archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/irtl/icrypt/lib/storage.cxx

879 lines
16 KiB
Raw Blame History

/*++
Copyright (c) 1997 Microsoft Corporation
Module Name:
storage.cxx
Abstract:
This module implements the IIS_CRYPTO_STORAGE class.
Author:
Keith Moore (keithmo) 02-Dec-1996
Revision History:
--*/
#include "precomp.hxx"
#pragma hdrstop
//
// Private constants.
//
//
// Private types.
//
//
// Private globals.
//
//
// Private prototypes.
//
//
// Public functions.
//
IIS_CRYPTO_STORAGE::IIS_CRYPTO_STORAGE()
/*++
Routine Description:
IIS_CRYPTO_STORAGE class constructor. Just sets the member variables
to known values; does nothing that can actually fail. All of the
hard work is in the Initialize() methods.
Arguments:
None.
Return Value:
None.
--*/
{
//
// Set the handles to known values so we know what to cleanup
// in the destructor.
//
m_hSessionKey = CRYPT_NULL;
} // IIS_CRYPTO_STORAGE::IIS_CRYPTO_STORAGE
IIS_CRYPTO_STORAGE::~IIS_CRYPTO_STORAGE()
/*++
Routine Description:
IIS_CRYPTO_STORAGE class destructor. Performs any necessary cleanup.
Arguments:
None.
Return Value:
None.
--*/
{
//
// Close any open keys.
//
CLOSE_KEY( m_hSessionKey );
} // IIS_CRYPTO_STORAGE::~IIS_CRYPTO_STORAGE
HRESULT
IIS_CRYPTO_STORAGE::Initialize(
IN BOOL fUseMachineKeyset,
IN HCRYPTPROV hProv
)
/*++
Routine Description:
Generates a new (random) session key.
Arguments:
fUseMachineKeyset - TRUE if the per-machine keyset container should
be used, as opposed to the per-user keyset container.
hProv - Optional handle to a pre-opened crypto provider.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
//
// Initialize the base class.
//
result = IIS_CRYPTO_BASE::Initialize(
hProv,
CRYPT_NULL,
CRYPT_NULL,
fUseMachineKeyset
);
if( SUCCEEDED(result) ) {
//
// Generate the session key.
//
result = ::IISCryptoGenerateSessionKey(
&m_hSessionKey,
m_hProv
);
if( FAILED(result) ) {
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IISCryptoGenerateSessionKey err=0x%x.\n",result));
}
}
else
{
// something failed.
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize:IIS_CRYPTO_BASE::Initialize Failed err=0x%x.\n",result));
}
return result;
} // IIS_CRYPTO_STORAGE::Initialize
HRESULT
IIS_CRYPTO_STORAGE2::Initialize(
IN HCRYPTPROV hProv
)
/*++
Routine Description:
Generates a new (random) session key.
Arguments:
hProv - Optional handle to a pre-opened crypto provider.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
//
// Initialize the base class.
//
result = Initialize2( hProv );
if( SUCCEEDED(result) ) {
//
// Generate the session key.
//
result = ::IISCryptoGenerateSessionKey(
&m_hSessionKey,
m_hProv
);
if( FAILED(result) ) {
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IISCryptoGenerateSessionKey err=0x%x.\n",result));
}
}
else
{
// something failed.
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize:IIS_CRYPTO_BASE::Initialize Failed err=0x%x.\n",result));
}
return result;
} // IIS_CRYPTO_STORAGE2::Initialize
HRESULT
IIS_CRYPTO_STORAGE::Initialize(
IN PIIS_CRYPTO_BLOB pSessionKeyBlob,
IN BOOL fUseMachineKeyset,
IN HCRYPTPROV hProv
)
/*++
Routine Description:
Imports the specified session key blob.
Arguments:
pSessionKeyBlob - Points to the secure key blob to import.
fUseMachineKeyset - TRUE if the per-machine keyset container should
be used, as opposed to the per-user keyset container.
hProv - Optional handle to a pre-opened crypto provider.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
DBG_ASSERT( pSessionKeyBlob != NULL );
//
// Initialize the base class.
//
result = IIS_CRYPTO_BASE::Initialize(
hProv,
CRYPT_NULL,
CRYPT_NULL,
fUseMachineKeyset
);
if( SUCCEEDED(result) ) {
//
// Import the session key blob.
//
result = SafeImportSessionKeyBlob(
&m_hSessionKey,
pSessionKeyBlob,
m_hProv,
m_hSignatureKey
);
if( FAILED(result) ) {
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize SafeImportSessionKeyBlob failed err=0x%x.\n",result));
}
}
else
{
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IIS_CRYPTO_BASE::Initialize failed err=0x%x.\n",result));
}
return result;
} // IIS_CRYPTO_STORAGE::Initialize
HRESULT
IIS_CRYPTO_STORAGE2::Initialize(
IN PIIS_CRYPTO_BLOB pSessionKeyBlob,
IN LPSTR pszPasswd,
IN HCRYPTPROV hProv
)
/*++
Routine Description:
Imports the specified session key blob.
