|
|
/**********************************************************************//** Microsoft Passport **//** Copyright(c) Microsoft Corporation, 1999 - 2001 **//**********************************************************************/
/*
PassportCrypt.cpp
FILE HISTORY:
*/
// PassportCrypt.cpp : Implementation of CCrypt
#include "stdafx.h"
#include "Passport.h"
#include "PassportCrypt.h"
#include <time.h>
/* moved into passport.idl -- so consumer of the COM API can see it
// max blocks + 10 should be multiples of 3 for simplicity
#define ENC_MAX_SIZE 2045
// I don't trust the compiler... (((2045+10)*4)/3)+9 = 2749 * sizeof(wchar)
#define DEC_MAX_SIZE 5498
*/
//===========================================================================
//
// CCrypt
//
CCrypt::CCrypt() : m_crypt(NULL), m_szSiteName(NULL), m_szHostName(NULL){ m_pUnkMarshaler = NULL; m_keyVersion = 0;
CRegistryConfig* crc = g_config->checkoutRegistryConfig(); if( crc ) { m_keyVersion = crc->getCurrentCryptVersion(); crc->getCrypt(m_keyVersion, &m_validUntil); crc->Release(); }}
/////////////////////////////////////////////////////////////////////////////
// CCrypt
//===========================================================================
//
// InterfaceSupportsErrorInfo
//
STDMETHODIMP CCrypt::InterfaceSupportsErrorInfo(REFIID riid){ static const IID* arr[] = { &IID_IPassportCrypt, }; for (int i=0;i<sizeof(arr)/sizeof(arr[0]);i++) { if (InlineIsEqualGUID(*arr[i],riid)) return S_OK; } return S_FALSE;}
//===========================================================================
//
// OnStartPage
//
STDMETHODIMP CCrypt::OnStartPage(IUnknown* piUnk) { BOOL bHasPort; DWORD dwServerNameLen; HRESULT hr = S_OK; BOOL bVariantInited = FALSE;
// param needs to cleanup
IRequestPtr piRequest ; IRequestDictionaryPtr piServerVariables ; _variant_t vtItemName; _variant_t vtServerName; _variant_t vtServerPort; _variant_t vtHTTPS;// WCHAR szServerName = NULL;
// CHAR* szServerName_A = NULL;
CRegistryConfig* crc = NULL;
if(!piUnk) { hr = E_POINTER; goto exit; }
if (!g_config->isValid()) // Guarantees config is non-null
{ AtlReportError(CLSID_Manager, PP_E_NOT_CONFIGUREDSTR, IID_IPassportManager, PP_E_NOT_CONFIGURED); hr = PP_E_NOT_CONFIGURED; }
try {
// Get Request Object Pointer
piRequest = ((IScriptingContextPtr)piUnk)->Request;
//
// Use the request object to get the server name being requested
// so we can get the correct registry config. But only do this
// if we have some configured sites.
//
if(g_config->HasSites()) { piRequest->get_ServerVariables(&piServerVariables);
vtItemName.vt = VT_BSTR; vtItemName.bstrVal = SysAllocString(L"SERVER_NAME"); if (NULL == vtItemName.bstrVal) { hr = E_OUTOFMEMORY; goto exit; }
piServerVariables->get_Item(vtItemName, &vtServerName); if(vtServerName.vt != VT_BSTR) VariantChangeType(&vtServerName, &vtServerName, 0, VT_BSTR);
VariantClear(&vtItemName);
vtItemName.vt = VT_BSTR; vtItemName.bstrVal = SysAllocString(L"SERVER_PORT"); if (NULL == vtItemName.bstrVal) { hr = E_OUTOFMEMORY; goto exit; }
piServerVariables->get_Item(vtItemName, &vtServerPort); if(vtServerPort.vt != VT_BSTR) VariantChangeType(&vtServerPort, &vtServerPort, 0, VT_BSTR);
VariantClear(&vtItemName); vtItemName.vt = VT_BSTR; vtItemName.bstrVal = SysAllocString(L"HTTPS"); if (NULL == vtItemName.bstrVal) { hr = E_OUTOFMEMORY; goto exit; }
hr = piServerVariables->get_Item(vtItemName, &vtHTTPS); if(vtHTTPS.vt != VT_BSTR) VariantChangeType(&vtHTTPS, &vtHTTPS, 0, VT_BSTR);
// If not default port, append ":port" to server name.
