Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

746 lines
21 KiB

/*++
Copyright (c) 1994 Microsoft Corporation
Module Name:
ccp.c
Abstract:
Author:
Thomas J. Dimitri (TommyD) 29-March-1994
Environment:
Revision History:
--*/
#include "wan.h"
#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT, WanInitECP)
#pragma alloc_text(INIT, WanInitVJ)
#endif
#define __FILE_SIG__ CCP_FILESIG
NDIS_STATUS
AllocateEncryptMemory(
PCRYPTO_INFO CryptoInfo
);
NDIS_STATUS
AllocateCompressMemory(
PBUNDLECB BundleCB
);
NTSTATUS
AllocateCryptoMSChapV1(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
);
NTSTATUS
AllocateCryptoMSChapV2(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
);
#ifdef EAP_ON
NTSTATUS
AllocateCryptoEap(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
);
#endif
NPAGED_LOOKASIDE_LIST EncryptCtxList; // List of free encryption contexts
NPAGED_LOOKASIDE_LIST CachedKeyList; // List of free encryption contexts
#ifdef ENCRYPT_128BIT
NPAGED_LOOKASIDE_LIST CachedKeyListLong; // List of free encryption contexts
#endif
VOID
WanInitECP(
VOID
)
{
NdisInitializeNPagedLookasideList(&EncryptCtxList,
NULL,
NULL,
0,
ENCRYPTCTX_SIZE,
ENCRYPTCTX_TAG,
0);
NdisInitializeNPagedLookasideList(&CachedKeyList,
NULL,
NULL,
0,
glCachedKeyCount * (sizeof(USHORT) + MAX_SESSIONKEY_SIZE),
CACHEDKEY_TAG,
0);
#ifdef ENCRYPT_128BIT
NdisInitializeNPagedLookasideList(&CachedKeyListLong,
NULL,
NULL,
0,
glCachedKeyCount * (sizeof(USHORT) + MAX_USERSESSIONKEY_SIZE),
CACHEDKEY_TAG,
0);
#endif
}
VOID
WanDeleteECP(
VOID
)
{
NdisDeleteNPagedLookasideList(&EncryptCtxList);
NdisDeleteNPagedLookasideList(&CachedKeyList);
#ifdef ENCRYPT_128BIT
NdisDeleteNPagedLookasideList(&CachedKeyListLong);
#endif
}
//
// Assumes the endpoint lock is held
//
NTSTATUS
WanAllocateECP(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
)
{
NTSTATUS Status = STATUS_SUCCESS;
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanAllocateECP: Enter"));
//
// Is encryption enabled?
//
#ifdef ENCRYPT_128BIT
if ((CompInfo->MSCompType &
(NDISWAN_ENCRYPTION | NDISWAN_40_ENCRYPTION |
NDISWAN_56_ENCRYPTION | NDISWAN_128_ENCRYPTION))) {
#else
if ((CompInfo->MSCompType &
(NDISWAN_ENCRYPTION | NDISWAN_40_ENCRYPTION |
NDISWAN_56_ENCRYPTION))) {
#endif
if (CryptoInfo->Context == NULL) {
Status = AllocateEncryptMemory(CryptoInfo);
if (Status != NDIS_STATUS_SUCCESS) {
NdisWanDbgOut(DBG_FAILURE, DBG_CCP, ("Can't allocate encryption key!"));
return(STATUS_INSUFFICIENT_RESOURCES);
}
}
do
{
CryptoInfo->Flags |=
(CompInfo->Flags & CCP_IS_SERVER) ? CRYPTO_IS_SERVER : 0;
if (CompInfo->AuthType == AUTH_USE_MSCHAPV1) {
Status = AllocateCryptoMSChapV1(BundleCB,
CompInfo,
CryptoInfo,
IsSend);
} else if (CompInfo->AuthType == AUTH_USE_MSCHAPV2) {
Status = AllocateCryptoMSChapV2(BundleCB,
CompInfo,
CryptoInfo,
IsSend);
#ifdef EAP_ON
} else if (CompInfo->AuthType == AUTH_USE_EAP) {
Status = AllocateCryptoEap(BundleCB,
CompInfo,
CryptoInfo,
IsSend);
#endif
} else {
Status = STATUS_UNSUCCESSFUL;
break;
}
if (!IsSend && CryptoInfo->CachedKeyBuffer == NULL) {
#ifdef DBG_ECP
DbgPrint("NDISWAN: CompInfo = %p\n", CompInfo);
DbgPrint("NDISWAN: CryptoInfo = %p\n", CryptoInfo);
DbgPrint("NDISWAN: MSCompType = %0x\n", CompInfo->MSCompType);
DbgPrint("NDISWAN: Flags = %0x\n", CryptoInfo->Flags);
