diff options
37 files changed, 466 insertions, 1955 deletions
diff --git a/.gitignore b/.gitignore index 8e5e23fa0..945f0d2ff 100644 --- a/.gitignore +++ b/.gitignore @@ -21,5 +21,5 @@ lex.yy.c *keywords.c Doxyfile apidoc/ -*.~ +*~ *.orig diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 3e2874197..9ddb8fc82 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -585,8 +585,6 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou const char *name = MSCHAPV2_HOST_NAME; u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; - DBG1(DBG_IKE, "initiating EAP-MS-CHAPv2"); - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { diff --git a/src/charon/plugins/sql/.gitignore b/src/charon/plugins/sql/.gitignore new file mode 100644 index 000000000..eae4e6ad0 --- /dev/null +++ b/src/charon/plugins/sql/.gitignore @@ -0,0 +1 @@ +pool diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index b8e8213b3..126011e0b 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -1424,6 +1424,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) exchange_type_names, message->get_exchange_type(message), message->get_request(message) ? "request" : "response", message->get_message_id(message)); + + if (this->state == IKE_CREATED) + { /* invalid initiation attempt, close SA */ + return DESTROY_ME; + } return status; } else diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c index 0fe10e396..e03484279 100644 --- a/src/charon/sa/task_manager.c +++ b/src/charon/sa/task_manager.c @@ -655,161 +655,162 @@ static status_t process_request(private_task_manager_t *this, notify_payload_t *notify; delete_payload_t *delete; - /* create tasks depending on request type */ - switch (message->get_exchange_type(message)) - { - case IKE_SA_INIT: + if (this->passive_tasks->get_count(this->passive_tasks) == 0) + { /* create tasks depending on request type, if not already some queued */ + switch (message->get_exchange_type(message)) { - task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)ike_natd_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); + case IKE_SA_INIT: + { + task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_natd_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); #ifdef ME - task = (task_t*)ike_me_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_me_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); #endif /* ME */ - task = (task_t*)ike_auth_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)ike_config_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)child_create_create(this->ike_sa, NULL); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - task = (task_t*)ike_mobike_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - break; - } - case CREATE_CHILD_SA: - { /* FIXME: we should prevent this on mediation connections */ - bool notify_found = FALSE, ts_found = FALSE; - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) - { - switch (payload->get_type(payload)) + task = (task_t*)ike_auth_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_config_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)child_create_create(this->ike_sa, NULL); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_mobike_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); + break; + } + case CREATE_CHILD_SA: + { /* FIXME: we should prevent this on mediation connections */ + bool notify_found = FALSE, ts_found = FALSE; + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, &payload)) { - case NOTIFY: + switch (payload->get_type(payload)) { - /* if we find a rekey notify, its CHILD_SA rekeying */ - notify = (notify_payload_t*)payload; - if (notify->get_notify_type(notify) == REKEY_SA && - (notify->get_protocol_id(notify) == PROTO_AH || - notify->get_protocol_id(notify) == PROTO_ESP)) - { - notify_found = TRUE; + case NOTIFY: + { /* if we find a rekey notify, its CHILD_SA rekeying */ + notify = (notify_payload_t*)payload; + if (notify->get_notify_type(notify) == REKEY_SA && + (notify->get_protocol_id(notify) == PROTO_AH || + notify->get_protocol_id(notify) == PROTO_ESP)) + { + notify_found = TRUE; + } + break; } - break; - } - case TRAFFIC_SELECTOR_INITIATOR: - case TRAFFIC_SELECTOR_RESPONDER: - { - /* if we don't find a TS, its IKE rekeying */ - ts_found = TRUE; - break; + case TRAFFIC_SELECTOR_INITIATOR: + case TRAFFIC_SELECTOR_RESPONDER: + { /* if we don't find a TS, its IKE rekeying */ + ts_found = TRUE; + break; + } + default: + break; } - default: - break; } - } - enumerator->destroy(enumerator); - - if (ts_found) - { - if (notify_found) + enumerator->destroy(enumerator); + + if (ts_found) { - task = (task_t*)child_rekey_create(this->ike_sa, - PROTO_NONE, 0); + if (notify_found) + { + task = (task_t*)child_rekey_create(this->ike_sa, + PROTO_NONE, 0); + } + else + { + task = (task_t*)child_create_create(this->ike_sa, NULL); + } } else { - task = (task_t*)child_create_create(this->ike_sa, NULL); + task = (task_t*)ike_rekey_create(this->ike_sa, FALSE); } + this->passive_tasks->insert_last(this->passive_tasks, task); + break; } - else - { - task = (task_t*)ike_rekey_create(this->ike_sa, FALSE); - } - this->passive_tasks->insert_last(this->passive_tasks, task); - break; - } - case INFORMATIONAL: - { - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + case INFORMATIONAL: { - switch (payload->get_type(payload)) + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, &payload)) { - case NOTIFY: + switch (payload->get_type(payload)) { - notify = (notify_payload_t*)payload; - switch (notify->get_notify_type(notify)) + case NOTIFY: { - case ADDITIONAL_IP4_ADDRESS: - case ADDITIONAL_IP6_ADDRESS: - case NO_ADDITIONAL_ADDRESSES: - case UPDATE_SA_ADDRESSES: - case NO_NATS_ALLOWED: - case UNACCEPTABLE_ADDRESSES: - case UNEXPECTED_NAT_DETECTED: - case COOKIE2: - case NAT_DETECTION_SOURCE_IP: - case NAT_DETECTION_DESTINATION_IP: - task = (task_t*)ike_mobike_create( - this->ike_sa, FALSE); - break; - case AUTH_LIFETIME: - task = (task_t*)ike_auth_lifetime_create( - this->ike_sa, FALSE); - break; - default: - break; + notify = (notify_payload_t*)payload; + switch (notify->get_notify_type(notify)) + { + case ADDITIONAL_IP4_ADDRESS: + case ADDITIONAL_IP6_ADDRESS: + case NO_ADDITIONAL_ADDRESSES: + case UPDATE_SA_ADDRESSES: + case NO_NATS_ALLOWED: + case UNACCEPTABLE_ADDRESSES: + case UNEXPECTED_NAT_DETECTED: + case COOKIE2: + case NAT_DETECTION_SOURCE_IP: + case NAT_DETECTION_DESTINATION_IP: + task = (task_t*)ike_mobike_create( + this->ike_sa, FALSE); + break; + case AUTH_LIFETIME: + task = (task_t*)ike_auth_lifetime_create( + this->ike_sa, FALSE); + break; + default: + break; + } + break; } - break; - } - case DELETE: - { - delete = (delete_payload_t*)payload; - if (delete->get_protocol_id(delete) == PROTO_IKE) + case DELETE: { - task = (task_t*)ike_delete_create(this->ike_sa, FALSE); - } - else - { - task = (task_t*)child_delete_create(this->ike_sa, + delete = (delete_payload_t*)payload; + if (delete->get_protocol_id(delete) == PROTO_IKE) + { + task = (task_t*)ike_delete_create(this->ike_sa, + FALSE); + } + else + { + task = (task_t*)child_delete_create(this->ike_sa, PROTO_NONE, 0); + } + break; } - break; + default: + break; } - default: + if (task) + { break; + } } - if (task) + enumerator->destroy(enumerator); + + if (task == NULL) { - break; + task = (task_t*)ike_dpd_create(FALSE); } + this->passive_tasks->insert_last(this->passive_tasks, task); + break; } - enumerator->destroy(enumerator); - - if (task == NULL) +#ifdef ME + case ME_CONNECT: { - task = (task_t*)ike_dpd_create(FALSE); + task = (task_t*)ike_me_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); } - this->passive_tasks->insert_last(this->passive_tasks, task); - break; - } -#ifdef ME - case ME_CONNECT: - { - task = (task_t*)ike_me_create(this->ike_sa, FALSE); - this->passive_tasks->insert_last(this->passive_tasks, task); - } #endif /* ME */ - default: - break; + default: + break; + } } /* let the tasks process the message */ diff --git a/src/dumm/.gitignore b/src/dumm/.gitignore new file mode 100644 index 000000000..2b0886745 --- /dev/null +++ b/src/dumm/.gitignore @@ -0,0 +1,2 @@ +dumm +irdumm diff --git a/src/dumm/ext/.gitignore b/src/dumm/ext/.gitignore new file mode 100644 index 000000000..cda5b9468 --- /dev/null +++ b/src/dumm/ext/.gitignore @@ -0,0 +1,3 @@ +dumm.so +mkmf.log + diff --git a/src/libcrypto/Makefile.am b/src/libcrypto/Makefile.am index 4416c8daf..08f35a955 100644 --- a/src/libcrypto/Makefile.am +++ b/src/libcrypto/Makefile.am @@ -1,9 +1,9 @@ noinst_LIBRARIES = libcrypto.a libcrypto_a_SOURCES = \ libaes/aes_xcbc_mac.c libaes/aes_cbc.c libaes/aes_xcbc_mac.h libaes/aes_cbc.h libaes/aes.c libaes/aes.h \ -include/md32_common.h include/cbc_generic.h include/hmac_generic.h libblowfish/bf_skey.c libblowfish/blowfish.h \ -libblowfish/bf_pi.h libblowfish/bf_locl.h libblowfish/bf_enc.c libsha2/hmac_sha2.c libsha2/sha2.h libsha2/hmac_sha2.h \ -libsha2/sha2.c libserpent/serpent_cbc.c libserpent/serpent_cbc.h libserpent/serpent.c libserpent/serpent.h \ +include/md32_common.h include/cbc_generic.h include/hmac_generic.h \ +libblowfish/bf_skey.c libblowfish/blowfish.h libblowfish/bf_pi.h libblowfish/bf_locl.h libblowfish/bf_enc.c \ +libserpent/serpent_cbc.c libserpent/serpent_cbc.h libserpent/serpent.c libserpent/serpent.h \ libtwofish/twofish_cbc.h libtwofish/twofish_cbc.c libtwofish/twofish.c libtwofish/twofish.h libdes/des_enc.c \ libdes/podd.h libdes/sk.h libdes/set_key.c libdes/fcrypt_b.c libdes/fcrypt.c libdes/destest.c \ libdes/spr.h libdes/cbc_enc.c libdes/ecb_enc.c libdes/des_locl.h libdes/des_ver.h libdes/des.h diff --git a/src/libcrypto/libsha2/Makefile.old b/src/libcrypto/libsha2/Makefile.old deleted file mode 100644 index cee7e6109..000000000 --- a/src/libcrypto/libsha2/Makefile.old +++ /dev/null @@ -1,21 +0,0 @@ -CFLAGS=-O3 -fomit-frame-pointer -I../include $(EXTRA_CFLAGS) - -LIBOBJ := hmac_sha2.o sha2.o - -BLIB := libsha2.a - -.S.o: - $(CC) $(AFLAGS) -c $< -o $@ - -$(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) - ar cr $(BLIB) $(LIBOBJ) - -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ - else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ - else exit 0; fi; fi - -test: test_main.o $(BLIB) - $(CC) -o $@ $^ - -clean: - rm -f *.