summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-10-20 16:18:38 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-10-20 16:18:38 +0200
commit25663e04c3ab01ef8dc9f906608282319cfea2db (patch)
treea0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /src/libstrongswan/crypto
parentbf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
downloadvyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz
vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip
New upstream version 5.5.1
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c110
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h42
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c155
-rw-r--r--src/libstrongswan/crypto/crypto_tester.h32
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c5
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h1
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c27
-rw-r--r--src/libstrongswan/crypto/mgf1/mgf1.c180
-rw-r--r--src/libstrongswan/crypto/mgf1/mgf1.h77
-rw-r--r--src/libstrongswan/crypto/mgf1/mgf1_bitspender.c208
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.c239
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.txt1
-rw-r--r--src/libstrongswan/crypto/transform.c10
-rw-r--r--src/libstrongswan/crypto/transform.h1
-rw-r--r--src/libstrongswan/crypto/xofs/mgf1.h47
-rw-r--r--src/libstrongswan/crypto/xofs/xof.c27
-rw-r--r--src/libstrongswan/crypto/xofs/xof.h114
-rw-r--r--src/libstrongswan/crypto/xofs/xof_bitspender.c213
-rw-r--r--src/libstrongswan/crypto/xofs/xof_bitspender.h (renamed from src/libstrongswan/crypto/mgf1/mgf1_bitspender.h)38
20 files changed, 916 insertions, 613 deletions
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index 35dcf25ac..bab59a06f 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -1,7 +1,8 @@
/*
* Copyright (C) 2013-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -51,6 +52,7 @@ struct entry_t {
signer_constructor_t create_signer;
hasher_constructor_t create_hasher;
prf_constructor_t create_prf;
+ xof_constructor_t create_xof;
rng_constructor_t create_rng;
nonce_gen_constructor_t create_nonce_gen;
dh_constructor_t create_dh;
@@ -96,6 +98,11 @@ struct private_crypto_factory_t {
linked_list_t *prfs;
/**
+ * registered xofs, as entry_t
+ */
+ linked_list_t *xofs;
+
+ /**
* registered rngs, as entry_t
*/
linked_list_t *rngs;
@@ -303,6 +310,38 @@ METHOD(crypto_factory_t, create_prf, prf_t*,
return prf;
}
+METHOD(crypto_factory_t, create_xof, xof_t*,
+ private_crypto_factory_t *this, ext_out_function_t algo)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ xof_t *xof = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->xofs->create_enumerator(this->xofs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->algo == algo)
+ {
+ if (this->test_on_create &&
+ !this->tester->test_xof(this->tester, algo,
+ entry->create_xof, NULL,
+ default_plugin_name))
+ {
+ continue;
+ }
+ xof = entry->create_xof(algo);
+ if (xof)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+ return xof;
+}
+
METHOD(crypto_factory_t, create_rng, rng_t*,
private_crypto_factory_t *this, rng_quality_t quality)
{
@@ -633,6 +672,43 @@ METHOD(crypto_factory_t, remove_prf, void,
this->lock->unlock(this->lock);
}
+METHOD(crypto_factory_t, add_xof, bool,
+ private_crypto_factory_t *this, ext_out_function_t algo,
+ const char *plugin_name, xof_constructor_t create)
+{
+ u_int speed = 0;
+
+ if (!this->test_on_add ||
+ this->tester->test_xof(this->tester, algo, create,
+ this->bench ? &speed : NULL, plugin_name))
+ {
+ add_entry(this, this->xofs, algo, plugin_name, speed, create);
+ return TRUE;
+ }
+ this->test_failures++;
+ return FALSE;
+}
+
+METHOD(crypto_factory_t, remove_xof, void,
+ private_crypto_factory_t *this, xof_constructor_t create)
+{
+ entry_t *entry;
+ enumerator_t *enumerator;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->xofs->create_enumerator(this->xofs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->create_xof == create)
+ {
+ this->xofs->remove_at(this->xofs, enumerator);
+ free(entry);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
METHOD(crypto_factory_t, add_rng, bool,
private_crypto_factory_t *this, rng_quality_t quality,
const char *plugin_name, rng_constructor_t create)
@@ -846,6 +922,23 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*,
}
/**
+ * Filter function to enumerate algorithm, not entry
+ */
+static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo,
+ void *i2, const char **plugin_name)
+{
+ *algo = (*entry)->algo;
+ *plugin_name = (*entry)->plugin_name;
+ return TRUE;
+}
+
+METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
+{
+ return create_enumerator(this, this->xofs, xof_filter);
+}
+
+/**
* Filter function to enumerate group, not entry
*/
static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group,
@@ -909,6 +1002,8 @@ METHOD(crypto_factory_t, add_test_vector, void,
return this->tester->add_hasher_vector(this->tester, vector);
case PSEUDO_RANDOM_FUNCTION:
