
3905     }
3906
3907     if (dwFlags & ~CRYPT_LITTLE_ENDIAN) {
3908         SetLastError(NTE_BAD_FLAGS);
3909         return FALSE;
3910     }
3911
3912     memcpy(abKeyValue, pKey->abKeyValue, pKey->dwKeyLen);
3913     if (!(dwFlags & CRYPT_LITTLE_ENDIAN)) {
3914         for (i=0; i<pKey->dwKeyLen/2; i++) {
3915             bTemp = abKeyValue[i];
3916             abKeyValue[i] = abKeyValue[pKey->dwKeyLen-i-1];
3917             abKeyValue[pKey->dwKeyLen-i-1] = bTemp;
3918         }
3919     }
3920
3921     return RSAENH_CPHashData(hProv, hHash, abKeyValue, pKey->dwKeyLen, 0);
3922 }
3923
3924 /******************************************************************************
3925  * CPReleaseContext (RSAENH.@)
3926  *
3927  * Release a key container.
3928  *
3929  * PARAMS
3930  *  hProv   [I] Key container to be released.
3931  *  dwFlags [I] Currently none defined.
3932  *
3933  * RETURNS
3934  *  Success: TRUE
3935  *  Failure: FALSE
3936  */
3937 BOOL WINAPI RSAENH_CPReleaseContext(HCRYPTPROV hProv, DWORD dwFlags)
3938 {
3939     TRACE("(hProv=%08lx, dwFlags=%08x)\n", hProv, dwFlags);
3940
3941     if (!release_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3942     {
3943         /* MSDN: hProv not containing valid context handle */
3944         SetLastError(NTE_BAD_UID);
3945         return FALSE;
3946     }
3947
3948     if (dwFlags) {
3949         SetLastError(NTE_BAD_FLAGS);
3950         return FALSE;
3951     }
3952     
3953     return TRUE;
3954 }
3955
3956 /******************************************************************************
3957  * CPSetHashParam (RSAENH.@)
3958  * 
3959  * Set a parameter of a hash object
3960  *
3961  * PARAMS
3962  *  hProv   [I] The key container to which the key belongs.
3963  *  hHash   [I] The hash object for which a parameter is to be set.
3964  *  dwParam [I] Parameter type. See Notes.
3965  *  pbData  [I] Pointer to the parameter value.
3966  *  dwFlags [I] Currently none defined.
3967  *
3968  * RETURNS
3969  *  Success: TRUE.
3970  *  Failure: FALSE.
3971  *
3972  * NOTES
3973  *  Currently only the HP_HMAC_INFO dwParam type is defined. 
3974  *  The HMAC_INFO struct will be deep copied into the hash object.
3975  *  See Internet RFC 2104 for details on the HMAC algorithm.
3976  */
3977 BOOL WINAPI RSAENH_CPSetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, 
3978                                   BYTE *pbData, DWORD dwFlags)
3979 {
3980     CRYPTHASH *pCryptHash;
3981     CRYPTKEY *pCryptKey;
3982     DWORD i;
3983
3984     TRACE("(hProv=%08lx, hHash=%08lx, dwParam=%08x, pbData=%p, dwFlags=%08x)\n",
3985            hProv, hHash, dwParam, pbData, dwFlags);
3986
3987     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3988     {
3989         SetLastError(NTE_BAD_UID);
3990         return FALSE;
3991     }
3992
3993     if (dwFlags) {
3994         SetLastError(NTE_BAD_FLAGS);
3995         return FALSE;
3996     }
3997     
3998     if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH,
3999                        (OBJECTHDR**)&pCryptHash))
4000     {
4001         SetLastError(NTE_BAD_HASH);
4002         return FALSE;
4003     }
4004     
4005     switch (dwParam) {
4006         case HP_HMAC_INFO:
4007             free_hmac_info(pCryptHash->pHMACInfo);
4008             if (!copy_hmac_info(&pCryptHash->pHMACInfo, (PHMAC_INFO)pbData)) return FALSE;
4009
4010             if (!lookup_handle(&handle_table, pCryptHash->hKey, RSAENH_MAGIC_KEY, 
4011                                (OBJECTHDR**)&pCryptKey)) 
4012             {
4013                 SetLastError(NTE_FAIL); /* FIXME: correct error code? */
4014                 return FALSE;
4015             }
4016
4017             for (i=0; i<RSAENH_MIN(pCryptKey->dwKeyLen,pCryptHash->pHMACInfo->cbInnerString); i++) {
4018                 pCryptHash->pHMACInfo->pbInnerString[i] ^= pCryptKey->abKeyValue[i];
4019             }
4020             for (i=0; i<RSAENH_MIN(pCryptKey->dwKeyLen,pCryptHash->pHMACInfo->cbOuterString); i++) {
4021                 pCryptHash->pHMACInfo->pbOuterString[i] ^= pCryptKey->abKeyValue[i];
4022             }
4023             
4024             init_hash(pCryptHash);
4025             return TRUE;
4026
