reactos/drivers/crypto/ksecdd/ksecdd.h

/*
 * PROJECT:         ReactOS Drivers
 * COPYRIGHT:       See COPYING in the top level directory
 * PURPOSE:         Kernel Security Support Provider Interface Driver
 *
 * PROGRAMMERS:     Timo Kreuzer (timo.kreuzer@reactos.org)
 */

#define _NO_KSECDD_IMPORT_
#include <ntifs.h>
#include <ndk/exfuncs.h>
#include <ndk/ketypes.h>
#include <pseh/pseh2.h>
#include <ntstrsafe.h>

#include <md4.h>
#include <md5.h>
#include <tomcrypt.h>
typedef aes_key AES_KEY, *PAES_KEY;
typedef des3_key DES3_KEY, *PDES3_KEY;

#define STATUS_KSEC_INTERNAL_ERROR ((NTSTATUS)0x80090304)

/* FIXME: this should be in some shared header */
#define RTL_ENCRYPT_OPTION_SAME_PROCESS   0
#define RTL_ENCRYPT_OPTION_CROSS_PROCESS  1
#define RTL_ENCRYPT_OPTION_SAME_LOGON     2

typedef struct _KSEC_CONNECTION_INFO
{
    ULONG Unknown0;
    NTSTATUS Status;
    ULONG_PTR Information;
    CHAR ConnectionString[128];
    ULONG Flags;
} KSEC_CONNECTION_INFO;

#if defined(_M_IX86) || defined(_M_AMD64)
typedef struct _KSEC_MACHINE_SPECIFIC_COUNTERS
{
    ULONG64 Tsc;
    ULONG64 Pmc0;
    ULONG64 Pmc1;
    ULONG64 Ctr0;
    ULONG64 Ctr1;
} KSEC_MACHINE_SPECIFIC_COUNTERS, *PKSEC_MACHINE_SPECIFIC_COUNTERS;
#elif defined(_M_ARM)
typedef struct _KSEC_MACHINE_SPECIFIC_COUNTERS
{
    ULONG Ccr;
} KSEC_MACHINE_SPECIFIC_COUNTERS, *PKSEC_MACHINE_SPECIFIC_COUNTERS;
#else
typedef ULONG KSEC_MACHINE_SPECIFIC_COUNTERS, *PKSEC_MACHINE_SPECIFIC_COUNTERS;
#endif

typedef struct _KSEC_ENTROPY_DATA
{
    HANDLE CurrentProcessId;
    HANDLE CurrentThreadId;
    LARGE_INTEGER TickCount;
    LARGE_INTEGER SystemTime;
    LARGE_INTEGER PerformanceCounter;
    LARGE_INTEGER PerformanceFrequency;
    UCHAR EnvironmentHash[16];
    KSEC_MACHINE_SPECIFIC_COUNTERS MachineSpecificCounters;
    SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION SystemProcessorPerformanceInformation;
    SYSTEM_PERFORMANCE_INFORMATION SystemPerformanceInformation;
    SYSTEM_EXCEPTION_INFORMATION SystemExceptionInformation;
    SYSTEM_LOOKASIDE_INFORMATION SystemLookasideInformation;
    SYSTEM_INTERRUPT_INFORMATION SystemInterruptInformation;
    SYSTEM_PROCESS_INFORMATION SystemProcessInformation;
} KSEC_ENTROPY_DATA, *PKSEC_ENTROPY_DATA;

extern PEPROCESS KsecLsaProcess;
extern HANDLE KsecLsaProcessHandle;

NTSTATUS
NTAPI
KsecDdDispatch(
    PDEVICE_OBJECT DeviceObject,
    PIRP Irp);

NTSTATUS
NTAPI
KsecGatherEntropyData(
    PKSEC_ENTROPY_DATA EntropyData);

NTSTATUS
NTAPI
KsecGenRandom(
    PVOID Buffer,
    SIZE_T Length);

VOID
NTAPI
KsecInitializeEncryptionSupport (
    VOID);

