mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
484 lines
9.1 KiB
484 lines
9.1 KiB
//#include <StdAfx.h>
|
|
#include "AdmtCrypt.h"
|
|
|
|
#include <NtSecApi.h>
|
|
|
|
#pragma comment( lib, "AdvApi32.lib" )
|
|
|
|
|
|
namespace AdmtCrypt2
|
|
{
|
|
|
|
#define SESSION_KEY_SIZE 16 // in bytes
|
|
|
|
HCRYPTKEY __stdcall DeriveEncryptionKey(HCRYPTPROV hProvider);
|
|
bool __stdcall IsDataMatchHash(HCRYPTPROV hProvider, const _variant_t& vntData, const _variant_t& vntHash);
|
|
|
|
// Provider Methods
|
|
|
|
HCRYPTKEY __stdcall DeriveKey(HCRYPTPROV hProvider, const _variant_t& vntBytes);
|
|
HCRYPTHASH __stdcall CreateHash(HCRYPTPROV hProvider);
|
|
bool __stdcall GenRandom(HCRYPTPROV hProvider, BYTE* pbData, DWORD cbData);
|
|
|
|
// Key Methods
|
|
|
|
void __stdcall DestroyKey(HCRYPTKEY hKey);
|
|
bool __stdcall Decrypt(HCRYPTKEY hKey, const _variant_t& vntEncrypted, _variant_t& vntDecrypted);
|
|
|
|
// Hash Methods
|
|
|
|
void __stdcall DestroyHash(HCRYPTHASH hHash);
|
|
bool __stdcall HashData(HCRYPTHASH hHash, const _variant_t& vntData);
|
|
|
|
// Miscellaneous Helpers
|
|
|
|
bool __stdcall RetrieveEncryptionBytes(_variant_t& vntBytes);
|
|
|
|
// Variant Helpers
|
|
|
|
bool __stdcall CreateByteArray(DWORD cb, _variant_t& vntByteArray);
|
|
|
|
}
|
|
|
|
using namespace AdmtCrypt2;
|
|
|
|
|
|
//---------------------------------------------------------------------------
|
|
// Source Crypt API
|
|
//---------------------------------------------------------------------------
|
|
|
|
|
|
// AdmtAcquireContext Method
|
|
|
|
HCRYPTPROV __stdcall AdmtAcquireContext()
|
|
{
|
|
HCRYPTPROV hProvider = 0;
|
|
|
|
BOOL bAcquire = CryptAcquireContext(
|
|
&hProvider,
|
|
NULL,
|
|
MS_ENHANCED_PROV,
|
|
PROV_RSA_FULL,
|
|
CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT
|
|
);
|
|
|
|
if (!bAcquire)
|
|
{
|
|
hProvider = 0;
|
|
}
|
|
|
|
return hProvider;
|
|
}
|
|
|
|
|
|
// AdmtReleaseContext Method
|
|
|
|
void __stdcall AdmtReleaseContext(HCRYPTPROV hProvider)
|
|
{
|
|
if (hProvider)
|
|
{
|
|
CryptReleaseContext(hProvider, 0);
|
|
}
|
|
}
|
|
|
|
|
|
// AdmtImportSessionKey Method
|
|
|
|
HCRYPTKEY __stdcall AdmtImportSessionKey(HCRYPTPROV hProvider, const _variant_t& vntEncryptedSessionBytes)
|
|
{
|
|
HCRYPTKEY hSessionKey = 0;
|
|
|
|
if (hProvider && (vntEncryptedSessionBytes.vt == (VT_UI1|VT_ARRAY)) && ((vntEncryptedSessionBytes.parray != NULL)))
|
|
{
|
|
HCRYPTKEY hEncryptionKey = DeriveEncryptionKey(hProvider);
|
|
|
|
if (hEncryptionKey)
|
|
{
|
|
_variant_t vntDecryptedSessionBytes;
|
|
|
|
if (Decrypt(hEncryptionKey, vntEncryptedSessionBytes, vntDecryptedSessionBytes))
|
|
{
|
|
if (vntDecryptedSessionBytes.parray->rgsabound[0].cElements > SESSION_KEY_SIZE)
