archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/win32/ntcrypto/rsaaes/nt_rand.c

354 lines
9.8 KiB
Raw Normal View History

Add source files
4 years ago
  1. /////////////////////////////////////////////////////////////////////////////
  2. // FILE : nt_rand.c //
  3. // DESCRIPTION : Crypto CP interfaces: //
  4. // CPGenRandom //
  5. // AUTHOR : //
  6. // HISTORY : //
  7. // Jan 25 1995 larrys Changed from Nametag //
  8. // Feb 23 1995 larrys Changed NTag_SetLastError to SetLastError //
  9. // Apr 10 1995 larrys Fix comments //
  10. // Oct 27 1995 rajeshk Added provider parameter to GenRandom call //
  11. // Nov 3 1995 larrys Merge for NT checkin //
  12. // Oct 14 1996 jeffspel Changed GenRandom to NewGenRandom //
  13. // May 5 2000 dbarlow Clean up error return codes //
  14. // //
  15. // Copyright (C) 1993 - 2000, Microsoft Corporation //
  16. // All Rights Reserved //
  17. /////////////////////////////////////////////////////////////////////////////
  19. #include <nt.h>
  20. #include <ntrtl.h>
  21. #include <nturtl.h>
  22. #include <crypt.h>
  24. #include "precomp.h"
  25. #include "sha.h"
  26. #include "rsa_fast.h"
  27. #include "rsa_math.h"
  28. #include "randlib.h"
  30. static CONST BYTE DSSPRIVATEKEYINIT[] =
  31. { 0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89,
  32. 0x98, 0xba, 0xdc, 0xfe, 0x10, 0x32, 0x54, 0x76,
  33. 0xc3, 0xd2, 0xe1, 0xf0 };
  35. static CONST BYTE DSSPERMSGINIT[] =
  36. { 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, 0xdc, 0xfe,
  37. 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0,
  38. 0x67, 0x45, 0x23, 0x01 };
  40. static CONST BYTE MODULUS[] =
  41. { 0xf5, 0xc1, 0x56, 0xb1, 0xd5, 0x48, 0x42, 0x2e,
  42. 0xbd, 0xa5, 0x44, 0x41, 0xc7, 0x1c, 0x24, 0x08,
  43. 0x3f, 0x80, 0x3c, 0x90 };
  45. static BYTE l_rgbRNGState[A_SHA_DIGEST_LEN];
  48. //
  49. // Function : AddSeeds
  50. //
  51. // Description : This function adds the 160 bit seeds pointed to by pdwSeed1
  52. // and pdwSeed2, it also adds 1 to this sum and mods the sum by
  53. // 2^160.
  54. //
  56. /*static*/ void
  57. AddSeeds(
  58. IN CONST DWORD *pdwSeed1,
  59. IN OUT DWORD *pdwSeed2)
  60. {
  61. DWORD dwTmp;
  62. DWORD dwOverflow = 1;
  63. DWORD i;
  65. for (i = 0; i < 5; i++)
  66. {
  67. dwTmp = dwOverflow + pdwSeed1[i];
  68. dwOverflow = (dwOverflow > dwTmp);
  69. pdwSeed2[i] = pdwSeed2[i] + dwTmp;
  70. dwOverflow = ((dwTmp > pdwSeed2[i]) || dwOverflow);
  71. }
  72. }
  75. /*
  76. Given SHA(message), compute SHA(message) mod qdigit.
  77. Output is in the interval [0, qdigit-1].
  78. Although SHA(message) may exceed qdigit,
  79. it cannot exceed 2*qdigit since the leftmost bit
  80. of qdigit is 1.
  81. */
  83. /*static*/ void
  84. SHA_mod_q(
  85. CONST BYTE *pbHash, // In
  86. CONST BYTE *pbQ, // In
  87. BYTE *pbNewHash) // Out
  88. {
  89. BYTE rgbHash[A_SHA_DIGEST_LEN];
  91. if (-1 != Compare((DWORD*)rgbHash, // hash is greater so subtract
  92. (DWORD*)pbQ,
  93. A_SHA_DIGEST_LEN / sizeof(DWORD)))
  94. {
  95. Sub((DWORD*)pbNewHash,
  96. (DWORD*)rgbHash,
  97. (DWORD*)pbQ,
  98. A_SHA_DIGEST_LEN / sizeof(DWORD));
  99. }
  100. else
  101. memcpy(pbNewHash, pbHash, A_SHA_DIGEST_LEN / sizeof(DWORD));
  102. } /* SHA_mod_q */
  105. //
  106. // Function : RNG16BitStateCheck
  107. //
  108. // Description : This function compares each 160 bits of the buffer with
  109. // the next 160 bits and if they are the same the function
  110. // errors out. The IN buffer is expected to be A_SHA_DIGEST_LEN
  111. // bytes long. The function fails if the RNG is gets the same
  112. // input buffer of 160 bits twice in a row.
