You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1679 lines
38 KiB
1679 lines
38 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// File: DESWRAP.C
|
|
//
|
|
// Contents: CryptoSystem wrapper functions for DES
|
|
//
|
|
//
|
|
// History: 06-Sep-1996 MikeSw Created
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
//
|
|
// Portions of this code (the key generation code) were taken from the
|
|
// MIT kerberos distribution.
|
|
//
|
|
|
|
/*
|
|
*
|
|
* Copyright 1989,1990 by the Massachusetts Institute of Technology.
|
|
* All Rights Reserved.
|
|
*
|
|
* Export of this software from the United States of America may
|
|
* require a specific license from the United States Government.
|
|
* It is the responsibility of any person or organization contemplating
|
|
* export to obtain such a license before exporting.
|
|
*
|
|
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
* distribute this software and its documentation for any purpose and
|
|
* without fee is hereby granted, provided that the above copyright
|
|
* notice appear in all copies and that both that copyright notice and
|
|
* this permission notice appear in supporting documentation, and that
|
|
* the name of M.I.T. not be used in advertising or publicity pertaining
|
|
* to distribution of the software without specific, written prior
|
|
* permission. M.I.T. makes no representations about the suitability of
|
|
* this software for any purpose. It is provided "as is" without express
|
|
* or implied warranty.
|
|
*
|
|
*
|
|
* Under U.S. law, this software may not be exported outside the US
|
|
* without license from the U.S. Commerce department.
|
|
*
|
|
* These routines form the library interface to the DES facilities.
|
|
*
|
|
* Originally written 8/85 by Steve Miller, MIT Project Athena.
|
|
*/
|
|
|
|
/* des.c - Routines for implementing the FIPS Data Encryption Standard (DES).
|
|
*
|
|
* Allan Bjorklund, University of Michigan, ITD/RS/DD.
|
|
* July 24, 1993.
|
|
*
|
|
* Revisions for PC memory model portability, July 11, 1994.
|
|
*
|
|
* Removed model portability header and added Win95 DLL
|
|
* declarations, May 31, 1995.
|
|
*
|
|
* Made all declarations Win95 and NT specific, September 18, 1995.
|
|
*
|
|
* Added quad_cksum, October 9, 1995.
|
|
*
|
|
* Copyright (c) 1995,1996 Regents of The University of Michigan.
|
|
* All Rights Reserved.
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software and
|
|
* its documentation for any purpose and without fee is hereby granted,
|
|
* provided that the above copyright notice appears in all copies and
|
|
* that both that copyright notice and this permission notice appear
|
|
* in supporting documentation, and that the name of The University
|
|
* of Michigan not be used in advertising or publicity pertaining to
|
|
* distribution of the software without specific, written prior
|
|
* permission. This software is supplied as is without expressed or
|
|
* implied warranties of any kind.
|
|
*
|
|
* Research Systems Unix Group
|
|
* The University of Michigan
|
|
* c/o Allan Bjorklund
|
|
* 535 W. William Street
|
|
* Ann Arbor, Michigan
|
|
* [email protected]
|
|
*/
|
|
|
|
#ifndef KERNEL_MODE
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
|
|
#include <windows.h>
|
|
|
|
#else
|
|
|
|
#include <ntifs.h>
|
|
#include <winerror.h>
|
|
|
|
#endif
|
|
|
|
#include <string.h>
|
|
#include <malloc.h>
|
|
#include <align.h>
|
|
|
|
#include <kerbcon.h>
|
|
#include <security.h>
|
|
#include <cryptdll.h>
|
|
#include "modes.h"
|
|
#include "des.h"
|
|
#include "md5.h"
|
|
|
|
BOOLEAN
|
|
md5Hmac(
|
|
IN PUCHAR pbKeyMaterial,
|
|
IN ULONG cbKeyMaterial,
|
|
IN PUCHAR pbData,
|
|
IN ULONG cbData,
|
|
IN PUCHAR pbData2,
|
|
IN ULONG cbData2,
|
|
OUT PUCHAR HmacData
|
|
);
|
|
|
|
#define DES_CONFOUNDER_LEN 8
|
|
|
|
typedef struct _DES_HEADER {
|
|
UCHAR Confounder[DES_CONFOUNDER_LEN];
|
|
UCHAR Checksum[MD5_LEN];
|
|
} DES_HEADER, *PDES_HEADER;
|
|
|
|
|
|
|
|
typedef struct _DES_STATE_BUFFER {
|
|
PCHECKSUM_FUNCTION ChecksumFunction;
|
|
DESTable KeyTable;
|
|
UCHAR InitializationVector[DES_BLOCKLEN];
|
|
} DES_STATE_BUFFER, *PDES_STATE_BUFFER;
|
|
|
|
typedef struct _DES_MAC_STATE_BUFFER {
|
|
DESTable KeyTable;
|
|
UCHAR Confounder[DES_BLOCKLEN];
|
