Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools Add SHA2 support
details: https://anonhg.NetBSD.org/src/rev/a43311809568
branches: trunk
changeset: 582964:a43311809568
user: manu <manu%NetBSD.org@localhost>
date: Tue Jul 12 16:49:52 2005 +0000
description:
Add SHA2 support
diffstat:
crypto/dist/ipsec-tools/ChangeLog | 8 +++
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c | 8 +-
crypto/dist/ipsec-tools/src/racoon/algorithm.c | 8 +-
crypto/dist/ipsec-tools/src/racoon/cftoken.l | 10 +++-
crypto/dist/ipsec-tools/src/racoon/eaytest.c | 60 ++++++++++++----------
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c | 29 ++++++++++-
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.h | 14 ++--
crypto/dist/ipsec-tools/src/racoon/pfkey.c | 22 +++++++-
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 | 8 +-
crypto/dist/ipsec-tools/src/racoon/strnames.c | 19 +++++-
crypto/dist/ipsec-tools/src/setkey/setkey.8 | 8 +-
crypto/dist/ipsec-tools/src/setkey/test-pfkey.c | 36 +++++++++++++-
crypto/dist/ipsec-tools/src/setkey/token.l | 5 +-
13 files changed, 172 insertions(+), 63 deletions(-)
diffs (truncated from 512 to 300 lines):
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 16:49:52 2005 +0000
@@ -31,6 +31,14 @@
on phase 2 initiation retries when the phase 2 had been queued
for a phase 1.
+2005-06-19 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Uri <urimobile%optonline.net@localhost> and Larry Baird <lab%gta.com@localhost>:
+ * src/libipsec/pfkey_dump.c src/setkey/test-pfkey.c
+ src/racoon/{algorithm.c|cftoken.l|eaytest.c|ipsec_doi.c}
+ src/racoon/{ipsec_doi.h|pfkey.c|strnames.c}: Add SHA2 support
+
+
2005-06-07 Emmanuel Dreyfus <manu%netbsd.org@localhost>
From Larry Baird <lab%gta.com@localhost>
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Tue Jul 12 16:49:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey_dump.c,v 1.6 2005/06/28 16:04:54 christos Exp $ */
+/* $NetBSD: pfkey_dump.c,v 1.7 2005/07/12 16:49:52 manu Exp $ */
/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
@@ -160,13 +160,13 @@
{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
#endif
#ifdef SADB_X_AALG_SHA2_256
- { SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
+ { SADB_X_AALG_SHA2_256, "hmac-sha256", },
#endif
#ifdef SADB_X_AALG_SHA2_384
- { SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
+ { SADB_X_AALG_SHA2_384, "hmac-sha384", },
#endif
#ifdef SADB_X_AALG_SHA2_512
- { SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
+ { SADB_X_AALG_SHA2_512, "hmac-sha512", },
#endif
#ifdef SADB_X_AALG_RIPEMD160HMAC
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/racoon/algorithm.c
--- a/crypto/dist/ipsec-tools/src/racoon/algorithm.c Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/algorithm.c Tue Jul 12 16:49:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: algorithm.c,v 1.1.1.2 2005/02/23 14:54:11 manu Exp $ */
+/* $NetBSD: algorithm.c,v 1.2 2005/07/12 16:49:52 manu Exp $ */
/* Id: algorithm.c,v 1.11 2004/10/24 17:36:46 manubsd Exp */
@@ -194,15 +194,15 @@
NULL, eay_null_hashlen,
NULL, },
#ifdef WITH_SHA2
-{ "hmac_sha2_256", algtype_hmac_sha2_256, IPSECDOI_ATTR_SHA2_256,
+{ "hmac_sha2_256", algtype_hmac_sha2_256,IPSECDOI_ATTR_AUTH_HMAC_SHA2_256,
NULL, NULL,
NULL, eay_sha2_256_hashlen,
NULL, },
-{ "hmac_sha2_384", algtype_hmac_sha2_384, IPSECDOI_ATTR_SHA2_384,
+{ "hmac_sha2_384", algtype_hmac_sha2_384,IPSECDOI_ATTR_AUTH_HMAC_SHA2_384,
NULL, NULL,
NULL, eay_sha2_384_hashlen,
NULL, },
-{ "hmac_sha2_512", algtype_hmac_sha2_512, IPSECDOI_ATTR_SHA2_512,
+{ "hmac_sha2_512", algtype_hmac_sha2_512,IPSECDOI_ATTR_AUTH_HMAC_SHA2_512,
NULL, NULL,
NULL, eay_sha2_512_hashlen,
NULL, },
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/racoon/cftoken.l
