archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/common/tssec/sesskey.c

665 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1994-1998 Microsoft Corporation
  5. Module Name:
  7. sesskey.c
  9. Abstract:
  11. Contains common client/server code that generate session key.
  13. Author:
  15. Madan Appiah (madana) 24-Jan-1998
  17. Environment:
  19. User Mode - Win32
  21. Revision History:
  23. --*/
  25. #include <seccom.h>
  27. VOID
  28. Salt8ByteKey(
  29. LPBYTE pbKey,
  30. DWORD dwSaltBytes
  31. )
  32. /*++
  34. Routine Description:
  36. This macro function salts the first 1 or 3 bytes of the 8 bytes key to a
  37. known value in order to make it a 40-bit key.
  39. Arguments:
  41. pbKey - pointer to a 8 bytes key buffer.
  42. dwSaltBytes - this value should be either 1 or 3
  44. Return Value:
  46. None.
  48. --*/
  49. {
  50. ASSERT( (dwSaltBytes == 1) || (dwSaltBytes == 3) );
  52. if( dwSaltBytes == 1 ) {
  54. //
  55. // for 56-bit encryption, salt first byte only.
  56. //
  58. *pbKey++ = 0xD1 ;
  59. }
  60. else if (dwSaltBytes == 3) {
  62. //
  63. // for 40-bit encryption, salt first 3 bytes.
  64. //
  66. *pbKey++ = 0xD1 ;
  67. *pbKey++ = 0x26 ;
  68. *pbKey = 0x9E ;
  69. }
  71. return;
  72. }
  74. VOID
  75. FinalHash(
  76. LPRANDOM_KEYS_PAIR pKeyPair,
  77. LPBYTE pbKey
  78. )
  79. /*++
  81. Routine Description:
  83. This macro function hashes the final key with the client and server randoms.
  85. Arguments:
  87. pKeyPair - pointer a random key pair structure.
  89. pbKey - pointer to a key buffer, the final key is returned back in the same
  90. buffer.
  92. Return Value:
  94. None.
  96. --*/
  97. {
  98. MD5_CTX Md5Hash;
  100. //
  101. // final_key = MD5(key + clientRandom + serverRandom)
  102. //
  104. MD5Init (&Md5Hash);
  106. MD5Update(&Md5Hash, pbKey, MAX_SESSION_KEY_SIZE);
  107. MD5Update(&Md5Hash, pKeyPair->clientRandom, RANDOM_KEY_LENGTH);
  108. MD5Update(&Md5Hash, pKeyPair->serverRandom, RANDOM_KEY_LENGTH);
  109. MD5Final (&Md5Hash);
  111. //
  112. // copy the final key back to the input buffer.
  113. //
  115. ASSERT( MD5DIGESTLEN >= MAX_SESSION_KEY_SIZE );
  116. memcpy(pbKey, Md5Hash.digest, MAX_SESSION_KEY_SIZE);
  118. return;
  119. }
  121. VOID
  122. MakeMasterKey(
  123. LPRANDOM_KEYS_PAIR pKeyPair,
  124. LPSTR FAR *ppszSalts,
  125. LPBYTE pbPreMaster,
  126. LPBYTE pbMaster
  127. )
  128. /*++
  130. Routine Description:
  132. This macro function makes a master secret using a pre-master secret.
  134. Arguments:
  136. pKeyPair - pointer a key pair structure.
  138. ppszSalts - pointer to a salt key strings array.
  140. pbPreMaster - pointer to a pre-master secret key buffer.
  142. pbMaster - pointer to a master secret key buffer.