[oa] core $(TARGET) test diff --git a/src/libcrypto/libsha2/hmac_sha2.c b/src/libcrypto/libsha2/hmac_sha2.c deleted file mode 100644 index ad107eb62..000000000 --- a/src/libcrypto/libsha2/hmac_sha2.c +++ /dev/null @@ -1,32 +0,0 @@ -#ifdef __KERNEL__ -#include <linux/types.h> -#include <linux/string.h> -#else -#include <sys/types.h> -#include <string.h> -#endif -#include "hmac_generic.h" -#include "sha2.h" -#include "hmac_sha2.h" - -void inline sha256_result(sha256_context *ctx, u_int8_t * hash, int hashlen) { - sha256_final(ctx); - memcpy(hash, &ctx->sha_out[0], hashlen); -} -void inline sha512_result(sha512_context *ctx, u_int8_t * hash, int hashlen) { - sha512_final(ctx); - memcpy(hash, &ctx->sha_out[0], hashlen); -} -HMAC_SET_KEY_IMPL (sha256_hmac_set_key, - sha256_hmac_context, SHA256_BLOCKSIZE, - sha256_init, sha256_write) -HMAC_HASH_IMPL (sha256_hmac_hash, - sha256_hmac_context, sha256_context, SHA256_HASHLEN, - sha256_write, sha256_result) - -HMAC_SET_KEY_IMPL (sha512_hmac_set_key, - sha512_hmac_context, SHA512_BLOCKSIZE, - sha512_init, sha512_write) -HMAC_HASH_IMPL (sha512_hmac_hash, - sha512_hmac_context, sha512_context, SHA512_HASHLEN, - sha512_write, sha512_result) diff --git a/src/libcrypto/libsha2/hmac_sha2.h b/src/libcrypto/libsha2/hmac_sha2.h deleted file mode 100644 index b7f8c747c..000000000 --- a/src/libcrypto/libsha2/hmac_sha2.h +++ /dev/null @@ -1,17 +0,0 @@ -typedef struct { - sha256_context ictx,octx; -} sha256_hmac_context; -typedef struct { - sha512_context ictx,octx; -} sha512_hmac_context; -#define SHA256_BLOCKSIZE 64 -#define SHA256_HASHLEN 32 -#define SHA384_BLOCKSIZE 128 /* XXX ok? */ -#define SHA384_HASHLEN 48 -#define SHA512_BLOCKSIZE 128 -#define SHA512_HASHLEN 64 - -void sha256_hmac_hash(sha256_hmac_context *hctx, const u_int8_t * dat, int len, u_int8_t * hash, int hashlen); -void sha256_hmac_set_key(sha256_hmac_context *hctx, const u_int8_t * key, int keylen); -void sha512_hmac_hash(sha512_hmac_context *hctx, const u_int8_t * dat, int len, u_int8_t * hash, int hashlen); -void sha512_hmac_set_key(sha512_hmac_context *hctx, const u_int8_t * key, int keylen); diff --git a/src/libcrypto/libsha2/sha2.c b/src/libcrypto/libsha2/sha2.c deleted file mode 100644 index 4debdad67..000000000 --- a/src/libcrypto/libsha2/sha2.c +++ /dev/null @@ -1,437 +0,0 @@ -/* - * sha512.c - * - * Written by Jari Ruusu, April 16 2001 - * - * Copyright 2001 by Jari Ruusu. - * Redistribution of this file is permitted under the GNU Public License. - */ - -#ifdef __KERNEL__ -#include <linux/string.h> -#include <linux/types.h> -#else -#include <string.h> -#include <sys/types.h> -#endif -#include "sha2.h" - -/* Define one or more of these. If none is defined, you get all of them */ -#if !defined(SHA256_NEEDED)&&!defined(SHA512_NEEDED)&&!defined(SHA384_NEEDED) -# define SHA256_NEEDED 1 -# define SHA512_NEEDED 1 -# define SHA384_NEEDED 1 -#endif - -#if defined(SHA256_NEEDED) -static const u_int32_t sha256_hashInit[8] = { - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, - 0x1f83d9ab, 0x5be0cd19 -}; -static const u_int32_t sha256_K[64] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, - 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, - 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, - 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, - 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, - 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; -#endif - -#if defined(SHA512_NEEDED) -static const u_int64_t sha512_hashInit[8] = { - 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL -}; -#endif - -#if defined(SHA384_NEEDED) -static const u_int64_t sha384_hashInit[8] = { - 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL -}; -#endif - -#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED) -static const u_int64_t sha512_K[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; -#endif - -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#define R(x,y) ((y) >> (x)) - -#if defined(SHA256_NEEDED) -void sha256_init(sha256_context *ctx) -{ - memcpy(&ctx->sha_H[0], &sha256_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_bufCnt = 0; -} - -#define S(x,y) (((y) >> (x)) | ((y) << (32 - (x)))) -#define uSig0(x) ((S(2,(x))) ^ (S(13,(x))) ^ (S(22,(x)))) -#define uSig1(x) ((S(6,(x))) ^ (S(11,(x))) ^ (S(25,(x)))) -#define lSig0(x) ((S(7,(x))) ^ (S(18,(x))) ^ (R(3,(x)))) -#define lSig1(x) ((S(17,(x))) ^ (S(19,(x))) ^ (R(10,(x)))) - -static void sha256_transform(sha256_context *ctx, const unsigned char *datap) -{ - register int j; - u_int32_t a, b, c, d, e, f, g, h; - u_int32_t T1, T2, W[64], Wm2, Wm15; - - /* read the data, big endian byte order */ - j = 0; - do { - W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) | - (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3])); - datap += 4; - } while(++j < 16); - - /* initialize variables a...h */ - a = ctx->sha_H[0]; - b = ctx->sha_H[1]; - c = ctx->sha_H[2]; - d = ctx->sha_H[3]; - e = ctx->sha_H[4]; - f = ctx->sha_H[5]; - g = ctx->sha_H[6]; - h = ctx->sha_H[7]; - - /* apply compression function */ - j = 0; - do { - if(j >= 16) { - Wm2 = W[j - 2]; - Wm15 = W[j - 15]; - W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16]; - } - T1 = h + uSig1(e) + Ch(e,f,g) + sha256_K[j] + W[j]; - T2 = uSig0(a) + Maj(a,b,c); - h = g; g = f; f = e; - e = d + T1; - d = c; c = b; b = a; - a = T1 + T2; - } while(++j < 64); - - /* compute intermediate hash value */ - ctx->sha_H[0] += a; - ctx->sha_H[1] += b; - ctx->sha_H[2] += c; - ctx->sha_H[3] += d; - ctx->sha_H[4] += e; - ctx->sha_H[5] += f; - ctx->sha_H[6] += g; - ctx->sha_H[7] += h; - - ctx->sha_blocks++; -} - -void sha256_write(sha256_context *ctx, const unsigned char *datap, int length) -{ - while(length > 0) { - if(!ctx->sha_bufCnt) { - while(length >= sizeof(ctx->sha_out)) { - sha256_transform(ctx, datap); - datap += sizeof(ctx->sha_out); - length -= sizeof(ctx->sha_out); - } - if(!length) return; - } - ctx->sha_out[ctx->sha_bufCnt] = *datap++; - length--; - if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { - sha256_transform(ctx, &ctx->sha_out[0]); - ctx->sha_bufCnt = 0; - } - } -} - -void sha256_final(sha256_context *ctx) -{ - register int j; - u_int64_t bitLength; - u_int32_t i; - unsigned char padByte, *datap; - - bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3); - padByte = 0x80; - sha256_write(ctx, &padByte, 1); - - /* pad extra space with zeroes */ - padByte = 0; - while(ctx->sha_bufCnt != 56) { - sha256_write(ctx, &padByte, 1); - } - - /* write bit length, big endian byte order */ - ctx->sha_out[56] = bitLength >> 56; - ctx->sha_out[57] = bitLength >> 48; - ctx->sha_out[58] = bitLength >> 40; - ctx->sha_out[59] = bitLength >> 32; - ctx->sha_out[60] = bitLength >> 24; - ctx->sha_out[61] = bitLength >> 16; - ctx->sha_out[62] = bitLength >> 8; - ctx->sha_out[63] = bitLength; - sha256_transform(ctx, &ctx->sha_out[0]); - - /* return results in ctx->sha_out[0...31] */ - datap = &ctx->sha_out[0]; - j = 0; - do { - i = ctx->sha_H[j]; - datap[0] = i >> 24; - datap[1] = i >> 16; - datap[2] = i >> 8; - datap[3] = i; - datap += 4; - } while(++j < 8); - - /* clear sensitive information */ - memset(&ctx->sha_out[32], 0, sizeof(sha256_context) - 32); -} - -void sha256_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -{ - sha256_context ctx; - - if(ole < 1) return; - memset(ob, 0, ole); - if(ole > 32) ole = 32; - sha256_init(&ctx); - sha256_write(&ctx, ib, ile); - sha256_final(&ctx); - memcpy(ob, &ctx.sha_out[0], ole); - memset(&ctx, 0, sizeof(ctx)); -} - -#endif - -#if defined(SHA512_NEEDED) -void sha512_init(sha512_context *ctx) -{ - memcpy(&ctx->sha_H[0], &sha512_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_blocksMSB = 0; - ctx->sha_bufCnt = 0; -} -#endif - -#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED) -#undef S -#undef uSig0 -#undef uSig1 -#undef lSig0 -#undef lSig1 -#define S(x,y) (((y) >> (x)) | ((y) << (64 - (x)))) -#define uSig0(x) ((S(28,(x))) ^ (S(34,(x))) ^ (S(39,(x)))) -#define uSig1(x) ((S(14,(x))) ^ (S(18,(x))) ^ (S(41,(x)))) -#define lSig0(x) ((S(1,(x))) ^ (S(8,(x))) ^ (R(7,(x)))) -#define lSig1(x) ((S(19,(x))) ^ (S(61,(x))) ^ (R(6,(x)))) - -static void sha512_transform(sha512_context *ctx, const unsigned char *datap) -{ - register int j; - u_int64_t a, b, c, d, e, f, g, h; - u_int64_t T1, T2, W[80], Wm2, Wm15; - - /* read the data, big endian byte order */ - j = 0; - do { - W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) | - (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) | - (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) | - (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7])); - datap += 8; - } while(++j < 16); - - /* initialize variables a...h */ - a = ctx->sha_H[0]; - b = ctx->sha_H[1]; - c = ctx->sha_H[2]; - d = ctx->sha_H[3]; - e = ctx->sha_H[4]; - f = ctx->sha_H[5]; - g = ctx->sha_H[6]; - h = ctx->sha_H[7]; - - /* apply compression function */ - j = 0; - do { - if(j >= 16) { - Wm2 = W[j - 2]; - Wm15 = W[j - 15]; - W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16]; - } - T1 = h + uSig1(e) + Ch(e,f,g) + sha512_K[j] + W[j]; - T2 = uSig0(a) + Maj(a,b,c); - h = g; g = f; f = e; - e = d + T1; - d = c; c = b; b = a; - a = T1 + T2; - } while(++j < 80); - - /* compute intermediate hash value */ - ctx->sha_H[0] += a; - ctx->sha_H[1] += b; - ctx->sha_H[2] += c; - ctx->sha_H[3] += d; - ctx->sha_H[4] += e; - ctx->sha_H[5] += f; - ctx->sha_H[6] += g; - ctx->sha_H[7] += h; - - ctx->sha_blocks++; - if(!ctx->sha_blocks) ctx->sha_blocksMSB++; -} - -void sha512_write(sha512_context *ctx, const unsigned char *datap, int length) -{ - while(length > 0) { - if(!ctx->sha_bufCnt) { - while(length >= sizeof(ctx->sha_out)) { - sha512_transform(ctx, datap); - datap += sizeof(ctx->sha_out); - length -= sizeof(ctx->sha_out); - } - if(!length) return; - } - ctx->sha_out[ctx->sha_bufCnt] = *datap++; - length--; - if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { - sha512_transform(ctx, &ctx->sha_out[0]); - ctx->sha_bufCnt = 0; - } - } -} - -void sha512_final(sha512_context *ctx) -{ - register int j; - u_int64_t bitLength, bitLengthMSB; - u_int64_t i; - unsigned char padByte, *datap; - - bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3); - bitLengthMSB = (ctx->sha_blocksMSB << 10) | (ctx->sha_blocks >> 54); - padByte = 0x80; - sha512_write(ctx, &padByte, 1); - - /* pad extra space with zeroes */ - padByte = 0; - while(ctx->sha_bufCnt != 112) { - sha512_write(ctx, &padByte, 1); - } - - /* write bit length, big endian byte order */ - ctx->sha_out[112] = bitLengthMSB >> 56; - ctx->sha_out[113] = bitLengthMSB >> 48; - ctx->sha_out[114] = bitLengthMSB >> 40; - ctx->sha_out[115] = bitLengthMSB >> 32; - ctx->sha_out[116] = bitLengthMSB >> 24; - ctx->sha_out[117] = bitLengthMSB >> 16; - ctx->sha_out[118] = bitLengthMSB >> 8; - ctx->sha_out[119] = bitLengthMSB; - ctx->sha_out[120] = bitLength >> 56; - ctx->sha_out[121] = bitLength >> 48; - ctx->sha_out[122] = bitLength >> 40; - ctx->sha_out[123] = bitLength >> 32; - ctx->sha_out[124] = bitLength >> 24; - ctx->sha_out[125] = bitLength >> 16; - ctx->sha_out[126] = bitLength >> 8; - ctx->sha_out[127] = bitLength; - sha512_transform(ctx, &ctx->sha_out[0]); - - /* return results in ctx->sha_out[0...63] */ - datap = &ctx->sha_out[0]; - j = 0; - do { - i = ctx->sha_H[j]; - datap[0] = i >> 56; - datap[1] = i >> 48; - datap[2] = i >> 40; - datap[3] = i >> 32; - datap[4] = i >> 24; - datap[5] = i >> 16; - datap[6] = i >> 8; - datap[7] = i; - datap += 8; - } while(++j < 8); - - /* clear sensitive information */ - memset(&ctx->sha_out[64], 0, sizeof(sha512_context) - 64); -} - -void sha512_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -{ - sha512_context ctx; - - if(ole < 1) return; - memset(ob, 0, ole); - if(ole > 64) ole = 64; - sha512_init(&ctx); - sha512_write(&ctx, ib, ile); - sha512_final(&ctx); - memcpy(ob, &ctx.sha_out[0], ole); - memset(&ctx, 0, sizeof(ctx)); -} -#endif - -#if defined(SHA384_NEEDED) -void sha384_init(sha512_context *ctx) -{ - memcpy(&ctx->sha_H[0], &sha384_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_blocksMSB = 0; - ctx->sha_bufCnt = 0; -} - -void sha384_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -{ - sha512_context ctx; - - if(ole < 1) return; - memset(ob, 0, ole); - if(ole > 48) ole = 48; - sha384_init(&ctx); - sha512_write(&ctx, ib, ile); - sha512_final(&ctx); - memcpy(ob, &ctx.sha_out[0], ole); - memset(&ctx, 0, sizeof(ctx)); -} -#endif diff --git a/src/libcrypto/libsha2/sha2.h b/src/libcrypto/libsha2/sha2.h deleted file mode 100644 index 2dc03cfa8..000000000 --- a/src/libcrypto/libsha2/sha2.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef _SHA2_H -#define _SHA2_H -/* - * sha512.h - * - * Written by Jari Ruusu, April 16 2001 - * - * Copyright 2001 by Jari Ruusu. - * Redistribution of this file is permitted under the GNU Public License. - */ - -#ifdef __KERNEL__ -#include <linux/types.h> -#else -#include <sys/types.h> -#endif - -typedef struct { - unsigned char sha_out[64]; /* results are here, bytes 0...31 */ - u_int32_t sha_H[8]; - u_int64_t sha_blocks; - int sha_bufCnt; -} sha256_context; - -typedef struct { - unsigned char sha_out[128]; /* results are here, bytes 0...63 */ - u_int64_t sha_H[8]; - u_int64_t sha_blocks; - u_int64_t sha_blocksMSB; - int sha_bufCnt; -} sha512_context; - -/* no sha384_context, use sha512_context */ - -/* 256 bit hash, provides 128 bits of security against collision attacks */ -extern void sha256_init(sha256_context *); -extern void sha256_write(sha256_context *, const unsigned char *, int); -extern void sha256_final(sha256_context *); -extern void sha256_hash_buffer(unsigned char *, int, unsigned char *, int); - -/* 512 bit hash, provides 256 bits of security against collision attacks */ -extern void sha512_init(sha512_context *); -extern void sha512_write(sha512_context *, const unsigned char *, int); -extern void sha512_final(sha512_context *); -extern void sha512_hash_buffer(unsigned char *, int, unsigned char *, int); - -/* 384 bit hash, provides 192 bits of security against collision attacks */ -extern void sha384_init(sha512_context *); -/* no sha384_write(), use sha512_write() */ -/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */ -extern void sha384_hash_buffer(unsigned char *, int, unsigned char *, int); -#endif /* _SHA2_H */ diff --git a/src/libstrongswan/fips/.gitignore b/src/libstrongswan/fips/.gitignore new file mode 100644 index 000000000..ebb05cff9 --- /dev/null +++ b/src/libstrongswan/fips/.gitignore @@ -0,0 +1,2 @@ +fips_signature.h +fips_signer diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 3522923ab..a90dff7f1 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -119,7 +119,7 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock, */ static unsigned long id_function(void) { - return pthread_self(); + return (unsigned long)pthread_self(); } /** diff --git a/src/manager/.gitignore b/src/manager/.gitignore new file mode 100644 index 000000000..8081a964f --- /dev/null +++ b/src/manager/.gitignore @@ -0,0 +1 @@ +manager.fcgi diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index 23fa5423a..4d4c977b2 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -32,8 +32,6 @@ kernel_pfkey.c kernel_pfkey.h \ keys.c keys.h \ lex.c lex.h \ log.c log.h \ -md2.c md2.h \ -md5.c md5.h \ modecfg.c modecfg.h \ mp_defs.c mp_defs.h \ nat_traversal.c nat_traversal.h \ @@ -46,7 +44,6 @@ pkcs7.c pkcs7.h \ plutomain.c \ rcv_whack.c rcv_whack.h \ server.c server.h \ -sha1.c sha1.h \ smartcard.c smartcard.h \ spdb.c spdb.h \ state.c state.h \ diff --git a/src/pluto/alg/ike_alg_sha2.c b/src/pluto/alg/ike_alg_sha2.c index 6b7c8438c..41da10013 100644 --- a/src/pluto/alg/ike_alg_sha2.c +++ b/src/pluto/alg/ike_alg_sha2.c @@ -4,34 +4,14 @@ #include <sys/types.h> #include <freeswan.h> +#include <crypto/hashers/hasher.h> + #include "constants.h" #include "defs.h" #include "log.h" -#include "libsha2/sha2.h" #include "alg_info.h" #include "ike_alg.h" -static void -sha256_hash_final(u_char *hash, sha256_context *ctx) -{ - sha256_final(ctx); - memcpy(hash, ctx->sha_out, SHA2_256_DIGEST_SIZE); -} - -static void -sha384_hash_final(u_char *hash, sha512_context *ctx) -{ - sha512_final(ctx); - memcpy(hash, ctx->sha_out, SHA2_384_DIGEST_SIZE); -} - -static void -sha512_hash_final(u_char *hash, sha512_context *ctx) -{ - sha512_final(ctx); - memcpy(hash, ctx->sha_out, SHA2_512_DIGEST_SIZE); -} - /* SHA-256 hash test vectors * from "The Secure Hash Algorithm Validation System (SHAVS)" * July 22, 2004, Lawrence E. Bassham III, NIST @@ -572,42 +552,27 @@ struct hash_desc hash_desc_sha2_256 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_256, algo_next: NULL, - hash_ctx_size: sizeof(sha256_context), - hash_block_size: SHA2_256_BLOCK_SIZE, - hash_digest_size: SHA2_256_DIGEST_SIZE, + hash_digest_size: HASH_SIZE_SHA256, hash_testvectors: sha256_hash_testvectors, - hmac_testvectors: sha256_hmac_testvectors, - hash_init: (void (*)(void *))sha256_init, - hash_update: (void (*)(void *, const u_char *, size_t ))sha256_write, - hash_final:(void (*)(u_char *, void *))sha256_hash_final + hmac_testvectors: sha256_hmac_testvectors }; struct hash_desc hash_desc_sha2_384 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_384, algo_next: NULL, - hash_ctx_size: sizeof(sha512_context), - hash_block_size: SHA2_384_BLOCK_SIZE, - hash_digest_size: SHA2_384_DIGEST_SIZE, + hash_digest_size: HASH_SIZE_SHA384, hash_testvectors: sha384_hash_testvectors, - hmac_testvectors: sha384_hmac_testvectors, - hash_init: (void (*)(void *))sha384_init, - hash_update: (void (*)(void *, const u_char *, size_t ))sha512_write, - hash_final:(void (*)(u_char *, void *))sha384_hash_final + hmac_testvectors: sha384_hmac_testvectors }; struct hash_desc hash_desc_sha2_512 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_512, algo_next: NULL, - hash_ctx_size: sizeof(sha512_context), - hash_block_size: SHA2_512_BLOCK_SIZE, - hash_digest_size: SHA2_512_DIGEST_SIZE, + hash_digest_size: HASH_SIZE_SHA512, hash_testvectors: sha512_hash_testvectors, - hmac_testvectors: sha512_hmac_testvectors, - hash_init: (void (*)(void *))sha512_init, - hash_update: (void (*)(void *, const u_char *, size_t ))sha512_write, - hash_final:(void (*)(u_char *, void *))sha512_hash_final + hmac_testvectors: sha512_hmac_testvectors }; int ike_alg_sha2_init(void); diff --git a/src/pluto/constants.c b/src/pluto/constants.c index a8985be8f..810d76bcb 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -1364,6 +1364,6 @@ void init_constants(void) happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all)); } -u_char secret_of_the_day[SHA1_DIGEST_SIZE]; +u_char secret_of_the_day[HASH_SIZE_SHA1]; diff --git a/src/pluto/constants.h b/src/pluto/constants.h index aa7a75828..56e9321e8 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -18,6 +18,7 @@ #define _CONSTANTS_H #include <utils.h> +#include <crypto/hashers/hasher.h> extern const char compile_time_interop_options[]; @@ -278,32 +279,16 @@ extern const char sparse_end[]; #define COOKIE_SIZE 8 #define MAX_ISAKMP_SPI_SIZE 16 -#define MD2_DIGEST_SIZE (128 / BITS_PER_BYTE) -#define MD5_DIGEST_SIZE (128 / BITS_PER_BYTE) -#define SHA1_DIGEST_SIZE (160 / BITS_PER_BYTE) -#define SHA2_256_DIGEST_SIZE (256 / BITS_PER_BYTE) -#define SHA2_384_DIGEST_SIZE (384 / BITS_PER_BYTE) -#define SHA2_512_DIGEST_SIZE (512 / BITS_PER_BYTE) - -#define MD5_BLOCK_SIZE (512 / BITS_PER_BYTE) -#define SHA1_BLOCK_SIZE (512 / BITS_PER_BYTE) -#define SHA2_256_BLOCK_SIZE (512 / BITS_PER_BYTE) -#define SHA2_384_BLOCK_SIZE (1024 / BITS_PER_BYTE) -#define SHA2_512_BLOCK_SIZE (1024 / BITS_PER_BYTE) - #define DES_CBC_BLOCK_SIZE (64 / BITS_PER_BYTE) -#define DSS_QBITS 160 /* bits in DSS's "q" (FIPS 186-1) */ - /* Maximum is required for SHA2_512 */ -#define MAX_DIGEST_LEN SHA2_512_DIGEST_SIZE -#define MAX_HASH_BLOCK_SIZE SHA2_512_BLOCK_SIZE +#define MAX_DIGEST_LEN HASH_SIZE_SHA512 /* RFC 2404 "HMAC-SHA-1-96" section 3 */ -#define HMAC_SHA1_KEY_LEN SHA1_DIGEST_SIZE +#define HMAC_SHA1_KEY_LEN HASH_SIZE_SHA1 /* RFC 2403 "HMAC-MD5-96" section 