summaryrefslogtreecommitdiff
path: root/src/charon/config/proposal.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/config/proposal.c')
-rw-r--r--src/charon/config/proposal.c251
1 files changed, 35 insertions, 216 deletions
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index 92ef34b75..e2dfcca4f 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: proposal.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <string.h>
@@ -24,10 +22,11 @@
#include <utils/linked_list.h>
#include <utils/identification.h>
#include <utils/lexparser.h>
+#include <crypto/transform.h>
#include <crypto/prfs/prf.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
-
+#include <crypto/proposal/proposal_keywords.h>
ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
"PROTO_NONE",
@@ -36,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
"ESP",
);
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE,
- "UNDEFINED_TRANSFORM_TYPE");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
- "ENCRYPTION_ALGORITHM",
- "PSEUDO_RANDOM_FUNCTION",
- "INTEGRITY_ALGORITHM",
- "DIFFIE_HELLMAN_GROUP",
- "EXTENDED_SEQUENCE_NUMBERS");
-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
-
ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
"NO_EXT_SEQ",
"EXT_SEQ",
@@ -585,227 +574,57 @@ static void check_proposal(private_proposal_t *this)
/**
* add a algorithm identified by a string to the proposal.
- * TODO: we could use gperf here.
*/
static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
{
- if (strncmp(alg.ptr, "null", alg.len) == 0)
- {
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_NULL, 0);
- }
- else if (strncmp(alg.ptr, "aes128", alg.len) == 0)
- {
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
- }
- else if (strncmp(alg.ptr, "aes192", alg.len) == 0)
- {
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
- }
- else if (strncmp(alg.ptr, "aes256", alg.len) == 0)
+ const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len);
+
+ if (token == NULL)
{
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
+ return FAILED;
}
- else if (strstr(alg.ptr, "ccm"))
- {
- u_int16_t key_size, icv_size;
- if (sscanf(alg.ptr, "aes%huccm%hu", &key_size, &icv_size) == 2)
- {
- if (key_size == 128 || key_size == 192 || key_size == 256)
- {
- switch (icv_size)
- {
- case 8: /* octets */
- case 64: /* bits */
- add_algorithm(this, ENCRYPTION_ALGORITHM,
- ENCR_AES_CCM_ICV8, key_size);
- break;
- case 12: /* octets */
- case 96: /* bits */
- add_algorithm(this, ENCRYPTION_ALGORITHM,
- ENCR_AES_CCM_ICV12, key_size);
- break;
- case 16: /* octets */
- case 128: /* bits */
- add_algorithm(this, ENCRYPTION_ALGORITHM,
- ENCR_AES_CCM_ICV16, key_size);
- break;
- default:
- /* invalid ICV size */
- break;
- }
- }
- }
- }
- else if (strstr(alg.ptr, "gcm"))
- {
- u_int16_t key_size, icv_size;
+ add_algorithm(this, token->type, token->algorithm, token->keysize);
- if (sscanf(alg.ptr, "aes%hugcm%hu", &key_size, &icv_size) == 2)
- {
- if (key_size == 128 || key_size == 192 || key_size == 256)
- {
- switch (icv_size)
- {
- case 8: /* octets */
- case 64: /* bits */
- add_algorithm(this, ENCRYPTION_ALGORITHM,
- ENCR_AES_GCM_ICV8, key_size);
- break;
- case 12: /* octets */
- case 96: /* bits */
- add_algorithm(this, ENCRYPTION_ALGORITHM,
- ENCR_AES_GCM_ICV12, key_size);
- break;
- case 16: /* octets */
- case 128: /* bits */
- add_algorithm(this, ENCRYPTION_ALGORITHM,
- ENCR_AES_GCM_ICV16, key_size);
- break;
- default:
- /* invalid ICV size */
- break;
- }
- }
- }
- }
- else if (strncmp(alg.ptr, "3des", alg.len) == 0)
+ if (this->protocol == PROTO_IKE && token->type == INTEGRITY_ALGORITHM)
{
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- }
- /* blowfish only uses some predefined key sizes yet */
- else if (strncmp(alg.ptr, "blowfish128", alg.len) == 0)
- {
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128);
- }
- else if (strncmp(alg.ptr, "blowfish192", alg.len) == 0)
- {
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192);
