archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/enduser/netmeeting/nmmkcert/pvkutil.cpp

423 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #include "global.h"
  4. //+-------------------------------------------------------------------------
  5. // Private Key file definitions
  6. //
  7. // The file consists of the FILE_HDR followed by cbEncryptData optional
  8. // bytes used to encrypt the private key and then the private key.
  9. // The private key is encrypted according to dwEncryptType.
  10. //
  11. // The public key is included with the private key.
  12. //--------------------------------------------------------------------------
  14. typedef struct _FILE_HDR {
  15. DWORD dwMagic;
  16. DWORD dwVersion;
  17. DWORD dwKeySpec;
  18. DWORD dwEncryptType;
  19. DWORD cbEncryptData;
  20. DWORD cbPvk;
  21. } FILE_HDR, *PFILE_HDR;
  23. // BUGBUG: enum from pvk.h?
  24. #ifndef ENTER_PASSWORD
  25. #define ENTER_PASSWORD 0
  26. #endif // ENTER_PASSWORD
  28. #define PVK_FILE_VERSION_0 0
  29. #define PVK_MAGIC 0xb0b5f11e
  31. // Private key encrypt types
  32. #define PVK_NO_ENCRYPT 0
  34. #define MAX_PVK_FILE_LEN 4096
  36. typedef BOOL (* PFNREAD)(HANDLE h, void * p, DWORD cb);
  38. extern DWORD g_dwSubjectStoreFlag;
  40. //+-------------------------------------------------------------------------
  41. // Read & Write to memory fucntion
  42. //--------------------------------------------------------------------------
  43. typedef struct _MEMINFO {
  44. BYTE * pb;
  45. DWORD cb;
  46. DWORD cbSeek;
  47. } MEMINFO, * PMEMINFO;
  49. static BOOL ReadFromMemory(
  50. IN HANDLE h,
  51. IN void * p,
  52. IN DWORD cb
  53. )
  54. {
  55. PMEMINFO pMemInfo = (PMEMINFO) h;
  57. if (pMemInfo->cbSeek + cb <= pMemInfo->cb) {
  58. // copy the bytes
  59. memcpy(p, &pMemInfo->pb[pMemInfo->cbSeek], cb);
  60. pMemInfo->cbSeek += cb;
  61. return TRUE;
  62. } else {
  63. SetLastError(ERROR_END_OF_MEDIA);
  64. return FALSE;
  65. }
  66. }
  68. //+-------------------------------------------------------------------------
  69. // Converts the bytes into WCHAR hex
  70. //
  71. // Needs (cb * 2 + 1) * sizeof(WCHAR) bytes of space in wsz
  72. //--------------------------------------------------------------------------
  73. static void BytesToWStr(ULONG cb, void* pv, LPWSTR wsz)
  74. {
  75. BYTE* pb = (BYTE*) pv;
  76. for (ULONG i = 0; i<cb; i++) {
  77. int b;
  78. b = (*pb & 0xF0) >> 4;
  79. *wsz++ = (b <= 9) ? b + L'0' : (b - 10) + L'A';
  80. b = *pb & 0x0F;
  81. *wsz++ = (b <= 9) ? b + L'0' : (b - 10) + L'A';
  82. pb++;
  83. }
  84. *wsz++ = 0;
  85. }
  87. #define UUID_WSTR_BYTES ((sizeof(GUID) * 2 + 1) * sizeof(WCHAR))
  89. //-------------------------------------------------------------------------
  90. //
  91. // Call GetLastError and convert the return code to HRESULT
  92. //--------------------------------------------------------------------------
  93. HRESULT WINAPI SignError ()
  94. {
  95. DWORD dw = GetLastError ();
  96. HRESULT hr;
  97. if ( dw <= (DWORD) 0xFFFF )
  98. hr = HRESULT_FROM_WIN32 ( dw );
  99. else
  100. hr = dw;
  101. if ( ! FAILED ( hr ) )
  102. {
  103. // somebody failed a call without properly setting an error condition
  105. hr = E_UNEXPECTED;
  106. }
  107. return hr;
  108. }
  110. static BOOL LoadKeyW(
  111. IN HCRYPTPROV hCryptProv,
  112. IN HANDLE hRead,
  113. IN PFNREAD pfnRead,
  114. IN DWORD cbKeyData,
  115. IN HWND hwndOwner,
  116. IN LPCWSTR pwszKeyName,
  117. IN DWORD dwFlags,
  118. IN OUT OPTIONAL DWORD *pdwKeySpec
  119. )
  120. {
  121. BOOL fResult;
  122. FILE_HDR Hdr;
  123. HCRYPTKEY hKey = 0;
  124. BYTE *pbPvk = NULL;
  125. DWORD cbPvk;
  127. // Read the file header and verify
  128. if (!pfnRead(hRead, &Hdr, sizeof(Hdr)))
  129. {
