archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/schannel/spbase/serial.c

836 lines
23 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 2000.
  5. //
  6. // File: serial.c
  7. //
  8. // Contents: Schannel context serialization routines.
  9. //
  10. // Functions: SPContextSerialize
  11. // SPContextDeserialize
  12. //
  13. // History: 02-15-00 jbanes Created.
  14. //
  15. //----------------------------------------------------------------------------
  17. #include <spbase.h>
  18. #include <certmap.h>
  19. #include <mapper.h>
  20. #include <align.h>
  22. typedef enum _SERIALIZED_ITEM_TYPE
  23. {
  24. SslEndOfBuffer = 0,
  25. SslContext,
  26. SslReadKey,
  27. SslReadMac,
  28. SslWriteKey,
  29. SslWriteMac,
  30. SslMapper,
  31. SslRemoteCertificate
  32. } SERIALIZED_ITEM_TYPE;
  34. typedef struct _SERIALIZED_ITEM_TAG
  35. {
  36. DWORD Type;
  37. DWORD Length;
  38. DWORD DataLength;
  39. DWORD reserved;
  40. } SERIALIZED_ITEM_TAG;
  42. #define TAG_LENGTH sizeof(SERIALIZED_ITEM_TAG)
  45. DWORD
  46. GetSerializedKeyLength(
  47. HCRYPTKEY hKey)
  48. {
  49. DWORD cbKey;
  51. if(!CryptExportKey(hKey, 0, OPAQUEKEYBLOB, 0, NULL, &cbKey))
  52. {
  53. SP_LOG_RESULT(GetLastError());
  54. return 0;
  55. }
  57. return ROUND_UP_COUNT(TAG_LENGTH + cbKey, ALIGN_LPVOID);
  58. }
  61. SP_STATUS
  62. SerializeKey(
  63. HCRYPTKEY hKey,
  64. SERIALIZED_ITEM_TYPE Type,
  65. PBYTE pbBuffer,
  66. PDWORD pcbBuffer)
  67. {
  68. SERIALIZED_ITEM_TAG *pTag;
  69. PBYTE pbKey;
  70. DWORD cbKey;
  72. if(*pcbBuffer <= TAG_LENGTH)
  73. {
  74. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  75. }
  77. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  79. pbKey = pbBuffer + TAG_LENGTH;
  80. cbKey = *pcbBuffer - TAG_LENGTH;
  82. if(!CryptExportKey(hKey, 0, OPAQUEKEYBLOB, 0, pbKey, &cbKey))
  83. {
  84. SP_LOG_RESULT(GetLastError());
  85. return PCT_INT_INTERNAL_ERROR;
  86. }
  88. pTag->Type = Type;
  89. pTag->Length = ROUND_UP_COUNT(cbKey, ALIGN_LPVOID);
  90. pTag->DataLength = cbKey;
  92. if(*pcbBuffer <= TAG_LENGTH + pTag->Length)
  93. {
  94. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  95. }
  97. *pcbBuffer = TAG_LENGTH + pTag->Length;
  99. return PCT_ERR_OK;
  100. }
  103. SP_STATUS
  104. SerializeContext(
  105. PSPContext pContext,
  106. SERIALIZE_LOCATOR_FN LocatorMove,
  107. PBYTE pbBuffer,
  108. PDWORD pcbBuffer,
  109. BOOL fDestroyKeys)
  110. {
  111. DWORD cbData;
  112. DWORD cbBuffer;
  113. DWORD cbBytesNeeded;
  114. SERIALIZED_ITEM_TAG *pTag;
  115. PSessCacheItem pZombie;
  116. SP_STATUS pctRet;
  118. //
  119. // Initialize buffer pointers.
  120. //
  122. if(pbBuffer == NULL)
  123. {
  124. cbBuffer = 0;
  125. }
  126. else
  127. {
  128. cbBuffer = *pcbBuffer;
  129. }
  131. pZombie = pContext->RipeZombie;
  134. //
  135. // Context structure.
