diff options
Diffstat (limited to 'src/libstrongswan/crypto')
20 files changed, 916 insertions, 613 deletions
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 35dcf25ac..bab59a06f 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -1,7 +1,8 @@ /* * Copyright (C) 2013-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -51,6 +52,7 @@ struct entry_t { signer_constructor_t create_signer; hasher_constructor_t create_hasher; prf_constructor_t create_prf; + xof_constructor_t create_xof; rng_constructor_t create_rng; nonce_gen_constructor_t create_nonce_gen; dh_constructor_t create_dh; @@ -96,6 +98,11 @@ struct private_crypto_factory_t { linked_list_t *prfs; /** + * registered xofs, as entry_t + */ + linked_list_t *xofs; + + /** * registered rngs, as entry_t */ linked_list_t *rngs; @@ -303,6 +310,38 @@ METHOD(crypto_factory_t, create_prf, prf_t*, return prf; } +METHOD(crypto_factory_t, create_xof, xof_t*, + private_crypto_factory_t *this, ext_out_function_t algo) +{ + enumerator_t *enumerator; + entry_t *entry; + xof_t *xof = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->xofs->create_enumerator(this->xofs); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->algo == algo) + { + if (this->test_on_create && + !this->tester->test_xof(this->tester, algo, + entry->create_xof, NULL, + default_plugin_name)) + { + continue; + } + xof = entry->create_xof(algo); + if (xof) + { + break; + } + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return xof; +} + METHOD(crypto_factory_t, create_rng, rng_t*, private_crypto_factory_t *this, rng_quality_t quality) { @@ -633,6 +672,43 @@ METHOD(crypto_factory_t, remove_prf, void, this->lock->unlock(this->lock); } +METHOD(crypto_factory_t, add_xof, bool, + private_crypto_factory_t *this, ext_out_function_t algo, + const char *plugin_name, xof_constructor_t create) +{ + u_int speed = 0; + + if (!this->test_on_add || + this->tester->test_xof(this->tester, algo, create, + this->bench ? &speed : NULL, plugin_name)) + { + add_entry(this, this->xofs, algo, plugin_name, speed, create); + return TRUE; + } + this->test_failures++; + return FALSE; +} + +METHOD(crypto_factory_t, remove_xof, void, + private_crypto_factory_t *this, xof_constructor_t create) +{ + entry_t *entry; + enumerator_t *enumerator; + + this->lock->write_lock(this->lock); + enumerator = this->xofs->create_enumerator(this->xofs); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->create_xof == create) + { + this->xofs->remove_at(this->xofs, enumerator); + free(entry); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + METHOD(crypto_factory_t, add_rng, bool, private_crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create) @@ -846,6 +922,23 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, } /** + * Filter function to enumerate algorithm, not entry + */ +static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo, + void *i2, const char **plugin_name) +{ + *algo = (*entry)->algo; + *plugin_name = (*entry)->plugin_name; + return TRUE; +} + +METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*, + private_crypto_factory_t *this) +{ + return create_enumerator(this, this->xofs, xof_filter); +} + +/** * Filter function to enumerate group, not entry */ static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, @@ -909,6 +1002,8 @@ METHOD(crypto_factory_t, add_test_vector, void, return this->tester->add_hasher_vector(this->tester, vector); case PSEUDO_RANDOM_FUNCTION: return this->tester->add_prf_vector(this->tester, vector); + case EXTENDED_OUTPUT_FUNCTION: + return this->tester->add_xof_vector(this->tester, vector); case RANDOM_NUMBER_GENERATOR: return this->tester->add_rng_vector(this->tester, vector); case DIFFIE_HELLMAN_GROUP: @@ -961,6 +1056,10 @@ METHOD(enumerator_t, verify_enumerate, bool, *valid = this->tester->test_prf(this->tester, entry->algo, entry->create_prf, NULL, entry->plugin_name); break; + case EXTENDED_OUTPUT_FUNCTION: + *valid = this->tester->test_xof(this->tester, entry->algo, + entry->create_xof, NULL, entry->plugin_name); + break; case RANDOM_NUMBER_GENERATOR: *valid = this->tester->test_rng(this->tester, entry->algo, entry->create_rng, NULL, entry->plugin_name); @@ -1009,6 +1108,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*, case PSEUDO_RANDOM_FUNCTION: inner = this->prfs->create_enumerator(this->prfs); break; + case EXTENDED_OUTPUT_FUNCTION: + inner = this->xofs->create_enumerator(this->xofs); + break; case RANDOM_NUMBER_GENERATOR: inner = this->rngs->create_enumerator(this->rngs); break; @@ -1040,6 +1142,7 @@ METHOD(crypto_factory_t, destroy, void, this->signers->destroy(this->signers); this->hashers->destroy(this->hashers); this->prfs->destroy(this->prfs); + this->xofs->destroy(this->xofs); this->rngs->destroy(this->rngs); this->nonce_gens->destroy(this->nonce_gens); this->dhs->destroy(this->dhs); @@ -1062,6 +1165,7 @@ crypto_factory_t *crypto_factory_create() .create_signer = _create_signer, .create_hasher = _create_hasher, .create_prf = _create_prf, + .create_xof = _create_xof, .create_rng = _create_rng, .create_nonce_gen = _create_nonce_gen, .create_dh = _create_dh, @@ -1075,6 +1179,8 @@ crypto_factory_t *crypto_factory_create() .remove_hasher = _remove_hasher, .add_prf = _add_prf, .remove_prf = _remove_prf, + .add_xof = _add_xof, + .remove_xof = _remove_xof, .add_rng = _add_rng, .remove_rng = _remove_rng, .add_nonce_gen = _add_nonce_gen, @@ -1086,6 +1192,7 @@ crypto_factory_t *crypto_factory_create() .create_signer_enumerator = _create_signer_enumerator, .