mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
887 lines
24 KiB
887 lines
24 KiB
/****************************************************************************
|
|
|
|
Copyright (c) 1998-1999 Microsoft Corporation
|
|
|
|
Module Name: crypt.c
|
|
|
|
Abstract: Encryption/Decryption routines
|
|
|
|
Author: radus - 11/05/98
|
|
|
|
|
|
Notes: Used for encrypting/decrypting of the PIN numbers.
|
|
It is NOT thread-safe
|
|
|
|
|
|
Rev History:
|
|
|
|
****************************************************************************/
|
|
|
|
#define STRICT
|
|
|
|
#include <windows.h>
|
|
#include <windowsx.h>
|
|
#include <tchar.h>
|
|
#include <stdlib.h>
|
|
#include <wincrypt.h>
|
|
#include <shlwapi.h>
|
|
#include <shlwapip.h>
|
|
|
|
#include "tregupr2.h"
|
|
#include "debug.h"
|
|
|
|
// Context
|
|
static LONG gdwNrOfClients = 0;
|
|
static PTSTR gpszSidText = NULL;
|
|
static HCRYPTPROV ghCryptProvider = 0;
|
|
static BOOL gbUseOnlyTheOldAlgorithm = TRUE;
|
|
static BOOL gbCryptAvailChecked = FALSE;
|
|
static BOOL gbCryptAvailable = TRUE;
|
|
|
|
|
|
static const CHAR MAGIC_1 = 'B';
|
|
static const CHAR MAGIC_5 = 'L';
|
|
static const CHAR MAGIC_2 = 'U';
|
|
static const CHAR MAGIC_4 = 'U';
|
|
static const CHAR MAGIC_3 = 'B';
|
|
|
|
#define ENCRYPTED_MARKER L'X'
|
|
|
|
|
|
// prototypes
|
|
static BOOL GetUserSidText(LPTSTR *);
|
|
static BOOL GetUserTokenUser(TOKEN_USER **);
|
|
static BOOL ConvertSidToText(PSID, LPTSTR, LPDWORD);
|
|
static BOOL CreateSessionKey(HCRYPTPROV, LPTSTR, DWORD, HCRYPTKEY *);
|
|
static void DestroySessionKey(HCRYPTKEY );
|
|
static void Unscrambler( DWORD, LPWSTR, LPWSTR );
|
|
static void CopyScrambled( LPWSTR, LPWSTR, DWORD);
|
|
|
|
|
|
DWORD TapiCryptInitialize(void)
|
|
{
|
|
DWORD dwNew;
|
|
DWORD dwError;
|
|
HCRYPTKEY hKey;
|
|
PBYTE bTestData = "Testing";
|
|
DWORD dwTestSize = strlen(bTestData);
|
|
|
|
// Only one initialization
|
|
dwNew = InterlockedIncrement(&gdwNrOfClients);
|
|
if(dwNew>1)
|
|
return ERROR_SUCCESS;
|
|
// By default
|
|
gbUseOnlyTheOldAlgorithm = TRUE;
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
#ifdef WINNT
|
|
// New encryption only for Windows NT
|
|
|
|
if(gbCryptAvailable || !gbCryptAvailChecked)
|
|
{
|
|
|
|
// Acquire CryptoAPI context
|
|
if(CryptAcquireContext( &ghCryptProvider,
|
|
NULL,
|
|
MS_DEF_PROV,
|
|
PROV_RSA_FULL,
|
|
CRYPT_VERIFYCONTEXT // No need of private/public keys
|
|
))
|
|
{
|
|
// Get the user SID
|
|
if(GetUserSidText(&gpszSidText))
|
|
{
|
|
|
|
if (gbCryptAvailChecked == FALSE)
|
|
{
|
|
if(CreateSessionKey(ghCryptProvider, gpszSidText, 0, &hKey))
|
|
{
|
|
// try to use the test key and check for the NTE_PERM error meaning that we are not
|
|
// going to be able to use crypt
|
|
if (CryptEncrypt(hKey, 0, TRUE, 0, (BYTE *)bTestData, &dwTestSize, 0) == FALSE)
|
|
{
|
|
if (GetLastError() == NTE_PERM)
|
|
{
|
|
DBGOUT((5, "Encryption unavailable"));