  136. //
  138. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + sizeof(SPPackedContext),
  139. ALIGN_LPVOID);
  141. if(pbBuffer == NULL)
  142. {
  143. cbBuffer += cbBytesNeeded;
  144. }
  145. else
  146. {
  147. PSPPackedContext pSerialContext;
  148. HLOCATOR hLocator;
  150. if(cbBuffer < cbBytesNeeded)
  151. {
  152. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  153. }
  155. pContext->Flags |= CONTEXT_FLAG_SERIALIZED;
  157. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  158. pSerialContext = (PSPPackedContext)(pbBuffer + TAG_LENGTH);
  160. pTag->Type = SslContext;
  161. pTag->Length = cbBytesNeeded - TAG_LENGTH;
  163. pSerialContext->Magic = pContext->Magic;
  164. pSerialContext->State = pContext->State;
  165. pSerialContext->Flags = pContext->Flags;
  166. pSerialContext->dwProtocol = pContext->dwProtocol;
  168. pSerialContext->ContextThumbprint = pContext->ContextThumbprint;
  170. pSerialContext->dwCipherInfo = (DWORD)(pContext->pCipherInfo - g_AvailableCiphers);
  171. pSerialContext->dwHashInfo = (DWORD)(pContext->pHashInfo - g_AvailableHashes);
  172. pSerialContext->dwKeyExchInfo = (DWORD)(pContext->pKeyExchInfo - g_AvailableExch);
  174. pSerialContext->dwExchStrength = pContext->RipeZombie->dwExchStrength;
  176. pSerialContext->ReadCounter = pContext->ReadCounter;
  177. pSerialContext->WriteCounter = pContext->WriteCounter;
  179. if(pZombie->fProtocol & SP_PROT_SERVERS)
  180. {
  181. if(pZombie->pActiveServerCred)
  182. {
  183. #ifdef _WIN64
  184. pSerialContext->hMasterProv.QuadPart = (ULONGLONG)pZombie->pActiveServerCred->hRemoteProv;
  185. #else
  186. pSerialContext->hMasterProv.LowPart = (DWORD)pZombie->pActiveServerCred->hRemoteProv;
  187. #endif
  188. }
  190. // Copy the locator.
  191. if(pZombie->phMapper && pZombie->hLocator && LocatorMove)
  192. {
  193. if(pZombie->phMapper->m_dwFlags & SCH_FLAG_SYSTEM_MAPPER)
  194. {
  195. // The locator belongs to the system mapper and consists
  196. // of a user token, so use the DuplicateHandle function
  197. // to make a copy.
  198. LocatorMove(pZombie->hLocator, &hLocator);
  199. }
  200. else
  201. {
  202. hLocator = pZombie->hLocator;
  203. }
  205. #ifdef _WIN64
  206. pSerialContext->hLocator.QuadPart = (ULONGLONG)hLocator;
  207. #else
  208. pSerialContext->hLocator.LowPart = (DWORD)hLocator;
  209. #endif
  210. }
  212. pSerialContext->LocatorStatus = pZombie->LocatorStatus;
  213. }
  215. pSerialContext->cbSessionID = pZombie->cbSessionID;
  216. memcpy(pSerialContext->SessionID, pZombie->SessionID, pZombie->cbSessionID);
  218. pbBuffer += cbBytesNeeded;
  219. cbBuffer -= cbBytesNeeded;
  220. }
  223. //
  224. // Certificate mapper structure.
  225. //
  227. if(pContext->RipeZombie->phMapper)
  228. {
  229. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + sizeof(PVOID),
  230. ALIGN_LPVOID);
  232. if(pbBuffer == NULL)
  233. {
  234. cbBuffer += cbBytesNeeded;
  235. }
  236. else
  237. {
  238. if(cbBuffer < cbBytesNeeded)
  239. {
  240. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  241. }
  243. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  245. pTag->Type = SslMapper;
  246. pTag->Length = cbBytesNeeded - TAG_LENGTH;
  248. CopyMemory(pbBuffer + TAG_LENGTH,
  249. &pZombie->phMapper->m_Reserved1,
  250. sizeof(PVOID));
  252. pbBuffer += cbBytesNeeded;
  253. cbBuffer -= cbBytesNeeded;
  254. }
  255. }
  258. //
  259. // Data encryption and MAC keys.
