sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
19,250 Commits 101 Branches 327 Tags
Commit Graph

61 Commits

Author SHA1 Message Date
Tobias Brunner
a0353af6df gmp: Fix build with DEBUG_LEVEL < 1 2025-01-13 11:36:32 +01:00
Tobias Brunner
19ef2aec15 Update copyright headers after acquisition by secunet 2022-06-28 10:22:56 +02:00
Andreas Steffen
4abb29f639 credentials: Added void *params to public_key encrypt() and private_key decrypt() methods 2021-11-09 17:58:28 +01:00
Andreas Steffen
11e9d2b8d1 drbg: The drbg instance owns the entropy rng 2019-11-28 09:55:56 +01:00
Andreas Steffen
e36af6fc2f gmp: Use NIST DRBG for RSA key pair generation 2019-10-18 16:24:39 +02:00
Tobias Brunner
ecfe67550d signature-params: Provide option for maximum RSA/PSS salt length 
However, the length now has to be resolved early, so we don't operate on
the negative constant values e.g. when generating the encoding.
 2018-10-26 09:03:26 +02:00
Tobias Brunner
129ab919a8 gmp: Fix buffer overflow with very small RSA keys 
Because `keylen` is unsigned the subtraction results in an integer
underflow if the key length is < 11 bytes.

This is only a problem when verifying signatures with a public key (for
private keys the plugin enforces a minimum modulus length) and to do so
we usually only use trusted keys.  However, the x509 plugin actually
calls issued_by() on a parsed certificate to check if it is self-signed,
which is the reason this issue was found by OSS-Fuzz in the first place.
So, unfortunately, this can be triggered by sending an invalid client
cert to a peer.

Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them")
Fixes: CVE-2018-17540
 2018-09-26 10:10:48 +02:00
Tobias Brunner
5955db5b12 gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them 
Instead we generate the expected signature encoding and compare it to the
decrypted value.

Due to the lenient nature of the previous parsing code (minimum padding
length was not enforced, the algorithmIdentifier/OID parser accepts arbitrary
data after OIDs and in the parameters field etc.) it was susceptible to
Daniel Bleichenbacher's low-exponent attack (from 2006!), which allowed
forging signatures for keys that use low public exponents (i.e. e=3).

Since the public exponent is usually set to 0x10001 (65537) since quite a
while, the flaws in the previous code should not have had that much of a
practical impact in recent years.

Fixes: CVE-2018-16151, CVE-2018-16152
 2018-09-21 18:51:58 +02:00
Tobias Brunner
4a84fb07ca gmp: Fix compatibility with older libgmp releases 
Older releases don't have mpz_powm_sec() and mpz_inits() yet.

