You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
991 lines
26 KiB
991 lines
26 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1995.
|
|
//
|
|
// File: cliprot.c
|
|
//
|
|
// Contents:
|
|
//
|
|
// Classes:
|
|
//
|
|
// Functions:
|
|
//
|
|
// History: 09-23-97 jbanes LSA integration stuff.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#include <spbase.h>
|
|
#include <pct1msg.h>
|
|
#include <pct1prot.h>
|
|
#include <ssl2msg.h>
|
|
#include <ssl3msg.h>
|
|
#include <ssl2prot.h>
|
|
|
|
UNICipherMap UniAvailableCiphers[] = {
|
|
// NULL cipher suite
|
|
{
|
|
// 0
|
|
SSL3_NULL_WITH_NULL_NULL
|
|
},
|
|
|
|
// PCT ciphers
|
|
{
|
|
// 1
|
|
UNI_CK_PCT,
|
|
SP_PROT_PCT1,
|
|
0,
|
|
0, 0,
|
|
SP_EXCH_UNKNOWN
|
|
},
|
|
{
|
|
// 2
|
|
SSL_MKFAST(PCT_SSL_CERT_TYPE, MSBOF(PCT1_CERT_X509_CHAIN), LSBOF(PCT1_CERT_X509_CHAIN)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
0, 0,
|
|
SP_EXCH_UNKNOWN
|
|
},
|
|
{
|
|
// 3
|
|
SSL_MKFAST(PCT_SSL_CERT_TYPE, MSBOF(PCT1_CERT_X509), LSBOF(PCT1_CERT_X509)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
0, 0,
|
|
SP_EXCH_UNKNOWN
|
|
},
|
|
{
|
|
// 4
|
|
SSL_MKFAST(PCT_SSL_HASH_TYPE, MSBOF(PCT1_HASH_MD5), LSBOF(PCT1_HASH_MD5)),
|
|
SP_PROT_PCT1,
|
|
CALG_MD5,
|
|
0, 0,
|
|
SP_EXCH_UNKNOWN
|
|
},
|
|
{
|
|
// 5
|
|
SSL_MKFAST(PCT_SSL_HASH_TYPE, MSBOF(PCT1_HASH_SHA), LSBOF(PCT1_HASH_SHA)),
|
|
SP_PROT_PCT1,
|
|
CALG_SHA,
|
|
0, 0,
|
|
SP_EXCH_UNKNOWN
|
|
},
|
|
{
|
|
// 6
|
|
SSL_MKFAST(PCT_SSL_EXCH_TYPE, MSBOF(SP_EXCH_RSA_PKCS1), LSBOF(SP_EXCH_RSA_PKCS1)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
0, 0,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX
|
|
},
|
|
|
|
// SSL3 Domestic ciphers
|
|
{
|
|
// 7
|
|
SSL3_RSA_WITH_RC4_128_MD5,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_MD5 ,
|
|
CALG_RC4 ,128 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 8
|
|
SSL3_RSA_WITH_RC4_128_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_RC4 ,128 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 9
|
|
SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA,
|
|
CALG_3DES ,168 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 10
|
|
SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA,
|
|
CALG_3DES ,168 ,
|
|
SP_EXCH_DH_PKCS3, CALG_DH_EPHEM,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
|
|
// PCT Domestic ciphers
|
|
{
|
|
// 12
|
|
SSL_MKFAST(PCT_SSL_CIPHER_TYPE_1ST_HALF, MSBOF(PCT1_CIPHER_RC4>>16), LSBOF(PCT1_CIPHER_RC4>>16)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
CALG_RC4 ,128 ,
|
|
SP_EXCH_UNKNOWN, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 13
|
|
SSL_MKFAST(PCT_SSL_CIPHER_TYPE_2ND_HALF, MSBOF(PCT1_ENC_BITS_128), LSBOF(PCT1_MAC_BITS_128)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
CALG_RC4 ,128 ,
|
|
SP_EXCH_UNKNOWN, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL2 Domestic ciphers
|
|
{
|
|
// 14
|
|
SSL_CK_RC4_128_WITH_MD5,
|
|
SP_PROT_SSL2 ,
|
|
CALG_MD5 ,
|
|
CALG_RC4 ,128 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 15
|
|
SSL_CK_DES_192_EDE3_CBC_WITH_MD5,
|
|
SP_PROT_SSL2 ,
|
|
CALG_MD5 ,
|
|
CALG_3DES ,168 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 16
|
|
SSL_CK_RC2_128_CBC_WITH_MD5,
|
|
SP_PROT_SSL2 ,
|
|
CALG_MD5 ,
|
|
CALG_RC2 ,128 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL3 domestic DES ciphers
|
|
{
|
|
// 22
|
|