4027         case HP_HASHVAL:
4028             memcpy(pCryptHash->abHashValue, pbData, pCryptHash->dwHashSize);
4029             pCryptHash->dwState = RSAENH_HASHSTATE_FINISHED;
4030             return TRUE;
4031            
4032         case HP_TLS1PRF_SEED:
4033             return copy_data_blob(&pCryptHash->tpPRFParams.blobSeed, (PCRYPT_DATA_BLOB)pbData);
4034
4035         case HP_TLS1PRF_LABEL:
4036             return copy_data_blob(&pCryptHash->tpPRFParams.blobLabel, (PCRYPT_DATA_BLOB)pbData);
4037             
4038         default:
4039             SetLastError(NTE_BAD_TYPE);
4040             return FALSE;
4041     }
4042 }
4043
4044 /******************************************************************************
4045  * CPSetProvParam (RSAENH.@)
4046  */
4047 BOOL WINAPI RSAENH_CPSetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, DWORD dwFlags)
4048 {
4049     FIXME("(stub)\n");
4050     return FALSE;
4051 }
4052
4053 /******************************************************************************
4054  * CPSignHash (RSAENH.@)
4055  *
4056  * Sign a hash object
4057  *
4058  * PARAMS
4059  *  hProv        [I]   The key container, to which the hash object belongs.
4060  *  hHash        [I]   The hash object to be signed.
4061  *  dwKeySpec    [I]   AT_SIGNATURE or AT_KEYEXCHANGE: Key used to generate the signature.
4062  *  sDescription [I]   Should be NULL for security reasons. 
4063  *  dwFlags      [I]   0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4064  *  pbSignature  [O]   Buffer, to which the signature will be stored. May be NULL to query SigLen.
4065  *  pdwSigLen    [I/O] Size of the buffer (in), Length of the signature (out)
4066  *
4067  * RETURNS
4068  *  Success: TRUE
4069  *  Failure: FALSE
4070  */
4071 BOOL WINAPI RSAENH_CPSignHash(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwKeySpec, 
4072                               LPCWSTR sDescription, DWORD dwFlags, BYTE *pbSignature, 
4073                               DWORD *pdwSigLen)
4074 {
4075     HCRYPTKEY hCryptKey;
4076     CRYPTKEY *pCryptKey;
4077     DWORD dwHashLen;
4078     BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
4079     ALG_ID aiAlgid;
4080
4081     TRACE("(hProv=%08lx, hHash=%08lx, dwKeySpec=%08x, sDescription=%s, dwFlags=%08x, "
4082         "pbSignature=%p, pdwSigLen=%p)\n", hProv, hHash, dwKeySpec, debugstr_w(sDescription),
4083         dwFlags, pbSignature, pdwSigLen);
4084
4085     if (dwFlags & ~(CRYPT_NOHASHOID|CRYPT_X931_FORMAT)) {
4086         SetLastError(NTE_BAD_FLAGS);
4087         return FALSE;
4088     }
4089     
4090     if (!RSAENH_CPGetUserKey(hProv, dwKeySpec, &hCryptKey)) return FALSE;
4091             
4092     if (!lookup_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY,
4093                        (OBJECTHDR**)&pCryptKey))
4094     {
4095         SetLastError(NTE_NO_KEY);
4096         return FALSE;
4097     }
4098
4099     if (!pbSignature) {
4100         *pdwSigLen = pCryptKey->dwKeyLen;
4101         return TRUE;
4102     }
4103     if (pCryptKey->dwKeyLen > *pdwSigLen)
4104     {
4105         SetLastError(ERROR_MORE_DATA);
4106         *pdwSigLen = pCryptKey->dwKeyLen;
4107         return FALSE;
4108     }
4109     *pdwSigLen = pCryptKey->dwKeyLen;
4110
4111     if (sDescription) {
4112         if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription, 
4113                                 (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
4114         {
4115             return FALSE;
4116         }
4117     }
4118     
4119     dwHashLen = sizeof(DWORD);
4120     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
4121     
4122     dwHashLen = RSAENH_MAX_HASH_SIZE;
4123     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
4124  
4125
4126     if (!build_hash_signature(pbSignature, *pdwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
4127         return FALSE;
4128     }
4129
4130     return encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbSignature, pbSignature, RSAENH_ENCRYPT);
4131 }
4132
4133 /******************************************************************************
4134  * CPVerifySignature (RSAENH.@)
4135  *
4136  * Verify the signature of a hash object.