return this->tester->add_prf_vector(this->tester, vector);
+ case EXTENDED_OUTPUT_FUNCTION:
+ return this->tester->add_xof_vector(this->tester, vector);
case RANDOM_NUMBER_GENERATOR:
return this->tester->add_rng_vector(this->tester, vector);
case DIFFIE_HELLMAN_GROUP:
@@ -961,6 +1056,10 @@ METHOD(enumerator_t, verify_enumerate, bool,
*valid = this->tester->test_prf(this->tester, entry->algo,
entry->create_prf, NULL, entry->plugin_name);
break;
+ case EXTENDED_OUTPUT_FUNCTION:
+ *valid = this->tester->test_xof(this->tester, entry->algo,
+ entry->create_xof, NULL, entry->plugin_name);
+ break;
case RANDOM_NUMBER_GENERATOR:
*valid = this->tester->test_rng(this->tester, entry->algo,
entry->create_rng, NULL, entry->plugin_name);
@@ -1009,6 +1108,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*,
case PSEUDO_RANDOM_FUNCTION:
inner = this->prfs->create_enumerator(this->prfs);
break;
+ case EXTENDED_OUTPUT_FUNCTION:
+ inner = this->xofs->create_enumerator(this->xofs);
+ break;
case RANDOM_NUMBER_GENERATOR:
inner = this->rngs->create_enumerator(this->rngs);
break;
@@ -1040,6 +1142,7 @@ METHOD(crypto_factory_t, destroy, void,
this->signers->destroy(this->signers);
this->hashers->destroy(this->hashers);
this->prfs->destroy(this->prfs);
+ this->xofs->destroy(this->xofs);
this->rngs->destroy(this->rngs);
this->nonce_gens->destroy(this->nonce_gens);
this->dhs->destroy(this->dhs);
@@ -1062,6 +1165,7 @@ crypto_factory_t *crypto_factory_create()
.create_signer = _create_signer,
.create_hasher = _create_hasher,
.create_prf = _create_prf,
+ .create_xof = _create_xof,
.create_rng = _create_rng,
.create_nonce_gen = _create_nonce_gen,
.create_dh = _create_dh,
@@ -1075,6 +1179,8 @@ crypto_factory_t *crypto_factory_create()
.remove_hasher = _remove_hasher,
.add_prf = _add_prf,
.remove_prf = _remove_prf,
+ .add_xof = _add_xof,
+ .remove_xof = _remove_xof,
.add_rng = _add_rng,
.remove_rng = _remove_rng,
.add_nonce_gen = _add_nonce_gen,
@@ -1086,6 +1192,7 @@ crypto_factory_t *crypto_factory_create()
.create_signer_enumerator = _create_signer_enumerator,
.create_hasher_enumerator = _create_hasher_enumerator,
.create_prf_enumerator = _create_prf_enumerator,
+ .create_xof_enumerator = _create_xof_enumerator,
.create_dh_enumerator = _create_dh_enumerator,
.create_rng_enumerator = _create_rng_enumerator,
.create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
@@ -1098,6 +1205,7 @@ crypto_factory_t *crypto_factory_create()
.signers = linked_list_create(),
.hashers = linked_list_create(),
.prfs = linked_list_create(),
+ .xofs = linked_list_create(),
.rngs = linked_list_create(),
.nonce_gens = linked_list_create(),
.dhs = linked_list_create(),
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index e03915603..4f61ba1fc 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -31,6 +32,7 @@ typedef struct crypto_factory_t crypto_factory_t;
#include <crypto/hashers/hasher.h>
#include <crypto/prfs/prf.h>
#include <crypto/rngs/rng.h>
+#include <crypto/xofs/xof.h>
#include <crypto/nonce_gen.h>
#include <crypto/diffie_hellman.h>
#include <crypto/transform.h>
@@ -63,6 +65,11 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo);
typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo);
/**
+ * Constructor function for pseudo random functions
+ */
+typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo);
+
+/**
* Constructor function for source of randomness
*/
typedef rng_t* (*rng_constructor_t)(rng_quality_t quality);
@@ -133,6 +140,14 @@ struct crypto_factory_t {
prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo);
/**
+ * Create an extended output function instance.
+ *
+ * @param algo XOF algorithm to use
+ * @return xof_t instance, NULL if not supported
+ */
+ xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo);
+
+ /**
* Create a source of randomness.
*
* @param quality required randomness quality
@@ -253,6 +268,24 @@ struct crypto_factory_t {
void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create);
/**
+ * Register an xof constructor.
+ *
+ * @param algo algorithm to constructor
+ * @param plugin_name plugin that registered this algorithm
+ * @param create constructor function for that algorithm
+ * @return TRUE if registered, FALSE if test vector failed
+ */
+ bool (*add_xof)(crypto_factory_t *this, ext_out_function_t algo,
+ const char *plugin_name, xof_constructor_t create);
+
+ /**
+ * Unregister an xof constructor.
+ *
+ * @param create constructor function to unregister
+ */
+ void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create);
+
+ /**
* Register a source of randomness.
*
* @param quality quality of randomness this RNG serves
@@ -342,6 +375,13 @@ struct crypto_factory_t {
enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this);
/**
+ * Create an enumerator over all registered XOFs.
+ *
+ * @return enumerator over ext_out_function_t, plugin
+ */
+ enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this);
+
+ /**
* Create an enumerator over all registered diffie hellman groups.