3 */ -#define HMAC_MD5_KEY_LEN MD5_DIGEST_SIZE +#define HMAC_MD5_KEY_LEN HASH_SIZE_MD5 #define IKE_UDP_PORT 500 @@ -1269,6 +1254,6 @@ enum dns_auth_level { extern const char *const natt_type_bitnames[]; /* secret value for responder cookies */ -extern u_char secret_of_the_day[SHA1_DIGEST_SIZE]; +extern u_char secret_of_the_day[HASH_SIZE_SHA1]; #endif /* _CONSTANTS_H */ diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 6a885b885..579e257f2 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -24,6 +24,8 @@ #include <errno.h> +#include <crypto/hashers/hasher.h> + #include "constants.h" #include "defs.h" #include "state.h" @@ -298,14 +300,9 @@ static struct hash_desc crypto_hasher_md5 = algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, algo_next: NULL, - hash_ctx_size: sizeof(MD5_CTX), - hash_block_size: MD5_BLOCK_SIZE, - hash_digest_size: MD5_DIGEST_SIZE, + hash_digest_size: HASH_SIZE_MD5, hash_testvectors: md5_hash_testvectors, hmac_testvectors: md5_hmac_testvectors, - hash_init: (void (*)(void *)) MD5Init, - hash_update: (void (*)(void *, const u_int8_t *, size_t)) MD5Update, - hash_final: (void (*)(u_char *, void *)) MD5Final }; /* SHA-1 test vectors @@ -439,14 +436,9 @@ static struct hash_desc crypto_hasher_sha1 = algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, algo_next: NULL, - hash_ctx_size: sizeof(SHA1_CTX), - hash_block_size: SHA1_BLOCK_SIZE, - hash_digest_size: SHA1_DIGEST_SIZE, + hash_digest_size: HASH_SIZE_SHA1, hash_testvectors: sha1_hash_testvectors, - hmac_testvectors: sha1_hmac_testvectors, - hash_init: (void (*)(void *)) SHA1Init, - hash_update: (void (*)(void *, const u_int8_t *, size_t)) SHA1Update, - hash_final: (void (*)(u_char *, void *)) SHA1Final + hmac_testvectors: sha1_hmac_testvectors }; void init_crypto(void) @@ -565,68 +557,6 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, */ } -/* HMAC package - * rfc2104.txt specifies how HMAC works. - */ - -void hmac_init(struct hmac_ctx *ctx, const struct hash_desc *h, - const u_char *key, size_t key_len) -{ - int k; - - ctx->h = h; - ctx->hmac_digest_size = h->hash_digest_size; - - /* Prepare the two pads for the HMAC */ - - memset(ctx->buf1, '\0', h->hash_block_size); - - if (key_len <= h->hash_block_size) - { - memcpy(ctx->buf1, key, key_len); - } - else - { - h->hash_init(&ctx->hash_ctx); - h->hash_update(&ctx->hash_ctx, key, key_len); - h->hash_final(ctx->buf1, &ctx->hash_ctx); - } - - memcpy(ctx->buf2, ctx->buf1, h->hash_block_size); - - for (k = 0; k < h->hash_block_size; k++) - { - ctx->buf1[k] ^= HMAC_IPAD; - ctx->buf2[k] ^= HMAC_OPAD; - } - - hmac_reinit(ctx); -} - -void hmac_reinit(struct hmac_ctx *ctx) -{ - ctx->h->hash_init(&ctx->hash_ctx); - ctx->h->hash_update(&ctx->hash_ctx, ctx->buf1, ctx->h->hash_block_size); -} - -void hmac_update(struct hmac_ctx *ctx, - const u_char *data, size_t data_len) -{ - ctx->h->hash_update(&ctx->hash_ctx, data, data_len); -} - -void hmac_final(u_char *output, struct hmac_ctx *ctx) -{ - const struct hash_desc *h = ctx->h; - - h->hash_final(output, &ctx->hash_ctx); - - h->hash_init(&ctx->hash_ctx); - h->hash_update(&ctx->hash_ctx, ctx->buf2, h->hash_block_size); - h->hash_update(&ctx->hash_ctx, output, h->hash_digest_size); - h->hash_final(output, &ctx->hash_ctx); -} - hash_algorithm_t oakley_to_hash_algorithm(int alg) { switch (alg) diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h index 72df70ef6..4fc9b2356 100644 --- a/src/pluto/crypto.h +++ b/src/pluto/crypto.h @@ -17,9 +17,6 @@ #include <crypto/hashers/hasher.h> #include <crypto/prfs/prf.h> -#include "md5.h" -#include "sha1.h" -#include "libsha2/sha2.h" #include "ike_alg.h" extern void init_crypto(void); @@ -63,54 +60,7 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, s /* unification of cryptographic hashing mechanisms */ -#ifndef NO_HASH_CTX -union hash_ctx { - MD5_CTX ctx_md5; - SHA1_CTX ctx_sha1; - sha256_context ctx_sha256; - sha512_context ctx_sha512; - }; - -/* HMAC package - * Note that hmac_ctx can be (and is) copied since there are - * no persistent pointers into it. - */ - -struct hmac_ctx { - const struct hash_desc *h; /* underlying hash function */ - size_t hmac_digest_size; /* copy of h->hash_digest_size */ - union hash_ctx hash_ctx; /* ctx for hash function */ - u_char buf1[MAX_HASH_BLOCK_SIZE]; - u_char buf2[MAX_HASH_BLOCK_SIZE]; - }; - -extern void hmac_init( - struct hmac_ctx *ctx, - const struct hash_desc *h, - const u_char *key, - size_t key_len); - -#define hmac_init_chunk(ctx, h, ch) hmac_init((ctx), (h), (ch).ptr, (ch).len) - -extern void hmac_reinit(struct hmac_ctx *ctx); /* saves recreating pads */ - -extern void hmac_update( - struct hmac_ctx *ctx, - const u_char *data, - size_t data_len); - -#define hmac_update_chunk(ctx, ch) hmac_update((ctx), (ch).ptr, (ch).len) - -extern void hmac_final(u_char *output, struct hmac_ctx *ctx); - -#define hmac_final_chunk(ch, name, ctx) { \ - free((ch).ptr); \ - (ch).len = (ctx)->hmac_digest_size; \ - (ch).ptr = malloc((ch).len); \ - hmac_final((ch).ptr, (ctx)); \ - } extern hash_algorithm_t oakley_to_hash_algorithm(int alg); extern pseudo_random_function_t oakley_to_prf(int alg); -#endif diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 2995e32fb..5056e82ab 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -21,6 +21,10 @@ #include <freeswan.h> #include <ipsec_policy.h> +#include <library.h> +#include <crypto/hashers/hasher.h> +#include <crypto/prfs/prf.h> + #include "constants.h" #include "defs.h" #include "crypto.h" @@ -144,22 +148,6 @@ ike_alg_register_hash(struct hash_desc *hash_desc) return_on(ret,-EINVAL); } - if (hash_desc->hash_ctx_size > sizeof (union hash_ctx)) - { - plog ("ike_alg: hash alg=%d has ctx_size=%d > hash_ctx=%d" - , hash_desc->algo_id - , (int)hash_desc->hash_ctx_size - , (int)sizeof (union hash_ctx)); - return_on(ret,-EOVERFLOW); - } - - if (!(hash_desc->hash_init && hash_desc->hash_update && hash_desc->hash_final)) - { - plog ("ike_alg: hash alg=%d needs hash_init(), hash_update() and hash_final()" - , hash_desc->algo_id); - return_on(ret,-EINVAL); - } - alg_name = enum_name(&oakley_hash_names, hash_desc->algo_id); if (!alg_name) { @@ -443,23 +431,32 @@ ike_hash_test(const struct hash_desc *desc) if (desc->hash_testvectors == NULL) { - plog(" %s hash self-test not available", enum_name(&oakley_hash_names, desc->algo_id)); + plog(" %s hash self-test not available", + enum_name(&oakley_hash_names, desc->algo_id)); } else { int i; + hash_algorithm_t hash_alg; + hasher_t *hasher; + hash_alg = oakley_to_hash_algorithm(desc->algo_id); + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (hasher == NULL) + { + plog(" %s hash function not available", + enum_name(&oakley_hash_names, desc->algo_id)); + return FALSE; + } + for (i = 0; desc->hash_testvectors[i].msg_digest != NULL; i++) { u_char digest[MAX_DIGEST_LEN]; + chunk_t msg = { desc->hash_testvectors[i].msg, + desc->hash_testvectors[i].msg_size }; bool result; - union hash_ctx ctx; - - desc->hash_init(&ctx); - desc->hash_update(&ctx, desc->hash_testvectors[i].msg - ,desc->hash_testvectors[i].msg_size); - desc->hash_final(digest, &ctx); + hasher->get_hash(hasher, msg, digest); result = memeq(digest, desc->hash_testvectors[i].msg_digest , desc->hash_digest_size); DBG(DBG_CRYPT, @@ -467,8 +464,9 @@ ike_hash_test(const struct hash_desc *desc) ) hash_results &= result; } - plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id) - , hash_results ? "passed":"failed"); + hasher->destroy(hasher); + plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id), + hash_results ? "passed":"failed"); } if (desc->hmac_testvectors == NULL) @@ -478,21 +476,32 @@ ike_hash_test(const struct hash_desc *desc) else { int i; + pseudo_random_function_t prf_alg; + + prf_alg = oakley_to_prf(desc->algo_id); for (i = 0; desc->hmac_testvectors[i].hmac != NULL; i++) { u_char digest[MAX_DIGEST_LEN]; + chunk_t key = { desc->hmac_testvectors[i].key, + desc->hmac_testvectors[i].key_size }; + chunk_t msg = { desc->hmac_testvectors[i].msg, + desc->hmac_testvectors[i].msg_size }; + prf_t *prf; bool result; - struct hmac_ctx ctx; - - hmac_init(&ctx, desc, desc->hmac_testvectors[i].key - , desc->hmac_testvectors[i].key_size); - hmac_update(&ctx, desc->hmac_testvectors[i].msg - ,desc->hmac_testvectors[i].msg_size); - hmac_final(digest, &ctx); - result = memeq(digest, desc->hmac_testvectors[i].hmac - , desc->hash_digest_size); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + if (prf == NULL) + { + plog(" %s hmac function not available", + enum_name(&oakley_hash_names, desc->algo_id)); + return FALSE; + } + prf->set_key(prf, key); + prf->get_bytes(prf, msg, digest); + prf->destroy(prf); + result = memeq(digest, desc->hmac_testvectors[i].hmac, + desc->hash_digest_size); DBG(DBG_CRYPT, DBG_log(" hmac testvector %d: %s", i, result ? "ok":"failed") ) diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h index 5334ad8c0..3bf93b9f6 100644 --- a/src/pluto/ike_alg.h +++ b/src/pluto/ike_alg.h @@ -57,15 +57,9 @@ struct hash_desc { u_int16_t algo_type; u_int16_t algo_id; struct ike_alg *algo_next; - - size_t hash_ctx_size; - size_t hash_block_size; size_t hash_digest_size; const hash_testvector_t *hash_testvectors; const hmac_testvector_t *hmac_testvectors; - void (*hash_init)(void *ctx); - void (*hash_update)(void *ctx, const u_int8_t *in, size_t datasize); - void (*hash_final)(u_int8_t *out, void *ctx); }; #define IKE_ALG_ENCRYPT 0 diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 11d4645cf..9d4b30cbc 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -33,6 +33,7 @@ #include <asn1/asn1.h> #include <crypto/hashers/hasher.h> #include <crypto/prfs/prf.h> +#include <crypto/prf_plus.h> #include <crypto/rngs/rng.h> #include "constants.h" @@ -397,16 +398,22 @@ static void send_notification(struct state *sndst, u_int16_t type, /* calculate hash value and patch into Hash Payload */ if (encst) { - struct hmac_ctx ctx; - hmac_init_chunk(&ctx, encst->st_oakley.hasher, encst->st_skeyid_a); - hmac_update(&ctx, (u_char *) &msgid, sizeof(msgid_t)); - hmac_update(&ctx, r_hash_start, r_hdr_pbs.cur-r_hash_start); - hmac_final(r_hashval, &ctx); + chunk_t