Bill Sommerfeld wrote: > It appears that PKCS #11 v2.20 Amendment 3 now includes identifiers for > the SHA-224 algorithm specified in rfc3874 and in an amendment to FIPS > 180-2. > > (see http://www.rsasecurity.com/rsalabs/node.asp?id=2133) > > It also appears that there's a project underway to add the GNU > "coreutils" command set (which includes a "sha224sum" command) to > Solaris. > > So, the crypto framework needs SHA-224. > > Should be simple, no? No. I took a look at the, and it looks like it's > going to be messy or at least inelegant because of the way <sys/sha2.h> > defined things. > > It defines the following identifiers, which are used as parameters to > the SHA2_Init function: > > #define SHA256 0 > #define SHA256_HMAC 1 > #define SHA256_HMAC_GEN 2 > #define SHA384 3 > #define SHA384_HMAC 4 > #define SHA384_HMAC_GEN 5 > #define SHA512 6 > #define SHA512_HMAC 7 > #define SHA512_HMAC_GEN 8 > > and then later, under an #ifdef _SHA2_IMPL, defines: > > typedef enum sha2_mech_type { > SHA256_MECH_INFO_TYPE, /* SUN_CKM_SHA256 */ > SHA256_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC */ > SHA256_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC_GENERAL */ > SHA384_MECH_INFO_TYPE, /* SUN_CKM_SHA384 */ > SHA384_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA384_HMAC */ > SHA384_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA384_HMAC_GENERAL */ > SHA512_MECH_INFO_TYPE, /* SUN_CKM_SHA512 */ > SHA512_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA512_HMAC */ > SHA512_HMAC_GEN_MECH_INFO_TYPE /* SUN_CKM_SHA512_HMAC_GENERAL */ > } sha2_mech_type_t; > > It appears that code in usr/src/common/crypto assumes that there is a > 1:1 relationship between the enumeration and the list of constants, and > also makes tests based on the numeric value of the enumeration values. > > Since SHA-224 is a cut-down SHA-256 with a different IV, this starts to > get ugly because of all the <= or > comparisons with > "SHA256_HMAC_GEN_MECH_INFO_TYPE". > > Any thoughts? > > - Bill
I gave it a quick look and I'm not sure it's as bad as you think.. A number of the places there are if()'s are in regard to digest length, and with sha244 those lengths would be different and turn those conditions into switch(). Assuming that you are saying SHA224 would be appending in the above two lists.. Tony