SSL3_RSA_WITH_DES_CBC_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_DES , 56,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 23
|
|
SSL3_DHE_DSS_WITH_DES_CBC_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_DES , 56 ,
|
|
SP_EXCH_DH_PKCS3, CALG_DH_EPHEM,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL2 domestic DES ciphers
|
|
{
|
|
// 24
|
|
SSL_CK_DES_64_CBC_WITH_MD5,
|
|
SP_PROT_SSL2,
|
|
CALG_MD5 ,
|
|
CALG_DES , 56 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL3 56-bit export ciphers
|
|
{
|
|
// 25
|
|
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_RC4 ,56 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
EXPORT56_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 26
|
|
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_DES , 56,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
EXPORT56_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 27
|
|
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_DES , 56 ,
|
|
SP_EXCH_DH_PKCS3, CALG_DH_EPHEM,
|
|
EXPORT56_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL3 Export ciphers
|
|
{
|
|
// 28
|
|
SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_MD5 ,
|
|
CALG_RC4 ,40 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
EXPORT40_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 29
|
|
SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_MD5 ,
|
|
CALG_RC2 ,40 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
EXPORT40_CIPHER_SUITE
|
|
},
|
|
|
|
// PCT Export ciphers
|
|
{
|
|
// 30
|
|
SSL_MKFAST(PCT_SSL_CIPHER_TYPE_1ST_HALF, MSBOF(PCT1_CIPHER_RC4>>16), LSBOF(PCT1_CIPHER_RC4>>16)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
CALG_RC4 ,40 ,
|
|
SP_EXCH_UNKNOWN, CALG_RSA_KEYX,
|
|
EXPORT40_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 31
|
|
SSL_MKFAST(PCT_SSL_CIPHER_TYPE_2ND_HALF, MSBOF(PCT1_ENC_BITS_40), LSBOF(PCT1_MAC_BITS_128)),
|
|
SP_PROT_PCT1,
|
|
0,
|
|
CALG_RC4 ,40 ,
|
|
SP_EXCH_UNKNOWN, CALG_RSA_KEYX,
|
|
EXPORT40_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL2 Export ciphers
|
|
{
|
|
// 32
|
|
SSL_CK_RC4_128_EXPORT40_WITH_MD5,
|
|
SP_PROT_SSL2 ,
|
|
CALG_MD5 ,
|
|
CALG_RC4 ,40 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
EXPORT40_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 33
|
|
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
|
|
SP_PROT_SSL2 ,
|
|
CALG_MD5 ,
|
|
CALG_RC2 ,40 ,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
EXPORT40_CIPHER_SUITE
|
|
},
|
|
|
|
// SSL3 Zero privacy ciphers
|
|
{
|
|
// 34
|
|
SSL3_RSA_WITH_NULL_MD5,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_MD5 ,
|
|
CALG_NULLCIPHER, 0,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
},
|
|
{
|
|
// 35
|
|
SSL3_RSA_WITH_NULL_SHA,
|
|
SP_PROT_SSL3 | SP_PROT_TLS1,
|
|
CALG_SHA ,
|
|
CALG_NULLCIPHER, 0,
|
|
SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX,
|
|
DOMESTIC_CIPHER_SUITE
|
|
}
|
|
};
|
|
|
|
DWORD UniNumCiphers = sizeof(UniAvailableCiphers)/sizeof(UNICipherMap);
|
|
|
|
|
|
|
|
SP_STATUS WINAPI
|
|
GenerateSsl2StyleHello(
|
|
PSPContext pContext,
|
|
PSPBuffer pOutput,
|
|
WORD fProtocol);
|
|
|
|
|
|
SP_STATUS
|
|
GetSupportedCapiAlgs(
|
|
HCRYPTPROV hProv,
|
|
PROV_ENUMALGS_EX ** ppAlgInfo,
|
|
DWORD * pcAlgInfo)
|
|
{
|
|
PROV_ENUMALGS_EX AlgInfo;
|
|
DWORD dwFlags;
|
|
DWORD cbData;
|
|
DWORD cAlgs;
|
|
DWORD i;
|
|
|
|
*ppAlgInfo = NULL;
|
|
*pcAlgInfo = 0;
|
|
|
|
// Count the algorithms.