msgid_chunk = chunk_from_thing(msgid); + chunk_t msg_chunk = { r_hash_start, r_hdr_pbs.cur-r_hash_start }; + pseudo_random_function_t prf_alg; + prf_t *prf; + + prf_alg = oakley_to_prf(encst->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, encst->st_skeyid_a); + prf->get_bytes(prf, msgid_chunk, NULL); + prf->get_bytes(prf, msg_chunk, r_hashval); DBG(DBG_CRYPT, DBG_log("HASH computed:"); - DBG_dump("", r_hashval, ctx.hmac_digest_size); + DBG_dump("", r_hashval, prf->get_block_size(prf)); ) + prf->destroy(prf); } /* Encrypt message (preserve st_iv and st_new_iv) */ @@ -648,16 +655,23 @@ void send_delete(struct state *st) /* calculate hash value and patch into Hash Payload */ { - struct hmac_ctx ctx; - hmac_init_chunk(&ctx, p1st->st_oakley.hasher, p1st->st_skeyid_a); - hmac_update(&ctx, (u_char *) &msgid, sizeof(msgid_t)); - hmac_update(&ctx, r_hash_start, r_hdr_pbs.cur-r_hash_start); - hmac_final(r_hashval, &ctx); + chunk_t msgid_chunk = chunk_from_thing(msgid); + chunk_t msg_chunk = { r_hash_start, r_hdr_pbs.cur-r_hash_start }; + pseudo_random_function_t prf_alg; + prf_t *prf; + + prf_alg = oakley_to_prf(p1st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, p1st->st_skeyid_a); + prf->get_bytes(prf, msgid_chunk, NULL); + prf->get_bytes(prf, msg_chunk, r_hashval); DBG(DBG_CRYPT, DBG_log("HASH(1) computed:"); - DBG_dump("", r_hashval, ctx.hmac_digest_size); + DBG_dump("", r_hashval, prf->get_block_size(prf)); ) + + prf->destroy(prf); } /* Do a dance to avoid needing a new state object. @@ -1172,8 +1186,8 @@ static bool skeyid_preshared(struct state *st) prf = lib->crypto->create_prf(lib->crypto, prf_alg); if (prf == NULL) { - loglog(RC_LOG_SERIOUS, "%N not available to compute skeyid", - pseudo_random_function_names, prf_alg); + loglog(RC_LOG_SERIOUS, "%N not available to compute skeyid", + pseudo_random_function_names, prf_alg); return FALSE; } free(st->st_skeyid.ptr); @@ -1317,32 +1331,32 @@ static bool generate_skeyids_iv(struct state *st) * See RFC 2409 "IKE" Appendix B */ { - /* const size_t keysize = st->st_oakley.encrypter->keydeflen/BITS_PER_BYTE; */ - const size_t keysize = st->st_oakley.enckeylen/BITS_PER_BYTE; - u_char keytemp[MAX_OAKLEY_KEY_LEN + MAX_DIGEST_LEN]; - u_char *k = st->st_skeyid_e.ptr; + size_t keysize = st->st_oakley.enckeylen/BITS_PER_BYTE; + + /* free any existing key */ + free(st->st_enc_key.ptr); if (keysize > st->st_skeyid_e.len) { - struct hmac_ctx ctx; - size_t i = 0; - - hmac_init_chunk(&ctx, st->st_oakley.hasher, st->st_skeyid_e); - hmac_update(&ctx, "\0", 1); - for (;;) - { - hmac_final(&keytemp[i], &ctx); - i += ctx.hmac_digest_size; - if (i >= keysize) - break; - hmac_reinit(&ctx); - hmac_update(&ctx, &keytemp[i - ctx.hmac_digest_size], ctx.hmac_digest_size); - } - k = keytemp; + char seed_buf[] = { 0x00 }; + chunk_t seed = chunk_from_buf(seed_buf); + pseudo_random_function_t prf_alg; + prf_plus_t *prf_plus; + prf_t *prf; + + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, st->st_skeyid_e); + prf_plus = prf_plus_create(prf, seed); + prf_plus->allocate_bytes(prf_plus, keysize, &st->st_enc_key); + prf_plus->destroy(prf_plus); + prf->destroy(prf); } - free(st->st_enc_key.ptr); - st->st_enc_key = chunk_create(k, keysize); - st->st_enc_key = chunk_clone(st->st_enc_key); + else + { + st->st_enc_key = chunk_create(st->st_skeyid_e.ptr, keysize); + st->st_enc_key = chunk_clone(st->st_enc_key); + } } DBG(DBG_CRYPT, @@ -1361,96 +1375,56 @@ static bool generate_skeyids_iv(struct state *st) * If the hashi argument is TRUE, generate HASH_I; if FALSE generate HASH_R. * If hashus argument is TRUE, we're generating a hash for our end. * See RFC2409 IKE 5. - * - * Generating the SIG_I and SIG_R for DSS is an odd perversion of this: - * Most of the logic is the same, but SHA-1 is used in place of HMAC-whatever. - * The extensive common logic is embodied in main_mode_hash_body(). - * See draft-ietf-ipsec-ike-01.txt 4.1 and 6.1.1.2 */ - -typedef void (*hash_update_t)(union hash_ctx *, const u_char *, size_t) ; - -static void main_mode_hash_body(struct state *st, bool hashi, - const pb_stream *idpl, union hash_ctx *ctx, - void (*hash_update_void)(void *, const u_char *input, size_t)) + static size_t main_mode_hash(struct state *st, u_char *hash_val, bool hashi, + const pb_stream *idpl) { -#define HASH_UPDATE_T (union hash_ctx *, const u_char *input, unsigned int len) - hash_update_t hash_update=(hash_update_t) hash_update_void; -#if 0 /* if desperate to debug hashing */ -# define hash_update(ctx, input, len) { \ - DBG_dump("hash input", input, len); \ - (hash_update)(ctx, input, len); \ - } -#endif + chunk_t icookie = { st->st_icookie, COOKIE_SIZE }; + chunk_t rcookie = { st->st_rcookie, COOKIE_SIZE }; + chunk_t sa_body = { st->st_p1isa.ptr + sizeof(struct isakmp_generic), + st->st_p1isa.len - sizeof(struct isakmp_generic) }; + chunk_t id_body = { idpl->start + sizeof(struct isakmp_generic), + pbs_offset(idpl) - sizeof(struct isakmp_generic) }; + pseudo_random_function_t prf_alg; + prf_t *prf; + size_t prf_block_size; -# define hash_update_chunk(ctx, ch) hash_update((ctx), (ch).ptr, (ch).len) + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, st->st_skeyid); if (hashi) { - hash_update_chunk(ctx, st->st_gi); - hash_update_chunk(ctx, st->st_gr); - hash_update(ctx, st->st_icookie, COOKIE_SIZE); - hash_update(ctx, st->st_rcookie, COOKIE_SIZE); + prf->get_bytes(prf, st->st_gi, NULL); + prf->get_bytes(prf, st->st_gr, NULL); + prf->get_bytes(prf, icookie, NULL); + prf->get_bytes(prf, rcookie, NULL); } else { - hash_update_chunk(ctx, st->st_gr); - hash_update_chunk(ctx, st->st_gi); - hash_update(ctx, st->st_rcookie, COOKIE_SIZE); - hash_update(ctx, st->st_icookie, COOKIE_SIZE); + prf->get_bytes(prf, st->st_gr, NULL); + prf->get_bytes(prf, st->st_gi, NULL); + prf->get_bytes(prf, rcookie, NULL); + prf->get_bytes(prf, icookie, NULL); } - DBG(DBG_CRYPT, DBG_log("hashing %lu bytes of SA" - , (unsigned long) (st->st_p1isa.len - sizeof(struct isakmp_generic)))); - - /* SA_b */ - hash_update(ctx, st->st_p1isa.ptr + sizeof(struct isakmp_generic) - , st->st_p1isa.len - sizeof(struct isakmp_generic)); + DBG(DBG_CRYPT, + DBG_log("hashing %u bytes of SA", sa_body.len) + ) + prf->get_bytes(prf, sa_body, NULL); /* Hash identification payload, without generic payload header. * We used to reconstruct ID Payload for this purpose, but now * we use the bytes as they appear on the wire to avoid * "spelling problems". */ - hash_update(ctx - , idpl->start + sizeof(struct isakmp_generic) - , pbs_offset(idpl) - sizeof(struct isakmp_generic)); - -# undef hash_update_chunk -# undef hash_update -} - -static size_t /* length of hash */ -main_mode_hash(struct state *st, u_char *hash_val, bool hashi, - const pb_stream *idpl) -{ - struct hmac_ctx ctx; + prf->get_bytes(prf, id_body, hash_val); + prf_block_size = prf->get_block_size(prf); + prf->destroy(prf); - hmac_init_chunk(&ctx, st->st_oakley.hasher, st->st_skeyid); - main_mode_hash_body(st, hashi, idpl, &ctx.hash_ctx, ctx.h->hash_update); - hmac_final(hash_val, &ctx); - return ctx.hmac_digest_size; + return prf_block_size; } -#if 0 /* only needed for DSS */ -static void -main_mode_sha1(struct state *st -, u_char *hash_val /* resulting bytes */ -, size_t *hash_len /* length of hash */ -, bool hashi /* Initiator? */ -, const pb_stream *idpl) /* ID payload, as PBS */ -{ - union hash_ctx ctx; - - SHA1Init(&ctx.ctx_sha1); - SHA1Update(&ctx.ctx_sha1, st->st_skeyid.ptr, st->st_skeyid.len); - *hash_len = SHA1_DIGEST_SIZE; - main_mode_hash_body(st, hashi, idpl, &ctx - , (void (*)(union hash_ctx *, const u_char *, unsigned int))&SHA1Update); - SHA1Final(hash_val, &ctx.ctx_sha1); -} -#endif - /* Create an RSA signature of a hash. * Poorly specified in draft-ietf-ipsec-ike-01.txt 6.1.1.2. * Use PKCS#1 version 1.5 encryption of hash (called @@ -1911,31 +1885,33 @@ encrypt_message(pb_stream *pbs, struct state *st) * Used by: quick_outI1, quick_inI1_outR1 (twice), quick_inR1_outI2 * (see RFC 2409 "IKE" 5.5, pg. 18 or draft-ietf-ipsec-ike-01.txt 6.2 pg 25) */ -static size_t quick_mode_hash12(u_char *dest, const u_char *start, - const u_char *roof, const struct state *st, - const msgid_t *msgid, bool hash2) +static size_t quick_mode_hash12(u_char *dest, u_char *start, u_char *roof, + const struct state *st, const msgid_t *msgid, + bool hash2) { - struct hmac_ctx ctx; + chunk_t msgid_chunk = chunk_from_thing(*msgid); + chunk_t msg_chunk = { start, roof - start }; + pseudo_random_function_t prf_alg; + prf_t *prf; + size_t prf_block_size; -#if 0 /* if desperate to debug hashing */ -# define hmac_update(ctx, ptr, len) { \ - DBG_dump("hash input", (ptr), (len)); \ - (hmac_update)((ctx), (ptr), (len)); \ - } - DBG_dump("hash key", st->st_skeyid_a.ptr, st->st_skeyid_a.len); -#endif - hmac_init_chunk(&ctx, st->st_oakley.hasher, st->st_skeyid_a); - hmac_update(&ctx, (const void *) msgid, sizeof(msgid_t)); + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, st->st_skeyid_a); + prf->get_bytes(prf, msgid_chunk, NULL); if (hash2) - hmac_update_chunk(&ctx, st->st_ni); /* include Ni_b in the hash */ - hmac_update(&ctx, start, roof-start); - hmac_final(dest, &ctx); + { + prf->get_bytes(prf, st->st_ni, NULL); /* include Ni_b in the hash */ + } + prf->get_bytes(prf, msg_chunk, dest); + prf_block_size = prf->get_block_size(prf); + prf->destroy(prf); DBG(DBG_CRYPT, DBG_log("HASH(%d) computed:", hash2 + 1); - DBG_dump("", dest, ctx.hmac_digest_size)); - return ctx.hmac_digest_size; -# undef hmac_update + DBG_dump("", dest, prf_block_size) + ) + return prf_block_size; } /* Compute HASH(3) in Quick Mode (part of Quick I2 message). @@ -1946,16 +1922,25 @@ static size_t quick_mode_hash12(u_char *dest, const u_char *start, */ static size_t quick_mode_hash3(u_char *dest, struct state *st) { - struct hmac_ctx ctx; - - hmac_init_chunk(&ctx, st->st_oakley.hasher, st->st_skeyid_a); - hmac_update(&ctx, "\0", 1); - hmac_update(&ctx, (u_char *) &st->st_msgid, sizeof(st->st_msgid)); - hmac_update_chunk(&ctx, st->st_ni); - hmac_update_chunk(&ctx, st->st_nr); - hmac_final(dest, &ctx); - DBG_cond_dump(DBG_CRYPT, "HASH(3) computed:", dest, ctx.hmac_digest_size); - return