Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

603 lines
16 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // File: crypt.h
  4. //
  5. // Contents: Functions that had to be mostly borrowed from NT src tree
  6. //
  7. // History: SudK Created 6/25/95
  8. //
  9. //----------------------------------------------------------------------------
  10. #ifndef _NTCRYPT_
  11. #define _NTCRYPT_
  12. #ifndef MIDL_PASS // Don't confuse MIDL
  13. #ifndef RPC_NO_WINDOWS_H // Don't let rpc.h include windows.h
  14. #define RPC_NO_WINDOWS_H
  15. #endif // RPC_NO_WINDOWS_H
  16. #ifndef WIN16_BUILD
  17. #include <rpc.h>
  18. #else
  19. #define NTAPI FAR PASCAL
  20. #define IN
  21. #define OUT
  22. #define BOOLEAN BOOL
  23. #define OPTIONAL
  24. #define NTSYSAPI
  25. #endif
  26. #endif // MIDL_PASS
  27. /////////////////////////////////////////////////////////////////////////
  28. // //
  29. // Core encryption types //
  30. // //
  31. /////////////////////////////////////////////////////////////////////////
  32. #define CLEAR_BLOCK_LENGTH 8
  33. typedef struct _CLEAR_BLOCK {
  34. CHAR data[CLEAR_BLOCK_LENGTH];
  35. } CLEAR_BLOCK;
  36. typedef CLEAR_BLOCK * PCLEAR_BLOCK;
  37. #define CYPHER_BLOCK_LENGTH 8
  38. typedef struct _CYPHER_BLOCK {
  39. CHAR data[CYPHER_BLOCK_LENGTH];
  40. } CYPHER_BLOCK;
  41. typedef CYPHER_BLOCK * PCYPHER_BLOCK;
  42. #define BLOCK_KEY_LENGTH 7
  43. typedef struct _BLOCK_KEY {
  44. CHAR data[BLOCK_KEY_LENGTH];
  45. } BLOCK_KEY;
  46. typedef BLOCK_KEY * PBLOCK_KEY;
  47. /////////////////////////////////////////////////////////////////////////
  48. // //
  49. // Arbitrary length data encryption types //
  50. // //
  51. /////////////////////////////////////////////////////////////////////////
  52. typedef struct _CRYPT_BUFFER {
  53. ULONG Length; // Number of valid bytes in buffer
  54. ULONG MaximumLength; // Number of bytes pointed to by Buffer
  55. PVOID Buffer;
  56. } CRYPT_BUFFER;
  57. typedef CRYPT_BUFFER * PCRYPT_BUFFER;
  58. typedef CRYPT_BUFFER CLEAR_DATA;
  59. typedef CLEAR_DATA * PCLEAR_DATA;
  60. typedef CRYPT_BUFFER DATA_KEY;
  61. typedef DATA_KEY * PDATA_KEY;
  62. typedef CRYPT_BUFFER CYPHER_DATA;
  63. typedef CYPHER_DATA * PCYPHER_DATA;
  64. /////////////////////////////////////////////////////////////////////////
  65. // //
  66. // Lan Manager data types //
  67. // //
  68. /////////////////////////////////////////////////////////////////////////
  69. //
  70. // Define a LanManager compatible password
  71. //
  72. // A LanManager password is a null-terminated ansi string consisting of a
  73. // maximum of 14 characters (not including terminator)
  74. //
  75. typedef CHAR * PLM_PASSWORD;
  76. //
  77. // Define the result of the 'One Way Function' (OWF) on a LM password
  78. //
  79. #define LM_OWF_PASSWORD_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  80. typedef struct _LM_OWF_PASSWORD {
  81. CYPHER_BLOCK data[2];
  82. } LM_OWF_PASSWORD;
  83. typedef LM_OWF_PASSWORD * PLM_OWF_PASSWORD;
  84. //
  85. // Define the challenge sent by the Lanman server during logon
  86. //
  87. #define LM_CHALLENGE_LENGTH CLEAR_BLOCK_LENGTH
  88. typedef CLEAR_BLOCK LM_CHALLENGE;
  89. typedef LM_CHALLENGE * PLM_CHALLENGE;
  90. //
  91. // Define the response sent by redirector in response to challenge from server
  92. //
  93. #define LM_RESPONSE_LENGTH (CYPHER_BLOCK_LENGTH * 3)
  94. typedef struct _LM_RESPONSE {
  95. CYPHER_BLOCK data[3];
  96. } LM_RESPONSE;
  97. typedef LM_RESPONSE * PLM_RESPONSE;
  98. //
  99. // Define the result of the reversible encryption of an OWF'ed password.
