summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.c147
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.h74
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c178
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h15
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c629
-rw-r--r--src/libstrongswan/crypto/crypto_tester.h205
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c28
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h2
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c8
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h18
-rw-r--r--src/libstrongswan/crypto/pkcs9.c2
-rw-r--r--src/libstrongswan/crypto/pkcs9.h2
-rw-r--r--src/libstrongswan/crypto/prf_plus.c2
-rw-r--r--src/libstrongswan/crypto/prf_plus.h2
-rw-r--r--src/libstrongswan/crypto/prfs/prf.c11
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h20
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c270
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.h34
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt118
-rw-r--r--src/libstrongswan/crypto/rngs/rng.c6
-rw-r--r--src/libstrongswan/crypto/rngs/rng.h10
-rw-r--r--src/libstrongswan/crypto/signers/signer.c21
-rw-r--r--src/libstrongswan/crypto/signers/signer.h35
-rw-r--r--src/libstrongswan/crypto/transform.c29
-rw-r--r--src/libstrongswan/crypto/transform.h47
25 files changed, 1744 insertions, 169 deletions
diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c
index 13ba9c6e2..ebd35a8a0 100644
--- a/src/libstrongswan/crypto/crypters/crypter.c
+++ b/src/libstrongswan/crypto/crypters/crypter.c
@@ -12,22 +12,20 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crypter.c 4880 2009-02-18 19:45:46Z tobias $
*/
+#include <asn1/oid.h>
+
#include "crypter.h"
-ENUM_BEGIN(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_UNDEFINED,
- "UNDEFINED");
-ENUM_NEXT(encryption_algorithm_names, ENCR_DES_IV64, ENCR_DES_IV32, ENCR_UNDEFINED,
+ENUM_BEGIN(encryption_algorithm_names, ENCR_DES_IV64, ENCR_DES_IV32,
"DES_IV64",
- "DES",
- "3DES",
- "RC5",
- "IDEA",
- "CAST",
- "BLOWFISH",
+ "DES_CBC",
+ "3DES_CBC",
+ "RC5_CBC",
+ "IDEA_CBC",
+ "CAST_CBC",
+ "BLOWFISH_CBC",
"3IDEA",
"DES_IV32");
ENUM_NEXT(encryption_algorithm_names, ENCR_NULL, ENCR_AES_CCM_ICV16, ENCR_DES_IV32,
@@ -37,11 +35,128 @@ ENUM_NEXT(encryption_algorithm_names, ENCR_NULL, ENCR_AES_CCM_ICV16, ENCR_DES_IV
"AES_CCM_8",
"AES_CCM_12",
"AES_CCM_16");
-ENUM_NEXT(encryption_algorithm_names, ENCR_AES_GCM_ICV8, ENCR_AES_GCM_ICV16, ENCR_AES_CCM_ICV16,
+ENUM_NEXT(encryption_algorithm_names, ENCR_AES_GCM_ICV8, ENCR_NULL_AUTH_AES_GMAC, ENCR_AES_CCM_ICV16,
"AES_GCM_8",
"AES_GCM_12",
- "AES_GCM_16");
-ENUM_NEXT(encryption_algorithm_names, ENCR_DES_ECB, ENCR_DES_ECB, ENCR_AES_GCM_ICV16,
- "DES_ECB");
-ENUM_END(encryption_algorithm_names, ENCR_DES_ECB);
+ "AES_GCM_16",
+ "NULL_AES_GMAC");
+ENUM_NEXT(encryption_algorithm_names, ENCR_CAMELLIA_CBC, ENCR_CAMELLIA_CCM_ICV16, ENCR_NULL_AUTH_AES_GMAC,
+ "CAMELLIA_CBC",
+ "CAMELLIA_CTR",
+ "CAMELLIA_CCM_8",
+ "CAMELLIA_CCM_12",
+ "CAMELLIA_CCM_16");
+ENUM_NEXT(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_TWOFISH_CBC, ENCR_CAMELLIA_CCM_ICV16,
+ "UNDEFINED",
+ "DES_ECB",
+ "SERPENT_CBC",
+ "TWOFISH_CBC");
+ENUM_END(encryption_algorithm_names, ENCR_TWOFISH_CBC);
+
+/*
+ * Described in header.
+ */
+encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size)
+{
+ encryption_algorithm_t alg;
+ size_t alg_key_size;
+
+ switch (oid)
+ {
+ case OID_DES_CBC:
+ alg = ENCR_DES;
+ alg_key_size = 0;
+ break;
+ case OID_3DES_EDE_CBC:
+ alg = ENCR_3DES;
+ alg_key_size = 0;
+ break;
+ case OID_AES128_CBC:
+ alg = ENCR_AES_CBC;
+ alg_key_size = 128;
+ break;
+ case OID_AES192_CBC:
+ alg = ENCR_AES_CBC;
+ alg_key_size = 192;
+ break;
+ case OID_AES256_CBC:
+ alg = ENCR_AES_CBC;
+ alg_key_size = 256;
+ break;
+ case OID_CAMELLIA128_CBC:
+ alg = ENCR_CAMELLIA_CBC;
+ alg_key_size = 128;
+ break;
+ case OID_CAMELLIA192_CBC:
+ alg = ENCR_CAMELLIA_CBC;
+ alg_key_size = 192;
+ break;
+ case OID_CAMELLIA256_CBC:
+ alg = ENCR_CAMELLIA_CBC;
+ alg_key_size = 256;
+ break;
+ default:
+ alg = ENCR_UNDEFINED;
+ alg_key_size = 0;
+ }
+ if (key_size)
+ {
+ *key_size = alg_key_size;
+ }
+ return alg;
+}
+
+/*
+ * Described in header.
+ */
+int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size)
+{
+ int oid;
+
+ switch(alg)
+ {
+ case ENCR_DES:
+ oid = OID_DES_CBC;
+ break;
+ case ENCR_3DES:
+ oid = OID_3DES_EDE_CBC;
+ break;
+ case ENCR_AES_CBC:
+ switch (key_size)
+ {
+ case 128:
+ oid = OID_AES128_CBC;
+ break;
+ case 192:
+ oid = OID_AES192_CBC;
+ break;
+ case 256:
+ oid = OID_AES256_CBC;
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ break;
+ case ENCR_CAMELLIA_CBC:
+ switch (key_size)
+ {
+ case 128:
+ oid = OID_CAMELLIA128_CBC;
+ break;
+ case 192:
+ oid = OID_CAMELLIA192_CBC;
+ break;
+ case 256:
+ oid = OID_CAMELLIA256_CBC;
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ return oid;
+}
+
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index d61d98f95..2879e24c0 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crypter.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -33,28 +31,42 @@ typedef struct crypter_t crypter_t;
* Encryption algorithm, as in IKEv2 RFC 3.3.2.