DbgPrint("NDISWAN: SessionKeyLength = %d\n", CryptoInfo->SessionKeyLength);
#endif
#ifdef ENCRYPT_128BIT
if ((CompInfo->MSCompType & NDISWAN_128_ENCRYPTION))
{
CryptoInfo->CachedKeyBuffer = NdisAllocateFromNPagedLookasideList(&CachedKeyListLong);
}
else
#endif
{
CryptoInfo->CachedKeyBuffer = NdisAllocateFromNPagedLookasideList(&CachedKeyList);
}
if (CryptoInfo->CachedKeyBuffer == NULL) {
NdisWanDbgOut(DBG_FAILURE, DBG_CCP, ("Can't allocate cached key array!"));
Status = STATUS_INSUFFICIENT_RESOURCES;
break;
}
else
{
CryptoInfo->pCurrKey = (PCACHED_KEY)CryptoInfo->CachedKeyBuffer;
CryptoInfo->pLastKey = (PCACHED_KEY)((PUCHAR) CryptoInfo->CachedKeyBuffer +
(glCachedKeyCount - 1) * (sizeof(USHORT)+ CryptoInfo->SessionKeyLength));
NdisFillMemory(CryptoInfo->CachedKeyBuffer,
glCachedKeyCount * (sizeof(USHORT)+ CryptoInfo->SessionKeyLength),
0xff);
}
}
} while(FALSE);
if (Status != STATUS_SUCCESS) {
if (CryptoInfo->Context != NULL) {
NdisFreeToNPagedLookasideList(&EncryptCtxList,
CryptoInfo->Context);
//
// Clear so we know it is deallocated
//
CryptoInfo->Context =
CryptoInfo->RC4Key= NULL;
}
if (CryptoInfo->CachedKeyBuffer != NULL) {
#ifdef ENCRYPT_128BIT
if ((CompInfo->MSCompType & NDISWAN_128_ENCRYPTION))
{
NdisFreeToNPagedLookasideList(&CachedKeyListLong, CryptoInfo->CachedKeyBuffer);
}
else
#endif
{
NdisFreeToNPagedLookasideList(&CachedKeyList, CryptoInfo->CachedKeyBuffer);
}
CryptoInfo->CachedKeyBuffer = NULL;
CryptoInfo->pCurrKey = CryptoInfo->pLastKey = NULL;
}
NdisWanDbgOut(DBG_FAILURE, DBG_CCP, ("Failed allocating Crypto Status %x!", Status));
return (Status);
}
//
// Next packet out is flushed
//
BundleCB->Flags |= RECV_PACKET_FLUSH;
}
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanAllocateECP: Exit"));
return(Status);
}
//
// Assumes the endpoint lock is held
//
VOID
WanDeallocateECP(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo
)
{
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanDeallocateECP: Enter"));
//
// Deallocate encryption keys.
//
if (CryptoInfo->Context != NULL) {
NdisFreeToNPagedLookasideList(&EncryptCtxList,
CryptoInfo->Context);
//
// Clear so we know it is deallocated
//
CryptoInfo->Context =
CryptoInfo->RC4Key= NULL;
}
if (CryptoInfo->CachedKeyBuffer != NULL) {
#ifdef ENCRYPT_128BIT
if ((CompInfo->MSCompType & NDISWAN_128_ENCRYPTION))
{
NdisFreeToNPagedLookasideList(&CachedKeyListLong, CryptoInfo->CachedKeyBuffer);
}
else
#endif
{
NdisFreeToNPagedLookasideList(&CachedKeyList, CryptoInfo->CachedKeyBuffer);
}
CryptoInfo->CachedKeyBuffer = NULL;
CryptoInfo->pCurrKey = CryptoInfo->pLastKey = NULL;
}
//
// Clear the encrption bits
//
#ifdef ENCRYPT_128BIT
CompInfo->MSCompType &= ~(NDISWAN_ENCRYPTION | NDISWAN_40_ENCRYPTION |
NDISWAN_56_ENCRYPTION | NDISWAN_128_ENCRYPTION);
#else
CompInfo->MSCompType &= ~(NDISWAN_ENCRYPTION | NDISWAN_40_ENCRYPTION |
NDISWAN_56_ENCRYPTION);
#endif
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanDeallocateCCP: Exit"));
}
NTSTATUS
AllocateCryptoMSChapV1(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
)
{
if (CompInfo->MSCompType & NDISWAN_ENCRYPTION) {
//
// For legacy encryption we use the 8 byte LMSessionKey
// for initiali encryption session key. The first 256
// packets will be sent using this without any salt
// (the first 256 packets are using 64 bit encryption).
