X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/d7b6f0d1cda54fe872145ab6ee20bf5bc131be8d..9e42afcd09973d589b58be8f503f05b9f292c3b4:/lib/authhash.c
diff --git a/lib/authhash.c b/lib/authhash.c
index 5c66c01..9529061 100644
--- a/lib/authhash.c
+++ b/lib/authhash.c
@@ -1,74 +1,169 @@
/*
* This file is part of DisOrder
- * Copyright (C) 2004, 2006 Richard Kettlewell
+ * Copyright (C) 2004, 2006, 2007, 2009, 2013 Richard Kettlewell
*
- * This program is free software; you can redistribute it and/or modify
+ * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
+ * along with this program. If not, see .
*/
+/** @file lib/authhash.c @brief The authorization hash */
-#include
-#include "types.h"
+#include "common.h"
#include
-#include
-#include
+#if HAVE_GCRYPT_H
+# include
+#elif HAVE_BCRYPT_H
+# include
+# pragma comment(lib, "bcrypt")
+#else
+# error No crypto API available
+#endif
#include "hex.h"
#include "log.h"
#include "authhash.h"
+#include "vector.h"
+
+/** @brief Structure of algorithm lookup table */
+struct algorithm {
+ /** @brief DisOrder algorithm name */
+ const char *name;
+
+#if HAVE_GCRYPT_H
+ /** @brief gcrypt algorithm ID */
+ int id;
+#elif HAVE_BCRYPT_H
+ /** @brief CNG algorithm ID */
+ const wchar_t *id;
+#endif
+
+};
-#ifndef AUTHHASH
-/** @brief Which hash function to use */
-# define AUTHHASH GCRY_MD_SHA1
+/** @brief Algorithm lookup table
+ *
+ * We don't use gcry_md_map_name() since that would import gcrypt's API into
+ * the disorder protocol.
+ */
+static const struct algorithm algorithms[] = {
+#if HAVE_GCRYPT_H
+ { "SHA1", GCRY_MD_SHA1 },
+ { "sha1", GCRY_MD_SHA1 },
+ { "SHA256", GCRY_MD_SHA256 },
+ { "sha256", GCRY_MD_SHA256 },
+ { "SHA384", GCRY_MD_SHA384 },
+ { "sha384", GCRY_MD_SHA384 },
+ { "SHA512", GCRY_MD_SHA512 },
+ { "sha512", GCRY_MD_SHA512 },
+#elif HAVE_BCRYPT_H
+ { "SHA1", BCRYPT_SHA1_ALGORITHM },
+ { "sha1", BCRYPT_SHA1_ALGORITHM },
+ { "SHA256", BCRYPT_SHA256_ALGORITHM },
+ { "sha256", BCRYPT_SHA256_ALGORITHM },
+ { "SHA384", BCRYPT_SHA384_ALGORITHM },
+ { "sha384", BCRYPT_SHA384_ALGORITHM },
+ { "SHA512", BCRYPT_SHA512_ALGORITHM },
+ { "sha512", BCRYPT_SHA512_ALGORITHM },
#endif
+};
+
+/** @brief Number of supported algorithms */
+#define NALGORITHMS (sizeof algorithms / sizeof *algorithms)
/** @brief Perform the authorization hash function
* @param challenge Pointer to challange
* @param nchallenge Size of challenge
* @param password Password
+ * @param algo Algorithm to use
+ * @return Hex string or NULL on error
*
* Computes H(challenge|password) and returns it as a newly allocated hex
- * string. Currently the hash function is SHA-1, but this may be changed in
- * future versions; see @ref AUTHHASH.
+ * string, or returns NULL on error.
*/
-const char *authhash(const void *challenge, size_t nchallenge,
- const char *password) {
+char *authhash(const void *challenge, size_t nchallenge,
+ const char *password, const char *algo) {
+#if HAVE_GCRYPT_H
gcrypt_hash_handle h;
- const char *res;
+ int id;
+#elif HAVE_BCRYPT_H
+ BCRYPT_ALG_HANDLE alg = 0;
+ BCRYPT_HASH_HANDLE hash = 0;
+ DWORD hashlen, hashlenlen;
+ PBYTE hashed = 0;
+ NTSTATUS rc;
+ struct dynstr d;
+#endif
+ char *res;
+ size_t n;
assert(challenge != 0);
assert(password != 0);
+ assert(algo != 0);
+ for(n = 0; n < NALGORITHMS; ++n)
+ if(!strcmp(algo, algorithms[n].name))
+ break;
+ if(n >= NALGORITHMS)
+ return NULL;
+#if HAVE_GCRYPT_H
+ id = algorithms[n].id;
#if HAVE_GCRY_ERROR_T
{
gcry_error_t e;
- if((e = gcry_md_open(&h, AUTHHASH, 0))) {
- error(0, "gcry_md_open: %s", gcry_strerror(e));
+ if((e = gcry_md_open(&h, id, 0))) {
+ disorder_error(0, "gcry_md_open: %s", gcry_strerror(e));
return 0;
}
}
#else
- h = gcry_md_open(AUTHHASH, 0);
+ h = gcry_md_open(id, 0);
#endif
gcry_md_write(h, password, strlen(password));
gcry_md_write(h, challenge, nchallenge);
- res = hex(gcry_md_read(h, AUTHHASH), gcry_md_get_algo_dlen(AUTHHASH));
+ res = hex(gcry_md_read(h, id), gcry_md_get_algo_dlen(id));
gcry_md_close(h);
+#elif HAVE_BCRYPT_H
+ dynstr_init(&d);
+ dynstr_append_string(&d, password);
+ dynstr_append_bytes(&d, challenge, nchallenge);
+#define DO(fn, args) do { \
+ if((rc = fn args)) { disorder_error(0, "%s: %d", #fn, rc); goto error; } \
+ } while(0)
+ res = NULL;
+ DO(BCryptOpenAlgorithmProvider, (&alg, algorithms[n].id, NULL, 0));
+ DO(BCryptGetProperty, (alg, BCRYPT_HASH_LENGTH, (PBYTE)&hashlen, sizeof hashlen, &hashlenlen, 0));
+ DO(BCryptCreateHash, (alg, &hash, NULL, 0, NULL, 0, 0));
+ DO(BCryptHashData, (hash, d.vec, d.nvec, 0));
+ hashed = xmalloc(hashlen);
+ DO(BCryptFinishHash, (hash, hashed, hashlen, 0));
+ res = hex(hashed, hashlen);
+error:
+ if(hash) BCryptDestroyHash(hash);
+ if(alg) BCryptCloseAlgorithmProvider(alg, 0);
+ xfree(hashed);
+#endif
return res;
}
+/** @brief Return non-zero if @p algo is a valid algorithm */
+int valid_authhash(const char *algo) {
+ size_t n;
+
+ for(n = 0; n < NALGORITHMS; ++n)
+ if(!strcmp(algo, algorithms[n].name))
+ return 1;
+ return 0;
+}
+
/*
Local Variables:
c-basic-offset:2