krb5 commit: Add libk5crypto SHA-256 and SHA-384 hash providers
Greg Hudson
ghudson at mit.edu
Mon Oct 3 16:02:40 EDT 2016
https://github.com/krb5/krb5/commit/c438227afd763997c131339c1476f61d1628a20d
commit c438227afd763997c131339c1476f61d1628a20d
Author: Greg Hudson <ghudson at mit.edu>
Date: Sat Dec 5 19:36:41 2015 -0500
Add libk5crypto SHA-256 and SHA-384 hash providers
Add SHA-256 and SHA-384 hash providers to each of the libk5crypto back
ends, in preparation for AES-SHA2 support. For the builtin back end,
adapt SHA-512 code from Heimdal (SHA-384 is just truncated SHA-512
with different initial values). Replace builtin/sha2/t_sha256.c with
a program under crypto_tests which tests SHA-256 and SHA-384 in all
back ends.
ticket: 8490
src/lib/crypto/builtin/hash_provider/Makefile.in | 11 +-
src/lib/crypto/builtin/hash_provider/deps | 13 +
src/lib/crypto/builtin/hash_provider/hash_sha2.c | 88 +++++++
src/lib/crypto/builtin/sha2/Makefile.in | 20 +--
src/lib/crypto/builtin/sha2/deps | 10 +
src/lib/crypto/builtin/sha2/sha2.h | 23 ++
src/lib/crypto/builtin/sha2/sha512.c | 305 ++++++++++++++++++++++
src/lib/crypto/builtin/sha2/t_sha256.c | 117 ---------
src/lib/crypto/crypto_tests/Makefile.in | 13 +-
src/lib/crypto/crypto_tests/deps | 12 +
src/lib/crypto/crypto_tests/t_sha2.c | 145 ++++++++++
src/lib/crypto/krb/crypto_int.h | 2 +
src/lib/crypto/openssl/hash_provider/hash_evp.c | 20 ++
src/lib/crypto/openssl/hmac.c | 4 +
14 files changed, 642 insertions(+), 141 deletions(-)
diff --git a/src/lib/crypto/builtin/hash_provider/Makefile.in b/src/lib/crypto/builtin/hash_provider/Makefile.in
index c665d6c..2f587a4 100644
--- a/src/lib/crypto/builtin/hash_provider/Makefile.in
+++ b/src/lib/crypto/builtin/hash_provider/Makefile.in
@@ -1,7 +1,7 @@
mydir=lib$(S)crypto$(S)builtin$(S)hash_provider
BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb -I$(srcdir)/../md4 \
- -I$(srcdir)/../md5 -I$(srcdir)/../sha1
+ -I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../sha2
##DOS##BUILDTOP = ..\..\..\..
##DOS##PREFIXDIR = builtin\hash_provider
@@ -11,17 +11,20 @@ STLIBOBJS= \
hash_crc32.o \
hash_md4.o \
hash_md5.o \
- hash_sha1.o
+ hash_sha1.o \
+ hash_sha2.o
OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \
$(OUTPRE)hash_md4.$(OBJEXT) \
$(OUTPRE)hash_md5.$(OBJEXT) \
- $(OUTPRE)hash_sha1.$(OBJEXT)
+ $(OUTPRE)hash_sha1.$(OBJEXT) \
+ $(OUTPRE)hash_sha2.$(OBJEXT)
SRCS= $(srcdir)/hash_crc32.c \
$(srcdir)/hash_md4.c \
$(srcdir)/hash_md5.c \
- $(srcdir)/hash_sha1.c
+ $(srcdir)/hash_sha1.c \
+ $(srcdir)/hash_sha2.c
##DOS##LIBOBJS = $(OBJS)
diff --git a/src/lib/crypto/builtin/hash_provider/deps b/src/lib/crypto/builtin/hash_provider/deps
index e1f9b35..18f89b3 100644
--- a/src/lib/crypto/builtin/hash_provider/deps
+++ b/src/lib/crypto/builtin/hash_provider/deps
@@ -53,3 +53,16 @@ hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
hash_sha1.c
+hash_sha2.so hash_sha2.po $(OUTPRE)hash_sha2.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \
+ $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ hash_sha2.c
diff --git a/src/lib/crypto/builtin/hash_provider/hash_sha2.c b/src/lib/crypto/builtin/hash_provider/hash_sha2.c
new file mode 100644
index 0000000..ac4896d
--- /dev/null
+++ b/src/lib/crypto/builtin/hash_provider/hash_sha2.c
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/hash_provider/sha2.c - SHA-2 hash providers */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+#include "sha2.h"
+
+static krb5_error_code
+k5_sha256_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ SHA256_CTX ctx;
