summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
authorRené Mayrhofer <rene@mayrhofer.eu.org>2011-05-19 13:37:29 +0200
committerRené Mayrhofer <rene@mayrhofer.eu.org>2011-05-19 13:37:29 +0200
commit0a9d51a49042a68daa15b0c74a2b7f152f52606b (patch)
tree451888dcb17d00e52114f734e846821373fbbd44 /src/libstrongswan/crypto
parent568905f488e63e28778f87ac0e38d845f45bae79 (diff)
downloadvyos-strongswan-0a9d51a49042a68daa15b0c74a2b7f152f52606b.tar.gz
vyos-strongswan-0a9d51a49042a68daa15b0c74a2b7f152f52606b.zip
Imported Upstream version 4.5.2
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c6
-rw-r--r--src/libstrongswan/crypto/crypto_tester.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c141
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt2
-rw-r--r--src/libstrongswan/crypto/transform.c5
-rw-r--r--src/libstrongswan/crypto/transform.h13
6 files changed, 96 insertions, 73 deletions
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 276f4329a..4635dccea 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -247,7 +247,7 @@ METHOD(crypto_tester_t, test_crypter, bool,
{
DBG1(DBG_LIB,"disable %N[%s]: no key size supported",
encryption_algorithm_names, alg, plugin_name);
- return FALSE;
+ return FALSE;
}
else
{
@@ -263,7 +263,7 @@ METHOD(crypto_tester_t, test_crypter, bool,
{
*speed = bench_crypter(this, alg, create);
DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points",
- encryption_algorithm_names, alg, tested, plugin_name, *speed);
+ encryption_algorithm_names, alg, plugin_name, tested, *speed);
}
else
{
@@ -417,7 +417,7 @@ METHOD(crypto_tester_t, test_aead, bool,
{
DBG1(DBG_LIB,"disable %N[%s]: no key size supported",
encryption_algorithm_names, alg, plugin_name);
- return FALSE;
+ return FALSE;
}
else
{
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index 019c87c39..9ac665929 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -72,7 +72,7 @@ struct aead_test_vector_t {
struct signer_test_vector_t {
/** signer algorithm this test vector tests */
- pseudo_random_function_t alg;
+ integrity_algorithm_t alg;
/** key to use, with a length the algorithm expects */
u_char *key;
/** size of the input data */
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 10ab9fc23..d65955a2e 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -59,12 +59,12 @@ struct proposal_token {
u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 117
+#define TOTAL_KEYWORDS 119
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
#define MIN_HASH_VALUE 9
-#define MAX_HASH_VALUE 209
-/* maximum key range = 201, duplicates = 0 */
+#define MAX_HASH_VALUE 213
+/* maximum key range = 205, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 16, 9,
- 4, 41, 66, 19, 8, 4, 5, 3, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 122, 210, 3, 22, 21,
- 3, 111, 103, 48, 7, 4, 210, 210, 3, 210,
- 57, 3, 210, 210, 78, 6, 3, 28, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
- 210, 210, 210, 210, 210, 210, 210
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 14, 9,
+ 4, 34, 66, 19, 8, 4, 5, 3, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 131, 214, 3, 22, 21,
+ 3, 1, 101, 48, 3, 4, 214, 214, 3, 214,
+ 57, 4, 214, 214, 94, 6, 3, 32, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214, 214, 214, 214,
+ 214, 214, 214, 214, 214, 214, 214
};
register int hval = len;
@@ -143,14 +143,19 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
{"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
{"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
{"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
{"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
{"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
{"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
@@ -209,81 +214,79 @@ static const struct proposal_token wordlist[] =
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
{"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
{"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
{"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