ctx.hmac_digest_size; + char seed_buf[] = { 0x00 }; + chunk_t seed_chunk = chunk_from_buf(seed_buf); + chunk_t msgid_chunk = chunk_from_thing(st->st_msgid); + pseudo_random_function_t prf_alg; + prf_t *prf; + size_t prf_block_size; + + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, st->st_skeyid_a); + prf->get_bytes(prf, seed_chunk, NULL ); + prf->get_bytes(prf, msgid_chunk, NULL); + prf->get_bytes(prf, st->st_ni, NULL); + prf->get_bytes(prf, st->st_nr, dest); + prf_block_size = prf->get_block_size(prf); + prf->destroy(prf); + + DBG_cond_dump(DBG_CRYPT, "HASH(3) computed:", dest, prf_block_size); + return prf_block_size; } /* Compute Phase 2 IV. @@ -1963,23 +1948,26 @@ static size_t quick_mode_hash3(u_char *dest, struct state *st) */ void init_phase2_iv(struct state *st, const msgid_t *msgid) { - const struct hash_desc *h = st->st_oakley.hasher; - union hash_ctx ctx; + chunk_t iv_chunk = { st->st_ph1_iv, st->st_ph1_iv_len }; + chunk_t msgid_chunk = chunk_from_thing(*msgid); + hash_algorithm_t hash_alg; + hasher_t *hasher; - DBG_cond_dump(DBG_CRYPT, "last Phase 1 IV:" - , st->st_ph1_iv, st->st_ph1_iv_len); + hash_alg = oakley_to_hash_algorithm(st->st_oakley.hasher->algo_id); + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); - st->st_new_iv_len = h->hash_digest_size; - passert(st->st_new_iv_len <= sizeof(st->st_new_iv)); + DBG_cond_dump(DBG_CRYPT, "last Phase 1 IV:", + st->st_ph1_iv, st->st_ph1_iv_len); - h->hash_init(&ctx); - h->hash_update(&ctx, st->st_ph1_iv, st->st_ph1_iv_len); - passert(*msgid != 0); - h->hash_update(&ctx, (const u_char *)msgid, sizeof(*msgid)); - h->hash_final(st->st_new_iv, &ctx); + st->st_new_iv_len = hasher->get_hash_size(hasher); + passert(st->st_new_iv_len <= sizeof(st->st_new_iv)); + + hasher->get_hash(hasher, iv_chunk, NULL); + hasher->get_hash(hasher, msgid_chunk, st->st_new_iv); + hasher->destroy(hasher); - DBG_cond_dump(DBG_CRYPT, "computed Phase 2 IV:" - , st->st_new_iv, st->st_new_iv_len); + DBG_cond_dump(DBG_CRYPT, "computed Phase 2 IV:", + st->st_new_iv, st->st_new_iv_len); } /* Initiate quick mode. @@ -2872,62 +2860,68 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, pi->keymat_len = needed_len; - /* Allocate space for the keying material. - * Although only needed_len bytes are desired, we - * must round up to a multiple of ctx.hmac_digest_size + /* Allocate space for the keying material. Although only needed_len bytes + * are desired, we must round up to a multiple of hash_size * so that our buffer isn't overrun. */ { - struct hmac_ctx ctx_me, ctx_peer; - size_t needed_space; /* space needed for keying material (rounded up) */ - size_t i; + size_t needed_space; /* space needed for keying material (rounded up) */ + size_t i, prf_block_size; + chunk_t protoid_chunk = chunk_from_thing(protoid); + chunk_t spi_our = chunk_from_thing(pi->our_spi); + chunk_t spi_peer = chunk_from_thing(pi->attrs.spi); + pseudo_random_function_t prf_alg; + prf_t *prf_our, *prf_peer; - hmac_init_chunk(&ctx_me, st->st_oakley.hasher, st->st_skeyid_d); - ctx_peer = ctx_me; /* duplicate initial conditions */ + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf_our = lib->crypto->create_prf(lib->crypto, prf_alg); + prf_peer = lib->crypto->create_prf(lib->crypto, prf_alg); + prf_our->set_key(prf_our, st->st_skeyid_d); + prf_peer->set_key(prf_peer, st->st_skeyid_d); + prf_block_size = prf_our->get_block_size(prf_our); - needed_space = needed_len + pad_up(needed_len, ctx_me.hmac_digest_size); + needed_space = needed_len + pad_up(needed_len, prf_block_size); replace(pi->our_keymat, malloc(needed_space)); replace(pi->peer_keymat, malloc(needed_space)); for (i = 0;; ) { + char *keymat_i_our = pi->our_keymat + i; + char *keymat_i_peer = pi->peer_keymat + i; + chunk_t keymat_our = { keymat_i_our, prf_block_size }; + chunk_t keymat_peer = { keymat_i_peer, prf_block_size }; + if (st->st_shared.ptr != NULL) { /* PFS: include the g^xy */ - hmac_update_chunk(&ctx_me, st->st_shared); - hmac_update_chunk(&ctx_peer, st->st_shared); + prf_our->get_bytes(prf_our, st->st_shared, NULL); + prf_peer->get_bytes(prf_peer, st->st_shared, NULL); } - hmac_update(&ctx_me, &protoid, sizeof(protoid)); - hmac_update(&ctx_peer, &protoid, sizeof(protoid)); + prf_our->get_bytes(prf_our, protoid_chunk, NULL); + prf_peer->get_bytes(prf_peer, protoid_chunk, NULL); - hmac_update(&ctx_me, (u_char *)&pi->our_spi, sizeof(pi->our_spi)); - hmac_update(&ctx_peer, (u_char *)&pi->attrs.spi, sizeof(pi->attrs.spi)); + prf_our->get_bytes(prf_our, spi_our, NULL); + prf_peer->get_bytes(prf_peer, spi_peer, NULL); - hmac_update_chunk(&ctx_me, st->st_ni); - hmac_update_chunk(&ctx_peer, st->st_ni); + prf_our->get_bytes(prf_our, st->st_ni, NULL); + prf_peer->get_bytes(prf_peer, st->st_ni, NULL); - hmac_update_chunk(&ctx_me, st->st_nr); - hmac_update_chunk(&ctx_peer, st->st_nr); + prf_our->get_bytes(prf_our, st->st_nr, keymat_i_our); + prf_peer->get_bytes(prf_peer, st->st_nr, keymat_i_peer); - hmac_final(pi->our_keymat + i, &ctx_me); - hmac_final(pi->peer_keymat + i, &ctx_peer); - - i += ctx_me.hmac_digest_size; + i += prf_block_size; if (i >= needed_space) + { break; + } /* more keying material needed: prepare to go around again */ - - hmac_reinit(&ctx_me); - hmac_reinit(&ctx_peer); - - hmac_update(&ctx_me, pi->our_keymat + i - ctx_me.hmac_digest_size - , ctx_me.hmac_digest_size); - hmac_update(&ctx_peer, pi->peer_keymat + i - ctx_peer.hmac_digest_size - , ctx_peer.hmac_digest_size); + prf_our->get_bytes(prf_our, keymat_our, NULL); + prf_peer->get_bytes(prf_peer, keymat_peer, NULL); } + prf_our->destroy(prf_our); + prf_peer->destroy(prf_peer); } - DBG(DBG_CRYPT, DBG_dump("KEYMAT computed:\n", pi->our_keymat, pi->keymat_len); DBG_dump("Peer KEYMAT computed:\n", pi->peer_keymat, pi->keymat_len)); @@ -2963,8 +2957,7 @@ static void compute_keymats(struct state *st) /* Handle a Main Mode Oakley first packet (responder side). * HDR;SA --> HDR;SA */ -stf_status -main_inI1_outR1(struct msg_digest *md) +stf_status main_inI1_outR1(struct msg_digest *md) { struct payload_digest *const sa_pd = md->chain[ISAKMP_NEXT_SA]; struct state *st; @@ -5268,15 +5261,22 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, { /* finish computing HASH */ - struct hmac_ctx ctx; - hmac_init_chunk(&ctx, st->st_oakley.hasher, st->st_skeyid_a); - hmac_update(&ctx, (const u_char *) &msgid, sizeof(msgid_t)); - hmac_update(&ctx, r_hash_start, rbody.cur-r_hash_start); - hmac_final(r_hashval, &ctx); + chunk_t msgid_chunk = chunk_from_thing(msgid); + chunk_t msg_chunk = { r_hash_start, rbody.cur-r_hash_start }; + pseudo_random_function_t prf_alg; + prf_t *prf; + + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, st->st_skeyid_a); + prf->get_bytes(prf, msgid_chunk, NULL); + prf->get_bytes(prf, msg_chunk, r_hashval); DBG(DBG_CRYPT, - DBG_log("HASH computed:"); - DBG_dump("", r_hashval, ctx.hmac_digest_size)); + DBG_log("HASH computed:"); + DBG_dump("", r_hashval, prf->get_block_size(prf)); + ) + prf->destroy(prf); } /* Encrypt message (preserve st_iv and st_new_iv) */ diff --git a/src/pluto/md2.c b/src/pluto/md2.c deleted file mode 100644 index 8b0f166a5..000000000 --- a/src/pluto/md2.c +++ /dev/null @@ -1,237 +0,0 @@ -/* MD2C.C - RSA Data Security, Inc., MD2 message-digest algorithm - */ - -/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. - - License to copy and use this software is granted for - non-commercial Internet Privacy-Enhanced Mail provided that it is - identified as the "RSA Data Security, Inc. MD2 Message Digest - Algorithm" in all material mentioning or referencing this software - or this function. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - */ - -#include "md2.h" - -#define HAVEMEMCOPY 1 /* use ISO C's memcpy and memset */ - -static void MD2Transform PROTO_LIST - ((unsigned char [16], unsigned char [16], const unsigned char [16])); - -#ifdef HAVEMEMCOPY -#include <memory.h> -#define MD2_memcpy memcpy -#define MD2_memset memset -#else -#ifdef HAVEBCOPY -#define MD2_memcpy(_a,_b,_c) memcpy((_a), (_b),(_c)) -#define MD2_memset(_a,_b,_c) memset((_a), '\0',(_c)) -#else -static void MD2_memcpy PROTO_LIST ((POINTER, CONST_POINTER, unsigned int)); -static void MD2_memset PROTO_LIST ((POINTER, int, unsigned int)); -#endif -#endif - -/* Permutation of 0..255 constructed from the digits of pi. It gives a - "random" nonlinear byte substitution operation. - */ -static unsigned char PI_SUBST[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 -}; - -static const unsigned char *PADDING[] = { - (const unsigned char *)"", - (const unsigned char *)"\001", - (const unsigned char *)"\002\002", - (const unsigned char *)"\003\003\003", - (const unsigned char *)"\004\004\004\004", - (const unsigned char *)"\005\005\005\005\005", - (const unsigned char *)"\006\006\006\006\006\006", - (const unsigned char *)"\007\007\007\007\007\007\007", - (const unsigned char *)"\010\010\010\010\010\010\010\010", - (const unsigned char *)"\011\011\011\011\011\011\011\011\011", - (const unsigned char *)"\012\012\012\012\012\012\012\012\012\012", - (const unsigned char *)"\013\013\013\013\013\013\013\013\013\013\013", - (const unsigned char *)"\014\014\014\014\014\014\014\014\014\014\014\014", - (const unsigned char *) - "\015\015\015\015\015\015\015\015\015\015\015\015\015", - (const unsigned char *) - "\016\016\016\016\016\016\016\016\016\016\016\016\016\016", - (const unsigned char *) - "\017\017\017\017\017\017\017\017\017\017\017\017\017\017\017", - (const unsigned char *) - "\020\020\020\020\020\020\020\020\020\020\020\020\020\020\020\020" -}; - -/* MD2 initialization. Begins an MD2 operation, writing a new context. - */ -void MD2Init (context) -MD2_CTX *context; /* context */ -{ - context->count = 0; - MD2_memset ((POINTER)context->state, 0, sizeof (context->state)); - MD2_memset - ((POINTER)context->checksum, 0, sizeof (context->checksum)); -} - -/* MD2 block update operation. Continues an MD2 message-digest - operation, processing another message block, and updating