|
UCHAR InitializationVector[DES_BLOCKLEN];
|
|
} DES_MAC_STATE_BUFFER, *PDES_MAC_STATE_BUFFER;
|
|
|
|
typedef struct _DES_MAC_1510_STATE_BUFFER {
|
|
DESTable KeyTable;
|
|
UCHAR InitializationVector[DES_BLOCKLEN];
|
|
UCHAR Confounder[DES_BLOCKLEN];
|
|
DESTable FinalKeyTable;
|
|
} DES_MAC_1510_STATE_BUFFER, *PDES_MAC_1510_STATE_BUFFER;
|
|
|
|
NTSTATUS NTAPI desPlainInitialize(PUCHAR, ULONG, ULONG, PCRYPT_STATE_BUFFER *);
|
|
NTSTATUS NTAPI desPlainExpInitialize(PUCHAR, ULONG, ULONG, PCRYPT_STATE_BUFFER *);
|
|
NTSTATUS NTAPI desMd5Initialize(PUCHAR, ULONG, ULONG, PCRYPT_STATE_BUFFER *);
|
|
NTSTATUS NTAPI desMd5ExpInitialize(PUCHAR, ULONG, ULONG, PCRYPT_STATE_BUFFER *);
|
|
NTSTATUS NTAPI desCrc32Initialize(PUCHAR, ULONG, ULONG, PCRYPT_STATE_BUFFER *);
|
|
NTSTATUS NTAPI desEncrypt(PCRYPT_STATE_BUFFER, PUCHAR, ULONG, PUCHAR, PULONG);
|
|
NTSTATUS NTAPI desDecrypt(PCRYPT_STATE_BUFFER, PUCHAR, ULONG, PUCHAR, PULONG);
|
|
NTSTATUS NTAPI desFinish(PCRYPT_STATE_BUFFER *);
|
|
NTSTATUS NTAPI desHashPassword(PSECURITY_STRING, PUCHAR);
|
|
NTSTATUS NTAPI desInitRandom(ULONG);
|
|
NTSTATUS NTAPI desRandomKey(PUCHAR, ULONG, PUCHAR);
|
|
NTSTATUS NTAPI desFinishRandom(void);
|
|
NTSTATUS NTAPI desControl(ULONG, PCRYPT_STATE_BUFFER, PUCHAR, ULONG);
|
|
|
|
NTSTATUS NTAPI desMacGeneralInitializeEx(PUCHAR, ULONG, PUCHAR, ULONG, PCHECKSUM_BUFFER *);
|
|
|
|
NTSTATUS NTAPI desMacInitialize(ULONG, PCHECKSUM_BUFFER *);
|
|
NTSTATUS NTAPI desMacInitializeEx(PUCHAR,ULONG, ULONG, PCHECKSUM_BUFFER *);
|
|
|
|
NTSTATUS NTAPI desMacKInitializeEx(PUCHAR,ULONG, ULONG, PCHECKSUM_BUFFER *);
|
|
|
|
NTSTATUS NTAPI desMac1510Initialize(ULONG, PCHECKSUM_BUFFER *);
|
|
NTSTATUS NTAPI desMac1510InitializeEx(PUCHAR,ULONG, ULONG, PCHECKSUM_BUFFER *);
|
|
NTSTATUS NTAPI desMac1510InitializeEx2(PUCHAR,ULONG, PUCHAR, ULONG, PCHECKSUM_BUFFER *);
|
|
NTSTATUS NTAPI desMac1510Finalize(PCHECKSUM_BUFFER, PUCHAR);
|
|
NTSTATUS NTAPI desMacSum(PCHECKSUM_BUFFER, ULONG, PUCHAR);
|
|
NTSTATUS NTAPI desMacFinalize(PCHECKSUM_BUFFER, PUCHAR);
|
|
NTSTATUS NTAPI desMacFinish(PCHECKSUM_BUFFER *);
|
|
|
|
#ifdef KERNEL_MODE
|
|
#pragma alloc_text( PAGEMSG, desPlainInitialize )
|
|
#pragma alloc_text( PAGEMSG, desPlainExpInitialize )
|
|
#pragma alloc_text( PAGEMSG, desMd5Initialize )
|
|
#pragma alloc_text( PAGEMSG, desMd5ExpInitialize )
|
|
#pragma alloc_text( PAGEMSG, desCrc32Initialize )
|
|
#pragma alloc_text( PAGEMSG, desEncrypt )
|
|
#pragma alloc_text( PAGEMSG, desDecrypt )
|
|
#pragma alloc_text( PAGEMSG, desFinish )
|
|
#pragma alloc_text( PAGEMSG, desHashPassword )
|
|
#pragma alloc_text( PAGEMSG, desInitRandom )
|
|
#pragma alloc_text( PAGEMSG, desRandomKey )
|
|
#pragma alloc_text( PAGEMSG, desFinishRandom )
|
|
#pragma alloc_text( PAGEMSG, desControl )
|
|
#pragma alloc_text( PAGEMSG, desMacInitialize )
|
|
#pragma alloc_text( PAGEMSG, desMacInitializeEx )
|
|
#pragma alloc_text( PAGEMSG, desMacSum )
|
|
#pragma alloc_text( PAGEMSG, desMacFinalize )
|
|
#pragma alloc_text( PAGEMSG, desMacFinish )
|
|
#pragma alloc_text( PAGEMSG, desMacGeneralInitializeEx )
|
|
#pragma alloc_text( PAGEMSG, desMacKInitializeEx )
|
|
#pragma alloc_text( PAGEMSG, desMac1510Initialize )
|
|
#pragma alloc_text( PAGEMSG, desMac1510InitializeEx )
|
|
#pragma alloc_text( PAGEMSG, desMac1510InitializeEx2 )
|
|
#pragma alloc_text( PAGEMSG, desMac1510Finalize )
|
|
#endif
|
|
|
|
|
|
CRYPTO_SYSTEM csDES_MD5 = {
|
|
KERB_ETYPE_DES_CBC_MD5, // Etype
|
|
DES_BLOCKLEN, // Blocksize
|
|
KERB_ETYPE_DES_CBC_MD5, // exportable version
|
|
DES_KEYSIZE, // Key size, in bytes
|
|
sizeof(DES_HEADER), // header size
|
|
KERB_CHECKSUM_MD5, // Preferred Checksum
|
|
CSYSTEM_USE_PRINCIPAL_NAME |
|
|
CSYSTEM_INTEGRITY_PROTECTED |
|
|
CSYSTEM_EXPORT_STRENGTH, // Attributes
|
|
L"Kerberos DES-CBC-MD5", // Text name
|
|
desMd5Initialize,
|
|
desEncrypt,
|
|
desDecrypt,
|
|
desFinish,
|
|
desHashPassword,
|
|
desRandomKey,
|
|
desControl
|
|
};
|
|
|
|
|
|
CRYPTO_SYSTEM csDES_CRC32 = {
|
|
KERB_ETYPE_DES_CBC_CRC, // Etype
|
|
DES_BLOCKLEN, // Blocksize (stream)
|
|
KERB_ETYPE_DES_CBC_CRC, // exportable version
|
|
DES_KEYSIZE, // Key size, in bytes
|
|
sizeof(DES_HEADER), // header size
|
|
KERB_CHECKSUM_CRC32, // Preferred Checksum
|
|
CSYSTEM_USE_PRINCIPAL_NAME |
|
|