|
|
gbCryptAvailable = FALSE;
|
|
}
|
|
}
|
|
// FOR TEST
|
|
// DBGOUT((5, "Encryption unavailable")); // Test Only
|
|
// gbCryptAvailable = FALSE; // Test Only
|
|
|
|
gbCryptAvailChecked = TRUE;
|
|
DestroySessionKey(hKey);
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
}
|
|
gbUseOnlyTheOldAlgorithm = !gbCryptAvailable;
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
}
|
|
else
|
|
{
|
|
dwError = GetLastError();
|
|
DBGOUT((5, "CryptAcquireContext failed"));
|
|
|
|
}
|
|
}
|
|
|
|
|
|
#endif // WINNT
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
|
|
void TapiCryptUninitialize(void)
|
|
{
|
|
DWORD dwNew;
|
|
|
|
dwNew = InterlockedDecrement(&gdwNrOfClients);
|
|
if(dwNew>0)
|
|
return;
|
|
|
|
#ifdef WINNT
|
|
|
|
if(ghCryptProvider)
|
|
{
|
|
CryptReleaseContext(ghCryptProvider, 0);
|
|
ghCryptProvider = 0;
|
|
}
|
|
if(gpszSidText)
|
|
{
|
|
GlobalFree(gpszSidText);
|
|
gpszSidText = NULL;
|
|
}
|
|
|
|
#endif
|
|
|
|
gbUseOnlyTheOldAlgorithm = TRUE;
|
|
|
|
return;
|
|
}
|
|
|
|
/////////////////////////////////
|
|
// TapiEncrypt
|
|
//
|
|
// Encrypts the text specified in pszSource.
|
|
// Uses the old scrambling algorithm or a cryptographic one.
|
|
// The result buffer should be a little bit larger than the source - for pads, etc.
|
|
//
|
|
|
|
|
|
DWORD TapiEncrypt(PWSTR pszSource, DWORD dwKey, PWSTR pszDest, DWORD *pdwLengthNeeded)
|
|
{
|
|
DWORD dwError;
|
|
DWORD dwDataLength,
|
|
dwLength,
|
|
dwLengthDwords,
|
|
dwLengthAlpha;
|
|
// for speed
|
|
BYTE bBuffer1[0x20];
|
|
|
|
PBYTE pBuffer1 = NULL;
|
|
HCRYPTKEY hKey = 0;
|
|
|
|
DWORD *pdwCrt1;
|
|
WCHAR *pwcCrt2;
|
|
|
|
DWORD dwShift;
|
|
DWORD dwCount, dwCount2;
|
|
|
|
#ifdef WINNT
|
|
|
|
if(!gbUseOnlyTheOldAlgorithm)
|
|
{
|
|
// A null PIN is not encrypted
|
|
if(*pszSource==L'\0')
|
|
{
|
|
if(pszDest)
|
|
*pszDest = L'\0';
|
|
if(pdwLengthNeeded)
|
|
*pdwLengthNeeded = 1;
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
dwDataLength = (wcslen(pszSource) + 1)*sizeof(WCHAR); // in bytes
|
|
dwLength = dwDataLength + 16; // space for pads, a marker etc.
|
|
dwLengthAlpha = dwLength*3; // due to the binary->alphabetic conversion
|
|
|
|
if(pszDest==NULL && pdwLengthNeeded != NULL)
|
|
{
|
|
*pdwLengthNeeded = dwLengthAlpha/sizeof(WCHAR); // length in characters
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
|
|
ZeroMemory(bBuffer1, sizeof(bBuffer1));
|
|
|
|
pBuffer1 = dwLength>sizeof(bBuffer1) ? (PBYTE)GlobalAlloc(GPTR, dwLength) : bBuffer1;
|
|
if(pBuffer1!=NULL)
|
|
{
|
|
// Copy the source
|
|
wcscpy((PWSTR)pBuffer1, pszSource);
|
|
// create session key
|
|
if(CreateSessionKey(ghCryptProvider, gpszSidText, dwKey, &hKey))
|
|
{
|
|
// Encrypt inplace
|
|
if(CryptEncrypt(hKey,
|
|
0,
|
|
TRUE,
|
|
0,
|
|
pBuffer1,
|
|
&dwDataLength,
|
|
dwLength))
|
|
{
|
|
// Convert to UNICODE between 0030 - 006f
|
|
// I hope !