// After the first 256 we will always salt the first 3
// bytes of the encryption key so that we are doing 40
// bit encryption.
//
CryptoInfo->SessionKeyLength = MAX_SESSIONKEY_SIZE;
NdisMoveMemory(CryptoInfo->StartKey,
CompInfo->LMSessionKey,
CryptoInfo->SessionKeyLength);
NdisMoveMemory(CryptoInfo->SessionKey,
CryptoInfo->StartKey,
CryptoInfo->SessionKeyLength);
} else if (CompInfo->MSCompType &
(NDISWAN_40_ENCRYPTION | NDISWAN_56_ENCRYPTION)) {
CryptoInfo->SessionKeyLength = MAX_SESSIONKEY_SIZE;
//
// For our new 40/56 bit encryption we will use SHA on the
// 8 byte LMSessionKey to derive our intial 8 byte
// encryption session key.
//
NdisMoveMemory(CryptoInfo->StartKey,
CompInfo->LMSessionKey,
CryptoInfo->SessionKeyLength);
NdisMoveMemory(CryptoInfo->SessionKey,
CompInfo->LMSessionKey,
CryptoInfo->SessionKeyLength);
GetNewKeyFromSHA(CryptoInfo);
if (CompInfo->MSCompType & NDISWAN_40_ENCRYPTION) {
//
// Set the first 3 bytes to reduce to
// 40 bits of random key
//
CryptoInfo->SessionKey[0] = 0xD1;
CryptoInfo->SessionKey[1] = 0x26;
CryptoInfo->SessionKey[2] = 0x9E;
} else {
//
// Set the first byte to reduce to
// 56 bits of random key
//
CryptoInfo->SessionKey[0] = 0xD1;
}
#ifdef ENCRYPT_128BIT
} else if (CompInfo->MSCompType & NDISWAN_128_ENCRYPTION) {
CryptoInfo->SessionKeyLength = MAX_USERSESSIONKEY_SIZE;
//
// For our new 128 bit encryption we will use SHA on the
// 16 byte NTUserSessionKey and the 8 byte Challenge to
// derive our the intial 128 bit encryption session key.
//
NdisMoveMemory(CryptoInfo->StartKey,
CompInfo->UserSessionKey,
MAX_USERSESSIONKEY_SIZE);
GetStartKeyFromSHA(CryptoInfo, CompInfo->Challenge);
GetNewKeyFromSHA(CryptoInfo);
#endif
}
//
// Initialize the rc4 send table
//
NdisWanDbgOut(DBG_TRACE, DBG_CCP,
("RC4 encryption KeyLength %d", CryptoInfo->SessionKeyLength));
NdisWanDbgOut(DBG_TRACE, DBG_CCP,
("RC4 encryption Key %.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x",
CryptoInfo->SessionKey[0],
CryptoInfo->SessionKey[1],
CryptoInfo->SessionKey[2],
CryptoInfo->SessionKey[3],
CryptoInfo->SessionKey[4],
CryptoInfo->SessionKey[5],
CryptoInfo->SessionKey[6],
CryptoInfo->SessionKey[7],
CryptoInfo->SessionKey[8],
CryptoInfo->SessionKey[9],
CryptoInfo->SessionKey[10],
CryptoInfo->SessionKey[11],
CryptoInfo->SessionKey[12],
CryptoInfo->SessionKey[13],
CryptoInfo->SessionKey[14],
CryptoInfo->SessionKey[15]));
rc4_key(CryptoInfo->RC4Key,
CryptoInfo->SessionKeyLength,
CryptoInfo->SessionKey);
return (STATUS_SUCCESS);
}
NTSTATUS
AllocateCryptoMSChapV2(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
)
{
NdisMoveMemory(CryptoInfo->StartKey,
CompInfo->UserSessionKey,
sizeof(CryptoInfo->StartKey));
if (CompInfo->MSCompType & NDISWAN_ENCRYPTION) {
return(STATUS_UNSUCCESSFUL);
} else if (CompInfo->MSCompType &
(NDISWAN_40_ENCRYPTION | NDISWAN_56_ENCRYPTION)) {
CryptoInfo->SessionKeyLength = MAX_SESSIONKEY_SIZE;
#ifdef ENCRYPT_128BIT
} else if (CompInfo->MSCompType & NDISWAN_128_ENCRYPTION) {
CryptoInfo->SessionKeyLength = MAX_USERSESSIONKEY_SIZE;
