OpenVPN
Data Structures | Macros | Typedefs | Functions | Variables
cryptoapi.c File Reference
#include "syshead.h"
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <windows.h>
#include <wincrypt.h>
#include <ncrypt.h>
#include <stdio.h>
#include <ctype.h>
#include <assert.h>
#include "buffer.h"
#include "openssl_compat.h"
Include dependency graph for cryptoapi.c:

Go to the source code of this file.

Data Structures

struct  _CAPI_DATA
 

Macros

#define CERT_SYSTEM_STORE_LOCATION_SHIFT   16
 
#define CERT_SYSTEM_STORE_CURRENT_USER_ID   1
 
#define CERT_SYSTEM_STORE_CURRENT_USER   (CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
 
#define CERT_STORE_READONLY_FLAG   0x00008000
 
#define CERT_STORE_OPEN_EXISTING_FLAG   0x00004000
 
#define SSL_SIG_LENGTH   36
 
#define ERR_LIB_CRYPTOAPI   (ERR_LIB_USER + 69) /* 69 is just a number... */
 
#define CRYPTOAPIerr(f)   err_put_ms_error(GetLastError(), (f), __FILE__, __LINE__)
 
#define CRYPTOAPI_F_CERT_OPEN_SYSTEM_STORE   100
 
#define CRYPTOAPI_F_CERT_FIND_CERTIFICATE_IN_STORE   101
 
#define CRYPTOAPI_F_CRYPT_ACQUIRE_CERTIFICATE_PRIVATE_KEY   102
 
#define CRYPTOAPI_F_CRYPT_CREATE_HASH   103
 
#define CRYPTOAPI_F_CRYPT_GET_HASH_PARAM   104
 
#define CRYPTOAPI_F_CRYPT_SET_HASH_PARAM   105
 
#define CRYPTOAPI_F_CRYPT_SIGN_HASH   106
 
#define CRYPTOAPI_F_LOAD_LIBRARY   107
 
#define CRYPTOAPI_F_GET_PROC_ADDRESS   108
 
#define CRYPTOAPI_F_NCRYPT_SIGN_HASH   109
 
#define ERR_MAP_SZ   16
 

Typedefs

typedef struct _CAPI_DATA CAPI_DATA
 

Functions

static DWORD cng_padding_type (int padding)
 
static const wchar_t * cng_hash_algo (int md_type)
 
static void CAPI_DATA_free (CAPI_DATA *cd)
 
static char * ms_error_text (DWORD ms_err)
 
static void err_put_ms_error (DWORD ms_err, int func, const char *file, int line)
 
static int rsa_pub_enc (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
 
static int rsa_pub_dec (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
 
static int priv_enc_CNG (const CAPI_DATA *cd, const wchar_t *hash_algo, const unsigned char *from, int flen, unsigned char *to, int tlen, DWORD padding, DWORD saltlen)
 Sign the hash in 'from' using NCryptSignHash(). More...
 
static int rsa_priv_enc (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
 
static int rsa_sign_CNG (int type, const unsigned char *m, unsigned int m_len, unsigned char *sig, unsigned int *siglen, const RSA *rsa)
 Sign the hash in |m| and return the signature in |sig|. More...
 
static int rsa_priv_dec (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
 
static int init (RSA *rsa)
 
static int finish (RSA *rsa)
 
static const CERT_CONTEXT * find_certificate_in_store (const char *cert_prop, HCERTSTORE cert_store)
 
static int ssl_ctx_set_rsakey (SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
 
int SSL_CTX_use_CryptoAPI_certificate (SSL_CTX *ssl_ctx, const char *cert_prop)
 

Variables

static ERR_STRING_DATA CRYPTOAPI_str_functs []
 
static int ec_data_idx = -1
 
static EVP_PKEY_METHOD * pmethod
 
static int(* default_pkey_sign_init )(EVP_PKEY_CTX *ctx)
 
static int(* default_pkey_sign )(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)
 

Macro Definition Documentation

◆ CERT_STORE_OPEN_EXISTING_FLAG

#define CERT_STORE_OPEN_EXISTING_FLAG   0x00004000

Definition at line 71 of file cryptoapi.c.

Referenced by SSL_CTX_use_CryptoAPI_certificate().

◆ CERT_STORE_READONLY_FLAG

#define CERT_STORE_READONLY_FLAG   0x00008000

Definition at line 68 of file cryptoapi.c.

Referenced by SSL_CTX_use_CryptoAPI_certificate().

