From 1a551e3cb031298a797fd1484a70ce76701c6eef Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Fri, 28 Apr 2017 22:51:44 +0100 Subject: [PATCH] sha512.c, etc.: Provide `sha512' as a hash function for signing. SHA-1 is really creaky these days, though to be fair its use in Secnet does not depend on collision resistance. Signed-off-by: Mark Wooding --- README.make-secnet-sites | 6 +++--- make-secnet-sites | 2 +- modules.c | 1 + secnet.8 | 3 +++ secnet.h | 1 + sha512.c | 34 ++++++++++++++++++++++++++++++++++ 6 files changed, 43 insertions(+), 4 deletions(-) diff --git a/README.make-secnet-sites b/README.make-secnet-sites index cbf304e..ad1242b 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -194,9 +194,9 @@ INPUT SYNTAX hash HASH-NAME Assigns the HASH-NAME to the `hash' key. The HASH-NAME - must be one of `md5' or `sha1', and the corresponding - hash closure is used. Acceptable at all levels; - required at site level. + must be one of `md5', `sha1', or `sha512', and the + corresponding hash closure is used. Acceptable at all + levels; required at site level. key-lifetime INT setup-timeout INT diff --git a/make-secnet-sites b/make-secnet-sites index a84479c..4fa29b0 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -512,7 +512,7 @@ class hash (basetype): def __init__(self,w): hname=w[1] self.ht=hname.raw() - if (self.ht!='md5' and self.ht!='sha1'): + if (self.ht not in ('md5', 'sha1', 'sha512')): complain("unknown hash type %s"%(self.ht)) self.ht=None else: diff --git a/modules.c b/modules.c index 38f1d0f..191724b 100644 --- a/modules.c +++ b/modules.c @@ -37,6 +37,7 @@ void init_builtin_modules(dict_t *dict) slip_module(dict); tun_module(dict); sha1_module(dict); + sha512_module(dict); log_module(dict); privcache_module(dict); } diff --git a/secnet.8 b/secnet.8 index c92a0e3..616581f 100644 --- a/secnet.8 +++ b/secnet.8 @@ -534,6 +534,9 @@ The modulus (\fIn\fR), in decimal. .SS sha1 \fBsha1\fR is a \fIhash closure\fR implementing the SHA-1 algorithm. +.SS sha512 +\fBsha512\fR is a \fIhash closure\fR implementing the SHA-512 algorithm. + .SS site \fBsite(\fIDICT\fB)\fR => \fIsite closure\fR .PP diff --git a/secnet.h b/secnet.h index 5c351af..6a6b984 100644 --- a/secnet.h +++ b/secnet.h @@ -393,6 +393,7 @@ extern init_module md5_module; extern init_module slip_module; extern init_module tun_module; extern init_module sha1_module; +extern init_module sha512_module; extern init_module log_module; extern init_module privcache_module; diff --git a/sha512.c b/sha512.c index 16129c3..267fa8a 100644 --- a/sha512.c +++ b/sha512.c @@ -22,6 +22,8 @@ #include +#include "secnet.h" + #include "sha512.h" #include @@ -439,3 +441,35 @@ sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) h = ctx->state[7] = u64plus (ctx->state[7], h); } } + +struct sha512 { + closure_t cl; + struct hash_if ops; +}; + +static void sha512_init(void *sst) + { struct sha512_ctx *ctx=sst; sha512_init_ctx(ctx); } + +static void sha512_update(void *st, const void *buf, int32_t len) + { struct sha512_ctx *ctx = st; sha512_process_bytes(buf, len, ctx); } + +static void sha512_final(void *st, uint8_t *digest) + { struct sha512_ctx *ctx = st; sha512_finish_ctx(ctx, digest); } + +void sha512_module(dict_t *dict) +{ + struct sha512 *st; + + NEW(st); + st->cl.description="sha512"; + st->cl.type=CL_HASH; + st->cl.apply=NULL; + st->cl.interface=&st->ops; + st->ops.hlen=64; + st->ops.slen=sizeof(struct sha512_ctx); + st->ops.init=sha512_init; + st->ops.update=sha512_update; + st->ops.final=sha512_final; + + dict_add(dict,"sha512",new_closure(&st->cl)); +} -- 2.30.2