diff options
Diffstat (limited to 'src/libstrongswan/crypto')
43 files changed, 406 insertions, 204 deletions
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c index d50bd4d22..f3c5abed6 100644 --- a/src/libstrongswan/crypto/aead.c +++ b/src/libstrongswan/crypto/aead.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index 9d1b8df55..cb21d3ca7 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c index 3e33765b1..9bde663d1 100644 --- a/src/libstrongswan/crypto/crypters/crypter.c +++ b/src/libstrongswan/crypto/crypters/crypter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h index 19ba55d83..5ffcac253 100644 --- a/src/libstrongswan/crypto/crypters/crypter.h +++ b/src/libstrongswan/crypto/crypters/crypter.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index e86e7ae76..f0f64ce42 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 1b02cb469..430929595 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 820b8d1d8..efcfdbc74 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -2,7 +2,7 @@ * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -66,11 +66,9 @@ static struct { diffie_hellman_params_t public; /* The group identifier as specified in IKEv2 */ diffie_hellman_group_t group; - /* Optimal length of the exponent (in bytes), as specified in RFC 3526. */ - size_t opt_exp; } dh_params[] = { { - .group = MODP_768_BIT, .opt_exp = 32, .public = { + .group = MODP_768_BIT, .public = { .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -82,7 +80,7 @@ static struct { 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_1024_BIT, .opt_exp = 32, .public = { + .group = MODP_1024_BIT, .public = { .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -96,7 +94,7 @@ static struct { 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_1536_BIT, .opt_exp = 32, .public = { + .group = MODP_1536_BIT, .public = { .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -114,7 +112,7 @@ static struct { 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_2048_BIT, .opt_exp = 48, .public = { + .group = MODP_2048_BIT, .public = { .exp_len = 48, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -136,7 +134,7 @@ static struct { 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_3072_BIT, .opt_exp = 48, .public = { + .group = MODP_3072_BIT, .public = { .exp_len = 48, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -166,7 +164,7 @@ static struct { 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_4096_BIT, .opt_exp = 64, .public = { + .group = MODP_4096_BIT, .public = { .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -204,7 +202,7 @@ static struct { 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_6144_BIT, .opt_exp = 64, .public = { + .group = MODP_6144_BIT, .public = { .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -258,7 +256,7 @@ static struct { 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_8192_BIT, .opt_exp = 64, .public = { + .group = MODP_8192_BIT, .public = { .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -328,7 +326,7 @@ static struct { 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_1024_160, .opt_exp = 20, .public = { + .group = MODP_1024_160, .public = { .exp_len = 20, .subgroup = chunk_from_chars( 0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D, @@ -353,7 +351,7 @@ static struct { 0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71), }, }, { - .group = MODP_2048_224, .opt_exp = 28, .public = { + .group = MODP_2048_224, .public = { .exp_len = 28, .subgroup = chunk_from_chars( 0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A, @@ -394,7 +392,7 @@ static struct { 0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F) }, },{ - .group = MODP_2048_256, .opt_exp = 32, .public = { + .group = MODP_2048_256, .public = { .exp_len = 32, .subgroup = chunk_from_chars( 0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2, @@ -444,11 +442,19 @@ void diffie_hellman_init() { int i; + /* the default exponent size set above is based on the optimal length + * according to RFC 3526 */ if (lib->settings->get_bool(lib->settings, "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) { for (i = 0; i < countof(dh_params); i++) { + /* according to RFC 5114 the size of the exponent for these DH + * groups should equal the size of their prime order subgroup */ + if (dh_params[i].public.subgroup.len) + { + continue; + } dh_params[i].public.exp_len = dh_params[i].public.prime.len; } } @@ -465,19 +471,6 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group) { if (dh_params[i].group == group) { - if (!dh_params[i].public.exp_len) - { - if (!dh_params[i].public.subgroup.len && - lib->settings->get_bool(lib->settings, - "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) - { - dh_params[i].public.exp_len = dh_params[i].public.prime.len; - } - else - { - dh_params[i].public.exp_len = dh_params[i].opt_exp; - } - } return &dh_params[i].public; } } diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 1a8110abb..ce01bb346 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -2,7 +2,7 @@ * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c index 4087fe1d9..800bd0df7 100644 --- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c +++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.h b/src/libstrongswan/crypto/hashers/hash_algorithm_set.h index 00e90cc2e..e02ba8c4e 100644 --- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.h +++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen.c b/src/libstrongswan/crypto/iv/iv_gen.c index c70627723..c6efe08d0 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.c +++ b/src/libstrongswan/crypto/iv/iv_gen.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2015 Martin Willi * Copyright (C) 2015 revosec AG diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h index 292fc329f..0808e24d5 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.h +++ b/src/libstrongswan/crypto/iv/iv_gen.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c index 3b8f93986..cb4a397f9 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_null.c +++ b/src/libstrongswan/crypto/iv/iv_gen_null.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.h b/src/libstrongswan/crypto/iv/iv_gen_null.h index b63f0c3e9..960327c14 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_null.h +++ b/src/libstrongswan/crypto/iv/iv_gen_null.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c index 1474b3a12..66dcff767 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.c +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.h b/src/libstrongswan/crypto/iv/iv_gen_rand.h index 62d76ed21..edd449c1c 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.h +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c index 56620291c..42644e516 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.c +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.h b/src/libstrongswan/crypto/iv/iv_gen_seq.h index 43ff4f65e..daf7ec203 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.h +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/mac.h b/src/libstrongswan/crypto/mac.h index f23c6750f..50dc4c73a 100644 --- a/src/libstrongswan/crypto/mac.h +++ b/src/libstrongswan/crypto/mac.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/nonce_gen.h b/src/libstrongswan/crypto/nonce_gen.h index 98d159e12..4bdcb9403 100644 --- a/src/libstrongswan/crypto/nonce_gen.h +++ b/src/libstrongswan/crypto/nonce_gen.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c index 8a1452425..e7677a9c1 100644 --- a/src/libstrongswan/crypto/pkcs5.c +++ b/src/libstrongswan/crypto/pkcs5.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -422,7 +422,9 @@ static bool parse_pbes1_params(private_pkcs5_t *this, chunk_t blob, int level0) /** * ASN.1 definition of a PBKDF2-params structure * The salt is actually a CHOICE and could be an AlgorithmIdentifier from - * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions). + * PBKDF2-SaltSources (but as per RFC 8018 that's for future versions). + * The PRF algorithm is actually defined as DEFAULT and not OPTIONAL, but the + * parser can't handle ASN1_DEF with SEQUENCEs. */ static const asn1Object_t pbkdf2ParamsObjects[] = { { 0, "PBKDF2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -430,7 +432,8 @@ static const asn1Object_t pbkdf2ParamsObjects[] = { { 1, "iterationCount",ASN1_INTEGER, ASN1_BODY }, /* 2 */ { 1, "keyLength", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 3 */ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ - { 1, "prf", ASN1_EOC, ASN1_DEF|ASN1_RAW }, /* 5 */ + { 1, "prf", ASN1_SEQUENCE, ASN1_OPT|ASN1_RAW }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PBKDF2_SALT 1 @@ -446,13 +449,15 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0) asn1_parser_t *parser; chunk_t object; int objectID; - bool success; + bool success = FALSE; parser = asn1_parser_create(pbkdf2ParamsObjects, blob); parser->set_top_level(parser, level0); /* keylen is optional */ this->keylen = 0; + /* defaults to id-hmacWithSHA1 */ + this->data.pbes2.prf_alg = PRF_HMAC_SHA1; while (parser->iterate(parser, &objectID, &object)) { @@ -474,13 +479,22 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0) break; } case PBKDF2_PRF: - { /* defaults to id-hmacWithSHA1, no other is currently defined */ - this->data.pbes2.prf_alg = PRF_HMAC_SHA1; + { + int oid; + + oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, NULL); + this->data.pbes2.prf_alg = pseudo_random_function_from_oid(oid); + if (this->data.pbes2.prf_alg == PRF_UNDEFINED) + { /* unsupported PRF algorithm */ + goto end; + } break; } } } success = parser->success(parser); +end: parser->destroy(parser); return success; } diff --git a/src/libstrongswan/crypto/pkcs5.h b/src/libstrongswan/crypto/pkcs5.h index b16d3736e..fd781fb00 100644 --- a/src/libstrongswan/crypto/pkcs5.h +++ b/src/libstrongswan/crypto/pkcs5.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index a26010aae..7d2b5217c 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index 2c4b8852d..41fdfbb86 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c index 3f8eb7e5c..8db21df36 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.c +++ b/src/libstrongswan/crypto/prfs/mac_prf.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prfs/mac_prf.h b/src/libstrongswan/crypto/prfs/mac_prf.h index 4ff925b04..0c1dda6f5 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.h +++ b/src/libstrongswan/crypto/prfs/mac_prf.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c index 12e13ef57..eee09535d 100644 --- a/src/libstrongswan/crypto/prfs/prf.c +++ b/src/libstrongswan/crypto/prfs/prf.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -16,6 +17,8 @@ #include "prf.h" +#include <asn1/oid.h> + ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_CAMELLIA128_XCBC, "PRF_UNDEFINED", "PRF_FIPS_SHA1_160", @@ -33,3 +36,25 @@ ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_CAMEL "PRF_AES128_CMAC"); ENUM_END(pseudo_random_function_names, PRF_AES128_CMAC); +/* + * Described in header. + */ +pseudo_random_function_t pseudo_random_function_from_oid(int oid) +{ + switch (oid) + { + case OID_HMAC_SHA1: + return PRF_HMAC_SHA1; + case OID_HMAC_SHA256: + return PRF_HMAC_SHA2_256; + case OID_HMAC_SHA384: + return PRF_HMAC_SHA2_384; + case OID_HMAC_SHA512: + return PRF_HMAC_SHA2_512; + case OID_HMAC_SHA224: + case OID_HMAC_SHA512_224: + case OID_HMAC_SHA512_256: + default: + return PRF_UNDEFINED; + } +} diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index fe9ffc2dd..a91de1ddc 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -1,7 +1,8 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -125,4 +126,12 @@ struct prf_t { void (*destroy)(prf_t *this); }; +/** + * Conversion of ASN.1 OID to PRF algorithm. + * + * @param oid ASN.1 OID + * @return encryption algorithm, PRF_UNDEFINED if OID unsupported + */ +pseudo_random_function_t pseudo_random_function_from_oid(int oid); + #endif /** PRF_H_ @}*/ diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index bb0a02b59..d671879c0 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -58,6 +58,11 @@ struct private_proposal_t { array_t *transforms; /** + * Types of transforms contained, as transform_type_t + */ + array_t *types; + + /** * senders SPI */ uint64_t spi; @@ -69,6 +74,101 @@ struct private_proposal_t { }; /** + * This is a hack to not change the previous order when printing proposals + */ +static transform_type_t type_for_sort(const void *type) +{ + const transform_type_t *t = type; + + switch (*t) + { + case PSEUDO_RANDOM_FUNCTION: + return INTEGRITY_ALGORITHM; + case INTEGRITY_ALGORITHM: + return PSEUDO_RANDOM_FUNCTION; + default: + return *t; + } +} + +/** + * Sort transform types + */ +static int type_sort(const void *a, const void *b, void *user) +{ + transform_type_t ta = type_for_sort(a), tb = type_for_sort(b); + return ta - tb; +} + +/** + * Find a transform type + */ +static int type_find(const void *a, const void *b) +{ + return type_sort(a, b, NULL); +} + +/** + * Check if the given transform type is already in the set + */ +static bool contains_type(array_t *types, transform_type_t type) +{ + return array_bsearch(types, &type, type_find, NULL) != -1; +} + +/** + * Add the given transform