archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/common2/crypt.c

394 lines
8.9 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // File: crypt.c
  4. //
  5. // Contents: cryptography routines for building EncryptedData structs
  6. //
  7. //
  8. // History: 17-Dec-91, RichardW Created
  9. // 25-Feb-92, RichardW Revised for CryptoSystems
  10. //
  11. //------------------------------------------------------------------------
  13. #ifndef WIN32_CHICAGO
  14. #include "krbprgma.h"
  15. #include <nt.h>
  16. #include <ntrtl.h>
  17. #include <nturtl.h>
  18. #include <kerbcomm.h>
  19. #include <kerberr.h>
  20. #include <kerbcon.h>
  21. #else // WIN32_CHICAGO
  22. #include <kerb.hxx>
  23. #include <kerbp.h>
  24. #endif // WIN32_CHICAGO
  27. #define CONFOUNDER_SIZE 8
  28. #define CHECKSUM_SIZE sizeof(CheckSum)
  32. //+-------------------------------------------------------------------------
  33. //
  34. // Function: KerbEncryptData
  35. //
  36. // Synopsis: shim for KerbEncryptDataEx
  37. //
  38. // Effects:
  39. //
  40. // Arguments:
  41. //
  42. // Requires:
  43. //
  44. // Returns:
  45. //
  46. // Notes:
  47. //
  48. //
  49. //--------------------------------------------------------------------------
  52. KERBERR NTAPI
  53. KerbEncryptData(
  54. OUT PKERB_ENCRYPTED_DATA EncryptedData,
  55. IN ULONG DataSize,
  56. IN PUCHAR Data,
  57. IN ULONG Algorithm,
  58. IN PKERB_ENCRYPTION_KEY Key
  59. )
  60. {
  61. return KerbEncryptDataEx(
  62. EncryptedData,
  63. DataSize,
  64. Data,
  65. KERB_NO_KEY_VERSION,
  66. 0, // no usage flags
  67. Key
  68. );
  69. }
  71. //+---------------------------------------------------------------------------
  72. //
  73. // Function: KerbEncryptDataEx
  74. //
  75. // Synopsis: Turns cleartext into cipher text
  76. //
  77. // Effects: In place encryption of data
  78. //
  79. // Arguments: Data - Contains data to be encrypted
  80. // DataSize - Contains length of data in bytes
  81. // KeyVersion - KERB_NO_KEY_VERSION for no key version or kvno for KERB_ENCRYPTED_DATA
  82. // Algorithm - Algorithm to be used for encryption/checksum
  83. // UsageFlags - Flags indicating usage (client/serve, encryption/authentication)
  84. // Key - Key to use for encryption
  85. //
  86. //
  87. //
  88. // Notes:
  89. //
  90. //----------------------------------------------------------------------------
  92. KERBERR NTAPI
  93. KerbEncryptDataEx(
  94. OUT PKERB_ENCRYPTED_DATA EncryptedData,
  95. IN ULONG DataSize,
  96. IN PUCHAR Data,
  97. IN ULONG KeyVersion,
  98. IN ULONG UsageFlags,
  99. IN PKERB_ENCRYPTION_KEY Key
  100. )
  101. {
  102. PCRYPTO_SYSTEM pcsCrypt = NULL;
  103. PCRYPT_STATE_BUFFER psbCryptBuffer = NULL;
  104. NTSTATUS Status = STATUS_SUCCESS;
  106. Status = CDLocateCSystem(Key->keytype, &pcsCrypt);
  107. if (!NT_SUCCESS(Status))
  108. {
  109. return(KDC_ERR_ETYPE_NOTSUPP);
  110. }
  112. //
  113. // Initialize header
  114. //
  116. EncryptedData->encryption_type = Key->keytype;
  118. Status = pcsCrypt->Initialize(
  119. (PUCHAR) Key->keyvalue.value,
  120. Key->keyvalue.length,
