archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/published/inc/crypt.w

677 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++ BUILD Version: 0001 // Increment this if a change has global effects
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. crypt.h
  9. Abstract:
  11. This module contains the public data structures and API definitions
  12. needed to utilize the encryption library
  15. Author:
  17. David Chalmers (Davidc) 21-October-1991
  19. Revision History:
  21. Scott Field (SField) 09-October-2000
  22. Add RNG and Memory encryption interfaces
  24. --*/
  27. #ifndef _NTCRYPT_
  28. #define _NTCRYPT_
  30. #ifndef MIDL_PASS // Don't confuse MIDL
  32. #ifndef RPC_NO_WINDOWS_H // Don't let rpc.h include windows.h
  33. #define RPC_NO_WINDOWS_H
  34. #endif // RPC_NO_WINDOWS_H
  36. #include <rpc.h>
  37. #endif // MIDL_PASS
  39. #ifdef __cplusplus
  40. extern "C" {
  41. #endif
  43. /////////////////////////////////////////////////////////////////////////
  44. // //
  45. // Core encryption types //
  46. // //
  47. /////////////////////////////////////////////////////////////////////////
  49. // begin_ntsubauth
  51. #define CLEAR_BLOCK_LENGTH 8
  53. typedef struct _CLEAR_BLOCK {
  54. CHAR data[CLEAR_BLOCK_LENGTH];
  55. } CLEAR_BLOCK;
  56. typedef CLEAR_BLOCK * PCLEAR_BLOCK;
  58. #define CYPHER_BLOCK_LENGTH 8
  60. typedef struct _CYPHER_BLOCK {
  61. CHAR data[CYPHER_BLOCK_LENGTH];
  62. } CYPHER_BLOCK;
  63. typedef CYPHER_BLOCK * PCYPHER_BLOCK;
  64. // end_ntsubauth
  66. #define BLOCK_KEY_LENGTH 7
  68. typedef struct _BLOCK_KEY {
  69. CHAR data[BLOCK_KEY_LENGTH];
  70. } BLOCK_KEY;
  71. typedef BLOCK_KEY * PBLOCK_KEY;
  76. /////////////////////////////////////////////////////////////////////////
  77. // //
  78. // Arbitrary length data encryption types //
  79. // //
  80. /////////////////////////////////////////////////////////////////////////
  82. typedef struct _CRYPT_BUFFER {
  83. ULONG Length; // Number of valid bytes in buffer
  84. ULONG MaximumLength; // Number of bytes pointed to by Buffer
  85. PVOID Buffer;
  86. } CRYPT_BUFFER;
  87. typedef CRYPT_BUFFER * PCRYPT_BUFFER;
  89. typedef CRYPT_BUFFER CLEAR_DATA;
  90. typedef CLEAR_DATA * PCLEAR_DATA;
  92. typedef CRYPT_BUFFER DATA_KEY;
  93. typedef DATA_KEY * PDATA_KEY;
  95. typedef CRYPT_BUFFER CYPHER_DATA;
  96. typedef CYPHER_DATA * PCYPHER_DATA;
  100. /////////////////////////////////////////////////////////////////////////
  101. // //
  102. // Lan Manager data types //
  103. // //
  104. /////////////////////////////////////////////////////////////////////////
  107. //
  108. // Define a LanManager compatible password
  109. //
  110. // A LanManager password is a null-terminated ansi string consisting of a
  111. // maximum of 14 characters (not including terminator)
  112. //
  114. typedef CHAR * PLM_PASSWORD;
  118. //
  119. // Define the result of the 'One Way Function' (OWF) on a LM password
  120. //
  122. #define LM_OWF_PASSWORD_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  124. // begin_ntsubauth
  125. typedef struct _LM_OWF_PASSWORD {
  126. CYPHER_BLOCK data[2];
  127. } LM_OWF_PASSWORD;
  128. typedef LM_OWF_PASSWORD * PLM_OWF_PASSWORD;
  129. // end_ntsubauth
  133. //
  134. // Define the challenge sent by the Lanman server during logon
  135. //
  137. #define LM_CHALLENGE_LENGTH CLEAR_BLOCK_LENGTH
  139. // begin_ntsubauth
  140. typedef CLEAR_BLOCK LM_CHALLENGE;
  141. typedef LM_CHALLENGE * PLM_CHALLENGE;
  142. // end_ntsubauth
  146. //
  147. // Define the response sent by redirector in response to challenge from server
  148. //
  150. #define LM_RESPONSE_LENGTH (CYPHER_BLOCK_LENGTH * 3)
  152. typedef struct _LM_RESPONSE {
  153. CYPHER_BLOCK data[3];
  154. } LM_RESPONSE;
  155. typedef LM_RESPONSE * PLM_RESPONSE;
  159. //
  160. // Define the result of the reversible encryption of an OWF'ed password.