  113. //
  115. /*static*/ BOOL
  116. RNG16BitStateCheck(
  117. IN OUT DWORD *pdwOut,
  118. IN DWORD *pdwIn,
  119. IN DWORD cbNeeded)
  120. {
  121. BOOL fRet = FALSE;
  123. if (0 == memcmp(l_rgbRNGState, pdwIn, A_SHA_DIGEST_LEN))
  124. {
  125. memcpy(l_rgbRNGState, (BYTE*)pdwIn, A_SHA_DIGEST_LEN);
  126. goto ErrorExit;
  127. }
  129. memcpy(l_rgbRNGState, (BYTE*)pdwIn, A_SHA_DIGEST_LEN);
  130. memcpy((BYTE*)pdwOut, (BYTE*)pdwIn, cbNeeded);
  131. fRet = TRUE;
  133. ErrorExit:
  134. return fRet;
  135. }
  138. //
  139. // Function : FIPS186Gen
  140. //
  141. // Description : FIPS 186 RNG, the seed is generated by calling NewGenRandom.
  142. //
  144. /*static*/ DWORD
  145. FIPS186Gen(
  146. IN HANDLE hRNGDriver,
  147. IN BYTE **ppbContextSeed,
  148. IN DWORD *pcbContextSeed,
  149. IN CONST BYTE *pbInitValue, // this is t, must be 20 bytes
  150. IN CONST BYTE *pbModulus, // this must be a 20 byte prime
  151. IN OUT BYTE *pb,
  152. IN DWORD cb)
  153. {
  154. DWORD dwReturn = ERROR_INTERNAL_ERROR;
  155. DWORD rgdwSeed[A_SHA_DIGEST_LEN/sizeof(DWORD)]; // 160 bits
  156. DWORD rgdwNewSeed[A_SHA_DIGEST_LEN/sizeof(DWORD)]; // 160 bits
  157. A_SHA_CTX SHACtxt;
  158. BYTE rgbBuf[A_SHA_DIGEST_LEN];
  159. DWORD cbBuf;
  160. BYTE *pbTmp = pb;
  161. DWORD cbTmp = cb;
  162. DWORD i;
  163. DWORD dwSts;
  164. DWORD cbContextSeed = 0;
  166. if (ppbContextSeed && pcbContextSeed)
  167. cbContextSeed = *pcbContextSeed;
  169. while (cbTmp)
  170. {
  171. #ifdef USE_HW_RNG
  172. #ifdef _M_IX86
  173. // get a 160 bit random seed
  174. if (INVALID_HANDLE_VALUE != hRNGDriver)
  175. {
  176. dwSts = HWRNGGenRandom(hRNGDriver,
  177. (BYTE*)rgdwNewSeed,
  178. sizeof(rgdwNewSeed));
  179. if (ERROR_SUCCESS != dwSts)
  180. {
  181. dwReturn = dwSts;
  182. goto ErrorExit;
  183. }
  184. }
  185. else
  186. #endif // _M_IX86
  187. #endif // USE_HW_RNG
  188. {
  189. // get a 160 bit random seed
  190. if (!NewGenRandom(ppbContextSeed, pcbContextSeed,
  191. (BYTE*)rgdwNewSeed, sizeof(rgdwNewSeed)))
  192. {
  193. dwReturn = (DWORD)NTE_FAIL; // NewGenRandom doesn't set LastError.
