From 3d3b55e02b912228941584edab8e004e325fdb35 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sat, 13 Jun 2020 18:12:42 +0200
Subject: [PATCH] Add pre-defined generators and compatibility tests for SHA384
 and SHA512

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 keys.go         |  5 +++++
 keys_test.go    | 32 ++++++++++++++++++++++++++++++++
 openssl_test.go |  4 ++++
 3 files changed, 41 insertions(+)

diff --git a/keys.go b/keys.go
index 87f665b..84c7fad 100644
--- a/keys.go
+++ b/keys.go
@@ -4,6 +4,7 @@ import (
 	"crypto/md5"
 	"crypto/sha1"
 	"crypto/sha256"
+	"crypto/sha512"
 	"hash"
 
 	"golang.org/x/crypto/pbkdf2"
@@ -18,9 +19,13 @@ var (
 	BytesToKeyMD5    = NewBytesToKeyGenerator(md5.New)
 	BytesToKeySHA1   = NewBytesToKeyGenerator(sha1.New)
 	BytesToKeySHA256 = NewBytesToKeyGenerator(sha256.New)
+	BytesToKeySHA384 = NewBytesToKeyGenerator(sha512.New384)
+	BytesToKeySHA512 = NewBytesToKeyGenerator(sha512.New)
 	PBKDF2MD5        = NewPBKDF2Generator(md5.New, DefaultPBKDF2Iterations)
 	PBKDF2SHA1       = NewPBKDF2Generator(sha1.New, DefaultPBKDF2Iterations)
 	PBKDF2SHA256     = NewPBKDF2Generator(sha256.New, DefaultPBKDF2Iterations)
+	PBKDF2SHA384     = NewPBKDF2Generator(sha512.New384, DefaultPBKDF2Iterations)
+	PBKDF2SHA512     = NewPBKDF2Generator(sha512.New, DefaultPBKDF2Iterations)
 )
 