*
* @return enumerator over diffie_hellman_group_t, plugin
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 5607d35b9..e86e7ae76 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -63,6 +63,11 @@ struct private_crypto_tester_t {
linked_list_t *prf;
/**
+ * List of XOF test vectors
+ */
+ linked_list_t *xof;
+
+ /**
* List of RNG test vectors
*/
linked_list_t *rng;
@@ -1035,6 +1040,146 @@ failure:
}
/**
+ * Benchmark an XOF
+ */
+static u_int bench_xof(private_crypto_tester_t *this,
+ ext_out_function_t alg, xof_constructor_t create)
+{
+ xof_t *xof;
+
+ xof = create(alg);
+ if (xof)
+ {
+ char seed[xof->get_seed_size(xof)];
+ char bytes[xof->get_block_size(xof)];
+ struct timespec start;
+ u_int runs;
+
+ memset(seed, 0x56, xof->get_seed_size(xof));
+ if (!xof->set_seed(xof, chunk_create(seed, xof->get_seed_size(xof))))
+ {
+ xof->destroy(xof);
+ return 0;
+ }
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ if (xof->get_bytes(xof, xof->get_block_size(xof), bytes))
+ {
+ runs++;
+ }
+ }
+ xof->destroy(xof);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_xof, bool,
+ private_crypto_tester_t *this, ext_out_function_t alg,
+ xof_constructor_t create, u_int *speed, const char *plugin_name)
+{
+ enumerator_t *enumerator;
+ xof_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->xof->create_enumerator(this->xof);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ xof_t *xof;
+ chunk_t seed, out = chunk_empty;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ failed = TRUE;
+ xof = create(alg);
+ if (!xof)
+ {
+ DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
+ ext_out_function_names, alg, plugin_name);
+ break;
+ }
+
+ seed = chunk_create(vector->seed, vector->len);
+ if (!xof->set_seed(xof, seed))
+ {
+ goto failure;
+ }
+ /* allocated bytes */
+ if (!xof->allocate_bytes(xof, vector->out_len, &out))
+ {
+ goto failure;
+ }
+ if (out.len != vector->out_len)
+ {
+ goto failure;
+ }
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ goto failure;
+ }
+ /* bytes to existing buffer */
+ memset(out.ptr, 0, out.len);
+ if (!xof->set_seed(xof, seed))
+ {
+ goto failure;
+ }
+ if (!xof->get_bytes(xof, vector->out_len, out.ptr))
+ {
+ goto failure;
+ }
+ if (!memeq(vector->out, out.ptr, vector->out_len))
+ {
+ goto failure;
+ }
+ /* bytes to existing buffer, using append mode */
+ /* TODO */
+
+ failed = FALSE;
+failure:
+ xof->destroy(xof);
+ chunk_free(&out);
+ if (failed)
+ {
+ DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
+ ext_out_function_names, alg, plugin_name, get_name(vector));
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1(DBG_LIB, "%s %N[%s]: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ ext_out_function_names, alg, plugin_name);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ if (speed)
+ {
+ *speed = bench_xof(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points",
+ ext_out_function_names, alg, plugin_name, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors",
+ ext_out_function_names, alg, plugin_name, tested);
+ }
+ }
+ return !failed;
+}
+
+/**
* Benchmark a RNG
*/
static u_int bench_rng(private_crypto_tester_t *this,
@@ -1338,6 +1483,12 @@ METHOD(crypto_tester_t, add_prf_vector, void,
this->prf->insert_last(this->prf, vector);
}
+METHOD(crypto_tester_t, add_xof_vector, void,
+ private_crypto_tester_t *this, xof_test_vector_t *vector)
+{
+ this->xof->insert_last(this->xof, vector);
+}
+
METHOD(crypto_tester_t, add_rng_vector, void,
private_crypto_tester_t *this, rng_test_vector_t *vector)
{
@@ -1358,6 +1509,7 @@ METHOD(crypto_tester_t, destroy, void,
this->signer->destroy(this->signer);
this->hasher->destroy(this->hasher);
this->prf->destroy(this->prf);
+ this->xof->destroy(this->xof);
this->rng->destroy(this->rng);
this->dh->destroy(this->dh);
free(this);
@@ -1377,6 +1529,7 @@ crypto_tester_t *crypto_tester_create()
.test_signer = _test_signer,
.test_hasher = _test_hasher,
.test_prf = _test_prf,
+ .test_xof = _test_xof,
.test_rng = _test_rng,
.test_dh = _test_dh,
.add_crypter_vector = _add_crypter_vector,
@@ -1384,6 +1537,7 @@ crypto_tester_t *crypto_tester_create()
.add_signer_vector = _add_signer_vector,
.add_hasher_vector = _add_hasher_vector,
.add_prf_vector = _add_prf_vector,
+ .add_xof_vector = _add_xof_vector,
.add_rng_vector = _add_rng_vector,
.add_dh_vector = _add_dh_vector,
.destroy = _destroy,
@@ -1393,6 +1547,7 @@ crypto_tester_t *crypto_tester_create()
.signer = linked_list_create(),
.hasher = linked_list_create(),
.prf = linked_list_create(),
+ .xof = linked_list_create(),
.rng = linked_list_create(),
.dh = linked_list_create(),
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index 6cc9b0d57..34dfa9489 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -30,6 +30,7 @@ typedef struct aead_test_vector_t aead_test_vector_t;
typedef struct signer_test_vector_t signer_test_vector_t;
typedef struct hasher_test_vector_t hasher_test_vector_t;
typedef struct prf_test_vector_t prf_test_vector_t;
+typedef struct xof_test_vector_t xof_test_vector_t;
typedef struct rng_test_vector_t rng_test_vector_t;
typedef struct dh_test_vector_t dh_test_vector_t;
@@ -114,6 +115,19 @@ struct prf_test_vector_t {
u_char *out;
};
+struct xof_test_vector_t {
+ /** xof algorithm this test vector tests */
+ ext_out_function_t alg;
+ /** size of the seed data */
+ size_t len;
+ /** seed data */
+ u_char *seed;
+ /** size of the output */
+ size_t out_len;
+ /** expected output of size*/
+ u_char *out;
+};
+
/**
* Test vector for a RNG.
*
@@ -217,6 +231,17 @@ struct crypto_tester_t {
prf_constructor_t create,
u_int *speed, const char *plugin_name);
/**
+ * Test an XOF algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the XOF
+ * @param speed speed test result, NULL to omit
+ * @return TRUE if test passed
+ */
+ bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg,
+ xof_constructor_t create,
+ u_int *speed, const char *plugin_name);
+ /**
* Test a RNG implementation.
*
* @param alg algorithm to test
@@ -275,6 +300,13 @@ struct crypto_tester_t {
void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector);
/**
+ * Add a test vector to test an XOF.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector);
+
+ /**
* Add a test vector to test a RNG.
