Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

277 lines
6.3 KiB

  1. #pragma once
  2. #include <TChar.h>
  3. #include <Windows.h>
  4. #include <WinCrypt.h>
  5. #include <ComDef.h>
  6. #define ENCRYPTION_KEY_SIZE 16 // in bytes
  7. #define SESSION_KEY_SIZE 16 // in bytes
  8. //---------------------------------------------------------------------------
  9. // Crypt Provider Class
  10. //---------------------------------------------------------------------------
  11. class CCryptProvider
  12. {
  13. public:
  14. CCryptProvider();
  15. CCryptProvider(const CCryptProvider& r);
  16. ~CCryptProvider();
  17. CCryptProvider& operator =(const CCryptProvider& r);
  18. HCRYPTHASH CreateHash(ALG_ID aid);
  19. HCRYPTKEY DeriveKey(ALG_ID aid, HCRYPTHASH hHash, DWORD dwFlags = 0);
  20. _variant_t GenerateRandom(DWORD cbData) const;
  21. void GenerateRandom(BYTE* pbData, DWORD cbData) const;
  22. protected:
  23. HCRYPTPROV m_hProvider;
  24. };
  25. //---------------------------------------------------------------------------
  26. // Crypt Key Class
  27. //---------------------------------------------------------------------------
  28. class CCryptKey
  29. {
  30. public:
  31. CCryptKey(HCRYPTKEY hKey = NULL);
  32. ~CCryptKey();
  33. operator HCRYPTKEY()
  34. {
  35. return m_hKey;
  36. }
  37. void Attach(HCRYPTKEY hKey)
  38. {
  39. m_hKey = hKey;
  40. }
  41. HCRYPTKEY Detach()
  42. {
  43. HCRYPTKEY hKey = m_hKey;
  44. m_hKey = NULL;
  45. return hKey;
  46. }
  47. _variant_t Encrypt(HCRYPTHASH hHash, bool bFinal, const _variant_t& vntData);
  48. _variant_t Decrypt(HCRYPTHASH hHash, bool bFinal, const _variant_t& vntData);
  49. protected:
  50. CCryptKey(const CCryptKey& key) {}
  51. CCryptKey& operator =(const CCryptKey& key) { return *this; }
  52. protected:
  53. HCRYPTKEY m_hKey;
  54. };
  55. //---------------------------------------------------------------------------
  56. // Crypt Hash Class
  57. //---------------------------------------------------------------------------
  58. class CCryptHash
  59. {
  60. public:
  61. CCryptHash(HCRYPTHASH hHash = NULL);
  62. ~CCryptHash();
  63. operator HCRYPTHASH()
  64. {
  65. return m_hHash;
  66. }
  67. void Attach(HCRYPTHASH hHash)
  68. {
  69. m_hHash = hHash;
  70. }
  71. HCRYPTKEY Detach()
  72. {
  73. HCRYPTKEY hHash = m_hHash;
  74. m_hHash = NULL;
  75. return hHash;
  76. }
  77. _variant_t GetValue() const;
  78. void SetValue(const _variant_t& vntValue);
  79. void Hash(LPCTSTR pszData);
  80. void Hash(const _variant_t& vntData);
  81. void Hash(BYTE* pbData, DWORD cbData);
  82. bool operator ==(const CCryptHash& hash);
  83. bool operator !=(const CCryptHash& hash)
  84. {
  85. return !this->operator ==(hash);
  86. }
  87. protected:
  88. CCryptHash(const CCryptKey& hash) {}
  89. CCryptHash& operator =(const CCryptHash& hash) { return *this; }
  90. protected:
  91. HCRYPTHASH m_hHash;
  92. };
  93. //---------------------------------------------------------------------------
  94. // Domain Crypt Class
  95. //---------------------------------------------------------------------------
  96. class CDomainCrypt : public CCryptProvider
  97. {
  98. protected:
  99. CDomainCrypt();
  100. ~CDomainCrypt();
  101. HCRYPTKEY GetEncryptionKey(LPCTSTR pszKeyId);
  102. void StoreBytes(LPCTSTR pszId, const _variant_t& vntBytes);
  103. void StoreBytes(LPCTSTR pszId, BYTE* pBytes, DWORD cBytes);
  104. _variant_t RetrieveBytes(LPCTSTR pszId);
  105. protected:
  106. static _TCHAR m_szIdPrefix[];
  107. };
  108. //---------------------------------------------------------------------------
  109. // Target Crypt Class