  144. Return Value:
  146. None.
  148. --*/
  149. {
  150. DWORD i;
  152. MD5_CTX Md5Hash;
  153. A_SHA_CTX ShaHash;
  154. BYTE bShaHashValue[A_SHA_DIGEST_LEN];
  156. //
  157. //initialize all buffers with zero
  158. //
  160. memset( pbMaster, 0, PRE_MASTER_SECRET_LEN);
  161. memset( bShaHashValue, 0, A_SHA_DIGEST_LEN);
  163. for ( i = 0 ; i < 3 ; i++) {
  165. //
  166. // SHA(ppszSalts[i] + pre-master + clientRandom + serverRandom)
  167. //
  169. A_SHAInit(&ShaHash);
  170. A_SHAUpdate(&ShaHash, ppszSalts[i], strlen(ppszSalts[i]));
  171. A_SHAUpdate(&ShaHash, pbPreMaster, PRE_MASTER_SECRET_LEN );
  172. A_SHAUpdate(
  173. &ShaHash,
  174. pKeyPair->clientRandom,
  175. sizeof(pKeyPair->clientRandom) );
  176. A_SHAUpdate(
  177. &ShaHash,
  178. pKeyPair->serverRandom,
  179. sizeof(pKeyPair->serverRandom) );
  180. A_SHAFinal(&ShaHash, bShaHashValue);
  182. //
  183. // MD5(pre_master + SHA-hash)
  184. //
  186. MD5Init(&Md5Hash);
  187. MD5Update(&Md5Hash, pbPreMaster, PRE_MASTER_SECRET_LEN );
  188. MD5Update(&Md5Hash, bShaHashValue, A_SHA_DIGEST_LEN);
  189. MD5Final(&Md5Hash);
  191. //
  192. // copy part of the master secret.
  193. //
  195. memcpy(
  196. pbMaster + (i * MD5DIGESTLEN),
  197. Md5Hash.digest,
  198. MD5DIGESTLEN);
  199. }
  201. return;
  202. }
  204. VOID
  205. MakePreMasterSecret(
  206. LPRANDOM_KEYS_PAIR pKeyPair,
  207. LPBYTE pbPreMasterSecret
  208. )
  209. /*++
  211. Routine Description:
  213. This function makes a pre-master secret for the initial session key.
  215. Arguments:
  217. pKeyPair - pointer a key pair structure.
  219. pbPreMasterSecret - pointer to a pre-master secret key buffer, it is
  220. PRE_MASTER_SECRET_LEN bytes long.
  222. Return Value:
  224. None.
  226. --*/
  227. {
  228. //
  229. // copy PRE_MASTER_SECRET_LEN/2 bytes from clientRandom first.
  230. //
  232. memcpy(
  233. pbPreMasterSecret,
  234. pKeyPair->clientRandom,
  235. PRE_MASTER_SECRET_LEN/2 );
  237. //
  238. // copy PRE_MASTER_SECRET_LEN/2 bytes from serverRandom next.
  239. //
  241. memcpy(
  242. pbPreMasterSecret + PRE_MASTER_SECRET_LEN/2,
  243. pKeyPair->serverRandom,
  244. PRE_MASTER_SECRET_LEN/2 );
  246. return;
  247. }
  249. VOID
  250. GenerateMasterSecret(
  251. LPRANDOM_KEYS_PAIR pKeyPair,
  252. LPBYTE pbPreMasterSecret
  253. )
  254. /*++
  256. Routine Description:
  258. This function creates a master secret key using the pre-master key and
  259. random key pair.
  261. Arguments:
  263. pKeyPair - pointer a key pair structure.
  265. pbPreMasterSecret - pointer to a pre-master secret key buffer, it is
  266. PRE_MASTER_SECRET_LEN bytes long.
  269. Return Value:
  271. None.
  273. --*/
  274. {
  275. BYTE abMasterSecret[PRE_MASTER_SECRET_LEN];
  276. LPSTR apszSalts[3] = { "A","BB","CCC" } ;
  278. ASSERT( PRE_MASTER_SECRET_LEN == 3 * MD5DIGESTLEN );
  280. //
  281. // make master secret.
  282. //
  284. MakeMasterKey(
  285. pKeyPair,
  286. (LPSTR FAR *)apszSalts,
  287. pbPreMasterSecret,
  288. (LPBYTE)abMasterSecret );
  290. //
  291. // copy master secret in the return buffer.
