if test x$des = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" des"
fi
-if test x$md5 = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" md5"
-fi
if test x$sha1 = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" sha1"
fi
if test x$sha2 = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" sha2"
fi
+if test x$md5 = xtrue; then
+ libstrongswan_plugins=${libstrongswan_plugins}" md5"
+fi
if test x$fips_prf = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
fi
-if test x$gmp = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" gmp"
-fi
if test x$random = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" random"
fi
if test x$pubkey = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" pubkey"
fi
-if test x$hmac = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" hmac"
-fi
if test x$xcbc = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" xcbc"
fi
+if test x$hmac = xtrue; then
+ libstrongswan_plugins=${libstrongswan_plugins}" hmac"
+fi
if test x$mysql = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" mysql"
fi
if test x$openssl = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" openssl"
fi
+if test x$gmp = xtrue; then
+ libstrongswan_plugins=${libstrongswan_plugins}" gmp"
+fi
AC_SUBST(libstrongswan_plugins)
return &this->public;
}
+/**
+ * Add supported IKE algorithms to proposal
+ */
+static void proposal_add_supported_ike(private_proposal_t *this)
+{
+ enumerator_t *enumerator;
+ encryption_algorithm_t encryption;
+ integrity_algorithm_t integrity;
+ pseudo_random_function_t prf;
+ diffie_hellman_group_t group;
+
+ enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &encryption))
+ {
+ switch (encryption)
+ {
+ case ENCR_AES_CBC:
+ /* we assume that we support all AES sizes */
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+ break;
+ case ENCR_3DES:
+ case ENCR_AES_CTR:
+ case ENCR_AES_CCM_ICV8:
+ case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_CCM_ICV16:
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_GCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
+ break;
+ case ENCR_DES:
+ /* no, thanks */
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &integrity))
+ {
+ switch (integrity)
+ {
+ case AUTH_HMAC_SHA1_96:
+ case AUTH_HMAC_SHA2_256_128:
+ case AUTH_HMAC_SHA2_384_192:
+ case AUTH_HMAC_SHA2_512_256:
+ case AUTH_HMAC_MD5_96:
+ case AUTH_AES_XCBC_96:
+ add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &prf))
+ {
+ switch (prf)
+ {
+ case PRF_HMAC_SHA1:
+ case PRF_HMAC_SHA2_256:
+ case PRF_HMAC_SHA2_384:
+ case PRF_HMAC_SHA2_512:
+ case PRF_HMAC_MD5:
+ case PRF_AES128_XCBC:
+ add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &group))
+ {
+ switch (group)
+ {
+ case MODP_768_BIT:
+ /* weak */
+ break;
+ case MODP_1024_BIT:
+ case MODP_1536_BIT:
+ case MODP_2048_BIT:
+ case MODP_4096_BIT:
+ case MODP_8192_BIT:
+ case ECP_256_BIT:
+ case ECP_384_BIT:
+ case ECP_521_BIT:
+ case ECP_192_BIT:
+ case ECP_224_BIT:
+ add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
/*
* Describtion in header-file
*/
switch (protocol)
{
case PROTO_IKE:
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0);
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0);
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0);
- add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0);
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0);
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0);
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0);
+ proposal_add_supported_ike(this);
break;
case PROTO_ESP:
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
default:
break;
}
-
return &this->public;
}
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->crypto->add_crypter(lib->crypto, ENCR_DES,
- (crypter_constructor_t)des_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
(crypter_constructor_t)des_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_DES,
+ (crypter_constructor_t)des_crypter_create);
return &this->public.plugin;
}
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+ lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
- (dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_4096_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_8192_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+ (dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
+ (dh_constructor_t)gmp_diffie_hellman_create);
lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
(builder_constructor_t)gmp_rsa_private_key_builder);
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5,
+ lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256,
(prf_constructor_t)hmac_prf_create);
lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1,
(prf_constructor_t)hmac_prf_create);
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256,
+ lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5,
(prf_constructor_t)hmac_prf_create);
lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384,
(prf_constructor_t)hmac_prf_create);
lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512,
(prf_constructor_t)hmac_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
- (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256,
ENGINE_register_all_complete();
/* crypter */
- lib->crypto->add_crypter(lib->crypto, ENCR_DES,
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)openssl_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
(crypter_constructor_t)openssl_crypter_create);
(crypter_constructor_t)openssl_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
(crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_NULL,
+ lib->crypto->add_crypter(lib->crypto, ENCR_DES,
(crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
+ lib->crypto->add_crypter(lib->crypto, ENCR_NULL,
(crypter_constructor_t)openssl_crypter_create);
/* hasher */
lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
(hasher_constructor_t)openssl_hasher_create);
+ /* ec diffie hellman */
+ lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
+ (dh_constructor_t)openssl_ec_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
+ (dh_constructor_t)openssl_ec_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
+ (dh_constructor_t)openssl_ec_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
+ (dh_constructor_t)openssl_ec_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
+ (dh_constructor_t)openssl_ec_diffie_hellman_create);
+
/* diffie hellman */
- lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+ lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
- (dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_4096_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_8192_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
-
- /* ec diffie hellman */
- lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+ (dh_constructor_t)openssl_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
+ (dh_constructor_t)openssl_diffie_hellman_create);
/* rsa */
lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
projects / strongswan.git / commitdiff