diff options
Diffstat (limited to 'src/libstrongswan/crypto')
| -rw-r--r-- | src/libstrongswan/crypto/aead.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/diffie_hellman.c | 24 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/diffie_hellman.h | 7 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs9.c | 112 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/prf_plus.c | 35 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords.c | 31 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/proposal/proposal_keywords.txt | 3 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/signers/signer.h | 4 |
9 files changed, 116 insertions, 112 deletions
diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index d560381d9..3f6abb4f9 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -111,7 +111,7 @@ struct aead_t { * Create a aead instance using traditional transforms. * * @param crypter encryption transform for this aead - * @param signer integrity tranform for this aead + * @param signer integrity transform for this aead * @return aead transform */ aead_t *aead_create(crypter_t *crypter, signer_t *signer); diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 4635dccea..8b1daa885 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -102,6 +102,8 @@ static const char* get_name(void *sym) return "unknown"; } +#ifdef CLOCK_THREAD_CPUTIME_ID + /** * Start a benchmark timer */ @@ -122,6 +124,14 @@ static u_int end_timing(struct timespec *start) (end.tv_sec - start->tv_sec) * 1000; } +#else /* CLOCK_THREAD_CPUTIME_ID */ + +/* Make benchmarking a no-op if CLOCK_THREAD_CPUTIME_ID is not available */ +#define start_timing(start) ((start)->tv_sec = 0, (start)->tv_nsec = 0) +#define end_timing(...) (this->bench_time) + +#endif /* CLOCK_THREAD_CPUTIME_ID */ + /** * Benchmark a crypter */ diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 5f7365321..1124ee6f7 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -64,7 +64,8 @@ static struct { 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_1024_BIT, .opt_exp = 32, .public = { @@ -77,7 +78,8 @@ static struct { 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_1536_BIT, .opt_exp = 32, .public = { @@ -94,7 +96,8 @@ static struct { 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_2048_BIT, .opt_exp = 48, .public = { @@ -115,7 +118,8 @@ static struct { 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_3072_BIT, .opt_exp = 48, .public = { @@ -144,7 +148,8 @@ static struct { 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_4096_BIT, .opt_exp = 64, .public = { @@ -181,7 +186,8 @@ static struct { 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_6144_BIT, .opt_exp = 64, .public = { @@ -234,7 +240,8 @@ static struct { 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, - 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_8192_BIT, .opt_exp = 64, .public = { @@ -303,7 +310,8 @@ static struct { 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B, 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA, 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, - 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_1024_160, .opt_exp = 20, .public = { diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 9ae772363..cab3b1ba7 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -57,7 +57,7 @@ enum diffie_hellman_group_t { ECP_224_BIT = 26, /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ MODP_NULL = 1024, - /** MODP group with custon generator, prime */ + /** MODP group with custom generator/prime */ MODP_CUSTOM = 1025, }; @@ -74,8 +74,7 @@ struct diffie_hellman_t { /** * Returns the shared secret of this diffie hellman exchange. * - * Space for returned secret is allocated and must be - * freed by the caller. + * Space for returned secret is allocated and must be freed by the caller. * * @param secret shared secret will be written into this chunk * @return SUCCESS, FAILED if not both DH values are set @@ -108,7 +107,7 @@ struct diffie_hellman_t { diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this); /** - * Destroys an diffie_hellman_t object. + * Destroys a diffie_hellman_t object. */ void (*destroy) (diffie_hellman_t *this); }; diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c index e3ba0f129..63a615238 100644 --- a/src/libstrongswan/crypto/pkcs9.c +++ b/src/libstrongswan/crypto/pkcs9.c @@ -68,8 +68,6 @@ struct attribute_t { /** * Destroys the attribute. - * - * @param this attribute to destroy */ void (*destroy) (attribute_t *this); @@ -184,23 +182,24 @@ static void attribute_destroy(attribute_t *this) */ static attribute_t *attribute_create(int oid, chunk_t value) { - attribute_t *this = malloc_thing(attribute_t); - - this->oid = oid; - this->value = chunk_clone(value); - this->encoding = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_attributeIdentifier(oid), - asn1_simple_object(ASN1_SET, value)); - this->destroy = (void (*) (attribute_t*))attribute_destroy; + attribute_t *this; + + INIT(this, + .destroy = attribute_destroy, + .oid = oid, + .value = chunk_clone(value), + .encoding = asn1_wrap(ASN1_SEQUENCE, "cm", + asn1_attributeIdentifier(oid), + asn1_simple_object(ASN1_SET, value)), + ); + return