nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 09:27:59 +00:00
Code Issues Projects Releases Wiki Activity
43cdc3d910
putty-source/sshsh512.c

353 lines
10 KiB
C
Raw Normal View History

Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
/*
* SHA-512 algorithm as described at
Whitespace rationalisation of entire code base. The number of people has been steadily increasing who read our source code with an editor that thinks tab stops are 4 spaces apart, as opposed to the traditional tty-derived 8 that the PuTTY code expects. So I've been wondering for ages about just fixing it, and switching to a spaces-only policy throughout the code. And I recently found out about 'git blame -w', which should make this change not too disruptive for the purposes of source-control archaeology; so perhaps now is the time. While I'm at it, I've also taken the opportunity to remove all the trailing spaces from source lines (on the basis that git dislikes them, and is the only thing that seems to have a strong opinion one way or the other). Apologies to anyone downstream of this code who has complicated patch sets to rebase past this change. I don't intend it to be needed again.
2019-09-08 19:29:00 +00:00
*
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
* http://csrc.nist.gov/cryptval/shs.html
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
*
* Modifications made for SHA-384 also
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
*/
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
#include <assert.h>
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
#include "ssh.h"
#define BLKSIZE 128
Access all hashes and MACs through the standard API. All the hash-specific state structures, and the functions that directly accessed them, are now local to the source files implementing the hashes themselves. Everywhere we previously used those types or functions, we're now using the standard ssh_hash or ssh2_mac API. The 'simple' functions (hmacmd5_simple, SHA_Simple etc) are now a pair of wrappers in sshauxcrypt.c, each of which takes an algorithm structure and can do the same conceptual thing regardless of what it is.
2019-01-20 16:15:14 +00:00
typedef struct {
uint64_t h[8];
Expose blocklen in the ssh_hash structure. Keeping that information alongside the hashes themselves seems more sensible than having the HMAC code know that fact about everything it can work with.
2019-01-21 19:04:22 +00:00
unsigned char block[BLKSIZE];
Access all hashes and MACs through the standard API. All the hash-specific state structures, and the functions that directly accessed them, are now local to the source files implementing the hashes themselves. Everywhere we previously used those types or functions, we're now using the standard ssh_hash or ssh2_mac API. The 'simple' functions (hmacmd5_simple, SHA_Simple etc) are now a pair of wrappers in sshauxcrypt.c, each of which takes an algorithm structure and can do the same conceptual thing regardless of what it is.
2019-01-20 16:15:14 +00:00
int blkused;
uint64_t lenhi, lenlo;
BinarySink_IMPLEMENTATION;
} SHA512_State;
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
/* ----------------------------------------------------------------------
* Core SHA512 algorithm: processes 16-doubleword blocks into a
* message digest.
*/
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
static inline uint64_t ror(uint64_t x, unsigned y)
{
return (x << (63 & -y)) | (x >> (63 & y));
}
static inline uint64_t Ch(uint64_t ctrl, uint64_t if1, uint64_t if0)
{
return if0 ^ (ctrl & (if1 ^ if0));
}
static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
{
return (x & y) | (z & (x | y));
}
static inline uint64_t Sigma_0(uint64_t x)
{
return ror(x,28) ^ ror(x,34) ^ ror(x,39);
}
static inline uint64_t Sigma_1(uint64_t x)
{
return ror(x,14) ^ ror(x,18) ^ ror(x,41);
}
static inline uint64_t sigma_0(uint64_t x)
{
return ror(x,1) ^ ror(x,8) ^ (x >> 7);
}
static inline uint64_t sigma_1(uint64_t x)
{
return ror(x,19) ^ ror(x,61) ^ (x >> 6);
}
static inline void SHA512_Round(
unsigned round_index, const uint64_t *round_constants,
const uint64_t *schedule,
uint64_t *a, uint64_t *b, uint64_t *c, uint64_t *d,
uint64_t *e, uint64_t *f, uint64_t *g, uint64_t *h)
{
uint64_t t1 = *h + Sigma_1(*e) + Ch(*e,*f,*g) +
round_constants[round_index] + schedule[round_index];
uint64_t t2 = Sigma_0(*a) + Maj(*a,*b,*c);
*d += t1;
*h = t1 + t2;
}
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
SHA512_Core_Init() and SHA512_Block() are unused outside this file. Make them static. [originally from svn r2484]
2003-01-05 23:34:00 +00:00
static void SHA512_Core_Init(SHA512_State *s) {
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
static const uint64_t iv[] = {
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
0x6a09e667f3bcc908ULL,
0xbb67ae8584caa73bULL,
0x3c6ef372fe94f82bULL,
0xa54ff53a5f1d36f1ULL,
0x510e527fade682d1ULL,
0x9b05688c2b3e6c1fULL,
0x1f83d9abfb41bd6bULL,
0x5be0cd19137e2179ULL,
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
};
int i;
for (i = 0; i < 8; i++)
Whitespace rationalisation of entire code base. The number of people has been steadily increasing who read our source code with an editor that thinks tab stops are 4 spaces apart, as opposed to the traditional tty-derived 8 that the PuTTY code expects. So I've been wondering for ages about just fixing it, and switching to a spaces-only policy throughout the code. And I recently found out about 'git blame -w', which should make this change not too disruptive for the purposes of source-control archaeology; so perhaps now is the time. While I'm at it, I've also taken the opportunity to remove all the trailing spaces from source lines (on the basis that git dislikes them, and is the only thing that seems to have a strong opinion one way or the other). Apologies to anyone downstream of this code who has complicated patch sets to rebase past this change. I don't intend it to be needed again.