|
|
assert((dwDataLength % sizeof(DWORD))==0);
|
|
assert(sizeof(DWORD)==4);
|
|
assert(sizeof(DWORD) == 2*sizeof(WCHAR));
|
|
|
|
pdwCrt1 = (DWORD *)pBuffer1;
|
|
pwcCrt2 = (WCHAR *)pszDest;
|
|
|
|
// Place a marker
|
|
*pwcCrt2++ = ENCRYPTED_MARKER;
|
|
|
|
// dwDataLength has the length in bytes of the ciphered data
|
|
dwLengthAlpha = dwDataLength*3;
|
|
dwLengthDwords = dwDataLength / sizeof(DWORD);
|
|
for(dwCount=0; dwCount<dwLengthDwords; dwCount++)
|
|
{
|
|
dwShift = *pdwCrt1++;
|
|
|
|
for(dwCount2=0; dwCount2<6; dwCount2++)
|
|
{
|
|
*pwcCrt2++ = (WCHAR)((dwShift & 0x3f) + 0x30);
|
|
dwShift >>= 6;
|
|
}
|
|
}
|
|
// Put a NULL terminator
|
|
*pwcCrt2++ = L'\0';
|
|
|
|
if(pdwLengthNeeded)
|
|
*pdwLengthNeeded = (dwLengthAlpha/sizeof(WCHAR))+2; // including the NULL and the marker
|
|
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
}
|
|
|
|
if(pBuffer1 && pBuffer1!=bBuffer1)
|
|
GlobalFree(pBuffer1);
|
|
if(hKey!=0)
|
|
DestroySessionKey(hKey);
|
|
}
|
|
else
|
|
{
|
|
#endif
|
|
if(pdwLengthNeeded != NULL)
|
|
{
|
|
*pdwLengthNeeded = wcslen(pszSource) + 1; // dim in characters
|
|
}
|
|
|
|
if(pszDest!=NULL)
|
|
{
|
|
CopyScrambled(pszSource, pszDest, dwKey);
|
|
}
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
#ifdef WINNT
|
|
}
|
|
#endif
|
|
|
|
return dwError;
|
|
|
|
}
|
|
|
|
|
|
|
|
DWORD TapiDecrypt(PWSTR pszSource, DWORD dwKey, PWSTR pszDest, DWORD *pdwLengthNeeded)
|
|
{
|
|
DWORD dwError;
|
|
DWORD dwLengthCrypted;
|
|
DWORD dwDataLength;
|
|
DWORD dwLengthDwords;
|
|
HCRYPTKEY hKey = 0;
|
|
WCHAR *pwcCrt1;
|
|
DWORD *pdwCrt2;
|
|
DWORD dwCount;
|
|
DWORD dwCount2;
|
|
DWORD dwShift;
|
|
|
|
|
|
|
|
// A null PIN is not encrypted
|
|
if(*pszSource==L'\0')
|
|
{
|
|
if(pszDest)
|
|
*pszDest = L'\0';
|
|
if(pdwLengthNeeded)
|
|
*pdwLengthNeeded = 1;
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
// If the first char is a 'X', we have encrypted data
|
|
if(*pszSource == ENCRYPTED_MARKER)
|
|
{
|
|
#ifdef WINNT
|
|
if(gbCryptAvailable && gdwNrOfClients>0)
|
|
{
|
|
dwLengthCrypted = wcslen(pszSource) +1 -2; // In characters, without the marker and the NULL
|
|
assert(dwLengthCrypted % 6 == 0);
|
|
dwLengthDwords = dwLengthCrypted / 6;
|
|
|
|
if(pszDest==NULL && pdwLengthNeeded)
|
|
{
|
|
*pdwLengthNeeded = dwLengthDwords*(sizeof(DWORD)/sizeof(WCHAR));
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
// Convert to binary
|
|
pwcCrt1 = pszSource + dwLengthCrypted; // end of the string, before the NULL
|
|
pdwCrt2 = ((DWORD *)pszDest) + dwLengthDwords -1; // Last DWORD
|
|
|
|
|
|
for(dwCount=0; dwCount<dwLengthDwords; dwCount++)
|
|
{
|
|
dwShift=0;
|
|
|
|
for(dwCount2=0; dwCount2<6; dwCount2++)
|
|
{
|
|
dwShift <<= 6;
|
|
dwShift |= ((*pwcCrt1-- - 0x30) & 0x3f);
|
|
}
|
|
*pdwCrt2-- = dwShift;
|
|
}
|
|
|
|
if(CreateSessionKey(ghCryptProvider, gpszSidText, dwKey, &hKey))
|
|
{
|
|
dwDataLength = dwLengthDwords * sizeof(DWORD);
|
|
// Decrypt in place
|
|
if(CryptDecrypt(hKey,
|
|
0,
|
|
TRUE,
|
|
0,
|
|
(PBYTE)pszDest,
|
|
&dwDataLength))
|
|
{
|
|
dwDataLength /= sizeof(WCHAR);
