Hans Leidekker : msv1_0: Implement SpSealMessage and SpUnsealMessage.
Alexandre Julliard
julliard at winehq.org
Fri Apr 30 16:03:27 CDT 2021
Module: wine
Branch: master
Commit: 7c786cfd4f8b4c5dd6e89f0894b0b4afbb6c346a
URL: https://source.winehq.org/git/wine.git/?a=commit;h=7c786cfd4f8b4c5dd6e89f0894b0b4afbb6c346a
Author: Hans Leidekker <hans at codeweavers.com>
Date: Fri Apr 30 11:59:39 2021 +0200
msv1_0: Implement SpSealMessage and SpUnsealMessage.
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/msv1_0/main.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 73 insertions(+), 2 deletions(-)
diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c
index 5e6372b138c..f61e3c90efe 100644
--- a/dlls/msv1_0/main.c
+++ b/dlls/msv1_0/main.c
@@ -1430,14 +1430,85 @@ static NTSTATUS NTAPI ntlm_SpVerifySignature( LSA_SEC_HANDLE handle, SecBufferDe
return verify_signature( ctx, ctx->flags, msg, idx );
}
+static NTSTATUS NTAPI ntlm_SpSealMessage( LSA_SEC_HANDLE handle, ULONG qop, SecBufferDesc *msg, ULONG msg_seq_no )
+{
+ int token_idx, data_idx;
+ struct ntlm_ctx *ctx;
+
+ TRACE( "%lx, %08x, %p %u\n", handle, qop, msg, msg_seq_no );
+ if (qop) FIXME( "ignoring quality of protection %08x\n", qop );
+ if (msg_seq_no) FIXME( "ignoring message sequence number %u\n", msg_seq_no );
+
+ if (!handle) return SEC_E_INVALID_HANDLE;
+
+ if (!msg || !msg->pBuffers || msg->cBuffers < 2 ||
+ (token_idx = get_buffer_index( msg, SECBUFFER_TOKEN )) == -1 ||
+ (data_idx = get_buffer_index( msg, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+
+ if (msg->pBuffers[token_idx].cbBuffer < 16) return SEC_E_BUFFER_TOO_SMALL;
+
+ ctx = (struct ntlm_ctx *)handle;
+ if (ctx->flags & FLAG_NEGOTIATE_NTLM2 && ctx->flags & FLAG_NEGOTIATE_SEAL)
+ {
+ create_signature( ctx, ctx->flags, msg, token_idx, SIGN_SEND, FALSE );
+
+ arc4_process( &ctx->crypt.ntlm2.send_arc4info, msg->pBuffers[data_idx].pvBuffer,
+ msg->pBuffers[data_idx].cbBuffer );
+ if (ctx->flags & FLAG_NEGOTIATE_KEY_EXCHANGE)
+ arc4_process( &ctx->crypt.ntlm2.send_arc4info, (char *)msg->pBuffers[token_idx].pvBuffer + 4, 8 );
+ }
+ else
+ {
+ char *sig = msg->pBuffers[token_idx].pvBuffer;
+
+ create_signature( ctx, ctx->flags | FLAG_NEGOTIATE_SIGN, msg, token_idx, SIGN_SEND, FALSE );
+
+ arc4_process( &ctx->crypt.ntlm.arc4info, msg->pBuffers[data_idx].pvBuffer, msg->pBuffers[data_idx].cbBuffer );
+ arc4_process( &ctx->crypt.ntlm.arc4info, sig + 4, 12 );
+
+ if (ctx->flags & FLAG_NEGOTIATE_ALWAYS_SIGN || !ctx->flags) memset( sig + 4, 0, 4 );
+ }
+
+ return SEC_E_OK;
+}
+
+static NTSTATUS NTAPI ntlm_SpUnsealMessage( LSA_SEC_HANDLE handle, SecBufferDesc *msg, ULONG msg_seq_no, ULONG *qop )
+{
+ int token_idx, data_idx;
+ struct ntlm_ctx *ctx;
+
+ TRACE( "%lx, %p, %u, %p\n", handle, msg, msg_seq_no, qop );
+ if (msg_seq_no) FIXME( "ignoring message sequence number %u\n", msg_seq_no );
+
+ if (!handle) return SEC_E_INVALID_HANDLE;
+
+ if (!msg || !msg->pBuffers || msg->cBuffers < 2 ||
+ (token_idx = get_buffer_index( msg, SECBUFFER_TOKEN )) == -1 ||
+ (data_idx = get_buffer_index( msg, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+
+ if (msg->pBuffers[token_idx].cbBuffer < 16) return SEC_E_BUFFER_TOO_SMALL;
+
+ ctx = (struct ntlm_ctx *)handle;
+ if (ctx->flags & FLAG_NEGOTIATE_NTLM2 && ctx->flags & FLAG_NEGOTIATE_SEAL)
+ arc4_process( &ctx->crypt.ntlm2.recv_arc4info, msg->pBuffers[data_idx].pvBuffer,
+ msg->pBuffers[data_idx].cbBuffer );
+ else
+ arc4_process( &ctx->crypt.ntlm.arc4info, msg->pBuffers[data_idx].pvBuffer,
+ msg->pBuffers[data_idx].cbBuffer);
+
+ /* make sure we use a session key for the signature check, SealMessage always does that,
+ even in the dummy case */
+ return verify_signature( ctx, ctx->flags | FLAG_NEGOTIATE_SIGN, msg, token_idx );
+}
+
static SECPKG_USER_FUNCTION_TABLE ntlm_user_table =
{
ntlm_SpInstanceInit,
NULL, /* SpInitUserModeContext */
ntlm_SpMakeSignature,
ntlm_SpVerifySignature,
- NULL, /* SpSealMessage */
- NULL, /* SpUnsealMessage */
+ ntlm_SpSealMessage,
+ ntlm_SpUnsealMessage,
NULL, /* SpGetContextToken */
NULL, /* SpQueryContextAttributes */
NULL, /* SpCompleteAuthToken */
More information about the wine-cvs
mailing list