Arguments:
pSessionKeyBlob - Points to the secure key blob to import.
hProv - Optional handle to a pre-opened crypto provider.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
DBG_ASSERT( pszPasswd != NULL );
DBG_ASSERT( pSessionKeyBlob != NULL );
//
// Initialize the base class.
//
result = IIS_CRYPTO_BASE::Initialize( hProv );
if( SUCCEEDED(result) ) {
//
// Import the session key blob.
//
result = SafeImportSessionKeyBlob2(
&m_hSessionKey,
pSessionKeyBlob,
m_hProv,
pszPasswd
);
if( FAILED(result) ) {
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize SafeImportSessionKeyBlob failed err=0x%x.\n",result));
}
}
else
{
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IIS_CRYPTO_BASE::Initialize failed err=0x%x.\n",result));
}
return result;
} // IIS_CRYPTO_STORAGE2::Initialize
HRESULT
IIS_CRYPTO_STORAGE::Initialize(
IN HCRYPTPROV hProv,
IN HCRYPTKEY hSessionKey,
IN HCRYPTKEY hKeyExchangeKey,
IN HCRYPTKEY hSignatureKey,
IN BOOL fUseMachineKeyset
)
/*++
Routine Description:
Initializes the object using pre-created provider and session key.
Arguments:
hProv - An open handle to a crypto provider.
hSessionKey - The session key for the object.
hKeyExchangeKey - A pre-opened key exchange key.
hSignatureKey - A pre-opened signature key.
fUseMachineKeyset - TRUE if the per-machine keyset container should
be used, as opposed to the per-user keyset container.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( m_hSessionKey == CRYPT_NULL );
DBG_ASSERT( hSessionKey != CRYPT_NULL );
//
// Initialize the base class.
//
result = IIS_CRYPTO_BASE::Initialize(
hProv,
hKeyExchangeKey,
hSignatureKey,
fUseMachineKeyset
);
if( SUCCEEDED(result) ) {
//
// Save the session key.
//
m_hSessionKey = hSessionKey;
}
else
{
DBGPRINTF(( DBG_CONTEXT,"IIS_CRYPTO_STORAGE::Initialize IIS_CRYPTO_BASE::Initialize failed err=0x%x.\n",result));
}
return result;
} // IIS_CRYPTO_STORAGE::Initialize
HRESULT
IIS_CRYPTO_STORAGE::GetSessionKeyBlob(
OUT PIIS_CRYPTO_BLOB * ppSessionKeyBlob
)
/*++
Routine Description:
Exports the session key as a secure key blob.
Arguments:
ppSessionKeyBlob - Receives a pointer to the session key secure
blob if successful.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( ValidateState() );
DBG_ASSERT( ppSessionKeyBlob != NULL );
//
// Let the IIS Crypto APIs do the dirty work.
//
result = SafeExportSessionKeyBlob(
ppSessionKeyBlob,
m_hProv,
m_hSessionKey,
m_hKeyExchangeKey
);
return result;
} // IIS_CRYPTO_STORAGE::GetSessionKeyBlob
HRESULT
IIS_CRYPTO_STORAGE2::GetSessionKeyBlob(
IN LPSTR pszPasswd,
OUT PIIS_CRYPTO_BLOB * ppSessionKeyBlob
)
/*++
Routine Description:
Exports the session key as a secure key blob.
Arguments:
ppSessionKeyBlob - Receives a pointer to the session key secure
blob if successful.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( ValidateState() );
DBG_ASSERT( ppSessionKeyBlob != NULL );
//
// Let the IIS Crypto APIs do the dirty work.
//
result = SafeExportSessionKeyBlob2(
ppSessionKeyBlob,
m_hProv,
m_hSessionKey,
pszPasswd
);
return result;
} // IIS_CRYPTO_STORAGE2::GetSessionKeyBlob
HRESULT
IIS_CRYPTO_STORAGE::EncryptData(
OUT PIIS_CRYPTO_BLOB * ppDataBlob,
IN PVOID pBuffer,
IN DWORD dwBufferLength,
IN DWORD dwRegType
)
/*++
Routine Description:
Encrypts a block of data and produces a secure data blob.
Arguments:
ppDataBlob - Receives a pointer to the secure data blob if
successful.
pBuffer - Pointer to the buffer to encrypt.
dwBufferLength - The length of the data buffer.
dwRegType - The REG_* type for the data.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( ValidateState() );
DBG_ASSERT( ppDataBlob != NULL );
DBG_ASSERT( pBuffer != NULL );
//
// Let the IIS Crypto APIs do the dirty work.
