windows-server-2003/inetsrv/iis/svcs/irtl/iiscrypt/lib/icryptp.h

/*++

Copyright (c) 1996 Microsoft Corporation

Module Name:

    icryptp.h

Abstract:

    This include file contains private constants, type definitions, and
    function prototypes for the IIS cryptographic routines.

Author:

    Keith Moore (keithmo)        02-Dec-1996

Revision History:

--*/


#ifndef _ICRYPTP_H_
#define _ICRYPTP_H_


//
// Set this to a non-zero value to enable various object counters.
//

#if DBG
#define IC_ENABLE_COUNTERS 1
#else
#define IC_ENABLE_COUNTERS 0
#endif


//
// Constants defining our target crypto provider.
//

#define IC_CONTAINER TEXT("Microsoft Internet Information Server")
#define IC_PROVIDER  MS_DEF_PROV
#define IC_PROVTYPE  PROV_RSA_FULL

#define IC_HASH_ALG CALG_MD5


//
// Alignment macros.
//

#define ALIGN_DOWN(count,size) \
            ((ULONG)(count) & ~((ULONG)(size) - 1))

#define ALIGN_UP(count,size) \
            (ALIGN_DOWN( (ULONG)(count)+(ULONG)(size)-1, (ULONG)(size) ))

#define ALIGN_8(count) \
            (ALIGN_UP( (ULONG)(count), 8 ))


//
// A blob. Note that we use these blobs for storing exported keys,
// encrypted data, and hash results. Outside of this package, only
// the IIS_CRYPTO_BLOB header is exposed; the blob internals are kept
// private.
//

typedef struct _IC_BLOB {

    //
    // The standard header.
    //

    IIS_CRYPTO_BLOB Header;

    //
    // The data length. This will always be >0.
    //

    DWORD DataLength;

    //
    // The digital signature length. This may be 0 if no digital
    // signature is present.
    //

    DWORD SignatureLength;

    //
    // The actual data and digital signature go here, at the end
    // of the structure, but part of the same memory allocation
    // block. Use the following macros to access these fields.
    //
    // UCHAR Data[];
    // UCHAR Signature[];
    //

} IC_BLOB;

typedef UNALIGNED64 IC_BLOB *PIC_BLOB;

#define BLOB_TO_DATA(p) \
            ((BYTE *)(((PIC_BLOB)(p)) + 1))

#define BLOB_TO_SIGNATURE(p) \
            ((BYTE *)(((PCHAR)(((PIC_BLOB)(p)) + 1)) + \
                ALIGN_8(((PIC_BLOB)(p))->DataLength)))

//
// The following data structure is for specific metabase Backup/Restore
//
typedef struct _IC_BLOB2 {

    //
    // The standard header.
    //

    IIS_CRYPTO_BLOB Header;

    //
    // The data length. This will always be >0.
    //

    DWORD DataLength;

    //
    // The random salt length. At least 80 bits( 8 bytes ) long
    //

    DWORD SaltLength;

    //
    // The actual data and random salt go here, at the end
    // of the structure, but part of the same memory allocation
    // block. Use the following macros to access these fields.
    //
    // UCHAR Data[];
    // UCHAR Salt[];
    //

} IC_BLOB2, *PIC_BLOB2;

#define RANDOM_SALT_LENGTH       16

#define BLOB_TO_DATA2(p) \
            ((BYTE *)(((PIC_BLOB2)(p)) + 1))

#define BLOB_TO_SALT2(p) \
            ((BYTE *)(((PCHAR)(((PIC_BLOB2)(p)) + 1)) + \
                ALIGN_8(((PIC_BLOB2)(p))->DataLength)))

//
// Macro to calculate the data length of a blob, given the data and
// signature lengths. To ensure natural alignment of the signature, we
// quad-word align the data length if a signature is present.
//

#define CALC_BLOB_DATA_LENGTH(datalen,siglen) \
            ((sizeof(IC_BLOB) - sizeof(IIS_CRYPTO_BLOB)) + \
                ((siglen) + ( (siglen) ? ALIGN_8(datalen) : (datalen) )))

//
// Macro to calculate the data length of a blob, given the data and
// salt lengths. To ensure natural alignment of the signature, we
// quad-word align the data length if a signature is present.
//

#define CALC_BLOB_DATA_LENGTH2(datalen,saltlen) \
            ((sizeof(IC_BLOB2) - sizeof(IIS_CRYPTO_BLOB)) + \
                (saltlen) + (ALIGN_8(datalen)))


