archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/schannel/spbase/ssl2msg.c

571 lines
18 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1995.
  5. //
  6. // File: ssl2msg.c
  7. //
  8. // Contents:
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 10-21-97 jbanes Added CAPI integration
  15. //
  16. //----------------------------------------------------------------------------
  18. #include <spbase.h>
  20. #if 0
  21. Ssl2CipherMap Ssl2CipherRank[] =
  22. {
  23. {SSL_CK_RC4_128_WITH_MD5, CALG_MD5, CALG_RC4, 128, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  24. {SSL_CK_DES_192_EDE3_CBC_WITH_MD5, CALG_MD5, CALG_3DES, 168, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  25. {SSL_CK_RC2_128_CBC_WITH_MD5, CALG_MD5, CALG_RC2, 128, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  26. {SSL_CK_RC4_128_FINANCE64_WITH_MD5, CALG_MD5, CALG_RC4, 64, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  27. {SSL_CK_DES_64_CBC_WITH_MD5, CALG_MD5, CALG_DES, 56, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  28. {SSL_CK_RC4_128_EXPORT40_WITH_MD5, CALG_MD5, CALG_RC4, 40, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX},
  29. {SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, CALG_MD5, CALG_RC2, 40, SP_EXCH_RSA_PKCS1, CALG_RSA_KEYX}
  30. };
  31. DWORD Ssl2NumCipherRanks = sizeof(Ssl2CipherRank)/sizeof(Ssl2CipherMap);
  32. #endif
  35. CertTypeMap aSsl2CertEncodingPref[] =
  36. {
  37. { X509_ASN_ENCODING, 0}
  38. };
  40. DWORD cSsl2CertEncodingPref = sizeof(aSsl2CertEncodingPref)/sizeof(CertTypeMap);
  43. SP_STATUS WINAPI
  44. Ssl2DecryptHandler(
  45. PSPContext pContext,
  46. PSPBuffer pCommInput,
  47. PSPBuffer pAppOutput)
  48. {
  49. SP_STATUS pctRet = PCT_ERR_OK;
  51. if (pCommInput->cbData > 0)
  52. {
  53. // First, we'll handle incoming data packets:
  55. if ((pContext->State & SP_STATE_CONNECTED) && pContext->Decrypt)
  56. {
  57. pctRet = pContext->Decrypt(
  58. pContext,
  59. pCommInput, // message
  60. pAppOutput); // Unpacked Message
  61. if (PCT_ERR_OK == pctRet)
  62. {
  63. /* look for escapes */
  64. }
  65. return(pctRet);
  66. }
  67. else
  68. {
  69. return(SP_LOG_RESULT(PCT_INT_ILLEGAL_MSG));
  70. }
  71. }
  72. return (PCT_INT_INCOMPLETE_MSG);
  73. }
  75. //+---------------------------------------------------------------------------
  76. //
  77. // Function: Ssl2ComputeMac
  78. //
  79. // Synopsis: Compute an SSL2 message MAC.
  80. //
  81. // Arguments: [pContext] -- Schannel context.
  82. //
  83. // History: 10-22-97 jbanes Created.
  84. //
  85. // Notes: MAC_DATA := Hash(key + data + sequence_number)
  86. //
  87. //----------------------------------------------------------------------------
  88. static SP_STATUS
  89. Ssl2ComputeMac(
  90. PSPContext pContext, // in
  91. BOOL fWriteMAC, // in
  92. DWORD dwSequence, // in
  93. PSPBuffer pData, // in
  94. PBYTE pbMac, // out
  95. DWORD cbMac) // in
  96. {
  97. DWORD dwReverseSequence;
  98. BYTE rgbSalt[SP_MAX_MASTER_KEY];
  99. DWORD cbSalt;
  100. HCRYPTHASH hHash;
  101. HCRYPTKEY hKey;
  103. // Make sure output buffer is big enough.
