diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-10-30 16:31:41 +0100 |
---|---|---|
committer | Simon Rozman <simon@rozman.si> | 2020-10-31 19:11:49 +0100 |
commit | b4a1494fb28c2901af60e4dd2937209aa9709719 (patch) | |
tree | a2a5642f653aeee7b92075e1364db4d405aae322 /api/namespace.c | |
parent | api: only force close handles if requested (diff) | |
download | wintun-b4a1494fb28c2901af60e4dd2937209aa9709719.tar.xz wintun-b4a1494fb28c2901af60e4dd2937209aa9709719.zip |
api: rework pool hashing
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'api/namespace.c')
-rw-r--r-- | api/namespace.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/api/namespace.c b/api/namespace.c index 86c279f..6eff910 100644 --- a/api/namespace.c +++ b/api/namespace.c @@ -52,8 +52,6 @@ NamespaceRuntimeInit(void) return ERROR_SUCCESS; } - /* TODO: wireguard-go uses Blake2s hashing in tun\wintun\namespace_windows.go, unfortunately not available in - * Windows API. SHA-256 is used instead. */ if (!BCRYPT_SUCCESS(BCryptOpenAlgorithmProvider(&AlgProvider, BCRYPT_SHA256_ALGORITHM, NULL, 0))) { Result = ERROR_GEN_FAILURE; @@ -116,19 +114,16 @@ NamespaceTakeMutex(_In_z_ const WCHAR *Pool) if (NamespaceRuntimeInit() != ERROR_SUCCESS) return NULL; - /* TODO: wireguard-go uses Blake2s hashing in tun\wintun\namespace_windows.go, unfortunately not available in - * Windows API. SHA-256 is used instead. */ BCRYPT_HASH_HANDLE Sha256 = NULL; if (!BCRYPT_SUCCESS(BCryptCreateHash(AlgProvider, &Sha256, NULL, 0, NULL, 0, 0))) return NULL; - static const char mutex_label[] = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"; - if (!BCRYPT_SUCCESS(BCryptHashData(Sha256, (PUCHAR)mutex_label, sizeof(mutex_label) - sizeof(char), 0))) + static const WCHAR mutex_label[] = L"Wintun Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"; + if (!BCRYPT_SUCCESS(BCryptHashData(Sha256, (PUCHAR)mutex_label, sizeof(mutex_label) /* Including NULL 2 bytes */, 0))) goto cleanupSha256; WCHAR *PoolNorm = NormalizeStringAlloc(NormalizationC, Pool); if (!PoolNorm) goto cleanupSha256; - /* TODO: wireguard-go hashes UTF-8 normalized pool name. We hash UTF-16 here. */ - if (!BCRYPT_SUCCESS(BCryptHashData(Sha256, (PUCHAR)PoolNorm, (int)wcslen(PoolNorm), 0))) + if (!BCRYPT_SUCCESS(BCryptHashData(Sha256, (PUCHAR)PoolNorm, (int)wcslen(PoolNorm) + 2 /* Add in NULL 2 bytes */, 0))) goto cleanupPoolNorm; BYTE Hash[32]; if (!BCRYPT_SUCCESS(BCryptFinishHash(Sha256, Hash, sizeof(Hash), 0))) |