Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

781 lines
21 KiB

/*++
Copyright (c) 1994 Micro Computer Systems, Inc.
Module Name:
nwlibs\encrypt.c
Abstract:
This module implements the routines for the NetWare
redirector to mangle an objectid, challenge key and
password such that a NetWare server will accept the
password as valid.
This program uses information published in Byte Magazine.
Author:
Shawn Walker (v-swalk) 10-10-1994
Revision History:
11-9-1994 Copied from nwslib for login and minimars for
change password.
09-7-1995 (AndyHe) Put in proper setpass compatible processing
--*/
#include "dswarn.h"
#include <windef.h>
#include "encrypt.h"
#include <oledsdbg.h>
#define STATIC
#define STRLEN strlen
#define STRUPR _strupr
#define NUM_NYBBLES 34
STATIC
VOID
RespondToChallengePart1(
IN PUCHAR pObjectId,
IN PUCHAR pPassword,
OUT PUCHAR pResponse
);
STATIC
VOID
RespondToChallengePart2(
IN PUCHAR pResponsePart1,
IN PUCHAR pChallenge,
OUT PUCHAR pResponse
);
STATIC
VOID
Shuffle(
UCHAR *achObjectId,
UCHAR *szUpperPassword,
int iPasswordLen,
UCHAR *achOutputBuffer,
UCHAR ChangePassword
);
STATIC
int
Scramble(
int iSeed,
UCHAR achBuffer[32]
);
STATIC
VOID
ExpandBytes(
IN PUCHAR InArray,
OUT PUCHAR OutArray
);
STATIC
VOID
CompressBytes(
IN PUCHAR InArray,
OUT PUCHAR OutArray
);
VOID
CalculateWireFromOldAndNewPasswords(
UCHAR *Vold,
UCHAR *Vnew,
UCHAR *Vc
);
/*++
*******************************************************************
EncryptLoginPassword
Routine Description:
Encrypts the password for login.
Arguments:
pPassword = The pointer to a plain text null terminated password.
ObjectId = The object id of the user to encrypt the password.
pLogKey = The pointer to key to use to encrpyt the password.
pEncryptedPassword = The pointer to return a 8 byte encrypted
password.
Return Value:
None.
*******************************************************************
--*/
void
EncryptLoginPassword(
unsigned char *pPassword,
unsigned long ObjectId,
unsigned char *pLogKey,
unsigned char *pEncryptedPassword
)
{
INT Index;
UCHAR achK[32];
UCHAR achBuf[32];
ADsAssert(pPassword);
/** The password must be upper case **/
pPassword = STRUPR(pPassword);
/** Encrypt the password **/
Shuffle((UCHAR *) &ObjectId, pPassword, STRLEN(pPassword), achBuf, FALSE);
Shuffle((UCHAR *) &pLogKey[0], achBuf, 16, &achK[0], FALSE);
Shuffle((UCHAR *) &pLogKey[4], achBuf, 16, &achK[16], FALSE);
for (Index = 0; Index < 16; Index++) {
achK[Index] ^= achK[31 - Index];
}
for (Index = 0; Index < 8; Index++) {
pEncryptedPassword[Index] = achK[Index] ^ achK[15 - Index];
}
return;
}
/*++
*******************************************************************
EncryptChangePassword
Routine Description:
This function encrypts for change passwords.
Arguments:
pOldPassword = The pointer to the old password.
pNewPassword = The pointer to the new password.
ObjectId = The object id to use to encrypt the password.
pKey = The challenge key from the server.
pValidationKey = The 8 byte validation key to return.
pEncryptNewPassword = The 17 byte encrypted new password to
return.
Return Value:
None.
*******************************************************************
--*/
VOID
EncryptChangePassword(
IN PUCHAR pOldPassword,
IN PUCHAR pNewPassword,
IN ULONG ObjectId,
IN PUCHAR pKey,
OUT PUCHAR pValidationKey,
OUT PUCHAR pEncryptNewPassword
)
{
UCHAR Vc[17];
UCHAR Vold[17];
UCHAR Vnew[17];
UCHAR ValidationKey[16];
UCHAR VcTemp[NUM_NYBBLES];
UCHAR VoldTemp[NUM_NYBBLES];
UCHAR VnewTemp[NUM_NYBBLES];
ADsAssert(pOldPassword);
ADsAssert(pNewPassword);
/** Uppercase the passwords **/
pOldPassword = STRUPR(pOldPassword);
pNewPassword = STRUPR(pNewPassword);
//
// The old password and object ID make up the 17-byte Vold.
