summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-02-23 10:42:46 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-02-23 10:42:46 +0000
commitde6b12502cdf42d5d92118f1c0e38dc31becf7c5 (patch)
tree0edac9c79f5a43e01913dd7f71c7abc487e5727b /src/libstrongswan/crypto
parent172642669d4a23e17f1ed411fbc8629dcaa5fb46 (diff)
downloadvyos-strongswan-de6b12502cdf42d5d92118f1c0e38dc31becf7c5.tar.gz
vyos-strongswan-de6b12502cdf42d5d92118f1c0e38dc31becf7c5.zip
Updated to new upstream release. interfaces Patch is not from upstream.
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.h25
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c62
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h46
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c90
-rw-r--r--src/libstrongswan/crypto/crypto_tester.h10
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h28
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c64
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h34
-rw-r--r--src/libstrongswan/crypto/pkcs9.c56
-rw-r--r--src/libstrongswan/crypto/pkcs9.h12
-rw-r--r--src/libstrongswan/crypto/prf_plus.c34
-rw-r--r--src/libstrongswan/crypto/prf_plus.h18
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h22
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c91
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.h6
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt4
-rw-r--r--src/libstrongswan/crypto/rngs/rng.h8
-rw-r--r--src/libstrongswan/crypto/signers/signer.c7
-rw-r--r--src/libstrongswan/crypto/signers/signer.h28
19 files changed, 323 insertions, 322 deletions
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index 2879e24c0..f052a181d 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup crypter crypter
* @{ @ingroup crypto
@@ -56,14 +56,15 @@ enum encryption_algorithm_t {
ENCR_CAMELLIA_CCM_ICV12 = 26,
ENCR_CAMELLIA_CCM_ICV16 = 27,
ENCR_UNDEFINED = 1024,
- ENCR_DES_ECB = 1025,
+ ENCR_DES_ECB = 1025,
ENCR_SERPENT_CBC = 1026,
- ENCR_TWOFISH_CBC = 1027
+ ENCR_TWOFISH_CBC = 1027
};
#define DES_BLOCK_SIZE 8
#define BLOWFISH_BLOCK_SIZE 8
#define AES_BLOCK_SIZE 16
+#define CAMELLIA_BLOCK_SIZE 16
#define SERPENT_BLOCK_SIZE 16
#define TWOFISH_BLOCK_SIZE 16
@@ -76,7 +77,7 @@ extern enum_name_t *encryption_algorithm_names;
* Generic interface for symmetric encryption algorithms.
*/
struct crypter_t {
-
+
/**
* Encrypt a chunk of data and allocate space for the encrypted value.
*
@@ -90,14 +91,14 @@ struct crypter_t {
*/
void (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *encrypted);
-
+
/**
* Decrypt a chunk of data and allocate space for the decrypted value.
*
* The length of the iv must equal to get_block_size(), while the length
* of data must be a multiple it.
* If decrpyted is NULL, the encryption is done in-place (overwriting data).
- *
+ *
* @param data data to decrypt
* @param iv initializing vector
* @param encrypted chunk to allocate decrypted data, or NULL
@@ -107,18 +108,18 @@ struct crypter_t {
/**
* Get the block size of the crypto algorithm.
- *
+ *
* @return block size in bytes
*/
size_t (*get_block_size) (crypter_t *this);
/**
* Get the key size of the crypto algorithm.
- *
+ *
* @return key size in bytes
*/
size_t (*get_key_size) (crypter_t *this);
-
+
/**
* Set the key.
*
@@ -127,7 +128,7 @@ struct crypter_t {
* @param key key to set
*/
void (*set_key) (crypter_t *this, chunk_t key);
-
+
/**
* Destroys a crypter_t object.
*/
@@ -136,7 +137,7 @@ struct crypter_t {
/**
* Conversion of ASN.1 OID to encryption algorithm.
- *
+ *
* @param oid ASN.1 OID
* @param key_size returns size of encryption key in bits
* @return encryption algorithm, ENCR_UNDEFINED if OID unsupported
@@ -145,7 +146,7 @@ encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size);
/**
* Conversion of encryption algorithm to ASN.1 OID.
- *
+ *
* @param alg encryption algorithm
* @param key_size size of encryption key in bits
* @return ASN.1 OID, OID_UNKNOWN if OID is unknown
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index e928e8cdf..46b50329d 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -16,7 +16,7 @@
#include "crypto_factory.h"
#include <debug.h>
-#include <utils/mutex.h>
+#include <threading/rwlock.h>
#include <utils/linked_list.h>
#include <crypto/crypto_tester.h>
@@ -46,52 +46,52 @@ struct private_crypto_factory_t {
* public functions
*/
crypto_factory_t public;
-
+
/**
* registered crypters, as entry_t
*/
linked_list_t *crypters;
-
+
/**
* registered signers, as entry_t
*/
linked_list_t *signers;
-
+
/**
* registered hashers, as entry_t
*/
linked_list_t *hashers;
-
+
/**
* registered prfs, as entry_t
*/
linked_list_t *prfs;
-
+
/**
* registered rngs, as entry_t
*/
linked_list_t *rngs;
-
+
/**
* registered diffie hellman, as entry_t
*/
linked_list_t *dhs;
-
+
/**
* test manager to test crypto algorithms
*/
crypto_tester_t *tester;
-
+
/**
* whether to test algorithms during registration
*/
bool test_on_add;
-
+
/**
* whether to test algorithms on each crypto primitive construction
*/
bool test_on_create;
-
+
/**
* rwlock to lock access to modules
*/
@@ -107,7 +107,7 @@ static crypter_t* create_crypter(private_crypto_factory_t *this,
enumerator_t *enumerator;
entry_t *entry;
crypter_t *crypter = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->crypters->create_enumerator(this->crypters);
while (enumerator->enumerate(enumerator, &entry))
@@ -116,7 +116,7 @@ static crypter_t* create_crypter(private_crypto_factory_t *this,
{
if (this->test_on_create &&
!this->tester->test_crypter(this->tester, algo, key_size,
- entry->create_crypter))