  121. UsageFlags,
  122. &psbCryptBuffer
  123. );
  125. if (!NT_SUCCESS(Status))
  126. {
  127. return(KRB_ERR_GENERIC);
  128. }
  130. Status = pcsCrypt->Encrypt(
  131. psbCryptBuffer,
  132. Data,
  133. DataSize,
  134. EncryptedData->cipher_text.value,
  135. &EncryptedData->cipher_text.length
  136. );
  138. (void) pcsCrypt->Discard(&psbCryptBuffer);
  140. if (!NT_SUCCESS(Status))
  141. {
  142. return(KRB_ERR_GENERIC);
  143. }
  145. if (KeyVersion != KERB_NO_KEY_VERSION)
  146. {
  147. EncryptedData->version = KeyVersion;
  148. EncryptedData->bit_mask |= version_present;
  149. }
  151. return(KDC_ERR_NONE);
  152. }
  154. //+-------------------------------------------------------------------------
  155. //
  156. // Function: KerbDecryptData
  157. //
  158. // Synopsis: Shim for KerbDecryptDataEx with no usage flags
  159. //
  160. // Effects:
  161. //
  162. // Arguments:
  163. //
  164. // Requires:
  165. //
  166. // Returns:
  167. //
  168. // Notes:
  169. //
  170. //
  171. //--------------------------------------------------------------------------
  174. KERBERR NTAPI
  175. KerbDecryptData(
  176. IN PKERB_ENCRYPTED_DATA EncryptedData,
  177. IN PKERB_ENCRYPTION_KEY pkKey,
  178. OUT PULONG DataSize,
  179. OUT PUCHAR Data
  180. )
  181. {
  182. return(KerbDecryptDataEx(
  183. EncryptedData,
  184. pkKey,
  185. 0, // no usage flags
  186. DataSize,
  187. Data
  188. ) );
  189. }
  191. //+---------------------------------------------------------------------------
  192. //
  193. // Function: KerbDecryptDataEx
  194. //
  195. // Synopsis: Decrypts an EncryptedData structure
  196. //
  197. // Effects:
  198. //
  199. // Arguments: [pedData] -- EncryptedData
  200. // [pkKey] -- Key to use
  201. //
  202. // History: 4-16-93 RichardW Created Comment
  203. //
  204. //----------------------------------------------------------------------------
  206. KERBERR NTAPI
  207. KerbDecryptDataEx(
  208. IN PKERB_ENCRYPTED_DATA EncryptedData,
  209. IN PKERB_ENCRYPTION_KEY pkKey,
  210. IN ULONG UsageFlags,
  211. OUT PULONG DataSize,
  212. OUT PUCHAR Data
  213. )
  214. {
  215. PCRYPTO_SYSTEM pcsCrypt = NULL;
  216. PCRYPT_STATE_BUFFER psbCryptBuffer = NULL;
  217. NTSTATUS Status = STATUS_SUCCESS;
  219. Status = CDLocateCSystem(
  220. EncryptedData->encryption_type,
  221. &pcsCrypt
  222. );
  223. if (!NT_SUCCESS(Status))
  224. {
  225. return(KDC_ERR_ETYPE_NOTSUPP);
  226. }
  228. if (EncryptedData->cipher_text.length & (pcsCrypt->BlockSize - 1))
  229. {
  230. return(KRB_ERR_GENERIC);
  231. }
  234. Status = pcsCrypt->Initialize(
  235. (PUCHAR) pkKey->keyvalue.value,
  236. pkKey->keyvalue.length,
  237. UsageFlags,
  238. &psbCryptBuffer
  239. );
  240. if (!NT_SUCCESS(Status))
  241. {
  242. return(KRB_ERR_GENERIC);
  243. }
  245. Status = pcsCrypt->Decrypt(
  246. psbCryptBuffer,
  247. EncryptedData->cipher_text.value,
  248. EncryptedData->cipher_text.length,
  249. Data,
  250. DataSize
  251. );
  253. (VOID) pcsCrypt->Discard(&psbCryptBuffer);
  255. if (!NT_SUCCESS(Status))
  256. {
  257. return(KRB_AP_ERR_MODIFIED);
