sha512.c, etc.: Provide `sha512' as a hash function for signing.

SHA-1 is really creaky these days, though to be fair its use in Secnet
does not depend on collision resistance.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>

diff --git a/README.make-secnet-sites b/README.make-secnet-sites
index cbf304e80eb3feb129ce72df6c59eefe6c1ef1c6..ad1242bb4e82a0acb8d9755ff4c51d7fb39511c3 100644 (file)
--- a/README.make-secnet-sites
+++ b/README.make-secnet-sites
@@ -194,9 +194,9 @@ INPUT SYNTAX
 
        hash HASH-NAME
                Assigns the HASH-NAME to the `hash' key.  The HASH-NAME
-               must be one of `md5' or `sha1', and the corresponding
-               hash closure is used.  Acceptable at all levels;
-               required at site level.
+               must be one of `md5', `sha1', or `sha512', and the
+               corresponding hash closure is used.  Acceptable at all
+               levels; required at site level.
 
        key-lifetime INT
        setup-timeout INT

diff --git a/make-secnet-sites b/make-secnet-sites
index a84479ca0ce2fc41939d0c73d3e50721aa57bbb0..4fa29b0c75dab21a4e41d9ec77733fcabbf5b09e 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -512,7 +512,7 @@ class hash (basetype):
        def __init__(self,w):
                hname=w[1]
                self.ht=hname.raw()
-               if (self.ht!='md5' and self.ht!='sha1'):
+               if (self.ht not in ('md5', 'sha1', 'sha512')):
                        complain("unknown hash type %s"%(self.ht))
                        self.ht=None
                else:

diff --git a/modules.c b/modules.c
index 38f1d0fdd1fce7e434543a36c6d49a6f193dfd8d..191724b51fd8907a391694a4f665579f763587d8 100644 (file)
--- a/modules.c
+++ b/modules.c
@@ -37,6 +37,7 @@ void init_builtin_modules(dict_t *dict)
     slip_module(dict);
     tun_module(dict);
     sha1_module(dict);
+    sha512_module(dict);
     log_module(dict);
     privcache_module(dict);
 }

diff --git a/secnet.8 b/secnet.8
index c92a0e3a8d90f8220055f2f104621decfc0ea69b..616581fe97a2c7aa6a31c4607bd67e2fdb189206 100644 (file)
--- a/secnet.8
+++ b/secnet.8
@@ -534,6 +534,9 @@ The modulus (\fIn\fR), in decimal.
 .SS sha1
 \fBsha1\fR is a \fIhash closure\fR implementing the SHA-1 algorithm.
 
+.SS sha512
+\fBsha512\fR is a \fIhash closure\fR implementing the SHA-512 algorithm.
+
 .SS site
 \fBsite(\fIDICT\fB)\fR => \fIsite closure\fR
 .PP

diff --git a/secnet.h b/secnet.h
index 5c351afb44a6e04d3e78308a67627e4e383268a0..6a6b984d9d077d858e8af048280b23d51ebe9996 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -393,6 +393,7 @@ extern init_module md5_module;
 extern init_module slip_module;
 extern init_module tun_module;
 extern init_module sha1_module;
+extern init_module sha512_module;
 extern init_module log_module;
 extern init_module privcache_module;
 

diff --git a/sha512.c b/sha512.c
index 16129c35fa3dc26865ef3d2b63b714e3422df69c..267fa8a547f346a81388d0fbc999f3a529bd1488 100644 (file)
--- a/sha512.c
+++ b/sha512.c
@@ -22,6 +22,8 @@
 
 #include <config.h>
 
+#include "secnet.h"
+
 #include "sha512.h"
 
 #include <stddef.h>
@@ -439,3 +441,35 @@ sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
       h = ctx->state[7] = u64plus (ctx->state[7], h);
     }
 }
+
+struct sha512 {
+    closure_t cl;
+    struct hash_if ops;
+};
+
+static void sha512_init(void *sst)
+    { struct sha512_ctx *ctx=sst; sha512_init_ctx(ctx); }
+
+static void sha512_update(void *st, const void *buf, int32_t len)
+    { struct sha512_ctx *ctx = st; sha512_process_bytes(buf, len, ctx); }
+
+static void sha512_final(void *st, uint8_t *digest)
+    { struct sha512_ctx *ctx = st; sha512_finish_ctx(ctx, digest); }
+
+void sha512_module(dict_t *dict)
+{
+    struct sha512 *st;
+
+    NEW(st);
+    st->cl.description="sha512";
+    st->cl.type=CL_HASH;
+    st->cl.apply=NULL;
+    st->cl.interface=&st->ops;
+    st->ops.hlen=64;
+    st->ops.slen=sizeof(struct sha512_ctx);
+    st->ops.init=sha512_init;
+    st->ops.update=sha512_update;
+    st->ops.final=sha512_final;
+
+    dict_add(dict,"sha512",new_closure(&st->cl));
+}