summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libstrongswan/crypto
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c77
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h18
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h3
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in25
-rw-r--r--src/libstrongswan/crypto/signers/signer.h3
-rw-r--r--src/libstrongswan/crypto/xofs/xof.c33
-rw-r--r--src/libstrongswan/crypto/xofs/xof.h19
8 files changed, 166 insertions, 14 deletions
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 26aab0ccc..2bd55ad2e 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -19,19 +19,20 @@
#include "hasher.h"
#include <asn1/oid.h>
+#include <credentials/keys/signature_params.h>
ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
"HASH_SHA1",
- "HASH_SHA256",
- "HASH_SHA384",
- "HASH_SHA512",
+ "HASH_SHA2_256",
+ "HASH_SHA2_384",
+ "HASH_SHA2_512",
"HASH_IDENTITY");
ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
"HASH_UNKNOWN",
"HASH_MD2",
"HASH_MD4",
"HASH_MD5",
- "HASH_SHA224",
+ "HASH_SHA2_224",
"HASH_SHA3_224",
"HASH_SHA3_256",
"HASH_SHA3_384",
@@ -56,6 +57,62 @@ ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY
"sha3_512");
ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);
+ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
+ "SHA1",
+ "SHA2_256",
+ "SHA2_384",
+ "SHA2_512",
+ "IDENTITY");
+ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
+ "UNKNOWN",
+ "MD2",
+ "MD4",
+ "MD5",
+ "SHA2_224",
+ "SHA3_224",
+ "SHA3_256",
+ "SHA3_384",
+ "SHA3_512");
+ENUM_END(hash_algorithm_short_names_upper, HASH_SHA3_512);
+
+/*
+ * Described in header
+ */
+size_t hasher_hash_size(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return HASH_SIZE_SHA1;
+ case HASH_SHA256:
+ return HASH_SIZE_SHA256;
+ case HASH_SHA384:
+ return HASH_SIZE_SHA384;
+ case HASH_SHA512:
+ return HASH_SIZE_SHA512;
+ case HASH_MD2:
+ return HASH_SIZE_MD2;
+ case HASH_MD4:
+ return HASH_SIZE_MD4;
+ case HASH_MD5:
+ return HASH_SIZE_MD5;
+ case HASH_SHA224:
+ return HASH_SIZE_SHA224;
+ case HASH_SHA3_224:
+ return HASH_SIZE_SHA224;
+ case HASH_SHA3_256:
+ return HASH_SIZE_SHA256;
+ case HASH_SHA3_384:
+ return HASH_SIZE_SHA384;
+ case HASH_SHA3_512:
+ return HASH_SIZE_SHA512;
+ case HASH_IDENTITY:
+ case HASH_UNKNOWN:
+ break;
+ }
+ return 0;
+}
+
/*
* Described in header.
*/
@@ -287,7 +344,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
switch (alg)
{
case HASH_IDENTITY:
- case HASH_SHA1:
case HASH_SHA256:
case HASH_SHA384:
case HASH_SHA512:
@@ -296,6 +352,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
case HASH_MD2:
case HASH_MD4:
case HASH_MD5:
+ case HASH_SHA1:
case HASH_SHA224:
case HASH_SHA3_224:
case HASH_SHA3_256:
@@ -445,7 +502,8 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
/*
* Defined in header.
*/
-hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
+hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
+ void *params)
{
switch (scheme)
{
@@ -453,6 +511,13 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_NULL:
case SIGN_ECDSA_WITH_NULL:
break;
+ case SIGN_RSA_EMSA_PSS:
+ if (params)
+ {
+ rsa_pss_params_t *pss = params;
+ return pss->hash;
+ }
+ break;
case SIGN_ED25519:
case SIGN_ED448:
return HASH_IDENTITY;
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index ec0c6320b..41654553d 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -27,7 +27,6 @@
typedef enum hash_algorithm_t hash_algorithm_t;
typedef struct hasher_t hasher_t;
-#include <library.h>
#include <crypto/prfs/prf.h>
#include <crypto/signers/signer.h>
#include <credentials/keys/public_key.h>
@@ -75,6 +74,11 @@ extern enum_name_t *hash_algorithm_names;
extern enum_name_t *hash_algorithm_short_names;
/**
+ * Uppercase short names for hash_algorithm_names
+ */
+extern enum_name_t *hash_algorithm_short_names_upper;
+
+/**
* Generic interface for all hash functions.
*/
struct hasher_t {
@@ -131,6 +135,14 @@ struct hasher_t {
};
/**
+ * Returns the size of the hash for the given algorithm.
