Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

411 lines
11 KiB

  1. #include "stdinc.h"
  2. #include "debmacro.h"
  3. #include "fusionsha1.h"
  4. /*
  5. SHA-1 in C
  6. By Steve Reid <steve@edmweb.com>
  7. 100% Public Domain
  8. Test Vectors (from FIPS PUB 180-1)
  9. "abc"
  10. A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
  11. "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
  12. 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
  13. A million repetitions of "a"
  14. 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
  15. */
  16. #define LITTLE_ENDIAN
  17. #define SHA1HANDSOFF
  18. #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
  19. /* blk0() and blk() perform the initial expand. */
  20. /* I got the idea of expanding during the round function from SSLeay */
  21. #ifdef LITTLE_ENDIAN
  22. #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
  23. |(rol(block->l[i],8)&0x00FF00FF))
  24. #else
  25. #define blk0(i) block->l[i]
  26. #endif
  27. #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
  28. ^block->l[(i+2)&15]^block->l[i&15],1))
  29. /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
  30. #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
  31. #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
  32. #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
  33. #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
  34. #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
  35. /* Hash a single 512-bit block. This is the core of the algorithm. */
  36. BOOL
  37. CSha1Context::Transform(const unsigned char *buffer)
  38. {
  39. FN_PROLOG_WIN32
  40. DWORD a, b, c, d, e;
  41. typedef union {
  42. unsigned char c[64];
  43. DWORD l[16];
  44. } CHAR64LONG16;
  45. CHAR64LONG16* block = reinterpret_cast<CHAR64LONG16*>(m_workspace);
  46. memcpy(block, buffer, 64);
  47. /* Copy context->state[] to working vars */
  48. a = this->state[0];
  49. b = this->state[1];
  50. c = this->state[2];
  51. d = this->state[3];
  52. e = this->state[4];
  53. /* 4 rounds of 20 operations each. Loop unrolled. */
  54. R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
  55. R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
  56. R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
  57. R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
  58. R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
  59. R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
  60. R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
  61. R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
  62. R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
  63. R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
  64. R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
  65. R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
  66. R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
  67. R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
  68. R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
  69. R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
  70. R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
  71. R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
  72. R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
  73. R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
  74. /* Add the working vars back into context.state[] */
  75. this->state[0] += a;
  76. this->state[1] += b;
  77. this->state[2] += c;
  78. this->state[3] += d;
  79. this->state[4] += e;
  80. /* Wipe variables */
  81. a = b = c = d = e = 0;
  82. FN_EPILOG
  83. }
  84. /* A_SHAInit - Initialize new context */
  85. BOOL
  86. CSha1Context::Initialize()
  87. {
  88. FN_PROLOG_WIN32