+ size_t i;
+ const krb5_crypto_iov *iov;
+
+ if (output->length != SHA256_DIGEST_LENGTH)
+ return KRB5_CRYPTO_INTERNAL;
+
+ k5_sha256_init(&ctx);
+ for (i = 0; i < num_data; i++) {
+ iov = &data[i];
+ if (SIGN_IOV(iov))
+ k5_sha256_update(&ctx, iov->data.data, iov->data.length);
+ }
+ k5_sha256_final(output->data, &ctx);
+ return 0;
+}
+
+static krb5_error_code
+k5_sha384_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ SHA384_CTX ctx;
+ size_t i;
+ const krb5_crypto_iov *iov;
+
+ if (output->length != SHA384_DIGEST_LENGTH)
+ return KRB5_CRYPTO_INTERNAL;
+
+ k5_sha384_init(&ctx);
+ for (i = 0; i < num_data; i++) {
+ iov = &data[i];
+ if (SIGN_IOV(iov))
+ k5_sha384_update(&ctx, iov->data.data, iov->data.length);
+ }
+ k5_sha384_final(output->data, &ctx);
+ return 0;
+}
+
+const struct krb5_hash_provider krb5int_hash_sha256 = {
+ "SHA-256",
+ SHA256_DIGEST_LENGTH,
+ SHA256_BLOCK_SIZE,
+ k5_sha256_hash
+};
+
+const struct krb5_hash_provider krb5int_hash_sha384 = {
+ "SHA-384",
+ SHA384_DIGEST_LENGTH,
+ SHA384_BLOCK_SIZE,
+ k5_sha384_hash
+};
diff --git a/src/lib/crypto/builtin/sha2/Makefile.in b/src/lib/crypto/builtin/sha2/Makefile.in
index d4a8ac7..c309242 100644
--- a/src/lib/crypto/builtin/sha2/Makefile.in
+++ b/src/lib/crypto/builtin/sha2/Makefile.in
@@ -5,11 +5,11 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
##DOS##PREFIXDIR = builtin\sha2
##DOS##OBJFILE = ..\..\$(OUTPRE)sha2.lst
-STLIBOBJS= sha256.o
+STLIBOBJS= sha256.o sha512.o
-OBJS= $(OUTPRE)sha256.$(OBJEXT)
+OBJS= $(OUTPRE)sha256.$(OBJEXT) $(OUTPRE)sha512.$(OBJEXT)
-SRCS= $(srcdir)/sha256.c
+SRCS= $(srcdir)/sha256.c $(srcdir)/sha512.c
##DOS##LIBOBJS = $(OBJS)
@@ -19,20 +19,6 @@ includes: depend
depend: $(SRCS)
-t_sha256: t_sha256.o sha256.o $(SUPPORT_DEPLIB)
- $(CC_LINK) -o t_sha256 t_sha256.o sha256.o $(SUPPORT_LIB)
-
-
-$(OUTPRE)t_sha256.exe: $(OUTPRE)t_sha256.obj $(OUTPRE)sha256.obj
- link -out:$@ $**
-
-
-check-unix: t_sha256
- $(RUN_TEST) $(C)t_sha256
-
-clean:
- $(RM) t_sha256$(EXEEXT) t_sha256.$(OBJEXT)
-
clean-unix:: clean-libobjs
@libobj_frag@
diff --git a/src/lib/crypto/builtin/sha2/deps b/src/lib/crypto/builtin/sha2/deps
index b2be886..61b8309 100644
--- a/src/lib/crypto/builtin/sha2/deps
+++ b/src/lib/crypto/builtin/sha2/deps
@@ -11,3 +11,13 @@ sha256.so sha256.po $(OUTPRE)sha256.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h sha2.h sha256.c
+sha512.so sha512.po $(OUTPRE)sha512.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h sha2.h sha512.c
diff --git a/src/lib/crypto/builtin/sha2/sha2.h b/src/lib/crypto/builtin/sha2/sha2.h
index 6c743e1..97d8505 100644
--- a/src/lib/crypto/builtin/sha2/sha2.h
+++ b/src/lib/crypto/builtin/sha2/sha2.h
@@ -39,6 +39,12 @@
#include <k5-int.h>
#define SHA256_DIGEST_LENGTH 32
+#define SHA384_DIGEST_LENGTH 48
+#define SHA512_DIGEST_LENGTH 64
+
+#define SHA256_BLOCK_SIZE 64
+#define SHA384_BLOCK_SIZE 128
+#define SHA512_BLOCK_SIZE 128
struct sha256state {
unsigned int sz[2];
@@ -46,10 +52,27 @@ struct sha256state {
unsigned char save[64];
};
+struct sha512state {
+ uint64_t sz[2];
+ uint64_t counter[8];
+ unsigned char save[128];
+};
+
+/* SHA-384 and SHA-512 use the same state object. */
typedef struct sha256state SHA256_CTX;
+typedef struct sha512state SHA384_CTX;
+typedef struct sha512state SHA512_CTX;
void k5_sha256_init(SHA256_CTX *);
void k5_sha256_update(SHA256_CTX *, const void *, size_t);
void k5_sha256_final(void *, SHA256_CTX *);
+void k5_sha384_init(SHA384_CTX *);
+void k5_sha384_update(SHA384_CTX *, const void *, size_t);
