archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/schannel/spbase/tls1key.c

549 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*-----------------------------------------------------------------------------
  2. * Copyright (C) Microsoft Corporation, 1995 - 1996.
  3. * All rights reserved.
  4. *
  5. * Owner : ramas
  6. * Date : 5/03/97
  7. * description : Main Crypto functions for TLS1
  8. *----------------------------------------------------------------------------*/
  10. #include <spbase.h>
  12. #define DEB_TLS1KEYS 0x01000000
  15. //+---------------------------------------------------------------------------
  16. //
  17. // Function: Tls1MakeWriteSessionKeys
  18. //
  19. // Synopsis:
  20. //
  21. // Arguments: [pContext] -- Schannel context.
  22. //
  23. // History: 10-10-97 jbanes Added server-side CAPI integration.
  24. //
  25. // Notes:
  26. //
  27. //----------------------------------------------------------------------------
  28. SP_STATUS
  29. Tls1MakeWriteSessionKeys(PSPContext pContext)
  30. {
  31. BOOL fClient;
  33. // Determine if we're a client or a server.
  34. fClient = (0 != (pContext->RipeZombie->fProtocol & SP_PROT_TLS1_CLIENT));
  36. if(pContext->hWriteKey)
  37. {
  38. if(!SchCryptDestroyKey(pContext->hWriteKey,
  39. pContext->RipeZombie->dwCapiFlags))
  40. {
  41. SP_LOG_RESULT(GetLastError());
  42. }
  43. }
  44. pContext->hWriteProv = pContext->RipeZombie->hMasterProv;
  45. pContext->hWriteKey = pContext->hPendingWriteKey;
  46. pContext->hPendingWriteKey = 0;
  48. if(pContext->hWriteMAC)
  49. {
  50. if(!SchCryptDestroyKey(pContext->hWriteMAC,
  51. pContext->RipeZombie->dwCapiFlags))
  52. {
  53. SP_LOG_RESULT(GetLastError());
  54. }
  55. }
  56. pContext->hWriteMAC = pContext->hPendingWriteMAC;
  57. pContext->hPendingWriteMAC = 0;
  59. return PCT_ERR_OK;
  60. }
  63. //+---------------------------------------------------------------------------
  64. //
  65. // Function: Tls1MakeReadSessionKeys
  66. //
  67. // Synopsis:
  68. //
  69. // Arguments: [pContext] -- Schannel context.
  70. //
  71. // History: 10-10-97 jbanes Added server-side CAPI integration.
  72. //
  73. // Notes:
  74. //
  75. //----------------------------------------------------------------------------
  76. SP_STATUS
  77. Tls1MakeReadSessionKeys(PSPContext pContext)
  78. {
  79. BOOL fClient;
  81. // Determine if we're a client or a server.
  82. fClient = (0 != (pContext->RipeZombie->fProtocol & SP_PROT_TLS1_CLIENT));
  84. if(pContext->hReadKey)
  85. {
  86. if(!SchCryptDestroyKey(pContext->hReadKey,
  87. pContext->RipeZombie->dwCapiFlags))
  88. {
  89. SP_LOG_RESULT(GetLastError());
  90. }
  91. }
  92. pContext->hReadProv = pContext->RipeZombie->hMasterProv;
  93. pContext->hReadKey = pContext->hPendingReadKey;
  94. pContext->hPendingReadKey = 0;
  96. if(pContext->hReadMAC)
  97. {
  98. if(!SchCryptDestroyKey(pContext->hReadMAC,
  99. pContext->RipeZombie->dwCapiFlags))
  100. {
  101. SP_LOG_RESULT(GetLastError());
  102. }
  103. }
  104. pContext->hReadMAC = pContext->hPendingReadMAC;
  105. pContext->hPendingReadMAC = 0;
  107. return PCT_ERR_OK;
  108. }
  110. //+---------------------------------------------------------------------------
  111. //
  112. // Function: Tls1ComputeMac
  113. //
  114. // Synopsis:
  115. //
  116. // Arguments: [pContext] --
  117. // [hSecret] --
  118. // [dwSequence] --
  119. // [pClean] --
  120. // [cContentType] --
  121. // [pbMac] --
  122. // [cbMac]
  123. //
  124. // History: 10-03-97 jbanes Created.