  110. //
  111. // CreateEncryptionKey
  112. // - creates encryption key
  113. // - stores encryption key using key identifier
  114. // - returns encryption key encrypted with given password
  115. //---------------------------------------------------------------------------
  116. class CTargetCrypt : public CDomainCrypt
  117. {
  118. public:
  119. CTargetCrypt();
  120. ~CTargetCrypt();
  121. _variant_t CreateEncryptionKey(LPCTSTR pszKeyId, LPCTSTR pszPassword = NULL);
  122. _variant_t CreateSession(LPCTSTR pszKeyId);
  123. _variant_t Encrypt(_bstr_t strData);
  124. protected:
  125. void StoreBytes(LPCTSTR pszId, const _variant_t& vntBytes)
  126. {
  127. LPTSTR psz = (LPTSTR) _alloca((_tcslen(m_szIdPrefix) + 1 + _tcslen(pszId) + 1) * sizeof(_TCHAR));
  128. _tcscpy(psz, m_szIdPrefix);
  129. _tcscat(psz, _T("_"));
  130. _tcscat(psz, pszId);
  131. CDomainCrypt::StoreBytes(psz, vntBytes);
  132. }
  133. _variant_t RetrieveBytes(LPCTSTR pszId)
  134. {
  135. LPTSTR psz = (LPTSTR) _alloca((_tcslen(m_szIdPrefix) + 1 + _tcslen(pszId) + 1) * sizeof(_TCHAR));
  136. _tcscpy(psz, m_szIdPrefix);
  137. _tcscat(psz, _T("_"));
  138. _tcscat(psz, pszId);
  139. return CDomainCrypt::RetrieveBytes(psz);
  140. }
  141. protected:
  142. CCryptKey m_keySession;
  143. };
  144. //---------------------------------------------------------------------------
  145. // Source Crypt Class
  146. //---------------------------------------------------------------------------
  147. class CSourceCrypt : public CDomainCrypt
  148. {
  149. public:
  150. CSourceCrypt();
  151. ~CSourceCrypt();
  152. void ImportEncryptionKey(const _variant_t& vntEncryptedKey, LPCTSTR pszPassword = NULL);
  153. void ImportSessionKey(const _variant_t& vntEncryptedKey);
  154. _bstr_t Decrypt(const _variant_t& vntData);
  155. protected:
  156. CCryptKey m_keySession;
  157. };
  158. //---------------------------------------------------------------------------
  159. // Use Cases
  160. //---------------------------------------------------------------------------
  161. //
  162. // Target Domain Controller
  163. // ------------------------
  164. // Generate Encryption Key
  165. // - given source domain name and optional password
  166. // - generate 128 bit encryption key
  167. // - store encryption key using source domain name
  168. // - if given optional password encrypt key with password
  169. // - return encrypted key
  170. //
  171. // Generate Session Key
  172. // - given source domain name
  173. // - generate 128 bit session key
  174. // - generate hash of session key
  175. // - retrieve encryption key using source domain name
  176. // - encrypt session key and hash with encryption key
  177. // - return encrypted session key/hash
  178. //
  179. // Encrypt Data
  180. // - given data
  181. // - encrypt data using session key
  182. // - return encrypted data
  183. //
  184. // Password Export Server (PES)
  185. // ----------------------------
  186. // Store Encryption Key
  187. // - given encrypted encryption key and password
  188. // - decrypt key using password
  189. // - store key
  190. //
  191. // Decrypt Session Key
  192. // - given an encrypted session key / hash
  193. // - decrypt using encryption key
  194. // - generate hash of decrypted session key
  195. // - compare against decrypted hash
  196. // - store session key
  197. // - return success or failure
  198. //
  199. // Decrypt Data
  200. // - given encrypted data
  201. // - decrypt data using session key
  202. // - return un-encrypted data
  203. //---------------------------------------------------------------------------