  161. //
  163. #define ENCRYPTED_LM_OWF_PASSWORD_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  165. typedef struct _ENCRYPTED_LM_OWF_PASSWORD {
  166. CYPHER_BLOCK data[2];
  167. } ENCRYPTED_LM_OWF_PASSWORD;
  168. typedef ENCRYPTED_LM_OWF_PASSWORD * PENCRYPTED_LM_OWF_PASSWORD;
  172. //
  173. // Define the session key maintained by the redirector and server
  174. //
  176. #define LM_SESSION_KEY_LENGTH LM_CHALLENGE_LENGTH
  178. typedef LM_CHALLENGE LM_SESSION_KEY;
  179. typedef LM_SESSION_KEY * PLM_SESSION_KEY;
  183. //
  184. // Define the index type used to encrypt OWF Passwords
  185. //
  187. typedef LONG CRYPT_INDEX;
  188. typedef CRYPT_INDEX * PCRYPT_INDEX;
  192. /////////////////////////////////////////////////////////////////////////
  193. // //
  194. // 'NT' encryption types that are used to duplicate existing LM //
  195. // functionality with improved algorithms. //
  196. // //
  197. /////////////////////////////////////////////////////////////////////////
  200. typedef UNICODE_STRING NT_PASSWORD;
  201. typedef NT_PASSWORD * PNT_PASSWORD;
  204. #define NT_OWF_PASSWORD_LENGTH LM_OWF_PASSWORD_LENGTH
  206. // begin_ntsubauth
  207. typedef LM_OWF_PASSWORD NT_OWF_PASSWORD;
  208. typedef NT_OWF_PASSWORD * PNT_OWF_PASSWORD;
  209. // end_ntsubauth
  212. #define NT_CHALLENGE_LENGTH LM_CHALLENGE_LENGTH
  214. // begin_ntsubauth
  215. typedef LM_CHALLENGE NT_CHALLENGE;
  216. typedef NT_CHALLENGE * PNT_CHALLENGE;
  217. // end_ntsubauth
  220. #define NT_RESPONSE_LENGTH LM_RESPONSE_LENGTH
  222. typedef LM_RESPONSE NT_RESPONSE;
  223. typedef NT_RESPONSE * PNT_RESPONSE;
  226. #define ENCRYPTED_NT_OWF_PASSWORD_LENGTH ENCRYPTED_LM_OWF_PASSWORD_LENGTH
  228. typedef ENCRYPTED_LM_OWF_PASSWORD ENCRYPTED_NT_OWF_PASSWORD;
  229. typedef ENCRYPTED_NT_OWF_PASSWORD * PENCRYPTED_NT_OWF_PASSWORD;
  232. #define NT_SESSION_KEY_LENGTH LM_SESSION_KEY_LENGTH
  234. typedef LM_SESSION_KEY NT_SESSION_KEY;
  235. typedef NT_SESSION_KEY * PNT_SESSION_KEY;
  239. /////////////////////////////////////////////////////////////////////////
  240. // //
  241. // 'NT' encryption types for new functionality not present in LM //
  242. // //
  243. /////////////////////////////////////////////////////////////////////////
  246. //
  247. // The user session key is similar to the LM and NT session key except it
  248. // is different for each user on the system. This allows it to be used
  249. // for secure user communication with a server.
