mimikatz/modules/kull_m_crypto.h

/*	Benjamin DELPY `gentilkiwi`
	http://blog.gentilkiwi.com
	benjamin@gentilkiwi.com
	Licence : https://creativecommons.org/licenses/by/4.0/
*/
#pragma once
#include "globals.h"
#include "kull_m_string.h"
#include "kull_m_crypto_system.h"

#define AES_256_KEY_SIZE	(256/8)
#define AES_128_KEY_SIZE	(128/8)
#define AES_BLOCK_SIZE		16

typedef struct _GENERICKEY_BLOB {
	BLOBHEADER Header;
	DWORD dwKeyLen;
} GENERICKEY_BLOB, *PGENERICKEY_BLOB;

typedef struct _RSA_GENERICKEY_BLOB {
	BLOBHEADER Header;
	RSAPUBKEY RsaKey; // works with RSA2 ;)
} RSA_GENERICKEY_BLOB, *PRSA_GENERICKEY_BLOB;

#define PVK_FILE_VERSION_0				0
#define PVK_MAGIC						0xb0b5f11e // bob's file
#define PVK_NO_ENCRYPT					0
#define PVK_RC4_PASSWORD_ENCRYPT		1
#define PVK_RC2_CBC_PASSWORD_ENCRYPT	2

typedef struct _PVK_FILE_HDR {
	DWORD	dwMagic;
	DWORD	dwVersion;
	DWORD	dwKeySpec;
	DWORD	dwEncryptType;
	DWORD	cbEncryptData;
	DWORD	cbPvk;
} PVK_FILE_HDR, *PPVK_FILE_HDR;

typedef struct _KIWI_HARD_KEY {
	ULONG cbSecret;
	BYTE data[ANYSIZE_ARRAY]; // etc...
} KIWI_HARD_KEY, *PKIWI_HARD_KEY;

typedef struct _KIWI_BCRYPT_KEY {
	ULONG size;
	ULONG tag;	// 'MSSK'
	ULONG type;
	ULONG unk0;
	ULONG unk1;
	ULONG bits;
	KIWI_HARD_KEY hardkey;
} KIWI_BCRYPT_KEY, *PKIWI_BCRYPT_KEY;

BOOL kull_m_crypto_hash(ALG_ID algid, LPCVOID data, DWORD dataLen, LPVOID hash, DWORD hashWanted);
BOOL kull_m_crypto_hkey(HCRYPTPROV hProv, DWORD calgid, LPCVOID key, DWORD keyLen, DWORD flags, HCRYPTKEY *hKey, HCRYPTPROV *hSessionProv);
BOOL kull_m_crypto_hmac(DWORD calgid, LPCVOID key, DWORD keyLen, LPCVOID message, DWORD messageLen, LPVOID hash, DWORD hashWanted);
BOOL kull_m_crypto_pkcs5_pbkdf2_hmac(DWORD calgid, LPCVOID password, DWORD passwordLen, LPCVOID salt, DWORD saltLen, DWORD iterations, BYTE *key, DWORD keyLen, BOOL isDpapiInternal);
BOOL kull_m_crypto_aesCTSEncryptDecrypt(DWORD aesCalgId, PVOID data, DWORD szData, PVOID key, DWORD szKey, PVOID pbIV, BOOL encrypt);
BOOL kull_m_crypto_DeriveKeyRaw(ALG_ID hashId, LPVOID hash, DWORD hashLen, LPVOID key, DWORD keyLen);
BOOL kull_m_crypto_close_hprov_delete_container(HCRYPTPROV hProv);
BOOL kull_m_crypto_hkey_session(ALG_ID calgid, LPCVOID key, DWORD keyLen, DWORD flags, HCRYPTKEY *hSessionKey, HCRYPTPROV *hSessionProv);
DWORD kull_m_crypto_hash_len(ALG_ID hashId);
DWORD kull_m_crypto_cipher_blocklen(ALG_ID hashId);
DWORD kull_m_crypto_cipher_keylen(ALG_ID hashId);
NTSTATUS kull_m_crypto_get_dcc(PBYTE dcc, PBYTE ntlm, PUNICODE_STRING Username, DWORD realIterations);
DWORD kull_m_crypto_crc32(DWORD startCrc, LPCVOID data, DWORD size);

typedef struct _KULL_M_CRYPTO_DUAL_STRING_DWORD {
	PCWSTR	name;
	DWORD	id;
} KULL_M_CRYPTO_DUAL_STRING_DWORD, *PKULL_M_CRYPTO_DUAL_STRING_DWORD;

typedef struct _KULL_M_CRYPTO_DUAL_STRING_STRING {
	PCWSTR	name;
	PCWSTR	realname;
} KULL_M_CRYPTO_DUAL_STRING_STRING, *PKULL_M_CRYPTO_DUAL_STRING_STRING;

