archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/schannel/spbase/serial.c

819 lines
24 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 2000.
  5. //
  6. // File: serial.c
  7. //
  8. // Contents: Schannel context serialization routines.
  9. //
  10. // Functions: SPContextSerialize
  11. // SPContextDeserialize
  12. //
  13. // History: 02-15-00 jbanes Created.
  14. //
  15. //----------------------------------------------------------------------------
  17. #include <spbase.h>
  18. #include <certmap.h>
  19. #include <mapper.h>
  20. #include <align.h>
  22. typedef enum _SERIALIZED_ITEM_TYPE
  23. {
  24. SslEndOfBuffer = 0,
  25. SslContext,
  26. SslReadKey,
  27. SslReadMac,
  28. SslWriteKey,
  29. SslWriteMac,
  30. SslMapper,
  31. SslRemoteCertificate
  32. } SERIALIZED_ITEM_TYPE;
  34. typedef struct _SERIALIZED_ITEM_TAG
  35. {
  36. DWORD Type;
  37. DWORD Length;
  38. DWORD DataLength;
  39. DWORD reserved;
  40. } SERIALIZED_ITEM_TAG;
  42. #define TAG_LENGTH sizeof(SERIALIZED_ITEM_TAG)
  45. DWORD
  46. GetSerializedKeyLength(
  47. HCRYPTKEY hKey)
  48. {
  49. DWORD cbKey;
  51. if(!CryptExportKey(hKey, 0, OPAQUEKEYBLOB, 0, NULL, &cbKey))
  52. {
  53. SP_LOG_RESULT(GetLastError());
  54. return 0;
  55. }
  57. return ROUND_UP_COUNT(TAG_LENGTH + cbKey, ALIGN_LPVOID);
  58. }
  61. SP_STATUS
  62. SerializeKey(
  63. HCRYPTKEY hKey,
  64. SERIALIZED_ITEM_TYPE Type,
  65. PBYTE pbBuffer,
  66. PDWORD pcbBuffer)
  67. {
  68. SERIALIZED_ITEM_TAG *pTag;
  69. PBYTE pbKey;
  70. DWORD cbKey;
  72. if(*pcbBuffer <= TAG_LENGTH)
  73. {
  74. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  75. }
  77. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  79. pbKey = pbBuffer + TAG_LENGTH;
  80. cbKey = *pcbBuffer - TAG_LENGTH;
  82. if(!CryptExportKey(hKey, 0, OPAQUEKEYBLOB, 0, pbKey, &cbKey))
  83. {
  84. SP_LOG_RESULT(GetLastError());
  85. return PCT_INT_INTERNAL_ERROR;
  86. }
  88. pTag->Type = Type;
  89. pTag->Length = ROUND_UP_COUNT(cbKey, ALIGN_LPVOID);
  90. pTag->DataLength = cbKey;
  92. if(*pcbBuffer <= TAG_LENGTH + pTag->Length)
  93. {
  94. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  95. }
  97. *pcbBuffer = TAG_LENGTH + pTag->Length;
  99. return PCT_ERR_OK;
  100. }
  103. SP_STATUS
  104. SerializeContext(
  105. PSPContext pContext,
  106. SERIALIZE_LOCATOR_FN LocatorMove,
  107. PBYTE pbBuffer,
  108. PDWORD pcbBuffer,
  109. BOOL fDestroyKeys)
  110. {
  111. DWORD cbData;
  112. DWORD cbBuffer;
  113. DWORD cbBytesNeeded;
  114. SERIALIZED_ITEM_TAG *pTag;
  115. PSessCacheItem pZombie;
  116. SP_STATUS pctRet;
  118. //
  119. // Initialize buffer pointers.
  120. //
  122. if(pbBuffer == NULL)
  123. {
  124. cbBuffer = 0;
  125. }
  126. else
  127. {
  128. cbBuffer = *pcbBuffer;
  129. }
  131. pZombie = pContext->RipeZombie;
  134. //
  135. // Context structure.
