summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/aead.c20
-rw-r--r--src/libstrongswan/crypto/aead.h11
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c61
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h3
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c14
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h5
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c3
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h18
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen.h61
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen_rand.c79
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen_rand.h32
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen_seq.c102
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen_seq.h32
-rw-r--r--src/libstrongswan/crypto/prfs/mac_prf.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.c266
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.txt4
16 files changed, 525 insertions, 188 deletions
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c
index 32a0e6759..afcc11fbe 100644
--- a/src/libstrongswan/crypto/aead.c
+++ b/src/libstrongswan/crypto/aead.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -16,6 +19,7 @@
#include "aead.h"
#include <utils/debug.h>
+#include <crypto/iv/iv_gen_rand.h>
typedef struct private_aead_t private_aead_t;
@@ -35,9 +39,14 @@ struct private_aead_t {
crypter_t *crypter;
/**
- * draditional signer
+ * traditional signer
*/
signer_t *signer;
+
+ /**
+ * IV generator
+ */
+ iv_gen_t *iv_gen;
};
METHOD(aead_t, encrypt, bool,
@@ -126,6 +135,12 @@ METHOD(aead_t, get_iv_size, size_t,
return this->crypter->get_iv_size(this->crypter);
}
+METHOD(aead_t, get_iv_gen, iv_gen_t*,
+ private_aead_t *this)
+{
+ return this->iv_gen;
+}
+
METHOD(aead_t, get_key_size, size_t,
private_aead_t *this)
{
@@ -148,6 +163,7 @@ METHOD(aead_t, set_key, bool,
METHOD(aead_t, destroy, void,
private_aead_t *this)
{
+ this->iv_gen->destroy(this->iv_gen);
this->crypter->destroy(this->crypter);
this->signer->destroy(this->signer);
free(this);
@@ -167,12 +183,14 @@ aead_t *aead_create(crypter_t *crypter, signer_t *signer)
.get_block_size = _get_block_size,
.get_icv_size = _get_icv_size,
.get_iv_size = _get_iv_size,
+ .get_iv_gen = _get_iv_gen,
.get_key_size = _get_key_size,
.set_key = _set_key,
.destroy = _destroy,
},
.crypter = crypter,
.signer = signer,
+ .iv_gen = iv_gen_rand_create(),
);
return &this->public;
diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h
index f3959f8f3..c887f53bb 100644
--- a/src/libstrongswan/crypto/aead.h
+++ b/src/libstrongswan/crypto/aead.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -26,6 +29,7 @@ typedef struct aead_t aead_t;
#include <library.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
+#include <crypto/iv/iv_gen.h>
/**
* Authenticated encryption / authentication decryption interface.
@@ -89,6 +93,13 @@ struct aead_t {
size_t (*get_iv_size)(aead_t *this);
/**
+ * Get the IV generator implementation
+ *
+ * @return IV generator
+ */
+ iv_gen_t *(*get_iv_gen)(aead_t *this);
+
+ /**
* Get the size of the key material (for encryption and authentication).
*
* @return key size in bytes
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index b89198003..edcabfe58 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -234,7 +235,6 @@ METHOD(crypto_factory_t, create_signer, signer_t*,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
-
return signer;
}
@@ -249,9 +249,9 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*,
enumerator = this->hashers->create_enumerator(this->hashers);
while (enumerator->enumerate(enumerator, &entry))
{
- if (algo == HASH_PREFERRED || entry->algo == algo)
+ if (entry->algo == algo)
{
- if (this->test_on_create && algo != HASH_PREFERRED &&
+ if (this->test_on_create &&
!this->tester->test_hasher(this->tester, algo,
entry->create_hasher, NULL,
default_plugin_name))
@@ -307,14 +307,13 @@ METHOD(crypto_factory_t, create_rng, rng_t*,
{
enumerator_t *enumerator;
entry_t *entry;
- u_int diff = ~0;
- rng_constructor_t constr = NULL;
+ rng_t *rng = NULL;
this->lock->read_lock(this->lock);
enumerator = this->rngs->create_enumerator(this->rngs);
while (enumerator->enumerate(enumerator, &entry))
{ /* find the best matching quality, but at least as good as requested */
- if (entry->algo >= quality && diff > entry->algo - quality)
+ if (entry->algo >= quality)
{
if (this->test_on_create &&
!this->tester->test_rng(this->tester, quality,
@@ -323,21 +322,16 @@ METHOD(crypto_factory_t, create_rng, rng_t*,
{
continue;
}
- diff = entry->algo - quality;
- constr = entry->create_rng;
- if (diff == 0)
- { /* perfect match, won't get better */
+ rng = entry->create_rng(quality);
+ if (rng)
+ {
break;
}
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
- if (constr)
- {
- return constr(quality);
- }
- return NULL;
+ return rng;
}
METHOD(crypto_factory_t, create_nonce_gen, nonce_gen_t*,
@@ -396,14 +390,18 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*,
/**
* Insert an algorithm entry to a list
+ *
+ * Entries are sorted by algorithm identifier (which is important for RNGs)
+ * while maintaining the order in which algorithms were added, unless they were
+ * benchmarked and speed is provided, which then is used to order entries of
+ * the same algorithm.
