From b3011e8e87a1fad1bfb026448fc37b80b7cfc007 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 23 Sep 2025 14:59:37 +0200 Subject: [PATCH] Remove support for MD2 No part of IKE/IPsec or X.509 uses MD2 anymore, so there really is no reason to still support it (unlike MD4 that is used in EAP-MSCHAPv2, MD5 that's used in EAP-MD5, or SHA-1 that's used for e.g. NAT-D hashes). It caused test vectors to fail on systems where OpenSSL is built with MD2 support but has it disabled at runtime. --- src/libstrongswan/asn1/oid.txt | 4 +- .../credentials/containers/pkcs12.c | 1 - src/libstrongswan/crypto/hashers/hasher.c | 15 --- src/libstrongswan/crypto/hashers/hasher.h | 16 +-- src/libstrongswan/crypto/xofs/xof.c | 1 - .../plugins/gcrypt/gcrypt_hasher.c | 3 - .../plugins/openssl/openssl_plugin.c | 3 - .../plugins/pkcs11/pkcs11_hasher.c | 1 - .../plugins/pkcs11/pkcs11_plugin.c | 1 - .../plugins/test_vectors/Makefile.am | 1 - .../plugins/test_vectors/test_vectors.h | 7 - .../plugins/test_vectors/test_vectors/md2.c | 64 --------- src/libstrongswan/tests/suites/test_hasher.c | 127 +++++++++--------- 13 files changed, 71 insertions(+), 173 deletions(-) delete mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/md2.c diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index f58a44d326..b9c3189cd2 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -94,7 +94,7 @@ 0x01 "PKCS" 0x01 "PKCS-1" 0x01 "rsaEncryption" OID_RSA_ENCRYPTION - 0x02 "md2WithRSAEncryption" OID_MD2_WITH_RSA + 0x02 "md2WithRSAEncryption" 0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA 0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA 0x07 "id-RSAES-OAEP" OID_RSAES_OAEP @@ -148,7 +148,7 @@ 0x05 "secretBag" 0x06 "safeContentsBag" 0x02 "digestAlgorithm" - 0x02 "md2" OID_MD2 + 0x02 "md2" 0x05 "md5" OID_MD5 0x07 "hmacWithSHA1" OID_HMAC_SHA1 0x08 "hmacWithSHA224" OID_HMAC_SHA224 diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index d738910077..be0c750393 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -83,7 +83,6 @@ static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt, } switch (hash) { - case HASH_MD2: case HASH_MD5: case HASH_SHA1: case HASH_SHA224: diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 2fed3b4133..444a59c5f0 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -30,7 +30,6 @@ ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY, "HASH_IDENTITY"); ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY, "HASH_UNKNOWN", - "HASH_MD2", "HASH_MD4", "HASH_MD5", "HASH_SHA2_224", @@ -48,7 +47,6 @@ ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_IDENTITY, "identity"); ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY, "unknown", - "md2", "md4", "md5", "sha224", @@ -66,7 +64,6 @@ ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY, "IDENTITY"); ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY, "UNKNOWN", - "MD2", "MD4", "MD5", "SHA2_224", @@ -91,8 +88,6 @@ size_t hasher_hash_size(hash_algorithm_t alg) return HASH_SIZE_SHA384; case HASH_SHA512: return HASH_SIZE_SHA512; - case HASH_MD2: - return HASH_SIZE_MD2; case HASH_MD4: return HASH_SIZE_MD4; case HASH_MD5: @@ -121,9 +116,6 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid) { switch (oid) { - case OID_MD2: - case OID_MD2_WITH_RSA: - return HASH_MD2; case OID_MD5: case OID_MD5_WITH_RSA: return HASH_MD5; @@ -323,7 +315,6 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg, return AUTH_HMAC_SHA2_512_512; } break; - case HASH_MD2: case HASH_MD4: case HASH_SHA224: case HASH_SHA3_224: @@ -350,7 +341,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg) case HASH_SHA512: return TRUE; case HASH_UNKNOWN: - case HASH_MD2: case HASH_MD4: case HASH_MD5: case HASH_SHA1: @@ -373,9 +363,6 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg) switch (alg) { - case HASH_MD2: - oid = OID_MD2; - break; case HASH_MD5: oid = OID_MD5; break; @@ -422,8 +409,6 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) case KEY_RSA: switch (alg) { - case HASH_MD2: - return OID_MD2_WITH_RSA; case HASH_MD5: return OID_MD5_WITH_RSA; case HASH_SHA1: diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index ad434035da..0a4237cd93 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -45,17 +45,15 @@ enum hash_algorithm_t { HASH_IDENTITY = 5, /* use private use range for algorithms not defined/permitted by RFC 7427 */ HASH_UNKNOWN = 1024, - HASH_MD2 = 1025, - HASH_MD4 = 1026, - HASH_MD5 = 1027, - HASH_SHA224 = 1028, - HASH_SHA3_224 = 