// This is used later to form the 17-byte Vc for changing
// password on the server.
//
Shuffle((PUCHAR) &ObjectId, pOldPassword, STRLEN(pOldPassword), Vold, FALSE);
//
// Need to make an 8-byte key which includes the old password
// The server validates this value before allowing the user to
// set password.
//
RespondToChallengePart2(Vold, pKey, ValidationKey);
//
// Now determine Vold using the Change PW table rather than verify pw table
//
Shuffle((PUCHAR) &ObjectId, pOldPassword, STRLEN(pOldPassword), Vold, TRUE);
//
// The new password and object ID make up the 17-byte Vnew.
//
RespondToChallengePart1((PUCHAR) &ObjectId, pNewPassword, Vnew);
//
// Expand the 17-byte Vold and Vnew arrays into 34-byte arrays
// for easy munging.
//
ExpandBytes(Vold, VoldTemp);
ExpandBytes(Vnew, VnewTemp);
//
// leave first two bytes of VcTemp free... we slap in the value based
// on new password length in below.
//
CalculateWireFromOldAndNewPasswords( VoldTemp, VnewTemp, &VcTemp[2] );
//
// Compress 34-byte array of nibbles into 17-byte array of bytes.
//
CompressBytes(VcTemp, Vc);
//
// Calculate the 1st byte of Vc as a function of the new password length
// and the old password residue.
//
Vc[0] = ( ( ( Vold[0] ^ Vold[1] ) & 0x7F ) | 0x40 ) ^ STRLEN(pNewPassword);
memcpy(pValidationKey, ValidationKey, 8);
memcpy(pEncryptNewPassword, Vc, 17);
return;
}
/*++
*******************************************************************
Encryption table.
*******************************************************************
--*/
//
// This is the same as LoginTable, just in a slightly different format.
//
UCHAR ChangeTable[] = {
0x78, 0x08, 0x64, 0xe4, 0x5c, 0x17, 0xbf, 0xa8,
0xf8, 0xcc, 0x94, 0x1e, 0x46, 0x24, 0x0a, 0xb9,
0x2f, 0xb1, 0xd2, 0x19, 0x5e, 0x70, 0x02, 0x66,
0x07, 0x38, 0x29, 0x3f, 0x7f, 0xcf, 0x64, 0xa0,
0x23, 0xab, 0xd8, 0x3a, 0x17, 0xcf, 0x18, 0x9d,
0x91, 0x94, 0xe4, 0xc5, 0x5c, 0x8b, 0x23, 0x9e,
0x77, 0x69, 0xef, 0xc8, 0xd1, 0xa6, 0xed, 0x07,
0x7a, 0x01, 0xf5, 0x4b, 0x7b, 0xec, 0x95, 0xd1,
0xbd, 0x13, 0x5d, 0xe6, 0x30, 0xbb, 0xf3, 0x64,
0x9d, 0xa3, 0x14, 0x94, 0x83, 0xbe, 0x50, 0x52,
0xcb, 0xd5, 0xd5, 0xd2, 0xd9, 0xac, 0xa0, 0xb3,
0x53, 0x69, 0x51, 0xee, 0x0e, 0x82, 0xd2, 0x20,
0x4f, 0x85, 0x96, 0x86, 0xba, 0xbf, 0x07, 0x28,
0xc7, 0x3a, 0x14, 0x25, 0xf7, 0xac, 0xe5, 0x93,
0xe7, 0x12, 0xe1, 0xf4, 0xa6, 0xc6, 0xf4, 0x30,
0xc0, 0x36, 0xf8, 0x7b, 0x2d, 0xc6, 0xaa, 0x8d
};
UCHAR LoginTable[] = {