//
// Globals defined in globals.c.
//

typedef struct _IC_GLOBALS {

    //
    // Global synchronization lock (used sparingly).
    //

    CRITICAL_SECTION GlobalLock;

    //
    // Hash length for digital signatures. Since we always use the
    // same crypto provider & signature algorithm, we can retrieve
    // this once up front, and save some cycles later on.
    //

    DWORD HashLength;

    //
    // Set to TRUE if cryptography is enabled, FALSE if disabled.
    //

    BOOL EnableCryptography;

    //
    // Set to TRUE if we've been succesfully initialized.
    //

    BOOL Initialized;

} IC_GLOBALS, *PIC_GLOBALS;

extern IC_GLOBALS IcpGlobals;


//
// Private functions.
//

BOOL
IcpIsEncryptionPermitted(
    VOID
    );

HRESULT
IcpGetLastError(
    VOID
    );

HRESULT
IcpGetHashLength(
    OUT LPDWORD pdwHashLength,
    IN HCRYPTPROV hProv
    );

PIC_BLOB
IcpCreateBlob(
    IN DWORD dwBlobSignature,
    IN DWORD dwDataLength,
    IN DWORD dwSignatureLength OPTIONAL
    );

PIC_BLOB2
IcpCreateBlob2(
    IN DWORD dwBlobSignature,
    IN DWORD dwDataLength,
    IN DWORD dwSaltLength OPTIONAL
    );


#if IC_ENABLE_COUNTERS

//
// Object counters.
//

typedef struct _IC_COUNTERS {

    LONG ContainersOpened;
    LONG ContainersClosed;
    LONG KeysOpened;
    LONG KeysClosed;
    LONG HashCreated;
    LONG HashDestroyed;
    LONG BlobsCreated;
    LONG BlobsFreed;
    LONG Allocs;
    LONG Frees;

} IC_COUNTERS, *PIC_COUNTERS;

extern IC_COUNTERS IcpCounters;

#define UpdateContainersOpened() InterlockedIncrement( &IcpCounters.ContainersOpened )
#define UpdateContainersClosed() InterlockedIncrement( &IcpCounters.ContainersClosed )
#define UpdateKeysOpened() InterlockedIncrement( &IcpCounters.KeysOpened )
#define UpdateKeysClosed() InterlockedIncrement( &IcpCounters.KeysClosed )
#define UpdateHashCreated() InterlockedIncrement( &IcpCounters.HashCreated )
#define UpdateHashDestroyed() InterlockedIncrement( &IcpCounters.HashDestroyed )
#define UpdateBlobsCreated() InterlockedIncrement( &IcpCounters.BlobsCreated )
#define UpdateBlobsFreed() InterlockedIncrement( &IcpCounters.BlobsFreed )
#define UpdateAllocs() InterlockedIncrement( &IcpCounters.Allocs )
#define UpdateFrees() InterlockedIncrement( &IcpCounters.Frees )

PVOID
WINAPI
IcpAllocMemory(
    IN DWORD Size
    );

VOID
WINAPI
IcpFreeMemory(
    IN PVOID Buffer
    );

#else   // !IC_ENABLE_COUNTERS

#define UpdateContainersOpened()
#define UpdateContainersClosed()
#define UpdateKeysOpened()
#define UpdateKeysClosed()
#define UpdateHashCreated()
#define UpdateHashDestroyed()
#define UpdateBlobsCreated()
#define UpdateBlobsFreed()
#define UpdateAllocs()
#define UpdateFrees()

#define IcpAllocMemory(cb) IISCryptoAllocMemory(cb)
#define IcpFreeMemory(p) IISCryptoFreeMemory(p)

#endif  // IC_ENABLE_COUNTERS


//
// Dummy crypto handles returned in cryptography is disabled.
//

#define DUMMY_HPROV             ((HCRYPTPROV)'vOrP')
#define DUMMY_HHASH             ((HCRYPTHASH)'hSaH')
#define DUMMY_HSESSIONKEY       ((HCRYPTKEY)'kSeS')
#define DUMMY_HSIGNATUREKEY     ((HCRYPTKEY)'kGiS')
#define DUMMY_HKEYEXCHANGEKEY   ((HCRYPTKEY)'kYeK')


#endif  // _ICRYPTP_H_