+ entry->create_crypter))
{
continue;
}
@@ -141,7 +141,7 @@ static signer_t* create_signer(private_crypto_factory_t *this,
enumerator_t *enumerator;
entry_t *entry;
signer_t *signer = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->signers->create_enumerator(this->signers);
while (enumerator->enumerate(enumerator, &entry))
@@ -163,7 +163,7 @@ static signer_t* create_signer(private_crypto_factory_t *this,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
-
+
return signer;
}
@@ -243,7 +243,7 @@ static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality)
entry_t *entry;
u_int diff = ~0;
rng_constructor_t constr = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->rngs->create_enumerator(this->rngs);
while (enumerator->enumerate(enumerator, &entry))
@@ -311,7 +311,7 @@ static void add_crypter(private_crypto_factory_t *this,
this->tester->test_crypter(this->tester, algo, 0, create))
{
entry_t *entry = malloc_thing(entry_t);
-
+
entry->algo = algo;
entry->create_crypter = create;
this->lock->write_lock(this->lock);
@@ -328,7 +328,7 @@ static void remove_crypter(private_crypto_factory_t *this,
{
entry_t *entry;
enumerator_t *enumerator;
-
+
this->lock->write_lock(this->lock);
enumerator = this->crypters->create_enumerator(this->crypters);
while (enumerator->enumerate(enumerator, &entry))
@@ -353,7 +353,7 @@ static void add_signer(private_crypto_factory_t *this,
this->tester->test_signer(this->tester, algo, create))
{
entry_t *entry = malloc_thing(entry_t);
-
+
entry->algo = algo;
entry->create_signer = create;
this->lock->write_lock(this->lock);
@@ -370,7 +370,7 @@ static void remove_signer(private_crypto_factory_t *this,
{
entry_t *entry;
enumerator_t *enumerator;
-
+
this->lock->write_lock(this->lock);
enumerator = this->signers->create_enumerator(this->signers);
while (enumerator->enumerate(enumerator, &entry))
@@ -395,7 +395,7 @@ static void add_hasher(private_crypto_factory_t *this, hash_algorithm_t algo,
this->tester->test_hasher(this->tester, algo, create))
{
entry_t *entry = malloc_thing(entry_t);
-
+
entry->algo = algo;
entry->create_hasher = create;
this->lock->write_lock(this->lock);
@@ -412,7 +412,7 @@ static void remove_hasher(private_crypto_factory_t *this,
{
entry_t *entry;
enumerator_t *enumerator;
-
+
this->lock->write_lock(this->lock);
enumerator = this->hashers->create_enumerator(this->hashers);
while (enumerator->enumerate(enumerator, &entry))
@@ -437,7 +437,7 @@ static void add_prf(private_crypto_factory_t *this,
this->tester->test_prf(this->tester, algo, create))
{
entry_t *entry = malloc_thing(entry_t);
-
+
entry->algo = algo;
entry->create_prf = create;
this->lock->write_lock(this->lock);
@@ -453,7 +453,7 @@ static void remove_prf(private_crypto_factory_t *this, prf_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
-
+
this->lock->write_lock(this->lock);
enumerator = this->prfs->create_enumerator(this->prfs);
while (enumerator->enumerate(enumerator, &entry))
@@ -478,7 +478,7 @@ static void add_rng(private_crypto_factory_t *this, rng_quality_t quality,
this->tester->test_rng(this->tester, quality, create))
{
entry_t *entry = malloc_thing(entry_t);
-
+
entry->algo = quality;
entry->create_rng = create;
this->lock->write_lock(this->lock);
@@ -494,7 +494,7 @@ static void remove_rng(private_crypto_factory_t *this, rng_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
-
+
this->lock->write_lock(this->lock);
enumerator = this->rngs->create_enumerator(this->rngs);
while (enumerator->enumerate(enumerator, &entry))
@@ -516,7 +516,7 @@ static void add_dh(private_crypto_factory_t *this, diffie_hellman_group_t group,
dh_constructor_t create)
{
entry_t *entry = malloc_thing(entry_t);
-
+
entry->algo = group;
entry->create_dh = create;
this->lock->write_lock(this->lock);
@@ -531,7 +531,7 @@ static void remove_dh(private_crypto_factory_t *this, dh_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
-
+
this->lock->write_lock(this->lock);
enumerator = this->dhs->create_enumerator(this->dhs);
while (enumerator->enumerate(enumerator, &entry))
@@ -713,7 +713,7 @@ static void destroy(private_crypto_factory_t *this)
crypto_factory_t *crypto_factory_create()
{
private_crypto_factory_t *this = malloc_thing(private_crypto_factory_t);
-
+
this->public.create_crypter = (crypter_t*(*)(crypto_factory_t*, encryption_algorithm_t, size_t))create_crypter;
this->public.create_signer = (signer_t*(*)(crypto_factory_t*, integrity_algorithm_t))create_signer;
this->public.create_hasher = (hasher_t*(*)(crypto_factory_t*, hash_algorithm_t))create_hasher;
@@ -739,7 +739,7 @@ crypto_factory_t *crypto_factory_create()
this->public.create_dh_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_dh_enumerator;
this->public.add_test_vector = (void(*)(crypto_factory_t*, transform_type_t type, ...))add_test_vector;
this->public.destroy = (void(*)(crypto_factory_t*))destroy;
-
+
this->crypters = linked_list_create();
this->signers = linked_list_create();
this->hashers = linked_list_create();
@@ -752,7 +752,7 @@ crypto_factory_t *crypto_factory_create()
"libstrongswan.crypto_test.on_add", FALSE);
this->test_on_create = lib->settings->get_bool(lib->settings,
"libstrongswan.crypto_test.on_create", FALSE);
-
+
return &this->public;
}
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index f1ebcf90a..9c6effd26 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -76,7 +76,7 @@ struct crypto_factory_t {
*/
crypter_t* (*create_crypter)(crypto_factory_t *this,
encryption_algorithm_t algo, size_t key_size);
-
+
/**
* Create a symmetric signer instance.