  125. //
  126. // Notes:
  127. //
  128. //----------------------------------------------------------------------------
  129. SP_STATUS
  130. Tls1ComputeMac(
  131. PSPContext pContext,
  132. BOOL fReadMac,
  133. PSPBuffer pClean,
  134. CHAR cContentType,
  135. PBYTE pbMac,
  136. DWORD cbMac)
  137. {
  138. HCRYPTHASH hHash;
  139. HMAC_INFO HmacInfo;
  140. PBYTE pbData;
  141. DWORD cbData;
  142. DWORD cbDataReverse;
  143. DWORD dwReverseSequence;
  144. UCHAR rgbData1[15];
  145. PUCHAR pbData1;
  146. DWORD cbData1;
  147. HCRYPTPROV hProv;
  148. HCRYPTKEY hSecret;
  149. DWORD dwSequence;
  150. DWORD dwCapiFlags;
  151. PHashInfo pHashInfo;
  153. pbData = pClean->pvBuffer;
  154. cbData = pClean->cbData;
  155. if(cbData & 0xFFFF0000)
  156. {
  157. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  158. }
  160. if(fReadMac)
  161. {
  162. hProv = pContext->hReadProv;
  163. hSecret = pContext->hReadMAC;
  164. dwSequence = pContext->ReadCounter;
  165. pHashInfo = pContext->pReadHashInfo;
  166. }
  167. else
  168. {
  169. hProv = pContext->hWriteProv;
  170. hSecret = pContext->hWriteMAC;
  171. dwSequence = pContext->WriteCounter;
  172. pHashInfo = pContext->pWriteHashInfo;
  173. }
  174. dwCapiFlags = pContext->RipeZombie->dwCapiFlags;
  176. if(!hProv)
  177. {
  178. return SP_LOG_RESULT(PCT_INT_INTERNAL_ERROR);
  179. }
  181. // Create hash object.
  182. if(!SchCryptCreateHash(hProv,
  183. CALG_HMAC,
  184. hSecret,
  185. 0,
  186. &hHash,
  187. dwCapiFlags))
  188. {
  189. SP_LOG_RESULT(GetLastError());
  190. return PCT_INT_INTERNAL_ERROR;
  191. }
  193. // Specify hash algorithm.
  194. ZeroMemory(&HmacInfo, sizeof(HMAC_INFO));
  195. HmacInfo.HashAlgid = pHashInfo->aiHash;
  196. if(!SchCryptSetHashParam(hHash,
  197. HP_HMAC_INFO,
  198. (PBYTE)&HmacInfo,
  199. 0,
  200. dwCapiFlags))
  201. {
  202. SP_LOG_RESULT(GetLastError());
  203. SchCryptDestroyHash(hHash, dwCapiFlags);
  204. return PCT_INT_INTERNAL_ERROR;
  205. }
  207. // Build data to be hashed.
  208. cbData1 = 2 * sizeof(DWORD) + // sequence number (64-bit)
  209. 1 + // content type
  210. 2 + // protocol version
  211. 2; // message length
  212. SP_ASSERT(cbData1 <= sizeof(rgbData1));
  214. pbData1 = rgbData1;
  216. ZeroMemory(pbData1, sizeof(DWORD));
  217. pbData1 += sizeof(DWORD);
  218. dwReverseSequence = htonl(dwSequence);
  219. CopyMemory(pbData1, &dwReverseSequence, sizeof(DWORD));
  220. pbData1 += sizeof(DWORD);
  222. *pbData1++ = cContentType;
  224. *pbData1++ = SSL3_CLIENT_VERSION_MSB;
  225. *pbData1++ = TLS1_CLIENT_VERSION_LSB;
  227. cbDataReverse = (cbData >> 8) | (cbData << 8);
  228. CopyMemory(pbData1, &cbDataReverse, 2);
  230. // Hash data.
