archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/wmi/wbem/winmgmt/wbemcomn/msgsig.cpp

312 lines
6.9 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (C) 1996-2001 Microsoft Corporation
  5. Module Name:
  7. Abstract:
  9. History:
  11. --*/
  14. #include "precomp.h"
  15. #include <ntsecapi.h>
  16. #include <wbemcli.h>
  17. #include "msgsig.h"
  19. CSignMessage::CSignMessage() : m_bSign(FALSE), CUnk(NULL) { }
  21. CSignMessage::CSignMessage( HCRYPTKEY hKey, HCRYPTHASH hProv )
  22. : m_hKey( hKey ), m_hProv( hProv ), m_bSign( TRUE ), CUnk(NULL)
  23. {
  25. }
  27. CSignMessage::~CSignMessage()
  28. {
  29. if ( !m_bSign )
  30. {
  31. return;
  32. }
  34. CryptDestroyKey( m_hKey );
  35. CryptReleaseContext( m_hProv, 0 );
  36. }
  38. HRESULT CSignMessage::Sign( BYTE* pMsg, DWORD cMsg, BYTE* pSig, DWORD& rcSig )
  39. {
  40. BOOL bRes;
  41. HCRYPTHASH hHash;
  43. if ( !m_bSign )
  44. {
  45. rcSig = 0;
  46. return S_OK;
  47. }
  49. HMAC_INFO hmac;
  50. ZeroMemory( &hmac, sizeof(HMAC_INFO) );
  51. hmac.HashAlgid = CALG_MD5;
  53. bRes = CryptCreateHash( m_hProv, CALG_HMAC, m_hKey, 0, &hHash );
  55. if ( !bRes )
  56. {
  57. return HRESULT_FROM_WIN32( GetLastError() );
  58. }
  60. bRes = CryptSetHashParam( hHash, HP_HMAC_INFO, LPBYTE(&hmac), 0 );
  62. if ( !bRes )
  63. {
  64. return HRESULT_FROM_WIN32( GetLastError() );
  65. }
  67. bRes = CryptHashData( hHash, pMsg, cMsg, 0 );
  69. if ( !bRes )
  70. {
  71. return HRESULT_FROM_WIN32( GetLastError() );
  72. }
  74. bRes = CryptGetHashParam( hHash, HP_HASHVAL, pSig, &rcSig, 0 );
  76. if ( !bRes )
  77. {
  78. return HRESULT_FROM_WIN32( GetLastError() );
  79. }
  81. CryptDestroyHash( hHash );
  83. return S_OK;
  84. }
  86. HRESULT CSignMessage::Verify( BYTE* pMsg, DWORD cMsg, BYTE* pSig, DWORD cSig )
  87. {
  88. HRESULT hr;
  90. if ( !m_bSign )
  91. {
  92. return cSig == 0 ? S_OK : S_FALSE;
  93. }
  95. BYTE achCheckSig[256];
  96. DWORD cCheckSig = 256;
  98. hr = Sign( pMsg, cMsg, achCheckSig, cCheckSig );
  100. if ( FAILED(hr) )
  101. {
  102. return hr;
  103. }
  105. if ( cSig != cCheckSig )
  106. {
  107. return S_FALSE;
  108. }
  110. return memcmp( achCheckSig, pSig, cSig ) == 0 ? S_OK : S_FALSE;
  111. }
  113. #define PRIV_DATA_SZ 256
  115. HRESULT CSignMessage::Create( LPCWSTR wszName, CSignMessage** ppSignMsg )
  116. {
  117. BOOL bRes;
  118. HCRYPTHASH hHash;
  119. HCRYPTPROV hProv;
  120. HCRYPTKEY hKey;
  122. *ppSignMsg = NULL;
  124. //
  125. // First get OS version. If win9x, no signing will actually be done.
  126. // Only thing keeping from doing win9x is we need a place to securely
  127. // store private data. For NT, we use an LSA secret.
  128. //
  130. OSVERSIONINFO os;
  131. os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
  132. bRes = GetVersionEx(&os);
  134. if ( !bRes )
  135. {
  136. return HRESULT_FROM_WIN32( GetLastError() );
  137. }
  139. if ( os.dwPlatformId != VER_PLATFORM_WIN32_NT )
  140. {
  141. *ppSignMsg = new CSignMessage();
  143. if ( *ppSignMsg == NULL )
  144. {
  145. return WBEM_E_OUT_OF_MEMORY;
  146. }
  148. (*ppSignMsg)->AddRef();
  149. return S_OK;
  150. }
  152. //
  153. // Now obtain (or create) the secret data to derive private signing key
  154. //
  156. bRes = CryptAcquireContext( &hProv,
  157. NULL,
  158. NULL,
  159. PROV_RSA_FULL,
  160. CRYPT_VERIFYCONTEXT );
  161. if ( !bRes )
  162. {
  163. return HRESULT_FROM_WIN32( GetLastError() );
  164. }
  166. //
  167. // need to create a hash object. This will be used for deriving
  168. // keys for encryption/decryption. The hash object will be initialized
  169. // with the 'secret' random bytes.