CSYSTEM_INTEGRITY_PROTECTED |
|
|
CSYSTEM_EXPORT_STRENGTH, // Attributes
|
|
L"Kerberos DES-CBC-CRC", // Text name
|
|
desCrc32Initialize,
|
|
desEncrypt,
|
|
desDecrypt,
|
|
desFinish,
|
|
desHashPassword,
|
|
desRandomKey,
|
|
desControl
|
|
};
|
|
|
|
CRYPTO_SYSTEM csDES_PLAIN = {
|
|
KERB_ETYPE_DES_PLAIN, // Etype
|
|
DES_BLOCKLEN, // Blocksize
|
|
KERB_ETYPE_DES_PLAIN, // exportable version
|
|
DES_KEYSIZE, // Key size, in bytes
|
|
0, // header size
|
|
KERB_CHECKSUM_CRC32, // Preferred Checksum
|
|
CSYSTEM_USE_PRINCIPAL_NAME | CSYSTEM_EXPORT_STRENGTH, // Attributes
|
|
L"Kerberos DES-Plain", // Text name
|
|
desPlainInitialize,
|
|
desEncrypt,
|
|
desDecrypt,
|
|
desFinish,
|
|
desHashPassword,
|
|
desRandomKey,
|
|
desControl
|
|
};
|
|
|
|
|
|
|
|
CHECKSUM_FUNCTION csfDesMac = {
|
|
KERB_CHECKSUM_DES_MAC, // Checksum type
|
|
DES_BLOCKLEN, // Checksum length
|
|
CKSUM_KEYED,
|
|
desMacInitialize,
|
|
desMacSum,
|
|
desMacFinalize,
|
|
desMacFinish,
|
|
desMacInitializeEx,
|
|
NULL};
|
|
|
|
CHECKSUM_FUNCTION csfDesMacK = {
|
|
KERB_CHECKSUM_KRB_DES_MAC_K, // Checksum type
|
|
DES_BLOCKLEN, // Checksum length
|
|
CKSUM_KEYED,
|
|
desMacInitialize,
|
|
desMacSum,
|
|
desMacFinalize,
|
|
desMacFinish,
|
|
desMacKInitializeEx,
|
|
NULL};
|
|
|
|
CHECKSUM_FUNCTION csfDesMac1510 = {
|
|
KERB_CHECKSUM_KRB_DES_MAC, // Checksum type
|
|
DES_BLOCKLEN * 2, // Checksum length
|
|
CKSUM_KEYED,
|
|
desMac1510Initialize,
|
|
desMacSum,
|
|
desMac1510Finalize,
|
|
desMacFinish, // just frees the buffer
|
|
desMac1510InitializeEx,
|
|
desMac1510InitializeEx2};
|
|
|
|
|
|
#define SMASK(step) ((1<<step)-1)
|
|
#define PSTEP(x,step) (((x)&SMASK(step))^(((x)>>step)&SMASK(step)))
|
|
#define PARITY_CHAR(x, y) \
|
|
{\
|
|
UCHAR _tmp1_, _tmp2_; \
|
|
_tmp1_ = (UCHAR) PSTEP((x),4); \
|
|
_tmp2_ = (UCHAR) PSTEP(_tmp1_,2); \
|
|
*(y) = (UCHAR) PSTEP(_tmp2_, 1); \
|
|
} \
|
|
|
|
|
|
VOID
|
|
desFixupKeyParity(
|
|
PUCHAR Key
|
|
)
|
|
{
|
|
ULONG Index;
|
|
UCHAR TempChar;
|
|
for (Index=0; Index < DES_BLOCKLEN; Index++)
|
|
{
|
|
Key[Index] &= 0xfe;
|
|
PARITY_CHAR(Key[Index], &TempChar);
|
|
Key[Index] |= 1 ^ TempChar;
|
|
}
|
|
|
|
}
|
|
|
|
typedef UCHAR DES_KEYBLOCK[8];
|
|
|
|
DES_KEYBLOCK desWeakKeys[] = {
|
|
/* weak keys */
|
|
{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
|
|
{0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe},
|
|
{0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
|
|
{0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
|
|
|
|
/* semi-weak */
|
|
{0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe},
|
|
{0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01},
|
|
|
|
{0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1},
|
|
{0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e},
|
|
|
|
{0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1},
|
|
{0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01},
|
|
|
|
{0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe},
|
|
{0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e},
|
|
|
|
{0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e},
|
|
{0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01},
|
|
|
|
{0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe},
|
|
{0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1}
|
|
};
|
|
|
|
/*
|
|
* mit_des_is_weak_key: returns true iff key is a [semi-]weak des key.
|
|
*
|
|
* Requires: key has correct odd parity.
|
|
*/
|
|
|
|
BOOLEAN
|
|
desIsWeakKey(
|
|
PUCHAR Key
|
|
)
|
|
{
|
|
ULONG Index;
|
|
DES_KEYBLOCK * WeakKey = desWeakKeys;
|
|
|
|
for (Index = 0; Index < sizeof(desWeakKeys)/DES_BLOCKLEN; Index++) {
|
|
if (RtlEqualMemory(
|
|
WeakKey++,
|
|
Key,
|
|
DES_BLOCKLEN
|
|
))
|
|
{
|
|
return( TRUE );
|
|
}
|
|
}
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
desInitialize( PUCHAR pbKey,
|
|
ULONG KeySize,
|
|
ULONG MessageType,
|
|
ULONG Checksum,
|
|
PCRYPT_STATE_BUFFER * psbBuffer)
|
|
{
|
|
NTSTATUS Status;
|
|
PDES_STATE_BUFFER DesKey = NULL;
|
|
PCHECKSUM_FUNCTION ChecksumFunction = NULL;
|
|
|
|
//
|
|
// Make sure we were passed an appropriate keytable
|
|
//
|
|
|
|
|
|
if (KeySize != DES_KEYSIZE)
|
|
{
|
|
return(STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
|
|
//
|
|
// Get the appropriate checksum here.