|
|
if(*(pszDest+dwDataLength-1)==L'\0') // The ending NULL was encrypted too
|
|
{
|
|
if(pdwLengthNeeded)
|
|
*pdwLengthNeeded = dwDataLength;
|
|
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
*pszDest = L'\0';
|
|
dwError = ERROR_INVALID_DATA;
|
|
}
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
|
|
DestroySessionKey(hKey);
|
|
|
|
}
|
|
else
|
|
dwError = GetLastError();
|
|
}
|
|
}
|
|
else
|
|
dwError = ERROR_INVALID_DATA;
|
|
#else
|
|
dwError = ERROR_INVALID_DATA;
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
if(pdwLengthNeeded != NULL)
|
|
{
|
|
*pdwLengthNeeded = wcslen(pszSource) + 1; // dim in characters
|
|
}
|
|
|
|
if(pszDest!=NULL)
|
|
{
|
|
Unscrambler(dwKey, pszSource, pszDest);
|
|
}
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
return dwError;
|
|
}
|
|
|
|
|
|
/////////////////////////////////
|
|
// TapiIsSafeToDisplaySensitiveData
|
|
//
|
|
// Detects if the current process is running in the "LocalSystem" security context.
|
|
// Returns FALSE if it is, TRUE if it is not.
|
|
// Returns also FALSE if an error occurs.
|
|
|
|
BOOL TapiIsSafeToDisplaySensitiveData(void)
|
|
{
|
|
#ifdef WINNT
|
|
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
TOKEN_USER *User = NULL;
|
|
SID_IDENTIFIER_AUTHORITY SidAuth = SECURITY_NT_AUTHORITY;
|
|
PSID SystemSid = NULL;
|
|
BOOL bIsSafe = FALSE;
|
|
|
|
// Get the User info
|
|
if(GetUserTokenUser(&User))
|
|
{
|
|
// Create a system SID
|
|
if(AllocateAndInitializeSid(&SidAuth,
|
|
1,
|
|
SECURITY_LOCAL_SYSTEM_RID,
|
|
0, 0, 0, 0, 0, 0, 0,
|
|
&SystemSid
|
|
))
|
|
{
|
|
// Compare the two sids
|
|
bIsSafe = !EqualSid(SystemSid, User->User.Sid);
|
|
|
|
FreeSid(SystemSid);
|
|
|
|
}
|
|
else
|
|
{
|
|
dwError = GetLastError();
|
|
}
|
|
|
|
GlobalFree(User);
|
|
}
|
|
else
|
|
{
|
|
dwError = GetLastError();
|
|
}
|
|
|
|
DBGOUT((5, "TapiIsSafeToDisplaySensitiveData - dwError=0x%x, Safe=%d", dwError, bIsSafe));
|
|
|
|
return bIsSafe;
|
|
|
|
#else // WINNT
|
|
|
|
return TRUE; // always safe
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef WINNT
|
|
|
|
|
|
/////////////////////////////////
|
|
// GetUserSidText
|
|
//
|
|
// Retrieves the SID from the token of the current process in text format
|
|
|
|
BOOL GetUserSidText(LPTSTR *ppszResultSid)
|
|
{
|
|
TOKEN_USER *User = NULL;
|
|
DWORD dwLength;
|
|
LPTSTR pszSidText = NULL;
|
|
|
|
|
|
// Get the SID
|
|
if(!GetUserTokenUser(&User))
|
|
{
|
|
DBGOUT((5, "GetMagic (0) failed, 0x%x", GetLastError()));
|
|
return FALSE;
|
|
}
|
|
|
|
// Query the space needed for the string format of the SID
|
|
dwLength=0;
|
|
if(!ConvertSidToText(User->User.Sid, NULL, &dwLength)
|
|
&& (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
|
|
{
|
|
DBGOUT((5, "GetMagic (1) failed, 0x%x", GetLastError()));
|
|
GlobalFree(User);
|
|
return FALSE;
|
|
}
|
|
|
|
// Alloc the space
|
|
pszSidText = (LPTSTR)GlobalAlloc(GMEM_FIXED, dwLength);
|
|
if(pszSidText==NULL)
|
|
{
|
|
GlobalFree(User);
|
|
return FALSE;
|
|
}
|
|
|
|
// Convert the SID in string format
|
|
