[disorder] / lib / authhash.c

/*
 * This file is part of DisOrder
 * Copyright (C) 2004, 2006, 2007, 2009, 2013 Richard Kettlewell
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
/** @file lib/authhash.c @brief The authorization hash */

#include "common.h"

#include <stddef.h>
#if HAVE_GCRYPT_H
# include <gcrypt.h>
#elif HAVE_BCRYPT_H
# include <bcrypt.h>
# pragma comment(lib, "bcrypt")
#else
# error No crypto API available
#endif

#include "hex.h"
#include "log.h"
#include "authhash.h"
#include "vector.h"

/** @brief Structure of algorithm lookup table */
struct algorithm {
  /** @brief DisOrder algorithm name */
  const char *name;

#if HAVE_GCRYPT_H
  /** @brief gcrypt algorithm ID */
  int id;
#elif HAVE_BCRYPT_H
  /** @brief CNG algorithm ID */
  const wchar_t *id;
#endif

};

/** @brief Algorithm lookup table
 *
 * We don't use gcry_md_map_name() since that would import gcrypt's API into
 * the disorder protocol.
 */
static const struct algorithm algorithms[] = {
#if HAVE_GCRYPT_H
  { "SHA1", GCRY_MD_SHA1 },
  { "sha1", GCRY_MD_SHA1 },
  { "SHA256", GCRY_MD_SHA256 },
  { "sha256", GCRY_MD_SHA256 },
  { "SHA384", GCRY_MD_SHA384 },
  { "sha384", GCRY_MD_SHA384 },
  { "SHA512", GCRY_MD_SHA512 },
  { "sha512", GCRY_MD_SHA512 },
#elif HAVE_BCRYPT_H
  { "SHA1", BCRYPT_SHA1_ALGORITHM },
  { "sha1", BCRYPT_SHA1_ALGORITHM },
  { "SHA256", BCRYPT_SHA256_ALGORITHM },
  { "sha256", BCRYPT_SHA256_ALGORITHM },
  { "SHA384", BCRYPT_SHA384_ALGORITHM },
  { "sha384", BCRYPT_SHA384_ALGORITHM },
  { "SHA512", BCRYPT_SHA512_ALGORITHM },
  { "sha512", BCRYPT_SHA512_ALGORITHM },
#endif
};

/** @brief Number of supported algorithms */
#define NALGORITHMS (sizeof algorithms / sizeof *algorithms)

/** @brief Perform the authorization hash function
 * @param challenge Pointer to challange
 * @param nchallenge Size of challenge
 * @param password Password
 * @param algo Algorithm to use
 * @return Hex string or NULL on error
 *
 * Computes H(challenge|password) and returns it as a newly allocated hex
 * string, or returns NULL on error.
 */
char *authhash(const void *challenge, size_t nchallenge,
               const char *password, const char *algo) {
#if HAVE_GCRYPT_H
  gcrypt_hash_handle h;
  int id;
#elif HAVE_BCRYPT_H
  BCRYPT_ALG_HANDLE alg = 0;
  BCRYPT_HASH_HANDLE hash = 0;
  DWORD hashlen, hashlenlen;
  PBYTE hashed = 0;
  NTSTATUS rc;
  struct dynstr d;
#endif
  char *res;
  size_t n;

  assert(challenge != 0);
  assert(password != 0);
  assert(algo != 0);
  for(n = 0; n < NALGORITHMS; ++n)
    if(!strcmp(algo, algorithms[n].name))
      break;
  if(n >= NALGORITHMS)
    return NULL;
#if HAVE_GCRYPT_H
  id = algorithms[n].id;
#if HAVE_GCRY_ERROR_T
  {
    gcry_error_t e;
    
    if((e = gcry_md_open(&h, id, 0))) {
      disorder_error(0, "gcry_md_open: %s", gcry_strerror(e));
      return 0;
    }
  }
#else
  h = gcry_md_open(id, 0);
#endif
  gcry_md_write(h, password, strlen(password));
  gcry_md_write(h, challenge, nchallenge);
  res = hex(gcry_md_read(h, id), gcry_md_get_algo_dlen(id));
  gcry_md_close(h);
#elif HAVE_BCRYPT_H
  dynstr_init(&d);
  dynstr_append_string(&d, password);
  dynstr_append_bytes(&d, challenge, nchallenge);
#define DO(fn, args) do { \
  if((rc = fn args)) { disorder_error(0, "%s: %d", #fn, rc); goto error; } \
  } while(0)
  res = NULL;
  DO(BCryptOpenAlgorithmProvider, (&alg, algorithms[n].id, NULL, 0));
  DO(BCryptGetProperty, (alg, BCRYPT_HASH_LENGTH, (PBYTE)&hashlen, sizeof hashlen, &hashlenlen, 0));
  DO(BCryptCreateHash, (alg, &hash, NULL, 0, NULL, 0, 0));
  DO(BCryptHashData, (hash, d.vec, d.nvec, 0));
  hashed = xmalloc(hashlen);
  DO(BCryptFinishHash, (hash, hashed, hashlen, 0));
  res = hex(hashed, hashlen);
error:
  if(hash) BCryptDestroyHash(hash);
  if(alg) BCryptCloseAlgorithmProvider(alg, 0);
  xfree(hashed);
#endif
  return res;
}

