archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/win32/ntcrypto/randlib/seed.c

466 lines
9.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1998 Microsoft Corporation
  5. Module Name:
  7. seed.c
  9. Abstract:
  11. Storage and retrieval of cryptographic RNG seed material.
  13. Author:
  15. Scott Field (sfield) 24-Sep-98
  17. --*/
  19. #ifndef KMODE_RNG
  21. #include <nt.h>
  22. #include <ntrtl.h>
  23. #include <nturtl.h>
  24. #include <zwapi.h>
  25. #include <windows.h>
  27. #else
  29. #include <ntifs.h>
  30. #include <windef.h>
  32. #endif // KMODE_RNG
  34. #include "seed.h"
  35. #include "umkm.h"
  37. BOOL
  38. AccessSeed(
  39. IN ACCESS_MASK DesiredAccess,
  40. IN OUT PHKEY phkResult
  41. );
  44. BOOL
  45. AdjustSeedSecurity(
  46. IN HKEY hKeySeed
  47. );
  49. #ifdef KMODE_RNG
  51. #define SEED_KEY_LOCATION L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Cryptography\\RNG"
  52. #define SEED_VALUE_NAME L"Seed"
  54. #ifdef ALLOC_PRAGMA
  55. #pragma alloc_text(PAGE, ReadSeed)
  56. #pragma alloc_text(PAGE, WriteSeed)
  57. #pragma alloc_text(PAGE, AccessSeed)
  58. #endif // ALLOC_PRAGMA
  60. #else
  62. #define SEED_KEY_LOCATION "SOFTWARE\\Microsoft\\Cryptography\\RNG"
  63. #define SEED_VALUE_NAME "Seed"
  65. #endif // KMODE_RNG
  68. //
  69. // globally cached registry handle to seed material.
  70. // TODO: later.
  71. //
  73. ///HKEY g_hKeySeed = NULL;
  77. BOOL
  78. ReadSeed(
  79. IN PBYTE pbSeed,
  80. IN DWORD cbSeed
  81. )
  82. {
  83. HKEY hKeySeed;
  85. #ifndef KMODE_RNG
  86. DWORD dwType;
  87. LONG lRet;
  88. #else
  90. static const WCHAR wszValue[] = SEED_VALUE_NAME;
  91. BYTE FastBuffer[ 256 ];
  92. PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo;
  93. DWORD cbKeyInfo;
  94. UNICODE_STRING ValueName;
  95. NTSTATUS Status;
  97. PAGED_CODE();
  98. #endif // KMODE_RNG
  101. //
  102. // open handle to RNG registry key.
  103. //
  105. if(!AccessSeed( KEY_QUERY_VALUE, &hKeySeed ))
  106. return FALSE;
  108. #ifndef KMODE_RNG
  110. lRet = RegQueryValueExA(
  111. hKeySeed,
  112. SEED_VALUE_NAME,
  113. NULL,
  114. &dwType,
  115. pbSeed,
  116. &cbSeed
  117. );
  119. REGCLOSEKEY( hKeySeed );
  121. if( lRet != ERROR_SUCCESS )
  122. return FALSE;
  124. return TRUE;
  126. #else
  128. ValueName.Buffer = (LPWSTR)wszValue;
  129. ValueName.Length = sizeof(wszValue) - sizeof(WCHAR);
  130. ValueName.MaximumLength = sizeof(wszValue);
  133. pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)FastBuffer;
  134. cbKeyInfo = sizeof(FastBuffer);
  136. Status = ZwQueryValueKey(
  137. hKeySeed,
  138. &ValueName,
  139. KeyValuePartialInformation,
  140. pKeyInfo,
  141. cbKeyInfo,
  142. &cbKeyInfo
  143. );
  145. REGCLOSEKEY( hKeySeed );
  147. if(!NT_SUCCESS(Status))
  148. return FALSE;
  150. if( pKeyInfo->DataLength > cbSeed )
  151. return FALSE;
  153. RtlCopyMemory( pbSeed, pKeyInfo->Data, pKeyInfo->DataLength );
  155. return TRUE;
  157. #endif
  158. }
  160. BOOL
  161. WriteSeed(
  162. IN PBYTE pbSeed,
  163. IN DWORD cbSeed
  164. )
  165. {
  166. HKEY hKeySeed;
  168. #ifndef KMODE_RNG
  169. LONG lRet;
  170. #else
  171. static const WCHAR wszValue[] = SEED_VALUE_NAME;
  172. UNICODE_STRING ValueName;
  173. NTSTATUS Status;
  175. PAGED_CODE();
  176. #endif // KMODE_RNG
  179. //
  180. // open handle to RNG registry key.