  250. //
  251. // begin_ntsubauth
  252. #define USER_SESSION_KEY_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  254. typedef struct _USER_SESSION_KEY {
  255. CYPHER_BLOCK data[2];
  256. } USER_SESSION_KEY;
  257. typedef USER_SESSION_KEY * PUSER_SESSION_KEY;
  258. // end_ntsubauth
  261. ////////////////////////////////////////////////////////////////////////////
  262. // //
  263. // Encryption library API macros //
  264. // //
  265. // To conceal the purpose of these functions to someone dumping out the //
  266. // encryption dll they have been purposefully given unhelpful names. //
  267. // Each has an associated macro that should be used by system components //
  268. // to access these routines in a readable way. //
  269. // //
  270. ////////////////////////////////////////////////////////////////////////////
  272. #define RtlEncryptBlock SystemFunction001
  273. #define RtlDecryptBlock SystemFunction002
  274. #define RtlEncryptStdBlock SystemFunction003
  275. #define RtlEncryptData SystemFunction004
  276. #define RtlDecryptData SystemFunction005
  277. #define RtlCalculateLmOwfPassword SystemFunction006
  278. #define RtlCalculateNtOwfPassword SystemFunction007
  279. #define RtlCalculateLmResponse SystemFunction008
  280. #define RtlCalculateNtResponse SystemFunction009
  281. #define RtlCalculateUserSessionKeyLm SystemFunction010
  282. #define RtlCalculateUserSessionKeyNt SystemFunction011
  283. #define RtlEncryptLmOwfPwdWithLmOwfPwd SystemFunction012
  284. #define RtlDecryptLmOwfPwdWithLmOwfPwd SystemFunction013
  285. #define RtlEncryptNtOwfPwdWithNtOwfPwd SystemFunction014
  286. #define RtlDecryptNtOwfPwdWithNtOwfPwd SystemFunction015
  287. #define RtlEncryptLmOwfPwdWithLmSesKey SystemFunction016
  288. #define RtlDecryptLmOwfPwdWithLmSesKey SystemFunction017
  289. #define RtlEncryptNtOwfPwdWithNtSesKey SystemFunction018
  290. #define RtlDecryptNtOwfPwdWithNtSesKey SystemFunction019
  291. #define RtlEncryptLmOwfPwdWithUserKey SystemFunction020
  292. #define RtlDecryptLmOwfPwdWithUserKey SystemFunction021
  293. #define RtlEncryptNtOwfPwdWithUserKey SystemFunction022
  294. #define RtlDecryptNtOwfPwdWithUserKey SystemFunction023
  295. #define RtlEncryptLmOwfPwdWithIndex SystemFunction024
  296. #define RtlDecryptLmOwfPwdWithIndex SystemFunction025
  297. #define RtlEncryptNtOwfPwdWithIndex SystemFunction026
  298. #define RtlDecryptNtOwfPwdWithIndex SystemFunction027
  299. #define RtlGetUserSessionKeyClient SystemFunction028
  300. #define RtlGetUserSessionKeyServer SystemFunction029
  301. #define RtlEqualLmOwfPassword SystemFunction030
  302. #define RtlEqualNtOwfPassword SystemFunction031
  303. #define RtlEncryptData2 SystemFunction032
  304. #define RtlDecryptData2 SystemFunction033
  305. #define RtlGetUserSessionKeyClientBinding SystemFunction034
  306. #define RtlCheckSignatureInFile SystemFunction035
  308. #define RtlGenRandom SystemFunction036
  309. #define RtlEncryptMemory SystemFunction040
  310. #define RtlDecryptMemory SystemFunction041
  313. ////////////////////////////////////////////////////////////////////////////
  314. // //
  315. // Encryption library API function prototypes //
  316. // //
  317. ////////////////////////////////////////////////////////////////////////////
  320. //
  321. // Core block encryption functions
  322. //
  324. NTSTATUS
  325. RtlEncryptBlock(
  326. IN PCLEAR_BLOCK ClearBlock,
  327. IN PBLOCK_KEY BlockKey,
  328. OUT PCYPHER_BLOCK CypherBlock
  329. );
  331. NTSTATUS
  332. RtlDecryptBlock(
  333. IN PCYPHER_BLOCK CypherBlock,
  334. IN PBLOCK_KEY BlockKey,
  335. OUT PCLEAR_BLOCK ClearBlock
  336. );
  338. NTSTATUS
  339. RtlEncryptStdBlock(
  340. IN PBLOCK_KEY BlockKey,
  341. OUT PCYPHER_BLOCK CypherBlock
  342. );
  344. //
  345. // Arbitrary length data encryption functions
  346. //
  348. NTSTATUS
  349. RtlEncryptData(
