archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/nw/rdr/encrypt.c

322 lines
8.1 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1993 Microsoft Corporation
  5. Module Name:
  7. encrypt.c
  9. Abstract:
  11. This module implements the routines for the NetWare
  12. redirector to mangle an objectid, challenge key and
  13. password such that a NetWare server will accept the
  14. password as valid.
  16. This program uses information published in Byte Magazine.
  18. Author:
  20. Colin Watson [ColinW] 15-Mar-1993
  22. Revision History:
  24. --*/
  26. #include <procs.h>
  29. UCHAR Table[] = {
  30. 0x78, 0x08, 0x64, 0xe4, 0x5c, 0x17, 0xbf, 0xa8,
  31. 0xf8, 0xcc, 0x94, 0x1e, 0x46, 0x24, 0x0a, 0xb9,
  32. 0x2f, 0xb1, 0xd2, 0x19, 0x5e, 0x70, 0x02, 0x66,
  33. 0x07, 0x38, 0x29, 0x3f, 0x7f, 0xcf, 0x64, 0xa0,
  34. 0x23, 0xab, 0xd8, 0x3a, 0x17, 0xcf, 0x18, 0x9d,
  35. 0x91, 0x94, 0xe4, 0xc5, 0x5c, 0x8b, 0x23, 0x9e,
  36. 0x77, 0x69, 0xef, 0xc8, 0xd1, 0xa6, 0xed, 0x07,
  37. 0x7a, 0x01, 0xf5, 0x4b, 0x7b, 0xec, 0x95, 0xd1,
  38. 0xbd, 0x13, 0x5d, 0xe6, 0x30, 0xbb, 0xf3, 0x64,
  39. 0x9d, 0xa3, 0x14, 0x94, 0x83, 0xbe, 0x50, 0x52,
  40. 0xcb, 0xd5, 0xd5, 0xd2, 0xd9, 0xac, 0xa0, 0xb3,
  41. 0x53, 0x69, 0x51, 0xee, 0x0e, 0x82, 0xd2, 0x20,
  42. 0x4f, 0x85, 0x96, 0x86, 0xba, 0xbf, 0x07, 0x28,
  43. 0xc7, 0x3a, 0x14, 0x25, 0xf7, 0xac, 0xe5, 0x93,
  44. 0xe7, 0x12, 0xe1, 0xf4, 0xa6, 0xc6, 0xf4, 0x30,
  45. 0xc0, 0x36, 0xf8, 0x7b, 0x2d, 0xc6, 0xaa, 0x8d } ;
  48. UCHAR Keys[32] =
  49. {0x48,0x93,0x46,0x67,0x98,0x3D,0xE6,0x8D,
  50. 0xB7,0x10,0x7A,0x26,0x5A,0xB9,0xB1,0x35,
  51. 0x6B,0x0F,0xD5,0x70,0xAE,0xFB,0xAD,0x11,
  52. 0xF4,0x47,0xDC,0xA7,0xEC,0xCF,0x50,0xC0};
  54. #define XorArray( DEST, SRC ) { \
  55. PULONG D = (PULONG)DEST; \
  56. PULONG S = (PULONG)SRC; \
  57. int i; \
  58. for ( i = 0; i <= 7 ; i++ ) { \
  59. D[i] ^= S[i]; \
  60. } \
  61. }
  63. VOID
  64. Shuffle(
  65. UCHAR *achObjectId,
  66. UCHAR *szUpperPassword,
  67. int iPasswordLen,
  68. UCHAR *achOutputBuffer
  69. );
  71. int
  72. Scramble(
  73. int iSeed,
  74. UCHAR achBuffer[32]
  75. );
  77. #ifdef ALLOC_PRAGMA
  78. #pragma alloc_text( PAGE, RespondToChallenge )
  79. #pragma alloc_text( PAGE, Shuffle )
  80. #pragma alloc_text( PAGE, Scramble )
  81. #endif
  84. VOID
  85. RespondToChallenge(
  86. IN PUCHAR achObjectId,
  87. IN POEM_STRING Password,
  88. IN PUCHAR pChallenge,
  89. OUT PUCHAR pResponse
  90. )
  92. /*++
  94. Routine Description:
  96. This routine takes the ObjectId and Challenge key from the server and
  97. encrypts the user supplied password to develop a credential for the
  98. server to verify.
  100. Arguments:
  101. IN PUCHAR achObjectId - Supplies the 4 byte user's bindery object id
  102. IN POEM_STRING Password - Supplies the user's uppercased password
  103. IN PUCHAR pChallenge - Supplies the 8 byte challenge key
  104. OUT PUCHAR pResponse - Returns the 8 byte response
  106. Return Value:
  108. none.
  110. --*/
  112. {
  113. int index;
  114. UCHAR achK[32];
  115. UCHAR achBuf[32];
  117. PAGED_CODE();
  119. Shuffle(achObjectId, Password->Buffer, Password->Length, achBuf);
  120. Shuffle( &pChallenge[0], achBuf, 16, &achK[0] );
  121. Shuffle( &pChallenge[4], achBuf, 16, &achK[16] );
  123. for (index = 0; index < 16; index++)
  124. achK[index] ^= achK[31-index];
  126. for (index = 0; index < 8; index++)
  127. pResponse[index] = achK[index] ^ achK[15-index];
  128. }
  131. VOID
  132. Shuffle(
  133. UCHAR *achObjectId,
  134. UCHAR *szUpperPassword,
  135. int iPasswordLen,
  136. UCHAR *achOutputBuffer
  137. )
  139. /*++
  141. Routine Description:
  143. This routine shuffles around the object ID with the password
  145. Arguments:
  147. IN achObjectId - Supplies the 4 byte user's bindery object id
  149. IN szUpperPassword - Supplies the user's uppercased password on the
  150. first call to process the password. On the second and third calls
  151. this parameter contains the OutputBuffer from the first call
  153. IN iPasswordLen - length of uppercased password
  155. OUT achOutputBuffer - Returns the 8 byte sub-calculation
  157. Return Value:
  159. none.
