Address CAPI Tools & PKCS Loading Issues

binaries/puttycac-hash.txt

@@ -1,81 +1,81 @@
 
 Algorithm       Hash                                                                   Path
 ---------       ----                                                                   ----
-SHA256          5ED68A803D4F920434CA94875452BDBDCFCBB19139A10C5FDA934F603FC01DC9       x64\pageant.exe
-SHA256          0E33651140E5D0474BBD230669E7BD1B87D25769585C66D4D452F6DD9D0DA58E       x64\plink.exe
-SHA256          3E9402C059D43245942A316850954C512CE31BAB65309DEF6B9EDDE63F59D2E9       x64\pscp.exe
-SHA256          16F704A938046058A10EA1A66926895FC8E60A154AD847D854B26AE3F8451D44       x64\psftp.exe
-SHA256          9FC2CAF775374DA67A465C90816E4AD5563DF5BFCE62F4DD941D518425B9745C       x64\pterm.exe
-SHA256          511C56F314B21A6B1C4AF6E4FA6BAAD7B12737F65CA52C533C32E78EAA70B975       x64\putty.exe
-SHA256          911C4ADD4E825CBB20FF4E5CFECE0E1D2FA506D1684D6E15455AB4835E5E92D8       x64\puttygen.exe
-SHA256          79F71A0B0DC29ACBF7F05EFFA11D8BBB79EAF3D5A8A602CA56F5732C89C58F79       x64\puttyimp.exe
-SHA256          91FBD43B6ADE371D47EB1927400DA533A1DCF79FD8C26FA0D052740DD443CE8D       x64\puttytel.exe
-SHA256          EF253D9AE5CE86BC52598E19B5807EFF356F0A3979FAD622E62E3406C3A7557A       x86\pageant.exe
-SHA256          D3CB8B2FC74E3A12CB220777E6DF7EA5766C7587B0FF00B9F16627ADD38C278F       x86\plink.exe
-SHA256          A1C4A607E3CB350B5C855911365AD7ACA85B2135AACF9FDDB44ADC09213DF204       x86\pscp.exe
-SHA256          93947E6CF2E07CF3210ACC495C04F0E8B4B0E38B1B832B8664BC9B4AAE3F1C7D       x86\psftp.exe
-SHA256          4B346B7B94EB7A261724FF885855F5ED912334C5EF531829FEB32F04075BD942       x86\pterm.exe
-SHA256          CA3CF7652E31A2BCF8D3858814740A8688D8FF49A426CF5AD95DDE316D8B1223       x86\putty.exe
-SHA256          39451F7DD2DC7C8BAD5D6597CF251D3FBE8037E7B535B0A8BE4ADD9526145585       x86\puttygen.exe
-SHA256          43D4E1AA70885EBA303ACF321005A62017A4DEBB01A3E5110CDA40A4866EBFFF       x86\puttyimp.exe
-SHA256          C2A6E5685787B979D23DD414E9D1B5480793988072E1EDB793EC81B26060D25D       x86\puttytel.exe
-SHA256          E334061768E4D6C425AB9E25EF0862B317E4B88E5C3936AA627C810C83BE17C1       puttycac-0.77-installer.msi
-SHA256          5C4D7EA2E1081BE0CCC3A97EA6E6D3E450D1A206FE26A7C48524DA06B097552F       puttycac-0.77.zip
-SHA256          0F19075A9B2F2021921D339C6EF864AA2AF51AF4378D23307E280DEB8B89135D       puttycac-64bit-0.77-installer.msi