*
@@ -93,7 +93,7 @@ struct crypto_factory_t {
* @return hasher_t instance, NULL if not supported
*/
hasher_t* (*create_hasher)(crypto_factory_t *this, hash_algorithm_t algo);
-
+
/**
* Create a pseudo random function instance.
*
@@ -101,7 +101,7 @@ struct crypto_factory_t {
* @return prf_t instance, NULL if not supported
*/
prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo);
-
+
/**
* Create a source of randomness.
*
@@ -109,7 +109,7 @@ struct crypto_factory_t {
* @return rng_t instance, NULL if no RNG with such a quality
*/
rng_t* (*create_rng)(crypto_factory_t *this, rng_quality_t quality);
-
+
/**
* Create a diffie hellman instance.
*
@@ -118,7 +118,7 @@ struct crypto_factory_t {
*/
diffie_hellman_t* (*create_dh)(crypto_factory_t *this,
diffie_hellman_group_t group);
-
+
/**
* Register a crypter constructor.
*
@@ -128,14 +128,14 @@ struct crypto_factory_t {
*/
void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo,
crypter_constructor_t create);
-
+
/**
* Unregister a crypter constructor.
*
* @param create constructor function to unregister
*/
void (*remove_crypter)(crypto_factory_t *this, crypter_constructor_t create);
-
+
/**
* Register a signer constructor.
*
@@ -145,14 +145,14 @@ struct crypto_factory_t {
*/
void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo,
signer_constructor_t create);
-
+
/**
* Unregister a signer constructor.
*
* @param create constructor function to unregister
*/
void (*remove_signer)(crypto_factory_t *this, signer_constructor_t create);
-
+
/**
* Register a hasher constructor.
*
@@ -165,14 +165,14 @@ struct crypto_factory_t {
*/
void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo,
hasher_constructor_t create);
-
+
/**
* Unregister a hasher constructor.
*
* @param create constructor function to unregister
*/
void (*remove_hasher)(crypto_factory_t *this, hasher_constructor_t create);
-
+
/**
* Register a prf constructor.
*
@@ -182,14 +182,14 @@ struct crypto_factory_t {
*/
void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo,
prf_constructor_t create);
-
+
/**
* Unregister a prf constructor.
*
* @param create constructor function to unregister
*/
void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create);
-
+
/**
* Register a source of randomness.
*
@@ -197,14 +197,14 @@ struct crypto_factory_t {
* @param create constructor function for such a quality
*/
void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create);
-
+
/**
* Unregister a source of randomness.
*
* @param create constructor function to unregister
*/
void (*remove_rng)(crypto_factory_t *this, rng_constructor_t create);
-
+
/**
* Register a diffie hellman constructor.
*
@@ -214,49 +214,49 @@ struct crypto_factory_t {
*/
void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group,
dh_constructor_t create);
-
+
/**
* Unregister a diffie hellman constructor.
*
* @param create constructor function to unregister
*/
void (*remove_dh)(crypto_factory_t *this, dh_constructor_t create);
-
+
/**
* Create an enumerator over all registered crypter algorithms.
*
* @return enumerator over encryption_algorithm_t
*/
enumerator_t* (*create_crypter_enumerator)(crypto_factory_t *this);
-
+
/**
* Create an enumerator over all registered signer algorithms.
*
* @return enumerator over integrity_algorithm_t
*/
enumerator_t* (*create_signer_enumerator)(crypto_factory_t *this);
-
+
/**
* Create an enumerator over all registered hasher algorithms.
*
* @return enumerator over hash_algorithm_t
*/
enumerator_t* (*create_hasher_enumerator)(crypto_factory_t *this);
-
+
/**
* Create an enumerator over all registered PRFs.
*
* @return enumerator over pseudo_random_function_t
*/
enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this);
-
+
/**
* Create an enumerator over all registered diffie hellman groups.
*
* @return enumerator over diffie_hellman_group_t
*/
enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this);
-
+
/**
* Add a test vector to the crypto factory.
*
@@ -264,7 +264,7 @@ struct crypto_factory_t {
* @param ... pointer to a test vector, defined in crypto_tester.h
*/
void (*add_test_vector)(crypto_factory_t *this, transform_type_t type, ...);
-
+
/**
* Destroy a crypto_factory instance.
*/
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 4d13474a1..86daf65f9 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -24,42 +24,42 @@ typedef struct private_crypto_tester_t private_crypto_tester_t;
* Private data of an crypto_tester_t object.
*/
struct private_crypto_tester_t {
-
+
/**
* Public crypto_tester_t interface.
*/
crypto_tester_t public;
-
+
/**
* List of crypter test vectors
*/
linked_list_t *crypter;
-
+
/**
* List of signer test vectors
*/
linked_list_t *signer;
-
+
/**
* List of hasher test vectors
*/
linked_list_t *hasher;
-
+
/**
* List of PRF test vectors
*/
linked_list_t *prf;
-
+
/**
* List of RNG test vectors
*/
linked_list_t *rng;
-
+
/**
* Is a test vector required to pass a test?
*/
bool required;
-
+
/**
* should we run RNG_TRUE tests? Enough entropy?