  136. //
  138. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + sizeof(SPPackedContext),
  139. ALIGN_LPVOID);
  141. if(pbBuffer == NULL)
  142. {
  143. cbBuffer += cbBytesNeeded;
  144. }
  145. else
  146. {
  147. PSPPackedContext pSerialContext;
  148. HLOCATOR hLocator;
  150. if(cbBuffer < cbBytesNeeded)
  151. {
  152. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  153. }
  155. pContext->Flags |= CONTEXT_FLAG_SERIALIZED;
  157. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  158. pSerialContext = (PSPPackedContext)(pbBuffer + TAG_LENGTH);
  160. pTag->Type = SslContext;
  161. pTag->Length = cbBytesNeeded - TAG_LENGTH;
  163. pSerialContext->Magic = pContext->Magic;
  164. pSerialContext->State = pContext->State;
  165. pSerialContext->Flags = pContext->Flags;
  166. pSerialContext->dwProtocol = pContext->dwProtocol;
  168. pSerialContext->ContextThumbprint = pContext->ContextThumbprint;
  170. pSerialContext->dwCipherInfo = (DWORD)(pContext->pCipherInfo - g_AvailableCiphers);
  171. pSerialContext->dwHashInfo = (DWORD)(pContext->pHashInfo - g_AvailableHashes);
  172. pSerialContext->dwKeyExchInfo = (DWORD)(pContext->pKeyExchInfo - g_AvailableExch);
  174. pSerialContext->dwExchStrength = pContext->RipeZombie->dwExchStrength;
  176. pSerialContext->ReadCounter = pContext->ReadCounter;
  177. pSerialContext->WriteCounter = pContext->WriteCounter;
  179. if(pZombie->fProtocol & SP_PROT_SERVERS)
  180. {
  181. if(pZombie->pActiveServerCred)
  182. {
  183. #ifdef _WIN64
  184. pSerialContext->hMasterProv.QuadPart = (ULONGLONG)pZombie->pActiveServerCred->hRemoteProv;
  185. #else
  186. pSerialContext->hMasterProv.LowPart = (DWORD)pZombie->pActiveServerCred->hRemoteProv;
  187. #endif
  188. }
  190. // Copy the locator.
  191. if(pZombie->phMapper && pZombie->hLocator && LocatorMove)
  192. {
  193. LocatorMove(pZombie->hLocator, &hLocator);
  195. #ifdef _WIN64
  196. pSerialContext->hLocator.QuadPart = (ULONGLONG)hLocator;
  197. #else
  198. pSerialContext->hLocator.LowPart = (DWORD)hLocator;
  199. #endif
  200. }
  202. pSerialContext->LocatorStatus = pZombie->LocatorStatus;
  203. }
  205. pSerialContext->cbSessionID = pZombie->cbSessionID;
  206. memcpy(pSerialContext->SessionID, pZombie->SessionID, pZombie->cbSessionID);
  208. pbBuffer += cbBytesNeeded;
  209. cbBuffer -= cbBytesNeeded;
  210. }
  213. //
  214. // Certificate mapper structure.
  215. //
  217. if(pContext->RipeZombie->phMapper)
  218. {
  219. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + sizeof(PVOID),
  220. ALIGN_LPVOID);
  222. if(pbBuffer == NULL)
  223. {
  224. cbBuffer += cbBytesNeeded;
  225. }
  226. else
  227. {
  228. if(cbBuffer < cbBytesNeeded)
  229. {
  230. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  231. }
  233. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  235. pTag->Type = SslMapper;
  236. pTag->Length = cbBytesNeeded - TAG_LENGTH;
  238. CopyMemory(pbBuffer + TAG_LENGTH,
  239. &pZombie->phMapper->m_Reserved1,
  240. sizeof(PVOID));
  242. pbBuffer += cbBytesNeeded;
  243. cbBuffer -= cbBytesNeeded;
  244. }
  245. }
  248. //
  249. // Data encryption and MAC keys.
