RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte




BTW, I found advapi32.dll source code which is here:
http://source.winehq.org/source/dlls/advapi32/crypt.c

In CryptAcquireContext implementation, there is a line as following:

pProv = CRYPT_LoadProvider(imagepath);

Where "pProv" is the output of "CryptAcquireContext" and imagepath is the
address of CSP module;
So, pProv gets a handle to CSP(thus, "g_hmodule" global parameter in CSP
code) not "MyCSP" structure address!

Am I right?!

If so, How could I return the address of MyCSP structure by the output of
CryptAcquireContext?

"creative22" wrote:

Hello.

Do you overwrite hProv value? Or do you release
the context THEN still try to use it?)
Nowise.

If you get invalid parameter error from
CryptGetUserKey than you really need to debug your test code to see what's
going on in that test code.

Unfortunately, I can't debug csptestsuite,exe while testing my CSP,
I tried to use windbg.exe for this, but I've not got any good reply!

And about that sample code on MSDN I linked earlier:

I debug it with Visual studio debugger and see the output of
CryptGetUserKey(hkey) is invalid and I can't gain my key pair from it( it's
returned address is wrong!)
I think there should be something wrong between CAPI and CryptoSPI
commnication and specially HANDLE concerns.
Do you think I make a mistake in CAPI calls?

For detail, I change that code in this way:
"PROV_RSA_FULL" to "PROV_RSA_SIG" (my CSP type)

Of course, I just implemented 10 functions of CSP and the other functions
return an error (not implmemented), but at least I expect that my implemented
functions to be passed by csptestsuite.exe such CPGenKey, CPReleaseContext,
CPSignHash,...

Could you help me again?!

Best Regards.

"lelteto" wrote:

Assuming that in your DoTransmit routine uses the provided hProv as *MyCSP
that part of the code looks OK. If you get invalid parameter error from
CryptGetUserKey than you really need to debug your test code to see what's
going on in that test code. (Do you overwrite hProv value? Or do you release
the context THEN still try to use it?)

Laszlo Elteto
SafeNet, Inc.

"creative22" wrote:

Hi and Thanks as always Mr.lelteto!

Indeed,I found that still have some basic and conceptual problems in actual
communication between CAPI and CSP,
It seems the subject you pointed out, is my main problem!
I've read the following page on MSDN which is titled "CSP Architectural
Overview":

http://msdn.microsoft.com/en-us/library/aa381482(VS.85).aspx

In descriptions down the diagram,it's been pointed to what you discussed in
your post, but there is no more details for that;
namely, If I had "advapi32.dll" source code, I would understand the exact
action of "CryptAcquireContext"!

I also have read your other post about "pass-through" CSPs which is similar
to this one;

What do you return from your CSP's CPAcquireContext?

Because my CSP is a Smart Card CSP and my container is on the card, I need
to return address of a structure containing card-related parameters such
handle to
card and so on.

I've also put my code in other Thread here, but I put it here again
(CPAcquireContext & CPGetUserKey):

BOOL WINAPI
CPAcquireContext(
OUT HCRYPTPROV *phProv,
IN LPCSTR szContainer,
IN DWORD dwFlags,
IN PVTableProvStruc pVTable)
{

typedef struct {
SCARDCONTEXT hContext1; //The established resource manager context
SCARDHANDLE hCard1; //A handle to the card
DWORD m_APrtocol;
}MyCSP;


MyCSP* mycsp=new MyCSP;

//1.Establish Context
lReturn = SCardEstablishContext(SCARD_SCOPE_USER,
NULL,
NULL,
&(mycsp->hContext1));

//2.List readers.
TCHAR m_ReaderBuff[256];
DWORD m_ReaderBuffLen;
lReturn = SCardListReaders(mycsp->hContext1,
NULL,
m_ReaderBuff,
&m_ReaderBuffLen);

if(DialogBoxParam (g_hModule, MAKEINTRESOURCE(IDD_DIALOG2),
NULL, SelectReaderProc, (LPARAM) m_ReaderBuff)){


//3.Connect to the card.
lReturn = SCardConnect(mycsp->hContext1,
reader,
SCARD_SHARE_EXCLUSIVE,
SCARD_PROTOCOL_T0|SCARD_PROTOCOL_T1,
&(mycsp->hCard1),
&(mycsp->m_APrtocol));

//4.Begin Transaction.
lReturn = SCardBeginTransaction(mycsp->hCard1);


*phProv = (HCRYPTPROV)mycsp;
delete[]reader;
return TRUE;
}
}



BOOL WINAPI
CPGetUserKey(
IN HCRYPTPROV hProv,
IN DWORD dwKeySpec,
OUT HCRYPTKEY *phUserKey)
{

typedef struct {
BYTE *pbprivkey;
DWORD cbprivkey;
BYTE *pbpubkey;
DWORD cbpubkey;
}MyKey;


APDU apdu;

