From 24aa46946349529bf36d3569796a28917d3e756f Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Wed, 9 Aug 2017 18:55:37 +0200 Subject: build, lib, ipcpd, irmd: Add support for libgcrypt This adds support for libgcrypt. If at least version 1.7.0 of libgcrypt is present, it may be used for secure random number generation and is used for hashing in the irmd/ipcp. The hash definitions are moved to the internal hash.h header, and defined independently of the hashes that are defined as part of the directory policy for the normal IPCP. The translation is moved from the IRMd to ipcpd/ipcp.h. The bootstrap call from the IRMd expects the IPCP to return the correct hash algorithm with a dif_info struct, which is in line with the behavior of the enroll call. This also improves how some platform checks in the build system are handled. --- include/ouroboros/config.h.in | 4 ++++ include/ouroboros/hash.h | 27 +++++++++++++++++++++++---- include/ouroboros/ipcp.h | 17 +++++++---------- 3 files changed, 34 insertions(+), 14 deletions(-) (limited to 'include') diff --git a/include/ouroboros/config.h.in b/include/ouroboros/config.h.in index 0957ee4d..881410eb 100644 --- a/include/ouroboros/config.h.in +++ b/include/ouroboros/config.h.in @@ -37,6 +37,10 @@ #define IPCP_NORMAL_EXEC "@IPCP_NORMAL_TARGET@" #define IPCP_LOCAL_EXEC "@IPCP_LOCAL_TARGET@" #cmakedefine HAVE_ROBUST_MUTEX +#cmakedefine HAVE_SYS_RANDOM +#cmakedefine HAVE_LIBGCRYPT +#cmakedefine HAVE_OPENSSL +#cmakedefine HAVE_NETMAP #define AP_MAX_FLOWS 2048 #define AP_RES_FDS 64 #define AP_MAX_FQUEUES 64 diff --git a/include/ouroboros/hash.h b/include/ouroboros/hash.h index 456a93f3..6d3f98a3 100644 --- a/include/ouroboros/hash.h +++ b/include/ouroboros/hash.h @@ -25,11 +25,30 @@ #define OUROBOROS_LIB_HASH_H #include -#include -#include -#include -#include +#ifdef HAVE_LIBGCRYPT +#include +#endif +#include + +/* Hash algorithms */ +enum hash_algo { +#ifdef HAVE_LIBGCRYPT + HASH_CRC32 = GCRY_MD_CRC32, + HASH_MD5 = GCRY_MD_MD5, + HASH_SHA3_224 = GCRY_MD_SHA3_224, + HASH_SHA3_256 = GCRY_MD_SHA3_256, + HASH_SHA3_384 = GCRY_MD_SHA3_384, + HASH_SHA3_512 = GCRY_MD_SHA3_512 +#else + HASH_CRC32 = 0, + HASH_MD5, + HASH_SHA3_224, + HASH_SHA3_256, + HASH_SHA3_384, + HASH_SHA3_512 +#endif +}; #define HASH_FMT "%02x%02x%02x%02x" #define HASH_VAL(hash) \ diff --git a/include/ouroboros/ipcp.h b/include/ouroboros/ipcp.h index 1b775a63..7c34cc7d 100644 --- a/include/ouroboros/ipcp.h +++ b/include/ouroboros/ipcp.h @@ -52,22 +52,19 @@ enum pol_routing { LINK_STATE = 0 }; -/* Hash algorithms */ -enum hash_algo { - HASH_CRC32 = 0, - HASH_MD5, - HASH_SHA3_224, - HASH_SHA3_256, - HASH_SHA3_384, - HASH_SHA3_512 +enum pol_dir_hash { + DIR_HASH_SHA3_224 = 0, + DIR_HASH_SHA3_256, + DIR_HASH_SHA3_384, + DIR_HASH_SHA3_512 }; #define DIF_NAME_SIZE 256 /* Info reported back to the IRMd about the DIF on enrollment */ struct dif_info { - char dif_name[DIF_NAME_SIZE]; - enum hash_algo dir_hash_algo; + char dif_name[DIF_NAME_SIZE]; + enum pol_dir_hash dir_hash_algo; }; /* Structure to configure the first IPCP */ -- cgit v1.2.3