-SHA256          314C3EEBF6EAB6104DA5C182D62A2D7C9ABF915140CE7610B2D40D245E2CD6A4       puttycac-64bit-0.77.zip
+SHA256          AF72C746573E7B9A578CA67752B9DB64B134975E6518E1B418FD29FDE7E821A6       x64\pageant.exe
+SHA256          D26F6CC9A011C105A2AD211076B08E4D328DFFBEA7AD6348F27D31BFCC689CBC       x64\plink.exe
+SHA256          47F47D11B758724E4F7DB8DDEED124ED0A84A6B28EAE5B14F16BB37DF55C93C5       x64\pscp.exe
+SHA256          87A0D312C78185FF9C16810AD2BB5C977D48161DF6964D422B691D27728EC2CA       x64\psftp.exe
+SHA256          672195E7C2BC27D77738315A77400835EEA16D881F3313583528B2FC4286C93F       x64\pterm.exe
+SHA256          0692203E48BA13691E1B82676C2D3A88999F3CD361651028962E1BAD1D91AC62       x64\putty.exe
+SHA256          E74CA5BA12E3BF67291E55688482CDCF0010705B983F00B20EC7B4936CFD34EA       x64\puttygen.exe
+SHA256          832EF421CCAE9FB87EC625FD8C0D741E5C0C6361F8B1288F4E14C605C7E20E93       x64\puttyimp.exe
+SHA256          0AF07B5F7308E3274B819BCDB5000E97BBCBB4080D6BB2AA59B5AF792D4366D5       x64\puttytel.exe
+SHA256          B682547775310C0F2B7822B002AA188A4A9832529829FBC73556545A4268D12D       x86\pageant.exe
+SHA256          95C8ED20D0716C3F9D86EDA39285DD80C0D02BCCD35BCFE960F005E190B781B8       x86\plink.exe
+SHA256          111A083425842D4382137C171BE8F467016E1474F02F08AF82BE962F379FBB19       x86\pscp.exe
+SHA256          0E46485D36979E53FF3CE68BF4198F79136ED06FFEC835CFEEC9B1516183CAB2       x86\psftp.exe
+SHA256          7CB543685D77CB71083951F7914CE01A1C38E89BE61DD3B482962B9D9D3D639E       x86\pterm.exe
+SHA256          0C600AD90109AB6CDA02E23B79183991C5AC4F36D53CE1447A66C3BAB45B6FC4       x86\putty.exe
+SHA256          1662EDDCAA0B632DEEE57AC6AFB32021E894A82C907BDB0562053E4422AC479A       x86\puttygen.exe
+SHA256          6CD7A57D20BFC42C7AA8380619B811602E859D7F3532C604EFB3297973961641       x86\puttyimp.exe
+SHA256          A0B668E708AAFD3BBD01B6E9CBD67EF14EDD76C094FB86CBCE4D65B623937B72       x86\puttytel.exe
+SHA256          907F201234DE8906276B0EEB9A2CD8363FB64047F0607046D6C45EF12AED8F7E       puttycac-0.77u1-installer.msi
+SHA256          955BAA6141F34DFAAE158733BFC4F8F292D1E4326052F18C0A4B1569C96C12E6       puttycac-0.77u1.zip
+SHA256          48076176FA7D09A0A7EB51D541B736A632FFE6A709A7DF388B95398F0D8284ED       puttycac-64bit-0.77u1-installer.msi
+SHA256          683409B131A5352BD8084A2B44AA180FBF367F35593120DC08CAC723640344D7       puttycac-64bit-0.77u1.zip
 