*/
@@ -76,13 +76,13 @@ static bool test_crypter(private_crypto_tester_t *this,
crypter_test_vector_t *vector;
bool failed = FALSE;
u_int tested = 0;
-
+
enumerator = this->crypter->create_enumerator(this->crypter);
while (enumerator->enumerate(enumerator, &vector))
{
crypter_t *crypter;
chunk_t key, plain, cipher, iv;
-
+
if (vector->alg != alg)
{
continue;
@@ -96,14 +96,14 @@ static bool test_crypter(private_crypto_tester_t *this,
{ /* key size not supported... */
continue;
}
-
+
failed = FALSE;
tested++;
-
+
key = chunk_create(vector->key, crypter->get_key_size(crypter));
crypter->set_key(crypter, key);
iv = chunk_create(vector->iv, crypter->get_block_size(crypter));
-
+
/* allocated encryption */
plain = chunk_create(vector->plain, vector->len);
crypter->encrypt(crypter, plain, iv, &cipher);
@@ -132,7 +132,7 @@ static bool test_crypter(private_crypto_tester_t *this,
failed = TRUE;
}
free(plain.ptr);
-
+
crypter->destroy(crypter);
if (failed)
{
@@ -167,18 +167,18 @@ static bool test_signer(private_crypto_tester_t *this,
signer_test_vector_t *vector;
bool failed = FALSE;
u_int tested = 0;
-
+
enumerator = this->signer->create_enumerator(this->signer);
while (enumerator->enumerate(enumerator, &vector))
{
signer_t *signer;
chunk_t key, data, mac;
-
+
if (vector->alg != alg)
{
continue;
}
-
+
tested++;
signer = create(alg);
if (!signer)
@@ -188,12 +188,12 @@ static bool test_signer(private_crypto_tester_t *this,
failed = TRUE;
break;
}
-
+
failed = FALSE;
-
+
key = chunk_create(vector->key, signer->get_key_size(signer));
signer->set_key(signer, key);
-
+
/* allocated signature */
data = chunk_create(vector->data, vector->len);
signer->allocate_signature(signer, data, &mac);
@@ -236,7 +236,7 @@ static bool test_signer(private_crypto_tester_t *this,
}
}
free(mac.ptr);
-
+
signer->destroy(signer);
if (failed)
{
@@ -271,18 +271,18 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
hasher_test_vector_t *vector;
bool failed = FALSE;
u_int tested = 0;
-
+
enumerator = this->hasher->create_enumerator(this->hasher);
while (enumerator->enumerate(enumerator, &vector))
{
hasher_t *hasher;
chunk_t data, hash;
-
+
if (vector->alg != alg)
{
continue;
}
-
+
tested++;
hasher = create(alg);
if (!hasher)
@@ -292,9 +292,9 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
failed = TRUE;
break;
}
-
+
failed = FALSE;
-
+
/* allocated hash */
data = chunk_create(vector->data, vector->len);
hasher->allocate_hash(hasher, data, &hash);
@@ -326,7 +326,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
}
}
free(hash.ptr);
-
+
hasher->destroy(hasher);
if (failed)
{
@@ -361,18 +361,18 @@ static bool test_prf(private_crypto_tester_t *this,
prf_test_vector_t *vector;
bool failed = FALSE;
u_int tested = 0;
-
+
enumerator = this->prf->create_enumerator(this->prf);
while (enumerator->enumerate(enumerator, &vector))
{
prf_t *prf;
chunk_t key, seed, out;
-
+
if (vector->alg != alg)
{
continue;
}
-
+
tested++;
prf = create(alg);
if (!prf)
@@ -382,12 +382,12 @@ static bool test_prf(private_crypto_tester_t *this,
failed = TRUE;
break;
}
-
+
failed = FALSE;
-
+
key = chunk_create(vector->key, vector->key_size);
prf->set_key(prf, key);
-
+
/* allocated bytes */
seed = chunk_create(vector->seed, vector->len);
prf->allocate_bytes(prf, seed, &out);
@@ -427,7 +427,7 @@ static bool test_prf(private_crypto_tester_t *this,
}
}
free(out.ptr);
-
+
prf->destroy(prf);
if (failed)
{
@@ -462,25 +462,25 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
rng_test_vector_t *vector;
bool failed = FALSE;
u_int tested = 0;
-
+
if (!this->rng_true && quality == RNG_TRUE)
{
DBG1("enabled %N: skipping test (disabled by config)",
rng_quality_names, quality);
return TRUE;
}
-
+
enumerator = this->rng->create_enumerator(this->rng);
while (enumerator->enumerate(enumerator, &vector))
{
rng_t *rng;
chunk_t data;
-
+
if (vector->quality != quality)
{
continue;
}
-
+
tested++;
rng = create(quality);
if (!rng)
@@ -490,9 +490,9 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
failed = TRUE;
break;
}
-
+
failed = FALSE;
-
+
/* allocated bytes */
rng->allocate_bytes(rng, vector->len, &data);
if (data.len != vector->len)
@@ -511,7 +511,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
failed = TRUE;
}
free(data.ptr);
-
+
rng->destroy(rng);
if (failed)
{
@@ -600,7 +600,7 @@ static void destroy(private_crypto_tester_t *this)
crypto_tester_t *crypto_tester_create()
{
private_crypto_tester_t *this = malloc_thing(private_crypto_tester_t);
-
+
this->public.test_crypter = (bool(*)(crypto_tester_t*, encryption_algorithm_t alg,size_t key_size, crypter_constructor_t create))test_crypter;
this->public.test_signer = (bool(*)(crypto_tester_t*, integrity_algorithm_t alg, signer_constructor_t create))test_signer;
this->public.test_hasher = (bool(*)(crypto_tester_t*, hash_algorithm_t alg, hasher_constructor_t create))test_hasher;
@@ -612,18 +612,18 @@ crypto_tester_t *crypto_tester_create()
this->public.add_prf_vector = (void(*)(crypto_tester_t*, prf_test_vector_t *vector))add_prf_vector;
this->public.add_rng_vector = (void(*)(crypto_tester_t*, rng_test_vector_t *vector))add_rng_vector;
this->public.destroy = (void(*)(crypto_tester_t*))destroy;
-
+
this->crypter = linked_list_create();
this->signer = linked_list_create();
this->hasher = linked_list_create();
this->prf = linked_list_create();
this->rng = linked_list_create();
-
+
this->required = lib->settings->get_bool(lib->settings,
"libstrongswan.crypto_test.required", FALSE);
this->rng_true = lib->settings->get_bool(lib->settings,
"libstrongswan.crypto_test.rng_true", FALSE);
-
+
return &this->public;
}
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index d2929f33d..ddcc2da51 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -109,12 +109,12 @@ struct rng_test_vector_t {
* Cryptographic primitive testing framework.
*/
struct crypto_tester_t {
-
+
/**
* Test a crypter algorithm, optionally using a specified key size.