4137  * 
4138  * PARAMS
4139  *  hProv        [I] The key container, to which the hash belongs.
4140  *  hHash        [I] The hash for which the signature is verified.
4141  *  pbSignature  [I] The binary signature.
4142  *  dwSigLen     [I] Length of the signature BLOB.
4143  *  hPubKey      [I] Public key used to verify the signature.
4144  *  sDescription [I] Should be NULL for security reasons.
4145  *  dwFlags      [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4146  *
4147  * RETURNS
4148  *  Success: TRUE  (Signature is valid)
4149  *  Failure: FALSE (GetLastError() == NTE_BAD_SIGNATURE, if signature is invalid)
4150  */
4151 BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST BYTE *pbSignature, 
4152                                      DWORD dwSigLen, HCRYPTKEY hPubKey, LPCWSTR sDescription, 
4153                                      DWORD dwFlags)
4154 {
4155     BYTE *pbConstructed = NULL, *pbDecrypted = NULL;
4156     CRYPTKEY *pCryptKey;
4157     DWORD dwHashLen;
4158     ALG_ID aiAlgid;
4159     BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
4160     BOOL res = FALSE;
4161
4162     TRACE("(hProv=%08lx, hHash=%08lx, pbSignature=%p, dwSigLen=%d, hPubKey=%08lx, sDescription=%s, "
4163           "dwFlags=%08x)\n", hProv, hHash, pbSignature, dwSigLen, hPubKey, debugstr_w(sDescription),
4164           dwFlags);
4165         
4166     if (dwFlags & ~(CRYPT_NOHASHOID|CRYPT_X931_FORMAT)) {
4167         SetLastError(NTE_BAD_FLAGS);
4168         return FALSE;
4169     }
4170     
4171     if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
4172     {
4173         SetLastError(NTE_BAD_UID);
4174         return FALSE;
4175     }
4176  
4177     if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY,
4178                        (OBJECTHDR**)&pCryptKey))
4179     {
4180         SetLastError(NTE_BAD_KEY);
4181         return FALSE;
4182     }
4183
4184     /* in Microsoft implementation, the signature length is checked before
4185      * the signature pointer.
4186      */
4187     if (dwSigLen != pCryptKey->dwKeyLen)
4188     {
4189         SetLastError(NTE_BAD_SIGNATURE);
4190         return FALSE;
4191     }
4192
4193     if (!hHash || !pbSignature)
4194     {
4195         SetLastError(ERROR_INVALID_PARAMETER);
4196         return FALSE;
4197     }
4198
4199     if (sDescription) {
4200         if (!RSAENH_CPHashData(hProv, hHash, (CONST BYTE*)sDescription, 
4201                                 (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
4202         {
4203             return FALSE;
4204         }
4205     }
4206     
4207     dwHashLen = sizeof(DWORD);
4208     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
4209     
4210     dwHashLen = RSAENH_MAX_HASH_SIZE;
4211     if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
4212
4213     pbConstructed = HeapAlloc(GetProcessHeap(), 0, dwSigLen);
4214     if (!pbConstructed) {
4215         SetLastError(NTE_NO_MEMORY);
4216         goto cleanup;
4217     }
4218
4219     pbDecrypted = HeapAlloc(GetProcessHeap(), 0, dwSigLen);
4220     if (!pbDecrypted) {
4221         SetLastError(NTE_NO_MEMORY);
4222         goto cleanup;
4223     }
4224
4225     if (!encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbSignature, pbDecrypted, 
4226                             RSAENH_DECRYPT)) 
4227     {
4228         goto cleanup;
4229     }
4230
4231     if (!build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
4232         goto cleanup;
4233     }
4234
4235     if (memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
4236         SetLastError(NTE_BAD_SIGNATURE);
4237         goto cleanup;
4238     }
4239     
4240     res = TRUE;
4241 cleanup:
4242     HeapFree(GetProcessHeap(), 0, pbConstructed);
4243     HeapFree(GetProcessHeap(), 0, pbDecrypted);
4244     return res;
4245 }
4246
4247 static const WCHAR szProviderKeys[6][116] = {
4248     {   'S','o','f','t','w','a','r','e','\\',
4249         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
4250         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
4251         'i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ','B','a','s',
4252         'e',' ','C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r',
4253         'o','v','i','d','e','r',' ','v','1','.','0',0 },
4254     {   'S','o','f','t','w','a','r','e','\\',
4255         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
4256         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