 
 
 Algorithm       Hash                                                                   Path
 ---------       ----                                                                   ----
-SHA1            ED5232F86DB1F1A27D382034730F0A79A80BA209                               x64\pageant.exe
-SHA1            E4B517C74A10B8A9BDD990AA7DEF9DB7CBE131F7                               x64\plink.exe
-SHA1            6962D5EECA8F012C78EBF164A78ADECC71D2750E                               x64\pscp.exe
-SHA1            30E5BA67493E134299B68B669EF0BC2F00B6D7AE                               x64\psftp.exe
-SHA1            5C45D65AFE65AB57D56AFA79C89F57284EE09F2D                               x64\pterm.exe
-SHA1            96DE1E301A8739C1F4009211F0027160BBF288BD                               x64\putty.exe
-SHA1            13DD738E72E463FEBF60684D09D4BF9B5338D484                               x64\puttygen.exe
-SHA1            55B77A9A04C965AAD460F34AFE46BA231FF7B59D                               x64\puttyimp.exe
-SHA1            5B31E6777F3CEC21130866DEFE35F98B095A2A51                               x64\puttytel.exe
-SHA1            D61BD4826EC40E4635BD868F5CECC2869CBB9789                               x86\pageant.exe
-SHA1            93712C208BB7E831C7986561867C9DA47DB00C46                               x86\plink.exe
-SHA1            054C8F1300D5EBB02406E9687D7D2C4D71E752CB                               x86\pscp.exe
-SHA1            2C02CDF40105810E7349A92B70105327F9EEFDDE                               x86\psftp.exe
-SHA1            66C756BAA3E677BFA5BDB1C5789493E5E3AB2C73                               x86\pterm.exe
-SHA1            776E356B5DDED8FB11BCCC0F2877B22505145166                               x86\putty.exe
-SHA1            1B23CBEB90F282048928571063966B3846B61A05                               x86\puttygen.exe
-SHA1            A54CB6BC7F743A60D511718FE653FE9F282BECC8                               x86\puttyimp.exe
-SHA1            C851B82956FB122622667B07A59919B4CBF4842B                               x86\puttytel.exe
-SHA1            F9FF4D2AA267A32C67F2C3EB15F49C05DF991A86                               puttycac-0.77-installer.msi
-SHA1            BB5E6B74D609DD657BAB06186F3ED5810BEE671C                               puttycac-0.77.zip
-SHA1            7A68DDCCDD6A8D30FC2A769EA47F7634D6D3BB40                               puttycac-64bit-0.77-installer.msi
-SHA1            A5F081F049A7F473D9018790164BBB50231E9872                               puttycac-64bit-0.77.zip
+SHA1            600E818F1A711670E356997B840821A85E5A2A18                               x64\pageant.exe
+SHA1            68A0EC3F56B2CDF75AD6A2B96AC9A5D6A2CD9870                               x64\plink.exe
+SHA1            1FEB739E706F984DB625D665B12D95CDDD97863A                               x64\pscp.exe
+SHA1            B6EFCE85D9DE36C08D2B3D7E77CC06761A391EAB                               x64\psftp.exe
+SHA1            FD4510756D197D18DE64F033DAC0A89A0862F20E                               x64\pterm.exe
+SHA1            1E8D5E8AA06B2B8C8441DC3A89F7F44E467B01B9                               x64\putty.exe
+SHA1            891DDD65E3DB81502AD1BBA3304CC66551BAE882                               x64\puttygen.exe
+SHA1            345CD1197C3EFC91BBEBA25F250C2E67E51E1831                               x64\puttyimp.exe
+SHA1            AB5C73BF0BE37744D17D08FC77B47CB03294A291                               x64\puttytel.exe
+SHA1            F2541DF2B95C34A09F5D25F20A9DDB9D8CADDB93                               x86\pageant.exe
+SHA1            95C89D6A11687AEAB1812A01E416FD337491BC97                               x86\plink.exe
+SHA1            A5BF32C5C65722365EEB2E0BD36272932354C46B                               x86\pscp.exe
+SHA1            6E4D4FD75B10104BDAAF2359DE7AFD2AD4134B77                               x86\psftp.exe
+SHA1            9D9D7F6F0B6B1290E922B2AC1C37F4A1C9399610                               x86\pterm.exe
+SHA1            95FC675D06CE39C5F075B74BFE019E37DE73D470                               x86\putty.exe
+SHA1            EE805873FF4B79E9714AF1CEBB3E01CC6D32980C                               x86\puttygen.exe
+SHA1            411CDC7130EF21B90B9E43B9971FD0828A81D710                               x86\puttyimp.exe
+SHA1            2DFC68FC077C9CF753ADA785676FE08A853133BC                               x86\puttytel.exe
+SHA1            D68A66646DAE9BBFF4159EAEB61FDF1B80CC6F9D                               puttycac-0.77u1-installer.msi
+SHA1            73EEFADD3BBC7A8E61C941E4C436BD3427366189                               puttycac-0.77u1.zip
+SHA1            92101D24933BB5AE4AC056CA5AA0608E2D4A378B                               puttycac-64bit-0.77u1-installer.msi
+SHA1            CEC82A50866A37A49C3FDE2E1149F7FA28916EAB                               puttycac-64bit-0.77u1.zip
 
 
 
