archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/irtl/iiscrypt/lib/blob.c

964 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. blob.c
  9. Abstract:
  11. Generic blob manipulators for the IIS cryptographic package.
  13. The following routines are exported by this module:
  15. IISCryptoReadBlobFromRegistry
  16. IISCryptoWriteBlobToRegistry
  17. IISCryptoIsValidBlob
  18. IISCryptoFreeBlob
  19. IISCryptoCompareBlobs
  20. IISCryptoCloneBlobFromRawData
  21. IISCryptoCreateCleartextBlob
  22. IcpCreateBlob
  24. Author:
  26. Keith Moore (keithmo) 02-Dec-1996
  28. Revision History:
  30. --*/
  33. #include "precomp.h"
  34. #pragma hdrstop
  37. //
  38. // Private constants.
  39. //
  42. //
  43. // Private types.
  44. //
  47. //
  48. // Private globals.
  49. //
  52. //
  53. // Private prototypes.
  54. //
  57. //
  58. // Public functions.
  59. //
  62. HRESULT
  63. WINAPI
  64. IISCryptoReadBlobFromRegistry(
  65. OUT PIIS_CRYPTO_BLOB * ppBlob,
  66. IN HKEY hRegistryKey,
  67. IN LPCTSTR pszRegistryValueName
  68. )
  70. /*++
  72. Routine Description:
  74. This routine creates a new blob, reading the blob out of the
  75. registry.
  77. Arguments:
  79. ppBlob - Receives a pointer to the newly created blob if successful.
  81. hRegistryKey - An open handle to a registry key.
  83. pszRegistryValueName - The name of the REG_BINARY registry value
  84. containing the blob.
  86. Return Value:
  88. HRESULT - Completion status, 0 if successful, !0 otherwise.
  90. --*/
  92. {
  94. HRESULT result;
  95. PIIS_CRYPTO_BLOB blob;
  96. long status;
  97. DWORD type;
  98. long length;
  100. //
  101. // Sanity check.
  102. //
  104. DBG_ASSERT( IcpGlobals.Initialized );
  105. DBG_ASSERT( ppBlob != NULL );
  106. DBG_ASSERT( hRegistryKey != NULL );
  107. DBG_ASSERT( pszRegistryValueName != NULL );
  109. //
  110. // Setup our locals so we know how to cleanup on exit.
  111. //
  113. blob = NULL;
  115. //
  116. // Determine the size of the blob.
  117. //
  119. length = 0;
  121. status = RegQueryValueEx(
  122. hRegistryKey,
  123. pszRegistryValueName,
  124. NULL,
  125. &type,
  126. NULL,
  127. ( LPDWORD )&length
  128. );
  130. if( status != NO_ERROR ) {
  131. result = RETURNCODETOHRESULT(status);
  132. goto fatal;
  133. }
  135. //
  136. // Allocate a new blob.
  137. //
  139. blob = IcpAllocMemory( length );
  141. if( blob == NULL ) {
  142. result = HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY );
  143. goto fatal;
  144. }
  146. //
  147. // Read the blob.
  148. //
  150. status = RegQueryValueEx(
  151. hRegistryKey,
  152. pszRegistryValueName,
  153. NULL,
  154. &type,
  155. (LPBYTE)blob,
  156. ( LPDWORD )&length
  157. );
  159. if( status != NO_ERROR ) {
  160. result = RETURNCODETOHRESULT(status);
  161. goto fatal;
  162. }
  164. //
  165. // Validate the blob.
  166. //
  168. if( !IISCryptoIsValidBlob( blob ) ) {
  169. result = HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  170. goto fatal;
  171. }
  173. //
  174. // Success!
  175. //
  177. *ppBlob = blob;
  179. UpdateBlobsCreated();
  180. return NO_ERROR;
  182. fatal:
  184. if( blob != NULL ) {
  185. IcpFreeMemory( blob );
  186. }
  188. DBG_ASSERT( FAILED(result) );
  189. return result;
  191. } // IISCryptoReadBlobFromRegistry
  194. HRESULT
  195. WINAPI
  196. IISCryptoWriteBlobToRegistry(
  197. IN PIIS_CRYPTO_BLOB pBlob,
  198. IN HKEY hRegistryKey,
  199. IN LPCTSTR pszRegistryValueName
  200. )
  202. /*++
  204. Routine Description:
  206. This routine writes the given blob to the given registry location.
  208. Arguments:
  210. pBlob - A pointer to the blob to write.
  212. hRegistryKey - An open handle to a registry key.