#endif
}
GetMasterKey(CryptoInfo, CompInfo->NTResponse);
//
// Setup the first key
//
GetAsymetricStartKey(CryptoInfo, IsSend);
GetNewKeyFromSHA(CryptoInfo);
if (CompInfo->MSCompType & NDISWAN_40_ENCRYPTION) {
//
// Set the first 3 bytes to reduce to
// 40 bits of random key
//
CryptoInfo->SessionKey[0] = 0xD1;
CryptoInfo->SessionKey[1] = 0x26;
CryptoInfo->SessionKey[2] = 0x9E;
} else if (CompInfo->MSCompType & NDISWAN_56_ENCRYPTION) {
//
// Set the first byte to reduce to
// 56 bits of random key
//
CryptoInfo->SessionKey[0] = 0xD1;
}
//
// Initialize the rc4 send table
//
NdisWanDbgOut(DBG_TRACE, DBG_CCP,
("RC4 encryption KeyLength %d", CryptoInfo->SessionKeyLength));
NdisWanDbgOut(DBG_TRACE, DBG_CCP,
("RC4 encryption Key %.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x",
CryptoInfo->SessionKey[0],CryptoInfo->SessionKey[1],
CryptoInfo->SessionKey[2],CryptoInfo->SessionKey[3],
CryptoInfo->SessionKey[4],CryptoInfo->SessionKey[5],
CryptoInfo->SessionKey[6],CryptoInfo->SessionKey[7],
CryptoInfo->SessionKey[8],CryptoInfo->SessionKey[9],
CryptoInfo->SessionKey[10],CryptoInfo->SessionKey[11],
CryptoInfo->SessionKey[12],CryptoInfo->SessionKey[13],
CryptoInfo->SessionKey[14],CryptoInfo->SessionKey[15]));
rc4_key(CryptoInfo->RC4Key,
CryptoInfo->SessionKeyLength,
CryptoInfo->SessionKey);
return (STATUS_SUCCESS);
}
#ifdef EAP_ON
NTSTATUS
AllocateCryptoEap(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
PCRYPTO_INFO CryptoInfo,
BOOLEAN IsSend
)
{
ULONG KeySize;
KeySize = CompInfo->EapKeyLength;
if (CompInfo->MSCompType & NDISWAN_ENCRYPTION) {
return(STATUS_UNSUCCESSFUL);
} else if (CompInfo->MSCompType &
(NDISWAN_40_ENCRYPTION | NDISWAN_56_ENCRYPTION)) {
//
// Might need to pad this out. Spec calls for padding
// at the left (front) of the value
//
CryptoInfo->SessionKeyLength = MAX_SESSIONKEY_SIZE;
#ifdef ENCRYPT_128BIT
} else if (CompInfo->MSCompType & NDISWAN_128_ENCRYPTION) {
//
// Might need to pad this out. Spec calls for padding
// at the left (front) of the value
//
CryptoInfo->SessionKeyLength = MAX_USERSESSIONKEY_SIZE;
#endif
}
NdisMoveMemory(CryptoInfo->StartKey,
CompInfo->EapKey,
CryptoInfo->SessionKeyLength);
NdisMoveMemory(CryptoInfo->SessionKey,
CryptoInfo->StartKey,
CryptoInfo->SessionKeyLength);
GetNewKeyFromSHA(CryptoInfo);
if (CompInfo->MSCompType & NDISWAN_40_ENCRYPTION) {
//
// Set the first 3 bytes to reduce to
// 40 bits of random key
//
CryptoInfo->SessionKey[0] = 0xD1;
CryptoInfo->SessionKey[1] = 0x26;
CryptoInfo->SessionKey[2] = 0x9E;
} else if (CompInfo->MSCompType & NDISWAN_56_ENCRYPTION) {
//
// Set the first byte to reduce to
// 56 bits of random key
//
CryptoInfo->SessionKey[0] = 0xD1;
}
//
// Initialize the rc4 send table
//
NdisWanDbgOut(DBG_TRACE, DBG_CCP,
("RC4 encryption KeyLength %d", CryptoInfo->SessionKeyLength));
NdisWanDbgOut(DBG_TRACE, DBG_CCP,
("RC4 encryption Key %.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x",
CryptoInfo->SessionKey[0],CryptoInfo->SessionKey[1],
