Author: tkreuzer Date: Mon Sep 15 21:05:38 2014 New Revision: 64163
URL: http://svn.reactos.org/svn/reactos?rev=64163&view=rev Log: [KSECDD] - Implement Encrypt / DecryptMemory in KSecDD (it uses AES for 16 byte aligned sizes, and 3DES for 8 byte aligned sizes) - Install KSecDD - Actually use KSecDD for Encryption from advapi32
Added: trunk/reactos/lib/cryptlib/aes.c - copied unchanged from r64143, trunk/reactos/dll/win32/rsaenh/aes.c trunk/reactos/lib/cryptlib/des.c - copied unchanged from r64143, trunk/reactos/dll/win32/rsaenh/des.c trunk/reactos/lib/cryptlib/tomcrypt.h - copied unchanged from r64143, trunk/reactos/dll/win32/rsaenh/tomcrypt.h Modified: trunk/reactos/boot/bootdata/hivesys.inf trunk/reactos/dll/win32/advapi32/misc/sysfunc.c trunk/reactos/drivers/crypto/ksecdd/crypt.c trunk/reactos/drivers/crypto/ksecdd/ksecdd.c trunk/reactos/drivers/crypto/ksecdd/ksecdd.h trunk/reactos/drivers/crypto/ksecdd/random.c trunk/reactos/include/psdk/ntsecapi.h trunk/reactos/lib/cryptlib/CMakeLists.txt
Modified: trunk/reactos/boot/bootdata/hivesys.inf URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesys.inf?r... ============================================================================== --- trunk/reactos/boot/bootdata/hivesys.inf [iso-8859-1] (original) +++ trunk/reactos/boot/bootdata/hivesys.inf [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -1477,6 +1477,13 @@ HKLM,"SYSTEM\CurrentControlSet\Services\kbdclass","Type",0x00010001,0x00000001 HKLM,"SYSTEM\CurrentControlSet\Services\kbdclass\Parameters","ConnectMultiplePorts",0x00010001,1 HKLM,"SYSTEM\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}","UpperFilters",0x00010000,"kbdclass" + +; Kernel Security Support Provider Interface Driver +HKLM,"SYSTEM\CurrentControlSet\Services\Beep","ErrorControl",0x00010001,0x00000003 +HKLM,"SYSTEM\CurrentControlSet\Services\Beep","Group",0x00000000,"Base" +HKLM,"SYSTEM\CurrentControlSet\Services\Beep","ImagePath",0x00020000,"system32\drivers\ksecdd.sys" +HKLM,"SYSTEM\CurrentControlSet\Services\Beep","Start",0x00010001,0x00000000 +HKLM,"SYSTEM\CurrentControlSet\Services\Beep","Type",0x00010001,0x00000001
; MPU-401 MIDI driver HKLM,"SYSTEM\CurrentControlSet\Services\mpu401","Group",0x00000000,"Base"
Modified: trunk/reactos/dll/win32/advapi32/misc/sysfunc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/sys... ============================================================================== --- trunk/reactos/dll/win32/advapi32/misc/sysfunc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/misc/sysfunc.c [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -12,15 +12,11 @@ */
#include <advapi32.h> +#include <ntsecapi.h> #include <ksecioctl.h> #include <md4.h> #include <md5.h> #include <rc4.h> - -/* FIXME: this should be in some shared header */ -#define RTL_ENCRYPT_OPTION_SAME_PROCESS 0 -#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 1 -#define RTL_ENCRYPT_OPTION_SAME_LOGON 2
static const unsigned char CRYPT_LMhash_Magic[8] = { 'K', 'G', 'S', '!', '@', '#', '$', '%' }; @@ -635,11 +631,11 @@
InitializeObjectAttributes(&ObjectAttributes, &DeviceName, - 0x18, + OBJ_CASE_INSENSITIVE, NULL, NULL); Status = NtOpenFile(&DeviceHandle, - 0x100001, + FILE_READ_DATA | SYNCHRONIZE, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, @@ -744,9 +740,6 @@ { ULONG IoControlCode;