◆ CERT_SYSTEM_STORE_CURRENT_USER

#define CERT_SYSTEM_STORE_CURRENT_USER   (CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)

Definition at line 65 of file cryptoapi.c.

Referenced by SSL_CTX_use_CryptoAPI_certificate().

◆ CERT_SYSTEM_STORE_CURRENT_USER_ID

#define CERT_SYSTEM_STORE_CURRENT_USER_ID   1

Definition at line 62 of file cryptoapi.c.

◆ CERT_SYSTEM_STORE_LOCATION_SHIFT

#define CERT_SYSTEM_STORE_LOCATION_SHIFT   16

Definition at line 59 of file cryptoapi.c.

◆ CRYPTOAPI_F_CERT_FIND_CERTIFICATE_IN_STORE

#define CRYPTOAPI_F_CERT_FIND_CERTIFICATE_IN_STORE   101

Definition at line 81 of file cryptoapi.c.

Referenced by SSL_CTX_use_CryptoAPI_certificate().

◆ CRYPTOAPI_F_CERT_OPEN_SYSTEM_STORE

#define CRYPTOAPI_F_CERT_OPEN_SYSTEM_STORE   100

Definition at line 80 of file cryptoapi.c.

Referenced by SSL_CTX_use_CryptoAPI_certificate().

◆ CRYPTOAPI_F_CRYPT_ACQUIRE_CERTIFICATE_PRIVATE_KEY

#define CRYPTOAPI_F_CRYPT_ACQUIRE_CERTIFICATE_PRIVATE_KEY   102

Definition at line 82 of file cryptoapi.c.

Referenced by SSL_CTX_use_CryptoAPI_certificate().

◆ CRYPTOAPI_F_CRYPT_CREATE_HASH

#define CRYPTOAPI_F_CRYPT_CREATE_HASH   103

Definition at line 83 of file cryptoapi.c.

Referenced by rsa_priv_enc().

◆ CRYPTOAPI_F_CRYPT_GET_HASH_PARAM

#define CRYPTOAPI_F_CRYPT_GET_HASH_PARAM   104

Definition at line 84 of file cryptoapi.c.

Referenced by rsa_priv_enc().

◆ CRYPTOAPI_F_CRYPT_SET_HASH_PARAM

#define CRYPTOAPI_F_CRYPT_SET_HASH_PARAM   105

Definition at line 85 of file cryptoapi.c.

Referenced by rsa_priv_enc().

◆ CRYPTOAPI_F_CRYPT_SIGN_HASH

#define CRYPTOAPI_F_CRYPT_SIGN_HASH   106

Definition at line 86 of file cryptoapi.c.

Referenced by rsa_priv_enc().

◆ CRYPTOAPI_F_GET_PROC_ADDRESS

#define CRYPTOAPI_F_GET_PROC_ADDRESS   108

Definition at line 88 of file cryptoapi.c.

◆ CRYPTOAPI_F_LOAD_LIBRARY

#define CRYPTOAPI_F_LOAD_LIBRARY   107

Definition at line 87 of file cryptoapi.c.

◆ CRYPTOAPI_F_NCRYPT_SIGN_HASH

#define CRYPTOAPI_F_NCRYPT_SIGN_HASH   109

Definition at line 89 of file cryptoapi.c.

Referenced by finish(), and priv_enc_CNG().

◆ CRYPTOAPIerr

#define CRYPTOAPIerr (   f)    err_put_ms_error(GetLastError(), (f), __FILE__, __LINE__)

Definition at line 79 of file cryptoapi.c.

Referenced by finish(), priv_enc_CNG(), rsa_priv_enc(), and SSL_CTX_use_CryptoAPI_certificate().

◆ ERR_LIB_CRYPTOAPI

#define ERR_LIB_CRYPTOAPI   (ERR_LIB_USER + 69) /* 69 is just a number... */

Definition at line 78 of file cryptoapi.c.

Referenced by err_put_ms_error().

◆ ERR_MAP_SZ

#define ERR_MAP_SZ   16

Referenced by err_put_ms_error().

◆ SSL_SIG_LENGTH

#define SSL_SIG_LENGTH   36

Definition at line 75 of file cryptoapi.c.

Referenced by rsa_priv_enc().