the - context. - */ -void MD2Update (context, input, inputLen) -MD2_CTX *context; /* context */ -const unsigned char *input; /* input block */ -unsigned int inputLen; /* length of input block */ -{ - unsigned int i, index, partLen; - - /* Update number of bytes mod 16 */ - index = context->count; - context->count = (index + inputLen) & 0xf; - - partLen = 16 - index; - - /* Transform as many times as possible. - */ - if (inputLen >= partLen) { - MD2_memcpy - ((POINTER)&context->buffer[index], (CONST_POINTER)input, partLen); - MD2Transform (context->state, context->checksum, context->buffer); - - for (i = partLen; i + 15 < inputLen; i += 16) - MD2Transform (context->state, context->checksum, &input[i]); - - index = 0; - } - else - i = 0; - - /* Buffer remaining input */ - MD2_memcpy - ((POINTER)&context->buffer[index], (CONST_POINTER)&input[i], - inputLen-i); -} - -/* MD2 finalization. Ends an MD2 message-digest operation, writing the - message digest and zeroizing the context. - */ -void MD2Final (digest, context) - -unsigned char digest[16]; /* message digest */ -MD2_CTX *context; /* context */ -{ - unsigned int index, padLen; - - /* Pad out to multiple of 16. - */ - index = context->count; - padLen = 16 - index; - MD2Update (context, PADDING[padLen], padLen); - - /* Extend with checksum */ - MD2Update (context, context->checksum, 16); - - /* Store state in digest */ - MD2_memcpy ((POINTER)digest, (POINTER)context->state, 16); - - /* Zeroize sensitive information. - */ - MD2_memset ((POINTER)context, 0, sizeof (*context)); -} - -/* MD2 basic transformation. Transforms state and updates checksum - based on block. - */ -static void MD2Transform (state, checksum, block) -unsigned char state[16]; -unsigned char checksum[16]; -const unsigned char block[16]; -{ - unsigned int i, j, t; - unsigned char x[48]; - - /* Form encryption block from state, block, state ^ block. - */ - MD2_memcpy ((POINTER)x, (CONST_POINTER)state, 16); - MD2_memcpy ((POINTER)x+16, (CONST_POINTER)block, 16); - for (i = 0; i < 16; i++) - x[i+32] = state[i] ^ block[i]; - - /* Encrypt block (18 rounds). - */ - t = 0; - for (i = 0; i < 18; i++) { - for (j = 0; j < 48; j++) - t = x[j] ^= PI_SUBST[t]; - t = (t + i) & 0xff; - } - - /* Save new state */ - MD2_memcpy ((POINTER)state, (POINTER)x, 16); - - /* Update checksum. - */ - t = checksum[15]; - for (i = 0; i < 16; i++) - t = checksum[i] ^= PI_SUBST[block[i] ^ t]; - - /* Zeroize sensitive information. - */ - MD2_memset ((POINTER)x, 0, sizeof (x)); -} - -#ifndef HAVEMEMCOPY -#ifndef HAVEBCOPY -/* Note: Replace "for loop" with standard memcpy if possible. - */ -static void MD2_memcpy (output, input, len) -POINTER output; -POINTER input; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - output[i] = input[i]; -} - -/* Note: Replace "for loop" with standard memset if possible. - */ -static void MD2_memset (output, value, len) -POINTER output; -int value; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - ((char *)output)[i] = (char)value; -} -#endif -#endif - diff --git a/src/pluto/md2.h b/src/pluto/md2.h deleted file mode 100644 index 52a7328d5..000000000 --- a/src/pluto/md2.h +++ /dev/null @@ -1,72 +0,0 @@ -#ifndef _GLOBAL_H_ -#define _GLOBAL_H_ -/* GLOBAL.H - RSAREF types and constants - */ - -/* PROTOTYPES should be set to one if and only if the compiler supports - function argument prototyping. - The following makes PROTOTYPES default to 0 if it has not already - been defined with C compiler flags. - */ -#ifndef PROTOTYPES -#define PROTOTYPES 1 -#endif - -/* POINTER defines a generic pointer type */ -typedef unsigned char *POINTER; -typedef const unsigned char *CONST_POINTER; - -/* UINT2 defines a two byte word */ -typedef unsigned short int UINT2; - -/* UINT4 defines a four byte word */ -typedef unsigned long int UINT4; - -/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. - If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it - returns an empty list. - */ - -#if PROTOTYPES -#define PROTO_LIST(list) list -#else -#define PROTO_LIST(list) () -#endif - -#endif - -/* MD2.H - header file for MD2C.C - */ - -/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. - - License to copy and use this software is granted for - non-commercial Internet Privacy-Enhanced Mail provided that it is - identified as the "RSA Data Security, Inc. MD2 Message Digest - Algorithm" in all material mentioning or referencing this software - or this function. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - */ - -/* MD2 context. */ -typedef struct { - unsigned char state[16]; /* state */ - unsigned char checksum[16]; /* checksum */ - unsigned int count; /* number of bytes, modulo 16 */ - unsigned char buffer[16]; /* input buffer */ -} MD2_CTX; - -void MD2Init PROTO_LIST ((MD2_CTX *)); -void MD2Update PROTO_LIST - ((MD2_CTX *, const unsigned char *, unsigned int)); -void MD2Final PROTO_LIST ((unsigned char [16], MD2_CTX *)); - -#define _MD2_H_ diff --git a/src/pluto/md5.c b/src/pluto/md5.c deleted file mode 100644 index b220af551..000000000 --- a/src/pluto/md5.c +++ /dev/null @@ -1,385 +0,0 @@ -/* - * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic - * changes to accomodate it in the kernel by ji. - * Minor changes to make 64 bit clean by Peter Onion (i.e. using u_int*_t). - */ - -/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -/* - * Additions by JI - * - * HAVEMEMCOPY is defined if mem* routines are available - * - * HAVEHTON is defined if htons() and htonl() can be used - * for big/little endian conversions - * - */ - -#include <stddef.h> -#include <string.h> -#include <sys/types.h> /* for u_int*_t */ -#include <endian.h> /* sets BYTE_ORDER, LITTLE_ENDIAN, and BIG_ENDIAN */ - -#include "md5.h" - -#define HAVEMEMCOPY 1 /* use ISO C's memcpy and memset */ - -/* Constants for MD5Transform routine. - */ - -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -#define MD5Transform _MD5Transform - -static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); - -#if BYTE_ORDER == LITTLE_ENDIAN -#define Encode MD5_memcpy -#define Decode MD5_memcpy -#else -static void Encode PROTO_LIST - ((unsigned char *, UINT4 *, unsigned int)); -static void Decode PROTO_LIST - ((UINT4 *, unsigned char *, unsigned int)); -#endif - -#ifdef HAVEMEMCOPY -#include <memory.h> -#define MD5_memcpy memcpy -#define MD5_memset memset -#else -#ifdef HAVEBCOPY -#define MD5_memcpy(_a,_b,_c) memcpy((_a), (_b),(_c)) -#define MD5_memset(_a,_b,_c) memset((_a), '\0',(_c)) -#else -static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); -static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); -#endif -#endif -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G, H and I are basic MD5 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. -Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -/* MD5 initialization. Begins an MD5 operation, writing a new context. - */ -void MD5Init (context) -MD5_CTX *context; /* context */ -{ - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. -*/ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - operation, processing another message block, and updating the - context. - */ -void MD5Update (context, input, inputLen) -MD5_CTX *context; /* context */ -const unsigned char *input; /* input block */ -UINT4 inputLen; /* length of input block */ -{ - UINT4 i; - unsigned int index, partLen; - - /* Compute number of bytes mod 64 */ - index = (unsigned int)((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += (inputLen << 3)) < (inputLen << 3)) - context->count[1]++; - context->count[1] += (inputLen >> 29); - - partLen = 64 - index; - - /* Transform as many times as possible. */ - if (inputLen >= partLen) { - MD5_memcpy((POINTER)&context->buffer[index], (CONSTPOINTER)input, partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - index = 0; - } - else - i = 0; - - /* Buffer remaining input */ - MD5_memcpy((POINTER)&context->buffer[index], (CONSTPOINTER)&input[i], inputLen-i); -} - -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. - */ -void MD5Final (digest, context) -unsigned char digest[16]; /* message digest */ -MD5_CTX *context; /* context */ -{ - unsigned char bits[8]; - unsigned int index, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. -*/ - index = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (index < 56) ? (56 - index) : (120 - index); - MD5Update (context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update (context, bits, 8); - - if (digest != NULL) /* Bill Simpson's padding */ - { - /* store state in digest */ - Encode (digest, context->state, 16); - - /* Zeroize sensitive information. - */ - MD5_memset ((POINTER)context, 0, sizeof (*context)); - } -} - -/* MD5 basic transformation. Transforms state based on block. - */ -static void MD5Transform (state, block) -UINT4 state[4]; -const unsigned char block[64]; -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. -*/ - MD5_memset ((POINTER)x, 0, sizeof (x)); -} - -#if BYTE_ORDER != LITTLE_ENDIAN - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - a multiple of 4. - */ -static void Encode (output, input, len) -unsigned char *output; -UINT4 *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - a multiple of 4. - */ -static void Decode (output, input, len) -UINT4 *output; -unsigned char *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} - -#endif - -#ifndef HAVEMEMCOPY -#ifndef HAVEBCOPY -/* Note: Replace "for loop" with standard memcpy if possible. - */ - -static void MD5_memcpy (output, input, len) -POINTER output; -POINTER input; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - - output[i] = input[i]; -} - -/* Note: Replace "for loop" with standard memset if possible. - */ -static void MD5_memset (output, value, len) -POINTER output; -int value; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - ((char *)output)[i] = (char)value; -} -#endif -#endif - diff --git a/src/pluto/md5.h b/src/pluto/md5.h deleted file mode 100644 index a2c503cc7..000000000 --- a/src/pluto/md5.h +++ /dev/null @@ -1,75 +0,0 @@ -#ifndef _GLOBAL_H_ -#define _GLOBAL_H_ -/* GLOBAL.H - RSAREF types and