/*
** p r o p c r y p . c p p
**
** Purpose:
** Functions to provide blob-level access to the pstore
**
** History
** 3/04/97: (t-erikne) support for non-pstore systems
** 2/15/97: (t-erikne) rewritten for pstore
** 12/04/96: (sbailey) created
**
** Copyright (C) Microsoft Corp. 1996, 1997.
*/
#include "pch.hxx"
#include "propcryp.h"
#include <imnact.h>
#include <demand.h>
///////////////////////////////////////////////////////////////////////////
//
// Structures, definitions
//
#define OBFUSCATOR 0x14151875;
#define PROT_SIZEOF_HEADER 0x02 // 2 bytes in the header
#define PROT_SIZEOF_XORHEADER (PROT_SIZEOF_HEADER+sizeof(DWORD))
#define PROT_VERSION_1 0x01
#define PROT_PASS_XOR 0x01
#define PROT_PASS_PST 0x02
// Layout of registry data (v0)
//
// /--------------------------------
// | protected store name, a LPWSTR
// \--------------------------------
//
//
// Layout of registry data (v1)
//
// /----------------------------------------------------------------------
// | version (1 b) =0x01 | type (1 b) =PROT_PASS_* | data (see below)
// \----------------------------------------------------------------------
//
// data for PROT_PASS_PST
// struct _data
// { LPWSTR szPSTItemName; }
// data for PROT_PASS_XOR
// struct _data
// { DWORD cb; BYTE pb[cb]; }
//
///////////////////////////////////////////////////////////////////////////
//
// Prototypes
//
static inline BOOL FDataIsValidV0(BLOB *pblob);
static BOOL FDataIsValidV1(BYTE *pb);
static inline BOOL FDataIsPST(BYTE *pb);
static HRESULT XOREncodeProp(const BLOB *const pClear, BLOB *const pEncoded);
static HRESULT XORDecodeProp(const BLOB *const pEncoded, BLOB *const pClear);
///////////////////////////////////////////////////////////////////////////
//
// Admin functions (init, addref, release, ctor, dtor)
//
HRESULT HrCreatePropCrypt(CPropCrypt **ppPropCrypt)
{
*ppPropCrypt = new CPropCrypt();
if (NULL == *ppPropCrypt)
return TRAPHR(E_OUTOFMEMORY);
return (*ppPropCrypt)->HrInit();
}
CPropCrypt::CPropCrypt(void) : m_cRef(1), m_fInit(FALSE),
m_pISecProv(NULL)
{ }
CPropCrypt::~CPropCrypt(void)
{
ReleaseObj(m_pISecProv);
}
ULONG CPropCrypt::AddRef(void)
{ return ++m_cRef; }
ULONG CPropCrypt::Release(void)
{
if (0 != --m_cRef)
return m_cRef;
delete this;
return 0;
}
HRESULT CPropCrypt::HrInit(void)
{
HRESULT hr;
PST_PROVIDERID provId = MS_BASE_PSTPROVIDER_ID;
Assert(!m_pISecProv);
if (FAILED(hr = PStoreCreateInstance(&m_pISecProv, &provId, NULL, 0)))
{
// this is true because we will now handle
// all transactions without the protected store
m_fInit = TRUE;
hr = S_OK;
}
else if (SUCCEEDED(hr = PSTCreateTypeSubType_NoUI(
m_pISecProv,
&PST_IDENT_TYPE_GUID,
PST_IDENT_TYPE_STRING,
&PST_IMNACCT_SUBTYPE_GUID,
PST_IMNACCT_SUBTYPE_STRING)))
{
m_fInit = TRUE;
}
return hr;
}
///////////////////////////////////////////////////////////////////////////
//
// Public encode/decode/delete functions