 Algorithm       Hash                                                                   Path
 ---------       ----                                                                   ----
-MD5             BD9AA0CEF8538E4660B58A6560BC3B11                                       x64\pageant.exe
-MD5             C58AB3362172B9C9849AB3DD40C07122                                       x64\plink.exe
-MD5             B5ACA78EBC4E708428AE7361BFE48FCF                                       x64\pscp.exe
-MD5             CA629AD2D8D0757351CF088FA1D01092                                       x64\psftp.exe
-MD5             961E7E1A672DE4F4C964AA6BAC83C38D                                       x64\pterm.exe
-MD5             32ADD98D0E1A951A90A607C819B57D08                                       x64\putty.exe
-MD5             0FCC46A6521DBEDAFC2F9CC4857DE048                                       x64\puttygen.exe
-MD5             176E50EA37EFBB7AF50909CBD32BD5A2                                       x64\puttyimp.exe
-MD5             DD456AEFAC3F115F01564F6EA2250511                                       x64\puttytel.exe
-MD5             419BF7B46A973B94D52AB3FC4776D862                                       x86\pageant.exe
-MD5             473E377FCCF4ABCC2136798B96DCD876                                       x86\plink.exe
-MD5             1B433982928CAEA91C08C4649B462868                                       x86\pscp.exe
-MD5             EAB48AE5743B6E35A936B116230B7A10                                       x86\psftp.exe
-MD5             6B01C6D77F5808ADDACB1EF9EE0F8C84                                       x86\pterm.exe
-MD5             A04DC1C3FF22611B6A3E1A7FB7D97083                                       x86\putty.exe
-MD5             67B90B53FAE2B8E14A227E292066C706                                       x86\puttygen.exe
-MD5             ED630F4D70B6B5A7CD964C28D43B653F                                       x86\puttyimp.exe
-MD5             5E246DE08870900A0255BC08A4C88337                                       x86\puttytel.exe
-MD5             53077F59C66578BABBE54FB8054F2774                                       puttycac-0.77-installer.msi
-MD5             EF08704BFC839363675F986AD1B13457                                       puttycac-0.77.zip
-MD5             EB9B777047CB6C0E773EC20EA3A1D4FE                                       puttycac-64bit-0.77-installer.msi
-MD5             426432458D136DC182D3029FFEE4C03E                                       puttycac-64bit-0.77.zip
+MD5             BABB52BD7D0DB199AEE4306455C7AA5C                                       x64\pageant.exe
+MD5             D2CA8238B765CA8F13F728DB3355BC18                                       x64\plink.exe
+MD5             405AB9624E6AF360E0731B0AA4D5FA47                                       x64\pscp.exe
+MD5             A8576FCC8F3143A3676C75666E23DFBD                                       x64\psftp.exe
+MD5             F0FB74B35048528B52790FED63B14B17                                       x64\pterm.exe
+MD5             5432125EAD11D3C76028C28E9DD5BB01                                       x64\putty.exe
+MD5             5B1E67DD32EE91CD100E9EBEAC54384D                                       x64\puttygen.exe
+MD5             0E9F89F5F01D7DB27800C7D54F6BC7D9                                       x64\puttyimp.exe
+MD5             ABAF6F8D8DBDD49CDC16224DC0EEF800                                       x64\puttytel.exe
+MD5             E4395E95E28BB37E007EFA3BA1C7AA92                                       x86\pageant.exe
+MD5             B509D0C6A2C96BBFBB83761A9D373050                                       x86\plink.exe
+MD5             DF6E9057DC9B4FF7D93BF4BF3B889020                                       x86\pscp.exe
+MD5             5483A44E490FE70AC35748CB47FE0F7D                                       x86\psftp.exe
+MD5             57ED820BE1620228666199E75D077768                                       x86\pterm.exe
+MD5             50BC72FEE6052B46E2438FD0A2EF78BB                                       x86\putty.exe
+MD5             A12BA2C930789376E9C35704E3BB00C1                                       x86\puttygen.exe
+MD5             E4542291C2744BDEBE144298319CCBF3                                       x86\puttyimp.exe
+MD5             38CB111DD6B159C151C1A7CD10E1E5DF                                       x86\puttytel.exe
+MD5             EB602F84E2C2947E69985A6065F04335                                       puttycac-0.77u1-installer.msi
+MD5             972AD706B7B9B502660B40C6F5974D7B                                       puttycac-0.77u1.zip
+MD5             5C06FEE3C683E132A7EC9284B3DE1AEC                                       puttycac-64bit-0.77u1-installer.msi
+MD5             687AB3DFECCBCF8D41D6238442F5FD77                                       puttycac-64bit-0.77u1.zip
 
