archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/irtl/icrypt/lib/storage.cxx

879 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. storage.cxx
  9. Abstract:
  11. This module implements the IIS_CRYPTO_STORAGE class.
  13. Author:
  15. Keith Moore (keithmo) 02-Dec-1996
  17. Revision History:
  19. --*/
  22. #include "precomp.hxx"
  23. #pragma hdrstop
  26. //
  27. // Private constants.
  28. //
  31. //
  32. // Private types.
  33. //
  36. //
  37. // Private globals.
  38. //
  41. //
  42. // Private prototypes.
  43. //
  46. //
  47. // Public functions.
  48. //
  51. IIS_CRYPTO_STORAGE::IIS_CRYPTO_STORAGE()
  53. /*++
  55. Routine Description:
  57. IIS_CRYPTO_STORAGE class constructor. Just sets the member variables
  58. to known values; does nothing that can actually fail. All of the
  59. hard work is in the Initialize() methods.
  61. Arguments:
  63. None.
  65. Return Value:
  67. None.
  69. --*/
  71. {
  73. //
  74. // Set the handles to known values so we know what to cleanup
  75. // in the destructor.
  76. //
  78. m_hSessionKey = CRYPT_NULL;
  80. } // IIS_CRYPTO_STORAGE::IIS_CRYPTO_STORAGE
  83. IIS_CRYPTO_STORAGE::~IIS_CRYPTO_STORAGE()
  85. /*++
  87. Routine Description:
  89. IIS_CRYPTO_STORAGE class destructor. Performs any necessary cleanup.
  91. Arguments:
  93. None.
  95. Return Value:
  97. None.
  99. --*/
  101. {
  103. //
  104. // Close any open keys.
  105. //
  107. CLOSE_KEY( m_hSessionKey );
  109. } // IIS_CRYPTO_STORAGE::~IIS_CRYPTO_STORAGE
  112. HRESULT
  113. IIS_CRYPTO_STORAGE::Initialize(
  114. IN BOOL fUseMachineKeyset,
  115. IN HCRYPTPROV hProv
  116. )
  118. /*++
  120. Routine Description:
  122. Generates a new (random) session key.
  124. Arguments:
  126. fUseMachineKeyset - TRUE if the per-machine keyset container should
  127. be used, as opposed to the per-user keyset container.
  129. hProv - Optional handle to a pre-opened crypto provider.
  131. Return Value:
  133. HRESULT - Completion status, 0 if successful, !0 otherwise.
  135. --*/
  137. {
  139. HRESULT result;
  141. //
  142. // Sanity check.
  143. //
  145. DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
  147. //
  148. // Initialize the base class.
  149. //
  151. result = IIS_CRYPTO_BASE::Initialize(
  152. hProv,
  153. CRYPT_NULL,
  154. CRYPT_NULL,
  155. fUseMachineKeyset
  156. );
  158. if( SUCCEEDED(result) ) {
  160. //
  161. // Generate the session key.
  162. //
  164. result = ::IISCryptoGenerateSessionKey(
  165. &m_hSessionKey,
  166. m_hProv
  167. );
  168. if( FAILED(result) ) {
  169. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IISCryptoGenerateSessionKey err=0x%x.\n",result));
  170. }
  172. }
  173. else
  174. {
  175. // something failed.
  176. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize:IIS_CRYPTO_BASE::Initialize Failed err=0x%x.\n",result));
  177. }
  179. return result;
  181. } // IIS_CRYPTO_STORAGE::Initialize
  183. HRESULT
  184. IIS_CRYPTO_STORAGE2::Initialize(
  185. IN HCRYPTPROV hProv
  186. )
  188. /*++
  190. Routine Description:
  192. Generates a new (random) session key.
  194. Arguments:
  196. hProv - Optional handle to a pre-opened crypto provider.
  198. Return Value:
  200. HRESULT - Completion status, 0 if successful, !0 otherwise.
  202. --*/
  204. {
  206. HRESULT result;
  208. //
  209. // Sanity check.
