use winapi bcrypt

1Conan · Feb 10, 2022 · 2137d93 · 2137d93
1 parent 147083a
commit 2137d93
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 20 deletions.
diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml
@@ -209,6 +209,7 @@ jobs:
         make install
 
     - name: build wolfssl
+      if: ${{ env.OS != "win" }}
       run: |
         wget -q -nc -P ${BUILD_SOURCE} \
           https://github.com/wolfSSL/wolfssl/archive/refs/tags/v${WOLFSSL_VERSION}-stable.tar.gz
@@ -306,12 +307,14 @@ jobs:
           # because case-sensitive
           sed -i 's/Iphlpapi/iphlpapi/' ${BUILD_BASE}/lib/libimobiledevice-glue-1.0.la
           sed -i 's/Iphlpapi/iphlpapi/' ${BUILD_BASE}/lib/libirecovery-1.0.la
+        else
+          export TSSCHECKER_FLAGS="--with-wolfssl"
         fi
 
         ./autogen.sh \
           ${CONFIGURE_FLAGS} \
           --without-libcrypto \
-          --with-wolfssl
+          ${TSSCHECKER_FLAGS}
 
         make -j$(nproc) \
           LDFLAGS="-all-static -static ${LDFLAGS}"

diff --git a/configure.ac b/configure.ac
@@ -82,6 +82,8 @@ AS_IF([test "x$with_wolfssl" = xyes], [
                 case "${host_os}" in
                     darwin*)
                     ;;
+                    cygwin*|mingw*)
+                    ;;
                     *)
                         AC_MSG_ERROR("No crypto library selected!", 1)
                     ;;

diff --git a/tsschecker/Makefile.am b/tsschecker/Makefile.am
@@ -19,7 +19,7 @@ tsschecker_SOURCES = tsschecker.c tss.c download.c main.c
 endif
 
 if WINDOWS
-tsschecker_LDFLAGS = -lpthread -Wl,--allow-multiple-definition $(AM_LDFLAGS)
+tsschecker_LDFLAGS = -lpthread -Wl,--allow-multiple-definition -lbcrypt $(AM_LDFLAGS)
 else
 tsschecker_LDFLAGS = $(AM_LDFLAGS)
 endif
diff --git a/tsschecker/tsschecker.c b/tsschecker/tsschecker.c
@@ -23,7 +23,11 @@
 #include <libfragmentzip/libfragmentzip.h>
 #include <libirecovery.h>
 
-#ifdef __APPLE__
+#ifdef WIN32
+#include <windows.h>
+#include <bcrypt.h>
+#include <ntstatus.h>
+#elif defined(__APPLE__)
 #   include <CommonCrypto/CommonDigest.h>
 #   define SHA1(d, n, md) CC_SHA1(d, n, md)
 #   define SHA384(d, n, md) CC_SHA384(d, n, md)
@@ -46,7 +50,6 @@
 #define printJString(str) printf("%.*s",(int)str->size,str->value)
 
 #ifdef WIN32
-#include <windows.h>
 #define __mkdir(path, mode) mkdir(path)
 static int win_path_didinit = 0;
 static const char *win_paths[4];
@@ -318,6 +321,92 @@ inline static t_bbdevice bbdevices_get_all() {
     return bbdevices;
 }
 
