archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
3.2 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/irtl/icrypt/lib/exchcli.cxx

463 lines
8.8 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. exchange.cxx
  9. Abstract:
  11. This module implements the IIS_CRYPTO_EXCHANGE_CLIENT class.
  13. Author:
  15. Keith Moore (keithmo) 02-Dec-1996
  17. Revision History:
  19. --*/
  22. #include "precomp.hxx"
  23. #pragma hdrstop
  26. //
  27. // Private constants.
  28. //
  31. //
  32. // Private types.
  33. //
  36. //
  37. // Private globals.
  38. //
  41. //
  42. // Private prototypes.
  43. //
  46. //
  47. // Public functions.
  48. //
  51. IIS_CRYPTO_EXCHANGE_CLIENT::IIS_CRYPTO_EXCHANGE_CLIENT()
  53. /*++
  55. Routine Description:
  57. IIS_CRYPTO_EXCHANGE_CLIENT class constructor.
  59. Arguments:
  61. None.
  63. Return Value:
  65. None.
  67. --*/
  69. {
  71. //
  72. // Just put the member variables into known states.
  73. //
  75. m_hServerKeyExchangeKey = CRYPT_NULL;
  76. m_hServerSignatureKey = CRYPT_NULL;
  78. } // IIS_CRYPTO_EXCHANGE_CLIENT::IIS_CRYPTO_EXCHANGE_CLIENT
  81. IIS_CRYPTO_EXCHANGE_CLIENT::~IIS_CRYPTO_EXCHANGE_CLIENT()
  83. /*++
  85. Routine Description:
  87. IIS_CRYPTO_EXCHANGE_CLIENT class destructor.
  89. Arguments:
  91. None.
  93. Return Value:
  95. None.
  97. --*/
  99. {
  101. //
  102. // Close any open keys.
  103. //
  105. CLOSE_KEY( m_hServerKeyExchangeKey );
  106. CLOSE_KEY( m_hServerSignatureKey );
  108. } // IIS_CRYPTO_EXCHANGE_CLIENT::~IIS_CRYPTO_EXCHANGE_CLIENT
  111. HRESULT
  112. IIS_CRYPTO_EXCHANGE_CLIENT::ClientPhase1(
  113. OUT PIIS_CRYPTO_BLOB * ppClientKeyExchangeKeyBlob,
  114. OUT PIIS_CRYPTO_BLOB * ppClientSignatureKeyBlob
  115. )
  117. /*++
  119. Routine Description:
  121. Performs client-side phase 1 of the multi-phase key exchange protocol.
  123. Arguments:
  125. ppClientKeyExchangeKeyBlob - Receives a pointer to the client's key
  126. exchange key public blob if successful. It is the client's
  127. responsibility to (somehow) transmit this to the server.
  129. ppClientSignatureKeyBlob - Receives a pointer to the client's signature
  130. public blob if successful. It is the client's responsibility to
  131. (somehow) transmit this to the server.
  133. Return Value:
  135. HRESULT - Completion status, 0 if successful, !0 otherwise.
  137. --*/
  139. {
  141. HRESULT result;
  142. PIIS_CRYPTO_BLOB keyExchangeKeyBlob;
  143. PIIS_CRYPTO_BLOB signatureKeyBlob;
  145. //
  146. // Sanity check.
  147. //
  149. DBG_ASSERT( ValidateState() );
  150. DBG_ASSERT( ppClientKeyExchangeKeyBlob != NULL );
  151. DBG_ASSERT( ppClientSignatureKeyBlob != NULL );
  153. //
  154. // Setup our locals so we know how to cleanup on exit.
  155. //
  157. keyExchangeKeyBlob = NULL;
  158. signatureKeyBlob = NULL;
  160. //
  161. // Export the key exchange key blob.
  162. //
  164. result = ::IISCryptoExportPublicKeyBlob(
  165. &keyExchangeKeyBlob,
  166. m_hProv,
  167. m_hKeyExchangeKey
  168. );
  170. if( FAILED(result) ) {
  171. goto fatal;
  172. }
  174. //
  175. // Export the signature key blob.
