Return-Path: X-Original-To: apmail-apr-dev-archive@www.apache.org Delivered-To: apmail-apr-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C2DF910A09 for ; Wed, 6 Nov 2013 21:46:32 +0000 (UTC) Received: (qmail 69353 invoked by uid 500); 6 Nov 2013 21:46:32 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 69204 invoked by uid 500); 6 Nov 2013 21:46:32 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 69196 invoked by uid 99); 6 Nov 2013 21:46:32 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Nov 2013 21:46:32 +0000 Received: from localhost (HELO mail-pa0-f44.google.com) (127.0.0.1) (smtp-auth username djc, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Nov 2013 21:46:31 +0000 Received: by mail-pa0-f44.google.com with SMTP id fb1so278009pad.31 for ; Wed, 06 Nov 2013 13:46:31 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=w58TX7TJBOVUGG5T8y3bf9iHP1n7+ErBHnz4vUO5fQI=; b=lDwIzwaBNBpoLxEmQ/RB8teWNvGXNfQSZ2sAA/ivnQVpNV5rrs1vLKtgxkwEYzMPeR JUdiuN2jQiNWu9oKLd3H8cZs967UnvULXXQzZHH9SQnyckRr1aV95z5/TRWmsUUT9E65 fshRZfHApses1GeiH4RXWaPNkc1ifq9BiVasF9gbNYZiLjLyQnJC8gzRiLB39d7uLAzJ DUJpIXRxfyWRKj6Og3f/QruyewdBL+ypr+s/z8wa4FirQ+uktReYAJNzJcTG8y37ledL tbqFQeYx5K1GkpGSWMgKAqCyZE1cvUNIQZ2gH2VvvfGBuwFUaF/9FVX7grvDpyqRliJz nB6A== X-Received: by 10.66.179.143 with SMTP id dg15mr6202117pac.52.1383774391273; Wed, 06 Nov 2013 13:46:31 -0800 (PST) MIME-Version: 1.0 Received: by 10.70.68.40 with HTTP; Wed, 6 Nov 2013 13:46:11 -0800 (PST) In-Reply-To: <920A6185-FE9D-49ED-81AB-F481E432F738@apache.org> References: <920A6185-FE9D-49ED-81AB-F481E432F738@apache.org> From: Dirkjan Ochtman Date: Wed, 6 Nov 2013 22:46:11 +0100 Message-ID: Subject: Re: SHA2 in APR To: Nick Kew Cc: dev List Content-Type: text/plain; charset=UTF-8 On Wed, Nov 6, 2013 at 10:33 AM, Nick Kew wrote: > An even briefer look just now in response to your ping suggests > I was missing your point, and that all you're asking for is that > random/unix/sha2.h be exposed in the public API. Is that correct? That's right, yes. > I would guess this code has never been tested, though there's > what looks like a placeholder in testpass.c. Have you run it > at all? How well does it work for you if you just copy sha2.h > manually to your APR include directory and use it for your module? I copied the sha2.h from SVN (trunk) straight to my module code, and did a few things like this: @@ -29,9 +30,9 @@ void hmac(const void *key, apr_size_t keylen, const char *data, apr_size_t datal if (keylen > HMAC_BLOCKSIZE) { - apr_sha1_ctx_t context; - unsigned char digest[APR_SHA1_DIGESTSIZE]; - apr_sha1_init(&context); - apr_sha1_update_binary(& context, key, keylen); - apr_sha1_final(digest, &context); + SHA256_CTX context; + unsigned char digest[SHA256_DIGEST_LENGTH]; + apr__SHA256_Init(&context); + apr__SHA256_Update(&context, key, keylen); + apr__SHA256_Final(digest, &context); key = digest; It seems to work correctly; my HMAC implementation based on this gets the same result as doing a SHA256-based HMAC using the Python built-in implementation. One slight limitation of the SHA256 API compared to the apr_sha1 API is that the sha1 api has two update methods, whereas the sha2 version has just one: - apr_sha1_update_binary(&inner, keypad, HMAC_BLOCKSIZE); - apr_sha1_update(&inner, data, datalen); + apr__SHA256_Update(&inner, keypad, HMAC_BLOCKSIZE); + apr__SHA256_Update(&inner, (const unsigned char*) data, datalen); (Although I must say I'm not completely clear if the distinction between char and unsigned char is actually important here... casting seems to work just fine.) Cheers, Dirkjan