Typedef Documentation

◆ CAPI_DATA

typedef struct _CAPI_DATA CAPI_DATA

Function Documentation

◆ CAPI_DATA_free()

static void CAPI_DATA_free ( CAPI_DATA cd)
static

◆ cng_hash_algo()

static const wchar_t* cng_hash_algo ( int  md_type)
static

Definition at line 158 of file cryptoapi.c.

References M_INFO, M_WARN, and msg.

Referenced by find_certificate_in_store(), and rsa_sign_CNG().

◆ cng_padding_type()

static DWORD cng_padding_type ( int  padding)
static

Definition at line 127 of file cryptoapi.c.

References M_INFO, M_WARN, and msg.

Referenced by find_certificate_in_store(), rsa_priv_enc(), and rsa_sign_CNG().

◆ err_put_ms_error()

static void err_put_ms_error ( DWORD  ms_err,
int  func,
const char *  file,
int  line 
)
static

◆ find_certificate_in_store()

static const CERT_CONTEXT* find_certificate_in_store ( const char *  cert_prop,
HCERTSTORE  cert_store 
)
static

◆ finish()

static int finish ( RSA *  rsa)
static

◆ init()

static int init ( RSA *  rsa)
static

Definition at line 517 of file cryptoapi.c.

Referenced by err_put_ms_error(), and RSA_meth_set_init().

◆ ms_error_text()

static char* ms_error_text ( DWORD  ms_err)
static

Definition at line 221 of file cryptoapi.c.

References string_alloc().

Referenced by err_put_ms_error().

◆ priv_enc_CNG()

static int priv_enc_CNG ( const CAPI_DATA cd,
const wchar_t *  hash_algo,
const unsigned char *  from,
int  flen,
unsigned char *  to,
int  tlen,
DWORD  padding,
DWORD  saltlen 
)
static

Sign the hash in 'from' using NCryptSignHash().

This requires an NCRYPT key handle in cd->crypt_prov. On return the signature is in 'to'. Returns the length of the signature or 0 on error. This is used only for RSA and padding should be BCRYPT_PAD_PKCS1 or BCRYPT_PAD_PSS. If the hash_algo is not NULL, PKCS #1 DigestInfo header gets added to |from|, else it is signed as is. Use NULL for MD5 + SHA1 hash used in TLS 1.1 and earlier. In case of PSS padding, |saltlen| should specify the size of salt to use. If |to| is NULL returns the required buffer size.

Definition at line 340 of file cryptoapi.c.

References ASSERT, _CAPI_DATA::crypt_prov, CRYPTOAPI_F_NCRYPT_SIGN_HASH, CRYPTOAPIerr, D_LOW, _CAPI_DATA::key_spec, msg, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, and status.

Referenced by find_certificate_in_store(), rsa_priv_enc(), and rsa_sign_CNG().

◆ rsa_priv_dec()

static int rsa_priv_dec ( int  flen,
const unsigned char *  from,
unsigned char *  to,
RSA *  rsa,
int  padding 
)
static

Definition at line 507 of file cryptoapi.c.

Referenced by ssl_ctx_set_rsakey().

◆ rsa_priv_enc()

static int rsa_priv_enc ( int  flen,
const unsigned char *  from,
unsigned char *  to,
RSA *  rsa,
int  padding 
)
static

◆ rsa_pub_dec()

static int rsa_pub_dec ( int  flen,
const unsigned char *  from,
unsigned char *  to,
RSA *  rsa,
int  padding 
)
static

Definition at line 319 of file cryptoapi.c.

Referenced by ssl_ctx_set_rsakey().

◆ rsa_pub_enc()

static int rsa_pub_enc ( int  flen,
const unsigned char *  from,
unsigned char *  to,
RSA *  rsa,
int  padding 
)
static

Definition at line 309 of file cryptoapi.c.

Referenced by ssl_ctx_set_rsakey().

◆ rsa_sign_CNG()

static int rsa_sign_CNG ( int  type,
const unsigned char *  m,
unsigned int  m_len,
unsigned char *  sig,
unsigned int *  siglen,
const RSA *  rsa 
)
static

Sign the hash in |m| and return the signature in |sig|.

Returns 1 on success, 0 on error. NCryptSignHash() is used to sign and it is instructed to add the the PKCS #1 DigestInfo header to |m| unless the hash algorithm is the MD5/SHA1 combination used in TLS 1.1 and earlier versions. OpenSSL exercises this callback only when padding is PKCS1 v1.5.

Definition at line 478 of file cryptoapi.c.

References cng_hash_algo(), cng_padding_type(), priv_enc_CNG(), RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, and RSA_meth_get0_app_data().

