archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/nw/fpnw/client/encrypt.c

314 lines
8.5 KiB
Raw Normal View History

Add source files
4 years ago
  2. /*++
  4. Copyright (c) 1993 Microsoft Corporation
  6. Module Name:
  8. encrypt.c
  10. Abstract:
  12. This module implements the routines for the NetWare
  13. redirector to mangle an objectid, challenge key and
  14. password such that a NetWare server will accept the
  15. password as valid.
  17. This program uses information published in Byte Magazine.
  19. Author:
  21. Colin Watson [ColinW] 15-Mar-1993
  22. Andy Herron [AndyHe]
  24. Revision History:
  26. --*/
  29. #include <nt.h>
  30. #include <ntrtl.h>
  31. #include <nturtl.h>
  32. #include <windows.h>
  33. #include <nwsutil.h>
  34. #include <fpnwcomm.h>
  35. #include <usrprop.h>
  36. #include <crypt.h>
  38. UCHAR Table[] =
  39. {0x7,0x8,0x0,0x8,0x6,0x4,0xE,0x4,0x5,0xC,0x1,0x7,0xB,0xF,0xA,0x8,
  40. 0xF,0x8,0xC,0xC,0x9,0x4,0x1,0xE,0x4,0x6,0x2,0x4,0x0,0xA,0xB,0x9,
  41. 0x2,0xF,0xB,0x1,0xD,0x2,0x1,0x9,0x5,0xE,0x7,0x0,0x0,0x2,0x6,0x6,
  42. 0x0,0x7,0x3,0x8,0x2,0x9,0x3,0xF,0x7,0xF,0xC,0xF,0x6,0x4,0xA,0x0,
  43. 0x2,0x3,0xA,0xB,0xD,0x8,0x3,0xA,0x1,0x7,0xC,0xF,0x1,0x8,0x9,0xD,
  44. 0x9,0x1,0x9,0x4,0xE,0x4,0xC,0x5,0x5,0xC,0x8,0xB,0x2,0x3,0x9,0xE,
  45. 0x7,0x7,0x6,0x9,0xE,0xF,0xC,0x8,0xD,0x1,0xA,0x6,0xE,0xD,0x0,0x7,
  46. 0x7,0xA,0x0,0x1,0xF,0x5,0x4,0xB,0x7,0xB,0xE,0xC,0x9,0x5,0xD,0x1,
  47. 0xB,0xD,0x1,0x3,0x5,0xD,0xE,0x6,0x3,0x0,0xB,0xB,0xF,0x3,0x6,0x4,
  48. 0x9,0xD,0xA,0x3,0x1,0x4,0x9,0x4,0x8,0x3,0xB,0xE,0x5,0x0,0x5,0x2,
  49. 0xC,0xB,0xD,0x5,0xD,0x5,0xD,0x2,0xD,0x9,0xA,0xC,0xA,0x0,0xB,0x3,
  50. 0x5,0x3,0x6,0x9,0x5,0x1,0xE,0xE,0x0,0xE,0x8,0x2,0xD,0x2,0x2,0x0,
  51. 0x4,0xF,0x8,0x5,0x9,0x6,0x8,0x6,0xB,0xA,0xB,0xF,0x0,0x7,0x2,0x8,
  52. 0xC,0x7,0x3,0xA,0x1,0x4,0x2,0x5,0xF,0x7,0xA,0xC,0xE,0x5,0x9,0x3,
  53. 0xE,0x7,0x1,0x2,0xE,0x1,0xF,0x4,0xA,0x6,0xC,0x6,0xF,0x4,0x3,0x0,
  54. 0xC,0x0,0x3,0x6,0xF,0x8,0x7,0xB,0x2,0xD,0xC,0x6,0xA,0xA,0x8,0xD};
  56. UCHAR Keys[32] =
  57. {0x48,0x93,0x46,0x67,0x98,0x3D,0xE6,0x8D,
  58. 0xB7,0x10,0x7A,0x26,0x5A,0xB9,0xB1,0x35,
  59. 0x6B,0x0F,0xD5,0x70,0xAE,0xFB,0xAD,0x11,
  60. 0xF4,0x47,0xDC,0xA7,0xEC,0xCF,0x50,0xC0};
  62. #define XorArray( DEST, SRC ) { \
  63. PULONG D = (PULONG)DEST; \
  64. PULONG S = (PULONG)SRC; \
  65. int i; \
  66. for ( i = 0; i <= 7 ; i++ ) { \
  67. D[i] ^= S[i]; \
  68. } \
  69. }
  71. int
  72. Scramble(
  73. int iSeed,
  74. UCHAR achBuffer[32]
  75. );
  77. VOID
  78. Shuffle(
  79. UCHAR *achObjectId,
  80. UCHAR *szUpperPassword,
  81. int iPasswordLen,
  82. UCHAR *achOutputBuffer
  83. )
  85. /*++
  87. Routine Description:
  89. This routine shuffles around the object ID with the password
  91. Arguments:
  93. IN achObjectId - Supplies the 4 byte user's bindery object id
  95. IN szUpperPassword - Supplies the user's uppercased password on the
  96. first call to process the password. On the second and third calls
  97. this parameter contains the OutputBuffer from the first call
  99. IN iPasswordLen - length of uppercased password
  101. OUT achOutputBuffer - Returns the 8 byte sub-calculation
  103. Return Value:
  105. none.