0x7,0x8,0x0,0x8,0x6,0x4,0xE,0x4,0x5,0xC,0x1,0x7,0xB,0xF,0xA,0x8,
0xF,0x8,0xC,0xC,0x9,0x4,0x1,0xE,0x4,0x6,0x2,0x4,0x0,0xA,0xB,0x9,
0x2,0xF,0xB,0x1,0xD,0x2,0x1,0x9,0x5,0xE,0x7,0x0,0x0,0x2,0x6,0x6,
0x0,0x7,0x3,0x8,0x2,0x9,0x3,0xF,0x7,0xF,0xC,0xF,0x6,0x4,0xA,0x0,
0x2,0x3,0xA,0xB,0xD,0x8,0x3,0xA,0x1,0x7,0xC,0xF,0x1,0x8,0x9,0xD,
0x9,0x1,0x9,0x4,0xE,0x4,0xC,0x5,0x5,0xC,0x8,0xB,0x2,0x3,0x9,0xE,
0x7,0x7,0x6,0x9,0xE,0xF,0xC,0x8,0xD,0x1,0xA,0x6,0xE,0xD,0x0,0x7,
0x7,0xA,0x0,0x1,0xF,0x5,0x4,0xB,0x7,0xB,0xE,0xC,0x9,0x5,0xD,0x1,
0xB,0xD,0x1,0x3,0x5,0xD,0xE,0x6,0x3,0x0,0xB,0xB,0xF,0x3,0x6,0x4,
0x9,0xD,0xA,0x3,0x1,0x4,0x9,0x4,0x8,0x3,0xB,0xE,0x5,0x0,0x5,0x2,
0xC,0xB,0xD,0x5,0xD,0x5,0xD,0x2,0xD,0x9,0xA,0xC,0xA,0x0,0xB,0x3,
0x5,0x3,0x6,0x9,0x5,0x1,0xE,0xE,0x0,0xE,0x8,0x2,0xD,0x2,0x2,0x0,
0x4,0xF,0x8,0x5,0x9,0x6,0x8,0x6,0xB,0xA,0xB,0xF,0x0,0x7,0x2,0x8,
0xC,0x7,0x3,0xA,0x1,0x4,0x2,0x5,0xF,0x7,0xA,0xC,0xE,0x5,0x9,0x3,
0xE,0x7,0x1,0x2,0xE,0x1,0xF,0x4,0xA,0x6,0xC,0x6,0xF,0x4,0x3,0x0,
0xC,0x0,0x3,0x6,0xF,0x8,0x7,0xB,0x2,0xD,0xC,0x6,0xA,0xA,0x8,0xD
};
UCHAR Keys[32] = {
0x48,0x93,0x46,0x67,0x98,0x3D,0xE6,0x8D,
0xB7,0x10,0x7A,0x26,0x5A,0xB9,0xB1,0x35,
0x6B,0x0F,0xD5,0x70,0xAE,0xFB,0xAD,0x11,
0xF4,0x47,0xDC,0xA7,0xEC,0xCF,0x50,0xC0
};
#define XorArray( DEST, SRC ) { \
PULONG D = (PULONG)DEST; \
PULONG S = (PULONG)SRC; \
int i; \
for ( i = 0; i <= 7 ; i++ ) { \
D[i] ^= S[i]; \
} \
}
/*++
*******************************************************************
RespondToChallengePart1
Routine Description:
This routine takes the ObjectId and Challenge key from the server
and encrypts the user supplied password to develop a credential
for the server to verify.
Arguments:
pObjectId - Supplies the 4 byte user's bindery object id
pPassword - Supplies the user's uppercased password
pChallenge - Supplies the 8 byte challenge key
pResponse - Returns the 16 byte response held by the server
Return Value:
None.
*******************************************************************
--*/
STATIC
VOID
RespondToChallengePart1(
IN PUCHAR pObjectId,
IN PUCHAR pPassword,
OUT PUCHAR pResponse
)
{
UCHAR achBuf[32];
Shuffle(pObjectId, pPassword, STRLEN(pPassword), achBuf, TRUE);
memcpy(pResponse, achBuf, 17);
return;
}
/*++
*******************************************************************
RespondToChallengePart2
Routine Description:
This routine takes the result of Shuffling the ObjectId and
the Password and processes it with a challenge key.