bHasPort = (lstrcmpiW(L"off", vtHTTPS.bstrVal) == 0 && lstrcmpW(L"80", vtServerPort.bstrVal) != 0) || (lstrcmpiW(L"on", vtHTTPS.bstrVal) == 0 && lstrcmpW(L"443", vtServerPort.bstrVal) != 0); dwServerNameLen = bHasPort ? lstrlenW(vtServerName.bstrVal) + lstrlenW(vtServerPort.bstrVal) + 2 : lstrlenW(vtServerName.bstrVal) + 1;
m_szHostName = new CHAR[dwServerNameLen]; if( !m_szHostName ) { hr = E_OUTOFMEMORY; goto exit; }
WideCharToMultiByte(CP_ACP, 0, vtServerName.bstrVal, -1, m_szHostName, dwServerNameLen, NULL, NULL);
if(bHasPort) { USES_CONVERSION; lstrcatA(m_szHostName, ":"); lstrcatA(m_szHostName, W2A(vtServerPort.bstrVal)); }
crc = g_config->checkoutRegistryConfig(m_szHostName); } else { crc = g_config->checkoutRegistryConfig(); }
m_keyVersion = 0; if (crc) { m_keyVersion = crc->getCurrentCryptVersion(); crc->getCrypt(m_keyVersion,&m_validUntil); } } catch(...) { hr = S_OK; }
exit:
if( crc ) crc->Release();
return hr;}
//===========================================================================
//
// Encrypt
//
STDMETHODIMP CCrypt::Encrypt(BSTR rawData, BSTR *pEncrypted){ if (!rawData) return E_INVALIDARG;
if (SysStringLen(rawData) > ENC_MAX_SIZE) { AtlReportError(CLSID_Crypt, L"Passport.Crypt: Data too large", IID_IPassportCrypt, E_FAIL); return E_FAIL; }
if (m_crypt) { if (!m_crypt->Encrypt(m_keyVersion, (LPSTR)rawData, SysStringByteLen(rawData), pEncrypted)) { AtlReportError(CLSID_Crypt, L"Encryption failed", IID_IPassportCrypt, E_FAIL); return E_FAIL; } } else { CRegistryConfig* crc = ObtainCRC(); if (!crc) { AtlReportError(CLSID_Crypt, L"Passport misconfigured", IID_IPassportCrypt, E_FAIL); return E_FAIL; } CCoCrypt *cr = crc->getCrypt(m_keyVersion,&m_validUntil); if (!cr) { AtlReportError(CLSID_Crypt, L"No such key version", IID_IPassportCrypt, E_FAIL); crc->Release(); return E_FAIL; } if (!cr->Encrypt(m_keyVersion,(LPSTR)rawData,SysStringByteLen(rawData),pEncrypted)) { AtlReportError(CLSID_Crypt, L"Encryption failed", IID_IPassportCrypt, E_FAIL); crc->Release(); return E_FAIL; } crc->Release(); } return S_OK;}
//===========================================================================
//
// Decrypt
//
STDMETHODIMP CCrypt::Decrypt(BSTR rawData, BSTR *pUnencrypted){ if (rawData == NULL) { *pUnencrypted = NULL; return S_OK; }
if (SysStringLen(rawData) > DEC_MAX_SIZE) { AtlReportError(CLSID_Crypt, L"Passport.Crypt: Data too large", IID_IPassportCrypt, E_FAIL); return E_FAIL; }
if (m_crypt) // Just do our job, no questions
{ if (m_crypt->Decrypt(rawData, SysStringByteLen(rawData), pUnencrypted)) { return S_OK; }
if(g_pAlert) g_pAlert->report(PassportAlertInterface::WARNING_TYPE, PM_FAILED_DECRYPT);
*pUnencrypted = NULL; return S_OK; }
// First find the key version
int kv = CCoCrypt::getKeyVersion(rawData); time_t vU, now;
CRegistryConfig* crc = ObtainCRC(); if (!crc) { AtlReportError(CLSID_Crypt, L"Passport misconfigured", IID_IPassportCrypt, PP_E_NOT_CONFIGURED); return PP_E_NOT_CONFIGURED; } CCoCrypt *cr = crc->getCrypt(kv, &vU);
time(&now);
if ((vU != 0 && now > vU) || cr == NULL) { *pUnencrypted = NULL; if(g_pAlert) g_pAlert->report(PassportAlertInterface::WARNING_TYPE, PM_FAILED_DECRYPT); crc->Release(); return S_OK; }
if (cr->Decrypt(rawData, SysStringByteLen(rawData), pUnencrypted)) { crc->Release(); return S_OK; } if(g_pAlert) g_pAlert->report(PassportAlertInterface::WARNING_TYPE, PM_FAILED_DECRYPT); crc->Release(); *pUnencrypted = NULL; return S_OK;}
//===========================================================================
//
// get_keyVersion
//
STDMETHODIMP CCrypt::get_keyVersion(int *pVal){ *pVal = m_keyVersion; return S_OK;}
//===========================================================================
//
// put_keyVersion
//
STDMETHODIMP CCrypt::put_keyVersion(int newVal){ m_keyVersion = newVal; if (m_crypt) { delete m_crypt; m_crypt = NULL; } return S_OK;}
//===========================================================================
//
// vget_IsValid
//
STDMETHODIMP CCrypt::get_IsValid(VARIANT_BOOL *pVal){// fix 6695 PassportCrypt.IsValid is inconsistent to end users.