  181. //
  183. if(!AccessSeed( KEY_SET_VALUE, &hKeySeed ))
  184. return FALSE;
  187. #ifndef KMODE_RNG
  189. lRet = RegSetValueExA(
  190. hKeySeed,
  191. SEED_VALUE_NAME,
  192. 0,
  193. REG_BINARY,
  194. pbSeed,
  195. cbSeed
  196. );
  198. REGCLOSEKEY( hKeySeed );
  200. if( lRet != ERROR_SUCCESS )
  201. return FALSE;
  203. return TRUE;
  205. #else
  207. ValueName.Buffer = (LPWSTR)wszValue;
  208. ValueName.Length = sizeof(wszValue) - sizeof(WCHAR);
  209. ValueName.MaximumLength = sizeof(wszValue);
  211. Status = ZwSetValueKey(
  212. hKeySeed,
  213. &ValueName,
  214. 0,
  215. REG_BINARY,
  216. pbSeed,
  217. cbSeed
  218. );
  220. REGCLOSEKEY( hKeySeed );
  222. if(!NT_SUCCESS(Status))
  223. return FALSE;
  225. return TRUE;
  227. #endif
  229. }
  231. BOOL
  232. AccessSeed(
  233. IN ACCESS_MASK DesiredAccess,
  234. IN OUT PHKEY phkResult
  235. )
  236. {
  238. #ifndef KMODE_RNG
  240. DWORD dwDisposition;
  241. LONG lRet;
  243. lRet = RegCreateKeyExA(
  244. HKEY_LOCAL_MACHINE,
  245. SEED_KEY_LOCATION,
  246. 0,
  247. NULL,
  248. 0,
  249. DesiredAccess,
  250. NULL, // sa
  251. phkResult,
  252. &dwDisposition
  253. );
  256. if( lRet != ERROR_SUCCESS )
  257. return FALSE;
  259. #if 0
  260. if( dwDisposition == REG_CREATED_NEW_KEY ) {
  262. //
  263. // if we just created the seed, make sure it's Acl'd appropriately.
  264. //
  266. AdjustSeedSecurity( *phkResult );
  267. }
  268. #endif
  270. return TRUE;
  271. #else
  273. NTSTATUS Status;
  275. /// TODO at a later date: cache the registry key
  276. /// *phkResult = g_hKeySeed;
  277. /// if( *phkResult == NULL ) {
  279. UNICODE_STRING RegistryKeyName;
  280. static const WCHAR KeyLocation[] = SEED_KEY_LOCATION;
  281. ULONG Disposition;
  282. OBJECT_ATTRIBUTES ObjAttr;
  284. /// HKEY hKeyPrevious;
  286. PAGED_CODE();
  288. RegistryKeyName.Buffer = (LPWSTR)KeyLocation;
  289. RegistryKeyName.Length = sizeof(KeyLocation) - sizeof(WCHAR);
  290. RegistryKeyName.MaximumLength = sizeof(KeyLocation);
  292. InitializeObjectAttributes(
  293. &ObjAttr,
  294. &RegistryKeyName,
  295. OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
  296. 0,
  297. NULL
  298. );
  300. Status = ZwCreateKey(
  301. phkResult,
  302. DesiredAccess,
  303. &ObjAttr,
  304. 0,
  305. NULL,
  306. 0,
  307. &Disposition
  308. );
  311. if(!NT_SUCCESS(Status))
  312. return FALSE;
  314. /// hKeyPrevious = INTERLOCKEDCOMPAREEXCHANGEPOINTER( &g_hKeySeed, *phkResult, NULL );
  315. /// if( hKeyPrevious ) {
  316. /// REGCLOSEKEY( *phkResult );
  317. /// *phkResult = hKeyPrevious;
  318. /// }
  319. /// }
  321. return TRUE;
  323. #endif
  325. }
  328. #ifndef KMODE_RNG
  330. //
  331. // NOTE: this function should be removed if we can get the key into
  332. // the setup hives with Acl applied appropriately.