//
///////////////////////////////////////////////////////////////////////////
HRESULT CPropCrypt::HrEncodeNewProp(LPSTR szAccountName, BLOB *pClear, BLOB *pEncoded)
{
HRESULT hr = S_OK;
const int cchFastbuf = 50;
WCHAR szWfast[cchFastbuf];
LPWSTR szWalloc = NULL;
LPWSTR wszCookie = NULL;
BLOB blob;
DWORD dwErr;
int cchW;
AssertSz (pClear && pEncoded, "Null Parameter");
pEncoded->pBlobData = NULL;
if (m_fInit == FALSE)
return TRAPHR(E_FAIL);
if (!m_pISecProv)
{
// protected store does not exist
hr = XOREncodeProp(pClear, pEncoded);
goto exit;
}
if (szAccountName)
{
if (!MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, szAccountName, -1,
szWfast, cchFastbuf))
{
dwErr = GetLastError();
if (ERROR_INSUFFICIENT_BUFFER == dwErr)
{
// get proper size and alloc buffer
cchW = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED,
szAccountName, -1, NULL, 0);
if (FAILED(hr = HrAlloc((LPVOID *)&szWalloc, cchW*sizeof(WCHAR))))
goto exit;
if (!(MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED,
szAccountName, -1, szWalloc, cchW)))
{
hr = GetLastError();
goto exit;
}
}
else
{
hr = dwErr;
goto exit;
}
}
}
else
{
szWfast[0] = '\000';
}
if (SUCCEEDED(hr = PSTSetNewData(m_pISecProv, &PST_IDENT_TYPE_GUID,
&PST_IMNACCT_SUBTYPE_GUID, szWalloc?szWalloc:szWfast, pClear, pEncoded)))
{
BYTE *pb = pEncoded->pBlobData;
DWORD sz = pEncoded->cbSize;
Assert(pb);
pEncoded->cbSize += PROT_SIZEOF_HEADER;
//N This realloc is annoying. If we assume the memory allocator used
//N by the PST function, we could be smarter....
if (FAILED(hr = HrAlloc((LPVOID *)&pEncoded->pBlobData, pEncoded->cbSize)))
goto exit;
pEncoded->pBlobData[0] = PROT_VERSION_1;
pEncoded->pBlobData[1] = PROT_PASS_PST;
Assert(2 == PROT_SIZEOF_HEADER);
CopyMemory(&pEncoded->pBlobData[PROT_SIZEOF_HEADER], pb, sz);
PSTFreeHandle(pb);
}
exit:
if (szWalloc)
MemFree(szWalloc);
if (FAILED(hr) && pEncoded->pBlobData)
MemFree(pEncoded->pBlobData);
return hr;
}
HRESULT CPropCrypt::HrEncode(BLOB *pClear, BLOB *pEncoded)
{
HRESULT hr;
PST_PROMPTINFO PromptInfo = { sizeof(PST_PROMPTINFO), 0, NULL, L""};
AssertSz (pClear && pEncoded &&
pClear->pBlobData && pClear->cbSize, "Null Parameter");
if (m_fInit == FALSE)
return TRAPHR(E_FAIL);
if (m_pISecProv)
{
if (FDataIsValidV1(pEncoded->pBlobData) && FDataIsPST(pEncoded->pBlobData))
{
Assert(pEncoded->cbSize-PROT_SIZEOF_HEADER ==
(lstrlenW((LPWSTR)(pEncoded->pBlobData+PROT_SIZEOF_HEADER))+1)*sizeof(WCHAR));
tryagain:
hr = m_pISecProv->WriteItem(
PST_KEY_CURRENT_USER,
&PST_IDENT_TYPE_GUID,
&PST_IMNACCT_SUBTYPE_GUID,
(LPCWSTR)&pEncoded->pBlobData[PROT_SIZEOF_HEADER],
(DWORD)pClear->cbSize,
pClear->pBlobData,
&PromptInfo,
PST_CF_NONE,
0);
if (PST_E_TYPE_NO_EXISTS == hr)
{
DOUTL(DOUTL_CPROP, "PropCryp: somebody ruined my type or subtype");
hr = PSTCreateTypeSubType_NoUI(
m_pISecProv,
&PST_IDENT_TYPE_GUID,
PST_IDENT_TYPE_STRING,
