diff options
| author | Greg Hudson <ghudson@mit.edu> | 2015-12-05 19:36:41 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2016-10-03 15:38:05 -0400 |
| commit | c438227afd763997c131339c1476f61d1628a20d (patch) | |
| tree | 509928b6a40bb2846d5c4c0c8149b82e7c1dac80 | |
| parent | 54ba48419a86f1c73b4e6e11e5f2f839c16497c7 (diff) | |
| download | krb5-c438227afd763997c131339c1476f61d1628a20d.zip krb5-c438227afd763997c131339c1476f61d1628a20d.tar.gz krb5-c438227afd763997c131339c1476f61d1628a20d.tar.bz2 | |
Add libk5crypto SHA-256 and SHA-384 hash providers
Add SHA-256 and SHA-384 hash providers to each of the libk5crypto back
ends, in preparation for AES-SHA2 support. For the builtin back end,
adapt SHA-512 code from Heimdal (SHA-384 is just truncated SHA-512
with different initial values). Replace builtin/sha2/t_sha256.c with
a program under crypto_tests which tests SHA-256 and SHA-384 in all
back ends.
ticket: 8490
| -rw-r--r-- | src/lib/crypto/builtin/hash_provider/Makefile.in | 11 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/hash_provider/deps | 13 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/hash_provider/hash_sha2.c | 88 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/sha2/Makefile.in | 20 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/sha2/deps | 10 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/sha2/sha2.h | 23 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/sha2/sha512.c | 305 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/sha2/t_sha256.c | 117 | ||||
| -rw-r--r-- | src/lib/crypto/crypto_tests/Makefile.in | 13 | ||||
| -rw-r--r-- | src/lib/crypto/crypto_tests/deps | 12 | ||||
| -rw-r--r-- | src/lib/crypto/crypto_tests/t_sha2.c | 145 | ||||
| -rw-r--r-- | src/lib/crypto/krb/crypto_int.h | 2 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_evp.c | 20 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hmac.c | 4 |
14 files changed, 642 insertions, 141 deletions
diff --git a/src/lib/crypto/builtin/hash_provider/Makefile.in b/src/lib/crypto/builtin/hash_provider/Makefile.in index c665d6c..2f587a4 100644 --- a/src/lib/crypto/builtin/hash_provider/Makefile.in +++ b/src/lib/crypto/builtin/hash_provider/Makefile.in @@ -1,7 +1,7 @@ mydir=lib$(S)crypto$(S)builtin$(S)hash_provider BUILDTOP=$(REL)..$(S)..$(S)..$(S).. LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb -I$(srcdir)/../md4 \ - -I$(srcdir)/../md5 -I$(srcdir)/../sha1 + -I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../sha2 ##DOS##BUILDTOP = ..\..\..\.. ##DOS##PREFIXDIR = builtin\hash_provider @@ -11,17 +11,20 @@ STLIBOBJS= \ hash_crc32.o \ hash_md4.o \ hash_md5.o \ - hash_sha1.o + hash_sha1.o \ + hash_sha2.o OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \ $(OUTPRE)hash_md4.$(OBJEXT) \ $(OUTPRE)hash_md5.$(OBJEXT) \ - $(OUTPRE)hash_sha1.$(OBJEXT) + $(OUTPRE)hash_sha1.$(OBJEXT) \ + $(OUTPRE)hash_sha2.$(OBJEXT) SRCS= $(srcdir)/hash_crc32.c \ $(srcdir)/hash_md4.c \ $(srcdir)/hash_md5.c \ - $(srcdir)/hash_sha1.c + $(srcdir)/hash_sha1.c \ + $(srcdir)/hash_sha2.c ##DOS##LIBOBJS = $(OBJS) diff --git a/src/lib/crypto/builtin/hash_provider/deps b/src/lib/crypto/builtin/hash_provider/deps index e1f9b35..18f89b3 100644 --- a/src/lib/crypto/builtin/hash_provider/deps +++ b/src/lib/crypto/builtin/hash_provider/deps @@ -53,3 +53,16 @@ hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ hash_sha1.c +hash_sha2.so hash_sha2.po $(OUTPRE)hash_sha2.