libwinpr-sspi: start implementing Schannel EncryptMessage

2013-01-11 14:23:54 -05:00 · 2013-01-11 14:23:54 -05:00 · 136bbc8bf7
parent b868af322e
commit 136bbc8bf7
6 changed files with 96 additions and 26 deletions
--- a/winpr/libwinpr/sspi/NTLM/ntlm.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm.c
@ -341,9 +341,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
 		if (pInput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		input_buffer = &pInput->pBuffers[0];
+		input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);

-		if (input_buffer->BufferType != SECBUFFER_TOKEN)
+		if (!input_buffer)
 			return SEC_E_INVALID_TOKEN;

 		if (input_buffer->cbBuffer < 1)
@ -359,9 +359,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
 			if (pOutput->cBuffers < 1)
 				return SEC_E_INVALID_TOKEN;

-			output_buffer = &pOutput->pBuffers[0];
+			output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);

-			if (output_buffer->BufferType != SECBUFFER_TOKEN)
+			if (!output_buffer->BufferType)
 				return SEC_E_INVALID_TOKEN;

 			if (output_buffer->cbBuffer < 1)
@ -380,9 +380,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
 		if (pInput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		input_buffer = &pInput->pBuffers[0];
+		input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);

-		if (input_buffer->BufferType != SECBUFFER_TOKEN)
+		if (!input_buffer)
 			return SEC_E_INVALID_TOKEN;

 		if (input_buffer->cbBuffer < 1)
@ -454,9 +454,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle phCredenti
 		if (pOutput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		output_buffer = &pOutput->pBuffers[0];
+		output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);

-		if (output_buffer->BufferType != SECBUFFER_TOKEN)
+		if (!output_buffer)
 			return SEC_E_INVALID_TOKEN;

 		if (output_buffer->cbBuffer < 1)
@ -475,19 +475,15 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle phCredenti
 		if (pInput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		input_buffer = &pInput->pBuffers[0];
+		input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);

-		if (input_buffer->BufferType != SECBUFFER_TOKEN)
+		if (!input_buffer)
 			return SEC_E_INVALID_TOKEN;

 		if (input_buffer->cbBuffer < 1)
 			return SEC_E_INVALID_TOKEN;

-		if (pInput->cBuffers > 1)
-		{
-			if (pInput->pBuffers[1].BufferType == SECBUFFER_CHANNEL_BINDINGS)
-				channel_bindings = &pInput->pBuffers[1];
-		}
+		channel_bindings = sspi_FindSecBuffer(pInput, SECBUFFER_CHANNEL_BINDINGS);

 		if (channel_bindings)
 		{
@ -505,9 +501,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle phCredenti
 			if (pOutput->cBuffers < 1)
 				return SEC_E_INVALID_TOKEN;

-			output_buffer = &pOutput->pBuffers[0];
+			output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);

-			if (output_buffer->BufferType != SECBUFFER_TOKEN)
+			if (!output_buffer)
 				return SEC_E_INVALID_TOKEN;

 			if (output_buffer->cbBuffer < 1)
--- a/winpr/libwinpr/sspi/Schannel/schannel.c
+++ b/winpr/libwinpr/sspi/Schannel/schannel.c
@ -339,7 +339,17 @@ SECURITY_STATUS SEC_ENTRY schannel_VerifySignature(PCtxtHandle phContext, PSecBu

 SECURITY_STATUS SEC_ENTRY schannel_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SECURITY_STATUS status;
+	SCHANNEL_CONTEXT* context;
+
+	context = (SCHANNEL_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
+
+	if (!context)
+		return SEC_E_INVALID_HANDLE;
+
+	status = schannel_openssl_encrypt_message(context->openssl, pMessage);
+
+	return status;
 }

 SECURITY_STATUS SEC_ENTRY schannel_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG* pfQOP)
--- a/winpr/libwinpr/sspi/Schannel/schannel_openssl.c
+++ b/winpr/libwinpr/sspi/Schannel/schannel_openssl.c
@ -249,9 +249,9 @@ SECURITY_STATUS schannel_openssl_client_process_tokens(SCHANNEL_OPENSSL* context
 			if (pInput->cBuffers < 1)
 				return SEC_E_INVALID_TOKEN;

-			pBuffer = &pInput->pBuffers[0];
+			pBuffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);

-			if (pBuffer->BufferType != SECBUFFER_TOKEN)
+			if (!pBuffer)
 				return SEC_E_INVALID_TOKEN;

 			status = BIO_write(context->bioRead, pBuffer->pvBuffer, pBuffer->cbBuffer);
@ -270,9 +270,9 @@ SECURITY_STATUS schannel_openssl_client_process_tokens(SCHANNEL_OPENSSL* context
 		if (pOutput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		pBuffer = &pOutput->pBuffers[0];
+		pBuffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);

-		if (pBuffer->BufferType != SECBUFFER_TOKEN)
+		if (!pBuffer)
 			return SEC_E_INVALID_TOKEN;

 		if (status > 0)
@ -306,9 +306,9 @@ SECURITY_STATUS schannel_openssl_server_process_tokens(SCHANNEL_OPENSSL* context
 		if (pInput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		pBuffer = &pInput->pBuffers[0];
+		pBuffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);