1029, - HASH_SHA3_256 = 1030, - HASH_SHA3_384 = 1031, - HASH_SHA3_512 = 1032 + HASH_MD4 = 1025, + HASH_MD5 = 1026, + HASH_SHA224 = 1027, + HASH_SHA3_224 = 1028, + HASH_SHA3_256 = 1029, + HASH_SHA3_384 = 1030, + HASH_SHA3_512 = 1031 }; -#define HASH_SIZE_MD2 16 #define HASH_SIZE_MD4 16 #define HASH_SIZE_MD5 16 #define HASH_SIZE_SHA1 20 diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c index 7c1eb37e42..f21e037a5a 100644 --- a/src/libstrongswan/crypto/xofs/xof.c +++ b/src/libstrongswan/crypto/xofs/xof.c @@ -60,7 +60,6 @@ ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg) return XOF_MGF1_SHA3_384; case HASH_IDENTITY: case HASH_UNKNOWN: - case HASH_MD2: case HASH_MD4: case HASH_MD5: break; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 29f86a5139..5e30ac7dc3 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -92,9 +92,6 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) switch (algo) { - case HASH_MD2: - gcrypt_alg = GCRY_MD_MD2; - break; case HASH_MD4: gcrypt_alg = GCRY_MD_MD4; break; diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index c3e1d2e173..ef7fe8908f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -400,9 +400,6 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0), /* hashers */ PLUGIN_REGISTER(HASHER, openssl_hasher_create), -#ifndef OPENSSL_NO_MD2 - PLUGIN_PROVIDE(HASHER, HASH_MD2), -#endif #ifndef OPENSSL_NO_MD4 PLUGIN_PROVIDE(HASHER, HASH_MD4), #endif diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index e5ac18ed8c..409a05a2ab 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -234,7 +234,6 @@ static CK_MECHANISM_PTR algo_to_mechanism(hash_algorithm_t algo, size_t *size) CK_MECHANISM mechanism; size_t size; } mappings[] = { - {HASH_MD2, {CKM_MD2, NULL, 0}, HASH_SIZE_MD2}, {HASH_MD5, {CKM_MD5, NULL, 0}, HASH_SIZE_MD5}, {HASH_SHA1, {CKM_SHA_1, NULL, 0}, HASH_SIZE_SHA1}, {HASH_SHA256, {CKM_SHA256, NULL, 0}, HASH_SIZE_SHA256}, diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 5510db99f4..aa27f1e384 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -189,7 +189,6 @@ METHOD(plugin_t, get_features, int, { static plugin_feature_t f_hash[] = { PLUGIN_REGISTER(HASHER, pkcs11_hasher_create), - PLUGIN_PROVIDE(HASHER, HASH_MD2), PLUGIN_PROVIDE(HASHER, HASH_MD5), PLUGIN_PROVIDE(HASHER, HASH_SHA1), PLUGIN_PROVIDE(HASHER, HASH_SHA256), diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 6074027f7d..eaf6485abc 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -37,7 +37,6 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/rc5.c \ test_vectors/serpent_cbc.c \ test_vectors/twofish_cbc.c \ - test_vectors/md2.c \ test_vectors/md4.c \ test_vectors/md5.c \ test_vectors/md5_hmac.c \ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index bf8609cb62..85436ff74a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -160,13 +160,6 @@ TEST_VECTOR_SIGNER(sha512_hmac_s1) TEST_VECTOR_SIGNER(sha512_hmac_s2) TEST_VECTOR_SIGNER(sha512_hmac_s3) -TEST_VECTOR_HASHER(md2_1) -TEST_VECTOR_HASHER(md2_2) -TEST_VECTOR_HASHER(md2_3) -TEST_VECTOR_HASHER(md2_4) -TEST_VECTOR_HASHER(md2_5) -TEST_VECTOR_HASHER(md2_6) -TEST_VECTOR_HASHER(md2_7) TEST_VECTOR_HASHER(md4_1) TEST_VECTOR_HASHER(md4_2) TEST_VECTOR_HASHER(md4_3) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c deleted file mode 100644 index b2707a1317..0000000000 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * - * Copyright (C) secunet Security Networks AG - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the Licenseor (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be usefulbut - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include - -/** - * MD2 vectors from RFC 1319 - */ -hasher_test_vector_t md2_1 = { - .alg = HASH_MD2, .len = 0, - .data = "", - .hash = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73" -}; - -hasher_test_vector_t md2_2 = { - .alg = HASH_MD2, .len = 1, - .data = "a", - .hash = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1" -}; - -hasher_test_vector_t md2_3 = { - .alg = HASH_MD2, .len = 3, - .data = "abc", - .hash = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb" -}; - -hasher_test_vector_t md2_4 = { - .alg = HASH_MD2, .len = 14, - .data = "message digest", - .hash = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0" -}; - -hasher_test_vector_t md2_5 = { - .alg = HASH_MD2, .len = 26, - .data = "abcdefghijklmnopqrstuvwxyz", - .hash = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b" -}; - -hasher_test_vector_t md2_6 = { - .alg = HASH_MD2, .len = 62, - .