[Source] hashi - Hashing Include (x86/x64) [Windows OS]

[Mijikai]

• Supported Hash Algorithms:
  MD2
  MD4
  MD5
  SHA1
  SHA256
  SHA384
  SHA512

Please read the comments in the Source for further infos.

Have fun

Code: Select all

EnableExplicit

;------------------------------------------------------------------------------------
;hashi - HASH INCLUDE (x86/x64)
;Platform: Windows Vista, Windows Server 2008 (minimum supported)
;Version: Draft 2
;Author: Mijikai
;------------------------------------------------------------------------------------
;Note:
;Why the BCrypt API?
;The old Crypt API is deprecated!
;So this will only run on more modern machines but its the correct way to do it.
;------------------------------------------------------------------------------------
;ToDo:
;Maybe add a way to output the result as hex string!
;------------------------------------------------------------------------------------

Import "bcrypt.lib";<- Use the correct lib (x86/x64) from the MS SDK!
  BCryptOpenAlgorithmProvider.i(*Algorithm,AlgId.s,Implementation.i,Flags.i)
  BCryptCloseAlgorithmProvider.i(Algorithm.i,Flags.i)
  BCryptGetProperty.i(Object.i,Property.s,*Output,OutputSize.i,*Result,Flags.i)
  BCryptCreateHash.i(Algorithm.i,*Hash,*HashObject,HashObjectSize.i,*Secret,SecretSize.i,Flags.i)
  BCryptHashData.i(Hash.i,*Input,InputSize.i,Flags.i)
  BCryptFinishHash.i(Hash.i,*Output,OutputSize.i,Flags.i)
  BCryptDestroyHash.i(Hash.i)
EndImport

Enumeration HASHI_HASH
  #HASHI_MD2    ;16 bytes
  #HASHI_MD4    ;16 bytes
  #HASHI_MD5    ;16 bytes
  #HASHI_SHA1   ;20 bytes
  #HASHI_SHA256 ;32 bytes
  #HASHI_SHA384 ;48 bytes
  #HASHI_SHA512 ;64 bytes
EndEnumeration

Procedure.i hashiHash(*Buffer,BufferSize.i,Type.i,*Hash = #Null);optional: point *Hash to a buffer that should receive the hash!
  Protected result.i
  Protected handle.i
  Protected *object
  Protected object_size.i
  Protected hash_size.i
  Protected bytes.i
  Protected hash.i
  If *Buffer
    Select Type
      Case #HASHI_MD2
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"MD2",#Null,#Null) = #Null)
        hash_size = 16  
      Case #HASHI_MD4
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"MD4",#Null,#Null) = #Null)
        hash_size = 16
      Case #HASHI_MD5
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"MD5",#Null,#Null) = #Null)
        hash_size = 16
      Case #HASHI_SHA1
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA1",#Null,#Null) = #Null)
        hash_size = 20
      Case #HASHI_SHA256
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA256",#Null,#Null) = #Null)
        hash_size = 32
      Case #HASHI_SHA384
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA384",#Null,#Null) = #Null)
        hash_size = 48
      Case #HASHI_SHA512
        result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA512",#Null,#Null) = #Null)
        hash_size = 64
    EndSelect
    If result
      result = #False
      If BCryptGetProperty(handle,"ObjectLength",@object_size,SizeOf(Integer),@bytes,#Null) = #Null
        If object_size
          *object = AllocateMemory(object_size)
          If *object
            If BCryptCreateHash(handle,@hash,*object,object_size,#Null,#Null,#Null) = #Null
              If BCryptHashData(hash,*Buffer,BufferSize,#Null) = #Null
                If *Hash
                  result = Bool(BCryptFinishHash(hash,*Hash,hash_size,#Null) = #Null)
                Else
                  *Hash = AllocateMemory(hash_size)
                  If *Hash
                    If BCryptFinishHash(hash,*Hash,hash_size,#Null) = #Null
                      result = *Hash  
                    Else
                      FreeMemory(*Hash)
                    EndIf
                  EndIf
                EndIf
              EndIf
              BCryptDestroyHash(hash)
            EndIf
            FreeMemory(*object)
          EndIf
        EndIf
      EndIf
      BCryptCloseAlgorithmProvider(handle,#Null)
    EndIf
  EndIf
  ProcedureReturn result
EndProcedure

Procedure.i hashiSize(*Hash)
  ProcedureReturn MemorySize(*Hash)  
EndProcedure

Procedure.i hashiFree(*Hash)
  ProcedureReturn FreeMemory(*Hash)
EndProcedure

Procedure.i Demo()
  Protected dummy.s
  Protected *hash
  dummy = "Hello World!"
  *hash = hashiHash(@dummy,StringByteLength(dummy),#HASHI_SHA512)
  If *hash
    Debug *hash
    ShowMemoryViewer(*hash,hashiSize(*hash))
    hashiFree(*hash)
  EndIf
  ProcedureReturn #Null
EndProcedure

Demo()

End

[STARGÅTE]

Where can I find this bcrypt.lib, the compiler says "POLINK: fatal error: File not found: 'bcrypt.lib'."

