archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/admt/common/include/admtcrypt.h

277 lines
6.0 KiB
Raw Normal View History

Add source files
4 years ago
  1. #pragma once
  3. #include <TChar.h>
  4. #include <Windows.h>
  5. #include <WinCrypt.h>
  6. #include <ComDef.h>
  9. #define ENCRYPTION_KEY_SIZE 16 // in bytes
  10. #define SESSION_KEY_SIZE 16 // in bytes
  13. //---------------------------------------------------------------------------
  14. // Crypt Provider Class
  15. //---------------------------------------------------------------------------
  17. class CCryptProvider
  18. {
  19. public:
  21. CCryptProvider();
  22. CCryptProvider(const CCryptProvider& r);
  23. ~CCryptProvider();
  25. CCryptProvider& operator =(const CCryptProvider& r);
  27. HCRYPTHASH CreateHash(ALG_ID aid);
  28. HCRYPTKEY DeriveKey(ALG_ID aid, HCRYPTHASH hHash, DWORD dwFlags = 0);
  30. _variant_t GenerateRandom(DWORD cbData) const;
  31. void GenerateRandom(BYTE* pbData, DWORD cbData) const;
  33. protected:
  35. HCRYPTPROV m_hProvider;
  36. };
  39. //---------------------------------------------------------------------------
  40. // Crypt Key Class
  41. //---------------------------------------------------------------------------
  43. class CCryptKey
  44. {
  45. public:
  47. CCryptKey(HCRYPTKEY hKey = NULL);
  48. ~CCryptKey();
  50. operator HCRYPTKEY()
  51. {
  52. return m_hKey;
  53. }
  55. void Attach(HCRYPTKEY hKey)
  56. {
  57. m_hKey = hKey;
  58. }
  60. HCRYPTKEY Detach()
  61. {
  62. HCRYPTKEY hKey = m_hKey;
  63. m_hKey = NULL;
  64. return hKey;
  65. }
  67. _variant_t Encrypt(HCRYPTHASH hHash, bool bFinal, const _variant_t& vntData);
  68. _variant_t Decrypt(HCRYPTHASH hHash, bool bFinal, const _variant_t& vntData);
  70. protected:
  72. CCryptKey(const CCryptKey& key) {}
  73. CCryptKey& operator =(const CCryptKey& key) { return *this; }
  75. protected:
  77. HCRYPTKEY m_hKey;
  78. };
  81. //---------------------------------------------------------------------------
  82. // Crypt Hash Class
  83. //---------------------------------------------------------------------------
  85. class CCryptHash
  86. {
  87. public:
  89. CCryptHash(HCRYPTHASH hHash = NULL);
  90. ~CCryptHash();
  92. operator HCRYPTHASH()
  93. {
  94. return m_hHash;
  95. }
  97. void Attach(HCRYPTHASH hHash)
  98. {
  99. m_hHash = hHash;
  100. }
  102. HCRYPTKEY Detach()
  103. {
  104. HCRYPTKEY hHash = m_hHash;
  105. m_hHash = NULL;
  106. return hHash;
  107. }
  109. _variant_t GetValue() const;
  110. void SetValue(const _variant_t& vntValue);
  112. void Hash(LPCTSTR pszData);
  113. void Hash(const _variant_t& vntData);
  114. void Hash(BYTE* pbData, DWORD cbData);
  116. bool operator ==(const CCryptHash& hash);
  118. bool operator !=(const CCryptHash& hash)
  119. {
  120. return !this->operator ==(hash);
  121. }
  123. protected:
  125. CCryptHash(const CCryptKey& hash) {}
  126. CCryptHash& operator =(const CCryptHash& hash) { return *this; }
  128. protected:
  130. HCRYPTHASH m_hHash;
  131. };
  134. //---------------------------------------------------------------------------
  135. // Domain Crypt Class
  136. //---------------------------------------------------------------------------
  138. class CDomainCrypt : public CCryptProvider
  139. {
  140. protected:
  142. CDomainCrypt();
  143. ~CDomainCrypt();
  145. HCRYPTKEY GetEncryptionKey(LPCTSTR pszKeyId);
  147. void StoreBytes(LPCTSTR pszId, const _variant_t& vntBytes);
  148. void StoreBytes(LPCTSTR pszId, BYTE* pBytes, DWORD cBytes);
  149. _variant_t RetrieveBytes(LPCTSTR pszId);
  151. protected:
  153. static _TCHAR m_szIdPrefix[];
  154. };
