archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/admin/admt/pwdsvc/admtcrypt2.cpp

486 lines
9.7 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //#include <StdAfx.h>
  2. #include "AdmtCrypt2.h"
  4. #include <NtSecApi.h>
  6. #pragma comment( lib, "AdvApi32.lib" )
  9. namespace AdmtCrypt2
  10. {
  12. #define SESSION_KEY_SIZE 16 // in bytes
  14. HCRYPTKEY __stdcall DeriveEncryptionKey(HCRYPTPROV hProvider);
  15. bool __stdcall IsDataMatchHash(HCRYPTPROV hProvider, const _variant_t& vntData, const _variant_t& vntHash);
  17. // Provider Methods
  19. HCRYPTKEY __stdcall DeriveKey(HCRYPTPROV hProvider, const _variant_t& vntBytes);
  20. HCRYPTHASH __stdcall CreateHash(HCRYPTPROV hProvider);
  21. bool __stdcall GenRandom(HCRYPTPROV hProvider, BYTE* pbData, DWORD cbData);
  23. // Key Methods
  25. void __stdcall DestroyKey(HCRYPTKEY hKey);
  26. bool __stdcall Decrypt(HCRYPTKEY hKey, const _variant_t& vntEncrypted, _variant_t& vntDecrypted);
  28. // Hash Methods
  30. void __stdcall DestroyHash(HCRYPTHASH hHash);
  31. bool __stdcall HashData(HCRYPTHASH hHash, const _variant_t& vntData);
  33. // Miscellaneous Helpers
  35. bool __stdcall RetrieveEncryptionBytes(_variant_t& vntBytes);
  37. // Variant Helpers
  39. bool __stdcall CreateByteArray(DWORD cb, _variant_t& vntByteArray);
  41. }
  43. using namespace AdmtCrypt2;
  46. //---------------------------------------------------------------------------
  47. // Source Crypt API
  48. //---------------------------------------------------------------------------
  51. // AdmtAcquireContext Method
  53. HCRYPTPROV __stdcall AdmtAcquireContext()
  54. {
  55. HCRYPTPROV hProvider = 0;
  57. BOOL bAcquire = CryptAcquireContext(
  58. &hProvider,
  59. NULL,
  60. MS_ENHANCED_PROV,
  61. PROV_RSA_FULL,
  62. CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT
  63. );
  65. if (!bAcquire)
  66. {
  67. hProvider = 0;
  68. }
  70. return hProvider;
  71. }
  74. // AdmtReleaseContext Method
  76. void __stdcall AdmtReleaseContext(HCRYPTPROV hProvider)
  77. {
  78. if (hProvider)
  79. {
  80. CryptReleaseContext(hProvider, 0);
  81. }
  82. }
  85. // AdmtImportSessionKey Method
  87. HCRYPTKEY __stdcall AdmtImportSessionKey(HCRYPTPROV hProvider, const _variant_t& vntEncryptedSessionBytes)
  88. {
  89. HCRYPTKEY hSessionKey = 0;
  91. if (hProvider && (vntEncryptedSessionBytes.vt == (VT_UI1|VT_ARRAY)) && ((vntEncryptedSessionBytes.parray != NULL)))
  92. {
  93. HCRYPTKEY hEncryptionKey = DeriveEncryptionKey(hProvider);
  95. if (hEncryptionKey)
  96. {
  97. _variant_t vntDecryptedSessionBytes;
  99. if (Decrypt(hEncryptionKey, vntEncryptedSessionBytes, vntDecryptedSessionBytes))
  100. {
  101. if (vntDecryptedSessionBytes.parray->rgsabound[0].cElements > SESSION_KEY_SIZE)
  102. {
  103. // extract session key bytes
  105. _variant_t vntBytes;
  107. if (CreateByteArray(SESSION_KEY_SIZE, vntBytes))
  108. {
  109. memcpy(vntBytes.parray->pvData, vntDecryptedSessionBytes.parray->pvData, SESSION_KEY_SIZE);
  111. // extract hash of session key bytes
  113. _variant_t vntHashValue;
  115. DWORD cbHashValue = vntDecryptedSessionBytes.parray->rgsabound[0].cElements - SESSION_KEY_SIZE;
  117. if (CreateByteArray(cbHashValue, vntHashValue))
  118. {
  119. memcpy(vntHashValue.parray->pvData, (BYTE*)vntDecryptedSessionBytes.parray->pvData + SESSION_KEY_SIZE, cbHashValue);
  121. if (IsDataMatchHash(hProvider, vntBytes, vntHashValue))
  122. {
  123. hSessionKey = DeriveKey(hProvider, vntBytes);
  124. }
  125. }
  126. }
  127. }
  128. else
  129. {
  130. SetLastError(ERROR_INVALID_PARAMETER);
  131. }
  132. }
  134. DestroyKey(hEncryptionKey);
  135. }
  136. }