  130. ERROR_OUT(("can't read in-memory pvk file hdr"));
  131. goto BadPvkFile;
  132. }
  134. ASSERT( Hdr.dwMagic == PVK_MAGIC );
  136. // Treat as a "normal" private key file
  137. cbPvk = Hdr.cbPvk;
  138. if (Hdr.dwVersion != PVK_FILE_VERSION_0 ||
  139. Hdr.cbEncryptData > MAX_PVK_FILE_LEN ||
  140. cbPvk == 0 || cbPvk > MAX_PVK_FILE_LEN)
  141. goto BadPvkFile;
  143. if (pdwKeySpec) {
  144. DWORD dwKeySpec = *pdwKeySpec;
  145. *pdwKeySpec = Hdr.dwKeySpec;
  146. if (dwKeySpec && dwKeySpec != Hdr.dwKeySpec) {
  147. SetLastError(PVK_HELPER_WRONG_KEY_TYPE);
  148. goto ErrorReturn;
  149. }
  150. }
  152. // Allocate and read the private key
  153. if (NULL == (pbPvk = new BYTE[cbPvk]))
  154. goto ErrorReturn;
  155. if (!pfnRead(hRead, pbPvk, cbPvk))
  156. goto BadPvkFile;
  158. ASSERT(Hdr.dwEncryptType == PVK_NO_ENCRYPT);
  160. // Decrypt and import the private key
  161. if (!CryptImportKey(hCryptProv, pbPvk, cbPvk, 0, dwFlags,
  162. &hKey))
  163. goto ErrorReturn;
  165. fResult = TRUE;
  166. goto CommonReturn;
  168. BadPvkFile:
  169. SetLastError(PVK_HELPER_BAD_PVK_FILE);
  170. if (pdwKeySpec)
  171. *pdwKeySpec = 0;
  172. ErrorReturn:
  173. fResult = FALSE;
  174. CommonReturn:
  175. if (pbPvk)
  176. delete [] (pbPvk);
  177. if (hKey)
  178. CryptDestroyKey(hKey);
  179. return fResult;
  180. }
  182. static BOOL AcquireKeyContextW(
  183. IN LPCWSTR pwszProvName,
  184. IN DWORD dwProvType,
  185. IN HANDLE hRead,
  186. IN PFNREAD pfnRead,
  187. IN DWORD cbKeyData,
  188. IN HWND hwndOwner,
  189. IN LPCWSTR pwszKeyName,
  190. IN OUT OPTIONAL DWORD *pdwKeySpec,
  191. OUT HCRYPTPROV *phCryptProv
  192. )
  193. {
  194. BOOL fResult;
  195. HCRYPTPROV hProv = 0;
  196. GUID TmpContainerUuid;
  197. LPWSTR pwszTmpContainer = NULL;
  199. // Create a temporary keyset to load the private key into
  200. // UuidCreate(&TmpContainerUuid);
  201. if (CoCreateGuid((GUID *)&TmpContainerUuid) != S_OK)
  202. {
  203. goto ErrorReturn;
  204. }
  206. if (NULL == (pwszTmpContainer = (LPWSTR) new BYTE[
  207. 6 * sizeof(WCHAR) + UUID_WSTR_BYTES]))
  208. goto ErrorReturn;
  209. LStrCpyW(pwszTmpContainer, L"TmpKey");
  210. BytesToWStr(sizeof(UUID), &TmpContainerUuid, pwszTmpContainer + 6);
  212. if (!CryptAcquireContextU(
  213. &hProv,
  214. pwszTmpContainer,
  215. pwszProvName,
  216. dwProvType,
  217. CRYPT_NEWKEYSET |
  218. ( g_dwSubjectStoreFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ?
  219. CRYPT_MACHINE_KEYSET : 0 )))
  220. goto ErrorReturn;
  222. if (!LoadKeyW(
  223. hProv,
  224. hRead,
  225. pfnRead,
  226. cbKeyData,
  227. hwndOwner,
  228. pwszKeyName,
  229. 0, // dwFlags
  230. pdwKeySpec
  231. ))
  232. goto DeleteKeySetReturn;
  234. fResult = TRUE;
  235. goto CommonReturn;
  237. DeleteKeySetReturn:
  238. CryptReleaseContext(hProv, 0);
  239. CryptAcquireContextU(
  240. &hProv,
  241. pwszTmpContainer,
  242. pwszProvName,
  243. dwProvType,
  244. CRYPT_DELETEKEYSET
  245. );
  246. hProv = 0;
  247. ErrorReturn:
  248. if (hProv) {
  249. CryptReleaseContext(hProv, 0);
  250. hProv = 0;
  251. }
  252. fResult = FALSE;
  254. CommonReturn:
  255. if (pwszTmpContainer) {
  256. delete [] (pwszTmpContainer);
  257. }
  258. *phCryptProv = hProv;
  259. return fResult;
  260. }
  262. //+-------------------------------------------------------------------------
  263. // Creates a temporary container in the provider and loads the private key
  264. // from memory.
  265. // For success, returns a handle to a cryptographic provider for the private
  266. // key and the name of the temporary container. PrivateKeyReleaseContext must
  267. // be called to release the hCryptProv and delete the temporary container.
  268. //
  269. // PrivateKeyLoadFromMemory is called to load the private key into the
  270. // temporary container.