|
|
dwFlags = CRYPT_FIRST;
|
|
for(cAlgs = 0; ; cAlgs++)
|
|
{
|
|
cbData = sizeof(PROV_ENUMALGS_EX);
|
|
if(!CryptGetProvParam(hProv,
|
|
PP_ENUMALGS_EX,
|
|
(PBYTE)&AlgInfo,
|
|
&cbData,
|
|
dwFlags))
|
|
{
|
|
if(GetLastError() != ERROR_NO_MORE_ITEMS)
|
|
{
|
|
SP_LOG_RESULT(GetLastError());
|
|
}
|
|
break;
|
|
}
|
|
dwFlags = 0;
|
|
}
|
|
if(cAlgs == 0)
|
|
{
|
|
return SP_LOG_RESULT(SEC_E_ALGORITHM_MISMATCH);
|
|
}
|
|
|
|
// Allocate memory.
|
|
*ppAlgInfo = SPExternalAlloc(sizeof(PROV_ENUMALGS_EX) * cAlgs);
|
|
if(*ppAlgInfo == NULL)
|
|
{
|
|
return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
|
|
}
|
|
|
|
// Read the algorithms.
|
|
dwFlags = CRYPT_FIRST;
|
|
for(i = 0; i < cAlgs; i++)
|
|
{
|
|
cbData = sizeof(PROV_ENUMALGS_EX);
|
|
if(!CryptGetProvParam(hProv,
|
|
PP_ENUMALGS_EX,
|
|
(PBYTE)(*ppAlgInfo + i),
|
|
&cbData,
|
|
dwFlags))
|
|
{
|
|
if(GetLastError() != ERROR_NO_MORE_ITEMS)
|
|
{
|
|
SP_LOG_RESULT(GetLastError());
|
|
}
|
|
break;
|
|
}
|
|
dwFlags = 0;
|
|
}
|
|
if(i == 0)
|
|
{
|
|
SPExternalFree(*ppAlgInfo);
|
|
*ppAlgInfo = NULL;
|
|
|
|
LogNoCiphersSupportedEvent();
|
|
return SP_LOG_RESULT(SEC_E_ALGORITHM_MISMATCH);
|
|
}
|
|
|
|
*pcAlgInfo = i;
|
|
|
|
return PCT_ERR_OK;
|
|
}
|
|
|
|
|
|
SP_STATUS WINAPI
|
|
GenerateHello(
|
|
PSPContext pContext,
|
|
PSPBuffer pOutput,
|
|
BOOL fCache)
|
|
{
|
|
PSessCacheItem pZombie;
|
|
PSPCredentialGroup pCred;
|
|
BOOL fFound;
|
|
DWORD fProt;
|
|
|
|
if (!pOutput)
|
|
{
|
|
SP_RETURN(SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR));
|
|
}
|
|
|
|
if(fCache)
|
|
{
|
|
// Look this id up in the cache
|
|
fFound = SPCacheRetrieveByName(pContext->pszTarget,
|
|
pContext->pCredGroup,
|
|
&pContext->RipeZombie);
|
|
}
|
|
else
|
|
{
|
|
fFound = FALSE;
|
|
}
|
|
|
|
if(!fFound)
|
|
{
|
|
// We're doing a full handshake, so allocate a cache entry.
