diff options
| author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-05-19 13:41:58 +0200 |
|---|---|---|
| committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-05-19 13:41:58 +0200 |
| commit | b590992f735393c97489fce191e7810eaae4f6d7 (patch) | |
| tree | 286595c4aa43dbf3d616d816e5fade6ac364771a /src/libstrongswan/crypto | |
| parent | 2fce29055b7b5bc2860d503d1ae822931f80b7aa (diff) | |
| parent | 0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff) | |
| download | vyos-strongswan-b590992f735393c97489fce191e7810eaae4f6d7.tar.gz vyos-strongswan-b590992f735393c97489fce191e7810eaae4f6d7.zip | |
Merge upstream version 4.5.2
Diffstat (limited to 'src/libstrongswan/crypto')
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.c | 149 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.h | 54 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.c | 191 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.h | 26 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords.c | 141 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords.txt | 2 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/transform.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/transform.h | 13 |
8 files changed, 96 insertions, 485 deletions
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 96b4630f7..2d13896d6 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -20,15 +20,6 @@ #include <utils/linked_list.h> #include <crypto/crypto_tester.h> -<<<<<<< HEAD -typedef struct entry_t entry_t; -struct entry_t { - /* algorithm */ - u_int algo; - /* benchmarked speed */ - u_int speed; - /* constructor */ -======= const char *default_plugin_name = "default"; typedef struct entry_t entry_t; @@ -52,7 +43,6 @@ struct entry_t { /** * constructor */ ->>>>>>> upstream/4.5.1 union { crypter_constructor_t create_crypter; aead_constructor_t create_aead; @@ -154,12 +144,8 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, { if (this->test_on_create && !this->tester->test_crypter(this->tester, algo, key_size, -<<<<<<< HEAD - entry->create_crypter, NULL)) -======= entry->create_crypter, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -191,12 +177,8 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, -<<<<<<< HEAD - entry->create_aead, NULL)) -======= entry->create_aead, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -227,12 +209,8 @@ METHOD(crypto_factory_t, create_signer, signer_t*, { if (this->test_on_create && !this->tester->test_signer(this->tester, algo, -<<<<<<< HEAD - entry->create_signer, NULL)) -======= entry->create_signer, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -264,12 +242,8 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*, { if (this->test_on_create && algo != HASH_PREFERRED && !this->tester->test_hasher(this->tester, algo, -<<<<<<< HEAD - entry->create_hasher, NULL)) -======= entry->create_hasher, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -300,12 +274,8 @@ METHOD(crypto_factory_t, create_prf, prf_t*, { if (this->test_on_create && !this->tester->test_prf(this->tester, algo, -<<<<<<< HEAD - entry->create_prf, NULL)) -======= entry->create_prf, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -337,12 +307,8 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { if (this->test_on_create && !this->tester->test_rng(this->tester, quality, -<<<<<<< HEAD - entry->create_rng, NULL)) -======= entry->create_rng, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -406,12 +372,8 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, * Insert an algorithm entry to a list */ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, -<<<<<<< HEAD - int algo, u_int speed, void *create) -======= int algo, const char *plugin_name, u_int speed, void *create) ->>>>>>> upstream/4.5.1 { entry_t *entry, *current; linked_list_t *tmp; @@ -419,10 +381,7 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, INIT(entry, .algo = algo, -<<<<<<< HEAD -======= .plugin_name = plugin_name, ->>>>>>> upstream/4.5.1 .speed = speed, ); entry->create = create; @@ -456,27 +415,16 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, } METHOD(crypto_factory_t, add_crypter, void, -<<<<<<< HEAD - private_crypto_factory_t *this, encryption_algorithm_t algo, - crypter_constructor_t create) -======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, crypter_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_crypter(this->tester, algo, 0, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->crypters, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->crypters, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -501,27 +449,16 @@ METHOD(crypto_factory_t, remove_crypter, void, } METHOD(crypto_factory_t, add_aead, void, -<<<<<<< HEAD - private_crypto_factory_t *this, encryption_algorithm_t algo, - aead_constructor_t create) -======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, aead_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_aead(this->tester, algo, 0, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->aeads, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -546,27 +483,16 @@ METHOD(crypto_factory_t, remove_aead, void, } METHOD(crypto_factory_t, add_signer, void, -<<<<<<< HEAD - private_crypto_factory_t *this, integrity_algorithm_t algo, - signer_constructor_t create) -======= private_crypto_factory_t *this, integrity_algorithm_t algo, const char *plugin_name, signer_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_signer(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->signers, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->signers, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -591,27 +517,16 @@ METHOD(crypto_factory_t, remove_signer, void, } METHOD(crypto_factory_t, add_hasher, void, -<<<<<<< HEAD - private_crypto_factory_t *this, hash_algorithm_t algo, - hasher_constructor_t create) -======= private_crypto_factory_t *this, hash_algorithm_t algo, const char *plugin_name, hasher_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_hasher(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->hashers, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->hashers, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -636,27 +551,16 @@ METHOD(crypto_factory_t, remove_hasher, void, } METHOD(crypto_factory_t, add_prf, void, -<<<<<<< HEAD - private_crypto_factory_t *this, pseudo_random_function_t algo, - prf_constructor_t create) -======= private_crypto_factory_t *this, pseudo_random_function_t algo, const char *plugin_name, prf_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_prf(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->prfs, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->prfs, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -682,25 +586,15 @@ METHOD(crypto_factory_t, remove_prf, void, METHOD(crypto_factory_t, add_rng, void, private_crypto_factory_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create) -======= const char *plugin_name, rng_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_rng(this->tester, quality, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->rngs, quality, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->rngs, quality, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -725,17 +619,10 @@ METHOD(crypto_factory_t, remove_rng, void, } METHOD(crypto_factory_t, add_dh, void, -<<<<<<< HEAD - private_crypto_factory_t *this, diffie_hellman_group_t group, - dh_constructor_t create) -{ - add_entry(this, this->dhs, group, 0, create); -======= private_crypto_factory_t *this, diffie_hellman_group_t group, const char *plugin_name, dh_constructor_t create) { add_entry(this, this->dhs, group, plugin_name, 0, create); ->>>>>>> upstream/4.5.1 } METHOD(crypto_factory_t, remove_dh, void, @@ -797,17 +684,11 @@ static enumerator_t *create_enumerator(private_crypto_factory_t *this, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -826,17 +707,11 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -849,17 +724,11 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -872,17 +741,11 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo) -{ - *algo = (*entry)->algo; -======= static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -895,17 +758,11 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group) -{ - *group = (*entry)->algo; -======= static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, void *i2, const char **plugin_name) { *group = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -915,8 +772,6 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, return create_enumerator(this, this->dhs, dh_filter); } -<<<<<<< HEAD -======= /** * Filter function to enumerate algorithm, not entry */ @@ -933,7 +788,6 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, { return create_enumerator(this, this->rngs, rng_filter); } ->>>>>>> upstream/4.5.1 METHOD(crypto_factory_t, add_test_vector, void, private_crypto_factory_t *this, transform_type_t type, void *vector) { @@ -1008,10 +862,7 @@ crypto_factory_t *crypto_factory_create() .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, .create_dh_enumerator = _create_dh_enumerator, -<<<<<<< HEAD -======= .create_rng_enumerator = _create_rng_enumerator, ->>>>>>> upstream/4.5.1 .add_test_vector = _add_test_vector, .destroy = _destroy, }, diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 61c46b59c..8e5db6355 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -33,11 +33,8 @@ typedef struct crypto_factory_t crypto_factory_t; #include <crypto/diffie_hellman.h> #include <crypto/transform.h> -<<<<<<< HEAD -======= #define CRYPTO_MAX_ALG_LINE 120 /* characters */ ->>>>>>> upstream/4.5.1 /** * Constructor function for crypters */ @@ -149,19 +146,12 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, -<<<<<<< HEAD - crypter_constructor_t create); -======= const char *plugin_name, crypter_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a crypter constructor. @@ -181,37 +171,23 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo, -<<<<<<< HEAD - aead_constructor_t create); -======= const char *plugin_name, aead_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Register a signer constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo, -<<<<<<< HEAD - signer_constructor_t create); -======= const char *plugin_name, signer_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a signer constructor. @@ -227,19 +203,12 @@ struct crypto_factory_t { * create_hasher(HASH_PREFERRED). * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo, -<<<<<<< HEAD - hasher_constructor_t create); -======= const char *plugin_name, hasher_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a hasher constructor. @@ -252,19 +221,12 @@ struct crypto_factory_t { * Register a prf constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo, -<<<<<<< HEAD - prf_constructor_t create); -======= const char *plugin_name, prf_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a prf constructor. @@ -277,17 +239,11 @@ struct crypto_factory_t { * Register a source of randomness. * * @param quality quality of