4257         'i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ',
4258         'E','n','h','a','n','c','e','d',
4259         ' ','C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r',
4260         'o','v','i','d','e','r',' ','v','1','.','0',0 },
4261     {   'S','o','f','t','w','a','r','e','\\',
4262         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
4263         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
4264         'i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ','S','t','r','o','n','g',
4265         ' ','C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r',
4266         'o','v','i','d','e','r',0 },
4267     {   'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
4268         'C','r','y','p','t','o','g','r','a','p','h','y','\\','D','e','f','a','u','l','t','s','\\',
4269         'P','r','o','v','i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ',
4270         'R','S','A',' ','S','C','h','a','n','n','e','l',' ',
4271         'C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r','o','v','i','d','e','r',0 },
4272     {   'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
4273         'C','r','y','p','t','o','g','r','a','p','h','y','\\','D','e','f','a','u','l','t','s','\\',
4274         'P','r','o','v','i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ',
4275         'E','n','h','a','n','c','e','d',' ','R','S','A',' ','a','n','d',' ','A','E','S',' ',
4276         'C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r','o','v','i','d','e','r',0 },
4277     {   'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
4278         'C','r','y','p','t','o','g','r','a','p','h','y','\\','D','e','f','a','u','l','t','s','\\',
4279         'P','r','o','v','i','d','e','r','\\','M','i','c','r','o','s','o','f','t',' ',
4280         'E','n','h','a','n','c','e','d',' ','R','S','A',' ','a','n','d',' ','A','E','S',' ',
4281         'C','r','y','p','t','o','g','r','a','p','h','i','c',' ','P','r','o','v','i','d','e','r',
4282         ' ','(','P','r','o','t','o','t','y','p','e',')',0 }
4283 };
4284 static const WCHAR szDefaultKeys[3][65] = {
4285     {   'S','o','f','t','w','a','r','e','\\',
4286         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
4287         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
4288         'i','d','e','r',' ','T','y','p','e','s','\\','T','y','p','e',' ','0','0','1',0 },
4289     {   'S','o','f','t','w','a','r','e','\\',
4290         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
4291         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
4292         'i','d','e','r',' ','T','y','p','e','s','\\','T','y','p','e',' ','0','1','2',0 },
4293     {   'S','o','f','t','w','a','r','e','\\',
4294         'M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g','r',
4295         'a','p','h','y','\\','D','e','f','a','u','l','t','s','\\','P','r','o','v',
4296         'i','d','e','r',' ','T','y','p','e','s','\\','T','y','p','e',' ','0','2','4',0 }
4297 };
4298
4299
4300 /******************************************************************************
4301  * DllRegisterServer (RSAENH.@)
4302  *
4303  * Dll self registration. 
4304  *
4305  * PARAMS
4306  *
4307  * RETURNS
4308  *  Success: S_OK.
4309  *    Failure: != S_OK
4310  * 
4311  * NOTES
4312  *  Registers the following keys:
4313  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider\
4314  *       Microsoft Base Cryptographic Provider v1.0
4315  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider\
4316  *       Microsoft Enhanced Cryptographic Provider
4317  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider\
4318  *       Microsoft Strong Cryptographpic Provider
4319  *   - HKLM\Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001
4320  */
4321 HRESULT WINAPI DllRegisterServer(void)
4322 {
4323     HKEY key;
4324     DWORD dp;
4325     long apiRet;
4326     int i;
4327
4328     for (i=0; i<6; i++) {
4329         apiRet = RegCreateKeyExW(HKEY_LOCAL_MACHINE, szProviderKeys[i], 0, NULL,
4330             REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, &dp);
4331
4332         if (apiRet == ERROR_SUCCESS)
4333         {
4334             if (dp == REG_CREATED_NEW_KEY)
4335             {
4336                 static const WCHAR szImagePath[] = { 'I','m','a','g','e',' ','P','a','t','h',0 };
4337                 static const WCHAR szRSABase[] = { 'r','s','a','e','n','h','.','d','l','l',0 };
4338                 static const WCHAR szType[] = { 'T','y','p','e',0 };