  100. //
  101. #define ENCRYPTED_LM_OWF_PASSWORD_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  102. typedef struct _ENCRYPTED_LM_OWF_PASSWORD {
  103. CYPHER_BLOCK data[2];
  104. } ENCRYPTED_LM_OWF_PASSWORD;
  105. typedef ENCRYPTED_LM_OWF_PASSWORD * PENCRYPTED_LM_OWF_PASSWORD;
  106. //
  107. // Define the session key maintained by the redirector and server
  108. //
  109. #define LM_SESSION_KEY_LENGTH LM_CHALLENGE_LENGTH
  110. typedef LM_CHALLENGE LM_SESSION_KEY;
  111. typedef LM_SESSION_KEY * PLM_SESSION_KEY;
  112. //
  113. // Define the index type used to encrypt OWF Passwords
  114. //
  115. typedef LONG CRYPT_INDEX;
  116. typedef CRYPT_INDEX * PCRYPT_INDEX;
  117. /////////////////////////////////////////////////////////////////////////
  118. // //
  119. // 'NT' encryption types that are used to duplicate existing LM //
  120. // functionality with improved algorithms. //
  121. // //
  122. /////////////////////////////////////////////////////////////////////////
  123. typedef UNICODE_STRING NT_PASSWORD;
  124. typedef NT_PASSWORD * PNT_PASSWORD;
  125. #define NT_OWF_PASSWORD_LENGTH LM_OWF_PASSWORD_LENGTH
  126. typedef LM_OWF_PASSWORD NT_OWF_PASSWORD;
  127. typedef NT_OWF_PASSWORD * PNT_OWF_PASSWORD;
  128. #define NT_CHALLENGE_LENGTH LM_CHALLENGE_LENGTH
  129. typedef LM_CHALLENGE NT_CHALLENGE;
  130. typedef NT_CHALLENGE * PNT_CHALLENGE;
  131. #define NT_RESPONSE_LENGTH LM_RESPONSE_LENGTH
  132. typedef LM_RESPONSE NT_RESPONSE;
  133. typedef NT_RESPONSE * PNT_RESPONSE;
  134. #define ENCRYPTED_NT_OWF_PASSWORD_LENGTH ENCRYPTED_LM_OWF_PASSWORD_LENGTH
  135. typedef ENCRYPTED_LM_OWF_PASSWORD ENCRYPTED_NT_OWF_PASSWORD;
  136. typedef ENCRYPTED_NT_OWF_PASSWORD * PENCRYPTED_NT_OWF_PASSWORD;
  137. #define NT_SESSION_KEY_LENGTH LM_SESSION_KEY_LENGTH
  138. typedef LM_SESSION_KEY NT_SESSION_KEY;
  139. typedef NT_SESSION_KEY * PNT_SESSION_KEY;
  140. /////////////////////////////////////////////////////////////////////////
  141. // //
  142. // 'NT' encryption types for new functionality not present in LM //
  143. // //
  144. /////////////////////////////////////////////////////////////////////////
  145. //
  146. // The user session key is similar to the LM and NT session key except it
  147. // is different for each user on the system. This allows it to be used
  148. // for secure user communication with a server.