if(!ConvertSidToText(User->User.Sid, pszSidText, &dwLength))
|
|
{
|
|
DBGOUT((5, "GetMagic (2) failed, 0x%x", GetLastError()));
|
|
GlobalFree(User);
|
|
GlobalFree(pszSidText);
|
|
return FALSE;
|
|
}
|
|
|
|
GlobalFree(User);
|
|
|
|
// The caller should free the buffer
|
|
*ppszResultSid = pszSidText;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
/////////////////////////////////
|
|
// GetUserTokenUser
|
|
//
|
|
// Retrieves the TOKEN_USER structure from the token of the current process
|
|
|
|
BOOL GetUserTokenUser(TOKEN_USER **ppszResultTokenUser)
|
|
{
|
|
HANDLE hToken = NULL;
|
|
DWORD dwLength;
|
|
TOKEN_USER *User = NULL;
|
|
|
|
// Open the current process token (for read)
|
|
if(!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
|
|
{
|
|
if( GetLastError() == ERROR_NO_TOKEN)
|
|
{
|
|
// try with the process token
|
|
if (! OpenProcessToken ( GetCurrentProcess(), TOKEN_QUERY, &hToken))
|
|
{
|
|
DBGOUT((5, "OpenProcessToken failed, 0x%x", GetLastError()));
|
|
return FALSE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DBGOUT((5, "OpenThreadToken failed, 0x%x", GetLastError()));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
// Find the space needed for the SID
|
|
if(!GetTokenInformation(hToken, TokenUser, NULL, 0, &dwLength)
|
|
&& (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
|
|
{
|
|
DBGOUT((5, "GetTokenInformation (1) failed, 0x%x", GetLastError()));
|
|
CloseHandle(hToken);
|
|
return FALSE;
|
|
}
|
|
|
|
// Alloc the space
|
|
User = (TOKEN_USER *)GlobalAlloc(GMEM_FIXED, dwLength);
|
|
if(User==NULL)
|
|
{
|
|
CloseHandle(hToken);
|
|
return FALSE;
|
|
}
|
|
|
|
// Retrieve the SID
|
|
if(!GetTokenInformation(hToken, TokenUser, User, dwLength, &dwLength))
|
|
{
|
|
DBGOUT((5, "GetTokenInformation (2) failed, 0x%x", GetLastError()));
|
|
CloseHandle(hToken);
|
|
GlobalFree(User);
|
|
return FALSE;
|
|
}
|
|
|
|
CloseHandle(hToken);
|
|
|
|
// The caller should free the buffer
|
|
*ppszResultTokenUser = User;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/////////////////////////////////
|
|
// ConvertSidToText
|
|
//
|
|
// Transforms a binary SID in string format
|
|
// Author Jeff Spelman
|
|
|
|
|
|
BOOL ConvertSidToText(
|
|
PSID pSid, // binary Sid
|
|
LPTSTR TextualSid, // buffer for Textual representation of Sid
|
|
LPDWORD lpdwBufferLen // required/provided TextualSid buffersize
|
|
)
|
|
{
|
|
PSID_IDENTIFIER_AUTHORITY psia;
|
|
DWORD dwSubAuthorities;
|
|
DWORD dwSidRev=SID_REVISION;
|
|
DWORD dwCounter;
|
|
DWORD dwSidSize;
|
|
|
|
// Validate the binary SID.
|
|
|
|
if(!IsValidSid(pSid)) return FALSE;
|
|
|
|
// Get the identifier authority value from the SID.
|
|
|
|
psia = GetSidIdentifierAuthority(pSid);
|
|
|
|
// Get the number of subauthorities in the SID.
|
|
|
|
dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
|
|
|
|
// Compute the buffer length.
|
|
// S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
|
|
|
|
dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
|
|
|
|
// Check input buffer length.
|
|
// If too small, indicate the proper size and set last error.
