diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:35:38 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:35:38 +0000 |
commit | 7c52c3f35cdbdff58443b994f2f33d13b4d81f57 (patch) | |
tree | e54a27979ea72ec41702bec2984c2eadac3b8862 /src/charon/config/proposal.c | |
parent | 4ef45ba0404dac3773e83af995a5ec584b23d633 (diff) | |
download | vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.tar.gz vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.zip |
Updated to new upstream version.
Diffstat (limited to 'src/charon/config/proposal.c')
-rw-r--r-- | src/charon/config/proposal.c | 251 |
1 files changed, 35 insertions, 216 deletions
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index 92ef34b75..e2dfcca4f 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: proposal.c 4936 2009-03-12 18:07:32Z tobias $ */ #include <string.h> @@ -24,10 +22,11 @@ #include <utils/linked_list.h> #include <utils/identification.h> #include <utils/lexparser.h> +#include <crypto/transform.h> #include <crypto/prfs/prf.h> #include <crypto/crypters/crypter.h> #include <crypto/signers/signer.h> - +#include <crypto/proposal/proposal_keywords.h> ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP, "PROTO_NONE", @@ -36,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP, "ESP", ); -ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, - "UNDEFINED_TRANSFORM_TYPE"); -ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE, - "ENCRYPTION_ALGORITHM", - "PSEUDO_RANDOM_FUNCTION", - "INTEGRITY_ALGORITHM", - "DIFFIE_HELLMAN_GROUP", - "EXTENDED_SEQUENCE_NUMBERS"); -ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); - ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, "NO_EXT_SEQ", "EXT_SEQ", @@ -585,227 +574,57 @@ static void check_proposal(private_proposal_t *this) /** * add a algorithm identified by a string to the proposal. - * TODO: we could use gperf here. */ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) { - if (strncmp(alg.ptr, "null", alg.len) == 0) - { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_NULL, 0); - } - else if (strncmp(alg.ptr, "aes128", alg.len) == 0) - { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); - } - else if (strncmp(alg.ptr, "aes192", alg.len) == 0) - { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192); - } - else if (strncmp(alg.ptr, "aes256", alg.len) == 0) + const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len); + + if (token == NULL) { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); + return FAILED; } - else if (strstr(alg.ptr, "ccm")) - { - u_int16_t key_size, icv_size; - if (sscanf(alg.ptr, "aes%huccm%hu", &key_size, &icv_size) == 2) - { - if (key_size == 128 || key_size == 192 || key_size == 256) - { - switch (icv_size) - { - case 8: /* octets */ - case 64: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, - ENCR_AES_CCM_ICV8, key_size); - break; - case 12: /* octets */ - case 96: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, - ENCR_AES_CCM_ICV12, key_size); - break; - case 16: /* octets */ - case 128: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, - ENCR_AES_CCM_ICV16, key_size); - break; - default: - /* invalid ICV size */ - break; - } - } - } - } - else if (strstr(alg.ptr, "gcm")) - { - u_int16_t key_size, icv_size; + add_algorithm(this, token->type, token->algorithm, token->keysize); - if (sscanf(alg.ptr, "aes%hugcm%hu", &key_size, &icv_size) == 2) - { - if (key_size == 128 || key_size == 192 || key_size == 256) - { - switch (icv_size) - { - case 8: /* octets */ - case 64: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, - ENCR_AES_GCM_ICV8, key_size); - break; - case 12: /* octets */ - case 96: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, - ENCR_AES_GCM_ICV12, key_size); - break; - case 16: /* octets */ - case 128: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, - ENCR_AES_GCM_ICV16, key_size); - break; - default: - /* invalid ICV size */ - break; - } - } - } - } - else if (strncmp(alg.ptr, "3des", alg.len) == 0) + if (this->protocol == PROTO_IKE && token->type == INTEGRITY_ALGORITHM) { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); - } - /* blowfish only uses some predefined key sizes yet */ - else if (strncmp(alg.ptr, "blowfish128", alg.len) == 0) - { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128); - } - else