  350. IN PCLEAR_DATA ClearData,
  351. IN PDATA_KEY DataKey,
  352. OUT PCYPHER_DATA CypherData
  353. );
  355. NTSTATUS
  356. RtlDecryptData(
  357. IN PCYPHER_DATA CypherData,
  358. IN PDATA_KEY DataKey,
  359. OUT PCLEAR_DATA ClearData
  360. );
  362. //
  363. // Faster arbitrary length data encryption functions (using RC4)
  364. //
  366. NTSTATUS
  367. RtlEncryptData2(
  368. IN OUT PCRYPT_BUFFER pData,
  369. IN PDATA_KEY pKey
  370. );
  372. NTSTATUS
  373. RtlDecryptData2(
  374. IN OUT PCRYPT_BUFFER pData,
  375. IN PDATA_KEY pKey
  376. );
  378. //
  379. // Password hashing functions (One Way Function)
  380. //
  382. NTSTATUS
  383. RtlCalculateLmOwfPassword(
  384. IN PLM_PASSWORD LmPassword,
  385. OUT PLM_OWF_PASSWORD LmOwfPassword
  386. );
  388. NTSTATUS
  389. RtlCalculateNtOwfPassword(
  390. IN PNT_PASSWORD NtPassword,
  391. OUT PNT_OWF_PASSWORD NtOwfPassword
  392. );
  396. //
  397. // OWF password comparison functions
  398. //
  400. BOOLEAN
  401. RtlEqualLmOwfPassword(
  402. IN PLM_OWF_PASSWORD LmOwfPassword1,
  403. IN PLM_OWF_PASSWORD LmOwfPassword2
  404. );
  406. BOOLEAN
  407. RtlEqualNtOwfPassword(
  408. IN PNT_OWF_PASSWORD NtOwfPassword1,
  409. IN PNT_OWF_PASSWORD NtOwfPassword2
  410. );
  414. //
  415. // Functions for calculating response to server challenge
  416. //
  418. NTSTATUS
  419. RtlCalculateLmResponse(
  420. IN PLM_CHALLENGE LmChallenge,
  421. IN PLM_OWF_PASSWORD LmOwfPassword,
  422. OUT PLM_RESPONSE LmResponse
  423. );
  426. NTSTATUS
  427. RtlCalculateNtResponse(
  428. IN PNT_CHALLENGE NtChallenge,
  429. IN PNT_OWF_PASSWORD NtOwfPassword,
  430. OUT PNT_RESPONSE NtResponse
  431. );
  436. //
  437. // Functions for calculating User Session Key.
  438. //
  440. //
  441. // Calculate a User Session Key from LM data
  442. //
  443. NTSTATUS
  444. RtlCalculateUserSessionKeyLm(
  445. IN PLM_RESPONSE LmResponse,
  446. IN PLM_OWF_PASSWORD LmOwfPassword,
  447. OUT PUSER_SESSION_KEY UserSessionKey
  448. );
  450. //
  451. // Calculate a User Session Key from NT data
  452. //
  453. NTSTATUS
  454. RtlCalculateUserSessionKeyNt(
  455. IN PNT_RESPONSE NtResponse,
  456. IN PNT_OWF_PASSWORD NtOwfPassword,
  457. OUT PUSER_SESSION_KEY UserSessionKey
  458. );
  464. //
  465. // OwfPassword encryption functions
  466. //
  469. //
  470. // Encrypt OwfPassword using OwfPassword as the key
  471. //
  472. NTSTATUS
  473. RtlEncryptLmOwfPwdWithLmOwfPwd(
  474. IN PLM_OWF_PASSWORD DataLmOwfPassword,
  475. IN PLM_OWF_PASSWORD KeyLmOwfPassword,
  476. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  477. );
  479. NTSTATUS
  480. RtlDecryptLmOwfPwdWithLmOwfPwd(
  481. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  482. IN PLM_OWF_PASSWORD KeyLmOwfPassword,
  483. OUT PLM_OWF_PASSWORD DataLmOwfPassword
  484. );
  487. NTSTATUS
  488. RtlEncryptNtOwfPwdWithNtOwfPwd(
  489. IN PNT_OWF_PASSWORD DataNtOwfPassword,
  490. IN PNT_OWF_PASSWORD KeyNtOwfPassword,
  491. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  492. );
  494. NTSTATUS
  495. RtlDecryptNtOwfPwdWithNtOwfPwd(
  496. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  497. IN PNT_OWF_PASSWORD KeyNtOwfPassword,
  498. OUT PNT_OWF_PASSWORD DataNtOwfPassword
  499. );
  502. //
  503. // Encrypt OwfPassword using SessionKey as the key
  504. //
  505. NTSTATUS
  506. RtlEncryptLmOwfPwdWithLmSesKey(
  507. IN PLM_OWF_PASSWORD LmOwfPassword,
  508. IN PLM_SESSION_KEY LmSessionKey,
  509. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  510. );
  512. NTSTATUS
  513. RtlDecryptLmOwfPwdWithLmSesKey(
  514. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  515. IN PLM_SESSION_KEY LmSessionKey,
  516. OUT PLM_OWF_PASSWORD LmOwfPassword
  517. );
  520. NTSTATUS
  521. RtlEncryptNtOwfPwdWithNtSesKey(
  522. IN PNT_OWF_PASSWORD NtOwfPassword,
  523. IN PNT_SESSION_KEY NtSessionKey,
