diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
| commit | 5313d2d78ca150515f7f5eb39801c100690b6b29 (patch) | |
| tree | c78e420367283bb1b16f14210b12687cdfbd26eb /src/libstrongswan/crypto | |
| parent | 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff) | |
| download | vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip | |
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libstrongswan/crypto')
| -rw-r--r-- | src/libstrongswan/crypto/aead.c | 20 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.h | 11 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.c | 61 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_factory.h | 3 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/diffie_hellman.c | 14 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/diffie_hellman.h | 5 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/hashers/hasher.c | 3 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/hashers/hasher.h | 18 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen.h | 61 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen_rand.c | 79 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen_rand.h | 32 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen_seq.c | 102 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen_seq.h | 32 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/prfs/mac_prf.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords_static.c | 266 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords_static.txt | 4 |
16 files changed, 525 insertions, 188 deletions
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c index 32a0e6759..afcc11fbe 100644 --- a/src/libstrongswan/crypto/aead.c +++ b/src/libstrongswan/crypto/aead.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -16,6 +19,7 @@ #include "aead.h" #include <utils/debug.h> +#include <crypto/iv/iv_gen_rand.h> typedef struct private_aead_t private_aead_t; @@ -35,9 +39,14 @@ struct private_aead_t { crypter_t *crypter; /** - * draditional signer + * traditional signer */ signer_t *signer; + + /** + * IV generator + */ + iv_gen_t *iv_gen; }; METHOD(aead_t, encrypt, bool, @@ -126,6 +135,12 @@ METHOD(aead_t, get_iv_size, size_t, return this->crypter->get_iv_size(this->crypter); } +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_aead_t *this) +{ + return this->iv_gen; +} + METHOD(aead_t, get_key_size, size_t, private_aead_t *this) { @@ -148,6 +163,7 @@ METHOD(aead_t, set_key, bool, METHOD(aead_t, destroy, void, private_aead_t *this) { + this->iv_gen->destroy(this->iv_gen); this->crypter->destroy(this->crypter); this->signer->destroy(this->signer); free(this); @@ -167,12 +183,14 @@ aead_t *aead_create(crypter_t *crypter, signer_t *signer) .get_block_size = _get_block_size, .get_icv_size = _get_icv_size, .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, .get_key_size = _get_key_size, .set_key = _set_key, .destroy = _destroy, }, .crypter = crypter, .signer = signer, + .iv_gen = iv_gen_rand_create(), ); return &this->public; diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index f3959f8f3..c887f53bb 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -26,6 +29,7 @@ typedef struct aead_t aead_t; #include <library.h> #include <crypto/crypters/crypter.h> #include <crypto/signers/signer.h> +#include <crypto/iv/iv_gen.h> /** * Authenticated encryption / authentication decryption interface. @@ -89,6 +93,13 @@ struct aead_t { size_t (*get_iv_size)(aead_t *this); /** + * Get the IV generator implementation + * + * @return IV generator + */ + iv_gen_t *(*get_iv_gen)(aead_t *this); + + /** * Get the size of the key material (for encryption and authentication). * * @return key size in bytes diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index b89198003..edcabfe58 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -234,7 +235,6 @@ METHOD(crypto_factory_t, create_signer, signer_t*, } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - return signer; } @@ -249,9 +249,9 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*, enumerator = this->hashers->create_enumerator(this->hashers); while (enumerator->enumerate(enumerator, &entry)) { - if (algo == HASH_PREFERRED || entry->algo == algo) + if (entry->algo == algo) { - if (this->test_on_create && algo != HASH_PREFERRED && + if (this->test_on_create && !this->tester->test_hasher(this->tester, algo, entry->create_hasher, NULL, default_plugin_name)) @@ -307,14 +307,13 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { enumerator_t *enumerator; entry_t *entry; - u_int diff = ~0; - rng_constructor_t constr = NULL; + rng_t *rng = NULL; this->lock->read_lock(this->lock); enumerator = this->rngs->create_enumerator(this->rngs); while (enumerator->enumerate(enumerator, &entry)) { /* find the best matching quality, but at least as good as requested */ - if (entry->algo >= quality && diff > entry->algo - quality) + if (entry->algo >= quality) { if (this->test_on_create && !this->tester->test_rng(this->tester, quality, @@ -323,21 +322,16 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { continue; } - diff = entry->algo - quality; - constr = entry->create_rng; - if (diff == 0) - { /* perfect match, won't get better */ + rng = entry->create_rng(quality); + if (rng) + { break; } } } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - if (constr) - { - return constr(quality); - } - return NULL; + return rng; } METHOD(crypto_factory_t, create_nonce_gen, nonce_gen_t*, @@ -396,14 +390,18 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, /** * Insert an algorithm entry to a list + * + * Entries are sorted by algorithm identifier (which is important for RNGs) + * while maintaining the order in which algorithms were added, unless they were + * benchmarked and speed is provided, which then is used to order entries of + * the same algorithm. */ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, int algo, const char *plugin_name, u_int speed, void *create) { + enumerator_t *enumerator; entry_t *entry, *current; - linked_list_t *tmp; - bool inserted = FALSE; INIT(entry, .algo = algo, @@ -413,30 +411,21 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, entry->create = create; this->lock->write_lock(this->lock); - if (speed) - { /* insert sorted by speed using a temporary list */ - tmp = linked_list_create(); - while (list->remove_first(list, (void**)¤t) == SUCCESS) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->algo > algo) { - tmp->insert_last(tmp, current); + break; } - while (tmp->remove_first(tmp, (void**)¤t) == SUCCESS) + else if (current->algo == algo && speed && + current->speed < speed) { - if (!inserted && - current->algo == algo && - current->speed < speed) - { - list->insert_last(list, entry); - inserted = TRUE; - } - list->insert_last(list, current); + break; } - tmp->destroy(tmp); - } - if (!inserted) - { - list->insert_last(list, entry); } + list->insert_before(list, enumerator, entry); + enumerator->destroy(enumerator); this->lock->unlock(this->lock); } diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 256ecec63..281dc256f 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -213,9 +213,6 @@ struct crypto_factory_t { /** * Register a hasher constructor. * - * The first added hasher is the preferred hasher returned on - * create_hasher(HASH_PREFERRED). - * * @param algo algorithm to constructor * @param plugin_name plugin that registered this algorithm * @param create constructor function for that algorithm diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 1124ee6f7..3d319d2d4 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -32,13 +32,17 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT, "ECP_256", "ECP_384", "ECP_521"); -ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT, +ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT, "MODP_1024_160", "MODP_2048_224", "MODP_2048_256", "ECP_192", - "ECP_224"); -ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_224_BIT, + "ECP_224", + "ECP_224_BP", + "ECP_256_BP", + "ECP_384_BP", + "ECP_512_BP"); +ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP, "MODP_NULL", "MODP_CUSTOM"); ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); @@ -462,6 +466,10 @@ bool diffie_hellman_group_is_ec(diffie_hellman_group_t group) case ECP_521_BIT: case ECP_192_BIT: case ECP_224_BIT: + case ECP_224_BP: + case ECP_256_BP: + case ECP_384_BP: + case ECP_512_BP: return TRUE; default: return FALSE; diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index cab3b1ba7..edf6bbd6d 