randomness this RNG serves -<<<<<<< HEAD - * @param create constructor function for such a quality - */ - void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create); -======= * @param plugin_name plugin that registered this algorithm * @param create constructor function for such a quality */ void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a source of randomness. @@ -300,19 +256,12 @@ struct crypto_factory_t { * Register a diffie hellman constructor. * * @param group dh group to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group, -<<<<<<< HEAD - dh_constructor_t create); -======= const char *plugin_name, dh_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a diffie hellman constructor. @@ -364,8 +313,6 @@ struct crypto_factory_t { enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this); /** -<<<<<<< HEAD -======= * Create an enumerator over all registered random generators. * * @return enumerator over rng_quality_t @@ -373,7 +320,6 @@ struct crypto_factory_t { enumerator_t* (*create_rng_enumerator)(crypto_factory_t *this); /** ->>>>>>> upstream/4.5.1 * Add a test vector to the crypto factory. * * @param type type of the test vector diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index d4a8728e2..4635dccea 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -165,11 +165,7 @@ static u_int bench_crypter(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_crypter, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, -<<<<<<< HEAD - crypter_constructor_t create, u_int *speed) -======= crypter_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; crypter_test_vector_t *vector; @@ -192,15 +188,11 @@ METHOD(crypto_tester_t, test_crypter, bool, } crypter = create(alg, vector->key_size); if (!crypter) -<<<<<<< HEAD - { /* key size not supported... */ -======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; ->>>>>>> upstream/4.5.1 continue; } @@ -243,30 +235,19 @@ METHOD(crypto_tester_t, test_crypter, bool, crypter->destroy(crypter); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - encryption_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - encryption_algorithm_names, alg); - return !this->required; -======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", encryption_algorithm_names, alg, plugin_name); - return FALSE; + return FALSE; } else { @@ -275,30 +256,19 @@ METHOD(crypto_tester_t, test_crypter, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } ->>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_crypter(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - encryption_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, plugin_name, *speed); + encryption_algorithm_names, alg, plugin_name, tested, *speed); } else { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -354,11 +324,7 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, -<<<<<<< HEAD - aead_constructor_t create, u_int *speed) -======= aead_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -382,15 +348,11 @@ METHOD(crypto_tester_t, test_aead, bool, } aead = create(alg, vector->key_size); if (!aead) -<<<<<<< HEAD - { /* key size not supported... */ -======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; ->>>>>>> upstream/4.5.1 continue; } @@ -443,30 +405,19 @@ METHOD(crypto_tester_t, test_aead, bool, aead->destroy(aead); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - encryption_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - encryption_algorithm_names, alg); - return !this->required; -======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", encryption_algorithm_names, alg, plugin_name); - return FALSE; + return FALSE; } else { @@ -475,22 +426,12 @@ METHOD(crypto_tester_t, test_aead, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } ->>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_aead(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - encryption_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, plugin_name, tested, *speed); } @@ -498,7 +439,6 @@ METHOD(crypto_tester_t, test_aead, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -546,11 +486,7 @@ static u_int bench_signer(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_signer, bool, private_crypto_tester_t *this, integrity_algorithm_t alg, -<<<<<<< HEAD - signer_constructor_t create, u_int *speed) -======= signer_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; signer_test_vector_t *vector; @@ -572,13 +508,8 @@ METHOD(crypto_tester_t, test_signer, bool, signer = create(alg); if (!signer) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - integrity_algorithm_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", integrity_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -633,28 +564,17 @@ METHOD(crypto_tester_t, test_signer, bool, signer->destroy(signer); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - integrity_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", integrity_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - integrity_algorithm_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", integrity_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -662,15 +582,6 @@ METHOD(crypto_tester_t, test_signer, bool, if (speed) { *speed = bench_signer(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - integrity_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - integrity_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", integrity_algorithm_names, alg, plugin_name, tested, *speed); } @@ -678,7 +589,6 @@ METHOD(crypto_tester_t, test_signer, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", integrity_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -720,11 +630,7 @@ static u_int bench_hasher(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_hasher, bool, private_crypto_tester_t *this, hash_algorithm_t alg, -<<<<<<< HEAD - hasher_constructor_t create, u_int *speed) -======= hasher_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; hasher_test_vector_t *vector; @@ -746,13 +652,8 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher = create(alg); if (!hasher) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - hash_algorithm_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", hash_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -794,28 +695,17 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher->destroy(hasher); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - hash_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", hash_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - hash_algorithm_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", hash_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -823,15 +713,6 @@ METHOD(crypto_tester_t, test_hasher, bool, if (speed) { *speed = bench_hasher(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - hash_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - hash_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", hash_algorithm_names, alg, plugin_name, tested, *speed); } @@ -839,7 +720,6 @@ METHOD(crypto_tester_t, test_hasher, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", hash_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -881,11 +761,7 @@ static u_int bench_prf(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_prf, bool, private_crypto_tester_t *this, pseudo_random_function_t alg, -<<<<<<< HEAD - prf_constructor_t create, u_int *speed) -======= prf_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; prf_test_vector_t *vector; @@ -907,13 +783,8 @@ METHOD(crypto_tester_t, test_prf, bool, prf = create(alg); if (!prf) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - pseudo_random_function_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", pseudo_random_function_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -966,28 +837,17 @@ METHOD(crypto_tester_t, test_prf, bool, prf->destroy(prf); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - pseudo_random_function_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", pseudo_random_function_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - pseudo_random_function_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", pseudo_random_function_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -995,15 +855,6 @@ METHOD(crypto_tester_t, test_prf, bool, if (speed) { *speed = bench_prf(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - pseudo_random_function_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - pseudo_random_function_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", pseudo_random_function_names, alg, plugin_name, tested, *speed); } @@ -1011,7 +862,6 @@ METHOD(crypto_tester_t, test_prf, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", pseudo_random_function_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -1050,11 +900,7 @@ static u_int bench_rng(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_rng, bool, private_crypto_tester_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create, u_int *speed) -======= rng_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; rng_test_vector_t *vector; @@ -1063,13 +909,8 @@ METHOD(crypto_tester_t, test_rng, bool, if (!this->rng_true && quality == RNG_TRUE) { -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "enabled %N[%s]: skipping test (disabled by config)", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 return TRUE; } @@ -1088,13 +929,8 @@ METHOD(crypto_tester_t, test_rng, bool, rng = create(quality); if (!rng) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -1123,28 +959,17 @@ METHOD(crypto_tester_t, test_rng, bool, rng->destroy(rng); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - rng_quality_names, quality, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", rng_quality_names, quality, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? ", disabled" : "enabled ", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? ", disabled" : "enabled ", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -1152,15 +977,6 @@ METHOD(crypto_tester_t, test_rng, bool, if (speed) { *speed = bench_rng(this, quality, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - rng_quality_names, quality, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - rng_quality_names, quality, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", rng_quality_names, quality, plugin_name, tested, *speed); } @@ -1168,7 +984,6 @@ METHOD(crypto_tester_t, test_rng, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", rng_quality_names, quality, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 1354bec52..9ac665929 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -72,7 +72,7 @@ struct aead_test_vector_t { struct signer_test_vector_t { /** signer algorithm this test vector tests */ - pseudo_random_function_t alg; + integrity_algorithm_t alg; /** key to use, with a length the algorithm expects */ u_char *key; /** size of the input data */ @@ -143,11 +143,7 @@ struct crypto_tester_t { */ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create, -<<<<<<< HEAD - u_int *speed); -======= u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test