Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: context.h
//
// Contents: Schannel context declarations.
//
// Classes:
//
// Functions:
//
// History: 09-23-97 jbanes Ported over SGC stuff from NT 4 tree.
//
//----------------------------------------------------------------------------
#include <sha.h>
#include <md5.h>
#include <ssl3.h>
#define SP_CONTEXT_MAGIC *(DWORD *)"!Tcp"
typedef struct _SPContext { DWORD Magic; /* tags structure */
DWORD State; /* the current state the connection is in */
DWORD Flags;
/* data for the context that can be used
* to start a new session */ PSessCacheItem RipeZombie; /* cacheable context that is being used */ PSPCredentialGroup pCredGroup; PSPCredential pActiveClientCred; LPWSTR pszTarget; LPWSTR pszCredentialName;
DWORD dwProtocol; DWORD dwClientEnabledProtocols;
CRED_THUMBPRINT ContextThumbprint;
// Pointers to cipher info used
// during transmission of bulk data.
PCipherInfo pCipherInfo; PCipherInfo pReadCipherInfo; PCipherInfo pWriteCipherInfo; PHashInfo pHashInfo; PHashInfo pReadHashInfo; PHashInfo pWriteHashInfo; PKeyExchangeInfo pKeyExchInfo; /* functions pointing to the various handlers for this protocol */ SPDecryptMessageFn Decrypt; SPEncryptMessageFn Encrypt; SPProtocolHandlerFn ProtocolHandler; SPDecryptHandlerFn DecryptHandler; SPInitiateHelloFn InitiateHello; SPGetHeaderSizeFn GetHeaderSize;
/* session crypto state */
// encryption key size.
DWORD KeySize;
// Encryption states
HCRYPTPROV hReadProv; HCRYPTPROV hWriteProv; HCRYPTKEY hReadKey; HCRYPTKEY hWriteKey; HCRYPTKEY hPendingReadKey; HCRYPTKEY hPendingWriteKey;
HCRYPTKEY hReadMAC; HCRYPTKEY hWriteMAC; HCRYPTKEY hPendingReadMAC; HCRYPTKEY hPendingWriteMAC;
// Packet Sequence counters.
DWORD ReadCounter; DWORD WriteCounter;
DWORD cbConnectionID; UCHAR pConnectionID[SP_MAX_CONNECTION_ID]; DWORD cbChallenge; UCHAR pChallenge[SP_MAX_CHALLENGE];
// Save copy of client hello to hash for verification.
DWORD cbClientHello; PUCHAR pClientHello; DWORD dwClientHelloProtocol;
// Pending cipher info, used to generate keys
PCipherInfo pPendingCipherInfo; PHashInfo pPendingHashInfo;
// SSL3 specific items.
UCHAR bAlertLevel; // Used for SSL3 & TLS1 alert messages
UCHAR bAlertNumber;
BOOL fAppProcess; BOOL fExchKey; // Did we sent a Exchnage key message
BOOL fCertReq; //Did we request a certificatefor server and Should I need to send a cert for client
BOOL fInsufficientCred; //This will be TRUE when the pCred inside
//pContext doesn't match the CR list. from the server.
HCRYPTHASH hMd5Handshake; HCRYPTHASH hShaHandshake;
PUCHAR pbIssuerList; DWORD cbIssuerList;
PUCHAR pbEncryptedKey; DWORD cbEncryptedKey;
PUCHAR pbServerKeyExchange; DWORD cbServerKeyExchange; WORD wS3CipherSuiteClient; WORD wS3CipherSuiteServer; DWORD dwPendingCipherSuiteIndex;
UCHAR rgbS3CRandom[CB_SSL3_RANDOM]; UCHAR rgbS3SRandom[CB_SSL3_RANDOM];
DWORD cSsl3ClientCertTypes; DWORD Ssl3ClientCertTypes[SSL3_MAX_CLIENT_CERTS];
// Server Gated Crypto
DWORD dwRequestedCF;
// Allow cert chains for PCT1
BOOL fCertChainsAllowed;
} SPContext, * PSPContext;
typedef struct _SPPackedContext { DWORD Magic; DWORD State; DWORD Flags; DWORD dwProtocol;
CRED_THUMBPRINT ContextThumbprint;
DWORD dwCipherInfo; DWORD dwHashInfo; DWORD dwKeyExchInfo;
DWORD dwExchStrength;
DWORD ReadCounter; DWORD WriteCounter;
ULARGE_INTEGER hMasterProv; ULARGE_INTEGER hReadKey; ULARGE_INTEGER hWriteKey; ULARGE_INTEGER hReadMAC; ULARGE_INTEGER hWriteMAC;
ULARGE_INTEGER hLocator; DWORD LocatorStatus;
DWORD cbSessionID; UCHAR SessionID[SP_MAX_SESSION_ID];
} SPPackedContext, *PSPPackedContext;
/* Flags */#define CONTEXT_FLAG_CLIENT 0x00000001
#define CONTEXT_FLAG_USE_SUPPLIED_CREDS 0x00000080 // Don't search for default credential.
#define CONTEXT_FLAG_MUTUAL_AUTH 0x00000100
#define CONTEXT_FLAG_EXT_ERR 0x00000200 /* Generate error message on error */
#define CONTEXT_FLAG_NO_INCOMPLETE_CRED_MSG 0x00000400 /* don't generate an INCOMPLETE CREDS message */
#define CONTEXT_FLAG_CONNECTION_MODE 0x00001000 /* as opposed to stream mode */
#define CONTEXT_FLAG_NOCACHE 0x00002000 /* do not look things up in the cache */
#define CONTEXT_FLAG_MANUAL_CRED_VALIDATION 0x00004000 // Don't validate server cert.
#define CONTEXT_FLAG_FULL_HANDSHAKE 0x00008000
#define CONTEXT_FLAG_MAPPED 0x40000000
#define CONTEXT_FLAG_SERIALIZED 0x80000000
#ifdef DBG
PSTR DbgGetNameOfCrypto(DWORD x);#endif
PSPContext SPContextCreate(LPWSTR pszTarget);
BOOLSPContextClean(PSPContext pContext);
BOOL SPContextDelete(PSPContext pContext);
SP_STATUS SPContextSetCredentials( PSPContext pContext, PSPCredentialGroup pCred);
SP_STATUSContextInitCiphersFromCache( SPContext *pContext);
SP_STATUSContextInitCiphers( SPContext *pContext, BOOL fRead, BOOL fWrite);
SP_STATUS SPContextDoMapping( PSPContext pContext);
SP_STATUSRemoveDuplicateIssuers( PBYTE pbIssuers, PDWORD pcbIssuers);
SP_STATUSSPContextGetIssuers( PSPCredentialGroup pCredGroup);
BOOL FGetServerIssuer( PBYTE pbIssuer, DWORD *pdwIssuer);
SP_STATUSSPPickClientCertificate( PSPContext pContext, DWORD dwExchSpec);
SP_STATUSSPPickServerCertificate( PSPContext pContext, DWORD dwExchSpec);
SP_STATUS DetermineClientCSP(PSPContext pContext);
typedef BOOL(WINAPI * SERIALIZE_LOCATOR_FN)( HLOCATOR Locator, HLOCATOR * NewLocator);
SP_STATUSSPContextSerialize( PSPContext pContext, SERIALIZE_LOCATOR_FN LocatorMove, PBYTE * ppBuffer, PDWORD pcbBuffer, BOOL fDestroyKeys);
SP_STATUSSPContextDeserialize( PBYTE pbBuffer, PSPContext *ppContext);
BOOLLsaContextDelete(PSPContext pContext);
|
