moved IKEv2 proposals and transforms to libstrongswan
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 May 2009 20:43:48 +0000 (22:43 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 May 2009 20:43:48 +0000 (22:43 +0200)
src/charon/Makefile.am
src/charon/config/proposal.c
src/charon/config/proposal.h
src/charon/config/proposal_keywords.h [deleted file]
src/charon/config/proposal_keywords.txt [deleted file]
src/libstrongswan/Makefile.am
src/libstrongswan/crypto/proposal.diff [new file with mode: 0644]
src/libstrongswan/crypto/proposal/proposal_keywords.h [new file with mode: 0644]
src/libstrongswan/crypto/proposal/proposal_keywords.txt [new file with mode: 0644]
src/libstrongswan/crypto/transform.c [new file with mode: 0644]
src/libstrongswan/crypto/transform.h [new file with mode: 0644]

index 4750108..9efbf48 100644 (file)
@@ -8,7 +8,7 @@ config/backend_manager.c config/backend_manager.h config/backend.h \
 config/child_cfg.c config/child_cfg.h \
 config/ike_cfg.c config/ike_cfg.h \
 config/peer_cfg.c config/peer_cfg.h \
-config/proposal.c config/proposal.h config/proposal_keywords.c config/proposal_keywords.h \
+config/proposal.c config/proposal.h \
 config/auth_cfg.c config/auth_cfg.h \
 config/traffic_selector.c config/traffic_selector.h \
 config/attributes/attribute_provider.h \
@@ -109,13 +109,6 @@ AM_CFLAGS = -rdynamic \
   -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
 charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm $(DLLIB)
 
-EXTRA_DIST = config/proposal_keywords.txt
-BUILT_SOURCES = $(srcdir)/config/proposal_keywords.c
-MAINTAINERCLEANFILES = $(srcdir)/config/proposal_keywords.c
-
-$(srcdir)/config/proposal_keywords.c:  $(srcdir)/config/proposal_keywords.txt $(srcdir)/config/proposal_keywords.h
-               $(GPERF) -C -G -c -t -D < $(srcdir)/config/proposal_keywords.txt > $@
-
 # compile options
 #################
 
index 894c7bf..5ae565e 100644 (file)
 #include <string.h>
 
 #include "proposal.h"
-#include "proposal_keywords.h"
 
 #include <daemon.h>
 #include <utils/linked_list.h>
 #include <utils/identification.h>
 #include <utils/lexparser.h>
+#include <crypto/transform.h>
 #include <crypto/prfs/prf.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
-
+#include <crypto/proposal/proposal_keywords.h>
 
 ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
        "PROTO_NONE",
@@ -35,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
        "ESP",
 );
 
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
-       "UNDEFINED_TRANSFORM_TYPE");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
-       "ENCRYPTION_ALGORITHM",
-       "PSEUDO_RANDOM_FUNCTION",
-       "INTEGRITY_ALGORITHM",
-       "DIFFIE_HELLMAN_GROUP",
-       "EXTENDED_SEQUENCE_NUMBERS");
-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
-
 ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
        "NO_EXT_SEQ",
        "EXT_SEQ",
@@ -594,7 +584,7 @@ struct proposal_token {
  */
 static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
 {
-       const proposal_token_t *token = in_word_set(alg.ptr, alg.len);
+       const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len);
 
        if (token == NULL)
        {
index 398c8c2..bc7a8c5 100644 (file)
@@ -22,7 +22,6 @@
 #define PROPOSAL_H_
 
 typedef enum protocol_id_t protocol_id_t;
-typedef enum transform_type_t transform_type_t;
 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
 typedef struct proposal_t proposal_t;
 
@@ -30,6 +29,7 @@ typedef struct proposal_t proposal_t;
 #include <utils/identification.h>
 #include <utils/linked_list.h>
 #include <utils/host.h>
+#include <crypto/transform.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 #include <crypto/diffie_hellman.h>
@@ -50,25 +50,6 @@ enum protocol_id_t {
  */
 extern enum_name_t *protocol_id_names;
 