|
|
//
|
|
|
|
if (Checksum != 0)
|
|
{
|
|
Status = CDLocateCheckSum(
|
|
Checksum,
|
|
&ChecksumFunction
|
|
);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
return(Status);
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
ChecksumFunction = NULL;
|
|
}
|
|
|
|
//
|
|
// Create the key buffer
|
|
//
|
|
|
|
|
|
#ifdef KERNEL_MODE
|
|
DesKey = ExAllocatePool (NonPagedPool, sizeof(DES_STATE_BUFFER));
|
|
#else
|
|
DesKey = LocalAlloc(0, sizeof(DES_STATE_BUFFER));
|
|
#endif
|
|
if (DesKey == NULL)
|
|
{
|
|
return(STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
|
|
deskey(&DesKey->KeyTable, pbKey);
|
|
|
|
//
|
|
// Initialize the checksum function
|
|
//
|
|
|
|
DesKey->ChecksumFunction = ChecksumFunction;
|
|
|
|
//
|
|
// DES-CBC-CRC uses the key as the ivec, MD5 and MD4 user zero
|
|
//
|
|
|
|
if (Checksum == KERB_CHECKSUM_CRC32)
|
|
{
|
|
RtlCopyMemory(
|
|
DesKey->InitializationVector,
|
|
pbKey,
|
|
DES_BLOCKLEN
|
|
);
|
|
}
|
|
else
|
|
{
|
|
RtlZeroMemory(
|
|
DesKey->InitializationVector,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
}
|
|
|
|
|
|
*psbBuffer = (PCRYPT_STATE_BUFFER) DesKey;
|
|
|
|
return(STATUS_SUCCESS);
|
|
|
|
}
|
|
|
|
#if DBG
|
|
void
|
|
DumpBuf(
|
|
IN PUCHAR Buf,
|
|
IN ULONG BufSize
|
|
)
|
|
{
|
|
ULONG Index;
|
|
for (Index = 0; Index < BufSize ;Index++ )
|
|
{
|
|
DbgPrint("%0.2x ",Buf[Index]);
|
|
}
|
|
}
|
|
|
|
#endif
|
|
|
|
NTSTATUS NTAPI
|
|
desMd5Initialize(
|
|
IN PUCHAR pbKey,
|
|
IN ULONG KeySize,
|
|
IN ULONG MessageType,
|
|
OUT PCRYPT_STATE_BUFFER * psbBuffer
|
|
)
|
|
{
|
|
return(desInitialize(
|
|
pbKey,
|
|
KeySize,
|
|
MessageType,
|
|
KERB_CHECKSUM_MD5,
|
|
psbBuffer
|
|
));
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
desCrc32Initialize(
|
|
IN PUCHAR pbKey,
|
|
IN ULONG KeySize,
|
|
IN ULONG MessageType,
|
|
OUT PCRYPT_STATE_BUFFER * psbBuffer
|
|
)
|
|
{
|
|
return(desInitialize(
|
|
pbKey,
|
|
KeySize,
|
|
MessageType,
|
|
KERB_CHECKSUM_CRC32,
|
|
psbBuffer
|
|
));
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desPlainInitialize(
|
|
IN PUCHAR pbKey,
|
|
IN ULONG KeySize,
|
|
IN ULONG MessageType,
|
|
OUT PCRYPT_STATE_BUFFER * psbBuffer
|
|
)
|
|
{
|
|
return(desInitialize(
|
|
pbKey,
|
|
KeySize,
|
|
MessageType,
|
|
0, // no checksum
|
|
psbBuffer
|
|
));
|
|
}
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: BlockDecrypt
|
|
//
|
|
// Synopsis: Encrypts a data buffer using DES
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: stolen from windows\base\ntcyrpto\scp\nt_crypt.c
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
NTSTATUS
|
|
BlockEncrypt(
|
|
IN PDES_STATE_BUFFER pKey,
|
|
IN PUCHAR pbData,
|
|
OUT PULONG pdwDataLen,
|
|
IN ULONG dwBufLen
|
|
)
|
|
{
|
|
ULONG cbPartial, dwPadVal, dwDataLen;
|
|
UCHAR pbBuf[DES_BLOCKLEN];
|
|
UCHAR FeedBack[DES_BLOCKLEN];
|
|
|
|
dwDataLen = *pdwDataLen;
|
|
|
|
//
|
|
// Initialize the feedback buffer to the initialization vector
|
|
//
|
|
|
|
memcpy(
|
|
FeedBack,
|
|
pKey->InitializationVector,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
//
|
|
// check length of the buffer and calculate the pad
|
|
// (if multiple of DES_BLOCKLEN, do a full block of pad)
|
|
//
|
|
|
|
cbPartial = (dwDataLen % DES_BLOCKLEN);
|
|
|
|
//
|
|
// The original code here put in 8 bytes of padding
|
|
// on an aligned buffer. That is a waste.
|
|
//
|
|
|
|
if (cbPartial != 0)
|
|
{
|
|
dwPadVal = DES_BLOCKLEN - cbPartial;
|
|
}
|
|
else
|
|
{
|
|
dwPadVal = 0;
|
|
}
|
|
|
|
if (pbData == NULL || dwBufLen < dwDataLen + dwPadVal)
|
|
{
|
|
//
|
|
// set what we need
|
|
//
|
|
|
|
*pdwDataLen = dwDataLen + dwPadVal;
|
|
if (pbData == NULL)
|
|
{
|
|
return (STATUS_SUCCESS);
|
|
}
|
|
return(STATUS_BUFFER_OVERFLOW);
|
|
}
|
|
|
|
//
|
|
// allocate memory for a temporary buffer
|
|
//
|
|
|
|
|
|
//
|
|
// Will this cause MIT clients/servers to flail? The caller
|
|
// should pass in only buffers that are already padded to
|
|
// make MIT clients work.
|
|
//
|
|
|
|
if (dwPadVal)
|
|
{
|
|
// Fill the pad with a value equal to the
|
|
// length of the padding, so decrypt will
|
|
// know the length of the original data
|
|
// and as a simple integrity check.
|
|
|
|
memset(
|
|
pbData + dwDataLen,
|
|
dwPadVal,
|
|
dwPadVal
|
|
);
|
|
}
|
|
|
|
dwDataLen += dwPadVal;
|
|
*pdwDataLen = dwDataLen;
|
|
|
|
ASSERT((dwDataLen % DES_BLOCKLEN) == 0);
|
|
|
|
//
|
|
// pump the full blocks of data through
|
|
//
|
|
while (dwDataLen)
|
|
{
|
|
ASSERT(dwDataLen >= DES_BLOCKLEN);
|
|
|
|
//
|
|
// put the plaintext into a temporary
|
|
// buffer, then encrypt the data
|
|
// back into the caller's buffer
|
|
//
|
|
|
|
memcpy(pbBuf, pbData, DES_BLOCKLEN);
|
|
|
|
CBC( des,
|
|
DES_BLOCKLEN,
|
|
pbData,
|
|
pbBuf,
|
|
&pKey->KeyTable,
|
|
ENCRYPT,
|
|
FeedBack
|
|
);
|
|
|
|
|
|
pbData += DES_BLOCKLEN;
|
|
dwDataLen -= DES_BLOCKLEN;
|
|
}
|
|
memcpy(
|
|
pKey->InitializationVector,
|
|
pbData - DES_BLOCKLEN,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
|
|
return(STATUS_SUCCESS);
|
|
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: BlockDecrypt
|
|
//
|
|
// Synopsis: Decrypt a block of data encrypted with BlockEncrypt
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes:
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
|
|
NTSTATUS
|
|
BlockDecrypt(
|
|
IN PDES_STATE_BUFFER pKey,
|
|
IN OUT PUCHAR pbData,
|
|
IN OUT PULONG pdwDataLen
|
|
)
|
|
{
|
|
UCHAR pbBuf[DES_BLOCKLEN];
|
|
ULONG dwDataLen, BytePos;
|
|
UCHAR FeedBack[DES_BLOCKLEN];
|
|
|
|
dwDataLen = *pdwDataLen;
|
|
|
|
//
|
|
// Check to see if we are decrypting something already
|
|
//
|
|
|
|
memcpy(
|
|
FeedBack,
|
|
pKey->InitializationVector,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
//
|
|
// The data length must be a multiple of the algorithm
|
|
// pad size.
