mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-11-29 01:03:57 +03:00
Add SHA2 algorithms for HMAC
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Dirkjan Bussink
committed by
Andreas Schneider
Andreas Schneider
parent
d6e6a453fc
commit
4a08902664
@@ -36,6 +36,8 @@
|
|||||||
|
|
||||||
typedef SHA_CTX* SHACTX;
|
typedef SHA_CTX* SHACTX;
|
||||||
typedef SHA256_CTX* SHA256CTX;
|
typedef SHA256_CTX* SHA256CTX;
|
||||||
|
typedef SHA512_CTX* SHA384CTX;
|
||||||
|
typedef SHA512_CTX* SHA512CTX;
|
||||||
typedef MD5_CTX* MD5CTX;
|
typedef MD5_CTX* MD5CTX;
|
||||||
typedef HMAC_CTX* HMACCTX;
|
typedef HMAC_CTX* HMACCTX;
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
@@ -45,6 +47,9 @@ typedef void *EVPCTX;
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||||
|
#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
|
||||||
|
#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH
|
||||||
|
#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH
|
||||||
#ifdef MD5_DIGEST_LEN
|
#ifdef MD5_DIGEST_LEN
|
||||||
#undef MD5_DIGEST_LEN
|
#undef MD5_DIGEST_LEN
|
||||||
#endif
|
#endif
|
||||||
@@ -84,6 +89,14 @@ SHA256CTX sha256_init(void);
|
|||||||
void sha256_update(SHA256CTX c, const void *data, unsigned long len);
|
void sha256_update(SHA256CTX c, const void *data, unsigned long len);
|
||||||
void sha256_final(unsigned char *md, SHA256CTX c);
|
void sha256_final(unsigned char *md, SHA256CTX c);
|
||||||
|
|
||||||
|
SHA384CTX sha384_init(void);
|
||||||
|
void sha384_update(SHA384CTX c, const void *data, unsigned long len);
|
||||||
|
void sha384_final(unsigned char *md, SHA384CTX c);
|
||||||
|
|
||||||
|
SHA512CTX sha512_init(void);
|
||||||
|
void sha512_update(SHA512CTX c, const void *data, unsigned long len);
|
||||||
|
void sha512_final(unsigned char *md, SHA512CTX c);
|
||||||
|
|
||||||
struct ssh_cipher_struct *ssh_get_ciphertab(void);
|
struct ssh_cipher_struct *ssh_get_ciphertab(void);
|
||||||
|
|
||||||
#endif /* HAVE_LIBCRYPTO */
|
#endif /* HAVE_LIBCRYPTO */
|
||||||
|
|||||||
@@ -27,6 +27,9 @@
|
|||||||
|
|
||||||
#include <gcrypt.h>
|
#include <gcrypt.h>
|
||||||
typedef gcry_md_hd_t SHACTX;
|
typedef gcry_md_hd_t SHACTX;
|
||||||
|
typedef gcry_md_hd_t SHA256CTX;
|
||||||
|
typedef gcry_md_hd_t SHA384CTX;
|
||||||
|
typedef gcry_md_hd_t SHA512CTX;
|
||||||
typedef gcry_md_hd_t MD5CTX;
|
typedef gcry_md_hd_t MD5CTX;
|
||||||
typedef gcry_md_hd_t HMACCTX;
|
typedef gcry_md_hd_t HMACCTX;
|
||||||
typedef void *EVPCTX;
|
typedef void *EVPCTX;
|
||||||
@@ -34,11 +37,14 @@ typedef void *EVPCTX;
|
|||||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||||
#define MD5_DIGEST_LEN 16
|
#define MD5_DIGEST_LEN 16
|
||||||
#define SHA256_DIGEST_LENGTH 32
|
#define SHA256_DIGEST_LENGTH 32
|
||||||
|
#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
|
||||||
#define SHA384_DIGEST_LENGTH 48
|
#define SHA384_DIGEST_LENGTH 48
|
||||||
|
#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH
|
||||||
#define SHA512_DIGEST_LENGTH 64
|
#define SHA512_DIGEST_LENGTH 64
|
||||||
|
#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH
|
||||||
|
|
||||||
#ifndef EVP_MAX_MD_SIZE
|
#ifndef EVP_MAX_MD_SIZE
|
||||||
#define EVP_MAX_MD_SIZE 36
|
#define EVP_MAX_MD_SIZE 64
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
|
#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
|
||||||
|
|||||||
@@ -34,6 +34,9 @@ enum ssh_mac_e {
|
|||||||
|
|
||||||
enum ssh_hmac_e {
|
enum ssh_hmac_e {
|
||||||
SSH_HMAC_SHA1 = 1,
|
SSH_HMAC_SHA1 = 1,
|
||||||
|
SSH_HMAC_SHA256,
|
||||||
|