CryptoInfo->SessionKey[2],CryptoInfo->SessionKey[3],
CryptoInfo->SessionKey[4],CryptoInfo->SessionKey[5],
CryptoInfo->SessionKey[6],CryptoInfo->SessionKey[7],
CryptoInfo->SessionKey[8],CryptoInfo->SessionKey[9],
CryptoInfo->SessionKey[10],CryptoInfo->SessionKey[11],
CryptoInfo->SessionKey[12],CryptoInfo->SessionKey[13],
CryptoInfo->SessionKey[14],CryptoInfo->SessionKey[15]));
rc4_key(CryptoInfo->RC4Key,
CryptoInfo->SessionKeyLength,
CryptoInfo->SessionKey);
return (STATUS_SUCCESS);
}
#endif
NTSTATUS
WanAllocateCCP(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
BOOLEAN IsSend
)
{
NTSTATUS Status = STATUS_SUCCESS;
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanAllocateCCP: Enter"));
if (CompInfo->MSCompType & NDISWAN_COMPRESSION) {
ULONG CompressSend;
ULONG CompressRecv;
//
// Get compression context sizes
//
getcontextsizes (&CompressSend, &CompressRecv);
if (IsSend) {
if (BundleCB->SendCompressContext == NULL) {
NdisWanAllocateMemory(&BundleCB->SendCompressContext, CompressSend, COMPCTX_TAG);
//
// If we can't allocate memory the machine is toast.
// Forget about freeing anything up.
//
if (BundleCB->SendCompressContext == NULL) {
NdisWanDbgOut(DBG_FAILURE, DBG_CCP, ("Can't allocate compression!"));
return(STATUS_INSUFFICIENT_RESOURCES);
}
}
initsendcontext (BundleCB->SendCompressContext);
} else {
if (BundleCB->RecvCompressContext == NULL) {
NdisWanAllocateMemory(&BundleCB->RecvCompressContext, CompressRecv, COMPCTX_TAG);
//
// If we can't allocate memory the machine is toast.
// Forget about freeing anything up.
//
if (BundleCB->RecvCompressContext == NULL) {
NdisWanDbgOut(DBG_FAILURE, DBG_CCP, ("Can't allocate decompression"));
return(STATUS_INSUFFICIENT_RESOURCES);
}
}
//
// Initialize the decompression history table
//
initrecvcontext (BundleCB->RecvCompressContext);
}
Status = STATUS_SUCCESS;
//
// Next packet out is flushed
//
BundleCB->Flags |= RECV_PACKET_FLUSH;
}
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanAllocateCCP: Exit"));
return (Status);
}
VOID
WanDeallocateCCP(
PBUNDLECB BundleCB,
PCOMPRESS_INFO CompInfo,
BOOLEAN IsSend
)
{
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanDeallocateCCP: Enter"));
if (IsSend) {
if (BundleCB->SendCompressContext != NULL) {
NdisWanFreeMemory(BundleCB->SendCompressContext);
BundleCB->SendCompressContext= NULL;
}
} else {
if (BundleCB->RecvCompressContext != NULL) {
NdisWanFreeMemory(BundleCB->RecvCompressContext);
BundleCB->RecvCompressContext= NULL;
}
}
//
// Clear the compression bits
//
CompInfo->MSCompType &= ~NDISWAN_COMPRESSION;
NdisWanDbgOut(DBG_TRACE, DBG_CCP, ("WanDeallocateCCP: Exit"));
}
NDIS_STATUS
AllocateEncryptMemory(
PCRYPTO_INFO CryptoInfo
)
{
PUCHAR Mem;
Mem =
NdisAllocateFromNPagedLookasideList(&EncryptCtxList);
if (Mem == NULL) {
return (NDIS_STATUS_FAILURE);
}
NdisZeroMemory(Mem, ENCRYPTCTX_SIZE);
CryptoInfo->Context = Mem;
Mem += (sizeof(A_SHA_CTX) + sizeof(PVOID));
CryptoInfo->RC4Key = Mem;
(ULONG_PTR)CryptoInfo->RC4Key &= ~((ULONG_PTR)sizeof(PVOID)-1);
return(NDIS_STATUS_SUCCESS);
}