Jacek Caban : bcrypt: Added MD2 hash support.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: 85657376b31b61a3f49189b8c5892e602ee8c3da
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=85657376b31b61a3f49189b8c5892e602ee8c3da

Author: Jacek Caban <jacek at codeweavers.com>
Date:   Thu Dec  7 19:46:20 2017 +0100

bcrypt: Added MD2 hash support.

By adopting rsaenh implementation.

Signed-off-by: Jacek Caban <jacek at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/bcrypt/Makefile.in       |   1 +
 dlls/bcrypt/bcrypt_internal.h |   9 +++
 dlls/bcrypt/bcrypt_main.c     |  16 +++++
 dlls/bcrypt/md2.c             | 144 ++++++++++++++++++++++++++++++++++++++++++
 dlls/bcrypt/tests/bcrypt.c    |   6 ++
 include/bcrypt.h              |   1 +
 6 files changed, 177 insertions(+)

diff --git a/dlls/bcrypt/Makefile.in b/dlls/bcrypt/Makefile.in
index 602d22d..3d081c8 100644
--- a/dlls/bcrypt/Makefile.in
+++ b/dlls/bcrypt/Makefile.in
@@ -5,6 +5,7 @@ EXTRAINCL = $(GNUTLS_CFLAGS)
 
 C_SRCS = \
 	bcrypt_main.c \
+	md2.c \
 	sha256.c \
 	sha512.c
 
diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h
index b12450f..c58ede8 100644
--- a/dlls/bcrypt/bcrypt_internal.h
+++ b/dlls/bcrypt/bcrypt_internal.h
@@ -51,6 +51,15 @@ void sha384_init(SHA512_CTX *ctx) DECLSPEC_HIDDEN;
 #define sha384_update sha512_update
 void sha384_finalize(SHA512_CTX *ctx, UCHAR *buffer) DECLSPEC_HIDDEN;
 
+typedef struct {
+    unsigned char chksum[16], X[48], buf[16];
+    unsigned long curlen;
+} MD2_CTX;
+
+void md2_init(MD2_CTX *ctx) DECLSPEC_HIDDEN;
+void md2_update(MD2_CTX *ctx, const unsigned char *buf, ULONG len) DECLSPEC_HIDDEN;
+void md2_finalize(MD2_CTX *ctx, unsigned char *hash) DECLSPEC_HIDDEN;
+
 /* Definitions from advapi32 */
 typedef struct
 {
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index b631128..b202184 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -145,6 +145,7 @@ struct object
 enum alg_id
 {
     ALG_ID_AES,
+    ALG_ID_MD2,
     ALG_ID_MD5,
     ALG_ID_RNG,
     ALG_ID_SHA1,
@@ -163,6 +164,7 @@ static const struct {
     const WCHAR *alg_name;
 } alg_props[] = {
     /* ALG_ID_AES    */ {  654,    0,    0, BCRYPT_AES_ALGORITHM },
+    /* ALG_ID_MD2    */ {  270,   16,  128, BCRYPT_MD2_ALGORITHM },
     /* ALG_ID_MD5    */ {  274,   16,  512, BCRYPT_MD5_ALGORITHM },
     /* ALG_ID_RNG    */ {    0,    0,    0, BCRYPT_RNG_ALGORITHM },
     /* ALG_ID_SHA1   */ {  278,   20,  512, BCRYPT_SHA1_ALGORITHM },
@@ -235,6 +237,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
     }
 