|
|
//
|
|
if (dwDataLen % DES_BLOCKLEN)
|
|
{
|
|
return(STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
|
|
//
|
|
// pump the data through the decryption, including padding
|
|
// NOTE: the total length is a multiple of DES_BLOCKLEN
|
|
//
|
|
|
|
for (BytePos = 0; (BytePos + DES_BLOCKLEN) <= dwDataLen; BytePos += DES_BLOCKLEN)
|
|
{
|
|
//
|
|
// put the encrypted text into a temp buffer
|
|
//
|
|
|
|
memcpy (pbBuf, pbData + BytePos, DES_BLOCKLEN);
|
|
|
|
|
|
CBC(
|
|
des,
|
|
DES_BLOCKLEN,
|
|
pbData + BytePos,
|
|
pbBuf,
|
|
&pKey->KeyTable,
|
|
DECRYPT,
|
|
FeedBack
|
|
);
|
|
|
|
|
|
|
|
}
|
|
|
|
memcpy(
|
|
pKey->InitializationVector,
|
|
pbBuf,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desEncrypt(
|
|
IN PCRYPT_STATE_BUFFER psbBuffer,
|
|
IN PUCHAR pbInput,
|
|
IN ULONG cbInput,
|
|
OUT PUCHAR OutputBuffer,
|
|
OUT PULONG OutputLength
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
PDES_STATE_BUFFER StateBuffer = (PDES_STATE_BUFFER) psbBuffer;
|
|
PDES_HEADER CryptHeader = (PDES_HEADER) OutputBuffer;
|
|
PCHECKSUM_BUFFER SumBuffer = NULL;
|
|
ULONG LocalOutputLength;
|
|
|
|
//
|
|
// If we aren't doing raw DES, prepare a header structure
|
|
//
|
|
|
|
if (StateBuffer->ChecksumFunction != NULL)
|
|
{
|
|
//
|
|
// Relocate the buffer and inserat the header
|
|
//
|
|
|
|
RtlMoveMemory(
|
|
OutputBuffer + DES_CONFOUNDER_LEN + StateBuffer->ChecksumFunction->CheckSumSize,
|
|
pbInput,
|
|
cbInput
|
|
);
|
|
LocalOutputLength = cbInput + DES_CONFOUNDER_LEN + StateBuffer->ChecksumFunction->CheckSumSize;
|
|
|
|
|
|
//
|
|
// Zero fill the padding space
|
|
//
|
|
|
|
RtlZeroMemory(
|
|
OutputBuffer+LocalOutputLength,
|
|
ROUND_UP_COUNT(LocalOutputLength,DES_BLOCKLEN) - LocalOutputLength
|
|
);
|
|
|
|
LocalOutputLength = ROUND_UP_COUNT(LocalOutputLength,DES_BLOCKLEN);
|
|
|
|
|
|
RtlZeroMemory(
|
|
CryptHeader->Checksum,
|
|
StateBuffer->ChecksumFunction->CheckSumSize
|
|
);
|
|
|
|
CDGenerateRandomBits(
|
|
CryptHeader->Confounder,
|
|
DES_CONFOUNDER_LEN
|
|
);
|
|
|
|
|
|
//
|
|
// Checksum the buffer.
|
|
//
|
|
|
|
Status = StateBuffer->ChecksumFunction->Initialize(0, &SumBuffer);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
StateBuffer->ChecksumFunction->Sum(
|
|
SumBuffer,
|
|
LocalOutputLength,
|
|
OutputBuffer
|
|
);
|
|
StateBuffer->ChecksumFunction->Finalize(
|
|
SumBuffer,
|
|
CryptHeader->Checksum
|
|
);
|
|
StateBuffer->ChecksumFunction->Finish(
|
|
&SumBuffer
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Just copy the buffer
|
|
//
|
|
|
|
RtlCopyMemory(
|
|
OutputBuffer,
|
|
pbInput,
|
|
cbInput
|
|
);
|
|
|
|
LocalOutputLength = ROUND_UP_COUNT(cbInput,DES_BLOCKLEN);
|
|
|
|
//
|
|
// Zero fill the padding space
|
|
//
|
|
|
|
RtlZeroMemory(
|
|
OutputBuffer+cbInput,
|
|
LocalOutputLength - cbInput
|
|
);
|
|
|
|
}
|
|
|
|
//
|
|
// Encrypt the buffer.
|
|
//
|
|
|
|
|
|
*OutputLength = LocalOutputLength;
|
|
|
|
Status = BlockEncrypt(
|
|
StateBuffer,
|
|
OutputBuffer,
|
|
OutputLength,
|
|
LocalOutputLength
|
|
);
|
|
|
|
|
|
Cleanup:
|
|
|
|
return(Status);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desDecrypt( PCRYPT_STATE_BUFFER psbBuffer,
|
|
PUCHAR pbInput,
|
|
ULONG cbInput,
|
|
PUCHAR pbOutput,
|
|
PULONG cbOutput)
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
PDES_STATE_BUFFER StateBuffer = (PDES_STATE_BUFFER) psbBuffer;
|
|
PDES_HEADER CryptHeader;
|
|
UCHAR Checksum[MD5_LEN];
|
|
PCHECKSUM_BUFFER SumBuffer = NULL;
|
|
|
|
//
|
|
// First decrypt the whole buffer
|
|
//
|
|
|
|
if (*cbOutput < cbInput)
|
|
{
|
|
*cbOutput = cbInput;
|
|
return(STATUS_BUFFER_TOO_SMALL);
|
|
|
|
}
|
|
|
|
RtlCopyMemory(
|
|
pbOutput,
|
|
pbInput,
|
|
cbInput
|
|
);
|
|
Status = BlockDecrypt(
|
|
StateBuffer,
|
|
pbOutput,
|
|
&cbInput
|
|
);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
if (StateBuffer->ChecksumFunction != NULL)
|
|
{
|
|
//
|
|
// Now verify the checksum
|
|
//
|
|
|
|
CryptHeader = (PDES_HEADER) pbOutput;
|
|
RtlCopyMemory(
|
|
Checksum,
|
|
CryptHeader->Checksum,
|
|
MD5_LEN
|
|
);
|
|
|
|
//
|
|
// Zero the checksum field before computing the checksum of the buffer
|
|
//
|
|
|
|
RtlZeroMemory(
|
|
CryptHeader->Checksum,
|
|
StateBuffer->ChecksumFunction->CheckSumSize
|
|
);
|
|
|
|
//
|
|
// Checksum the buffer.
