Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: dev
Branches Tags
winscp
/
source
/
putty
/
windows
/
utils
/
cryptoapi.c

cryptoapi.c 2.6 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. /*
    2. 

  2.  * windows/utils/cryptoapi.c: implementation of cryptoapi.h.
    3. 

  3.  */
    4. 

  4. 

  5. #include "putty.h"
    6. 

  6. 

  7. #include "putty.h"
    8. 

  8. #include "ssh.h"
    9. 

  9. 

  10. #include "cryptoapi.h"
    11. 

  11. 

  12. DEF_WINDOWS_FUNCTION(CryptProtectMemory);
    13. 

  13. 

  14. bool got_crypt(void)
    15. 

  15. {
    16. 

  16.     static bool attempted = false;
    17. 

  17.     static bool successful;
    18. 

  18.     static HMODULE crypt;
    19. 

  19. 

  20.     if (!attempted) {
    21. 

  21.         attempted = true;
    22. 

  22.         crypt = load_system32_dll("crypt32.dll");
    23. 

  23.         successful = crypt &&
    24. 

  24.             GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
    25. 

  25.     }
    26. 

  26.     return successful;
    27. 

  27. }
    28. 

  28. 

  29. char *capi_obfuscate_string(const char *realname)
    30. 

  30. {
    31. 

  31.     char *cryptdata;
    32. 

  32.     int cryptlen;
    33. 

  33.     unsigned char digest[32];
    34. 

  34.     char retbuf[65];
    35. 

  35.     int i;
    36. 

  36. 

  37.     cryptlen = strlen(realname) + 1;
    38. 

  38.     cryptlen += CRYPTPROTECTMEMORY_BLOCK_SIZE - 1;
    39. 

  39.     cryptlen /= CRYPTPROTECTMEMORY_BLOCK_SIZE;
    40. 

  40.     cryptlen *= CRYPTPROTECTMEMORY_BLOCK_SIZE;
    41. 

  41. 

  42.     cryptdata = snewn(cryptlen, char);
    43. 

  43.     memset(cryptdata, 0, cryptlen);
    44. 

  44.     strcpy(cryptdata, realname);
    45. 

  45. 

  46.     /*
    47. 

  47.      * CRYPTPROTECTMEMORY_CROSS_PROCESS causes CryptProtectMemory to
    48. 

  48.      * use the same key in all processes with this user id, meaning
    49. 

  49.      * that the next PuTTY process calling this function with the same
    50. 

  50.      * input will get the same data.
    51. 

  51.      *
    52. 

  52.      * (Contrast with CryptProtectData, which invents a new session
    53. 

  53.      * key every time since its API permits returning more data than
    54. 

  54.      * was input, so calling _that_ and hashing the output would not
    55. 

  55.      * be stable.)
    56. 

  56.      *
    57. 

  57.      * We don't worry too much if this doesn't work for some reason.
    58. 

  58.      * Omitting this step still has _some_ privacy value (in that
    59. 

  59.      * another user can test-hash things to confirm guesses as to
    60. 

  60.      * where you might be connecting to, but cannot invert SHA-256 in
    61. 

  61.      * the absence of any plausible guess). So we don't abort if we
    62. 

  62.      * can't call CryptProtectMemory at all, or if it fails.
    63. 

  63.      */
    64. 

  64.     if (got_crypt())
    65. 

  65.         p_CryptProtectMemory(cryptdata, cryptlen,
    66. 

  66.                              CRYPTPROTECTMEMORY_CROSS_PROCESS);
    67. 

  67. 

  68.     /*
    69. 

  69.      * We don't want to give away the length of the hostname either,
    70. 

  70.      * so having got it back out of CryptProtectMemory we now hash it.
    71. 

  71.      */
    72. 

  72.     {
    73. 

  73.         ssh_hash *h = ssh_hash_new(&ssh_sha256);
    74. 

  74.         put_string(h, cryptdata, cryptlen);
    75. 

  75.         ssh_hash_final(h, digest);
    76. 

  76.     }
    77. 

  77. 

  78.     sfree(cryptdata);
    79. 

  79. 

  80.     /*
    81. 

  81.      * Finally, make printable.
    82. 

  82.      */
    83. 

  83.     for (i = 0; i < 32; i++) {
    84. 

  84.         sprintf(retbuf + 2*i, "%02x", digest[i]);
    85. 

  85.         /* the last of those will also write the trailing NUL */
    86. 

  86.     }
    87. 

  87. 

  88.     return dupstr(retbuf);
    89. 

  89. }
    90.