/** @brief Return non-zero if @p algo is a valid algorithm */
int valid_authhash(const char *algo) {
  size_t n;

  for(n = 0; n < NALGORITHMS; ++n)
    if(!strcmp(algo, algorithms[n].name))
      return 1;
  return 0;
}

/*
Local Variables:
c-basic-offset:2
comment-column:40
fill-column:79
End:
*/
Commit	Line	Data
460b9539	1	/*
460b9539	2	* This file is part of DisOrder
cca89d7c	3	* Copyright (C) 2004, 2006, 2007, 2009, 2013 Richard Kettlewell
460b9539	4	*
e7eb3a27	5	* This program is free software: you can redistribute it and/or modify
460b9539	6	* it under the terms of the GNU General Public License as published by
e7eb3a27	7	* the Free Software Foundation, either version 3 of the License, or
460b9539	8	* (at your option) any later version.
e7eb3a27 RK	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
460b9539	15	* You should have received a copy of the GNU General Public License
e7eb3a27	16	* along with this program. If not, see <http://www.gnu.org/licenses/>.
460b9539	17	*/
14ad73b9	18	/** @file lib/authhash.c @brief The authorization hash */
460b9539	19
05b75f8d	20	#include "common.h"
460b9539	21
460b9539	22	#include <stddef.h>
cca89d7c RK	23	#if HAVE_GCRYPT_H
cca89d7c RK	24	# include <gcrypt.h>
9e42afcd RK	25	#elif HAVE_BCRYPT_H
	26	# include <bcrypt.h>
	27	# pragma comment(lib, "bcrypt")
cca89d7c RK	28	#else
	29	# error No crypto API available
	30	#endif
460b9539	31
	32	#include "hex.h"
	33	#include "log.h"
	34	#include "authhash.h"
9e42afcd	35	#include "vector.h"
460b9539	36
637fdea3 RK	37	/** @brief Structure of algorithm lookup table */
637fdea3 RK	38	struct algorithm {
4d82d579	39	/** @brief DisOrder algorithm name */
637fdea3	40	const char *name;
4d82d579	41
cca89d7c	42	#if HAVE_GCRYPT_H
4d82d579	43	/** @brief gcrypt algorithm ID */
637fdea3	44	int id;
9e42afcd RK	45	#elif HAVE_BCRYPT_H
	46	/** @brief CNG algorithm ID */
	47	const wchar_t *id;
cca89d7c RK	48	#endif
cca89d7c RK	49
637fdea3 RK	50	};
	51
	52	/** @brief Algorithm lookup table
	53	*
	54	* We don't use gcry_md_map_name() since that would import gcrypt's API into
	55	* the disorder protocol.
	56	*/
	57	static const struct algorithm algorithms[] = {
cca89d7c	58	#if HAVE_GCRYPT_H
637fdea3 RK	59	{ "SHA1", GCRY_MD_SHA1 },
	60	{ "sha1", GCRY_MD_SHA1 },
	61	{ "SHA256", GCRY_MD_SHA256 },
	62	{ "sha256", GCRY_MD_SHA256 },
	63	{ "SHA384", GCRY_MD_SHA384 },
	64	{ "sha384", GCRY_MD_SHA384 },
	65	{ "SHA512", GCRY_MD_SHA512 },
	66	{ "sha512", GCRY_MD_SHA512 },
9e42afcd RK	67	#elif HAVE_BCRYPT_H
	68	{ "SHA1", BCRYPT_SHA1_ALGORITHM },
	69	{ "sha1", BCRYPT_SHA1_ALGORITHM },
	70	{ "SHA256", BCRYPT_SHA256_ALGORITHM },
	71	{ "sha256", BCRYPT_SHA256_ALGORITHM },
	72	{ "SHA384", BCRYPT_SHA384_ALGORITHM },
	73	{ "sha384", BCRYPT_SHA384_ALGORITHM },
	74	{ "SHA512", BCRYPT_SHA512_ALGORITHM },
	75	{ "sha512", BCRYPT_SHA512_ALGORITHM },
cca89d7c	76	#endif
637fdea3 RK	77	};
	78
	79	/** @brief Number of supported algorithms */
	80	#define NALGORITHMS (sizeof algorithms / sizeof *algorithms)