  89. /* A_SHA initialization constants */
  90. this->state[0] = 0x67452301;
  91. this->state[1] = 0xEFCDAB89;
  92. this->state[2] = 0x98BADCFE;
  93. this->state[3] = 0x10325476;
  94. this->state[4] = 0xC3D2E1F0;
  95. this->count[0] = this->count[1] = 0;
  96. FN_EPILOG
  97. }
  98. /* Run your data through this. */
  99. BOOL
  100. CSha1Context::Update(const unsigned char* data, SIZE_T len)
  101. {
  102. FN_PROLOG_WIN32
  103. SIZE_T i, j;
  104. j = (this->count[0] >> 3) & 63;
  105. if ((this->count[0] += len << 3) < (len << 3)) this->count[1]++;
  106. this->count[1] += (len >> 29);
  107. if ((j + len) > 63) {
  108. memcpy(&this->buffer[j], data, (i = 64-j));
  109. this->Transform(this->buffer);
  110. for ( ; i + 63 < len; i += 64) {
  111. this->Transform(&data[i]);
  112. }
  113. j = 0;
  114. }
  115. else i = 0;
  116. memcpy(&this->buffer[j], &data[i], len - i);
  117. FN_EPILOG
  118. }
  119. /* Add padding and return the message digest. */
  120. BOOL
  121. CSha1Context::GetDigest(
  122. unsigned char *digest,
  123. SIZE_T *len
  124. )
  125. {
  126. FN_PROLOG_WIN32
  127. SIZE_T i, j;
  128. unsigned char finalcount[8];
  129. if ( !digest || (len && (*len < A_SHA_DIGEST_LEN)) || !len)
  130. {
  131. if (len != NULL)
  132. *len = A_SHA_DIGEST_LEN;
  133. // don't originate like normal to reduce noise level
  134. ::FusionpSetLastWin32Error(ERROR_INSUFFICIENT_BUFFER);
  135. goto Exit;
  136. }
  137. *len = A_SHA_DIGEST_LEN;
  138. for (i = 0; i < 8; i++) {
  139. finalcount[i] = (unsigned char)((this->count[(i >= 4 ? 0 : 1)]
  140. >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
  141. }
  142. this->Update((unsigned char *)"\200", 1);
  143. while ((this->count[0] & 504) != 448) {
  144. this->Update((unsigned char *)"\0", 1);
  145. }
  146. this->Update(finalcount, 8); /* Should cause a A_SHATransform() */
  147. for (i = 0; i < 20; i++) {
  148. digest[i] = (unsigned char)
  149. ((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
  150. }
  151. /* Wipe variables */
  152. i = j = 0;
  153. memset(this->buffer, 0, sizeof(this->buffer));
  154. memset(this->state, 0, sizeof(this->state));
  155. memset(this->count, 0, sizeof(this->count));
  156. memset(&finalcount, 0, sizeof(finalcount));
  157. #ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
  158. this->Transform(this->buffer);
  159. #endif
  160. FN_EPILOG
  161. }
  162. BOOL
  163. CFusionHash::GetIsValid()
  164. {
  165. //
  166. // Not initialized at all
  167. //
  168. if (!m_fInitialized)
  169. return FALSE;
  170. //
  171. // Validity is known if the alg is SHA1 and the crypt handle is NULL, or if the
  172. // alg is not SHA1 and the crypt handle is non-null.
  173. //
  174. if (((m_aid == CALG_SHA1) && (this->m_hCryptHash == INVALID_CRYPT_HASH)) ||
  175. ((m_aid != CALG_SHA1) && (this->m_hCryptHash != INVALID_CRYPT_HASH)))
  176. return TRUE;
  177. else
  178. return FALSE;
  179. }
  180. BOOL
  181. CFusionHash::Win32Initialize(
  182. ALG_ID aid
  183. )
  184. {
  185. FN_PROLOG_WIN32
  186. if ( aid == CALG_SHA1 )
  187. {
  188. IFW32FALSE_EXIT(this->m_Sha1Context.Initialize());
  189. }
  190. else
  191. {
  192. HCRYPTPROV hProvider;
  193. IFW32FALSE_EXIT(::SxspAcquireGlobalCryptContext(&hProvider));
  194. IFW32FALSE_ORIGINATE_AND_EXIT(::CryptCreateHash(hProvider, aid, NULL, 0, &this->m_hCryptHash));
  195. }
  196. this->m_aid = aid;
  197. this->m_fInitialized = TRUE;
  198. FN_EPILOG
  199. }
  200. BOOL
  201. CFusionHash::Win32HashData(
  202. const BYTE *pbBuffer,
  203. SIZE_T cbBuffer
  204. )
  205. {
  206. FN_PROLOG_WIN32
  207. INTERNAL_ERROR_CHECK(this->GetIsValid());
  208. if (m_hCryptHash != INVALID_CRYPT_HANDLE)