  194. goto ErrorExit;
  195. }
  196. }
  198. for (i = 0; i < A_SHA_DIGEST_LEN/sizeof(DWORD); i++)
  199. rgdwSeed[i] ^= rgdwNewSeed[i];
  201. A_SHAInit (&SHACtxt);
  202. memcpy(SHACtxt.state, pbInitValue, A_SHA_DIGEST_LEN);
  204. // perform the one way function
  205. A_SHAUpdate(&SHACtxt, (BYTE*)rgdwSeed, sizeof(rgdwSeed));
  206. if (cbContextSeed)
  207. A_SHAUpdate(&SHACtxt, *ppbContextSeed, cbContextSeed);
  208. A_SHAFinal(&SHACtxt, rgbBuf);
  210. for (i = 0; i < cbContextSeed && i < A_SHA_DIGEST_LEN; i++)
  211. (*ppbContextSeed)[i] ^= rgbBuf[i];
  213. // continuous 16 bit state check
  214. if (A_SHA_DIGEST_LEN < cbTmp)
  215. cbBuf = A_SHA_DIGEST_LEN;
  216. else
  217. cbBuf = cbTmp;
  219. if (!RNG16BitStateCheck((DWORD*)pbTmp, (DWORD*)rgbBuf, cbBuf))
  220. {
  221. dwReturn = (DWORD)NTE_FAIL;
  222. goto ErrorExit;
  223. }
  225. pbTmp += cbBuf;
  226. cbTmp -= cbBuf;
  227. if (0 == cbTmp)
  228. break;
  230. // modular reduction with modulus Q
  231. SHA_mod_q(rgbBuf, pbModulus, (BYTE*)rgdwNewSeed);
  233. // (1 + previous seed + new random) mod 2^160
  234. AddSeeds(rgdwNewSeed, rgdwSeed);
  235. }
  237. dwReturn = ERROR_SUCCESS;
  239. ErrorExit:
  240. return dwReturn;
  241. }
  244. DWORD
  245. FIPS186GenRandom(
  246. IN HANDLE *phRNGDriver,
  247. IN BYTE **ppbContextSeed,
  248. IN DWORD *pcbContextSeed,
  249. IN OUT BYTE *pb,
  250. IN DWORD cb)
  251. {
  252. return FIPS186Gen(*phRNGDriver, ppbContextSeed, pcbContextSeed,
  253. DSSPRIVATEKEYINIT, MODULUS, pb, cb);
  254. }
  257. void
  258. FIPS186GenRandomWithException(
  259. IN HANDLE *phRNGDriver,
  260. IN BYTE **ppbContextSeed,
  261. IN DWORD *pcbContextSeed,
  262. IN OUT BYTE *pb,
  263. IN DWORD cb)
  264. {
  265. DWORD dwSts;
  267. dwSts = FIPS186Gen(*phRNGDriver, ppbContextSeed, pcbContextSeed,
  268. DSSPRIVATEKEYINIT, MODULUS, pb, cb);
  269. if (ERROR_SUCCESS != dwSts)
  270. {
  271. // nasty way to cause an error but need either this
  272. // or redo rsa32.lib
  273. RaiseException((DWORD)NTE_FAIL, 0, 0, 0);
  274. }
  275. }
  278. /*
  279. - CPGenRandom
  280. -
  281. * Purpose:
  282. * Used to fill a buffer with random bytes
  283. *
  284. *
  285. * Parameters:
  286. * IN hUID - Handle to the user identifcation
  287. * IN dwLen - Number of bytes of random data requested
  288. * OUT pbBuffer - Pointer to the buffer where the random
  289. * bytes are to be placed
  290. *
  291. * Returns:
  292. */
  294. BOOL WINAPI
  295. CPGenRandom(
  296. IN HCRYPTPROV hUID,
  297. IN DWORD dwLen,
  298. OUT BYTE *pbBuffer)
  299. {
  300. DWORD dwReturn = ERROR_INTERNAL_ERROR;
  301. PNTAGUserList pTmpUser;
  302. BOOL fRet;
  303. DWORD dwSts;
  305. EntryPoint
  306. // check the user identification
  307. pTmpUser = NTLCheckList(hUID, USER_HANDLE);
  308. if (NULL == pTmpUser)
  309. {
  310. dwReturn = (DWORD)NTE_BAD_UID;
  311. goto ErrorExit;
  312. }
  314. dwSts = FIPS186Gen(pTmpUser->hRNGDriver,
  315. &pTmpUser->ContInfo.pbRandom,
  316. &pTmpUser->ContInfo.ContLens.cbRandom,
  317. DSSPRIVATEKEYINIT,
  318. MODULUS,
  319. pbBuffer,
  320. dwLen);
  321. if (ERROR_SUCCESS != dwSts)
  322. {
  323. dwReturn = dwSts;
  324. goto ErrorExit;
  325. }
  327. dwReturn = ERROR_SUCCESS;
  329. ErrorExit:
  330. fRet = (ERROR_SUCCESS == dwReturn);
  331. if (!fRet)
  332. SetLastError(dwReturn);
  333. return fRet;
  334. }
  336. //
  337. // Function: NewGenRandom
  338. //
  339. // Description: Stub to eliminate the need to link with
  340. // randlib.lib. Now using RtlGenRandom() instead.
  341. //
  342. // Returns: True for success. False for failure.
  343. //
  344. unsigned int
  345. RSA32API
  346. NewGenRandom(
  347. IN OUT unsigned char **ppbRandSeed /*unused*/,
  348. IN unsigned long *pcbRandSeed /*unused*/,
  349. IN OUT unsigned char *pbBuffer,
  350. IN unsigned long dwLength
  351. )
  352. {
  353. return (unsigned int)RtlGenRandom( pbBuffer, dwLength );
  354. }