  176. //
  178. result = ::IISCryptoExportPublicKeyBlob(
  179. &signatureKeyBlob,
  180. m_hProv,
  181. m_hSignatureKey
  182. );
  184. if( FAILED(result) ) {
  185. goto fatal;
  186. }
  188. //
  189. // Success!
  190. //
  192. DBG_ASSERT( keyExchangeKeyBlob != NULL );
  193. DBG_ASSERT( signatureKeyBlob != NULL );
  195. *ppClientKeyExchangeKeyBlob = keyExchangeKeyBlob;
  196. *ppClientSignatureKeyBlob = signatureKeyBlob;
  198. return NO_ERROR;
  200. fatal:
  202. FREE_BLOB( keyExchangeKeyBlob );
  203. FREE_BLOB( signatureKeyBlob );
  205. DBG_ASSERT( FAILED(result) );
  206. return result;
  208. } // IIS_CRYPTO_EXCHANGE_CLIENT::ClientPhase1
  211. HRESULT
  212. IIS_CRYPTO_EXCHANGE_CLIENT::ClientPhase2(
  213. IN PIIS_CRYPTO_BLOB pServerKeyExchangeKeyBlob,
  214. IN PIIS_CRYPTO_BLOB pServerSignatureKeyBlob,
  215. IN PIIS_CRYPTO_BLOB pServerSessionKeyBlob,
  216. OUT PIIS_CRYPTO_BLOB * ppClientSessionKeyBlob,
  217. OUT PIIS_CRYPTO_BLOB * ppClientHashBlob
  218. )
  220. /*++
  222. Routine Description:
  224. Performs client-side phase 2 of the multi-phase key exchange protocol.
  226. Arguments:
  228. pServerKeyExchangeKeyBlob - Pointer to the server's key exchange
  229. public key blob.
  231. pServerSignatureKeyBlob - Pointer to the server's signature public
  232. key blob.
  234. pServerSessionKeyBlob - Pointer to the server's session key
  235. blob.
  237. ppClientSessionKeyBlob - Receives a pointer to the client's
  238. session key blob if successful.
  240. ppClientHashBlob - Receives a pointer to the client's hash
  241. blob if successful.
  243. Return Value:
  245. HRESULT - Completion status, 0 if successful, !0 otherwise.
  247. --*/
  249. {
  251. HRESULT result;
  252. PIIS_CRYPTO_BLOB sessionKeyBlob;
  253. PIIS_CRYPTO_BLOB hashBlob;
  255. //
  256. // Sanity check.
  257. //
  259. DBG_ASSERT( ValidateState() );
  260. DBG_ASSERT( pServerKeyExchangeKeyBlob != NULL );
  261. DBG_ASSERT( IISCryptoIsValidBlob( pServerKeyExchangeKeyBlob ) );
  262. DBG_ASSERT( pServerSignatureKeyBlob != NULL );
  263. DBG_ASSERT( IISCryptoIsValidBlob( pServerSignatureKeyBlob ) );
  264. DBG_ASSERT( pServerSessionKeyBlob != NULL );
  265. DBG_ASSERT( IISCryptoIsValidBlob( pServerSessionKeyBlob ) );
  266. DBG_ASSERT( ppClientSessionKeyBlob != NULL );
  267. DBG_ASSERT( ppClientHashBlob != NULL );
  269. //
  270. // Setup our locals so we know how to cleanup on exit.
  271. //
  273. sessionKeyBlob = NULL;
  274. hashBlob = NULL;
  276. //
  277. // Import the server's keys.