  149. //
  150. #define USER_SESSION_KEY_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  151. typedef struct _USER_SESSION_KEY {
  152. CYPHER_BLOCK data[2];
  153. } USER_SESSION_KEY;
  154. typedef USER_SESSION_KEY * PUSER_SESSION_KEY;
  155. ////////////////////////////////////////////////////////////////////////////
  156. // //
  157. // Encryption library API macros //
  158. // //
  159. // To conceal the purpose of these functions to someone dumping out the //
  160. // encryption dll they have been purposefully given unhelpful names. //
  161. // Each has an associated macro that should be used by system components //
  162. // to access these routines in a readable way. //
  163. // //
  164. ////////////////////////////////////////////////////////////////////////////
  165. #define RtlEncryptBlock SystemFunction001
  166. #define RtlDecryptBlock SystemFunction002
  167. #define RtlEncryptStdBlock SystemFunction003
  168. #define RtlEncryptData SystemFunction004
  169. #define RtlDecryptData SystemFunction005
  170. #define RtlCalculateLmOwfPassword SystemFunction006
  171. #define RtlCalculateNtOwfPassword SystemFunction007
  172. #define RtlCalculateLmResponse SystemFunction008
  173. #define RtlCalculateNtResponse SystemFunction009
  174. #define RtlCalculateUserSessionKeyLm SystemFunction010
  175. #define RtlCalculateUserSessionKeyNt SystemFunction011
  176. #define RtlEncryptLmOwfPwdWithLmOwfPwd SystemFunction012
  177. #define RtlDecryptLmOwfPwdWithLmOwfPwd SystemFunction013
  178. #define RtlEncryptNtOwfPwdWithNtOwfPwd SystemFunction014
  179. #define RtlDecryptNtOwfPwdWithNtOwfPwd SystemFunction015
  180. #define RtlEncryptLmOwfPwdWithLmSesKey SystemFunction016
  181. #define RtlDecryptLmOwfPwdWithLmSesKey SystemFunction017
  182. #define RtlEncryptNtOwfPwdWithNtSesKey SystemFunction018
  183. #define RtlDecryptNtOwfPwdWithNtSesKey SystemFunction019
  184. #define RtlEncryptLmOwfPwdWithUserKey SystemFunction020
  185. #define RtlDecryptLmOwfPwdWithUserKey SystemFunction021
  186. #define RtlEncryptNtOwfPwdWithUserKey SystemFunction022
  187. #define RtlDecryptNtOwfPwdWithUserKey SystemFunction023
  188. #define RtlEncryptLmOwfPwdWithIndex SystemFunction024
  189. #define RtlDecryptLmOwfPwdWithIndex SystemFunction025
  190. #define RtlEncryptNtOwfPwdWithIndex SystemFunction026
  191. #define RtlDecryptNtOwfPwdWithIndex SystemFunction027
  192. #define RtlGetUserSessionKeyClient SystemFunction028
  193. #define RtlGetUserSessionKeyServer SystemFunction029
  194. #define RtlEqualLmOwfPassword SystemFunction030
  195. #define RtlEqualNtOwfPassword SystemFunction031
  196. #define RtlEncryptData2 SystemFunction032
  197. #define RtlDecryptData2 SystemFunction033
  198. ////////////////////////////////////////////////////////////////////////////
  199. // //
  200. // Encryption library API function prototypes //
  201. // //
  202. ////////////////////////////////////////////////////////////////////////////
  203. //
  204. // Core block encryption functions
  205. //
  206. NTSTATUS
  207. NTAPI
  208. RtlEncryptBlock(
  209. IN PCLEAR_BLOCK ClearBlock,
  210. IN PBLOCK_KEY BlockKey,
  211. OUT PCYPHER_BLOCK CypherBlock
  212. );
  213. NTSTATUS
  214. NTAPI
  215. RtlDecryptBlock(
  216. IN PCYPHER_BLOCK CypherBlock,
  217. IN PBLOCK_KEY BlockKey,
  218. OUT PCLEAR_BLOCK ClearBlock
  219. );
  220. NTSTATUS