 // openSSLEvpBytesToKey follows the OpenSSL (undocumented?) convention for extracting the key and IV from passphrase.
diff --git a/keys_test.go b/keys_test.go
index d59afb4..a42bd94 100644
--- a/keys_test.go
+++ b/keys_test.go
@@ -39,6 +39,22 @@ func TestBytesToKeyGenerator(t *testing.T) {
 			Key: []uint8{0xC3, 0x09, 0xEE, 0x4C, 0x68, 0x09, 0xDF, 0x8C, 0x01, 0x37, 0xF8, 0x0D, 0x84, 0x09, 0xDA, 0xC2, 0xC8, 0xC4, 0xE0, 0x54, 0x34, 0x9D, 0x17, 0xDD, 0xC1, 0xD6, 0x39, 0x0C, 0x39, 0x99, 0x07, 0x0B},
 			IV:  []uint8{0xD3, 0x41, 0x1C, 0x53, 0xB5, 0xC4, 0x9F, 0xB3, 0x39, 0x69, 0x0E, 0xAC, 0x86, 0xD0, 0x71, 0x07},
 		}},
+		"SHA384": {CG: BytesToKeySHA384, OC: Creds{
+			// # echo "" | openssl enc -e -P -aes-256-cbc -pass "pass:myverysecretpass" -S 0001020304050607 -md sha384
+			// salt=0001020304050607
+			// key=9BB4703E4EF60FCC812DBE757240219AE2370CC1DF9A685BAAC60CCA99B76222
+			// iv =D64BDFF4A105BCEFEF28183B9722CDEC
+			Key: []uint8{0x9B, 0xB4, 0x70, 0x3E, 0x4E, 0xF6, 0x0F, 0xCC, 0x81, 0x2D, 0xBE, 0x75, 0x72, 0x40, 0x21, 0x9A, 0xE2, 0x37, 0x0C, 0xC1, 0xDF, 0x9A, 0x68, 0x5B, 0xAA, 0xC6, 0x0C, 0xCA, 0x99, 0xB7, 0x62, 0x22},
+			IV:  []uint8{0xD6, 0x4B, 0xDF, 0xF4, 0xA1, 0x05, 0xBC, 0xEF, 0xEF, 0x28, 0x18, 0x3B, 0x97, 0x22, 0xCD, 0xEC},
+		}},
+		"SHA512": {CG: BytesToKeySHA512, OC: Creds{
+			// # echo "" | openssl enc -e -P -aes-256-cbc -pass "pass:myverysecretpass" -S 0001020304050607 -md sha512
+			// salt=0001020304050607
+			// key=735C94766AA35E84C1A314EB4505F177008B64F9853D1E10BF19C943313250D1
+			// iv =304B88C772E582D8BBBBB3B3F535422C
+			Key: []uint8{0x73, 0x5C, 0x94, 0x76, 0x6A, 0xA3, 0x5E, 0x84, 0xC1, 0xA3, 0x14, 0xEB, 0x45, 0x05, 0xF1, 0x77, 0x00, 0x8B, 0x64, 0xF9, 0x85, 0x3D, 0x1E, 0x10, 0xBF, 0x19, 0xC9, 0x43, 0x31, 0x32, 0x50, 0xD1},
+			IV:  []uint8{0x30, 0x4B, 0x88, 0xC7, 0x72, 0xE5, 0x82, 0xD8, 0xBB, 0xBB, 0xB3, 0xB3, 0xF5, 0x35, 0x42, 0x2C},
+		}},
 	} {
 		res, err := tc.CG(pass, salt)
 		if err != nil {
@@ -93,6 +109,22 @@ func TestPBKDF2Generator(t *testing.T) {
 			Key: []uint8{0x2D, 0x6C, 0x8A, 0x52, 0x5C, 0xC4, 0x57, 0xFF, 0x1C, 0x7C, 0xA1, 0xE8, 0xF3, 0x66, 0xFE, 0xE4, 0x41, 0xCD, 0x80, 0x56, 0x2A, 0xF6, 0xAD, 0x12, 0xA6, 0xB7, 0x03, 0x3C, 0x12, 0xBA, 0x05, 0x14},
 			IV:  []uint8{0xF1, 0x0F, 0x5F, 0xAE, 0x49, 0xD9, 0xA7, 0x4C, 0x10, 0x4B, 0xFF, 0x83, 0x46, 0xDD, 0xEB, 0x0C},
 		}},
+		"SHA384": {CG: PBKDF2SHA384, OC: Creds{
+			// # echo "" | openssl enc -e -P -pbkdf2 -aes-256-cbc -pass "pass:myverysecretpass" -S 0001020304050607 -md sha384
+			// salt=0001020304050607
+			// key=E73AA9008F7D33BBCBBFBCD3D69FE18802AD7807453BEF43761E2B3E88224132
+			// iv =1A7171E9FFE4F69B56077C5C823DAD92
+			Key: []uint8{0xE7, 0x3A, 0xA9, 0x00, 0x8F, 0x7D, 0x33, 0xBB, 0xCB, 0xBF, 0xBC, 0xD3, 0xD6, 0x9F, 0xE1, 0x88, 0x02, 0xAD, 0x78, 0x07, 0x45, 0x3B, 0xEF, 0x43, 0x76, 0x1E, 0x2B, 0x3E, 0x88, 0x22, 0x41, 0x32},
+			IV:  []uint8{0x1A, 0x71, 0x71, 0xE9, 0xFF, 0xE4, 0xF6, 0x9B, 0x56, 0x07, 0x7C, 0x5C, 0x82, 0x3D, 0xAD, 0x92},
+		}},
+		"SHA512": {CG: PBKDF2SHA512, OC: Creds{
+			// # echo "" | openssl enc -e -P -pbkdf2 -aes-256-cbc -pass "pass:myverysecretpass" -S 0001020304050607 -md sha512
+			// salt=0001020304050607
+			// key=84D09D95F052EA32F0570817C0034D70392A966B319986539E97797841D65009
+			// iv =63254E32D530B2ECC13EF88E7CF3CD17
+			Key: []uint8{0x84, 0xD0, 0x9D, 0x95, 0xF0, 0x52, 0xEA, 0x32, 0xF0, 0x57, 0x08, 0x17, 0xC0, 0x03, 0x4D, 0x70, 0x39, 0x2A, 0x96, 0x6B, 0x31, 0x99, 0x86, 0x53, 0x9E, 0x97, 0x79, 0x78, 0x41, 0xD6, 0x50, 0x09},
+			IV:  []uint8{0x63, 0x25, 0x4E, 0x32, 0xD5, 0x30, 0xB2, 0xEC, 0xC1, 0x3E, 0xF8, 0x8E, 0x7C, 0xF3, 0xCD, 0x17},
+		}},
 	} {
 		res, err := tc.CG(pass, salt)
 		if err != nil {
diff --git a/openssl_test.go b/openssl_test.go
index 667cf6f..52735b3 100644
--- a/openssl_test.go
+++ b/openssl_test.go
@@ -17,9 +17,13 @@ var testTable = []struct {
 	{"MD5", "md5", BytesToKeyMD5, false},
 	{"SHA1", "sha1", BytesToKeySHA1, false},
 	{"SHA256", "sha256", BytesToKeySHA256, false},
+	{"SHA384", "sha384", BytesToKeySHA384, false},
+	{"SHA512", "sha512", BytesToKeySHA512, false},
 	{"PBKDF2_MD5", "md5", PBKDF2MD5, true},
 	{"PBKDF2_SHA1", "sha1", PBKDF2SHA1, true},
 	{"PBKDF2_SHA256", "sha256", PBKDF2SHA256, true},
+	{"PBKDF2_SHA384", "sha384", PBKDF2SHA384, true},
+	{"PBKDF2_SHA512", "sha512", PBKDF2SHA512, true},
 }
 
 func TestBinaryEncryptToDecryptWithCustomSalt(t *testing.T) {