  104. if(cbMac < pContext->pHashInfo->cbCheckSum)
  105. {
  106. return SP_LOG_RESULT(PCT_INT_BUFF_TOO_SMALL);
  107. }
  109. dwReverseSequence = htonl(dwSequence);
  111. hKey = fWriteMAC ? pContext->hWriteKey : pContext->hReadKey;
  113. if(!SchCryptCreateHash(pContext->RipeZombie->hMasterProv,
  114. pContext->pHashInfo->aiHash,
  115. 0,
  116. 0,
  117. &hHash,
  118. pContext->RipeZombie->dwCapiFlags))
  119. {
  120. SP_LOG_RESULT(GetLastError());
  121. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  122. }
  124. if(!SchCryptHashSessionKey(hHash,
  125. hKey,
  126. CRYPT_LITTLE_ENDIAN,
  127. pContext->RipeZombie->dwCapiFlags))
  128. {
  129. SP_LOG_RESULT(GetLastError());
  130. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  131. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  132. }
  133. cbSalt = sizeof(rgbSalt);
  134. if(!SchCryptGetKeyParam(hKey,
  135. KP_SALT,
  136. rgbSalt,
  137. &cbSalt,
  138. 0,
  139. pContext->RipeZombie->dwCapiFlags))
  140. {
  141. SP_LOG_RESULT(GetLastError());
  142. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  143. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  144. }
  145. if(!SchCryptHashData(hHash, rgbSalt, cbSalt, 0, pContext->RipeZombie->dwCapiFlags))
  146. {
  147. SP_LOG_RESULT(GetLastError());
  148. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  149. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  150. }
  152. if(!SchCryptHashData(hHash,
  153. pData->pvBuffer,
  154. pData->cbData,
  155. 0,
  156. pContext->RipeZombie->dwCapiFlags))
  157. {
  158. SP_LOG_RESULT(GetLastError());
  159. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  160. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  161. }
  163. if(!SchCryptHashData(hHash,
  164. (PBYTE)&dwReverseSequence,
  165. sizeof(DWORD),
  166. 0,
  167. pContext->RipeZombie->dwCapiFlags))
  168. {
  169. SP_LOG_RESULT(GetLastError());
  170. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  171. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  172. }
  174. if(!SchCryptGetHashParam(hHash,
  175. HP_HASHVAL,
  176. pbMac,
  177. &cbMac,
  178. 0,
  179. pContext->RipeZombie->dwCapiFlags))
  180. {
  181. SP_LOG_RESULT(GetLastError());
  182. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  183. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  184. }
  186. SchCryptDestroyHash(hHash, pContext->RipeZombie->dwCapiFlags);
  188. return PCT_ERR_OK;
  189. }
  191. //+---------------------------------------------------------------------------
  192. //
  193. // Function: Ssl2EncryptMessage
  194. //
  195. // Synopsis: Encode a block of data as an SSL2 record.
  196. //
  197. // Arguments: [pContext] -- Schannel context.
  198. // [pAppInput] -- Data to be encrypted.
  199. // [pCommOutput] -- (output) Completed SSL2 record.
  200. //
  201. // History: 10-22-97 jbanes CAPI integrated.
  202. //
  203. // Notes: An SSL2 record is usually formatted as:
  204. //
  205. // BYTE header[2];
  206. // BYTE mac[mac_size];
  207. // BYTE data[pAppInput->cbData];
  208. //
  209. // If a block cipher is used, and the data to be encrypted
  210. // consists of a partial number of blocks, then the following
  211. // format is used:
  212. //
  213. // BYTE header[3];
  214. // BYTE mac[mac_size];
  215. // BYTE data[pAppInput->cbData];
  216. // BYTE padding[padding_size];
  217. //
  218. //----------------------------------------------------------------------------
  219. SP_STATUS WINAPI
  220. Ssl2EncryptMessage(
  221. PSPContext pContext,
  222. PSPBuffer pAppInput,
  223. PSPBuffer pCommOutput)
  224. {
  225. SP_STATUS pctRet;
  226. DWORD cPadding, cPad2;
  227. SPBuffer Clean;
  228. SPBuffer Encrypted;
  230. DWORD ReverseSequence;
  232. SP_BEGIN("Ssl2EncryptMessage");
  234. /* Estimate if we have padding or not */
  235. Encrypted.cbData = pAppInput->cbData + pContext->pHashInfo->cbCheckSum;