  258. }
  259. else
  260. {
  261. return(KDC_ERR_NONE);
  262. }
  263. }
  266. //+-------------------------------------------------------------------------
  267. //
  268. // Function: KerbGetEncryptionOverhead
  269. //
  270. // Synopsis: Gets the extra space required for encryption to store the ckecksum
  271. //
  272. // Effects:
  273. //
  274. // Arguments: Algorithm - the algorithm to use
  275. // Overhead - receives the overhead in bytes
  276. //
  277. // Requires:
  278. //
  279. // Returns: STATUS_SUCCESS or KRB_E_ETYPE_NOSUPP
  280. //
  281. // Notes:
  282. //
  283. //
  284. //--------------------------------------------------------------------------
  286. KERBERR
  287. KerbGetEncryptionOverhead(
  288. IN ULONG Algorithm,
  289. OUT PULONG Overhead,
  290. OUT OPTIONAL PULONG BlockSize
  291. )
  292. {
  293. PCRYPTO_SYSTEM pcsCrypt;
  294. NTSTATUS Status = STATUS_SUCCESS;
  296. Status = CDLocateCSystem(Algorithm, &pcsCrypt);
  297. if (!NT_SUCCESS(Status))
  298. {
  299. return(KDC_ERR_ETYPE_NOTSUPP);
  300. }
  301. *Overhead = pcsCrypt->HeaderSize;
  302. if (ARGUMENT_PRESENT(BlockSize))
  303. {
  304. *BlockSize = pcsCrypt->BlockSize;
  305. }
  306. return(KDC_ERR_NONE);
  308. }
  311. //+-------------------------------------------------------------------------
  312. //
  313. // Function: KerbAllocateEncryptionBuffer
  314. //
  315. // Synopsis: Allocates the space required for encryption with a given
  316. // key
  317. //
  318. // Effects:
  319. //
  320. // Arguments:
  321. //
  322. // Requires:
  323. //
  324. // Returns:
  325. //
  326. // Notes:
  327. //
  328. //
  329. //--------------------------------------------------------------------------
  332. KERBERR
  333. KerbAllocateEncryptionBuffer(
  334. IN ULONG EncryptionType,
  335. IN ULONG BufferSize,
  336. OUT PUINT EncryptionBufferSize,
  337. OUT PBYTE * EncryptionBuffer
  338. )
  339. {
  340. KERBERR KerbErr = KDC_ERR_NONE;
  341. ULONG EncryptionOverhead = 0;
  342. ULONG BlockSize = 0;
  344. KerbErr = KerbGetEncryptionOverhead(
  345. EncryptionType,
  346. &EncryptionOverhead,
  347. &BlockSize
  348. );
  349. if (!KERB_SUCCESS(KerbErr))
  350. {
  351. goto Cleanup;
  352. }
  355. *EncryptionBufferSize = (UINT) ROUND_UP_COUNT(EncryptionOverhead + BufferSize, BlockSize);
  357. *EncryptionBuffer = (PBYTE) MIDL_user_allocate(*EncryptionBufferSize);
  358. if (*EncryptionBuffer == NULL)
  359. {
  360. KerbErr = KRB_ERR_GENERIC;
  361. }
  363. Cleanup:
  364. return(KerbErr);
  366. }
  368. KERBERR
  369. KerbAllocateEncryptionBufferWrapper(
  370. IN ULONG EncryptionType,
  371. IN ULONG BufferSize,
  372. OUT unsigned long * EncryptionBufferSize,
  373. OUT PBYTE * EncryptionBuffer
  374. )
  375. {
  376. KERBERR KerbErr = KDC_ERR_NONE;
  377. unsigned int tempInt = 0;
  379. KerbErr = KerbAllocateEncryptionBuffer(
  380. EncryptionType,
  381. BufferSize,
  382. &tempInt,
  383. EncryptionBuffer
  384. );
  386. if (!KERB_SUCCESS(KerbErr))
  387. {
  388. goto Cleanup;
  389. }
  390. *EncryptionBufferSize = tempInt;
  392. Cleanup:
  393. return (KerbErr);
  394. }