-
-/**
- * Type of a transform, as in IKEv2 RFC 3.3.2.
- */
-enum transform_type_t {
-       UNDEFINED_TRANSFORM_TYPE = 241,
-       ENCRYPTION_ALGORITHM = 1,
-       PSEUDO_RANDOM_FUNCTION = 2,
-       INTEGRITY_ALGORITHM = 3,
-       DIFFIE_HELLMAN_GROUP = 4,
-       EXTENDED_SEQUENCE_NUMBERS = 5
-};
-
-/**
- * enum names for transform_type_t.
- */
-extern enum_name_t *transform_type_names;
-
-
 /**
  * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
  */
diff --git a/src/charon/config/proposal_keywords.h b/src/charon/config/proposal_keywords.h
deleted file mode 100644 (file)
index c2a5709..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-/* proposal keywords
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef _PROPOSAL_KEYWORDS_H_
-#define _PROPOSAL_KEYWORDS_H_
-
-typedef struct proposal_token proposal_token_t;
-
-extern const proposal_token_t* in_word_set(register const char *str, register unsigned int len);
-
-#endif /* _PROPOSAL_KEYWORDS_H_ */
-
diff --git a/src/charon/config/proposal_keywords.txt b/src/charon/config/proposal_keywords.txt
deleted file mode 100644 (file)
index 16e0383..0000000
+++ /dev/null
@@ -1,106 +0,0 @@
-%{
-/* proposal keywords
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "proposal.h"
-
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
-
-%}
-struct proposal_token {
-    char             *name;
-    transform_type_t  type;
-       u_int16_t         algorithm;
-    u_int16_t         keysize;  
-};
-%%
-null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
-aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
-aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
-aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
-aes128ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           128
-aes192ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           192
-aes256ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           256
-aes128ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
-aes128ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
-aes128ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
-aes128ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
-aes128ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128
-aes128ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128
-aes192ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192
-aes192ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192
-aes192ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192
-aes192ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192
-aes192ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192
-aes192ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192
-aes256ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256
-aes256ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256
-aes256ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256
-aes256ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256
-aes256ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256
-aes256ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256
-aes128gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128
-aes128gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128
-aes128gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128
-aes128gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128
-aes128gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128
-aes128gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128
-aes192gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192
-aes192gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192
-aes192gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192
-aes192gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192
-aes192gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192
-aes192gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192
-aes256gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256
-aes256gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256
-aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
-aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
-aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
-aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
-3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
-blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
-blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192
-blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256
-camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
-camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192
-camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256
-cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,              128
-sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
-sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
-sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
-sha2_256,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
-sha384,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
-sha2_384,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
-sha512,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
-sha2_512,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
-md5,              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,         0
-aesxcbc,          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,         0
-modpnull,         DIFFIE_HELLMAN_GROUP, MODP_NULL,                0
-modp768,          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,             0
-modp1024,         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,            0
-modp1536,         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,            0
-modp2048,         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,            0
-modp3072,         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,            0
-modp4096,         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,            0
-modp6144,         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,            0
-modp8192,         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,            0
-ecp192,           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,              0
-ecp224,           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,              0
-ecp256,           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,              0
-ecp384,           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,              0
-ecp521,           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,              0
index e689dc2..089d089 100644 (file)
@@ -22,12 +22,14 @@ asn1/pem.c asn1/pem.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/pkcs9.c crypto/pkcs9.h \
+crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
 crypto/prfs/prf.c crypto/prfs/prf.h \
 crypto/rngs/rng.c crypto/rngs/rng.h \
 crypto/prf_plus.h crypto/prf_plus.c \
 crypto/signers/signer.c crypto/signers/signer.h \
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
 crypto/crypto_factory.c crypto/crypto_factory.h \
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/transform.c crypto/transform.h \
 credentials/credential_factory.c credentials/credential_factory.h \
 credentials/builder.c credentials/builder.h \
 credentials/keys/private_key.c credentials/keys/private_key.h \
@@ -80,9 +82,17 @@ if USE_VSTR
   libstrongswan_la_LIBADD += -lvstr
 endif
 
-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
-BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
-MAINTAINERCLEANFILES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
+EXTRA_DIST = \
+asn1/oid.txt asn1/oid.pl \
+crypto/proposal/proposal_keywords.txt
+
+BUILT_SOURCES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
+
+MAINTAINERCLEANFILES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
 
 $(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
                (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
@@ -90,6 +100,11 @@ $(srcdir)/asn1/oid.c :      $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
 $(srcdir)/asn1/oid.h : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
                (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
 