*/
static void add_entry(private_crypto_factory_t *this, linked_list_t *list,
int algo, const char *plugin_name,
u_int speed, void *create)
{
+ enumerator_t *enumerator;
entry_t *entry, *current;
- linked_list_t *tmp;
- bool inserted = FALSE;
INIT(entry,
.algo = algo,
@@ -413,30 +411,21 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list,
entry->create = create;
this->lock->write_lock(this->lock);
- if (speed)
- { /* insert sorted by speed using a temporary list */
- tmp = linked_list_create();
- while (list->remove_first(list, (void**)&current) == SUCCESS)
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (current->algo > algo)
{
- tmp->insert_last(tmp, current);
+ break;
}
- while (tmp->remove_first(tmp, (void**)&current) == SUCCESS)
+ else if (current->algo == algo && speed &&
+ current->speed < speed)
{
- if (!inserted &&
- current->algo == algo &&
- current->speed < speed)
- {
- list->insert_last(list, entry);
- inserted = TRUE;
- }
- list->insert_last(list, current);
+ break;
}
- tmp->destroy(tmp);
- }
- if (!inserted)
- {
- list->insert_last(list, entry);
}
+ list->insert_before(list, enumerator, entry);
+ enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
}
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index 256ecec63..281dc256f 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -213,9 +213,6 @@ struct crypto_factory_t {
/**
* Register a hasher constructor.
*
- * The first added hasher is the preferred hasher returned on
- * create_hasher(HASH_PREFERRED).
- *
* @param algo algorithm to constructor
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 1124ee6f7..3d319d2d4 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -32,13 +32,17 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
"ECP_256",
"ECP_384",
"ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
+ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
"MODP_1024_160",
"MODP_2048_224",
"MODP_2048_256",
"ECP_192",
- "ECP_224");
-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_224_BIT,
+ "ECP_224",
+ "ECP_224_BP",
+ "ECP_256_BP",
+ "ECP_384_BP",
+ "ECP_512_BP");
+ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
"MODP_NULL",
"MODP_CUSTOM");
ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
@@ -462,6 +466,10 @@ bool diffie_hellman_group_is_ec(diffie_hellman_group_t group)
case ECP_521_BIT:
case ECP_192_BIT:
case ECP_224_BIT:
+ case ECP_224_BP:
+ case ECP_256_BP:
+ case ECP_384_BP:
+ case ECP_512_BP:
return TRUE;
default:
return FALSE;
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index cab3b1ba7..edf6bbd6d 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -36,6 +36,7 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t;
* See IKEv2 RFC 3.3.2 and RFC 3526.
*
* ECP groups are defined in RFC 4753 and RFC 5114.
+ * ECC Brainpool groups are defined in RFC 6954.