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, + .create_xof_enumerator = _create_xof_enumerator, .create_dh_enumerator = _create_dh_enumerator, .create_rng_enumerator = _create_rng_enumerator, .create_nonce_gen_enumerator = _create_nonce_gen_enumerator, @@ -1098,6 +1205,7 @@ crypto_factory_t *crypto_factory_create() .signers = linked_list_create(), .hashers = linked_list_create(), .prfs = linked_list_create(), + .xofs = linked_list_create(), .rngs = linked_list_create(), .nonce_gens = linked_list_create(), .dhs = linked_list_create(), diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index e03915603..4f61ba1fc 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -1,6 +1,7 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -31,6 +32,7 @@ typedef struct crypto_factory_t crypto_factory_t; #include <crypto/hashers/hasher.h> #include <crypto/prfs/prf.h> #include <crypto/rngs/rng.h> +#include <crypto/xofs/xof.h> #include <crypto/nonce_gen.h> #include <crypto/diffie_hellman.h> #include <crypto/transform.h> @@ -63,6 +65,11 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo); typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo); /** + * Constructor function for pseudo random functions + */ +typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo); + +/** * Constructor function for source of randomness */ typedef rng_t* (*rng_constructor_t)(rng_quality_t quality); @@ -133,6 +140,14 @@ struct crypto_factory_t { prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo); /** + * Create an extended output function instance. + * + * @param algo XOF algorithm to use + * @return xof_t instance, NULL if not supported + */ + xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo); + + /** * Create a source of randomness. * * @param quality required randomness quality @@ -253,6 +268,24 @@ struct crypto_factory_t { void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create); /** + * Register an xof constructor. + * + * @param algo algorithm to constructor + * @param plugin_name plugin that registered this algorithm + * @param create constructor function for that algorithm + * @return TRUE if registered, FALSE if test vector failed + */ + bool (*add_xof)(crypto_factory_t *this, ext_out_function_t algo, + const char *plugin_name, xof_constructor_t create); + + /** + * Unregister an xof constructor. + * + * @param create constructor function to unregister + */ + void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create); + + /** * Register a source of randomness. * * @param quality quality of randomness this RNG serves @@ -342,6 +375,13 @@ struct crypto_factory_t { enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this); /** + * Create an enumerator over all registered XOFs. + * + * @return enumerator over ext_out_function_t, plugin + */ + enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this); + + /** * Create an enumerator over all registered diffie hellman groups. * * @return enumerator over diffie_hellman_group_t, plugin diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 5607d35b9..e86e7ae76 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -63,6 +63,11 @@ struct private_crypto_tester_t { linked_list_t *prf; /** + * List of XOF test vectors + */ + linked_list_t *xof; + + /** * List of RNG test vectors */ linked_list_t *rng; @@ -1035,6 +1040,146 @@ failure: } /** + * Benchmark an XOF + */ +static u_int bench_xof(private_crypto_tester_t *this, + ext_out_function_t alg, xof_constructor_t create) +{ + xof_t *xof; + + xof = create(alg); + if (xof) + { + char seed[xof->get_seed_size(xof)]; + char bytes[xof->get_block_size(xof)]; + struct timespec start; + u_int runs; + + memset(seed, 0x56, xof->get_seed_size(xof)); + if (!xof->set_seed(xof, chunk_create(seed, xof->get_seed_size(xof)))) + { + xof->destroy(xof); + return 0; + } + + runs = 0; + start_timing(&start); + while (end_timing(&start) < this->bench_time) + { + if (xof->get_bytes(xof, xof->get_block_size(xof), bytes)) + { + runs++; + } + } + xof->destroy(xof); + + return runs; + } + return 0; +} + +METHOD(crypto_tester_t, test_xof, bool, + private_crypto_tester_t *this, ext_out_function_t alg, + xof_constructor_t create, u_int *speed, const char *plugin_name) +{ + enumerator_t *enumerator; + xof_test_vector_t *vector; + bool failed = FALSE; + u_int tested = 0; + + enumerator = this->xof->create_enumerator(this->xof); + while (enumerator->enumerate(enumerator, &vector)) + { + xof_t *xof; + chunk_t seed, out = chunk_empty; + + if (vector->alg != alg) + { + continue; + } + + tested++; + failed = TRUE; + xof = create(alg); + if (!xof) + { + DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", + ext_out_function_names, alg, plugin_name); + break; + } + + seed = chunk_create(vector->seed, vector->len); + if (!xof->set_seed(xof, seed)) + { + goto failure; + } + /* allocated bytes */ + if (!xof->allocate_bytes(xof, vector->out_len, &out)) + { + goto failure; + } + if (out.len != vector->out_len) + { + goto failure; + } + if (!memeq(vector->out, out.ptr, out.len)) + { + goto failure; + } + /* bytes to existing buffer */ + memset(out.ptr, 0, out.len); + if (!xof->set_seed(xof, seed)) + { + goto