|
|
{
|
|
// extract session key bytes
|
|
|
|
_variant_t vntBytes;
|
|
|
|
if (CreateByteArray(SESSION_KEY_SIZE, vntBytes))
|
|
{
|
|
memcpy(vntBytes.parray->pvData, vntDecryptedSessionBytes.parray->pvData, SESSION_KEY_SIZE);
|
|
|
|
// extract hash of session key bytes
|
|
|
|
_variant_t vntHashValue;
|
|
|
|
DWORD cbHashValue = vntDecryptedSessionBytes.parray->rgsabound[0].cElements - SESSION_KEY_SIZE;
|
|
|
|
if (CreateByteArray(cbHashValue, vntHashValue))
|
|
{
|
|
memcpy(vntHashValue.parray->pvData, (BYTE*)vntDecryptedSessionBytes.parray->pvData + SESSION_KEY_SIZE, cbHashValue);
|
|
|
|
if (IsDataMatchHash(hProvider, vntBytes, vntHashValue))
|
|
{
|
|
hSessionKey = DeriveKey(hProvider, vntBytes);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
}
|
|
}
|
|
|
|
DestroyKey(hEncryptionKey);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
}
|
|
|
|
return hSessionKey;
|
|
}
|
|
|
|
|
|
// AdmtDecrypt Method
|
|
|
|
_bstr_t __stdcall AdmtDecrypt(HCRYPTKEY hSessionKey, const _variant_t& vntEncrypted)
|
|
{
|
|
BSTR bstr = NULL;
|
|
|
|
_variant_t vntDecrypted;
|
|
|
|
if (Decrypt(hSessionKey, vntEncrypted, vntDecrypted))
|
|
{
|
|
HRESULT hr = BstrFromVector(vntDecrypted.parray, &bstr);
|
|
|
|
if (FAILED(hr))
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
}
|
|
|
|
return bstr;
|
|
}
|
|
|
|
|
|
// AdmtDestroyKey Method
|
|
|
|
void __stdcall AdmtDestroyKey(HCRYPTKEY hKey)
|
|
{
|
|
DestroyKey(hKey);
|
|
}
|
|
|
|
|
|
//---------------------------------------------------------------------------
|
|
// Private Helpers
|
|
//---------------------------------------------------------------------------
|
|
|
|
|
|
namespace AdmtCrypt2
|
|
{
|
|
|
|
|
|
HCRYPTKEY __stdcall DeriveEncryptionKey(HCRYPTPROV hProvider)
|
|
{
|
|
HCRYPTKEY hKey = 0;
|
|
|
|
_variant_t vntBytes;
|
|
|
|
if (RetrieveEncryptionBytes(vntBytes))
|
|
{
|
|
hKey = DeriveKey(hProvider, vntBytes);
|
|
}
|
|
|
|
return hKey;
|
|
}
|
|
|
|
|
|
bool __stdcall IsDataMatchHash(HCRYPTPROV hProvider, const _variant_t& vntData, const _variant_t& vntHash)
|
|
{
|
|
bool bMatch = false;
|
|
|
|
HCRYPTHASH hHash = CreateHash(hProvider);
|
|
|
|
if (hHash)
|
|
{
|
|
if (HashData(hHash, vntData))
|
|
{
|
|
DWORD dwSizeA;
|
|
DWORD cbSize = sizeof(DWORD);
|
|
|
|
if (CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&dwSizeA, &cbSize, 0))
|
|
{
|
|
DWORD dwSizeB = vntHash.parray->rgsabound[0].cElements;
|
|
|
|
if (dwSizeA == dwSizeB)
|
|
{
|
|
try
|
|
{
|
|
BYTE* pbA = (BYTE*) _alloca(dwSizeA);
|
|
|
|
if (CryptGetHashParam(hHash, HP_HASHVAL, pbA, &dwSizeA, 0))
|
|
{
|
|
BYTE* pbB = (BYTE*) vntHash.parray->pvData;
|
|
|
|
if (memcmp(pbA, pbB, dwSizeA) == 0)
|
|
{
|
|
bMatch = true;
|
|
}
|
|
}
|
|
}
|
|
catch (...)