  231. if(!SchCryptHashData(hHash,
  232. rgbData1, cbData1,
  233. 0,
  234. dwCapiFlags))
  235. {
  236. SP_LOG_RESULT(GetLastError());
  237. SchCryptDestroyHash(hHash, dwCapiFlags);
  238. return PCT_INT_INTERNAL_ERROR;
  239. }
  240. if(!SchCryptHashData(hHash,
  241. pbData, cbData,
  242. 0,
  243. dwCapiFlags))
  244. {
  245. SP_LOG_RESULT(GetLastError());
  246. SchCryptDestroyHash(hHash, dwCapiFlags);
  247. return PCT_INT_INTERNAL_ERROR;
  248. }
  250. // Get hash value.
  251. if(!SchCryptGetHashParam(hHash,
  252. HP_HASHVAL,
  253. pbMac,
  254. &cbMac,
  255. 0,
  256. dwCapiFlags))
  257. {
  258. SP_LOG_RESULT(GetLastError());
  259. SchCryptDestroyHash(hHash, dwCapiFlags);
  260. return PCT_INT_INTERNAL_ERROR;
  261. }
  262. SP_ASSERT(cbMac == pHashInfo->cbCheckSum);
  264. #if DBG
  265. DebugLog((DEB_TLS1KEYS, " TLS1 MAC Output"));
  266. DBG_HEX_STRING(DEB_TLS1KEYS, pbMac, cbMac);
  267. #endif
  269. SchCryptDestroyHash(hHash, dwCapiFlags);
  271. return PCT_ERR_OK;
  272. }
  274. #define HMAC_K_PADSIZE 64
  276. BOOL MyPrimitiveSHA(
  277. PBYTE pbData,
  278. DWORD cbData,
  279. BYTE rgbHash[A_SHA_DIGEST_LEN])
  280. {
  281. BOOL fRet = FALSE;
  282. A_SHA_CTX sSHAHash;
  285. A_SHAInit(&sSHAHash);
  286. A_SHAUpdate(&sSHAHash, (BYTE *) pbData, cbData);
  287. A_SHAFinal(&sSHAHash, rgbHash);
  289. fRet = TRUE;
  290. //Ret:
  292. return fRet;
  293. }
  295. BOOL MyPrimitiveMD5(
  296. PBYTE pbData,
  297. DWORD cbData,
  298. BYTE rgbHash[MD5DIGESTLEN])
  299. {
  300. BOOL fRet = FALSE;
  301. MD5_CTX sMD5Hash;
  304. MD5Init(&sMD5Hash);
  305. MD5Update(&sMD5Hash, (BYTE *) pbData, cbData);
  306. MD5Final(&sMD5Hash);
  307. memcpy(rgbHash, sMD5Hash.digest, MD5DIGESTLEN);
  309. fRet = TRUE;
  310. //Ret:
  312. return fRet;
  313. }
  315. BOOL MyPrimitiveHMACParam(
  316. PBYTE pbKeyMaterial,
  317. DWORD cbKeyMaterial,
  318. PBYTE pbData,
  319. DWORD cbData,
  320. ALG_ID Algid,
  321. BYTE rgbHMAC[A_SHA_DIGEST_LEN])
  322. {
  323. BYTE rgbFirstHash[A_SHA_DIGEST_LEN];
  324. BYTE rgbHMACTmp[HMAC_K_PADSIZE+A_SHA_DIGEST_LEN];
  325. BOOL fRet = FALSE;
  327. BYTE rgbKipad[HMAC_K_PADSIZE];
  328. BYTE rgbKopad[HMAC_K_PADSIZE];
  329. DWORD dwBlock;
  331. // truncate
  332. if (cbKeyMaterial > HMAC_K_PADSIZE)
  333. cbKeyMaterial = HMAC_K_PADSIZE;
  336. ZeroMemory(rgbKipad, HMAC_K_PADSIZE);
  337. CopyMemory(rgbKipad, pbKeyMaterial, cbKeyMaterial);
  339. ZeroMemory(rgbKopad, HMAC_K_PADSIZE);
  340. CopyMemory(rgbKopad, pbKeyMaterial, cbKeyMaterial);
  342. // Kipad, Kopad are padded sMacKey. Now XOR across...