  260. //
  262. if(pContext->pCipherInfo->aiCipher != CALG_NULLCIPHER)
  263. {
  264. // Read key.
  265. if(pbBuffer == NULL)
  266. {
  267. cbBuffer += GetSerializedKeyLength(pContext->hReadKey);
  268. }
  269. else
  270. {
  271. cbData = cbBuffer;
  272. pctRet = SerializeKey(pContext->hReadKey,
  273. SslReadKey,
  274. pbBuffer,
  275. &cbData);
  276. if(pctRet != PCT_ERR_OK)
  277. {
  278. return pctRet;
  279. }
  280. if(fDestroyKeys)
  281. {
  282. if(!CryptDestroyKey(pContext->hReadKey))
  283. {
  284. SP_LOG_RESULT(GetLastError());
  285. }
  286. pContext->hReadKey = 0;
  287. }
  289. pbBuffer += cbData;
  290. cbBuffer -= cbData;
  291. }
  293. // Write key.
  294. if(pbBuffer == NULL)
  295. {
  296. cbBuffer += GetSerializedKeyLength(pContext->hWriteKey);
  297. }
  298. else
  299. {
  300. cbData = cbBuffer;
  301. pctRet = SerializeKey(pContext->hWriteKey,
  302. SslWriteKey,
  303. pbBuffer,
  304. &cbData);
  305. if(pctRet != PCT_ERR_OK)
  306. {
  307. return pctRet;
  308. }
  309. if(fDestroyKeys)
  310. {
  311. if(!CryptDestroyKey(pContext->hWriteKey))
  312. {
  313. SP_LOG_RESULT(GetLastError());
  314. }
  315. pContext->hWriteKey = 0;
  316. }
  318. pbBuffer += cbData;
  319. cbBuffer -= cbData;
  320. }
  321. }
  323. // Read MAC.
  324. if(pContext->hReadMAC)
  325. {
  326. if(pbBuffer == NULL)
  327. {
  328. cbBuffer += GetSerializedKeyLength(pContext->hReadMAC);
  329. }
  330. else
  331. {
  332. cbData = cbBuffer;
  333. pctRet = SerializeKey(pContext->hReadMAC,
  334. SslReadMac,
  335. pbBuffer,
  336. &cbData);
  337. if(pctRet != PCT_ERR_OK)
  338. {
  339. return pctRet;
  340. }
  342. pbBuffer += cbData;
  343. cbBuffer -= cbData;
  344. }
  345. }
  347. // Write MAC.
  348. if(pContext->hWriteMAC)
  349. {
  350. if(pbBuffer == NULL)
  351. {
  352. cbBuffer += GetSerializedKeyLength(pContext->hWriteMAC);
  353. }
  354. else
  355. {
  356. cbData = cbBuffer;
  357. pctRet = SerializeKey(pContext->hWriteMAC,
  358. SslWriteMac,
  359. pbBuffer,
  360. &cbData);
  361. if(pctRet != PCT_ERR_OK)
  362. {
  363. return pctRet;
  364. }
  366. pbBuffer += cbData;
  367. cbBuffer -= cbData;
  368. }
  369. }
  372. //
  373. // Remote certificate.
  374. //
  376. if(pContext->RipeZombie->pRemoteCert)
  377. {
  378. if(pbBuffer == NULL)
  379. {
  380. pctRet = SerializeCertContext(pContext->RipeZombie->pRemoteCert,
  381. NULL,
  382. &cbData);
  383. if(pctRet != PCT_ERR_OK)
  384. {
  385. return SP_LOG_RESULT(pctRet);
  386. }
  388. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + cbData, ALIGN_LPVOID);
  390. cbBuffer += cbBytesNeeded;
  391. }
  392. else
  393. {
  394. if(cbBuffer < TAG_LENGTH)
  395. {
  396. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  397. }
  398. cbData = cbBuffer - TAG_LENGTH;
  400. pctRet = SerializeCertContext(pContext->RipeZombie->pRemoteCert,
  401. pbBuffer + TAG_LENGTH,
  402. &cbData);
  403. if(pctRet != PCT_ERR_OK)
  404. {
  405. return SP_LOG_RESULT(pctRet);
  406. }
  408. cbBytesNeeded = ROUND_UP_COUNT(TAG_LENGTH + cbData, ALIGN_LPVOID);
  410. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  412. pTag->Type = SslRemoteCertificate;
  413. pTag->Length = cbBytesNeeded - TAG_LENGTH;
  415. pbBuffer += cbBytesNeeded;
  416. cbBuffer -= cbBytesNeeded;
  417. }
  418. }
  421. //
  422. // End of buffer marker.
