This makes it more generic so we can use it for QSKE methods.
#include <assert.h>
#include <library.h>
#include <utils/debug.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
static void usage()
{
struct {
char *name;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
} groups[] = {
{"modp768", MODP_768_BIT},
{"modp1024", MODP_1024_BIT},
(end.tv_sec - start->tv_sec) * 1.0;
}
-static void run_test(diffie_hellman_group_t group, int rounds)
+static void run_test(key_exchange_method_t group, int rounds)
{
- diffie_hellman_t *l[rounds], *r;
+ key_exchange_t *l[rounds], *r;
chunk_t chunk, chunks[rounds], lsecrets[rounds], rsecrets[rounds];
struct timespec timing;
int round;
- r = lib->crypto->create_dh(lib->crypto, group);
+ r = lib->crypto->create_ke(lib->crypto, group);
if (!r)
{
- printf("skipping %N, not supported\n",
- diffie_hellman_group_names, group);
+ printf("skipping %N, not supported\n", key_exchange_method_names,
+ group);
return;
}
- printf("%N:\t", diffie_hellman_group_names, group);
+ printf("%N:\t", key_exchange_method_names, group);
start_timing(&timing);
for (round = 0; round < rounds; round++)
{
- l[round] = lib->crypto->create_dh(lib->crypto, group);
- assert(l[round]->get_my_public_value(l[round], &chunks[round]));
+ l[round] = lib->crypto->create_ke(lib->crypto, group);
+ assert(l[round]->get_public_key(l[round], &chunks[round]));
}
printf("A = g^a/s: %8.1f", rounds / end_timing(&timing));
for (round = 0; round < rounds; round++)
{
- assert(r->set_other_public_value(r, chunks[round]));
+ assert(r->set_public_key(r, chunks[round]));
assert(r->get_shared_secret(r, &rsecrets[round]));
chunk_free(&chunks[round]);
}
- assert(r->get_my_public_value(r, &chunk));
+ assert(r->get_public_key(r, &chunk));
start_timing(&timing);
for (round = 0; round < rounds; round++)
{
- assert(l[round]->set_other_public_value(l[round], chunk));
+ assert(l[round]->set_public_key(l[round], chunk));
assert(l[round]->get_shared_secret(l[round], &lsecrets[round]));
}
printf(" | S = B^a/s: %8.1f\n", rounds / end_timing(&timing));
tkm_diffie_hellman_t public;
/**
- * Diffie Hellman group number.
+ * Diffie-Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
- * Diffie Hellman public value.
+ * Diffie-Hellman public value.
*/
dh_pubvalue_type pubvalue;
};
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_tkm_diffie_hellman_t *this, chunk_t *value)
{
sequence_to_chunk(this->pubvalue.data, this->pubvalue.size, value);
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_tkm_diffie_hellman_t *this, chunk_t *secret)
{
*secret = chunk_empty;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_tkm_diffie_hellman_t *this, chunk_t value)
{
dh_pubvalue_type othervalue;
return ike_dh_generate_key(this->context_id, othervalue) == TKM_OK;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_tkm_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_tkm_diffie_hellman_t *this)
{
if (ike_dh_reset(this->context_id) != TKM_OK)
static u_int hash(void *key)
{
- diffie_hellman_group_t k = *(diffie_hellman_group_t*)key;
+ key_exchange_method_t k = *(key_exchange_method_t*)key;
return chunk_hash(chunk_from_thing(k));
}
static bool equals(void *key, void *other_key)
{
- return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key;
+ return *(key_exchange_method_t*)key == *(key_exchange_method_t*)other_key;
}
/*
{
int count, i;
char *iana_id_str, *tkm_id_str;
- diffie_hellman_group_t *iana_id;
+ key_exchange_method_t *iana_id;
uint64_t *tkm_id;
hashtable_t *map;
enumerator_t *enumerator;
while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str))
{
- iana_id = malloc_thing(diffie_hellman_group_t);
+ iana_id = malloc_thing(key_exchange_method_t);
*iana_id = settings_value_as_int(iana_id_str, 0);
tkm_id = malloc_thing(uint64_t);
*tkm_id = settings_value_as_int(tkm_id_str, 0);
count = map->get_count(map);
plugin_feature_t f[count + 1];
- f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create);
+ f[0] = PLUGIN_REGISTER(KE, tkm_diffie_hellman_create);
i = 1;
enumerator = map->create_enumerator(map);
while (enumerator->enumerate(enumerator, &iana_id, &tkm_id))
{
- f[i] = PLUGIN_PROVIDE(DH, *iana_id);
+ f[i] = PLUGIN_PROVIDE(KE, *iana_id);
i++;
}
enumerator->destroy(enumerator);
/*
* Described in header.
