From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: <git@vger.kernel.org>
Cc: Taylor Blau <me@ttaylorr.com>, Derrick Stolee <dstolee@microsoft.com>
Subject: [PATCH 04/26] builtin/receive-pack: switch to use the_hash_algo
Date: Sun, 18 Aug 2019 20:04:05 +0000 [thread overview]
Message-ID: <20190818200427.870753-5-sandals@crustytoothpaste.net> (raw)
In-Reply-To: <20190818200427.870753-1-sandals@crustytoothpaste.net>
The push cert code uses HMAC-SHA-1 to create a nonce. This is a secure
use of SHA-1 which is not affected by its collision resistance (or lack
thereof). However, it makes sense for us to use a better algorithm if
one is available, one which may even be more performant. Futhermore,
until we have specialized functions for computing the hex value of an
arbitrary function, it simplifies the code greatly to use the same hash
algorithm everywhere.
Switch this code to use GIT_MAX_BLKSZ and the_hash_algo for computing
the push cert nonce, and rename the hmac_sha1 function to simply "hmac".
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
---
builtin/receive-pack.c | 44 ++++++++++++++++++++----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index dcf385511f..402edf34d8 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -417,24 +417,22 @@ static int copy_to_sideband(int in, int out, void *arg)
return 0;
}
-#define HMAC_BLOCK_SIZE 64
-
-static void hmac_sha1(unsigned char *out,
+static void hmac(unsigned char *out,
const char *key_in, size_t key_len,
const char *text, size_t text_len)
{
- unsigned char key[HMAC_BLOCK_SIZE];
- unsigned char k_ipad[HMAC_BLOCK_SIZE];
- unsigned char k_opad[HMAC_BLOCK_SIZE];
+ unsigned char key[GIT_MAX_BLKSZ];
+ unsigned char k_ipad[GIT_MAX_BLKSZ];
+ unsigned char k_opad[GIT_MAX_BLKSZ];
int i;
- git_SHA_CTX ctx;
+ git_hash_ctx ctx;
/* RFC 2104 2. (1) */
- memset(key, '\0', HMAC_BLOCK_SIZE);
- if (HMAC_BLOCK_SIZE < key_len) {
- git_SHA1_Init(&ctx);
- git_SHA1_Update(&ctx, key_in, key_len);
- git_SHA1_Final(key, &ctx);
+ memset(key, '\0', GIT_MAX_BLKSZ);
+ if (the_hash_algo->blksz < key_len) {
+ the_hash_algo->init_fn(&ctx);
+ the_hash_algo->update_fn(&ctx, key_in, key_len);
+ the_hash_algo->final_fn(key, &ctx);
} else {
memcpy(key, key_in, key_len);
}
@@ -446,29 +444,29 @@ static void hmac_sha1(unsigned char *out,
}
/* RFC 2104 2. (3) & (4) */
- git_SHA1_Init(&ctx);
- git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
- git_SHA1_Update(&ctx, text, text_len);
- git_SHA1_Final(out, &ctx);
+ the_hash_algo->init_fn(&ctx);
+ the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
+ the_hash_algo->update_fn(&ctx, text, text_len);
+ the_hash_algo->final_fn(out, &ctx);
/* RFC 2104 2. (6) & (7) */
- git_SHA1_Init(&ctx);
- git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
- git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
- git_SHA1_Final(out, &ctx);
+ the_hash_algo->init_fn(&ctx);
+ the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
+ the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
+ the_hash_algo->final_fn(out, &ctx);
}
static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
{
struct strbuf buf = STRBUF_INIT;
- unsigned char sha1[GIT_SHA1_RAWSZ];
+ unsigned char hash[GIT_MAX_RAWSZ];
strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
- hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
+ hmac(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
strbuf_release(&buf);
/* RFC 2104 5. HMAC-SHA1-80 */
- strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
+ strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, sha1_to_hex(hash));
return strbuf_detach(&buf, NULL);
}
next prev parent reply other threads:[~2019-08-18 20:05 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-18 20:04 [PATCH 00/26] object_id part 17 brian m. carlson
2019-08-18 20:04 ` [PATCH 01/26] builtin/replace: make hash size independent brian m. carlson
2019-08-18 20:04 ` [PATCH 02/26] patch-id: convert to use the_hash_algo brian m. carlson
2019-08-20 21:12 ` René Scharfe
2019-08-20 22:36 ` brian m. carlson
2019-08-22 15:53 ` Junio C Hamano
2019-08-18 20:04 ` [PATCH 03/26] fetch-pack: use parse_oid_hex brian m. carlson
2019-08-18 20:04 ` brian m. carlson [this message]
2019-08-18 20:04 ` [PATCH 05/26] builtin/blame: switch uses of GIT_SHA1_HEXSZ to the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 06/26] builtin/rev-parse: switch to use the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 07/26] blame: remove needless comparison with GIT_SHA1_HEXSZ brian m. carlson
2019-08-18 20:04 ` [PATCH 08/26] show-index: switch hard-coded constants to the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 09/26] connected: switch GIT_SHA1_HEXSZ " brian m. carlson
2019-08-18 20:04 ` [PATCH 10/26] bundle: switch to use the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 11/26] combine-diff: replace GIT_SHA1_HEXSZ with the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 12/26] config: use the_hash_algo in abbrev comparison brian m. carlson
2019-08-18 20:04 ` [PATCH 13/26] sha1-lookup: switch hard-coded constants to the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 14/26] bisect: switch to using the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 15/26] sequencer: convert to use the_hash_algo brian m. carlson
2019-08-18 20:04 ` [PATCH 16/26] pack-write: use hash_to_hex when writing checksums brian m. carlson
2019-08-18 20:04 ` [PATCH 17/26] builtin/repack: write object IDs of the proper length brian m. carlson
2019-08-18 20:04 ` [PATCH 18/26] builtin/worktree: switch null_sha1 to null_oid brian m. carlson
2019-08-18 20:04 ` [PATCH 19/26] cache: remove null_sha1 brian m. carlson
2019-08-18 20:04 ` [PATCH 20/26] wt-status: convert struct wt_status to object_id brian m. carlson
2019-08-18 20:04 ` [PATCH 21/26] packfile: replace sha1_to_hex brian m. carlson
2019-08-18 20:04 ` [PATCH 22/26] builtin/index-pack: " brian m. carlson
2019-08-18 20:04 ` [PATCH 23/26] builtin/receive-pack: " brian m. carlson
2019-08-18 20:04 ` [PATCH 24/26] rerere: " brian m. carlson
2019-08-18 20:04 ` [PATCH 25/26] builtin/show-index: " brian m. carlson
2019-08-18 20:04 ` [PATCH 26/26] midx: switch to using the_hash_algo brian m. carlson
2019-08-22 14:04 ` Derrick Stolee
2019-08-23 2:17 ` brian m. carlson
2019-08-23 11:53 ` Derrick Stolee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190818200427.870753-5-sandals@crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=dstolee@microsoft.com \
--cc=git@vger.kernel.org \
--cc=me@ttaylorr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).