  423. //
  425. if(pbBuffer == NULL)
  426. {
  427. cbBuffer += TAG_LENGTH;
  428. }
  429. else
  430. {
  431. if(cbBuffer < TAG_LENGTH)
  432. {
  433. return SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW);
  434. }
  436. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  438. pTag->Type = SslEndOfBuffer;
  439. pTag->Length = 0;
  441. pbBuffer += TAG_LENGTH;
  442. cbBuffer -= TAG_LENGTH;
  443. }
  445. if(pbBuffer == NULL)
  446. {
  447. *pcbBuffer = cbBuffer;
  448. }
  449. else
  450. {
  451. #if DBG
  452. if(cbBuffer)
  453. {
  454. DebugLog((DEB_WARN, "%d bytes left over when serializing context.\n", cbBuffer));
  455. }
  456. #endif
  457. }
  459. return PCT_ERR_OK;
  460. }
  463. //+---------------------------------------------------------------------------
  464. //
  465. // Function: SPContextSerialize
  466. //
  467. // Synopsis: Extract out everything necessary for bulk data encryption
  468. // from an Schannel context, and place it in a linear buffer.
  469. //
  470. // Arguments: [pCred] -- Context to be serialized.
  471. // [ppBuffer] -- Destination buffer.
  472. // [pcbBuffer] -- Destination buffer length.
  473. //
  474. // History: 09-25-96 jbanes Hacked for LSA integration.
  475. //
  476. // Notes: This routine is called by the LSA process when transitioning
  477. // from the handshaking phase to the bulk encryption phase.
  478. //
  479. // This function is also called by the application process as
  480. // part of ExportSecurityContext.
  481. //
  482. //----------------------------------------------------------------------------
  483. SP_STATUS
  484. SPContextSerialize(
  485. PSPContext pContext,
  486. SERIALIZE_LOCATOR_FN LocatorMove,
  487. PBYTE * ppBuffer,
  488. PDWORD pcbBuffer,
  489. BOOL fDestroyKeys)
  490. {
  491. PBYTE pbBuffer;
  492. DWORD cbBuffer;
  493. SP_STATUS pctRet;
  495. // Determine size of serialized buffer.
  496. pctRet = SerializeContext(pContext, LocatorMove, NULL, &cbBuffer, fDestroyKeys);
  497. if(pctRet != PCT_ERR_OK)
  498. {
  499. return SP_LOG_RESULT(pctRet);
  500. }
  502. // Allocate memory for serialized buffer.
  503. pbBuffer = SPExternalAlloc(cbBuffer);
  504. if(pbBuffer == NULL)
  505. {
  506. return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
  507. }
  509. // Generate serialized context.
  510. pctRet = SerializeContext(pContext, LocatorMove, pbBuffer, &cbBuffer, fDestroyKeys);
  511. if(pctRet != PCT_ERR_OK)
  512. {
  513. SPExternalFree(pbBuffer);
  514. return SP_LOG_RESULT(pctRet);
  515. }
  517. // Set outputs
  518. *ppBuffer = pbBuffer;
  519. *pcbBuffer = cbBuffer;
  521. return PCT_ERR_OK;
  522. }
  525. //+---------------------------------------------------------------------------
  526. //
  527. // Function: SPContextDeserialize
  528. //
  529. // Synopsis: Build an Schannel context structure from a linear buffer,
  530. // which was created via SPContextSerialize by the other
  531. // process.