{"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
{"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
{"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
{"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
{"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
{"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
{"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
{"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
{"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
{"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
{"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
{"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
{"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
{"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
{"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
{"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}
};
static const short lookup[] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, 0,
- 1, -1, -1, -1, -1, -1, 2, -1, -1, -1,
- -1, 3, 4, -1, -1, -1, -1, -1, 5, 6,
- 7, 8, -1, -1, -1, 9, 10, 11, 12, 13,
- 14, 15, 16, 17, 18, 19, 20, 21, 22, -1,
- -1, -1, -1, 23, 24, 25, 26, 27, 28, 29,
- 30, -1, 31, -1, 32, 33, 34, 35, 36, 37,
- 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
- 48, -1, 49, -1, 50, -1, 51, -1, 52, -1,
- 53, -1, 54, 55, 56, 57, 58, 59, 60, 61,
- 62, 63, 64, 65, 66, 67, 68, 69, -1, 70,
- -1, 71, -1, 72, 73, 74, 75, 76, -1, 77,
- 78, 79, 80, 81, -1, 82, 83, 84, 85, -1,
- -1, 86, 87, 88, 89, 90, 91, 92, -1, -1,
- 93, 94, 95, 96, 97, 98, 99, 100, 101, 102,
- 103, 104, -1, -1, -1, -1, -1, -1, 105, 106,
- 107, 108, -1, -1, -1, -1, 109, -1, 110, -1,
- -1, -1, -1, -1, 111, -1, -1, -1, -1, 112,
- 113, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 1, 2, -1, -1, -1, -1, 3, 4, -1, -1,
+ -1, 5, 6, -1, -1, 7, -1, 8, 9, 10,
+ 11, 12, -1, 13, -1, 14, 15, 16, 17, 18,
+ 19, 20, 21, 22, 23, 24, 25, 26, 27, 28,
+ -1, -1, -1, -1, 29, 30, 31, 32, 33, 34,
+ 35, -1, 36, -1, 37, 38, 39, 40, 41, 42,
+ 43, 44, 45, 46, 47, 48, 49, 50, 51, 52,
+ 53, -1, 54, -1, 55, -1, 56, -1, 57, -1,
+ 58, -1, 59, 60, 61, 62, 63, 64, 65, 66,
+ 67, 68, 69, 70, 71, 72, -1, 73, -1, 74,
+ -1, 75, -1, 76, 77, 78, 79, 80, -1, 81,
+ 82, 83, 84, 85, -1, 86, 87, -1, 88, -1,
+ -1, 89, 90, -1, 91, -1, -1, 92, -1, 93,
+ 94, 95, 96, -1, 97, -1, 98, 99, 100, 101,
+ 102, 103, -1, -1, -1, 104, -1, -1, 105, 106,
+ -1, 107, -1, -1, -1, 108, 109, -1, -1, 110,
+ 111, -1, -1, -1, 112, 113, -1, 114, 115, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, 114, 115, -1, -1, -1, 116
+ -1, -1, -1, -1, -1, 116, -1, -1, -1, 117,
+ -1, -1, -1, 118
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 208c6715b..4ef664d8f 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -146,3 +146,5 @@ ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0
modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0
modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0
+noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
+esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
index cec90a616..1e108f1de 100644
--- a/src/libstrongswan/crypto/transform.c
+++ b/src/libstrongswan/crypto/transform.c
@@ -28,3 +28,8 @@ ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
"EXTENDED_SEQUENCE_NUMBERS");
ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+
+ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
+ "NO_EXT_SEQ",
+ "EXT_SEQ",
+);
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
index 1a2660199..1393c674c 100644
--- a/src/libstrongswan/crypto/transform.h
+++ b/src/libstrongswan/crypto/transform.h
@@ -45,4 +45,17 @@ enum transform_type_t {
*/
extern enum_name_t *transform_type_names;
+/**
+ * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
+ */
+enum extended_sequence_numbers_t {
+ NO_EXT_SEQ_NUMBERS = 0,
+ EXT_SEQ_NUMBERS = 1
+};
+
+/**
+ * enum strings for extended_sequence_numbers_t.
+ */
+extern enum_name_t *extended_sequence_numbers_names;
+
#endif /** TRANSFORM_H_ @}*/