2019-09-08 19:29:00 +00:00
s->h[i] = iv[i];
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
}
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
static void SHA384_Core_Init(SHA512_State *s) {
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
static const uint64_t iv[] = {
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
0xcbbb9d5dc1059ed8ULL,
0x629a292a367cd507ULL,
0x9159015a3070dd17ULL,
0x152fecd8f70e5939ULL,
0x67332667ffc00b31ULL,
0x8eb44a8768581511ULL,
0xdb0c2e0d64f98fa7ULL,
0x47b5481dbefa4fa4ULL,
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
};
int i;
for (i = 0; i < 8; i++)
s->h[i] = iv[i];
}
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
static void SHA512_Block(SHA512_State *s, uint64_t *block) {
uint64_t w[80];
uint64_t a,b,c,d,e,f,g,h;
static const uint64_t k[] = {
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
};
int t;
for (t = 0; t < 16; t++)
w[t] = block[t];
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
for (t = 16; t < 80; t++)
w[t] = w[t-16] + w[t-7] + sigma_0(w[t-15]) + sigma_1(w[t-2]);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
a = s->h[0]; b = s->h[1]; c = s->h[2]; d = s->h[3];
e = s->h[4]; f = s->h[5]; g = s->h[6]; h = s->h[7];
for (t = 0; t < 80; t+=8) {
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
SHA512_Round(t+0, k,w, &a,&b,&c,&d,&e,&f,&g,&h);
SHA512_Round(t+1, k,w, &h,&a,&b,&c,&d,&e,&f,&g);
SHA512_Round(t+2, k,w, &g,&h,&a,&b,&c,&d,&e,&f);
SHA512_Round(t+3, k,w, &f,&g,&h,&a,&b,&c,&d,&e);
SHA512_Round(t+4, k,w, &e,&f,&g,&h,&a,&b,&c,&d);
SHA512_Round(t+5, k,w, &d,&e,&f,&g,&h,&a,&b,&c);
SHA512_Round(t+6, k,w, &c,&d,&e,&f,&g,&h,&a,&b);
SHA512_Round(t+7, k,w, &b,&c,&d,&e,&f,&g,&h,&a);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
}
Tidy up arithmetic in the SHA-512 implementation. It was written in an awkward roundabout way involving all the arithmetic being done in horrible macros looking like assembler instructions, and lots of explicit temp variables. That's because, when I originally wrote it, I needed it to compile on platforms without a 64-bit integer type. In commit a647f2ba11 I switched it over to using uint64_t, but I did it in a way that made minimal change to the code structure, by rewriting the insides of those macros to contain ordinary uint64_t arithmetic instead of faffing about with 32-bit halves. So it worked, but it still looked disgusting. Now I've reworked it so that individual arithmetic operations are written directly in the sensible way, and the more complicated SHA-specific operations are written as inline functions instead of macros.
2020-12-24 10:52:48 +00:00
s->h[0] += a; s->h[1] += b; s->h[2] += c; s->h[3] += d;
s->h[4] += e; s->h[5] += f; s->h[6] += g; s->h[7] += h;
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
}
/* ----------------------------------------------------------------------
* Outer SHA512 algorithm: take an arbitrary length byte string,
* convert it into 16-doubleword blocks with the prescribed padding
* at the end, and pass those blocks to the core SHA512 algorithm.
*/
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
static void SHA512_BinarySink_write(BinarySink *bs,
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
const void *p, size_t len);
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
Add lots of missing 'static' keywords. A trawl through the code with -Wmissing-prototypes and -Wmissing-variable-declarations turned up a lot of things that should have been internal to a particular source file, but were accidentally global. Keep the namespace clean by making them all static. (Also, while I'm here, a couple of them were missing a 'const': the ONE and ZERO arrays in sshcrcda.c, and EMPTY_WINDOW_TITLE in terminal.c.)
