New upstream version 5.5.1

5 files changed, 470 insertions, 0 deletions

diff --git a/src/libstrongswan/crypto/xofs/mgf1.h b/src/libstrongswan/crypto/xofs/mgf1.h
new file mode 100644
index 000000000..5ad3a518a
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/mgf1.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1 mgf1
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_H_
+#define MGF1_H_
+
+typedef struct mgf1_t mgf1_t;
+
+#include "xof.h"
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_t {
+
+	/**
+	 * Generic xof_t interface for this Extended Output Function (XOF).
+	 */
+	xof_t xof_interface;
+
+	/**
+	 * Hash the seed before using it as a seed for MGF1
+	 * 
+	 * @param yes		TRUE if seed has to be hashed first
+	 */
+	void (*set_hash_seed)(mgf1_t *this, bool yes);
+};
+
+#endif /** MGF1_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c
new file mode 100644
index 000000000..1e9c2834b
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof.h"
+
+ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
+	"XOF_UNDEFINED",
+	"XOF_MGF1_SHA1",
+	"XOF_MGF1_SHA256",
+	"XOF_MGF1_SHA512",
+	"XOF_SHAKE128",
+	"XOF_SHAKE256",
+	"XOF_CHACHA20"
+);
+
diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h
new file mode 100644
index 000000000..8c9ae0131
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef XOF_H_
+#define XOF_H_
+
+typedef enum ext_out_function_t ext_out_function_t;
+typedef struct xof_t xof_t;
+
+#include <library.h>
+
+/**
+ * Extendable Output Functions.
+ */
+enum ext_out_function_t {
+	XOF_UNDEFINED,
+	/** RFC 2437 PKCS#1 */
+	XOF_MGF1_SHA1,
+	/** RFC 2437 PKCS#1 */
+	XOF_MGF1_SHA256,
+	/** RFC 2437 PKCS#1 */
+	XOF_MGF1_SHA512,
+	/** FIPS 202 */
+	XOF_SHAKE_128,
+	/** FIPS 202 */
+	XOF_SHAKE_256,
+	/** RFC 7539 ChaCha20 */
+	XOF_CHACHA20,
+};
+
+/**
+ * enum name for ext_out_function_t.
+ */
+extern enum_name_t *ext_out_function_names;
+
+/**
+ * Generic interface for Extended Output Function (XOF)
+ */
+struct xof_t {
+
+	/**
+	 * Return the type of the Extended Output Function
+	 *
+	 * @return			XOF type
+	 */
+	ext_out_function_t (*get_type)(xof_t *this);
+
+	/**
+	 * Generates pseudo random bytes and writes them in the buffer.
+	 *
+	 * @param out_len	number of output bytes requested
+	 * @param buffer	pointer where the generated bytes will be written
+	 * @return			TRUE if bytes generated successfully
+	 */
+	bool (*get_bytes)(xof_t *this, size_t out_len,
+					  uint8_t *buffer) __attribute__((warn_unused_result));
+
+	/**
+	 * Generates pseudo random bytes and allocate space for them.
+	 *
+	 * @param out_len	number of output bytes requested
+	 * @param chunk		chunk which will hold generated bytes
+	 * @return			TRUE if bytes allocated and generated successfully
+	 */
+	bool (*allocate_bytes)(xof_t *this, size_t out_len,
+						   chunk_t *chunk) __attribute__((warn_unused_result));
+
+	/**
+	 * Get the output block size
+	 *
+	 * @return			block size in bytes
+	 */
+	size_t (*get_block_size)(xof_t *this);
+
+	/**
+	 * Get the recommended minimum seed size
+	 *
+	 * @return			seed size in bytes
+	 */
+	size_t (*get_seed_size)(xof_t *this);
+
+	/**
+	 * Set the key for this xof_t object.
+	 *
+	 * @param sed		seed to set
+	 * @return			TRUE if XOF initialized with seed successfully
+	 */
+	bool (*set_seed)(xof_t *this,
+					 chunk_t seed) __attribute__((warn_unused_result));
+
+	/**
+	 * Destroys a xof object.
+	 */
+	void (*destroy)(xof_t *this);
+};
+
+#endif /** XOF_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.c b/src/libstrongswan/crypto/xofs/xof_bitspender.c
new file mode 100644
index 000000000..f18b806a3
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof_bitspender.h"
+#include "mgf1.h"
+
+typedef struct private_xof_bitspender_t private_xof_bitspender_t;
+
+/**
+ * Private data structure for xof_bitspender_t object
+ */
+struct private_xof_bitspender_t {
+	/**
+	 * Public interface.