  137. else
  138. {
  139. SetLastError(ERROR_INVALID_PARAMETER);
  140. }
  142. return hSessionKey;
  143. }
  146. // AdmtDecrypt Method
  148. _bstr_t __stdcall AdmtDecrypt(HCRYPTKEY hSessionKey, const _variant_t& vntEncrypted)
  149. {
  150. BSTR bstr = NULL;
  152. _variant_t vntDecrypted;
  154. if (Decrypt(hSessionKey, vntEncrypted, vntDecrypted))
  155. {
  156. HRESULT hr = BstrFromVector(vntDecrypted.parray, &bstr);
  158. if (FAILED(hr))
  159. {
  160. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  161. }
  162. }
  164. return _bstr_t(bstr, false);
  165. }
  168. // AdmtDestroyKey Method
  170. void __stdcall AdmtDestroyKey(HCRYPTKEY hKey)
  171. {
  172. DestroyKey(hKey);
  173. }
  176. //---------------------------------------------------------------------------
  177. // Private Helpers
  178. //---------------------------------------------------------------------------
  181. namespace AdmtCrypt2
  182. {
  185. HCRYPTKEY __stdcall DeriveEncryptionKey(HCRYPTPROV hProvider)
  186. {
  187. HCRYPTKEY hKey = 0;
  189. _variant_t vntBytes;
  191. if (RetrieveEncryptionBytes(vntBytes))
  192. {
  193. hKey = DeriveKey(hProvider, vntBytes);
  194. }
  196. return hKey;
  197. }
  200. bool __stdcall IsDataMatchHash(HCRYPTPROV hProvider, const _variant_t& vntData, const _variant_t& vntHash)
  201. {
  202. bool bMatch = false;
  204. HCRYPTHASH hHash = CreateHash(hProvider);
  206. if (hHash)
  207. {
  208. if (HashData(hHash, vntData))
  209. {
  210. DWORD dwSizeA;
  211. DWORD cbSize = sizeof(DWORD);
  213. if (CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&dwSizeA, &cbSize, 0))
  214. {
  215. DWORD dwSizeB = vntHash.parray->rgsabound[0].cElements;
  217. if (dwSizeA == dwSizeB)
  218. {
  219. BYTE* pbA = new BYTE[dwSizeA];
  221. if (pbA)
  222. {
  223. if (CryptGetHashParam(hHash, HP_HASHVAL, pbA, &dwSizeA, 0))
  224. {
  225. BYTE* pbB = (BYTE*) vntHash.parray->pvData;
  227. if (memcmp(pbA, pbB, dwSizeA) == 0)
  228. {
  229. bMatch = true;
  230. }
  231. }
  233. delete [] pbA;
  234. }
  235. else
  236. {
  237. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  238. }
  239. }
  240. }
  241. }
  242. }
  244. return bMatch;
  245. }
  248. // Provider Methods
  251. HCRYPTKEY __stdcall DeriveKey(HCRYPTPROV hProvider, const _variant_t& vntBytes)
  252. {
  253. HCRYPTKEY hKey = 0;
  255. HCRYPTHASH hHash = CreateHash(hProvider);
  257. if (hHash)
  258. {
  259. if (HashData(hHash, vntBytes))
  260. {
  261. if (!CryptDeriveKey(hProvider, CALG_3DES, hHash, 0, &hKey))
  262. {
  263. hKey = 0;
  264. }
  265. }
  267. DestroyHash(hHash);
  268. }
  270. return hKey;
  271. }
  274. HCRYPTHASH __stdcall CreateHash(HCRYPTPROV hProvider)
  275. {
  276. HCRYPTHASH hHash;
  278. if (!CryptCreateHash(hProvider, CALG_SHA1, 0, 0, &hHash))
  279. {
  280. hHash = 0;
  281. }
  283. return hHash;
  284. }
  287. bool __stdcall GenRandom(HCRYPTPROV hProvider, BYTE* pbData, DWORD cbData)
  288. {
  289. return CryptGenRandom(hProvider, cbData, pbData) ? true : false;
  290. }
  293. // Key Methods --------------------------------------------------------------
  296. // DestroyKey Method
  298. void __stdcall DestroyKey(HCRYPTKEY hKey)
  299. {
  300. if (hKey)
  301. {
  302. CryptDestroyKey(hKey);
  303. }
  304. }
  307. // Decrypt Method
  309. bool __stdcall Decrypt(HCRYPTKEY hKey, const _variant_t& vntEncrypted, _variant_t& vntDecrypted)
  310. {
  311. bool bDecrypted = false;
  313. _variant_t vnt = vntEncrypted;
  315. if ((vnt.vt == (VT_UI1|VT_ARRAY)) && (vnt.parray != NULL))
  316. {
  317. // decrypt data
  319. BYTE* pb = (BYTE*) vnt.parray->pvData;
  320. DWORD cb = vnt.parray->rgsabound[0].cElements;