|
|
if(!SPCacheRetrieveNew(FALSE,
|
|
pContext->pszTarget,
|
|
&pContext->RipeZombie))
|
|
{
|
|
return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
|
|
}
|
|
pContext->RipeZombie->dwCF = pContext->dwRequestedCF;
|
|
}
|
|
|
|
if(pContext->RipeZombie == NULL)
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
|
|
}
|
|
pZombie = pContext->RipeZombie;
|
|
|
|
pCred = pContext->pCredGroup;
|
|
if(!pCred)
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
|
|
}
|
|
|
|
// Use protocol from cache unless it's a new cache element,
|
|
// in which case use the protocol from credential.
|
|
if(fFound)
|
|
{
|
|
fProt = pZombie->fProtocol;
|
|
}
|
|
else
|
|
{
|
|
fProt = pCred->grbitEnabledProtocols;
|
|
}
|
|
pContext->dwProtocol = fProt;
|
|
pContext->dwClientEnabledProtocols = fProt;
|
|
|
|
if(SP_PROT_UNI_CLIENT & fProt)
|
|
{
|
|
pContext->State = UNI_STATE_CLIENT_HELLO;
|
|
pContext->ProtocolHandler = ClientProtocolHandler;
|
|
|
|
return GenerateUniHello(pContext, pOutput, pCred->grbitEnabledProtocols);
|
|
}
|
|
|
|
else
|
|
if(SP_PROT_TLS1_CLIENT & fProt)
|
|
{
|
|
DWORD dwProtocol = SP_PROT_TLS1_CLIENT;
|
|
|
|
pContext->State = SSL3_STATE_CLIENT_HELLO;
|
|
pContext->ProtocolHandler = Ssl3ProtocolHandler;
|
|
if(!fFound)
|
|
{
|
|
pZombie->fProtocol = SP_PROT_TLS1_CLIENT;
|
|
}
|
|
|
|
if(SP_PROT_SSL3_CLIENT & fProt)
|
|
{
|
|
// Both TLS and SSL3 are enabled.
|
|
dwProtocol |= SP_PROT_SSL3_CLIENT;
|
|
}
|
|
|
|
return GenerateTls1ClientHello(pContext, pOutput, dwProtocol);
|
|
}
|
|
|
|
else
|
|
if(SP_PROT_SSL3_CLIENT & fProt)
|
|
{
|
|
pContext->State = SSL3_STATE_CLIENT_HELLO;
|
|
pContext->ProtocolHandler = Ssl3ProtocolHandler;
|
|
if(!fFound)
|
|
{
|
|
pZombie->fProtocol = SP_PROT_SSL3_CLIENT;
|
|
}
|
|
|
|
return GenerateSsl3ClientHello(pContext, pOutput);
|
|
}
|
|
|
|
else
|
|
if(SP_PROT_PCT1_CLIENT & fProt)
|
|
{
|
|
pContext->State = PCT1_STATE_CLIENT_HELLO;
|
|
pContext->ProtocolHandler = Pct1ClientProtocolHandler;
|
|
|
|
return GeneratePct1StyleHello(pContext, pOutput);
|
|
}
|
|
|
|
else
|
|
if(SP_PROT_SSL2_CLIENT & fProt)
|
|
{
|
|
pContext->State = SSL2_STATE_CLIENT_HELLO;
|
|
pContext->ProtocolHandler = Ssl2ClientProtocolHandler;
|
|
|
|
return GenerateUniHello(pContext, pOutput, SP_PROT_SSL2_CLIENT);
|
|
}
|
|
else
|
|
{
|
|
return SP_LOG_RESULT(SEC_E_ALGORITHM_MISMATCH);
|
|
}
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: ClientVetAlg
|
|
//
|
|
// Synopsis: Examine the cipher suite input, and decide if it is currently
|
|
// enabled. Take into account the enabled protocols and ciphers
|
|
// enabled in the schannel registry as well as the protocols and
|
|
// ciphers enabled by the application in the V3 credential.
|
|
// Return TRUE if the cipher suite is enabled.
|
|
//
|
|
// Arguments: [pContext] -- Schannel context.