#define CERT_cert_file_element	32
#define CERT_crl_file_element	33
#define CERT_ctl_file_element	34
#define CERT_keyid_file_element	35

DWORD kull_m_crypto_system_store_to_dword(PCWSTR name);
DWORD kull_m_crypto_provider_type_to_dword(PCWSTR name);
PCWSTR kull_m_crypto_provider_type_to_name(const DWORD dwProvType);
PCWCHAR kull_m_crypto_provider_to_realname(PCWSTR name);
PCWCHAR kull_m_crypto_keytype_to_str(const DWORD keyType);
PCWCHAR kull_m_crypto_algid_to_name(ALG_ID algid);
PCWCHAR kull_m_crypto_cert_prop_id_to_name(const DWORD propId);
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00			/* Benjamin DELPY `gentilkiwi`
			`http://blog.gentilkiwi.com`
			`benjamin@gentilkiwi.com`
Global licence update, credits to Vincent LE TOUX for DCSync, and lsadump::hash moved to crypto::hash 2015-08-25 09:19:01 +00:00			`Licence : https://creativecommons.org/licenses/by/4.0/`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00			`*/`
			`#pragma once`
			`#include "globals.h"`
DPAPI & Crypto 2015-06-07 21:19:28 +00:00			`#include "kull_m_string.h"`
Global licence update, credits to Vincent LE TOUX for DCSync, and lsadump::hash moved to crypto::hash 2015-08-25 09:19:01 +00:00			`#include "kull_m_crypto_system.h"`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00
			`#define AES_256_KEY_SIZE (256/8)`
			`#define AES_128_KEY_SIZE (128/8)`
			`#define AES_BLOCK_SIZE 16`

			`typedef struct _GENERICKEY_BLOB {`
			`BLOBHEADER Header;`
			`DWORD dwKeyLen;`
			`} GENERICKEY_BLOB, *PGENERICKEY_BLOB;`

DPAPI for CAPI & CNG 2015-06-18 00:18:17 +00:00			`typedef struct _RSA_GENERICKEY_BLOB {`
			`BLOBHEADER Header;`
			`RSAPUBKEY RsaKey; // works with RSA2 ;)`
			`} RSA_GENERICKEY_BLOB, *PRSA_GENERICKEY_BLOB;`

DPAPI Masterkeys (normal, backup, domain) 2015-06-14 00:46:21 +00:00			`#define PVK_FILE_VERSION_0 0`
			`#define PVK_MAGIC 0xb0b5f11e // bob's file`
			`#define PVK_NO_ENCRYPT 0`
			`#define PVK_RC4_PASSWORD_ENCRYPT 1`
			`#define PVK_RC2_CBC_PASSWORD_ENCRYPT 2`

			`typedef struct _PVK_FILE_HDR {`
			`DWORD dwMagic;`
			`DWORD dwVersion;`
			`DWORD dwKeySpec;`
			`DWORD dwEncryptType;`
			`DWORD cbEncryptData;`
			`DWORD cbPvk;`
			`} PVK_FILE_HDR, *PPVK_FILE_HDR;`

DPAPI credentials (legacy & vault) 2015-07-14 23:13:21 +00:00			`typedef struct _KIWI_HARD_KEY {`
			`ULONG cbSecret;`
			`BYTE data[ANYSIZE_ARRAY]; // etc...`
			`} KIWI_HARD_KEY, *PKIWI_HARD_KEY;`

			`typedef struct _KIWI_BCRYPT_KEY {`
			`ULONG size;`
			`ULONG tag; // 'MSSK'`
			`ULONG type;`
			`ULONG unk0;`
			`ULONG unk1;`
			`ULONG bits;`
			`KIWI_HARD_KEY hardkey;`
			`} KIWI_BCRYPT_KEY, *PKIWI_BCRYPT_KEY;`