  210. //
  212. DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
  214. //
  215. // Initialize the base class.
  216. //
  218. result = Initialize2( hProv );
  220. if( SUCCEEDED(result) ) {
  222. //
  223. // Generate the session key.
  224. //
  226. result = ::IISCryptoGenerateSessionKey(
  227. &m_hSessionKey,
  228. m_hProv
  229. );
  230. if( FAILED(result) ) {
  231. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IISCryptoGenerateSessionKey err=0x%x.\n",result));
  232. }
  234. }
  235. else
  236. {
  237. // something failed.
  238. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize:IIS_CRYPTO_BASE::Initialize Failed err=0x%x.\n",result));
  239. }
  241. return result;
  243. } // IIS_CRYPTO_STORAGE2::Initialize
  246. HRESULT
  247. IIS_CRYPTO_STORAGE::Initialize(
  248. IN PIIS_CRYPTO_BLOB pSessionKeyBlob,
  249. IN BOOL fUseMachineKeyset,
  250. IN HCRYPTPROV hProv
  251. )
  253. /*++
  255. Routine Description:
  257. Imports the specified session key blob.
  259. Arguments:
  261. pSessionKeyBlob - Points to the secure key blob to import.
  263. fUseMachineKeyset - TRUE if the per-machine keyset container should
  264. be used, as opposed to the per-user keyset container.
  266. hProv - Optional handle to a pre-opened crypto provider.
  268. Return Value:
  270. HRESULT - Completion status, 0 if successful, !0 otherwise.
  272. --*/
  274. {
  276. HRESULT result;
  278. //
  279. // Sanity check.
  280. //
  282. DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
  283. DBG_ASSERT( pSessionKeyBlob != NULL );
  285. //
  286. // Initialize the base class.
  287. //
  289. result = IIS_CRYPTO_BASE::Initialize(
  290. hProv,
  291. CRYPT_NULL,
  292. CRYPT_NULL,
  293. fUseMachineKeyset
  294. );
  296. if( SUCCEEDED(result) ) {
  298. //
  299. // Import the session key blob.
  300. //
  302. result = SafeImportSessionKeyBlob(
  303. &m_hSessionKey,
  304. pSessionKeyBlob,
  305. m_hProv,
  306. m_hSignatureKey
  307. );
  308. if( FAILED(result) ) {
  309. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize SafeImportSessionKeyBlob failed err=0x%x.\n",result));
  310. }
  311. }
  312. else
  313. {
  314. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IIS_CRYPTO_BASE::Initialize failed err=0x%x.\n",result));
  315. }
  317. return result;
  319. } // IIS_CRYPTO_STORAGE::Initialize
  321. HRESULT
  322. IIS_CRYPTO_STORAGE2::Initialize(
  323. IN PIIS_CRYPTO_BLOB pSessionKeyBlob,
  324. IN LPSTR pszPasswd,
  325. IN HCRYPTPROV hProv
  326. )
  328. /*++
  330. Routine Description:
  332. Imports the specified session key blob.
  334. Arguments:
  336. pSessionKeyBlob - Points to the secure key blob to import.
  338. hProv - Optional handle to a pre-opened crypto provider.
  340. Return Value:
  342. HRESULT - Completion status, 0 if successful, !0 otherwise.
  344. --*/
  346. {
  348. HRESULT result;
  350. //
  351. // Sanity check.
  352. //
  354. DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
  355. DBG_ASSERT( pszPasswd != NULL );
  356. DBG_ASSERT( pSessionKeyBlob != NULL );
  358. //
  359. // Initialize the base class.
  360. //
  362. result = IIS_CRYPTO_BASE::Initialize( hProv );
  364. if( SUCCEEDED(result) ) {
  366. //
  367. // Import the session key blob.