this; } -/** - * Implements pkcs9_t.build_encoding - */ -static void build_encoding(private_pkcs9_t *this) +METHOD(pkcs9_t, build_encoding, void, + private_pkcs9_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; attribute_t *attribute; u_int attributes_len = 0; @@ -214,33 +213,31 @@ static void build_encoding(private_pkcs9_t *this) } /* compute the total length of the encoded attributes */ - iterator = this->attributes->create_iterator(this->attributes, TRUE); + enumerator = this->attributes->create_enumerator(this->attributes); - while (iterator->iterate(iterator, (void**)&attribute)) + while (enumerator->enumerate(enumerator, (void**)&attribute)) { attributes_len += attribute->encoding.len; } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* allocate memory for the attributes and build the encoding */ { u_char *pos = asn1_build_object(&this->encoding, ASN1_SET, attributes_len); - iterator = this->attributes->create_iterator(this->attributes, TRUE); + enumerator = this->attributes->create_enumerator(this->attributes); - while (iterator->iterate(iterator, (void**)&attribute)) + while (enumerator->enumerate(enumerator, (void**)&attribute)) { memcpy(pos, attribute->encoding.ptr, attribute->encoding.len); pos += attribute->encoding.len; } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } } -/** - * Implements pkcs9_t.get_encoding - */ -static chunk_t get_encoding(private_pkcs9_t *this) +METHOD(pkcs9_t, get_encoding, chunk_t, + private_pkcs9_t *this) { if (this->encoding.ptr == NULL) { @@ -249,16 +246,15 @@ static chunk_t get_encoding(private_pkcs9_t *this) return this->encoding; } -/** - * Implements pkcs9_t.get_attribute - */ -static chunk_t get_attribute(private_pkcs9_t *this, int oid) +METHOD(pkcs9_t, get_attribute, chunk_t, + private_pkcs9_t *this, int oid) { - iterator_t *iterator = this->attributes->create_iterator(this->attributes, TRUE); + enumerator_t *enumerator; chunk_t value = chunk_empty; attribute_t *attribute; - while (iterator->iterate(iterator, (void**)&attribute)) + enumerator = this->attributes->create_enumerator(this->attributes); + while (enumerator->enumerate(enumerator, (void**)&attribute)) { if (attribute->oid == oid) { @@ -266,24 +262,20 @@ static chunk_t get_attribute(private_pkcs9_t *this, int oid) break; } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return value; } -/** - * Implements pkcs9_t.set_attribute - */ -static void set_attribute(private_pkcs9_t *this, int oid, chunk_t value) +METHOD(pkcs9_t, set_attribute, void, + private_pkcs9_t *this, int oid, chunk_t value) { attribute_t *attribute = attribute_create(oid, value); this->attributes->insert_last(this->attributes, (void*)attribute); } -/** - * Implements pkcs9_t.get_messageDigest - */ -static chunk_t get_messageDigest(private_pkcs9_t *this) +METHOD(pkcs9_t, get_messageDigest, chunk_t, + private_pkcs9_t *this) { const int oid = OID_PKCS9_MESSAGE_DIGEST; chunk_t value = get_attribute(this, oid); @@ -300,10 +292,8 @@ static chunk_t get_messageDigest(private_pkcs9_t *this) return chunk_clone(value); } -/** - * Implements pkcs9_t.set_attribute - */ -static void set_messageDigest(private_pkcs9_t *this, chunk_t value) +METHOD(pkcs9_t, set_messageDigest, void, + private_pkcs9_t *this, chunk_t value) { const int oid = OID_PKCS9_MESSAGE_DIGEST; chunk_t messageDigest = asn1_simple_object(asn1_attributeType(oid), value); @@ -312,10 +302,8 @@ static void set_messageDigest(private_pkcs9_t *this, chunk_t value) free(messageDigest.ptr); } -/** - * Implements pkcs9_t.destroy - */ -static void destroy(private_pkcs9_t *this) +METHOD(pkcs9_t, destroy, void, + private_pkcs9_t *this) { this->attributes->destroy_offset(this->attributes, offsetof(attribute_t, destroy)); free(this->encoding.ptr); @@ -327,20 +315,20 @@ static void destroy(private_pkcs9_t *this) */ static private_pkcs9_t *pkcs9_create_empty(void) { - private_pkcs9_t *this = malloc_thing(private_pkcs9_t); - - /* initialize */ - this->encoding = chunk_empty; - this->attributes = linked_list_create(); - - /*public functions */ - this->public.build_encoding = (void (*) (pkcs9_t*))build_encoding; - this->public.get_encoding = (chunk_t (*) (pkcs9_t*))get_encoding; - this->public.get_attribute = (chunk_t (*) (pkcs9_t*,int))get_attribute; - this->public.set_attribute = (void (*) (pkcs9_t*,int,chunk_t))set_attribute; - this->public.get_messageDigest = (chunk_t (*) (pkcs9_t*))get_messageDigest; - this->public.set_messageDigest = (void (*) (pkcs9_t*,chunk_t))set_messageDigest; - this->public.destroy = (void (*) (pkcs9_t*))destroy; + private_pkcs9_t *this; + + INIT(this, + .public = { + .build_encoding = _build_encoding, + .get_encoding = _get_encoding, + .get_attribute = _get_attribute, + .set_attribute = _set_attribute, + .get_messageDigest = _get_messageDigest, + .set_messageDigest = _set_messageDigest, + .destroy = _destroy, + }, + .attributes = linked_list_create(), + ); return this; } diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 6bd0f7465..8e815e608 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -56,10 +56,8 @@ struct private_prf_plus_t { u_int8_t appending_octet; }; -/** - * Implementation