  333. //
  335. #if 0
  337. BOOL
  338. AdjustSeedSecurity(
  339. IN HKEY hKeySeed
  340. )
  341. {
  342. HKEY hKeySecurityAdjust = NULL;
  344. SID_IDENTIFIER_AUTHORITY siaWorldAuthority = SECURITY_WORLD_SID_AUTHORITY;
  345. SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
  346. SECURITY_DESCRIPTOR sd;
  347. BYTE FastBuffer[ 256 ];
  348. PACL pDacl;
  349. DWORD cbDacl;
  350. PSID psidAdministrators = NULL;
  351. PSID psidEveryone = NULL;
  353. LONG lRet;
  354. BOOL fSuccess = FALSE;
  356. //
  357. // re-open key with WRITE_DAC access and update security.
  358. // note: Wide version will fail on Win9x, which is fine, since
  359. // no security there...
  360. //
  362. lRet = RegOpenKeyExW(
  363. hKeySeed,
  364. NULL,
  365. 0,
  366. WRITE_DAC,
  367. &hKeySecurityAdjust
  368. );
  371. if( lRet != ERROR_SUCCESS )
  372. goto cleanup;
  374. if(!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ))
  375. goto cleanup;
  377. if(!AllocateAndInitializeSid(
  378. &siaWorldAuthority,
  379. 1,
  380. SECURITY_WORLD_RID,
  381. 0, 0, 0, 0, 0, 0, 0,
  382. &psidEveryone
  383. )) {
  384. goto cleanup;
  385. }
  388. if(!AllocateAndInitializeSid(
  389. &siaNtAuthority,
  390. 2,
  391. SECURITY_BUILTIN_DOMAIN_RID,
  392. DOMAIN_ALIAS_RID_ADMINS,
  393. 0, 0, 0, 0, 0, 0,
  394. &psidAdministrators
  395. )) {
  396. goto cleanup;
  397. }
  400. cbDacl = sizeof(ACL) +
  401. 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
  402. GetLengthSid(psidEveryone) +
  403. GetLengthSid(psidAdministrators) ;
  406. if( cbDacl > sizeof( FastBuffer ) )
  407. goto cleanup;
  409. pDacl = (PACL)FastBuffer;
  412. if(!InitializeAcl( pDacl, cbDacl, ACL_REVISION ))
  413. goto cleanup;
  416. if(!AddAccessAllowedAce(
  417. pDacl,
  418. ACL_REVISION,
  419. KEY_QUERY_VALUE,
  420. psidEveryone
  421. )) {
  422. goto cleanup;
  423. }
  426. if(!AddAccessAllowedAce(
  427. pDacl,
  428. ACL_REVISION,
  429. KEY_ALL_ACCESS,
  430. psidAdministrators
  431. )) {
  432. goto cleanup;
  433. }
  435. if(!SetSecurityDescriptorDacl( &sd, TRUE, pDacl, FALSE ))
  436. goto cleanup;
  439. lRet = RegSetKeySecurity(
  440. hKeySecurityAdjust,
  441. DACL_SECURITY_INFORMATION,
  442. &sd
  443. );
  445. if( lRet != ERROR_SUCCESS)
  446. goto cleanup;
  449. fSuccess = TRUE;
  451. cleanup:
  453. if( hKeySecurityAdjust )
  454. REGCLOSEKEY( hKeySecurityAdjust );
  456. if( psidAdministrators )
  457. FreeSid( psidAdministrators );
  459. if( psidEveryone )
  460. FreeSid( psidEveryone );
  462. return fSuccess;
  463. }
  464. #endif
  466. #endif // !KMODE_RNG