 

code/CMakeLists.txt

@@ -1,8 +1,10 @@
 cmake_minimum_required(VERSION 3.7)
 project(putty LANGUAGES C)
+if(PUTTY_CAC)
+enable_language(CXX)
+endif()
 
 include(cmake/setup.cmake)
-
 # Scan the docs directory first, so that when we start calling
 # installed_program(), we'll know if we have man pages available
 add_subdirectory(doc)

code/cert/cert_capi.c

@@ -1,23 +1,24 @@
 #ifdef PUTTY_CAC
 
-#pragma comment(lib,"crypt32.lib")
-#pragma comment(lib,"cryptui.lib")
-#pragma comment(lib,"ncrypt.lib")
-
 #include <windows.h>
 #include <wincrypt.h>
-#include <cryptuiapi.h>
 #include <bcrypt.h>
 
+#include "ssh.h"
+
 #include "cert_common.h"
 
 #define DEFINE_VARIABLES
 #include "cert_capi.h"
 #undef DEFINE_VARIABLES
 
+#pragma comment(lib,"crypt32.lib")
+#pragma comment(lib,"cryptui.lib")
+#pragma comment(lib,"ncrypt.lib")
+
 void cert_capi_load_cert(LPCSTR szCert, PCCERT_CONTEXT* ppCertCtx, HCERTSTORE* phStore)
 {
-	HCERTSTORE hStore = cert_capi_get_cert_store(NULL, NULL);
+	HCERTSTORE hStore = cert_capi_get_cert_store(NULL);
 	if (hStore == NULL)
 	{
 		return;
@@ -256,101 +257,12 @@ BYTE* cert_capi_sign(struct ssh2_userkey* userkey, LPCBYTE pDataToSign, int iDat
 	return pSignedData;
 }
 
-HCERTSTORE cert_capi_get_cert_store(LPCSTR* szHint, HWND hWnd)
+HCERTSTORE cert_capi_get_cert_store()
 {
-	UNREFERENCED_PARAMETER(hWnd);
-
-	// no library hint needed for fido
-	if (szHint != NULL) *szHint = NULL;
-
 	return CertOpenStore(CERT_STORE_PROV_SYSTEM_W, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0,
 		CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_ENUM_ARCHIVED_FLAG, L"MY");
 }
 
