archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/common/tssec/clicert.c

389 lines
7.9 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1994-1998 Microsoft Corporation
  5. Module Name:
  7. clicert.c
  9. Abstract:
  11. Contains code related to the tshare certificate validation and data
  12. encryption using server public key.
  14. Author:
  16. Madan Appiah (madana) 24-Jan-1998
  18. Environment:
  20. User Mode - Win32
  22. Revision History:
  24. --*/
  26. #include <seccom.h>
  27. BOOL
  28. UnpackServerCert(
  29. LPBYTE pbCert,
  30. DWORD dwCertLen,
  31. PHydra_Server_Cert pServerCert
  32. )
  33. /*++
  35. Routine Description:
  37. This function unpacks the blob of server certicate to server certificate
  38. structure.
  40. Arguments:
  42. pbCert - pointer to the server public key blob.
  44. dwCertLen - length of the above server public key.
  46. pServerCert - pointer to a server certificate structure.
  48. Return Value:
  50. TRUE - if successfully unpacked.
  51. FALSE - otherwise.
  53. --*/
  54. {
  55. LPBYTE pbScan;
  56. DWORD cbScan;
  57. //
  58. // return if the pointer are invalid.
  59. // return if the certificate is insufficient length.
  60. //
  62. if( (pbCert == NULL) ||
  63. (dwCertLen < (3 * sizeof(DWORD) + 4 * sizeof(WORD))) ||
  64. (pServerCert == NULL) ) {
  66. return( FALSE );
  67. }
  69. pbScan = pbCert;
  70. cbScan = dwCertLen;
  71. //
  72. // Assign dwVersion
  73. //
  75. pServerCert->dwVersion = *(DWORD UNALIGNED FAR *)pbScan;
  76. pbScan += sizeof(DWORD);
  77. cbScan -= sizeof(DWORD);
  78. //
  79. // Assign dwSigAlgID
  80. //
  82. pServerCert->dwSigAlgID = *(DWORD UNALIGNED FAR *)pbScan;
  83. pbScan += sizeof(DWORD);
  84. cbScan -= sizeof(DWORD);
  85. //
  86. // Assign dwSignID
  87. //
  89. pServerCert->dwKeyAlgID = *(DWORD UNALIGNED FAR *)pbScan;
  90. pbScan += sizeof(DWORD);
  91. cbScan -= sizeof(DWORD);
  92. //
  93. //Assign PublicKeyData
  94. //
  96. pServerCert->PublicKeyData.wBlobType = *(WORD UNALIGNED FAR *)pbScan;
  97. pbScan += sizeof(WORD);
  98. cbScan -= sizeof(WORD);
  100. if( pServerCert->PublicKeyData.wBlobType != BB_RSA_KEY_BLOB ) {
  101. return( FALSE );
  102. }
  104. pServerCert->PublicKeyData.wBlobLen = *(WORD UNALIGNED FAR *)pbScan;
  105. pbScan += sizeof(WORD);
  106. cbScan -= sizeof(WORD);
  108. if( pServerCert->PublicKeyData.wBlobLen > 0 ) {
  110. if(cbScan < pServerCert->PublicKeyData.wBlobLen) {
  111. return ( FALSE );
  112. }
  113. pServerCert->PublicKeyData.pBlob = pbScan;
  114. pbScan += pServerCert->PublicKeyData.wBlobLen;
  115. cbScan -= pServerCert->PublicKeyData.wBlobLen;
  116. }
  117. else {
  119. pServerCert->PublicKeyData.pBlob = NULL;
  120. }
  122. //
  123. // Assign SignatureBlob
  124. //
  126. if(cbScan < sizeof(WORD)) {
  127. return ( FALSE );
  128. }
  129. pServerCert->SignatureBlob.wBlobType = *(WORD UNALIGNED *)pbScan;
  130. pbScan += sizeof(WORD);
  131. cbScan -= sizeof(WORD);
  133. if( pServerCert->SignatureBlob.wBlobType != BB_RSA_SIGNATURE_BLOB ) {
  134. return( FALSE );
  135. }
  137. if(cbScan < sizeof(WORD)) {
  138. return ( FALSE );
  139. }
  140. pServerCert->SignatureBlob.wBlobLen = *(WORD UNALIGNED FAR *)pbScan;
  141. pbScan += sizeof(WORD);
  142. cbScan -= sizeof(WORD);
  144. if( pServerCert->SignatureBlob.wBlobLen > 0 ) {
  146. if(cbScan < pServerCert->SignatureBlob.wBlobLen) {
  147. return ( FALSE );
  148. }
  149. pServerCert->SignatureBlob.pBlob = pbScan;
  150. }
  151. else {
  153. pServerCert->SignatureBlob.pBlob = NULL;
  154. }
  156. return( TRUE );
  157. }
  159. BOOL
  160. ValidateServerCert(
  161. PHydra_Server_Cert pServerCert
  162. )
  163. /*++
  165. Routine Description:
  167. This function validate the server public key.
  169. Arguments:
  171. pSserverCert - pointer to a server certificate.
  173. Return Value:
  175. TRUE - if the server public key is valid.
  176. FALSE - otherwise.
  178. --*/
  179. {
  181. DWORD dwLen;
  182. LPBYTE pbSignature;
  183. MD5_CTX HashState;
  184. BYTE SignHash[0x48];
  185. LPBYTE pbScan;
  187. //
  188. // pack the certificate data into a byte blob excluding the signature info.
  189. //
  191. dwLen =
  192. 3 * sizeof(DWORD) +
  193. 2 * sizeof(WORD) +
  194. pServerCert->PublicKeyData.wBlobLen;
  196. //
  197. // allocated space for the binary blob.
