Merge branch 'pbkdf2-sha2'

Adds support for common SHA-2 based PRFs in PKCS#5/PBKDF2 as used by
OpenSSL 1.1 when generating PKCS#8-encoded private keys.

Fixes #2574.

src/charon-nm/nm/nm_service.c

@@ -492,7 +492,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
 					priv->creds->set_key_password(priv->creds, secret);
 				}
 				private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
-								KEY_RSA, BUILD_FROM_FILE, str, BUILD_END);
+								KEY_ANY, BUILD_FROM_FILE, str, BUILD_END);
 				if (!private)
 				{
 					g_set_error(err, NM_VPN_PLUGIN_ERROR,

src/libstrongswan/asn1/oid.txt

@@ -150,6 +150,13 @@
             0x02             "digestAlgorithm"
               0x02           "md2"						OID_MD2
               0x05           "md5"						OID_MD5
+              0x07           "hmacWithSHA1"				OID_HMAC_SHA1
+              0x08           "hmacWithSHA224"			OID_HMAC_SHA224
+              0x09           "hmacWithSHA256"			OID_HMAC_SHA256
+              0x0A           "hmacWithSHA384"			OID_HMAC_SHA384
+              0x0B           "hmacWithSHA512"			OID_HMAC_SHA512
+              0x0C           "hmacWithSHA512-224"		OID_HMAC_SHA512_224
+              0x0D           "hmacWithSHA512-256"		OID_HMAC_SHA512_256
             0x03             "encryptionAlgorithm"
               0x07           "3des-ede-cbc"				OID_3DES_EDE_CBC
       0xCE                   ""

src/libstrongswan/crypto/pkcs5.c

@@ -422,7 +422,9 @@ static bool parse_pbes1_params(private_pkcs5_t *this, chunk_t blob, int level0)
 /**
  * ASN.1 definition of a PBKDF2-params structure
  * The salt is actually a CHOICE and could be an AlgorithmIdentifier from
- * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions).
+ * PBKDF2-SaltSources (but as per RFC 8018 that's for future versions).
+ * The PRF algorithm is actually defined as DEFAULT and not OPTIONAL, but the
+ * parser can't handle ASN1_DEF with SEQUENCEs.
  */
 static const asn1Object_t pbkdf2ParamsObjects[] = {
 	{ 0, "PBKDF2-params",	ASN1_SEQUENCE,		ASN1_NONE			}, /* 0 */
@@ -430,7 +432,8 @@ static const asn1Object_t pbkdf2ParamsObjects[] = {
 	{ 1,   "iterationCount",ASN1_INTEGER,		ASN1_BODY			}, /* 2 */
 	{ 1,   "keyLength",		ASN1_INTEGER,		ASN1_OPT|ASN1_BODY	}, /* 3 */
 	{ 1,   "end opt",		ASN1_EOC,			ASN1_END			}, /* 4 */
-	{ 1,   "prf",			ASN1_EOC,			ASN1_DEF|ASN1_RAW	}, /* 5 */
+	{ 1,   "prf",			ASN1_SEQUENCE,		ASN1_OPT|ASN1_RAW	}, /* 5 */
+	{ 1,   "end opt",		ASN1_EOC,			ASN1_END			}, /* 6 */
 	{ 0, "exit",			ASN1_EOC,			ASN1_EXIT			}
 };
 #define PBKDF2_SALT					1
@@ -446,13 +449,15 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0)
 	asn1_parser_t *parser;
 	chunk_t object;
 	int objectID;
-	bool success;
+	bool success = FALSE;
 
 	parser = asn1_parser_create(pbkdf2ParamsObjects, blob);
 	parser->set_top_level(parser, level0);
 
  	/* keylen is optional */
 	this->keylen = 0;
+	/* defaults to id-hmacWithSHA1 */
+	this->data.pbes2.prf_alg = PRF_HMAC_SHA1;
 
 	while (parser->iterate(parser, &objectID, &object))
 	{
@@ -474,13 +479,22 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0)
 				break;
 			}
 			case PBKDF2_PRF:
-			{	/* defaults to id-hmacWithSHA1, no other is currently defined */
-				this->data.pbes2.prf_alg = PRF_HMAC_SHA1;
+			{
+				int oid;
+
+				oid = asn1_parse_algorithmIdentifier(object,
+										parser->get_level(parser) + 1, NULL);
+				this->data.pbes2.prf_alg = pseudo_random_function_from_oid(oid);
+				if (this->data.pbes2.prf_alg == PRF_UNDEFINED)
+				{	/* unsupported PRF algorithm */
+					goto end;
+				}
 				break;
 			}
 		}
 	}
 	success = parser->success(parser);
+end:
 	parser->destroy(parser);
 	return success;
 }

src/libstrongswan/crypto/prfs/prf.c

@@ -1,7 +1,8 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -16,6 +17,8 @@
 
 #include "prf.h"
 
+#include <asn1/oid.h>
+
 ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_CAMELLIA128_XCBC,
 	"PRF_UNDEFINED",
 	"PRF_FIPS_SHA1_160",
@@ -33,3 +36,25 @@ ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_CAMEL
 	"PRF_AES128_CMAC");
 ENUM_END(pseudo_random_function_names, PRF_AES128_CMAC);
 
+/*
+ * Described in header.
+ */
+pseudo_random_function_t pseudo_random_function_from_oid(int oid)
+{
+	switch (oid)
+	{
+		case OID_HMAC_SHA1:
+			return PRF_HMAC_SHA1;
+		case OID_HMAC_SHA256:
+			return PRF_HMAC_SHA2_256;
+		case OID_HMAC_SHA384:
+			return PRF_HMAC_SHA2_384;
+		case OID_HMAC_SHA512:
+			return PRF_HMAC_SHA2_512;
+		case OID_HMAC_SHA224:
+		case OID_HMAC_SHA512_224:
+		case OID_HMAC_SHA512_256:
+		default:
+			return PRF_UNDEFINED;
+	}
+}

src/libstrongswan/crypto/prfs/prf.h

@@ -1,7 +1,8 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -125,4 +126,12 @@ struct prf_t {
 	void (*destroy)(prf_t *this);
 };
 
+/**
+ * Conversion of ASN.1 OID to PRF algorithm.
+ *
+ * @param oid			ASN.1 OID
+ * @return				encryption algorithm, PRF_UNDEFINED if OID unsupported
+ */
+pseudo_random_function_t pseudo_random_function_from_oid(int oid);
+
 #endif /** PRF_H_ @}*/