*/
enum encryption_algorithm_t {
- ENCR_UNDEFINED = 1024,
- ENCR_DES_IV64 = 1,
- ENCR_DES = 2,
- ENCR_3DES = 3,
- ENCR_RC5 = 4,
- ENCR_IDEA = 5,
- ENCR_CAST = 6,
- ENCR_BLOWFISH = 7,
- ENCR_3IDEA = 8,
- ENCR_DES_IV32 = 9,
- ENCR_NULL = 11,
- ENCR_AES_CBC = 12,
- ENCR_AES_CTR = 13,
- ENCR_AES_CCM_ICV8 = 14,
- ENCR_AES_CCM_ICV12 = 15,
- ENCR_AES_CCM_ICV16 = 16,
- ENCR_AES_GCM_ICV8 = 18,
- ENCR_AES_GCM_ICV12 = 19,
- ENCR_AES_GCM_ICV16 = 20,
- ENCR_DES_ECB = 1025
+ ENCR_DES_IV64 = 1,
+ ENCR_DES = 2,
+ ENCR_3DES = 3,
+ ENCR_RC5 = 4,
+ ENCR_IDEA = 5,
+ ENCR_CAST = 6,
+ ENCR_BLOWFISH = 7,
+ ENCR_3IDEA = 8,
+ ENCR_DES_IV32 = 9,
+ ENCR_NULL = 11,
+ ENCR_AES_CBC = 12,
+ ENCR_AES_CTR = 13,
+ ENCR_AES_CCM_ICV8 = 14,
+ ENCR_AES_CCM_ICV12 = 15,
+ ENCR_AES_CCM_ICV16 = 16,
+ ENCR_AES_GCM_ICV8 = 18,
+ ENCR_AES_GCM_ICV12 = 19,
+ ENCR_AES_GCM_ICV16 = 20,
+ ENCR_NULL_AUTH_AES_GMAC = 21,
+ ENCR_CAMELLIA_CBC = 23,
+ ENCR_CAMELLIA_CTR = 24,
+ ENCR_CAMELLIA_CCM_ICV8 = 25,
+ ENCR_CAMELLIA_CCM_ICV12 = 26,
+ ENCR_CAMELLIA_CCM_ICV16 = 27,
+ ENCR_UNDEFINED = 1024,
+ ENCR_DES_ECB = 1025,
+ ENCR_SERPENT_CBC = 1026,
+ ENCR_TWOFISH_CBC = 1027
};
+#define DES_BLOCK_SIZE 8
+#define BLOWFISH_BLOCK_SIZE 8
+#define AES_BLOCK_SIZE 16
+#define SERPENT_BLOCK_SIZE 16
+#define TWOFISH_BLOCK_SIZE 16
+
/**
* enum name for encryption_algorithm_t.
*/
@@ -122,4 +134,22 @@ struct crypter_t {
void (*destroy) (crypter_t *this);
};
+/**
+ * Conversion of ASN.1 OID to encryption algorithm.
+ *
+ * @param oid ASN.1 OID
+ * @param key_size returns size of encryption key in bits
+ * @return encryption algorithm, ENCR_UNDEFINED if OID unsupported
+ */
+encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size);
+
+/**
+ * Conversion of encryption algorithm to ASN.1 OID.
+ *
+ * @param alg encryption algorithm
+ * @param key_size size of encryption key in bits
+ * @return ASN.1 OID, OID_UNKNOWN if OID is unknown
+ */
+int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size);
+
#endif /** CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index dcc881f1d..fea8d0793 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -11,14 +11,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crypto_factory.c 4592 2008-11-05 16:21:57Z martin $
*/
#include "crypto_factory.h"
-#include <utils/linked_list.h>
+#include <debug.h>
#include <utils/mutex.h>
+#include <utils/linked_list.h>
+#include <crypto/crypto_tester.h>
typedef struct entry_t entry_t;
struct entry_t {
@@ -78,6 +78,21 @@ struct private_crypto_factory_t {
linked_list_t *dhs;
/**
+ * test manager to test crypto algorithms
+ */
+ crypto_tester_t *tester;
+
+ /**
+ * whether to test algorithms during registration
+ */
+ bool test_on_add;
+
+ /**
+ * whether to test algorithms on each crypto primitive construction
+ */
+ bool test_on_create;
+
+ /**
* rwlock to lock access to modules
*/
rwlock_t *lock;
@@ -92,13 +107,19 @@ static crypter_t* create_crypter(private_crypto_factory_t *this,
enumerator_t *enumerator;
entry_t *entry;
crypter_t *crypter = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->crypters->create_enumerator(this->crypters);
while (enumerator->enumerate(enumerator, &entry))
{
if (entry->algo == algo)
{
+ if (this->test_on_create &&
+ !this->tester->test_crypter(this->tester, algo, key_size,
+ entry->create_crypter))
+ {
+ continue;
+ }
crypter = entry->create_crypter(algo, key_size);
if (crypter)
{
@@ -120,13 +141,19 @@ static signer_t* create_signer(private_crypto_factory_t *this,
enumerator_t *enumerator;
entry_t *entry;
signer_t *signer = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->signers->create_enumerator(this->signers);
while (enumerator->enumerate(enumerator, &entry))
{
if (entry->algo == algo)
{
+ if (this->test_on_create &&
+ !this->tester->test_signer(this->tester, algo,
+ entry->create_signer))
+ {
+ continue;
+ }
signer = entry->create_signer(algo);
if (signer)
{
@@ -136,7 +163,7 @@ static signer_t* create_signer(private_crypto_factory_t *this,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
-
+
return signer;
}
@@ -156,6 +183,12 @@ static hasher_t* create_hasher(private_crypto_factory_t *this,
{
if (algo == HASH_PREFERRED || entry->algo == algo)
{
+ if (this->test_on_create && algo != HASH_PREFERRED &&
+ !this->tester->test_hasher(this->tester, algo,
+ entry->create_hasher))
+ {
+ continue;
+ }
hasher = entry->create_hasher(entry->algo);
if (hasher)
{
@@ -184,6 +217,11 @@ static prf_t* create_prf(private_crypto_factory_t *this,
{
if (entry->algo == algo)
{
+ if (this->test_on_create &&
+ !this->tester->test_prf(this->tester, algo, entry->create_prf))
+ {
+ continue;
+ }
prf = entry->create_prf(algo);
if (prf)
{
@@ -205,13 +243,18 @@ static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality)
entry_t *entry;
u_int diff = ~0;
rng_constructor_t constr = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->rngs->create_enumerator(this->rngs);
while (enumerator->enumerate(enumerator, &entry))
{ /* find the best matching quality, but at least as good as requested */
if (entry->algo >= quality && diff > entry->algo - quality)
{
+ if (this->test_on_create &&
+ !this->tester->test_rng(this->tester, quality, entry->create_rng))
+ {
+ continue;
+ }
diff = entry->algo - quality;
constr = entry->create_rng;
if (diff == 0)
@@ -264,13 +307,17 @@ static void add_crypter(private_crypto_factory_t *this,
encryption_algorithm_t algo,
crypter_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_crypter = create;
- this->lock->write_lock(this->lock);
- this->crypters->insert_last(this->crypters, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_crypter(this->tester, algo, 0, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_crypter = create;
+ this->lock->write_lock(this->lock);
+ this->crypters->insert_last(this->crypters, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -302,13 +349,17 @@ static void remove_crypter(private_crypto_factory_t *this,
static void add_signer(private_crypto_factory_t *this,
integrity_algorithm_t algo, signer_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_signer = create;
- this->lock->write_lock(this->lock);
- this->signers->insert_last(this->signers, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_signer(this->tester, algo, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_signer = create;
