diff options
Diffstat (limited to 'Source')
-rwxr-xr-x | Source/lib/asn1/pem.c | 2 | ||||
-rw-r--r-- | Source/lib/crypto/hashers/hasher.h | 6 | ||||
-rw-r--r-- | Source/lib/crypto/hashers/md5_hasher.c | 6 | ||||
-rw-r--r-- | Source/lib/crypto/hashers/sha1_hasher.c | 6 | ||||
-rw-r--r-- | Source/lib/crypto/hmac.c | 8 | ||||
-rw-r--r-- | Source/lib/crypto/rsa/rsa_public_key.c | 2 | ||||
-rw-r--r-- | Source/patches/strongswan-2.7.0.patch | 94 | ||||
-rw-r--r-- | Source/testing/hasher_test.c | 4 |
8 files changed, 71 insertions, 57 deletions
diff --git a/Source/lib/asn1/pem.c b/Source/lib/asn1/pem.c index 24c71c61f..b02268dd9 100755 --- a/Source/lib/asn1/pem.c +++ b/Source/lib/asn1/pem.c @@ -172,7 +172,7 @@ static status_t pem_decrypt(chunk_t *blob, chunk_t *iv, char *passphrase) /* build key from passphrase and IV */ hasher = hasher_create(HASH_MD5); - hash.len = hasher->get_block_size(hasher); + hash.len = hasher->get_hash_size(hasher); hash.ptr = alloca(hash.len); hasher->get_hash(hasher, pass, NULL); hasher->get_hash(hasher, *iv, hash.ptr); diff --git a/Source/lib/crypto/hashers/hasher.h b/Source/lib/crypto/hashers/hasher.h index a4d6f14d7..24683c01b 100644 --- a/Source/lib/crypto/hashers/hasher.h +++ b/Source/lib/crypto/hashers/hasher.h @@ -109,12 +109,12 @@ struct hasher_t { void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash); /** - * @brief Get the block size of this hashing function. + * @brief Get the size of the resulting hash. * * @param this calling object - * @return block size in bytes + * @return hash size in bytes */ - size_t (*get_block_size) (hasher_t *this); + size_t (*get_hash_size) (hasher_t *this); /** * @brief Resets the hashers state, which allows diff --git a/Source/lib/crypto/hashers/md5_hasher.c b/Source/lib/crypto/hashers/md5_hasher.c index 8d6361139..bd3ab0c62 100644 --- a/Source/lib/crypto/hashers/md5_hasher.c +++ b/Source/lib/crypto/hashers/md5_hasher.c @@ -346,9 +346,9 @@ static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *ha } /** - * Implementation of hasher_t.get_block_size. + * Implementation of hasher_t.get_hash_size. */ -static size_t get_block_size(private_md5_hasher_t *this) +static size_t get_hash_size(private_md5_hasher_t *this) { return BLOCK_SIZE_MD5; } @@ -383,7 +383,7 @@ md5_hasher_t *md5_hasher_create() this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_block_size = (size_t (*) (hasher_t*))get_block_size; + this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; diff --git a/Source/lib/crypto/hashers/sha1_hasher.c b/Source/lib/crypto/hashers/sha1_hasher.c index b66e75ada..2b82ef4ba 100644 --- a/Source/lib/crypto/hashers/sha1_hasher.c +++ b/Source/lib/crypto/hashers/sha1_hasher.c @@ -220,9 +220,9 @@ static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *h } /** - * Implementation of hasher_t.get_block_size. + * Implementation of hasher_t.get_hash_size. */ -static size_t get_block_size(private_sha1_hasher_t *this) +static size_t get_hash_size(private_sha1_hasher_t *this) { return BLOCK_SIZE_SHA1; } @@ -258,7 +258,7 @@ sha1_hasher_t *sha1_hasher_create() this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_block_size = (size_t (*) (hasher_t*))get_block_size; + this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; diff --git a/Source/lib/crypto/hmac.c b/Source/lib/crypto/hmac.c index 84d6044fd..bb8880770 100644 --- a/Source/lib/crypto/hmac.c +++ b/Source/lib/crypto/hmac.c @@ -70,7 +70,7 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) * */ - u_int8_t buffer[this->h->get_block_size(this->h)]; + u_int8_t buffer[this->h->get_hash_size(this->h)]; chunk_t inner; if (out == NULL) @@ -82,7 +82,7 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) { /* append and do outer hash */ inner.ptr = buffer; - inner.len = this->h->get_block_size(this->h); + inner.len = this->h->get_hash_size(this->h); /* complete inner */ this->h->get_hash(this->h, data, buffer); @@ -109,7 +109,7 @@ static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out) } else { - out->len = this->h->get_block_size(this->h); + out->len = this->h->get_hash_size(this->h); out->ptr = malloc(out->len); this->hmac.get_mac(&(this->hmac), data, out->ptr); } @@ -120,7 +120,7 @@ static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out) */ static size_t get_block_size(private_hmac_t *this) { - return this->h->get_block_size(this->h); + return this->h->get_hash_size(this->h); } /** diff --git a/Source/lib/crypto/rsa/rsa_public_key.c b/Source/lib/crypto/rsa/rsa_public_key.c index 6b6988b62..6601b6cda 100644 --- a/Source/lib/crypto/rsa/rsa_public_key.c +++ b/Source/lib/crypto/rsa/rsa_public_key.c @@ -272,7 +272,7 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun return NOT_SUPPORTED; } - if (pos + hasher->get_block_size(hasher) != em.ptr + em.len) + if (pos + hasher->get_hash_size(hasher) != em.ptr + em.len) { /* bad length */ free(em.ptr); diff --git a/Source/patches/strongswan-2.7.0.patch b/Source/patches/strongswan-2.7.0.patch index 6f3ba1b27..b21e1013b 100644 --- a/Source/patches/strongswan-2.7.0.patch +++ b/Source/patches/strongswan-2.7.0.patch @@ -1,6 +1,6 @@ -diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-charon/Makefile.inc +diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc --- strongswan-2.7.0/Makefile.inc 2006-01-25 18:23:15.000000000 +0100 -+++ strongswan-2.7.0-charon/Makefile.inc 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/Makefile.inc 2006-04-28 08:56:38.000000000 +0200 @@ -84,6 +84,8 @@ FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec LIBDIR=$(DESTDIR)$(FINALLIBDIR) @@ -20,9 +20,9 @@ diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-charon/Makefile.inc # Default PKCS11 library # Uncomment this line if using OpenSC <= 0.9.6 PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\" -diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-charon/programs/Makefile +diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile --- strongswan-2.7.0/programs/Makefile 2006-04-17 13:04:45.000000000 +0200 -+++ strongswan-2.7.0-charon/programs/Makefile 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/Makefile 2006-04-28 08:56:38.000000000 +0200 @@ -32,6 +32,10 @@ SUBDIRS+=showpolicy endif @@ -34,9 +34,9 @@ diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-charon/programs/M def: @echo "Please read doc/intro.html or INSTALL before running make" @false -diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-charon/programs/ipsec/ipsec.in +diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in --- strongswan-2.7.0/programs/ipsec/ipsec.in 2006-03-09 21:09:33.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/ipsec/ipsec.in 2006-04-27 09:27:27.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in 2006-04-28 08:56:38.000000000 +0200 @@ -26,6 +26,7 @@ export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR @@ -95,9 +95,9 @@ diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-charon/prog exit 0 ;; update) -diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-charon/programs/pluto/Makefile +diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile --- strongswan-2.7.0/programs/pluto/Makefile 2006-01-25 18:22:19.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/pluto/Makefile 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/pluto/Makefile 2006-04-28 08:56:38.000000000 +0200 @@ -170,6 +170,11 @@ LIBSPLUTO+= -ldl endif @@ -110,28 +110,42 @@ diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-charon/prog # This compile option activates the leak detective ifeq ($(USE_LEAK_DETECTIVE),true) DEFINES+= -DLEAK_DETECTIVE -diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-charon/programs/pluto/demux.c +diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c --- strongswan-2.7.0/programs/pluto/demux.c 2005-02-18 22:08:59.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/pluto/demux.c 2006-04-27 09:25:22.000000000 +0200 -@@ -1229,6 +1229,15 @@ ++++ strongswan-2.7.0-patched/programs/pluto/demux.c 2006-04-28 08:56:13.000000000 +0200 +@@ -1196,6 +1196,21 @@ + } + #endif + ++#ifdef IKEV2 ++#define IKEV2_VERSION_OFFSET 17 ++#define IKEV2_VERSION 0x20 ++ ++ /* ignore IKEv2 packets - they will be handled by charon */ ++ if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET ++ && md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION) ++ { ++ DBG(DBG_CONTROLMORE, ++ DBG_log(" ignoring IKEv2 packet") ++ ) ++ return FALSE; ++ } ++#endif /* IKEV2 */ ++ + return TRUE; + } + +@@ -1229,6 +1244,7 @@ if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size) { struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur; -+#ifdef IKEV2 -+ if ((hdr->isa_version >> ISA_MAJ_SHIFT) == 0x2 && -+ (hdr->isa_version & ISA_MIN_MASK) == 0x0) -+ { -+ /* IKEv2 is handled from charon, ignore */ -+ return; -+ } -+ else -+#endif /* IKEV2 */ ++ if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION) { SEND_NOTIFICATION(INVALID_MAJOR_VERSION); -diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-charon/programs/starter/Makefile +diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile --- strongswan-2.7.0/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/Makefile 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/Makefile 2006-04-28 08:56:38.000000000 +0200 @@ -34,6 +34,11 @@ DEFINES+= -DLEAK_DETECTIVE endif @@ -156,9 +170,9 @@ diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-charon/pr DISTSRC=$(OBJS:.o=.c) DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt -diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-charon/programs/starter/args.c +diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c --- strongswan-2.7.0/programs/starter/args.c 2006-04-17 12:32:36.000000000 +0200 -+++ strongswan-2.7.0-charon/programs/starter/args.c 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/args.c 2006-04-28 08:56:38.000000000 +0200 @@ -86,6 +86,10 @@ static const char *LST_keyexchange[] = { @@ -170,9 +184,9 @@ diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-charon/prog NULL }; -diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-charon/programs/starter/files.h +diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h --- strongswan-2.7.0/programs/starter/files.h 2006-02-04 19:52:58.