  343. for(dwBlock=0; dwBlock<HMAC_K_PADSIZE/sizeof(DWORD); dwBlock++)
  344. {
  345. ((DWORD*)rgbKipad)[dwBlock] ^= 0x36363636;
  346. ((DWORD*)rgbKopad)[dwBlock] ^= 0x5C5C5C5C;
  347. }
  349. // prepend Kipad to data, Hash to get H1
  350. if (CALG_SHA1 == Algid)
  351. {
  352. // do this inline since it would require data copy
  353. A_SHA_CTX sSHAHash;
  355. A_SHAInit(&sSHAHash);
  356. A_SHAUpdate(&sSHAHash, rgbKipad, HMAC_K_PADSIZE);
  357. A_SHAUpdate(&sSHAHash, pbData, cbData);
  359. // Finish off the hash
  360. A_SHAFinal(&sSHAHash, sSHAHash.HashVal);
  362. // prepend Kopad to H1, hash to get HMAC
  363. CopyMemory(rgbHMACTmp, rgbKopad, HMAC_K_PADSIZE);
  364. CopyMemory(rgbHMACTmp+HMAC_K_PADSIZE, sSHAHash.HashVal, A_SHA_DIGEST_LEN);
  366. if (!MyPrimitiveSHA(
  367. rgbHMACTmp,
  368. HMAC_K_PADSIZE + A_SHA_DIGEST_LEN,
  369. rgbHMAC))
  370. goto Ret;
  371. }
  372. else
  373. {
  374. // do this inline since it would require data copy
  375. MD5_CTX sMD5Hash;
  377. MD5Init(&sMD5Hash);
  378. MD5Update(&sMD5Hash, rgbKipad, HMAC_K_PADSIZE);
  379. MD5Update(&sMD5Hash, pbData, cbData);
  380. MD5Final(&sMD5Hash);
  382. // prepend Kopad to H1, hash to get HMAC
  383. CopyMemory(rgbHMACTmp, rgbKopad, HMAC_K_PADSIZE);
  384. CopyMemory(rgbHMACTmp+HMAC_K_PADSIZE, sMD5Hash.digest, MD5DIGESTLEN);
  386. if (!MyPrimitiveMD5(
  387. rgbHMACTmp,
  388. HMAC_K_PADSIZE + MD5DIGESTLEN,
  389. rgbHMAC))
  390. goto Ret;
  391. }
  393. fRet = TRUE;
  394. Ret:
  396. return fRet;
  397. }
  399. //+ ---------------------------------------------------------------------
  400. // the P_Hash algorithm from TLS
  401. BOOL P_Hash
  402. (
  403. PBYTE pbSecret,
  404. DWORD cbSecret,
  406. PBYTE pbSeed,
  407. DWORD cbSeed,
  409. ALG_ID Algid,
  411. PBYTE pbKeyOut, //Buffer to copy the result...
  412. DWORD cbKeyOut //# of bytes of key length they want as output.
  413. )
  414. {
  415. BOOL fRet = FALSE;
  416. BYTE rgbDigest[A_SHA_DIGEST_LEN];
  417. DWORD iKey;
  418. DWORD cbHash;
  420. PBYTE pbAofiDigest = NULL;
  422. if (NULL == (pbAofiDigest = SPExternalAlloc(cbSeed + A_SHA_DIGEST_LEN)))
  423. goto Ret;
  425. if (CALG_SHA1 == Algid)
  426. {
  427. cbHash = A_SHA_DIGEST_LEN;
  428. }
  429. else
  430. {
  431. cbHash = MD5DIGESTLEN;
  432. }
  434. // First, we define a data expansion function, P_hash(secret, data)
  435. // which uses a single hash function to expand a secret and seed into
  436. // an arbitrary quantity of output:
  438. // P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
  439. // HMAC_hash(secret, A(2) + seed) +
  440. // HMAC_hash(secret, A(3) + seed) + ...
  442. // Where + indicates concatenation.