  250. //
  252. if(pContext->pCipherInfo->aiCipher != CALG_NULLCIPHER)
  253. {
  254. // Read key.
  255. if(pbBuffer == NULL)
  256. {
  257. cbBuffer += GetSerializedKeyLength(pContext->hReadKey);
  258. }
  259. else
  260. {
  261. cbData = cbBuffer;
  262. pctRet = SerializeKey(pContext->hReadKey,
  263. SslReadKey,
  264. pbBuffer,
  265. &cbData);
  266. if(pctRet != PCT_ERR_OK)
  267. {
  268. return pctRet;
  269. }
  270. if(fDestroyKeys)
  271. {
  272. if(!CryptDestroyKey(pContext->hReadKey))
  273. {
  274. SP_LOG_RESULT(GetLastError());
  275. }
  276. pContext->hReadKey = 0;
  277. }
  279. pbBuffer += cbData;
  280. cbBuffer -= cbData;
  281. }
  283. // Write key.
  284. if(pbBuffer == NULL)
  285. {
  286. cbBuffer += GetSerializedKeyLength(pContext->hWriteKey);
  287. }
  288. else
  289. {
  290. cbData = cbBuffer;
  291. pctRet = SerializeKey(pContext->hWriteKey,
  292. SslWriteKey,
  293. pbBuffer,
  294. &cbData);
  295. if(pctRet != PCT_ERR_OK)
  296. {
  297. return pctRet;
  298. }
  299. if(fDestroyKeys)
  300. {
  301. if(!CryptDestroyKey(pContext->hWriteKey))
  302. {
  303. SP_LOG_RESULT(GetLastError());
  304. }
  305. pContext->hWriteKey = 0;
  306. }
  308. pbBuffer += cbData;
  309. cbBuffer -= cbData;
  310. }
  311. }
  313. // Read MAC.
  314. if(pContext->hReadMAC)
  315. {
  316. if(pbBuffer == NULL)
  317. {
  318. cbBuffer += GetSerializedKeyLength(pContext->hReadMAC);
  319. }
  320. else
  321. {
  322. cbData = cbBuffer;
  323. pctRet = SerializeKey(pContext->hReadMAC,
  324. SslReadMac,
  325. pbBuffer,
  326. &cbData);
  327. if(pctRet != PCT_ERR_OK)
  328. {
  329. return pctRet;
  330. }
  332. pbBuffer += cbData;
  333. cbBuffer -= cbData;
  334. }
  335. }
  337. // Write MAC.
  338. if(pContext->hWriteMAC)
  339. {
  340. if(pbBuffer == NULL)
  341. {
  342. cbBuffer += GetSerializedKeyLength(pContext->hWriteMAC);
  343. }
  344. else
  345. {
  346. cbData = cbBuffer;
  347. pctRet = SerializeKey(pContext->hWriteMAC,
  348. SslWriteMac,
  349. pbBuffer,
  350. &cbData);
  351. if(pctRet != PCT_ERR_OK)
  352. {
  353. return pctRet;
  354. }
  356. pbBuffer += cbData;
  357. cbBuffer -= cbData;
  358. }
  359. }
  362. //
  363. // Remote certificate.
  364. //
  366. if(pContext->RipeZombie->pRemoteCert)
  367. {
  368. if(pbBuffer == NULL)
  369. {
  370. pctRet = SerializeCertContext(pContext->RipeZombie->pRemoteCert,
  371. NULL,
  372. &cbData);
  373. if(pctRet != PCT_ERR_OK)
  374. {
  375. return SP_LOG_RESULT(pctRet);
  376. }
  378. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + cbData, ALIGN_LPVOID);
  380. cbBuffer += cbBytesNeeded;
  381. }
  382. else
  383. {
  384. if(cbBuffer < TAG_LENGTH)
  385. {
  386. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  387. }
  388. cbData = cbBuffer - TAG_LENGTH;
  390. pctRet = SerializeCertContext(pContext->RipeZombie->pRemoteCert,
  391. pbBuffer + TAG_LENGTH,
  392. &cbData);
  393. if(pctRet != PCT_ERR_OK)
  394. {
  395. return SP_LOG_RESULT(pctRet);
  396. }
  398. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + cbData, ALIGN_LPVOID);
  400. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  402. pTag->Type = SslRemoteCertificate;
  403. pTag->Length = cbBytesNeeded - TAG_LENGTH;
  405. pbBuffer += cbBytesNeeded;
  406. cbBuffer -= cbBytesNeeded;
  407. }
  408. }
  411. //
  412. // End of buffer marker.