*
* @param vector pointer to test vector
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 0d4cd9109..6dcb6cb33 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -49,7 +49,9 @@ ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
"NTRU_128",
"NTRU_192",
"NTRU_256");
-ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT,
+ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
+ "NEWHOPE_128");
+ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
"MODP_CUSTOM");
ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
@@ -554,6 +556,7 @@ bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value)
case NTRU_128_BIT:
case NTRU_192_BIT:
case NTRU_256_BIT:
+ case NH_128_BIT:
/* verification currently not supported, do in plugin */
valid = FALSE;
break;
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index abebd66ad..f457153c9 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -68,6 +68,7 @@ enum diffie_hellman_group_t {
NTRU_128_BIT = 1031,
NTRU_192_BIT = 1032,
NTRU_256_BIT = 1033,
+ NH_128_BIT = 1040,
/** internally used DH group with additional parameters g and p, outside
* of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
MODP_CUSTOM = 65536,
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index e220593d4..d136799d7 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2012-2015 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
case OID_SHA512_WITH_RSA:
return HASH_SHA512;
case OID_SHA3_224:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
return HASH_SHA3_224;
case OID_SHA3_256:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
return HASH_SHA3_256;
case OID_SHA3_384:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
return HASH_SHA3_384;
case OID_SHA3_512:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
return HASH_SHA3_512;
default:
return HASH_UNKNOWN;
@@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
return OID_SHA384_WITH_RSA;
case HASH_SHA512:
return OID_SHA512_WITH_RSA;
+ case HASH_SHA3_224:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+ case HASH_SHA3_256:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+ case HASH_SHA3_384:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+ case HASH_SHA3_512:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
default:
return OID_UNKNOWN;
}
@@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_SHA1:
case SIGN_ECDSA_WITH_SHA1_DER:
return HASH_SHA1;
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return HASH_SHA224;
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_256:
case SIGN_BLISS_WITH_SHA2_256:
return HASH_SHA256;
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_384:
case SIGN_BLISS_WITH_SHA2_384:
return HASH_SHA384;
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
case SIGN_ECDSA_WITH_SHA512_DER:
case SIGN_ECDSA_521:
case SIGN_BLISS_WITH_SHA2_512:
return HASH_SHA512;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return HASH_SHA3_224;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
case SIGN_BLISS_WITH_SHA3_256:
return HASH_SHA3_256;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
case SIGN_BLISS_WITH_SHA3_384:
return HASH_SHA3_384;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
case SIGN_BLISS_WITH_SHA3_512:
return HASH_SHA3_512;
}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c
deleted file mode 100644
index 5116dfefa..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1.h"
-
-#include "crypto/hashers/hasher.h"
-#include "utils/debug.h"
-#include "utils/test.h"
-
-typedef struct private_mgf1_t private_mgf1_t;
-
-/**
- * Private data of an mgf1_t object.
- */
-struct private_mgf1_t {
-
- /**
- * Public mgf1_t interface.
- */
- mgf1_t public;
-
- /**
- * Hasher the MGF1 Mask Generation Function is based on
- */
- hasher_t *hasher;
-
- /**
- * Counter
- */
- uint32_t counter;
-
- /**
- * Set if counter has reached 2^32
- */
- bool overflow;
-
- /**
- * Current state to be hashed
- */
- chunk_t state;
-
- /**
- * Position of the 4 octet counter string
- */
- u_char *ctr_str;
-
-};
-
-METHOD(mgf1_t, get_hash_size, size_t,
- private_mgf1_t *this)
-{
- return this->hasher->get_hash_size(this->hasher);
-}
-
-METHOD(mgf1_t, get_mask, bool,
- private_mgf1_t *this, size_t mask_len, u_char *mask)
-{
- u_char buf[HASH_SIZE_SHA512];
- size_t hash_len;
-
- hash_len = this->hasher->get_hash_size(this->hasher);
-
- while (mask_len > 0)
- {
- /* detect overflow, set counter string and increment counter */
- if (this->overflow)
- {
- return FALSE;
- }
- htoun32(this->ctr_str, this->counter++);
- if (this->counter == 0)
- {
- this->overflow = TRUE;
- }
-
- /* get the next or final mask block from the hash function */
- if (!this->hasher->get_hash(this->hasher, this->state,
- (mask_len < hash_len) ? buf : mask))
- {
- return FALSE;
- }
- if (mask_len < hash_len)
- {
- memcpy(mask, buf, mask_len);
- return TRUE;
- }
- mask_len -= hash_len;
- mask += hash_len;
- }
- return TRUE;
-}
-
-METHOD(mgf1_t, allocate_mask, bool,
- private_mgf1_t *this, size_t mask_len, chunk_t *mask)
-{
- if (mask_len == 0)
- {
- *mask = chunk_empty;
- return TRUE;
- }
- *mask = chunk_alloc(mask_len);
-
- return get_mask(this, mask_len, mask->ptr);
-}
-
-METHOD(mgf1_t, destroy, void,
- private_mgf1_t *this)
-{
- this->hasher->destroy(this->hasher);
- chunk_clear(&this->state);
- free(this);
-}
-
-/*
- * Described in header.
