/*++ Copyright (c) 1994-1997 Microsoft Corporation Module Name: tssec.h Abstract: contains data definitions required for tshare data encryption. Author: Madan Appiah (madana) 30-Dec-1997 Environment: User Mode - Win32 Revision History: --*/ #ifndef _TSSEC_H_ #define _TSSEC_H_ #ifdef __cplusplus extern "C" { #endif // __cplusplus #ifdef OS_WIN16 #define RSA32API typedef unsigned long ULONG; typedef ULONG FAR* LPULONG; #define UNALIGNED #endif // OS_WIN16 #include #define RANDOM_KEY_LENGTH 32 // size of a client/server random key #define MAX_SESSION_KEY_SIZE 16 // max size of a session key #define PRE_MASTER_SECRET_LEN 48 // size of a pre-master key #define SEC_MAX_USERNAME 256 // size of username #define MAX_SIGNKEY_SIZE 20 // maximum size of a signing key #define MAX_FIPS_SESSION_KEY_SIZE 24 // maximum size of a session key #define MAX_SIGN_SIZE 8 // maximum size of signed data #define DES3_KEYLEN 21 // size of 3des key #define FIPS_BLOCK_LEN 8 // block size for FIPS #define CLIENT_RANDOM_MAX_SIZE 512 #define UPDATE_SESSION_KEY_COUNT (1024 * 4) // update session key after this many encryptions. #define DATA_SIGNATURE_SIZE 8 // size of the data signature that sent accross. /****************************************************************************/ /* Encryption levels - bit field. */ /****************************************************************************/ #define SM_40BIT_ENCRYPTION_FLAG 0x01 #define SM_128BIT_ENCRYPTION_FLAG 0x02 #define SM_56BIT_ENCRYPTION_FLAG 0x08 #define SM_FIPS_ENCRYPTION_FLAG 0x10 typedef struct _RANDOM_KEYS_PAIR { BYTE clientRandom[RANDOM_KEY_LENGTH]; BYTE serverRandom[RANDOM_KEY_LENGTH]; } RANDOM_KEYS_PAIR, FAR *LPRANDOM_KEYS_PAIR; typedef enum _CryptMethod { Encrypt, Decrypt } CryptMethod; // // Autoreconnection specific security structures // These are defined here because they are not necessarily RDP // specific. Although the PDU's wrapping these packets will // be protocol specific. // // Server to client ARC packet #define ARC_SC_SECURITY_TOKEN_LEN 16 typedef struct _ARC_SC_PRIVATE_PACKET { ULONG cbLen; ULONG Version; ULONG LogonId; BYTE ArcRandomBits[ARC_SC_SECURITY_TOKEN_LEN]; } ARC_SC_PRIVATE_PACKET, *PARC_SC_PRIVATE_PACKET; #define ARC_CS_SECURITY_TOKEN_LEN 16 typedef struct _ARC_CS_PRIVATE_PACKET { ULONG cbLen; ULONG Version; ULONG LogonId; BYTE SecurityVerifier[ARC_CS_SECURITY_TOKEN_LEN]; } ARC_CS_PRIVATE_PACKET, *PARC_CS_PRIVATE_PACKET; BOOL MakeSessionKeys( LPRANDOM_KEYS_PAIR pKeyPair, LPBYTE pbEncryptKey, struct RC4_KEYSTRUCT FAR *prc4EncryptKey, LPBYTE pbDecryptKey, struct RC4_KEYSTRUCT FAR *prc4DecryptKey, LPBYTE pbMACSaltKey, DWORD dwKeyStrength, LPDWORD pdwKeyLength, DWORD dwEncryptionLevel ); BOOL UpdateSessionKey( LPBYTE pbStartKey, LPBYTE pbCurrentKey, DWORD dwKeyStrength, DWORD dwKeyLength, struct RC4_KEYSTRUCT FAR *prc4Key, DWORD dwEncryptionLevel ); BOOL EncryptData( DWORD dwEncryptionLevel, LPBYTE pSessionKey, struct RC4_KEYSTRUCT FAR *prc4EncryptKey, DWORD dwKeyLength, LPBYTE pbData, DWORD dwDataLen, LPBYTE pbMACSaltKey, LPBYTE pbSignature, BOOL fCheckSumEncryptedData, DWORD dwEncryptionCount ); BOOL DecryptData( DWORD dwEncryptionLevel, LPBYTE pSessionKey, struct RC4_KEYSTRUCT FAR *prc4DecryptKey, DWORD dwKeyLength, LPBYTE pbData, DWORD dwDataLen, LPBYTE pbMACSaltKey, LPBYTE pbSignature, BOOL fCheckSumCipherText, DWORD dwDecryptionCount ); // // RNG init/term functions for DLL_PROCESS_ATTACH, DLL_PROCESS_DETACH // VOID TSRNG_Initialize( ); VOID TSRNG_Shutdown( ); // // RNG bit gathering function i.e all the work happens here // // Params: // pbRandomKey - where to place the random bits // dwRandomKeyLen - size in bytes of pbRandomKey // // Returns // Success flag // BOOL TSRNG_GenerateRandomBits( LPBYTE pbRandomKey, DWORD dwRandomKeyLen ); #ifndef NO_INCLUDE_LICENSING BOOL GetServerCert( LPBYTE FAR *ppServerCertBlob, LPDWORD pdwServerCertLen ); BOOL UnpackServerCert( LPBYTE pbCert, DWORD dwCertLen, PHydra_Server_Cert pServerCert ); BOOL ValidateServerCert( PHydra_Server_Cert pServerCert ); #endif // NO_INCLUDE_LICENSING BOOL EncryptClientRandom( LPBYTE pbSrvPublicKey, DWORD dwSrvPublicKey, LPBYTE pbRandomKey, DWORD dwRandomKeyLen, LPBYTE pbEncRandomKey, LPDWORD pdwEncRandomKey ); BOOL DecryptClientRandom( LPBYTE pbEncRandomKey, DWORD dwEncRandomKeyLen, LPBYTE pbRandomKey, LPDWORD pdwRandomKeyLen ); BOOL EncryptDecryptLocalData( LPBYTE pbData, DWORD dwDataLen ); BOOL EncryptDecryptLocalData50( LPBYTE pbData, DWORD dwDataLen, LPBYTE pbSalt, DWORD dwSaltLen ); BOOL TSCAPI_GenerateRandomBits( LPBYTE pbRandomBits, DWORD cbLen ); // // remove (or comment) the following definition to disable the MSRC4. // // #define USE_MSRC4 #ifdef USE_MSRC4 VOID msrc4_key( struct RC4_KEYSTRUCT FAR *pKS, DWORD dwLen, LPBYTE pbKey); VOID msrc4( struct RC4_KEYSTRUCT FAR *pKS, DWORD dwLen, LPBYTE pbuf); #else // USE_MSRC4 #define msrc4_key rc4_key #define msrc4 rc4 #endif // USE_MSRC4 BOOL FindIsFrenchSystem( VOID ); #ifdef __cplusplus } #endif // __cplusplus #endif // _TSSEC_H_