Referenced by ssl_ctx_set_rsakey().

◆ ssl_ctx_set_rsakey()

static int ssl_ctx_set_rsakey ( SSL_CTX *  ssl_ctx,
CAPI_DATA cd,
EVP_PKEY *  pkey 
)
static

◆ SSL_CTX_use_CryptoAPI_certificate()

int SSL_CTX_use_CryptoAPI_certificate ( SSL_CTX *  ssl_ctx,
const char *  cert_prop 
)

Variable Documentation

◆ CRYPTOAPI_str_functs

ERR_STRING_DATA CRYPTOAPI_str_functs[]
static
Initial value:
= {
{ ERR_PACK(ERR_LIB_CRYPTOAPI, 0, 0), "microsoft cryptoapi"},
{ ERR_PACK(0, CRYPTOAPI_F_CERT_OPEN_SYSTEM_STORE, 0), "CertOpenSystemStore" },
{ ERR_PACK(0, CRYPTOAPI_F_CERT_FIND_CERTIFICATE_IN_STORE, 0), "CertFindCertificateInStore" },
{ ERR_PACK(0, CRYPTOAPI_F_CRYPT_ACQUIRE_CERTIFICATE_PRIVATE_KEY, 0), "CryptAcquireCertificatePrivateKey" },
{ ERR_PACK(0, CRYPTOAPI_F_CRYPT_CREATE_HASH, 0), "CryptCreateHash" },
{ ERR_PACK(0, CRYPTOAPI_F_CRYPT_GET_HASH_PARAM, 0), "CryptGetHashParam" },
{ ERR_PACK(0, CRYPTOAPI_F_CRYPT_SET_HASH_PARAM, 0), "CryptSetHashParam" },
{ ERR_PACK(0, CRYPTOAPI_F_CRYPT_SIGN_HASH, 0), "CryptSignHash" },
{ ERR_PACK(0, CRYPTOAPI_F_LOAD_LIBRARY, 0), "LoadLibrary" },
{ ERR_PACK(0, CRYPTOAPI_F_GET_PROC_ADDRESS, 0), "GetProcAddress" },
{ ERR_PACK(0, CRYPTOAPI_F_NCRYPT_SIGN_HASH, 0), "NCryptSignHash" },
{ 0, NULL }
}
#define CRYPTOAPI_F_CRYPT_ACQUIRE_CERTIFICATE_PRIVATE_KEY
Definition: cryptoapi.c:82
#define CRYPTOAPI_F_CRYPT_SET_HASH_PARAM
Definition: cryptoapi.c:85
#define CRYPTOAPI_F_CERT_FIND_CERTIFICATE_IN_STORE
Definition: cryptoapi.c:81
#define CRYPTOAPI_F_CRYPT_SIGN_HASH
Definition: cryptoapi.c:86
#define CRYPTOAPI_F_CRYPT_GET_HASH_PARAM
Definition: cryptoapi.c:84
#define ERR_LIB_CRYPTOAPI
Definition: cryptoapi.c:78
#define CRYPTOAPI_F_GET_PROC_ADDRESS
Definition: cryptoapi.c:88
#define CRYPTOAPI_F_LOAD_LIBRARY
Definition: cryptoapi.c:87
#define CRYPTOAPI_F_NCRYPT_SIGN_HASH
Definition: cryptoapi.c:89
#define CRYPTOAPI_F_CRYPT_CREATE_HASH
Definition: cryptoapi.c:83
#define CRYPTOAPI_F_CERT_OPEN_SYSTEM_STORE
Definition: cryptoapi.c:80

Definition at line 91 of file cryptoapi.c.

Referenced by err_put_ms_error().

◆ default_pkey_sign

int(* default_pkey_sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)
static

Definition at line 112 of file cryptoapi.c.

Referenced by find_certificate_in_store(), and ssl_ctx_set_rsakey().

◆ default_pkey_sign_init

int(* default_pkey_sign_init) (EVP_PKEY_CTX *ctx)
static

Definition at line 111 of file cryptoapi.c.

Referenced by find_certificate_in_store(), and ssl_ctx_set_rsakey().

◆ ec_data_idx

int ec_data_idx = -1
static

Definition at line 107 of file cryptoapi.c.

Referenced by finish().

◆ pmethod

EVP_PKEY_METHOD* pmethod
static

Definition at line 110 of file cryptoapi.c.

Referenced by ssl_ctx_set_rsakey().