Arguments:
pResponsePart1 - Supplies the 16 byte output of
RespondToChallengePart1.
pChallenge - Supplies the 8 byte challenge key
pResponse - Returns the 8 byte response
Return Value:
None.
*******************************************************************
--*/
STATIC
VOID
RespondToChallengePart2(
IN PUCHAR pResponsePart1,
IN PUCHAR pChallenge,
OUT PUCHAR pResponse
)
{
int index;
UCHAR achK[32];
Shuffle( &pChallenge[0], pResponsePart1, 16, &achK[0], TRUE);
Shuffle( &pChallenge[4], pResponsePart1, 16, &achK[16], TRUE);
for (index = 0; index < 16; index++) {
achK[index] ^= achK[31-index];
}
for (index = 0; index < 8; index++) {
pResponse[index] = achK[index] ^ achK[15-index];
}
return;
}
/*++
*******************************************************************
Shuffle
Routine Description:
This routine shuffles around the object ID with the password
Arguments:
achObjectId - Supplies the 4 byte user's bindery object id
szUpperPassword - Supplies the user's uppercased password on the
first call to process the password. On the
second and third calls this parameter contains
the OutputBuffer from the first call
iPasswordLen - length of uppercased password
achOutputBuffer - Returns the 8 byte sub-calculation
Return Value:
None.
*******************************************************************
--*/
STATIC
VOID
Shuffle(
UCHAR *achObjectId,
UCHAR *szUpperPassword,
int iPasswordLen,
UCHAR *achOutputBuffer,
UCHAR ChangePassword
)
{
int iTempIndex;
int iOutputIndex;
UCHAR achTemp[32];
//
// Truncate all trailing zeros from the password.
//
while (iPasswordLen > 0 && szUpperPassword[iPasswordLen-1] == 0 ) {
iPasswordLen--;
}
//
// Initialize the achTemp buffer. Initialization consists of taking
// the password and dividing it up into chunks of 32. Any bytes left
// over are the remainder and do not go into the initialization.
//
// achTemp[0] = szUpperPassword[0] ^ szUpperPassword[32] ^ szUpper...
// achTemp[1] = szUpperPassword[1] ^ szUpperPassword[33] ^ szUpper...
// etc.
//
if ( iPasswordLen > 32) {
// At least one chunk of 32. Set the buffer to the first chunk.
memcpy( achTemp, szUpperPassword, 32 );
szUpperPassword += 32; // Remove the first chunk
iPasswordLen -= 32;
while ( iPasswordLen >= 32 ) {
//
// Xor this chunk with the characters already loaded into
// achTemp.
//
XorArray( achTemp, szUpperPassword);
szUpperPassword += 32; // Remove this chunk
iPasswordLen -= 32;
}
} else {
// No chunks of 32 so set the buffer to zero's
memset( achTemp, 0, sizeof(achTemp));
}
//
// achTemp is now initialized. Load the remainder into achTemp.
// The remainder is repeated to fill achTemp.
//
// The corresponding character from Keys is taken to seperate
// each repitition.
//
// As an example, take the remainder "ABCDEFG". The remainder is expanded
// to "ABCDEFGwABCDEFGxABCDEFGyABCDEFGz" where w is Keys[7],
// x is Keys[15], y is Keys[23] and z is Keys[31].
//
//
if (iPasswordLen > 0) {
int iPasswordOffset = 0;
for (iTempIndex = 0; iTempIndex < 32; iTempIndex++) {
if (iPasswordLen == iPasswordOffset) {
iPasswordOffset = 0;
achTemp[iTempIndex] ^= Keys[iTempIndex];
} else {
achTemp[iTempIndex] ^= szUpperPassword[iPasswordOffset++];
}
}
}
//
// achTemp has been loaded with the users password packed into 32
// bytes. Now take the objectid that came from the server and use
// that to munge every byte in achTemp.
//
for (iTempIndex = 0; iTempIndex < 32; iTempIndex++)
achTemp[iTempIndex] ^= achObjectId[ iTempIndex & 3];
Scramble( Scramble( 0, achTemp ), achTemp );
//
// Finally take pairs of bytes in achTemp and return the two
// nibbles obtained from Table. The pairs of bytes used
// are achTemp[n] and achTemp[n+16].