+$(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposal_keywords.txt \
+                                                                                               $(srcdir)/crypto/proposal/proposal_keywords.h
+               $(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
+                                                                                               $(srcdir)/crypto/proposal/proposal_keywords.txt > $@
+
 
 # build plugins with their own Makefile
 #######################################
diff --git a/src/libstrongswan/crypto/proposal.diff b/src/libstrongswan/crypto/proposal.diff
new file mode 100644 (file)
index 0000000..1f9b79e
--- /dev/null
@@ -0,0 +1,235 @@
+diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
+index 4750108..9efbf48 100644
+--- a/src/charon/Makefile.am
++++ b/src/charon/Makefile.am
+@@ -8,7 +8,7 @@ config/backend_manager.c config/backend_manager.h config/backend.h \
+ config/child_cfg.c config/child_cfg.h \
+ config/ike_cfg.c config/ike_cfg.h \
+ config/peer_cfg.c config/peer_cfg.h \
+-config/proposal.c config/proposal.h config/proposal_keywords.c config/proposal_keywords.h \
++config/proposal.c config/proposal.h \
+ config/auth_cfg.c config/auth_cfg.h \
+ config/traffic_selector.c config/traffic_selector.h \
+ config/attributes/attribute_provider.h \
+@@ -109,13 +109,6 @@ AM_CFLAGS = -rdynamic \
+   -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+ charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm $(DLLIB)
+-EXTRA_DIST = config/proposal_keywords.txt
+-BUILT_SOURCES = $(srcdir)/config/proposal_keywords.c
+-MAINTAINERCLEANFILES = $(srcdir)/config/proposal_keywords.c
+-
+-$(srcdir)/config/proposal_keywords.c: $(srcdir)/config/proposal_keywords.txt $(srcdir)/config/proposal_keywords.h
+-              $(GPERF) -C -G -c -t -D < $(srcdir)/config/proposal_keywords.txt > $@
+-
+ # compile options
+ #################
+diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
+index 894c7bf..5ae565e 100644
+--- a/src/charon/config/proposal.c
++++ b/src/charon/config/proposal.c
+@@ -17,16 +17,16 @@
+ #include <string.h>
+ #include "proposal.h"
+-#include "proposal_keywords.h"
+ #include <daemon.h>
+ #include <utils/linked_list.h>
+ #include <utils/identification.h>
+ #include <utils/lexparser.h>
++#include <crypto/transform.h>
+ #include <crypto/prfs/prf.h>
+ #include <crypto/crypters/crypter.h>
+ #include <crypto/signers/signer.h>
+-
++#include <crypto/proposal/proposal_keywords.h>
+ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
+       "PROTO_NONE",
+@@ -35,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
+       "ESP",
+ );
+-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
+-      "UNDEFINED_TRANSFORM_TYPE");
+-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
+-      "ENCRYPTION_ALGORITHM",
+-      "PSEUDO_RANDOM_FUNCTION",
+-      "INTEGRITY_ALGORITHM",
+-      "DIFFIE_HELLMAN_GROUP",
+-      "EXTENDED_SEQUENCE_NUMBERS");
+-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+-
+ ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
+       "NO_EXT_SEQ",
+       "EXT_SEQ",
+@@ -594,7 +584,7 @@ struct proposal_token {
+  */
+ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
+ {
+-      const proposal_token_t *token = in_word_set(alg.ptr, alg.len);
++      const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len);
+       if (token == NULL)
+       {
+diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
+index 398c8c2..bc7a8c5 100644
+--- a/src/charon/config/proposal.h
++++ b/src/charon/config/proposal.h
+@@ -22,7 +22,6 @@
+ #define PROPOSAL_H_
+ typedef enum protocol_id_t protocol_id_t;
+-typedef enum transform_type_t transform_type_t;
+ typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
+ typedef struct proposal_t proposal_t;
+@@ -30,6 +29,7 @@ typedef struct proposal_t proposal_t;
+ #include <utils/identification.h>
+ #include <utils/linked_list.h>
+ #include <utils/host.h>
++#include <crypto/transform.h>
+ #include <crypto/crypters/crypter.h>
+ #include <crypto/signers/signer.h>
+ #include <crypto/diffie_hellman.h>
+@@ -50,25 +50,6 @@ enum protocol_id_t {
+  */
+ extern enum_name_t *protocol_id_names;
+-
+-/**
+- * Type of a transform, as in IKEv2 RFC 3.3.2.
+- */
+-enum transform_type_t {
+-      UNDEFINED_TRANSFORM_TYPE = 241,
+-      ENCRYPTION_ALGORITHM = 1,
+-      PSEUDO_RANDOM_FUNCTION = 2,
+-      INTEGRITY_ALGORITHM = 3,
+-      DIFFIE_HELLMAN_GROUP = 4,
+-      EXTENDED_SEQUENCE_NUMBERS = 5
+-};
+-
+-/**
+- * enum names for transform_type_t.
+- */
+-extern enum_name_t *transform_type_names;
+-
+-
+ /**
+  * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
+  */
+diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
+index e689dc2..089d089 100644
+--- a/src/libstrongswan/Makefile.am
++++ b/src/libstrongswan/Makefile.am
+@@ -22,12 +22,14 @@ asn1/pem.c asn1/pem.h \
+ crypto/crypters/crypter.c crypto/crypters/crypter.h \
+ crypto/hashers/hasher.h crypto/hashers/hasher.c \
+ crypto/pkcs9.c crypto/pkcs9.h \
++crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
+ crypto/prfs/prf.c crypto/prfs/prf.h \
+ crypto/rngs/rng.c crypto/rngs/rng.h \
+ crypto/prf_plus.h crypto/prf_plus.c \
+ crypto/signers/signer.c crypto/signers/signer.h \
+-crypto/diffie_hellman.c crypto/diffie_hellman.h \
+ crypto/crypto_factory.c crypto/crypto_factory.h \
++crypto/diffie_hellman.c crypto/diffie_hellman.h \
++crypto/transform.c crypto/transform.h \
+ credentials/credential_factory.c credentials/credential_factory.h \
+ credentials/builder.c credentials/builder.h \
+ credentials/keys/private_key.c credentials/keys/private_key.h \
+@@ -80,9 +82,17 @@ if USE_VSTR
+   libstrongswan_la_LIBADD += -lvstr
+ endif
+-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
+-BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
+-MAINTAINERCLEANFILES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
++EXTRA_DIST = \
