summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto/proposal
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2018-06-04 09:59:21 +0200
committerYves-Alexis Perez <corsac@debian.org>2018-06-04 09:59:21 +0200
commit51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch)
tree2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/libstrongswan/crypto/proposal
parent7793611ee71b576dd9c66dee327349fa64e38740 (diff)
downloadvyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz
vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip
New upstream version 5.6.3
Diffstat (limited to 'src/libstrongswan/crypto/proposal')
-rw-r--r--src/libstrongswan/crypto/proposal/proposal.c236
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.c153
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.txt5
7 files changed, 283 insertions, 119 deletions
diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index bb0a02b59..d671879c0 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -58,6 +58,11 @@ struct private_proposal_t {
array_t *transforms;
/**
+ * Types of transforms contained, as transform_type_t
+ */
+ array_t *types;
+
+ /**
* senders SPI
*/
uint64_t spi;
@@ -69,6 +74,101 @@ struct private_proposal_t {
};
/**
+ * This is a hack to not change the previous order when printing proposals
+ */
+static transform_type_t type_for_sort(const void *type)
+{
+ const transform_type_t *t = type;
+
+ switch (*t)
+ {
+ case PSEUDO_RANDOM_FUNCTION:
+ return INTEGRITY_ALGORITHM;
+ case INTEGRITY_ALGORITHM:
+ return PSEUDO_RANDOM_FUNCTION;
+ default:
+ return *t;
+ }
+}
+
+/**
+ * Sort transform types
+ */
+static int type_sort(const void *a, const void *b, void *user)
+{
+ transform_type_t ta = type_for_sort(a), tb = type_for_sort(b);
+ return ta - tb;
+}
+
+/**
+ * Find a transform type
+ */
+static int type_find(const void *a, const void *b)
+{
+ return type_sort(a, b, NULL);
+}
+
+/**
+ * Check if the given transform type is already in the set
+ */
+static bool contains_type(array_t *types, transform_type_t type)
+{
+ return array_bsearch(types, &type, type_find, NULL) != -1;
+}
+
+/**
+ * Add the given transform type to the set
+ */
+static void add_type(array_t *types, transform_type_t type)
+{
+ if (!contains_type(types, type))
+ {
+ array_insert(types, ARRAY_TAIL, &type);
+ array_sort(types, type_sort, NULL);
+ }
+}
+
+/**
+ * Merge two sets of transform types into a new array
+ */
+static array_t *merge_types(private_proposal_t *this, private_proposal_t *other)
+{
+ array_t *types;
+ transform_type_t type;
+ int i, count;
+
+ count = max(array_count(this->types), array_count(other->types));
+ types = array_create(sizeof(transform_type_t), count);
+
+ for (i = 0; i < count; i++)
+ {
+ if (array_get(this->types, i, &type))
+ {
+ add_type(types, type);
+ }
+ if (array_get(other->types, i, &type))
+ {
+ add_type(types, type);
+ }
+ }
+ return types;
+}
+
+/**
+ * Remove the given transform type from the set
+ */
+static void remove_type(private_proposal_t *this, transform_type_t type)
+{
+ int i;
+
+ i = array_bsearch(this->types, &type, type_find, NULL);
+ if (i >= 0)
+ {
+ array_remove(this->types, i, NULL);
+ }
+}
+
+/**
* Struct used to store different kinds of algorithms.