+	 */
+	xof_bitspender_t public;
+
+	/**
+	 * Extended Output Function (XOF)
+	 */
+	xof_t *xof;
+
+	/**
+	 * Length of the returned hash value in octets
+	 */
+	int hash_len;
+
+	/**
+	 * Bit storage (accommodates up to 32 bits)
+	 */
+	uint32_t bits;
+
+	/**
+	 * Number of available bits
+	 */
+	int bits_left;
+
+	/**
+	 * Byte storage (accommodates up to 4 bytes)
+	 */
+	uint8_t bytes[4];
+
+	/**
+	 * Number of available bytes
+	 */
+	int bytes_left;
+
+	/**
+	 * Number of octets spent
+	 */
+	int octet_count;
+
+};
+
+static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
+{
+	if (!this->xof->get_bytes(this->xof, 4, buffer))
+	{
+		/* no block available */
+		return FALSE;
+	}
+	this->octet_count += 4;
+
+	return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_bits, bool,
+	private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
+{
+	int bits_now;
+
+	*bits = 0x00000000;
+
+	if (bits_needed == 0)
+	{
+		/* trivial */
+		return TRUE;
+	}
+	if (bits_needed > 32)
+	{
+		/* too many bits requested */
+		return FALSE;
+	}
+
+	while (bits_needed)
+	{
+		if (this->bits_left == 0)
+		{
+			uint8_t buf[4];
+
+			if (!get_next_block(this, buf))
+			{
+				return FALSE;
+			}
+			this->bits = untoh32(buf);
+			this->bits_left = 32;
+		}
+		if (bits_needed > this->bits_left)
+		{
+			bits_now = this->bits_left;
+			this->bits_left = 0;
+			bits_needed -= bits_now;
+		}
+		else
+		{
+			bits_now = bits_needed;
+			this->bits_left -= bits_needed;
+			bits_needed = 0;
+		}
+		if (bits_now == 32)
+		{
+			*bits = this->bits;
+		}
+		else
+		{
+			*bits <<= bits_now;
+			*bits |= this->bits >> this->bits_left;
+			if (this->bits_left)
+			{
+				this->bits &= 0xffffffff >> (32 - this->bits_left);
+			}
+		}
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_byte, bool,
+	private_xof_bitspender_t *this, uint8_t *byte)
+{
+	if (this->bytes_left == 0)
+	{
+		if (!get_next_block(this, this->bytes))
+		{
+			return FALSE;
+		}
+		this->bytes_left = 4;
+	}
+	*byte = this->bytes[4 - this->bytes_left--];
+
+	return TRUE;
+}
+
+METHOD(xof_bitspender_t, destroy, void,
+	private_xof_bitspender_t *this)
+{
+	DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
+				   this->xof->get_type(this->xof), this->octet_count);
+	memwipe(this->bytes, 4);
+	this->xof->destroy(this->xof);
+	free(this);
+}
+
+/**
+ * See header.
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+										bool hash_seed)
+{
+	private_xof_bitspender_t *this;
+	xof_t *xof;
+
+	xof = lib->crypto->create_xof(lib->crypto, alg);
+	if (!xof)
+	{
+		return NULL;
+	}
+
+	switch (alg)
+	{
+		case XOF_MGF1_SHA1:
+		case XOF_MGF1_SHA256:
+		case XOF_MGF1_SHA512:
+		{
+			mgf1_t *mgf1 = (mgf1_t*)xof;
+
+			mgf1->set_hash_seed(mgf1, hash_seed);
+			break;
+		}
+		default:
+			break;
+	}
+	if (!xof->set_seed(xof, seed))
+	{
+		xof->destroy(xof);
+		return NULL;
+	}
+	DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
+				   alg, seed.len);
+
+	INIT(this,
+		.public = {
+			.get_bits = _get_bits,
+			.get_byte = _get_byte,
+			.destroy = _destroy,
+		},
+		.xof = xof,
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.h b/src/libstrongswan/crypto/xofs/xof_bitspender.h
new file mode 100644
index 000000000..f42207903
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof_bitspender xof_bitspender
+ * @{ @ingroup mgf1
+ */
+
+#ifndef XOF_BITSPENDER_H_
+#define XOF_BITSPENDER_H_
+
+#include "xof.h"
+
+#include <library.h>
+
+typedef struct xof_bitspender_t xof_bitspender_t;
+
+/**
+ * Generates a given number of pseudo-random bits at a time using an
+ * Extended Output Function (XOF)
+ */
+struct xof_bitspender_t {
+
+	/**
+	 * Get pseudo-random bits
+	 *
+	 * @param bits_needed	Number of needed bits (1..32)
+	 * @param bits			Pseudo-random bits
+	 * @result				FALSE if internal MGF1 error occurred
+	 */
+	bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
+
+	/**
+	 * Get a pseudo-random byte
+	 *
+	 * @param byte			Pseudo-random byte
+	 * @result				FALSE if internal MGF1 error occurred
+	 */
+	bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
+
+	/**
+	 * Destroy xof_bitspender_t object
+	 */
+	void (*destroy)(xof_bitspender_t *this);
+};
+
+/**
+ * Create a xof_bitspender_t object
+ *
+ * @param alg				XOF to be used
+ * @param seed				Seed used to initialize XOF
+ * @param hash_seed			Hash seed before using it as a seed for MFG1
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+										bool hash_seed);
+
+#endif /** XOF_BITSPENDER_H_ @}*/