*/
-tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
+tkm_diffie_hellman_t *tkm_diffie_hellman_create(key_exchange_method_t group)
{
private_tkm_diffie_hellman_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
.get_id = _get_id,
#include <tkm/types.h>
/**
- * diffie_hellman_t implementation using the trusted key manager.
+ * key_exchange_t implementation using the trusted key manager.
*/
struct tkm_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
/**
* Get Diffie-Hellman context id.
* @param group Diffie Hellman group number to use
* @return tkm_diffie_hellman_t object, NULL if not supported
*/
-tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group);
+tkm_diffie_hellman_t *tkm_diffie_hellman_create(key_exchange_method_t group);
#endif /** TKM_DIFFIE_HELLMAN_H_ @}*/
return IKEV2;
}
-METHOD(keymat_t, create_dh, diffie_hellman_t*,
- private_tkm_keymat_t *this, diffie_hellman_group_t group)
+METHOD(keymat_t, create_ke, key_exchange_t*,
+ private_tkm_keymat_t *this, key_exchange_method_t ke)
{
- return lib->crypto->create_dh(lib->crypto, group);
+ return lib->crypto->create_ke(lib->crypto, ke);
}
METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
}
METHOD(keymat_v2_t, derive_ike_keys, bool,
- private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+ private_tkm_keymat_t *this, proposal_t *proposal, key_exchange_t *ke,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
}
/* Get DH context id */
- tkm_dh = (tkm_diffie_hellman_t *)dh;
+ tkm_dh = (tkm_diffie_hellman_t *)ke;
dh_id = tkm_dh->get_id(tkm_dh);
if (this->initiator)
}
METHOD(keymat_v2_t, derive_child_keys, bool,
- private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+ private_tkm_keymat_t *this, proposal_t *proposal, key_exchange_t *ke,
chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r)
{
esa_info_t *esa_info_i, *esa_info_r;
dh_id_type dh_id = 0;
- if (dh)
+ if (ke)
{
- dh_id = ((tkm_diffie_hellman_t *)dh)->get_id((tkm_diffie_hellman_t *)dh);
+ dh_id = ((tkm_diffie_hellman_t *)ke)->get_id((tkm_diffie_hellman_t *)ke);
}
INIT(esa_info_i,
.keymat_v2 = {
.keymat = {
.get_version = _get_version,
- .create_dh = _create_dh,
+ .create_ke = _create_ke,
.create_nonce_gen = _create_nonce_gen,
.get_aead = _get_aead,
.destroy = _destroy,
fail_if(!dh, "MODP_4096 not created");
fail_if(!dh->get_id(dh), "Invalid context id (0)");
- dh->dh.destroy(&dh->dh);
+ dh->ke.destroy(&dh->ke);
}
END_TEST
fail_if(!dh, "Unable to create DH");
chunk_t value;
- ck_assert(dh->dh.get_my_public_value(&dh->dh, &value));
- dh->dh.destroy(&dh->dh);
+ ck_assert(dh->ke.get_public_key(&dh->ke, &value));
+ dh->ke.destroy(&dh->ke);
fail_if(value.ptr == NULL, "Pubvalue is NULL");
fail_if(value.len != 512, "Pubvalue size mismatch");
/* Use the same pubvalue for both sides */
chunk_t pubvalue;
- ck_assert(dh->dh.get_my_public_value(&dh->dh, &pubvalue));
- ck_assert(dh->dh.set_other_public_value(&dh->dh, pubvalue));
+ ck_assert(dh->ke.get_public_key(&dh->ke, &pubvalue));
+ ck_assert(dh->ke.set_public_key(&dh->ke, pubvalue));
fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal,
- &dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty),
+ &dh->ke, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty),
"Key derivation failed");
chunk_free(&nonce);
ng->nonce_gen.destroy(&ng->nonce_gen);
proposal->destroy(proposal);
- dh->dh.destroy(&dh->dh);
+ dh->ke.destroy(&dh->ke);
ike_sa_id->destroy(ike_sa_id);
keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
chunk_free(&pubvalue);
chunk_t nonce = chunk_from_chars("test chunk");
fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal,
- (diffie_hellman_t *)dh,
+ &dh->ke,
nonce, nonce, &encr_i,
&integ_i, &encr_r, &integ_r),
"Child key derivation failed");
chunk_free(&info->nonce_r);
proposal->destroy(proposal);