//
for (iOutputIndex = 0; iOutputIndex < 16; iOutputIndex++) {
if (ChangePassword) {
unsigned int offset = achTemp[iOutputIndex << 1],
shift = (offset & 0x1) ? 0 : 4 ;
achOutputBuffer[iOutputIndex] =
(ChangeTable[offset >> 1] >> shift) & 0xF ;
offset = achTemp[(iOutputIndex << 1)+1],
shift = (offset & 0x1) ? 4 : 0 ;
achOutputBuffer[iOutputIndex] |=
(ChangeTable[offset >> 1] << shift) & 0xF0;
} else {
achOutputBuffer[iOutputIndex] =
LoginTable[achTemp[iOutputIndex << 1]] |
(LoginTable[achTemp[(iOutputIndex << 1) + 1]] << 4);
}
}
return;
}
/*++
*******************************************************************
Scramble
Routine Description:
This routine scrambles around the contents of the buffer. Each
buffer position is updated to include the contents of at least
two character positions plus an EncryptKey value. The buffer
is processed left to right and so if a character position chooses
to merge with a buffer position to its left then this buffer
position will include bits derived from at least 3 bytes of
the original buffer contents.
Arguments:
iSeed =
achBuffer =
Return Value:
None.
*******************************************************************
--*/
STATIC
int
Scramble(
int iSeed,
UCHAR achBuffer[32]
)
{
int iBufferIndex;
for (iBufferIndex = 0; iBufferIndex < 32; iBufferIndex++) {
achBuffer[iBufferIndex] =
(UCHAR)(
((UCHAR)(achBuffer[iBufferIndex] + iSeed)) ^
((UCHAR)( achBuffer[(iBufferIndex+iSeed) & 31] -
Keys[iBufferIndex] )));
iSeed += achBuffer[iBufferIndex];
}
return iSeed;
}
//
// Takes a 17-byte array and makes a 34-byte array out of it by
// putting each nibble into the space of a byte.
//
STATIC
void
ExpandBytes(
IN PUCHAR InArray,
OUT PUCHAR OutArray
)
{
unsigned int i;
for (i = 0 ; i < (NUM_NYBBLES / 2); i++) {
OutArray[i * 2] = InArray[i] & 0x0f;
OutArray[(i * 2) + 1] = (InArray[i] & 0xf0) >> 4;
}
}
//
// Takes a 34-byte array and makes a 17-byte array out of it
// by combining the lower nibbles of two bytes into a byte.
//
STATIC
void
CompressBytes(
IN PUCHAR InArray,
OUT PUCHAR OutArray
)
{
unsigned int i;
for (i = 0; i < (NUM_NYBBLES / 2); i++) {
OutArray[i] = InArray[i * 2] | (InArray[i * 2 + 1] << 4);
}
}
#define N 0x10
typedef char entry_t;
entry_t pinv[N][N] = {
{ 0xF,0x8,0x5,0x7,0xC,0x2,0xE,0x9,0x0,0x1,0x6,0xD,0x3,0x4,0xB,0xA,},
{ 0x2,0xC,0xE,0x6,0xF,0x0,0x1,0x8,0xD,0x3,0xA,0x4,0x9,0xB,0x5,0x7,},
{ 0x5,0x2,0x9,0xF,0xC,0x4,0xD,0x0,0xE,0xA,0x6,0x8,0xB,0x1,0x3,0x7,},