+void k5_sha384_final(void *, SHA384_CTX *);
+
+void k5_sha512_init(SHA512_CTX *);
+void k5_sha512_update(SHA512_CTX *, const void *, size_t);
+void k5_sha512_final(void *, SHA512_CTX *);
+
#endif /* SHA2_H */
diff --git a/src/lib/crypto/builtin/sha2/sha512.c b/src/lib/crypto/builtin/sha2/sha512.c
new file mode 100644
index 0000000..8f0ce89
--- /dev/null
+++ b/src/lib/crypto/builtin/sha2/sha512.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (c) 2006, 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "sha2.h"
+
+#ifdef K5_BE
+#define WORDS_BIGENDIAN
+#endif
+
+#ifndef min
+#define min(a,b) (((a)>(b))?(b):(a))
+#endif
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#define ROTR(x,n) (((x)>>(n)) | ((x) << (64 - (n))))
+
+#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x) (ROTR(x,1) ^ ROTR(x,8) ^ ((x)>>7))
+#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ ((x)>>6))
+
+#define A m->counter[0]
+#define B m->counter[1]
+#define C m->counter[2]
+#define D m->counter[3]
+#define E m->counter[4]
+#define F m->counter[5]
+#define G m->counter[6]
+#define H m->counter[7]
+
+static const uint64_t constant_512[80] = {
+ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
+ 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+ 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+ 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+ 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
+ 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+ 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+ 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
+ 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
+ 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+ 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+ 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
+ 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
+ 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+ 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+ 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
+ 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+ 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+ 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+ 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
+ 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
+ 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+ 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+ 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+ 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
+ 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+ 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+static inline uint64_t
+cshift64 (uint64_t x, unsigned int n)
+{
+ return ((uint64_t)x << (uint64_t)n) | ((uint64_t)x >> ((uint64_t)64 - (uint64_t)n));
+}
+
+void
+k5_sha512_init (SHA512_CTX *m)
+{
+ m->sz[0] = 0;
+ m->sz[1] = 0;
+ A = 0x6a09e667f3bcc908ULL;
+ B = 0xbb67ae8584caa73bULL;
+ C = 0x3c6ef372fe94f82bULL;
+ D = 0xa54ff53a5f1d36f1ULL;
+ E = 0x510e527fade682d1ULL;
+ F = 0x9b05688c2b3e6c1fULL;
+ G = 0x1f83d9abfb41bd6bULL;
+ H = 0x5be0cd19137e2179ULL;
+}
+
+static void
+calc (SHA512_CTX *m, uint64_t *in)
+{
+ uint64_t AA, BB, CC, DD, EE, FF, GG, HH;
+ uint64_t data[80];
+ int i;
+
+ AA = A;
+ BB = B;
+ CC = C;
+ DD = D;
+ EE = E;
+ FF = F;
+ GG = G;
+ HH = H;
+
+ for (i = 0; i < 16; ++i)
+ data[i] = in[i];
+ for (i = 16; i < 80; ++i)
+ data[i] = sigma1(data[i-2]) + data[i-7] +
+ sigma0(data[i-15]) + data[i - 16];
+
+ for (i = 0; i < 80; i++) {
+ uint64_t T1, T2;
+