-BOOL cert_capi_create_key(LPCSTR szAlgName, LPCSTR sSubjectName, BOOL bHardware)
-{
-	LPCWSTR szAlg = NULL;
-	DWORD iBits = 0;
-	if (false);
-	else if (strcmp(szAlgName, "rsa-1024") != 0) { iBits = 1024; szAlg = NCRYPT_RSA_ALGORITHM; }
-	else if (strcmp(szAlgName, "rsa-2048") != 0) { iBits = 2048; szAlg = NCRYPT_RSA_ALGORITHM; }
-	else if (strcmp(szAlgName, "rsa-3096") != 0) { iBits = 3096; szAlg = NCRYPT_RSA_ALGORITHM; }
-	else if (strcmp(szAlgName, "rsa-4096") != 0) { iBits = 4096; szAlg = NCRYPT_RSA_ALGORITHM; }
-	else if (strcmp(szAlgName, "ecdsa-sha2-nistp256") == 0) szAlg = NCRYPT_ECDSA_P256_ALGORITHM;
-	else if (strstr(szAlgName, "ecdsa-sha2-nistp384") == 0) szAlg = NCRYPT_ECDSA_P384_ALGORITHM;
-	else if (strcmp(szAlgName, "ecdsa-sha2-nistp512") == 0) szAlg = NCRYPT_ECDSA_P521_ALGORITHM;
-	else return false;
-
-	// decorate the name for the cert
-	BYTE sNameBufferEncoded[1024] = { 0 };
-	WCHAR sNameBufferWithCn[1024] = { 0 };
-	CERT_NAME_BLOB tSubjectNameDecorated = { sizeof(sNameBufferEncoded), sNameBufferEncoded };
-	if (swprintf_s(&sNameBufferWithCn[0], _countof(sNameBufferWithCn), L"CN=%S", sSubjectName) == -1 ||
-		CertStrToNameW(X509_ASN_ENCODING, sNameBufferWithCn, 0, NULL,
-			tSubjectNameDecorated.pbData, &tSubjectNameDecorated.cbData, NULL) == 0)
-	{
-		return FALSE;
-	}
-
-	// create crytographic key
-	BOOL bCertSuccess = FALSE;
-	NCRYPT_KEY_HANDLE hKey = (NCRYPT_KEY_HANDLE)NULL;
-	NCRYPT_PROV_HANDLE hProvider = (NCRYPT_PROV_HANDLE)NULL;
-	if (NCryptOpenStorageProvider(&hProvider, bHardware ? MS_SMART_CARD_KEY_STORAGE_PROVIDER :
-		MS_KEY_STORAGE_PROVIDER, 0) == ERROR_SUCCESS &&
-		NCryptCreatePersistedKey(hProvider, &hKey, szAlg,
-			sNameBufferWithCn, AT_SIGNATURE, 0) == ERROR_SUCCESS &&
-		(iBits == 0 || NCryptSetProperty(hKey, NCRYPT_LENGTH_PROPERTY,
-			(PBYTE)&iBits, sizeof(iBits), NCRYPT_PERSIST_FLAG) == ERROR_SUCCESS) &&
-		NCryptFinalizeKey(hKey, 0) == ERROR_SUCCESS)
-	{
-		// give the certificate the client auth and smartcard logon attributes
-		LPSTR tKeyUsageSoftware[] = { szOID_PKIX_KP_CLIENT_AUTH };
-		LPSTR tKeyUsageHardware[] = { szOID_KP_SMARTCARD_LOGON, szOID_PKIX_KP_CLIENT_AUTH };
-		CERT_ENHKEY_USAGE tEnhancedKeyUsage = {
-			(bHardware) ? _countof(tKeyUsageHardware) : _countof(tKeyUsageSoftware),
-			(bHardware) ? tKeyUsageHardware : tKeyUsageSoftware
-		};
-
-		BYTE sKeyUsageEncoded[32];
-		DWORD iKeyUsageEncodedSize = sizeof(sKeyUsageEncoded);
-		CryptEncodeObject(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE, (LPVOID)&tEnhancedKeyUsage, &sKeyUsageEncoded[0], &iKeyUsageEncodedSize);
-		CERT_EXTENSION tExtension = { 0 };
-		tExtension.pszObjId = szOID_ENHANCED_KEY_USAGE;
-		tExtension.Value.cbData = iKeyUsageEncodedSize;
-		tExtension.Value.pbData = &sKeyUsageEncoded[0];
-
-		// give the certificate a long lifetime
-		SYSTEMTIME tSystemTimeStart;
-		GetSystemTime(&tSystemTimeStart);
-		SYSTEMTIME tSystemTimeEnd = tSystemTimeStart;
-		tSystemTimeEnd.wYear += 100;
-
-		// create tje certofocate
-		CERT_EXTENSIONS tExtensions = { 1, &tExtension };
-		PCCERT_CONTEXT pContext = CertCreateSelfSignCertificate(hKey, &tSubjectNameDecorated,
-			0, NULL, NULL, &tSystemTimeStart, &tSystemTimeEnd, &tExtensions);
-		if (pContext != NULL)
-		{
-			// open the cert store to save the cert
-			HCERTSTORE hCertStore = CertOpenSystemStoreW((HCRYPTPROV_LEGACY)NULL, L"MY");
-			if (hCertStore != NULL)
-			{
-				// add the cert to the personal store
-				bCertSuccess = CertAddCertificateContextToStore(hCertStore, pContext,
-					CERT_STORE_ADD_REPLACE_EXISTING, NULL);
-				CertCloseStore(hCertStore, 0);
-			}
-
-			CertFreeCertificateContext(pContext);
-		}
-	}
-
-	if (hKey != (NCRYPT_HANDLE)NULL) NCryptFreeObject(hKey);
-	if (hProvider != (NCRYPT_HANDLE)NULL) NCryptFreeObject(hProvider);
-	return bCertSuccess;
-}
-
 BOOL cert_capi_delete_key(LPCSTR szCert)
 {
 	// get a handle to the certificate