+ this->lock->write_lock(this->lock);
+ this->signers->insert_last(this->signers, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -340,13 +391,17 @@ static void remove_signer(private_crypto_factory_t *this,
static void add_hasher(private_crypto_factory_t *this, hash_algorithm_t algo,
hasher_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_hasher = create;
- this->lock->write_lock(this->lock);
- this->hashers->insert_last(this->hashers, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_hasher(this->tester, algo, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_hasher = create;
+ this->lock->write_lock(this->lock);
+ this->hashers->insert_last(this->hashers, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -378,13 +433,17 @@ static void remove_hasher(private_crypto_factory_t *this,
static void add_prf(private_crypto_factory_t *this,
pseudo_random_function_t algo, prf_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_prf = create;
- this->lock->write_lock(this->lock);
- this->prfs->insert_last(this->prfs, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_prf(this->tester, algo, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_prf = create;
+ this->lock->write_lock(this->lock);
+ this->prfs->insert_last(this->prfs, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -415,13 +474,17 @@ static void remove_prf(private_crypto_factory_t *this, prf_constructor_t create)
static void add_rng(private_crypto_factory_t *this, rng_quality_t quality,
rng_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = quality;
- entry->create_rng = create;
- this->lock->write_lock(this->lock);
- this->rngs->insert_last(this->rngs, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_rng(this->tester, quality, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = quality;
+ entry->create_rng = create;
+ this->lock->write_lock(this->lock);
+ this->rngs->insert_last(this->rngs, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -605,6 +668,30 @@ static enumerator_t* create_dh_enumerator(private_crypto_factory_t *this)
}
/**
+ * Implementation of crypto_factory_t.add_test_vector
+ */
+static void add_test_vector(private_crypto_factory_t *this,
+ transform_type_t type, void *vector)
+{
+ switch (type)
+ {
+ case ENCRYPTION_ALGORITHM:
+ return this->tester->add_crypter_vector(this->tester, vector);
+ case INTEGRITY_ALGORITHM:
+ return this->tester->add_signer_vector(this->tester, vector);
+ case HASH_ALGORITHM:
+ return this->tester->add_hasher_vector(this->tester, vector);
+ case PSEUDO_RANDOM_FUNCTION:
+ return this->tester->add_prf_vector(this->tester, vector);
+ case RANDOM_NUMBER_GENERATOR:
+ return this->tester->add_rng_vector(this->tester, vector);
+ default:
+ DBG1("%N test vectors not supported, ignored",
+ transform_type_names, type);
+ }
+}
+
+/**
* Implementation of crypto_factory_t.destroy
*/
static void destroy(private_crypto_factory_t *this)
@@ -615,6 +702,7 @@ static void destroy(private_crypto_factory_t *this)
this->prfs->destroy_function(this->prfs, free);
this->rngs->destroy_function(this->rngs, free);
this->dhs->destroy_function(this->dhs, free);
+ this->tester->destroy(this->tester);
this->lock->destroy(this->lock);
free(this);
}
@@ -649,6 +737,7 @@ crypto_factory_t *crypto_factory_create()
this->public.create_hasher_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_hasher_enumerator;
this->public.create_prf_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_prf_enumerator;
this->public.create_dh_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_dh_enumerator;
+ this->public.add_test_vector = (void(*)(crypto_factory_t*, transform_type_t type, ...))add_test_vector;
this->public.destroy = (void(*)(crypto_factory_t*))destroy;
this->crypters = linked_list_create();
@@ -658,6 +747,11 @@ crypto_factory_t *crypto_factory_create()
this->rngs = linked_list_create();
this->dhs = linked_list_create();
this->lock = rwlock_create(RWLOCK_DEFAULT);
+ this->tester = crypto_tester_create();
+ this->test_on_add = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.on_add", FALSE);
+ this->test_on_create = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.on_create", FALSE);
return &this->public;
}
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index e2d2de71a..f1ebcf90a 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -30,6 +30,7 @@ typedef struct crypto_factory_t crypto_factory_t;
#include <crypto/prfs/prf.h>
#include <crypto/rngs/rng.h>
#include <crypto/diffie_hellman.h>
+#include <crypto/transform.h>
/**
* Constructor function for crypters
@@ -257,9 +258,17 @@ struct crypto_factory_t {
enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this);
/**
- * Destroy a crypto_factory instance.
- */
- void (*destroy)(crypto_factory_t *this);
+ * Add a test vector to the crypto factory.
+ *
+ * @param type type of the test vector
+ * @param ... pointer to a test vector, defined in crypto_tester.h
+ */
+ void (*add_test_vector)(crypto_factory_t *this, transform_type_t type, ...);
+
+ /**
+ * Destroy a crypto_factory instance.
+ */
+ void (*destroy)(crypto_factory_t *this);
};
/**
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
new file mode 100644
index 000000000..b0b5aa969
--- /dev/null
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -0,0 +1,629 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "crypto_tester.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+
+typedef struct private_crypto_tester_t private_crypto_tester_t;
+
+/**
+ * Private data of an crypto_tester_t object.
+ */
+struct private_crypto_tester_t {
+
+ /**
+ * Public crypto_tester_t interface.
+ */
+ crypto_tester_t public;
+
+ /**
+ * List of crypter test vectors
+ */
+ linked_list_t *crypter;
+
+ /**
+ * List of signer test vectors
+ */
+ linked_list_t *signer;
+
+ /**
+ * List of hasher test vectors
+ */
+ linked_list_t *hasher;
+
+ /**
+ * List of PRF test vectors
+ */
+ linked_list_t *prf;
+
+ /**
+ * List of RNG test vectors
+ */
+ linked_list_t *rng;
+
+ /**
+ * Is a test vector required to pass a test?
+ */
+ bool required;
+
+ /**
+ * should we run RNG_TRUE tests? Enough entropy?