  368. //
  370. result = SafeImportSessionKeyBlob2(
  371. &m_hSessionKey,
  372. pSessionKeyBlob,
  373. m_hProv,
  374. pszPasswd
  375. );
  376. if( FAILED(result) ) {
  377. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize SafeImportSessionKeyBlob failed err=0x%x.\n",result));
  378. }
  379. }
  380. else
  381. {
  382. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IIS_CRYPTO_BASE::Initialize failed err=0x%x.\n",result));
  383. }
  385. return result;
  387. } // IIS_CRYPTO_STORAGE2::Initialize
  390. HRESULT
  391. IIS_CRYPTO_STORAGE::Initialize(
  392. IN HCRYPTPROV hProv,
  393. IN HCRYPTKEY hSessionKey,
  394. IN HCRYPTKEY hKeyExchangeKey,
  395. IN HCRYPTKEY hSignatureKey,
  396. IN BOOL fUseMachineKeyset
  397. )
  399. /*++
  401. Routine Description:
  403. Initializes the object using pre-created provider and session key.
  405. Arguments:
  407. hProv - An open handle to a crypto provider.
  409. hSessionKey - The session key for the object.
  411. hKeyExchangeKey - A pre-opened key exchange key.
  413. hSignatureKey - A pre-opened signature key.
  415. fUseMachineKeyset - TRUE if the per-machine keyset container should
  416. be used, as opposed to the per-user keyset container.
  418. Return Value:
  420. HRESULT - Completion status, 0 if successful, !0 otherwise.
  422. --*/
  424. {
  426. HRESULT result;
  428. //
  429. // Sanity check.
  430. //
  432. DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
  433. DBG_ASSERT( hSessionKey != CRYPT_NULL );
  435. //
  436. // Initialize the base class.
  437. //
  439. result = IIS_CRYPTO_BASE::Initialize(
  440. hProv,
  441. hKeyExchangeKey,
  442. hSignatureKey,
  443. fUseMachineKeyset
  444. );
  446. if( SUCCEEDED(result) ) {
  448. //
  449. // Save the session key.
  450. //
  452. m_hSessionKey = hSessionKey;
  453. }
  454. else
  455. {
  456. DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IIS_CRYPTO_BASE::Initialize failed err=0x%x.\n",result));
  457. }
  459. return result;
  461. } // IIS_CRYPTO_STORAGE::Initialize
  464. HRESULT
  465. IIS_CRYPTO_STORAGE::GetSessionKeyBlob(
  466. OUT PIIS_CRYPTO_BLOB * ppSessionKeyBlob
  467. )
  469. /*++
  471. Routine Description:
  473. Exports the session key as a secure key blob.
  475. Arguments:
  477. ppSessionKeyBlob - Receives a pointer to the session key secure
  478. blob if successful.
  480. Return Value:
  482. HRESULT - Completion status, 0 if successful, !0 otherwise.
  484. --*/
  486. {
  488. HRESULT result;
  490. //
  491. // Sanity check.
  492. //
  494. DBG_ASSERT( ValidateState() );
  495. DBG_ASSERT( ppSessionKeyBlob != NULL );
  497. //
  498. // Let the IIS Crypto APIs do the dirty work.
  499. //
  501. result = SafeExportSessionKeyBlob(
  502. ppSessionKeyBlob,
  503. m_hProv,
  504. m_hSessionKey,
  505. m_hKeyExchangeKey
  506. );
  508. return result;
  510. } // IIS_CRYPTO_STORAGE::GetSessionKeyBlob
  512. HRESULT
  513. IIS_CRYPTO_STORAGE2::GetSessionKeyBlob(
  514. IN LPSTR pszPasswd,
  515. OUT PIIS_CRYPTO_BLOB * ppSessionKeyBlob
  516. )
  518. /*++
  520. Routine Description:
  522. Exports the session key as a secure key blob.
  524. Arguments:
  526. ppSessionKeyBlob - Receives a pointer to the session key secure
  527. blob if successful.
  529. Return Value:
  531. HRESULT - Completion status, 0 if successful, !0 otherwise.
  533. --*/
  535. {
  537. HRESULT result;
  539. //
  540. // Sanity check.
