archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/schannel/spbase/ssl2msg.c

562 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1995.
  5. //
  6. // File: ssl2msg.c
  7. //
  8. // Contents:
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 10-21-97 jbanes Added CAPI integration
  15. //
  16. //----------------------------------------------------------------------------
  18. #include <spbase.h>
  20. #if 0
  21. Ssl2CipherMap Ssl2CipherRank[] =
  22. {
  23. {SSL_CK_RC4_128_WITH_MD5, CALG_MD5, CALG_RC4, 128, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  24. {SSL_CK_DES_192_EDE3_CBC_WITH_MD5, CALG_MD5, CALG_3DES, 168, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  25. {SSL_CK_RC2_128_CBC_WITH_MD5, CALG_MD5, CALG_RC2, 128, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  26. {SSL_CK_RC4_128_FINANCE64_WITH_MD5, CALG_MD5, CALG_RC4, 64, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  27. {SSL_CK_DES_64_CBC_WITH_MD5, CALG_MD5, CALG_DES, 56, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  28. {SSL_CK_RC4_128_EXPORT40_WITH_MD5, CALG_MD5, CALG_RC4, 40, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  29. {SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, CALG_MD5, CALG_RC2, 40, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX}
  30. };
  31. DWORD Ssl2NumCipherRanks = sizeof(Ssl2CipherRank)/sizeof(Ssl2CipherMap);
  32. #endif
  34. #if 0
  35. CertTypeMap aSsl2CertEncodingPref[] =
  36. {
  37. { X509_ASN_ENCODING, 0}
  38. };
  40. DWORD cSsl2CertEncodingPref = sizeof(aSsl2CertEncodingPref)/sizeof(CertTypeMap);
  41. #endif
  43. SP_STATUS WINAPI
  44. Ssl2DecryptHandler(
  45. PSPContext pContext,
  46. PSPBuffer pCommInput,
  47. PSPBuffer pAppOutput)
  48. {
  49. SP_STATUS pctRet = PCT_ERR_OK;
  51. if (pCommInput->cbData > 0)
  52. {
  53. // First, we'll handle incoming data packets:
  55. if ((pContext->State & SP_STATE_CONNECTED) && pContext->Decrypt)
  56. {
  57. pctRet = pContext->Decrypt(
  58. pContext,
  59. pCommInput, // message
  60. pAppOutput); // Unpacked Message
  61. if (PCT_ERR_OK == pctRet)
  62. {
  63. /* look for escapes */
  64. }
  65. return(pctRet);
  66. }
  67. else
  68. {
  69. return(SP_LOG_RESULT(PCT_INT_ILLEGAL_MSG));
  70. }
  71. }
  72. return (PCT_INT_INCOMPLETE_MSG);
  73. }
  75. //+---------------------------------------------------------------------------
  76. //
  77. // Function: Ssl2ComputeMac
  78. //
  79. // Synopsis: Compute an SSL2 message MAC.
  80. //
  81. // Arguments: [pContext] -- Schannel context.
  82. //
  83. // History: 10-22-97 jbanes Created.
  84. //
  85. // Notes: MAC_DATA := Hash(key + data + sequence_number)
  86. //
  87. //----------------------------------------------------------------------------
  88. static SP_STATUS
  89. Ssl2ComputeMac(
  90. PSPContext pContext, // in
  91. BOOL fWriteMAC, // in
  92. DWORD dwSequence, // in
  93. PSPBuffer pData, // in
  94. PBYTE pbMac, // out
  95. DWORD cbMac) // in
  96. {
  97. DWORD dwReverseSequence;
  98. BYTE rgbSalt[SP_MAX_MASTER_KEY];
  99. DWORD cbSalt;
  100. HCRYPTHASH hHash;
  101. HCRYPTKEY hKey;
  103. // Make sure output buffer is big enough.