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - .hash = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd" -}; - -hasher_test_vector_t md2_7 = { - .alg = HASH_MD2, .len = 80, - .data = "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890", - .hash = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8" -}; - diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c index c07eed8d93..3bdcc7e3d7 100644 --- a/src/libstrongswan/tests/suites/test_hasher.c +++ b/src/libstrongswan/tests/suites/test_hasher.c @@ -28,41 +28,39 @@ typedef struct { key_type_t key; }hasher_oid_t; +/* make sure to adjust offsets in constructor when changing this array */ static hasher_oid_t oids[] = { - { OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */ - { OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */ - { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */ - { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */ - { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */ - { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */ - { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */ - { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */ - { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */ - { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */ - { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */ - { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */ - { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */ - { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */ - { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */ - { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */ - { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */ - { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */ - { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */ - { OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 19 */ - { OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 20 */ - { OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 21 */ - { OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 22 */ - { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 23 */ - { OID_ED25519, HASH_IDENTITY, KEY_ED25519 }, /* 24 */ - { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 }, /* 25 */ - { OID_ED448, HASH_IDENTITY, KEY_ED448 }, /* 26 */ - { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 }, /* 27 */ - { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 28 */ - { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 29 */ - { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 30 */ - { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 31 */ - { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 32 */ - + { OID_MD5, HASH_MD5, KEY_ANY }, /* 0 */ + { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 1 */ + { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 2 */ + { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 3 */ + { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 4 */ + { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 5 */ + { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 6 */ + { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 7 */ + { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 8 */ + { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 9 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 10 */ + { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 11 */ + { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 12 */ + { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 13 */ + { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 14 */ + { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 15 */ + { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 16 */ + { OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 17 */ + { OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 18 */ + { OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 19 */ + { OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 20 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 21 */ + { OID_ED25519, HASH_IDENTITY, KEY_ED25519 }, /* 22 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 }, /* 23 */ + { OID_ED448, HASH_IDENTITY, KEY_ED448 }, /* 24 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 }, /* 25 */ + { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 26 */ + { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 27 */ + { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 