+ T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_512[i] + data[i];
+ T2 = Sigma0(AA) + Maj(AA,BB,CC);
+
+ HH = GG;
+ GG = FF;
+ FF = EE;
+ EE = DD + T1;
+ DD = CC;
+ CC = BB;
+ BB = AA;
+ AA = T1 + T2;
+ }
+
+ A += AA;
+ B += BB;
+ C += CC;
+ D += DD;
+ E += EE;
+ F += FF;
+ G += GG;
+ H += HH;
+}
+
+/*
+ * From `Performance analysis of MD5' by Joseph D. Touch <touch at isi.edu>
+ */
+
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+static inline uint64_t
+swap_uint64_t (uint64_t t)
+{
+ uint64_t temp;
+
+ temp = cshift64(t, 32);
+ temp = ((temp & 0xff00ff00ff00ff00ULL) >> 8) |
+ ((temp & 0x00ff00ff00ff00ffULL) << 8);
+ return ((temp & 0xffff0000ffff0000ULL) >> 16) |
+ ((temp & 0x0000ffff0000ffffULL) << 16);
+}
+
+struct x64{
+ uint64_t a;
+ uint64_t b;
+};
+#endif
+
+void
+k5_sha512_update (SHA512_CTX *m, const void *v, size_t len)
+{
+ const unsigned char *p = v;
+ size_t old_sz = m->sz[0];
+ size_t offset;
+
+ m->sz[0] += len * 8;
+ if (m->sz[0] < old_sz)
+ ++m->sz[1];
+ offset = (old_sz / 8) % 128;
+ while(len > 0){
+ size_t l = min(len, 128 - offset);
+ memcpy(m->save + offset, p, l);
+ offset += l;
+ p += l;
+ len -= l;
+ if(offset == 128){
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+ int i;
+ uint64_t current[16];
+ struct x64 *us = (struct x64*)m->save;
+ for(i = 0; i < 8; i++){
+ current[2*i+0] = swap_uint64_t(us[i].a);
+ current[2*i+1] = swap_uint64_t(us[i].b);
+ }
+ calc(m, current);
+#else
+ calc(m, (uint64_t*)m->save);
+#endif
+ offset = 0;
+ }
+ }
+}
+
+void
+k5_sha512_final (void *res, SHA512_CTX *m)
+{
+ unsigned char zeros[128 + 16];
+ unsigned offset = (m->sz[0] / 8) % 128;
+ unsigned int dstart = (240 - offset - 1) % 128 + 1;
+
+ *zeros = 0x80;
+ memset (zeros + 1, 0, sizeof(zeros) - 1);
+ zeros[dstart+15] = (m->sz[0] >> 0) & 0xff;
+ zeros[dstart+14] = (m->sz[0] >> 8) & 0xff;
+ zeros[dstart+13] = (m->sz[0] >> 16) & 0xff;
+ zeros[dstart+12] = (m->sz[0] >> 24) & 0xff;
+ zeros[dstart+11] = (m->sz[0] >> 32) & 0xff;
+ zeros[dstart+10] = (m->sz[0] >> 40) & 0xff;
+ zeros[dstart+9] = (m->sz[0] >> 48) & 0xff;
+ zeros[dstart+8] = (m->sz[0] >> 56) & 0xff;
+
+ zeros[dstart+7] = (m->sz[1] >> 0) & 0xff;
+ zeros[dstart+6] = (m->sz[1] >> 8) & 0xff;
+ zeros[dstart+5] = (m->sz[1] >> 16) & 0xff;
+ zeros[dstart+4] = (m->sz[1] >> 24) & 0xff;
+ zeros[dstart+3] = (m->sz[1] >> 32) & 0xff;
+ zeros[dstart+2] = (m->sz[1] >> 40) & 0xff;
+ zeros[dstart+1] = (m->sz[1] >> 48) & 0xff;
+ zeros[dstart+0] = (m->sz[1] >> 56) & 0xff;
+ k5_sha512_update (m, zeros, dstart + 16);
+ {
+ int i;
+ unsigned char *r = (unsigned char*)res;
+
+ for (i = 0; i < 8; ++i) {
+ r[8*i+7] = m->counter[i] & 0xFF;
+ r[8*i+6] = (m->counter[i] >> 8) & 0xFF;
+ r[8*i+5] = (m->counter[i] >> 16) & 0xFF;
+ r[8*i+4] = (m->counter[i] >> 24) & 0xFF;
+ r[8*i+3] = (m->counter[i] >> 32) & 0XFF;
+ r[8*i+2] = (m->counter[i] >> 40) & 0xFF;
+ r[8*i+1] = (m->counter[i] >> 48) & 0xFF;
+ r[8*i] = (m->counter[i] >> 56) & 0xFF;
+ }
+ }
+}
+
+void
+k5_sha384_init (SHA384_CTX *m)
+{
+ m->sz[0] = 0;
+ m->sz[1] = 0;
+ A = 0xcbbb9d5dc1059ed8ULL;
+ B = 0x629a292a367cd507ULL;
+ C = 0x9159015a3070dd17ULL;
+ D = 0x152fecd8f70e5939ULL;
+ E = 0x67332667ffc00b31ULL;
+ F = 0x8eb44a8768581511ULL;
+ G = 0xdb0c2e0d64f98fa7ULL;
+ H = 0x47b5481dbefa4fa4ULL;
+}
+
+void
+k5_sha384_update (SHA384_CTX *m, const void *v, size_t len)
+{
+ k5_sha512_update(m, v, len);
+}
+
+void
+k5_sha384_final (void *res, SHA384_CTX *m)
+{
+ unsigned char data[SHA512_DIGEST_LENGTH];
+ k5_sha512_final(data, m);
+ memcpy(res, data, SHA384_DIGEST_LENGTH);
+}