- //FIXME("(%p, %x, %x): stub [RtlEncryptMemory]\n", memory, length, flags); - return STATUS_SUCCESS; - if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_PROCESS) { IoControlCode = IOCTL_KSEC_ENCRYPT_SAME_PROCESS; @@ -798,9 +791,6 @@ { ULONG IoControlCode;
- //FIXME("(%p, %x, %x): stub [RtlDecryptMemory]\n", memory, length, flags); - return STATUS_SUCCESS; - if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_PROCESS) { IoControlCode = IOCTL_KSEC_DECRYPT_SAME_PROCESS;
Modified: trunk/reactos/drivers/crypto/ksecdd/crypt.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/crypt... ============================================================================== --- trunk/reactos/drivers/crypto/ksecdd/crypt.c [iso-8859-1] (original) +++ trunk/reactos/drivers/crypto/ksecdd/crypt.c [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -10,6 +10,258 @@
#include "ksecdd.h"
+MD5_CTX KsecLoadTimeStartMd5s[2]; +DES3_KEY KsecGlobalDes3Key; +AES_KEY KsecGlobalAesKey; + +typedef struct _KSEC_PROCESS_DATA +{ + PEPROCESS Process; + HANDLE ProcessId; + LONGLONG CreateTime; + ULONG_PTR DirectoryTableBase; +} KSEC_PROCESS_DATA, *PKSEC_PROCESS_DATA; + +typedef struct _KSEC_LOGON_DATA +{ + LUID LogonId; +} KSEC_LOGON_DATA, *PKSEC_LOGON_DATA; + +VOID +NTAPI +KsecInitializeEncryptionSupport ( + VOID) +{ + KSEC_ENTROPY_DATA EntropyData; + MD5_CTX Md5Context; + UCHAR KeyDataBuffer[32]; + + KsecGatherEntropyData(&EntropyData); + MD5Init(&Md5Context); + MD5Update(&Md5Context, (PVOID)&EntropyData, sizeof(EntropyData)); + KsecLoadTimeStartMd5s[0] = Md5Context; + MD5Final(&Md5Context); + RtlCopyMemory(KeyDataBuffer, &Md5Context.digest, 16); + + KsecGatherEntropyData(&EntropyData); + Md5Context = KsecLoadTimeStartMd5s[0]; + MD5Update(&Md5Context, (PVOID)&EntropyData, sizeof(EntropyData)); + KsecLoadTimeStartMd5s[1] = Md5Context; + MD5Final(&Md5Context); + RtlCopyMemory(&KeyDataBuffer[16], &Md5Context.digest, 16); + + /* Create the global keys */ + aes_setup(KeyDataBuffer, 32, 0, &KsecGlobalAesKey); + des3_setup(KeyDataBuffer, 24, 0, &KsecGlobalDes3Key); + + /* Erase the temp data */ + RtlSecureZeroMemory(KeyDataBuffer, sizeof(KeyDataBuffer)); + RtlSecureZeroMemory(&Md5Context, sizeof(Md5Context)); +} + +static +VOID +KsecGetKeyData ( + _Out_ UCHAR KeyData[32], + _In_ ULONG OptionFlags) +{ + MD5_CTX Md5Contexts[2]; + KSEC_PROCESS_DATA ProcessData; + KSEC_LOGON_DATA LogonData; + PEPROCESS CurrentProcess; + PACCESS_TOKEN Token; + + /* We need to generate the key, start with our load MD5s */ + Md5Contexts[0] = KsecLoadTimeStartMd5s[0]; + Md5Contexts[1] = KsecLoadTimeStartMd5s[1]; + + /* Get the current process */ + CurrentProcess = PsGetCurrentProcess(); + + if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_PROCESS) + { + ProcessData.Process = CurrentProcess; + ProcessData.ProcessId = CurrentProcess->UniqueProcessId; + ProcessData.CreateTime = PsGetProcessCreateTimeQuadPart(CurrentProcess); + ProcessData.DirectoryTableBase = CurrentProcess->Pcb.DirectoryTableBase[0]; + MD5Update(&Md5Contexts[0], (PVOID)&ProcessData, sizeof(ProcessData)); + MD5Update(&Md5Contexts[1], (PVOID)&ProcessData, sizeof(ProcessData)); + } + else // if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_LOGON) + { + Token = PsReferencePrimaryToken(CurrentProcess); + SeQueryAuthenticationIdToken(Token, &LogonData.LogonId); + PsDereferencePrimaryToken(Token); + MD5Update(&Md5Contexts[0], (PVOID)&LogonData, sizeof(LogonData)); + MD5Update(&Md5Contexts[1], (PVOID)&LogonData, sizeof(LogonData)); + } + + /* Finalize the MD5s */ + MD5Final(&Md5Contexts[0]); + MD5Final(&Md5Contexts[1]); + + /* Copy the md5 data */ + RtlCopyMemory(KeyData, &Md5Contexts[0].digest, 16); + RtlCopyMemory((PUCHAR)KeyData + 16, &Md5Contexts[1].digest, 16); + + /* Erase the temp data */ + RtlSecureZeroMemory(&Md5Contexts, sizeof(Md5Contexts)); +} + +static +VOID +KsecGetDes3Key ( + _Out_ PDES3_KEY Des3Key, + _In_ ULONG OptionFlags) +{ + UCHAR KeyDataBuffer[32]; + + /* Check if the caller allows cross process encryption */ + if (OptionFlags == RTL_ENCRYPT_OPTION_CROSS_PROCESS) + { + /* Return our global cached DES3 key */ + *Des3Key = KsecGlobalDes3Key; + } + else + { + /* Setup the key */ + KsecGetKeyData(KeyDataBuffer, OptionFlags); + des3_setup(KeyDataBuffer, 24, 0, Des3Key); + + /* Erase the temp data */ + RtlSecureZeroMemory(KeyDataBuffer, sizeof(KeyDataBuffer)); + } +} + +static +VOID +KsecGetAesKey ( + _Out_ PAES_KEY AesKey, + _In_ ULONG OptionFlags) +{ + UCHAR KeyDataBuffer[32]; + + /* Check if the caller allows cross process encryption */ + if (OptionFlags == RTL_ENCRYPT_OPTION_CROSS_PROCESS) + { + /* Return our global cached AES key */ + *AesKey = KsecGlobalAesKey; + } + else + { + /* Setup the key */ + KsecGetKeyData(KeyDataBuffer, OptionFlags); + aes_setup(KeyDataBuffer, 32, 0, AesKey); + + /* Erase the temp data */ + RtlSecureZeroMemory(KeyDataBuffer, sizeof(KeyDataBuffer)); + } +} + +static +VOID +KsecEncryptMemoryDes3 ( + _Inout_ PVOID Buffer, + _In_ ULONG Length, + _In_ ULONG OptionFlags) +{ + UCHAR EncryptedBlockData[8]; + DES3_KEY Des3Key; + + /* Get they triple DES key */ + KsecGetDes3Key(&Des3Key, OptionFlags); + + /* Do the triple DES encryption */ + while (Length >= sizeof(EncryptedBlockData)) + { + des3_ecb_encrypt(Buffer, EncryptedBlockData, &Des3Key); + RtlCopyMemory(Buffer, EncryptedBlockData, sizeof(EncryptedBlockData)); + Buffer = (PUCHAR)Buffer + sizeof(EncryptedBlockData); + Length -= sizeof(EncryptedBlockData); + } + + /* Erase the key data */ + RtlSecureZeroMemory(&Des3Key, sizeof(Des3Key)); +} + +static +VOID +KsecDecryptMemoryDes3 ( + _Inout_ PVOID Buffer, + _In_ ULONG Length, + _In_ ULONG OptionFlags) +{ + UCHAR BlockData[8]; + DES3_KEY Des3Key; + + /* Get they triple DES key */ + KsecGetDes3Key(&Des3Key, OptionFlags); + + /* Do the triple DES decryption */ + while (Length >= sizeof(BlockData)) + { + des3_ecb_decrypt(Buffer, BlockData, &Des3Key); + RtlCopyMemory(Buffer, BlockData, sizeof(BlockData)); + Buffer = (PUCHAR)Buffer + sizeof(BlockData); + Length -= sizeof(BlockData); + } + + /* Erase the key data */ + RtlSecureZeroMemory(&Des3Key, sizeof(Des3Key)); +} + +static +VOID +KsecEncryptMemoryAes ( + _Inout_ PVOID Buffer, + _In_ ULONG Length, + _In_ ULONG OptionFlags) +{ + UCHAR EncryptedBlockData[16]; + AES_KEY AesKey; + + /* Get they AES key */ + KsecGetAesKey(&AesKey, OptionFlags); + + /* Do the AES encryption */ + while (Length >= sizeof(EncryptedBlockData)) + { + aes_ecb_encrypt(Buffer, EncryptedBlockData, &AesKey); + RtlCopyMemory(Buffer, EncryptedBlockData, sizeof(EncryptedBlockData)); + Buffer = (PUCHAR)Buffer + sizeof(EncryptedBlockData); + Length -= sizeof(EncryptedBlockData); + } + + /* Erase the key data */ + RtlSecureZeroMemory(&AesKey, sizeof(AesKey)); +} + +static +VOID +KsecDecryptMemoryAes ( + _Inout_ PVOID Buffer, + _In_ ULONG Length, + _In_ ULONG OptionFlags) +{ + UCHAR BlockData[16]; + AES_KEY AesKey; + + /* Get they AES key */ + KsecGetAesKey(&AesKey, OptionFlags); + + /* Do the AES decryption */ + while (Length >= sizeof(BlockData)) + { + aes_ecb_decrypt(Buffer, BlockData, &AesKey); + RtlCopyMemory(Buffer, BlockData, sizeof(BlockData)); + Buffer = (PUCHAR)Buffer + sizeof(BlockData); + Length -= sizeof(BlockData); + } + + /* Erase the key data */ + RtlSecureZeroMemory(&AesKey, sizeof(AesKey)); +} + NTSTATUS NTAPI KsecEncryptMemory ( @@ -17,6 +269,31 @@ _In_ ULONG Length, _In_ ULONG OptionFlags) { + /* Validate parameter */ + if (OptionFlags > RTL_ENCRYPT_OPTION_SAME_LOGON) + { + return STATUS_INVALID_PARAMETER; + } + + /* Check if the length is not 16 bytes aligned */ + if (Length & 15) + { + /* Is it at least 8 bytes aligned? */ + if (Length & 7) + { + /* No, we can't deal with it! */ + return STATUS_INVALID_PARAMETER; + } + + /* Use triple DES encryption */ + KsecEncryptMemoryDes3(Buffer, Length, OptionFlags); + } + else + { + /* Use AES encryption */ + KsecEncryptMemoryAes(Buffer, Length, OptionFlags); + } + return STATUS_SUCCESS; }
@@ -27,5 +304,30 @@ _In_ ULONG Length, _In_ ULONG OptionFlags) { + /* Validate parameter */ + if (OptionFlags > RTL_ENCRYPT_OPTION_SAME_LOGON) + { + return STATUS_INVALID_PARAMETER; + } + + /* Check if the length is not 16 bytes aligned */ + if (Length & 15) + { + /* Is it at least 8 bytes aligned? */ + if (Length & 7) + { + /* No, we can't deal with it! */ + return STATUS_INVALID_PARAMETER; + } + + /* Use triple DES encryption */ + KsecDecryptMemoryDes3(Buffer, Length, OptionFlags); + } + else + { + /* Use AES encryption */ + KsecDecryptMemoryAes(Buffer, Length, OptionFlags); + } + return STATUS_SUCCESS; }
Modified: trunk/reactos/drivers/crypto/ksecdd/ksecdd.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/ksecd... ============================================================================== --- trunk/reactos/drivers/crypto/ksecdd/ksecdd.c [iso-8859-1] (original) +++ trunk/reactos/drivers/crypto/ksecdd/ksecdd.c [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -52,5 +52,8 @@ DriverObject->MajorFunction[IRP_MJ_QUERY_VOLUME_INFORMATION] = KsecDdDispatch; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = KsecDdDispatch;
+ /* Initialize */ + KsecInitializeEncryptionSupport(); + return STATUS_SUCCESS; }
Modified: trunk/reactos/drivers/crypto/ksecdd/ksecdd.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/ksecd... ============================================================================== --- trunk/reactos/drivers/crypto/ksecdd/ksecdd.h [iso-8859-1] (original) +++ trunk/reactos/drivers/crypto/ksecdd/ksecdd.h [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -8,11 +8,15 @@
#define _NO_KSECDD_IMPORT_ #include <ntifs.h> -#include <ndk/extypes.h> -#include <ndk/rtlfuncs.h> -#include <ndk/lpcfuncs.h> -#include <ndk/obfuncs.h> +#include <ndk/exfuncs.h> +#include <pseh/pseh2.h> #include <ntstrsafe.h> + +#include <md4.h> +#include <md5.h> +#include <tomcrypt.h> +typedef aes_key AES_KEY, *PAES_KEY; +typedef des3_key DES3_KEY, *PDES3_KEY;