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -36,6 +36,7 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t; * See IKEv2 RFC 3.3.2 and RFC 3526. * * ECP groups are defined in RFC 4753 and RFC 5114. + * ECC Brainpool groups are defined in RFC 6954. */ enum diffie_hellman_group_t { MODP_NONE = 0, @@ -55,6 +56,10 @@ enum diffie_hellman_group_t { MODP_2048_256 = 24, ECP_192_BIT = 25, ECP_224_BIT = 26, + ECP_224_BP = 27, + ECP_256_BP = 28, + ECP_384_BP = 29, + ECP_512_BP = 30, /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ MODP_NULL = 1024, /** MODP group with custom generator/prime */ diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 679bb324e..13cbb5a59 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -21,7 +21,6 @@ ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512, "HASH_UNKNOWN", - "HASH_PREFERRED", "HASH_MD2", "HASH_MD4", "HASH_MD5", @@ -34,7 +33,6 @@ ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512, ENUM(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA512, "unknown", - "preferred", "md2", "md4", "md5", @@ -199,7 +197,6 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg, } break; case HASH_SHA1: - case HASH_PREFERRED: switch (length) { case 12: diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 4e46fca10..37ef0b6ab 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -37,16 +37,14 @@ typedef struct hasher_t hasher_t; enum hash_algorithm_t { /** not specified hash function */ HASH_UNKNOWN = 0, - /** preferred hash function, general purpose */ - HASH_PREFERRED = 1, - HASH_MD2 = 2, - HASH_MD4 = 3, - HASH_MD5 = 4, - HASH_SHA1 = 5, - HASH_SHA224 = 6, - HASH_SHA256 = 7, - HASH_SHA384 = 8, - HASH_SHA512 = 9 + HASH_MD2 = 1, + HASH_MD4 = 2, + HASH_MD5 = 3, + HASH_SHA1 = 4, + HASH_SHA224 = 5, + HASH_SHA256 = 6, + HASH_SHA384 = 7, + HASH_SHA512 = 8 }; #define HASH_SIZE_MD2 16 diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h new file mode 100644 index 000000000..f6bc6471f --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup iv iv + * @{ @ingroup crypto + */ + +#ifndef IV_GEN_H_ +#define IV_GEN_H_ + +typedef struct iv_gen_t iv_gen_t; + +#include <library.h> + +/** + * Generic interface for initialization vector (IV) generators. + */ +struct iv_gen_t { + + /** + * Generates an IV and writes it into the buffer. + * + * @param seq external sequence number + * @param size size of IV in bytes + * @param buffer pointer where the generated IV will be written + * @return TRUE if IV allocation was successful, FALSE otherwise + */ + bool (*get_iv)(iv_gen_t *this, u_int64_t seq, size_t size, + u_int8_t *buffer) __attribute__((warn_unused_result)); + + /** + * Generates an IV and allocates space for it. + * + * @param seq external sequence number + * @param size size of IV in bytes + * @param chunk chunk which will hold the generated IV + * @return TRUE if IV allocation was successful, FALSE otherwise + */ + bool (*allocate_iv)(iv_gen_t *this, u_int64_t seq, size_t size, + chunk_t *chunk) __attribute__((warn_unused_result)); + + /** + * Destroys an IV generator object. + */ + void (*destroy)(iv_gen_t *this); +}; + +#endif /** IV_GEN_H_ @}*/ diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c new file mode 100644 index 000000000..2bed63fcc --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "iv_gen_rand.h" + +#include <library.h> + +typedef struct private_iv_gen_t private_iv_gen_t; + +/** + * Private data of an iv_gen_t object. + */ +struct private_iv_gen_t { + + /** + * Public iv_gen_t interface. + */ + iv_gen_t public; + + /** + * rng_t object + */ + rng_t *rng; +}; + +METHOD(iv_gen_t, get_iv, bool, + private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) +{ + if (!this->rng) + { + return FALSE; + } + return this->rng->get_bytes(this->rng, size, buffer); +} + +METHOD(iv_gen_t, allocate_iv, bool, + private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) +{ + if (!this->rng) + { + return FALSE; + } + return this->rng->allocate_bytes(this->rng, size, chunk); +} + +METHOD(iv_gen_t, destroy, void, + private_iv_gen_t *this) +{ + DESTROY_IF(this->rng); + free(this); +} + +iv_gen_t *iv_gen_rand_create() +{ + private_iv_gen_t *this; + + INIT(this, + .public = { + .get_iv = _get_iv, + .allocate_iv = _allocate_iv, + .destroy = _destroy, + }, + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), + ); + + return &this->public; +} diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.h b/src/libstrongswan/crypto/iv/iv_gen_rand.h new file mode 100644 index 000000000..62d76ed21 --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @{ @ingroup iv + */ + +#ifndef IV_GEN_RAND_H_ +#define IV_GEN_RAND_H_ + +#include <crypto/iv/iv_gen.h> + +/** + * Create an IV generator that generates random IVs. + * + * @return IV generator + */ +iv_gen_t *iv_gen_rand_create(); + +#endif /** IV_GEN_RAND_H_ @}*/ diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c new file mode 100644 index 000000000..98d0c15a6 --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "iv_gen_seq.h" + +typedef struct private_iv_gen_t private_iv_gen_t; + +/** + * Private data of an iv_gen_t object. + */ +struct private_iv_gen_t { + + /** + * Public iv_gen_t interface. + */ + iv_gen_t public; + + /** + * Salt to mask counter + */ + u_int8_t *salt; +}; + +METHOD(iv_gen_t, get_iv, bool, + private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) +{ + u_int8_t iv[sizeof(u_int64_t)]; + size_t len = size; + + if (!this->salt) + { + return FALSE; + } + if (len > sizeof(u_int64_t)) + { + len = sizeof(u_int64_t); + memset(buffer, 0, size - len); + } + htoun64(iv, seq); + memxor(iv, this->salt, sizeof(u_int64_t)); + memcpy(buffer + size - len, iv + sizeof(u_int64_t) - len, len); + return TRUE; +} + +METHOD(iv_gen_t, allocate_iv, bool, + private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) +{ + *chunk = chunk_alloc(size); + if (!get_iv(this, seq, chunk->len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + return TRUE; +} + +METHOD(iv_gen_t, destroy, void, + private_iv_gen_t *this) +{ + free(this->salt); + free(this); +} + +iv_gen_t *iv_gen_seq_create() +{ + private_iv_gen_t *this; + rng_t *rng; + + INIT(this, + .public = { + .get_iv = _get_iv, + .allocate_iv = _allocate_iv, + .destroy = _destroy, + }, + ); + + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (rng) + { + this->salt = malloc(sizeof(u_int64_t)); + if (!rng->get_bytes(rng, sizeof(u_int64_t), this->salt)) + { + free(this->salt); + this->salt = NULL; + } + rng->destroy(rng); + } + + return &this->public; +} diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.h b/src/libstrongswan/crypto/iv/iv_gen_seq.h new file mode 100644 index 000000000..329dcca05 --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @{ @ingroup iv + */ + +#ifndef IV_GEN_SEQ_H_ +#define IV_GEN_SEQ_H_ + +#include <crypto/iv/iv_gen.h> + +/** + * Create an IV generator that generates sequential IVs (counter). + * + * @return IV generator + */ +iv_gen_t *iv_gen_seq_create(); + +#endif /** IV_GEN_SEQ_H_ @}*/ diff --git a/src/libstrongswan/crypto/prfs/mac_prf.h b/src/libstrongswan/crypto/prfs/mac_prf.h index b2c0c6e17..4ff925b04 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.h +++ b/src/libstrongswan/crypto/prfs/mac_prf.h @@ -15,7 +15,7 @@ /** * @defgroup mac_prf mac_prf - * @{ @ingroup crypto + * @{ @ingroup prf */ #ifndef MAC_PRF_H_ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index d85bfebd0..a238f640e 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -1,4 +1,4 @@ -/* C code produced by gperf version 3.0.3 */ +/* C code produced by gperf version 3.0.4 */ /* Command-line: /usr/bin/gperf -N proposal_get_token_static -m 10 -C -G -c -t -D */ /* Computed positions: -k'1,5,7,10,15,$' */ @@ -59,12 +59,12 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 130 +#define TOTAL_KEYWORDS 134 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 12 -#define MAX_HASH_VALUE 216 -/* maximum key range = 205, duplicates = 0 */ +#define MIN_HASH_VALUE 4 +#define MAX_HASH_VALUE 215 +/* maximum key range = 212, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 35, 10, - 5, 34, 68, 21, 9, 16, 6, 4, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 117, 217, 15, 22, 23, - 4, 29, 4, 51, 57, 4, 217, 217, 4, 16, - 58, 4, 217, 5, 81, 104, 6, 34, 217, 217, - 5, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217, 217, 217, 217, - 217, 217, 217, 217, 217, 217, 217 + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 0, 4, + 1, 21, 15, 13, 9, 16, 2, 0, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 