  161. --*/
  163. {
  164. int iTempIndex;
  165. int iOutputIndex;
  166. UCHAR achTemp[32];
  168. PAGED_CODE();
  170. //
  171. // Truncate all trailing zeros from the password.
  172. //
  174. while (iPasswordLen > 0 && szUpperPassword[iPasswordLen-1] == 0 ) {
  175. iPasswordLen--;
  176. }
  178. //
  179. // Initialize the achTemp buffer. Initialization consists of taking
  180. // the password and dividing it up into chunks of 32. Any bytes left
  181. // over are the remainder and do not go into the initialization.
  182. //
  183. // achTemp[0] = szUpperPassword[0] ^ szUpperPassword[32] ^ szUpper...
  184. // achTemp[1] = szUpperPassword[1] ^ szUpperPassword[33] ^ szUpper...
  185. // etc.
  186. //
  188. if ( iPasswordLen > 32) {
  190. // At least one chunk of 32. Set the buffer to the first chunk.
  192. RtlCopyMemory( achTemp, szUpperPassword, 32 );
  194. szUpperPassword +=32; // Remove the first chunk
  195. iPasswordLen -=32;
  197. while ( iPasswordLen >= 32 ) {
  198. //
  199. // Xor this chunk with the characters already loaded into
  200. // achTemp.
  201. //
  203. XorArray( achTemp, szUpperPassword);
  205. szUpperPassword +=32; // Remove this chunk
  206. iPasswordLen -=32;
  207. }
  209. } else {
  211. // No chunks of 32 so set the buffer to zero's
  213. RtlZeroMemory( achTemp, sizeof(achTemp));
  215. }
  217. //
  218. // achTemp is now initialized. Load the remainder into achTemp.
  219. // The remainder is repeated to fill achTemp.
  220. //
  221. // The corresponding character from Keys is taken to seperate
  222. // each repitition.
  223. //
  224. // As an example, take the remainder "ABCDEFG". The remainder is expanded
  225. // to "ABCDEFGwABCDEFGxABCDEFGyABCDEFGz" where w is Keys[7],
  226. // x is Keys[15], y is Keys[23] and z is Keys[31].
  227. //
  228. //
  230. if (iPasswordLen > 0) {
  231. int iPasswordOffset = 0;
  232. for (iTempIndex = 0; iTempIndex < 32; iTempIndex++) {
  234. if (iPasswordLen == iPasswordOffset) {
  235. iPasswordOffset = 0;
  236. achTemp[iTempIndex] ^= Keys[iTempIndex];
  237. } else {
  238. achTemp[iTempIndex] ^= szUpperPassword[iPasswordOffset++];
  239. }
  240. }
  241. }
  243. //
  244. // achTemp has been loaded with the users password packed into 32
  245. // bytes. Now take the objectid that came from the server and use
  246. // that to munge every byte in achTemp.
  247. //
  249. for (iTempIndex = 0; iTempIndex < 32; iTempIndex++)
  250. achTemp[iTempIndex] ^= achObjectId[ iTempIndex & 3];
  252. Scramble( Scramble( 0, achTemp ), achTemp );
  254. //
  255. // Finally take pairs of bytes in achTemp and return the two
  256. // nibbles obtained from Table. The pairs of bytes used
  257. // are achTemp[n] and achTemp[n+16].
  258. //
  260. for (iOutputIndex = 0; iOutputIndex < 16; iOutputIndex++) {
  262. unsigned int offset = achTemp[iOutputIndex << 1],
  263. shift = (offset & 0x1) ? 0 : 4 ;
  265. achOutputBuffer[iOutputIndex] =
  266. (Table[offset >> 1] >> shift) & 0xF ;
  268. offset = achTemp[(iOutputIndex << 1)+1],
  269. shift = (offset & 0x1) ? 4 : 0 ;
  271. achOutputBuffer[iOutputIndex] |=
  272. (Table[offset >> 1] << shift) & 0xF0;
  273. }
  275. return;
  276. }
  278. int
  279. Scramble(
  280. int iSeed,
  281. UCHAR achBuffer[32]
  282. )
  284. /*++
  286. Routine Description:
  288. This routine scrambles around the contents of the buffer. Each buffer
  289. position is updated to include the contents of at least two character
  290. positions plus an EncryptKey value. The buffer is processed left to right
  291. and so if a character position chooses to merge with a buffer position
  292. to its left then this buffer position will include bits derived from at
  293. least 3 bytes of the original buffer contents.
  295. Arguments:
  297. IN iSeed
  298. IN OUT achBuffer[32]
  300. Return Value:
  302. none.
  304. --*/
  306. {
  307. int iBufferIndex;
  309. PAGED_CODE();
  311. for (iBufferIndex = 0; iBufferIndex < 32; iBufferIndex++) {
  312. achBuffer[iBufferIndex] =
  313. (UCHAR)(
  314. ((UCHAR)(achBuffer[iBufferIndex] + iSeed)) ^
  315. ((UCHAR)( achBuffer[(iBufferIndex+iSeed) & 31] -
  316. Keys[iBufferIndex] )));
  318. iSeed += achBuffer[iBufferIndex];
  319. }
  320. return iSeed;
  321. }
  323.