  104. if(cbMac < pContext->pHashInfo->cbCheckSum)
  105. {
  106. return SP_LOG_RESULT(PCT_INT_BUFF_TOO_SMALL);
  107. }
  109. dwReverseSequence = htonl(dwSequence);
  111. hKey = fWriteMAC ? pContext->hWriteKey : pContext->hReadKey;
  113. if(!CryptCreateHash(pContext->RipeZombie->hMasterProv,
  114. pContext->pHashInfo->aiHash,
  115. 0,
  116. 0,
  117. &hHash))
  118. {
  119. SP_LOG_RESULT(GetLastError());
  120. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  121. }
  123. if(!CryptHashSessionKey(hHash,
  124. hKey,
  125. CRYPT_LITTLE_ENDIAN))
  126. {
  127. SP_LOG_RESULT(GetLastError());
  128. CryptDestroyHash(hHash);
  129. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  130. }
  131. cbSalt = sizeof(rgbSalt);
  132. if(!CryptGetKeyParam(hKey,
  133. KP_SALT,
  134. rgbSalt,
  135. &cbSalt,
  136. 0))
  137. {
  138. SP_LOG_RESULT(GetLastError());
  139. CryptDestroyHash(hHash);
  140. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  141. }
  142. if(!CryptHashData(hHash, rgbSalt, cbSalt, 0))
  143. {
  144. SP_LOG_RESULT(GetLastError());
  145. CryptDestroyHash(hHash);
  146. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  147. }
  149. if(!CryptHashData(hHash,
  150. pData->pvBuffer,
  151. pData->cbData,
  152. 0))
  153. {
  154. SP_LOG_RESULT(GetLastError());
  155. CryptDestroyHash(hHash);
  156. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  157. }
  159. if(!CryptHashData(hHash,
  160. (PBYTE)&dwReverseSequence,
  161. sizeof(DWORD),
  162. 0))
  163. {
  164. SP_LOG_RESULT(GetLastError());
  165. CryptDestroyHash(hHash);
  166. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  167. }
  169. if(!CryptGetHashParam(hHash,
  170. HP_HASHVAL,
  171. pbMac,
  172. &cbMac,
  173. 0))
  174. {
  175. SP_LOG_RESULT(GetLastError());
  176. CryptDestroyHash(hHash);
  177. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  178. }
  180. CryptDestroyHash(hHash);
  182. return PCT_ERR_OK;
  183. }
  185. //+---------------------------------------------------------------------------
  186. //
  187. // Function: Ssl2EncryptMessage
  188. //
  189. // Synopsis: Encode a block of data as an SSL2 record.
  190. //
  191. // Arguments: [pContext] -- Schannel context.
  192. // [pAppInput] -- Data to be encrypted.
  193. // [pCommOutput] -- (output) Completed SSL2 record.
  194. //
  195. // History: 10-22-97 jbanes CAPI integrated.
  196. //
  197. // Notes: An SSL2 record is usually formatted as:
  198. //
  199. // BYTE header[2];
  200. // BYTE mac[mac_size];
  201. // BYTE data[pAppInput->cbData];
  202. //
  203. // If a block cipher is used, and the data to be encrypted
  204. // consists of a partial number of blocks, then the following
  205. // format is used:
  206. //
  207. // BYTE header[3];
  208. // BYTE mac[mac_size];
  209. // BYTE data[pAppInput->cbData];
  210. // BYTE padding[padding_size];
  211. //
  212. //----------------------------------------------------------------------------
  213. SP_STATUS WINAPI
  214. Ssl2EncryptMessage(
  215. PSPContext pContext,
  216. PSPBuffer pAppInput,
  217. PSPBuffer pCommOutput)
  218. {
  219. SP_STATUS pctRet;
  220. DWORD cPadding;
  221. SPBuffer Clean;
  222. SPBuffer Encrypted;
  225. SP_BEGIN("Ssl2EncryptMessage");
  227. /* Estimate if we have padding or not */
  228. Encrypted.cbData = pAppInput->cbData + pContext->pHashInfo->cbCheckSum;
  229. cPadding = (Encrypted.cbData % pContext->pCipherInfo->dwBlockSize);
  230. if(cPadding)
  231. {
  232. cPadding = pContext->pCipherInfo->dwBlockSize - cPadding;
  233. }
  235. Encrypted.cbData += cPadding;
  237. if(cPadding)
  238. {
  239. if(pCommOutput->cbBuffer + Encrypted.cbData + cPadding < 3)
  240. {
  241. SP_RETURN(SP_LOG_RESULT(PCT_INT_BUFF_TOO_SMALL));
  242. }
  243. Encrypted.pvBuffer = (PUCHAR)pCommOutput->pvBuffer + 3;
  244. Encrypted.cbBuffer = pCommOutput->cbBuffer - 3;
  245. }
  246. else
  247. {
  248. if(pCommOutput->cbBuffer + Encrypted.cbData + cPadding < 2)
  249. {
  250. SP_RETURN(SP_LOG_RESULT(PCT_INT_BUFF_TOO_SMALL));
  251. }
  252. Encrypted.pvBuffer = (PUCHAR)pCommOutput->pvBuffer + 2;
  253. Encrypted.cbBuffer = pCommOutput->cbBuffer - 2;
  254. }
  256. DebugLog((DEB_TRACE, "Sealing message %x\n", pContext->WriteCounter));
  259. /* Move data out of the way if necessary */
  260. if((PUCHAR)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum != pAppInput->pvBuffer)
  261. {
  262. DebugLog((DEB_WARN, "SSL2EncryptMessage: Unnecessary Move, performance hog\n"));
  263. /* if caller wasn't being smart, then we must copy memory here */
  264. MoveMemory((PUCHAR)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum,
  265. pAppInput->pvBuffer,
  266. pAppInput->cbData);
  267. }
  269. // Initialize pad
  270. if(cPadding)
  271. {
  272. FillMemory((PUCHAR)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum + pAppInput->cbData, cPadding, 0);
  273. }
  275. // Compute MAC.