  413. //
  415. if(pbBuffer == NULL)
  416. {
  417. cbBuffer += TAG_LENGTH;
  418. }
  419. else
  420. {
  421. if(cbBuffer < TAG_LENGTH)
  422. {
  423. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  424. }
  426. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  428. pTag->Type = SslEndOfBuffer;
  429. pTag->Length = 0;
  431. pbBuffer += TAG_LENGTH;
  432. cbBuffer -= TAG_LENGTH;
  433. }
  435. if(pbBuffer == NULL)
  436. {
  437. *pcbBuffer = cbBuffer;
  438. }
  439. else
  440. {
  441. #if DBG
  442. if(cbBuffer)
  443. {
  444. DebugLog((DEB_WARN, "%d bytes left over when serializing context.\n", cbBuffer));
  445. }
  446. #endif
  447. }
  449. return PCT_ERR_OK;
  450. }
  453. //+---------------------------------------------------------------------------
  454. //
  455. // Function: SPContextSerialize
  456. //
  457. // Synopsis: Extract out everything necessary for bulk data encryption
  458. // from an Schannel context, and place it in a linear buffer.
  459. //
  460. // Arguments: [pCred] -- Context to be serialized.
  461. // [ppBuffer] -- Destination buffer.
  462. // [pcbBuffer] -- Destination buffer length.
  463. //
  464. // History: 09-25-96 jbanes Hacked for LSA integration.
  465. //
  466. // Notes: This routine is called by the LSA process when transitioning
  467. // from the handshaking phase to the bulk encryption phase.
  468. //
  469. // This function is also called by the application process as
  470. // part of ExportSecurityContext.
  471. //
  472. //----------------------------------------------------------------------------
  473. SP_STATUS
  474. SPContextSerialize(
  475. PSPContext pContext,
  476. SERIALIZE_LOCATOR_FN LocatorMove,
  477. PBYTE * ppBuffer,
  478. PDWORD pcbBuffer,
  479. BOOL fDestroyKeys)
  480. {
  481. PBYTE pbBuffer;
  482. DWORD cbBuffer;
  483. SP_STATUS pctRet;
  485. // Determine size of serialized buffer.
  486. pctRet = SerializeContext(pContext, LocatorMove, NULL, &cbBuffer, fDestroyKeys);
  487. if(pctRet != PCT_ERR_OK)
  488. {
  489. return SP_LOG_RESULT(pctRet);
  490. }
  492. // Allocate memory for serialized buffer.
  493. pbBuffer = SPExternalAlloc(cbBuffer);
  494. if(pbBuffer == NULL)
  495. {
  496. return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
  497. }
  499. // Generate serialized context.
  500. pctRet = SerializeContext(pContext, LocatorMove, pbBuffer, &cbBuffer, fDestroyKeys);
  501. if(pctRet != PCT_ERR_OK)
  502. {
  503. SPExternalFree(pbBuffer);
  504. return SP_LOG_RESULT(pctRet);
  505. }
  507. // Set outputs
  508. *ppBuffer = pbBuffer;
  509. *pcbBuffer = cbBuffer;
  511. return PCT_ERR_OK;
  512. }
  515. //+---------------------------------------------------------------------------
  516. //
  517. // Function: SPContextDeserialize
  518. //
  519. // Synopsis: Build an Schannel context structure from a linear buffer,
  520. // which was created via SPContextSerialize by the other
  521. // process.