  236. cPadding = (Encrypted.cbData % pContext->pCipherInfo->dwBlockSize);
  237. if(cPadding)
  238. {
  239. cPadding = pContext->pCipherInfo->dwBlockSize - cPadding;
  240. }
  242. Encrypted.cbData += cPadding;
  244. if(cPadding)
  245. {
  246. if(pCommOutput->cbBuffer + Encrypted.cbData + cPadding < 3)
  247. {
  248. SP_RETURN(SP_LOG_RESULT(PCT_INT_BUFF_TOO_SMALL));
  249. }
  250. Encrypted.pvBuffer = (PUCHAR)pCommOutput->pvBuffer + 3;
  251. Encrypted.cbBuffer = pCommOutput->cbBuffer - 3;
  252. }
  253. else
  254. {
  255. if(pCommOutput->cbBuffer + Encrypted.cbData + cPadding < 2)
  256. {
  257. SP_RETURN(SP_LOG_RESULT(PCT_INT_BUFF_TOO_SMALL));
  258. }
  259. Encrypted.pvBuffer = (PUCHAR)pCommOutput->pvBuffer + 2;
  260. Encrypted.cbBuffer = pCommOutput->cbBuffer - 2;
  261. }
  263. DebugLog((DEB_TRACE, "Sealing message %x\n", pContext->WriteCounter));
  266. /* Move data out of the way if necessary */
  267. if((PUCHAR)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum != pAppInput->pvBuffer)
  268. {
  269. DebugLog((DEB_WARN, "SSL2EncryptMessage: Unnecessary Move, performance hog\n"));
  270. /* if caller wasn't being smart, then we must copy memory here */
  271. MoveMemory((PUCHAR)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum,
  272. pAppInput->pvBuffer,
  273. pAppInput->cbData);
  274. }
  276. // Initialize pad
  277. if(cPadding)
  278. {
  279. FillMemory((PUCHAR)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum + pAppInput->cbData, cPadding, 0);
  280. }
  282. // Compute MAC.
  283. Clean.pvBuffer = (PBYTE)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum;
  284. Clean.cbData = Encrypted.cbData - pContext->pHashInfo->cbCheckSum;
  285. Clean.cbBuffer = Clean.cbData;
  287. pctRet = Ssl2ComputeMac(pContext,
  288. TRUE,
  289. pContext->WriteCounter,
  290. &Clean,
  291. Encrypted.pvBuffer,
  292. pContext->pHashInfo->cbCheckSum);
  293. if(pctRet != PCT_ERR_OK)
  294. {
  295. SP_RETURN(pctRet);
  296. }
  298. // Encrypt buffer.
  299. if(!SchCryptEncrypt(pContext->hWriteKey,
  300. 0, FALSE, 0,
  301. Encrypted.pvBuffer,
  302. &Encrypted.cbData,
  303. Encrypted.cbBuffer,
  304. pContext->RipeZombie->dwCapiFlags))
  305. {
  306. SP_LOG_RESULT(GetLastError());
  307. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  308. }
  310. /* set sizes */
  311. if(cPadding)
  312. {
  313. if(Encrypted.cbData > 0x3fff)
  314. {
  315. SP_RETURN(SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW));
  316. }
  318. ((PUCHAR)pCommOutput->pvBuffer)[0]= (UCHAR)(0x3f & (Encrypted.cbData>>8));
  319. ((PUCHAR)pCommOutput->pvBuffer)[1]= (UCHAR)(0xff & Encrypted.cbData);
  320. ((PUCHAR)pCommOutput->pvBuffer)[2]= (UCHAR)cPadding;
  322. }
  323. else
  324. {
  325. if(Encrypted.cbData > 0x7fff)
  326. {
  327. SP_RETURN(SP_LOG_RESULT(PCT_INT_DATA_OVERFLOW));
  328. }
  329. ((PUCHAR)pCommOutput->pvBuffer)[0]= (UCHAR)(0x7f & (Encrypted.cbData>>8)) | 0x80;
  330. ((PUCHAR)pCommOutput->pvBuffer)[1]= (UCHAR)(0xff & Encrypted.cbData);
  331. }
  333. pCommOutput->cbData = Encrypted.cbData + (cPadding?3:2);
  335. pContext->WriteCounter ++ ;
  337. SP_RETURN( PCT_ERR_OK );
  338. }
  340. SP_STATUS WINAPI
  341. Ssl2GetHeaderSize(
  342. PSPContext pContext,
  343. PSPBuffer pCommInput,
  344. DWORD * pcbHeaderSize)
  345. {
  346. if(pcbHeaderSize == NULL)
  347. {
  348. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  349. }
  350. if(pCommInput->cbData < 1)
  351. {
  352. return (PCT_INT_INCOMPLETE_MSG);
  353. }
  354. if( ((PUCHAR)pCommInput->pvBuffer)[0]&0x80 )
  355. {
  356. *pcbHeaderSize = 2 + pContext->pHashInfo->cbCheckSum;
  357. }
  358. else
  359. {
  360. *pcbHeaderSize = 3 + pContext->pHashInfo->cbCheckSum;
  361. }
  362. return PCT_ERR_OK;
  363. }
  365. //+---------------------------------------------------------------------------
  366. //
  367. // Function: Ssl2DecryptMessage
  368. //
  369. // Synopsis: Decode an SSL2 record.