constants - */ - -/* PROTOTYPES should be set to one if and only if the compiler supports - function argument prototyping. - The following makes PROTOTYPES default to 0 if it has not already - been defined with C compiler flags. - */ -#ifndef PROTOTYPES -#define PROTOTYPES 1 -#endif - -/* POINTER defines a generic pointer type */ -typedef unsigned char *POINTER; -typedef const unsigned char *CONSTPOINTER; - -/* UINT2 defines a two byte word */ -typedef u_int16_t UINT2; - -/* UINT4 defines a four byte word */ -typedef u_int32_t UINT4; - -/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. - If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it - returns an empty list. - */ - -#if PROTOTYPES -#define PROTO_LIST(list) list -#else -#define PROTO_LIST(list) () -#endif - -#endif - -/* MD5.H - header file for MD5C.C - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -void MD5Init PROTO_LIST ((MD5_CTX *)); -void MD5Update PROTO_LIST - ((MD5_CTX *, const unsigned char *, UINT4)); -void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); - -#define _MD5_H_ diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index 71c86859f..b38b9d446 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -24,7 +24,9 @@ #include <string.h> #include <freeswan.h> + #include <library.h> +#include <crypto/prfs/prf.h> #include "constants.h" #include "defs.h" @@ -241,22 +243,28 @@ set_internal_addr(struct connection *c, internal_addr_t *ia) /* * Compute HASH of Mode Config. */ -static size_t -modecfg_hash(u_char *dest, const u_char *start, const u_char *roof - , const struct state *st) +static size_t modecfg_hash(u_char *dest, u_char *start, u_char *roof, + const struct state *st) { - struct hmac_ctx ctx; - - hmac_init_chunk(&ctx, st->st_oakley.hasher, st->st_skeyid_a); - hmac_update(&ctx, (const u_char *) &st->st_msgid, sizeof(st->st_msgid)); - hmac_update(&ctx, start, roof-start); - hmac_final(dest, &ctx); + chunk_t msgid_chunk = chunk_from_thing(st->st_msgid); + chunk_t msg_chunk = { start, roof - start }; + size_t prf_block_size; + pseudo_random_function_t prf_alg; + prf_t *prf; + + prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); + prf = lib->crypto->create_prf(lib->crypto, prf_alg); + prf->set_key(prf, st->st_skeyid_a); + prf->get_bytes(prf, msgid_chunk, NULL); + prf->get_bytes(prf, msg_chunk, dest); + prf_block_size = prf->get_block_size(prf); + prf->destroy(prf); DBG(DBG_CRYPT, DBG_log("ModeCfg HASH computed:"); - DBG_dump("", dest, ctx.hmac_digest_size) + DBG_dump("", dest, prf_block_size) ) - return ctx.hmac_digest_size; + return prf_block_size; } diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c index 24d70e505..a9501ecb9 100644 --- a/src/pluto/nat_traversal.c +++ b/src/pluto/nat_traversal.c @@ -28,6 +28,9 @@ #include <pfkeyv2.h> #include <pfkey.h> +#include <library.h> +#include <crypto/hashers/hasher.h> + #include "constants.h" #include "defs.h" #include "log.h" @@ -102,16 +105,18 @@ static void disable_nat_traversal (int type) nat_traversal_enabled = FALSE; } -static void _natd_hash(const struct hash_desc *hasher, char *hash, +static void _natd_hash(const struct hash_desc *oakley_hasher, char *hash, u_int8_t *icookie, u_int8_t *rcookie, const ip_address *ip, u_int16_t port) { - union hash_ctx ctx; - if (is_zero_cookie(icookie)) + { DBG_log("_natd_hash: Warning, icookie is zero !!"); + } if (is_zero_cookie(rcookie)) + { DBG_log("_natd_hash: Warning, rcookie is zero !!"); + } /** * draft-ietf-ipsec-nat-t-ike-01.txt @@ -120,36 +125,41 @@ static void _natd_hash(const struct hash_desc *hasher, char *hash, * * All values in network order */ - hasher->hash_init(&ctx); - hasher->hash_update(&ctx, icookie, COOKIE_SIZE); - hasher->hash_update(&ctx, rcookie, COOKIE_SIZE); - switch (addrtypeof(ip)) { - case AF_INET: - hasher->hash_update(&ctx, (const u_char *)&ip->u.v4.sin_addr.s_addr - , sizeof(ip->u.v4.sin_addr.s_addr)); - break; - case AF_INET6: - hasher->hash_update(&ctx, (const u_char *)&ip->u.v6.sin6_addr.s6_addr - , sizeof(ip->u.v6.sin6_addr.s6_addr)); - break; - } - hasher->hash_update(&ctx, (const u_char *)&port, sizeof(u_int16_t)); - hasher->hash_final(hash, &ctx); -#ifdef NAT_D_DEBUG - DBG(DBG_NATT, - DBG_log("_natd_hash: hasher=%p(%d)", hasher, (int)hasher->hash_digest_len); - DBG_dump("_natd_hash: icookie=", icookie, COOKIE_SIZE); - DBG_dump("_natd_hash: rcookie=", rcookie, COOKIE_SIZE); - switch (addrtypeof(ip)) { - case AF_INET: - DBG_dump("_natd_hash: ip=", &ip->u.v4.sin_addr.s_addr - , sizeof(ip->u.v4.sin_addr.s_addr)); - break; + { + chunk_t icookie_chunk = { icookie, COOKIE_SIZE }; + chunk_t rcookie_chunk = { rcookie, COOKIE_SIZE }; + chunk_t port_chunk = chunk_from_thing(port); + chunk_t addr_chunk; + hash_algorithm_t hash_alg; + hasher_t *hasher; + size_t hash_size; + + hash_alg = oakley_to_hash_algorithm(oakley_hasher->algo_id); + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + hasher->get_hash(hasher, icookie_chunk, NULL); + hasher->get_hash(hasher, rcookie_chunk, NULL); + switch (addrtypeof(ip)) + { + case AF_INET: + addr_chunk = chunk_from_thing(ip->u.v4.sin_addr.s_addr); + break; + case AF_INET6: + addr_chunk = chunk_from_thing(ip->u.v6.sin6_addr.s6_addr); } - DBG_log("_natd_hash: port=%d", port); - DBG_dump("_natd_hash: hash=", hash, hasher->hash_digest_len); - ); + hasher->get_hash(hasher, addr_chunk, NULL); + hasher->get_hash(hasher, port_chunk, hash); + hash_size = hasher->get_hash_size(hasher); + hasher->destroy(hasher); +#ifdef NAT_D_DEBUG + DBG(DBG_NATT, + DBG_dump_chunk("_natd_hash: icookie=", icookie_chunk); + DBG_dump_chunk("_natd_hash: rcookie=", rcookie_chunk); + DBG_dump_chunk("_natd_hash: ip=", addr_chunk); + DBG_log("_natd_hash: port=%d", port); + DBG_dump("_natd_hash: hash=", hash, hash_size); + ) #endif + } } /* Add NAT-Traversal VIDs (supported ones) diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index c2d9b6aa9..6613ef119 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -29,6 +29,7 @@ #include <asn1/asn1_parser.h> #include <asn1/oid.h> #include <crypto/rngs/rng.h> +#include <crypto/hashers/hasher.h> #include "constants.h" #include "defs.h" @@ -293,7 +294,7 @@ static const asn1Object_t singleResponseObjects[] = { */ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location) { - static u_char digest[SHA1_DIGEST_SIZE]; /* temporary storage */ + static u_char digest[HASH_SIZE_SHA1]; /* temporary storage */ location->uri = cert->accessLocation; @@ -311,7 +312,7 @@ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *locatio } } - location->authNameID = chunk_create(digest, SHA1_DIGEST_SIZE); + location->authNameID = chunk_create(digest, HASH_SIZE_SHA1); compute_digest(cert->issuer, OID_SHA1, &location->authNameID); location->next = NULL; diff --git a/src/pluto/pgp.h b/src/pluto/pgp.h index 418567b25..4519022e4 100644 --- a/src/pluto/pgp.h +++ b/src/pluto/pgp.h @@ -15,11 +15,14 @@ #ifndef _PGP_H #define _PGP_H +#include <crypto/hashers/hasher.h> + #include "pkcs1.h" + /* * Length of PGP V3 fingerprint */ -#define PGP_FINGERPRINT_SIZE MD5_DIGEST_SIZE +#define PGP_FINGERPRINT_SIZE HASH_SIZE_MD5 typedef char fingerprint_t[PGP_FINGERPRINT_SIZE]; diff --git a/src/pluto/pkcs1.c b/src/pluto/pkcs1.c index 6f2ab2268..ff8cf5f95 100644 --- a/src/pluto/pkcs1.c +++ b/src/pluto/pkcs1.c @@ -19,7 +19,6 @@ #include <string.h> #include <freeswan.h> -#include <libsha2/sha2.h> #include <library.h> #include <asn1/asn1.h> diff --git a/src/pluto/sha1.h b/src/pluto/sha1.h deleted file mode 100644 index 082e18ec0..000000000 --- a/src/pluto/sha1.h +++ /dev/null @@ -1,16 +0,0 @@ -/* -SHA-1 in C -By Steve Reid <steve@edmweb.com> -100% Public Domain -*/ - -typedef struct { - u_int32_t state[5]; - u_int32_t count[2]; - unsigned char buffer[64]; -} SHA1_CTX; - -void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]); -void SHA1Init(SHA1_CTX* context); -void SHA1Update(SHA1_CTX* context, const unsigned char* data, u_int32_t len); -void SHA1Final(unsigned char digest[20], SHA1_CTX* context); diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am index 68570406e..081978553 100644 --- a/src/scepclient/Makefile.am +++ b/src/scepclient/Makefile.am @@ -29,8 +29,7 @@ LIBCRYPTOBUILDDIR=$(top_builddir)/src/libcrypto scepclient_LDADD = \ ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o lex.o \ -md2.o md5.o mp_defs.o ocsp.o pem.o pgp.o pkcs1.o pkcs7.o sha1.o \ -smartcard.o x509.o \ +mp_defs.o ocsp.o pem.o pgp.o pkcs1.o pkcs7.o smartcard.o x509.o \ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a \ $(LIBCRYPTOBUILDDIR)/libcrypto.a \ @@ -74,12 +73,6 @@ keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h $(COMPILE) $(INCLUDES) -c -o $@ $< -md2.o : $(PLUTODIR)/md2.c $(PLUTODIR)/md2.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -md5.o : $(PLUTODIR)/md5.c $(PLUTODIR)/md5.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h $(COMPILE) $(INCLUDES) -c -o $@ $< @@ -95,9 +88,6 @@ pkcs1.o : $(PLUTODIR)/pkcs1.c $(PLUTODIR)/pkcs1.h pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h $(COMPILE) $(INCLUDES) -c -o $@ $< -sha1.o : $(PLUTODIR)/sha1.c $(PLUTODIR)/sha1.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h $(COMPILE) $(INCLUDES) -c -o $@ $< diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index 5fb763169..dd16dff1b 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -30,6 +30,7 @@ #include <asn1/asn1_parser.h> #include <asn1/oid.h> #include <crypto/rngs/rng.h> +#include <crypto/hashers/hasher.h> #include "../pluto/constants.h" #include "../pluto/defs.h" @@ -267,7 +268,7 @@ end: */ void scep_generate_pkcs10_fingerprint(chunk_t pkcs10, chunk_t *fingerprint) { - char buf[MD5_DIGEST_SIZE]; + char buf[HASH_SIZE_MD5]; chunk_t digest = { buf, sizeof(buf) }; /* the fingerprint is the MD5 hash in hexadecimal format */ @@ -284,7 +285,7 @@ void scep_generate_pkcs10_fingerprint(chunk_t pkcs10, chunk_t *fingerprint) void scep_generate_transaction_id(const RSA_public_key_t *rsak, chunk_t *transID, chunk_t *serialNumber) { - char buf[MD5_DIGEST_SIZE]; + char buf[HASH_SIZE_MD5]; chunk_t digest = { buf, sizeof(buf) }; chunk_t public_key = pkcs1_build_publicKeyInfo(rsak); |