  276. Clean.pvBuffer = (PBYTE)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum;
  277. Clean.cbData = Encrypted.cbData - pContext->pHashInfo->cbCheckSum;
  278. Clean.cbBuffer = Clean.cbData;
  280. pctRet = Ssl2ComputeMac(pContext,
  281. TRUE,
  282. pContext->WriteCounter,
  283. &Clean,
  284. Encrypted.pvBuffer,
  285. pContext->pHashInfo->cbCheckSum);
  286. if(pctRet != PCT_ERR_OK)
  287. {
  288. SP_RETURN(pctRet);
  289. }
  291. // Encrypt buffer.
  292. if(!CryptEncrypt(pContext->hWriteKey,
  293. 0, FALSE, 0,
  294. Encrypted.pvBuffer,
  295. &Encrypted.cbData,
  296. Encrypted.cbBuffer))
  297. {
  298. SP_LOG_RESULT(GetLastError());
  299. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  300. }
  302. /* set sizes */
  303. if(cPadding)
  304. {
  305. if(Encrypted.cbData > 0x3fff)
  306. {
  307. SP_RETURN(SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW));
  308. }
  310. ((PUCHAR)pCommOutput->pvBuffer)[0]= (UCHAR)(0x3f & (Encrypted.cbData>>8));
  311. ((PUCHAR)pCommOutput->pvBuffer)[1]= (UCHAR)(0xff & Encrypted.cbData);
  312. ((PUCHAR)pCommOutput->pvBuffer)[2]= (UCHAR)cPadding;
  314. }
  315. else
  316. {
  317. if(Encrypted.cbData > 0x7fff)
  318. {
  319. SP_RETURN(SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW));
  320. }
  321. ((PUCHAR)pCommOutput->pvBuffer)[0]= (UCHAR)(0x7f & (Encrypted.cbData>>8)) | 0x80;
  322. ((PUCHAR)pCommOutput->pvBuffer)[1]= (UCHAR)(0xff & Encrypted.cbData);
  323. }
  325. pCommOutput->cbData = Encrypted.cbData + (cPadding?3:2);
  327. pContext->WriteCounter ++ ;
  329. SP_RETURN( PCT_ERR_OK );
  330. }
  332. SP_STATUS WINAPI
  333. Ssl2GetHeaderSize(
  334. PSPContext pContext,
  335. PSPBuffer pCommInput,
  336. DWORD * pcbHeaderSize)
  337. {
  338. if(pcbHeaderSize == NULL)
  339. {
  340. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  341. }
  342. if(pCommInput->cbData < 1)
  343. {
  344. return (PCT_INT_INCOMPLETE_MSG);
  345. }
  346. if( ((PUCHAR)pCommInput->pvBuffer)[0]&0x80 )
  347. {
  348. *pcbHeaderSize = 2 + pContext->pHashInfo->cbCheckSum;
  349. }
  350. else
  351. {
  352. *pcbHeaderSize = 3 + pContext->pHashInfo->cbCheckSum;
  353. }
  354. return PCT_ERR_OK;
  355. }
  357. //+---------------------------------------------------------------------------
  358. //
  359. // Function: Ssl2DecryptMessage
  360. //
  361. // Synopsis: Decode an SSL2 record.
