add SHA384

src/gen_enum_parse.pl

@@ -6,6 +6,7 @@ use warnings;
 my @vals = (qw(
 	SHA224
 	SHA256
+	SHA384
 	SHA512
 ));
 

src/tests/sha224.vtc

@@ -67,6 +67,11 @@ varnish v1 -vcl {
 		                    blobcode.decode(IDENTITY,
 			"The quick brown fox jumps over the lazy dog")));
 
+		set resp.http.pangramperiod
+		  = blobcode.encode(HEXLC, blobdigest.hash(SHA224,
+		                    blobcode.decode(IDENTITY,
+			"The quick brown fox jumps over the lazy dog.")));
+
 		set resp.http.alphasoup
 		  = blobcode.encode(HEXUC, blobdigest.hash(SHA224,
 		                    blobcode.decode(IDENTITY,
@@ -145,6 +150,9 @@ client c1 {
 	expect resp.http.alphanum == "BFF72B4FCB7D75E5632900AC5F90D219E05E97A7BDE72E740DB393D9"
 	expect resp.http.digits == "B50AECBE4E9BB0B57BC5F3AE760A8E01DB24F203FB3CDCD13148046E"
 
+	# from the Wikipedia SHA2 article
+	expect resp.http.pangramperiod == "619cba8e8e05826e9b8c519c0a5c68f4fb653e8a3d8aa04bb2c8cd4c"
+
 	# verified with: base64 -d | sha224sum
 	expect resp.http.allbytes == "54ca05b51f257184cd6c46c14c5aa73e28406891dde26313d4088089"
 

src/tests/sha384.vtc

+# looks like -*- vcl -*-
+
+varnishtest "SHA384 hash"
+
+# VMOD blobcode must be installed
+
+varnish v1 -vcl {
+	import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
+	import blobcode;
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		# RFC4231 test cases
+		new k1 = blobcode.blob(HEX,
+		                    "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+		new rfc4231t1 = blobdigest.hmac(SHA384, k1.get());
+
+		new k2 = blobcode.blob(IDENTITY, "Jefe");
+		new rfc4231t2 = blobdigest.hmac(SHA384, k2.get());
+
+		new k3 = blobcode.blob(HEX,
+		                    "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new rfc4231t3 = blobdigest.hmac(SHA384, k3.get());
+
+		new k4 = blobcode.blob(HEX,
+		          "0102030405060708090a0b0c0d0e0f10111213141516171819");
+		new rfc4231t4 = blobdigest.hmac(SHA384, k4.get());
+
+		new k5 = blobcode.blob(HEX,
+		                    "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
+		new rfc4231t5 = blobdigest.hmac(SHA384, k5.get());
+
+		new k6 = blobcode.blob(HEX,
+"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new rfc4231t6 = blobdigest.hmac(SHA384, k6.get());
+	}
+
+	sub vcl_recv {
+		return(synth(200));
+	}
+
+	sub vcl_synth {
+		set resp.http.empty
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY, "")));
+
+		set resp.http.a
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY, "a")));
+
+		set resp.http.abc
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY, "abc")));
+
+		set resp.http.msgdigest
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY,
+		                                    "message digest")));
+
+		set resp.http.alphalc
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY,
+				    "abcdefghijklmnopqrstuvwxyz")));
+
+		set resp.http.alphasoup
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY,
+		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")));
+
+		set resp.http.alphanum
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY,
+	    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")));
+
+		set resp.http.digits
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA384,
+		                    blobcode.decode(IDENTITY,
+"12345678901234567890123456789012345678901234567890123456789012345678901234567890")));
+
+		# all 256 byte values in ascending, big-endian order
+		set resp.http.allbytes
+		  = blobcode.encode(HEXLC, blobdigest.hash(SHA384,
+		                    blobcode.decode(BASE64,
+"AQACAQMCBAMFBAYFBwYIBwkICgkLCgwLDQwODQ8OEA8REBIRExIUExUUFhUXFhgXGRgaGRsaHBsdHB4dHx4gHyEgIiEjIiQjJSQmJScmKCcpKCopKyosKy0sLi0vLjAvMTAyMTMyNDM1NDY1NzY4Nzk4Ojk7Ojw7PTw+PT8+QD9BQEJBQ0JEQ0VERkVHRkhHSUhKSUtKTEtNTE5NT05QT1FQUlFTUlRTVVRWVVdWWFdZWFpZW1pcW11cXl1fXmBfYWBiYWNiZGNlZGZlZ2ZoZ2loamlramxrbWxubW9ucG9xcHJxc3J0c3V0dnV3dnh3eXh6eXt6fHt9fH59f36Afw==")));
+
+		set resp.http.rfc4231t1 = blobcode.encode(HEXLC,
+		         rfc4231t1.hmac(blobcode.decode(IDENTITY, "Hi There")));
+
+		set resp.http.rfc4231t2
+		  = blobcode.encode(HEXLC,
+		                    rfc4231t2.hmac(blobcode.decode(IDENTITY,
+				    "what do ya want for nothing?")));
+
+		set resp.http.rfc4231t3
+		  = blobcode.encode(HEXLC,
+		                    rfc4231t3.hmac(blobcode.decode(HEX,
+"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
+
+		set resp.http.rfc4231t4
+		  = blobcode.encode(HEXLC,
+		                    rfc4231t4.hmac(blobcode.decode(HEX,
+"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
+
+		set resp.http.rfc4231t5
+		  = blobcode.encode(HEXLC,
+		                    rfc4231t5.hmac(blobcode.decode(IDENTITY,
+				                      "Test With Truncation")));
+
+		set resp.http.rfc4231t6
+		  = blobcode.encode(HEXLC,
+		                    rfc4231t6.hmac(blobcode.decode(IDENTITY,
+		    "Test Using Larger Than Block-Size Key - Hash Key First")));
+
+		/*
+		 * Test case 7 uses the same key as 6, so we'll re-use
+		 * object rfc4231t6. This tests repeated use of the same
+		 * internal hash contexts.
+		 */
+		set resp.http.rfc4231t7
+		  = blobcode.encode(HEXLC,
+		                    rfc4231t6.hmac(blobcode.decode(IDENTITY,
+		    "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
+
+    	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+
+	# from librhash
+	expect resp.http.empty == "38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA274EDEBFE76F65FBD51AD2F14898B95B"
+	expect resp.http.a == "54A59B9F22B0B80880D8427E548B7C23ABD873486E1F035DCE9CD697E85175033CAA88E6D57BC35EFAE0B5AFD3145F31"
+	expect resp.http.abc == "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7"
+	expect resp.http.msgdigest == "473ED35167EC1F5D8E550368A3DB39BE54639F828868E9454C239FC8B52E3C61DBD0D8B4DE1390C256DCBB5D5FD99CD5"
+	expect resp.http.alphalc == "FEB67349DF3DB6F5924815D6C3DC133F091809213731FE5C7B5F4999E463479FF2877F5F2936FA63BB43784B12F3EBB4"
+	expect resp.http.alphasoup == "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B"
+	expect resp.http.alphanum == "1761336E3F7CBFE51DEB137F026F89E01A448E3B1FAFA64039C1464EE8732F11A5341A6F41E0C202294736ED64DB1A84"
+	expect resp.http.digits == "B12932B0627D1C060942F5447764155655BD4DA0C9AFA6DD9B9EF53129AF1B8FB0195996D2DE9CA0DF9D821FFEE67026"
+
+	# verified with: base64 -d | sha384sum
+	expect resp.http.allbytes == "c862d8af4409db435fe6d90b3bbd7d42962a791e8d16e7c3681cecc648445b3cc3c78b31a6a0262720d5c3b4ee72a8e8"
+
+	# RFC4231 test cases
+	expect resp.http.rfc4231t1 == "afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
+	expect resp.http.rfc4231t2 == "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649"
+	expect resp.http.rfc4231t3 == "88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27"
+	expect resp.http.rfc4231t4 == "3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb"
+	expect resp.http.rfc4231t5 ~ "^3abf34c3503b2a23a46efc619baef897"
+	expect resp.http.rfc4231t6 == "4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952"
+	expect resp.http.rfc4231t7 == "6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e"
+} -run