*
* @param alg algorithm to test
- * @param key_size key size to test, 0 for all
+ * @param key_size key size to test, 0 for all
* @param create constructor function for the crypter
* @return TRUE if test passed
*/
@@ -183,14 +183,14 @@ struct crypto_tester_t {
* @param vector pointer to test vector
*/
void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector);
-
+
/**
* Add a test vector to test a RNG.
*
* @param vector pointer to test vector
*/
void (*add_rng_vector)(crypto_tester_t *this, rng_test_vector_t *vector);
-
+
/**
* Destroy a crypto_tester_t.
*/
@@ -202,4 +202,4 @@ struct crypto_tester_t {
*/
crypto_tester_t *crypto_tester_create();
-#endif /* CRYPTO_TESTER_ @}*/
+#endif /** CRYPTO_TESTER_H_ @}*/
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index a40a73526..842938c3b 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup diffie_hellman diffie_hellman
* @{ @ingroup crypto
@@ -32,7 +32,7 @@ typedef struct diffie_hellman_t diffie_hellman_t;
*
* The modulus (or group) to use for a Diffie-Hellman calculation.
* See IKEv2 RFC 3.3.2 and RFC 3526.
- *
+ *
* ECP groups are defined in RFC 4753 and RFC 5114.
*/
enum diffie_hellman_group_t {
@@ -63,39 +63,39 @@ extern enum_name_t *diffie_hellman_group_names;
* Implementation of the Diffie-Hellman algorithm, as in RFC2631.
*/
struct diffie_hellman_t {
-
+
/**
* Returns the shared secret of this diffie hellman exchange.
- *
- * Space for returned secret is allocated and must be
+ *
+ * Space for returned secret is allocated and must be
* freed by the caller.
- *
+ *
* @param secret shared secret will be written into this chunk
* @return SUCCESS, FAILED if not both DH values are set
*/
status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret);
-
+
/**
* Sets the public value of partner.
- *
+ *
* Chunk gets cloned and can be destroyed afterwards.
- *
+ *
* @param value public value of partner
*/
void (*set_other_public_value) (diffie_hellman_t *this, chunk_t value);
-
+
/**
* Gets the own public value to transmit.
- *
+ *
* Space for returned chunk is allocated and must be freed by the caller.
- *
+ *
* @param value public value of caller is stored at this location
*/
void (*get_my_public_value) (diffie_hellman_t *this, chunk_t *value);
-
+
/**
* Get the DH group used.
- *
+ *
* @return DH group set in construction
*/
diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this);
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 4d6904e47..81750a519 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -104,36 +104,46 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg)
/*
* Described in header.
*/
-int hasher_signature_algorithm_to_oid(hash_algorithm_t alg)
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
{
- int oid;
-
- switch (alg)
+ switch (key)
{
- case HASH_MD2:
- oid = OID_MD2_WITH_RSA;
- break;
- case HASH_MD5:
- oid = OID_MD5_WITH_RSA;
- break;
- case HASH_SHA1:
- oid = OID_SHA1_WITH_RSA;
- break;
- case HASH_SHA224:
- oid = OID_SHA224_WITH_RSA;
- break;
- case HASH_SHA256:
- oid = OID_SHA256_WITH_RSA;
- break;
- case HASH_SHA384:
- oid = OID_SHA384_WITH_RSA;
- break;
- case HASH_SHA512:
- oid = OID_SHA512_WITH_RSA;
- break;
+ case KEY_RSA:
+ switch (alg)
+ {
+ case HASH_MD2:
+ return OID_MD2_WITH_RSA;
+ case HASH_MD5:
+ return OID_MD5_WITH_RSA;
+ case HASH_SHA1:
+ return OID_SHA1_WITH_RSA;
+ case HASH_SHA224:
+ return OID_SHA224_WITH_RSA;
+ case HASH_SHA256:
+ return OID_SHA256_WITH_RSA;
+ case HASH_SHA384:
+ return OID_SHA384_WITH_RSA;
+ case HASH_SHA512:
+ return OID_SHA512_WITH_RSA;
+ default:
+ return OID_UNKNOWN;
+ }
+ case KEY_ECDSA:
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return OID_ECDSA_WITH_SHA1;
+ case HASH_SHA256:
+ return OID_ECDSA_WITH_SHA256;
+ case HASH_SHA384:
+ return OID_ECDSA_WITH_SHA384;
+ case HASH_SHA512:
+ return OID_ECDSA_WITH_SHA512;
+ default:
+ return OID_UNKNOWN;
+ }
default:
- oid = OID_UNKNOWN;
+ return OID_UNKNOWN;
}
- return oid;
}
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 6deed37ab..9fa043c7e 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup hasher hasher
* @{ @ingroup crypto
@@ -27,6 +27,7 @@ typedef enum hash_algorithm_t hash_algorithm_t;
typedef struct hasher_t hasher_t;
#include <library.h>
+#include <credentials/keys/public_key.h>
/**
* Algorithms to use for hashing.
@@ -35,7 +36,7 @@ enum hash_algorithm_t {
/** not specified hash function */
HASH_UNKNOWN = 0,
/** preferred hash function, general purpose */
- HASH_PREFERRED = 1,
+ HASH_PREFERRED = 1,
HASH_MD2 = 2,
HASH_MD4 = 3,
HASH_MD5 = 4,
@@ -66,43 +67,43 @@ extern enum_name_t *hash_algorithm_names;
struct hasher_t {
/**
* Hash data and write it in the buffer.
- *
+ *
* If the parameter hash is NULL, no result is written back
* and more data can be appended to already hashed data.
* If not, the result is written back and the hasher is reset.
- *
+ *
* The hash output parameter must hold at least
* hash_t.get_block_size() bytes.
- *
+ *
* @param data data to hash
* @param hash pointer where the hash will be written
*/
void (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash);
-
+
/**
* Hash data and allocate space for the hash.
- *
+ *
* If the parameter hash is NULL, no result is written back
* and more data can be appended to already hashed data.