  362. //
  363. // Arguments: [pContext] -- Schannel context.
  364. // [pMessage] -- Data from the remote party.
  365. // [pAppOutput] -- (output) Decrypted data.
  366. //
  367. // History: 10-22-97 jbanes CAPI integrated.
  368. //
  369. // Notes: An SSL2 record is usually formatted as:
  370. //
  371. // BYTE header[2];
  372. // BYTE mac[mac_size];
  373. // BYTE data[pAppInput->cbData];
  374. //
  375. // If a block cipher is used, and the data to be encrypted
  376. // consists of a partial number of blocks, then the following
  377. // format is used:
  378. //
  379. // BYTE header[3];
  380. // BYTE mac[mac_size];
  381. // BYTE data[pAppInput->cbData];
  382. // BYTE padding[padding_size];
  383. //
  384. // The number of input data bytes consumed by this function
  385. // is returned in pMessage->cbData.
  386. //
  387. //----------------------------------------------------------------------------
  388. SP_STATUS WINAPI
  389. Ssl2DecryptMessage(
  390. PSPContext pContext,
  391. PSPBuffer pMessage,
  392. PSPBuffer pAppOutput)
  393. {
  394. SP_STATUS pctRet;
  395. DWORD cPadding;
  396. DWORD dwLength;
  397. SPBuffer Encrypted;
  398. SPBuffer Clean;
  399. DWORD cbActualData;
  400. UCHAR Digest[SP_MAX_DIGEST_LEN];
  402. SP_BEGIN("Ssl2DecryptMessage");
  404. /* First determine the length of data, the length of padding,
  405. * and the location of data, and the location of MAC */
  406. cbActualData = pMessage->cbData;
  407. pMessage->cbData = 2; /* minimum amount of data we need */
  409. if(pMessage->cbData > cbActualData)
  410. {
  411. SP_RETURN(PCT_INT_INCOMPLETE_MSG);
  412. }
  413. DebugLog((DEB_TRACE, " Incomming Buffer: %lx, size %ld (%lx)\n", pMessage->pvBuffer, cbActualData, cbActualData));
  415. if(((PUCHAR)pMessage->pvBuffer)[0] & 0x80)
  416. {
  417. /* 2 byte header */
  418. cPadding = 0;
  419. dwLength = ((((PUCHAR)pMessage->pvBuffer)[0] & 0x7f) << 8) |
  420. ((PUCHAR)pMessage->pvBuffer)[1];
  422. Encrypted.pvBuffer = (PUCHAR)pMessage->pvBuffer + 2;
  423. Encrypted.cbBuffer = pMessage->cbBuffer - 2;
  424. }
  425. else
  426. {
  427. pMessage->cbData++;
  428. if(pMessage->cbData > cbActualData)
  429. {
  430. SP_RETURN(PCT_INT_INCOMPLETE_MSG);
  431. }
  433. /* 3 byte header */
  434. cPadding = ((PUCHAR)pMessage->pvBuffer)[2];
  435. dwLength = ((((PUCHAR)pMessage->pvBuffer)[0] & 0x3f) << 8) |
  436. ((PUCHAR)pMessage->pvBuffer)[1];
  438. Encrypted.pvBuffer = (PUCHAR)pMessage->pvBuffer + 3;
  439. Encrypted.cbBuffer = pMessage->cbBuffer - 3;
  440. }
  442. /* Now we know how mutch data we will eat, so set cbData on the Input to be that size */
  443. pMessage->cbData += dwLength;
  445. /* do we have enough bytes for the reported data */
  446. if(pMessage->cbData > cbActualData)
  447. {
  448. SP_RETURN(PCT_INT_INCOMPLETE_MSG);
  449. }
  451. /* do we have enough data for our checksum */
  452. if(dwLength < pContext->pHashInfo->cbCheckSum + cPadding)
  453. {
  454. SP_RETURN(SP_LOG_RESULT(PCT_INT_MSG_ALTERED));
  455. }
  457. Encrypted.cbData = dwLength; /* encrypted data size */
  458. Encrypted.cbBuffer = Encrypted.cbData;
  460. /* check to see if we have a block size violation */
  461. if(Encrypted.cbData % pContext->pCipherInfo->dwBlockSize)
  462. {
  463. SP_RETURN(SP_LOG_RESULT(PCT_INT_MSG_ALTERED));
  464. }
  466. /* Decrypt */
  467. if(!CryptDecrypt(pContext->hReadKey,
  468. 0, FALSE, 0,
  469. Encrypted.pvBuffer,
  470. &Encrypted.cbData))
  471. {
  472. SP_LOG_RESULT(GetLastError());
  473. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  474. }
  476. // Compute MAC.