++asn1/oid.txt asn1/oid.pl \
++crypto/proposal/proposal_keywords.txt
++
++BUILT_SOURCES = \
++$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
++$(srcdir)/crypto/proposal/proposal_keywords.c
++
++MAINTAINERCLEANFILES = \
++$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
++$(srcdir)/crypto/proposal/proposal_keywords.c
+ $(srcdir)/asn1/oid.c :        $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+               (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+@@ -90,6 +100,11 @@ $(srcdir)/asn1/oid.c :     $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ $(srcdir)/asn1/oid.h :        $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+               (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
++$(srcdir)/crypto/proposal/proposal_keywords.c:        $(srcdir)/crypto/proposal/proposal_keywords.txt \
++                                                                                              $(srcdir)/crypto/proposal/proposal_keywords.h
++              $(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
++                                                                                              $(srcdir)/crypto/proposal/proposal_keywords.txt > $@
++
+ # build plugins with their own Makefile
+ #######################################
+diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
+index c2a5709..ca15bb5 100644
+--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
++++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
+@@ -18,7 +18,8 @@
+ typedef struct proposal_token proposal_token_t;
+-extern const proposal_token_t* in_word_set(register const char *str, register unsigned int len);
++extern const proposal_token_t* proposal_get_token(register const char *str,
++                                                                                                register unsigned int len);
+ #endif /* _PROPOSAL_KEYWORDS_H_ */
+diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+index 16e0383..0502424 100644
+--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
++++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+@@ -16,10 +16,10 @@
+ #include <string.h>
+-#include "proposal.h"
+-
++#include <crypto/transform.h>
+ #include <crypto/crypters/crypter.h>
+ #include <crypto/signers/signer.h>
++#include <crypto/diffie_hellman.h>
+ %}
+ struct proposal_token {
+@@ -30,6 +30,7 @@ struct proposal_token {
+ };
+ %%
+ null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
++3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
+ aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
+ aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
+ aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
+@@ -72,7 +73,6 @@ aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
+ aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
+ aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
+ aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
+-3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
+ blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
+ blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192
+ blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256
+@@ -80,6 +80,12 @@ camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
+ camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192
+ camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256
+ cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,              128
++serpent128,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128
++serpent192,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       192
++serpent256,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       256
++twofish128,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128
++twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       192
++twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       256
+ sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
+ sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
+ sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
new file mode 100644 (file)
index 0000000..ca15bb5
--- /dev/null
@@ -0,0 +1,25 @@
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _PROPOSAL_KEYWORDS_H_
+#define _PROPOSAL_KEYWORDS_H_
+
+typedef struct proposal_token proposal_token_t;
+
+extern const proposal_token_t* proposal_get_token(register const char *str,
+                                                                                                 register unsigned int len);
+
+#endif /* _PROPOSAL_KEYWORDS_H_ */
+
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
new file mode 100644 (file)
index 0000000..0502424
--- /dev/null
@@ -0,0 +1,112 @@
+%{
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include <crypto/transform.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/signers/signer.h>
+#include <crypto/diffie_hellman.h>
+
+%}
+struct proposal_token {
+    char             *name;
+    transform_type_t  type;
+       u_int16_t         algorithm;
+    u_int16_t         keysize;  
+};
+%%
+null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
+3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
+aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
+aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
+aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
+aes128ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           128
+aes192ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           192
+aes256ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           256
+aes128ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
+aes128ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
+aes128ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
+aes128ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
+aes128ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128
+aes128ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128
