Added support for MODP_CUSTOM to gcrypt plugin

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 1d519ce56d9c44e33ef6c087b25513a286226534..6c4665da2dd2ac12b297fa5c1111d8fc10ad9083 100644 (file)
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -168,22 +168,16 @@ METHOD(diffie_hellman_t, destroy, void,
 }
 
 /*
- * Described in header.
+ * Generic internal constructor
  */
-gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
+                                                       chunk_t g, chunk_t p)
 {
        private_gcrypt_dh_t *this;
-       diffie_hellman_params_t *params;
        gcry_error_t err;
        chunk_t random;
        rng_t *rng;
 
-       params = diffie_hellman_get_params(group);
-       if (!params)
-       {
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .dh = {
@@ -195,18 +189,16 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
                        },
                },
                .group = group,
-               .p_len = params->prime.len,
+               .p_len = p.len,
        );
-       err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG,
-                                               params->prime.ptr, params->prime.len, NULL);
+       err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, p.ptr, p.len, NULL);
        if (err)
        {
                DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err));
                free(this);
                return NULL;
        }
-       err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG,
-                                               params->generator.ptr, params->generator.len, NULL);
+       err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG, g.ptr, g.len, NULL);
        if (err)
        {
                DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err));
@@ -218,7 +210,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
        rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
        if (rng)
        {       /* prefer external randomizer */
-               rng->allocate_bytes(rng, params->exp_len, &random);
+               rng->allocate_bytes(rng, exp_len, &random);
                rng->destroy(rng);
                err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
                                                        random.ptr, random.len, NULL);
@@ -234,13 +226,13 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
        }
        else
        {       /* fallback to gcrypt internal randomizer, shouldn't ever happen */
-               this->xa = gcry_mpi_new(params->exp_len * 8);
-               gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM);
+               this->xa = gcry_mpi_new(exp_len * 8);
+               gcry_mpi_randomize(this->xa, exp_len * 8, GCRY_STRONG_RANDOM);
        }
-       if (params->exp_len == this->p_len)
+       if (exp_len == this->p_len)
        {
                /* achieve bitsof(p)-1 by setting MSB to 0 */
-               gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1);
+               gcry_mpi_clear_bit(this->xa, exp_len * 8 - 1);
        }
 
        this->ya = gcry_mpi_new(this->p_len * 8);
@@ -250,3 +242,33 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
        return &this->public;
 }
 
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+{
+
+       diffie_hellman_params_t *params;
+
+       params = diffie_hellman_get_params(group);
+       if (!params)
+       {
+               return NULL;
+       }
+       return create_generic(group, params->exp_len,
+                                                 params->generator, params->prime);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
+                                                                        chunk_t g, chunk_t p)
+{
+       if (group == MODP_CUSTOM)
+       {
+               return create_generic(group, p.len, g, p);
+       }
+       return NULL;
+}

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
index 95b68dcd08b97f9a90b43587413b6b0c94c8ef1f..a70958dc41ad9d3aec027d542b75ecc2ec4fc392 100644 (file)
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
@@ -44,5 +44,16 @@ struct gcrypt_dh_t {
  */
 gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group);
 
+/**
+ * Creates a new gcrypt_dh_t object for MODP_CUSTOM.
+ *
+ * @param group                        MODP_CUSTOM
+ * @param g                            generator
+ * @param p                            prime
+ * @return                             gcrypt_dh_t object, NULL if not supported
+ */
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
+                                                                        chunk_t g, chunk_t p);
+
 #endif /** GCRYPT_DH_H_ @}*/
 

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index eb9b9500464f3fab96315293f2c508224e75222c..d7e5d0f4287531f0f8b199ced741c35e03acfa00 100644 (file)
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -104,6 +104,8 @@ METHOD(plugin_t, destroy, void,
                                        (rng_constructor_t)gcrypt_rng_create);
        lib->crypto->remove_dh(lib->crypto,
                                        (dh_constructor_t)gcrypt_dh_create);
+       lib->crypto->remove_dh(lib->crypto,
+                                       (dh_constructor_t)gcrypt_dh_create_custom);
        lib->creds->remove_builder(lib->creds,
                                        (builder_function_t)gcrypt_rsa_private_key_gen);
        lib->creds->remove_builder(lib->creds,
@@ -218,6 +220,8 @@ plugin_t *gcrypt_plugin_create()
                                        (dh_constructor_t)gcrypt_dh_create);
        lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
                                        (dh_constructor_t)gcrypt_dh_create);
+       lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+                                       (dh_constructor_t)gcrypt_dh_create_custom);
 
        /* RSA */
        lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,