  271. //--------------------------------------------------------------------------
  272. BOOL
  273. WINAPI
  274. PvkPrivateKeyAcquireContextFromMemory(
  275. IN LPCWSTR pwszProvName,
  276. IN DWORD dwProvType,
  277. IN BYTE *pbData,
  278. IN DWORD cbData,
  279. IN HWND hwndOwner,
  280. IN LPCWSTR pwszKeyName,
  281. IN OUT OPTIONAL DWORD *pdwKeySpec,
  282. OUT HCRYPTPROV *phCryptProv
  283. )
  284. {
  286. HRESULT hr = S_OK;
  287. if(FAILED(hr))
  288. return FALSE;
  290. MEMINFO MemInfo;
  292. MemInfo.pb = pbData;
  293. MemInfo.cb = cbData;
  294. MemInfo.cbSeek = 0;
  295. BOOL fhr = AcquireKeyContextW(
  296. pwszProvName,
  297. dwProvType,
  298. (HANDLE) &MemInfo,
  299. ReadFromMemory,
  300. cbData,
  301. hwndOwner,
  302. pwszKeyName,
  303. pdwKeySpec,
  304. phCryptProv
  305. );
  306. return fhr;
  307. }
  309. //+-------------------------------------------------------------------------
  310. // Releases the cryptographic provider and deletes the temporary container
  311. // created by PrivateKeyAcquireContext or PrivateKeyAcquireContextFromMemory.
  312. //--------------------------------------------------------------------------
  313. BOOL
  314. WINAPI
  315. PvkPrivateKeyReleaseContext(
  316. IN HCRYPTPROV hCryptProv,
  317. IN LPCWSTR pwszProvName,
  318. IN DWORD dwProvType,
  319. IN LPWSTR pwszTmpContainer
  320. )
  321. {
  323. HRESULT hr = S_OK;
  325. if (hCryptProv)
  326. CryptReleaseContext(hCryptProv, 0);
  328. if (pwszTmpContainer) {
  329. // Delete the temporary container for the private key from
  330. // the provider
  331. //
  332. // Note: for CRYPT_DELETEKEYSET, the returned hCryptProv is undefined
  333. // and must not be released.
  334. CryptAcquireContextU(
  335. &hCryptProv,
  336. pwszTmpContainer,
  337. pwszProvName,
  338. dwProvType,
  339. CRYPT_DELETEKEYSET
  340. );
  341. delete (pwszTmpContainer);
  342. }
  344. return TRUE;
  345. }
  347. //+-------------------------------------------------------------------------
  348. // Get crypto provider to based on either the pvkfile or key container name
  349. //--------------------------------------------------------------------------
  350. HRESULT WINAPI PvkGetCryptProv( IN HWND hwnd,
  351. IN LPCWSTR pwszCaption,
  352. IN LPCWSTR pwszCapiProvider,
  353. IN DWORD dwProviderType,
  354. IN LPCWSTR pwszPvkFile,
  355. IN LPCWSTR pwszKeyContainerName,
  356. IN DWORD *pdwKeySpec,
  357. OUT LPWSTR *ppwszTmpContainer,
  358. OUT HCRYPTPROV *phCryptProv)
  359. {
  360. HANDLE hFile=NULL;
  361. HRESULT hr=E_FAIL;
  362. DWORD dwRequiredKeySpec=0;
  364. //Init
  365. *ppwszTmpContainer=NULL;
  366. *phCryptProv=NULL;
  368. //get the provider handle based on the key container name
  369. if(!CryptAcquireContextU(phCryptProv,
  370. pwszKeyContainerName,
  371. pwszCapiProvider,
  372. dwProviderType,
  373. ( g_dwSubjectStoreFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ?
  374. CRYPT_MACHINE_KEYSET : 0 )))
  375. return SignError();
  377. dwRequiredKeySpec=*pdwKeySpec;
  379. //make sure *pdwKeySpec is the correct key spec
  380. HCRYPTKEY hPubKey;
  381. if (CryptGetUserKey(
  382. *phCryptProv,
  383. dwRequiredKeySpec,
  384. &hPubKey
  385. ))
  386. {
  387. CryptDestroyKey(hPubKey);
  388. *pdwKeySpec=dwRequiredKeySpec;
  389. return S_OK;
  390. }
  391. else
  392. {
  393. // Doesn't have the specified public key
  394. hr=SignError();
  395. CryptReleaseContext(*phCryptProv, 0);
  396. *phCryptProv=NULL;
  397. return hr;
  398. }
  399. }
  403. void WINAPI PvkFreeCryptProv(IN HCRYPTPROV hProv,
  404. IN LPCWSTR pwszCapiProvider,
  405. IN DWORD dwProviderType,
  406. IN LPWSTR pwszTmpContainer)
  407. {
  409. if (pwszTmpContainer) {
  410. // Delete the temporary container for the private key from
  411. // the provider
  412. PvkPrivateKeyReleaseContext(hProv,
  413. pwszCapiProvider,
  414. dwProviderType,
  415. pwszTmpContainer);
  416. } else {
  417. if (hProv)
  418. CryptReleaseContext(hProv, 0);
  419. }
  420. }