- dh->dh.destroy(&dh->dh);
+ dh->ke.destroy(&dh->ke);
keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
chunk_free(&encr_i);
chunk_free(&encr_r);
{
ke = (ke_payload_t*)payload;
DBG1(DBG_CFG, "received DH group %N",
- diffie_hellman_group_names, ke->get_dh_group_number(ke));
+ key_exchange_method_names, ke->get_key_exchange_method(ke));
}
}
enumerator->destroy(enumerator);
copy_proposal_algs(proposal, new, ENCRYPTION_ALGORITHM);
copy_proposal_algs(proposal, new, INTEGRITY_ALGORITHM);
copy_proposal_algs(proposal, new, PSEUDO_RANDOM_FUNCTION);
- copy_proposal_algs(proposal, new, DIFFIE_HELLMAN_GROUP);
+ copy_proposal_algs(proposal, new, KEY_EXCHANGE_METHOD);
copy_proposal_algs(proposal, new, EXTENDED_SEQUENCE_NUMBERS);
updated->insert_last(updated, new);
}
}
METHOD(bus_t, ike_keys, void,
- private_bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
+ private_bus_t *this, ike_sa_t *ike_sa, key_exchange_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
ike_sa_t *rekey, shared_key_t *shared, auth_method_t method)
{
METHOD(bus_t, child_keys, void,
private_bus_t *this, child_sa_t *child_sa, bool initiator,
- diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r)
+ key_exchange_t *dh, chunk_t nonce_i, chunk_t nonce_r)
{
enumerator_t *enumerator;
ike_sa_t *ike_sa;
* @param shared shared key used for key derivation (IKEv1-PSK only)
* @param method auth method for key derivation (IKEv1-non-PSK only)
*/
- void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
+ void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, key_exchange_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
ike_sa_t *rekey, shared_key_t *shared,
auth_method_t method);
* @param nonce_r responder's nonce
*/
void (*child_keys)(bus_t *this, child_sa_t *child_sa, bool initiator,
- diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
+ key_exchange_t *dh, chunk_t nonce_i, chunk_t nonce_r);
/**
* CHILD_SA derived keys hook.
* @param method auth method for key derivation (IKEv1-non-PSK only)
* @return TRUE to stay registered, FALSE to unregister
*/
- bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
+ bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, key_exchange_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
ike_sa_t *rekey, shared_key_t *shared,
auth_method_t method);
* @return TRUE to stay registered, FALSE to unregister
*/
bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t nonce_i, chunk_t nonce_r);
/**
}
METHOD(child_cfg_t, get_proposals, linked_list_t*,
- private_child_cfg_t *this, bool strip_dh)
+ private_child_cfg_t *this, bool strip_ke)
{
enumerator_t *enumerator;
proposal_t *current;
proposal_selection_flag_t flags = 0;
linked_list_t *proposals = linked_list_create();
- if (strip_dh)
+ if (strip_ke)
{
- flags |= PROPOSAL_SKIP_DH;
+ flags |= PROPOSAL_SKIP_KE;
}
enumerator = this->proposals->create_enumerator(this->proposals);
return this->close_action;
}
-METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t,
+METHOD(child_cfg_t, get_ke_method, key_exchange_method_t,
private_child_cfg_t *this)
{
enumerator_t *enumerator;
proposal_t *proposal;
- uint16_t dh_group = MODP_NONE;
+ uint16_t method = MODP_NONE;
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal))
{
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD, &method,
+ NULL))
{
break;
}
}
enumerator->destroy(enumerator);
- return dh_group;
+ return method;
}
METHOD(child_cfg_t, get_inactivity, uint32_t,
.get_dpd_action = _get_dpd_action,
.get_close_action = _get_close_action,
.get_lifetime = _get_lifetime,
- .get_dh_group = _get_dh_group,
+ .get_ke_method = _get_ke_method,
.get_inactivity = _get_inactivity,
.get_reqid = _get_reqid,
.get_if_id = _get_if_id,
*
* Resulting list and all of its proposals must be freed after use.