  477. Clean.pvBuffer = (PBYTE)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum;
  478. Clean.cbData = Encrypted.cbData - pContext->pHashInfo->cbCheckSum;
  479. Clean.cbBuffer = Clean.cbData;
  481. pctRet = Ssl2ComputeMac(pContext,
  482. FALSE,
  483. pContext->ReadCounter,
  484. &Clean,
  485. Digest,
  486. sizeof(Digest));
  487. if(pctRet != PCT_ERR_OK)
  488. {
  489. SP_RETURN(pctRet);
  490. }
  492. // the padding is computed in the hash but is not needed after this
  493. Clean.cbData -= cPadding;
  495. DebugLog((DEB_TRACE, "Unsealing message %x\n", pContext->ReadCounter));
  497. pContext->ReadCounter++;
  499. if(memcmp(Digest, Encrypted.pvBuffer, pContext->pHashInfo->cbCheckSum ) )
  500. {
  501. SP_RETURN(SP_LOG_RESULT(PCT_INT_MSG_ALTERED));
  502. }
  504. if(pAppOutput->pvBuffer != Clean.pvBuffer)
  505. {
  506. DebugLog((DEB_WARN, "SSL2DecryptMessage: Unnecessary Move, performance hog\n"));
  507. MoveMemory(pAppOutput->pvBuffer,
  508. Clean.pvBuffer,
  509. Clean.cbData);
  510. }
  511. pAppOutput->cbData = Clean.cbData;
  512. DebugLog((DEB_TRACE, " TotalData: size %ld (%lx)\n", pMessage->cbData, pMessage->cbData));
  514. SP_RETURN( PCT_ERR_OK );
  515. }
  517. #if 0
  518. SP_STATUS
  519. Ssl2MakeMasterKeyBlock(PSPContext pContext)
  520. {
  522. MD5_CTX Md5Hash;
  523. UCHAR cSalt;
  524. UCHAR ib;
  527. //pContext->RipeZombe->pMasterKey containst the master secret.
  529. #if DBG
  530. DebugLog((DEB_TRACE, " Master Secret\n"));
  531. DBG_HEX_STRING(DEB_TRACE,pContext->RipeZombie->pMasterKey, pContext->RipeZombie->cbMasterKey);
  533. #endif
  535. for(ib=0 ; ib<3 ; ib++)
  536. {
  537. // MD5(master_secret + SHA-hash)
  538. MD5Init (&Md5Hash);
  539. MD5Update(&Md5Hash, pContext->RipeZombie->pMasterKey, pContext->RipeZombie->cbMasterKey);
  541. // We're going to be bug-for-bug compatable with netscape, so
  542. // we always add the digit into the hash, instead of following
  543. // the spec which says don't add the digit for DES
  544. //if(pContext->RipeZombie->aiCipher != CALG_DES)
  545. {
  546. cSalt = ib+'0';
  547. MD5Update(&Md5Hash, &cSalt, 1);
  548. }
  549. MD5Update(&Md5Hash, pContext->pChallenge, pContext->cbChallenge);
  550. MD5Update(&Md5Hash, pContext->pConnectionID, pContext->cbConnectionID);
  551. MD5Final (&Md5Hash);
  552. CopyMemory(pContext->Ssl3MasterKeyBlock + ib * MD5DIGESTLEN, Md5Hash.digest, MD5DIGESTLEN);
  553. }
  554. #if DBG
  555. DebugLog((DEB_TRACE, " Master Key Block\n"));
  556. DBG_HEX_STRING(DEB_TRACE,pContext->Ssl3MasterKeyBlock, MD5DIGESTLEN*3);
  558. #endif
  559. return( PCT_ERR_OK );
  560. }
  561. #endif