Fixes #2505.
 2018-01-31 10:53:55 +01:00
Tobias Brunner
f241a981aa gmp: Add support for static salts when signing with RSA-PSS 2017-11-08 16:48:10 +01:00
Tobias Brunner
126fd8af09 gmp: Use helper to determine XOF type 2017-11-08 16:48:10 +01:00
Tobias Brunner
154ee7f66a gmp: Add support for RSASSA-PSS signature creation 2017-11-08 16:48:10 +01:00
Tobias Brunner
bd4df68a7b gmp: Determine missing RSA private key parameters 
We only need n, e, and d.  The parameters for the Chinese remainder
algorithm and even p and q can be determined from these.
 2017-11-08 16:48:10 +01:00
Tobias Brunner
de280c2e03 private-key: Add optional parameters argument to sign() method 2017-11-08 16:48:10 +01:00
Andreas Steffen
40f2589abf gmp: Support of SHA-3 RSA signatures 2016-09-22 17:34:31 +02:00
Andreas Steffen
b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner
ef33a4ab82 Fixed some typos, courtesy of codespell 2012-12-20 09:35:26 +01:00
Andreas Steffen
48b23d06a8 allow the optional sharing if RSA private keys 2012-11-22 00:34:42 +01:00
Andreas Steffen
76bd0d7c1f overwrite sensitive prime with zeroes 2012-11-18 22:55:22 +01:00
Andreas Steffen
168ee460c6 implemented generation of safe primes 2012-11-18 19:22:31 +01:00
Tobias Brunner
f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Martin Willi
87dd205b61 Add a return value to hasher_t.allocate_hash() 2012-07-16 14:55:06 +02:00
Tobias Brunner
5025135f70 Check rng return value when generating DH secrets and primes in gmp plugin 2012-07-16 14:53:35 +02:00
Martin Willi
ba31fe1fd6 Use a seperate section for each nested struct member in INIT macro 2010-08-18 12:15:03 +02:00
Martin Willi
a944d2092b Use bits instead of bytes for a private/public key 2010-08-10 18:46:30 +02:00
Martin Willi
33ddaaabec Added support for different encryption schemes to private/public keys 2010-08-10 18:46:30 +02:00
Martin Willi
876b61e132 Migrated gmp plugin to INIT/METHOD macros 2010-08-10 18:46:30 +02:00
Martin Willi
da9724e6d0 Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding 2010-07-13 11:29:35 +02:00
Martin Willi
dd04a68f22 PEM encoder supports encoding from RSA components directly, allowing gcrypt plugin to encode in PEM 2010-04-29 09:36:45 +02:00
Tobias Brunner
8b0e09103b Adding DBG_LIB to all calls of libstrongswan's version of DBG*. 2010-04-06 12:47:40 +02:00
Andreas Steffen
cea2857263 PEM encoding for GMP RSA public and private keys 2010-04-04 19:11:18 +02:00
Andreas Steffen
a3316c2b9f setting the two most significant bits assures an RSA modulus of maximum bit size 2010-03-15 15:13:26 +01:00
Martin Willi
3e35a6e7a1 Use side-channel secured mpz_powm_sec of libgmp 5, if available 2010-02-18 17:38:59 +01:00
Martin Willi
640ed4d5a5 Public/Private keys implement a has_fingerprint() method 2009-09-21 16:47:25 +02:00
Martin Willi
1086d00e41 Updated gmp plugin to the new builder API 2009-09-10 16:20:19 +02:00
Martin Willi
7daf5226b7 removed trailing spaces ([[:space:]]+$) 2009-09-04 13:46:09 +02:00
Martin Willi
eb73685dac create algorithmIdentifier dynamically from OID database 2009-08-27 13:59:30 +02:00
Martin Willi
741680d179 updated gmp plugin to new private/public key API, use encoder framework 2009-08-26 11:23:52 +02:00
Martin Willi
831520d895 gmp uses component builder to build public- from private-key 2009-08-26 11:23:51 +02:00
Martin Willi
7033a70fd0 gmp plugin makes use of pkcs1/pgp/dnskey plugins 2009-08-26 11:23:51 +02:00
Andreas Steffen
b6f739c13b support of SHA224-based certificate signatures 2009-08-05 22:01:44 +02:00
Martin Willi
3176e4421f check if RSA key is large enough to sign a chunk of data 2009-06-15 13:49:30 +02:00
Andreas Steffen
11e6d28533 pluto supports ECDSA authentication 2009-06-12 19:59:49 +02:00
Andreas Steffen
d615ffdcf3 implement gmp_rsa_private_key.decrypt() 2009-06-09 11:03:35 +02:00
Andreas Steffen
b6f19a6ab4 used rsa coeff field in OpenPGP secret key payload 2009-06-09 11:03:33 +02:00
Andreas Steffen
d17a120598 fixed OpenPGP parsing 2009-06-09 11:03:33 +02:00
Andreas Steffen
8b799d55ce pluto and scepclient use private and public key plugins of libstrongswan 2009-06-09 11:03:32 +02:00
Tobias Brunner
8c5d72cd0b removing svn keyword $Id$ from all files 2009-04-30 13:19:35 +00:00
Andreas Steffen
f67eebccc8 changed RNG_REAL to RNG_TRUE 2009-04-29 09:13:20 +00:00
Martin Willi
73f6886a50 checking mpz_export return value properly 
fixes a potential DoS attack if a DH value of zero gets processed
 2008-09-17 08:10:48 +00:00