diff options
author | Joe Orton <joe@manyfish.uk> | 2021-01-23 14:26:33 +0000 |
---|---|---|
committer | Joe Orton <joe@manyfish.uk> | 2021-01-23 14:26:33 +0000 |
commit | dac1a6b26e1060e7171754e03e53c371b798a687 (patch) | |
tree | f1f72f70fa47c383d1c90f49ce99eaa2a0f8a255 | |
parent | c7d9eb7e8f9295bcd9352aed10dae183d9f600ca (diff) | |
download | neon-git-dac1a6b26e1060e7171754e03e53c371b798a687.tar.gz |
Support SHA-512 (in addition to SHA-512/256) with ne_strhash().
* src/ne_string.h (NE_HASH_SHA512): New constant.
* src/ne_gnutls.c (ne_vstrhash): Support SHA-512.
* src/ne_openssl.c (ne_vstrhash): Support SHA-512.
* test/string-tests.c (strhash_sha_512): Add test case.
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | src/ne_gnutls.c | 1 | ||||
-rw-r--r-- | src/ne_openssl.c | 1 | ||||
-rw-r--r-- | src/ne_string.h | 5 | ||||
-rw-r--r-- | test/string-tests.c | 26 |
5 files changed, 32 insertions, 6 deletions
@@ -11,9 +11,8 @@ Changes in release 0.32.0: * New interfaces and features: - ne_string.h: added ne_strhash(), ne_vstrhash(), ne_strparam() - ne_auth.h: added RFC 7616 (Digest authentication) support, - including userhash=, username*= and SHA-2-256/512-256 algorithms - (SHA-2 requires GnuTLS/OpenSSL). added NE_AUTH_WEAK_DIGEST - to re-enable RFC 2069 Digest support. + including userhash=, username*= and SHA-2 algorithms + (SHA-2 requires GnuTLS/OpenSSL). added NE_AUTH_LEGACY_DIGEST - ne_auth.h: added ne_add_auth() unified auth callback interface, accepts (only) UTF-8 usernames, uses a larger password buffer, and has different/improved attempt counter semantics. diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index d709590..df11785 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -1519,6 +1519,7 @@ char *ne_vstrhash(unsigned int flags, va_list ap) switch (flags & NE_HASH_ALGMASK) { case NE_HASH_MD5: alg = GNUTLS_DIG_MD5; break; case NE_HASH_SHA256: alg = GNUTLS_DIG_SHA256; break; + case NE_HASH_SHA512: alg = GNUTLS_DIG_SHA512; break; default: return NULL; } diff --git a/src/ne_openssl.c b/src/ne_openssl.c index b6da323..0ba868c 100644 --- a/src/ne_openssl.c +++ b/src/ne_openssl.c @@ -1151,6 +1151,7 @@ char *ne_vstrhash(unsigned int flags, va_list ap) case NE_HASH_MD5: md = EVP_md5(); break; case NE_HASH_SHA256: md = EVP_sha256(); break; #ifdef HAVE_OPENSSL11 + case NE_HASH_SHA512: md = EVP_sha512(); break; case NE_HASH_SHA512_256: md = EVP_sha512_256(); break; #endif default: return NULL; diff --git a/src/ne_string.h b/src/ne_string.h index 01b69a4..c96536b 100644 --- a/src/ne_string.h +++ b/src/ne_string.h @@ -154,8 +154,9 @@ char *ne_concat(const char *str, ...) /* Hash algorithms: */ #define NE_HASH_MD5 (0x0001) /* MD5 */ -#define NE_HASH_SHA256 (0x0002) /* SHA-2-256 */ -#define NE_HASH_SHA512_256 (0x0003) /* SHA-2-512 */ +#define NE_HASH_SHA256 (0x0002) /* SHA-256 (SHA-2) */ +#define NE_HASH_SHA512 (0x0003) /* SHA-512 (SHA-2) */ +#define NE_HASH_SHA512_256 (0x0004) /* SHA-512/256 (SHA-2) */ /* Optional hash output formatting options: */ #define NE_HASH_COLON (0x1000) /* Colon-separated pairs */ diff --git a/test/string-tests.c b/test/string-tests.c index a82f84f..2bfd911 100644 --- a/test/string-tests.c +++ b/test/string-tests.c @@ -700,6 +700,14 @@ static int strhash_sha_256(void) return OK; } +/* NIST examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf */ +#define TEST1_512 "abc" +#define TEST1_512_MDC "dd:af:35:a1:93:61:7a:ba:cc:41:73:49:ae:20:41:31:12:e6:fa:4e:89:a9:7e:a2:0a:9e:ee:e6:4b:55:d3:9a:21:92:99:2a:27:4f:c1:a8:36:ba:3c:23:a3:fe:eb:bd:45:4d:44:23:64:3c:e8:0e:2a:9a:c9:4f:a5:4c:a4:9f" +#define TEST2_512_1 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrl" +#define TEST2_512_2 "mnopqrsmnopqrstnopqrstu" +#define TEST2_512_MD "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" + + /* NIST examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf */ #define TEST1_512_256 "abc" #define TEST1_512_256_MD "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23" @@ -708,6 +716,22 @@ static int strhash_sha_256(void) #define TEST2_512_256_MD "3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a" #define TEST2_512_256_MDC "39:28:e1:84:fb:86:90:f8:40:da:39:88:12:1d:31:be:65:cb:9d:3e:f8:3e:e6:14:6f:ea:c8:61:e1:9b:56:3a" +static int strhash_sha_512(void) +{ + char *p = ne_strhash(NE_HASH_SHA512, "", NULL); + + if (p == NULL) { + t_context("SHA-2-512 not supported"); + return SKIP; + } + ne_free(p); + + ONVEC((NE_HASH_SHA512|NE_HASH_COLON, TEST1_512, NULL), TEST1_512_MDC); + ONVEC((NE_HASH_SHA512, TEST2_512_1, TEST2_512_2, NULL), TEST2_512_MD); + + return OK; +} + static int strhash_sha_512_256(void) { char *p = ne_strhash(NE_HASH_SHA512_256, "", NULL); @@ -757,7 +781,6 @@ static int strparam(void) return OK; } - ne_test tests[] = { T(simple), T(buf_concat), @@ -788,6 +811,7 @@ ne_test tests[] = { T(qappend), T(strhash), T(strhash_sha_256), + T(strhash_sha_512), T(strhash_sha_512_256), T(strparam), T(NULL) |