  209. {
  210. while (cbBuffer > MAXDWORD)
  211. {
  212. IFW32FALSE_ORIGINATE_AND_EXIT(::CryptHashData(this->m_hCryptHash, pbBuffer, MAXDWORD, 0));
  213. cbBuffer -= MAXDWORD;
  214. }
  215. IFW32FALSE_ORIGINATE_AND_EXIT(::CryptHashData(this->m_hCryptHash, pbBuffer, static_cast<DWORD>(cbBuffer), 0));
  216. }
  217. else
  218. {
  219. IFW32FALSE_EXIT(this->m_Sha1Context.Update(pbBuffer, cbBuffer));
  220. }
  221. FN_EPILOG
  222. }
  223. BOOL
  224. CFusionHash::Win32GetValue(
  225. OUT CFusionArray<BYTE> &out
  226. )
  227. {
  228. FN_PROLOG_WIN32
  229. INTERNAL_ERROR_CHECK(this->GetIsValid());
  230. for (;;)
  231. {
  232. SIZE_T len = out.GetSize();
  233. BOOL fMoreData;
  234. PBYTE pbData = out.GetArrayPtr();
  235. if ( m_hCryptHash == INVALID_CRYPT_HANDLE )
  236. {
  237. IFW32FALSE_EXIT_UNLESS(
  238. this->m_Sha1Context.GetDigest(pbData, &len),
  239. FusionpGetLastWin32Error() == ERROR_INSUFFICIENT_BUFFER,
  240. fMoreData);
  241. }
  242. else
  243. {
  244. DWORD dwNeedSize;
  245. DWORD dwValueSize;
  246. IFW32FALSE_ORIGINATE_AND_EXIT(
  247. ::CryptGetHashParam(
  248. this->m_hCryptHash,
  249. HP_HASHSIZE,
  250. (PBYTE)&dwNeedSize,
  251. &(dwValueSize = sizeof(dwNeedSize)),
  252. 0));
  253. if ( dwNeedSize > len )
  254. {
  255. fMoreData = TRUE;
  256. len = dwNeedSize;
  257. }
  258. else
  259. {
  260. fMoreData = FALSE;
  261. IFW32FALSE_ORIGINATE_AND_EXIT(
  262. ::CryptGetHashParam(
  263. this->m_hCryptHash,
  264. HP_HASHVAL,
  265. pbData,
  266. &(dwValueSize = out.GetSizeAsDWORD()),
  267. 0));
  268. }
  269. }
  270. if ( fMoreData )
  271. IFW32FALSE_EXIT(out.Win32SetSize(len, CFusionArray<BYTE>::eSetSizeModeExact));
  272. else
  273. break;
  274. }
  275. FN_EPILOG
  276. }
  277. HCRYPTPROV g_hGlobalCryptoProvider = INVALID_CRYPT_HANDLE;
  278. BOOL
  279. SxspAcquireGlobalCryptContext(
  280. HCRYPTPROV *pContext
  281. )
  282. {
  283. BOOL fSuccess = FALSE;
  284. FN_TRACE_WIN32(fSuccess);
  285. HCRYPTPROV hNewProvider = INVALID_CRYPT_HANDLE;
  286. if (pContext != NULL)
  287. *pContext = INVALID_CRYPT_HANDLE;
  288. PARAMETER_CHECK(pContext != NULL);
  289. //
  290. // Pointer reads are atomic.
  291. //
  292. hNewProvider = g_hGlobalCryptoProvider;
  293. if (hNewProvider != INVALID_CRYPT_HANDLE)
  294. {
  295. *pContext = hNewProvider;
  296. FN_SUCCESSFUL_EXIT();
  297. }
  298. //
  299. // Acquire the crypto context that's only for verification purposes.
  300. //
  301. IFW32FALSE_ORIGINATE_AND_EXIT(
  302. ::CryptAcquireContextW(
  303. &hNewProvider,
  304. NULL,
  305. NULL,
  306. PROV_RSA_FULL,
  307. CRYPT_SILENT | CRYPT_VERIFYCONTEXT));
  308. if (::InterlockedCompareExchangePointer(
  309. (PVOID*)&g_hGlobalCryptoProvider,
  310. (PVOID)hNewProvider,
  311. (PVOID)INVALID_CRYPT_HANDLE
  312. ) != (PVOID)INVALID_CRYPT_HANDLE)
  313. {
  314. //
  315. // We lost the race.
  316. //
  317. ::CryptReleaseContext(hNewProvider, 0);
  318. hNewProvider = g_hGlobalCryptoProvider;
  319. }
  320. *pContext = hNewProvider;
  321. FN_EPILOG
  322. }
  323. BOOL
  324. SxspReleaseGlobalCryptContext()
  325. {
  326. BOOL fSuccess = FALSE;
  327. HCRYPTPROV hProvider;
  328. HCRYPTPROV* pghProvider = &g_hGlobalCryptoProvider;
  329. FN_TRACE_WIN32(fSuccess);
  330. //
  331. // Swap out the global context with the invalid value, readying our context to be
  332. // nuked.
  333. //
  334. hProvider = (HCRYPTPROV)(InterlockedExchangePointer((PVOID*)pghProvider, (PVOID)INVALID_CRYPT_HANDLE));
  335. if (hProvider != INVALID_CRYPT_HANDLE)
  336. {
  337. IFW32FALSE_ORIGINATE_AND_EXIT(::CryptReleaseContext(hProvider, 0));
  338. }
  339. fSuccess = TRUE;
  340. Exit:
  341. return fSuccess;
  342. }