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed)
-{
- private_mgf1_t *this;
- hasher_t *hasher;
- size_t state_len;
-
- if (seed.len == 0)
- {
- DBG1(DBG_LIB, "empty seed for MGF1");
- return NULL;
- }
-
- hasher = lib->crypto->create_hasher(lib->crypto, alg);
- if (!hasher)
- {
- DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
- hash_algorithm_names, alg);
- return NULL;
- }
- state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
-
- INIT(this,
- .public = {
- .get_hash_size = _get_hash_size,
- .allocate_mask = _allocate_mask,
- .get_mask = _get_mask,
- .destroy = _destroy,
- },
- .hasher = hasher,
- .state = chunk_alloc(state_len),
- );
-
- /* determine position of the 4 octet counter string */
- this->ctr_str = this->state.ptr + state_len - 4;
-
- if (hash_seed)
- {
- if (!hasher->get_hash(hasher, seed, this->state.ptr))
- {
- DBG1(DBG_LIB, "failed to hash seed for MGF1");
- destroy(this);
- return NULL;
- }
- }
- else
- {
- memcpy(this->state.ptr, seed.ptr, seed.len);
- }
-
- return &this->public;
-}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.h b/src/libstrongswan/crypto/mgf1/mgf1.h
deleted file mode 100644
index 592d31596..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mgf1 mgf1
- * @{ @ingroup crypto
- */
-
-#ifndef MGF1_H_
-#define MGF1_H_
-
-typedef struct mgf1_t mgf1_t;
-
-#include <library.h>
-
-/**
- * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
- * defined in section 10.2.1 of RFC 2437
- */
-struct mgf1_t {
-
- /**
- * Get the hash size of the underlying hash function
- *
- * @return hash size in bytes
- */
- size_t (*get_hash_size)(mgf1_t *this);
-
- /**
- * Generate a mask pattern and copy it to an output buffer
- * If the maximum number of requests has been reached, reseeding occurs
- *
- * @param mask_len number of mask bytes to generate
- * @param mask output buffer of minimum size mask_len
- * @return TRUE if successful
- */
- bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask);
-
- /**
- * Generate a mask pattern and return it in an allocated chunk
- *
- * @param mask_len number of mask bytes to generate
- * @param mask chunk containing generated mask
- * @return TRUE if successful
- */
- bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask);
-
- /**
- * Destroy the MGF1 object
- */
- void (*destroy)(mgf1_t *this);
-};
-
-/**
- * Create an MGF1 object
- *
- * @param alg hash algorithm to be used by MGF1
- * @param seed seed used by MGF1 to generate mask from
- * @param hash_seed hash seed before using it as a seed for MGF1
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed);
-
-#endif /** MGF1_H_ @}*/
-
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
deleted file mode 100644
index ef0a2bd01..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1_bitspender.h"
-
-#include <crypto/mgf1/mgf1.h>
-
-typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
-
-/**
- * Private data structure for mgf1_bitspender_t object
- */
-struct private_mgf1_bitspender_t {
- /**
- * Public interface.
- */
- mgf1_bitspender_t public;
-
- /**
- * MGF1 bit mask generator
- */
- mgf1_t *mgf1;
-
- /**
- * Octet storage (accommodates up to 64 octets)
- */
- uint8_t octets[HASH_SIZE_SHA512];
-
- /**
- * Length of the returned hash value in octets
- */
- int hash_len;
-
- /**
- * Number of generated octets
- */
- int octets_count;
-
- /**
- * Number of available octets
- */
- int octets_left;
-
- /**
- * Bit storage (accommodates up to 32 bits)
- */
- uint32_t bits;
-
- /**
- * Number of available bits
- */
- int bits_left;
-
- /**
- * Byte storage (accommodates up to 4 bytes)
- */
- uint8_t bytes[4];
-
- /**
- * Number of available bytes
- */
- int bytes_left;
-
-};
-
-METHOD(mgf1_bitspender_t, get_bits, bool,
- private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
-{
- int bits_now;
-
- *bits = 0x00000000;
-
- if (bits_needed == 0)
- {
- /* trivial */
- return TRUE;
- }
- if (bits_needed > 32)
- {
- /* too many bits requested */
- return FALSE;
- }
-
- while (bits_needed)
- {
- if (this->bits_left == 0)
- {
- if (this->octets_left == 0)
- {
- /* get another block from MGF1 */
- if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
- this->octets))
- {
- /* no block available */
- return FALSE;
- }
- this->octets_left = this->hash_len;
- this->octets_count += this->hash_len;
- }
- this->bits = untoh32(this->octets + this->hash_len -
- this->octets_left);
- this->bits_left = 32;
- this->octets_left -= 4;
- }
- if (bits_needed > this->bits_left)
- {
- bits_now = this->bits_left;
- this->bits_left = 0;
- bits_needed -= bits_now;
- }
- else
- {
- bits_now = bits_needed;
- this->bits_left -= bits_needed;
- bits_needed = 0;
- }
- if (bits_now == 32)
- {
- *bits = this->bits;
- }
- else
- {
- *bits <<= bits_now;
- *bits |= this->bits >> this->bits_left;
- if (this->bits_left)
- {
- this->bits &= 0xffffffff >> (32 - this->bits_left);
- }
- }
- }
- return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, get_byte, bool,
- private_mgf1_bitspender_t *this, uint8_t *byte)
-{
- if (this->bytes_left == 0)
- {
- if (this->octets_left == 0)
- {
- /* get another block from MGF1 */
- if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets))
- {
- /* no block available */
- return FALSE;
- }
- this->octets_left = this->hash_len;
- this->octets_count += this->hash_len;
- }
- memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4);
- this->bytes_left = 4;
- this->octets_left -= 4;
- }
- *byte = this->bytes[4 - this->bytes_left--];
-
- return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, destroy, void,
- private_mgf1_bitspender_t *this)
-{
- DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
- memwipe(this->octets, sizeof(this->octets));
- this->mgf1->destroy(this->mgf1);
- free(this);
-}
-
-/**
- * See header.