  221. RtlEncryptStdBlock(
  222. IN PBLOCK_KEY BlockKey,
  223. OUT PCYPHER_BLOCK CypherBlock
  224. );
  225. //
  226. // Arbitrary length data encryption functions
  227. //
  228. NTSTATUS
  229. NTAPI
  230. RtlEncryptData(
  231. IN PCLEAR_DATA ClearData,
  232. IN PDATA_KEY DataKey,
  233. OUT PCYPHER_DATA CypherData
  234. );
  235. NTSTATUS
  236. NTAPI
  237. RtlDecryptData(
  238. IN PCYPHER_DATA CypherData,
  239. IN PDATA_KEY DataKey,
  240. OUT PCLEAR_DATA ClearData
  241. );
  242. //
  243. // Faster arbitrary length data encryption functions (using RC4)
  244. //
  245. NTSTATUS
  246. RtlEncryptData2(
  247. IN OUT PCRYPT_BUFFER pData,
  248. IN PDATA_KEY pKey
  249. );
  250. NTSTATUS
  251. RtlDecryptData2(
  252. IN OUT PCRYPT_BUFFER pData,
  253. IN PDATA_KEY pKey
  254. );
  255. //
  256. // Password hashing functions (One Way Function)
  257. //
  258. NTSTATUS
  259. NTAPI
  260. RtlCalculateLmOwfPassword(
  261. IN PLM_PASSWORD LmPassword,
  262. OUT PLM_OWF_PASSWORD LmOwfPassword
  263. );
  264. NTSTATUS
  265. NTAPI
  266. RtlCalculateNtOwfPassword(
  267. IN PNT_PASSWORD NtPassword,
  268. OUT PNT_OWF_PASSWORD NtOwfPassword
  269. );
  270. //
  271. // OWF password comparison functions
  272. //
  273. BOOLEAN
  274. RtlEqualLmOwfPassword(
  275. IN PLM_OWF_PASSWORD LmOwfPassword1,
  276. IN PLM_OWF_PASSWORD LmOwfPassword2
  277. );
  278. BOOLEAN
  279. RtlEqualNtOwfPassword(
  280. IN PNT_OWF_PASSWORD NtOwfPassword1,
  281. IN PNT_OWF_PASSWORD NtOwfPassword2
  282. );
  283. //
  284. // Functions for calculating response to server challenge
  285. //
  286. NTSTATUS
  287. NTAPI
  288. RtlCalculateLmResponse(
  289. IN PLM_CHALLENGE LmChallenge,
  290. IN PLM_OWF_PASSWORD LmOwfPassword,
  291. OUT PLM_RESPONSE LmResponse
  292. );
  293. NTSTATUS
  294. NTAPI
  295. RtlCalculateNtResponse(
  296. IN PNT_CHALLENGE NtChallenge,
  297. IN PNT_OWF_PASSWORD NtOwfPassword,
  298. OUT PNT_RESPONSE NtResponse
  299. );
  300. //
  301. // Functions for calculating User Session Key.
  302. //
  303. //
  304. // Calculate a User Session Key from LM data
  305. //
  306. NTSTATUS
  307. RtlCalculateUserSessionKeyLm(
  308. IN PLM_RESPONSE LmResponse,
  309. IN PLM_OWF_PASSWORD LmOwfPassword,
  310. OUT PUSER_SESSION_KEY UserSessionKey
  311. );
  312. //
  313. // Calculate a User Session Key from NT data
  314. //
  315. NTSTATUS
  316. NTAPI
  317. RtlCalculateUserSessionKeyNt(
  318. IN PNT_RESPONSE NtResponse,
  319. IN PNT_OWF_PASSWORD NtOwfPassword,
  320. OUT PUSER_SESSION_KEY UserSessionKey
  321. );
  322. //
  323. // OwfPassword encryption functions
  324. //
  325. //
  326. // Encrypt OwfPassword using OwfPassword as the key
  327. //
  328. NTSTATUS
  329. RtlEncryptLmOwfPwdWithLmOwfPwd(
  330. IN PLM_OWF_PASSWORD DataLmOwfPassword,
  331. IN PLM_OWF_PASSWORD KeyLmOwfPassword,
  332. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  333. );
  334. NTSTATUS
  335. RtlDecryptLmOwfPwdWithLmOwfPwd(
  336. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  337. IN PLM_OWF_PASSWORD KeyLmOwfPassword,
  338. OUT PLM_OWF_PASSWORD DataLmOwfPassword
  339. );
  340. NTSTATUS
  341. RtlEncryptNtOwfPwdWithNtOwfPwd(
  342. IN PNT_OWF_PASSWORD DataNtOwfPassword,
  343. IN PNT_OWF_PASSWORD KeyNtOwfPassword,
  344. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  345. );
  346. NTSTATUS