28 */ + { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 29 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 30 */ }; START_TEST(test_hasher_from_oid) @@ -174,32 +172,32 @@ typedef struct { size_t length; }hasher_auth_t; +/* make sure to adjust offsets in constructor when changing this array */ static hasher_auth_t auths[] = { - { AUTH_UNDEFINED, HASH_MD2, 0 }, - { AUTH_UNDEFINED, HASH_MD4, 0 }, - { AUTH_UNDEFINED, HASH_SHA224, 0 }, - { AUTH_UNDEFINED, 9, 0 }, - { AUTH_UNDEFINED, HASH_UNKNOWN, 0 }, - { AUTH_HMAC_MD5_96, HASH_MD5, 12 }, - { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 }, - { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 }, - { AUTH_HMAC_MD5_128, HASH_MD5, 16 }, - { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 }, - { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 }, - { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 }, - { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 }, - { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 }, - { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 }, - { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 }, - { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 }, - { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 }, - { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 }, - { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 }, - { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 }, - { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 }, - { AUTH_DES_MAC, HASH_UNKNOWN, 0 }, - { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 }, - { 0, HASH_UNKNOWN, 0 } + { AUTH_UNDEFINED, HASH_MD4, 0 }, /* 0 */ + { AUTH_UNDEFINED, HASH_SHA224, 0 }, /* 1 */ + { AUTH_UNDEFINED, 9, 0 }, /* 2 */ + { AUTH_UNDEFINED, HASH_UNKNOWN, 0 }, /* 3 */ + { AUTH_HMAC_MD5_96, HASH_MD5, 12 }, /* 4 */ + { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 }, /* 5 */ + { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 }, /* 6 */ + { AUTH_HMAC_MD5_128, HASH_MD5, 16 }, /* 7 */ + { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 }, /* 8 */ + { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 }, /* 9 */ + { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 }, /* 10 */ + { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 }, /* 11 */ + { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 }, /* 12 */ + { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 }, /* 13 */ + { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 }, /* 14 */ + { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 }, /* 15 */ + { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 }, /* 16 */ + { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 }, /* 17 */ + { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 }, /* 18 */ + { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 }, /* 19 */ + { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 }, /* 20 */ + { AUTH_DES_MAC, HASH_UNKNOWN, 0 }, /* 21 */ + { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 }, /* 22 */ + { 0, HASH_UNKNOWN, 0 } /* 23 */ }; START_TEST(test_hasher_from_integrity) @@ -237,7 +235,6 @@ static hasher_ikev2_t ikev2[] = { { HASH_SHA384, TRUE }, { HASH_SHA512, TRUE }, { HASH_UNKNOWN, FALSE }, - { HASH_MD2, FALSE }, { HASH_MD4, FALSE }, { HASH_MD5, FALSE }, { HASH_SHA224, FALSE }, @@ -262,15 +259,15 @@ Suite *hasher_suite_create() s = suite_create("hasher"); tc = tcase_create("from_oid"); - tcase_add_loop_test(tc, test_hasher_from_oid, 0, 28); + tcase_add_loop_test(tc, test_hasher_from_oid, 0, 26); suite_add_tcase(s, tc); tc = tcase_create("to_oid"); - tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12); + tcase_add_loop_test(tc, test_hasher_to_oid, 0, 11); suite_add_tcase(s, tc); tc = tcase_create("sig_to_oid"); - tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids)); + tcase_add_loop_test(tc, test_hasher_sig_to_oid, 10, countof(oids)); suite_add_tcase(s, tc); tc = tcase_create("from_sig_scheme"); @@ -283,11 +280,11 @@ Suite *hasher_suite_create() suite_add_tcase(s, tc); tc = tcase_create("from_integrity"); - tcase_add_loop_test(tc, test_hasher_from_integrity, 4, countof(auths)); + tcase_add_loop_test(tc, test_hasher_from_integrity, 3, countof(auths)); suite_add_tcase(s, tc); tc = tcase_create("to_integrity"); - tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17); + tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 16); suite_add_tcase(s, tc); tc = tcase_create("for_ikev2");