diff --git a/src/lib/crypto/builtin/sha2/t_sha256.c b/src/lib/crypto/builtin/sha2/t_sha256.c
deleted file mode 100644
index c2da381..0000000
--- a/src/lib/crypto/builtin/sha2/t_sha256.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/builtin/sha2/t_sha256.c */
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <k5-int.h>
-#include "sha2.h"
-
-#define ONE_MILLION_A "one million a's"
-
-struct test {
- char *str;
- unsigned char hash[64];
-};
-
-struct test tests[] = {
- { "abc",
- { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
- 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
- 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
- 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad }},
- { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
- 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
- 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
- 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 }},
- { ONE_MILLION_A,
- {0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92,
- 0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67,
- 0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e,
- 0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 }},
- { NULL }
-};
-
-int
-main (void)
-{
- struct test *t;
- void *ctx = malloc(sizeof(SHA256_CTX));
- unsigned char *res = malloc(SHA256_DIGEST_LENGTH);
- char buf[1000];
-
- for (t = tests; t->str; ++t) {
-
- k5_sha256_init(ctx);
- if(strcmp(t->str, ONE_MILLION_A) == 0) {
- int i;
- memset(buf, 'a', sizeof(buf));
- for(i = 0; i < 1000; i++) {
- k5_sha256_update(ctx, buf, sizeof(buf));
- }
- } else {
- k5_sha256_update(ctx, (unsigned char *)t->str, strlen(t->str));
- }
-
- k5_sha256_final(res, ctx);
- if (memcmp (res, t->hash, SHA256_DIGEST_LENGTH) != 0) {
- int i;
-
- printf ("%s(\"%s\") failed\n", "SHA- 256", t->str);
- printf("should be: ");
- for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
- if(i > 0 && (i % 16) == 0)
- printf("\n ");
- printf("%02x ", t->hash[i]);
- }
- printf("\nresult was: ");
- for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
- if(i > 0 && (i % 16) == 0)
- printf("\n ");
- printf("%02x ", res[i]);
- }
- printf("\n");
- return 1;
- }
-
- if (memcmp (res, t->hash, SHA256_DIGEST_LENGTH) != 0) {
- printf("EVP %s failed here old function where successful!\n", "SHA-256");
- return 1;
- }
- }
- free(ctx);
- free(res);
- printf ("success\n");
- return 0;
-}
-
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index f4914d4..9da6bf7 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -21,6 +21,7 @@ EXTRADEPSRCS=\
$(srcdir)/t_crc.c \
$(srcdir)/t_mddriver.c \
$(srcdir)/t_kperf.c \
+ $(srcdir)/t_sha2.c \
$(srcdir)/t_short.c \
$(srcdir)/t_str2key.c \
$(srcdir)/t_derive.c \
@@ -37,7 +38,8 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
aes-test \
camellia-test \
t_mddriver4 t_mddriver \
- t_crc t_cts t_short t_str2key t_derive t_fork t_cf2 t_combine
+ t_crc t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2 \
+ t_combine
$(RUN_TEST) ./t_nfold
$(RUN_TEST) ./t_encrypt
$(RUN_TEST) ./t_decrypt
@@ -59,6 +61,7 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
$(RUN_TEST) $(C)t_mddriver4 -x
$(RUN_TEST) $(C)t_mddriver -x
+ $(RUN_TEST) ./t_sha2
$(RUN_TEST) ./t_short
$(RUN_TEST) ./t_str2key
$(RUN_TEST) ./t_derive
@@ -99,6 +102,10 @@ t_cts$(EXEEXT): t_cts.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_cts.$(OBJEXT) \
$(KRB5_BASE_LIBS)
+t_sha2$(EXEEXT): t_sha2.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ t_sha2.$(OBJEXT) \
+ $(KRB5_BASE_LIBS)
+