*
- * @param strip_dh TRUE strip out diffie hellman groups
+ * @param strip_ke TRUE strip out key exchange methods
* @return list of proposals
*/
- linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
+ linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_ke);
/**
* Select a proposal from a supplied list.
action_t (*get_close_action) (child_cfg_t *this);
/**
- * Get the DH group to use for CHILD_SA setup.
+ * Get the key exchange method to use for CHILD_SA setup.
*
- * @return dh group to use
+ * @return key exchange method to use
*/
- diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
+ key_exchange_method_t (*get_ke_method)(child_cfg_t *this);
/**
* Get the inactivity timeout value.
return proposal_select(this->proposals, proposals, flags);
}
-METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
+METHOD(ike_cfg_t, get_ke_method, key_exchange_method_t,
private_ike_cfg_t *this)
{
enumerator_t *enumerator;
proposal_t *proposal;
- uint16_t dh_group = MODP_NONE;
+ uint16_t method = MODP_NONE;
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal))
{
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD, &method,
+ NULL))
{
break;
}
}
enumerator->destroy(enumerator);
- return dh_group;
+ return method;
}
METHOD(ike_cfg_t, equals, bool,
.get_proposals = _get_proposals,
.select_proposal = _select_proposal,
.has_proposal = _has_proposal,
- .get_dh_group = _get_dh_group,
+ .get_ke_method = _get_ke_method,
.equals = _equals,
.get_ref = _get_ref,
.destroy = _destroy,
#include <collections/linked_list.h>
#include <utils/identification.h>
#include <crypto/proposal/proposal.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
/**
* IKE version.
childless_t (*childless)(ike_cfg_t *this);
/**
- * Get the DH group to use for IKE_SA setup.
+ * Get the key exchange method to use for IKE_SA setup.
*
- * @return dh group to use for initialization
+ * @return key exchange method to use for initialization
*/
- diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
+ key_exchange_method_t (*get_ke_method)(ike_cfg_t *this);
/**
* Check if two IKE configs are equal.
uint16_t payload_length;
/**
- * DH Group Number.
+ * Key exchange method number.
*/
- uint16_t dh_group_number;
+ uint16_t ke_method;
/**
* Key Exchange Data of this KE payload.
{ RESERVED_BIT, offsetof(private_ke_payload_t, reserved_bit[6]) },
/* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) },
- /* DH Group number as 16 bit field*/
- { U_INT_16, offsetof(private_ke_payload_t, dh_group_number) },
+ /* Key exchange method number as 16 bit field*/
+ { U_INT_16, offsetof(private_ke_payload_t, ke_method) },
/* 2 reserved bytes */
{ RESERVED_BYTE, offsetof(private_ke_payload_t, reserved_byte[0])},
{ RESERVED_BYTE, offsetof(private_ke_payload_t, reserved_byte[1])},
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload !C! RESERVED ! Payload Length !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! DH Group # ! RESERVED !
+ ! KE method # ! RESERVED !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! !
~ Key Exchange Data ~
return this->key_exchange_data;
}
-METHOD(ke_payload_t, get_dh_group_number, diffie_hellman_group_t,
+METHOD(ke_payload_t, get_key_exchange_method, key_exchange_method_t,
private_ke_payload_t *this)
{
- return this->dh_group_number;
+ return this->ke_method;
}
METHOD2(payload_t, ke_payload_t, destroy, void,
.destroy = _destroy,
},
.get_key_exchange_data = _get_key_exchange_data,
- .get_dh_group_number = _get_dh_group_number,
+ .get_key_exchange_method = _get_key_exchange_method,
.destroy = _destroy,
},
.next_payload = PL_NONE,
- .dh_group_number = MODP_NONE,
+ .ke_method = MODP_NONE,
.type = type,
);
this->payload_length = get_header_length(this);
/*
* Described in header
*/
-ke_payload_t *ke_payload_create_from_diffie_hellman(payload_type_t type,
- diffie_hellman_t *dh)
+ke_payload_t *ke_payload_create_from_key_exchange(payload_type_t type,
+ key_exchange_t *ke)
{
private_ke_payload_t *this;
chunk_t value;
- if (!dh->get_my_public_value(dh, &value))
+ if (!ke->get_public_key(ke, &value))
{
return NULL;
}
this = (private_ke_payload_t*)ke_payload_create(type);
this->key_exchange_data = value;
- this->dh_group_number = dh->get_dh_group(dh);
+ this->ke_method = ke->get_method(ke);
this->payload_length += this->key_exchange_data.len;
return &this->public;
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_substructure.h>
#include <collections/linked_list.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
/**
* Class representing an IKEv1 or IKEv2 key exchange payload.
chunk_t (*get_key_exchange_data) (ke_payload_t *this);
/**
- * Gets the Diffie-Hellman Group Number of this KE payload (IKEv2 only).