     if (!strcmpW( id, BCRYPT_AES_ALGORITHM )) alg_id = ALG_ID_AES;
+    else if (!strcmpW( id, BCRYPT_MD2_ALGORITHM )) alg_id = ALG_ID_MD2;
     else if (!strcmpW( id, BCRYPT_MD5_ALGORITHM )) alg_id = ALG_ID_MD5;
     else if (!strcmpW( id, BCRYPT_RNG_ALGORITHM )) alg_id = ALG_ID_RNG;
     else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1;
@@ -287,6 +290,7 @@ struct hash_impl
 {
     union
     {
+        MD2_CTX md2;
         MD5_CTX md5;
         SHA_CTX sha1;
         SHA256_CTX sha256;
@@ -298,6 +302,10 @@ static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
 {
     switch (alg_id)
     {
+    case ALG_ID_MD2:
+        md2_init( &hash->u.md2 );
+        break;
+
     case ALG_ID_MD5:
         MD5Init( &hash->u.md5 );
         break;
@@ -330,6 +338,10 @@ static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
 {
     switch (alg_id)
     {
+    case ALG_ID_MD2:
+        md2_update( &hash->u.md2, input, size );
+        break;
+
     case ALG_ID_MD5:
         MD5Update( &hash->u.md5, input, size );
         break;
@@ -362,6 +374,10 @@ static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
 {
     switch (alg_id)
     {
+    case ALG_ID_MD2:
+        md2_finalize( &hash->u.md2, output );
+        break;
+
     case ALG_ID_MD5:
         MD5Final( &hash->u.md5 );
         memcpy( output, hash->u.md5.digest, 16 );
diff --git a/dlls/bcrypt/md2.c b/dlls/bcrypt/md2.c
new file mode 100644
index 0000000..3ff25da
--- /dev/null
+++ b/dlls/bcrypt/md2.c
@@ -0,0 +1,144 @@
+/*
+ * MD2 (RFC 1319) hash function implementation by Tom St Denis
+ *
+ * Copyright 2004 Michael Jung
+ * Based on public domain code by Tom St Denis (tomstdenis at iahu.ca)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/*
+ * This file contains code from the LibTomCrypt cryptographic
+ * library written by Tom St Denis (tomstdenis at iahu.ca). LibTomCrypt
+ * is in the public domain. The code in this file is tailored to
+ * special requirements. Take a look at http://libtomcrypt.org for the
+ * original version.
+ */
+
+#include <assert.h>
+#include "bcrypt_internal.h"
+
+static const unsigned char PI_SUBST[256] = {
+  41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
+  19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
+  76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
+  138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
+  245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
+  148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
+  39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
+  181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
+  150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
+  112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
+  96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
+  85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
+  234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
+  129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
+  8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
+  203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
+  166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
+  31, 26, 219, 153, 141, 51, 159, 17, 131, 20
+};
+
+/* adds 16 bytes to the checksum */
+static void md2_update_chksum(MD2_CTX *md2)
+{
+    int j;
+    unsigned char L;
+    L = md2->chksum[15];
+    for (j = 0; j < 16; j++) {
+
+/* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say
+   otherwise.
+*/
+        L = (md2->chksum[j] ^= PI_SUBST[(int)(md2->buf[j] ^ L)] & 255);
+    }
+}
+
+static void md2_compress(MD2_CTX *md2)
+{
+    int j, k;
+    unsigned char t;
+
+    /* copy block */
+    for (j = 0; j < 16; j++) {
+        md2->X[16+j] = md2->buf[j];
+        md2->X[32+j] = md2->X[j] ^ md2->X[16+j];
+    }
+
+    t = 0;
+
+    /* do 18 rounds */
+    for (j = 0; j < 18; j++) {
+        for (k = 0; k < 48; k++) {
+            t = (md2->X[k] ^= PI_SUBST[(int)(t & 255)]);
+        }
+        t = (t + (unsigned char)j) & 255;
+    }
+}
+
+void md2_init(MD2_CTX *md2)
+{
+    /* MD2 uses a zero'ed state... */
+    memset(md2->X, 0, sizeof(md2->X));
+    memset(md2->chksum, 0, sizeof(md2->chksum));
+    memset(md2->buf, 0, sizeof(md2->buf));
+    md2->curlen = 0;
+}
+
+void md2_update(MD2_CTX *md2, const unsigned char *buf, ULONG len)
+{
+    unsigned long n;
+
+    assert(md2->curlen <= sizeof(md2->buf));
+
+    while (len > 0) {
+        n = min(len, (16 - md2->curlen));
+        memcpy(md2->buf + md2->curlen, buf, (size_t)n);
+        md2->curlen += n;
+        buf         += n;
+        len         -= n;
+
+        /* is 16 bytes full? */
+        if (md2->curlen == 16) {
+            md2_compress(md2);
+            md2_update_chksum(md2);
+            md2->curlen = 0;
+        }
+    }
+}
+
+void md2_finalize(MD2_CTX * md2, unsigned char *hash)
+{
+    unsigned long i, k;
+
+    assert(md2->curlen <= sizeof(md2->buf));
+
+    /* pad the message */
+    k = 16 - md2->curlen;
+    for (i = md2->curlen; i < 16; i++) {
+        md2->buf[i] = (unsigned char)k;
+    }
+
+    /* hash and update */
+    md2_compress(md2);
+    md2_update_chksum(md2);
+
+    /* hash checksum */
+    memcpy(md2->buf, md2->chksum, 16);
+    md2_compress(md2);
+
+    /* output is lower 16 bytes of X */
+    memcpy(hash, md2->X, 16);
+}
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 524bd08..de04190 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -323,6 +323,12 @@ static void test_hashes(void)
             "2eecf91373941f9315dd730a77937fa92444450fbece86f409d9cb5ec48c6513"
         },
         {
+            "MD2",
+            16,
+            "1bb33606ba908912a84221109d29cd7e",
+            "7f05b0638d77f4a27f3a9c4d353cd648"
+        },
+        {
             "MD5",
             16,
             "e2a3e68d23ce348b8f68b3079de3d4c9",
diff --git a/include/bcrypt.h b/include/bcrypt.h
index 2555bf0..70928c5 100644
--- a/include/bcrypt.h
+++ b/include/bcrypt.h
@@ -64,6 +64,7 @@ typedef LONG NTSTATUS;
     {'M','i','c','r','o','s','o','f','t',' ','P','l','a','t','f','o','r','m',' ','C','r','y','p','t','o',' ','P','r','o','v','i','d','e','r',0}
 
 #define BCRYPT_AES_ALGORITHM        (const WCHAR []){'A','E','S',0}
+#define BCRYPT_MD2_ALGORITHM        (const WCHAR []){'M','D','2',0}
 #define BCRYPT_MD5_ALGORITHM        (const WCHAR []){'M','D','5',0}
 #define BCRYPT_RNG_ALGORITHM        (const WCHAR []){'R','N','G',0}
 #define BCRYPT_SHA1_ALGORITHM       (const WCHAR []){'S','H','A','1',0}