diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
commit | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch) | |
tree | ae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libstrongswan/crypto | |
parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
download | vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip |
New upstream version 5.6.1
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r-- | src/libstrongswan/crypto/hashers/hasher.c | 77 | ||||
-rw-r--r-- | src/libstrongswan/crypto/hashers/hasher.h | 18 | ||||
-rw-r--r-- | src/libstrongswan/crypto/prfs/prf.h | 3 | ||||
-rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords_static.h | 2 | ||||
-rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in | 25 | ||||
-rw-r--r-- | src/libstrongswan/crypto/signers/signer.h | 3 | ||||
-rw-r--r-- | src/libstrongswan/crypto/xofs/xof.c | 33 | ||||
-rw-r--r-- | src/libstrongswan/crypto/xofs/xof.h | 19 |
8 files changed, 166 insertions, 14 deletions
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 26aab0ccc..2bd55ad2e 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -19,19 +19,20 @@ #include "hasher.h" #include <asn1/oid.h> +#include <credentials/keys/signature_params.h> ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY, "HASH_SHA1", - "HASH_SHA256", - "HASH_SHA384", - "HASH_SHA512", + "HASH_SHA2_256", + "HASH_SHA2_384", + "HASH_SHA2_512", "HASH_IDENTITY"); ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY, "HASH_UNKNOWN", "HASH_MD2", "HASH_MD4", "HASH_MD5", - "HASH_SHA224", + "HASH_SHA2_224", "HASH_SHA3_224", "HASH_SHA3_256", "HASH_SHA3_384", @@ -56,6 +57,62 @@ ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY "sha3_512"); ENUM_END(hash_algorithm_short_names, HASH_SHA3_512); +ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY, + "SHA1", + "SHA2_256", + "SHA2_384", + "SHA2_512", + "IDENTITY"); +ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY, + "UNKNOWN", + "MD2", + "MD4", + "MD5", + "SHA2_224", + "SHA3_224", + "SHA3_256", + "SHA3_384", + "SHA3_512"); +ENUM_END(hash_algorithm_short_names_upper, HASH_SHA3_512); + +/* + * Described in header + */ +size_t hasher_hash_size(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return HASH_SIZE_SHA1; + case HASH_SHA256: + return HASH_SIZE_SHA256; + case HASH_SHA384: + return HASH_SIZE_SHA384; + case HASH_SHA512: + return HASH_SIZE_SHA512; + case HASH_MD2: + return HASH_SIZE_MD2; + case HASH_MD4: + return HASH_SIZE_MD4; + case HASH_MD5: + return HASH_SIZE_MD5; + case HASH_SHA224: + return HASH_SIZE_SHA224; + case HASH_SHA3_224: + return HASH_SIZE_SHA224; + case HASH_SHA3_256: + return HASH_SIZE_SHA256; + case HASH_SHA3_384: + return HASH_SIZE_SHA384; + case HASH_SHA3_512: + return HASH_SIZE_SHA512; + case HASH_IDENTITY: + case HASH_UNKNOWN: + break; + } + return 0; +} + /* * Described in header. */ @@ -287,7 +344,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg) switch (alg) { case HASH_IDENTITY: - case HASH_SHA1: case HASH_SHA256: case HASH_SHA384: case HASH_SHA512: @@ -296,6 +352,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg) case HASH_MD2: case HASH_MD4: case HASH_MD5: + case HASH_SHA1: case HASH_SHA224: case HASH_SHA3_224: case HASH_SHA3_256: @@ -445,7 +502,8 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) /* * Defined in header. */ -hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) +hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme, + void *params) { switch (scheme) { @@ -453,6 +511,13 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_NULL: case SIGN_ECDSA_WITH_NULL: break; + case SIGN_RSA_EMSA_PSS: + if (params) + { + rsa_pss_params_t *pss = params; + return pss->hash; + } + break; case SIGN_ED25519: case SIGN_ED448: return HASH_IDENTITY; diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index ec0c6320b..41654553d 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -27,7 +27,6 @@ typedef enum hash_algorithm_t hash_algorithm_t; typedef struct hasher_t hasher_t; -#include <library.h> #include <crypto/prfs/prf.h> #include <crypto/signers/signer.h> #include <credentials/keys/public_key.h> @@ -75,6 +74,11 @@ extern enum_name_t *hash_algorithm_names; extern enum_name_t *hash_algorithm_short_names; /** + * Uppercase short names for hash_algorithm_names + */ +extern enum_name_t *hash_algorithm_short_names_upper; + +/** * Generic interface for all hash