+ */
+ bool rng_true;
+};
+
+/**
+ * Implementation of crypto_tester_t.test_crypter
+ */
+static bool test_crypter(private_crypto_tester_t *this,
+ encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create)
+{
+ enumerator_t *enumerator;
+ crypter_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->crypter->create_enumerator(this->crypter);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ crypter_t *crypter;
+ chunk_t key, plain, cipher, iv;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+ if (key_size && key_size != vector->key_size)
+ { /* test only vectors with a specific key size, if key size given */
+ continue;
+ }
+ crypter = create(alg, vector->key_size);
+ if (!crypter)
+ { /* key size not supported... */
+ continue;
+ }
+
+ failed = FALSE;
+ tested++;
+
+ key = chunk_create(vector->key, crypter->get_key_size(crypter));
+ crypter->set_key(crypter, key);
+ iv = chunk_create(vector->iv, crypter->get_block_size(crypter));
+
+ /* allocated encryption */
+ plain = chunk_create(vector->plain, vector->len);
+ crypter->encrypt(crypter, plain, iv, &cipher);
+ if (!memeq(vector->cipher, cipher.ptr, cipher.len))
+ {
+ failed = TRUE;
+ }
+ /* inline decryption */
+ crypter->decrypt(crypter, cipher, iv, NULL);
+ if (!memeq(vector->plain, cipher.ptr, cipher.len))
+ {
+ failed = TRUE;
+ }
+ free(cipher.ptr);
+ /* allocated decryption */
+ cipher = chunk_create(vector->cipher, vector->len);
+ crypter->decrypt(crypter, cipher, iv, &plain);
+ if (!memeq(vector->plain, plain.ptr, plain.len))
+ {
+ failed = TRUE;
+ }
+ /* inline encryption */
+ crypter->encrypt(crypter, plain, iv, NULL);
+ if (!memeq(vector->cipher, plain.ptr, plain.len))
+ {
+ failed = TRUE;
+ }
+ free(plain.ptr);
+
+ crypter->destroy(crypter);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ encryption_algorithm_names, alg, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ encryption_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ encryption_algorithm_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypto_tester_t.test_signer
+ */
+static bool test_signer(private_crypto_tester_t *this,
+ integrity_algorithm_t alg, signer_constructor_t create)
+{
+ enumerator_t *enumerator;
+ signer_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->signer->create_enumerator(this->signer);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ signer_t *signer;
+ chunk_t key, data, mac;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ signer = create(alg);
+ if (!signer)
+ {
+ DBG1("disabled %N: creating instance failed",
+ integrity_algorithm_names, alg);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ key = chunk_create(vector->key, signer->get_key_size(signer));
+ signer->set_key(signer, key);
+
+ /* allocated signature */
+ data = chunk_create(vector->data, vector->len);
+ signer->allocate_signature(signer, data, &mac);
+ if (mac.len != signer->get_block_size(signer))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->mac, mac.ptr, mac.len))
+ {
+ failed = TRUE;
+ }
+ /* signature to existing buffer */
+ memset(mac.ptr, 0, mac.len);
+ signer->get_signature(signer, data, mac.ptr);
+ if (!memeq(vector->mac, mac.ptr, mac.len))
+ {
+ failed = TRUE;
+ }
+ /* signature verification, good case */
+ if (!signer->verify_signature(signer, data, mac))
+ {
+ failed = TRUE;
+ }
+ /* signature verification, bad case */
+ *(mac.ptr + mac.len - 1) += 1;
+ if (signer->verify_signature(signer, data, mac))
+ {
+ failed = TRUE;
+ }
+ /* signature to existing buffer, using append mode */
+ if (data.len > 2)
+ {
+ memset(mac.ptr, 0, mac.len);
+ signer->allocate_signature(signer, chunk_create(data.ptr, 1), NULL);
+ signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
+ signer->get_signature(signer, chunk_skip(data, 2), mac.ptr);
+ if (!memeq(vector->mac, mac.ptr, mac.len))
+ {
+ failed = TRUE;
+ }
+ }
+ free(mac.ptr);
+
+ signer->destroy(signer);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ integrity_algorithm_names, alg, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ integrity_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ integrity_algorithm_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of hasher_t.test_hasher
+ */
+static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
+ hasher_constructor_t create)
+{
+ enumerator_t *enumerator;
+ hasher_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->hasher->create_enumerator(this->hasher);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ hasher_t *hasher;
+ chunk_t data, hash;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ hasher = create(alg);
+ if (!hasher)
+ {
+ DBG1("disabled %N: creating instance failed",
+ hash_algorithm_names, alg);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ /* allocated hash */
+ data = chunk_create(vector->data, vector->len);
+ hasher->allocate_hash(hasher, data, &hash);
+ if (hash.len != hasher->get_hash_size(hasher))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->hash, hash.ptr, hash.len))
+ {
+ failed = TRUE;
+ }
+ /* hash to existing buffer */
+ memset(hash.ptr, 0, hash.len);
+ hasher->get_hash(hasher, data, hash.ptr);
+ if (!memeq(vector->hash, hash.ptr, hash.len))
+ {
+ failed = TRUE;
+ }
+ /* hasher to existing buffer, using append mode */
+ if (data.len > 2)
+ {
+ memset(hash.ptr, 0, hash.len);
+ hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL);
+ hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL);
+ hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr);
+ if (!memeq(vector->hash, hash.ptr, hash.len))
+ {
+ failed = TRUE;
+ }
+ }
+ free(hash.ptr);
+
+ hasher->destroy(hasher);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ hash_algorithm_names, alg), tested;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ hash_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ hash_algorithm_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypto_tester_t.test_prf
+ */
+static bool test_prf(private_crypto_tester_t *this,
+ pseudo_random_function_t alg, prf_constructor_t create)
+{
+ enumerator_t *enumerator;
+ prf_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->prf->create_enumerator(this->prf);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ prf_t *prf;
+ chunk_t key, seed, out;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ prf = create(alg);
+ if (!prf)
+ {
+ DBG1("disabled %N: creating instance failed",
+ pseudo_random_function_names, alg);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ key = chunk_create(vector->key, vector->key_size);
+ prf->set_key(prf, key);
+
+ /* allocated bytes */
+ seed = chunk_create(vector->seed, vector->len);
+ prf->allocate_bytes(prf, seed, &out);
+ if (out.len != prf->get_block_size(prf))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ failed = TRUE;
+ }
+ /* bytes to existing buffer */
+ memset(out.ptr, 0, out.len);
+ if (vector->stateful)
+ {
+ prf->set_key(prf, key);
+ }
+ prf->get_bytes(prf, seed, out.ptr);
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ failed = TRUE;
+ }
+ /* bytes to existing buffer, using append mode */
+ if (seed.len > 2)
+ {
+ memset(out.ptr, 0, out.len);
+ if (vector->stateful)
+ {
+ prf->set_key(prf, key);
+ }
+ prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL);
+ prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL);
+ prf->get_bytes(prf, chunk_skip(seed, 2), out.ptr);
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ failed = TRUE;
+ }
+ }
+ free(out.ptr);
+
+ prf->destroy(prf);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ pseudo_random_function_names, alg, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ pseudo_random_function_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ pseudo_random_function_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypto_tester_t.test_rng
+ */
+static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
+ rng_constructor_t create)
+{
+ enumerator_t *enumerator;
+ rng_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ if (!this->rng_true && quality == RNG_TRUE)
+ {
+ DBG1("enabled %N: skipping test (disabled by config)",
+ rng_quality_names, quality);
+ return TRUE;
+ }
+
+ enumerator = this->rng->create_enumerator(this->rng);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ rng_t *rng;
+ chunk_t data;
+
+ if (vector->quality != quality)
+ {
+ continue;
+ }
+
+ tested++;
+ rng = create(quality);
+ if (!rng)
+ {
+ DBG1("disabled %N: creating instance failed",
+ rng_quality_names, quality);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ /* allocated bytes */
+ rng->allocate_bytes(rng, vector->len, &data);
+ if (data.len != vector->len)
+ {
+ failed = TRUE;
+ }
+ if (!vector->test(vector->user, data))
+ {
+ failed = TRUE;
+ }
+ /* bytes to existing buffer */
+ memset(data.ptr, 0, data.len);
+ rng->get_bytes(rng, vector->len, data.ptr);
+ if (!vector->test(vector->user, data))
+ {
+ failed = TRUE;
+ }
+ free(data.ptr);
+
+ rng->destroy(rng);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ rng_quality_names, quality, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? ", disabled" : "enabled ",
+ rng_quality_names, quality);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ rng_quality_names, quality, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypter_tester_t.add_crypter_vector
+ */
+static void add_crypter_vector(private_crypto_tester_t *this,
+ crypter_test_vector_t *vector)
+{
+ this->crypter->insert_last(this->crypter, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_signer_vector
+ */
+static void add_signer_vector(private_crypto_tester_t *this,
+ signer_test_vector_t *vector)
+{
+ this->signer->insert_last(this->signer, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_hasher_vector
+ */
+static void add_hasher_vector(private_crypto_tester_t *this,
+ hasher_test_vector_t *vector)
+{
+ this->hasher->insert_last(this->hasher, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_prf_vector
+ */
+static void add_prf_vector(private_crypto_tester_t *this,
+ prf_test_vector_t *vector)
+{
+ this->prf->insert_last(this->prf, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_rng_vector
+ */
+static void add_rng_vector(private_crypto_tester_t *this,
+ rng_test_vector_t *vector)
+{
+ this->rng->insert_last(this->rng, vector);
+}
+
+/**
+ * Implementation of crypto_tester_t.destroy.