|
|
//
|
|
// [dwProtocol] -- Client protocols to be included in the
|
|
// ClientHello message.
|
|
//
|
|
// [pCipherMap] -- Cipher suite to be examined.
|
|
//
|
|
// History: 10-29-97 jbanes Created
|
|
//
|
|
// Notes: This routine is called by the client-side only.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BOOL
|
|
ClientVetAlg(
|
|
PSPContext pContext,
|
|
DWORD dwProtocol,
|
|
UNICipherMap * pCipherMap)
|
|
{
|
|
PCipherInfo pCipherInfo = NULL;
|
|
PHashInfo pHashInfo = NULL;
|
|
PKeyExchangeInfo pExchInfo = NULL;
|
|
|
|
if((pCipherMap->fProt & dwProtocol) == 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
// Is cipher supported?
|
|
if(pCipherMap->aiCipher != 0)
|
|
{
|
|
pCipherInfo = GetCipherInfo(pCipherMap->aiCipher,
|
|
pCipherMap->dwStrength);
|
|
|
|
if(!IsCipherSuiteAllowed(pContext,
|
|
pCipherInfo,
|
|
dwProtocol,
|
|
pContext->RipeZombie->dwCF,
|
|
pCipherMap->dwFlags))
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
// Is hash supported?
|
|
if(pCipherMap->aiHash != 0)
|
|
{
|
|
pHashInfo = GetHashInfo(pCipherMap->aiHash);
|
|
|
|
if(!IsHashAllowed(pContext, pHashInfo, dwProtocol))
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
// Is exchange alg supported?
|
|
if(pCipherMap->KeyExch != SP_EXCH_UNKNOWN)
|
|
{
|
|
pExchInfo = GetKeyExchangeInfo(pCipherMap->KeyExch);
|
|
|
|
if(!IsExchAllowed(pContext, pExchInfo, dwProtocol))
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: ClientBuildAlgList
|
|
//
|
|
// Synopsis: Build a list of ciphers to be included in the ClientHello
|
|
// message. This routine is used by all protocols.
|
|
//
|
|
// Arguments: [pContext] -- Schannel context.
|
|
//
|
|
// [fProtocol] -- Protocol(s) to be included in the
|
|
// ClientHello message.
|
|
//
|
|
// [pCipherSpecs] -- (out) Array where cipher specs are
|
|
// placed.
|
|
//
|
|
// [pcCipherSpecs] -- (out) Size of cipher specs array.
|
|
//
|
|
// History: 10-29-97 jbanes Created
|
|
//
|
|
// Notes: This routine is called by the client-side only.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
SP_STATUS
|
|
ClientBuildAlgList(
|
|
PSPContext pContext,
|
|
DWORD dwProtocol,
|
|
Ssl2_Cipher_Kind * pCipherSpecs,
|
|
PDWORD pcCipherSpecs)
|
|
{
|
|
DWORD i;
|
|
DWORD cCipherSpecs = 0;
|
|
|
|
// Consider only the client protocols.
|
|
dwProtocol &= SP_PROT_CLIENTS;
|
|
|
|
|
|
//
|
|
// Handle the RSA case.
|
|
//
|
|
|
|
if(g_hRsaSchannel && g_pRsaSchannelAlgs)
|
|
{
|
|
for(i = 0; i < UniNumCiphers; i++)
|
|
{
|
|
if(UniAvailableCiphers[i].KeyExch != SP_EXCH_RSA_PKCS1 &&
|
|
UniAvailableCiphers[i].KeyExch != SP_EXCH_UNKNOWN)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if(!ClientVetAlg(pContext, dwProtocol, UniAvailableCiphers + i))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if(!IsAlgSupportedCapi(dwProtocol,
|
|
UniAvailableCiphers + i,
|
|
g_pRsaSchannelAlgs,
|
|
g_cRsaSchannelAlgs))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
// this cipher is good to request
|
|
pCipherSpecs[cCipherSpecs++] = UniAvailableCiphers[i].CipherKind;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// Handle the DH case.
