diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-02-23 10:34:14 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-02-23 10:34:14 +0000 |
commit | ed7d79f96177044949744da10f4431c1d6242241 (patch) | |
tree | 3aabaa55ed3b5291daef891cfee9befb5235e2b8 /src/pluto/crypto.c | |
parent | 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (diff) | |
download | vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.tar.gz vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.3.6)
Diffstat (limited to 'src/pluto/crypto.c')
-rw-r--r-- | src/pluto/crypto.c | 111 |
1 files changed, 70 insertions, 41 deletions
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index f47ad1eeb..2113cecbc 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -21,12 +21,12 @@ #include "log.h" static struct encrypt_desc encrypt_desc_3des = -{ +{ algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_3DES_CBC, + algo_id: OAKLEY_3DES_CBC, algo_next: NULL, - enc_blocksize: DES_BLOCK_SIZE, + enc_blocksize: DES_BLOCK_SIZE, keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, @@ -40,7 +40,7 @@ static struct encrypt_desc encrypt_desc_aes = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_AES_CBC, - algo_next: NULL, + algo_next: NULL, enc_blocksize: AES_BLOCK_SIZE, keyminlen: AES_KEY_MIN_LEN, @@ -48,6 +48,22 @@ static struct encrypt_desc encrypt_desc_aes = keymaxlen: AES_KEY_MAX_LEN, }; +#define CAMELLIA_KEY_MIN_LEN 128 +#define CAMELLIA_KEY_DEF_LEN 128 +#define CAMELLIA_KEY_MAX_LEN 256 + +static struct encrypt_desc encrypt_desc_camellia = +{ + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_CAMELLIA_CBC, + algo_next: NULL, + + enc_blocksize: CAMELLIA_BLOCK_SIZE, + keyminlen: CAMELLIA_KEY_MIN_LEN, + keydeflen: CAMELLIA_KEY_DEF_LEN, + keymaxlen: CAMELLIA_KEY_MAX_LEN, +}; + #define BLOWFISH_KEY_MIN_LEN 128 #define BLOWFISH_KEY_MAX_LEN 448 @@ -55,7 +71,7 @@ static struct encrypt_desc encrypt_desc_blowfish = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_BLOWFISH_CBC, - algo_next: NULL, + algo_next: NULL, enc_blocksize: BLOWFISH_BLOCK_SIZE, keyminlen: BLOWFISH_KEY_MIN_LEN, @@ -83,7 +99,7 @@ static struct encrypt_desc encrypt_desc_serpent = #define TWOFISH_KEY_DEF_LEN 128 #define TWOFISH_KEY_MAX_LEN 256 -static struct encrypt_desc encrypt_desc_twofish = +static struct encrypt_desc encrypt_desc_twofish = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC, @@ -108,18 +124,18 @@ static struct encrypt_desc encrypt_desc_twofish_ssh = }; static struct hash_desc hash_desc_md5 = -{ +{ algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, - algo_next: NULL, + algo_next: NULL, hash_digest_size: HASH_SIZE_MD5, }; static struct hash_desc hash_desc_sha1 = -{ +{ algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, - algo_next: NULL, + algo_next: NULL, hash_digest_size: HASH_SIZE_SHA1, }; @@ -146,91 +162,91 @@ static struct hash_desc hash_desc_sha2_512 = { const struct dh_desc unset_group = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_NONE, + algo_id: MODP_NONE, algo_next: NULL, ke_size: 0 }; -static struct dh_desc dh_desc_modp_1024 = { +static struct dh_desc dh_desc_modp_1024 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1024_BIT, + algo_id: MODP_1024_BIT, algo_next: NULL, ke_size: 1024 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_1536 = { +static struct dh_desc dh_desc_modp_1536 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1536_BIT, + algo_id: MODP_1536_BIT, algo_next: NULL, ke_size: 1536 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_2048 = { +static struct dh_desc dh_desc_modp_2048 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_2048_BIT, + algo_id: MODP_2048_BIT, algo_next: NULL, ke_size: 2048 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_3072 = { +static struct dh_desc dh_desc_modp_3072 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_3072_BIT, + algo_id: MODP_3072_BIT, algo_next: NULL, ke_size: 3072 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_4096 = { +static struct dh_desc dh_desc_modp_4096 