*/
typedef struct {
@@ -91,6 +191,7 @@ METHOD(proposal_t, add_algorithm, void,
};
array_insert(this->transforms, ARRAY_TAIL, &entry);
+ add_type(this->types, type);
}
CALLBACK(alg_filter, bool,
@@ -206,17 +307,31 @@ METHOD(proposal_t, strip_dh, void,
{
enumerator_t *enumerator;
entry_t *entry;
+ bool found = FALSE;
enumerator = array_create_enumerator(this->transforms);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->type == DIFFIE_HELLMAN_GROUP &&
- entry->alg != keep)
+ if (entry->type == DIFFIE_HELLMAN_GROUP)
{
- array_remove_at(this->transforms, enumerator);
+ if (entry->alg != keep)
+ {
+ array_remove_at(this->transforms, enumerator);
+ }
+ else
+ {
+ found = TRUE;
+ }
}
}
enumerator->destroy(enumerator);
+ array_compress(this->transforms);
+
+ if (keep == MODP_NONE || !found)
+ {
+ remove_type(this, DIFFIE_HELLMAN_GROUP);
+ array_compress(this->types);
+ }
}
/**
@@ -310,6 +425,9 @@ METHOD(proposal_t, select_proposal, proposal_t*,
bool private)
{
proposal_t *selected;
+ transform_type_t type;
+ array_t *types;
+ int i;
DBG2(DBG_CFG, "selecting proposal:");
@@ -328,18 +446,20 @@ METHOD(proposal_t, select_proposal, proposal_t*,
{
selected = proposal_create(this->protocol, this->number);
selected->set_spi(selected, this->spi);
-
}
- if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) ||
- !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) ||
- !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) ||
- !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) ||
- !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private))
+ types = merge_types(this, (private_proposal_t*)other);
+ for (i = 0; i < array_count(types); i++)
{
- selected->destroy(selected);
- return NULL;
+ array_get(types, i, &type);
+ if (!select_algo(this, other, selected, type, private))
+ {
+ selected->destroy(selected);
+ array_destroy(types);
+ return NULL;
+ }
}
+ array_destroy(types);
DBG2(DBG_CFG, " proposal matches");
return selected;
@@ -409,16 +529,27 @@ METHOD(proposal_t, get_number, u_int,
METHOD(proposal_t, equals, bool,
private_proposal_t *this, proposal_t *other)
{
+ transform_type_t type;
+ array_t *types;
+ int i;
+
if (&this->public == other)
{
return TRUE;
}
- return (
- algo_list_equals(this, other, ENCRYPTION_ALGORITHM) &&
- algo_list_equals(this, other, INTEGRITY_ALGORITHM) &&
- algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) &&
- algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) &&
- algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS));
+
+ types = merge_types(this, (private_proposal_t*)other);
+ for (i = 0; i < array_count(types); i++)
+ {
+ array_get(types, i, &type);
+ if (!algo_list_equals(this, other, type))
+ {
+ array_destroy(types);
+ return FALSE;
+ }
+ }
+ array_destroy(types);
+ return TRUE;
}
METHOD(proposal_t, clone_, proposal_t*,
@@ -427,6 +558,7 @@ METHOD(proposal_t, clone_, proposal_t*,
private_proposal_t *clone;
enumerator_t *enumerator;
entry_t *entry;
+ transform_type_t *type;
clone = (private_proposal_t*)proposal_create(this->protocol, 0);
@@ -436,6 +568,12 @@ METHOD(proposal_t, clone_, proposal_t*,
array_insert(clone->transforms, ARRAY_TAIL, entry);
}
enumerator->destroy(enumerator);
+ enumerator = array_create_enumerator(this->types);
+ while (enumerator->enumerate(enumerator, &type))
+ {
+ array_insert(clone->types, ARRAY_TAIL, type);
+ }
+ enumerator->destroy(enumerator);
clone->spi = this->spi;
clone->number = this->number;
@@ -479,6 +617,7 @@ static void remove_transform(private_proposal_t *this, transform_type_t type)
}
}
e->destroy(e);
+ remove_type(this, type);
}
/**
@@ -571,6 +710,14 @@ static bool check_proposal(private_proposal_t *this)
* we MUST NOT propose any integrity algorithms */
remove_transform(this, INTEGRITY_ALGORITHM);
}
+ else if (this->protocol == PROTO_IKE &&
+ !get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
+ {
+ DBG1(DBG_CFG, "an integrity algorithm is mandatory in %N proposals "
+ "with classic (non-AEAD) encryption algorithms",
+ protocol_id_names, this->protocol);
+ return FALSE;
+ }
}
else
{ /* AES-GMAC is parsed as encryption algorithm, so we map that to the
@@ -605,6 +752,7 @@ static bool check_proposal(private_proposal_t *this)
}
}
e->destroy(e);
+ remove_type(this, ENCRYPTION_ALGORITHM);
if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
{
@@ -623,6 +771,7 @@ static bool check_proposal(private_proposal_t *this)
}
array_compress(this->transforms);
+ array_compress(this->types);
return TRUE;
}
@@ -646,30 +795,44 @@ static bool add_string_algo(private_proposal_t *this, const char *alg)
}
/**
- * print all algorithms of a kind to buffer
+ * Print all algorithms of the given type
*/
static int print_alg(private_proposal_t *this, printf_hook_data_t *data,
- u_int kind, void *names, bool *first)
+ transform_type_t type, bool *first)
{
enumerator_t *enumerator;
size_t written = 0;
- uint16_t alg, size;
+ entry_t *entry;
+ enum_name_t *names;
+
+ names = transform_get_enum_names(type);
- enumerator = create_enumerator(this, kind);
- while (enumerator->enumerate(enumerator, &alg, &size))
+ enumerator = array_create_enumerator(this->transforms);
+ while (enumerator->enumerate(enumerator, &entry))
{
+ char *prefix = "/";
+
+ if (type != entry->type)
+ {
+ continue;
+ }