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return bMatch;
|
|
}
|
|
|
|
|
|
// Provider Methods
|
|
|
|
|
|
HCRYPTKEY __stdcall DeriveKey(HCRYPTPROV hProvider, const _variant_t& vntBytes)
|
|
{
|
|
HCRYPTKEY hKey = 0;
|
|
|
|
HCRYPTHASH hHash = CreateHash(hProvider);
|
|
|
|
if (hHash)
|
|
{
|
|
if (HashData(hHash, vntBytes))
|
|
{
|
|
if (!CryptDeriveKey(hProvider, CALG_3DES, hHash, 0, &hKey))
|
|
{
|
|
hKey = 0;
|
|
}
|
|
}
|
|
|
|
DestroyHash(hHash);
|
|
}
|
|
|
|
return hKey;
|
|
}
|
|
|
|
|
|
HCRYPTHASH __stdcall CreateHash(HCRYPTPROV hProvider)
|
|
{
|
|
HCRYPTHASH hHash;
|
|
|
|
if (!CryptCreateHash(hProvider, CALG_SHA1, 0, 0, &hHash))
|
|
{
|
|
hHash = 0;
|
|
}
|
|
|
|
return hHash;
|
|
}
|
|
|
|
|
|
bool __stdcall GenRandom(HCRYPTPROV hProvider, BYTE* pbData, DWORD cbData)
|
|
{
|
|
return CryptGenRandom(hProvider, cbData, pbData) ? true : false;
|
|
}
|
|
|
|
|
|
// Key Methods --------------------------------------------------------------
|
|
|
|
|
|
// DestroyKey Method
|
|
|
|
void __stdcall DestroyKey(HCRYPTKEY hKey)
|
|
{
|
|
if (hKey)
|
|
{
|
|
CryptDestroyKey(hKey);
|
|
}
|
|
}
|
|
|
|
|
|
// Decrypt Method
|
|
|
|
bool __stdcall Decrypt(HCRYPTKEY hKey, const _variant_t& vntEncrypted, _variant_t& vntDecrypted)
|
|
{
|
|
bool bDecrypted = false;
|
|
|
|
_variant_t vnt = vntEncrypted;
|
|
|
|
if ((vnt.vt == (VT_UI1|VT_ARRAY)) && (vnt.parray != NULL))
|
|
{
|
|
// decrypt data
|
|
|
|
BYTE* pb = (BYTE*) vnt.parray->pvData;
|
|
DWORD cb = vnt.parray->rgsabound[0].cElements;
|
|
|
|
if (CryptDecrypt(hKey, NULL, TRUE, 0, pb, &cb))
|
|
{
|
|
// create decrypted byte array
|
|
// the number of decrypted bytes may be less than
|
|
// the number of encrypted bytes
|
|
|
|
vntDecrypted.parray = SafeArrayCreateVector(VT_UI1, 0, cb);
|
|
|
|
if (vntDecrypted.parray != NULL)
|
|
{
|
|
vntDecrypted.vt = VT_UI1|VT_ARRAY;
|
|
|
|
memcpy(vntDecrypted.parray->pvData, vnt.parray->pvData, cb);
|
|
|
|
bDecrypted = true;
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
}
|
|
|
|
return bDecrypted;
|
|
}
|
|
|
|
|
|
// Hash Methods -------------------------------------------------------------
|
|
|
|
|
|
// DestroyHash Method
|
|
|
|
void __stdcall DestroyHash(HCRYPTHASH hHash)
|
|
{
|
|
if (hHash)
|
|
{
|
|
CryptDestroyHash(hHash);
|
|
}
|
|
}
|
|
|
|
|
|
// HashData Method
|
|
|
|
bool __stdcall HashData(HCRYPTHASH hHash, const _variant_t& vntData)
|
|
{
|
|
bool bHash = false;
|
|