SSH_HMAC_SHA384,
|
||||||
|
SSH_HMAC_SHA512,
|
||||||
SSH_HMAC_MD5
|
SSH_HMAC_MD5
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -46,12 +49,27 @@ typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
|
|||||||
MD5CTX md5_init(void);
|
MD5CTX md5_init(void);
|
||||||
void md5_update(MD5CTX c, const void *data, unsigned long len);
|
void md5_update(MD5CTX c, const void *data, unsigned long len);
|
||||||
void md5_final(unsigned char *md,MD5CTX c);
|
void md5_final(unsigned char *md,MD5CTX c);
|
||||||
|
|
||||||
SHACTX sha1_init(void);
|
SHACTX sha1_init(void);
|
||||||
void sha1_update(SHACTX c, const void *data, unsigned long len);
|
void sha1_update(SHACTX c, const void *data, unsigned long len);
|
||||||
void sha1_final(unsigned char *md,SHACTX c);
|
void sha1_final(unsigned char *md,SHACTX c);
|
||||||
void sha1(unsigned char *digest,int len,unsigned char *hash);
|
void sha1(unsigned char *digest,int len,unsigned char *hash);
|
||||||
|
|
||||||
|
SHA256CTX sha256_init(void);
|
||||||
|
void sha256_update(SHA256CTX c, const void *data, unsigned long len);
|
||||||
|
void sha256_final(unsigned char *md,SHA256CTX c);
|
||||||
void sha256(unsigned char *digest, int len, unsigned char *hash);
|
void sha256(unsigned char *digest, int len, unsigned char *hash);
|
||||||
|
|
||||||
|
SHA384CTX sha384_init(void);
|
||||||
|
void sha384_update(SHA384CTX c, const void *data, unsigned long len);
|
||||||
|
void sha384_final(unsigned char *md,SHA384CTX c);
|
||||||
|
void sha384(unsigned char *digest, int len, unsigned char *hash);
|
||||||
|
|
||||||
|
SHA512CTX sha512_init(void);
|
||||||
|
void sha512_update(SHA512CTX c, const void *data, unsigned long len);
|
||||||
|
void sha512_final(unsigned char *md,SHA512CTX c);
|
||||||
|
void sha512(unsigned char *digest, int len, unsigned char *hash);
|
||||||
|
|
||||||
void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen);
|
void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen);
|
||||||
EVPCTX evp_init(int nid);
|
EVPCTX evp_init(int nid);
|
||||||
void evp_update(EVPCTX ctx, const void *data, unsigned long len);
|
void evp_update(EVPCTX ctx, const void *data, unsigned long len);
|
||||||
|
|||||||
@@ -65,6 +65,8 @@ struct ssh_mac_ctx_struct {
|
|||||||
union {
|
union {
|
||||||
SHACTX sha1_ctx;
|
SHACTX sha1_ctx;
|
||||||
SHA256CTX sha256_ctx;
|
SHA256CTX sha256_ctx;
|
||||||
|
SHA384CTX sha384_ctx;
|
||||||
|
SHA512CTX sha512_ctx;
|
||||||
} ctx;
|
} ctx;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -181,6 +183,52 @@ void sha256(unsigned char *digest, int len, unsigned char *hash) {
|
|||||||
SHA256(digest, len, hash);
|
SHA256(digest, len, hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SHA384CTX sha384_init(void){
|
||||||
|
SHA384CTX c = malloc(sizeof(*c));
|
||||||
|
if (c == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
SHA384_Init(c);
|
||||||
|
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha384_update(SHA384CTX c, const void *data, unsigned long len){
|
||||||
|
SHA384_Update(c,data,len);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha384_final(unsigned char *md, SHA384CTX c) {
|
||||||
|
SHA384_Final(md, c);
|
||||||
|
SAFE_FREE(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha384(unsigned char *digest, int len, unsigned char *hash) {
|
||||||
|
SHA384(digest, len, hash);
|
||||||
|
}
|
||||||
|
|
||||||
|
SHA512CTX sha512_init(void){
|
||||||
|
SHA512CTX c = malloc(sizeof(*c));
|
||||||
|
if (c == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
SHA512_Init(c);
|
||||||
|