  278. //
  280. DBG_ASSERT( m_hServerKeyExchangeKey == CRYPT_NULL );
  281. result = ::IISCryptoImportPublicKeyBlob(
  282. &m_hServerKeyExchangeKey,
  283. pServerKeyExchangeKeyBlob,
  284. m_hProv
  285. );
  287. if( FAILED(result) ) {
  288. goto fatal;
  289. }
  291. DBG_ASSERT( m_hServerSignatureKey == CRYPT_NULL );
  292. result = ::IISCryptoImportPublicKeyBlob(
  293. &m_hServerSignatureKey,
  294. pServerSignatureKeyBlob,
  295. m_hProv
  296. );
  298. if( FAILED(result) ) {
  299. goto fatal;
  300. }
  302. DBG_ASSERT( m_hServerSessionKey == CRYPT_NULL );
  303. result = SafeImportSessionKeyBlob(
  304. &m_hServerSessionKey,
  305. pServerSessionKeyBlob,
  306. m_hProv,
  307. m_hServerSignatureKey
  308. );
  310. if( FAILED(result) ) {
  311. goto fatal;
  312. }
  314. //
  315. // Generate our local session key.
  316. //
  318. DBG_ASSERT( m_hClientSessionKey == CRYPT_NULL );
  319. result = ::IISCryptoGenerateSessionKey(
  320. &m_hClientSessionKey,
  321. m_hProv
  322. );
  324. if( FAILED(result) ) {
  325. goto fatal;
  326. }
  328. //
  329. // Export it.
  330. //
  332. result = SafeExportSessionKeyBlob(
  333. &sessionKeyBlob,
  334. m_hProv,
  335. m_hClientSessionKey,
  336. m_hServerKeyExchangeKey
  337. );
  339. if( FAILED(result) ) {
  340. goto fatal;
  341. }
  343. //
  344. // Create the phase 3 hash blob.
  345. //
  347. result = CreatePhase3Hash(
  348. &hashBlob
  349. );
  351. if( FAILED(result) ) {
  352. goto fatal;
  353. }
  355. //
  356. // Success!
  357. //
  359. *ppClientSessionKeyBlob = sessionKeyBlob;
  360. *ppClientHashBlob = hashBlob;
  362. return NO_ERROR;
  364. fatal:
  366. FREE_BLOB( sessionKeyBlob );
  367. FREE_BLOB( hashBlob );
  369. DBG_ASSERT( FAILED(result) );
  370. return result;
  372. } // IIS_CRYPTO_EXCHANGE_CLIENT::ClientPhase2
  375. HRESULT
  376. IIS_CRYPTO_EXCHANGE_CLIENT::ClientPhase3(
  377. IN PIIS_CRYPTO_BLOB pServerHashBlob
  378. )
  380. /*++
  382. Routine Description:
  384. Performs client-side phase 3 of the multi-phase key exchange protocol.
  386. Arguments:
  388. pServerHashBlob - Pointer to the server's hash blob.
  390. Return Value:
  392. HRESULT - Completion status, 0 if successful, !0 otherwise.
  394. --*/
  396. {
  398. HRESULT result;
  399. PIIS_CRYPTO_BLOB hashBlob;
  401. //
  402. // Sanity check.
  403. //
  405. DBG_ASSERT( ValidateState() );
  406. DBG_ASSERT( pServerHashBlob != NULL );
  407. DBG_ASSERT( IISCryptoIsValidBlob( pServerHashBlob ) );
  409. //
  410. // Setup our locals so we know how to cleanup on exit.
  411. //
  413. hashBlob = NULL;
  415. //
  416. // Create the phase 4 hash blob.
  417. //
  419. result = CreatePhase4Hash(
  420. &hashBlob
  421. );
  423. if( FAILED(result) ) {
  424. goto fatal;
  425. }
  427. //
  428. // Compare this blob with the one we got from the server.
  429. // If they match, then the exchange is complete.
  430. //
  432. if( !::IISCryptoCompareBlobs(
  433. pServerHashBlob,
  434. hashBlob
  435. ) ) {
  437. result = ERROR_INVALID_DATA;
  438. goto fatal;
  440. }
  442. //
  443. // Success!
  444. //
  446. FREE_BLOB(hashBlob);
  448. return NO_ERROR;
  450. fatal:
  452. FREE_BLOB(hashBlob);
  454. DBG_ASSERT( FAILED(result) );
  455. return result;
  457. } // IIS_CRYPTO_EXCHANGE_CLIENT::ClientPhase3
  460. //
  461. // Private functions.
  462. //