summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/gcrypt
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:14:02 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:14:02 +0000
commit7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (patch)
tree3291beffa55649f9be28b4a98a7d503d334fbcf2 /src/libstrongswan/plugins/gcrypt
parent41787e147279ff0695e9d759487266a60b80867b (diff)
downloadvyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.tar.gz
vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.4)
Diffstat (limited to 'src/libstrongswan/plugins/gcrypt')
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.am2
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c3
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c4
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c61
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c14
6 files changed, 68 insertions, 23 deletions
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am
index 72cc409fc..7394676e2 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.am
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.am
@@ -13,5 +13,5 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
gcrypt_crypter.h gcrypt_crypter.c \
gcrypt_hasher.h gcrypt_hasher.c
-libstrongswan_gcrypt_la_LDFLAGS = -module
+libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version
libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS)
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 49994c593..e3d27f7f8 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -77,12 +77,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -147,6 +149,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -187,7 +190,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -232,7 +237,7 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
gcrypt_crypter.h gcrypt_crypter.c \
gcrypt_hasher.h gcrypt_hasher.c
-libstrongswan_gcrypt_la_LDFLAGS = -module
+libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version
libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS)
all: all-am
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index 785ebda90..41e17c897 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -116,6 +116,9 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
case HASH_SHA1:
gcrypt_alg = GCRY_MD_SHA1;
break;
+ case HASH_SHA224:
+ gcrypt_alg = GCRY_MD_SHA224;
+ break;
case HASH_SHA256:
gcrypt_alg = GCRY_MD_SHA256;
break;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 547329dde..939e0886c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -47,7 +47,7 @@ struct private_gcrypt_plugin_t {
*/
static int mutex_init(void **lock)
{
- *lock = mutex_create(MUTEX_DEFAULT);
+ *lock = mutex_create(MUTEX_TYPE_DEFAULT);
return 0;
}
@@ -148,6 +148,8 @@ plugin_t *plugin_create()
(hasher_constructor_t)gcrypt_hasher_create);
lib->crypto->add_hasher(lib->crypto, HASH_MD5,
(hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA224,
+ (hasher_constructor_t)gcrypt_hasher_create);
lib->crypto->add_hasher(lib->crypto, HASH_SHA256,
(hasher_constructor_t)gcrypt_hasher_create);
lib->crypto->add_hasher(lib->crypto, HASH_SHA384,
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 611ab2467..e0e8015db 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -61,12 +61,14 @@ struct private_gcrypt_rsa_private_key_t {
public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key);
/**
- * find a token in a S-expression
+ * find a token in a S-expression. If a key is given, its length is used to
+ * pad the output to a given length.
*/
-chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name)
+chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key)
{
gcry_sexp_t token;
- chunk_t data = chunk_empty;
+ chunk_t data = chunk_empty, tmp;
+ size_t len = 0;
token = gcry_sexp_find_token(sexp, name, 1);
if (token)
@@ -76,7 +78,36 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name)
{
data.len = 0;
}
- data = chunk_clone(data);
+ else
+ {
+ if (key)
+ {
+ /* gcrypt might return more bytes than necessary. Truncate
+ * to key lenght if key given, or prepend zeros if needed */
+ len = gcry_pk_get_nbits(key);
+ len = len / 8 + (len % 8 ? 1 : 0);
+ if (len > data.len)
+ {
+ tmp = chunk_alloc(len);
+ len -= data.len;
+ memset(tmp.ptr, 0, tmp.len - len);
+ memcpy(tmp.ptr + len, data.ptr, data.len);
+ data = tmp;
+ }
+ else if (len < data.len)
+ {
+ data = chunk_clone(chunk_skip(data, data.len - len));
+ }
+ else
+ {
+ data = chunk_clone(data);
+ }
+ }
+ else
+ {
+ data = chunk_clone(data);
+ }
+ }