  214. pszRegistryValueName - The name of the REG_BINARY registry value
  215. that will receive the blob.
  217. Return Value:
  219. HRESULT - Completion status, 0 if successful, !0 otherwise.
  221. --*/
  223. {
  225. long status;
  227. //
  228. // Sanity check.
  229. //
  231. DBG_ASSERT( IcpGlobals.Initialized );
  232. DBG_ASSERT( pBlob != NULL );
  233. DBG_ASSERT( IISCryptoIsValidBlob( pBlob ) );
  234. DBG_ASSERT( hRegistryKey != NULL );
  235. DBG_ASSERT( pszRegistryValueName != NULL );
  237. //
  238. // Write the blob.
  239. //
  241. status = RegSetValueEx(
  242. hRegistryKey,
  243. pszRegistryValueName,
  244. 0,
  245. REG_BINARY,
  246. (LPBYTE)pBlob,
  247. IISCryptoGetBlobLength( pBlob )
  248. );
  250. return RETURNCODETOHRESULT(status);
  252. } // IISCryptoWriteBlobToRegistry
  255. BOOL
  256. WINAPI
  257. IISCryptoIsValidBlob(
  258. IN PIIS_CRYPTO_BLOB pBlob
  259. )
  261. /*++
  263. Routine Description:
  265. This routine determines if the specified blob is indeed a valid
  266. blob.
  268. Arguments:
  270. pBlob - The blob to validate.
  272. Return Value:
  274. BOOL - TRUE if the blob is valid, FALSE otherwise.
  276. --*/
  278. {
  280. PIC_BLOB blob;
  281. BOOL result;
  283. //
  284. // Sanity check.
  285. //
  287. DBG_ASSERT( IcpGlobals.Initialized );
  288. DBG_ASSERT( pBlob != NULL );
  290. //
  291. // Validate the signature.
  292. //
  294. blob = (PIC_BLOB)pBlob;
  296. switch( blob->Header.BlobSignature ) {
  298. case KEY_BLOB_SIGNATURE :
  299. case PUBLIC_KEY_BLOB_SIGNATURE :
  300. case DATA_BLOB_SIGNATURE :
  301. case HASH_BLOB_SIGNATURE :
  302. case CLEARTEXT_BLOB_SIGNATURE :
  303. result = TRUE;
  304. break;
  306. default :
  307. result = FALSE;
  308. break;
  310. }
  312. if( result &&
  313. blob->Header.BlobSignature != CLEARTEXT_BLOB_SIGNATURE ) {
  315. //
  316. // Validate some of the blob internal structure. Note that we
  317. // don't validate the internal structure of the cleartext blobs,
  318. // as they do not conform to the normal IC_BLOB structure.
  319. //
  321. if( blob->DataLength == 0 ||
  322. blob->Header.BlobDataLength !=
  323. CALC_BLOB_DATA_LENGTH( blob->DataLength, blob->SignatureLength ) ) {
  325. result = FALSE;
  327. }
  329. }
  331. return result;
  333. } // IISCryptoIsValidBlob
  335. BOOL
  336. WINAPI
  337. IISCryptoIsValidBlob2(
  338. IN PIIS_CRYPTO_BLOB pBlob
  339. )
  341. /*++
  343. Routine Description:
  345. This routine determines if the specified blob is indeed a valid
  346. blob.
  348. Arguments:
  350. pBlob - The blob to validate.
  352. Return Value:
  354. BOOL - TRUE if the blob is valid, FALSE otherwise.
  356. --*/
  358. {
  360. PIC_BLOB2 blob;
  361. BOOL result;
  363. //
  364. // Sanity check.
  365. //
  367. DBG_ASSERT( IcpGlobals.Initialized );
  368. DBG_ASSERT( pBlob != NULL );
  370. //
  371. // Validate the signature.
  372. //
  374. blob = (PIC_BLOB2)pBlob;
  376. switch( blob->Header.BlobSignature ) {
  378. case SALT_BLOB_SIGNATURE :
  379. result = TRUE;
  380. break;
  382. default :
  383. result = FALSE;
  384. break;
  386. }
  388. if( result ) {
  390. //
  391. // Validate some of the blob internal structure. Note that we
  392. // don't validate the internal structure of the cleartext blobs,
  393. // as they do not conform to the normal IC_BLOB structure.