- */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed)
-{
- private_mgf1_bitspender_t *this;
- mgf1_t *mgf1;
-
- mgf1 = mgf1_create(alg, seed, hash_seed);
- if (!mgf1)
- {
- return NULL;
- }
- DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
- hash_algorithm_short_names, alg, seed.len);
-
- INIT(this,
- .public = {
- .get_bits = _get_bits,
- .get_byte = _get_byte,
- .destroy = _destroy,
- },
- .mgf1 = mgf1,
- .hash_len = mgf1->get_hash_size(mgf1),
- );
-
- return &this->public;
-}
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 282d40e7b..cd4e5763c 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -154,7 +154,7 @@ METHOD(proposal_keywords_t, register_algname_parser, void,
private_proposal_keywords_t *this, proposal_algname_parser_t parser)
{
this->lock->write_lock(this->lock);
- this->tokens->insert_first(this->parsers, parser);
+ this->parsers->insert_first(this->parsers, parser);
this->lock->unlock(this->lock);
}
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index ba4c895d7..b058ad288 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -59,12 +59,12 @@ struct proposal_token {
uint16_t keysize;
};
-#define TOTAL_KEYWORDS 140
+#define TOTAL_KEYWORDS 141
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 11
-#define MAX_HASH_VALUE 266
-/* maximum key range = 256, duplicates = 0 */
+#define MIN_HASH_VALUE 7
+#define MAX_HASH_VALUE 282
+/* maximum key range = 276, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned short asso_values[] =
{
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 71, 4,
- 20, 6, 48, 32, 10, 30, 5, 3, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 97, 267, 4, 8, 18,
- 56, 107, 107, 78, 10, 4, 267, 267, 3, 5,
- 7, 4, 30, 92, 104, 3, 32, 145, 267, 267,
- 3, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 75, 2,
+ 16, 16, 30, 26, 8, 35, 3, 1, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 29, 283, 10, 2, 16,
+ 46, 1, 23, 78, 4, 4, 283, 283, 1, 9,
+ 5, 2, 124, 117, 77, 106, 85, 27, 283, 283,
+ 1, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283
};
register int hval = len;
@@ -145,23 +145,20 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
{"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
{"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
{"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
{"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
{"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
{"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
{"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
{"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
{"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
@@ -171,14 +168,17 @@ static const struct proposal_token wordlist[] =
{"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
{"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
{"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
{"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
{"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
{"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
@@ -187,26 +187,32 @@ static const struct proposal_token wordlist[] =
{"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
{"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
{"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
{"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
{"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
{"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
@@ -215,106 +221,103 @@ static const struct proposal_token wordlist[] =
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
- {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
{"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
{"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+ {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
{"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
- {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
- {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0},
{"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
{"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
{"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
{"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
{"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
{"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
{"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256},
- {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
{"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
{"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
{"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}
};
static const short lookup[] =
{
+ -1, -1, -1, -1, -1, -1, -1, 0, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, 1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 2, -1, -1, -1,
+ 3, 4, -1, 5, 6, 7, 8, -1, -1, -1,
+ -1, 9, -1, -1, 10, 11, -1, 12, -1, 13,
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
+ 24, 25, 26, -1, 27, 28, 29, 30, 31, 32,
+ 33, 34, 35, 36, 37, 38, -1, 39, 40, 41,
+ 42, 43, 44, 45, 46, -1, 47, 48, -1, 49,
+ 50, 51, 52, 53, 54, -1, 55, 56, 57, 58,
+ 59, 60, 61, 62, 63, 64, -1, 65, -1, -1,
+ 66, 67, 68, 69, 70, 71, 72, 73, 74, 75,
+ 76, 77, 78, 79, -1, 80, 81, 82, 83, -1,
+ 84, 85, 86, 87, 88, 89, 90, 91, 92, 93,
+ 94, 95, 96, 97, 98, 99, 100, -1, 101, -1,
+ -1, -1, 102, -1, 103, 104, 105, 106, -1, 107,
+ -1, 108, 109, 110, 111, 112, 113, 114, -1, 115,
+ -1, 116, 117, -1, -1, 118, 119, 120, -1, 121,
+ -1, -1, 122, 123, 124, -1, 125, 126, 127, -1,
+ 128, 129, 130, -1, 131, 132, -1, -1, -1, -1,
+ -1, -1, 133, 134, -1, -1, -1, 135, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 136, -1,
+ -1, 137, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 0, -1, -1, 1, -1, -1, -1, -1, -1,
- -1, -1, -1, 2, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, 3,
- 4, -1, 5, -1, 6, 7, -1, 8, 9, -1,
- -1, -1, -1, -1, -1, 10, -1, 11, 12, 13,
- 14, -1, -1, -1, 15, -1, 16, 17, -1, 18,
- 19, 20, 21, 22, 23, 24, 25, 26, 27, -1,
- -1, -1, 28, 29, 30, -1, 31, -1, 32, 33,
- 34, -1, 35, 36, 37, 38, -1, 39, 40, 41,
- 42, -1, 43, 44, -1, -1, -1, -1, -1, 45,
- -1, 46, 47, 48, 49, 50, 51, 52, 53, 54,
- 55, 56, -1, 57, 58, 59, 60, 61, 62, 63,
- 64, 65, 66, 67, 68, 69, 70, 71, 72, 73,
