|
|
// length of the salt to append to password
#define PASSWORD_SALT_LEN 16
// Primitive functions not shown
#define OLD_HMAC_VERSION 0x01
#define NEW_HMAC_VERSION 0x02
// externally used functions
BOOL FProvEncryptData( LPCWSTR szUser, // in
LPCWSTR szMasterKey, // in
BYTE rgbPwd[], // in, must be A_SHA_DIGEST_LEN
PBYTE* ppbMyData, // in out
DWORD* pcbMyData); // in out
BOOL FProvDecryptData( LPCWSTR szUser, // in
LPCWSTR szMasterKey, // in
BYTE rgbPwd[], // in, must be A_SHA_DIGEST_LEN
PBYTE* ppbData, // in out
DWORD* pcbData); // in out
BOOL FCheckPWConfirm( LPCWSTR szUser, // in
LPCWSTR szMasterKey, // in
BYTE rgbPwd[]); // in
BOOL FPasswordChangeNotify( LPCWSTR szUser, // in
LPCWSTR szPasswordName,// in
BYTE rgbOldPwd[], // in, must be A_SHA_DIGEST_LEN
DWORD cbOldPwd, // in
BYTE rgbNewPwd[], // in, must be A_SHA_DIGEST_LEN
DWORD cbNewPwd); // in
// performs MAC with location data, making data immovable
BOOL FHMACGeographicallySensitiveData( LPCWSTR szUser, // in
LPCWSTR szPasswordName, // in
DWORD dwMACVersion, // handle old, new MACs
BYTE rgbPwd[], // in, must be A_SHA_DIGEST_LEN
const GUID* pguidType, // in
const GUID* pguidSubtype, // in
LPCWSTR szItem, // in, may be NULL
PBYTE pbBuf, // in
DWORD cbBuf, // in
BYTE rgbHMAC[]); // out, must be A_SHA_DIGEST_LEN
// given pwd, salt, and ptr to master key buffer,
// decrypts and checks MAC on master key
BOOL FMyDecryptMK( BYTE rgbSalt[], DWORD cbSalt, BYTE rgbPwd[A_SHA_DIGEST_LEN], BYTE rgbConfirm[A_SHA_DIGEST_LEN], PBYTE* ppbMK, DWORD* pcbMK);
BOOLFMyDecryptMKEx( BYTE rgbSalt[], DWORD cbSalt, BYTE rgbPwd[A_SHA_DIGEST_LEN], BYTE rgbConfirm[A_SHA_DIGEST_LEN], PBYTE* ppbMK, DWORD* pcbMK, BOOL *pfResetSecurityState );
// given pwd, salt, and Master Key buffer, MACs and Encrypts Master Key buffer
BOOL FMyEncryptMK( BYTE rgbSalt[], DWORD cbSalt, BYTE rgbPwd[A_SHA_DIGEST_LEN], BYTE rgbConfirm[A_SHA_DIGEST_LEN], PBYTE* ppbMK, DWORD* pcbMK);
// France check
BOOL FIsEncryptionPermitted();
|