2020-01-29 06:22:01 +00:00
static void SHA512_Init(SHA512_State *s) {
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
SHA512_Core_Init(s);
s->blkused = 0;
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
s->lenhi = s->lenlo = 0;
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
BinarySink_INIT(s, SHA512_BinarySink_write);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
}
Add lots of missing 'static' keywords. A trawl through the code with -Wmissing-prototypes and -Wmissing-variable-declarations turned up a lot of things that should have been internal to a particular source file, but were accidentally global. Keep the namespace clean by making them all static. (Also, while I'm here, a couple of them were missing a 'const': the ONE and ZERO arrays in sshcrcda.c, and EMPTY_WINDOW_TITLE in terminal.c.)
2020-01-29 06:22:01 +00:00
static void SHA384_Init(SHA512_State *s) {
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
SHA384_Core_Init(s);
s->blkused = 0;
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
s->lenhi = s->lenlo = 0;
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
BinarySink_INIT(s, SHA512_BinarySink_write);
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
}
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
static void SHA512_BinarySink_write(BinarySink *bs,
const void *p, size_t len)
{
SHA512_State *s = BinarySink_DOWNCAST(bs, SHA512_State);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
unsigned char *q = (unsigned char *)p;
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
uint64_t wordblock[16];
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
int i;
/*
* Update the length field.
*/
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
s->lenlo += len;
s->lenhi += (s->lenlo < len);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
if (s->blkused && s->blkused+len < BLKSIZE) {
/*
* Trivial case: just add to the block.
*/
memcpy(s->block + s->blkused, q, len);
s->blkused += len;
} else {
/*
* We must complete and process at least one block.
*/
while (s->blkused + len >= BLKSIZE) {
memcpy(s->block + s->blkused, q, BLKSIZE - s->blkused);
q += BLKSIZE - s->blkused;
len -= BLKSIZE - s->blkused;
/* Now process the block. Gather bytes big-endian into words */
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
for (i = 0; i < 16; i++)
wordblock[i] = GET_64BIT_MSB_FIRST(s->block + i*8);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
SHA512_Block(s, wordblock);
s->blkused = 0;
}
memcpy(s->block, q, len);
s->blkused = len;
}
}
Add lots of missing 'static' keywords. A trawl through the code with -Wmissing-prototypes and -Wmissing-variable-declarations turned up a lot of things that should have been internal to a particular source file, but were accidentally global. Keep the namespace clean by making them all static. (Also, while I'm here, a couple of them were missing a 'const': the ONE and ZERO arrays in sshcrcda.c, and EMPTY_WINDOW_TITLE in terminal.c.)
2020-01-29 06:22:01 +00:00
static void SHA512_Final(SHA512_State *s, unsigned char *digest) {
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
int i;
int pad;
unsigned char c[BLKSIZE];
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
uint64_t lenhi, lenlo;
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
if (s->blkused >= BLKSIZE-16)
pad = (BLKSIZE-16) + BLKSIZE - s->blkused;
else
pad = (BLKSIZE-16) - s->blkused;
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
lenhi = (s->lenhi << 3) | (s->lenlo >> (32-3));
lenlo = (s->lenlo << 3);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
memset(c, 0, pad);
c[0] = 0x80;
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
put_data(s, &c, pad);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
put_uint64(s, lenhi);
put_uint64(s, lenlo);
for (i = 0; i < 8; i++)
PUT_64BIT_MSB_FIRST(digest + i*8, s->h[i]);
Destroy DOS line endings and unnecessary redefinition of uint32. [originally from svn r1289]
2001-09-23 16:45:36 +00:00
}
Add lots of missing 'static' keywords. A trawl through the code with -Wmissing-prototypes and -Wmissing-variable-declarations turned up a lot of things that should have been internal to a particular source file, but were accidentally global. Keep the namespace clean by making them all static. (Also, while I'm here, a couple of them were missing a 'const': the ONE and ZERO arrays in sshcrcda.c, and EMPTY_WINDOW_TITLE in terminal.c.)
2020-01-29 06:22:01 +00:00
static void SHA384_Final(SHA512_State *s, unsigned char *digest) {
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
unsigned char biggerDigest[512 / 8];
SHA512_Final(s, biggerDigest);
memcpy(digest, biggerDigest, 384 / 8);
}
/*
* Thin abstraction for things where hashes are pluggable.
