X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/feda7bfaefd9e5fb705d6893f26428a3109e7226..9e42afcd09973d589b58be8f503f05b9f292c3b4:/lib/authhash.c diff --git a/lib/authhash.c b/lib/authhash.c index c06c233..9529061 100644 --- a/lib/authhash.c +++ b/lib/authhash.c @@ -1,6 +1,6 @@ /* * This file is part of DisOrder - * Copyright (C) 2004, 2006, 2007, 2009 Richard Kettlewell + * Copyright (C) 2004, 2006, 2007, 2009, 2013 Richard Kettlewell * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,19 +20,33 @@ #include "common.h" #include -#include +#if HAVE_GCRYPT_H +# include +#elif HAVE_BCRYPT_H +# include +# pragma comment(lib, "bcrypt") +#else +# error No crypto API available +#endif #include "hex.h" #include "log.h" #include "authhash.h" +#include "vector.h" /** @brief Structure of algorithm lookup table */ struct algorithm { /** @brief DisOrder algorithm name */ const char *name; +#if HAVE_GCRYPT_H /** @brief gcrypt algorithm ID */ int id; +#elif HAVE_BCRYPT_H + /** @brief CNG algorithm ID */ + const wchar_t *id; +#endif + }; /** @brief Algorithm lookup table @@ -41,6 +55,7 @@ struct algorithm { * the disorder protocol. */ static const struct algorithm algorithms[] = { +#if HAVE_GCRYPT_H { "SHA1", GCRY_MD_SHA1 }, { "sha1", GCRY_MD_SHA1 }, { "SHA256", GCRY_MD_SHA256 }, @@ -49,6 +64,16 @@ static const struct algorithm algorithms[] = { { "sha384", GCRY_MD_SHA384 }, { "SHA512", GCRY_MD_SHA512 }, { "sha512", GCRY_MD_SHA512 }, +#elif HAVE_BCRYPT_H + { "SHA1", BCRYPT_SHA1_ALGORITHM }, + { "sha1", BCRYPT_SHA1_ALGORITHM }, + { "SHA256", BCRYPT_SHA256_ALGORITHM }, + { "sha256", BCRYPT_SHA256_ALGORITHM }, + { "SHA384", BCRYPT_SHA384_ALGORITHM }, + { "sha384", BCRYPT_SHA384_ALGORITHM }, + { "SHA512", BCRYPT_SHA512_ALGORITHM }, + { "sha512", BCRYPT_SHA512_ALGORITHM }, +#endif }; /** @brief Number of supported algorithms */ @@ -66,10 +91,19 @@ static const struct algorithm algorithms[] = { */ char *authhash(const void *challenge, size_t nchallenge, const char *password, const char *algo) { +#if HAVE_GCRYPT_H gcrypt_hash_handle h; + int id; +#elif HAVE_BCRYPT_H + BCRYPT_ALG_HANDLE alg = 0; + BCRYPT_HASH_HANDLE hash = 0; + DWORD hashlen, hashlenlen; + PBYTE hashed = 0; + NTSTATUS rc; + struct dynstr d; +#endif char *res; size_t n; - int id; assert(challenge != 0); assert(password != 0); @@ -79,6 +113,7 @@ char *authhash(const void *challenge, size_t nchallenge, break; if(n >= NALGORITHMS) return NULL; +#if HAVE_GCRYPT_H id = algorithms[n].id; #if HAVE_GCRY_ERROR_T { @@ -96,6 +131,26 @@ char *authhash(const void *challenge, size_t nchallenge, gcry_md_write(h, challenge, nchallenge); res = hex(gcry_md_read(h, id), gcry_md_get_algo_dlen(id)); gcry_md_close(h); +#elif HAVE_BCRYPT_H + dynstr_init(&d); + dynstr_append_string(&d, password); + dynstr_append_bytes(&d, challenge, nchallenge); +#define DO(fn, args) do { \ + if((rc = fn args)) { disorder_error(0, "%s: %d", #fn, rc); goto error; } \ + } while(0) + res = NULL; + DO(BCryptOpenAlgorithmProvider, (&alg, algorithms[n].id, NULL, 0)); + DO(BCryptGetProperty, (alg, BCRYPT_HASH_LENGTH, (PBYTE)&hashlen, sizeof hashlen, &hashlenlen, 0)); + DO(BCryptCreateHash, (alg, &hash, NULL, 0, NULL, 0, 0)); + DO(BCryptHashData, (hash, d.vec, d.nvec, 0)); + hashed = xmalloc(hashlen); + DO(BCryptFinishHash, (hash, hashed, hashlen, 0)); + res = hex(hashed, hashlen); +error: + if(hash) BCryptDestroyHash(hash); + if(alg) BCryptCloseAlgorithmProvider(alg, 0); + xfree(hashed); +#endif return res; }