// *pVal = (m_crypt != NULL) ? VARIANT_TRUE : VARIANT_FALSE;
*pVal = (g_config->isValid()) ? VARIANT_TRUE : VARIANT_FALSE; return S_OK;}
//===========================================================================
//
// put_keyMaterial
//
STDMETHODIMP CCrypt::put_keyMaterial(BSTR newVal){ CCoCrypt *pcccTemp = new CCoCrypt();
if (pcccTemp == NULL) { return E_OUTOFMEMORY; }
if (m_crypt) { delete m_crypt; }
m_crypt = pcccTemp;
m_crypt->setKeyMaterial(newVal); return S_OK;}
//===========================================================================
//
// Compress
//
STDMETHODIMP CCrypt::Compress( BSTR bstrIn, BSTR* pbstrCompressed ){ HRESULT hr; UINT nInLen;
//
// Check inputs.
//
if(bstrIn == NULL || pbstrCompressed == NULL) { hr = E_POINTER; goto Cleanup; }
//
// nInLen does not include the terminating NULL.
//
nInLen = SysStringLen(bstrIn);
//
// Always want to allocate an even number of bytes
// so that the corresponding decompress does not
// lose characters.
//
if(nInLen & 0x1) nInLen++;
//
// Allocate a BSTR of the correct length.
//
*pbstrCompressed = SysAllocStringByteLen(NULL, nInLen); if(*pbstrCompressed == NULL) { hr = E_OUTOFMEMORY; goto Cleanup; }
//
// We allocated a total of nInLen + 2 bytes. Zero it out.
//
memset(*pbstrCompressed, 0, nInLen + sizeof(OLECHAR));
//
// Convert to multibyte.
//
if (0 == WideCharToMultiByte(CP_ACP, 0, bstrIn, nInLen, (LPSTR)*pbstrCompressed, nInLen + 1, // this is how many bytes were allocated by
// SysAllocStringByteLen
NULL, NULL)) { hr = E_FAIL; } else { hr = S_OK; }
Cleanup: return hr;}
//===========================================================================
//
// Decompress
//
STDMETHODIMP CCrypt::Decompress( BSTR bstrIn, BSTR* pbstrDecompressed ){ HRESULT hr; CHAR *pch; UINT nInLen;
if(bstrIn == NULL || pbstrDecompressed == NULL) { hr = E_POINTER; goto Cleanup; }
//
// nInLen is number of mbc's, and does not include the terminating NULL.
//
nInLen = SysStringByteLen(bstrIn);
//
// 13386: return NULL if 0 length
//
if (nInLen == 0) { *pbstrDecompressed = NULL; hr = S_OK; goto Cleanup; } pch = (CHAR*)bstrIn; if ('\0' == pch[nInLen - 1]) { nInLen--; }
//
// Allocate a BSTR of the correct length.
//
*pbstrDecompressed = SysAllocStringLen(NULL, nInLen); if(*pbstrDecompressed == NULL) { hr = E_OUTOFMEMORY; goto Cleanup; }
//
// We allocated a total of (nOutLen+1) * sizeof(OLECHAR) bytes, since
// SysAllocStringLen allocs an extra character. Zero it all out.
//
memset(*pbstrDecompressed, 0, (nInLen + 1) * sizeof(OLECHAR));
//
// Convert to wide.