  370. //
  371. // Arguments: [pContext] -- Schannel context.
  372. // [pMessage] -- Data from the remote party.
  373. // [pAppOutput] -- (output) Decrypted data.
  374. //
  375. // History: 10-22-97 jbanes CAPI integrated.
  376. //
  377. // Notes: An SSL2 record is usually formatted as:
  378. //
  379. // BYTE header[2];
  380. // BYTE mac[mac_size];
  381. // BYTE data[pAppInput->cbData];
  382. //
  383. // If a block cipher is used, and the data to be encrypted
  384. // consists of a partial number of blocks, then the following
  385. // format is used:
  386. //
  387. // BYTE header[3];
  388. // BYTE mac[mac_size];
  389. // BYTE data[pAppInput->cbData];
  390. // BYTE padding[padding_size];
  391. //
  392. // The number of input data bytes consumed by this function
  393. // is returned in pMessage->cbData.
  394. //
  395. //----------------------------------------------------------------------------
  396. SP_STATUS WINAPI
  397. Ssl2DecryptMessage(
  398. PSPContext pContext,
  399. PSPBuffer pMessage,
  400. PSPBuffer pAppOutput)
  401. {
  402. SP_STATUS pctRet;
  403. DWORD cPadding;
  404. DWORD dwLength;
  405. SPBuffer Encrypted;
  406. SPBuffer Clean;
  407. DWORD cbActualData;
  408. UCHAR Digest[SP_MAX_DIGEST_LEN];
  410. SP_BEGIN("Ssl2DecryptMessage");
  412. /* First determine the length of data, the length of padding,
  413. * and the location of data, and the location of MAC */
  414. cbActualData = pMessage->cbData;
  415. pMessage->cbData = 2; /* minimum amount of data we need */
  417. if(pMessage->cbData > cbActualData)
  418. {
  419. SP_RETURN(PCT_INT_INCOMPLETE_MSG);
  420. }
  421. DebugLog((DEB_TRACE, " Incomming Buffer: %lx, size %ld (%lx)\n", pMessage->pvBuffer, cbActualData, cbActualData));
  423. if(((PUCHAR)pMessage->pvBuffer)[0] & 0x80)
  424. {
  425. /* 2 byte header */
  426. cPadding = 0;
  427. dwLength = ((((PUCHAR)pMessage->pvBuffer)[0] & 0x7f) << 8) |
  428. ((PUCHAR)pMessage->pvBuffer)[1];
  430. Encrypted.pvBuffer = (PUCHAR)pMessage->pvBuffer + 2;
  431. Encrypted.cbBuffer = pMessage->cbBuffer - 2;
  432. }
  433. else
  434. {
  435. pMessage->cbData++;
  436. if(pMessage->cbData > cbActualData)
  437. {
  438. SP_RETURN(PCT_INT_INCOMPLETE_MSG);
  439. }
  441. /* 3 byte header */
  442. cPadding = ((PUCHAR)pMessage->pvBuffer)[2];
  443. dwLength = ((((PUCHAR)pMessage->pvBuffer)[0] & 0x3f) << 8) |
  444. ((PUCHAR)pMessage->pvBuffer)[1];
  446. Encrypted.pvBuffer = (PUCHAR)pMessage->pvBuffer + 3;
  447. Encrypted.cbBuffer = pMessage->cbBuffer - 3;
  448. }
  450. /* Now we know how mutch data we will eat, so set cbData on the Input to be that size */
  451. pMessage->cbData += dwLength;
  453. /* do we have enough bytes for the reported data */
  454. if(pMessage->cbData > cbActualData)
  455. {
  456. SP_RETURN(PCT_INT_INCOMPLETE_MSG);
  457. }
  459. /* do we have enough data for our checksum */
  460. if(dwLength < pContext->pHashInfo->cbCheckSum)
  461. {
  462. SP_RETURN(SP_LOG_RESULT(PCT_INT_MSG_ALTERED));
  463. }
  465. Encrypted.cbData = dwLength; /* encrypted data size */
  466. Encrypted.cbBuffer = Encrypted.cbData;
  468. /* check to see if we have a block size violation */
  469. if(Encrypted.cbData % pContext->pCipherInfo->dwBlockSize)
  470. {
  471. SP_RETURN(SP_LOG_RESULT(PCT_INT_MSG_ALTERED));
  472. }
  474. /* Decrypt */
  475. if(!SchCryptDecrypt(pContext->hReadKey,
  476. 0, FALSE, 0,
  477. Encrypted.pvBuffer,
  478. &Encrypted.cbData,
  479. pContext->RipeZombie->dwCapiFlags))
  480. {
  481. SP_LOG_RESULT(GetLastError());
  482. SP_RETURN(PCT_INT_INTERNAL_ERROR);
  483. }
  485. // Compute MAC.