+ * Gets the key exchange method of this KE payload (IKEv2 only).
*
- * @return DH Group Number of this payload
+ * @return key exchange method of this payload
*/
- diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this);
+ key_exchange_method_t (*get_key_exchange_method)(ke_payload_t *this);
/**
* Destroys a ke_payload_t object.
ke_payload_t *ke_payload_create(payload_type_t type);
/**
- * Creates a ke_payload_t from a diffie_hellman_t.
+ * Creates a ke_payload_t from a key_exchange_t.
*
* @param type PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE
- * @param dh diffie hellman object containing group and key
+ * @param ke key exchange object containing method and public key
* @return ke_payload_t object, NULL on error
*/
-ke_payload_t *ke_payload_create_from_diffie_hellman(payload_type_t type,
- diffie_hellman_t *dh);
+ke_payload_t *ke_payload_create_from_key_exchange(payload_type_t type,
+ key_exchange_t *ke);
#endif /** KE_PAYLOAD_H_ @}*/
get_alg_from_ikev1(PSEUDO_RANDOM_FUNCTION, value), 0);
break;
case TATTR_PH1_GROUP:
- proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ proposal->add_algorithm(proposal, KEY_EXCHANGE_METHOD,
value, 0);
break;
default:
get_alg_from_ikev1_auth(value), 0);
break;
case TATTR_PH2_GROUP:
- proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ proposal->add_algorithm(proposal, KEY_EXCHANGE_METHOD,
value, 0);
break;
case TATTR_PH2_EXT_SEQ_NUMBER:
}
enumerator->destroy(enumerator);
- enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
+ enumerator = proposal->create_enumerator(proposal, KEY_EXCHANGE_METHOD);
if (enumerator->enumerate(enumerator, &alg, &key_size))
{
transform->add_transform_attribute(transform,
return;
}
- enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
+ enumerator = proposal->create_enumerator(proposal, KEY_EXCHANGE_METHOD);
if (enumerator->enumerate(enumerator, &alg, &key_size))
{
transform->add_transform_attribute(transform,
enumerator->destroy(enumerator);
/* dh groups */
- enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
+ enumerator = proposal->create_enumerator(proposal, KEY_EXCHANGE_METHOD);
while (enumerator->enumerate(enumerator, &alg, NULL))
{
transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE,
- DIFFIE_HELLMAN_GROUP, alg);
+ KEY_EXCHANGE_METHOD, alg);
add_transform_substructure(this, transform);
}
enumerator->destroy(enumerator);
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_attribute.h>
#include <collections/linked_list.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
#include <crypto/signers/signer.h>
#include <crypto/prfs/prf.h>
#include <crypto/crypters/crypter.h>
METHOD(listener_t, child_keys, bool,
private_ha_child_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
- bool initiator, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r)
+ bool initiator, key_exchange_t *dh, chunk_t nonce_i, chunk_t nonce_r)
{
ha_message_t *m;
chunk_t secret;
{
m->add_attribute(m, HA_ALG_INTEG, alg);
}
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &alg, NULL))
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD, &alg, NULL))
{
m->add_attribute(m, HA_ALG_DH, alg);
}
struct ha_diffie_hellman_t {
/**
- * Implements diffie_hellman_t
+ * Implements key_exchange_t
*/
- diffie_hellman_t dh;
+ key_exchange_t dh;
/**
* Shared secret
chunk_t pub;
};
-METHOD(diffie_hellman_t, dh_get_shared_secret, bool,
+METHOD(key_exchange_t, dh_get_shared_secret, bool,
ha_diffie_hellman_t *this, chunk_t *secret)
{
*secret = chunk_clone(this->secret);
return TRUE;
}
-METHOD(diffie_hellman_t, dh_get_my_public_value, bool,
+METHOD(key_exchange_t, dh_get_public_key, bool,
ha_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_clone(this->pub);
return TRUE;
}
-METHOD(diffie_hellman_t, dh_destroy, void,
+METHOD(key_exchange_t, dh_destroy, void,
ha_diffie_hellman_t *this)
{
free(this);
/**
* Create a HA synced DH implementation
*/
-static diffie_hellman_t *ha_diffie_hellman_create(chunk_t secret, chunk_t pub)