  322. if (CryptDecrypt(hKey, NULL, TRUE, 0, pb, &cb))
  323. {
  324. // create decrypted byte array
  325. // the number of decrypted bytes may be less than
  326. // the number of encrypted bytes
  328. vntDecrypted.parray = SafeArrayCreateVector(VT_UI1, 0, cb);
  330. if (vntDecrypted.parray != NULL)
  331. {
  332. vntDecrypted.vt = VT_UI1|VT_ARRAY;
  334. memcpy(vntDecrypted.parray->pvData, vnt.parray->pvData, cb);
  336. bDecrypted = true;
  337. }
  338. else
  339. {
  340. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  341. }
  342. }
  343. }
  344. else
  345. {
  346. SetLastError(ERROR_INVALID_PARAMETER);
  347. }
  349. return bDecrypted;
  350. }
  353. // Hash Methods -------------------------------------------------------------
  356. // DestroyHash Method
  358. void __stdcall DestroyHash(HCRYPTHASH hHash)
  359. {
  360. if (hHash)
  361. {
  362. CryptDestroyHash(hHash);
  363. }
  364. }
  367. // HashData Method
  369. bool __stdcall HashData(HCRYPTHASH hHash, const _variant_t& vntData)
  370. {
  371. bool bHash = false;
  373. if ((vntData.vt == (VT_UI1|VT_ARRAY)) && ((vntData.parray != NULL)))
  374. {
  375. if (CryptHashData(hHash, (BYTE*)vntData.parray->pvData, vntData.parray->rgsabound[0].cElements, 0))
  376. {
  377. bHash = true;
  378. }
  379. }
  380. else
  381. {
  382. SetLastError(ERROR_INVALID_PARAMETER);
  383. }
  385. return bHash;
  386. }
  389. // Miscellaneous Helpers ----------------------------------------------------
  392. // RetrieveEncryptionBytes Method
  394. bool __stdcall RetrieveEncryptionBytes(_variant_t& vntBytes)
  395. {
  396. // private data key identifier
  397. _TCHAR c_szIdPrefix[] = _T("L$6A2899C0-CECE-459A-B5EB-7ED04DE61388");
  398. const USHORT c_cbIdPrefix = sizeof(c_szIdPrefix) - sizeof(_TCHAR);
  400. bool bRetrieve = false;
  402. // open policy object
  404. LSA_HANDLE hPolicy;
  406. LSA_OBJECT_ATTRIBUTES lsaoa = { sizeof(LSA_OBJECT_ATTRIBUTES), NULL, NULL, 0, NULL, NULL };
  408. NTSTATUS ntsStatus = LsaOpenPolicy(NULL, &lsaoa, POLICY_GET_PRIVATE_INFORMATION, &hPolicy);
  410. if (LSA_SUCCESS(ntsStatus))
  411. {
  412. // retrieve data
  414. LSA_UNICODE_STRING lsausKey = { c_cbIdPrefix, c_cbIdPrefix, c_szIdPrefix };
  415. PLSA_UNICODE_STRING plsausData;
  417. ntsStatus = LsaRetrievePrivateData(hPolicy, &lsausKey, &plsausData);
  419. if (LSA_SUCCESS(ntsStatus))
  420. {
  421. vntBytes.Clear();
  423. vntBytes.parray = SafeArrayCreateVector(VT_UI1, 0, plsausData->Length);
  425. if (vntBytes.parray != NULL)
  426. {
  427. vntBytes.vt = VT_UI1|VT_ARRAY;
  429. memcpy(vntBytes.parray->pvData, plsausData->Buffer, plsausData->Length);
  431. bRetrieve = true;
  432. }
  433. else
  434. {
  435. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  436. }
  438. LsaFreeMemory(plsausData);
  439. }
  440. else
  441. {
  442. SetLastError(LsaNtStatusToWinError(ntsStatus));
  443. }
  445. // close policy object
  447. LsaClose(hPolicy);
  448. }
  449. else
  450. {
  451. SetLastError(LsaNtStatusToWinError(ntsStatus));
  452. }
  454. return bRetrieve;
  455. }
  458. // Variant Helpers ----------------------------------------------------------
  461. // CreateByteArray Method
  463. bool __stdcall CreateByteArray(DWORD cb, _variant_t& vntByteArray)
  464. {
  465. bool bCreate = false;
  467. vntByteArray.Clear();
  469. vntByteArray.parray = SafeArrayCreateVector(VT_UI1, 0, cb);
  471. if (vntByteArray.parray)
  472. {
  473. bCreate = true;
  474. }
  475. else
  476. {
  477. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  478. }
  480. vntByteArray.vt = VT_UI1|VT_ARRAY;
  482. return bCreate;
  483. }
  486. }