sha512.c, etc.: Provide `sha512' as a hash function for signing.

SHA-1 is really creaky these days, though to be fair its use in Secnet
does not depend on collision resistance.

Modify `mdw-test/sites' to allow selection of SHA512.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>

diff --git a/README.make-secnet-sites b/README.make-secnet-sites
index cef4368..efca19a 100644 (file)
--- a/README.make-secnet-sites
+++ b/README.make-secnet-sites
@@ -136,9 +136,9 @@ INPUT SYNTAX
 
        hash HASH-NAME
                Assigns the HASH-NAME to the `hash' key.  The HASH-NAME
-               must be one of `md5' or `sha1', and the corresponding
-               hash closure is used.  Acceptable at all levels;
-               required at site level.
+               must be one of `md5', `sha1', or `sha512', and the
+               corresponding hash closure is used.  Acceptable at all
+               levels; required at site level.
 
        key-lifetime INT
        setup-timeout INT

diff --git a/make-secnet-sites b/make-secnet-sites
index 5f271e3..f3beffa 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -97,7 +97,7 @@ class hash:
        "A choice of hash function"
        def __init__(self,w):
                self.ht=w[1]
-               if (self.ht!='md5' and self.ht!='sha1'):
+               if (self.ht not in ('md5', 'sha1', 'sha512')):
                        complain("unknown hash type %s"%(self.ht))
        def __str__(self):
                return '%s'%(self.ht)

diff --git a/mdw-test/sites b/mdw-test/sites
index f958cf8..8b95e2f 100644 (file)
--- a/mdw-test/sites
+++ b/mdw-test/sites
@@ -5,6 +5,7 @@ vpn mdw-test
 
 contact mdw@distorted.org.uk
 hash sha1
+#hash sha512
 
 ## Diffie--Hellman group generated 2017-04-28.
 ##

diff --git a/modules.c b/modules.c
index 24c1459..a5c3c8d 100644 (file)
--- a/modules.c
+++ b/modules.c
@@ -36,5 +36,6 @@ void init_builtin_modules(dict_t *dict)
     slip_module(dict);
     tun_module(dict);
     sha1_module(dict);
+    sha512_module(dict);
     log_module(dict);
 }

diff --git a/secnet.8 b/secnet.8
index 670bff7..3a5340f 100644 (file)
--- a/secnet.8
+++ b/secnet.8
@@ -534,6 +534,9 @@ The modulus (\fIn\fR), in decimal.
 .SS sha1
 \fBsha1\fR is a \fIhash closure\fR implementing the SHA-1 algorithm.
 
+.SS sha512
+\fBsha512\fR is a \fIhash closure\fR implementing the SHA-512 algorithm.
+
 .SS site
 \fBsite(\fIDICT\fB)\fR => \fIsite closure\fR
 .PP

diff --git a/secnet.h b/secnet.h
index f2840db..c93a279 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -354,6 +354,7 @@ extern init_module md5_module;
 extern init_module slip_module;
 extern init_module tun_module;
 extern init_module sha1_module;
+extern init_module sha512_module;
 extern init_module log_module;
 
 /***** END of module support *****/

diff --git a/sha512.c b/sha512.c
index 16129c3..5fa40d2 100644 (file)
--- a/sha512.c
+++ b/sha512.c
@@ -22,6 +22,8 @@
 
 #include <config.h>
 
+#include "secnet.h"
+
 #include "sha512.h"
 
 #include <stddef.h>
@@ -439,3 +441,34 @@ sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
       h = ctx->state[7] = u64plus (ctx->state[7], h);
     }
 }
+
+struct sha512 {
+    closure_t cl;
+    struct hash_if ops;
+};
+
+static void *sha512_init(void)
+    { struct sha512_ctx *ctx; NEW(ctx); sha512_init_ctx(ctx); return ctx; }
+
+static void sha512_update(void *st, const void *buf, int32_t len)
+    { struct sha512_ctx *ctx = st; sha512_process_bytes(buf, len, ctx); }
+
+static void sha512_final(void *st, uint8_t *digest)
+    { struct sha512_ctx *ctx = st; sha512_finish_ctx(ctx, digest); free(ctx); }
+
+void sha512_module(dict_t *dict)
+{
+    struct sha512 *st;
+
+    NEW(st);
+    st->cl.description="sha512";
+    st->cl.type=CL_HASH;
+    st->cl.apply=NULL;
+    st->cl.interface=&st->ops;
+    st->ops.len=64;
+    st->ops.init=sha512_init;
+    st->ops.update=sha512_update;
+    st->ops.final=sha512_final;
+
+    dict_add(dict,"sha512",new_closure(&st->cl));
+}