#define STATUS_KSEC_INTERNAL_ERROR ((NTSTATUS)0x80090304)
@@ -70,12 +74,21 @@ PDEVICE_OBJECT DeviceObject, PIRP Irp);
+NTSTATUS +NTAPI +KsecGatherEntropyData( + PKSEC_ENTROPY_DATA EntropyData);
NTSTATUS NTAPI KsecGenRandom( PVOID Buffer, SIZE_T Length); + +VOID +NTAPI +KsecInitializeEncryptionSupport ( + VOID);
NTSTATUS NTAPI @@ -91,23 +104,3 @@ _In_ ULONG Length, _In_ ULONG OptionFlags);
-NTSTATUS -NTAPI -KsecInitLsaMemory(VOID); - -/// -PVOID -NTAPI -PsGetProcessSecurityPort( - PEPROCESS Process); - -NTSTATUS -NTAPI -PsSetProcessSecurityPort( - PEPROCESS Process, - PVOID SecurityPort); - -HANDLE -NTAPI -PsGetCurrentThreadProcessId(VOID); -
Modified: trunk/reactos/drivers/crypto/ksecdd/random.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/rando... ============================================================================== --- trunk/reactos/drivers/crypto/ksecdd/random.c [iso-8859-1] (original) +++ trunk/reactos/drivers/crypto/ksecdd/random.c [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -9,10 +9,6 @@ /* INCLUDES *******************************************************************/
#include "ksecdd.h" -#include <ndk/exfuncs.h> -#include <ndk/kefuncs.h> -#include <pseh/pseh2.h> -#include <md4.h>
#define NDEBUG #include <debug.h> @@ -69,8 +65,8 @@ }
/* Read the CPU event counter MSRs */ - MachineSpecificCounters->Ctr0 = __readmsr(0x12); - MachineSpecificCounters->Ctr1 = __readmsr(0x13); + //MachineSpecificCounters->Ctr0 = __readmsr(0x12); + //MachineSpecificCounters->Ctr1 = __readmsr(0x13);
/* Check if this is an MMX capable CPU */ if (ExIsProcessorFeaturePresent(PF_MMX_INSTRUCTIONS_AVAILABLE))
Modified: trunk/reactos/include/psdk/ntsecapi.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?rev... ============================================================================== --- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original) +++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -666,8 +666,17 @@ } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION;
#define RtlGenRandom SystemFunction036 +#define RtlEncryptMemory SystemFunction040 +#define RtlDecryptMemory SystemFunction041
BOOLEAN WINAPI RtlGenRandom(PVOID,ULONG); +NTSTATUS WINAPI RtlEncryptMemory(PVOID Memory, ULONG MemorySize, ULONG OptionFlags); +NTSTATUS WINAPI RtlDecryptMemory(PVOID Memory, ULONG MemorySize, ULONG OptionFlags); + +#define RTL_ENCRYPT_MEMORY_SIZE 8 +#define RTL_ENCRYPT_OPTION_SAME_PROCESS 0x00 +#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01 +#define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02
NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING,ULONG); NTSTATUS NTAPI LsaAddPrivilegesToAccount(LSA_HANDLE, PPRIVILEGE_SET);
Modified: trunk/reactos/lib/cryptlib/CMakeLists.txt URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/cryptlib/CMakeLists.txt... ============================================================================== --- trunk/reactos/lib/cryptlib/CMakeLists.txt [iso-8859-1] (original) +++ trunk/reactos/lib/cryptlib/CMakeLists.txt [iso-8859-1] Mon Sep 15 21:05:38 2014 @@ -1,5 +1,7 @@
add_library(cryptlib + aes.c + des.c md4.c md5.c mvAesAlg.c