* If not, the result is written back and the hasher is reset.
- *
+ *
* @param data chunk with data to hash
* @param hash chunk which will hold allocated hash
*/
void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
-
+
/**
* Get the size of the resulting hash.
- *
+ *
* @return hash size in bytes
*/
size_t (*get_hash_size) (hasher_t *this);
-
+
/**
* Resets the hashers state.
*/
void (*reset) (hasher_t *this);
-
+
/**
* Destroys a hasher object.
*/
@@ -111,7 +112,7 @@ struct hasher_t {
/**
* Conversion of ASN.1 OID to hash algorithm.
- *
+ *
* @param oid ASN.1 OID
* @return hash algorithm, HASH_UNKNOWN if OID unsuported
*/
@@ -119,7 +120,7 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid);
/**
* Conversion of hash algorithm into ASN.1 OID.
- *
+ *
* @param alg hash algorithm
* @return ASN.1 OID, or OID_UNKNOW
*/
@@ -127,10 +128,11 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg);
/**
* Conversion of hash signature algorithm into ASN.1 OID.
- *
+ *
* @param alg hash algorithm
+ * @param key public key type
* @return ASN.1 OID if, or OID_UNKNOW
*/
-int hasher_signature_algorithm_to_oid(hash_algorithm_t alg);
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key);
#endif /** HASHER_H_ @}*/
diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c
index 525ea9db5..e3ba0f129 100644
--- a/src/libstrongswan/crypto/pkcs9.c
+++ b/src/libstrongswan/crypto/pkcs9.c
@@ -68,7 +68,7 @@ struct attribute_t {
/**
* Destroys the attribute.
- *
+ *
* @param this attribute to destroy
*/
void (*destroy) (attribute_t *this);
@@ -78,48 +78,30 @@ struct attribute_t {
/**
* PKCS#9 attribute type OIDs
*/
-static u_char ASN1_contentType_oid_str[] = {
+static chunk_t ASN1_contentType_oid = chunk_from_chars(
0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
-};
-
-static u_char ASN1_messageDigest_oid_str[] = {
+);
+static chunk_t ASN1_messageDigest_oid = chunk_from_chars(
0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
-};
-
-static u_char ASN1_signingTime_oid_str[] = {
+);
+static chunk_t ASN1_signingTime_oid = chunk_from_chars(
0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05
-};
-
-static char ASN1_messageType_oid_str[] = {
+);
+static chunk_t ASN1_messageType_oid = chunk_from_chars(
0x06, 0x0A,
0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
-};
-
-static char ASN1_senderNonce_oid_str[] = {
+);
+static chunk_t ASN1_senderNonce_oid = chunk_from_chars(
0x06, 0x0A,
0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
-};
-
-static char ASN1_transId_oid_str[] = {
+);
+static chunk_t ASN1_transId_oid = chunk_from_chars(
0x06, 0x0A,
0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
-};
-
-static const chunk_t ASN1_contentType_oid =
- chunk_from_buf(ASN1_contentType_oid_str);
-static const chunk_t ASN1_messageDigest_oid =
- chunk_from_buf(ASN1_messageDigest_oid_str);
-static const chunk_t ASN1_signingTime_oid =
- chunk_from_buf(ASN1_signingTime_oid_str);
-static const chunk_t ASN1_messageType_oid =
- chunk_from_buf(ASN1_messageType_oid_str);
-static const chunk_t ASN1_senderNonce_oid =
- chunk_from_buf(ASN1_senderNonce_oid_str);
-static const chunk_t ASN1_transId_oid =
- chunk_from_buf(ASN1_transId_oid_str);
+);
/**
* return the ASN.1 encoded OID of a PKCS#9 attribute
@@ -243,14 +225,14 @@ static void build_encoding(private_pkcs9_t *this)
/* allocate memory for the attributes and build the encoding */
{
u_char *pos = asn1_build_object(&this->encoding, ASN1_SET, attributes_len);
-
+
iterator = this->attributes->create_iterator(this->attributes, TRUE);
while (iterator->iterate(iterator, (void**)&attribute))
{
memcpy(pos, attribute->encoding.ptr, attribute->encoding.len);
- pos += attribute->encoding.len;
- }
+ pos += attribute->encoding.len;
+ }
iterator->destroy(iterator);
}
}
@@ -346,7 +328,7 @@ static void destroy(private_pkcs9_t *this)
static private_pkcs9_t *pkcs9_create_empty(void)
{
private_pkcs9_t *this = malloc_thing(private_pkcs9_t);
-
+
/* initialize */
this->encoding = chunk_empty;
this->attributes = linked_list_create();
@@ -428,7 +410,7 @@ static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
if (type != ASN1_EOC)
{
- if (!asn1_parse_simple_object(&object, type,
+ if (!asn1_parse_simple_object(&object, type,
parser->get_level(parser)+1,
oid_names[oid].name))
{
@@ -452,7 +434,7 @@ end:
pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level)
{
private_pkcs9_t *this = pkcs9_create_empty();
-
+
this->encoding = chunk_clone(chunk);
if (!parse_attributes(chunk, level, this))
diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
index 80d915701..5b85692d6 100644
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup pkcs9 pkcs9
* @{ @ingroup crypto
@@ -29,7 +29,7 @@ typedef struct pkcs9_t pkcs9_t;
* PKCS#9 attributes.
*/
struct pkcs9_t {
-
+
/**
* Generate ASN.1 encoding of attribute list
*/
@@ -54,7 +54,7 @@ struct pkcs9_t {
* Adds a PKCS#9 attribute
*
* @param oid OID of the attribute
- * @param value ASN.1 encoded value of the attribute
+ * @param value ASN.1 encoded value of the attribute
*/
void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value);
@@ -68,7 +68,7 @@ struct pkcs9_t {
/**
* Add a PKCS#9 messageDigest attribute
*
- * @param value messageDigest
+ * @param value messageDigest
*/
void (*set_messageDigest) (pkcs9_t *this, chunk_t value);
@@ -80,7 +80,7 @@ struct pkcs9_t {
/**
* Read a PKCS#9 attribute list from a DER encoded chunk.