|
|
//
|
|
|
|
Status = StateBuffer->ChecksumFunction->Initialize(0, &SumBuffer);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
StateBuffer->ChecksumFunction->Sum(
|
|
SumBuffer,
|
|
cbInput,
|
|
pbOutput
|
|
);
|
|
StateBuffer->ChecksumFunction->Finalize(
|
|
SumBuffer,
|
|
CryptHeader->Checksum
|
|
);
|
|
StateBuffer->ChecksumFunction->Finish(
|
|
&SumBuffer
|
|
);
|
|
|
|
|
|
if (!RtlEqualMemory(
|
|
CryptHeader->Checksum,
|
|
Checksum,
|
|
StateBuffer->ChecksumFunction->CheckSumSize
|
|
))
|
|
{
|
|
Status = SEC_E_MESSAGE_ALTERED;
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// Copy the input to the output without the header
|
|
|
|
*cbOutput = cbInput - (DES_CONFOUNDER_LEN + StateBuffer->ChecksumFunction->CheckSumSize);
|
|
|
|
|
|
RtlMoveMemory(
|
|
pbOutput,
|
|
pbOutput + DES_CONFOUNDER_LEN + StateBuffer->ChecksumFunction->CheckSumSize,
|
|
*cbOutput
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
*cbOutput = cbInput;
|
|
|
|
}
|
|
|
|
Cleanup:
|
|
|
|
return(Status);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desFinish( PCRYPT_STATE_BUFFER * psbBuffer)
|
|
{
|
|
PDES_STATE_BUFFER StateBuffer = (PDES_STATE_BUFFER) *psbBuffer;
|
|
|
|
|
|
#ifdef KERNEL_MODE
|
|
ExFreePool(StateBuffer);
|
|
#else
|
|
LocalFree(StateBuffer);
|
|
#endif
|
|
*psbBuffer = NULL;
|
|
return(S_OK);
|
|
}
|
|
|
|
#define MIN(x,y) (((x) < (y)) ? (x) : (y))
|
|
|
|
#define XORBLOCK(x,y) \
|
|
{ \
|
|
PULONG tx = (PULONG) x; \
|
|
PULONG ty = (PULONG) y; \
|
|
*tx++ ^= *ty++; \
|
|
*tx++ ^= *ty++; \
|
|
}
|
|
|
|
VOID
|
|
desCbcChecksum(
|
|
IN PUCHAR Password,
|
|
IN ULONG PasswordLength,
|
|
IN PUCHAR InitialVector,
|
|
IN DESTable * KeyTable,
|
|
OUT PUCHAR OutputKey
|
|
)
|
|
{
|
|
ULONG Offset;
|
|
UCHAR Feedback[DES_BLOCKLEN];
|
|
UCHAR Block[DES_BLOCKLEN];
|
|
|
|
RtlCopyMemory(
|
|
Feedback,
|
|
InitialVector,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
for (Offset = 0; Offset < PasswordLength ; Offset+= 8 )
|
|
{
|
|
RtlZeroMemory(
|
|
Block,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
RtlCopyMemory(
|
|
Block,
|
|
Password+Offset,
|
|
MIN(DES_BLOCKLEN, PasswordLength - Offset)
|
|
);
|
|
|
|
XORBLOCK(Block, Feedback);
|
|
des(
|
|
Feedback,
|
|
Block,
|
|
KeyTable,
|
|
ENCRYPT
|
|
);
|
|
|
|
|
|
}
|
|
RtlCopyMemory(
|
|
OutputKey,
|
|
Feedback,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
}
|
|
|
|
#define BITREVERSE(c) ((UCHAR)((((c & 0x01) ? 0x80 : 0x00)\
|
|
|((c & 0x02) ? 0x40 : 0x00)\
|
|
|((c & 0x04) ? 0x20 : 0x00)\
|
|
|((c & 0x08) ? 0x10 : 0x00)\
|
|
|((c & 0x10) ? 0x08 : 0x00)\
|
|
|((c & 0x20) ? 0x04 : 0x00)\
|
|
|((c & 0x40) ? 0x02 : 0x00))\
|
|
& 0xFE))
|
|
|
|
//
|
|
// This is the core routine that converts a buffer into a key. It is called
|
|
// by desHashPassword and desRandomKey
|
|
//
|
|
|
|
VOID
|
|
desHashBuffer(
|
|
IN PUCHAR LocalPassword,
|
|
IN ULONG PasswordLength,
|
|
IN OUT PUCHAR Key
|
|
)
|
|
{
|
|
ULONG Index;
|
|
BOOLEAN Forward;
|
|
PUCHAR KeyPointer = Key;
|
|
DESTable KeyTable;
|
|
|
|
RtlZeroMemory(
|
|
Key,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
//
|
|
// Initialize our temporary parity vector
|
|
//
|
|
|
|
//
|
|
// Start fanfolding the bytes into the key
|
|
//
|
|
|
|
Forward = TRUE;
|
|
KeyPointer = Key;
|
|
for (Index = 0; Index < PasswordLength ; Index++ )
|
|
{
|
|
|
|
if (!Forward)
|
|
{
|
|
*(--KeyPointer) ^= BITREVERSE(LocalPassword[Index] & 0x7F);
|
|
}
|
|
else
|
|
{
|
|
*KeyPointer++ ^= (LocalPassword[Index] & 0x7F) << 1;
|
|
}
|
|
if (((Index+1) & 0x07) == 0) /* When MOD 8 equals 0 */
|
|
{
|
|
Forward = !Forward; /* Change direction. */
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// Fix key parity
|
|
//
|
|
|
|
desFixupKeyParity(Key);
|
|
|
|
//
|
|
// Check for weak keys.
|
|
//
|
|
|
|
if (desIsWeakKey(Key))
|
|
{
|
|
Key[7] ^= 0xf0;
|
|
}
|
|
|
|
//
|
|
// Now calculate the des-cbc-mac of the original string
|
|
//
|
|
|
|
deskey(&KeyTable, Key);
|
|
|
|
//
|
|
// Now compute the CBC checksum of the string
|
|
//
|
|
|
|
desCbcChecksum(
|
|
LocalPassword,
|
|
PasswordLength,
|
|
Key, // initial vector
|
|
&KeyTable,
|
|
Key // output key
|
|
);
|
|
|
|
//
|
|
// Fix key parity
|
|
//
|
|
|
|
desFixupKeyParity(Key);
|
|
|
|
//
|
|
// Check for weak keys.