failure; + } + if (!xof->get_bytes(xof, vector->out_len, out.ptr)) + { + goto failure; + } + if (!memeq(vector->out, out.ptr, vector->out_len)) + { + goto failure; + } + /* bytes to existing buffer, using append mode */ + /* TODO */ + + failed = FALSE; +failure: + xof->destroy(xof); + chunk_free(&out); + if (failed) + { + DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", + ext_out_function_names, alg, plugin_name, get_name(vector)); + break; + } + } + enumerator->destroy(enumerator); + if (!tested) + { + DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", + this->required ? "disabled" : "enabled ", + ext_out_function_names, alg, plugin_name); + return !this->required; + } + if (!failed) + { + if (speed) + { + *speed = bench_xof(this, alg, create); + DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", + ext_out_function_names, alg, plugin_name, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", + ext_out_function_names, alg, plugin_name, tested); + } + } + return !failed; +} + +/** * Benchmark a RNG */ static u_int bench_rng(private_crypto_tester_t *this, @@ -1338,6 +1483,12 @@ METHOD(crypto_tester_t, add_prf_vector, void, this->prf->insert_last(this->prf, vector); } +METHOD(crypto_tester_t, add_xof_vector, void, + private_crypto_tester_t *this, xof_test_vector_t *vector) +{ + this->xof->insert_last(this->xof, vector); +} + METHOD(crypto_tester_t, add_rng_vector, void, private_crypto_tester_t *this, rng_test_vector_t *vector) { @@ -1358,6 +1509,7 @@ METHOD(crypto_tester_t, destroy, void, this->signer->destroy(this->signer); this->hasher->destroy(this->hasher); this->prf->destroy(this->prf); + this->xof->destroy(this->xof); this->rng->destroy(this->rng); this->dh->destroy(this->dh); free(this); @@ -1377,6 +1529,7 @@ crypto_tester_t *crypto_tester_create() .test_signer = _test_signer, .test_hasher = _test_hasher, .test_prf = _test_prf, + .test_xof = _test_xof, .test_rng = _test_rng, .test_dh = _test_dh, .add_crypter_vector = _add_crypter_vector, @@ -1384,6 +1537,7 @@ crypto_tester_t *crypto_tester_create() .add_signer_vector = _add_signer_vector, .add_hasher_vector = _add_hasher_vector, .add_prf_vector = _add_prf_vector, + .add_xof_vector = _add_xof_vector, .add_rng_vector = _add_rng_vector, .add_dh_vector = _add_dh_vector, .destroy = _destroy, @@ -1393,6 +1547,7 @@ crypto_tester_t *crypto_tester_create() .signer = linked_list_create(), .hasher = linked_list_create(), .prf = linked_list_create(), + .xof = linked_list_create(), .rng = linked_list_create(), .dh = linked_list_create(), diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 6cc9b0d57..34dfa9489 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -30,6 +30,7 @@ typedef struct aead_test_vector_t aead_test_vector_t; typedef struct signer_test_vector_t signer_test_vector_t; typedef struct hasher_test_vector_t hasher_test_vector_t; typedef struct prf_test_vector_t prf_test_vector_t; +typedef struct xof_test_vector_t xof_test_vector_t; typedef struct rng_test_vector_t rng_test_vector_t; typedef struct dh_test_vector_t dh_test_vector_t; @@ -114,6 +115,19 @@ struct prf_test_vector_t { u_char *out; }; +struct xof_test_vector_t { + /** xof algorithm this test vector tests */ + ext_out_function_t alg; + /** size of the seed data */ + size_t len; + /** seed data */ + u_char *seed; + /** size of the output */ + size_t out_len; + /** expected output of size*/ + u_char *out; +}; + /** * Test vector for a RNG. * @@ -217,6 +231,17 @@ struct crypto_tester_t { prf_constructor_t create, u_int *speed, const char *plugin_name); /** + * Test an XOF algorithm. + * + * @param alg algorithm to test + * @param create constructor function for the XOF + * @param speed speed test result, NULL to omit + * @return TRUE if test passed + */ + bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg, + xof_constructor_t create, + u_int *speed, const char *plugin_name); + /** * Test a RNG implementation. * * @param alg algorithm to test @@ -275,6 +300,13 @@ struct crypto_tester_t { void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector); /** + * Add a test vector to test an XOF. + * + * @param vector pointer to test vector + */ + void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector); + + /** * Add a test vector to test a RNG. * * @param vector pointer to test vector diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 0d4cd9109..6dcb6cb33 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -49,7 +49,9 @@ ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL, "NTRU_128", "NTRU_192", "NTRU_256"); -ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT, +ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT, + "NEWHOPE_128"); +ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT, "MODP_CUSTOM"); ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); @@ -554,6 +556,7 @@ bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value) case NTRU_128_BIT: case NTRU_192_BIT: case NTRU_256_BIT: + case NH_128_BIT: /* verification currently not supported, do in plugin */ valid = FALSE; break; diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index abebd66ad..f457153c9 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -68,6 +68,7 @@ enum diffie_hellman_group_t { NTRU_128_BIT = 1031, NTRU_192_BIT = 1032, NTRU_256_BIT = 1033, + NH_128_BIT = 1040, /** internally used DH group with