type to the set + */ +static void add_type(array_t *types, transform_type_t type) +{ + if (!contains_type(types, type)) + { + array_insert(types, ARRAY_TAIL, &type); + array_sort(types, type_sort, NULL); + } +} + +/** + * Merge two sets of transform types into a new array + */ +static array_t *merge_types(private_proposal_t *this, private_proposal_t *other) +{ + array_t *types; + transform_type_t type; + int i, count; + + count = max(array_count(this->types), array_count(other->types)); + types = array_create(sizeof(transform_type_t), count); + + for (i = 0; i < count; i++) + { + if (array_get(this->types, i, &type)) + { + add_type(types, type); + } + if (array_get(other->types, i, &type)) + { + add_type(types, type); + } + } + return types; +} + +/** + * Remove the given transform type from the set + */ +static void remove_type(private_proposal_t *this, transform_type_t type) +{ + int i; + + i = array_bsearch(this->types, &type, type_find, NULL); + if (i >= 0) + { + array_remove(this->types, i, NULL); + } +} + +/** * Struct used to store different kinds of algorithms. */ typedef struct { @@ -91,6 +191,7 @@ METHOD(proposal_t, add_algorithm, void, }; array_insert(this->transforms, ARRAY_TAIL, &entry); + add_type(this->types, type); } CALLBACK(alg_filter, bool, @@ -206,17 +307,31 @@ METHOD(proposal_t, strip_dh, void, { enumerator_t *enumerator; entry_t *entry; + bool found = FALSE; enumerator = array_create_enumerator(this->transforms); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->type == DIFFIE_HELLMAN_GROUP && - entry->alg != keep) + if (entry->type == DIFFIE_HELLMAN_GROUP) { - array_remove_at(this->transforms, enumerator); + if (entry->alg != keep) + { + array_remove_at(this->transforms, enumerator); + } + else + { + found = TRUE; + } } } enumerator->destroy(enumerator); + array_compress(this->transforms); + + if (keep == MODP_NONE || !found) + { + remove_type(this, DIFFIE_HELLMAN_GROUP); + array_compress(this->types); + } } /** @@ -310,6 +425,9 @@ METHOD(proposal_t, select_proposal, proposal_t*, bool private) { proposal_t *selected; + transform_type_t type; + array_t *types; + int i; DBG2(DBG_CFG, "selecting proposal:"); @@ -328,18 +446,20 @@ METHOD(proposal_t, select_proposal, proposal_t*, { selected = proposal_create(this->protocol, this->number); selected->set_spi(selected, this->spi); - } - if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) || - !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) || - !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) || - !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) || - !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private)) + types = merge_types(this, (private_proposal_t*)other); + for (i = 0; i < array_count(types); i++) { - selected->destroy(selected); - return NULL; + array_get(types, i, &type); + if (!select_algo(this, other, selected, type, private)) + { + selected->destroy(selected); + array_destroy(types); + return NULL; + } } + array_destroy(types); DBG2(DBG_CFG, " proposal matches"); return selected; @@ -409,16 +529,27 @@ METHOD(proposal_t, get_number, u_int, METHOD(proposal_t, equals, bool, private_proposal_t *this, proposal_t *other) { + transform_type_t type; + array_t *types; + int i; + if (&this->public == other) { return TRUE; } - return ( - algo_list_equals(this, other, ENCRYPTION_ALGORITHM) && - algo_list_equals(this, other, INTEGRITY_ALGORITHM) && - algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) && - algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) && - algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS)); + + types = merge_types(this, (private_proposal_t*)other); + for (i = 0; i < array_count(types); i++) + { + array_get(types, i, &type); + if (!algo_list_equals(this, other, type)) + { + array_destroy(types); + return FALSE; + } + } + array_destroy(types); + return TRUE; } METHOD(proposal_t, clone_, proposal_t*, @@ -427,6 +558,7 @@ METHOD(proposal_t, clone_, proposal_t*, private_proposal_t *clone; enumerator_t *enumerator; entry_t *entry; + transform_type_t *type; clone = (private_proposal_t*)proposal_create(this->protocol, 0); @@ -436,6 +568,12 @@ METHOD(proposal_t, clone_, proposal_t*, array_insert(clone->transforms, ARRAY_TAIL, entry); } enumerator->destroy(enumerator); + enumerator = array_create_enumerator(this->types); + while (enumerator->enumerate(enumerator, &type)) + { + array_insert(clone->types, ARRAY_TAIL, type); + } + enumerator->destroy(enumerator); clone->spi = this->spi; clone->number = this->number; @@ -479,6 +617,7 @@ static void remove_transform(private_proposal_t *this, transform_type_t type) } } e->destroy(e); + remove_type(this, type); } /** @@ -571,6 +710,14 @@ static bool check_proposal(private_proposal_t *this) * we MUST NOT propose any integrity algorithms */ remove_transform(this, INTEGRITY_ALGORITHM); } + else if (this->protocol == PROTO_IKE && + !get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) + { + DBG1(DBG_CFG, "an integrity algorithm is mandatory in %N proposals " + "with classic (non-AEAD) encryption algorithms", + protocol_id_names, this->protocol); + return FALSE; + } } else { /* AES-GMAC is parsed as encryption algorithm, so we map that to the @@ -605,6 +752,7 @@ static bool check_proposal(private_proposal_t *this) } } e->destroy(e); + remove_type(this, ENCRYPTION_ALGORITHM); if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) { @@ -623,6 +771,7 @@ static bool check_proposal(private_proposal_t *this) } array_compress(this->transforms); + array_compress(this->types); return TRUE; } @@ -646,30 +795,44 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) } /** - * print all algorithms of a kind to buffer + * Print all algorithms of the given type */ static int print_alg(private_proposal_t *this, printf_hook_data_t *data, - u_int kind, void *names, bool *first) + transform_type_t type, bool *first) { enumerator_t *enumerator; size_t written = 0; - uint16_t alg, size; + entry_t *entry; + enum_name_t *names; + + names = transform_get_enum_names(type); - enumerator = create_enumerator(this, kind); - while (enumerator->enumerate(enumerator, &alg, &size)) + enumerator = array_create_enumerator(this->transforms); + while (enumerator->enumerate(enumerator, &entry)) { + char *prefix = "/"; + + if (type != entry->type) + { + continue; + } if (*first) { - written += print_in_hook(data, "%N", names, alg); + prefix = ""; *first = FALSE; } + if (names) + { + written += print_in_hook(data, "%s%N", prefix, names, entry->alg); + } else { - written += print_in_hook(data, "/%N", names, alg); + written += print_in_hook(data, "%sUNKNOWN_%u_%u", prefix, + entry->type, entry->alg); } - if (size) + if (entry->key_size) { - written += print_in_hook(data, "_%u", size); + written += print_in_hook(data, "_%u", entry->key_size); } } enumerator->destroy(enumerator); @@ -685,6 +848,7 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, private_proposal_t *this = *((private_proposal_t**)(args[0])); linked_list_t *list = *((linked_list_t**)(args[0])); enumerator_t *enumerator; + transform_type_t *type; size_t written = 0; bool first = TRUE; @@ -713,16 +877,12 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, } written = print_in_hook(data, "%N:", protocol_id_names, this->protocol); - written += print_alg(this, data, ENCRYPTION_ALGORITHM, - encryption_algorithm_names, &first); - written += print_alg(this, data, INTEGRITY_ALGORITHM, - integrity_algorithm_names, &first); - written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION, - pseudo_random_function_names, &first); - written += print_alg(this, data, DIFFIE_HELLMAN_GROUP, - diffie_hellman_group_names, &first); - written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS, - extended_sequence_numbers_names, &first); + enumerator = array_create_enumerator(this->types); + while (enumerator->enumerate(enumerator, &type)) + { + written += print_alg(this, data, *type, &first); + } + enumerator->destroy(enumerator); return written; } @@ -730,6 +890,7 @@ METHOD(proposal_t, destroy, void, private_proposal_t *this) { array_destroy(this->transforms); + array_destroy(this->types); free(this); } @@ -760,6 +921,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number) .protocol = protocol, .number = number, .transforms = array_create(sizeof(entry_t), 0), + .types = array_create(sizeof(transform_type_t), 0), ); return &this->public; @@ -794,7 +956,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); break; case ENCR_CHACHA20_POLY1305: - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0); break; default: break; diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index cd4e5763c..e83e18829 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index b062221e5..585377a6b 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index 