//
result = SafeEncryptDataBlob(
ppDataBlob,
pBuffer,
dwBufferLength,
dwRegType,
m_hProv,
m_hSessionKey
);
return result;
} // IIS_CRYPTO_STORAGE::EncryptData
HRESULT
IIS_CRYPTO_STORAGE2::EncryptData(
OUT PIIS_CRYPTO_BLOB * ppDataBlob,
IN PVOID pBuffer,
IN DWORD dwBufferLength,
IN DWORD dwRegType
)
/*++
Routine Description:
Encrypts a block of data and produces a secure data blob.
Arguments:
ppDataBlob - Receives a pointer to the secure data blob if
successful.
pBuffer - Pointer to the buffer to encrypt.
dwBufferLength - The length of the data buffer.
dwRegType - The REG_* type for the data.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( ValidateState() );
DBG_ASSERT( ppDataBlob != NULL );
DBG_ASSERT( pBuffer != NULL );
//
// Let the IIS Crypto APIs do the dirty work.
//
result = SafeEncryptDataBlob2(
ppDataBlob,
pBuffer,
dwBufferLength,
dwRegType,
m_hProv,
m_hSessionKey
);
return result;
} // IIS_CRYPTO_STORAGE2::EncryptData
HRESULT
IIS_CRYPTO_STORAGE::DecryptData(
OUT PVOID * ppBuffer,
OUT LPDWORD pdwBufferLength,
OUT LPDWORD pdwRegType,
IN PIIS_CRYPTO_BLOB pDataBlob
)
/*++
Routine Description:
Decrypts a secure data blob, producing a data pointer and data
length.
Arguments:
ppBuffer - Receives a pointer to the decrypted data if succesful.
pdwBufferLength - Receives the length of the data buffer.
pdwRegType - Receives the REG_* type of the data.
pDataBlob - A pointer to the data blob to decrypt.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( ValidateState() );
DBG_ASSERT( ppBuffer != NULL );
DBG_ASSERT( pdwBufferLength != NULL );
DBG_ASSERT( pdwRegType != NULL );
DBG_ASSERT( pDataBlob != NULL );
//
// Let the IIS Crypto APIs do the dirty work.
//
result = ::IISCryptoDecryptDataBlob(
ppBuffer,
pdwBufferLength,
pdwRegType,
pDataBlob,
m_hProv,
m_hSessionKey,
m_hSignatureKey
);
return result;
} // IIS_CRYPTO_STORAGE::DecryptData
HRESULT
IIS_CRYPTO_STORAGE2::DecryptData(
OUT PVOID * ppBuffer,
OUT LPDWORD pdwBufferLength,
OUT LPDWORD pdwRegType,
IN PIIS_CRYPTO_BLOB pDataBlob
)
/*++
Routine Description:
Decrypts a secure data blob, producing a data pointer and data
length.
Arguments:
ppBuffer - Receives a pointer to the decrypted data if succesful.
pdwBufferLength - Receives the length of the data buffer.
pdwRegType - Receives the REG_* type of the data.
pDataBlob - A pointer to the data blob to decrypt.
Return Value:
HRESULT - Completion status, 0 if successful, !0 otherwise.
--*/
{
HRESULT result;
//
// Sanity check.
//
DBG_ASSERT( ValidateState() );
DBG_ASSERT( ppBuffer != NULL );
DBG_ASSERT( pdwBufferLength != NULL );
DBG_ASSERT( pdwRegType != NULL );
DBG_ASSERT( pDataBlob != NULL );
//
// Let the IIS Crypto APIs do the dirty work.
//
result = ::IISCryptoDecryptDataBlob2(
ppBuffer,
pdwBufferLength,
pdwRegType,
pDataBlob,
m_hProv,
m_hSessionKey
);
return result;
} // IIS_CRYPTO_STORAGE2::DecryptData
//
// Private functions.
//
#if DBG
BOOL
IIS_CRYPTO_STORAGE::ValidateState()
/*++
Routine Description:
This debug-only routine validates the current object state.
Arguments:
None.
Return Value:
BOOL - TRUE if state is valid, FALSE otherwise.
--*/
{
if( m_hSessionKey != CRYPT_NULL ) {
return IIS_CRYPTO_BASE::ValidateState();
}
return FALSE;
} // IIS_CRYPTO_STORAGE::ValidateState
BOOL
IIS_CRYPTO_STORAGE2::ValidateState()
/*++
Routine Description:
This debug-only routine validates the current object state.
Arguments:
None.
Return Value:
BOOL - TRUE if state is valid, FALSE otherwise.
--*/
{
if( m_hSessionKey != CRYPT_NULL ) {
return IIS_CRYPTO_BASE::ValidateState2();
}
return FALSE;
} // IIS_CRYPTO_STORAGE::ValidateState
#endif // DBG