  524. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  525. );
  527. NTSTATUS
  528. RtlDecryptNtOwfPwdWithNtSesKey(
  529. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  530. IN PNT_SESSION_KEY NtSessionKey,
  531. OUT PNT_OWF_PASSWORD NtOwfPassword
  532. );
  535. //
  536. // Encrypt OwfPassword using UserSessionKey as the key
  537. //
  538. NTSTATUS
  539. RtlEncryptLmOwfPwdWithUserKey(
  540. IN PLM_OWF_PASSWORD LmOwfPassword,
  541. IN PUSER_SESSION_KEY UserSessionKey,
  542. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  543. );
  545. NTSTATUS
  546. RtlDecryptLmOwfPwdWithUserKey(
  547. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  548. IN PUSER_SESSION_KEY UserSessionKey,
  549. OUT PLM_OWF_PASSWORD LmOwfPassword
  550. );
  552. NTSTATUS
  553. RtlEncryptNtOwfPwdWithUserKey(
  554. IN PNT_OWF_PASSWORD NtOwfPassword,
  555. IN PUSER_SESSION_KEY UserSessionKey,
  556. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  557. );
  559. NTSTATUS
  560. RtlDecryptNtOwfPwdWithUserKey(
  561. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  562. IN PUSER_SESSION_KEY UserSessionKey,
  563. OUT PNT_OWF_PASSWORD NtOwfPassword
  564. );
  567. //
  568. // Encrypt OwfPassword using an index as the key
  569. //
  570. NTSTATUS
  571. RtlEncryptLmOwfPwdWithIndex(
  572. IN PLM_OWF_PASSWORD LmOwfPassword,
  573. IN PCRYPT_INDEX Index,
  574. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  575. );
  577. NTSTATUS
  578. RtlDecryptLmOwfPwdWithIndex(
  579. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  580. IN PCRYPT_INDEX Index,
  581. OUT PLM_OWF_PASSWORD LmOwfPassword
  582. );
  585. NTSTATUS
  586. RtlEncryptNtOwfPwdWithIndex(
  587. IN PNT_OWF_PASSWORD NtOwfPassword,
  588. IN PCRYPT_INDEX Index,
  589. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  590. );
  592. NTSTATUS
  593. RtlDecryptNtOwfPwdWithIndex(
  594. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  595. IN PCRYPT_INDEX Index,
  596. OUT PNT_OWF_PASSWORD NtOwfPassword
  597. );
  599. ULONG
  600. RtlCheckSignatureInFile(
  601. IN PWSTR File
  602. );
  604. BOOLEAN
  605. RtlGenRandom(
  606. OUT PVOID RandomBuffer,
  607. IN ULONG RandomBufferLength
  608. );
  611. //
  612. // The buffer passed into RtlEncryptMemory and RtlDecryptMemory
  613. // must be a multiple of this length.
  614. //
  616. #define RTL_ENCRYPT_MEMORY_SIZE 8
  618. //
  619. // Allow Encrypt/Decrypt across process boundaries.
  620. // eg: encrypted buffer passed across LPC to another process which calls RtlDecryptMemory.
  621. //
  623. #define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01
  625. //
  626. // Allow Encrypt/Decrypt across callers with same LogonId.
  627. // eg: encrypted buffer passed across LPC to another process which calls RtlDecryptMemory whilst impersonating.
  628. //
  630. #define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02
  632. NTSTATUS
  633. RtlEncryptMemory(
  634. IN OUT PVOID Memory,
  635. IN ULONG MemoryLength,
  636. IN ULONG OptionFlags
  637. );
  639. NTSTATUS
  640. RtlDecryptMemory(
  641. IN OUT PVOID Memory,
  642. IN ULONG MemoryLength,
  643. IN ULONG OptionFlags
  644. );
  647. //
  648. // Get the user session key for an RPC connection
  649. //
  651. #ifndef MIDL_PASS // Don't confuse MIDL
  652. NTSTATUS
  653. RtlGetUserSessionKeyClient(
  654. IN PVOID RpcContextHandle,
  655. OUT PUSER_SESSION_KEY UserSessionKey
  656. );
  658. NTSTATUS
  659. RtlGetUserSessionKeyClientBinding(
  660. IN PVOID RpcBindingHandle,
  661. OUT HANDLE *RedirHandle,
  662. OUT PUSER_SESSION_KEY UserSessionKey
  663. );
  665. NTSTATUS
  666. RtlGetUserSessionKeyServer(
  667. IN PVOID RpcContextHandle OPTIONAL,
  668. OUT PUSER_SESSION_KEY UserSessionKey
  669. );
  670. #endif // MIDL_PASS
  672. #ifdef __cplusplus
  673. } // extern "C"
  674. #endif
  676. #endif // _NTCRYPT_