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_4096_BIT, + algo_id: MODP_4096_BIT, algo_next: NULL, ke_size: 4096 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_6144 = { +static struct dh_desc dh_desc_modp_6144 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_6144_BIT, + algo_id: MODP_6144_BIT, algo_next: NULL, ke_size: 6144 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_8192 = { +static struct dh_desc dh_desc_modp_8192 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_8192_BIT, + algo_id: MODP_8192_BIT, algo_next: NULL, ke_size: 8192 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_256 = { +static struct dh_desc dh_desc_ecp_256 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_256_BIT, + algo_id: ECP_256_BIT, algo_next: NULL, ke_size: 2*256 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_384 = { +static struct dh_desc dh_desc_ecp_384 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_384_BIT, + algo_id: ECP_384_BIT, algo_next: NULL, ke_size: 2*384 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_521 = { +static struct dh_desc dh_desc_ecp_521 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_521_BIT, + algo_id: ECP_521_BIT, algo_next: NULL, ke_size: 2*528 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_192 = { +static struct dh_desc dh_desc_ecp_192 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_192_BIT, + algo_id: ECP_192_BIT, algo_next: NULL, ke_size: 2*192 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_224 = { +static struct dh_desc dh_desc_ecp_224 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_224_BIT, + algo_id: ECP_224_BIT, algo_next: NULL, ke_size: 2*224 / BITS_PER_BYTE }; @@ -283,12 +299,12 @@ bool init_crypto(void) (no_md5) ? "MD5" : ""); return FALSE; } - + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption_alg)) { const struct encrypt_desc *desc; - + switch (encryption_alg) { case ENCR_3DES: @@ -300,6 +316,9 @@ bool init_crypto(void) case ENCR_AES_CBC: desc = &encrypt_desc_aes; break; + case ENCR_CAMELLIA_CBC: + desc = &encrypt_desc_camellia; + break; case ENCR_TWOFISH_CBC: desc = &encrypt_desc_twofish; ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh); @@ -308,7 +327,7 @@ bool init_crypto(void) desc = &encrypt_desc_serpent; break; default: - continue; + continue; } ike_alg_add((struct ike_alg *)desc); } @@ -381,7 +400,7 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg) case OAKLEY_DES_CBC: return ENCR_DES; case OAKLEY_IDEA_CBC: - return ENCR_IDEA; + return ENCR_IDEA; case OAKLEY_BLOWFISH_CBC: return ENCR_BLOWFISH; case OAKLEY_RC5_R16_B64_CBC: @@ -392,6 +411,8 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg) return ENCR_CAST; case OAKLEY_AES_CBC: return ENCR_AES_CBC; + case OAKLEY_CAMELLIA_CBC: + return ENCR_CAMELLIA_CBC; case OAKLEY_SERPENT_CBC: return ENCR_SERPENT_CBC; case OAKLEY_TWOFISH_CBC: @@ -491,7 +512,7 @@ int oakley_from_encryption_algorithm(encryption_algorithm_t alg) return OAKLEY_CAMELLIA_CBC; case ENCR_SERPENT_CBC: return OAKLEY_SERPENT_CBC; - case ENCR_TWOFISH_CBC: + case ENCR_TWOFISH_CBC: return OAKLEY_TWOFISH_CBC; default: return 0; @@ -561,7 +582,7 @@ int esp_from_encryption_algorithm(encryption_algorithm_t alg) return ESP_CAMELLIA; case ENCR_SERPENT_CBC: return ESP_SERPENT; - case ENCR_TWOFISH_CBC: + case ENCR_TWOFISH_CBC: return ESP_TWOFISH; default: return 0; @@ -581,12 +602,20 @@ int esp_from_integrity_algorithm(integrity_algorithm_t alg) return AUTH_ALGORITHM_HMAC_SHA1; case AUTH_AES_XCBC_96: return AUTH_ALGORITHM_AES_XCBC_MAC; + case AUTH_HMAC_SHA2_256_96: + return AUTH_ALGORITHM_HMAC_SHA2_256_96; case AUTH_HMAC_SHA2_256_128: return AUTH_ALGORITHM_HMAC_SHA2_256; case AUTH_HMAC_SHA2_384_192: return AUTH_ALGORITHM_HMAC_SHA2_384; case AUTH_HMAC_SHA2_512_256: return AUTH_ALGORITHM_HMAC_SHA2_512; + case AUTH_AES_128_GMAC: + return AUTH_ALGORITHM_AES_128_GMAC; + case AUTH_AES_192_GMAC: + return AUTH_ALGORITHM_AES_192_GMAC; + case AUTH_AES_256_GMAC: + return AUTH_ALGORITHM_AES_256_GMAC; default: return 0; } |