  444. // A() is defined as:
  445. // A(0) = seed
  446. // A(i) = HMAC_hash(secret, A(i-1))
  449. // build A(1)
  450. if (!MyPrimitiveHMACParam(pbSecret, cbSecret, pbSeed, cbSeed,
  451. Algid, pbAofiDigest))
  452. goto Ret;
  454. // create Aofi: ( A(i) | seed )
  455. CopyMemory(&pbAofiDigest[cbHash], pbSeed, cbSeed);
  457. for (iKey=0; cbKeyOut; iKey++)
  458. {
  459. // build Digest = HMAC(key | A(i) | seed);
  460. if (!MyPrimitiveHMACParam(pbSecret, cbSecret, pbAofiDigest,
  461. cbSeed + cbHash, Algid, rgbDigest))
  462. goto Ret;
  464. // append to pbKeyOut
  465. if(cbKeyOut < cbHash)
  466. {
  467. CopyMemory(pbKeyOut, rgbDigest, cbKeyOut);
  468. break;
  469. }
  470. else
  471. {
  472. CopyMemory(pbKeyOut, rgbDigest, cbHash);
  473. pbKeyOut += cbHash;
  474. }
  476. cbKeyOut -= cbHash;
  478. // build A(i) = HMAC(key, A(i-1))
  479. if (!MyPrimitiveHMACParam(pbSecret, cbSecret, pbAofiDigest, cbHash,
  480. Algid, pbAofiDigest))
  481. goto Ret;
  482. }
  484. fRet = TRUE;
  485. Ret:
  486. if (pbAofiDigest)
  487. SPExternalFree(pbAofiDigest);
  489. return fRet;
  490. }
  492. BOOL PRF(
  493. PBYTE pbSecret,
  494. DWORD cbSecret,
  496. PBYTE pbLabel,
  497. DWORD cbLabel,
  499. PBYTE pbSeed,
  500. DWORD cbSeed,
  502. PBYTE pbKeyOut, //Buffer to copy the result...
  503. DWORD cbKeyOut //# of bytes of key length they want as output.
  504. )
  505. {
  506. BYTE *pbBuff = NULL;
  507. BYTE *pbLabelAndSeed = NULL;
  508. DWORD cbLabelAndSeed;
  509. DWORD cbOdd;
  510. DWORD cbHalfSecret;
  511. DWORD i;
  512. BOOL fRet = FALSE;
  514. cbOdd = cbSecret % 2;
  515. cbHalfSecret = cbSecret / 2;
  517. cbLabelAndSeed = cbLabel + cbSeed;
  518. if (NULL == (pbLabelAndSeed = SPExternalAlloc(cbLabelAndSeed)))
  519. goto Ret;
  520. if (NULL == (pbBuff = SPExternalAlloc(cbKeyOut)))
  521. goto Ret;
  523. // copy label and seed into one buffer
  524. memcpy(pbLabelAndSeed, pbLabel, cbLabel);
  525. memcpy(pbLabelAndSeed + cbLabel, pbSeed, cbSeed);
  527. // Use P_hash to calculate MD5 half
  528. if (!P_Hash(pbSecret, cbHalfSecret + cbOdd, pbLabelAndSeed,
  529. cbLabelAndSeed, CALG_MD5, pbKeyOut, cbKeyOut))
  530. goto Ret;
  532. // Use P_hash to calculate SHA half
  533. if (!P_Hash(pbSecret + cbHalfSecret, cbHalfSecret + cbOdd, pbLabelAndSeed,
  534. cbLabelAndSeed, CALG_SHA1, pbBuff, cbKeyOut))
  535. goto Ret;
  537. // XOR the two halves
  538. for (i=0;i<cbKeyOut;i++)
  539. {
  540. pbKeyOut[i] = pbKeyOut[i] ^ pbBuff[i];
  541. }
  542. fRet = TRUE;
  543. Ret:
  544. if (pbBuff)
  545. SPExternalFree(pbBuff);
  546. if (pbLabelAndSeed)
  547. SPExternalFree(pbLabelAndSeed);
  548. return fRet;
  549. }