  394. //
  396. if( blob->DataLength == 0 ||
  397. blob->Header.BlobDataLength !=
  398. CALC_BLOB_DATA_LENGTH2( blob->DataLength, blob->SaltLength ) ) {
  400. result = FALSE;
  402. }
  404. }
  406. return result;
  408. } // IISCryptoIsValidBlob2
  411. HRESULT
  412. WINAPI
  413. IISCryptoFreeBlob(
  414. IN PIIS_CRYPTO_BLOB pBlob
  415. )
  417. /*++
  419. Routine Description:
  421. This routine frees all resources associated with the given blob.
  422. After this routine completes, the blob is unusable.
  424. Arguments:
  426. pBlob - The blob to free.
  428. Return Value:
  430. HRESULT - Completion status, 0 if successful, !0 otherwise.
  432. --*/
  434. {
  436. //
  437. // Sanity check.
  438. //
  440. DBG_ASSERT( IcpGlobals.Initialized );
  441. DBG_ASSERT( pBlob != NULL );
  442. DBG_ASSERT( IISCryptoIsValidBlob( pBlob ) );
  444. //
  445. // Corrupt the structure signature before freeing the blob.
  446. //
  448. *(PCHAR)(&pBlob->BlobSignature) = 'X';
  450. //
  451. // Free the resources.
  452. //
  454. IcpFreeMemory( pBlob );
  456. //
  457. // Success!
  458. //
  460. UpdateBlobsFreed();
  461. return NO_ERROR;
  463. } // IISCryptoFreeBlob
  465. HRESULT
  466. WINAPI
  467. IISCryptoFreeBlob2(
  468. IN PIIS_CRYPTO_BLOB pBlob
  469. )
  471. /*++
  473. Routine Description:
  475. This routine frees all resources associated with the given blob.
  476. After this routine completes, the blob is unusable.
  478. Arguments:
  480. pBlob - The blob to free.
  482. Return Value:
  484. HRESULT - Completion status, 0 if successful, !0 otherwise.
  486. --*/
  488. {
  490. //
  491. // Sanity check.
  492. //
  494. DBG_ASSERT( IcpGlobals.Initialized );
  495. DBG_ASSERT( pBlob != NULL );
  496. DBG_ASSERT( IISCryptoIsValidBlob2( pBlob ) );
  498. //
  499. // Corrupt the structure signature before freeing the blob.
  500. //
  502. *(PCHAR)(&pBlob->BlobSignature) = 'X';
  504. //
  505. // Free the resources.
  506. //
  508. IcpFreeMemory( pBlob );
  510. //
  511. // Success!
  512. //
  514. UpdateBlobsFreed();
  515. return NO_ERROR;
  517. } // IISCryptoFreeBlob2
  520. BOOL
  521. WINAPI
  522. IISCryptoCompareBlobs(
  523. IN PIIS_CRYPTO_BLOB pBlob1,
  524. IN PIIS_CRYPTO_BLOB pBlob2
  525. )
  527. /*++
  529. Routine Description:
  531. This routine compares two blobs to determine if they are identical.
  533. Arguments:
  535. pBlob1 - Pointer to a blob.
  537. pBlob2 - Pointer to another blob.
  539. Return Value:
  541. BOOL - TRUE if the blobs match, FALSE otherwise, or if the blobs
  542. are invalid.
  544. --*/
  546. {
  548. //
  549. // Sanity check.
  550. //
  552. DBG_ASSERT( IcpGlobals.Initialized );
  553. DBG_ASSERT( pBlob1 != NULL );
  554. DBG_ASSERT( pBlob2 != NULL );
  555. DBG_ASSERT( IISCryptoIsValidBlob( pBlob1 ) );
  556. DBG_ASSERT( IISCryptoIsValidBlob( pBlob2 ) );
  558. //
  559. // Just do a straight memory compare of the two blobs.
  560. //
  562. if( memcmp( pBlob1, pBlob2, sizeof(*pBlob1) ) == 0 ) {
  563. return TRUE;
  564. }
  566. //
  567. // No match.
  568. //
  570. return FALSE;
  572. } // IISCryptoCompareBlobs
  575. HRESULT
  576. WINAPI
  577. IISCryptoCloneBlobFromRawData(
  578. OUT PIIS_CRYPTO_BLOB * ppBlob,
  579. IN PBYTE pRawBlob,
  580. IN DWORD dwRawBlobLength
  581. )
  583. /*++
  585. Routine Description:
  587. This routine makes a copy of a blob from raw data. The raw data
  588. buffer may be unaligned.
  590. Arguments:
  592. ppBlob - Receives a pointer to the newly created blob if successful.
  594. pRawBlob - Pointer to the raw blob data.
  596. dwRawBlobLength - Length of the raw blob data.