of prf_plus_t.get_bytes. - */ -static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) +METHOD(prf_plus_t, get_bytes, void, + private_prf_plus_t *this, size_t length, u_int8_t *buffer) { chunk_t appending_chunk; size_t bytes_in_round; @@ -89,10 +87,8 @@ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) } } -/** - * Implementation of prf_plus_t.allocate_bytes. - */ -static void allocate_bytes(private_prf_plus_t *this, size_t length, chunk_t *chunk) +METHOD(prf_plus_t, allocate_bytes, void, + private_prf_plus_t *this, size_t length, chunk_t *chunk) { if (length) { @@ -106,10 +102,8 @@ static void allocate_bytes(private_prf_plus_t *this, size_t length, chunk_t *chu } } -/** - * Implementation of prf_plus_t.destroy. - */ -static void destroy(private_prf_plus_t *this) +METHOD(prf_plus_t, destroy, void, + private_prf_plus_t *this) { free(this->buffer.ptr); free(this->seed.ptr); @@ -124,15 +118,14 @@ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed) private_prf_plus_t *this; chunk_t appending_chunk; - this = malloc_thing(private_prf_plus_t); - - /* set public methods */ - this->public.get_bytes = (void (*)(prf_plus_t *,size_t,u_int8_t*))get_bytes; - this->public.allocate_bytes = (void (*)(prf_plus_t *,size_t,chunk_t*))allocate_bytes; - this->public.destroy = (void (*)(prf_plus_t *))destroy; - - /* take over prf */ - this->prf = prf; + INIT(this, + .public = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + .prf = prf, + ); /* allocate buffer for prf output */ this->buffer.len = prf->get_block_size(prf); diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index d65955a2e..2060864a5 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -59,7 +59,7 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 119 +#define TOTAL_KEYWORDS 122 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 @@ -90,7 +90,7 @@ hash (str, len) 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 131, 214, 3, 22, 21, - 3, 1, 101, 48, 3, 4, 214, 214, 3, 214, + 3, 1, 101, 48, 3, 4, 214, 214, 3, 10, 57, 4, 214, 214, 94, 6, 3, 32, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, @@ -196,7 +196,9 @@ static const struct proposal_token wordlist[] = {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, + {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, @@ -250,6 +252,7 @@ static const struct proposal_token wordlist[] = {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, @@ -273,20 +276,20 @@ static const short lookup[] = -1, -1, -1, -1, 29, 30, 31, 32, 33, 34, 35, -1, 36, -1, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, - 53, -1, 54, -1, 55, -1, 56, -1, 57, -1, - 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, - 67, 68, 69, 70, 71, 72, -1, 73, -1, 74, - -1, 75, -1, 76, 77, 78, 79, 80, -1, 81, - 82, 83, 84, 85, -1, 86, 87, -1, 88, -1, - -1, 89, 90, -1, 91, -1, -1, 92, -1, 93, - 94, 95, 96, -1, 97, -1, 98, 99, 100, 101, - 102, 103, -1, -1, -1, 104, -1, -1, 105, 106, - -1, 107, -1, -1, -1, 108, 109, -1, -1, 110, - 111, -1, -1, -1, 112, 113, -1, 114, 115, -1, + 53, 54, 55, 56, 57, -1, 58, -1, 59, -1, + 60, -1, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 74, -1, 75, -1, 76, + -1, 77, -1, 78, 79, 80, 81, 82, -1, 83, + 84, 85, 86, 87, -1, 88, 89, -1, 90, -1, + -1, 91, 92, -1, 93, -1, -1, 94, -1, 95, + 96, 97, 98, -1, 99, -1, 100, 101, 102, 103, + 104, 105, -1, -1, -1, 106, -1, -1, 107, 108, + -1, 109, -1, -1, 110, 111, 112, -1, -1, 113, + 114, -1, -1, -1, 115, 116, -1, 117, 118, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 116, -1, -1, -1, 117, - -1, -1, -1, 118 + -1, -1, -1, -1, -1, 119, -1, -1, -1, 120, + -1, -1, -1, 121 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 4ef664d8f..1d04f2dc4 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -118,6 +118,7 @@ twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192 twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256 sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 +sha1_160, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0 sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 @@ -127,8 +128,10 @@ sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0 +md5_128, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0 aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0 camelliaxcbc, INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0 +aescmac, INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0 modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0 diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index e2c224d8b..c6870e475 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -66,9 +66,9 @@ enum integrity_algorithm_t { AUTH_HMAC_SHA1_128 = 1025, /** SHA256 96 bit truncation variant, supported by Linux kernels */ AUTH_HMAC_SHA2_256_96 = 1026, - /** SHA256 full length tuncation variant, as used in TLS */ + /** SHA256 full length truncation variant, as used in TLS */ AUTH_HMAC_SHA2_256_256 = 1027, - /** SHA384 full length tuncation variant, as used in TLS */ + /** SHA384 full length truncation variant, as used in TLS */ AUTH_HMAC_SHA2_384_384 = 1028, /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */ AUTH_CAMELLIA_XCBC_96 = 1029, |