76, 216, 2, 28, 16, + 0, 39, 112, 42, 31, 0, 216, 216, 0, 9, + 100, 0, 7, 20, 95, 12, 44, 55, 216, 216, + 1, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216 }; register int hval = len; @@ -143,166 +143,170 @@ hash (str, len) static const struct proposal_token wordlist[] = { {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, - {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, - {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, + {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, + {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, + {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, - {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, - {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, - {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, + {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, + {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, - {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, + {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, + {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, + {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, - {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, + {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, - {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, + {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, + {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, - {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0} + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0} }; static const short lookup[] = { - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 0, -1, -1, -1, -1, -1, -1, 1, - 2, -1, -1, -1, 3, 4, -1, 5, -1, -1, - -1, -1, 6, 7, 8, 9, 10, 11, -1, 12, - 13, -1, 14, 15, 16, 17, 18, 19, 20, 21, - 22, 23, 24, 25, 26, -1, -1, -1, 27, -1, - 28, 29, 30, 31, 32, 33, 34, -1, 35, 36, + -1, -1, -1, -1, 0, -1, -1, -1, -1, -1, + 1, -1, 2, -1, 3, 4, -1, -1, -1, 5, + 6, 7, 8, 9, 10, 11, 12, -1, -1, 13, + 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, 28, -1, -1, -1, -1, 29, + -1, -1, 30, 31, 32, 33, 34, -1, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, - 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, - 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, - 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, - 87, 88, 89, 90, 91, 92, 93, -1, 94, 95, - 96, -1, 97, 98, 99, -1, 100, 101, 102, 103, - 104, -1, -1, -1, -1, 105, 106, 107, -1, 108, - 109, 110, -1, 111, 112, -1, 113, 114, -1, 115, - -1, 116, 117, -1, -1, 118, 119, -1, 120, -1, - -1, -1, 121, 122, -1, 123, 124, -1, -1, -1, - -1, -1, 125, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 126, -1, -1, -1, - -1, -1, -1, -1, -1, 127, -1, -1, -1, -1, - -1, 128, -1, -1, -1, -1, 129 + 47, 48, 49, 50, 51, 52, 53, 54, -1, 55, + 56, 57, -1, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, -1, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, -1, 78, 79, 80, 81, 82, + 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, + -1, 93, 94, 95, 96, 97, 98, 99, 100, -1, + -1, -1, 101, 102, 103, 104, -1, 105, 106, 107, + 108, 109, 110, -1, 111, 112, 113, 114, 115, 116, + 117, 118, 119, 120, 121, 122, 123, 124, -1, 125, + -1, 126, -1, -1, -1, -1, -1, -1, 127, -1, + -1, -1, -1, 128, -1, -1, -1, -1, 129, 130, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 131, -1, -1, 132, -1, + -1, -1, -1, -1, -1, 133 }; #ifdef __GNUC__ __inline -#ifdef __GNUC_STDC_INLINE__ +#if defined __GNUC_STDC_INLINE__ || defined __GNUC_GNU_INLINE__ __attribute__ ((__gnu_inline__)) #endif #endif diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 445438f03..c484320ca 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -157,5 +157,9 @@ ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0 modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0 modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0 modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0 +ecp224bp, DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0 +ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0 +ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0 +ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0 noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 |