- 74, 75, 76, 77, 78, 79, 80, 81, 82, 83,
- 84, -1, 85, 86, -1, 87, 88, 89, 90, 91,
- 92, -1, 93, 94, 95, 96, 97, 98, 99, 100,
- -1, -1, 101, 102, 103, -1, -1, 104, 105, 106,
- 107, 108, 109, -1, -1, 110, -1, 111, 112, 113,
- 114, -1, 115, 116, -1, 117, 118, 119, 120, 121,
- -1, -1, -1, -1, 122, 123, 124, -1, 125, -1,
- -1, -1, 126, 127, 128, -1, 129, 130, 131, -1,
- -1, 132, 133, -1, -1, -1, 134, -1, 135, 136,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 137, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, 138, -1, -1, 139
+ -1, -1, -1, -1, -1, -1, -1, 138, 139, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, 140
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 87602430d..3ac772962 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -167,5 +167,6 @@ ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0
ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0
ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0
ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0
+newhope128, DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
index 7c6678b61..808cb996e 100644
--- a/src/libstrongswan/crypto/transform.c
+++ b/src/libstrongswan/crypto/transform.c
@@ -17,13 +17,15 @@
#include <crypto/hashers/hasher.h>
#include <crypto/rngs/rng.h>
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM,
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION,
"UNDEFINED_TRANSFORM_TYPE",
"HASH_ALGORITHM",
"RANDOM_NUMBER_GENERATOR",
"AEAD_ALGORITHM",
- "COMPRESSION_ALGORITHM");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM,
+ "COMPRESSION_ALGORITHM",
+ "EXTENDED OUTPUT FUNCTION");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
+ EXTENDED_OUTPUT_FUNCTION,
"ENCRYPTION_ALGORITHM",
"PSEUDO_RANDOM_FUNCTION",
"INTEGRITY_ALGORITHM",
@@ -60,6 +62,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type)
return diffie_hellman_group_names;
case EXTENDED_SEQUENCE_NUMBERS:
return extended_sequence_numbers_names;
+ case EXTENDED_OUTPUT_FUNCTION:
+ return ext_out_function_names;
case UNDEFINED_TRANSFORM_TYPE:
case COMPRESSION_ALGORITHM:
break;
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
index 0cb84f0f5..e043e605c 100644
--- a/src/libstrongswan/crypto/transform.h
+++ b/src/libstrongswan/crypto/transform.h
@@ -34,6 +34,7 @@ enum transform_type_t {
RANDOM_NUMBER_GENERATOR = 243,
AEAD_ALGORITHM = 244,
COMPRESSION_ALGORITHM = 245,
+ EXTENDED_OUTPUT_FUNCTION = 246,
ENCRYPTION_ALGORITHM = 1,
PSEUDO_RANDOM_FUNCTION = 2,
INTEGRITY_ALGORITHM = 3,
diff --git a/src/libstrongswan/crypto/xofs/mgf1.h b/src/libstrongswan/crypto/xofs/mgf1.h
new file mode 100644
index 000000000..5ad3a518a
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/mgf1.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1 mgf1
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_H_
+#define MGF1_H_
+
+typedef struct mgf1_t mgf1_t;
+
+#include "xof.h"
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_t {
+
+ /**
+ * Generic xof_t interface for this Extended Output Function (XOF).
+ */
+ xof_t xof_interface;
+
+ /**
+ * Hash the seed before using it as a seed for MGF1
+ *
+ * @param yes TRUE if seed has to be hashed first
+ */
+ void (*set_hash_seed)(mgf1_t *this, bool yes);
+};
+
+#endif /** MGF1_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c
new file mode 100644
index 000000000..1e9c2834b
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof.h"
+
+ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
+ "XOF_UNDEFINED",
+ "XOF_MGF1_SHA1",
+ "XOF_MGF1_SHA256",
+ "XOF_MGF1_SHA512",
+ "XOF_SHAKE128",
+ "XOF_SHAKE256",
+ "XOF_CHACHA20"
+);
+
diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h
new file mode 100644
index 000000000..8c9ae0131
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef XOF_H_
+#define XOF_H_
+
+typedef enum ext_out_function_t ext_out_function_t;
+typedef struct xof_t xof_t;
+
+#include <library.h>
+
+/**
+ * Extendable Output Functions.
+ */
+enum ext_out_function_t {
+ XOF_UNDEFINED,
+ /** RFC 2437 PKCS#1 */
+ XOF_MGF1_SHA1,
+ /** RFC 2437 PKCS#1 */
+ XOF_MGF1_SHA256,
+ /** RFC 2437 PKCS#1 */
+ XOF_MGF1_SHA512,
+ /** FIPS 202 */
+ XOF_SHAKE_128,
+ /** FIPS 202 */
+ XOF_SHAKE_256,
+ /** RFC 7539 ChaCha20 */
+ XOF_CHACHA20,
+};
+
+/**
+ * enum name for ext_out_function_t.
+ */
+extern enum_name_t *ext_out_function_names;
+
+/**
+ * Generic interface for Extended Output Function (XOF)
+ */
+struct xof_t {
+
+ /**
+ * Return the type of the Extended Output Function
+ *
+ * @return XOF type
+ */
+ ext_out_function_t (*get_type)(xof_t *this);
+
+ /**
+ * Generates pseudo random bytes and writes them in the buffer.
+ *
+ * @param out_len number of output bytes requested
+ * @param buffer pointer where the generated bytes will be written
+ * @return TRUE if bytes generated successfully
+ */
+ bool (*get_bytes)(xof_t *this, size_t out_len,
+ uint8_t *buffer) __attribute__((warn_unused_result));
+
+ /**
+ * Generates pseudo random bytes and allocate space for them.
+ *
+ * @param out_len number of output bytes requested
+ * @param chunk chunk which will hold generated bytes
+ * @return TRUE if bytes allocated and generated successfully
+ */
+ bool (*allocate_bytes)(xof_t *this, size_t out_len,
+ chunk_t *chunk) __attribute__((warn_unused_result));
+
+ /**
+ * Get the output block size
+ *
+ * @return block size in bytes
+ */
+ size_t (*get_block_size)(xof_t *this);
+
+ /**
+ * Get the recommended minimum seed size
+ *
+ * @return seed size in bytes
+ */
+ size_t (*get_seed_size)(xof_t *this);
+
+ /**
+ * Set the key for this xof_t object.
+ *
+ * @param sed seed to set
+ * @return TRUE if XOF initialized with seed successfully
+ */
+ bool (*set_seed)(xof_t *this,
+ chunk_t seed) __attribute__((warn_unused_result));
+
+ /**
+ * Destroys a xof object.
+ */
+ void (*destroy)(xof_t *this);
+};
+
+#endif /** XOF_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.c b/src/libstrongswan/crypto/xofs/xof_bitspender.c
new file mode 100644
index 000000000..f18b806a3
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof_bitspender.h"
+#include "mgf1.h"
+
+typedef struct private_xof_bitspender_t private_xof_bitspender_t;
+
+/**
+ * Private data structure for xof_bitspender_t object
+ */
+struct private_xof_bitspender_t {
+ /**
+ * Public interface.