&PST_IMNACCT_SUBTYPE_GUID,
PST_IMNACCT_SUBTYPE_STRING);
if (SUCCEEDED(hr))
goto tryagain;
}
}
else
{
#ifdef DEBUG
if (FDataIsValidV0(pEncoded))
DOUTL(DOUTL_CPROP, "PropCryp: V0 to V1 upgrade");
else if (!FDataIsValidV1(pEncoded->pBlobData))
DOUTL(DOUTL_CPROP, "PropCryp: invalid data on save");
#endif
// now we have XOR data in a PST environment
hr = HrEncodeNewProp(NULL, pClear, pEncoded);
}
}
else
{
// protected store does not exist
hr = XOREncodeProp(pClear, pEncoded);
}
return TrapError(hr);
}
/* HrDecode:
**
** Purpose:
** Uses the protstor functions to retrieve a piece of secure data
** unless the data is not pstore, then it maps to the XOR function
** Takes:
** IN pEncoded - blob containing name to pass to PSTGetData
** OUT pClear - blob containing property data
** Notes:
** pBlobData in pClear must be freed with a call to CoTaskMemFree()
** Returns:
** hresult
*/
HRESULT CPropCrypt::HrDecode(BLOB *pEncoded, BLOB *pClear)
{
HRESULT hr;
AssertSz(pEncoded && pEncoded->pBlobData && pClear, TEXT("Null Parameter"));
pClear->pBlobData = NULL;
if (m_fInit == FALSE)
return TRAPHR(E_FAIL);
if (!FDataIsValidV1(pEncoded->pBlobData))
{
if (FDataIsValidV0(pEncoded))
{
DOUTL(DOUTL_CPROP, "PropCryp: obtaining v0 value");
// looks like we might have a v0 blob: the name string
hr = PSTGetData(m_pISecProv, &PST_IDENT_TYPE_GUID, &PST_IMNACCT_SUBTYPE_GUID,
(LPCWSTR)pEncoded->pBlobData, pClear);
}
else
hr = E_InvalidValue;
}
else if (FDataIsPST(pEncoded->pBlobData))
{
Assert(pEncoded->cbSize-PROT_SIZEOF_HEADER ==
(lstrlenW((LPWSTR)(pEncoded->pBlobData+PROT_SIZEOF_HEADER))+1)*sizeof(WCHAR));
hr = PSTGetData(m_pISecProv, &PST_IDENT_TYPE_GUID, &PST_IMNACCT_SUBTYPE_GUID,
(LPCWSTR)&pEncoded->pBlobData[PROT_SIZEOF_HEADER], pClear);
}
else
{
hr = XORDecodeProp(pEncoded, pClear);
}
return hr;
}
HRESULT CPropCrypt::HrDelete(BLOB *pProp)
{
HRESULT hr;
PST_PROMPTINFO PromptInfo = { sizeof(PST_PROMPTINFO), 0, NULL, L""};
if (m_fInit == FALSE)
return TRAPHR(E_FAIL);
if (m_pISecProv && FDataIsValidV1(pProp->pBlobData) && FDataIsPST(pProp->pBlobData))
{
Assert(pProp->cbSize-PROT_SIZEOF_HEADER ==
(lstrlenW((LPWSTR)(pProp->pBlobData+PROT_SIZEOF_HEADER))+1)*sizeof(WCHAR));
hr = m_pISecProv->DeleteItem(
PST_KEY_CURRENT_USER,
&PST_IDENT_TYPE_GUID,
&PST_IMNACCT_SUBTYPE_GUID,
(LPCWSTR)&pProp->pBlobData[PROT_SIZEOF_HEADER],
&PromptInfo,
0);
}
else
// nothing to do
hr = S_OK;
return hr;
}
///////////////////////////////////////////////////////////////////////////
//
// XOR functions
//
///////////////////////////////////////////////////////////////////////////
HRESULT XOREncodeProp(const BLOB *const pClear, BLOB *const pEncoded)
{
DWORD dwSize;
DWORD last, last2;
DWORD *pdwCypher;
DWORD dex;
pEncoded->cbSize = pClear->cbSize+PROT_SIZEOF_XORHEADER;
if (!MemAlloc((LPVOID *)&pEncoded->pBlobData, pEncoded->cbSize))
return E_OUTOFMEMORY;
// set up header data