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/files.h 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/files.h 2006-04-28 08:56:38.000000000 +0200 @@ -37,8 +37,15 @@ #define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets" @@ -191,9 +205,9 @@ diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-charon/pro #define DYNIP_DIR "/var/run/dynip" #define INFO_FILE "/var/run/ipsec.info" -diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-charon/programs/starter/invokecharon.c +diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c --- strongswan-2.7.0/programs/starter/invokecharon.c 1970-01-01 01:00:00.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/invokecharon.c 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/invokecharon.c 2006-04-28 08:56:38.000000000 +0200 @@ -0,0 +1,174 @@ +/* strongSwan charon launcher + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security @@ -369,9 +383,9 @@ diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-cha + } + return -1; +} -diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-charon/programs/starter/invokecharon.h +diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h --- strongswan-2.7.0/programs/starter/invokecharon.h 1970-01-01 01:00:00.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/invokecharon.h 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/invokecharon.h 2006-04-28 08:56:38.000000000 +0200 @@ -0,0 +1,31 @@ +/* strongSwan charon launcher + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security @@ -404,9 +418,9 @@ diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-cha + +#endif /* _STARTER_CHARON_H_ */ + -diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-charon/programs/starter/invokepluto.c +diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c --- strongswan-2.7.0/programs/starter/invokepluto.c 2006-02-17 22:41:50.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/invokepluto.c 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/invokepluto.c 2006-04-28 08:56:38.000000000 +0200 @@ -54,7 +54,7 @@ , PLUTO_RESTART_DELAY); alarm(PLUTO_RESTART_DELAY); // restart in 5 sec @@ -434,9 +448,9 @@ diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-char { DBG(DBG_CONTROL, DBG_log("pluto (%d) started", _pluto_pid) -diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-charon/programs/starter/starter.c +diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c --- strongswan-2.7.0/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/starter.c 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/starter.c 2006-04-28 08:56:38.000000000 +0200 @@ -37,6 +37,7 @@ #include "files.h" #include "starterwhack.h" @@ -650,9 +664,9 @@ diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-charon/p } } } -diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-charon/programs/starter/starterstroke.c +diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c --- strongswan-2.7.0/programs/starter/starterstroke.c 1970-01-01 01:00:00.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/starterstroke.c 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/starterstroke.c 2006-04-28 08:56:38.000000000 +0200 @@ -0,0 +1,161 @@ +/* Stroke for charon is the counterpart to whack from pluto + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil @@ -815,9 +829,9 @@ diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-ch + free(msg); + return res; +} -diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-charon/programs/starter/starterstroke.h +diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h --- strongswan-2.7.0/programs/starter/starterstroke.h 1970-01-01 01:00:00.000000000 +0100 -+++ strongswan-2.7.0-charon/programs/starter/starterstroke.h 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/starterstroke.h 2006-04-28 08:56:38.000000000 +0200 @@ -0,0 +1,27 @@ +/* Stroke for charon is the counterpart to whack from pluto + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil @@ -846,9 +860,9 @@ diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-ch +extern int starter_stroke_initiate_conn(starter_conn_t *conn); + +#endif /* _STARTER_STROKE_H_ */ -diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-charon/programs/starter/starterwhack.c +diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c --- strongswan-2.7.0/programs/starter/starterwhack.c 2006-04-17 12:32:36.000000000 +0200 -+++ strongswan-2.7.0-charon/programs/starter/starterwhack.c 2006-04-27 09:25:22.000000000 +0200 ++++ strongswan-2.7.0-patched/programs/starter/starterwhack.c 2006-04-28 08:56:38.000000000 +0200 @@ -54,7 +54,7 @@ static int send_whack_msg (whack_message_t *msg) diff --git a/Source/testing/hasher_test.c b/Source/testing/hasher_test.c index 55a4b75d9..9130a2092 100644 --- a/Source/testing/hasher_test.c +++ b/Source/testing/hasher_test.c @@ -72,7 +72,7 @@ void test_md5_hasher(protected_tester_t *tester) abcd.ptr = "abcdefghijklmnopqrstuvwxyz"; abcd.len = strlen(abcd.ptr); - tester->assert_true(tester, hasher->get_block_size(hasher) == 16, "block size"); + tester->assert_true(tester, hasher->get_hash_size(hasher) == 16, "block size"); /* simple hashing, using empty */ hasher->get_hash(hasher, empty, hash_buffer); @@ -137,7 +137,7 @@ void test_sha1_hasher(protected_tester_t *tester) aaa.ptr = "aaaaaaaaaa"; /* 10 a's */ aaa.len = 10; - tester->assert_true(tester, hasher->get_block_size(hasher) == 20, "block size"); + tester->assert_true(tester, hasher->get_hash_size(hasher) == 20, "block size"); /* simple hashing, using "abc" */ hasher->get_hash(hasher, abc, hash_buffer); |