From 757aecff2e9ddc579f49c36fb4e5867f62b469bf Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Fri, 28 Apr 2017 22:51:44 +0100 Subject: [PATCH] sha512.c, etc.: Provide `sha512' as a hash function for signing. SHA-1 is really creaky these days, though to be fair its use in Secnet does not depend on collision resistance. Modify `mdw-test/sites' to allow selection of SHA512. Signed-off-by: Mark Wooding --- README.make-secnet-sites | 6 +++--- make-secnet-sites | 2 +- mdw-test/sites | 1 + modules.c | 1 + secnet.8 | 3 +++ secnet.h | 1 + sha512.c | 33 +++++++++++++++++++++++++++++++++ 7 files changed, 43 insertions(+), 4 deletions(-) diff --git a/README.make-secnet-sites b/README.make-secnet-sites index cef4368..efca19a 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -136,9 +136,9 @@ INPUT SYNTAX hash HASH-NAME Assigns the HASH-NAME to the `hash' key. The HASH-NAME - must be one of `md5' or `sha1', and the corresponding - hash closure is used. Acceptable at all levels; - required at site level. + must be one of `md5', `sha1', or `sha512', and the + corresponding hash closure is used. Acceptable at all + levels; required at site level. key-lifetime INT setup-timeout INT diff --git a/make-secnet-sites b/make-secnet-sites index 5f271e3..f3beffa 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -97,7 +97,7 @@ class hash: "A choice of hash function" def __init__(self,w): self.ht=w[1] - if (self.ht!='md5' and self.ht!='sha1'): + if (self.ht not in ('md5', 'sha1', 'sha512')): complain("unknown hash type %s"%(self.ht)) def __str__(self): return '%s'%(self.ht) diff --git a/mdw-test/sites b/mdw-test/sites index f958cf8..8b95e2f 100644 --- a/mdw-test/sites +++ b/mdw-test/sites @@ -5,6 +5,7 @@ vpn mdw-test contact mdw@distorted.org.uk hash sha1 +#hash sha512 ## Diffie--Hellman group generated 2017-04-28. ## diff --git a/modules.c b/modules.c index 24c1459..a5c3c8d 100644 --- a/modules.c +++ b/modules.c @@ -36,5 +36,6 @@ void init_builtin_modules(dict_t *dict) slip_module(dict); tun_module(dict); sha1_module(dict); + sha512_module(dict); log_module(dict); } diff --git a/secnet.8 b/secnet.8 index 670bff7..3a5340f 100644 --- a/secnet.8 +++ b/secnet.8 @@ -534,6 +534,9 @@ The modulus (\fIn\fR), in decimal. .SS sha1 \fBsha1\fR is a \fIhash closure\fR implementing the SHA-1 algorithm. +.SS sha512 +\fBsha512\fR is a \fIhash closure\fR implementing the SHA-512 algorithm. + .SS site \fBsite(\fIDICT\fB)\fR => \fIsite closure\fR .PP diff --git a/secnet.h b/secnet.h index f2840db..c93a279 100644 --- a/secnet.h +++ b/secnet.h @@ -354,6 +354,7 @@ extern init_module md5_module; extern init_module slip_module; extern init_module tun_module; extern init_module sha1_module; +extern init_module sha512_module; extern init_module log_module; /***** END of module support *****/ diff --git a/sha512.c b/sha512.c index 16129c3..5fa40d2 100644 --- a/sha512.c +++ b/sha512.c @@ -22,6 +22,8 @@ #include +#include "secnet.h" + #include "sha512.h" #include @@ -439,3 +441,34 @@ sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) h = ctx->state[7] = u64plus (ctx->state[7], h); } } + +struct sha512 { + closure_t cl; + struct hash_if ops; +}; + +static void *sha512_init(void) + { struct sha512_ctx *ctx; NEW(ctx); sha512_init_ctx(ctx); return ctx; } + +static void sha512_update(void *st, const void *buf, int32_t len) + { struct sha512_ctx *ctx = st; sha512_process_bytes(buf, len, ctx); } + +static void sha512_final(void *st, uint8_t *digest) + { struct sha512_ctx *ctx = st; sha512_finish_ctx(ctx, digest); free(ctx); } + +void sha512_module(dict_t *dict) +{ + struct sha512 *st; + + NEW(st); + st->cl.description="sha512"; + st->cl.type=CL_HASH; + st->cl.apply=NULL; + st->cl.interface=&st->ops; + st->ops.len=64; + st->ops.init=sha512_init; + st->ops.update=sha512_update; + st->ops.final=sha512_final; + + dict_add(dict,"sha512",new_closure(&st->cl)); +} -- 2.11.0