  532. //
  533. // Arguments: [pBuffer] -- Buffer containing serialized context.
  534. // The new context structure is built over
  535. // the top of this buffer.
  536. //
  537. // History: 09-25-96 jbanes Hacked for LSA integration.
  538. //
  539. // Notes: This routine is called by the application process when
  540. // transitioning from the handshaking phase to the bulk
  541. // encryption phase.
  542. //
  543. //----------------------------------------------------------------------------
  544. SP_STATUS
  545. SPContextDeserialize(
  546. PBYTE pbBuffer,
  547. PSPContext *ppContext)
  548. {
  549. PSPContext pContext = NULL;
  550. DWORD cbReadState;
  551. DWORD cbWriteState;
  552. HANDLE hToken;
  553. DWORD cbData;
  554. DWORD Status = PCT_INT_INTERNAL_ERROR;
  555. HMAPPER * pSerialMapper;
  556. BOOL fDone;
  557. PSPPackedContext pSerialContext;
  558. PSessCacheItem pZombie;
  559. SERIALIZED_ITEM_TAG *pTag;
  560. DWORD cbContext;
  562. DebugLog((DEB_TRACE, "Deserialize context\n"));
  564. //
  565. // Extract serialized context.
  566. //
  568. pTag = (SERIALIZED_ITEM_TAG *)pbBuffer;
  570. if(pTag->Type != SslContext)
  571. {
  572. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  573. }
  574. if(pTag->Length < sizeof(PSPPackedContext))
  575. {
  576. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  577. }
  579. pSerialContext = (PSPPackedContext)(pbBuffer + TAG_LENGTH);
  581. cbContext = ROUND_UP_COUNT(sizeof(SPContext), ALIGN_LPVOID);
  583. pContext = SPExternalAlloc(cbContext + sizeof(SessCacheItem));
  584. if(pContext == NULL)
  585. {
  586. return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
  587. }
  589. pContext->RipeZombie = (PSessCacheItem)((PBYTE)pContext + cbContext);
  590. pZombie = pContext->RipeZombie;
  592. pContext->Magic = pSerialContext->Magic;
  593. pContext->State = pSerialContext->State;
  594. pContext->Flags = pSerialContext->Flags;
  595. pContext->dwProtocol = pSerialContext->dwProtocol;
  597. pContext->ContextThumbprint = pSerialContext->ContextThumbprint;
  599. pContext->pCipherInfo = g_AvailableCiphers + pSerialContext->dwCipherInfo;
  600. pContext->pHashInfo = g_AvailableHashes + pSerialContext->dwHashInfo;
  601. pContext->pKeyExchInfo = g_AvailableExch + pSerialContext->dwKeyExchInfo;
  603. pContext->pReadCipherInfo = pContext->pCipherInfo;
  604. pContext->pWriteCipherInfo = pContext->pCipherInfo;
  605. pContext->pReadHashInfo = pContext->pHashInfo;
  606. pContext->pWriteHashInfo = pContext->pHashInfo;
  608. pContext->ReadCounter = pSerialContext->ReadCounter;
  609. pContext->WriteCounter = pSerialContext->WriteCounter;
  611. pContext->fAppProcess = TRUE;
  613. pContext->InitiateHello = GenerateHello;
  615. switch(pContext->dwProtocol)
  616. {
  617. case SP_PROT_PCT1_CLIENT:
  618. pContext->Decrypt = Pct1DecryptMessage;
  619. pContext->Encrypt = Pct1EncryptMessage;
  620. pContext->ProtocolHandler = Pct1ClientProtocolHandler;
  621. pContext->DecryptHandler = Pct1DecryptHandler;