+ */
+static void destroy(private_crypto_tester_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ this->signer->destroy(this->signer);
+ this->hasher->destroy(this->hasher);
+ this->prf->destroy(this->prf);
+ this->rng->destroy(this->rng);
+ free(this);
+}
+
+/**
+ * See header
+ */
+crypto_tester_t *crypto_tester_create()
+{
+ private_crypto_tester_t *this = malloc_thing(private_crypto_tester_t);
+
+ this->public.test_crypter = (bool(*)(crypto_tester_t*, encryption_algorithm_t alg,size_t key_size, crypter_constructor_t create))test_crypter;
+ this->public.test_signer = (bool(*)(crypto_tester_t*, integrity_algorithm_t alg, signer_constructor_t create))test_signer;
+ this->public.test_hasher = (bool(*)(crypto_tester_t*, hash_algorithm_t alg, hasher_constructor_t create))test_hasher;
+ this->public.test_prf = (bool(*)(crypto_tester_t*, pseudo_random_function_t alg, prf_constructor_t create))test_prf;
+ this->public.test_rng = (bool(*)(crypto_tester_t*, rng_quality_t quality, rng_constructor_t create))test_rng;
+ this->public.add_crypter_vector = (void(*)(crypto_tester_t*, crypter_test_vector_t *vector))add_crypter_vector;
+ this->public.add_signer_vector = (void(*)(crypto_tester_t*, signer_test_vector_t *vector))add_signer_vector;
+ this->public.add_hasher_vector = (void(*)(crypto_tester_t*, hasher_test_vector_t *vector))add_hasher_vector;
+ this->public.add_prf_vector = (void(*)(crypto_tester_t*, prf_test_vector_t *vector))add_prf_vector;
+ this->public.add_rng_vector = (void(*)(crypto_tester_t*, rng_test_vector_t *vector))add_rng_vector;
+ this->public.destroy = (void(*)(crypto_tester_t*))destroy;
+
+ this->crypter = linked_list_create();
+ this->signer = linked_list_create();
+ this->hasher = linked_list_create();
+ this->prf = linked_list_create();
+ this->rng = linked_list_create();
+
+ this->required = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.required", FALSE);
+ this->rng_true = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.rng_true", FALSE);
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
new file mode 100644
index 000000000..d2929f33d
--- /dev/null
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup crypto_tester crypto_tester
+ * @{ @ingroup crypto
+ */
+
+#ifndef CRYPTO_TESTER_H_
+#define CRYPTO_TESTER_H_
+
+typedef struct crypto_tester_t crypto_tester_t;
+
+#include <crypto/crypto_factory.h>
+
+typedef struct crypter_test_vector_t crypter_test_vector_t;
+typedef struct signer_test_vector_t signer_test_vector_t;
+typedef struct hasher_test_vector_t hasher_test_vector_t;
+typedef struct prf_test_vector_t prf_test_vector_t;
+typedef struct rng_test_vector_t rng_test_vector_t;
+
+struct crypter_test_vector_t {
+ /** encryption algorithm this vector tests */
+ encryption_algorithm_t alg;
+ /** key length to use, in bytes */
+ size_t key_size;
+ /** encryption key of test vector */
+ u_char *key;
+ /** initialization vector, using crypters blocksize bytes */
+ u_char *iv;
+ /** length of plain and cipher text */
+ size_t len;
+ /** plain text */
+ u_char *plain;
+ /** cipher text */
+ u_char *cipher;
+};
+
+struct signer_test_vector_t {
+ /** signer algorithm this test vector tests */
+ pseudo_random_function_t alg;
+ /** key to use, with a length the algorithm expects */
+ u_char *key;
+ /** size of the input data */
+ size_t len;
+ /** input data */
+ u_char *data;
+ /** expected output, with ouput size of the tested algorithm */
+ u_char *mac;
+};
+
+struct hasher_test_vector_t {
+ /** hash algorithm this test vector tests */
+ hash_algorithm_t alg;
+ /** length of the input data */
+ size_t len;
+ /** input data */
+ u_char *data;
+ /** expected hash, with hash size of the tested algorithm */
+ u_char *hash;
+};
+
+struct prf_test_vector_t {
+ /** prf algorithm this test vector tests */
+ pseudo_random_function_t alg;
+ /** is this PRF stateful? */
+ bool stateful;
+ /** key length to use, in bytes */
+ size_t key_size;
+ /** key to use */
+ u_char *key;
+ /** size of the seed data */
+ size_t len;
+ /** seed data */
+ u_char *seed;
+ /** expected output, with block size of the tested algorithm */
+ u_char *out;
+};
+
+/**
+ * Test vector for a RNG.
+ *
+ * Contains a callback function to analyze the output of a RNG,
+ */
+struct rng_test_vector_t {
+ /** quality of random data this test vector tests */
+ rng_quality_t quality;
+ /** callback function to test RNG output, returns TRUE if data ok */
+ bool (*test)(void *user, chunk_t data);
+ /** number of bytes the function requests */
+ size_t len;
+ /** user data passed back to the test() function on invocation */
+ void *user;
+};
+
+/**
+ * Cryptographic primitive testing framework.
+ */
+struct crypto_tester_t {
+
+ /**
+ * Test a crypter algorithm, optionally using a specified key size.
+ *
+ * @param alg algorithm to test
+ * @param key_size key size to test, 0 for all
+ * @param create constructor function for the crypter
+ * @return TRUE if test passed
+ */
+ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg,
+ size_t key_size, crypter_constructor_t create);
+ /**
+ * Test a signer algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the signer
+ * @return TRUE if test passed
+ */
+ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg,
+ signer_constructor_t create);
+ /**
+ * Test a hasher algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the hasher
+ * @return TRUE if test passed
+ */
+ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg,
+ hasher_constructor_t create);
+ /**
+ * Test a PRF algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the PRF
+ * @return TRUE if test passed
+ */
+ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg,
+ prf_constructor_t create);
+ /**
+ * Test a RNG implementation.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the RNG
+ * @return TRUE if test passed
+ */
+ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality,
+ rng_constructor_t create);
+ /**
+ * Add a test vector to test a crypter.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_crypter_vector)(crypto_tester_t *this,
+ crypter_test_vector_t *vector);
+ /**
+ * Add a test vector to test a signer.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_signer_vector)(crypto_tester_t *this,
+ signer_test_vector_t *vector);
+ /**
+ * Add a test vector to test a hasher.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_hasher_vector)(crypto_tester_t *this,
+ hasher_test_vector_t *vector);
+ /**
+ * Add a test vector to test a PRF.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector);
+
+ /**
+ * Add a test vector to test a RNG.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_rng_vector)(crypto_tester_t *this, rng_test_vector_t *vector);
+
+ /**
+ * Destroy a crypto_tester_t.