  486. Clean.pvBuffer = (PBYTE)Encrypted.pvBuffer + pContext->pHashInfo->cbCheckSum;
  487. Clean.cbData = Encrypted.cbData - pContext->pHashInfo->cbCheckSum;
  488. Clean.cbBuffer = Clean.cbData;
  490. pctRet = Ssl2ComputeMac(pContext,
  491. FALSE,
  492. pContext->ReadCounter,
  493. &Clean,
  494. Digest,
  495. sizeof(Digest));
  496. if(pctRet != PCT_ERR_OK)
  497. {
  498. SP_RETURN(pctRet);
  499. }
  501. // the padding is computed in the hash but is not needed after this
  502. Clean.cbData -= cPadding;
  504. DebugLog((DEB_TRACE, "Unsealing message %x\n", pContext->ReadCounter));
  506. pContext->ReadCounter++;
  508. if(memcmp(Digest, Encrypted.pvBuffer, pContext->pHashInfo->cbCheckSum ) )
  509. {
  510. SP_RETURN(SP_LOG_RESULT(PCT_INT_MSG_ALTERED));
  511. }
  513. if(pAppOutput->pvBuffer != Clean.pvBuffer)
  514. {
  515. DebugLog((DEB_WARN, "SSL2DecryptMessage: Unnecessary Move, performance hog\n"));
  516. MoveMemory(pAppOutput->pvBuffer,
  517. Clean.pvBuffer,
  518. Clean.cbData);
  519. }
  520. pAppOutput->cbData = Clean.cbData;
  521. DebugLog((DEB_TRACE, " TotalData: size %ld (%lx)\n", pMessage->cbData, pMessage->cbData));
  523. SP_RETURN( PCT_ERR_OK );
  524. }
  526. #if 0
  527. SP_STATUS
  528. Ssl2MakeMasterKeyBlock(PSPContext pContext)
  529. {
  531. MD5_CTX Md5Hash;
  532. UCHAR cSalt;
  533. UCHAR ib;
  536. //pContext->RipeZombe->pMasterKey containst the master secret.
  538. #if DBG
  539. DebugLog((DEB_TRACE, " Master Secret\n"));
  540. DBG_HEX_STRING(DEB_TRACE,pContext->RipeZombie->pMasterKey, pContext->RipeZombie->cbMasterKey);
  542. #endif
  544. for(ib=0 ; ib<3 ; ib++)
  545. {
  546. // MD5(master_secret + SHA-hash)
  547. MD5Init (&Md5Hash);
  548. MD5Update(&Md5Hash, pContext->RipeZombie->pMasterKey, pContext->RipeZombie->cbMasterKey);
  550. // We're going to be bug-for-bug compatable with netscape, so
  551. // we always add the digit into the hash, instead of following
  552. // the spec which says don't add the digit for DES
  553. //if(pContext->RipeZombie->aiCipher != CALG_DES)
  554. {
  555. cSalt = ib+'0';
  556. MD5Update(&Md5Hash, &cSalt, 1);
  557. }
  558. MD5Update(&Md5Hash, pContext->pChallenge, pContext->cbChallenge);
  559. MD5Update(&Md5Hash, pContext->pConnectionID, pContext->cbConnectionID);
  560. MD5Final (&Md5Hash);
  561. CopyMemory(pContext->Ssl3MasterKeyBlock + ib * MD5DIGESTLEN, Md5Hash.digest, MD5DIGESTLEN);
  562. }
  563. #if DBG
  564. DebugLog((DEB_TRACE, " Master Key Block\n"));
  565. DBG_HEX_STRING(DEB_TRACE,pContext->Ssl3MasterKeyBlock, MD5DIGESTLEN*3);
  567. #endif
  568. return( PCT_ERR_OK );
  569. }
  570. #endif