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \ + $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + hash_sha2.c diff --git a/src/lib/crypto/builtin/hash_provider/hash_sha2.c b/src/lib/crypto/builtin/hash_provider/hash_sha2.c new file mode 100644 index 0000000..ac4896d --- /dev/null +++ b/src/lib/crypto/builtin/hash_provider/hash_sha2.c @@ -0,0 +1,88 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/hash_provider/sha2.c - SHA-2 hash providers */ +/* + * Copyright (C) 2015 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "crypto_int.h" +#include "sha2.h" + +static krb5_error_code +k5_sha256_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + SHA256_CTX ctx; + size_t i; + const krb5_crypto_iov *iov; + + if (output->length != SHA256_DIGEST_LENGTH) + return KRB5_CRYPTO_INTERNAL; + + k5_sha256_init(&ctx); + for (i = 0; i < num_data; i++) { + iov = &data[i]; + if (SIGN_IOV(iov)) + k5_sha256_update(&ctx, iov->data.data, iov->data.length); + } + k5_sha256_final(output->data, &ctx); + return 0; +} + +static krb5_error_code +k5_sha384_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + SHA384_CTX ctx; + size_t i; + const krb5_crypto_iov *iov; + + if (output->length != SHA384_DIGEST_LENGTH) + return KRB5_CRYPTO_INTERNAL; + + k5_sha384_init(&ctx); + for (i = 0; i < num_data; i++) { + iov = &data[i]; + if (SIGN_IOV(iov)) + k5_sha384_update(&ctx, iov->data.data, iov->data.length); + } + k5_sha384_final(output->data, &ctx); + return 0; +} + +const struct krb5_hash_provider krb5int_hash_sha256 = { + "SHA-256", + SHA256_DIGEST_LENGTH, + SHA256_BLOCK_SIZE, + k5_sha256_hash +}; + +const struct krb5_hash_provider krb5int_hash_sha384 = { + "SHA-384", + SHA384_DIGEST_LENGTH, + SHA384_BLOCK_SIZE, + k5_sha384_hash +}; diff --git a/src/lib/crypto/builtin/sha2/Makefile.in b/src/lib/crypto/builtin/sha2/Makefile.in index d4a8ac7..c309242 100644 --- a/src/lib/crypto/builtin/sha2/Makefile.in +++ b/src/lib/crypto/builtin/sha2/Makefile.in @@ -5,11 +5,11 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S).. ##DOS##PREFIXDIR = builtin\sha2 ##DOS##OBJFILE = ..\..\$(OUTPRE)sha2.lst -STLIBOBJS= sha256.o +STLIBOBJS= sha256.o sha512.o -OBJS= $(OUTPRE)sha256.$(OBJEXT) +OBJS= $(OUTPRE)sha256.$(OBJEXT) $(OUTPRE)sha512.$(OBJEXT) -SRCS= $(srcdir)/sha256.c +SRCS= $(srcdir)/sha256.c $(srcdir)/sha512.c ##DOS##LIBOBJS = $(OBJS) @@ -19,20 +19,6 @@ includes: depend depend: $(SRCS) -t_sha256: t_sha256.o sha256.o $(SUPPORT_DEPLIB) - $(CC_LINK) -o t_sha256 t_sha256.o sha256.o $(SUPPORT_LIB) - - -$(OUTPRE)t_sha256.exe: $(OUTPRE)t_sha256.obj $(OUTPRE)sha256.obj - link -out:$@ $** - - -check-unix: t_sha256 - $(RUN_TEST) $(C)t_sha256 - -clean: - $(RM) t_sha256$(EXEEXT) t_sha256.$(OBJEXT) - clean-unix:: clean-libobjs @libobj_frag@ diff --git a/src/lib/crypto/builtin/sha2/deps b/src/lib/crypto/builtin/sha2/deps index b2be886..61b8309 100644 --- a/src/lib/crypto/builtin/sha2/deps +++ b/src/lib/crypto/builtin/sha2/deps @@ -11,3 +11,13 @@ sha256.so sha256.po $(OUTPRE)sha256.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h sha2.h sha256.c +sha512.so sha512.po $(OUTPRE)sha512.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h sha2.h sha512.c diff --git a/src/lib/crypto/builtin/sha2/sha2.h b/src/lib/crypto/builtin/sha2/sha2.h index 6c743e1..97d8505 100644 --- a/src/lib/crypto/builtin/sha2/sha2.h +++ b/src/lib/crypto/builtin/sha2/sha2.h @@ -39,6 +39,12 @@ #include <k5-int.h> #define SHA256_DIGEST_LENGTH 32 +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 + +#define SHA256_BLOCK_SIZE 64 +#define SHA384_BLOCK_SIZE 128 +#define SHA512_BLOCK_SIZE 128 struct sha256state { unsigned int sz[2]; @@ -46,10 +52,27 @@ struct sha256state { unsigned char save[64]; }; +struct sha512state { + uint64_t sz[2]; + uint64_t counter[8]; + unsigned char save[128]; +}; + +/* SHA-384 and SHA-512 use the same state object. */ typedef struct sha256state SHA256_CTX; +typedef struct sha512state SHA384_CTX; +typedef struct sha512state SHA512_CTX; void k5_sha256_init(SHA256_CTX *); void k5_sha256_update(SHA256_CTX *, const void *, size_t); void k5_sha256_final(void *, SHA256_CTX *); +void k5_sha384_init(SHA384_CTX *); +void k5_sha384_update(SHA384_CTX *, const void *, size_t); +void k5_sha384_final(void *, SHA384_CTX *); + +void k5_sha512_init(SHA512_CTX *); +void k5_sha512_update(SHA512_CTX *, const void *, size_t); +void k5_sha512_final(void *, SHA512_CTX *); + #endif /* SHA2_H */ diff --git a/src/lib/crypto/builtin/sha2/sha512.c b/src/lib/crypto/builtin/sha2/sha512.c new file mode 100644 index 0000000..8f0ce89 --- /dev/null +++ b/src/lib/crypto/builtin/sha2/sha512.c @@ -0,0 +1,305 @@ +/* + * Copyright (c) 2006, 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <k5-int.h> +#include "sha2.h" + +#ifdef K5_BE +#define WORDS_BIGENDIAN +#endif + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#define ROTR(x,n) (((x)>>(n)) | ((x) << (64 - (n)))) + +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x,1) ^ ROTR(x,8) ^ ((x)>>7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ ((x)>>6)) + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define F m->counter[5] +#define G m->counter[6] +#define H m->counter[7] + +static const uint64_t constant_512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +static inline uint64_t +cshift64 (uint64_t x, unsigned int n) +{ + return ((uint64_t)x << (uint64_t)n) | ((uint64_t)x >> ((uint64_t)64 - (uint64_t)n)); +} + +void +k5_sha512_init (SHA512_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x6a09e667f3bcc908ULL; + B = 0xbb67ae8584caa73bULL; + C = 0x3c6ef372fe94f82bULL; + D = 0xa54ff53a5f1d36f1ULL; + E = 0x510e527fade682d1ULL; + F = 0x9b05688c2b3e6c1fULL; + G = 0x1f83d9abfb41bd6bULL; + H = 0x5be0cd19137e2179ULL; +} + +static void +calc (SHA512_CTX *m, uint64_t *in) +{ + uint64_t AA, BB, CC, DD, EE, FF, GG, HH; + uint64_t data[80]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + FF = F; + GG = G; + HH = H; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 80; ++i) + data[i] = sigma1(data[i-2]) + data[i-7] + + sigma0(data[i-15]) + data[i - 16]; + + for (i = 0; i < 80; i++) { + uint64_t T1, T2; + + T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_512[i] + data[i]; + T2 = Sigma0(AA) + Maj(AA,BB,CC); + + HH = GG; + GG = FF; + FF = EE; + EE = DD + T1; + DD = CC; + CC = BB; + BB = AA; + AA = T1 + T2; + } + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; + F += FF; + G += GG; + H += HH; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu> + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline uint64_t +swap_uint64_t (uint64_t t) +{ + uint64_t temp; + + temp = cshift64(t, 32); + temp = ((temp & 0xff00ff00ff00ff00ULL) >> 8) | + ((temp & 0x00ff00ff00ff00ffULL) << 8); + return ((temp & 0xffff0000ffff0000ULL) >> 16) | + ((temp & 0x0000ffff0000ffffULL) << 16); +} + +struct x64{ + uint64_t a; + uint64_t b; +}; +#endif + +void +k5_sha512_update (SHA512_CTX *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 128; + while(len > 0){ + size_t l = min(len, 128 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 128){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + uint64_t current[16]; + struct x64 *us = (struct x64*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint64_t(us[i].a); + current[2*i+1] = swap_uint64_t(us[i].b); + } + calc(m, current); +#else + calc(m, (uint64_t*)m->save); +#endif + offset = 0; + } + } +} + +void +k5_sha512_final (void *res, SHA512_CTX *m) +{ + unsigned char zeros[128 + 16]; + unsigned offset = (m->sz[0] / 8) % 128; + unsigned int dstart = (240 - offset - 1) % 128 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+15] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+14] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+13] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+12] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+11] = (m->sz[0] >> 32) & 0xff; + zeros[dstart+10] = (m->sz[0] >> 40) & 0xff; + zeros[dstart+9] = (m->sz[0] >> 48) & 0xff; + zeros[dstart+8] = (m->sz[0] >> 56) & 0xff; + + zeros[dstart+7] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[1] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 32) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 40) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 48) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 