  107. --*/
  109. {
  110. int iTempIndex;
  111. int iOutputIndex;
  112. UCHAR achTemp[32];
  114. //
  115. // Truncate all trailing zeros from the password.
  116. //
  118. while (iPasswordLen > 0 && szUpperPassword[iPasswordLen-1] == 0 ) {
  119. iPasswordLen--;
  120. }
  122. //
  123. // Initialize the achTemp buffer. Initialization consists of taking
  124. // the password and dividing it up into chunks of 32. Any bytes left
  125. // over are the remainder and do not go into the initialization.
  126. //
  127. // achTemp[0] = szUpperPassword[0] ^ szUpperPassword[32] ^ szUpper...
  128. // achTemp[1] = szUpperPassword[1] ^ szUpperPassword[33] ^ szUpper...
  129. // etc.
  130. //
  132. if ( iPasswordLen > 32) {
  134. // At least one chunk of 32. Set the buffer to the first chunk.
  136. RtlCopyMemory( achTemp, szUpperPassword, 32 );
  138. szUpperPassword +=32; // Remove the first chunk
  139. iPasswordLen -=32;
  141. while ( iPasswordLen >= 32 ) {
  142. //
  143. // Xor this chunk with the characters already loaded into
  144. // achTemp.
  145. //
  147. XorArray( achTemp, szUpperPassword);
  149. szUpperPassword +=32; // Remove this chunk
  150. iPasswordLen -=32;
  151. }
  153. } else {
  155. // No chunks of 32 so set the buffer to zero's
  157. RtlZeroMemory( achTemp, sizeof(achTemp));
  159. }
  161. //
  162. // achTemp is now initialized. Load the remainder into achTemp.
  163. // The remainder is repeated to fill achTemp.
  164. //
  165. // The corresponding character from Keys is taken to seperate
  166. // each repitition.
  167. //
  168. // As an example, take the remainder "ABCDEFG". The remainder is expanded
  169. // to "ABCDEFGwABCDEFGxABCDEFGyABCDEFGz" where w is Keys[7],
  170. // x is Keys[15], y is Keys[23] and z is Keys[31].
  171. //
  172. //
  174. if (iPasswordLen > 0) {
  175. int iPasswordOffset = 0;
  176. for (iTempIndex = 0; iTempIndex < 32; iTempIndex++) {
  178. if (iPasswordLen == iPasswordOffset) {
  179. iPasswordOffset = 0;
  180. achTemp[iTempIndex] ^= Keys[iTempIndex];
  181. } else {
  182. achTemp[iTempIndex] ^= szUpperPassword[iPasswordOffset++];
  183. }
  184. }
  185. }
  187. //
  188. // achTemp has been loaded with the users password packed into 32
  189. // bytes. Now take the objectid that came from the server and use
  190. // that to munge every byte in achTemp.