  522. //
  523. // Arguments: [pBuffer] -- Buffer containing serialized context.
  524. // The new context structure is built over
  525. // the top of this buffer.
  526. //
  527. // History: 09-25-96 jbanes Hacked for LSA integration.
  528. //
  529. // Notes: This routine is called by the application process when
  530. // transitioning from the handshaking phase to the bulk
  531. // encryption phase.
  532. //
  533. //----------------------------------------------------------------------------
  534. SP_STATUS
  535. SPContextDeserialize(
  536. PBYTE pbBuffer,
  537. PSPContext *ppContext)
  538. {
  539. PSPContext pContext = NULL;
  540. DWORD Status = PCT_INT_INTERNAL_ERROR;
  541. BOOL fDone;
  542. PSPPackedContext pSerialContext;
  543. PSessCacheItem pZombie;
  544. SERIALIZED_ITEM_TAG *pTag;
  545. DWORD cbContext;
  547. DebugLog((DEB_TRACE, "Deserialize context\n"));
  549. //
  550. // Extract serialized context.
  551. //
  553. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  555. if(pTag->Type != SslContext)
  556. {
  557. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  558. }
  559. if(pTag->Length < sizeof(PSPPackedContext))
  560. {
  561. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  562. }
  564. pSerialContext = (PSPPackedContext)(pbBuffer + TAG_LENGTH);
  566. cbContext = ROUND_UP_COUNT(sizeof(SPContext), ALIGN_LPVOID);
  568. pContext = SPExternalAlloc(cbContext + sizeof(SessCacheItem));
  569. if(pContext == NULL)
  570. {
  571. return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
  572. }
  574. pContext->RipeZombie = (PSessCacheItem)((PBYTE)pContext + cbContext);
  575. pZombie = pContext->RipeZombie;
  577. pContext->Magic = pSerialContext->Magic;
  578. pContext->State = pSerialContext->State;
  579. pContext->Flags = pSerialContext->Flags;
  580. pContext->dwProtocol = pSerialContext->dwProtocol;
  582. pContext->ContextThumbprint = pSerialContext->ContextThumbprint;
  584. pContext->pCipherInfo = g_AvailableCiphers + pSerialContext->dwCipherInfo;
  585. pContext->pHashInfo = g_AvailableHashes + pSerialContext->dwHashInfo;
  586. pContext->pKeyExchInfo = g_AvailableExch + pSerialContext->dwKeyExchInfo;
  588. pContext->pReadCipherInfo = pContext->pCipherInfo;
  589. pContext->pWriteCipherInfo = pContext->pCipherInfo;
  590. pContext->pReadHashInfo = pContext->pHashInfo;
  591. pContext->pWriteHashInfo = pContext->pHashInfo;
  593. pContext->ReadCounter = pSerialContext->ReadCounter;
  594. pContext->WriteCounter = pSerialContext->WriteCounter;
  596. pContext->InitiateHello = GenerateHello;
  598. switch(pContext->dwProtocol)
  599. {
  600. case SP_PROT_PCT1_CLIENT:
  601. pContext->Decrypt = Pct1DecryptMessage;
  602. pContext->Encrypt = Pct1EncryptMessage;
  603. pContext->ProtocolHandler = Pct1ClientProtocolHandler;
  604. pContext->DecryptHandler = Pct1DecryptHandler;
  605. pContext->GetHeaderSize = Pct1GetHeaderSize;
  606. break;
  608. case SP_PROT_PCT1_SERVER:
