diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-26 15:42:38 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-27 13:44:52 +0100 |
commit | 780f9836f2dc31da6a0c108594aec4eefdbf2734 (patch) | |
tree | bc6cc28b8391421ed5c292b5c9230a5973c6f109 | |
parent | winipcfg: cleanup netsh error reporting (diff) | |
download | wireguard-windows-780f9836f2dc31da6a0c108594aec4eefdbf2734.tar.xz wireguard-windows-780f9836f2dc31da6a0c108594aec4eefdbf2734.zip |
fetcher: use sha512 from bcrypt
Saves 4k in the binary.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | installer/fetcher/Makefile | 4 | ||||
-rw-r--r-- | installer/fetcher/crypto.c | 174 |
2 files changed, 13 insertions, 165 deletions
diff --git a/installer/fetcher/Makefile b/installer/fetcher/Makefile index 0c150d90..051e4a6b 100644 --- a/installer/fetcher/Makefile +++ b/installer/fetcher/Makefile @@ -9,11 +9,11 @@ DEPLOYMENT_PATH ?= Desktop CFLAGS += -std=gnu11 -DWINVER=0x0601 -D_WIN32_WINNT=0x0601 -flto CFLAGS += -Wall -Wextra CFLAGS += -MMD -MP -LDLIBS += -lkernel32 -lwinhttp -lntdll -lshlwapi -lmsi -lcomctl32 -luser32 -lshell32 -lwintrust +LDLIBS += -lkernel32 -lwinhttp -lntdll -lshlwapi -lmsi -lcomctl32 -luser32 -lshell32 -lwintrust -lbcrypt LDFLAGS += -s -flto -Wl,--dynamicbase -Wl,--nxcompat -Wl,--tsaware -mwindows LDFLAGS += -Wl,--major-os-version=6 -Wl,--minor-os-version=1 -Wl,--major-subsystem-version=6 -Wl,--minor-subsystem-version=1 # The use of -Wl,/delayload: here implies we're using llvm-mingw -LDFLAGS += -Wl,/delayload:winhttp.dll -Wl,/delayload:msi.dll -Wl,/delayload:wintrust.dll -Wl,/delayload:advapi32.dll -Wl,/delayload:shell32.dll -Wl,/delayload:shlwapi.dll -Wl,/delayload:gdi32.dll -Wl,/delayload:user32.dll -Wl,/delayload:comctl32.dll +LDFLAGS += -Wl,/delayload:winhttp.dll -Wl,/delayload:msi.dll -Wl,/delayload:wintrust.dll -Wl,/delayload:advapi32.dll -Wl,/delayload:shell32.dll -Wl,/delayload:shlwapi.dll -Wl,/delayload:gdi32.dll -Wl,/delayload:user32.dll -Wl,/delayload:comctl32.dll -Wl,/delayload:bcrypt.dll TARGET := wireguard-installer.exe CC := i686-w64-mingw32-clang WINDRES := i686-w64-mingw32-windres diff --git a/installer/fetcher/crypto.c b/installer/fetcher/crypto.c index 01eacdcf..397120d7 100644 --- a/installer/fetcher/crypto.c +++ b/installer/fetcher/crypto.c @@ -8,15 +8,14 @@ #include <stdint.h> #include <string.h> #include <winternl.h> +#include <bcrypt.h> #if REG_DWORD == REG_DWORD_LITTLE_ENDIAN #define swap_le64(x) (x) #define swap_le32(x) (x) -#define swap_be64(x) __builtin_bswap64(x) #elif REG_DWORD == REG_DWORD_BIG_ENDIAN #define swap_le64(x) __builtin_bswap64(x) #define swap_le32(x) __builtin_bswap32(x) -#define swap_be64(x) (x) #endif static void store_le64(uint8_t *dst, uint64_t src) @@ -25,12 +24,6 @@ static void store_le64(uint8_t *dst, uint64_t src) __builtin_memcpy(dst, &src, sizeof(src)); } -static void store_be64(uint8_t *dst, uint64_t src) -{ - src = swap_be64(src); - __builtin_memcpy(dst, &src, sizeof(src)); -} - static uint64_t load_le64(const uint8_t *src) { uint64_t dst; @@ -54,13 +47,6 @@ static uint32_t load_le32(const uint8_t *src) return swap_le32(dst); } -static uint64_t load_be64(const uint8_t *src) -{ - uint64_t dst; - __builtin_memcpy(&dst, src, sizeof(dst)); - return swap_be64(dst); -} - static uint64_t ror64(uint64_t i, unsigned int s) { return (i >> (s & 63)) | (i << ((-s) & 63)); @@ -2080,153 +2066,6 @@ static void x25519_sc_reduce(uint8_t s[64]) s[31] = s11 >> 17; } -static uint64_t R(uint64_t x, int c) -{ - return (x >> c) | (x << (64 - c)); -} -static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (~x & z); -} -static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (x & z) ^ (y & z); -} -static uint64_t Sigma0(uint64_t x) -{ - return R(x, 28) ^ R(x, 34) ^ R(x, 39); -} -static uint64_t Sigma1(uint64_t x) -{ - return R(x, 14) ^ R(x, 18) ^ R(x, 41); -} -static uint64_t sigma0(uint64_t x) -{ - return R(x, 1) ^ R(x, 8) ^ (x >> 7); -} -static uint64_t sigma1(uint64_t x) -{ - return R(x, 19) ^ R(x, 61) ^ (x >> 6); -} - -static const uint64_t K[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -static int sha512_block(uint8_t *x, const uint8_t *m, uint64_t n) -{ - uint64_t z[8], b[8], a[8], w[16], t; - int i, j; - - for (i = 0; i < 8; ++i) - z[i] = a[i] = load_be64(x + 8 * i); - - while (n >= 128) { - for (i = 0; i < 16; ++i) - w[i] = load_be64(m + 8 * i); - - for (i = 0; i < 80; ++i) { - for (j = 0; j < 8; ++j) - b[j] = a[j]; - t = a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + - w[i % 16]; - b[7] = t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); - b[3] += t; - for (j = 0; j < 8; ++j) - a[(j + 1) % 8] = b[j]; - if (i % 16 == 15) { - for (j = 0; j < 16; ++j) - w[j] += w[(j + 9) % 16] + - sigma0(w[(j + 1) % 16]) + - sigma1(w[(j + 14) % 16]); - } - } - - for (i = 0; i < 8; ++i) { - a[i] += z[i]; - z[i] = a[i]; - } - - m += 128; - n -= 128; - } - - for (i = 0; i < 8; ++i) - store_be64(x + 8 * i, z[i]); - - return n; -} - -static const uint8_t sha512_iv[64] = { - 0x6a, 0x09, 0xe6, 0x67, 0xf3, 0xbc, 0xc9, 0x08, 0xbb, 0x67, 0xae, - 0x85, 0x84, 0xca, 0xa7, 0x3b, 0x3c, 0x6e, 0xf3, 0x72, 0xfe, 0x94, - 0xf8, 0x2b, 0xa5, 0x4f, 0xf5, 0x3a, 0x5f, 0x1d, 0x36, 0xf1, 0x51, - 0x0e, 0x52, 0x7f, 0xad, 0xe6, 0x82, 0xd1, 0x9b, 0x05, 0x68, 0x8c, - 0x2b, 0x3e, 0x6c, 0x1f, 0x1f, 0x83, 0xd9, 0xab, 0xfb, 0x41, 0xbd, - 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79 -}; - -static void sha512(uint8_t h[static 64], const uint8_t first_32[static 32], - const uint8_t middle_32[static 32], const uint8_t *m, - size_t n) -{ - uint8_t x[256]; - uint64_t i, b = n + 64; - - memcpy(h, sha512_iv, 64); - memcpy(x, first_32, 32); - memcpy(x + 32, middle_32, 32); - i = n > 64 ? 64 : n; - memcpy(x + 64, m, i); - if (i < 64 || n == 64) { - n = b; - memset(x + n, 0, 256 - n); - goto final; - } - sha512_block(h, x, 64 + i); - n -= i, m += i; - if (n) { - sha512_block(h, m, n); - m += n - (n & 127); - n = b & 127; - memcpy(x, m, n); - memset(x + n, 0, 256 - n); - } - -final: - x[n] = 128; - n = 256 - 128 * (n < 112); - x[n - 9] = b >> 61; - store_be64(x + n - 8, b << 3); - sha512_block(h, x, n); -} - bool ed25519_verify(const uint8_t signature[64], const uint8_t public_key[32], const void *message, size_t message_size) { @@ -2272,7 +2111,16 @@ bool ed25519_verify(const uint8_t signature[64], const uint8_t public_key[32], } uint8_t h[64]; - sha512(h, signature, public_key, message, message_size); + BCRYPT_ALG_HANDLE alg, hash; + if (!NT_SUCCESS(BCryptOpenAlgorithmProvider(&alg, BCRYPT_SHA512_ALGORITHM, NULL, 0)) || + !NT_SUCCESS(BCryptCreateHash(alg, &hash, NULL, 0, NULL, 0, 0)) || + !NT_SUCCESS(BCryptHashData(hash, (PUCHAR)signature, 32, 0)) || + !NT_SUCCESS(BCryptHashData(hash, (PUCHAR)public_key, 32, 0)) || + !NT_SUCCESS(BCryptHashData(hash, (PUCHAR)message, message_size, 0)) || + !NT_SUCCESS(BCryptFinishHash(hash, h, 64, 0)) || + !NT_SUCCESS(BCryptDestroyHash(hash)) || + !NT_SUCCESS(BCryptCloseAlgorithmProvider(alg, 0))) + return false; x25519_sc_reduce(h); |