|
|
//
|
|
|
|
if(g_hDhSchannelProv)
|
|
{
|
|
for(i = 0; i < UniNumCiphers; i++)
|
|
{
|
|
if(UniAvailableCiphers[i].KeyExch != SP_EXCH_DH_PKCS3)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if(!ClientVetAlg(pContext, dwProtocol, UniAvailableCiphers + i))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if(!IsAlgSupportedCapi(dwProtocol,
|
|
UniAvailableCiphers + i,
|
|
g_pDhSchannelAlgs,
|
|
g_cDhSchannelAlgs))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
// this cipher is good to request
|
|
pCipherSpecs[cCipherSpecs++] = UniAvailableCiphers[i].CipherKind;
|
|
}
|
|
}
|
|
|
|
|
|
if(cCipherSpecs == 0)
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_SPECS_MISMATCH);
|
|
}
|
|
|
|
*pcCipherSpecs = cCipherSpecs;
|
|
|
|
return PCT_ERR_OK;
|
|
}
|
|
|
|
|
|
|
|
SP_STATUS WINAPI
|
|
GenerateUniHelloMessage(
|
|
PSPContext pContext,
|
|
Ssl2_Client_Hello * pHelloMessage,
|
|
DWORD fProtocol
|
|
)
|
|
{
|
|
SP_STATUS pctRet;
|
|
|
|
SP_BEGIN("GenerateUniHelloMessage");
|
|
|
|
|
|
if(!pHelloMessage)
|
|
{
|
|
SP_RETURN(SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR));
|
|
}
|
|
|
|
|
|
pContext->Flags |= CONTEXT_FLAG_CLIENT;
|
|
|
|
|
|
// Generate the cipher list
|
|
pHelloMessage->cCipherSpecs = MAX_UNI_CIPHERS;
|
|
pctRet = ClientBuildAlgList(pContext,
|
|
fProtocol,
|
|
pHelloMessage->CipherSpecs,
|
|
&pHelloMessage->cCipherSpecs);
|
|
if(pctRet != PCT_ERR_OK)
|
|
{
|
|
SP_RETURN(SP_LOG_RESULT(pctRet));
|
|
}
|
|
|
|
|
|
// We're minimally version 2
|
|
pHelloMessage->dwVer = SSL2_CLIENT_VERSION;
|
|
|
|
|
|
if(fProtocol & SP_PROT_TLS1_CLIENT)
|
|
{
|
|
pHelloMessage->dwVer = TLS1_CLIENT_VERSION;
|
|
}
|
|
else if(fProtocol & SP_PROT_SSL3_CLIENT)
|
|
{
|
|
pHelloMessage->dwVer = SSL3_CLIENT_VERSION;
|
|
}
|
|
|
|
/* Build the hello message. */
|
|
pHelloMessage->cbSessionID = 0;
|
|
|
|
if (pContext->RipeZombie && pContext->RipeZombie->cbSessionID)
|
|
{
|
|
KeyExchangeSystem *pKeyExchSys = NULL;
|
|
|
|
// Get pointer to key exchange system.
|
|
pKeyExchSys = KeyExchangeFromSpec(pContext->RipeZombie->SessExchSpec,
|
|
pContext->RipeZombie->fProtocol);
|
|
if(pKeyExchSys)
|
|
{
|
|
// Request a reconnect.