  609. pContext->Decrypt = Pct1DecryptMessage;
  610. pContext->Encrypt = Pct1EncryptMessage;
  611. pContext->ProtocolHandler = Pct1ServerProtocolHandler;
  612. pContext->DecryptHandler = Pct1DecryptHandler;
  613. pContext->GetHeaderSize = Pct1GetHeaderSize;
  614. break;
  616. case SP_PROT_SSL2_CLIENT:
  617. pContext->Decrypt = Ssl2DecryptMessage;
  618. pContext->Encrypt = Ssl2EncryptMessage;
  619. pContext->ProtocolHandler = Ssl2ClientProtocolHandler;
  620. pContext->DecryptHandler = Ssl2DecryptHandler;
  621. pContext->GetHeaderSize = Ssl2GetHeaderSize;
  622. break;
  624. case SP_PROT_SSL2_SERVER:
  625. pContext->Decrypt = Ssl2DecryptMessage;
  626. pContext->Encrypt = Ssl2EncryptMessage;
  627. pContext->ProtocolHandler = Ssl2ServerProtocolHandler;
  628. pContext->DecryptHandler = Ssl2DecryptHandler;
  629. pContext->GetHeaderSize = Ssl2GetHeaderSize;
  630. break;
  632. case SP_PROT_SSL3_CLIENT:
  633. case SP_PROT_SSL3_SERVER:
  634. case SP_PROT_TLS1_CLIENT:
  635. case SP_PROT_TLS1_SERVER:
  636. pContext->Decrypt = Ssl3DecryptMessage;
  637. pContext->Encrypt = Ssl3EncryptMessage;
  638. pContext->ProtocolHandler = Ssl3ProtocolHandler;
  639. pContext->DecryptHandler = Ssl3DecryptHandler;
  640. pContext->GetHeaderSize = Ssl3GetHeaderSize;
  641. break;
  643. default:
  644. pContext->Decrypt = NULL;
  645. pContext->Encrypt = NULL;
  646. pContext->ProtocolHandler = NULL;
  647. pContext->DecryptHandler = NULL;
  648. pContext->GetHeaderSize = NULL;
  649. }
  652. //
  653. // Extract serialized cache entry.
  654. //
  656. pZombie->fProtocol = pSerialContext->dwProtocol;
  657. pZombie->dwExchStrength = pSerialContext->dwExchStrength;
  659. #ifdef _WIN64
  660. pZombie->hLocator = (HLOCATOR)pSerialContext->hLocator.QuadPart;
  661. pZombie->hMasterProv = (HCRYPTPROV)pSerialContext->hMasterProv.QuadPart;
  662. #else
  663. pZombie->hLocator = (HLOCATOR)pSerialContext->hLocator.LowPart;
  664. pZombie->hMasterProv = (HCRYPTPROV)pSerialContext->hMasterProv.LowPart;
  665. #endif
  666. pZombie->LocatorStatus = pSerialContext->LocatorStatus;
  668. pZombie->cbSessionID = pSerialContext->cbSessionID;
  669. memcpy(pZombie->SessionID, pSerialContext->SessionID, pSerialContext->cbSessionID);
  671. switch(pContext->pKeyExchInfo->Spec)
  672. {
  673. case SP_EXCH_RSA_PKCS1:
  674. if((pZombie->fProtocol & SP_PROT_CLIENTS) || !pZombie->hMasterProv)
  675. {
  676. pZombie->hMasterProv = g_hRsaSchannel;
  677. }
  678. break;
  680. case SP_EXCH_DH_PKCS3:
  681. if((pZombie->fProtocol & SP_PROT_CLIENTS) || !pZombie->hMasterProv)
  682. {
  683. pZombie->hMasterProv = g_hDhSchannelProv;
  684. }
  685. break;
  687. default:
  688. Status = SP_LOG_RESULT(PCT_ERR_SPECS_MISMATCH);
  689. goto cleanup;
  690. }
  691. pContext->hReadProv = pZombie->hMasterProv;
  692. pContext->hWriteProv = pZombie->hMasterProv;
  694. pbBuffer += TAG_LENGTH + pTag->Length;
  697. //
  698. // Extract optional serialized data.