  292. //
  294. memcpy( pbPreMasterSecret, abMasterSecret, PRE_MASTER_SECRET_LEN);
  296. return;
  297. }
  299. VOID
  300. UpdateKey(
  301. LPBYTE pbStartKey,
  302. LPBYTE pbCurrentKey,
  303. DWORD dwKeyLength
  304. )
  305. /*++
  307. Routine Description:
  309. This function updates a key.
  311. Arguments:
  313. pbStartKey - pointer to the start session key buffer.
  315. pbCurrentKey - pointer to the current session key buffer, new session key is
  316. copied to this buffer on return.
  318. dwKeyLength - length of the key.
  320. Return Value:
  322. None.
  324. --*/
  325. {
  326. A_SHA_CTX SHAHash;
  327. MD5_CTX MD5Hash;
  328. BYTE abSHADigest[A_SHA_DIGEST_LEN];
  330. //
  331. // make a SHA(pbStartKey + g_abPad1 + pbCurrentKey) hash.
  332. //
  334. A_SHAInit(&SHAHash);
  335. A_SHAUpdate(&SHAHash, pbStartKey, dwKeyLength);
  336. A_SHAUpdate(&SHAHash, (unsigned char *)g_abPad1, 40);
  337. A_SHAUpdate(&SHAHash, pbCurrentKey, dwKeyLength);
  338. A_SHAFinal(&SHAHash, abSHADigest);
  340. //
  341. // make a MD5(pbStartKey + g_abPad2 + SHAHash) hash.
  342. //
  344. MD5Init(&MD5Hash);
  345. MD5Update(&MD5Hash, pbStartKey, dwKeyLength);
  346. MD5Update(&MD5Hash, g_abPad2, 48);
  347. MD5Update(&MD5Hash, abSHADigest, A_SHA_DIGEST_LEN);
  348. MD5Final(&MD5Hash);
  350. ASSERT( dwKeyLength <= MD5DIGESTLEN );
  351. memcpy(pbCurrentKey, MD5Hash.digest, (UINT)dwKeyLength);
  353. return;
  354. }
  356. BOOL
  357. MakeSessionKeys(
  358. LPRANDOM_KEYS_PAIR pKeyPair,
  359. LPBYTE pbEncryptKey,
  360. struct RC4_KEYSTRUCT FAR *prc4EncryptKey,
  361. LPBYTE pbDecryptKey,
  362. struct RC4_KEYSTRUCT FAR *prc4DecryptKey,
  363. LPBYTE pbMACSaltKey,
  364. DWORD dwKeyStrength,
  365. LPDWORD pdwKeyLength,
  366. DWORD dwEncryptionLevel
  367. )
  368. /*++
  370. Routine Description:
  372. Make the server session key using the client and server random keys.
  374. Assume : the encrypt and decrypt buffer presented are
  375. atleast MAX_SESSION_KEY_SIZE (16) bytes long.
  377. Arguments:
  379. pKeyPair - pointer a key pair structure.
  381. pbEncryptKey - pointer to a buffer where the encryption key is stored.
  383. prc4EncryptKey - pointer to a RC4 encrypt key structure.
  385. pbDecryptKey - pointer to a buffer where the decryption key is stored.
  387. prc4DecryptKey - pointer to a RC4 decrypt key structure.
  389. pbMACSaltKey - pointer to a buffer where the message authentication key is
  390. stored.
  392. dwKeyStrength - specify key strength to use.
  394. pdwKeyLength - pointer to a location where the length of the above
  395. encryption/decryption key is returned.
  397. dwEncryptionLevel - encryption level, used to select the encryption
  398. algorithm.
  400. Return Value:
  402. TRUE - if successfully created the session key.
  404. FALSE - otherwise.
  406. --*/
  407. {
  408. BYTE abPreMasterSecret[PRE_MASTER_SECRET_LEN];
  409. BYTE abMasterSessionKey[PRE_MASTER_SECRET_LEN];
  410. LPSTR apszSalts[3] = { "X","YY","ZZZ" } ;
  411. DWORD dwSaltLen;
  413. //
  414. // make a pre-master secret.