t_short$(EXEEXT): t_short.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_short.$(OBJEXT) \
$(KRB5_BASE_LIBS)
@@ -162,8 +169,8 @@ clean:
t_crc.o t_crc t_cts.o t_cts \
t_mddriver4.o t_mddriver4 t_mddriver.o t_mddriver \
t_cksum4 t_cksum4.o t_cksum5 t_cksum5.o t_cksums t_cksums.o \
- t_kperf.o t_kperf t_short t_short.o t_str2key t_str2key.o \
- t_derive t_derive.o t_fork t_fork.o \
+ t_kperf.o t_kperf t_sha2.o t_sha2 t_short t_short.o t_str2key \
+ t_str2key.o t_derive t_derive.o t_fork t_fork.o \
t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT) \
camellia-test camellia-test.o camellia-vt.txt \
t_cf2 t_cf2.o t_cf2.output t_combine.o t_combine
diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps
index e05eae3..bc5422a 100644
--- a/src/lib/crypto/crypto_tests/deps
+++ b/src/lib/crypto/crypto_tests/deps
@@ -193,6 +193,18 @@ $(OUTPRE)t_kperf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h t_kperf.c
+$(OUTPRE)t_sha2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \
+ $(srcdir)/../builtin/crypto_mod.h $(srcdir)/../builtin/sha2/sha2.h \
+ $(srcdir)/../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h t_sha2.c
$(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
diff --git a/src/lib/crypto/crypto_tests/t_sha2.c b/src/lib/crypto/crypto_tests/t_sha2.c
new file mode 100644
index 0000000..12f3286
--- /dev/null
+++ b/src/lib/crypto/crypto_tests/t_sha2.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "crypto_int.h"
+
+#define ONE_MILLION_A "one million a's"
+
+struct test {
+ char *str;
+ unsigned char hash[64];
+};
+
+struct test sha256_tests[] = {
+ { "abc",
+ { 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+ 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+ 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+ 0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad }},
+ { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ { 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+ 0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+ 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+ 0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 }},
+ { ONE_MILLION_A,
+ { 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+ 0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+ 0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+ 0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 }},
+ { NULL }
+};
+
+struct test sha384_tests[] = {
+ { "abc",
+ { 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+ 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+ 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+ 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+ 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+ 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 }},
+ { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
+ "ijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+ { 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+ 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+ 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+ 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+ 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+ 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 }},
+ { ONE_MILLION_A,
+ { 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+ 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+ 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+ 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+ 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+ 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }},