  699. //
  701. fDone = FALSE;
  703. while(!fDone)
  704. {
  705. DWORD Type = ((SERIALIZED_ITEM_TAG UNALIGNED *)pbBuffer)->Type;
  706. DWORD Length = ((SERIALIZED_ITEM_TAG UNALIGNED *)pbBuffer)->Length;
  707. DWORD DataLength = ((SERIALIZED_ITEM_TAG UNALIGNED *)pbBuffer)->DataLength;
  709. pbBuffer += TAG_LENGTH;
  711. switch(Type)
  712. {
  713. case SslEndOfBuffer:
  714. DebugLog((DEB_TRACE, "SslEndOfBuffer\n"));
  715. fDone = TRUE;
  716. break;
  718. case SslReadKey:
  719. DebugLog((DEB_TRACE, "SslReadKey\n"));
  720. if(!CryptImportKey(pZombie->hMasterProv,
  721. pbBuffer,
  722. DataLength,
  723. 0, 0,
  724. &pContext->hReadKey))
  725. {
  726. SP_LOG_RESULT(GetLastError());
  727. Status = PCT_INT_INTERNAL_ERROR;
  728. goto cleanup;
  729. }
  730. DebugLog((DEB_TRACE, "Key:0x%p\n", pContext->hReadKey));
  731. break;
  733. case SslReadMac:
  734. DebugLog((DEB_TRACE, "SslReadMac\n"));
  735. if(!CryptImportKey(pZombie->hMasterProv,
  736. pbBuffer,
  737. DataLength,
  738. 0, 0,
  739. &pContext->hReadMAC))
  740. {
  741. SP_LOG_RESULT(GetLastError());
  742. Status = PCT_INT_INTERNAL_ERROR;
  743. goto cleanup;
  744. }
  745. break;
  747. case SslWriteKey:
  748. DebugLog((DEB_TRACE, "SslWriteKey\n"));
  749. if(!CryptImportKey(pZombie->hMasterProv,
  750. pbBuffer,
  751. DataLength,
  752. 0, 0,
  753. &pContext->hWriteKey))
  754. {
  755. SP_LOG_RESULT(GetLastError());
  756. Status = PCT_INT_INTERNAL_ERROR;
  757. goto cleanup;
  758. }
  759. DebugLog((DEB_TRACE, "Key:0x%p\n", pContext->hWriteKey));
  760. break;
  762. case SslWriteMac:
  763. DebugLog((DEB_TRACE, "SslWriteMac\n"));
  764. if(!CryptImportKey(pZombie->hMasterProv,
  765. pbBuffer,
  766. DataLength,
  767. 0, 0,
  768. &pContext->hWriteMAC))
  769. {
  770. SP_LOG_RESULT(GetLastError());
  771. Status = PCT_INT_INTERNAL_ERROR;
  772. goto cleanup;
  773. }
  774. break;
  776. case SslMapper:
  777. DebugLog((DEB_TRACE, "SslMapper\n"));
  778. pZombie->phMapper = *(HMAPPER **)pbBuffer;
  779. break;
  781. case SslRemoteCertificate:
  782. DebugLog((DEB_TRACE, "SslRemoteCertificate\n"));
  783. // Save a pointer to the serialized certificate context
  784. // of the remote certificate. This will be deserialized
  785. // by the QueryContextAttribute function when the
  786. // application asks for it.
  787. pZombie->pbServerCertificate = SPExternalAlloc(Length);
  788. if(pZombie->pbServerCertificate)
  789. {
  790. memcpy(pZombie->pbServerCertificate, pbBuffer, Length);
  791. pZombie->cbServerCertificate = Length;
  792. }
  793. break;
  795. default:
  796. DebugLog((DEB_WARN, "Invalid tag %d found when deserializing context buffer\n"));
  797. Status = PCT_INT_INTERNAL_ERROR;
  798. goto cleanup;
  799. }
  801. pbBuffer += Length;
  802. }
  804. *ppContext = pContext;
  805. pContext = NULL;
  807. Status = PCT_ERR_OK;
  809. cleanup:
  811. if(pContext != NULL)
  812. {
  813. LsaContextDelete(pContext);
  814. SPExternalFree(pContext);
  815. }
  817. return Status;
  818. }