  598. Return Value:
  600. HRESULT - Completion status, 0 if successful, !0 otherwise.
  602. --*/
  604. {
  606. PIIS_CRYPTO_BLOB newBlob;
  607. IIS_CRYPTO_BLOB UNALIGNED *unalignedBlob;
  608. DWORD blobLength;
  610. //
  611. // Sanity check.
  612. //
  614. DBG_ASSERT( ppBlob != NULL );
  615. DBG_ASSERT( pRawBlob != NULL );
  617. //
  618. // Allocate space for the new blob.
  619. //
  621. unalignedBlob = (IIS_CRYPTO_BLOB UNALIGNED *)pRawBlob;
  622. blobLength = IISCryptoGetBlobLength( unalignedBlob );
  624. if( blobLength != dwRawBlobLength ) {
  625. return HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  626. }
  628. newBlob = IcpAllocMemory( blobLength );
  629. if( newBlob != NULL ) {
  631. //
  632. // Clone it. The (PCHAR) casts are necessary to force the compiler
  633. // to copy BYTE-wise.
  634. //
  636. RtlCopyMemory(
  637. (PCHAR)newBlob,
  638. (PCHAR)unalignedBlob,
  639. blobLength
  640. );
  642. //
  643. // Validate its contents.
  644. //
  646. if( IISCryptoIsValidBlob( newBlob ) ) {
  648. *ppBlob = newBlob;
  650. UpdateBlobsCreated();
  651. return NO_ERROR;
  653. }
  655. IcpFreeMemory( newBlob );
  656. return HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  658. }
  660. return HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY );
  662. } // IISCryptoCloneBlobFromRawData
  664. HRESULT
  665. WINAPI
  666. IISCryptoCloneBlobFromRawData2(
  667. OUT PIIS_CRYPTO_BLOB * ppBlob,
  668. IN PBYTE pRawBlob,
  669. IN DWORD dwRawBlobLength
  670. )
  672. /*++
  674. Routine Description:
  676. This routine makes a copy of a blob from raw data. The raw data
  677. buffer may be unaligned.
  679. Arguments:
  681. ppBlob - Receives a pointer to the newly created blob if successful.
  683. pRawBlob - Pointer to the raw blob data.
  685. dwRawBlobLength - Length of the raw blob data.
  687. Return Value:
  689. HRESULT - Completion status, 0 if successful, !0 otherwise.
  691. --*/
  693. {
  695. PIIS_CRYPTO_BLOB newBlob;
  696. IIS_CRYPTO_BLOB UNALIGNED *unalignedBlob;
  697. DWORD blobLength;
  699. //
  700. // Sanity check.
  701. //
  703. DBG_ASSERT( ppBlob != NULL );
  704. DBG_ASSERT( pRawBlob != NULL );
  706. //
  707. // Allocate space for the new blob.
  708. //
  710. unalignedBlob = (IIS_CRYPTO_BLOB UNALIGNED *)pRawBlob;
  711. blobLength = IISCryptoGetBlobLength( unalignedBlob );
  713. if( blobLength != dwRawBlobLength ) {
  714. return HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  715. }
  717. newBlob = IcpAllocMemory( blobLength );
  718. if( newBlob != NULL ) {
  720. //
  721. // Clone it. The (PCHAR) casts are necessary to force the compiler
  722. // to copy BYTE-wise.
  723. //
  725. RtlCopyMemory(
  726. (PCHAR)newBlob,
  727. (PCHAR)unalignedBlob,
  728. blobLength
  729. );
  731. //
  732. // Validate its contents.
  733. //
  735. if( IISCryptoIsValidBlob2( newBlob ) ) {
  737. *ppBlob = newBlob;
  739. UpdateBlobsCreated();
  740. return NO_ERROR;
  742. }
  744. IcpFreeMemory( newBlob );
  745. return HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  747. }
  749. return HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY );
  751. } // IISCryptoCloneBlobFromRawData2
  754. HRESULT
  755. WINAPI
  756. IISCryptoCreateCleartextBlob(
  757. OUT PIIS_CRYPTO_BLOB * ppBlob,
  758. IN PBYTE pBlobData,
  759. IN DWORD dwBlobDataLength
  760. )
  762. /*++
  764. Routine Description:
  766. This routine creates a cleartext blob containing the specified
  767. data.
  769. Arguments:
  771. ppBlob - Receives a pointer to the newly created blob if successful.
  773. pBlobData - Pointer to the blob data.
  775. dwBlobDataLength - Length of the blob data.
  777. Return Value:
  779. HRESULT - Completion status, 0 if successful, !0 otherwise.
  781. --*/
  783. {
  785. PIIS_CRYPTO_BLOB blob;
  787. //
  788. // Sanity check.