|
|
CopyMemory(pHelloMessage->SessionID,
|
|
pContext->RipeZombie->SessionID,
|
|
pContext->RipeZombie->cbSessionID);
|
|
|
|
pHelloMessage->cbSessionID = pContext->RipeZombie->cbSessionID;
|
|
}
|
|
else
|
|
{
|
|
DebugLog((DEB_WARN, "Abstaining from requesting reconnect\n"));
|
|
}
|
|
}
|
|
|
|
CopyMemory( pHelloMessage->Challenge,
|
|
pContext->pChallenge,
|
|
pContext->cbChallenge);
|
|
pHelloMessage->cbChallenge = pContext->cbChallenge;
|
|
|
|
SP_RETURN(PCT_ERR_OK);
|
|
}
|
|
|
|
|
|
SP_STATUS WINAPI
|
|
GenerateUniHello(
|
|
PSPContext pContext,
|
|
PSPBuffer pOutput,
|
|
DWORD fProtocol
|
|
)
|
|
|
|
{
|
|
SP_STATUS pctRet;
|
|
Ssl2_Client_Hello HelloMessage;
|
|
|
|
SP_BEGIN("GenerateUniHello");
|
|
|
|
pctRet = GenerateRandomBits(pContext->pChallenge, SSL2_CHALLENGE_SIZE);
|
|
if(pctRet != STATUS_SUCCESS)
|
|
{
|
|
SP_RETURN(pctRet);
|
|
}
|
|
|
|
pContext->cbChallenge = SSL2_CHALLENGE_SIZE;
|
|
|
|
pctRet = GenerateUniHelloMessage(pContext, &HelloMessage, fProtocol);
|
|
|
|
pContext->ReadCounter = 0;
|
|
|
|
if(PCT_ERR_OK != pctRet)
|
|
{
|
|
SP_RETURN(pctRet);
|
|
}
|
|
if(PCT_ERR_OK != (pctRet = Ssl2PackClientHello(&HelloMessage, pOutput)))
|
|
{
|
|
SP_RETURN(pctRet);
|
|
}
|
|
|
|
// Save the ClientHello message so we can hash it later, once
|
|
// we know what algorithm and CSP we're using.
|
|
if(pContext->pClientHello)
|
|
{
|
|
SPExternalFree(pContext->pClientHello);
|
|
}
|
|
pContext->pClientHello = SPExternalAlloc(pOutput->cbData);
|
|
if(pContext->pClientHello == NULL)
|
|
{
|
|
SP_RETURN(SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY));
|
|
}
|
|
CopyMemory(pContext->pClientHello, pOutput->pvBuffer, pOutput->cbData);
|
|
pContext->cbClientHello = pOutput->cbData;
|
|
pContext->dwClientHelloProtocol = SP_PROT_SSL2_CLIENT;
|
|
|
|
/* We set this here to tell the protocol engine that we just send a client
|
|
* hello, and we're expecting a pct server hello */
|
|
pContext->WriteCounter = 1;
|
|
pContext->ReadCounter = 0;
|
|
|
|
SP_RETURN(PCT_ERR_OK);
|
|
}
|
|
|
|
SP_STATUS WINAPI
|
|
ClientProtocolHandler(
|
|
PSPContext pContext,
|
|
PSPBuffer pCommInput,
|
|
PSPBuffer pCommOutput)
|
|
{
|
|
PUCHAR pb;
|
|
DWORD dwVersion;
|
|
PSPCredentialGroup pCred;
|
|
|
|
pCred = pContext->pCredGroup;
|
|
if(!pCred)
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
|
|
}
|
|
|
|
/* PCTv1.0 Server Hello starts with
|
|
* RECORD_LENGTH_MSB (ignore)
|
|
* RECORD_LENGTH_LSB (ignore)
|
|
* PCT1_SERVER_HELLO (must be equal)
|
|
* SH_PAD
|
|
* PCT1_CLIENT_VERSION_MSB (must be pct1)
|
|
* PCT1_CLIENT_VERSION_LSB (must be pct1)
|
|
*
|
|
* ... PCT hello ...
|
|
*/
|
|
|
|
|
|
/* SSLv2 Hello starts with
|
|
* RECORD_LENGTH_MSB (ignore)
|
|
* RECORD_LENGTH_LSB (ignore)
|
|
* SSL2_SERVER_HELLO (must be equal)
|
|
* SESSION_ID_HIT
|
|
* CERTIFICATE_TYPE
|
|
* SSL2_CLIENT_VERSION_MSB (Must be ssl2)
|
|
* SSL2_CLIENT_VERSION_LSB (Must be ssl2)
|
|
*
|
|
* ... SSLv2 Hello ...
|
|
*/
|
|
|
|
|
|
/* SSLv3 Type 3 Server Hello starts with
|
|
* 0x15 Hex (HANDSHAKE MESSAGE)
|
|
* VERSION MSB
|
|
* VERSION LSB
|
|
* RECORD_LENGTH_MSB (ignore)
|
|
* RECORD_LENGTH_LSB (ignore)
|
|
* HS TYPE (SERVER_HELLO)
|
|
* 3 bytes HS record length
|
|
* HS Version
|
|
* HS Version
|
|
*/
|
|
|
|
// We need at least 12 bytes to determine what we have.