*/
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
struct sha512_hash {
SHA512_State state;
ssh_hash hash;
};
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
Remove a lot of pointless 'struct' keywords. This is the commit that f3295e0fb _should_ have been. Yesterday I just added some typedefs so that I didn't have to wear out my fingers typing 'struct' in new code, but what I ought to have done is to move all the typedefs into defs.h with the rest, and then go through cleaning up the legacy 'struct's all through the existing code. But I was mostly trying to concentrate on getting the test suite finished, so I just did the minimum. Now it's time to come back and do it better.
2019-01-04 06:51:44 +00:00
static ssh_hash *sha512_new(const ssh_hashalg *alg)
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
{
struct sha512_hash *h = snew(struct sha512_hash);
h->hash.vt = alg;
BinarySink_DELEGATE_INIT(&h->hash, &h->state);
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
return ssh_hash_reset(&h->hash);
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
}
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
static void sha512_reset(ssh_hash *hash)
Add copy and free methods to 'struct ssh_hash'. This permits a hash state to be cloned in the middle of being used, so that multiple strings with the same prefix can be hashed without having to repeat all the computation over the prefix. Having done that, we'll also sometimes need to free a hash state that we aren't generating actual hash output from, so we need a free method as well.
2015-08-21 22:13:59 +00:00
{
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
struct sha512_hash *h = container_of(hash, struct sha512_hash, hash);
SHA512_Init(&h->state);
}
Add copy and free methods to 'struct ssh_hash'. This permits a hash state to be cloned in the middle of being used, so that multiple strings with the same prefix can be hashed without having to repeat all the computation over the prefix. Having done that, we'll also sometimes need to free a hash state that we aren't generating actual hash output from, so we need a free method as well.
2015-08-21 22:13:59 +00:00
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
static void sha512_copyfrom(ssh_hash *hashnew, ssh_hash *hashold)
{
struct sha512_hash *hold = container_of(hashold, struct sha512_hash, hash);
struct sha512_hash *hnew = container_of(hashnew, struct sha512_hash, hash);
Add copy and free methods to 'struct ssh_hash'. This permits a hash state to be cloned in the middle of being used, so that multiple strings with the same prefix can be hashed without having to repeat all the computation over the prefix. Having done that, we'll also sometimes need to free a hash state that we aren't generating actual hash output from, so we need a free method as well.
2015-08-21 22:13:59 +00:00
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
hnew->state = hold->state;
BinarySink_COPIED(&hnew->state);
Add copy and free methods to 'struct ssh_hash'. This permits a hash state to be cloned in the middle of being used, so that multiple strings with the same prefix can be hashed without having to repeat all the computation over the prefix. Having done that, we'll also sometimes need to free a hash state that we aren't generating actual hash output from, so we need a free method as well.
2015-08-21 22:13:59 +00:00
}
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
static void sha512_free(ssh_hash *hash)
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct sha512_hash *h = container_of(hash, struct sha512_hash, hash);
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
smemclr(h, sizeof(*h));
sfree(h);
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
}
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
static void sha512_digest(ssh_hash *hash, unsigned char *output)
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct sha512_hash *h = container_of(hash, struct sha512_hash, hash);
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
SHA512_Final(&h->state, output);
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
}
Remove a lot of pointless 'struct' keywords. This is the commit that f3295e0fb _should_ have been. Yesterday I just added some typedefs so that I didn't have to wear out my fingers typing 'struct' in new code, but what I ought to have done is to move all the typedefs into defs.h with the rest, and then go through cleaning up the legacy 'struct's all through the existing code. But I was mostly trying to concentrate on getting the test suite finished, so I just did the minimum. Now it's time to come back and do it better.
2019-01-04 06:51:44 +00:00
const ssh_hashalg ssh_sha512 = {
Change vtable defs to use C99 designated initialisers. This is a sweeping change applied across the whole code base by a spot of Emacs Lisp. Now, everywhere I declare a vtable filled with function pointers (and the occasional const data member), all the members of the vtable structure are initialised by name using the '.fieldname = value' syntax introduced in C99. We were already using this syntax for a handful of things in the new key-generation progress report system, so it's not new to the code base as a whole. The advantage is that now, when a vtable only declares a subset of the available fields, I can initialise the rest to NULL or zero just by leaving them out. This is most dramatic in a couple of the outlying vtables in things like psocks (which has a ConnectionLayerVtable containing only one non-NULL method), but less dramatically, it means that the new 'flags' field in BackendVtable can be completely left out of every backend definition except for the SUPDUP one which defines it to a nonzero value. Similarly, the test_for_upstream method only used by SSH doesn't have to be mentioned in the rest of the backends; network Plugs for listening sockets don't have to explicitly null out 'receive' and 'sent', and vice versa for 'accepting', and so on. While I'm at it, I've normalised the declarations so they don't use the unnecessarily verbose 'struct' keyword. Also a handful of them weren't const; now they are.