functions. */ struct hasher_t { @@ -131,6 +135,14 @@ struct hasher_t { }; /** + * Returns the size of the hash for the given algorithm. + * + * @param alg hash algorithm + * @return size of hash or 0 if unknown + */ +size_t hasher_hash_size(hash_algorithm_t alg); + +/** * Conversion of ASN.1 OID to hash algorithm. * * @param oid ASN.1 OID @@ -199,8 +211,10 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key); * Determine the hash algorithm associated with a given signature scheme. * * @param scheme signature scheme + * @param params optional parameters * @return hash algorithm (could be HASH_UNKNOWN) */ -hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme); +hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme, + void *params); #endif /** HASHER_H_ @}*/ diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index bf443e5f4..fe9ffc2dd 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -25,7 +25,8 @@ typedef enum pseudo_random_function_t pseudo_random_function_t; typedef struct prf_t prf_t; -#include <library.h> +#include <utils/utils.h> +#include <utils/chunk.h> /** * Pseudo random function, as in IKEv2 RFC 3.3.2. diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h index bc421dcc5..e28f46513 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h @@ -19,7 +19,7 @@ #include "proposal_keywords.h" const proposal_token_t* proposal_get_token_static(register const char *str, - register unsigned int len); + register unsigned len); #endif /* PROPOSAL_KEYWORDS_STATIC_H_ */ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in new file mode 100644 index 000000000..ee9f7b9da --- /dev/null +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2009 Andreas Steffen + * Hochschule fuer Technik Rapperswil, Switzerland + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef PROPOSAL_KEYWORDS_STATIC_H_ +#define PROPOSAL_KEYWORDS_STATIC_H_ + +#include "proposal_keywords.h" + +const proposal_token_t* proposal_get_token_static(register const char *str, + register @GPERF_LEN_TYPE@ len); + +#endif /* PROPOSAL_KEYWORDS_STATIC_H_ */ + diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 01b702da1..8958e66e9 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -25,7 +25,8 @@ typedef enum integrity_algorithm_t integrity_algorithm_t; typedef struct signer_t signer_t; -#include <library.h> +#include <utils/utils.h> +#include <utils/chunk.h> /** * Integrity algorithm, as in IKEv2 RFC 3.3.2. diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c index 1e9c2834b..2b866ae5b 100644 --- a/src/libstrongswan/crypto/xofs/xof.c +++ b/src/libstrongswan/crypto/xofs/xof.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -18,10 +19,42 @@ ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20, "XOF_UNDEFINED", "XOF_MGF1_SHA1", + "XOF_MGF1_SHA224", "XOF_MGF1_SHA256", + "XOF_MGF1_SHA384", "XOF_MGF1_SHA512", "XOF_SHAKE128", "XOF_SHAKE256", "XOF_CHACHA20" ); +/* + * Described in header + */ +ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return XOF_MGF1_SHA1; + case HASH_SHA224: + return XOF_MGF1_SHA224; + case HASH_SHA256: + return XOF_MGF1_SHA256; + case HASH_SHA384: + return XOF_MGF1_SHA384; + case HASH_SHA512: + return XOF_MGF1_SHA512; + case HASH_IDENTITY: + case HASH_UNKNOWN: + case HASH_MD2: + case HASH_MD4: + case HASH_MD5: + case HASH_SHA3_224: + case HASH_SHA3_256: + case HASH_SHA3_384: + case HASH_SHA3_512: + break; + } + return XOF_UNDEFINED; +} diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h index 8c9ae0131..934a1ee35 100644 --- a/src/libstrongswan/crypto/xofs/xof.h +++ b/src/libstrongswan/crypto/xofs/xof.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -31,11 +32,15 @@ typedef struct xof_t xof_t; */ enum ext_out_function_t { XOF_UNDEFINED, - /** RFC 2437 PKCS#1 */ + /** RFC 8017 PKCS#1 */ XOF_MGF1_SHA1, - /** RFC 2437 PKCS#1 */ + /** RFC 8017 PKCS#1 */ + XOF_MGF1_SHA224, + /** RFC 8017 PKCS#1 */ XOF_MGF1_SHA256, - /** RFC 2437 PKCS#1 */ + /** RFC 8017 PKCS#1 */ + XOF_MGF1_SHA384, + /** RFC 8017 PKCS#1 */ XOF_MGF1_SHA512, /** FIPS 202 */ XOF_SHAKE_128, @@ -111,4 +116,12 @@ struct xof_t { void (*destroy)(xof_t *this); }; +/** + * Determine an MGF1 XOF type for the given hash algorithm. + * + * @param alg hash algorithm to map + * @return MGF1 XOF type if available, XOF_UNDEFINED otherwise + */ +ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg); + #endif /** XOF_H_ @}*/ |