additional parameters g and p, outside * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */ MODP_CUSTOM = 65536, diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index e220593d4..d136799d7 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid) case OID_SHA512_WITH_RSA: return HASH_SHA512; case OID_SHA3_224: + case OID_RSASSA_PKCS1V15_WITH_SHA3_224: return HASH_SHA3_224; case OID_SHA3_256: + case OID_RSASSA_PKCS1V15_WITH_SHA3_256: return HASH_SHA3_256; case OID_SHA3_384: + case OID_RSASSA_PKCS1V15_WITH_SHA3_384: return HASH_SHA3_384; case OID_SHA3_512: + case OID_RSASSA_PKCS1V15_WITH_SHA3_512: return HASH_SHA3_512; default: return HASH_UNKNOWN; @@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) return OID_SHA384_WITH_RSA; case HASH_SHA512: return OID_SHA512_WITH_RSA; + case HASH_SHA3_224: + return OID_RSASSA_PKCS1V15_WITH_SHA3_224; + case HASH_SHA3_256: + return OID_RSASSA_PKCS1V15_WITH_SHA3_256; + case HASH_SHA3_384: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; + case HASH_SHA3_512: + return OID_RSASSA_PKCS1V15_WITH_SHA3_512; default: return OID_UNKNOWN; } @@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_SHA1: case SIGN_ECDSA_WITH_SHA1_DER: return HASH_SHA1; - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return HASH_SHA224; - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: case SIGN_ECDSA_WITH_SHA256_DER: case SIGN_ECDSA_256: case SIGN_BLISS_WITH_SHA2_256: return HASH_SHA256; - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: case SIGN_ECDSA_WITH_SHA384_DER: case SIGN_ECDSA_384: case SIGN_BLISS_WITH_SHA2_384: return HASH_SHA384; - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: case SIGN_ECDSA_WITH_SHA512_DER: case SIGN_ECDSA_521: case SIGN_BLISS_WITH_SHA2_512: return HASH_SHA512; + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return HASH_SHA3_224; + case SIGN_RSA_EMSA_PKCS1_SHA3_256: case SIGN_BLISS_WITH_SHA3_256: return HASH_SHA3_256; + case SIGN_RSA_EMSA_PKCS1_SHA3_384: case SIGN_BLISS_WITH_SHA3_384: return HASH_SHA3_384; + case SIGN_RSA_EMSA_PKCS1_SHA3_512: case SIGN_BLISS_WITH_SHA3_512: return HASH_SHA3_512; } diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c deleted file mode 100644 index 5116dfefa..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "mgf1.h" - -#include "crypto/hashers/hasher.h" -#include "utils/debug.h" -#include "utils/test.h" - -typedef struct private_mgf1_t private_mgf1_t; - -/** - * Private data of an mgf1_t object. - */ -struct private_mgf1_t { - - /** - * Public mgf1_t interface. - */ - mgf1_t public; - - /** - * Hasher the MGF1 Mask Generation Function is based on - */ - hasher_t *hasher; - - /** - * Counter - */ - uint32_t counter; - - /** - * Set if counter has reached 2^32 - */ - bool overflow; - - /** - * Current state to be hashed - */ - chunk_t state; - - /** - * Position of the 4 octet counter string - */ - u_char *ctr_str; - -}; - -METHOD(mgf1_t, get_hash_size, size_t, - private_mgf1_t *this) -{ - return this->hasher->get_hash_size(this->hasher); -} - -METHOD(mgf1_t, get_mask, bool, - private_mgf1_t *this, size_t mask_len, u_char *mask) -{ - u_char buf[HASH_SIZE_SHA512]; - size_t hash_len; - - hash_len = this->hasher->get_hash_size(this->hasher); - - while (mask_len > 0) - { - /* detect overflow, set counter string and increment counter */ - if (this->overflow) - { - return FALSE; - } - htoun32(this->ctr_str, this->counter++); - if (this->counter == 0) - { - this->overflow = TRUE; - } - - /* get the next or final mask block from the hash function */ - if (!this->hasher->get_hash(this->hasher, this->state, - (mask_len < hash_len) ? buf : mask)) - { - return FALSE; - } - if (mask_len < hash_len) - { - memcpy(mask, buf, mask_len); - return TRUE; - } - mask_len -= hash_len; - mask += hash_len; - } - return TRUE; -} - -METHOD(mgf1_t, allocate_mask, bool, - private_mgf1_t *this, size_t mask_len, chunk_t *mask) -{ - if (mask_len == 0) - { - *mask = chunk_empty; - return TRUE; - } - *mask = chunk_alloc(mask_len); - - return get_mask(this, mask_len, mask->ptr); -} - -METHOD(mgf1_t, destroy, void, - private_mgf1_t *this) -{ - this->hasher->destroy(this->hasher); - chunk_clear(&this->state); - free(this); -} - -/* - * Described in header. - */ -mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed) -{ - private_mgf1_t *this; - hasher_t *hasher; - size_t state_len; - - if (seed.len == 0) - { - DBG1(DBG_LIB, "empty seed for MGF1"); - return NULL; - } - - hasher = lib->crypto->create_hasher(lib->crypto, alg); - if (!hasher) - { - DBG1(DBG_LIB, "failed to create %N hasher for MGF1", - hash_algorithm_names, alg); - return NULL; - } - state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4; - - INIT(this, - .public = { - .get_hash_size = _get_hash_size, - .allocate_mask = _allocate_mask, - .get_mask = _get_mask, - .destroy = _destroy, - }, - .hasher = hasher, - .state = chunk_alloc(state_len), - ); - - /* determine position of the 4 octet counter string */ - this->ctr_str = this->state.ptr + state_len - 4; - - if (hash_seed) - { - if (!hasher->get_hash(hasher, seed, this->state.ptr)) - { - DBG1(DBG_LIB, "failed to hash seed for MGF1"); - destroy(this); - return NULL; - } - } - else - { - memcpy(this->state.ptr, seed.ptr, seed.len); - } - - return &this->public; -} diff --git a/src/libstrongswan/crypto/mgf1/mgf1.h b/src/libstrongswan/crypto/mgf1/mgf1.h deleted file mode 100644 index 592d31596..