2020-03-10 21:06:29 +00:00
.new = sha512_new,
.reset = sha512_reset,
.copyfrom = sha512_copyfrom,
.digest = sha512_digest,
.free = sha512_free,
.hlen = 64,
.blocklen = BLKSIZE,
HASHALG_NAMES_BARE("SHA-512"),
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
};
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
static void sha384_reset(ssh_hash *hash)
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
{
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
struct sha512_hash *h = container_of(hash, struct sha512_hash, hash);
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
SHA384_Init(&h->state);
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
}
Refactor the ssh_hash vtable. (NFC) The idea is to arrange that an ssh_hash object can be reused without having to free it and allocate a new one. So the 'final' method has been replaced with 'digest', which does everything except the trailing free; and there's also a new pair of methods 'reset' and 'copyfrom' which overwrite the state of a hash with either the starting state or a copy of another state. Meanwhile, the 'new' allocator function has stopped performing 'reset' as a side effect; now it _just_ does the administrative stuff (allocation, setting up vtables), and returns an object which isn't yet ready to receive any actual data, expecting that the caller will either reset it or copy another hash state into it. In particular, that means that the SHA-384 / SHA-512 pair no longer need separate 'new' methods, because only the 'reset' part has to change between them. This commit makes no change to the user-facing API of wrapper functions in ssh.h, except to add new functions which nothing yet calls. The user-facing ssh_hash_new() calls the new and reset methods in succession, and the copy and final methods still exist to do new+copy and digest+free.
2019-12-15 09:30:10 +00:00
static void sha384_digest(ssh_hash *hash, unsigned char *output)
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct sha512_hash *h = container_of(hash, struct sha512_hash, hash);
Turn SSH hashes into a classoid. The new version of ssh_hash has the same nice property as ssh2_mac, that I can make the generic interface object type function directly as a BinarySink so that clients don't have to call h->sink() and worry about the separate sink object they get back from that.
2018-09-13 15:41:46 +00:00
SHA384_Final(&h->state, output);
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
}
Remove a lot of pointless 'struct' keywords. This is the commit that f3295e0fb _should_ have been. Yesterday I just added some typedefs so that I didn't have to wear out my fingers typing 'struct' in new code, but what I ought to have done is to move all the typedefs into defs.h with the rest, and then go through cleaning up the legacy 'struct's all through the existing code. But I was mostly trying to concentrate on getting the test suite finished, so I just did the minimum. Now it's time to come back and do it better.
2019-01-04 06:51:44 +00:00
const ssh_hashalg ssh_sha384 = {
Change vtable defs to use C99 designated initialisers. This is a sweeping change applied across the whole code base by a spot of Emacs Lisp. Now, everywhere I declare a vtable filled with function pointers (and the occasional const data member), all the members of the vtable structure are initialised by name using the '.fieldname = value' syntax introduced in C99. We were already using this syntax for a handful of things in the new key-generation progress report system, so it's not new to the code base as a whole. The advantage is that now, when a vtable only declares a subset of the available fields, I can initialise the rest to NULL or zero just by leaving them out. This is most dramatic in a couple of the outlying vtables in things like psocks (which has a ConnectionLayerVtable containing only one non-NULL method), but less dramatically, it means that the new 'flags' field in BackendVtable can be completely left out of every backend definition except for the SUPDUP one which defines it to a nonzero value. Similarly, the test_for_upstream method only used by SSH doesn't have to be mentioned in the rest of the backends; network Plugs for listening sockets don't have to explicitly null out 'receive' and 'sent', and vice versa for 'accepting', and so on. While I'm at it, I've normalised the declarations so they don't use the unnecessarily verbose 'struct' keyword. Also a handful of them weren't const; now they are.
2020-03-10 21:06:29 +00:00
.new = sha512_new,
.reset = sha384_reset,
.copyfrom = sha512_copyfrom,
.digest = sha384_digest,
.free = sha512_free,
.hlen = 48,
.blocklen = BLKSIZE,
HASHALG_NAMES_BARE("SHA-384"),
Provide SHA-384 and SHA-512 as hashes usable in SSH KEX. SHA-384 was previously not implemented at all, but is a trivial adjustment to SHA-512 (different starting constants, and truncate the output hash). Both are now exposed as 'ssh_hash' structures so that key exchange methods can ask for them.
2014-11-01 08:59:25 +00:00
};
Reference in New Issue Copy Permalink