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha512_update(SHA512CTX c, const void *data, unsigned long len){
|
||||||
|
SHA512_Update(c,data,len);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha512_final(unsigned char *md, SHA512CTX c) {
|
||||||
|
SHA512_Final(md, c);
|
||||||
|
SAFE_FREE(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha512(unsigned char *digest, int len, unsigned char *hash) {
|
||||||
|
SHA512(digest, len, hash);
|
||||||
|
}
|
||||||
|
|
||||||
MD5CTX md5_init(void) {
|
MD5CTX md5_init(void) {
|
||||||
MD5CTX c = malloc(sizeof(*c));
|
MD5CTX c = malloc(sizeof(*c));
|
||||||
if (c == NULL) {
|
if (c == NULL) {
|
||||||
@@ -212,7 +260,11 @@ ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type){
|
|||||||
ctx->ctx.sha256_ctx = sha256_init();
|
ctx->ctx.sha256_ctx = sha256_init();
|
||||||
return ctx;
|
return ctx;
|
||||||
case SSH_MAC_SHA384:
|
case SSH_MAC_SHA384:
|
||||||
|
ctx->ctx.sha384_ctx = sha384_init();
|
||||||
|
return ctx;
|
||||||
case SSH_MAC_SHA512:
|
case SSH_MAC_SHA512:
|
||||||
|
ctx->ctx.sha512_ctx = sha512_init();
|
||||||
|
return ctx;
|
||||||
default:
|
default:
|
||||||
SAFE_FREE(ctx);
|
SAFE_FREE(ctx);
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -228,7 +280,11 @@ void ssh_mac_update(ssh_mac_ctx ctx, const void *data, unsigned long len) {
|
|||||||
sha256_update(ctx->ctx.sha256_ctx, data, len);
|
sha256_update(ctx->ctx.sha256_ctx, data, len);
|
||||||
break;
|
break;
|
||||||
case SSH_MAC_SHA384:
|
case SSH_MAC_SHA384:
|
||||||
|
sha384_update(ctx->ctx.sha384_ctx, data, len);
|
||||||
|
break;
|
||||||
case SSH_MAC_SHA512:
|
case SSH_MAC_SHA512:
|
||||||
|
sha512_update(ctx->ctx.sha512_ctx, data, len);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -243,7 +299,11 @@ void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) {
|
|||||||
sha256_final(md,ctx->ctx.sha256_ctx);
|
sha256_final(md,ctx->ctx.sha256_ctx);
|
||||||
break;
|
break;
|
||||||
case SSH_MAC_SHA384:
|
case SSH_MAC_SHA384:
|
||||||
|
sha384_final(md,ctx->ctx.sha384_ctx);
|
||||||
|
break;
|
||||||
case SSH_MAC_SHA512:
|
case SSH_MAC_SHA512:
|
||||||
|
sha512_final(md,ctx->ctx.sha512_ctx);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -266,6 +326,15 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
|
|||||||
case SSH_HMAC_SHA1:
|
case SSH_HMAC_SHA1:
|
||||||
HMAC_Init(ctx, key, len, EVP_sha1());
|
HMAC_Init(ctx, key, len, EVP_sha1());
|
||||||
break;
|
break;
|
||||||
|
case SSH_HMAC_SHA256:
|
||||||
|
HMAC_Init(ctx, key, len, EVP_sha256());
|
||||||
|
break;
|
||||||
|
case SSH_HMAC_SHA384:
|
||||||
|
HMAC_Init(ctx, key, len, EVP_sha384());
|
||||||
|
break;
|
||||||
|
case SSH_HMAC_SHA512:
|
||||||
|
HMAC_Init(ctx, key, len, EVP_sha512());
|
||||||
|
break;
|
||||||
case SSH_HMAC_MD5:
|
case SSH_HMAC_MD5:
|
||||||
HMAC_Init(ctx, key, len, EVP_md5());
|
HMAC_Init(ctx, key, len, EVP_md5());
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -69,10 +69,69 @@ void sha1(unsigned char *digest, int len, unsigned char *hash) {
|
|||||||
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
|
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SHA256CTX sha256_init(void) {
|
||||||
|
SHA256CTX ctx = NULL;
|
||||||
|
gcry_md_open(&ctx, GCRY_MD_SHA256, 0);
|
||||||
|
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha256_update(SHACTX c, const void *data, unsigned long len) {
|
||||||
|
gcry_md_write(c, data, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha256_final(unsigned char *md, SHACTX c) {
|
||||||
|
gcry_md_final(c);
|
||||||
|