|
|
|
|
if (*lpdwBufferLen < dwSidSize)
|
|
{
|
|
*lpdwBufferLen = dwSidSize;
|
|
SetLastError(ERROR_INSUFFICIENT_BUFFER);
|
|
return FALSE;
|
|
}
|
|
|
|
// Add 'S' prefix and revision number to the string.
|
|
|
|
dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
|
|
|
|
// Add SID identifier authority to the string.
|
|
|
|
if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
|
|
{
|
|
dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
|
|
TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
|
|
(USHORT)psia->Value[0],
|
|
(USHORT)psia->Value[1],
|
|
(USHORT)psia->Value[2],
|
|
(USHORT)psia->Value[3],
|
|
(USHORT)psia->Value[4],
|
|
(USHORT)psia->Value[5]);
|
|
}
|
|
else
|
|
{
|
|
dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
|
|
TEXT("%lu"),
|
|
(ULONG)(psia->Value[5] ) +
|
|
(ULONG)(psia->Value[4] << 8) +
|
|
(ULONG)(psia->Value[3] << 16) +
|
|
(ULONG)(psia->Value[2] << 24) );
|
|
}
|
|
|
|
// Add SID subauthorities to the string.
|
|
//
|
|
for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
|
|
{
|
|
dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
|
|
*GetSidSubAuthority(pSid, dwCounter) );
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
/////////////////////////////////
|
|
// CreateSessionKey
|
|
//
|
|
// Creates a session key derived from the user SID and a hint (currently the calling card ID)
|
|
//
|
|
//
|
|
|
|
BOOL CreateSessionKey(HCRYPTPROV hProv, LPTSTR pszSidText, DWORD dwHint, HCRYPTKEY *phKey)
|
|
{
|
|
HCRYPTHASH hHash = 0;
|
|
CHAR szTmpBuff[0x20];
|
|
DWORD dwSize;
|
|
LPSTR pszBuf;
|
|
|
|
// Create a hash object
|
|
if(!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
|
|
{
|
|
DBGOUT((5, "CryptCreateHash failed, 0x%x, Prov=0x%x", GetLastError(), hProv));
|
|
return FALSE;
|
|
}
|
|
|
|
// the Sid is of type TCHAR but, for back compat reasons, we want to encrypt the ANSI
|
|
// version of this string. We can either:
|
|
// 1.) Convert the creation path for pszSid to ANSI (more correct solution)
|
|
// 2.) thunk pszSid to ansi before converting (lazy solution)
|
|
// I'm lazy so I'm choosing option #2. It should be safe to thunk to ANSI because the
|
|
// Sid should correctly round trip back to unicode.
|
|
dwSize = lstrlen(pszSidText)+1;
|
|
pszBuf = (LPSTR)GlobalAlloc( GPTR, dwSize*sizeof(CHAR) );
|
|
if ( !pszBuf )
|
|
{
|
|
// out of memory
|
|
CryptDestroyHash(hHash);
|
|
return FALSE;
|
|
}
|
|
SHTCharToAnsi( pszSidText, pszBuf, dwSize );
|
|
|
|
#ifdef DEBUG
|
|
#ifdef UNICODE
|
|
{
|
|
// ensure that the SID round trips. If it doesn't round trip then the validity of this
|
|
// encription scheme is questionable on NT. The solution would be to encrypt using Unicode,
|
|
// but that would break back compat.