DPAPI & Crypto 2015-06-07 21:19:28 +00:00			`BOOL kull_m_crypto_hash(ALG_ID algid, LPCVOID data, DWORD dataLen, LPVOID hash, DWORD hashWanted);`
			`BOOL kull_m_crypto_hkey(HCRYPTPROV hProv, DWORD calgid, LPCVOID key, DWORD keyLen, DWORD flags, HCRYPTKEY hKey, HCRYPTPROV hSessionProv);`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00			`BOOL kull_m_crypto_hmac(DWORD calgid, LPCVOID key, DWORD keyLen, LPCVOID message, DWORD messageLen, LPVOID hash, DWORD hashWanted);`
DPAPI Masterkeys (normal, backup, domain) 2015-06-14 00:46:21 +00:00			`BOOL kull_m_crypto_pkcs5_pbkdf2_hmac(DWORD calgid, LPCVOID password, DWORD passwordLen, LPCVOID salt, DWORD saltLen, DWORD iterations, BYTE *key, DWORD keyLen, BOOL isDpapiInternal);`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00			`BOOL kull_m_crypto_aesCTSEncryptDecrypt(DWORD aesCalgId, PVOID data, DWORD szData, PVOID key, DWORD szKey, PVOID pbIV, BOOL encrypt);`
DPAPI & Crypto 2015-06-07 21:19:28 +00:00			`BOOL kull_m_crypto_DeriveKeyRaw(ALG_ID hashId, LPVOID hash, DWORD hashLen, LPVOID key, DWORD keyLen);`
			`BOOL kull_m_crypto_close_hprov_delete_container(HCRYPTPROV hProv);`
			`BOOL kull_m_crypto_hkey_session(ALG_ID calgid, LPCVOID key, DWORD keyLen, DWORD flags, HCRYPTKEY hSessionKey, HCRYPTPROV hSessionProv);`
DPAPI Masterkeys (normal, backup, domain) 2015-06-14 00:46:21 +00:00			`DWORD kull_m_crypto_hash_len(ALG_ID hashId);`
			`DWORD kull_m_crypto_cipher_blocklen(ALG_ID hashId);`
			`DWORD kull_m_crypto_cipher_keylen(ALG_ID hashId);`
Global licence update, credits to Vincent LE TOUX for DCSync, and lsadump::hash moved to crypto::hash 2015-08-25 09:19:01 +00:00			`NTSTATUS kull_m_crypto_get_dcc(PBYTE dcc, PBYTE ntlm, PUNICODE_STRING Username, DWORD realIterations);`
lsadump::dcsync and net::user updates 2015-08-16 22:18:04 +00:00			`DWORD kull_m_crypto_crc32(DWORD startCrc, LPCVOID data, DWORD size);`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00
			`typedef struct _KULL_M_CRYPTO_DUAL_STRING_DWORD {`
			`PCWSTR name;`
			`DWORD id;`
			`} KULL_M_CRYPTO_DUAL_STRING_DWORD, *PKULL_M_CRYPTO_DUAL_STRING_DWORD;`

			`typedef struct _KULL_M_CRYPTO_DUAL_STRING_STRING {`
			`PCWSTR name;`
			`PCWSTR realname;`
			`} KULL_M_CRYPTO_DUAL_STRING_STRING, *PKULL_M_CRYPTO_DUAL_STRING_STRING;`

Crypto & Kerberos enhancements - [fix] dpapi::capi now deals with AT_SIGNATURE keys - [fix] sekurlsa::kerberos / kerberos:: encryption type are now signed - [new] kerberos::ask to ask / save TGS from current TGT - [new] crypto::system to describe/to export Windows System Certificate (cert, crl, ctl, keyid) - [internal] smaller banner for smaller displays - [internal] Copyrights for 2016 - [internal] kull_m_file can deal with environment-variable strings in paths - [internal] kull_m_crypto new types for CERT_PROP_*_ID 2016-01-12 02:13:12 +00:00			`#define CERT_cert_file_element 32`
			`#define CERT_crl_file_element 33`
			`#define CERT_ctl_file_element 34`
			`#define CERT_keyid_file_element 35`

Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00			`DWORD kull_m_crypto_system_store_to_dword(PCWSTR name);`
			`DWORD kull_m_crypto_provider_type_to_dword(PCWSTR name);`
Crypto & Kerberos enhancements - [fix] dpapi::capi now deals with AT_SIGNATURE keys - [fix] sekurlsa::kerberos / kerberos:: encryption type are now signed - [new] kerberos::ask to ask / save TGS from current TGT - [new] crypto::system to describe/to export Windows System Certificate (cert, crl, ctl, keyid) - [internal] smaller banner for smaller displays - [internal] Copyrights for 2016 - [internal] kull_m_file can deal with environment-variable strings in paths - [internal] kull_m_crypto new types for CERT_PROP_*_ID 2016-01-12 02:13:12 +00:00			`PCWSTR kull_m_crypto_provider_type_to_name(const DWORD dwProvType);`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00			`PCWCHAR kull_m_crypto_provider_to_realname(PCWSTR name);`
			`PCWCHAR kull_m_crypto_keytype_to_str(const DWORD keyType);`
Crypto & Kerberos enhancements - [fix] dpapi::capi now deals with AT_SIGNATURE keys - [fix] sekurlsa::kerberos / kerberos:: encryption type are now signed - [new] kerberos::ask to ask / save TGS from current TGT - [new] crypto::system to describe/to export Windows System Certificate (cert, crl, ctl, keyid) - [internal] smaller banner for smaller displays - [internal] Copyrights for 2016 - [internal] kull_m_file can deal with environment-variable strings in paths - [internal] kull_m_crypto new types for CERT_PROP_*_ID 2016-01-12 02:13:12 +00:00			`PCWCHAR kull_m_crypto_algid_to_name(ALG_ID algid);`
			`PCWCHAR kull_m_crypto_cert_prop_id_to_name(const DWORD propId);`