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup mgf1 mgf1 - * @{ @ingroup crypto - */ - -#ifndef MGF1_H_ -#define MGF1_H_ - -typedef struct mgf1_t mgf1_t; - -#include <library.h> - -/** - * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function - * defined in section 10.2.1 of RFC 2437 - */ -struct mgf1_t { - - /** - * Get the hash size of the underlying hash function - * - * @return hash size in bytes - */ - size_t (*get_hash_size)(mgf1_t *this); - - /** - * Generate a mask pattern and copy it to an output buffer - * If the maximum number of requests has been reached, reseeding occurs - * - * @param mask_len number of mask bytes to generate - * @param mask output buffer of minimum size mask_len - * @return TRUE if successful - */ - bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask); - - /** - * Generate a mask pattern and return it in an allocated chunk - * - * @param mask_len number of mask bytes to generate - * @param mask chunk containing generated mask - * @return TRUE if successful - */ - bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask); - - /** - * Destroy the MGF1 object - */ - void (*destroy)(mgf1_t *this); -}; - -/** - * Create an MGF1 object - * - * @param alg hash algorithm to be used by MGF1 - * @param seed seed used by MGF1 to generate mask from - * @param hash_seed hash seed before using it as a seed for MGF1 - */ -mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed); - -#endif /** MGF1_H_ @}*/ - diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c deleted file mode 100644 index ef0a2bd01..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "mgf1_bitspender.h" - -#include <crypto/mgf1/mgf1.h> - -typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t; - -/** - * Private data structure for mgf1_bitspender_t object - */ -struct private_mgf1_bitspender_t { - /** - * Public interface. - */ - mgf1_bitspender_t public; - - /** - * MGF1 bit mask generator - */ - mgf1_t *mgf1; - - /** - * Octet storage (accommodates up to 64 octets) - */ - uint8_t octets[HASH_SIZE_SHA512]; - - /** - * Length of the returned hash value in octets - */ - int hash_len; - - /** - * Number of generated octets - */ - int octets_count; - - /** - * Number of available octets - */ - int octets_left; - - /** - * Bit storage (accommodates up to 32 bits) - */ - uint32_t bits; - - /** - * Number of available bits - */ - int bits_left; - - /** - * Byte storage (accommodates up to 4 bytes) - */ - uint8_t bytes[4]; - - /** - * Number of available bytes - */ - int bytes_left; - -}; - -METHOD(mgf1_bitspender_t, get_bits, bool, - private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits) -{ - int bits_now; - - *bits = 0x00000000; - - if (bits_needed == 0) - { - /* trivial */ - return TRUE; - } - if (bits_needed > 32) - { - /* too many bits requested */ - return FALSE; - } - - while (bits_needed) - { - if (this->bits_left == 0) - { - if (this->octets_left == 0) - { - /* get another block from MGF1 */ - if (!this->mgf1->get_mask(this->mgf1, this->hash_len, - this->octets)) - { - /* no block available */ - return FALSE; - } - this->octets_left = this->hash_len; - this->octets_count += this->hash_len; - } - this->bits = untoh32(this->octets + this->hash_len - - this->octets_left); - this->bits_left = 32; - this->octets_left -= 4; - } - if (bits_needed > this->bits_left) - { - bits_now = this->bits_left; - this->bits_left = 0; - bits_needed -= bits_now; - } - else - { - bits_now = bits_needed; - this->bits_left -= bits_needed; - bits_needed = 0; - } - if (bits_now == 32) - { - *bits = this->bits; - } - else - { - *bits <<= bits_now; - *bits |= this->bits >> this->bits_left; - if (this->bits_left) - { - this->bits &= 0xffffffff >> (32 - this->bits_left); - } - } - } - return TRUE; -} - -METHOD(mgf1_bitspender_t, get_byte, bool, - private_mgf1_bitspender_t *this, uint8_t *byte) -{ - if (this->bytes_left == 0) - { - if (this->octets_left == 0) - { - /* get another block from MGF1 */ - if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets)) - { - /* no block available */ - return FALSE; - } - this->octets_left = this->hash_len; - this->octets_count += this->hash_len; - } - memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4); - this->bytes_left = 4; - this->octets_left -= 4; - } - *byte = this->bytes[4 - this->bytes_left--]; - - return TRUE; -} - -METHOD(mgf1_bitspender_t, destroy, void, - private_mgf1_bitspender_t *this) -{ - DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count); - memwipe(this->octets, sizeof(this->octets)); - this->mgf1->destroy(this->mgf1); - free(this); -} - -/** - * See header. - */ -mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed) -{ - private_mgf1_bitspender_t *this; - mgf1_t *mgf1; - - mgf1 = mgf1_create(alg, seed, hash_seed); - if (!mgf1) - { - return NULL; - } - DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets", - hash_algorithm_short_names, alg, seed.len); - - INIT(this, - .public = { - .get_bits = _get_bits, - .get_byte = _get_byte, - .destroy = _destroy, - }, - .mgf1 = mgf1, - .hash_len = mgf1->get_hash_size(mgf1), - ); - - return &this->public; -} diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 282d40e7b..cd4e5763c 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -154,7 +154,7 @@ METHOD(proposal_keywords_t, register_algname_parser, void, private_proposal_keywords_t *this, proposal_algname_parser_t parser) { this->lock->write_lock(this->lock); - this->tokens->insert_first(this->parsers, parser); + this->parsers->insert_first(this->parsers, parser); this->lock->unlock(this->lock); } diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index ba4c895d7..b058ad288 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -59,12 +59,12 @@ struct proposal_token { uint16_t keysize; }; -#define TOTAL_KEYWORDS 140 +#define TOTAL_KEYWORDS 141 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 11 -#define MAX_HASH_VALUE 266 -/* maximum key range = 256, duplicates = 0 */ +#define MIN_HASH_VALUE 7 +#define MAX_HASH_VALUE 282 +/* maximum key range = 276, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned short asso_values[] = { - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 71, 4, - 20, 6, 48, 32, 10, 30, 5, 3, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 97, 267, 4, 8, 18, - 56, 107, 107, 78, 10, 4, 267, 267, 3, 5, - 7, 4, 30, 92, 104, 3, 32, 145, 267, 267, - 3, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267 + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 75, 2, + 16, 16, 30, 26, 8, 35, 3, 1, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 29, 283, 10, 2, 16, + 46, 1, 23, 78, 4, 4, 283, 283, 1, 9, + 5, 2, 124, 117, 77, 106, 85, 27, 283, 283, + 1, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283 }; register int hval = len; @@ -145,23 +145,20 @@ hash (str, len) static const struct proposal_token wordlist[] = { {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, + {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, @@ -171,14 +168,17 @@ static const struct proposal_token wordlist[] = {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, @@ -187,26 +187,32 @@ static const struct proposal_token wordlist[] = {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, @@ -215,106 +221,103 @@ static const struct proposal_token wordlist[] = {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, - {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, - {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, + {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, + {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, - {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, - {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, - {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, - {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, + {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, - {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = { + -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 1, -1, -1, + -1, -1, -1, -1, -1, -1, 2, -1, -1, -1, + 3, 4, -1, 5, 6, 7, 8, -1, -1, -1, + -1, 9, -1, -1, 10, 11, -1, 12, -1, 13, + 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, -1, 27, 28, 29, 30, 31, 32, + 33, 34, 35, 36, 37, 38, -1, 39, 40, 41, + 42, 43, 44, 45, 46, -1, 47, 48, -1, 49, + 50, 51, 52, 53, 54, -1, 55, 56, 57, 58, + 59, 60, 61, 62, 63, 64, -1, 65, -1, -1, + 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, + 76, 77, 78, 79, -1, 80, 81, 82, 83, -1, + 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, + 94, 95, 96, 97, 98, 99, 100, -1, 101, -1, + -1, -1, 102, -1, 103, 104, 105, 106, -1, 107, + -1, 108, 109, 110, 111, 112, 113, 114, -1, 115, + -1, 116, 117, -1, -1, 118, 119, 120, -1, 121, + -1, -1, 122, 123, 124, -1, 125, 126, 127, -1, + 128, 129, 130, -1, 131, 132, -1, -1, -1, -1, + -1, -1, 133, 134, -1, -1, -1, 135, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 136, -1, + -1, 137, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 0, -1, -1, 1, -1, -1, -1, -1, -1, - -1, -1, -1, 2, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3, - 4, -1, 5, -1, 6, 7, -1, 8, 9, -1, - -1, -1, -1, -1, -1, 10, -1, 11, 12, 13, - 14, -1, -1, -1, 15, -1, 16, 17, -1, 18, - 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, - -1, -1, 28, 29, 30, -1, 31, -1, 32, 33, - 34, -1, 35, 36, 37, 38, -1, 39, 40, 41, - 42, -1, 43, 44, -1, -1, -1, -1, -1, 45, - -1, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, -1, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, - 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, - 84, -1, 85, 86, -1, 87, 88, 89, 90, 91, - 92, -1, 93, 94, 95, 96, 97, 98, 99, 100, - -1, -1, 101, 102, 103, -1, -1, 104, 105, 106, - 107, 108, 109, -1, -1, 110, -1, 111, 112, 113, - 114, -1, 115, 116, -1, 117, 118, 119, 120, 121, - -1, -1, -1, -1, 122, 123, 124, -1, 125, -1, - -1, -1, 126, 127, 128, -1, 129, 130, 131, -1, - -1, 132, 133, -1, -1, -1, 134, -1, 135, 136, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 137, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 138, -1, -1, 139 + -1, -1, -1, -1, -1, -1, -1, 138, 139, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 140 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 87602430d..3ac772962 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -167,5 +167,6 @@ ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0 ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0 ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0 ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0 +newhope128, DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0 noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index 