--- a/crypto/dist/ipsec-tools/src/racoon/cftoken.l Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cftoken.l Tue Jul 12 16:49:52 2005 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: cftoken.l,v 1.2 2005/05/10 09:54:43 manu Exp $ */
+/* $NetBSD: cftoken.l,v 1.3 2005/07/12 16:49:52 manu Exp $ */
-/* $Id: cftoken.l,v 1.2 2005/05/10 09:54:43 manu Exp $ */
+/* $Id: cftoken.l,v 1.3 2005/07/12 16:49:52 manu Exp $ */
%{
/*
@@ -400,16 +400,22 @@
hmac_md5 { YYD; yylval.num = algtype_hmac_md5; return(ALGORITHMTYPE); }
hmac_sha1 { YYD; yylval.num = algtype_hmac_sha1; return(ALGORITHMTYPE); }
hmac_sha2_256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
+hmac_sha256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
hmac_sha2_384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
+hmac_sha384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
hmac_sha2_512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
+hmac_sha512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
des_mac { YYD; yylval.num = algtype_des_mac; return(ALGORITHMTYPE); }
kpdk { YYD; yylval.num = algtype_kpdk; return(ALGORITHMTYPE); }
md5 { YYD; yylval.num = algtype_md5; return(ALGORITHMTYPE); }
sha1 { YYD; yylval.num = algtype_sha1; return(ALGORITHMTYPE); }
tiger { YYD; yylval.num = algtype_tiger; return(ALGORITHMTYPE); }
sha2_256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
+sha256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
sha2_384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
+sha384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
sha2_512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
+sha512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
oui { YYD; yylval.num = algtype_oui; return(ALGORITHMTYPE); }
deflate { YYD; yylval.num = algtype_deflate; return(ALGORITHMTYPE); }
lzs { YYD; yylval.num = algtype_lzs; return(ALGORITHMTYPE); }
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/racoon/eaytest.c
--- a/crypto/dist/ipsec-tools/src/racoon/eaytest.c Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/eaytest.c Tue Jul 12 16:49:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: eaytest.c,v 1.1.1.2 2005/02/23 14:54:14 manu Exp $ */
+/* $NetBSD: eaytest.c,v 1.2 2005/07/12 16:49:52 manu Exp $ */
/* Id: eaytest.c,v 1.20.4.1 2005/02/18 10:23:10 manubsd Exp */
@@ -735,7 +735,11 @@
vchar_t mod;
caddr_t ctx;
+#ifdef WITH_SHA2
+ printf("\n**Test for HMAC MD5, SHA1, and SHA256.**\n");
+#else
printf("\n**Test for HMAC MD5 & SHA1.**\n");
+#endif
key = vmalloc(strlen(keyword));
memcpy(key->v, keyword, key->l);
@@ -774,6 +778,33 @@
free(mod.v);
vfree(res);
+ /* HMAC SHA1 */
+ printf("HMAC SHA1 by eay_hmacsha1_one()\n");
+ res = eay_hmacsha1_one(key, data);
+ PVDUMP(res);
+ mod.v = str2val(r_hsha1, 16, &mod.l);
+ if (memcmp(res->v, mod.v, mod.l)) {
+ printf(" XXX NG XXX\n");
+ return -1;
+ }
+ free(mod.v);
+ vfree(res);
+
+ /* HMAC SHA1 */
+ printf("HMAC SHA1 by eay_hmacsha1_xxx()\n");
+ ctx = eay_hmacsha1_init(key);
+ eay_hmacsha1_update(ctx, data1);
+ eay_hmacsha1_update(ctx, data2);
+ res = eay_hmacsha1_final(ctx);
+ PVDUMP(res);
+ mod.v = str2val(r_hsha1, 16, &mod.l);
+ if (memcmp(res->v, mod.v, mod.l)) {
+ printf(" XXX NG XXX\n");
+ return -1;
+ }
+ free(mod.v);
+ vfree(res);
+
#ifdef WITH_SHA2
/* HMAC SHA2 */
printf("HMAC SHA2 by eay_hmacsha2_256_one()\n");
@@ -788,33 +819,6 @@
vfree(res);
#endif
- /* HMAC SHA1 */
- printf("HMAC SHA1 by eay_hmacsha1_one()\n");
- res = eay_hmacsha1_one(key, data);
- PVDUMP(res);
- mod.v = str2val(r_hsha1, 16, &mod.l);
- if (memcmp(res->v, mod.v, mod.l)) {
- printf(" XXX NG XXX\n");
- return -1;
- }
- free(mod.v);
- vfree(res);
-
- /* HMAC MD5 */
- printf("HMAC SHA1 by eay_hmacsha1_xxx()\n");
- ctx = eay_hmacsha1_init(key);
- eay_hmacsha1_update(ctx, data1);
- eay_hmacsha1_update(ctx, data2);