- *
+ *
* @param chunk chunk containing DER encoded data
* @param level ASN.1 parsing start level
* @return created pkcs9 attribute list, or NULL if invalid.
@@ -89,7 +89,7 @@ pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level);
/**
* Create an empty PKCS#9 attribute list
- *
+ *
* @return created pkcs9 attribute list.
*/
pkcs9_t *pkcs9_create(void);
diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index a4fc377ef..6bd0f7465 100644
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -22,34 +22,34 @@ typedef struct private_prf_plus_t private_prf_plus_t;
/**
* Private data of an prf_plus_t object.
- *
+ *
*/
struct private_prf_plus_t {
/**
* Public interface of prf_plus_t.
*/
prf_plus_t public;
-
+
/**
* PRF to use.
*/
prf_t *prf;
-
+
/**
* Initial seed.
*/
chunk_t seed;
-
+
/**
* Buffer to store current PRF result.
*/
chunk_t buffer;
-
+
/**
* Already given out bytes in current buffer.
*/
size_t given_out;
-
+
/**
* Octet which will be appended to the seed.
*/
@@ -60,18 +60,18 @@ struct private_prf_plus_t {
* Implementation of prf_plus_t.get_bytes.
*/
static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer)
-{
+{
chunk_t appending_chunk;
size_t bytes_in_round;
size_t total_bytes_written = 0;
-
+
appending_chunk.ptr = &(this->appending_octet);
appending_chunk.len = 1;
-
+
while (length > 0)
{ /* still more to do... */
if (this->buffer.len == this->given_out)
- { /* no bytes left in buffer, get next*/
+ { /* no bytes left in buffer, get next*/
this->prf->get_bytes(this->prf, this->buffer, NULL);
this->prf->get_bytes(this->prf, this->seed, NULL);
this->prf->get_bytes(this->prf, appending_chunk, this->buffer.ptr);
@@ -82,7 +82,7 @@ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer)
bytes_in_round = min(length, this->buffer.len - this->given_out);
/* copy bytes from buffer with offset */
memcpy(buffer + total_bytes_written, this->buffer.ptr + this->given_out, bytes_in_round);
-
+
length -= bytes_in_round;
this->given_out += bytes_in_round;
total_bytes_written += bytes_in_round;
@@ -91,7 +91,7 @@ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer)
/**
* Implementation of prf_plus_t.allocate_bytes.
- */
+ */
static void allocate_bytes(private_prf_plus_t *this, size_t length, chunk_t *chunk)
{
if (length)
@@ -123,23 +123,23 @@ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed)
{
private_prf_plus_t *this;
chunk_t appending_chunk;
-
+
this = malloc_thing(private_prf_plus_t);
/* set public methods */
this->public.get_bytes = (void (*)(prf_plus_t *,size_t,u_int8_t*))get_bytes;
this->public.allocate_bytes = (void (*)(prf_plus_t *,size_t,chunk_t*))allocate_bytes;
this->public.destroy = (void (*)(prf_plus_t *))destroy;
-
+
/* take over prf */
this->prf = prf;
-
+
/* allocate buffer for prf output */
this->buffer.len = prf->get_block_size(prf);
this->buffer.ptr = malloc(this->buffer.len);
this->appending_octet = 0x01;
-
+
/* clone seed */
this->seed.ptr = clalloc(seed.ptr, seed.len);
this->seed.len = seed.len;
@@ -151,6 +151,6 @@ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed)
this->prf->get_bytes(this->prf, appending_chunk, this->buffer.ptr);
this->given_out = 0;
this->appending_octet++;
-
+
return &(this->public);
}
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h
index 2e5b66152..4179f2695 100644
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup prf_plus prf_plus
* @{ @ingroup crypto
@@ -36,26 +36,26 @@ typedef struct prf_plus_t prf_plus_t;
struct prf_plus_t {
/**
* Get pseudo random bytes.
- *
+ *
* Get the next few bytes of the prf+ output. Space
* must be allocated by the caller.
- *
+ *
* @param length number of bytes to get
* @param buffer pointer where the generated bytes will be written
*/
void (*get_bytes) (prf_plus_t *this, size_t length, u_int8_t *buffer);
-
+
/**
* Allocate pseudo random bytes.
- *
+ *
* Get the next few bytes of the prf+ output. This function
* will allocate the required space.
- *
+ *
* @param length number of bytes to get
* @param chunk chunk which will hold generated bytes
*/
void (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk);
-
+
/**
* Destroys a prf_plus_t object.
*/
@@ -64,11 +64,11 @@ struct prf_plus_t {
/**
* Creates a new prf_plus_t object.
- *
+ *
* Seed will be cloned. prf will
* not be cloned, must be destroyed outside after
* prf_plus_t usage.
- *
+ *
* @param prf prf object to use
* @param seed input seed for prf
* @return prf_plus_t object
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index f2a5afc45..6e853444f 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup prf prf
* @{ @ingroup crypto
@@ -55,7 +55,7 @@ enum pseudo_random_function_t {
PRF_FIPS_SHA1_160 = 1025,
/** FIPS 186-2-change1, uses fixed output size of 160bit */
PRF_FIPS_DES = 1026,
- /**
+ /**
* Keyed hash algorithm using SHA1, used in EAP-AKA:
* This PRF uses SHA1, but XORs the key into the IV. No "Final()" operation
* is applied to the SHA1 state. */
@@ -78,39 +78,39 @@ struct prf_t {
* @param buffer pointer where the generated bytes will be written
*/
void (*get_bytes) (prf_t *this, chunk_t seed, u_int8_t *buffer);
-
+
/**
* Generates pseudo random bytes and allocate space for them.
- *
+ *
* @param seed a chunk containing the seed for the next bytes
* @param chunk chunk which will hold generated bytes
*/
void (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk);
-
+
/**
* Get the block size of this prf_t object.
- *
+ *
* @return block size in bytes
*/
size_t (*get_block_size) (prf_t *this);
-
+
/**
* Get the key size of this prf_t object.