Assert(2 == PROT_SIZEOF_HEADER);
pEncoded->pBlobData[0] = PROT_VERSION_1;
pEncoded->pBlobData[1] = PROT_PASS_XOR;
*((DWORD *)&(pEncoded->pBlobData[2])) = pClear->cbSize;
// nevermind that the pointer is offset by the header size, this is
// where we start to write out the modified password
pdwCypher = (DWORD *)&(pEncoded->pBlobData[PROT_SIZEOF_XORHEADER]);
dex = 0;
last = OBFUSCATOR; // 0' = 0 ^ ob
if (dwSize = pClear->cbSize / sizeof(DWORD))
{
// case where data is >= 4 bytes
for (; dex < dwSize; dex++)
{
last2 = ((DWORD *)pClear->pBlobData)[dex]; // 1
pdwCypher[dex] = last2 ^ last; // 1' = 1 ^ 0
last = last2; // save 1 for the 2 round
}
}
// if we have bits left over
// note that dwSize is computed now in bits
if (dwSize = (pClear->cbSize % sizeof(DWORD))*8)
{
// need to not munge memory that isn't ours
last >>= sizeof(DWORD)*8-dwSize;
pdwCypher[dex] &= ((DWORD)-1) << dwSize;
pdwCypher[dex] |=
((((DWORD *)pClear->pBlobData)[dex] & (((DWORD)-1) >> (sizeof(DWORD)*8-dwSize))) ^ last);
}
return S_OK;
}
HRESULT XORDecodeProp(const BLOB *const pEncoded, BLOB *const pClear)
{
DWORD dwSize;
DWORD last;
DWORD *pdwCypher;
DWORD dex;
// we use CoTaskMemAlloc to be in line with the PST implementation
pClear->cbSize = pEncoded->pBlobData[2];
if (!(pClear->pBlobData = (BYTE *)CoTaskMemAlloc(pClear->cbSize)))
return E_OUTOFMEMORY;
// should have been tested by now
Assert(FDataIsValidV1(pEncoded->pBlobData));
Assert(!FDataIsPST(pEncoded->pBlobData));
// nevermind that the pointer is offset by the header size, this is
// where the password starts
pdwCypher = (DWORD *)&(pEncoded->pBlobData[PROT_SIZEOF_XORHEADER]);
dex = 0;
last = OBFUSCATOR;
if (dwSize = pClear->cbSize / sizeof(DWORD))
{
// case where data is >= 4 bytes
for (; dex < dwSize; dex++)
last = ((DWORD *)pClear->pBlobData)[dex] = pdwCypher[dex] ^ last;
}
// if we have bits left over
if (dwSize = (pClear->cbSize % sizeof(DWORD))*8)
{
// need to not munge memory that isn't ours
last >>= sizeof(DWORD)*8-dwSize;
((DWORD *)pClear->pBlobData)[dex] &= ((DWORD)-1) << dwSize;
((DWORD *)pClear->pBlobData)[dex] |=
((pdwCypher[dex] & (((DWORD)-1) >> (sizeof(DWORD)*8-dwSize))) ^ last);
}
return S_OK;
}
///////////////////////////////////////////////////////////////////////////
//
// Other static functions
//
///////////////////////////////////////////////////////////////////////////
BOOL FDataIsValidV1(BYTE *pb)
{ return pb && pb[0] == PROT_VERSION_1 && (pb[1] == PROT_PASS_XOR || pb[1] == PROT_PASS_PST); }
BOOL FDataIsValidV0(BLOB *pblob)
{ return ((lstrlenW((LPWSTR)pblob->pBlobData)+1)*sizeof(WCHAR) == pblob->cbSize); }
BOOL FDataIsPST(BYTE *pb)
#ifdef DEBUG
{
if (pb)
if (pb[1] == PROT_PASS_PST)
{
DOUTL(DOUTL_CPROP, "PropCryp: Data is PST");
return TRUE;
}
else
{
DOUTL(DOUTL_CPROP, "PropCryp: Data is XOR");
return FALSE;
}
else
return FALSE;
}
#else
{ return pb && pb[1] == PROT_PASS_PST; }
#endif