|
|
if (pCommInput->cbData < 12)
|
|
{
|
|
return(PCT_INT_INCOMPLETE_MSG);
|
|
}
|
|
|
|
pb = pCommInput->pvBuffer;
|
|
|
|
if(pb[0] == SSL3_CT_HANDSHAKE && pb[5] == SSL3_HS_SERVER_HELLO)
|
|
{
|
|
dwVersion = COMBINEBYTES(pb[9], pb[10]);
|
|
|
|
if((dwVersion == SSL3_CLIENT_VERSION) &&
|
|
(pCred->grbitEnabledProtocols & SP_PROT_SSL3_CLIENT))
|
|
{
|
|
// This appears to be an SSL3 server_hello.
|
|
pContext->dwProtocol = SP_PROT_SSL3_CLIENT;
|
|
}
|
|
else if((dwVersion == TLS1_CLIENT_VERSION) &&
|
|
(pCred->grbitEnabledProtocols & SP_PROT_TLS1_CLIENT))
|
|
{
|
|
// This appears to be a TLS server_hello.
|
|
pContext->dwProtocol = SP_PROT_TLS1_CLIENT;
|
|
}
|
|
else
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_ILLEGAL_MSG);
|
|
}
|
|
|
|
pContext->ProtocolHandler = Ssl3ProtocolHandler;
|
|
pContext->DecryptHandler = Ssl3DecryptHandler;
|
|
return(Ssl3ProtocolHandler(pContext, pCommInput, pCommOutput));
|
|
}
|
|
|
|
if(pb[2] == SSL2_MT_SERVER_HELLO)
|
|
{
|
|
dwVersion = COMBINEBYTES(pb[5], pb[6]);
|
|
if(dwVersion == SSL2_CLIENT_VERSION)
|
|
{
|
|
if(!(SP_PROT_SSL2_CLIENT & pCred->grbitEnabledProtocols))
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_ILLEGAL_MSG);
|
|
}
|
|
|
|
// This appears to be an SSL2 server_hello.
|
|
pContext->dwProtocol = SP_PROT_SSL2_CLIENT;
|
|
pContext->ProtocolHandler = Ssl2ClientProtocolHandler;
|
|
pContext->DecryptHandler = Ssl2DecryptHandler;
|
|
return(Ssl2ClientProtocolHandler(pContext, pCommInput, pCommOutput));
|
|
}
|
|
}
|
|
if(pb[2] == PCT1_MSG_SERVER_HELLO)
|
|
{
|
|
DWORD i;
|
|
dwVersion = COMBINEBYTES(pb[4], pb[5]);
|
|
if(dwVersion ==PCT_VERSION_1)
|
|
{
|
|
if(!(SP_PROT_PCT1_CLIENT & pCred->grbitEnabledProtocols))
|
|
{
|
|
return SP_LOG_RESULT(PCT_INT_ILLEGAL_MSG);
|
|
}
|
|
|
|
// Convert challenge from 16 byte to 32 byte
|
|
for(i=0; i < pContext->cbChallenge; i++)
|
|
{
|
|
pContext->pChallenge[i + pContext->cbChallenge] = ~pContext->pChallenge[i];
|
|
}
|
|
pContext->cbChallenge = 2*pContext->cbChallenge;
|
|
|
|
// This appears to be a PCT server_hello.
|
|
pContext->dwProtocol = SP_PROT_PCT1_CLIENT;
|
|
pContext->ProtocolHandler = Pct1ClientProtocolHandler;
|
|
pContext->DecryptHandler = Pct1DecryptHandler;
|
|
return(Pct1ClientProtocolHandler(pContext, pCommInput, pCommOutput));
|
|
}
|
|
}
|
|
|
|
return SP_LOG_RESULT(PCT_INT_ILLEGAL_MSG);
|
|
}
|