NTSTATUS
NTAPI
KsecEncryptMemory (
    _Inout_ PVOID Buffer,
    _In_ ULONG Length,
    _In_ ULONG OptionFlags);

NTSTATUS
NTAPI
KsecDecryptMemory (
    _Inout_ PVOID Buffer,
    _In_ ULONG Length,
    _In_ ULONG OptionFlags);
[KSECDD] Start implementing ksecdd svn path=/trunk/; revision=61754 2014-01-22 16:58:36 +00:00			`/*`
			`* PROJECT: ReactOS Drivers`
			`* COPYRIGHT: See COPYING in the top level directory`
			`* PURPOSE: Kernel Security Support Provider Interface Driver`
			`*`
			`* PROGRAMMERS: Timo Kreuzer (timo.kreuzer@reactos.org)`
			`*/`

			`#define _NO_KSECDD_IMPORT_`
			`#include <ntifs.h>`
[KSECDD] - Implement Encrypt / DecryptMemory in KSecDD (it uses AES for 16 byte aligned sizes, and 3DES for 8 byte aligned sizes) - Install KSecDD - Actually use KSecDD for Encryption from advapi32 svn path=/trunk/; revision=64163 2014-09-15 21:05:38 +00:00			`#include <ndk/exfuncs.h>`
[NDK] - Add coprocessor constants [NTOSKRNL] - Handle process in NtFlushInstructionCache and validate parameters - Use _MoveToCoprocessor instead of GCC inline assembly for ARM svn path=/trunk/; revision=67770 2015-05-16 11:30:28 +00:00			`#include <ndk/ketypes.h>`
[KSECDD] - Implement Encrypt / DecryptMemory in KSecDD (it uses AES for 16 byte aligned sizes, and 3DES for 8 byte aligned sizes) - Install KSecDD - Actually use KSecDD for Encryption from advapi32 svn path=/trunk/; revision=64163 2014-09-15 21:05:38 +00:00			`#include <pseh/pseh2.h>`
[KSECDD] - Fix a typo in KsecQueryFileInformation - Implement missing ioctls in KsecDeviceControl - Support METHOD_OUT_DIRECT for IRP_MJ_DEVICE_CONTROL - Add stubs for KsecEn/DecryptMemory [ADVAPI32] - Use ksecdd to handle SystemFunction040 (RtlEncryptMemory) and SystemFunction041 (RtlDecryptMemory) (they still do nothing, but at least they do it in kenrnel mode now ;-)) svn path=/trunk/; revision=64153 2014-09-14 19:40:15 +00:00			`#include <ntstrsafe.h>`

[KSECDD] - Implement Encrypt / DecryptMemory in KSecDD (it uses AES for 16 byte aligned sizes, and 3DES for 8 byte aligned sizes) - Install KSecDD - Actually use KSecDD for Encryption from advapi32 svn path=/trunk/; revision=64163 2014-09-15 21:05:38 +00:00			`#include <md4.h>`
			`#include <md5.h>`
			`#include <tomcrypt.h>`
			`typedef aes_key AES_KEY, *PAES_KEY;`
			`typedef des3_key DES3_KEY, *PDES3_KEY;`

[KSECDD] - Fix a typo in KsecQueryFileInformation - Implement missing ioctls in KsecDeviceControl - Support METHOD_OUT_DIRECT for IRP_MJ_DEVICE_CONTROL - Add stubs for KsecEn/DecryptMemory [ADVAPI32] - Use ksecdd to handle SystemFunction040 (RtlEncryptMemory) and SystemFunction041 (RtlDecryptMemory) (they still do nothing, but at least they do it in kenrnel mode now ;-)) svn path=/trunk/; revision=64153 2014-09-14 19:40:15 +00:00			`#define STATUS_KSEC_INTERNAL_ERROR ((NTSTATUS)0x80090304)`