memcpy(md, gcry_md_read(c, 0), SHA256_DIGEST_LEN);
|
||||||
|
gcry_md_close(c);
|
||||||
|
}
|
||||||
|
|
||||||
void sha256(unsigned char *digest, int len, unsigned char *hash){
|
void sha256(unsigned char *digest, int len, unsigned char *hash){
|
||||||
gcry_md_hash_buffer(GCRY_MD_SHA256, hash, digest, len);
|
gcry_md_hash_buffer(GCRY_MD_SHA256, hash, digest, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SHA384CTX sha384_init(void) {
|
||||||
|
SHA384CTX ctx = NULL;
|
||||||
|
gcry_md_open(&ctx, GCRY_MD_SHA384, 0);
|
||||||
|
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha384_update(SHACTX c, const void *data, unsigned long len) {
|
||||||
|
gcry_md_write(c, data, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha384_final(unsigned char *md, SHACTX c) {
|
||||||
|
gcry_md_final(c);
|
||||||
|
memcpy(md, gcry_md_read(c, 0), SHA384_DIGEST_LEN);
|
||||||
|
gcry_md_close(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha384(unsigned char *digest, int len, unsigned char *hash) {
|
||||||
|
gcry_md_hash_buffer(GCRY_MD_SHA384, hash, digest, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
SHA512CTX sha512_init(void) {
|
||||||
|
SHA512CTX ctx = NULL;
|
||||||
|
gcry_md_open(&ctx, GCRY_MD_SHA512, 0);
|
||||||
|
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha512_update(SHACTX c, const void *data, unsigned long len) {
|
||||||
|
gcry_md_write(c, data, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha512_final(unsigned char *md, SHACTX c) {
|
||||||
|
gcry_md_final(c);
|
||||||
|
memcpy(md, gcry_md_read(c, 0), SHA512_DIGEST_LEN);
|
||||||
|
gcry_md_close(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sha512(unsigned char *digest, int len, unsigned char *hash) {
|
||||||
|
gcry_md_hash_buffer(GCRY_MD_SHA512, hash, digest, len);
|
||||||
|
}
|
||||||
|
|
||||||
MD5CTX md5_init(void) {
|
MD5CTX md5_init(void) {
|
||||||
MD5CTX c = NULL;
|
MD5CTX c = NULL;
|
||||||
gcry_md_open(&c, GCRY_MD_MD5, 0);
|
gcry_md_open(&c, GCRY_MD_MD5, 0);
|
||||||
@@ -124,13 +183,13 @@ void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) {
|
|||||||
len=SHA_DIGEST_LEN;
|
len=SHA_DIGEST_LEN;
|
||||||
break;
|
break;
|
||||||
case SSH_MAC_SHA256:
|
case SSH_MAC_SHA256:
|
||||||
len=SHA256_DIGEST_LENGTH;
|
len=SHA256_DIGEST_LEN;
|
||||||
break;
|
break;
|
||||||
case SSH_MAC_SHA384:
|
case SSH_MAC_SHA384:
|
||||||
len=SHA384_DIGEST_LENGTH;
|
len=SHA384_DIGEST_LEN;
|
||||||
break;
|
break;
|
||||||
case SSH_MAC_SHA512:
|
case SSH_MAC_SHA512:
|
||||||
len=SHA512_DIGEST_LENGTH;
|
len=SHA512_DIGEST_LEN;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
gcry_md_final(ctx->ctx);
|
gcry_md_final(ctx->ctx);
|
||||||
@@ -146,6 +205,15 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
|
|||||||
case SSH_HMAC_SHA1:
|
case SSH_HMAC_SHA1:
|
||||||
gcry_md_open(&c, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
|
gcry_md_open(&c, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
|
||||||
break;
|
break;
|
||||||
|
case SSH_HMAC_SHA256:
|
||||||
|
gcry_md_open(&c, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
|
||||||
|
break;
|
||||||
|
case SSH_HMAC_SHA384:
|
||||||
|
gcry_md_open(&c, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
|
||||||
|
break;
|
||||||
|
case SSH_HMAC_SHA512:
|
||||||
|
gcry_md_open(&c, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
|
||||||
|
break;
|
||||||
case SSH_HMAC_MD5:
|
case SSH_HMAC_MD5:
|
||||||
gcry_md_open(&c, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
|
gcry_md_open(&c, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user