+ { NULL }
+};
+
+static int
+hash_test(const struct krb5_hash_provider *hash, struct test *tests)
+{
+ struct test *t;
+ krb5_crypto_iov iov, *iovs;
+ krb5_data hval;
+ size_t i;
+
+ if (alloc_data(&hval, hash->hashsize))
+ abort();
+ for (t = tests; t->str; ++t) {
+ if (strcmp(t->str, ONE_MILLION_A) == 0) {
+ /* Hash a million 'a's using a thousand iovs. */
+ iovs = calloc(1000, sizeof(*iovs));
+ assert(iovs != NULL);
+ for (i = 0; i < 1000; i++) {
+ iovs[i].flags = KRB5_CRYPTO_TYPE_DATA;
+ if (alloc_data(&iovs[i].data, 1000) != 0)
+ abort();
+ memset(iovs[i].data.data, 'a', 1000);
+ }
+ if (hash->hash(iovs, 1000, &hval) != 0)
+ abort();
+ if (memcmp(hval.data, t->hash, hval.length) != 0)
+ abort();
+ for (i = 0; i < 1000; i++)
+ free(iovs[i].data.data);
+ free(iovs);
+ } else {
+ /* Hash the input in the test. */
+ iov.flags = KRB5_CRYPTO_TYPE_DATA;
+ iov.data = string2data(t->str);
+ if (hash->hash(&iov, 1, &hval) != 0)
+ abort();
+ if (memcmp(hval.data, t->hash, hval.length) != 0)
+ abort();
+
+ if (hash == &krb5int_hash_sha256) {
+ /* Try again using k5_sha256(). */
+ if (k5_sha256(&iov.data, (uint8_t *)hval.data) != 0)
+ abort();
+ if (memcmp(hval.data, t->hash, hval.length) != 0)
+ abort();
+ }
+ }
+ }
+ free(hval.data);
+ return 0;
+}
+
+int
+main()
+{
+ hash_test(&krb5int_hash_sha256, sha256_tests);
+ hash_test(&krb5int_hash_sha384, sha384_tests);
+ return 0;
+}
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index 0f2e472..311d2a8 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -432,6 +432,8 @@ extern const struct krb5_hash_provider krb5int_hash_crc32;
extern const struct krb5_hash_provider krb5int_hash_md4;
extern const struct krb5_hash_provider krb5int_hash_md5;
extern const struct krb5_hash_provider krb5int_hash_sha1;
+extern const struct krb5_hash_provider krb5int_hash_sha256;
+extern const struct krb5_hash_provider krb5int_hash_sha384;
/* Modules must implement the following functions. */
diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
index 0017ade..957ed8d 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
@@ -79,6 +79,18 @@ hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
return hash_evp(EVP_sha1(), data, num_data, output);
}
+static krb5_error_code
+hash_sha256(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ return hash_evp(EVP_sha256(), data, num_data, output);
+}
+
+static krb5_error_code
+hash_sha384(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ return hash_evp(EVP_sha384(), data, num_data, output);
+}
+
const struct krb5_hash_provider krb5int_hash_md4 = {
"MD4", 16, 64, hash_md4
};
@@ -90,3 +102,11 @@ const struct krb5_hash_provider krb5int_hash_md5 = {
const struct krb5_hash_provider krb5int_hash_sha1 = {
"SHA1", 20, 64, hash_sha1
};
+
+const struct krb5_hash_provider krb5int_hash_sha256 = {
+ "SHA-256", 32, 64, hash_sha256
+};
+
+const struct krb5_hash_provider krb5int_hash_sha384 = {
+ "SHA-384", 48, 128, hash_sha384
+};
diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
index b9cbd9b..b2db6ec 100644
--- a/src/lib/crypto/openssl/hmac.c
+++ b/src/lib/crypto/openssl/hmac.c
@@ -99,6 +99,10 @@ map_digest(const struct krb5_hash_provider *hash)
{
if (!strncmp(hash->hash_name, "SHA1",4))
return EVP_sha1();
+ else if (!strncmp(hash->hash_name, "SHA-256",7))
+ return EVP_sha256();
+ else if (!strncmp(hash->hash_name, "SHA-384",7))
+ return EVP_sha384();
else if (!strncmp(hash->hash_name, "MD5", 3))
return EVP_md5();
else if (!strncmp(hash->hash_name, "MD4", 3))
More information about the cvs-krb5
mailing list