56) & 0xff; + k5_sha512_update (m, zeros, dstart + 16); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 8; ++i) { + r[8*i+7] = m->counter[i] & 0xFF; + r[8*i+6] = (m->counter[i] >> 8) & 0xFF; + r[8*i+5] = (m->counter[i] >> 16) & 0xFF; + r[8*i+4] = (m->counter[i] >> 24) & 0xFF; + r[8*i+3] = (m->counter[i] >> 32) & 0XFF; + r[8*i+2] = (m->counter[i] >> 40) & 0xFF; + r[8*i+1] = (m->counter[i] >> 48) & 0xFF; + r[8*i] = (m->counter[i] >> 56) & 0xFF; + } + } +} + +void +k5_sha384_init (SHA384_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0xcbbb9d5dc1059ed8ULL; + B = 0x629a292a367cd507ULL; + C = 0x9159015a3070dd17ULL; + D = 0x152fecd8f70e5939ULL; + E = 0x67332667ffc00b31ULL; + F = 0x8eb44a8768581511ULL; + G = 0xdb0c2e0d64f98fa7ULL; + H = 0x47b5481dbefa4fa4ULL; +} + +void +k5_sha384_update (SHA384_CTX *m, const void *v, size_t len) +{ + k5_sha512_update(m, v, len); +} + +void +k5_sha384_final (void *res, SHA384_CTX *m) +{ + unsigned char data[SHA512_DIGEST_LENGTH]; + k5_sha512_final(data, m); + memcpy(res, data, SHA384_DIGEST_LENGTH); +} diff --git a/src/lib/crypto/builtin/sha2/t_sha256.c b/src/lib/crypto/builtin/sha2/t_sha256.c deleted file mode 100644 index c2da381..0000000 --- a/src/lib/crypto/builtin/sha2/t_sha256.c +++ /dev/null @@ -1,117 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/sha2/t_sha256.c */ -/* - * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <k5-int.h> -#include "sha2.h" - -#define ONE_MILLION_A "one million a's" - -struct test { - char *str; - unsigned char hash[64]; -}; - -struct test tests[] = { - { "abc", - { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad }}, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, - 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, - 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, - 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 }}, - { ONE_MILLION_A, - {0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92, - 0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67, - 0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e, - 0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 }}, - { NULL } -}; - -int -main (void) -{ - struct test *t; - void *ctx = malloc(sizeof(SHA256_CTX)); - unsigned char *res = malloc(SHA256_DIGEST_LENGTH); - char buf[1000]; - - for (t = tests; t->str; ++t) { - - k5_sha256_init(ctx); - if(strcmp(t->str, ONE_MILLION_A) == 0) { - int i; - memset(buf, 'a', sizeof(buf)); - for(i = 0; i < 1000; i++) { - k5_sha256_update(ctx, buf, sizeof(buf)); - } - } else { - k5_sha256_update(ctx, (unsigned char *)t->str, strlen(t->str)); - } - - k5_sha256_final(res, ctx); - if (memcmp (res, t->hash, SHA256_DIGEST_LENGTH) != 0) { - int i; - - printf ("%s(\"%s\") failed\n", "SHA- 256", t->str); - printf("should be: "); - for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) { - if(i > 0 && (i % 16) == 0) - printf("\n "); - printf("%02x ", t->hash[i]); - } - printf("\nresult was: "); - for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) { - if(i > 0 && (i % 16) == 0) - printf("\n "); - printf("%02x ", res[i]); - } - printf("\n"); - return 1; - } - - if (memcmp (res, t->hash, SHA256_DIGEST_LENGTH) != 0) { - printf("EVP %s failed here old function where successful!\n", "SHA-256"); - return 1; - } - } - free(ctx); - free(res); - printf ("success\n"); - return 0; -} - diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index f4914d4..9da6bf7 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -21,6 +21,7 @@ EXTRADEPSRCS=\ $(srcdir)/t_crc.c \ $(srcdir)/t_mddriver.c \ $(srcdir)/t_kperf.c \ + $(srcdir)/t_sha2.c \ $(srcdir)/t_short.c \ $(srcdir)/t_str2key.c \ $(srcdir)/t_derive.c \ @@ -37,7 +38,8 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ aes-test \ camellia-test \ t_mddriver4 t_mddriver \ - t_crc t_cts t_short t_str2key t_derive t_fork t_cf2 t_combine + t_crc t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2 \ + t_combine $(RUN_TEST) ./t_nfold $(RUN_TEST) ./t_encrypt $(RUN_TEST) ./t_decrypt @@ -59,6 +61,7 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt $(RUN_TEST) $(C)t_mddriver4 -x $(RUN_TEST) $(C)t_mddriver -x + $(RUN_TEST) ./t_sha2 $(RUN_TEST) ./t_short $(RUN_TEST) ./t_str2key $(RUN_TEST) ./t_derive @@ -99,6 +102,10 @@ t_cts$(EXEEXT): t_cts.