if (*first)
{
- written += print_in_hook(data, "%N", names, alg);
+ prefix = "";
*first = FALSE;
}
+ if (names)
+ {
+ written += print_in_hook(data, "%s%N", prefix, names, entry->alg);
+ }
else
{
- written += print_in_hook(data, "/%N", names, alg);
+ written += print_in_hook(data, "%sUNKNOWN_%u_%u", prefix,
+ entry->type, entry->alg);
}
- if (size)
+ if (entry->key_size)
{
- written += print_in_hook(data, "_%u", size);
+ written += print_in_hook(data, "_%u", entry->key_size);
}
}
enumerator->destroy(enumerator);
@@ -685,6 +848,7 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
private_proposal_t *this = *((private_proposal_t**)(args[0]));
linked_list_t *list = *((linked_list_t**)(args[0]));
enumerator_t *enumerator;
+ transform_type_t *type;
size_t written = 0;
bool first = TRUE;
@@ -713,16 +877,12 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
}
written = print_in_hook(data, "%N:", protocol_id_names, this->protocol);
- written += print_alg(this, data, ENCRYPTION_ALGORITHM,
- encryption_algorithm_names, &first);
- written += print_alg(this, data, INTEGRITY_ALGORITHM,
- integrity_algorithm_names, &first);
- written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION,
- pseudo_random_function_names, &first);
- written += print_alg(this, data, DIFFIE_HELLMAN_GROUP,
- diffie_hellman_group_names, &first);
- written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS,
- extended_sequence_numbers_names, &first);
+ enumerator = array_create_enumerator(this->types);
+ while (enumerator->enumerate(enumerator, &type))
+ {
+ written += print_alg(this, data, *type, &first);
+ }
+ enumerator->destroy(enumerator);
return written;
}
@@ -730,6 +890,7 @@ METHOD(proposal_t, destroy, void,
private_proposal_t *this)
{
array_destroy(this->transforms);
+ array_destroy(this->types);
free(this);
}
@@ -760,6 +921,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
.protocol = protocol,
.number = number,
.transforms = array_create(sizeof(entry_t), 0),
+ .types = array_create(sizeof(transform_type_t), 0),
);
return &this->public;
@@ -794,7 +956,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
break;
case ENCR_CHACHA20_POLY1305:
- add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
break;
default:
break;
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index cd4e5763c..e83e18829 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index b062221e5..585377a6b 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index 420a66d7c..cad94aa82 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -32,7 +32,7 @@ error "gperf generated tables don't work with this execution character set. Plea
/*
* Copyright (C) 2009-2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -59,12 +59,12 @@ struct proposal_token {
uint16_t keysize;
};
-#define TOTAL_KEYWORDS 143
+#define TOTAL_KEYWORDS 144
#define MIN_WORD_LENGTH 3
-#define MAX_WORD_LENGTH 17
+#define MAX_WORD_LENGTH 22
#define MIN_HASH_VALUE 7
-#define MAX_HASH_VALUE 259
-/* maximum key range = 253, duplicates = 0 */
+#define MAX_HASH_VALUE 250
+/* maximum key range = 244, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -78,34 +78,34 @@ hash (str, len)
register const char *str;
register unsigned int len;
{
- static const unsigned short asso_values[] =
+ static const unsigned char asso_values[] =
{
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 73, 2,
- 16, 40, 30, 26, 8, 15, 3, 1, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 106, 260, 2, 2, 16,
- 46, 75, 1, 78, 2, 4, 260, 260, 1, 18,
- 7, 2, 164, 5, 94, 116, 23, 41, 260, 260,
- 1, 2, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 73, 2,
+ 16, 47, 30, 26, 8, 6, 3, 1, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 98, 251, 2, 2, 16,
+ 46, 75, 1, 78, 6, 4, 251, 251, 1, 4,
+ 7, 2, 124, 1, 94, 116, 23, 64, 251, 251,
+ 1, 2, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+ 251, 251, 251, 251, 251, 251, 251
};
register int hval = len;
@@ -154,15 +154,16 @@ static const struct proposal_token wordlist[] =
{"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
{"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
{"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
{"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
{"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
{"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
{"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
{"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
{"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
{"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
{"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
{"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
@@ -175,11 +176,9 @@ static const struct proposal_token wordlist[] =
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
{"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
{"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
{"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
{"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
{"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
@@ -201,24 +200,25 @@ static const struct proposal_token wordlist[] =
{"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
{"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
