Support SHA-512 (in addition to SHA-512/256) with ne_strhash().

* src/ne_string.h (NE_HASH_SHA512): New constant. * src/ne_gnutls.c (ne_vstrhash): Support SHA-512. * src/ne_openssl.c (ne_vstrhash): Support SHA-512. * test/string-tests.c (strhash_sha_512): Add test case.
author: Joe Orton <joe@manyfish.uk> 2021-01-23 14:26:33 +0000
committer: Joe Orton <joe@manyfish.uk> 2021-01-23 14:26:33 +0000
commit: dac1a6b26e1060e7171754e03e53c371b798a687 (patch)
tree: f1f72f70fa47c383d1c90f49ce99eaa2a0f8a255
parent: c7d9eb7e8f9295bcd9352aed10dae183d9f600ca (diff)
download: neon-git-dac1a6b26e1060e7171754e03e53c371b798a687.tar.gz
5 files changed, 32 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 0e52098..873a73a 100644
--- a/NEWS
+++ b/NEWS
@@ -11,9 +11,8 @@ Changes in release 0.32.0:
 * New interfaces and features:
  - ne_string.h: added ne_strhash(), ne_vstrhash(), ne_strparam()
  - ne_auth.h: added RFC 7616 (Digest authentication) support,
-   including userhash=, username*= and SHA-2-256/512-256 algorithms
-   (SHA-2 requires GnuTLS/OpenSSL).  added NE_AUTH_WEAK_DIGEST
-   to re-enable RFC 2069 Digest support.
+   including userhash=, username*= and SHA-2 algorithms
+   (SHA-2 requires GnuTLS/OpenSSL).  added NE_AUTH_LEGACY_DIGEST
  - ne_auth.h: added ne_add_auth() unified auth callback interface,
    accepts (only) UTF-8 usernames, uses a larger password buffer,
    and has different/improved attempt counter semantics.
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
index d709590..df11785 100644
--- a/src/ne_gnutls.c
+++ b/src/ne_gnutls.c
@@ -1519,6 +1519,7 @@ char *ne_vstrhash(unsigned int flags, va_list ap)
     switch (flags & NE_HASH_ALGMASK) {
     case NE_HASH_MD5: alg = GNUTLS_DIG_MD5; break;
     case NE_HASH_SHA256: alg = GNUTLS_DIG_SHA256; break;
+    case NE_HASH_SHA512: alg = GNUTLS_DIG_SHA512; break;
     default: return NULL;
     }
 
diff --git a/src/ne_openssl.c b/src/ne_openssl.c
index b6da323..0ba868c 100644
--- a/src/ne_openssl.c
+++ b/src/ne_openssl.c
@@ -1151,6 +1151,7 @@ char *ne_vstrhash(unsigned int flags, va_list ap)
     case NE_HASH_MD5: md = EVP_md5(); break;
     case NE_HASH_SHA256: md = EVP_sha256(); break;
 #ifdef HAVE_OPENSSL11
+    case NE_HASH_SHA512: md = EVP_sha512(); break;
     case NE_HASH_SHA512_256: md = EVP_sha512_256(); break;
 #endif
     default: return NULL;
diff --git a/src/ne_string.h b/src/ne_string.h
index 01b69a4..c96536b 100644
--- a/src/ne_string.h
+++ b/src/ne_string.h
@@ -154,8 +154,9 @@ char *ne_concat(const char *str, ...)
 
 /* Hash algorithms: */
 #define NE_HASH_MD5        (0x0001) /* MD5 */
-#define NE_HASH_SHA256     (0x0002) /* SHA-2-256 */
-#define NE_HASH_SHA512_256 (0x0003) /* SHA-2-512 */
+#define NE_HASH_SHA256     (0x0002) /* SHA-256 (SHA-2) */
+#define NE_HASH_SHA512     (0x0003) /* SHA-512 (SHA-2) */
+#define NE_HASH_SHA512_256 (0x0004) /* SHA-512/256 (SHA-2) */
 
 /* Optional hash output formatting options: */
 #define NE_HASH_COLON      (0x1000) /* Colon-separated pairs */
diff --git a/test/string-tests.c b/test/string-tests.c
index a82f84f..2bfd911 100644
--- a/test/string-tests.c
+++ b/test/string-tests.c
@@ -700,6 +700,14 @@ static int strhash_sha_256(void)
     return OK;
 }
 
+/* NIST examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf */
+#define TEST1_512 "abc"
+#define TEST1_512_MDC "dd:af:35:a1:93:61:7a:ba:cc:41:73:49:ae:20:41:31:12:e6:fa:4e:89:a9:7e:a2:0a:9e:ee:e6:4b:55:d3:9a:21:92:99:2a:27:4f:c1:a8:36:ba:3c:23:a3:fe:eb:bd:45:4d:44:23:64:3c:e8:0e:2a:9a:c9:4f:a5:4c:a4:9f"
+#define TEST2_512_1 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrl"
+#define TEST2_512_2 "mnopqrsmnopqrstnopqrstu"
+#define TEST2_512_MD "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"
+
+
 /* NIST examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf */
 #define TEST1_512_256 "abc"
 #define TEST1_512_256_MD "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23"
@@ -708,6 +716,22 @@ static int strhash_sha_256(void)
 #define TEST2_512_256_MD "3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a"
 #define TEST2_512_256_MDC "39:28:e1:84:fb:86:90:f8:40:da:39:88:12:1d:31:be:65:cb:9d:3e:f8:3e:e6:14:6f:ea:c8:61:e1:9b:56:3a"
 
+static int strhash_sha_512(void)
+{
+    char *p = ne_strhash(NE_HASH_SHA512, "", NULL);
+
+    if (p == NULL) {
+        t_context("SHA-2-512 not supported");
+        return SKIP;
+    }
+    ne_free(p);
+
+    ONVEC((NE_HASH_SHA512|NE_HASH_COLON, TEST1_512, NULL), TEST1_512_MDC);
+    ONVEC((NE_HASH_SHA512, TEST2_512_1, TEST2_512_2, NULL), TEST2_512_MD);
+
+    return OK;
+}
+
 static int strhash_sha_512_256(void)
 {
     char *p = ne_strhash(NE_HASH_SHA512_256, "", NULL);
@@ -757,7 +781,6 @@ static int strparam(void)
     return OK;
 }
 
-
 ne_test tests[] = {
     T(simple),
     T(buf_concat),
@@ -788,6 +811,7 @@ ne_test tests[] = {
     T(qappend),
     T(strhash),
     T(strhash_sha_256),
+    T(strhash_sha_512),
     T(strhash_sha_512_256),
     T(strparam),
     T(NULL)
author	Joe Orton <joe@manyfish.uk>	2021-01-23 14:26:33 +0000
committer	Joe Orton <joe@manyfish.uk>	2021-01-23 14:26:33 +0000
commit	dac1a6b26e1060e7171754e03e53c371b798a687 (patch)
tree	f1f72f70fa47c383d1c90f49ce99eaa2a0f8a255
parent	c7d9eb7e8f9295bcd9352aed10dae183d9f600ca (diff)
download	neon-git-dac1a6b26e1060e7171754e03e53c371b798a687.tar.gz