+aes192ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192
+aes192ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192
+aes192ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192
+aes192ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192
+aes192ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192
+aes192ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192
+aes256ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256
+aes256ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256
+aes256ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256
+aes256ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256
+aes256ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256
+aes256ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256
+aes128gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128
+aes128gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128
+aes128gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128
+aes128gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128
+aes128gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128
+aes128gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128
+aes192gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192
+aes192gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192
+aes192gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192
+aes192gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192
+aes192gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192
+aes192gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192
+aes256gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256
+aes256gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256
+aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
+aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
+aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
+aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
+blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
+blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192
+blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256
+camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
+camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192
+camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256
+cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,              128
+serpent128,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128
+serpent192,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       192
+serpent256,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       256
+twofish128,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128
+twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       192
+twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       256
+sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
+sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
+sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
+sha2_256,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
+sha384,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
+sha2_384,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
+sha512,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
+sha2_512,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
+md5,              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,         0
+aesxcbc,          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,         0
+modpnull,         DIFFIE_HELLMAN_GROUP, MODP_NULL,                0
+modp768,          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,             0
+modp1024,         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,            0
+modp1536,         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,            0
+modp2048,         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,            0
+modp3072,         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,            0
+modp4096,         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,            0
+modp6144,         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,            0
+modp8192,         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,            0
+ecp192,           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,              0
+ecp224,           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,              0
+ecp256,           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,              0
+ecp384,           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,              0
+ecp521,           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,              0
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
new file mode 100644 (file)
index 0000000..b6e481d
--- /dev/null
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/transform.h>
+
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
+       "UNDEFINED_TRANSFORM_TYPE");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
+       "ENCRYPTION_ALGORITHM",
+       "PSEUDO_RANDOM_FUNCTION",
+       "INTEGRITY_ALGORITHM",
+       "DIFFIE_HELLMAN_GROUP",
+       "EXTENDED_SEQUENCE_NUMBERS");
+ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
new file mode 100644 (file)
index 0000000..df332f0
--- /dev/null
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup transforms transforms
+ * @{ @ingroup crypto
+ */
+
+#ifndef TRANSFORM_H_
+#define TRANSFORM_H_
+
+typedef enum transform_type_t transform_type_t;
+
+#include <library.h>
+
+/**
+ * Type of a transform, as in IKEv2 RFC 3.3.2.
+ */
+enum transform_type_t {
+       UNDEFINED_TRANSFORM_TYPE = 241,
+       ENCRYPTION_ALGORITHM = 1,
+       PSEUDO_RANDOM_FUNCTION = 2,
+       INTEGRITY_ALGORITHM = 3,
+       DIFFIE_HELLMAN_GROUP = 4,
+       EXTENDED_SEQUENCE_NUMBERS = 5
+};
+
+/**
+ * enum names for transform_type_t.
+ */
+extern enum_name_t *transform_type_names;
+
+#endif /** TRANSFORM_H_ @}*/