src/vmod_blobdigest.c

@@ -87,6 +87,9 @@ init(const enum algorithm hash, hash_ctx * const hctx)
 	case SHA256:
 		SHA256_Init(&hctx->sha256);
 		break;
+	case SHA384:
+		rhash_sha384_init(&hctx->sha512);
+		break;
 	case SHA512:
 		rhash_sha512_init(&hctx->sha512);
 		break;
@@ -106,6 +109,7 @@ update(const enum algorithm hash, hash_ctx *restrict const hctx,
 	case SHA256:
 		SHA256_Update(&hctx->sha256, msg, len);
 		break;
+	case SHA384:
 	case SHA512:
 		rhash_sha512_update(&hctx->sha512, msg, len);
 		break;
@@ -125,6 +129,7 @@ final(const enum algorithm hash, hash_ctx *restrict const hctx,
 	case SHA256:
 		SHA256_Final(result, &hctx->sha256);
 		break;
+	case SHA384:
 	case SHA512:
 		rhash_sha512_final(&hctx->sha512, result);
 		break;

src/vmod_blobdigest.h

@@ -50,6 +50,10 @@ static const struct hashspec {
 		SHA256_LEN,
 		sha256_block_size,
 	},
+	[SHA384] = {
+		sha384_hash_size,
+		sha512_block_size,
+	},
 	[SHA512] = {
 		sha512_hash_size,
 		sha512_block_size,

src/vmod_blobdigest.vcc

@@ -9,7 +9,7 @@
 
 $Module blobdigest 3 digests and hmacs for the VCL blob type
 
-$Object hmac(ENUM {SHA224, SHA256, SHA512} hash, BLOB key)
+$Object hmac(ENUM {SHA224, SHA256, SHA384, SHA512} hash, BLOB key)
 
 Prototype
 	new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
@@ -31,7 +31,7 @@ Description
 Example
 	``set req.http.hmac = hmac.hmac(blobcode.decode(BASE64, "Zm9v"));``
 
-$Function BLOB hash(ENUM {SHA224, SHA256, SHA512} hash, BLOB msg)
+$Function BLOB hash(ENUM {SHA224, SHA256, SHA384, SHA512} hash, BLOB msg)
 
 $Function STRING version()