			`/* FIXME: this should be in some shared header */`
			`#define RTL_ENCRYPT_OPTION_SAME_PROCESS 0`
			`#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 1`
			`#define RTL_ENCRYPT_OPTION_SAME_LOGON 2`

			`typedef struct _KSEC_CONNECTION_INFO`
			`{`
			`ULONG Unknown0;`
			`NTSTATUS Status;`
			`ULONG_PTR Information;`
			`CHAR ConnectionString[128];`
			`ULONG Flags;`
			`} KSEC_CONNECTION_INFO;`
[KSECDD] Start implementing ksecdd svn path=/trunk/; revision=61754 2014-01-22 16:58:36 +00:00
[KSECDD] - Fix a typo in KsecQueryVolumeInformation, noticed by Michael Fritscher - Implement KsecGatherEntropyData, which will be used in generation of cryptographically secure random numbers according to FIPS 186-2. Based on information from http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx svn path=/trunk/; revision=61842 2014-01-26 20:30:06 +00:00			`#if defined(_M_IX86) \|\| defined(_M_AMD64)`
			`typedef struct _KSEC_MACHINE_SPECIFIC_COUNTERS`
			`{`
			`ULONG64 Tsc;`
			`ULONG64 Pmc0;`
			`ULONG64 Pmc1;`
			`ULONG64 Ctr0;`
			`ULONG64 Ctr1;`
			`} KSEC_MACHINE_SPECIFIC_COUNTERS, *PKSEC_MACHINE_SPECIFIC_COUNTERS;`
[KERNEL32/KSECDD/GDI32/BMFD/DBGHELP/HALARM/SETUPLDR] Fix ARM build svn path=/trunk/; revision=67736 2015-05-14 22:32:35 +00:00			`#elif defined(_M_ARM)`
			`typedef struct _KSEC_MACHINE_SPECIFIC_COUNTERS`
			`{`
			`ULONG Ccr;`
			`} KSEC_MACHINE_SPECIFIC_COUNTERS, *PKSEC_MACHINE_SPECIFIC_COUNTERS;`
[KSECDD] - Fix a typo in KsecQueryVolumeInformation, noticed by Michael Fritscher - Implement KsecGatherEntropyData, which will be used in generation of cryptographically secure random numbers according to FIPS 186-2. Based on information from http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx svn path=/trunk/; revision=61842 2014-01-26 20:30:06 +00:00			`#else`
[KERNEL32/KSECDD/GDI32/BMFD/DBGHELP/HALARM/SETUPLDR] Fix ARM build svn path=/trunk/; revision=67736 2015-05-14 22:32:35 +00:00			`typedef ULONG KSEC_MACHINE_SPECIFIC_COUNTERS, *PKSEC_MACHINE_SPECIFIC_COUNTERS;`
[KSECDD] - Fix a typo in KsecQueryVolumeInformation, noticed by Michael Fritscher - Implement KsecGatherEntropyData, which will be used in generation of cryptographically secure random numbers according to FIPS 186-2. Based on information from http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx svn path=/trunk/; revision=61842 2014-01-26 20:30:06 +00:00			`#endif`

			`typedef struct _KSEC_ENTROPY_DATA`
			`{`
			`HANDLE CurrentProcessId;`
			`HANDLE CurrentThreadId;`
			`LARGE_INTEGER TickCount;`
			`LARGE_INTEGER SystemTime;`
			`LARGE_INTEGER PerformanceCounter;`
			`LARGE_INTEGER PerformanceFrequency;`
			`UCHAR EnvironmentHash[16];`
			`KSEC_MACHINE_SPECIFIC_COUNTERS MachineSpecificCounters;`
			`SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION SystemProcessorPerformanceInformation;`
			`SYSTEM_PERFORMANCE_INFORMATION SystemPerformanceInformation;`
			`SYSTEM_EXCEPTION_INFORMATION SystemExceptionInformation;`
			`SYSTEM_LOOKASIDE_INFORMATION SystemLookasideInformation;`
			`SYSTEM_INTERRUPT_INFORMATION SystemInterruptInformation;`
			`SYSTEM_PROCESS_INFORMATION SystemProcessInformation;`
			`} KSEC_ENTROPY_DATA, *PKSEC_ENTROPY_DATA;`

