ikev2: Don't use SHA-1 for RFC 7427 signature authentication
authorTobias Brunner <tobias@strongswan.org>
Tue, 19 Sep 2017 09:10:09 +0000 (11:10 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Nov 2017 15:47:24 +0000 (16:47 +0100)
RFC 8247 demoted it to MUST NOT.

References #2427.

src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/tests/suites/test_hasher.c

index 19ea72d..b2b1ef2 100644 (file)
@@ -156,14 +156,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
                }
                enumerator->destroy(enumerator);
 
-               /* for RSA we tried at least SHA-512, also try other schemes down to
-                * what we'd use with classic authentication */
+               /* for RSA we tried at least SHA-512, also try other schemes */
                if (key_type == KEY_RSA)
                {
                        signature_scheme_t schemes[] = {
                                SIGN_RSA_EMSA_PKCS1_SHA2_384,
                                SIGN_RSA_EMSA_PKCS1_SHA2_256,
-                               SIGN_RSA_EMSA_PKCS1_SHA1,
                        }, contained;
                        bool found;
                        int i, j;
index 26aab0c..6b5c05c 100644 (file)
@@ -287,7 +287,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
        switch (alg)
        {
                case HASH_IDENTITY:
-               case HASH_SHA1:
                case HASH_SHA256:
                case HASH_SHA384:
                case HASH_SHA512:
@@ -296,6 +295,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
                case HASH_MD2:
                case HASH_MD4:
                case HASH_MD5:
+               case HASH_SHA1:
                case HASH_SHA224:
                case HASH_SHA3_224:
                case HASH_SHA3_256:
index 6a83fe7..9f77419 100644 (file)
@@ -201,9 +201,9 @@ START_TEST(test_hasher_from_integrity)
        size_t length;
 
        length = 0;
-       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) == 
+       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
                                                                                          auths[_i].alg);
-       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) == 
+       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
                                                                                          auths[_i].alg);
        ck_assert(length == auths[_i].length);
 }
@@ -226,7 +226,7 @@ typedef struct {
 
 static hasher_ikev2_t ikev2[] = {
        { HASH_IDENTITY, TRUE  },
-       { HASH_SHA1,     TRUE  },
+       { HASH_SHA1,     FALSE },
        { HASH_SHA256,   TRUE  },
        { HASH_SHA384,   TRUE  },
        { HASH_SHA512,   TRUE  },