+ */
+ xof_bitspender_t public;
+
+ /**
+ * Extended Output Function (XOF)
+ */
+ xof_t *xof;
+
+ /**
+ * Length of the returned hash value in octets
+ */
+ int hash_len;
+
+ /**
+ * Bit storage (accommodates up to 32 bits)
+ */
+ uint32_t bits;
+
+ /**
+ * Number of available bits
+ */
+ int bits_left;
+
+ /**
+ * Byte storage (accommodates up to 4 bytes)
+ */
+ uint8_t bytes[4];
+
+ /**
+ * Number of available bytes
+ */
+ int bytes_left;
+
+ /**
+ * Number of octets spent
+ */
+ int octet_count;
+
+};
+
+static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
+{
+ if (!this->xof->get_bytes(this->xof, 4, buffer))
+ {
+ /* no block available */
+ return FALSE;
+ }
+ this->octet_count += 4;
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_bits, bool,
+ private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
+{
+ int bits_now;
+
+ *bits = 0x00000000;
+
+ if (bits_needed == 0)
+ {
+ /* trivial */
+ return TRUE;
+ }
+ if (bits_needed > 32)
+ {
+ /* too many bits requested */
+ return FALSE;
+ }
+
+ while (bits_needed)
+ {
+ if (this->bits_left == 0)
+ {
+ uint8_t buf[4];
+
+ if (!get_next_block(this, buf))
+ {
+ return FALSE;
+ }
+ this->bits = untoh32(buf);
+ this->bits_left = 32;
+ }
+ if (bits_needed > this->bits_left)
+ {
+ bits_now = this->bits_left;
+ this->bits_left = 0;
+ bits_needed -= bits_now;
+ }
+ else
+ {
+ bits_now = bits_needed;
+ this->bits_left -= bits_needed;
+ bits_needed = 0;
+ }
+ if (bits_now == 32)
+ {
+ *bits = this->bits;
+ }
+ else
+ {
+ *bits <<= bits_now;
+ *bits |= this->bits >> this->bits_left;
+ if (this->bits_left)
+ {
+ this->bits &= 0xffffffff >> (32 - this->bits_left);
+ }
+ }
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_byte, bool,
+ private_xof_bitspender_t *this, uint8_t *byte)
+{
+ if (this->bytes_left == 0)
+ {
+ if (!get_next_block(this, this->bytes))
+ {
+ return FALSE;
+ }
+ this->bytes_left = 4;
+ }
+ *byte = this->bytes[4 - this->bytes_left--];
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, destroy, void,
+ private_xof_bitspender_t *this)
+{
+ DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
+ this->xof->get_type(this->xof), this->octet_count);
+ memwipe(this->bytes, 4);
+ this->xof->destroy(this->xof);
+ free(this);
+}
+
+/**
+ * See header.
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+ bool hash_seed)
+{
+ private_xof_bitspender_t *this;
+ xof_t *xof;
+
+ xof = lib->crypto->create_xof(lib->crypto, alg);
+ if (!xof)
+ {
+ return NULL;
+ }
+
+ switch (alg)
+ {
+ case XOF_MGF1_SHA1:
+ case XOF_MGF1_SHA256:
+ case XOF_MGF1_SHA512:
+ {
+ mgf1_t *mgf1 = (mgf1_t*)xof;
+
+ mgf1->set_hash_seed(mgf1, hash_seed);
+ break;
+ }
+ default:
+ break;
+ }
+ if (!xof->set_seed(xof, seed))
+ {
+ xof->destroy(xof);
+ return NULL;
+ }
+ DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
+ alg, seed.len);
+
+ INIT(this,
+ .public = {
+ .get_bits = _get_bits,
+ .get_byte = _get_byte,
+ .destroy = _destroy,
+ },
+ .xof = xof,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h b/src/libstrongswan/crypto/xofs/xof_bitspender.h
index f7df8e834..f42207903 100644
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -14,22 +14,24 @@
*/
/**
- * @defgroup mgf1_bitspender mgf1_bitspender
+ * @defgroup xof_bitspender xof_bitspender
* @{ @ingroup mgf1
*/
-#ifndef MGF1_BITSPENDER_H_
-#define MGF1_BITSPENDER_H_
+#ifndef XOF_BITSPENDER_H_
+#define XOF_BITSPENDER_H_
+
+#include "xof.h"
#include <library.h>
-#include <crypto/hashers/hasher.h>
-typedef struct mgf1_bitspender_t mgf1_bitspender_t;
+typedef struct xof_bitspender_t xof_bitspender_t;
/**
- * Generates a given number of pseudo-random bits at a time using MGF1
+ * Generates a given number of pseudo-random bits at a time using an
+ * Extended Output Function (XOF)
*/
-struct mgf1_bitspender_t {
+struct xof_bitspender_t {
/**
* Get pseudo-random bits
@@ -38,7 +40,7 @@ struct mgf1_bitspender_t {
* @param bits Pseudo-random bits
* @result FALSE if internal MGF1 error occurred
*/
- bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits);
+ bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
/**
* Get a pseudo-random byte
@@ -46,22 +48,22 @@ struct mgf1_bitspender_t {
* @param byte Pseudo-random byte
* @result FALSE if internal MGF1 error occurred
*/
- bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte);
+ bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
/**
- * Destroy mgf1_bitspender_t object
+ * Destroy xof_bitspender_t object
*/
- void (*destroy)(mgf1_bitspender_t *this);
+ void (*destroy)(xof_bitspender_t *this);
};
/**
- * Create a mgf1_bitspender_t object
+ * Create a xof_bitspender_t object
*
- * @param alg Hash algorithm to be used with MGF1
- * @param seed Seed used to initialize MGF1
+ * @param alg XOF to be used
+ * @param seed Seed used to initialize XOF
* @param hash_seed Hash seed before using it as a seed for MFG1
*/
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed);
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+ bool hash_seed);
-#endif /** MGF1_BITSPENDER_H_ @}*/
+#endif /** XOF_BITSPENDER_H_ @}*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 13:02:28 +0000