{ 0xF,0xD,0x2,0x6,0x7,0x8,0x5,0x9,0x0,0x4,0xC,0x3,0x1,0xA,0xB,0xE,},
{ 0x5,0xE,0x2,0xB,0xD,0xA,0x7,0x0,0x8,0x6,0x4,0x1,0xF,0xC,0x3,0x9,},
{ 0x8,0x2,0xF,0xA,0x5,0x9,0x6,0xC,0x0,0xB,0x1,0xD,0x7,0x3,0x4,0xE,},
{ 0xE,0x8,0x0,0x9,0x4,0xB,0x2,0x7,0xC,0x3,0xA,0x5,0xD,0x1,0x6,0xF,},
{ 0x1,0x4,0x8,0xA,0xD,0xB,0x7,0xE,0x5,0xF,0x3,0x9,0x0,0x2,0x6,0xC,},
{ 0x5,0x3,0xC,0x8,0xB,0x2,0xE,0xA,0x4,0x1,0xD,0x0,0x6,0x7,0xF,0x9,},
{ 0x6,0x0,0xB,0xE,0xD,0x4,0xC,0xF,0x7,0x2,0x8,0xA,0x1,0x5,0x3,0x9,},
{ 0xB,0x5,0xA,0xE,0xF,0x1,0xC,0x0,0x6,0x4,0x2,0x9,0x3,0xD,0x7,0x8,},
{ 0x7,0x2,0xA,0x0,0xE,0x8,0xF,0x4,0xC,0xB,0x9,0x1,0x5,0xD,0x3,0x6,},
{ 0x7,0x4,0xF,0x9,0x5,0x1,0xC,0xB,0x0,0x3,0x8,0xE,0x2,0xA,0x6,0xD,},
{ 0x9,0x4,0x8,0x0,0xA,0x3,0x1,0xC,0x5,0xF,0x7,0x2,0xB,0xE,0x6,0xD,},
{ 0x9,0x5,0x4,0x7,0xE,0x8,0x3,0x1,0xD,0xB,0xC,0x2,0x0,0xF,0x6,0xA,},
{ 0x9,0xA,0xB,0xD,0x5,0x3,0xF,0x0,0x1,0xC,0x8,0x7,0x6,0x4,0xE,0x2,},
};
entry_t master_perm[] = {
0, 3, 0xe, 0xf, 9, 6, 0xa, 7, 0xc, 0xb, 1, 4, 5, 8, 2, 0xd,
};
entry_t key_sched[N][N];
entry_t perm_sched[N][N];
int InverseTableInitialized = 0;
void cipher_inv (
const entry_t *ctxt,
const entry_t *key,
entry_t *ptxt
)
{
int sc, r;
entry_t v;
for (sc = 0; sc < N; sc++) {
v = ctxt[sc];
for (r = N; --r >= 0; ) {
v ^= key[key_sched[sc][r]];
v = pinv[perm_sched[sc][r]][v];
}
ptxt[sc] = v;
}
}
#if 0
void swab_nybbles (
entry_t *vec
)
{
int i, j;
//
// swap all columns instead of calling this routine twice.
//
for (i = 0; i < (2 * N); i += 2) {
j = vec[i];
vec[i] = vec[i+1];
vec[i+1] = j;
}
}
#endif
VOID
CalculateWireFromOldAndNewPasswords(
UCHAR *Vold,
UCHAR *Vnew,
UCHAR *Vc
)
{
if (InverseTableInitialized == 0) {
UCHAR sc,r;
for (sc = 0; sc < N; sc++) {
key_sched[sc][N-1] = sc; /* terminal subkey */
key_sched[0][(N+ N-1 - master_perm[sc])%N] = (N+sc-master_perm[sc])%N;
}
for (sc = 1; sc < N; sc++) for (r = 0; r < N; r++) {
key_sched[sc][(r+master_perm[sc])%N] = (key_sched[0][r] + master_perm[sc]) % N;
}
for (sc = 0; sc < N; sc++) {
perm_sched[sc][N-1] = sc;
perm_sched[0][(N + N-1 - master_perm[sc])%N] = sc;
}
for (sc = 1; sc < N; sc++) for (r = 0; r < N; r++) {
perm_sched[sc][r] = perm_sched[0][(N+r-master_perm[sc])%N];
}
InverseTableInitialized = 1;
}
//
// already swapped coming in here... don't swap them again.
//
// swab_nybbles(Vold);
// swab_nybbles(Vnew);
cipher_inv( (entry_t *)(&Vnew[0]),
(entry_t *)(&Vold[0]),
(entry_t *)(&Vc[0]));
cipher_inv( (entry_t *)(&Vnew[16]),
(entry_t *)(&Vold[16]),
(entry_t *)(&Vc[16]));
// swab_nybbles(Vc);
return;
}