*
* This is a suggestion only, all implemented PRFs accept variable key
* length.
- *
+ *
* @return key size in bytes
*/
size_t (*get_key_size) (prf_t *this);
-
+
/**
* Set the key for this prf_t object.
- *
+ *
* @param key key to set
*/
void (*set_key) (prf_t *this, chunk_t key);
-
+
/**
* Destroys a prf object.
*/
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 14321e070..75816e8b3 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -56,15 +56,15 @@ struct proposal_token {
char *name;
transform_type_t type;
u_int16_t algorithm;
- u_int16_t keysize;
+ u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 87
+#define TOTAL_KEYWORDS 89
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 12
#define MIN_HASH_VALUE 4
-#define MAX_HASH_VALUE 129
-/* maximum key range = 126, duplicates = 0 */
+#define MAX_HASH_VALUE 123
+/* maximum key range = 120, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 11,
- 2, 15, 5, 27, 21, 8, 5, 0, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 39, 130, 24, 0, 1,
- 8, 2, 50, 0, 9, 53, 130, 130, 0, 130,
- 42, 0, 130, 130, 5, 9, 34, 4, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
- 130, 130, 130, 130, 130, 130, 130
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 11,
+ 2, 23, 5, 27, 21, 8, 5, 0, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 22, 124, 24, 0, 1,
+ 8, 2, 50, 0, 11, 54, 124, 124, 0, 124,
+ 42, 0, 124, 124, 5, 9, 34, 6, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
+ 124, 124, 124, 124, 124, 124, 124
};
register int hval = len;
@@ -197,31 +197,33 @@ static const struct proposal_token wordlist[] =
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
{"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
{"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
{"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
{"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
{"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
{"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
{"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
{"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
- {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}
};
static const short lookup[] =
@@ -231,11 +233,10 @@ static const short lookup[] =
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1,
30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
- 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, -1,
- 71, -1, 72, -1, 73, -1, 74, 75, 76, 77, 78, -1, -1, 79,
- -1, -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, -1, -1, 81,
- -1, -1, -1, -1, -1, -1, 82, 83, 84, -1, 85, -1, -1, -1,
- -1, -1, -1, 86
+ 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, -1, 70,
+ 71, 72, -1, -1, 73, 74, 75, 76, 77, -1, 78, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 79, 80, -1, -1, -1, -1, -1, 81,
+ 82, 83, -1, 84, -1, -1, -1, 85, -1, 86, 87, 88
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index 86cb7ef09..53fa1728f 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -21,10 +21,10 @@
typedef struct proposal_token proposal_token_t;
struct proposal_token {
- char *name;
- transform_type_t type;
+ char *name;
+ transform_type_t type;
u_int16_t algorithm;
- u_int16_t keysize;
+ u_int16_t keysize;
};
extern const proposal_token_t* proposal_get_token(register const char *str,
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 511fdd50a..139d689ca 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -26,7 +26,7 @@ struct proposal_token {
char *name;
transform_type_t type;
u_int16_t algorithm;
- u_int16_t keysize;
+ u_int16_t keysize;
};
%%
null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
@@ -96,6 +96,8 @@ sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
+sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h
index 89bc2f2de..36ef52bb4 100644
--- a/src/libstrongswan/crypto/rngs/rng.h
+++ b/src/libstrongswan/crypto/rngs/rng.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup rng rng
* @{ @ingroup crypto
@@ -55,15 +55,15 @@ struct rng_t {
* @param buffer pointer where the generated bytes will be written
*/
void (*get_bytes) (rng_t *this, size_t len, u_int8_t *buffer);
-
+
/**
* Generates random bytes and allocate space for them.
- *
+ *
* @param len number of bytes to get
* @param chunk chunk which will hold generated bytes
*/
void (*allocate_bytes) (rng_t *this, size_t len, chunk_t *chunk);
-
+
/**
* Destroys a rng object.
*/
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 1147e1f26..e98916bfe 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -16,10 +16,11 @@
#include "signer.h"
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
"UNDEFINED",
- "HMAC_SHA1_128");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128,
+ "HMAC_SHA1_128",
+ "HMAC_SHA2_256_96");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
"HMAC_MD5_96",
"HMAC_SHA1_96",
"DES_MAC",
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 0d9bfc5af..94e8c99b9 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup signer signer
* @{ @ingroup crypto
@@ -64,6 +64,8 @@ enum integrity_algorithm_t {
AUTH_HMAC_SHA2_512_256 = 14,
/** private use */
AUTH_HMAC_SHA1_128 = 1025,
+ /** SHA256 96 bit truncation variant, supported by Linux kernels */
+ AUTH_HMAC_SHA2_256_96 = 1026,
};
/**
@@ -80,53 +82,53 @@ struct signer_t {
*
* If buffer is NULL, data is processed and prepended to a next call until
* buffer is a valid pointer.
- *
+ *
* @param data a chunk containing the data to sign
* @param buffer pointer where the signature will be written
*/
void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
-
+
/**
* Generate a signature and allocate space for it.
*
* If chunk is NULL, data is processed and prepended to a next call until
* chunk is a valid chunk pointer.
- *
+ *
* @param data a chunk containing the data to sign
* @param chunk chunk which will hold the allocated signature
*/
void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
-
+
/**
* Verify a signature.
- *
+ *
* @param data a chunk containing the data to verify
* @param signature a chunk containing the signature
* @return TRUE, if signature is valid, FALSE otherwise
*/
bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
-
+
/**
* Get the block size of this signature algorithm.
- *
+ *
* @return block size in bytes
*/
size_t (*get_block_size) (signer_t *this);
-
+
/**
* Get the key size of the signature algorithm.
- *
+ *
* @return key size in bytes
*/
size_t (*get_key_size) (signer_t *this);
-
+
/**
* Set the key for this object.
- *
+ *
* @param key key to set
*/
void (*set_key) (signer_t *this, chunk_t key);
-
+
/**
* Destroys a signer_t object.
*/