7c6678b61..808cb996e 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -17,13 +17,15 @@ #include <crypto/hashers/hasher.h> #include <crypto/rngs/rng.h> -ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM, +ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION, "UNDEFINED_TRANSFORM_TYPE", "HASH_ALGORITHM", "RANDOM_NUMBER_GENERATOR", "AEAD_ALGORITHM", - "COMPRESSION_ALGORITHM"); -ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM, + "COMPRESSION_ALGORITHM", + "EXTENDED OUTPUT FUNCTION"); +ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, + EXTENDED_OUTPUT_FUNCTION, "ENCRYPTION_ALGORITHM", "PSEUDO_RANDOM_FUNCTION", "INTEGRITY_ALGORITHM", @@ -60,6 +62,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type) return diffie_hellman_group_names; case EXTENDED_SEQUENCE_NUMBERS: return extended_sequence_numbers_names; + case EXTENDED_OUTPUT_FUNCTION: + return ext_out_function_names; case UNDEFINED_TRANSFORM_TYPE: case COMPRESSION_ALGORITHM: break; diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index 0cb84f0f5..e043e605c 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -34,6 +34,7 @@ enum transform_type_t { RANDOM_NUMBER_GENERATOR = 243, AEAD_ALGORITHM = 244, COMPRESSION_ALGORITHM = 245, + EXTENDED_OUTPUT_FUNCTION = 246, ENCRYPTION_ALGORITHM = 1, PSEUDO_RANDOM_FUNCTION = 2, INTEGRITY_ALGORITHM = 3, diff --git a/src/libstrongswan/crypto/xofs/mgf1.h b/src/libstrongswan/crypto/xofs/mgf1.h new file mode 100644 index 000000000..5ad3a518a --- /dev/null +++ b/src/libstrongswan/crypto/xofs/mgf1.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mgf1 mgf1 + * @{ @ingroup crypto + */ + +#ifndef MGF1_H_ +#define MGF1_H_ + +typedef struct mgf1_t mgf1_t; + +#include "xof.h" + +/** + * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function + * defined in section 10.2.1 of RFC 2437 + */ +struct mgf1_t { + + /** + * Generic xof_t interface for this Extended Output Function (XOF). + */ + xof_t xof_interface; + + /** + * Hash the seed before using it as a seed for MGF1 + * + * @param yes TRUE if seed has to be hashed first + */ + void (*set_hash_seed)(mgf1_t *this, bool yes); +}; + +#endif /** MGF1_H_ @}*/ diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c new file mode 100644 index 000000000..1e9c2834b --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof.c @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "xof.h" + +ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20, + "XOF_UNDEFINED", + "XOF_MGF1_SHA1", + "XOF_MGF1_SHA256", + "XOF_MGF1_SHA512", + "XOF_SHAKE128", + "XOF_SHAKE256", + "XOF_CHACHA20" +); + diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h new file mode 100644 index 000000000..8c9ae0131 --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof.h @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup xof xof + * @{ @ingroup crypto + */ + +#ifndef XOF_H_ +#define XOF_H_ + +typedef enum ext_out_function_t ext_out_function_t; +typedef struct xof_t xof_t; + +#include <library.h> + +/** + * Extendable Output Functions. + */ +enum ext_out_function_t { + XOF_UNDEFINED, + /** RFC 2437 PKCS#1 */ + XOF_MGF1_SHA1, + /** RFC 2437 PKCS#1 */ + XOF_MGF1_SHA256, + /** RFC 2437 PKCS#1 */ + XOF_MGF1_SHA512, + /** FIPS 202 */ + XOF_SHAKE_128, + /** FIPS 202 */ + XOF_SHAKE_256, + /** RFC 7539 ChaCha20 */ + XOF_CHACHA20, +}; + +/** + * enum name for ext_out_function_t. + */ +extern enum_name_t *ext_out_function_names; + +/** + * Generic interface for Extended Output Function (XOF) + */ +struct xof_t { + + /** + * Return the type of the Extended Output Function + * + * @return XOF type + */ + ext_out_function_t (*get_type)(xof_t *this); + + /** + * Generates pseudo random bytes and writes them in the buffer. + * + * @param out_len number of output bytes requested + * @param buffer pointer where the generated bytes will be written + * @return TRUE if bytes generated successfully + */ + bool (*get_bytes)(xof_t *this, size_t out_len, + uint8_t *buffer) __attribute__((warn_unused_result)); + + /** + * Generates pseudo random bytes and allocate space for them. + * + * @param out_len number of output bytes requested + * @param chunk chunk which will hold generated bytes + * @return TRUE if bytes allocated and generated successfully + */ + bool (*allocate_bytes)(xof_t *this, size_t out_len, + chunk_t *chunk) __attribute__((warn_unused_result)); + + /** + * Get the output block size + * + * @return block size in bytes + */ + size_t (*get_block_size)(xof_t *this); + + /** + * Get the recommended minimum seed size + * + * @return seed size in bytes + */ + size_t (*get_seed_size)(xof_t *this); + + /** + * Set the key for this xof_t object. + * + * @param sed seed to set + * @return TRUE if XOF initialized with seed successfully + */ + bool (*set_seed)(xof_t *this, + chunk_t seed) __attribute__((warn_unused_result)); + + /** + * Destroys a xof object. + */ + void (*destroy)(xof_t *this); +}; + +#endif /** XOF_H_ @}*/ diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.c b/src/libstrongswan/crypto/xofs/xof_bitspender.c new file mode 100644 index 000000000..f18b806a3 --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof_bitspender.