$(OBJEXT) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ $(KRB5_BASE_LIBS) +t_sha2$(EXEEXT): t_sha2.$(OBJEXT) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ t_sha2.$(OBJEXT) \ + $(KRB5_BASE_LIBS) + t_short$(EXEEXT): t_short.$(OBJEXT) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ t_short.$(OBJEXT) \ $(KRB5_BASE_LIBS) @@ -162,8 +169,8 @@ clean: t_crc.o t_crc t_cts.o t_cts \ t_mddriver4.o t_mddriver4 t_mddriver.o t_mddriver \ t_cksum4 t_cksum4.o t_cksum5 t_cksum5.o t_cksums t_cksums.o \ - t_kperf.o t_kperf t_short t_short.o t_str2key t_str2key.o \ - t_derive t_derive.o t_fork t_fork.o \ + t_kperf.o t_kperf t_sha2.o t_sha2 t_short t_short.o t_str2key \ + t_str2key.o t_derive t_derive.o t_fork t_fork.o \ t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT) \ camellia-test camellia-test.o camellia-vt.txt \ t_cf2 t_cf2.o t_cf2.output t_combine.o t_combine diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps index e05eae3..bc5422a 100644 --- a/src/lib/crypto/crypto_tests/deps +++ b/src/lib/crypto/crypto_tests/deps @@ -193,6 +193,18 @@ $(OUTPRE)t_kperf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h t_kperf.c +$(OUTPRE)t_sha2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \ + $(srcdir)/../builtin/crypto_mod.h $(srcdir)/../builtin/sha2/sha2.h \ + $(srcdir)/../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h t_sha2.c $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ diff --git a/src/lib/crypto/crypto_tests/t_sha2.c b/src/lib/crypto/crypto_tests/t_sha2.c new file mode 100644 index 0000000..12f3286 --- /dev/null +++ b/src/lib/crypto/crypto_tests/t_sha2.c @@ -0,0 +1,145 @@ +/* + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <k5-int.h> +#include "crypto_int.h" + +#define ONE_MILLION_A "one million a's" + +struct test { + char *str; + unsigned char hash[64]; +}; + +struct test sha256_tests[] = { + { "abc", + { 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea, + 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23, + 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c, + 0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad }}, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + { 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8, + 0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39, + 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67, + 0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 }}, + { ONE_MILLION_A, + { 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92, + 0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67, + 0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e, + 0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 }}, + { NULL } +}; + +struct test sha384_tests[] = { + { "abc", + { 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b, + 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07, + 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63, + 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed, + 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23, + 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 }}, + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno" + "ijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + { 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8, + 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47, + 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2, + 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12, + 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9, + 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 }}, + { ONE_MILLION_A, + { 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb, + 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c, + 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52, + 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b, + 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb, + 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }}, + { NULL } +}; + +static int +hash_test(const struct krb5_hash_provider *hash, struct test *tests) +{ + struct test *t; + krb5_crypto_iov iov, *iovs; + krb5_data hval; + size_t i; + + if (alloc_data(&hval, hash->hashsize)) + abort(); + for (t = tests; t->str; ++t) { + if (strcmp(t->str, ONE_MILLION_A) == 0) { + /* Hash a million 'a's using a thousand iovs. */ + iovs = calloc(1000, sizeof(*iovs)); + assert(iovs != NULL); + for (i = 0; i < 1000; i++) { + iovs[i].flags = KRB5_CRYPTO_TYPE_DATA; + if (alloc_data(&iovs[i].data, 1000) != 0) + abort(); + memset(iovs[i].data.data, 'a', 1000); + } + if (hash->hash(iovs, 1000, &hval) != 0) + abort(); + if (memcmp(hval.data, t->hash, hval.length) != 0) + abort(); + for (i = 0; i < 1000; i++) + free(iovs[i].data.data); + free(iovs); + } else { + /* Hash the input in the test. */ + iov.flags = KRB5_CRYPTO_TYPE_DATA; + iov.data = string2data(t->str); + if (hash->hash(&iov, 1, &hval) != 0) + abort(); + if (memcmp(hval.data, t->hash, hval.length) != 0) + abort(); + + if (hash == &krb5int_hash_sha256) { + /* Try again using k5_sha256(). */ + if (k5_sha256(&iov.data, (uint8_t *)hval.data) != 0) + abort(); + if (memcmp(hval.data, t->hash, hval.length) != 0) + abort(); + } + } + } + free(hval.data); + return 0; +} + +int +main() +{ + hash_test(&krb5int_hash_sha256, sha256_tests); + hash_test(&krb5int_hash_sha384, sha384_tests); + return 0; +} diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index 0f2e472..311d2a8 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -432,6 +432,8 @@ extern const struct krb5_hash_provider krb5int_hash_crc32; extern const struct krb5_hash_provider krb5int_hash_md4; extern const struct krb5_hash_provider krb5int_hash_md5; extern const struct krb5_hash_provider krb5int_hash_sha1; +extern const struct krb5_hash_provider krb5int_hash_sha256; +extern const struct krb5_hash_provider krb5int_hash_sha384; /* Modules must implement the following functions. */ diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c index 0017ade..957ed8d 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_evp.c +++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c @@ -79,6 +79,18 @@ hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) return hash_evp(EVP_sha1(), data, num_data, output); } +static krb5_error_code +hash_sha256(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_evp(EVP_sha256(), data, num_data, output); +} + +static krb5_error_code +hash_sha384(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_evp(EVP_sha384(), data, num_data, output); +} + const struct krb5_hash_provider krb5int_hash_md4 = { "MD4", 16, 64, hash_md4 }; @@ -90,3 +102,11 @@ const struct krb5_hash_provider krb5int_hash_md5 = { const struct krb5_hash_provider krb5int_hash_sha1 = { "SHA1", 20, 64, hash_sha1 }; + +const struct krb5_hash_provider krb5int_hash_sha256 = { + "SHA-256", 32, 64, hash_sha256 +}; + +const struct krb5_hash_provider krb5int_hash_sha384 = { + "SHA-384", 48, 128, hash_sha384 +}; diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c index b9cbd9b..b2db6ec 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -99,6 +99,10 @@ map_digest(const struct krb5_hash_provider *hash) { if (!strncmp(hash->hash_name, "SHA1",4)) return EVP_sha1(); + else if (!strncmp(hash->hash_name, "SHA-256",7)) + return EVP_sha256(); + else if (!strncmp(hash->hash_name, "SHA-384",7)) + return EVP_sha384(); else if (!strncmp(hash->hash_name, "MD5", 3)) return EVP_md5(); else if (!strncmp(hash->hash_name, "MD4", 3)) |