  170. //
  172. bRes = CryptCreateHash( hProv, CALG_MD5, 0, 0, &hHash );
  174. if ( !bRes )
  175. {
  176. CryptReleaseContext( hProv, 0 );
  177. return HRESULT_FROM_WIN32( GetLastError() );
  178. }
  180. //
  181. // Open lsa policy. This is where we store our 'secret' bytes.
  182. //
  184. NTSTATUS stat;
  185. PLSA_UNICODE_STRING pPrivateData;
  186. LSA_OBJECT_ATTRIBUTES ObjectAttr;
  187. LSA_HANDLE hPolicy;
  189. ZeroMemory( &ObjectAttr, sizeof(LSA_OBJECT_ATTRIBUTES) );
  191. stat = LsaOpenPolicy( NULL, &ObjectAttr, POLICY_ALL_ACCESS, &hPolicy );
  193. if ( !NT_SUCCESS(stat) )
  194. {
  195. CryptDestroyHash( hHash );
  196. CryptReleaseContext( hProv, 0 );
  197. return stat;
  198. }
  200. //
  201. // now need to get Private Data, which is just stored random bytes.
  202. //
  204. LSA_UNICODE_STRING PrivateKeyName;
  205. PrivateKeyName.Length = wcslen(wszName)*2;
  206. PrivateKeyName.MaximumLength = PrivateKeyName.Length + 2;
  207. PrivateKeyName.Buffer = (WCHAR*)wszName;
  209. stat = LsaRetrievePrivateData( hPolicy,
  210. &PrivateKeyName,
  211. &pPrivateData );
  212. if ( NT_SUCCESS(stat) )
  213. {
  214. //
  215. // we've obtained the private data, fill the hash obj with it.
  216. //
  218. bRes = CryptHashData( hHash,
  219. PBYTE(pPrivateData->Buffer),
  220. pPrivateData->Length,
  221. 0 );
  222. if ( !bRes )
  223. {
  224. stat = GetLastError();
  225. }
  227. ZeroMemory( PBYTE(pPrivateData->Buffer), pPrivateData->Length );
  228. LsaFreeMemory( pPrivateData );
  229. }
  230. else if ( stat == STATUS_OBJECT_NAME_NOT_FOUND )
  231. {
  232. BYTE achPrivateData[PRIV_DATA_SZ];
  234. //
  235. // generate the private data and fill the hash obj with it.
  236. //
  238. if ( CryptGenRandom( hProv, PRIV_DATA_SZ, achPrivateData ) )
  239. {
  240. if ( CryptHashData( hHash, achPrivateData, PRIV_DATA_SZ, 0 ) )
  241. {
  242. //
  243. // now store the randomly generated bytes as private data ...
  244. //
  246. LSA_UNICODE_STRING PrivateData;
  247. PrivateData.Length = PRIV_DATA_SZ;
  248. PrivateData.MaximumLength = PRIV_DATA_SZ;
  249. PrivateData.Buffer = (WCHAR*)achPrivateData;
  251. stat = LsaStorePrivateData( hPolicy,
  252. &PrivateKeyName,
  253. &PrivateData );
  255. ZeroMemory( achPrivateData, sizeof(achPrivateData) );
  256. }
  257. else
  258. {
  259. stat = GetLastError();
  260. }
  261. }
  262. else
  263. {
  264. stat = GetLastError();
  265. }
  266. }
  268. LsaClose( hPolicy );
  270. if ( !NT_SUCCESS(stat) )
  271. {
  272. CryptDestroyHash( hHash );
  273. CryptReleaseContext( hProv, 0 );
  274. return HRESULT_FROM_WIN32( stat );
  275. }
  277. //
  278. // now derive the key from the hash object. for MAC, key must use
  279. // RC2 with a CBC mode (default for RC2).
  280. //
  282. bRes = CryptDeriveKey( hProv, CALG_RC2, hHash, 0, &hKey );
  284. CryptDestroyHash( hHash );
  286. if ( !bRes )
  287. {
  288. CryptReleaseContext( hProv, 0 );
  289. return HRESULT_FROM_WIN32( GetLastError() );
  290. }
  292. //
  293. // we have successfully derived our private signing key.
  294. //
  296. *ppSignMsg = new CSignMessage( hKey, hProv );
  298. if ( *ppSignMsg == NULL )
  299. {
  300. return WBEM_E_OUT_OF_MEMORY;
  301. }
  303. (*ppSignMsg)->AddRef();
  305. return S_OK;
  306. }