+ */
+ void (*destroy)(crypto_tester_t *this);
+};
+
+/**
+ * Create a crypto_tester instance.
+ */
+crypto_tester_t *crypto_tester_create();
+
+#endif /* CRYPTO_TESTER_ @}*/
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 53c3a1632..18d532697 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -12,30 +12,28 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: diffie_hellman.c 4685 2008-11-22 16:14:55Z martin $
*/
#include "diffie_hellman.h"
ENUM_BEGIN(diffie_hellman_group_names, MODP_NONE, MODP_1024_BIT,
"MODP_NONE",
- "MODP_768_BIT",
- "MODP_1024_BIT");
+ "MODP_768",
+ "MODP_1024");
ENUM_NEXT(diffie_hellman_group_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
- "MODP_1536_BIT");
+ "MODP_1536");
ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
- "MODP_2048_BIT",
- "MODP_3072_BIT",
- "MODP_4096_BIT",
- "MODP_6144_BIT",
- "MODP_8192_BIT",
- "ECP_256_BIT",
- "ECP_384_BIT",
- "ECP_521_BIT");
+ "MODP_2048",
+ "MODP_3072",
+ "MODP_4096",
+ "MODP_6144",
+ "MODP_8192",
+ "ECP_256",
+ "ECP_384",
+ "ECP_521");
ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT,
- "ECP_192_BIT",
- "ECP_224_BIT");
+ "ECP_192",
+ "ECP_224");
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
"MODP_NULL");
ENUM_END(diffie_hellman_group_names, MODP_NULL);
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 5aaba383e..a40a73526 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index cf507442d..c58c2ad42 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -13,24 +13,22 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hasher.c 4880 2009-02-18 19:45:46Z tobias $
*/
#include "hasher.h"
#include <asn1/oid.h>
-ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_MD4,
+ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512,
"HASH_UNKNOWN",
"HASH_PREFERRED",
"HASH_MD2",
+ "HASH_MD4",
"HASH_MD5",
"HASH_SHA1",
"HASH_SHA256",
"HASH_SHA384",
- "HASH_SHA512",
- "HASH_MD4"
+ "HASH_SHA512"
);
/*
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 1db5c14cc..098739fa3 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -13,13 +13,11 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hasher.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
- * @defgroup traffic_selector traffic_selector
- * @{ @ingroup config
+ * @defgroup hasher hasher
+ * @{ @ingroup crypto
*/
#ifndef HASHER_H_
@@ -39,12 +37,12 @@ enum hash_algorithm_t {
/** preferred hash function, general purpose */
HASH_PREFERRED = 1,
HASH_MD2 = 2,
- HASH_MD5 = 3,
- HASH_SHA1 = 4,
- HASH_SHA256 = 5,
- HASH_SHA384 = 6,
- HASH_SHA512 = 7,
- HASH_MD4 = 8,
+ HASH_MD4 = 3,
+ HASH_MD5 = 4,
+ HASH_SHA1 = 5,
+ HASH_SHA256 = 6,
+ HASH_SHA384 = 7,
+ HASH_SHA512 = 8
};
#define HASH_SIZE_MD2 16
diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c
index 1c1b5a586..525ea9db5 100644
--- a/src/libstrongswan/crypto/pkcs9.c
+++ b/src/libstrongswan/crypto/pkcs9.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pkcs9.c 3891 2008-04-28 16:00:52Z andreas $
*/
#include <library.h>
diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
index 698f3c172..80d915701 100644
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pkcs9.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index 3d37d4ef7..a4fc377ef 100644
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf_plus.c 4524 2008-10-29 14:12:54Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h
index 4c98e4ad1..2e5b66152 100644
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf_plus.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c
index 812f6278d..8681a5b97 100644
--- a/src/libstrongswan/crypto/prfs/prf.c
+++ b/src/libstrongswan/crypto/prfs/prf.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf.c 3619 2008-03-19 14:02:52Z martin $
*/
#include "prf.h"
@@ -23,13 +21,14 @@ ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_KEYED_SHA1,
"PRF_FIPS_SHA1_160",
"PRF_FIPS_DES",
"PRF_KEYED_SHA1");
-ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_KEYED_SHA1,
+ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_KEYED_SHA1,
"PRF_HMAC_MD5",
"PRF_HMAC_SHA1",
"PRF_HMAC_TIGER",
- "PRF_AES128_CBC",
+ "PRF_AES128_XCBC",
"PRF_HMAC_SHA2_256",
"PRF_HMAC_SHA2_384",
- "PRF_HMAC_SHA2_512");
-ENUM_END(pseudo_random_function_names, PRF_HMAC_SHA2_512);
+ "PRF_HMAC_SHA2_512",
+ "PRF_AES128_CMAC");
+ENUM_END(pseudo_random_function_names, PRF_AES128_CMAC);
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index e2b4f6fe0..f2a5afc45 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -37,21 +35,25 @@ typedef struct prf_t prf_t;
*/
enum pseudo_random_function_t {
PRF_UNDEFINED = 1024,
- /** Implemented via hmac_prf_t. */
+ /** RFC2104 */
PRF_HMAC_MD5 = 1,
- /** Implemented via hmac_prf_t. */
+ /** RFC2104 */
PRF_HMAC_SHA1 = 2,
+ /** RFC2104 */
PRF_HMAC_TIGER = 3,
+ /** RFC4434 */
PRF_AES128_XCBC = 4,
- /** Implemented via hmac_prf_t. */
+ /** RFC4868 */
PRF_HMAC_SHA2_256 = 5,
- /** Implemented via hmac_prf_t. */
+ /** RFC4868. */
PRF_HMAC_SHA2_384 = 6,
- /** Implemented via hmac_prf_t. */
+ /** RFC4868 */
PRF_HMAC_SHA2_512 = 7,
- /** Implemented via fips_prf_t, other output sizes would be possible */
+ /** RFC4615 */
+ PRF_AES128_CMAC = 8,
+ /** FIPS 186-2-change1 */
PRF_FIPS_SHA1_160 = 1025,
- /** Could be implemented via fips_prf_t, uses fixed output size of 160bit */
+ /** FIPS 186-2-change1, uses fixed output size of 160bit */
PRF_FIPS_DES = 1026,
/**
* Keyed hash algorithm using SHA1, used in EAP-AKA:
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
new file mode 100644
index 000000000..14321e070
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -0,0 +1,270 @@
+/* C code produced by gperf version 3.0.3 */
+/* Command-line: /usr/bin/gperf -N proposal_get_token -m 10 -C -G -c -t -D */
+/* Computed positions: -k'1,5,7,10,$' */
+
+#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
+ && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
+ && (')' == 41) && ('*' == 42) && ('+' == 43) && (',' == 44) \
+ && ('-' == 45) && ('.' == 46) && ('/' == 47) && ('0' == 48) \
+ && ('1' == 49) && ('2' == 50) && ('3' == 51) && ('4' == 52) \
+ && ('5' == 53) && ('6' == 54) && ('7' == 55) && ('8' == 56) \
+ && ('9' == 57) && (':' == 58) && (';' == 59) && ('<' == 60) \
+ && ('=' == 61) && ('>' == 62) && ('?' == 63) && ('A' == 65) \
+ && ('B' == 66) && ('C' == 67) && ('D' == 68) && ('E' == 69) \
+ && ('F' == 70) && ('G' == 71) && ('H' == 72) && ('I' == 73) \
+ && ('J' == 74) && ('K' == 75) && ('L' == 76) && ('M' == 77) \
+ && ('N' == 78) && ('O' == 79) && ('P' == 80) && ('Q' == 81) \
+ && ('R' == 82) && ('S' == 83) && ('T' == 84) && ('U' == 85) \
+ && ('V' == 86) && ('W' == 87) && ('X' == 88) && ('Y' == 89) \
+ && ('Z' == 90) && ('[' == 91) && ('\\' == 92) && (']' == 93) \
+ && ('^' == 94) && ('_' == 95) && ('a' == 97) && ('b' == 98) \
+ && ('c' == 99) && ('d' == 100) && ('e' == 101) && ('f' == 102) \
+ && ('g' == 103) && ('h' == 104) && ('i' == 105) && ('j' == 106) \
+ && ('k' == 107) && ('l' == 108) && ('m' == 109) && ('n' == 110) \
+ && ('o' == 111) && ('p' == 112) && ('q' == 113) && ('r' == 114) \
+ && ('s' == 115) && ('t' == 116) && ('u' == 117) && ('v' == 118) \
+ && ('w' == 119) && ('x' == 120) && ('y' == 121) && ('z' == 122) \
+ && ('{' == 123) && ('|' == 124) && ('}' == 125) && ('~' == 126))
+/* The character set is not based on ISO-646. */
+error "gperf generated tables don't work with this execution character set. Please report a bug to <bug-gnu-gperf@gnu.org>."
