diff --git a/lib/asn1/krb5.asn1 b/lib/asn1/krb5.asn1 index 17f08247e..b36e60c6b 100644 --- a/lib/asn1/krb5.asn1 +++ b/lib/asn1/krb5.asn1 @@ -250,7 +250,10 @@ CKSUMTYPE ::= INTEGER { CKSUMTYPE_HMAC_SHA384_192_AES256(20), CKSUMTYPE_GSSAPI(0x8003), CKSUMTYPE_HMAC_MD5(-138), -- unofficial microsoft number - CKSUMTYPE_HMAC_MD5_ENC(-1138) -- even more unofficial + CKSUMTYPE_HMAC_MD5_ENC(-1138), -- even more unofficial + CKSUMTYPE_SHA256(-21), + CKSUMTYPE_SHA384(-22), + CKSUMTYPE_SHA512(-23) } --enctypes diff --git a/lib/krb5/crypto-algs.c b/lib/krb5/crypto-algs.c index c0540257a..eb21fcef0 100644 --- a/lib/krb5/crypto-algs.c +++ b/lib/krb5/crypto-algs.c @@ -55,7 +55,10 @@ struct _krb5_checksum_type *_krb5_checksum_types[] = { &_krb5_checksum_hmac_sha1_aes256, &_krb5_checksum_hmac_sha256_128_aes128, &_krb5_checksum_hmac_sha384_192_aes256, - &_krb5_checksum_hmac_md5 + &_krb5_checksum_hmac_md5, + &_krb5_checksum_sha256, + &_krb5_checksum_sha384, + &_krb5_checksum_sha512 }; int _krb5_num_checksums diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index bdcc59e7f..75b5d6aa7 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -167,23 +167,45 @@ _key_schedule(krb5_context context, ************************************************************/ static krb5_error_code -SHA1_checksum(krb5_context context, - krb5_crypto crypto, - struct _krb5_key_data *key, - unsigned usage, - const struct krb5_crypto_iov *iov, - int niov, - Checksum *C) +EVP_unkeyed_checksum(krb5_context context, + krb5_crypto crypto, + struct _krb5_key_data *key, + unsigned usage, + const struct krb5_crypto_iov *iov, + int niov, + Checksum *C, + const EVP_MD *md) { if (_krb5_evp_digest_iov(crypto, iov, niov, C->checksum.data, NULL, - EVP_sha1(), NULL) != 1) - krb5_abortx(context, "sha1 checksum failed"); + md, NULL) != 1) + krb5_abortx(context, "unkeyed checksum failed"); return 0; } +#define EVP_SHA_CHECKSUM(name) \ + \ + static krb5_error_code \ + SHA ## name ##_checksum(krb5_context context, \ + krb5_crypto crypto, \ + struct _krb5_key_data *key, \ + unsigned usage, \ + const struct krb5_crypto_iov *iov, \ + int niov, \ + Checksum *C) \ + { \ + return EVP_unkeyed_checksum(context, crypto, key, \ + usage, iov, niov, \ + C, EVP_sha##name()); \ + } + +EVP_SHA_CHECKSUM(1) +EVP_SHA_CHECKSUM(256) +EVP_SHA_CHECKSUM(384) +EVP_SHA_CHECKSUM(512) + /* HMAC according to RFC2104 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_internal_hmac_iov(krb5_context context, @@ -369,15 +391,21 @@ _krb5_SP_HMAC_SHA1_verify(krb5_context context, return 0; } -struct _krb5_checksum_type _krb5_checksum_sha1 = { - CKSUMTYPE_SHA1, - "sha1", - 64, - 20, - F_CPROOF, - SHA1_checksum, - NULL -}; +#define SHA_CHECKSUM(name, blocksize, outputsize) \ + struct _krb5_checksum_type _krb5_checksum_sha##name = { \ + CKSUMTYPE_SHA##name, \ + "sha" #name, \ + blocksize, \ + outputsize, \ + F_CPROOF, \ + SHA##name##_checksum, \ + NULL \ + }; + +SHA_CHECKSUM(1, 64, 20); +SHA_CHECKSUM(256, 64, 32); +SHA_CHECKSUM(384, 128, 48); +SHA_CHECKSUM(512, 128, 64); KRB5_LIB_FUNCTION struct _krb5_checksum_type * KRB5_LIB_CALL _krb5_find_checksum(krb5_cksumtype type) diff --git a/lib/krb5/crypto.h b/lib/krb5/crypto.h index 7bde0bef2..f20bbaf18 100644 --- a/lib/krb5/crypto.h +++ b/lib/krb5/crypto.h @@ -151,7 +151,9 @@ extern struct _krb5_checksum_type _krb5_checksum_hmac_sha256_128_aes128; extern struct _krb5_checksum_type _krb5_checksum_hmac_sha384_192_aes256; extern struct _krb5_checksum_type _krb5_checksum_hmac_md5; extern struct _krb5_checksum_type _krb5_checksum_sha1; -extern struct _krb5_checksum_type _krb5_checksum_sha2; +extern struct _krb5_checksum_type _krb5_checksum_sha256; +extern struct _krb5_checksum_type _krb5_checksum_sha384; +extern struct _krb5_checksum_type _krb5_checksum_sha512; extern struct _krb5_checksum_type *_krb5_checksum_types[]; extern int _krb5_num_checksums;