+void sha1(unsigned char *buf, uint8_t bufSz, char* dest, uint8_t destSz) {
+#ifdef WIN32
+    BCRYPT_ALG_HANDLE hAlg = NULL;
+    BCRYPT_HASH_HANDLE hHash = NULL;
+    NTSTATUS status = STATUS_UNSUCCESSFUL;
+    DWORD size = 0;
+
+    status = BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA1_ALGORITHM, NULL, 0);
+    if (status != STATUS_SUCCESS) {
+        error("BCryptOpenAlgorithmProvider failed: 0x%x", status);
+        exit(1);
+    }
+
+    status = BCryptCreateHash(hAlg, &hHash, NULL, 0, NULL, 0, 0);
+    if (status != STATUS_SUCCESS) {
+        error("BCryptCreateHash failed: 0x%x", status);
+        exit(1);
+    }
+
+    status = BCryptHashData(hHash, buf, bufSz, 0);
+    if (status) {
+        printf("BCryptHashData failed: 0x%x\n", status);
+        exit(1);
+    }
+
+    status =  BCryptFinishHash(hHash, dest, destSz, 0);
+    if (status) {
+        printf("BCryptFinishHash failed: 0x%x\n", status);
+        exit(1);
+    }
+
+    BCryptCloseAlgorithmProvider(hAlg,0);
+    BCryptDestroyHash(hHash);
+#elif defined(USE_WOLFSSL)
+    wc_Sha sha;
+    wc_InitSha(&sha);
+    wc_ShaUpdate(&sha, buf, bufSz);
+    wc_ShaFinal(&sha, (unsigned char*)dest);
+#else
+    SHA1(buf, bufSz, (unsigned char*)dest);
+#endif
+}
+
+void sha384(unsigned char *buf, uint8_t bufSz, char* dest, uint8_t destSz) {
+#ifdef WIN32
+    BCRYPT_ALG_HANDLE hAlg = NULL;
+    BCRYPT_HASH_HANDLE hHash = NULL;
+    NTSTATUS status = STATUS_UNSUCCESSFUL;
+    DWORD size = 0;
+
+    status = BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA384_ALGORITHM, NULL, 0);
+    if (status != STATUS_SUCCESS) {
+        error("BCryptOpenAlgorithmProvider failed: 0x%x", status);
+        exit(1);
+    }
+
+    status = BCryptCreateHash(hAlg, &hHash, NULL, 0, NULL, 0, 0);
+    if (status != STATUS_SUCCESS) {
+        error("BCryptCreateHash failed: 0x%x", status);
+        exit(1);
+    }
+
+    status = BCryptHashData(hHash, buf, bufSz, 0);
+    if (status) {
+        printf("BCryptHashData failed: 0x%x\n", status);
+        exit(1);
+    }
+
+    status =  BCryptFinishHash(hHash, dest, destSz, 0);
+    if (status) {
+        printf("BCryptFinishHash failed: 0x%x\n", status);
+        exit(1);
+    }
+
+    BCryptCloseAlgorithmProvider(hAlg,0);
+    BCryptDestroyHash(hHash);
+#elif defined(USE_WOLFSSL)
+    wc_Sha384 sha;
+    wc_InitSha384(&sha);
+    wc_Sha384Update(&sha, buf, bufSz);
+    wc_Sha384Final(&sha, dest);
+#else
+    SHA384(buf, bufSz, dest);
+#endif
+}
+
 char *getFirmwareJson(){
     info("[TSSC] opening firmwares.json\n");
     FILE *f = fopen(FIRMWARE_JSON_PATH, "rb");
@@ -828,14 +917,7 @@ int tss_populate_random(plist_t tssreq, int is64bit, t_devicevals *devVals){
             getRandNum((char*)zz, 8, 256);
             snprintf(devVals->generator, 19, "0x%02x%02x%02x%02x%02x%02x%02x%02x",zz[7],zz[6],zz[5],zz[4],zz[3],zz[2],zz[1],zz[0]);
         makesha1:
-            #ifdef USE_WOLFSSL
-                wc_Sha sha;
-                wc_InitSha(&sha);
-                wc_ShaUpdate(&sha, zz, 8);
-                wc_ShaFinal(&sha, (unsigned char*)devVals->apnonce);
-            #else
-                SHA1(zz, 8, (unsigned char*)devVals->apnonce);
-            #endif
+            sha1(zz, 8, devVals->apnonce, 20);
         }else if (nonceLen == 32){
             unsigned char zz[9] = {0};
             unsigned char genHash[48]; //SHA384 digest length
@@ -854,14 +936,7 @@ int tss_populate_random(plist_t tssreq, int is64bit, t_devicevals *devVals){
             getRandNum((char*)zz, 8, 256);
             snprintf(devVals->generator, 19, "0x%02x%02x%02x%02x%02x%02x%02x%02x",zz[7],zz[6],zz[5],zz[4],zz[3],zz[2],zz[1],zz[0]);
         makesha384:
-            #ifdef USE_WOLFSSL
-                wc_Sha384 sha;
-                wc_InitSha384(&sha);
-                wc_Sha384Update(&sha, zz, 8);
-                wc_Sha384Final(&sha, genHash);
-            #else
-                SHA384(zz, 8, genHash);
-            #endif
+            sha384(zz, 8, genHash, 48);
             memcpy(devVals->apnonce, genHash, 32);
         }else{
             return error("[TSSR] Automatic generator->nonce calculation failed. Unknown device with noncelen=%u\n",(unsigned int)nonceLen),-1;