|
|
LPTSTR pszDebug;
|
|
pszDebug = (LPTSTR)GlobalAlloc( GPTR, dwSize*sizeof(TCHAR) );
|
|
if ( pszDebug )
|
|
{
|
|
SHAnsiToTChar(pszBuf, pszDebug, dwSize);
|
|
if ( 0 != StrCmp( pszDebug, pszSidText ) )
|
|
{
|
|
DBGOUT((1,"CRYPT ERROR! Sid doesn't round trip! FIX THIS!!!"));
|
|
}
|
|
GlobalFree(pszDebug);
|
|
}
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
// hash the SID
|
|
if(!CryptHashData(hHash, (PBYTE)pszBuf, (dwSize)*sizeof(CHAR), 0))
|
|
{
|
|
CryptDestroyHash(hHash);
|
|
return FALSE;
|
|
}
|
|
|
|
GlobalFree(pszBuf);
|
|
|
|
// hash a "magic" and the hint
|
|
ZeroMemory(szTmpBuff, sizeof(szTmpBuff));
|
|
|
|
wsprintfA(szTmpBuff, "-%c%c%c%c%c%x", MAGIC_1, MAGIC_2, MAGIC_3, MAGIC_4, MAGIC_5, dwHint);
|
|
if(!CryptHashData(hHash, (PBYTE)szTmpBuff, sizeof(szTmpBuff), 0))
|
|
{
|
|
CryptDestroyHash(hHash);
|
|
return FALSE;
|
|
}
|
|
|
|
// Generate the key, use block alg
|
|
if(!CryptDeriveKey(hProv, CALG_RC2, hHash, 0, phKey))
|
|
{
|
|
DBGOUT((5, "CryptDeriveKey failed, 0x%x", GetLastError()));
|
|
CryptDestroyHash(hHash);
|
|
return FALSE;
|
|
}
|
|
|
|
CryptDestroyHash(hHash);
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
/////////////////////////////////
|
|
// DestroySessionKey
|
|
//
|
|
// Destroys a session key
|
|
//
|
|
//
|
|
|
|
void DestroySessionKey(HCRYPTKEY hKey)
|
|
{
|
|
CryptDestroyKey(hKey);
|
|
}
|
|
|
|
|
|
|
|
#endif //WINNT
|
|
|
|
// Old routines
|
|
#define IsWDigit(c) (((WCHAR)(c)) >= (WCHAR)'0' && ((WCHAR)(c)) <= (WCHAR)'9')
|
|
|
|
|
|
void Unscrambler( DWORD dwKey,
|
|
LPWSTR lpszSrc,
|
|
LPWSTR lpszDst )
|
|
|
|
{
|
|
UINT uIndex;
|
|
UINT uSubKey;
|
|
UINT uNewKey;
|
|
|
|
// InternalDebugOut((101, "Entering Unscrambler"));
|
|
if ( !lpszSrc || !lpszDst )
|
|
{
|
|
goto done;
|
|
}
|
|
|
|
uNewKey = (UINT)dwKey & 0x7FFF;
|
|
uSubKey = (UINT)dwKey % 10;
|
|
|
|
for ( uIndex = 1; *lpszSrc ; lpszSrc++, lpszDst++, uIndex++ )
|
|
{
|
|
if ( IsWDigit( *lpszSrc ))
|
|
{
|
|
// do the unscramble thang
|
|
//------------------------
|
|
uSubKey = ((*lpszSrc - (WCHAR)'0') - ((uSubKey + uIndex + uNewKey) % 10) + 10) % 10;
|
|
*lpszDst = (WCHAR)(uSubKey + (WCHAR)'0');
|
|
}
|
|
else
|
|
*lpszDst = *lpszSrc; // just save the byte
|
|
}
|
|
|
|
done:
|
|
*lpszDst = (WCHAR)'\0';
|
|
//InternalDebugOut((101, "Leaving Unscrambler"));
|
|
return;
|
|
}
|
|
|
|
|
|
void CopyScrambled( LPWSTR lpszSrc,
|
|
LPWSTR lpszDst,
|
|
DWORD dwKey
|
|
)
|
|
{
|
|
UINT uIndex;
|
|
UINT uSubKey;
|
|
UINT uNewKey;
|
|
|
|
//nternalDebugOut((50, "Entering IniScrambler"));
|
|
if ( !lpszSrc || !lpszDst )
|
|
{
|
|
goto done;
|
|
} // end if
|
|
|
|
uNewKey = (UINT)dwKey & 0x7FFF;
|
|
uSubKey = (UINT)dwKey % 10;
|
|
|
|
for ( uIndex = 1; *lpszSrc ; lpszSrc++, lpszDst++, uIndex++ )
|
|
{
|
|
if ( IsWDigit( *lpszSrc ))
|
|
{
|
|
// do the scramble thang
|
|
//----------------------
|
|
*lpszDst = (WCHAR)(((uSubKey + (*lpszSrc - (WCHAR)'0') + uIndex + uNewKey) % 10) + (WCHAR)'0');
|
|
uSubKey = (UINT)(*lpszSrc - (WCHAR)'0');
|
|
}
|
|
else
|
|
*lpszDst = *lpszSrc; // just save the byte
|
|
} // end for
|
|
|
|
|
|
done:
|
|
|
|
*lpszDst = (WCHAR)'\0';
|
|
// InternalDebugOut((60, "Leaving IniScrambler"));
|
|
|
|
return;
|
|
}
|