|
|
//
|
|
|
|
if (desIsWeakKey(Key))
|
|
{
|
|
Key[7] ^= 0xf0;
|
|
}
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desHashPassword(
|
|
IN PSECURITY_STRING Password,
|
|
OUT PUCHAR Key
|
|
)
|
|
{
|
|
|
|
PUCHAR LocalPassword = NULL;
|
|
ULONG PasswordLength;
|
|
OEM_STRING OemPassword;
|
|
NTSTATUS Status;
|
|
|
|
|
|
//
|
|
// First convert the UNICODE string to an OEM string
|
|
//
|
|
|
|
|
|
|
|
Status = RtlUnicodeStringToOemString(
|
|
&OemPassword,
|
|
Password,
|
|
TRUE // allocate destination
|
|
);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
return(Status);
|
|
}
|
|
|
|
//
|
|
// We hash the password according to RFC1510
|
|
//
|
|
// This code is derived from the MIT Kerberos code in string2key.c
|
|
//
|
|
|
|
|
|
PasswordLength = ROUND_UP_COUNT(OemPassword.Length,8);
|
|
#ifdef KERNEL_MODE
|
|
LocalPassword = (PUCHAR) ExAllocatePool(NonPagedPool, PasswordLength);
|
|
#else
|
|
LocalPassword = (PUCHAR) LocalAlloc(0, PasswordLength);
|
|
#endif
|
|
if (LocalPassword == NULL)
|
|
{
|
|
RtlFreeOemString( &OemPassword );
|
|
return(STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
|
|
RtlCopyMemory(
|
|
LocalPassword,
|
|
OemPassword.Buffer,
|
|
OemPassword.Length
|
|
);
|
|
|
|
//
|
|
// Zero extend the password
|
|
//
|
|
|
|
RtlZeroMemory(
|
|
LocalPassword + OemPassword.Length,
|
|
PasswordLength - OemPassword.Length
|
|
);
|
|
|
|
|
|
//
|
|
// Initialize our temporary parity vector
|
|
//
|
|
desHashBuffer(
|
|
LocalPassword,
|
|
PasswordLength,
|
|
Key
|
|
);
|
|
RtlFreeOemString( &OemPassword );
|
|
#ifdef KERNEL_MODE
|
|
ExFreePool(LocalPassword);
|
|
#else
|
|
LocalFree(LocalPassword);
|
|
#endif
|
|
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
desRandomKey(
|
|
IN OPTIONAL PUCHAR Seed,
|
|
IN ULONG SeedLength,
|
|
OUT PUCHAR pbKey)
|
|
{
|
|
UCHAR Buffer[16];
|
|
do
|
|
{
|
|
CDGenerateRandomBits(Buffer,16);
|
|
|
|
desHashBuffer(
|
|
Buffer,
|
|
16,
|
|
pbKey
|
|
);
|
|
|
|
} while (desIsWeakKey(pbKey));
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desControl(
|
|
IN ULONG Function,
|
|
IN PCRYPT_STATE_BUFFER StateBuffer,
|
|
IN PUCHAR InputBuffer,
|
|
IN ULONG InputBufferSize
|
|
)
|
|
{
|
|
PDES_STATE_BUFFER DesStateBuffer = (PDES_STATE_BUFFER) StateBuffer;
|
|
|
|
if (Function != CRYPT_CONTROL_SET_INIT_VECT)
|
|
{
|
|
return(STATUS_INVALID_PARAMETER);
|
|
}
|
|
if (InputBufferSize != DES_BLOCKLEN)
|
|
{
|
|
return(STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
memcpy(
|
|
DesStateBuffer->InitializationVector,
|
|
InputBuffer,
|
|
DES_BLOCKLEN
|
|
);
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS NTAPI
|
|
desMacGeneralInitializeEx(
|
|
PUCHAR Key,
|
|
ULONG KeySize,
|
|
PUCHAR IV,
|
|
ULONG MessageType,
|
|
PCHECKSUM_BUFFER * ppcsBuffer
|
|
)
|
|
{
|
|
PDES_MAC_STATE_BUFFER DesKey = NULL;
|
|
|
|
//
|
|
// Make sure we were passed an appropriate keytable
|
|
//
|
|
|
|
|
|
if (KeySize != DES_KEYSIZE)
|
|
{
|
|
return(STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
|
|
#ifdef KERNEL_MODE
|
|
DesKey = ExAllocatePool(NonPagedPool, sizeof(DES_MAC_STATE_BUFFER));
|
|
#else
|
|
DesKey = LocalAlloc(0, sizeof(DES_MAC_STATE_BUFFER));
|
|
#endif
|
|
if (DesKey == NULL)
|
|
{
|
|
return(STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
|
|
//
|
|
// Create the key buffer
|
|
//
|
|
|
|
|
|
deskey(&DesKey->KeyTable, Key);
|
|
|
|
|
|
RtlCopyMemory(
|
|
DesKey->InitializationVector,
|
|
IV,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
*ppcsBuffer = (PCHECKSUM_BUFFER) DesKey;
|
|
|
|
return(STATUS_SUCCESS);
|
|
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMacInitializeEx(
|
|
PUCHAR Key,
|
|
ULONG KeySize,
|
|
ULONG MessageType,
|
|
PCHECKSUM_BUFFER * ppcsBuffer
|
|
)
|
|
{
|
|
UCHAR IV[DES_BLOCKLEN];
|
|
|
|
RtlZeroMemory(
|
|
IV,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
return desMacGeneralInitializeEx(
|
|
Key,
|
|
KeySize,
|
|
IV,
|
|
MessageType,
|
|
ppcsBuffer
|
|
);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMacKInitializeEx(
|
|
PUCHAR Key,
|
|
ULONG KeySize,
|
|
ULONG MessageType,
|
|
PCHECKSUM_BUFFER * ppcsBuffer
|
|
)
|
|
{
|
|
return desMacGeneralInitializeEx(
|
|
Key,
|
|
KeySize,
|
|
Key,
|
|
MessageType,
|
|
ppcsBuffer
|
|
);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMacInitialize(ULONG dwSeed,
|
|
PCHECKSUM_BUFFER * ppcsBuffer)
|
|
{
|
|
return(STATUS_NOT_IMPLEMENTED);
|
|
}
|
|
|
|
//
|
|
// NOTE - This function is used with both DES_MAC_STATE_BUFFER and
|
|
// DES_MAC_1510_STATE_BUFFER as the pcsBuffer parameter, since the
|
|
// DES_MAC_1510_STATE_BUFFER is the same as DES_MAC_STATE_BUFFER
|
|
// except with an added confounder this should be OK.