  789. //
  791. DBG_ASSERT( ppBlob != NULL );
  792. DBG_ASSERT( pBlobData != NULL );
  794. //
  795. // Allocate space for the new blob.
  796. //
  798. blob = IcpAllocMemory( dwBlobDataLength + sizeof(*blob) );
  800. if( blob != NULL ) {
  802. //
  803. // Initialize the blob.
  804. //
  806. blob->BlobSignature = CLEARTEXT_BLOB_SIGNATURE;
  807. blob->BlobDataLength = dwBlobDataLength;
  809. RtlCopyMemory(
  810. blob + 1,
  811. pBlobData,
  812. dwBlobDataLength
  813. );
  815. *ppBlob = blob;
  817. UpdateBlobsCreated();
  818. return NO_ERROR;
  820. }
  822. return HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY );
  824. } // IISCryptoCreateCleartextBlob
  827. PIC_BLOB
  828. IcpCreateBlob(
  829. IN DWORD dwBlobSignature,
  830. IN DWORD dwDataLength,
  831. IN DWORD dwSignatureLength OPTIONAL
  832. )
  834. /*++
  836. Routine Description:
  838. This routine creates a new blob.
  840. Arguments:
  842. dwBlobSignature - The structure signature for the new blob.
  844. dwDataLength - The data length for the blob.
  846. dwSignatureLength - The length of the digital signature, 0 if
  847. there is no signature for this blob. This value cannot be
  848. CLEARTEXT_BLOB_SIGNATURE; cleartext blobs are "special".
  850. Return Value:
  852. PIC_BLOB - Pointer to the newly created blob if successful,
  853. NULL otherwise.
  855. --*/
  857. {
  859. PIC_BLOB blob;
  860. DWORD blobDataLength;
  862. //
  863. // Sanity check.
  864. //
  866. DBG_ASSERT( dwBlobSignature == KEY_BLOB_SIGNATURE ||
  867. dwBlobSignature == PUBLIC_KEY_BLOB_SIGNATURE ||
  868. dwBlobSignature == DATA_BLOB_SIGNATURE ||
  869. dwBlobSignature == HASH_BLOB_SIGNATURE );
  871. //
  872. // Allocate storage for the blob.
  873. //
  875. blobDataLength = CALC_BLOB_DATA_LENGTH( dwDataLength, dwSignatureLength );
  876. blob = IcpAllocMemory( blobDataLength + sizeof(IIS_CRYPTO_BLOB) );
  878. if( blob != NULL ) {
  880. //
  881. // Initialize the blob.
  882. //
  884. blob->Header.BlobSignature = dwBlobSignature;
  885. blob->Header.BlobDataLength = blobDataLength;
  887. blob->DataLength = dwDataLength;
  888. blob->SignatureLength = dwSignatureLength;
  890. }
  892. return blob;
  894. } // IcpCreateBlob
  896. PIC_BLOB2
  897. IcpCreateBlob2(
  898. IN DWORD dwBlobSignature,
  899. IN DWORD dwDataLength,
  900. IN DWORD dwSaltLength OPTIONAL
  901. )
  903. /*++
  905. Routine Description:
  907. This routine creates a new blob.
  909. Arguments:
  911. dwBlobSignature - The structure signature for the new blob.
  913. dwDataLength - The data length for the blob.
  915. dwSaltLength - The length of the random salt
  917. Return Value:
  919. PIC_BLOB2 - Pointer to the newly created blob if successful,
  920. NULL otherwise.
  922. --*/
  924. {
  926. PIC_BLOB2 blob;
  927. DWORD blobDataLength;
  929. //
  930. // Sanity check.
  931. //
  933. DBG_ASSERT( dwBlobSignature == SALT_BLOB_SIGNATURE );
  935. //
  936. // Allocate storage for the blob.
  937. //
  939. blobDataLength = CALC_BLOB_DATA_LENGTH( dwDataLength, dwSaltLength );
  940. blob = IcpAllocMemory( blobDataLength + sizeof(IIS_CRYPTO_BLOB) );
  942. if( blob != NULL ) {
  944. //
  945. // Initialize the blob.
  946. //
  948. blob->Header.BlobSignature = dwBlobSignature;
  949. blob->Header.BlobDataLength = blobDataLength;
  951. blob->DataLength = dwDataLength;
  952. blob->SaltLength = dwSaltLength;
  954. }
  956. return blob;
  958. } // IcpCreateBlob2
  961. //
  962. // Private functions.
  963. //