gcry_sexp_release(token);
}
return data;
@@ -124,7 +155,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
return FALSE;
}
- *signature = gcrypt_rsa_find_token(out, "s");
+ *signature = gcrypt_rsa_find_token(out, "s", this->key);
gcry_sexp_release(out);
return !!signature->len;
}
@@ -170,7 +201,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
return FALSE;
}
- *signature = gcrypt_rsa_find_token(out, "s");
+ *signature = gcrypt_rsa_find_token(out, "s", this->key);
gcry_sexp_release(out);
return !!signature->len;
}
@@ -195,6 +226,8 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche
return sign_raw(this, data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA1:
return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA224:
+ return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA256:
return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA384:
@@ -353,9 +386,9 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
gcry_error_t err;
/* p and q are swapped, gcrypt expects p < q */
- cp = gcrypt_rsa_find_token(this->key, "q");
- cq = gcrypt_rsa_find_token(this->key, "p");
- cd = gcrypt_rsa_find_token(this->key, "d");
+ cp = gcrypt_rsa_find_token(this->key, "q", NULL);
+ cq = gcrypt_rsa_find_token(this->key, "p", NULL);
+ cd = gcrypt_rsa_find_token(this->key, "d", NULL);
err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL)
| gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL)
@@ -401,14 +434,14 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
}
return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0,
- asn1_integer("m", gcrypt_rsa_find_token(this->key, "n")),
- asn1_integer("m", gcrypt_rsa_find_token(this->key, "e")),
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)),
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)),
asn1_integer("m", cd),
asn1_integer("m", cp),
asn1_integer("m", cq),
asn1_integer("m", cexp1),
asn1_integer("m", cexp2),
- asn1_integer("m", gcrypt_rsa_find_token(this->key, "u")));
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "u", NULL)));
}
/**
@@ -477,8 +510,8 @@ bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
return FALSE;
}
publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_integer("m", gcrypt_rsa_find_token(key, "n")),
- asn1_integer("m", gcrypt_rsa_find_token(key, "e")));
+ asn1_integer("m", gcrypt_rsa_find_token(key, "n", NULL)),
+ asn1_integer("m", gcrypt_rsa_find_token(key, "e", NULL)));
hasher->allocate_hash(hasher, publicKey, &hash);
*keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
chunk_free(&hash);
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 8024f58a7..4d9c88c6d 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -60,7 +60,7 @@ struct private_gcrypt_rsa_public_key_t {
/**
* Implemented in gcrypt_rsa_private_key.c
*/
-chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name);
+chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key);
bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
identification_t **keyid_info);
@@ -188,6 +188,8 @@ static bool verify(private_gcrypt_rsa_public_key_t *this,
return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA1:
return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA224:
+ return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA256:
return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA384:
@@ -226,7 +228,7 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
DBG1("encrypting data using pkcs1 failed: %s", gpg_strerror(err));
return FALSE;
}
- *encrypted = gcrypt_rsa_find_token(out, "a");
+ *encrypted = gcrypt_rsa_find_token(out, "a", this->key);
gcry_sexp_release(out);
return !!encrypted->len;
}
@@ -290,8 +292,8 @@ static identification_t *get_id(private_gcrypt_rsa_public_key_t *this,
static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this)
{
return asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_integer("m", gcrypt_rsa_find_token(this->key, "n")),
- asn1_integer("m", gcrypt_rsa_find_token(this->key, "e")));
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)),
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)));
}
/**
@@ -352,8 +354,8 @@ public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key)
chunk_t n, e;
this = gcrypt_rsa_public_key_create_empty();
- n = gcrypt_rsa_find_token(key, "n");
- e = gcrypt_rsa_find_token(key, "e");
+ n = gcrypt_rsa_find_token(key, "n", NULL);
+ e = gcrypt_rsa_find_token(key, "e", NULL);
err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))",
n.len, n.ptr, e.len, e.ptr);