//
if (0 == MultiByteToWideChar(CP_ACP, 0, (LPCSTR)bstrIn, -1, *pbstrDecompressed, nInLen + 1)) { hr = E_FAIL; } else { hr = S_OK; }Cleanup: return hr;}
//===========================================================================
//
// put_site
//
STDMETHODIMPCCrypt::put_site( BSTR bstrSiteName ){ HRESULT hr; int nLen; LPSTR szNewSiteName; CRegistryConfig* crc;
if(!bstrSiteName) { if(m_szSiteName) delete [] m_szSiteName; m_szSiteName = NULL; } else { nLen = SysStringLen(bstrSiteName) + 1; szNewSiteName = new CHAR[nLen]; if(!szNewSiteName) { hr = E_OUTOFMEMORY; goto Cleanup; }
WideCharToMultiByte(CP_ACP, 0, bstrSiteName, -1, szNewSiteName, nLen, NULL, NULL);
Cleanup();
m_szSiteName = szNewSiteName; }
crc = ObtainCRC(); if (!crc) { m_keyVersion = 0; } else { m_keyVersion = crc->getCurrentCryptVersion(); crc->getCrypt(m_keyVersion,&m_validUntil); crc->Release(); }
hr = S_OK;
Cleanup:
return hr;}
//===========================================================================
//
// put_host
//
STDMETHODIMPCCrypt::put_host( BSTR bstrHostName ){ HRESULT hr; int nLen; LPSTR szNewHostName; CRegistryConfig* crc;
if(!bstrHostName) { if(m_szHostName) delete [] m_szHostName; m_szHostName = NULL; } else {
nLen = SysStringLen(bstrHostName) + 1; szNewHostName = new CHAR[nLen]; if(!szNewHostName) { hr = E_OUTOFMEMORY; goto Cleanup; }
WideCharToMultiByte(CP_ACP, 0, bstrHostName, -1, szNewHostName, nLen, NULL, NULL);
Cleanup(); m_szHostName = szNewHostName;
crc = ObtainCRC(); if (!crc) { m_keyVersion = 0; } else { m_keyVersion = crc->getCurrentCryptVersion(); crc->getCrypt(m_keyVersion,&m_validUntil); crc->Release(); } } hr = S_OK;
Cleanup:
return hr;}
//===========================================================================
//
// Cleanup
//
void CCrypt::Cleanup(){ if( m_szSiteName ) { delete [] m_szSiteName; m_szSiteName = NULL; }
if( m_szHostName ) { delete [] m_szHostName; m_szHostName = NULL; }}
//===========================================================================
//
// ObtainCRC
//
CRegistryConfig* CCrypt::ObtainCRC(){ CRegistryConfig* crc = NULL;
if( m_szHostName && m_szSiteName ) { // we are in bad state now
Cleanup(); goto exit; } if( m_szHostName ) crc = g_config->checkoutRegistryConfig(m_szHostName);
if( m_szSiteName ) crc = g_config->checkoutRegistryConfigBySite(m_szSiteName);
// if we still can't get crc at this moment, try the default one
if( !crc ) crc = g_config->checkoutRegistryConfig();
exit: return crc;}
/////////////////////////////////////////////////////////////////////////////
// IPassportService implementation
//===========================================================================
//
// Initialize
//
STDMETHODIMP CCrypt::Initialize(BSTR configfile, IServiceProvider* p){ HRESULT hr;
// Initialize.
if (!g_config->isValid()) { AtlReportError(CLSID_Crypt, PP_E_NOT_CONFIGUREDSTR, IID_IPassportService, PP_E_NOT_CONFIGURED); hr = PP_E_NOT_CONFIGURED; goto Cleanup; }
hr = S_OK;
Cleanup:
return hr;}
//===========================================================================
//
// Shutdown
//
STDMETHODIMP CCrypt::Shutdown(){ return S_OK;}
//===========================================================================
//
// ReloadState
//
STDMETHODIMP CCrypt::ReloadState(IServiceProvider*){ return S_OK;}
//===========================================================================
//
// CommitState
//
STDMETHODIMP CCrypt::CommitState(IServiceProvider*){ return S_OK;}
//===========================================================================
//
// DumpState
//
STDMETHODIMP CCrypt::DumpState(BSTR* pbstrState){ ATLASSERT( *pbstrState != NULL && "CCrypt:DumpState - " "Are you sure you want to hand me a non-null BSTR?" );
HRESULT hr = S_OK;
return hr;}
|