if (strncmp(alg.ptr, "blowfish192", alg.len) == 0) - { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192); - } - else if (strncmp(alg.ptr, "blowfish256", alg.len) == 0) - { - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256); - } - else if (strncmp(alg.ptr, "sha", alg.len) == 0 || - strncmp(alg.ptr, "sha1", alg.len) == 0) - { - /* sha means we use SHA for both, PRF and AUTH */ - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - if (this->protocol == PROTO_IKE) - { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); - } - } - else if (strncmp(alg.ptr, "sha256", alg.len) == 0 || - strncmp(alg.ptr, "sha2_256", alg.len) == 0) - { - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); - if (this->protocol == PROTO_IKE) - { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0); - } - } - else if (strncmp(alg.ptr, "sha384", alg.len) == 0 || - strncmp(alg.ptr, "sha2_384", alg.len) == 0) - { - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); - if (this->protocol == PROTO_IKE) - { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0); - } - } - else if (strncmp(alg.ptr, "sha512", alg.len) == 0 || - strncmp(alg.ptr, "sha2_512", alg.len) == 0) - { - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); - if (this->protocol == PROTO_IKE) - { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0); - } - } - else if (strncmp(alg.ptr, "md5", alg.len) == 0) - { - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); - if (this->protocol == PROTO_IKE) + pseudo_random_function_t prf; + + switch (token->algorithm) { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); + case AUTH_HMAC_SHA1_96: + prf = PRF_HMAC_SHA1; + break; + case AUTH_HMAC_SHA2_256_128: + prf = PRF_HMAC_SHA2_256; + break; + case AUTH_HMAC_SHA2_384_192: + prf = PRF_HMAC_SHA2_384; + break; + case AUTH_HMAC_SHA2_512_256: + prf = PRF_HMAC_SHA2_512; + break; + case AUTH_HMAC_MD5_96: + prf = PRF_HMAC_MD5; + break; + case AUTH_AES_XCBC_96: + prf = PRF_AES128_XCBC; + break; + default: + prf = PRF_UNDEFINED; } - } - else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0) - { - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - if (this->protocol == PROTO_IKE) + if (prf != PRF_UNDEFINED) { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0); + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); } } - else if (strncmp(alg.ptr, "modpnull", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0); - } - else if (strncmp(alg.ptr, "modp768", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); - } - else if (strncmp(alg.ptr, "modp1024", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - } - else if (strncmp(alg.ptr, "modp1536", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0); - } - else if (strncmp(alg.ptr, "modp2048", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - } - else if (strncmp(alg.ptr, "modp3072", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0); - } - else if (strncmp(alg.ptr, "modp4096", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); - } - else if (strncmp(alg.ptr, "modp6144", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0); - } - else if (strncmp(alg.ptr, "modp8192", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); - } - else if (strncmp(alg.ptr, "ecp192", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0); - } - else if (strncmp(alg.ptr, "ecp224", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0); - } - else if (strncmp(alg.ptr, "ecp256", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0); - } - else if (strncmp(alg.ptr, "ecp384", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0); - } - else if (strncmp(alg.ptr, "ecp521", alg.len) == 0) - { - add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0); - } - else - { - return FAILED; - } return SUCCESS; } /** * print all algorithms of a kind to buffer */ -static int print_alg(private_proposal_t *this, char **dst, int *len, +static int print_alg(private_proposal_t *this, char **dst, size_t *len, u_int kind, void *names, bool *first) { enumerator_t *enumerator; @@ -826,7 +645,7 @@ static int print_alg(private_proposal_t *this, char **dst, int *len, } if (size) { - written += print_in_hook(*dst, *len, "-%d", size); + written += print_in_hook(*dst, *len, "_%u", size); } } enumerator->destroy(enumerator); |