*/
enum diffie_hellman_group_t {
MODP_NONE = 0,
@@ -55,6 +56,10 @@ enum diffie_hellman_group_t {
MODP_2048_256 = 24,
ECP_192_BIT = 25,
ECP_224_BIT = 26,
+ ECP_224_BP = 27,
+ ECP_256_BP = 28,
+ ECP_384_BP = 29,
+ ECP_512_BP = 30,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
MODP_NULL = 1024,
/** MODP group with custom generator/prime */
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 679bb324e..13cbb5a59 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -21,7 +21,6 @@
ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512,
"HASH_UNKNOWN",
- "HASH_PREFERRED",
"HASH_MD2",
"HASH_MD4",
"HASH_MD5",
@@ -34,7 +33,6 @@ ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512,
ENUM(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA512,
"unknown",
- "preferred",
"md2",
"md4",
"md5",
@@ -199,7 +197,6 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
}
break;
case HASH_SHA1:
- case HASH_PREFERRED:
switch (length)
{
case 12:
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 4e46fca10..37ef0b6ab 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -37,16 +37,14 @@ typedef struct hasher_t hasher_t;
enum hash_algorithm_t {
/** not specified hash function */
HASH_UNKNOWN = 0,
- /** preferred hash function, general purpose */
- HASH_PREFERRED = 1,
- HASH_MD2 = 2,
- HASH_MD4 = 3,
- HASH_MD5 = 4,
- HASH_SHA1 = 5,
- HASH_SHA224 = 6,
- HASH_SHA256 = 7,
- HASH_SHA384 = 8,
- HASH_SHA512 = 9
+ HASH_MD2 = 1,
+ HASH_MD4 = 2,
+ HASH_MD5 = 3,
+ HASH_SHA1 = 4,
+ HASH_SHA224 = 5,
+ HASH_SHA256 = 6,
+ HASH_SHA384 = 7,
+ HASH_SHA512 = 8
};
#define HASH_SIZE_MD2 16
diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h
new file mode 100644
index 000000000..f6bc6471f
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup iv iv
+ * @{ @ingroup crypto
+ */
+
+#ifndef IV_GEN_H_
+#define IV_GEN_H_
+
+typedef struct iv_gen_t iv_gen_t;
+
+#include <library.h>
+
+/**
+ * Generic interface for initialization vector (IV) generators.
+ */
+struct iv_gen_t {
+
+ /**
+ * Generates an IV and writes it into the buffer.
+ *
+ * @param seq external sequence number
+ * @param size size of IV in bytes
+ * @param buffer pointer where the generated IV will be written
+ * @return TRUE if IV allocation was successful, FALSE otherwise
+ */
+ bool (*get_iv)(iv_gen_t *this, u_int64_t seq, size_t size,
+ u_int8_t *buffer) __attribute__((warn_unused_result));
+
+ /**
+ * Generates an IV and allocates space for it.
+ *
+ * @param seq external sequence number
+ * @param size size of IV in bytes
+ * @param chunk chunk which will hold the generated IV
+ * @return TRUE if IV allocation was successful, FALSE otherwise
+ */
+ bool (*allocate_iv)(iv_gen_t *this, u_int64_t seq, size_t size,
+ chunk_t *chunk) __attribute__((warn_unused_result));
+
+ /**
+ * Destroys an IV generator object.
+ */
+ void (*destroy)(iv_gen_t *this);
+};
+
+#endif /** IV_GEN_H_ @}*/
diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c
new file mode 100644
index 000000000..2bed63fcc
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "iv_gen_rand.h"
+
+#include <library.h>
+
+typedef struct private_iv_gen_t private_iv_gen_t;
+
+/**
+ * Private data of an iv_gen_t object.
+ */
+struct private_iv_gen_t {
+
+ /**
+ * Public iv_gen_t interface.
+ */
+ iv_gen_t public;
+
+ /**
+ * rng_t object
+ */
+ rng_t *rng;
+};
+
+METHOD(iv_gen_t, get_iv, bool,
+ private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+{
+ if (!this->rng)
+ {
+ return FALSE;
+ }
+ return this->rng->get_bytes(this->rng, size, buffer);
+}
+
+METHOD(iv_gen_t, allocate_iv, bool,
+ private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+{
+ if (!this->rng)
+ {
+ return FALSE;
+ }
+ return this->rng->allocate_bytes(this->rng, size, chunk);
+}
+
+METHOD(iv_gen_t, destroy, void,
+ private_iv_gen_t *this)
+{
+ DESTROY_IF(this->rng);
+ free(this);
+}
+
+iv_gen_t *iv_gen_rand_create()
+{
+ private_iv_gen_t *this;
+
+ INIT(this,
+ .public = {
+ .get_iv = _get_iv,
+ .allocate_iv = _allocate_iv,
+ .destroy = _destroy,
+ },
+ .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.h b/src/libstrongswan/crypto/iv/iv_gen_rand.h
new file mode 100644
index 000000000..62d76ed21
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen_rand.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @{ @ingroup iv
+ */
+
+#ifndef IV_GEN_RAND_H_
+#define IV_GEN_RAND_H_
+
+#include <crypto/iv/iv_gen.h>
+
+/**
+ * Create an IV generator that generates random IVs.