  415. //
  417. MakePreMasterSecret( pKeyPair, (LPBYTE)abPreMasterSecret );
  419. //
  420. // generate master secret.
  421. //
  423. GenerateMasterSecret( pKeyPair, (LPBYTE)abPreMasterSecret );
  425. //
  426. // make a master session key for all three session keys (encrypt, decrypt
  427. // and MACSalt).
  428. //
  430. MakeMasterKey(
  431. pKeyPair,
  432. (LPSTR FAR *)apszSalts,
  433. (LPBYTE)abPreMasterSecret,
  434. (LPBYTE)abMasterSessionKey );
  436. ASSERT( PRE_MASTER_SECRET_LEN == 3 * MAX_SESSION_KEY_SIZE );
  438. //
  439. // copy first part of the master key as MAC salt key.
  440. //
  442. memcpy(
  443. pbMACSaltKey,
  444. (LPBYTE)abMasterSessionKey,
  445. MAX_SESSION_KEY_SIZE );
  447. //
  448. // copy second part of the master key as encrypt key and final hash it.
  449. //
  451. memcpy(
  452. pbEncryptKey,
  453. (LPBYTE)abMasterSessionKey + MAX_SESSION_KEY_SIZE,
  454. MAX_SESSION_KEY_SIZE );
  456. FinalHash( pKeyPair, pbEncryptKey );
  458. //
  459. // copy second part of the master key as decrypt key and final hash it.
  460. //
  462. memcpy(
  463. pbDecryptKey,
  464. (LPBYTE)abMasterSessionKey + MAX_SESSION_KEY_SIZE * 2,
  465. MAX_SESSION_KEY_SIZE );
  467. FinalHash( pKeyPair, pbDecryptKey );
  470. //
  471. // finally select the key length.
  472. //
  474. ASSERT( MAX_SESSION_KEY_SIZE == 16 );
  476. dwSaltLen = 0;
  477. switch ( dwKeyStrength ) {
  479. case SM_40BIT_ENCRYPTION_FLAG:
  480. *pdwKeyLength = MAX_SESSION_KEY_SIZE/2;
  481. dwSaltLen = 3;
  482. break;
  484. case SM_56BIT_ENCRYPTION_FLAG:
  485. *pdwKeyLength = MAX_SESSION_KEY_SIZE/2;
  486. dwSaltLen = 1;
  487. break;
  489. case SM_128BIT_ENCRYPTION_FLAG:
  490. ASSERT( g_128bitEncryptionEnabled );
  491. *pdwKeyLength = MAX_SESSION_KEY_SIZE;
  492. break;
  494. default:
  496. //
  497. // we shouldn't reach here.
  498. //
  500. ASSERT( FALSE );
  501. *pdwKeyLength = MAX_SESSION_KEY_SIZE/2;
  502. dwSaltLen = 1;
  503. break;
  504. }
  506. if( dwSaltLen ) {
  508. Salt8ByteKey( pbMACSaltKey, dwSaltLen );
  509. Salt8ByteKey( pbEncryptKey, dwSaltLen );
  510. Salt8ByteKey( pbDecryptKey, dwSaltLen );
  511. }
  513. //
  514. // finally make rc4 keys.
  515. //
  516. // use microsoft version of rc4 algorithm (super fast!) for level 1 and
  517. // level 2 encryption, for level 3 use RSA rc4 algorithm.