  622. pContext->GetHeaderSize = Pct1GetHeaderSize;
  623. break;
  625. case SP_PROT_PCT1_SERVER:
  626. pContext->Decrypt = Pct1DecryptMessage;
  627. pContext->Encrypt = Pct1EncryptMessage;
  628. pContext->ProtocolHandler = Pct1ServerProtocolHandler;
  629. pContext->DecryptHandler = Pct1DecryptHandler;
  630. pContext->GetHeaderSize = Pct1GetHeaderSize;
  631. break;
  633. case SP_PROT_SSL2_CLIENT:
  634. pContext->Decrypt = Ssl2DecryptMessage;
  635. pContext->Encrypt = Ssl2EncryptMessage;
  636. pContext->ProtocolHandler = Ssl2ClientProtocolHandler;
  637. pContext->DecryptHandler = Ssl2DecryptHandler;
  638. pContext->GetHeaderSize = Ssl2GetHeaderSize;
  639. break;
  641. case SP_PROT_SSL2_SERVER:
  642. pContext->Decrypt = Ssl2DecryptMessage;
  643. pContext->Encrypt = Ssl2EncryptMessage;
  644. pContext->ProtocolHandler = Ssl2ServerProtocolHandler;
  645. pContext->DecryptHandler = Ssl2DecryptHandler;
  646. pContext->GetHeaderSize = Ssl2GetHeaderSize;
  647. break;
  649. case SP_PROT_SSL3_CLIENT:
  650. case SP_PROT_SSL3_SERVER:
  651. case SP_PROT_TLS1_CLIENT:
  652. case SP_PROT_TLS1_SERVER:
  653. pContext->Decrypt = Ssl3DecryptMessage;
  654. pContext->Encrypt = Ssl3EncryptMessage;
  655. pContext->ProtocolHandler = Ssl3ProtocolHandler;
  656. pContext->DecryptHandler = Ssl3DecryptHandler;
  657. pContext->GetHeaderSize = Ssl3GetHeaderSize;
  658. break;
  660. default:
  661. pContext->Decrypt = NULL;
  662. pContext->Encrypt = NULL;
  663. pContext->ProtocolHandler = NULL;
  664. pContext->DecryptHandler = NULL;
  665. pContext->GetHeaderSize = NULL;
  666. }
  669. //
  670. // Extract serialized cache entry.
  671. //
  673. pZombie->fProtocol = pSerialContext->dwProtocol;
  674. pZombie->dwExchStrength = pSerialContext->dwExchStrength;
  676. #ifdef _WIN64
  677. pZombie->hLocator = (HLOCATOR)pSerialContext->hLocator.QuadPart;
  678. pZombie->hMasterProv = (HCRYPTPROV)pSerialContext->hMasterProv.QuadPart;
  679. #else
  680. pZombie->hLocator = (HLOCATOR)pSerialContext->hLocator.LowPart;
  681. pZombie->hMasterProv = (HCRYPTPROV)pSerialContext->hMasterProv.LowPart;
  682. #endif
  683. pZombie->LocatorStatus = pSerialContext->LocatorStatus;
  685. pZombie->cbSessionID = pSerialContext->cbSessionID;
  686. memcpy(pZombie->SessionID, pSerialContext->SessionID, pSerialContext->cbSessionID);
  688. switch(pContext->pKeyExchInfo->Spec)
  689. {
  690. case SP_EXCH_RSA_PKCS1:
  691. if((pZombie->fProtocol & SP_PROT_CLIENTS) || !pZombie->hMasterProv)
  692. {
  693. pZombie->hMasterProv = g_hRsaSchannel;
  694. }
  695. break;
  697. case SP_EXCH_DH_PKCS3:
  698. if((pZombie->fProtocol & SP_PROT_CLIENTS) || !pZombie->hMasterProv)
  699. {
  700. pZombie->hMasterProv = g_hDhSchannelProv;
  701. }
  702. break;
  704. default:
  705. Status = SP_LOG_RESULT(PCT_ERR_SPECS_MISMATCH);
  706. goto cleanup;
  707. }
  708. pContext->hReadProv = pZombie->hMasterProv;
  709. pContext->hWriteProv = pZombie->hMasterProv;
  711. pbBuffer += TAG_LENGTH + pTag->Length;
  714. //
  715. // Extract optional serialized data.