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "xof_bitspender.h" +#include "mgf1.h" + +typedef struct private_xof_bitspender_t private_xof_bitspender_t; + +/** + * Private data structure for xof_bitspender_t object + */ +struct private_xof_bitspender_t { + /** + * Public interface. + */ + xof_bitspender_t public; + + /** + * Extended Output Function (XOF) + */ + xof_t *xof; + + /** + * Length of the returned hash value in octets + */ + int hash_len; + + /** + * Bit storage (accommodates up to 32 bits) + */ + uint32_t bits; + + /** + * Number of available bits + */ + int bits_left; + + /** + * Byte storage (accommodates up to 4 bytes) + */ + uint8_t bytes[4]; + + /** + * Number of available bytes + */ + int bytes_left; + + /** + * Number of octets spent + */ + int octet_count; + +}; + +static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer) +{ + if (!this->xof->get_bytes(this->xof, 4, buffer)) + { + /* no block available */ + return FALSE; + } + this->octet_count += 4; + + return TRUE; +} + +METHOD(xof_bitspender_t, get_bits, bool, + private_xof_bitspender_t *this, int bits_needed, uint32_t *bits) +{ + int bits_now; + + *bits = 0x00000000; + + if (bits_needed == 0) + { + /* trivial */ + return TRUE; + } + if (bits_needed > 32) + { + /* too many bits requested */ + return FALSE; + } + + while (bits_needed) + { + if (this->bits_left == 0) + { + uint8_t buf[4]; + + if (!get_next_block(this, buf)) + { + return FALSE; + } + this->bits = untoh32(buf); + this->bits_left = 32; + } + if (bits_needed > this->bits_left) + { + bits_now = this->bits_left; + this->bits_left = 0; + bits_needed -= bits_now; + } + else + { + bits_now = bits_needed; + this->bits_left -= bits_needed; + bits_needed = 0; + } + if (bits_now == 32) + { + *bits = this->bits; + } + else + { + *bits <<= bits_now; + *bits |= this->bits >> this->bits_left; + if (this->bits_left) + { + this->bits &= 0xffffffff >> (32 - this->bits_left); + } + } + } + + return TRUE; +} + +METHOD(xof_bitspender_t, get_byte, bool, + private_xof_bitspender_t *this, uint8_t *byte) +{ + if (this->bytes_left == 0) + { + if (!get_next_block(this, this->bytes)) + { + return FALSE; + } + this->bytes_left = 4; + } + *byte = this->bytes[4 - this->bytes_left--]; + + return TRUE; +} + +METHOD(xof_bitspender_t, destroy, void, + private_xof_bitspender_t *this) +{ + DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names, + this->xof->get_type(this->xof), this->octet_count); + memwipe(this->bytes, 4); + this->xof->destroy(this->xof); + free(this); +} + +/** + * See header. + */ +xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed, + bool hash_seed) +{ + private_xof_bitspender_t *this; + xof_t *xof; + + xof = lib->crypto->create_xof(lib->crypto, alg); + if (!xof) + { + return NULL; + } + + switch (alg) + { + case XOF_MGF1_SHA1: + case XOF_MGF1_SHA256: + case XOF_MGF1_SHA512: + { + mgf1_t *mgf1 = (mgf1_t*)xof; + + mgf1->set_hash_seed(mgf1, hash_seed); + break; + } + default: + break; + } + if (!xof->set_seed(xof, seed)) + { + xof->destroy(xof); + return NULL; + } + DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names, + alg, seed.len); + + INIT(this, + .public = { + .get_bits = _get_bits, + .get_byte = _get_byte, + .destroy = _destroy, + }, + .xof = xof, + ); + + return &this->public; +} diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h b/src/libstrongswan/crypto/xofs/xof_bitspender.h index f7df8e834..f42207903 100644 --- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h +++ b/src/libstrongswan/crypto/xofs/xof_bitspender.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,22 +14,24 @@ */ /** - * @defgroup mgf1_bitspender mgf1_bitspender + * @defgroup xof_bitspender xof_bitspender * @{ @ingroup mgf1 */ -#ifndef MGF1_BITSPENDER_H_ -#define MGF1_BITSPENDER_H_ +#ifndef XOF_BITSPENDER_H_ +#define XOF_BITSPENDER_H_ + +#include "xof.h" #include <library.h> -#include <crypto/hashers/hasher.h> -typedef struct mgf1_bitspender_t mgf1_bitspender_t; +typedef struct xof_bitspender_t xof_bitspender_t; /** - * Generates a given number of pseudo-random bits at a time using MGF1 + * Generates a given number of pseudo-random bits at a time using an + * Extended Output Function (XOF) */ -struct mgf1_bitspender_t { +struct xof_bitspender_t { /** * Get pseudo-random bits @@ -38,7 +40,7 @@ struct mgf1_bitspender_t { * @param bits Pseudo-random bits * @result FALSE if internal MGF1 error occurred */ - bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits); + bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits); /** * Get a pseudo-random byte @@ -46,22 +48,22 @@ struct mgf1_bitspender_t { * @param byte Pseudo-random byte * @result FALSE if internal MGF1 error occurred */ - bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte); + bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte); /** - * Destroy mgf1_bitspender_t object + * Destroy xof_bitspender_t object */ - void (*destroy)(mgf1_bitspender_t *this); + void (*destroy)(xof_bitspender_t *this); }; /** - * Create a mgf1_bitspender_t object + * Create a xof_bitspender_t object * - * @param alg Hash algorithm to be used with MGF1 - * @param seed Seed used to initialize MGF1 + * @param alg XOF to be used + * @param seed Seed used to initialize XOF * @param hash_seed Hash seed before using it as a seed for MFG1 */ -mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed); +xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed, + bool hash_seed); -#endif /** MGF1_BITSPENDER_H_ @}*/ +#endif /** XOF_BITSPENDER_H_ @}*/ |