+ *
+ * @return IV generator
+ */
+iv_gen_t *iv_gen_rand_create();
+
+#endif /** IV_GEN_RAND_H_ @}*/
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
new file mode 100644
index 000000000..98d0c15a6
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "iv_gen_seq.h"
+
+typedef struct private_iv_gen_t private_iv_gen_t;
+
+/**
+ * Private data of an iv_gen_t object.
+ */
+struct private_iv_gen_t {
+
+ /**
+ * Public iv_gen_t interface.
+ */
+ iv_gen_t public;
+
+ /**
+ * Salt to mask counter
+ */
+ u_int8_t *salt;
+};
+
+METHOD(iv_gen_t, get_iv, bool,
+ private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+{
+ u_int8_t iv[sizeof(u_int64_t)];
+ size_t len = size;
+
+ if (!this->salt)
+ {
+ return FALSE;
+ }
+ if (len > sizeof(u_int64_t))
+ {
+ len = sizeof(u_int64_t);
+ memset(buffer, 0, size - len);
+ }
+ htoun64(iv, seq);
+ memxor(iv, this->salt, sizeof(u_int64_t));
+ memcpy(buffer + size - len, iv + sizeof(u_int64_t) - len, len);
+ return TRUE;
+}
+
+METHOD(iv_gen_t, allocate_iv, bool,
+ private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(size);
+ if (!get_iv(this, seq, chunk->len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(iv_gen_t, destroy, void,
+ private_iv_gen_t *this)
+{
+ free(this->salt);
+ free(this);
+}
+
+iv_gen_t *iv_gen_seq_create()
+{
+ private_iv_gen_t *this;
+ rng_t *rng;
+
+ INIT(this,
+ .public = {
+ .get_iv = _get_iv,
+ .allocate_iv = _allocate_iv,
+ .destroy = _destroy,
+ },
+ );
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (rng)
+ {
+ this->salt = malloc(sizeof(u_int64_t));
+ if (!rng->get_bytes(rng, sizeof(u_int64_t), this->salt))
+ {
+ free(this->salt);
+ this->salt = NULL;
+ }
+ rng->destroy(rng);
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.h b/src/libstrongswan/crypto/iv/iv_gen_seq.h
new file mode 100644
index 000000000..329dcca05
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @{ @ingroup iv
+ */
+
+#ifndef IV_GEN_SEQ_H_
+#define IV_GEN_SEQ_H_
+
+#include <crypto/iv/iv_gen.h>
+
+/**
+ * Create an IV generator that generates sequential IVs (counter).
+ *
+ * @return IV generator
+ */
+iv_gen_t *iv_gen_seq_create();
+
+#endif /** IV_GEN_SEQ_H_ @}*/
diff --git a/src/libstrongswan/crypto/prfs/mac_prf.h b/src/libstrongswan/crypto/prfs/mac_prf.h
index b2c0c6e17..4ff925b04 100644
--- a/src/libstrongswan/crypto/prfs/mac_prf.h
+++ b/src/libstrongswan/crypto/prfs/mac_prf.h
@@ -15,7 +15,7 @@
/**
* @defgroup mac_prf mac_prf
- * @{ @ingroup crypto
+ * @{ @ingroup prf
*/
#ifndef MAC_PRF_H_
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index d85bfebd0..a238f640e 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -1,4 +1,4 @@
-/* C code produced by gperf version 3.0.3 */
+/* C code produced by gperf version 3.0.4 */
/* Command-line: /usr/bin/gperf -N proposal_get_token_static -m 10 -C -G -c -t -D */
/* Computed positions: -k'1,5,7,10,15,$' */
@@ -59,12 +59,12 @@ struct proposal_token {
u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 130
+#define TOTAL_KEYWORDS 134
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 12
-#define MAX_HASH_VALUE 216
-/* maximum key range = 205, duplicates = 0 */
+#define MIN_HASH_VALUE 4
+#define MAX_HASH_VALUE 215
+/* maximum key range = 212, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 35, 10,
- 5, 34, 68, 21, 9, 16, 6, 4, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 117, 217, 15, 22, 23,
- 4, 29, 4, 51, 57, 4, 217, 217, 4, 16,
- 58, 4, 217, 5, 81, 104, 6, 34, 217, 217,
- 5, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217, 217, 217, 217,
- 217, 217, 217, 217, 217, 217, 217
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 0, 4,
+ 1, 21, 15, 13, 9, 16, 2, 0, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 76, 216, 2, 28, 16,
+ 0, 39, 112, 42, 31, 0, 216, 216, 0, 9,
+ 100, 0, 7, 20, 95, 12, 44, 55, 216, 216,
+ 1, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216
};
register int hval = len;
@@ -143,166 +143,170 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
{"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
- {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
- {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
{"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
{"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