|
|
//
|
|
NTSTATUS NTAPI
|
|
desMacSum(
|
|
PCHECKSUM_BUFFER pcsBuffer,
|
|
ULONG cbData,
|
|
PUCHAR pbData)
|
|
{
|
|
PDES_MAC_STATE_BUFFER DesKey = (PDES_MAC_STATE_BUFFER) pcsBuffer;
|
|
UCHAR FeedBack[DES_BLOCKLEN];
|
|
UCHAR TempBuffer[DES_BLOCKLEN];
|
|
UCHAR OutputBuffer[DES_BLOCKLEN];
|
|
ULONG Index;
|
|
|
|
//
|
|
// Set up the IV for this round - it may be zero or the output of
|
|
// a previous MAC
|
|
//
|
|
|
|
memcpy(
|
|
FeedBack,
|
|
DesKey->InitializationVector,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
for (Index = 0; Index < cbData ; Index += DES_BLOCKLEN )
|
|
{
|
|
//
|
|
// Compute the input buffer, with padding
|
|
//
|
|
|
|
if (Index+DES_BLOCKLEN > cbData)
|
|
{
|
|
memset(
|
|
TempBuffer,
|
|
0,
|
|
DES_BLOCKLEN
|
|
);
|
|
memcpy(
|
|
TempBuffer,
|
|
pbData,
|
|
Index & (DES_BLOCKLEN-1)
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
memcpy(
|
|
TempBuffer,
|
|
pbData+Index,
|
|
DES_BLOCKLEN
|
|
);
|
|
}
|
|
|
|
|
|
CBC( des,
|
|
DES_BLOCKLEN,
|
|
TempBuffer,
|
|
OutputBuffer,
|
|
&DesKey->KeyTable,
|
|
ENCRYPT,
|
|
FeedBack
|
|
);
|
|
}
|
|
|
|
//
|
|
// Copy the feedback back into the IV for the next round
|
|
//
|
|
|
|
memcpy(
|
|
DesKey->InitializationVector,
|
|
FeedBack,
|
|
DES_BLOCKLEN
|
|
);
|
|
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMacFinalize(
|
|
PCHECKSUM_BUFFER pcsBuffer,
|
|
PUCHAR pbSum)
|
|
{
|
|
PDES_MAC_STATE_BUFFER DesKey = (PDES_MAC_STATE_BUFFER) pcsBuffer;
|
|
|
|
memcpy(pbSum, DesKey->InitializationVector, DES_BLOCKLEN);
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMacFinish( PCHECKSUM_BUFFER * ppcsBuffer)
|
|
{
|
|
#ifdef KERNEL_MODE
|
|
ExFreePool(*ppcsBuffer);
|
|
#else
|
|
LocalFree(*ppcsBuffer);
|
|
#endif
|
|
*ppcsBuffer = 0;
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMac1510Initialize(ULONG dwSeed,
|
|
PCHECKSUM_BUFFER * ppcsBuffer)
|
|
{
|
|
return(STATUS_NOT_IMPLEMENTED);
|
|
}
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
desMac1510InitializeEx(
|
|
PUCHAR Key,
|
|
ULONG KeySize,
|
|
ULONG MessageType,
|
|
PCHECKSUM_BUFFER * ppcsBuffer
|
|
)
|
|
{
|
|
return(STATUS_NOT_IMPLEMENTED);
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMac1510InitializeEx2(
|
|
PUCHAR Key,
|
|
ULONG KeySize,
|
|
PUCHAR ChecksumToVerify,
|
|
ULONG MessageType,
|
|
PCHECKSUM_BUFFER * ppcsBuffer
|
|
)
|
|
{
|
|
ULONG *pul;
|
|
ULONG *pul2;
|
|
UCHAR FinalKey[DES_KEYSIZE];
|
|
PDES_MAC_1510_STATE_BUFFER DesKey = NULL;
|
|
|
|
//
|
|
// Make sure we were passed an appropriate keytable
|
|
//
|
|
|
|
|
|
if (KeySize != DES_KEYSIZE)
|
|
{
|
|
return(STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
|
|
#ifdef KERNEL_MODE
|
|
DesKey = ExAllocatePool(NonPagedPool, sizeof(DES_MAC_1510_STATE_BUFFER));
|
|
#else
|
|
DesKey = LocalAlloc(0, sizeof(DES_MAC_1510_STATE_BUFFER));
|
|
#endif
|
|
if (DesKey == NULL)
|
|
{
|
|
return(STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
|
|
//
|
|
// create the final key table
|
|
//
|
|
pul = (ULONG*)FinalKey;
|
|
pul2 = (ULONG*)Key;
|
|
*pul = *pul2 ^ 0xf0f0f0f0;
|
|
pul = (ULONG*)(FinalKey + sizeof(ULONG));
|
|
pul2 = (ULONG*)(Key + sizeof(ULONG));
|
|
*pul = *pul2 ^ 0xf0f0f0f0;
|
|
|
|
deskey(&DesKey->FinalKeyTable, FinalKey);
|
|
|
|
//
|
|
// Checksum was not passed in so generate a confounder
|
|
//
|
|
if (NULL == ChecksumToVerify)
|
|
{
|
|
CDGenerateRandomBits(DesKey->Confounder,DES_BLOCKLEN);
|
|
}
|
|
else
|
|
{
|
|
// the IV is all zero so no need to use CBC on first block
|
|
des(DesKey->Confounder, ChecksumToVerify, &DesKey->FinalKeyTable, DECRYPT);
|
|
}
|
|
|
|
//
|
|
// Create the key buffer
|
|
//
|
|
deskey(&DesKey->KeyTable, Key);
|
|
|
|
|
|
// the IV is all zero so no need to use CBC on first block, but the
|
|
// ecncrypted confounder becomes the next IV
|
|
des(DesKey->InitializationVector, DesKey->Confounder, &DesKey->KeyTable, ENCRYPT);
|
|
|
|
*ppcsBuffer = (PCHECKSUM_BUFFER) DesKey;
|
|
|
|
return(STATUS_SUCCESS);
|
|
|
|
}
|
|
|
|
NTSTATUS NTAPI
|
|
desMac1510Finalize(
|
|
PCHECKSUM_BUFFER pcsBuffer,
|
|
PUCHAR pbSum)
|
|
{
|
|
UCHAR Feedback[DES_BLOCKLEN];
|
|
PDES_MAC_1510_STATE_BUFFER DesKey = (PDES_MAC_1510_STATE_BUFFER) pcsBuffer;
|
|
|
|
// the IV is all zero so no need to use CBC on first block
|
|
des(Feedback, DesKey->Confounder, &DesKey->FinalKeyTable, ENCRYPT);
|
|
|
|
memcpy(pbSum, Feedback, DES_BLOCKLEN);
|
|
|
|
// use CBC on second block
|
|
CBC( des,
|
|
DES_BLOCKLEN,
|
|
pbSum + DES_BLOCKLEN,
|
|
DesKey->InitializationVector,
|
|
&DesKey->FinalKeyTable,
|
|
ENCRYPT,
|
|
Feedback
|
|
);
|
|
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|