  541. //
  543. DBG_ASSERT( ValidateState() );
  544. DBG_ASSERT( ppSessionKeyBlob != NULL );
  546. //
  547. // Let the IIS Crypto APIs do the dirty work.
  548. //
  550. result = SafeExportSessionKeyBlob2(
  551. ppSessionKeyBlob,
  552. m_hProv,
  553. m_hSessionKey,
  554. pszPasswd
  555. );
  557. return result;
  559. } // IIS_CRYPTO_STORAGE2::GetSessionKeyBlob
  562. HRESULT
  563. IIS_CRYPTO_STORAGE::EncryptData(
  564. OUT PIIS_CRYPTO_BLOB * ppDataBlob,
  565. IN PVOID pBuffer,
  566. IN DWORD dwBufferLength,
  567. IN DWORD dwRegType
  568. )
  570. /*++
  572. Routine Description:
  574. Encrypts a block of data and produces a secure data blob.
  576. Arguments:
  578. ppDataBlob - Receives a pointer to the secure data blob if
  579. successful.
  581. pBuffer - Pointer to the buffer to encrypt.
  583. dwBufferLength - The length of the data buffer.
  585. dwRegType - The REG_* type for the data.
  587. Return Value:
  589. HRESULT - Completion status, 0 if successful, !0 otherwise.
  591. --*/
  593. {
  595. HRESULT result;
  597. //
  598. // Sanity check.
  599. //
  601. DBG_ASSERT( ValidateState() );
  602. DBG_ASSERT( ppDataBlob != NULL );
  603. DBG_ASSERT( pBuffer != NULL );
  605. //
  606. // Let the IIS Crypto APIs do the dirty work.
  607. //
  609. result = SafeEncryptDataBlob(
  610. ppDataBlob,
  611. pBuffer,
  612. dwBufferLength,
  613. dwRegType,
  614. m_hProv,
  615. m_hSessionKey
  616. );
  618. return result;
  620. } // IIS_CRYPTO_STORAGE::EncryptData
  622. HRESULT
  623. IIS_CRYPTO_STORAGE2::EncryptData(
  624. OUT PIIS_CRYPTO_BLOB * ppDataBlob,
  625. IN PVOID pBuffer,
  626. IN DWORD dwBufferLength,
  627. IN DWORD dwRegType
  628. )
  630. /*++
  632. Routine Description:
  634. Encrypts a block of data and produces a secure data blob.
  636. Arguments:
  638. ppDataBlob - Receives a pointer to the secure data blob if
  639. successful.
  641. pBuffer - Pointer to the buffer to encrypt.
  643. dwBufferLength - The length of the data buffer.
  645. dwRegType - The REG_* type for the data.
  647. Return Value:
  649. HRESULT - Completion status, 0 if successful, !0 otherwise.
  651. --*/
  653. {
  655. HRESULT result;
  657. //
  658. // Sanity check.
  659. //
  661. DBG_ASSERT( ValidateState() );
  662. DBG_ASSERT( ppDataBlob != NULL );
  663. DBG_ASSERT( pBuffer != NULL );
  665. //
  666. // Let the IIS Crypto APIs do the dirty work.
  667. //
  669. result = SafeEncryptDataBlob2(
  670. ppDataBlob,
  671. pBuffer,
  672. dwBufferLength,
  673. dwRegType,
  674. m_hProv,
  675. m_hSessionKey
  676. );
  678. return result;
  680. } // IIS_CRYPTO_STORAGE2::EncryptData
  683. HRESULT
  684. IIS_CRYPTO_STORAGE::DecryptData(
  685. OUT PVOID * ppBuffer,
  686. OUT LPDWORD pdwBufferLength,
  687. OUT LPDWORD pdwRegType,
  688. IN PIIS_CRYPTO_BLOB pDataBlob
  689. )
  691. /*++
  693. Routine Description:
  695. Decrypts a secure data blob, producing a data pointer and data
  696. length.
  698. Arguments:
  700. ppBuffer - Receives a pointer to the decrypted data if succesful.
  702. pdwBufferLength - Receives the length of the data buffer.
  704. pdwRegType - Receives the REG_* type of the data.