+#endif
+
+
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include <crypto/transform.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/signers/signer.h>
+#include <crypto/diffie_hellman.h>
+
+struct proposal_token {
+ char *name;
+ transform_type_t type;
+ u_int16_t algorithm;
+ u_int16_t keysize;
+};
+
+#define TOTAL_KEYWORDS 87
+#define MIN_WORD_LENGTH 3
+#define MAX_WORD_LENGTH 12
+#define MIN_HASH_VALUE 4
+#define MAX_HASH_VALUE 129
+/* maximum key range = 126, duplicates = 0 */
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static unsigned int
+hash (str, len)
+ register const char *str;
+ register unsigned int len;
+{
+ static const unsigned char asso_values[] =
+ {
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 11,
+ 2, 15, 5, 27, 21, 8, 5, 0, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 39, 130, 24, 0, 1,
+ 8, 2, 50, 0, 9, 53, 130, 130, 0, 130,
+ 42, 0, 130, 130, 5, 9, 34, 4, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130
+ };
+ register int hval = len;
+
+ switch (hval)
+ {
+ default:
+ hval += asso_values[(unsigned char)str[9]];
+ /*FALLTHROUGH*/
+ case 9:
+ case 8:
+ case 7:
+ hval += asso_values[(unsigned char)str[6]];
+ /*FALLTHROUGH*/
+ case 6:
+ case 5:
+ hval += asso_values[(unsigned char)str[4]];
+ /*FALLTHROUGH*/
+ case 4:
+ case 3:
+ case 2:
+ case 1:
+ hval += asso_values[(unsigned char)str[0]+1];
+ break;
+ }
+ return hval + asso_values[(unsigned char)str[len - 1]];
+}
+
+static const struct proposal_token wordlist[] =
+ {
+ {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
+ {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}
+ };
+
+static const short lookup[] =
+ {
+ -1, -1, -1, -1, 0, -1, -1, -1, 1, -1, 2, -1, 3, 4,
+ 5, 6, -1, 7, 8, -1, 9, 10, 11, 12, 13, 14, 15, 16,
+ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1,
+ 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
+ 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
+ 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, -1,
+ 71, -1, 72, -1, 73, -1, 74, 75, 76, 77, 78, -1, -1, 79,
+ -1, -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, -1, -1, 81,
+ -1, -1, -1, -1, -1, -1, 82, 83, 84, -1, 85, -1, -1, -1,
+ -1, -1, -1, 86
+ };
+
+#ifdef __GNUC__
+__inline
+#ifdef __GNUC_STDC_INLINE__
+__attribute__ ((__gnu_inline__))
+#endif
+#endif
+const struct proposal_token *
+proposal_get_token (str, len)
+ register const char *str;
+ register unsigned int len;
+{
+ if (len <= MAX_WORD_LENGTH && len >= MIN_WORD_LENGTH)
+ {
+ register int key = hash (str, len);
+
+ if (key <= MAX_HASH_VALUE && key >= 0)
+ {
+ register int index = lookup[key];
+
+ if (index >= 0)
+ {
+ register const char *s = wordlist[index].name;
+
+ if (*str == *s && !strncmp (str + 1, s + 1, len - 1) && s[len] == '\0')
+ return &wordlist[index];
+ }
+ }
+ }
+ return 0;
+}
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
new file mode 100644
index 000000000..86cb7ef09
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -0,0 +1,34 @@
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _PROPOSAL_KEYWORDS_H_
+#define _PROPOSAL_KEYWORDS_H_
+
+#include <crypto/transform.h>
+
+typedef struct proposal_token proposal_token_t;
+
+struct proposal_token {
+ char *name;
+ transform_type_t type;
+ u_int16_t algorithm;
+ u_int16_t keysize;
+};
+
+extern const proposal_token_t* proposal_get_token(register const char *str,
+ register unsigned int len);
+
+#endif /* _PROPOSAL_KEYWORDS_H_ */
+
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
new file mode 100644
index 000000000..511fdd50a
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -0,0 +1,118 @@
+%{
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include <crypto/transform.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/signers/signer.h>
+#include <crypto/diffie_hellman.h>
+
+%}
+struct proposal_token {
+ char *name;
+ transform_type_t type;
+ u_int16_t algorithm;
+ u_int16_t keysize;
+};
+%%
+null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
+des, ENCRYPTION_ALGORITHM, ENCR_DES, 0
+3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0
+aes, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
+aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
+aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192
+aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256
+aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128
+aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192
+aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256
+aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
+aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
+aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
+aes128ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
+aes128ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
+aes128ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
+aes192ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
+aes192ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
+aes192ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
+aes192ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
+aes192ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
+aes192ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
+aes256ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
+aes256ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
+aes256ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
+aes256ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
+aes256ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
+aes256ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
+aes128gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
+aes128gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
+aes128gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
+aes128gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
+aes128gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
+aes128gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
+aes192gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
+aes192gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
+aes192gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
+aes192gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
+aes192gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
+aes192gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
+aes256gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
+aes256gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
+aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
+aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
+aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
+aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
+blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
+blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
+blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
+blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256
+camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
+camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
+camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192
+camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256
+cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128
+serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
+serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
+serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192
+serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256
+twofish, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
+twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
+twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192
+twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256
+sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
+sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
+sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
+sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
+sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
+sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
+md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0
+aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0
+modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
+modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
+modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
+modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0
+modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0
+modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0
+modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0
+modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0
+modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0
+ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0
+ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
+ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
+ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
+ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c
index 435e043e8..67fd76910 100644
--- a/src/libstrongswan/crypto/rngs/rng.c
+++ b/src/libstrongswan/crypto/rngs/rng.c
@@ -11,14 +11,12 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "rng.h"
-ENUM(rng_quality_names, RNG_WEAK, RNG_REAL,
+ENUM(rng_quality_names, RNG_WEAK, RNG_TRUE,
"RNG_WEAK",
"RNG_STRONG",
- "RNG_REAL",
+ "RNG_TRUE",
);
diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h
index 1c4d204f3..89bc2f2de 100644
--- a/src/libstrongswan/crypto/rngs/rng.h
+++ b/src/libstrongswan/crypto/rngs/rng.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: rng.h 3619 2008-03-19 14:02:52Z martin $
*/
/**
@@ -36,8 +34,8 @@ enum rng_quality_t {
RNG_WEAK,
/** stronger randomness, usable for session keys */
RNG_STRONG,
- /** real random, key material */
- RNG_REAL,
+ /** true random key material */
+ RNG_TRUE,
};
/**
@@ -56,7 +54,7 @@ struct rng_t {
* @param len number of bytes to get
* @param buffer pointer where the generated bytes will be written
*/
- void (*get_bytes) (rng_t *this, u_int len, u_int8_t *buffer);
+ void (*get_bytes) (rng_t *this, size_t len, u_int8_t *buffer);
/**
* Generates random bytes and allocate space for them.
