diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2015-08-06 15:02:25 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-08-06 15:02:25 -0400 |
| commit | 7310bf39e0b6729bafc138631304b8e1edde839f (patch) | |
| tree | 89027a1af6abaf330996c142a96bbe8df0ced3ee /Utility | |
| parent | 9cd989ff0da857fad0d04f2961a0e1baa62d26b0 (diff) | |
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library.
While cryptohash has SHA3 support, it has not been updated for the final
version of the spec. Note that cryptonite has not been ported to all arches
that cryptohash builds on yet.
Diffstat (limited to 'Utility')
| -rw-r--r-- | Utility/Hash.hs | 76 | ||||
| -rw-r--r-- | Utility/WebApp.hs | 4 |
2 files changed, 57 insertions, 23 deletions
diff --git a/Utility/Hash.hs b/Utility/Hash.hs index f960a134f..12f92024f 100644 --- a/Utility/Hash.hs +++ b/Utility/Hash.hs @@ -1,11 +1,23 @@ -{- Convenience wrapper around cryptohash. -} +{- Convenience wrapper around cryptohash/cryptonite. + - + - SHA3 hashes are currently only enabled when using cryptonite, + - because of https://github.com/vincenthz/hs-cryptohash/issues/36 + -} + +{-# LANGUAGE CPP #-} module Utility.Hash ( sha1, - sha224, - sha256, - sha384, - sha512, + sha2_224, + sha2_256, + sha2_384, + sha2_512, +#ifdef WITH_CRYPTONITE + sha3_224, + sha3_256, + sha3_384, + sha3_512, +#endif skein256, skein512, md5, @@ -20,25 +32,38 @@ import qualified Data.Text as T import qualified Data.Text.Encoding as T import qualified Data.ByteString as S import Crypto.Hash +#ifdef WITH_CRYPTONITE +import Crypto.MAC.HMAC +#endif sha1 :: L.ByteString -> Digest SHA1 sha1 = hashlazy -sha224 :: L.ByteString -> Digest SHA224 -sha224 = hashlazy +sha2_224 :: L.ByteString -> Digest SHA224 +sha2_224 = hashlazy + +sha2_256 :: L.ByteString -> Digest SHA256 +sha2_256 = hashlazy -sha256 :: L.ByteString -> Digest SHA256 -sha256 = hashlazy +sha2_384 :: L.ByteString -> Digest SHA384 +sha2_384 = hashlazy -sha384 :: L.ByteString -> Digest SHA384 -sha384 = hashlazy +sha2_512 :: L.ByteString -> Digest SHA512 +sha2_512 = hashlazy -sha512 :: L.ByteString -> Digest SHA512 -sha512 = hashlazy +#ifdef WITH_CRYPTONITE +sha3_224 :: L.ByteString -> Digest SHA3_224 +sha3_224 = hashlazy --- sha3 is not yet fully standardized ---sha3 :: L.ByteString -> Digest SHA3 ---sha3 = hashlazy +sha3_256 :: L.ByteString -> Digest SHA3_256 +sha3_256 = hashlazy + +sha3_384 :: L.ByteString -> Digest SHA3_384 +sha3_384 = hashlazy + +sha3_512 :: L.ByteString -> Digest SHA3_512 +sha3_512 = hashlazy +#endif skein256 :: L.ByteString -> Digest Skein256_256 skein256 = hashlazy @@ -53,12 +78,18 @@ md5 = hashlazy prop_hashes_stable :: Bool prop_hashes_stable = all (\(hasher, result) -> hasher foo == result) [ (show . sha1, "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33") - , (show . sha224, "0808f64e60d58979fcb676c96ec938270dea42445aeefcd3a4e6f8db") - , (show . sha256, "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae") - , (show . sha384, "98c11ffdfdd540676b1a137cb1a22b2a70350c9a44171d6b1180c6be5cbb2ee3f79d532c8a1dd9ef2e8e08e752a3babb") - , (show . sha512, "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7") + , (show . sha2_224, "0808f64e60d58979fcb676c96ec938270dea42445aeefcd3a4e6f8db") + , (show . sha2_256, "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae") + , (show . sha2_384, "98c11ffdfdd540676b1a137cb1a22b2a70350c9a44171d6b1180c6be5cbb2ee3f79d532c8a1dd9ef2e8e08e752a3babb") + , (show . sha2_512, "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7") , (show . skein256, "a04efd9a0aeed6ede40fe5ce0d9361ae7b7d88b524aa19917b9315f1ecf00d33") , (show . skein512, "fd8956898113510180aa4658e6c0ac85bd74fb47f4a4ba264a6b705d7a8e8526756e75aecda12cff4f1aca1a4c2830fbf57f458012a66b2b15a3dd7d251690a7") +#ifdef WITH_CRYPTONITE + , (show . sha3_224, "f4f6779e153c391bbd29c95e72b0708e39d9166c7cea51d1f10ef58a") + , (show . sha3_256, "76d3bc41c9f588f7fcd0d5bf4718f8f84b1c41b20882703100b9eb9413807c01") + , (show . sha3_384, "665551928d13b7d84ee02734502b018d896a0fb87eed5adb4c87ba91bbd6489410e11b0fbcc06ed7d0ebad559e5d3bb5") + , (show . sha3_512, "4bca2b137edc580fe50a88983ef860ebaca36c857b1f492839d6d7392452a63c82cbebc68e3b70a2a1480b4bb5d437a7cba6ecf9d89f9ff3ccd14cd6146ea7e7") +#endif , (show . md5, "acbd18db4cc2f85cedef654fccc4a4d8") ] where @@ -83,7 +114,10 @@ calcMac mac = case mac of HmacSha384 -> use SHA384 HmacSha512 -> use SHA512 where - use alg k m = show (hmacGetDigest (hmacAlg alg k m)) + use alg k m = show (hmacGetDigest (hmacWitnessAlg alg k m)) + + hmacWitnessAlg :: HashAlgorithm a => a -> S.ByteString -> S.ByteString -> HMAC a + hmacWitnessAlg _ = hmac -- Check that all the MACs continue to produce the same. prop_mac_stable :: Bool diff --git a/Utility/WebApp.hs b/Utility/WebApp.hs index ce6a61c42..1a068a9b2 100644 --- a/Utility/WebApp.hs +++ b/Utility/WebApp.hs @@ -185,7 +185,7 @@ fromAuthToken = TE.decodeLatin1 . toBytes fromAuthToken = id #endif -{- Generates a random sha512 string, encapsulated in a SecureMem, +{- Generates a random sha2_512 string, encapsulated in a SecureMem, - suitable to be used for an authentication secret. -} genAuthToken :: IO AuthToken genAuthToken = do @@ -193,7 +193,7 @@ genAuthToken = do return $ case genBytes 512 g of Left e -> error $ "failed to generate auth token: " ++ show e - Right (s, _) -> toAuthToken $ T.pack $ show $ sha512 $ L.fromChunks [s] + Right (s, _) -> toAuthToken $ T.pack $ show $ sha2_512 $ L.fromChunks [s] {- A Yesod isAuthorized method, which checks the auth cgi parameter - against a token extracted from the Yesod application. |