460b9539	81
d7b6f0d1	82	/** @brief Perform the authorization hash function
	83	* @param challenge Pointer to challange
	84	* @param nchallenge Size of challenge
	85	* @param password Password
637fdea3	86	* @param algo Algorithm to use
4d82d579	87	* @return Hex string or NULL on error
d7b6f0d1	88	*
d7b6f0d1	89	* Computes H(challenge\|password) and returns it as a newly allocated hex
637fdea3	90	* string, or returns NULL on error.
d7b6f0d1	91	*/
f74f4f32 RK	92	char authhash(const void challenge, size_t nchallenge,
f74f4f32 RK	93	const char password, const char algo) {
cca89d7c	94	#if HAVE_GCRYPT_H
460b9539	95	gcrypt_hash_handle h;
cca89d7c	96	int id;
9e42afcd RK	97	#elif HAVE_BCRYPT_H
	98	BCRYPT_ALG_HANDLE alg = 0;
	99	BCRYPT_HASH_HANDLE hash = 0;
	100	DWORD hashlen, hashlenlen;
	101	PBYTE hashed = 0;
	102	NTSTATUS rc;
	103	struct dynstr d;
cca89d7c	104	#endif
f74f4f32	105	char *res;
637fdea3	106	size_t n;
1c0d78bd RK	107
	108	assert(challenge != 0);
	109	assert(password != 0);
637fdea3 RK	110	assert(algo != 0);
	111	for(n = 0; n < NALGORITHMS; ++n)
	112	if(!strcmp(algo, algorithms[n].name))
	113	break;
	114	if(n >= NALGORITHMS)
	115	return NULL;
cca89d7c	116	#if HAVE_GCRYPT_H
637fdea3	117	id = algorithms[n].id;
460b9539	118	#if HAVE_GCRY_ERROR_T
	119	{
	120	gcry_error_t e;
	121
637fdea3	122	if((e = gcry_md_open(&h, id, 0))) {
2e9ba080	123	disorder_error(0, "gcry_md_open: %s", gcry_strerror(e));
460b9539	124	return 0;
	125	}
	126	}
	127	#else
637fdea3	128	h = gcry_md_open(id, 0);
460b9539	129	#endif
	130	gcry_md_write(h, password, strlen(password));
	131	gcry_md_write(h, challenge, nchallenge);
637fdea3	132	res = hex(gcry_md_read(h, id), gcry_md_get_algo_dlen(id));
460b9539	133	gcry_md_close(h);
9e42afcd RK	134	#elif HAVE_BCRYPT_H
	135	dynstr_init(&d);
	136	dynstr_append_string(&d, password);
	137	dynstr_append_bytes(&d, challenge, nchallenge);
	138	#define DO(fn, args) do { \
	139	if((rc = fn args)) { disorder_error(0, "%s: %d", #fn, rc); goto error; } \
	140	} while(0)
	141	res = NULL;
	142	DO(BCryptOpenAlgorithmProvider, (&alg, algorithms[n].id, NULL, 0));
	143	DO(BCryptGetProperty, (alg, BCRYPT_HASH_LENGTH, (PBYTE)&hashlen, sizeof hashlen, &hashlenlen, 0));
	144	DO(BCryptCreateHash, (alg, &hash, NULL, 0, NULL, 0, 0));
	145	DO(BCryptHashData, (hash, d.vec, d.nvec, 0));
	146	hashed = xmalloc(hashlen);
	147	DO(BCryptFinishHash, (hash, hashed, hashlen, 0));
	148	res = hex(hashed, hashlen);
	149	error:
	150	if(hash) BCryptDestroyHash(hash);
	151	if(alg) BCryptCloseAlgorithmProvider(alg, 0);
	152	xfree(hashed);
cca89d7c	153	#endif
460b9539	154	return res;
	155	}
	156
637fdea3 RK	157	/** @brief Return non-zero if @p algo is a valid algorithm */
	158	int valid_authhash(const char *algo) {
	159	size_t n;
	160
	161	for(n = 0; n < NALGORITHMS; ++n)
	162	if(!strcmp(algo, algorithms[n].name))
	163	return 1;
	164	return 0;
	165	}
	166
460b9539	167	/*
	168	Local Variables:
	169	c-basic-offset:2
	170	comment-column:40
	171	fill-column:79
	172	End:
	173	*/