{"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
{"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
{"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
{"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
+ {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
{"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
{"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
{"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
{"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
{"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
{"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
- {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
{"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
{"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
- {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
{"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
{"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
- {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
{"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
- {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
{"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
{"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
{"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
{"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
+ {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
{"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
{"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
+ {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
{"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
- {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}
+ {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}
};
static const short lookup[] =
{
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, 0, -1, -1, -1, -1, -1, -1, 1,
- 2, -1, -1, -1, 3, 4, -1, 5, -1, -1,
- -1, -1, 6, 7, 8, 9, 10, 11, -1, 12,
- 13, -1, 14, 15, 16, 17, 18, 19, 20, 21,
- 22, 23, 24, 25, 26, -1, -1, -1, 27, -1,
- 28, 29, 30, 31, 32, 33, 34, -1, 35, 36,
+ -1, -1, -1, -1, 0, -1, -1, -1, -1, -1,
+ 1, -1, 2, -1, 3, 4, -1, -1, -1, 5,
+ 6, 7, 8, 9, 10, 11, 12, -1, -1, 13,
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
+ 24, 25, 26, 27, 28, -1, -1, -1, -1, 29,
+ -1, -1, 30, 31, 32, 33, 34, -1, 35, 36,
37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
- 47, 48, 49, 50, 51, 52, 53, 54, 55, 56,
- 57, 58, 59, 60, 61, 62, 63, 64, 65, 66,
- 67, 68, 69, 70, 71, 72, 73, 74, 75, 76,
- 77, 78, 79, 80, 81, 82, 83, 84, 85, 86,
- 87, 88, 89, 90, 91, 92, 93, -1, 94, 95,
- 96, -1, 97, 98, 99, -1, 100, 101, 102, 103,
- 104, -1, -1, -1, -1, 105, 106, 107, -1, 108,
- 109, 110, -1, 111, 112, -1, 113, 114, -1, 115,
- -1, 116, 117, -1, -1, 118, 119, -1, 120, -1,
- -1, -1, 121, 122, -1, 123, 124, -1, -1, -1,
- -1, -1, 125, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, 126, -1, -1, -1,
- -1, -1, -1, -1, -1, 127, -1, -1, -1, -1,
- -1, 128, -1, -1, -1, -1, 129
+ 47, 48, 49, 50, 51, 52, 53, 54, -1, 55,
+ 56, 57, -1, 58, 59, 60, 61, 62, 63, 64,
+ 65, 66, 67, -1, 68, 69, 70, 71, 72, 73,
+ 74, 75, 76, 77, -1, 78, 79, 80, 81, 82,
+ 83, 84, 85, 86, 87, 88, 89, 90, 91, 92,
+ -1, 93, 94, 95, 96, 97, 98, 99, 100, -1,
+ -1, -1, 101, 102, 103, 104, -1, 105, 106, 107,
+ 108, 109, 110, -1, 111, 112, 113, 114, 115, 116,
+ 117, 118, 119, 120, 121, 122, 123, 124, -1, 125,
+ -1, 126, -1, -1, -1, -1, -1, -1, 127, -1,
+ -1, -1, -1, 128, -1, -1, -1, -1, 129, 130,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 131, -1, -1, 132, -1,
+ -1, -1, -1, -1, -1, 133
};
#ifdef __GNUC__
__inline
-#ifdef __GNUC_STDC_INLINE__
+#if defined __GNUC_STDC_INLINE__ || defined __GNUC_GNU_INLINE__
__attribute__ ((__gnu_inline__))
#endif
#endif
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 445438f03..c484320ca 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -157,5 +157,9 @@ ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0
modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0
modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0
+ecp224bp, DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0
+ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0
+ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0
+ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0