420a66d7c..cad94aa82 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -32,7 +32,7 @@ error "gperf generated tables don't work with this execution character set. Plea /* * Copyright (C) 2009-2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -59,12 +59,12 @@ struct proposal_token { uint16_t keysize; }; -#define TOTAL_KEYWORDS 143 +#define TOTAL_KEYWORDS 144 #define MIN_WORD_LENGTH 3 -#define MAX_WORD_LENGTH 17 +#define MAX_WORD_LENGTH 22 #define MIN_HASH_VALUE 7 -#define MAX_HASH_VALUE 259 -/* maximum key range = 253, duplicates = 0 */ +#define MAX_HASH_VALUE 250 +/* maximum key range = 244, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -78,34 +78,34 @@ hash (str, len) register const char *str; register unsigned int len; { - static const unsigned short asso_values[] = + static const unsigned char asso_values[] = { - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 73, 2, - 16, 40, 30, 26, 8, 15, 3, 1, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 106, 260, 2, 2, 16, - 46, 75, 1, 78, 2, 4, 260, 260, 1, 18, - 7, 2, 164, 5, 94, 116, 23, 41, 260, 260, - 1, 2, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260 + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 73, 2, + 16, 47, 30, 26, 8, 6, 3, 1, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 98, 251, 2, 2, 16, + 46, 75, 1, 78, 6, 4, 251, 251, 1, 4, + 7, 2, 124, 1, 94, 116, 23, 64, 251, 251, + 1, 2, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251 }; register int hval = len; @@ -154,15 +154,16 @@ static const struct proposal_token wordlist[] = {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, @@ -175,11 +176,9 @@ static const struct proposal_token wordlist[] = {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, @@ -201,24 +200,25 @@ static const struct proposal_token wordlist[] = {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, @@ -236,6 +236,7 @@ static const struct proposal_token wordlist[] = {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, @@ -247,46 +248,46 @@ static const struct proposal_token wordlist[] = {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"curve25519", DIFFIE_HELLMAN_GROUP, CURVE_25519, 0}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, - {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"curve25519", DIFFIE_HELLMAN_GROUP, CURVE_25519, 0}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0}, + {"chacha20poly1305compat", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, - {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, - {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, - {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0} + {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = @@ -294,29 +295,29 @@ static const short lookup[] = -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 1, 2, -1, -1, -1, -1, -1, -1, -1, 3, 4, -1, -1, -1, -1, -1, 5, 6, 7, - 8, -1, -1, 9, -1, -1, 10, 11, 12, -1, - 13, 14, 15, 16, 17, 18, -1, -1, -1, 19, - 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, - 40, 41, 42, 43, 44, 45, -1, 46, 47, 48, - 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, - 59, 60, 61, 62, 63, -1, 64, 65, -1, 66, - 67, 68, 69, 70, 71, -1, 72, 73, -1, 74, + 8, -1, -1, 9, 10, -1, 11, 12, 13, -1, + 14, 15, 16, -1, 17, 18, -1, 19, -1, 20, + 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, -1, 32, 33, 34, -1, 35, 36, 37, 38, + 39, 40, 41, 42, 43, 44, -1, 45, 46, 47, + 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, + 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, + 67, 68, 69, 70, 71, 72, 73, 74, -1, -1, -1, -1, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, -1, -1, -1, 86, 87, 88, -1, - 89, 90, 91, -1, 92, 93, 94, 95, 96, 97, - 98, 99, -1, 100, 101, -1, 102, 103, 104, -1, - 105, 106, -1, -1, 107, 108, 109, -1, 110, 111, - -1, 112, 113, 114, -1, 115, -1, 116, -1, -1, - 117, -1, 118, -1, -1, 119, 120, -1, -1, 121, - 122, 123, 124, 125, 126, 127, 128, 129, -1, 130, - -1, 131, -1, 132, 133, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 134, -1, -1, 135, 136, - 137, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 138, 139, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 140, + 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, + 99, 100, -1, 101, 102, -1, 103, -1, 104, -1, + 105, 106, -1, 107, 108, 109, 110, 111, 112, -1, + -1, 113, 114, 115, -1, 116, -1, 117, 118, 119, + 120, -1, 121, 