//Read Signature key pair from the card and stores into "keysbuf2" byte
array

int X,c=0,size;
BYTE keysbuf2[800];
apdu.bSend = FALSE;
apdu.CLA = 0x00;
apdu.INS = 0xB0;
apdu.P3 = 780;
apdu.P1 = 0x00;
for(int i=0;i<4;i++)
{
apdu.P2 = 0+i*85;
if(i*85>255)
{
X=i*85/256;
apdu.P1+=X;
}//end of if
DoTransmit(apdu,hProv);
for(int j=0+i*255;j<255+i*255;j++)
{
if(j<800)
keysbuf2[j]=apdu.Buffer[j-i*255];

else{
while(keysbuf2[--j]==0xFF)
c++;
size=800-c;
break;
}//end of else
}
}//end of for1

MyKey* mykey=new MyKey;
mykey->cbprivkey=size-160;
mykey->cbpubkey=160;
mykey->pbprivkey=new BYTE[mykey->cbprivkey];
mykey->pbpubkey=new BYTE[mykey->cbpubkey];

for(int i=0;i<size-160;i++)
mykey->pbprivkey[i]=keysbuf2[i];

for(int i=0;i<160;i++)
mykey->pbpubkey[i]=keysbuf2[i+size-160];

*phUserKey=(HCRYPTKEY)mykey;
return TRUE;
}


Besides, I can't find out why the CPAcquireContext should return "Address of
CSP's handle"(phprove) instead of the handle itself?!
as with CPGenKey(phkey) and CPCreatHash(phhash)!


CAPI, in turn, will create its OWN (different) handle which is returned to the >application
It's up to your code how you recognize your handle and get to your context blob >from it.

Unfortunately, I can't realize this mechanism and it's reason as well!
So I don't know how to verify and recognize the handle?!

Pardon me of my post lenght!!

Best Regards.

"lelteto" wrote:

This can only be the hCryptProv parameter (ie. the handle you got from
CryptAcquireContext).

What do you return from your CSP's CPAcquireContext? You supposed to create
your OWN context (a block of allocated memory) and return this to the CAPI
code layer. CAPI, in turn, will create its OWN (different) handle which is
returned to the application. When the application calls any other CAPI
function (in your case CryptGetUserKey) you pass the CAPI handle (the one the
app got from CryptAcquireContext). Now CAPI will get your CSP's returned
handle from that and call your CPGetUserkey with YOUR handle. It's up to your
code how you recognize your handle and get to your context blob from it. (The
simplest way - which most CSP do - is sim-ply return the address of your
allocated context blob as your CSP's handle from your CPAcquireContext
function.)

Please check how you create and use YOUR hCryptProv value in your code.

Laszlo Elteto
SafeNet, Inc.

"creative22" wrote:

Hi all;
I'm testing my implemented CSP with csptestsuite.exe;
But in most of functions such as CryptGenkey, it return this error:

"ERROR_INVALID_PARAMETER"

And I couldn't find what is this error due to?


I've used of "advapi32.dll" patch (for Windows XP SP3) to test my CSP,

Meanwhile,when I run a sample application program being in MSDN for calling
CSP(even Microsoft CSPs such "Microsoft Strong Cryptographic Provider")

functions, I see this error when calling below API:

CryptGetUserKey(hCryptProv,AT_SIGNATURE,&hKey))


The mentained sample code is available on MSDN page with this title:
"Example C Program: Creating a Key Container and Generating Keys"

Could you guid me what's the problem?

(Of course,I tried to debug executable of this sample code by "WinDBG.exe"
in user mode, but I'm so new to windbg.exe and still have problem with it!)

Please help,I'm hurry!

sincerely.

.



Relevant Pages

  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "csptestsu
    ... What do you return from your CSP's CPAcquireContext? ... your OWN context and return this to the CAPI ... app got from CryptAcquireContext). ... I'm testing my implemented CSP with csptestsuite.exe; ...
    (microsoft.public.platformsdk.security)
  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... the context THEN still try to use it?) ... CryptGetUserKey than you really need to debug your test code to see what's ... I just implemented 10 functions of CSP and the other functions ...
    (microsoft.public.platformsdk.security)
  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... Assuming that in your DoTransmit routine uses the provided hProv as *MyCSP ... I've read the following page on MSDN which is titled "CSP Architectural ... SCARDCONTEXT hContext1; ... your OWN context and return this to the CAPI ...
    (microsoft.public.platformsdk.security)
  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... CryptAcquireContext will NEVER return YOUR context. ... As I explained, CAPI ... So, pProv gets a handle to CSP(thus, "g_hmodule" global parameter in CSP ... CryptGetUserKey than you really need to debug your test code to see what's ...
    (microsoft.public.platformsdk.security)
  • RE: Biometric CSP wrapper
    ... You need to have your own Context and the ... 'downstream' original smartcard CSP you allocate some memory, ... is used you get the 'downstream' context / handle from your struct and pass ... that down to the smartcard CSP. ...
    (microsoft.public.platformsdk.security)