Add support for HMAC-SHA512.

I saw a post on comp.security.ssh just now where someone had encountered an SSH server that would _only_ speak that, which makes it worth bothering to implement. The totally obvious implementation works, and passes the test cases from RFC 6234.
2025-07-01 03:22:48 -05:00 · 2023-04-21 20:17:43 +01:00
parent d67c13eeb8
commit b77e985513
6 changed files with 44 additions and 8 deletions
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@ -160,6 +160,22 @@ static const char *hmac_text_name(ssh2_mac *mac)
    return ctx->text_name->s;
 }

+static const struct hmac_extra ssh_hmac_sha512_extra = { &ssh_sha512, "" };
+const ssh2_macalg ssh_hmac_sha512 = {
+    .new = hmac_new,
+    .free = hmac_free,
+    .setkey = hmac_key,
+    .start = hmac_start,
+    .genresult = hmac_genresult,
+    .next_message = nullmac_next_message,
+    .text_name = hmac_text_name,
+    .name = "hmac-sha2-512",
+    .etm_name = "hmac-sha2-512-etm@openssh.com",
+    .len = 64,
+    .keylen = 64,
+    .extra = &ssh_hmac_sha512_extra,
+};
+
 static const struct hmac_extra ssh_hmac_sha256_extra = { &ssh_sha256, "" };
 const ssh2_macalg ssh_hmac_sha256 = {
    .new = hmac_new,