122, -1, 123, 124, -1, -1, 125, + -1, 126, 127, 128, 129, 130, 131, 132, -1, -1, + 133, -1, -1, -1, 134, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, 136, -1, -1, 137, + -1, -1, 138, -1, -1, -1, 139, -1, -1, 140, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 141, -1, -1, 142, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 141, -1, -1, -1, -1, 142 + 143 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h index e28f46513..1345f36bb 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in index ee9f7b9da..be77410ab 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index c44ed96a0..b214a9edf 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2009-2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -78,7 +78,8 @@ aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256 aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128 aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192 aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256 -chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256 +chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0 +chacha20poly1305compat, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256 blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192 diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c index 1f39dedb8..d2e34d9f3 100644 --- a/src/libstrongswan/crypto/rngs/rng.c +++ b/src/libstrongswan/crypto/rngs/rng.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h index 0ca2cb114..11473030e 100644 --- a/src/libstrongswan/crypto/rngs/rng.h +++ b/src/libstrongswan/crypto/rngs/rng.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c index 4426782b4..d2b484424 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.c +++ b/src/libstrongswan/crypto/signers/mac_signer.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/mac_signer.h b/src/libstrongswan/crypto/signers/mac_signer.h index a50c8cadf..7fcdac909 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.h +++ b/src/libstrongswan/crypto/signers/mac_signer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c index 522b4e29d..2ba38ad7f 100644 --- a/src/libstrongswan/crypto/signers/signer.c +++ b/src/libstrongswan/crypto/signers/signer.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 8958e66e9..f0d6667ff 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index 808cb996e..77a57f527 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,21 +17,20 @@ #include <crypto/hashers/hasher.h> #include <crypto/rngs/rng.h> -ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION, - "UNDEFINED_TRANSFORM_TYPE", - "HASH_ALGORITHM", - "RANDOM_NUMBER_GENERATOR", - "AEAD_ALGORITHM", - "COMPRESSION_ALGORITHM", - "EXTENDED OUTPUT FUNCTION"); -ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, - EXTENDED_OUTPUT_FUNCTION, +ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, "ENCRYPTION_ALGORITHM", "PSEUDO_RANDOM_FUNCTION", "INTEGRITY_ALGORITHM", "DIFFIE_HELLMAN_GROUP", "EXTENDED_SEQUENCE_NUMBERS"); -ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); +ENUM_NEXT(transform_type_names, HASH_ALGORITHM, EXTENDED_OUTPUT_FUNCTION, + EXTENDED_SEQUENCE_NUMBERS, + "HASH_ALGORITHM", + "RANDOM_NUMBER_GENERATOR", + "AEAD_ALGORITHM", + "COMPRESSION_ALGORITHM", + "EXTENDED OUTPUT FUNCTION"); +ENUM_END(transform_type_names, EXTENDED_OUTPUT_FUNCTION); ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, @@ -64,7 +63,6 @@ enum_name_t* transform_get_enum_names(transform_type_t type) return extended_sequence_numbers_names; case EXTENDED_OUTPUT_FUNCTION: return ext_out_function_names; - case UNDEFINED_TRANSFORM_TYPE: case COMPRESSION_ALGORITHM: break; } diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index e043e605c..63881b373 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -29,17 +29,16 @@ typedef enum transform_type_t transform_type_t; * Type of a transform, as in IKEv2 RFC 3.3.2. */ enum transform_type_t { - UNDEFINED_TRANSFORM_TYPE = 241, - HASH_ALGORITHM = 242, - RANDOM_NUMBER_GENERATOR = 243, - AEAD_ALGORITHM = 244, - COMPRESSION_ALGORITHM = 245, - EXTENDED_OUTPUT_FUNCTION = 246, ENCRYPTION_ALGORITHM = 1, PSEUDO_RANDOM_FUNCTION = 2, INTEGRITY_ALGORITHM = 3, DIFFIE_HELLMAN_GROUP = 4, - EXTENDED_SEQUENCE_NUMBERS = 5 + EXTENDED_SEQUENCE_NUMBERS = 5, + HASH_ALGORITHM = 256, + RANDOM_NUMBER_GENERATOR = 257, + AEAD_ALGORITHM = 258, + COMPRESSION_ALGORITHM = 259, + EXTENDED_OUTPUT_FUNCTION = 260, }; /** |