ikev2: Don't use SHA-1 for RFC 7427 signature authentication

RFC 8247 demoted it to MUST NOT.

References #2427.

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 19ea72d0b70da6e60776c7ca8bc3a1ad312288a2..b2b1ef2896bda7ce68905f2085c62ab32de688b5 100644 (file)
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -156,14 +156,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
                }
                enumerator->destroy(enumerator);
 
-               /* for RSA we tried at least SHA-512, also try other schemes down to
-                * what we'd use with classic authentication */
+               /* for RSA we tried at least SHA-512, also try other schemes */
                if (key_type == KEY_RSA)
                {
                        signature_scheme_t schemes[] = {
                                SIGN_RSA_EMSA_PKCS1_SHA2_384,
                                SIGN_RSA_EMSA_PKCS1_SHA2_256,
-                               SIGN_RSA_EMSA_PKCS1_SHA1,
                        }, contained;
                        bool found;
                        int i, j;

diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 26aab0cccd12c4fce8f81c6fb00c4d91b87b3a47..6b5c05c46964d6c24669801d07320378513060c3 100644 (file)
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -287,7 +287,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
        switch (alg)
        {
                case HASH_IDENTITY:
-               case HASH_SHA1:
                case HASH_SHA256:
                case HASH_SHA384:
                case HASH_SHA512:
@@ -296,6 +295,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
                case HASH_MD2:
                case HASH_MD4:
                case HASH_MD5:
+               case HASH_SHA1:
                case HASH_SHA224:
                case HASH_SHA3_224:
                case HASH_SHA3_256:

diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 6a83fe777d7f0c86f24b99c54560ff46273288df..9f77419698af08d38fb91c61d0ffa2ff899e5f32 100644 (file)
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -201,9 +201,9 @@ START_TEST(test_hasher_from_integrity)
        size_t length;
 
        length = 0;
-       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) == 
+       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
                                                                                          auths[_i].alg);
-       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) == 
+       ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
                                                                                          auths[_i].alg);
        ck_assert(length == auths[_i].length);
 }
@@ -226,7 +226,7 @@ typedef struct {
 
 static hasher_ikev2_t ikev2[] = {
        { HASH_IDENTITY, TRUE  },
-       { HASH_SHA1,     TRUE  },
+       { HASH_SHA1,     FALSE },
        { HASH_SHA256,   TRUE  },
        { HASH_SHA384,   TRUE  },
        { HASH_SHA512,   TRUE  },