an aead algorithm, optionally using a specified key size. @@ -160,11 +156,7 @@ struct crypto_tester_t { */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, aead_constructor_t create, -<<<<<<< HEAD - u_int *speed); -======= u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a signer algorithm. * @@ -174,12 +166,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg, -<<<<<<< HEAD - signer_constructor_t create, u_int *speed); -======= signer_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a hasher algorithm. * @@ -189,12 +177,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg, -<<<<<<< HEAD - hasher_constructor_t create, u_int *speed); -======= hasher_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a PRF algorithm. * @@ -204,12 +188,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg, -<<<<<<< HEAD - prf_constructor_t create, u_int *speed); -======= prf_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a RNG implementation. * @@ -219,12 +199,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create, u_int *speed); -======= rng_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Add a test vector to test a crypter. * diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 10ab9fc23..d65955a2e 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -59,12 +59,12 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 117 +#define TOTAL_KEYWORDS 119 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 -#define MAX_HASH_VALUE 209 -/* maximum key range = 201, duplicates = 0 */ +#define MAX_HASH_VALUE 213 +/* maximum key range = 205, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 16, 9, - 4, 41, 66, 19, 8, 4, 5, 3, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 122, 210, 3, 22, 21, - 3, 111, 103, 48, 7, 4, 210, 210, 3, 210, - 57, 3, 210, 210, 78, 6, 3, 28, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210 + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 14, 9, + 4, 34, 66, 19, 8, 4, 5, 3, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 131, 214, 3, 22, 21, + 3, 1, 101, 48, 3, 4, 214, 214, 3, 214, + 57, 4, 214, 214, 94, 6, 3, 32, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214 }; register int hval = len; @@ -143,14 +143,19 @@ hash (str, len) static const struct proposal_token wordlist[] = { {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, @@ -209,81 +214,79 @@ static const struct proposal_token wordlist[] = {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0} + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, - 1, -1, -1, -1, -1, -1, 2, -1, -1, -1, - -1, 3, 4, -1, -1, -1, -1, -1, 5, 6, - 7, 8, -1, -1, -1, 9, 10, 11, 12, 13, - 14, 15, 16, 17, 18, 19, 20, 21, 22, -1, - -1, -1, -1, 23, 24, 25, 26, 27, 28, 29, - 30, -1, 31, -1, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, - 48, -1, 49, -1, 50, -1, 51, -1, 52, -1, - 53, -1, 54, 55, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, -1, 70, - -1, 71, -1, 72, 73, 74, 75, 76, -1, 77, - 78, 79, 80, 81, -1, 82, 83, 84, 85, -1, - -1, 86, 87, 88, 89, 90, 91, 92, -1, -1, - 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, - 103, 104, -1, -1, -1, -1, -1, -1, 105, 106, - 107, 108, -1, -1, -1, -1, 109, -1, 110, -1, - -1, -1, -1, -1, 111, -1, -1, -1, -1, 112, - 113, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1, 2, -1, -1, -1, -1, 3, 4, -1, -1, + -1, 5, 6, -1, -1, 7, -1, 8, 9, 10, + 11, 12, -1, 13, -1, 14, 15, 16, 17, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, + -1, -1, -1, -1, 29, 30, 31, 32, 33, 34, + 35, -1, 36, -1, 37, 38, 39, 40, 41, 42, + 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, + 53, -1, 54, -1, 55, -1, 56, -1, 57, -1, + 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, + 67, 68, 69, 70, 71, 72, -1, 73, -1, 74, + -1, 75, -1, 76, 77, 78, 79, 80, -1, 81, + 82, 83, 84, 85, -1, 86, 87, -1, 88, -1, + -1, 89, 90, -1, 91, -1, -1, 92, -1, 93, + 94, 95, 96, -1, 97, -1, 98, 99, 100, 101, + 102, 103, -1, -1, -1, 104, -1, -1, 105, 106, + -1, 107, -1, -1, -1, 108, 109, -1, -1, 110, + 111, -1, -1, -1, 112, 113, -1, 114, 115, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 114, 115, -1, -1, -1, 116 + -1, -1, -1, -1, -1, 116, -1, -1, -1, 117, + -1, -1, -1, 118 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 208c6715b..4ef664d8f 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -146,3 +146,5 @@ ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0 modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0 modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0 modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0 +noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 +esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index cec90a616..1e108f1de 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -28,3 +28,8 @@ ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"); ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); + +ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, + "NO_EXT_SEQ", + "EXT_SEQ", +); diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index 1a2660199..1393c674c 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -45,4 +45,17 @@ enum transform_type_t { */ extern enum_name_t *transform_type_names; +/** + * Extended sequence numbers, as in IKEv2 RFC 3.3.2. + */ +enum extended_sequence_numbers_t { + NO_EXT_SEQ_NUMBERS = 0, + EXT_SEQ_NUMBERS = 1 +}; + +/** + * enum strings for extended_sequence_numbers_t. + */ +extern enum_name_t *extended_sequence_numbers_names; + #endif /** TRANSFORM_H_ @}*/ |