  198. //
  200. pbSignature = malloc( (UINT)dwLen );
  202. if( pbSignature == NULL ) {
  203. return( FALSE );
  204. }
  206. pbScan = pbSignature;
  208. memcpy( pbScan, &pServerCert->dwVersion, sizeof(DWORD));
  209. pbScan += sizeof(DWORD);
  211. memcpy( pbScan, &pServerCert->dwSigAlgID, sizeof(DWORD));
  212. pbScan += sizeof(DWORD);
  214. memcpy( pbScan, &pServerCert->dwKeyAlgID, sizeof(DWORD));
  215. pbScan += sizeof(DWORD);
  217. memcpy( pbScan, &pServerCert->PublicKeyData.wBlobType, sizeof(WORD));
  218. pbScan += sizeof(WORD);
  220. memcpy( pbScan, &pServerCert->PublicKeyData.wBlobLen, sizeof(WORD));
  221. pbScan += sizeof(WORD);
  223. memcpy(
  224. pbScan,
  225. pServerCert->PublicKeyData.pBlob,
  226. pServerCert->PublicKeyData.wBlobLen);
  228. //
  229. // generate the hash on the data.
  230. //
  232. MD5Init( &HashState );
  233. MD5Update( &HashState, pbSignature, dwLen );
  234. MD5Final( &HashState );
  236. //
  237. // free the signature blob, we don't need it anymore.
  238. //
  240. free( pbSignature );
  242. //
  243. // initialize the pulic key.
  244. //
  246. g_pPublicKey = (LPBSAFE_PUB_KEY)g_abPublicKeyModulus;
  248. g_pPublicKey->magic = RSA1;
  249. g_pPublicKey->keylen = 0x48;
  250. g_pPublicKey->bitlen = 0x0200;
  251. g_pPublicKey->datalen = 0x3f;
  252. g_pPublicKey->pubexp = 0xc0887b5b;
  254. //
  255. // decrypt the signature.
  256. //
  258. memset(SignHash, 0x00, 0x48);
  259. BSafeEncPublic( g_pPublicKey, pServerCert->SignatureBlob.pBlob, SignHash);
  261. //
  262. // compare the hash value.
  263. //
  265. if( memcmp( SignHash, HashState.digest, 16 )) {
  266. return( FALSE );
  267. }
  269. //
  270. // successfully validated the signature.
  271. //
  273. return( TRUE );
  274. }
  277. BOOL
  278. EncryptClientRandom(
  279. LPBYTE pbSrvPublicKey,
  280. DWORD dwSrvPublicKey,
  281. LPBYTE pbRandomKey,
  282. DWORD dwRandomKeyLen,
  283. LPBYTE pbEncRandomKey,
  284. LPDWORD pdwEncRandomKey
  285. )
  286. /*++
  288. Routine Description:
  290. Encrypt the client random using server's public key.
  292. Arguments:
  294. pbSrvPublicKey - pointer to the server public key.
  296. dwSrvPublicKey - length of the server public key.
  298. pbRandomKey - pointer to a buffer where the client random key.
  300. dwRandomKeyLen - length of the random key passed in.
  302. pbEncRandomKey - pointer to a buffer where the encrypted client random is
  303. returned.
  305. pdwEncRandomKey - pointer to a place where the length of the above buffer is
  306. passed in and length of the buffer used/required is returned.
  308. Return Value:
  310. TRUE - if the key is encrypted successfully.
  311. FALSE - otherwise.
  313. --*/
  314. {
  315. LPBSAFE_PUB_KEY pSrvPublicKey;
  316. BYTE abInputBuffer[512];
  318. ASSERT( pbSrvPublicKey != NULL );
  319. pSrvPublicKey = (LPBSAFE_PUB_KEY)pbSrvPublicKey;
  321. //
  322. // check to see buffer length pointer is valid.
  323. //
  325. if( pdwEncRandomKey == NULL ) {
  326. return( FALSE );
  327. }
  329. //
  330. // check to see a output buffer is specified and
  331. // the encrypt buffer length is sufficient.
  332. //
  334. if( (pbEncRandomKey == NULL) ||
  335. (*pdwEncRandomKey < pSrvPublicKey->keylen) ) {
  337. *pdwEncRandomKey = pSrvPublicKey->keylen;
  338. return( FALSE );
  339. }
  341. //
  342. // make sure the random key data and its length are valid.
  343. //
  345. ASSERT( pbRandomKey != NULL );
  346. ASSERT( dwRandomKeyLen <= pSrvPublicKey->datalen );
  347. ASSERT( pSrvPublicKey->datalen < pSrvPublicKey->keylen );
  348. ASSERT( pSrvPublicKey->keylen <= sizeof(abInputBuffer) );
  350. //
  351. // init the input buffer.
  352. //
  354. memset( abInputBuffer, 0x0, (UINT)pSrvPublicKey->keylen );
  356. //
  357. // copy data to be encrypted in the input buffer.
  358. //
  360. memcpy( abInputBuffer, pbRandomKey, (UINT)dwRandomKeyLen );
  362. //
  363. // initialize the output buffer.
  364. //
  366. memset( pbEncRandomKey, 0x0, (UINT)pSrvPublicKey->keylen );
  368. //
  369. // encrypt data now.
  370. //
  372. if( !BSafeEncPublic(
  373. pSrvPublicKey,
  374. (LPBYTE)abInputBuffer,
  375. pbEncRandomKey ) ) {
  377. *pdwEncRandomKey = 0;
  378. return( FALSE );
  379. }
  381. //
  382. // successfully encrypted the client random,
  383. // return the encrypted data length.
  384. //
  386. *pdwEncRandomKey = pSrvPublicKey->keylen;
  387. return( TRUE );
  388. }