  157. //---------------------------------------------------------------------------
  158. // Target Crypt Class
  159. //
  160. // CreateEncryptionKey
  161. // - creates encryption key
  162. // - stores encryption key using key identifier
  163. // - returns encryption key encrypted with given password
  164. //---------------------------------------------------------------------------
  166. class CTargetCrypt : public CDomainCrypt
  167. {
  168. public:
  170. CTargetCrypt();
  171. ~CTargetCrypt();
  173. _variant_t CreateEncryptionKey(LPCTSTR pszKeyId, LPCTSTR pszPassword = NULL);
  175. _variant_t CreateSession(LPCTSTR pszKeyId);
  177. _variant_t Encrypt(_bstr_t strData);
  179. protected:
  181. void StoreBytes(LPCTSTR pszId, const _variant_t& vntBytes)
  182. {
  183. LPTSTR psz = (LPTSTR) _alloca((_tcslen(m_szIdPrefix) + 1 + _tcslen(pszId) + 1) * sizeof(_TCHAR));
  185. _tcscpy(psz, m_szIdPrefix);
  186. _tcscat(psz, _T("_"));
  187. _tcscat(psz, pszId);
  189. CDomainCrypt::StoreBytes(psz, vntBytes);
  190. }
  192. _variant_t RetrieveBytes(LPCTSTR pszId)
  193. {
  194. LPTSTR psz = (LPTSTR) _alloca((_tcslen(m_szIdPrefix) + 1 + _tcslen(pszId) + 1) * sizeof(_TCHAR));
  196. _tcscpy(psz, m_szIdPrefix);
  197. _tcscat(psz, _T("_"));
  198. _tcscat(psz, pszId);
  200. return CDomainCrypt::RetrieveBytes(psz);
  201. }
  203. protected:
  205. CCryptKey m_keySession;
  206. };
  209. //---------------------------------------------------------------------------
  210. // Source Crypt Class
  211. //---------------------------------------------------------------------------
  213. class CSourceCrypt : public CDomainCrypt
  214. {
  215. public:
  217. CSourceCrypt();
  218. ~CSourceCrypt();
  220. void ImportEncryptionKey(const _variant_t& vntEncryptedKey, LPCTSTR pszPassword = NULL);
  222. void ImportSessionKey(const _variant_t& vntEncryptedKey);
  224. _bstr_t Decrypt(const _variant_t& vntData);
  226. protected:
  228. CCryptKey m_keySession;
  229. };
  232. //---------------------------------------------------------------------------
  233. // Use Cases
  234. //---------------------------------------------------------------------------
  235. //
  236. // Target Domain Controller
  237. // ------------------------
  238. // Generate Encryption Key
  239. // - given source domain name and optional password
  240. // - generate 128 bit encryption key
  241. // - store encryption key using source domain name
  242. // - if given optional password encrypt key with password
  243. // - return encrypted key
  244. //
  245. // Generate Session Key
  246. // - given source domain name
  247. // - generate 128 bit session key
  248. // - generate hash of session key
  249. // - retrieve encryption key using source domain name
  250. // - encrypt session key and hash with encryption key
  251. // - return encrypted session key/hash
  252. //
  253. // Encrypt Data
  254. // - given data
  255. // - encrypt data using session key
  256. // - return encrypted data
  257. //
  258. // Password Export Server (PES)
  259. // ----------------------------
  260. // Store Encryption Key
  261. // - given encrypted encryption key and password
  262. // - decrypt key using password
  263. // - store key
  264. //
  265. // Decrypt Session Key
  266. // - given an encrypted session key / hash
  267. // - decrypt using encryption key
  268. // - generate hash of decrypted session key
  269. // - compare against decrypted hash
  270. // - store session key
  271. // - return success or failure
  272. //
  273. // Decrypt Data
  274. // - given encrypted data
  275. // - decrypt data using session key
  276. // - return un-encrypted data
  277. //---------------------------------------------------------------------------