- }
- else if (strncmp(alg.ptr, "blowfish256", alg.len) == 0)
- {
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
- }
- else if (strncmp(alg.ptr, "sha", alg.len) == 0 ||
- strncmp(alg.ptr, "sha1", alg.len) == 0)
- {
- /* sha means we use SHA for both, PRF and AUTH */
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- if (this->protocol == PROTO_IKE)
- {
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
- }
- }
- else if (strncmp(alg.ptr, "sha256", alg.len) == 0 ||
- strncmp(alg.ptr, "sha2_256", alg.len) == 0)
- {
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
- if (this->protocol == PROTO_IKE)
- {
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0);
- }
- }
- else if (strncmp(alg.ptr, "sha384", alg.len) == 0 ||
- strncmp(alg.ptr, "sha2_384", alg.len) == 0)
- {
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
- if (this->protocol == PROTO_IKE)
- {
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0);
- }
- }
- else if (strncmp(alg.ptr, "sha512", alg.len) == 0 ||
- strncmp(alg.ptr, "sha2_512", alg.len) == 0)
- {
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
- if (this->protocol == PROTO_IKE)
- {
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0);
- }
- }
- else if (strncmp(alg.ptr, "md5", alg.len) == 0)
- {
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- if (this->protocol == PROTO_IKE)
+ pseudo_random_function_t prf;
+
+ switch (token->algorithm)
{
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
+ case AUTH_HMAC_SHA1_96:
+ prf = PRF_HMAC_SHA1;
+ break;
+ case AUTH_HMAC_SHA2_256_128:
+ prf = PRF_HMAC_SHA2_256;
+ break;
+ case AUTH_HMAC_SHA2_384_192:
+ prf = PRF_HMAC_SHA2_384;
+ break;
+ case AUTH_HMAC_SHA2_512_256:
+ prf = PRF_HMAC_SHA2_512;
+ break;
+ case AUTH_HMAC_MD5_96:
+ prf = PRF_HMAC_MD5;
+ break;
+ case AUTH_AES_XCBC_96:
+ prf = PRF_AES128_XCBC;
+ break;
+ default:
+ prf = PRF_UNDEFINED;
}
- }
- else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0)
- {
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- if (this->protocol == PROTO_IKE)
+ if (prf != PRF_UNDEFINED)
{
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0);
+ add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
}
}
- else if (strncmp(alg.ptr, "modpnull", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0);
- }
- else if (strncmp(alg.ptr, "modp768", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp1024", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp1536", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp2048", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp3072", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp4096", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp6144", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0);
- }
- else if (strncmp(alg.ptr, "modp8192", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0);
- }
- else if (strncmp(alg.ptr, "ecp192", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0);
- }
- else if (strncmp(alg.ptr, "ecp224", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0);
- }
- else if (strncmp(alg.ptr, "ecp256", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0);
- }
- else if (strncmp(alg.ptr, "ecp384", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0);
- }
- else if (strncmp(alg.ptr, "ecp521", alg.len) == 0)
- {
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0);
- }
- else
- {
- return FAILED;
- }
return SUCCESS;
}
/**
* print all algorithms of a kind to buffer
*/
-static int print_alg(private_proposal_t *this, char **dst, int *len,
+static int print_alg(private_proposal_t *this, char **dst, size_t *len,
u_int kind, void *names, bool *first)
{
enumerator_t *enumerator;
@@ -826,7 +645,7 @@ static int print_alg(private_proposal_t *this, char **dst, int *len,
}
if (size)
{
- written += print_in_hook(*dst, *len, "-%d", size);
+ written += print_in_hook(*dst, *len, "_%u", size);
}
}
enumerator->destroy(enumerator);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 00:33:41 +0000