-		if (pBuffer->BufferType != SECBUFFER_TOKEN)
+		if (!pBuffer)
 			return SEC_E_INVALID_TOKEN;

 		status = BIO_write(context->bioRead, pBuffer->pvBuffer, pBuffer->cbBuffer);
@ -326,9 +326,9 @@ SECURITY_STATUS schannel_openssl_server_process_tokens(SCHANNEL_OPENSSL* context
 		if (pOutput->cBuffers < 1)
 			return SEC_E_INVALID_TOKEN;

-		pBuffer = &pOutput->pBuffers[0];
+		pBuffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);

-		if (pBuffer->BufferType != SECBUFFER_TOKEN)
+		if (!pBuffer)
 			return SEC_E_INVALID_TOKEN;

 		if (status > 0)
@ -351,6 +351,48 @@ SECURITY_STATUS schannel_openssl_server_process_tokens(SCHANNEL_OPENSSL* context
 	return SEC_E_OK;
 }

+SECURITY_STATUS schannel_openssl_encrypt_message(SCHANNEL_OPENSSL* context, PSecBufferDesc pMessage)
+{
+	int status;
+	int ssl_error;
+	PSecBuffer pStreamBodyBuffer;
+	PSecBuffer pStreamHeaderBuffer;
+	PSecBuffer pStreamTrailerBuffer;
+
+	pStreamHeaderBuffer = sspi_FindSecBuffer(pMessage, SECBUFFER_STREAM_HEADER);
+	pStreamBodyBuffer = sspi_FindSecBuffer(pMessage, SECBUFFER_DATA);
+	pStreamTrailerBuffer = sspi_FindSecBuffer(pMessage, SECBUFFER_STREAM_TRAILER);
+
+	if ((!pStreamHeaderBuffer) || (!pStreamBodyBuffer) || (!pStreamTrailerBuffer))
+		return SEC_E_INVALID_TOKEN;
+
+	status = SSL_write(context->ssl, pStreamBodyBuffer->pvBuffer, pStreamBodyBuffer->cbBuffer);
+
+	if (status < 0)
+	{
+		ssl_error = SSL_get_error(context->ssl, status);
+		printf("SSL_write: %s\n", openssl_get_ssl_error_string(ssl_error));
+	}
+
+	status = BIO_read(context->bioWrite, context->ReadBuffer, SCHANNEL_CB_MAX_TOKEN);
+
+	return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+SECURITY_STATUS schannel_openssl_decrypt_message(SCHANNEL_OPENSSL* context, PSecBufferDesc pMessage)
+{
+	//int status;
+	//int ssl_error;
+	PSecBuffer pBuffer;
+
+	pBuffer = sspi_FindSecBuffer(pMessage, SECBUFFER_DATA);
+
+	if (!pBuffer)
+		return SEC_E_INVALID_TOKEN;
+
+	return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
 SCHANNEL_OPENSSL* schannel_openssl_new()
 {
 	SCHANNEL_OPENSSL* context;
--- a/winpr/libwinpr/sspi/Schannel/schannel_openssl.h
+++ b/winpr/libwinpr/sspi/Schannel/schannel_openssl.h
@ -49,6 +49,9 @@ int schannel_openssl_server_init(SCHANNEL_OPENSSL* context);
 SECURITY_STATUS schannel_openssl_client_process_tokens(SCHANNEL_OPENSSL* context, PSecBufferDesc pInput, PSecBufferDesc pOutput);
 SECURITY_STATUS schannel_openssl_server_process_tokens(SCHANNEL_OPENSSL* context, PSecBufferDesc pInput, PSecBufferDesc pOutput);

+SECURITY_STATUS schannel_openssl_encrypt_message(SCHANNEL_OPENSSL* context, PSecBufferDesc pMessage);
+SECURITY_STATUS schannel_openssl_decrypt_message(SCHANNEL_OPENSSL* context, PSecBufferDesc pMessage);
+
 SCHANNEL_OPENSSL* schannel_openssl_new();
 void schannel_openssl_free(SCHANNEL_OPENSSL* context);

--- a/winpr/libwinpr/sspi/sspi.c
+++ b/winpr/libwinpr/sspi/sspi.c
@ -371,6 +371,23 @@ void sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDE
 	}
 }

+PSecBuffer sspi_FindSecBuffer(PSecBufferDesc pMessage, ULONG BufferType)
+{
+	int index;
+	PSecBuffer pSecBuffer = NULL;
+
+	for (index = 0; index < pMessage->cBuffers; index++)
+	{
+		if (pMessage->pBuffers[index].BufferType == BufferType)
+		{
+			pSecBuffer = &pMessage->pBuffers[index];
+			break;
+		}
+	}
+
+	return pSecBuffer;
+}
+
 static BOOL sspi_initialized = FALSE;

 void sspi_GlobalInit()
--- a/winpr/libwinpr/sspi/sspi.h
+++ b/winpr/libwinpr/sspi/sspi.h
@ -33,6 +33,8 @@ typedef struct _CREDENTIALS CREDENTIALS;
 CREDENTIALS* sspi_CredentialsNew();
 void sspi_CredentialsFree(CREDENTIALS* credentials);

+PSecBuffer sspi_FindSecBuffer(PSecBufferDesc pMessage, ULONG BufferType);
+
 SecHandle* sspi_SecureHandleAlloc();
 void sspi_SecureHandleInit(SecHandle* handle);
 void sspi_SecureHandleInvalidate(SecHandle* handle);