- res = eay_hmacsha1_final(ctx);
- PVDUMP(res);
- mod.v = str2val(r_hsha1, 16, &mod.l);
- if (memcmp(res->v, mod.v, mod.l)) {
- printf(" XXX NG XXX\n");
- return -1;
- }
- free(mod.v);
- vfree(res);
-
vfree(data);
vfree(data1);
vfree(data2);
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Tue Jul 12 16:49:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_doi.c,v 1.7 2005/06/03 22:27:06 manu Exp $ */
+/* $NetBSD: ipsec_doi.c,v 1.8 2005/07/12 16:49:52 manu Exp $ */
/* Id: ipsec_doi.c,v 1.38 2005/05/31 16:07:55 monas Exp */
@@ -1931,6 +1931,9 @@
switch (t_id) {
case IPSECDOI_AH_MD5:
case IPSECDOI_AH_SHA:
+ case IPSECDOI_AH_SHA256:
+ case IPSECDOI_AH_SHA384:
+ case IPSECDOI_AH_SHA512:
return 0;
case IPSECDOI_AH_DES:
plog(LLV_ERROR, LOCATION, NULL,
@@ -2284,6 +2287,24 @@
goto ahmismatch;
}
break;
+ case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
+ if (proto_id == IPSECDOI_PROTO_IPSEC_AH) {
+ if (trns->t_id != IPSECDOI_AH_SHA256)
+ goto ahmismatch;
+ }
+ break;
+ case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
+ if (proto_id == IPSECDOI_PROTO_IPSEC_AH) {
+ if (trns->t_id != IPSECDOI_AH_SHA384)
+ goto ahmismatch;
+ }
+ break;
+ case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
+ if (proto_id == IPSECDOI_PROTO_IPSEC_AH) {
+ if (trns->t_id != IPSECDOI_AH_SHA512)
+ goto ahmismatch;
+ }
+ break;
case IPSECDOI_ATTR_AUTH_DES_MAC:
case IPSECDOI_ATTR_AUTH_KPDK:
plog(LLV_ERROR, LOCATION, NULL,
@@ -4142,6 +4163,12 @@
return IPSECDOI_AH_MD5;
case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
return IPSECDOI_AH_SHA;
+ case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
+ return IPSECDOI_AH_SHA256;
+ case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
+ return IPSECDOI_AH_SHA384;
+ case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
+ return IPSECDOI_AH_SHA512;
case IPSECDOI_ATTR_AUTH_DES_MAC:
return IPSECDOI_AH_DES;
case IPSECDOI_ATTR_AUTH_KPDK:
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.h
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.h Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.h Tue Jul 12 16:49:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_doi.h,v 1.1.1.2 2005/02/23 14:54:16 manu Exp $ */
+/* $NetBSD: ipsec_doi.h,v 1.2 2005/07/12 16:49:52 manu Exp $ */
/* Id: ipsec_doi.h,v 1.9 2005/01/29 16:34:24 vanhu Exp */
@@ -54,9 +54,9 @@
#define IPSECDOI_AH_MD5 2
#define IPSECDOI_AH_SHA 3
#define IPSECDOI_AH_DES 4
-#define IPSECDOI_AH_SHA2_256 5
-#define IPSECDOI_AH_SHA2_384 6
-#define IPSECDOI_AH_SHA2_512 7
+#define IPSECDOI_AH_SHA256 5
+#define IPSECDOI_AH_SHA384 6
+#define IPSECDOI_AH_SHA512 7
/* 4.4.1 IPSEC Security Protocol Identifiers */
#define IPSECDOI_PROTO_IPSEC_ESP 3
@@ -119,9 +119,9 @@
#define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2
#define IPSECDOI_ATTR_AUTH_DES_MAC 3
#define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/
-#define IPSECDOI_ATTR_SHA2_256 5
-#define IPSECDOI_ATTR_SHA2_384 6
-#define IPSECDOI_ATTR_SHA2_512 7
+#define IPSECDOI_ATTR_AUTH_HMAC_SHA2_256 5
+#define IPSECDOI_ATTR_AUTH_HMAC_SHA2_384 6
+#define IPSECDOI_ATTR_AUTH_HMAC_SHA2_512 7
#define IPSECDOI_ATTR_AUTH_NONE 254 /* NOTE:internal use */
/*
* When negotiating ESP without authentication, the Auth
diff -r e2b6c8674434 -r a43311809568 crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Jul 12 16:33:27 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Jul 12 16:49:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey.c,v 1.6 2005/07/12 16:24:29 manu Exp $ */
+/* $NetBSD: pfkey.c,v 1.7 2005/07/12 16:49:52 manu Exp $ */
/* Id: pfkey.c,v 1.31.2.1 2005/02/18 10:01:40 vanhu Exp */
@@ -447,6 +447,24 @@
return SADB_AALG_MD5HMAC;
case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
Home |
Main Index |
Thread Index |
Old Index