Remove redundant extra terminating ';' in all of our C code. svn path=/trunk/; revision=70690 2016-02-04 20:42:07 +00:00			`extern PEPROCESS KsecLsaProcess;`
[KSECDD] - Fix a typo in KsecQueryFileInformation - Implement missing ioctls in KsecDeviceControl - Support METHOD_OUT_DIRECT for IRP_MJ_DEVICE_CONTROL - Add stubs for KsecEn/DecryptMemory [ADVAPI32] - Use ksecdd to handle SystemFunction040 (RtlEncryptMemory) and SystemFunction041 (RtlDecryptMemory) (they still do nothing, but at least they do it in kenrnel mode now ;-)) svn path=/trunk/; revision=64153 2014-09-14 19:40:15 +00:00			`extern HANDLE KsecLsaProcessHandle;`

[KSECDD] Start implementing ksecdd svn path=/trunk/; revision=61754 2014-01-22 16:58:36 +00:00			`NTSTATUS`
			`NTAPI`
			`KsecDdDispatch(`
			`PDEVICE_OBJECT DeviceObject,`
			`PIRP Irp);`

[KSECDD] - Implement Encrypt / DecryptMemory in KSecDD (it uses AES for 16 byte aligned sizes, and 3DES for 8 byte aligned sizes) - Install KSecDD - Actually use KSecDD for Encryption from advapi32 svn path=/trunk/; revision=64163 2014-09-15 21:05:38 +00:00			`NTSTATUS`
			`NTAPI`
			`KsecGatherEntropyData(`
			`PKSEC_ENTROPY_DATA EntropyData);`
[KSECDD] Start implementing ksecdd svn path=/trunk/; revision=61754 2014-01-22 16:58:36 +00:00
[KSECDD] Implement IRP_MJ_DEVICE_CONTROL, handle ioctl 0x390004, used by MS advapi32 to generate random numbers. Even though it is not very crypto-safe, for now we just use RtlRandomEx, "improved" by xoring the seed with some data from KeTickCount (no idea whether that does any good) svn path=/trunk/; revision=61759 2014-01-22 23:41:04 +00:00			`NTSTATUS`
			`NTAPI`
			`KsecGenRandom(`
			`PVOID Buffer,`
			`SIZE_T Length);`

[KSECDD] - Implement Encrypt / DecryptMemory in KSecDD (it uses AES for 16 byte aligned sizes, and 3DES for 8 byte aligned sizes) - Install KSecDD - Actually use KSecDD for Encryption from advapi32 svn path=/trunk/; revision=64163 2014-09-15 21:05:38 +00:00			`VOID`
			`NTAPI`
			`KsecInitializeEncryptionSupport (`
			`VOID);`

[KSECDD] - Fix a typo in KsecQueryFileInformation - Implement missing ioctls in KsecDeviceControl - Support METHOD_OUT_DIRECT for IRP_MJ_DEVICE_CONTROL - Add stubs for KsecEn/DecryptMemory [ADVAPI32] - Use ksecdd to handle SystemFunction040 (RtlEncryptMemory) and SystemFunction041 (RtlDecryptMemory) (they still do nothing, but at least they do it in kenrnel mode now ;-)) svn path=/trunk/; revision=64153 2014-09-14 19:40:15 +00:00			`NTSTATUS`
			`NTAPI`
			`KsecEncryptMemory (`
			`_Inout_ PVOID Buffer,`
			`_In_ ULONG Length,`
			`_In_ ULONG OptionFlags);`

			`NTSTATUS`
			`NTAPI`
			`KsecDecryptMemory (`
			`_Inout_ PVOID Buffer,`
			`_In_ ULONG Length,`
			`_In_ ULONG OptionFlags);`