{"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
{"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
{"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
{"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
{"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
{"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
{"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0},
{"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
{"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
@@ -236,6 +236,7 @@ static const struct proposal_token wordlist[] =
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
{"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
{"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
{"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
@@ -247,46 +248,46 @@ static const struct proposal_token wordlist[] =
{"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
{"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
{"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
{"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
{"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
{"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
{"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"curve25519", DIFFIE_HELLMAN_GROUP, CURVE_25519, 0},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"curve25519", DIFFIE_HELLMAN_GROUP, CURVE_25519, 0},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
{"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256},
+ {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
{"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
{"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
- {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
+ {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0},
+ {"chacha20poly1305compat", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256},
{"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
- {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
- {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
- {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
{"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
- {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0},
- {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0}
+ {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}
};
static const short lookup[] =
@@ -294,29 +295,29 @@ static const short lookup[] =
-1, -1, -1, -1, -1, -1, -1, 0, -1, -1,
-1, 1, 2, -1, -1, -1, -1, -1, -1, -1,
3, 4, -1, -1, -1, -1, -1, 5, 6, 7,
- 8, -1, -1, 9, -1, -1, 10, 11, 12, -1,
- 13, 14, 15, 16, 17, 18, -1, -1, -1, 19,
- 20, 21, 22, 23, 24, 25, 26, 27, 28, 29,
- 30, 31, 32, 33, 34, 35, 36, 37, 38, 39,
- 40, 41, 42, 43, 44, 45, -1, 46, 47, 48,
- 49, 50, 51, 52, 53, 54, 55, 56, 57, 58,
- 59, 60, 61, 62, 63, -1, 64, 65, -1, 66,
- 67, 68, 69, 70, 71, -1, 72, 73, -1, 74,
+ 8, -1, -1, 9, 10, -1, 11, 12, 13, -1,
+ 14, 15, 16, -1, 17, 18, -1, 19, -1, 20,
+ 21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
+ 31, -1, 32, 33, 34, -1, 35, 36, 37, 38,
+ 39, 40, 41, 42, 43, 44, -1, 45, 46, 47,
+ 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
+ 58, -1, 59, 60, 61, 62, 63, 64, 65, 66,
+ 67, 68, 69, 70, 71, 72, 73, 74, -1, -1,
-1, -1, 75, 76, 77, 78, 79, 80, 81, 82,
83, 84, 85, -1, -1, -1, 86, 87, 88, -1,
- 89, 90, 91, -1, 92, 93, 94, 95, 96, 97,
- 98, 99, -1, 100, 101, -1, 102, 103, 104, -1,
- 105, 106, -1, -1, 107, 108, 109, -1, 110, 111,
- -1, 112, 113, 114, -1, 115, -1, 116, -1, -1,
- 117, -1, 118, -1, -1, 119, 120, -1, -1, 121,
- 122, 123, 124, 125, 126, 127, 128, 129, -1, 130,
- -1, 131, -1, 132, 133, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 134, -1, -1, 135, 136,
- 137, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- 138, 139, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, 140,
+ 89, 90, 91, 92, 93, 94, 95, 96, 97, 98,
+ 99, 100, -1, 101, 102, -1, 103, -1, 104, -1,
+ 105, 106, -1, 107, 108, 109, 110, 111, 112, -1,
+ -1, 113, 114, 115, -1, 116, -1, 117, 118, 119,
+ 120, -1, 121, 122, -1, 123, 124, -1, -1, 125,
+ -1, 126, 127, 128, 129, 130, 131, 132, -1, -1,
+ 133, -1, -1, -1, 134, -1, -1, -1, -1, -1,
+ -1, -1, -1, 135, -1, -1, 136, -1, -1, 137,
+ -1, -1, 138, -1, -1, -1, 139, -1, -1, 140,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, 141, -1, -1, 142, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, 141, -1, -1, -1, -1, 142
+ 143
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
index e28f46513..1345f36bb 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
index ee9f7b9da..be77410ab 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index c44ed96a0..b214a9edf 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -1,7 +1,7 @@
%{
/*
* Copyright (C) 2009-2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -78,7 +78,8 @@ aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128
aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192
aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256
-chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256
+chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0
+chacha20poly1305compat, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256
blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 14:59:39 +0000