  191. //
  193. for (iTempIndex = 0; iTempIndex < 32; iTempIndex++)
  194. achTemp[iTempIndex] ^= achObjectId[ iTempIndex & 3];
  196. Scramble( Scramble( 0, achTemp ), achTemp );
  198. //
  199. // Finally take pairs of bytes in achTemp and return the two
  200. // nibbles obtained from Table. The pairs of bytes used
  201. // are achTemp[n] and achTemp[n+16].
  202. //
  204. for (iOutputIndex = 0; iOutputIndex < 16; iOutputIndex++) {
  206. achOutputBuffer[iOutputIndex] =
  207. Table[achTemp[iOutputIndex << 1]] |
  208. (Table[achTemp[(iOutputIndex << 1) + 1]] << 4);
  209. }
  211. return;
  212. }
  214. int
  215. Scramble(
  216. int iSeed,
  217. UCHAR achBuffer[32]
  218. )
  220. /*++
  222. Routine Description:
  224. This routine scrambles around the contents of the buffer. Each buffer
  225. position is updated to include the contents of at least two character
  226. positions plus an EncryptKey value. The buffer is processed left to right
  227. and so if a character position chooses to merge with a buffer position
  228. to its left then this buffer position will include bits derived from at
  229. least 3 bytes of the original buffer contents.
  231. Arguments:
  233. IN iSeed
  234. IN OUT achBuffer[32]
  236. Return Value:
  238. none.
  240. --*/
  242. {
  243. int iBufferIndex;
  245. for (iBufferIndex = 0; iBufferIndex < 32; iBufferIndex++) {
  246. achBuffer[iBufferIndex] =
  247. (UCHAR)(
  248. ((UCHAR)(achBuffer[iBufferIndex] + iSeed)) ^
  249. ((UCHAR)( achBuffer[(iBufferIndex+iSeed) & 31] -
  250. Keys[iBufferIndex] )));
  252. iSeed += achBuffer[iBufferIndex];
  253. }
  254. return iSeed;
  255. }
  257. NTSTATUS
  258. ReturnNetwareForm(
  259. const char * pszSecretValue,
  260. DWORD dwUserId,
  261. const WCHAR * pchNWPassword,
  262. UCHAR * pchEncryptedNWPassword
  263. )
  265. /*++
  267. Routine Description:
  269. This routine takes the ObjectId and encrypts it with the user
  270. supplied password to develop a credential for the intermediate form.
  272. Arguments:
  273. DWORD dwUserId - Supplies the 4 byte user's object id
  274. const WCHAR * pchNWPassword - Supplies the user's password
  276. UCHAR * pchEncryptedNWPassword - 16 characters where the result goes.
  278. Return Value:
  280. none.
  282. --*/
  284. {
  285. DWORD dwStatus;
  286. DWORD chObjectId = SWAP_OBJECT_ID (dwUserId);
  287. UNICODE_STRING uniNWPassword;
  288. OEM_STRING oemNWPassword;
  290. //
  291. // shuffle actually uses 32 bytes, not just 16. It only returns 16 though.
  292. //
  294. UCHAR pszShuffledNWPassword[NT_OWF_PASSWORD_LENGTH * 2];
  296. uniNWPassword.Buffer = (WCHAR *) pchNWPassword;
  297. uniNWPassword.Length = (USHORT)(lstrlenW (pchNWPassword)*sizeof(WCHAR));
  298. uniNWPassword.MaximumLength = uniNWPassword.Length;
  300. if ((dwStatus = RtlUpcaseUnicodeStringToOemString (&oemNWPassword,
  301. &uniNWPassword,
  302. TRUE)) == STATUS_SUCCESS)
  303. {
  304. Shuffle((UCHAR *) &chObjectId, oemNWPassword.Buffer, oemNWPassword.Length, pszShuffledNWPassword);
  306. // Encrypt with LSA secret.
  307. dwStatus = RtlEncryptNtOwfPwdWithUserKey(
  308. (PNT_OWF_PASSWORD) pszShuffledNWPassword,
  309. (PUSER_SESSION_KEY) pszSecretValue,
  310. (PENCRYPTED_NT_OWF_PASSWORD) pchEncryptedNWPassword);
  311. }
  313. return (dwStatus);
  314. }