  706. pDataBlob - A pointer to the data blob to decrypt.
  708. Return Value:
  710. HRESULT - Completion status, 0 if successful, !0 otherwise.
  712. --*/
  714. {
  716. HRESULT result;
  718. //
  719. // Sanity check.
  720. //
  722. DBG_ASSERT( ValidateState() );
  723. DBG_ASSERT( ppBuffer != NULL );
  724. DBG_ASSERT( pdwBufferLength != NULL );
  725. DBG_ASSERT( pdwRegType != NULL );
  726. DBG_ASSERT( pDataBlob != NULL );
  728. //
  729. // Let the IIS Crypto APIs do the dirty work.
  730. //
  732. result = ::IISCryptoDecryptDataBlob(
  733. ppBuffer,
  734. pdwBufferLength,
  735. pdwRegType,
  736. pDataBlob,
  737. m_hProv,
  738. m_hSessionKey,
  739. m_hSignatureKey
  740. );
  742. return result;
  744. } // IIS_CRYPTO_STORAGE::DecryptData
  746. HRESULT
  747. IIS_CRYPTO_STORAGE2::DecryptData(
  748. OUT PVOID * ppBuffer,
  749. OUT LPDWORD pdwBufferLength,
  750. OUT LPDWORD pdwRegType,
  751. IN PIIS_CRYPTO_BLOB pDataBlob
  752. )
  754. /*++
  756. Routine Description:
  758. Decrypts a secure data blob, producing a data pointer and data
  759. length.
  761. Arguments:
  763. ppBuffer - Receives a pointer to the decrypted data if succesful.
  765. pdwBufferLength - Receives the length of the data buffer.
  767. pdwRegType - Receives the REG_* type of the data.
  769. pDataBlob - A pointer to the data blob to decrypt.
  771. Return Value:
  773. HRESULT - Completion status, 0 if successful, !0 otherwise.
  775. --*/
  777. {
  779. HRESULT result;
  781. //
  782. // Sanity check.
  783. //
  785. DBG_ASSERT( ValidateState() );
  786. DBG_ASSERT( ppBuffer != NULL );
  787. DBG_ASSERT( pdwBufferLength != NULL );
  788. DBG_ASSERT( pdwRegType != NULL );
  789. DBG_ASSERT( pDataBlob != NULL );
  791. //
  792. // Let the IIS Crypto APIs do the dirty work.
  793. //
  795. result = ::IISCryptoDecryptDataBlob2(
  796. ppBuffer,
  797. pdwBufferLength,
  798. pdwRegType,
  799. pDataBlob,
  800. m_hProv,
  801. m_hSessionKey
  802. );
  804. return result;
  806. } // IIS_CRYPTO_STORAGE2::DecryptData
  809. //
  810. // Private functions.
  811. //
  814. #if DBG
  816. BOOL
  817. IIS_CRYPTO_STORAGE::ValidateState()
  819. /*++
  821. Routine Description:
  823. This debug-only routine validates the current object state.
  825. Arguments:
  827. None.
  829. Return Value:
  831. BOOL - TRUE if state is valid, FALSE otherwise.
  833. --*/
  835. {
  837. if( m_hSessionKey != CRYPT_NULL ) {
  839. return IIS_CRYPTO_BASE::ValidateState();
  841. }
  843. return FALSE;
  845. } // IIS_CRYPTO_STORAGE::ValidateState
  847. BOOL
  848. IIS_CRYPTO_STORAGE2::ValidateState()
  850. /*++
  852. Routine Description:
  854. This debug-only routine validates the current object state.
  856. Arguments:
  858. None.
  860. Return Value:
  862. BOOL - TRUE if state is valid, FALSE otherwise.
  864. --*/
  866. {
  868. if( m_hSessionKey != CRYPT_NULL ) {
  870. return IIS_CRYPTO_BASE::ValidateState2();
  872. }
  874. return FALSE;
  876. } // IIS_CRYPTO_STORAGE::ValidateState
  878. #endif // DBG