@@ -64,7 +62,7 @@ struct rng_t {
* @param len number of bytes to get
* @param chunk chunk which will hold generated bytes
*/
- void (*allocate_bytes) (rng_t *this, u_int len, chunk_t *chunk);
+ void (*allocate_bytes) (rng_t *this, size_t len, chunk_t *chunk);
/**
* Destroys a rng object.
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 8412ff62e..1147e1f26 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -12,24 +12,27 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: signer.c 3589 2008-03-13 14:14:44Z martin $
*/
#include "signer.h"
ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
"UNDEFINED",
- "AUTH_HMAC_SHA1_128");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_AES_XCBC_96, AUTH_HMAC_SHA1_128,
+ "HMAC_SHA1_128");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128,
"HMAC_MD5_96",
"HMAC_SHA1_96",
"DES_MAC",
"KPDK_MD5",
- "AES_XCBC_96");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_SHA2_256_128, AUTH_HMAC_SHA2_512_256, AUTH_AES_XCBC_96,
- "AUTH_HMAC_SHA2_256_128",
- "AUTH_HMAC_SHA2_384_192",
- "AUTH_HMAC_SHA2_512_256");
+ "AES_XCBC_96",
+ "HMAC_MD5_128",
+ "HMAC_SHA1_160",
+ "AES_CMAC_96",
+ "AES_128_GMAC",
+ "AES_192_GMAC",
+ "AES_256_GMAC",
+ "HMAC_SHA2_256_128",
+ "HMAC_SHA2_384_192",
+ "HMAC_SHA2_512_256");
ENUM_END(integrity_algorithm_names, AUTH_HMAC_SHA2_512_256);
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index b2be2c030..0d9bfc5af 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: signer.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -36,23 +34,36 @@ typedef struct signer_t signer_t;
*/
enum integrity_algorithm_t {
AUTH_UNDEFINED = 1024,
- /** Implemented via hmac_signer_t */
+ /** RFC4306 */
AUTH_HMAC_MD5_96 = 1,
- /** Implemented via hmac_signer_t */
+ /** RFC4306 */
AUTH_HMAC_SHA1_96 = 2,
+ /** RFC4306 */
AUTH_DES_MAC = 3,
+ /** RFC1826 */
AUTH_KPDK_MD5 = 4,
+ /** RFC4306 */
AUTH_AES_XCBC_96 = 5,
- /** Implemented via hmac_signer_t */
+ /** RFC4595 */
+ AUTH_HMAC_MD5_128 = 6,
+ /** RFC4595 */
+ AUTH_HMAC_SHA1_160 = 7,
+ /** RFC4494 */
+ AUTH_AES_CMAC_96 = 8,
+ /** RFC4543 */
+ AUTH_AES_128_GMAC = 9,
+ /** RFC4543 */
+ AUTH_AES_192_GMAC = 10,
+ /** RFC4543 */
+ AUTH_AES_256_GMAC = 11,
+ /** RFC4868 */
AUTH_HMAC_SHA2_256_128 = 12,
- /** Implemented via hmac_signer_t */
+ /** RFC4868 */
AUTH_HMAC_SHA2_384_192 = 13,
- /** Implemented via hmac_signer_t */
+ /** RFC4868 */
AUTH_HMAC_SHA2_512_256 = 14,
- /** Implemented via hmac_signer_t */
+ /** private use */
AUTH_HMAC_SHA1_128 = 1025,
- /** Implemented via hmac_signer_t */
- AUTH_HMAC_MD5_128 = 1026,
};
/**
@@ -61,7 +72,7 @@ enum integrity_algorithm_t {
extern enum_name_t *integrity_algorithm_names;
/**
- * Generig interface for a symmetric signature algorithm.
+ * Generic interface for a symmetric signature algorithm.
*/
struct signer_t {
/**
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
new file mode 100644
index 000000000..af40f4de6
--- /dev/null
+++ b/src/libstrongswan/crypto/transform.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2006-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/transform.h>
+
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, RANDOM_NUMBER_GENERATOR,
+ "UNDEFINED_TRANSFORM_TYPE",
+ "HASH_ALGORITHM",
+ "RANDOM_NUMBER_GENERATOR");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, RANDOM_NUMBER_GENERATOR,
+ "ENCRYPTION_ALGORITHM",
+ "PSEUDO_RANDOM_FUNCTION",
+ "INTEGRITY_ALGORITHM",
+ "DIFFIE_HELLMAN_GROUP",
+ "EXTENDED_SEQUENCE_NUMBERS");
+ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
new file mode 100644
index 000000000..d11700a73
--- /dev/null
+++ b/src/libstrongswan/crypto/transform.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2006-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup transforms transforms
+ * @{ @ingroup crypto
+ */
+
+#ifndef TRANSFORM_H_
+#define TRANSFORM_H_
+
+typedef enum transform_type_t transform_type_t;
+
+#include <library.h>
+
+/**
+ * Type of a transform, as in IKEv2 RFC 3.3.2.
+ */
+enum transform_type_t {
+ UNDEFINED_TRANSFORM_TYPE = 241,
+ HASH_ALGORITHM = 242,
+ RANDOM_NUMBER_GENERATOR = 243,
+ ENCRYPTION_ALGORITHM = 1,
+ PSEUDO_RANDOM_FUNCTION = 2,
+ INTEGRITY_ALGORITHM = 3,
+ DIFFIE_HELLMAN_GROUP = 4,
+ EXTENDED_SEQUENCE_NUMBERS = 5
+};
+
+/**
+ * enum names for transform_type_t.
+ */
+extern enum_name_t *transform_type_names;
+
+#endif /** TRANSFORM_H_ @}*/