+ *
+ * @param alg hash algorithm
+ * @return size of hash or 0 if unknown
+ */
+size_t hasher_hash_size(hash_algorithm_t alg);
+
+/**
* Conversion of ASN.1 OID to hash algorithm.
*
* @param oid ASN.1 OID
@@ -199,8 +211,10 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key);
* Determine the hash algorithm associated with a given signature scheme.
*
* @param scheme signature scheme
+ * @param params optional parameters
* @return hash algorithm (could be HASH_UNKNOWN)
*/
-hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme);
+hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
+ void *params);
#endif /** HASHER_H_ @}*/
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index bf443e5f4..fe9ffc2dd 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -25,7 +25,8 @@
typedef enum pseudo_random_function_t pseudo_random_function_t;
typedef struct prf_t prf_t;
-#include <library.h>
+#include <utils/utils.h>
+#include <utils/chunk.h>
/**
* Pseudo random function, as in IKEv2 RFC 3.3.2.
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
index bc421dcc5..e28f46513 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
@@ -19,7 +19,7 @@
#include "proposal_keywords.h"
const proposal_token_t* proposal_get_token_static(register const char *str,
- register unsigned int len);
+ register unsigned len);
#endif /* PROPOSAL_KEYWORDS_STATIC_H_ */
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
new file mode 100644
index 000000000..ee9f7b9da
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef PROPOSAL_KEYWORDS_STATIC_H_
+#define PROPOSAL_KEYWORDS_STATIC_H_
+
+#include "proposal_keywords.h"
+
+const proposal_token_t* proposal_get_token_static(register const char *str,
+ register @GPERF_LEN_TYPE@ len);
+
+#endif /* PROPOSAL_KEYWORDS_STATIC_H_ */
+
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 01b702da1..8958e66e9 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -25,7 +25,8 @@
typedef enum integrity_algorithm_t integrity_algorithm_t;
typedef struct signer_t signer_t;
-#include <library.h>
+#include <utils/utils.h>
+#include <utils/chunk.h>
/**
* Integrity algorithm, as in IKEv2 RFC 3.3.2.
diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c
index 1e9c2834b..2b866ae5b 100644
--- a/src/libstrongswan/crypto/xofs/xof.c
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
@@ -18,10 +19,42 @@
ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
"XOF_UNDEFINED",
"XOF_MGF1_SHA1",
+ "XOF_MGF1_SHA224",
"XOF_MGF1_SHA256",
+ "XOF_MGF1_SHA384",
"XOF_MGF1_SHA512",
"XOF_SHAKE128",
"XOF_SHAKE256",
"XOF_CHACHA20"
);
+/*
+ * Described in header
+ */
+ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return XOF_MGF1_SHA1;
+ case HASH_SHA224:
+ return XOF_MGF1_SHA224;
+ case HASH_SHA256:
+ return XOF_MGF1_SHA256;
+ case HASH_SHA384:
+ return XOF_MGF1_SHA384;
+ case HASH_SHA512:
+ return XOF_MGF1_SHA512;
+ case HASH_IDENTITY:
+ case HASH_UNKNOWN:
+ case HASH_MD2:
+ case HASH_MD4:
+ case HASH_MD5:
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512:
+ break;
+ }
+ return XOF_UNDEFINED;
+}
diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h
index 8c9ae0131..934a1ee35 100644
--- a/src/libstrongswan/crypto/xofs/xof.h
+++ b/src/libstrongswan/crypto/xofs/xof.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
@@ -31,11 +32,15 @@ typedef struct xof_t xof_t;
*/
enum ext_out_function_t {
XOF_UNDEFINED,
- /** RFC 2437 PKCS#1 */
+ /** RFC 8017 PKCS#1 */
XOF_MGF1_SHA1,
- /** RFC 2437 PKCS#1 */
+ /** RFC 8017 PKCS#1 */
+ XOF_MGF1_SHA224,
+ /** RFC 8017 PKCS#1 */
XOF_MGF1_SHA256,
- /** RFC 2437 PKCS#1 */
+ /** RFC 8017 PKCS#1 */
+ XOF_MGF1_SHA384,
+ /** RFC 8017 PKCS#1 */
XOF_MGF1_SHA512,
/** FIPS 202 */
XOF_SHAKE_128,
@@ -111,4 +116,12 @@ struct xof_t {
void (*destroy)(xof_t *this);
};
+/**
+ * Determine an MGF1 XOF type for the given hash algorithm.
+ *
+ * @param alg hash algorithm to map
+ * @return MGF1 XOF type if available, XOF_UNDEFINED otherwise
+ */
+ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg);
+
#endif /** XOF_H_ @}*/