  716. //
  718. fDone = FALSE;
  720. while(!fDone)
  721. {
  722. DWORD Type = ((SERIALIZED_ITEM_TAG UNALIGNED *)pbBuffer)->Type;
  723. DWORD Length = ((SERIALIZED_ITEM_TAG UNALIGNED *)pbBuffer)->Length;
  724. DWORD DataLength = ((SERIALIZED_ITEM_TAG UNALIGNED *)pbBuffer)->DataLength;
  726. pbBuffer += TAG_LENGTH;
  728. switch(Type)
  729. {
  730. case SslEndOfBuffer:
  731. DebugLog((DEB_TRACE, "SslEndOfBuffer\n"));
  732. fDone = TRUE;
  733. break;
  735. case SslReadKey:
  736. DebugLog((DEB_TRACE, "SslReadKey\n"));
  737. if(!CryptImportKey(pZombie->hMasterProv,
  738. pbBuffer,
  739. DataLength,
  740. 0, 0,
  741. &pContext->hReadKey))
  742. {
  743. SP_LOG_RESULT(GetLastError());
  744. Status = PCT_INT_INTERNAL_ERROR;
  745. goto cleanup;
  746. }
  747. DebugLog((DEB_TRACE, "Key:0x%p\n", pContext->hReadKey));
  748. break;
  750. case SslReadMac:
  751. DebugLog((DEB_TRACE, "SslReadMac\n"));
  752. if(!CryptImportKey(pZombie->hMasterProv,
  753. pbBuffer,
  754. DataLength,
  755. 0, 0,
  756. &pContext->hReadMAC))
  757. {
  758. SP_LOG_RESULT(GetLastError());
  759. Status = PCT_INT_INTERNAL_ERROR;
  760. goto cleanup;
  761. }
  762. break;
  764. case SslWriteKey:
  765. DebugLog((DEB_TRACE, "SslWriteKey\n"));
  766. if(!CryptImportKey(pZombie->hMasterProv,
  767. pbBuffer,
  768. DataLength,
  769. 0, 0,
  770. &pContext->hWriteKey))
  771. {
  772. SP_LOG_RESULT(GetLastError());
  773. Status = PCT_INT_INTERNAL_ERROR;
  774. goto cleanup;
  775. }
  776. DebugLog((DEB_TRACE, "Key:0x%p\n", pContext->hWriteKey));
  777. break;
  779. case SslWriteMac:
  780. DebugLog((DEB_TRACE, "SslWriteMac\n"));
  781. if(!CryptImportKey(pZombie->hMasterProv,
  782. pbBuffer,
  783. DataLength,
  784. 0, 0,
  785. &pContext->hWriteMAC))
  786. {
  787. SP_LOG_RESULT(GetLastError());
  788. Status = PCT_INT_INTERNAL_ERROR;
  789. goto cleanup;
  790. }
  791. break;
  793. case SslMapper:
  794. DebugLog((DEB_TRACE, "SslMapper\n"));
  795. pZombie->phMapper = *(HMAPPER **)pbBuffer;
  796. break;
  798. case SslRemoteCertificate:
  799. DebugLog((DEB_TRACE, "SslRemoteCertificate\n"));
  800. // Save a pointer to the serialized certificate context
  801. // of the remote certificate. This will be deserialized
  802. // by the QueryContextAttribute function when the
  803. // application asks for it.
  804. pZombie->pbServerCertificate = SPExternalAlloc(Length);
  805. if(pZombie->pbServerCertificate)
  806. {
  807. memcpy(pZombie->pbServerCertificate, pbBuffer, Length);
  808. pZombie->cbServerCertificate = Length;
  809. }
  810. break;
  812. default:
  813. DebugLog((DEB_WARN, "Invalid tag %d found when deserializing context buffer\n"));
  814. Status = PCT_INT_INTERNAL_ERROR;
  815. goto cleanup;
  816. }
  818. pbBuffer += Length;
  819. }
  821. *ppContext = pContext;
  822. pContext = NULL;
  824. Status = PCT_ERR_OK;
  826. cleanup:
  828. if(pContext != NULL)
  829. {
  830. LsaContextDelete(pContext);
  831. SPExternalFree(pContext);
  832. }
  834. return Status;
  835. }