|
|
if ((vntData.vt == (VT_UI1|VT_ARRAY)) && ((vntData.parray != NULL)))
|
|
{
|
|
if (CryptHashData(hHash, (BYTE*)vntData.parray->pvData, vntData.parray->rgsabound[0].cElements, 0))
|
|
{
|
|
bHash = true;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
}
|
|
|
|
return bHash;
|
|
}
|
|
|
|
|
|
// Miscellaneous Helpers ----------------------------------------------------
|
|
|
|
|
|
// RetrieveEncryptionBytes Method
|
|
|
|
bool __stdcall RetrieveEncryptionBytes(_variant_t& vntBytes)
|
|
{
|
|
// private data key identifier
|
|
_TCHAR c_szIdPrefix[] = _T("L$6A2899C0-CECE-459A-B5EB-7ED04DE61388");
|
|
const USHORT c_cbIdPrefix = sizeof(c_szIdPrefix) - sizeof(_TCHAR);
|
|
|
|
bool bRetrieve = false;
|
|
|
|
// open policy object
|
|
|
|
LSA_HANDLE hPolicy;
|
|
|
|
LSA_OBJECT_ATTRIBUTES lsaoa = { sizeof(LSA_OBJECT_ATTRIBUTES), NULL, NULL, 0, NULL, NULL };
|
|
|
|
NTSTATUS ntsStatus = LsaOpenPolicy(NULL, &lsaoa, POLICY_GET_PRIVATE_INFORMATION, &hPolicy);
|
|
|
|
if (LSA_SUCCESS(ntsStatus))
|
|
{
|
|
// retrieve data
|
|
|
|
LSA_UNICODE_STRING lsausKey = { c_cbIdPrefix, c_cbIdPrefix, c_szIdPrefix };
|
|
PLSA_UNICODE_STRING plsausData;
|
|
|
|
ntsStatus = LsaRetrievePrivateData(hPolicy, &lsausKey, &plsausData);
|
|
|
|
if (LSA_SUCCESS(ntsStatus))
|
|
{
|
|
vntBytes.Clear();
|
|
|
|
vntBytes.parray = SafeArrayCreateVector(VT_UI1, 0, plsausData->Length);
|
|
|
|
if (vntBytes.parray != NULL)
|
|
{
|
|
vntBytes.vt = VT_UI1|VT_ARRAY;
|
|
|
|
memcpy(vntBytes.parray->pvData, plsausData->Buffer, plsausData->Length);
|
|
|
|
bRetrieve = true;
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
|
|
LsaFreeMemory(plsausData);
|
|
}
|
|
else
|
|
{
|
|
SetLastError(LsaNtStatusToWinError(ntsStatus));
|
|
}
|
|
|
|
// close policy object
|
|
|
|
LsaClose(hPolicy);
|
|
}
|
|
else
|
|
{
|
|
SetLastError(LsaNtStatusToWinError(ntsStatus));
|
|
}
|
|
|
|
return bRetrieve;
|
|
}
|
|
|
|
|
|
// Variant Helpers ----------------------------------------------------------
|
|
|
|
|
|
// CreateByteArray Method
|
|
|
|
bool __stdcall CreateByteArray(DWORD cb, _variant_t& vntByteArray)
|
|
{
|
|
bool bCreate = false;
|
|
|
|
vntByteArray.Clear();
|
|
|
|
vntByteArray.parray = SafeArrayCreateVector(VT_UI1, 0, cb);
|
|
|
|
if (vntByteArray.parray)
|
|
{
|
|
bCreate = true;
|
|
}
|
|
else
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
|
|
vntByteArray.vt = VT_UI1|VT_ARRAY;
|
|
|
|
return bCreate;
|
|
}
|
|
|
|
|
|
}
|