  347. RtlDecryptNtOwfPwdWithNtOwfPwd(
  348. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  349. IN PNT_OWF_PASSWORD KeyNtOwfPassword,
  350. OUT PNT_OWF_PASSWORD DataNtOwfPassword
  351. );
  352. //
  353. // Encrypt OwfPassword using SessionKey as the key
  354. //
  355. NTSTATUS
  356. RtlEncryptLmOwfPwdWithLmSesKey(
  357. IN PLM_OWF_PASSWORD LmOwfPassword,
  358. IN PLM_SESSION_KEY LmSessionKey,
  359. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  360. );
  361. NTSTATUS
  362. RtlDecryptLmOwfPwdWithLmSesKey(
  363. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  364. IN PLM_SESSION_KEY LmSessionKey,
  365. OUT PLM_OWF_PASSWORD LmOwfPassword
  366. );
  367. NTSTATUS
  368. RtlEncryptNtOwfPwdWithNtSesKey(
  369. IN PNT_OWF_PASSWORD NtOwfPassword,
  370. IN PNT_SESSION_KEY NtSessionKey,
  371. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  372. );
  373. NTSTATUS
  374. RtlDecryptNtOwfPwdWithNtSesKey(
  375. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  376. IN PNT_SESSION_KEY NtSessionKey,
  377. OUT PNT_OWF_PASSWORD NtOwfPassword
  378. );
  379. //
  380. // Encrypt OwfPassword using UserSessionKey as the key
  381. //
  382. NTSTATUS
  383. RtlEncryptLmOwfPwdWithUserKey(
  384. IN PLM_OWF_PASSWORD LmOwfPassword,
  385. IN PUSER_SESSION_KEY UserSessionKey,
  386. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  387. );
  388. NTSTATUS
  389. RtlDecryptLmOwfPwdWithUserKey(
  390. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  391. IN PUSER_SESSION_KEY UserSessionKey,
  392. OUT PLM_OWF_PASSWORD LmOwfPassword
  393. );
  394. NTSTATUS
  395. RtlEncryptNtOwfPwdWithUserKey(
  396. IN PNT_OWF_PASSWORD NtOwfPassword,
  397. IN PUSER_SESSION_KEY UserSessionKey,
  398. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  399. );
  400. NTSTATUS
  401. RtlDecryptNtOwfPwdWithUserKey(
  402. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  403. IN PUSER_SESSION_KEY UserSessionKey,
  404. OUT PNT_OWF_PASSWORD NtOwfPassword
  405. );
  406. //
  407. // Encrypt OwfPassword using an index as the key
  408. //
  409. NTSTATUS
  410. RtlEncryptLmOwfPwdWithIndex(
  411. IN PLM_OWF_PASSWORD LmOwfPassword,
  412. IN PCRYPT_INDEX Index,
  413. OUT PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword
  414. );
  415. NTSTATUS
  416. RtlDecryptLmOwfPwdWithIndex(
  417. IN PENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword,
  418. IN PCRYPT_INDEX Index,
  419. OUT PLM_OWF_PASSWORD LmOwfPassword
  420. );
  421. NTSTATUS
  422. RtlEncryptNtOwfPwdWithIndex(
  423. IN PNT_OWF_PASSWORD NtOwfPassword,
  424. IN PCRYPT_INDEX Index,
  425. OUT PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword
  426. );
  427. NTSTATUS
  428. RtlDecryptNtOwfPwdWithIndex(
  429. IN PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword,
  430. IN PCRYPT_INDEX Index,
  431. OUT PNT_OWF_PASSWORD NtOwfPassword
  432. );
  433. //
  434. // Get the user session key for an RPC connection
  435. //
  436. #ifndef MIDL_PASS // Don't confuse MIDL
  437. NTSTATUS
  438. RtlGetUserSessionKeyClient(
  439. IN PVOID RpcContextHandle OPTIONAL,
  440. OUT PUSER_SESSION_KEY UserSessionKey
  441. );
  442. NTSTATUS
  443. RtlGetUserSessionKeyServer(
  444. IN PVOID RpcContextHandle OPTIONAL,
  445. OUT PUSER_SESSION_KEY UserSessionKey
  446. );
  447. #endif // MIDL_PASS
  448. #endif // _NTCRYPT_