X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/1020001ce9f8c0f2e9119d92b0b7f680a6be79b9..9e42afcd09973d589b58be8f503f05b9f292c3b4:/lib/authhash.c

diff --git a/lib/authhash.c b/lib/authhash.c
index 24c40f0..9529061 100644
--- a/lib/authhash.c
+++ b/lib/authhash.c
@@ -1,39 +1,52 @@
 /*
  * This file is part of DisOrder
- * Copyright (C) 2004, 2006, 2007 Richard Kettlewell
+ * Copyright (C) 2004, 2006, 2007, 2009, 2013 Richard Kettlewell
  *
- * This program is free software; you can redistribute it and/or modify
+ * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation, either version 3 of the License, or
  * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 /** @file lib/authhash.c @brief The authorization hash */
 
-#include <config.h>
-#include "types.h"
+#include "common.h"
 
 #include <stddef.h>
-#include <gcrypt.h>
-#include <assert.h>
+#if HAVE_GCRYPT_H
+# include <gcrypt.h>
+#elif HAVE_BCRYPT_H
+# include <bcrypt.h>
+# pragma comment(lib, "bcrypt")
+#else
+# error No crypto API available
+#endif
 
 #include "hex.h"
 #include "log.h"
 #include "authhash.h"
+#include "vector.h"
 
 /** @brief Structure of algorithm lookup table */
 struct algorithm {
+  /** @brief DisOrder algorithm name */
   const char *name;
+
+#if HAVE_GCRYPT_H
+  /** @brief gcrypt algorithm ID */
   int id;
+#elif HAVE_BCRYPT_H
+  /** @brief CNG algorithm ID */
+  const wchar_t *id;
+#endif
+
 };
 
 /** @brief Algorithm lookup table
@@ -42,6 +55,7 @@ struct algorithm {
  * the disorder protocol.
  */
 static const struct algorithm algorithms[] = {
+#if HAVE_GCRYPT_H
   { "SHA1", GCRY_MD_SHA1 },
   { "sha1", GCRY_MD_SHA1 },
   { "SHA256", GCRY_MD_SHA256 },
@@ -50,6 +64,16 @@ static const struct algorithm algorithms[] = {
   { "sha384", GCRY_MD_SHA384 },
   { "SHA512", GCRY_MD_SHA512 },
   { "sha512", GCRY_MD_SHA512 },
+#elif HAVE_BCRYPT_H
+  { "SHA1", BCRYPT_SHA1_ALGORITHM },
+  { "sha1", BCRYPT_SHA1_ALGORITHM },
+  { "SHA256", BCRYPT_SHA256_ALGORITHM },
+  { "sha256", BCRYPT_SHA256_ALGORITHM },
+  { "SHA384", BCRYPT_SHA384_ALGORITHM },
+  { "sha384", BCRYPT_SHA384_ALGORITHM },
+  { "SHA512", BCRYPT_SHA512_ALGORITHM },
+  { "sha512", BCRYPT_SHA512_ALGORITHM },
+#endif
 };
 
 /** @brief Number of supported algorithms */
@@ -60,16 +84,26 @@ static const struct algorithm algorithms[] = {
  * @param nchallenge Size of challenge
  * @param password Password
  * @param algo Algorithm to use
+ * @return Hex string or NULL on error
  *
  * Computes H(challenge|password) and returns it as a newly allocated hex
  * string, or returns NULL on error.
  */
-const char *authhash(const void *challenge, size_t nchallenge,
-		     const char *password, const char *algo) {
+char *authhash(const void *challenge, size_t nchallenge,
+               const char *password, const char *algo) {
+#if HAVE_GCRYPT_H
   gcrypt_hash_handle h;
-  const char *res;
-  size_t n;
   int id;
+#elif HAVE_BCRYPT_H
+  BCRYPT_ALG_HANDLE alg = 0;
+  BCRYPT_HASH_HANDLE hash = 0;
+  DWORD hashlen, hashlenlen;
+  PBYTE hashed = 0;
+  NTSTATUS rc;
+  struct dynstr d;
+#endif
+  char *res;
+  size_t n;
 
   assert(challenge != 0);
   assert(password != 0);
@@ -79,13 +113,14 @@ const char *authhash(const void *challenge, size_t nchallenge,
       break;
   if(n >= NALGORITHMS)
     return NULL;
+#if HAVE_GCRYPT_H
   id = algorithms[n].id;
 #if HAVE_GCRY_ERROR_T
   {
     gcry_error_t e;
     
     if((e = gcry_md_open(&h, id, 0))) {
-      error(0, "gcry_md_open: %s", gcry_strerror(e));
+      disorder_error(0, "gcry_md_open: %s", gcry_strerror(e));
       return 0;
     }
   }
@@ -96,6 +131,26 @@ const char *authhash(const void *challenge, size_t nchallenge,
   gcry_md_write(h, challenge, nchallenge);
   res = hex(gcry_md_read(h, id), gcry_md_get_algo_dlen(id));
   gcry_md_close(h);
+#elif HAVE_BCRYPT_H
+  dynstr_init(&d);
+  dynstr_append_string(&d, password);
+  dynstr_append_bytes(&d, challenge, nchallenge);
+#define DO(fn, args) do { \
+  if((rc = fn args)) { disorder_error(0, "%s: %d", #fn, rc); goto error; } \
+  } while(0)
+  res = NULL;
+  DO(BCryptOpenAlgorithmProvider, (&alg, algorithms[n].id, NULL, 0));
+  DO(BCryptGetProperty, (alg, BCRYPT_HASH_LENGTH, (PBYTE)&hashlen, sizeof hashlen, &hashlenlen, 0));
+  DO(BCryptCreateHash, (alg, &hash, NULL, 0, NULL, 0, 0));
+  DO(BCryptHashData, (hash, d.vec, d.nvec, 0));
+  hashed = xmalloc(hashlen);
+  DO(BCryptFinishHash, (hash, hashed, hashlen, 0));
+  res = hex(hashed, hashlen);
+error:
+  if(hash) BCryptDestroyHash(hash);
+  if(alg) BCryptCloseAlgorithmProvider(alg, 0);
+  xfree(hashed);
+#endif
   return res;
 }