Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
Apq
/
winscp
zrkadlo https://github.com/winscp/winscp.git
1
0
Fork 0
Súbory Issues 0 Wiki
Strom: d7a42c8169
Branche Tagy
winscp
/
source
/
putty
/
WINDOWS
/
wincapi.c

wincapi.c 2.6 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. /*
    2. 

  2.  * wincapi.c: implementation of wincapi.h.
    3. 

  3.  */
    4. 

  4. 

  5. #include "putty.h"
    6. 

  6. 

  7. #if !defined NO_SECURITY
    8. 

  8. 

  9. #include "putty.h"
    10. 

  10. #include "ssh.h"
    11. 

  11. 

  12. #include "wincapi.h"
    13. 

  13. 

  14. DEF_WINDOWS_FUNCTION(CryptProtectMemory);
    15. 

  15. 

  16. bool got_crypt(void)
    17. 

  17. {
    18. 

  18.     static bool attempted = false;
    19. 

  19.     static bool successful;
    20. 

  20.     static HMODULE crypt;
    21. 

  21. 

  22.     if (!attempted) {
    23. 

  23.         attempted = true;
    24. 

  24.         crypt = load_system32_dll("crypt32.dll");
    25. 

  25.         successful = crypt &&
    26. 

  26.             GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
    27. 

  27.     }
    28. 

  28.     return successful;
    29. 

  29. }
    30. 

  30. 

  31. char *capi_obfuscate_string(const char *realname)
    32. 

  32. {
    33. 

  33.     char *cryptdata;
    34. 

  34.     int cryptlen;
    35. 

  35.     unsigned char digest[32];
    36. 

  36.     char retbuf[65];
    37. 

  37.     int i;
    38. 

  38. 

  39.     cryptlen = strlen(realname) + 1;
    40. 

  40.     cryptlen += CRYPTPROTECTMEMORY_BLOCK_SIZE - 1;
    41. 

  41.     cryptlen /= CRYPTPROTECTMEMORY_BLOCK_SIZE;
    42. 

  42.     cryptlen *= CRYPTPROTECTMEMORY_BLOCK_SIZE;
    43. 

  43. 

  44.     cryptdata = snewn(cryptlen, char);
    45. 

  45.     memset(cryptdata, 0, cryptlen);
    46. 

  46.     strcpy(cryptdata, realname);
    47. 

  47. 

  48.     /*
    49. 

  49.      * CRYPTPROTECTMEMORY_CROSS_PROCESS causes CryptProtectMemory to
    50. 

  50.      * use the same key in all processes with this user id, meaning
    51. 

  51.      * that the next PuTTY process calling this function with the same
    52. 

  52.      * input will get the same data.
    53. 

  53.      *
    54. 

  54.      * (Contrast with CryptProtectData, which invents a new session
    55. 

  55.      * key every time since its API permits returning more data than
    56. 

  56.      * was input, so calling _that_ and hashing the output would not
    57. 

  57.      * be stable.)
    58. 

  58.      *
    59. 

  59.      * We don't worry too much if this doesn't work for some reason.
    60. 

  60.      * Omitting this step still has _some_ privacy value (in that
    61. 

  61.      * another user can test-hash things to confirm guesses as to
    62. 

  62.      * where you might be connecting to, but cannot invert SHA-256 in
    63. 

  63.      * the absence of any plausible guess). So we don't abort if we
    64. 

  64.      * can't call CryptProtectMemory at all, or if it fails.
    65. 

  65.      */
    66. 

  66.     if (got_crypt())
    67. 

  67.         p_CryptProtectMemory(cryptdata, cryptlen,
    68. 

  68.                              CRYPTPROTECTMEMORY_CROSS_PROCESS);
    69. 

  69. 

  70.     /*
    71. 

  71.      * We don't want to give away the length of the hostname either,
    72. 

  72.      * so having got it back out of CryptProtectMemory we now hash it.
    73. 

  73.      */
    74. 

  74.     {
    75. 

  75.         ssh_hash *h = ssh_hash_new(&ssh_sha256);
    76. 

  76.         put_string(h, cryptdata, cryptlen);
    77. 

  77.         ssh_hash_final(h, digest);
    78. 

  78.     }
    79. 

  79. 

  80.     sfree(cryptdata);
    81. 

  81. 

  82.     /*
    83. 

  83.      * Finally, make printable.
    84. 

  84.      */
    85. 

  85.     for (i = 0; i < 32; i++) {
    86. 

  86.         sprintf(retbuf + 2*i, "%02x", digest[i]);
    87. 

  87.         /* the last of those will also write the trailing NUL */
    88. 

  88.     }
    89. 

  89. 

  90.     return dupstr(retbuf);
    91. 

  91. }
    92. 

  92. 

  93. #endif /* !defined NO_SECURITY */
    94.