  518. //
  520. if( dwEncryptionLevel <= 2 ) {
  521. msrc4_key( prc4EncryptKey, (UINT)*pdwKeyLength, pbEncryptKey );
  522. msrc4_key( prc4DecryptKey, (UINT)*pdwKeyLength, pbDecryptKey );
  523. }
  524. else {
  525. rc4_key( prc4EncryptKey, (UINT)*pdwKeyLength, pbEncryptKey );
  526. rc4_key( prc4DecryptKey, (UINT)*pdwKeyLength, pbDecryptKey );
  527. }
  529. return( TRUE );
  530. }
  532. BOOL
  533. UpdateSessionKey(
  534. LPBYTE pbStartKey,
  535. LPBYTE pbCurrentKey,
  536. DWORD dwKeyStrength,
  537. DWORD dwKeyLength,
  538. struct RC4_KEYSTRUCT FAR *prc4Key,
  539. DWORD dwEncryptionLevel
  540. )
  541. /*++
  543. Routine Description:
  545. Update the session key using the current and start session keys.
  547. Arguments:
  549. pbStartKey - pointer to the start session key buffer.
  551. pbCurrentKey - pointer to the current session key buffer, new session key is
  552. copied to this buffer on return.
  554. dwKeyStrength - specify key strength to use.
  556. dwKeyLength - length of the key.
  558. prc4Key - pointer to a RC4 key structure.
  560. dwEncryptionLevel - encryption level, used to select the encryption
  561. algorithm.
  563. Return Value:
  565. TRUE - if the successfully update the key.
  567. FALSE - otherwise.
  569. --*/
  570. {
  571. DWORD dwSaltLen;
  573. //
  574. // update current key first.
  575. //
  577. UpdateKey( pbStartKey, pbCurrentKey, dwKeyLength );
  579. //
  580. // use microsoft version of rc4 algorithm (super fast!) for level 1 and
  581. // level 2 encryption, for level 3 use RSA rc4 algorithm.
  582. //
  584. if( dwEncryptionLevel <= 2 ) {
  586. //
  587. // re-initialized RC4 table.
  588. //
  590. msrc4_key( prc4Key, (UINT)dwKeyLength, pbCurrentKey );
  592. //
  593. // scramble the current key.
  594. //
  596. msrc4( prc4Key, (UINT)dwKeyLength, pbCurrentKey );
  597. }
  598. else {
  600. //
  601. // re-initialized RC4 table.
  602. //
  604. rc4_key( prc4Key, (UINT)dwKeyLength, pbCurrentKey );
  606. //
  607. // scramble the current key.
  608. //
  610. rc4( prc4Key, (UINT)dwKeyLength, pbCurrentKey );
  611. }
  613. //
  614. // salt the key appropriately.
  615. //
  617. dwSaltLen = 0;
  618. switch ( dwKeyStrength ) {
  620. case SM_40BIT_ENCRYPTION_FLAG:
  621. ASSERT( dwKeyLength = MAX_SESSION_KEY_SIZE/2 );
  622. dwSaltLen = 3;
  623. break;
  625. case SM_56BIT_ENCRYPTION_FLAG:
  626. ASSERT( dwKeyLength = MAX_SESSION_KEY_SIZE/2 );
  627. dwSaltLen = 1;
  628. break;
  630. case SM_128BIT_ENCRYPTION_FLAG:
  631. ASSERT( g_128bitEncryptionEnabled );
  632. ASSERT( dwKeyLength = MAX_SESSION_KEY_SIZE );
  633. break;
  635. default:
  637. //
  638. // we shouldn't reach here.
  639. //
  641. ASSERT( FALSE );
  642. ASSERT( dwKeyLength = MAX_SESSION_KEY_SIZE/2 );
  643. dwSaltLen = 1;
  644. break;
  645. }
  647. if( dwSaltLen ) {
  648. Salt8ByteKey( pbCurrentKey, dwSaltLen );
  649. }
  651. //
  652. // re-initialized RC4 table again.
  653. //
  655. if( dwEncryptionLevel <= 2 ) {
  657. msrc4_key( prc4Key, (UINT)dwKeyLength, pbCurrentKey );
  658. }
  659. else {
  661. rc4_key( prc4Key, (UINT)dwKeyLength, pbCurrentKey );
  662. }
  664. return( TRUE );
  665. }