[Mijikai]

The lib is part of the MS SDK, mine came with Visual Studio.

[Keya]

MD2, MD4, MD5, and SHA1 should be considered "broken"

[Saki]

md5 and SHA1 can still be used without further ado, e.g. when a hash is created from an encrypted file.
That is, if the plaintext is not known.

[Keya]

md5 and SHA1 can still be used without further ado, e.g. when a hash is created from an encrypted file.
That is, if the plaintext is not known.

Why use them when the cryptography community has branded them "broken", and there are secure replacements?
As programmers it is our RESPONSIBILITY to the world to ensure we use state-of-the-art cryptography, not algorithms that were broken decades ago.

[BarryG]

MD2, MD4, MD5, and SHA1 should be considered "broken"

Depends what you use them for. https://superuser.com/questions/61461/w ... vily/61468

[Keya]

md5 and SHA1 can still be used without further ado, e.g. when a hash is created from an encrypted file.
That is, if the plaintext is not known.

Why use them when the cryptography community has branded them "broken", and there are secure replacements?
As programmers using cryptography it is our RESPONSIBILITY to the world to ensure we use state-of-the-art cryptography, not algorithms that were broken decades ago.
Do you want doctors in hospitals using outdated medicine when we now have newer, better medicine???

And Mijikai's beautiful code shows you how to use the stronger hashes, yet you are recommending using broken weaker ones???

[Saki]

Unfortunately, this view is wrong.
You can't falsify a document with a broken hash if you don't know its content.

[Keya]

Unfortunately, this view is wrong.
You can't falsify a document with a broken hash if you don't know its content.

WHY are you advocating for the use of cryptographical algorithms that have been broken when we now have secure replacements for them??? And how does advocating for algorithms that were broken decades ago give the general public (or your customers) any confidence? Why not simply upgrade to the latest secure algorithms to show your customers you're giving them the latest and greatest proven cryptographical algorithms, rather than ones that were broken DECADES ago??? (and Mijikai's source code already provides that capability!)

[Saki]

Then explain to me exactly what broken means.

[Keya]

Saki with all due respect I am not here to get into an argument here about the definition of "broken".
What I do know is that many algorithms such as MD5 have been considered "broken" for DECADES, and have since been replaced by other algorithms that we can have far more faith in. As programmers we are supposed to provide our customers with the latest and greatest ... and when that comes to cryptography, that means providing them with most secure algorithms in the world. AND WE HAVE ACCESS TO THAT, as Mijikai has posted an example of. But for a programmer like yourself to still be using and promoting MD5 in 2021 is not good for any programmers, it can only give us all a bad name.

I just cannot understand why you are SO aggressive about standing up for MD5 when 1) it is completely broken, even according to it's author Ron Rivest and 2) we have alternatives available which are just as easy to use. SO WHY NOT JUST USE THE MORE SECURE ALTERNATIVES???

[Saki]

Ahhh, I'm not aggressive after all, dear.

You just need to realize what broken means.
It is important to know what exactly is meant by it.
PB now offers the most important hashes, for all OSes.
The conversion from hex to binary is very fast with hashes.
Hex is just better to handle than binary.
The problem is mostly that people copy the hex values into the AES register, which totally undermines the security of AES.

[Keya]

PB now offers the most important hashes, for all OSes.
The conversion from hex to binary is very fast with hashes.
Hex is just better to handle than binary.
The problem is mostly that people copy the hex values into the AES register, which totally undermines the security of AES.

I'm not sure how hex-to-binary answers my question in regards to using decades-old outdated algorithms. (Hex-to-bin has nothing to do with cryptography)

And what is the "AES register" ??? most of us have been using AES for years now, but I've never heard of an "AES register", but you claim that's where the security failure happens (?!?!)

[Mijikai]

Judging by recent posts and releases i think Saki is all about: Obscurity + Bloat = Security
So he will take basically anything and throw it in the mix, which has entertainment value i must admit.