4339                 static const WCHAR szSignature[] = { 'S','i','g','n','a','t','u','r','e',0 };
4340                 DWORD type, sign;
4341
4342                 switch(i)
4343                 {
4344                     case 3:
4345                         type=PROV_RSA_SCHANNEL;
4346                         break;
4347                     case 4:
4348                     case 5:
4349                         type=PROV_RSA_AES;
4350                         break;
4351                     default:
4352                         type=PROV_RSA_FULL;
4353                         break;
4354                 }
4355                 sign = 0xdeadbeef;
4356                 RegSetValueExW(key, szImagePath, 0, REG_SZ, (const BYTE *)szRSABase,
4357                                (lstrlenW(szRSABase) + 1) * sizeof(WCHAR));
4358                 RegSetValueExW(key, szType, 0, REG_DWORD, (LPBYTE)&type, sizeof(type));
4359                 RegSetValueExW(key, szSignature, 0, REG_BINARY, (LPBYTE)&sign, sizeof(sign));
4360             }
4361             RegCloseKey(key);
4362         }
4363     }
4364     
4365     for (i=0; i<3; i++) {
4366         apiRet = RegCreateKeyExW(HKEY_LOCAL_MACHINE, szDefaultKeys[i], 0, NULL,
4367                                  REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, &dp);
4368         if (apiRet == ERROR_SUCCESS)
4369         {
4370             if (dp == REG_CREATED_NEW_KEY)
4371             {
4372                 static const WCHAR szName[] = { 'N','a','m','e',0 };
4373                 static const WCHAR szRSAName[3][54] = {
4374                   { 'M','i','c','r','o','s','o','f','t',' ', 'B','a','s','e',' ',
4375                     'C','r','y','p','t','o','g','r','a','p','h','i','c',' ', 
4376                     'P','r','o','v','i','d','e','r',' ','v','1','.','0',0 },
4377                   { 'M','i','c','r','o','s','o','f','t',' ','R','S','A',' ',
4378                     'S','C','h','a','n','n','e','l',' ',
4379                     'C','r','y','p','t','o','g','r','a','p','h','i','c',' ',
4380                     'P','r','o','v','i','d','e','r',0 },
4381                   { 'M','i','c','r','o','s','o','f','t',' ','E','n','h','a','n','c','e','d',' ',
4382                     'R','S','A',' ','a','n','d',' ','A','E','S',' ',
4383                     'C','r','y','p','t','o','g','r','a','p','h','i','c',' ',
4384                     'P','r','o','v','i','d','e','r',0 } };
4385                 static const WCHAR szTypeName[] = { 'T','y','p','e','N','a','m','e',0 };
4386                 static const WCHAR szRSATypeName[3][38] = {
4387                   { 'R','S','A',' ','F','u','l','l',' ',
4388                        '(','S','i','g','n','a','t','u','r','e',' ','a','n','d',' ',
4389                     'K','e','y',' ','E','x','c','h','a','n','g','e',')',0 },
4390                   { 'R','S','A',' ','S','C','h','a','n','n','e','l',0 },
4391                   { 'R','S','A',' ','F','u','l','l',' ','a','n','d',' ','A','E','S',0 } };
4392
4393                 RegSetValueExW(key, szName, 0, REG_SZ,
4394                                 (const BYTE *)szRSAName[i], lstrlenW(szRSAName[i])*sizeof(WCHAR)+sizeof(WCHAR));
4395                 RegSetValueExW(key, szTypeName, 0, REG_SZ, 
4396                                 (const BYTE *)szRSATypeName[i], lstrlenW(szRSATypeName[i])*sizeof(WCHAR)+sizeof(WCHAR));
4397             }
4398         }
4399         RegCloseKey(key);
4400     }
4401     
4402     return HRESULT_FROM_WIN32(apiRet);
4403 }
4404
4405 /******************************************************************************
4406  * DllUnregisterServer (RSAENH.@)
4407  *
4408  * Dll self unregistration. 
4409  *
4410  * PARAMS
4411  *
4412  * RETURNS
4413  *  Success: S_OK
4414  *
4415  * NOTES
4416  *  For the relevant keys see DllRegisterServer.
4417  */
4418 HRESULT WINAPI DllUnregisterServer(void)
4419 {
4420     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[0]);
4421     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[1]);
4422     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[2]);
4423     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[3]);
4424     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[4]);
4425     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szProviderKeys[5]);
4426     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szDefaultKeys[0]);
4427     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szDefaultKeys[1]);
4428     RegDeleteKeyW(HKEY_LOCAL_MACHINE, szDefaultKeys[2]);
4429     return S_OK;
4430 }