+static key_exchange_t *ha_diffie_hellman_create(chunk_t secret, chunk_t pub)
{
ha_diffie_hellman_t *this;
INIT(this,
.dh = {
.get_shared_secret = _dh_get_shared_secret,
- .get_my_public_value = _dh_get_my_public_value,
+ .get_public_key = _dh_get_public_key,
.destroy = _dh_destroy,
},
.secret = secret,
if (ike_sa)
{
proposal_t *proposal;
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
proposal = proposal_create(PROTO_IKE, 0);
if (integ)
}
if (dh_grp)
{
- proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, dh_grp, 0);
+ proposal->add_algorithm(proposal, KEY_EXCHANGE_METHOD, dh_grp, 0);
}
charon->bus->set_sa(charon->bus, ike_sa);
dh = ha_diffie_hellman_create(secret, dh_local);
chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty;
chunk_t encr_i, integ_i, encr_r, integ_r;
linked_list_t *local_ts, *remote_ts;
- diffie_hellman_t *dh = NULL;
+ key_exchange_t *dh = NULL;
enumerator = message->create_attribute_enumerator(message);
while (enumerator->enumerate(enumerator, &attribute, &value))
}
if (dh_grp)
{
- proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, dh_grp, 0);
+ proposal->add_algorithm(proposal, KEY_EXCHANGE_METHOD, dh_grp, 0);
}
proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, esn, 0);
if (secret.len)
}
METHOD(listener_t, ike_keys, bool,
- private_ha_ike_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
+ private_ha_ike_t *this, ike_sa_t *ike_sa, key_exchange_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey,
shared_key_t *shared, auth_method_t method)
{
{
m->add_attribute(m, HA_ALG_PRF, alg);
}
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &alg, NULL))
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD, &alg, NULL))
{
m->add_attribute(m, HA_ALG_DH, alg);
}
chunk_clear(&secret);
if (ike_sa->get_version(ike_sa) == IKEV1)
{
- if (dh->get_my_public_value(dh, &secret))
+ if (dh->get_public_key(dh, &secret))
{
m->add_attribute(m, HA_LOCAL_DH, secret);
chunk_free(&secret);
#include "load_tester_diffie_hellman.h"
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
load_tester_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_empty;
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
load_tester_diffie_hellman_t *this, chunk_t value)
{
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
load_tester_diffie_hellman_t *this, chunk_t *secret)
{
*secret = chunk_empty;
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
load_tester_diffie_hellman_t *this)
{
return MODP_NULL;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
load_tester_diffie_hellman_t *this)
{
free(this);
* See header
*/
load_tester_diffie_hellman_t *load_tester_diffie_hellman_create(
- diffie_hellman_group_t group)
+ key_exchange_method_t group)
{
load_tester_diffie_hellman_t *this;
}
INIT(this,
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .get_method = _get_method,
.destroy = _destroy,
}
);
#ifndef LOAD_TESTER_DIFFIE_HELLMAN_H_
#define LOAD_TESTER_DIFFIE_HELLMAN_H_
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
typedef struct load_tester_diffie_hellman_t load_tester_diffie_hellman_t;
struct load_tester_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
- * Creates a new gmp_diffie_hellman_t object.
+ * Creates a new load_tester_diffie_hellman_t object.
*
* @param group Diffie Hellman group, supports MODP_NULL only
- * @return gmp_diffie_hellman_t object
+ * @return load_tester_diffie_hellman_t object
*/
load_tester_diffie_hellman_t *load_tester_diffie_hellman_create(
- diffie_hellman_group_t group);
+ key_exchange_method_t group);
#endif /** LOAD_TESTER_DIFFIE_HELLMAN_H_ @}*/
private_load_tester_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
- PLUGIN_REGISTER(DH, load_tester_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_NULL),
+ PLUGIN_REGISTER(KE, load_tester_diffie_hellman_create),
+ PLUGIN_PROVIDE(KE, MODP_NULL),
PLUGIN_DEPENDS(CUSTOM, "load-tester"),
PLUGIN_CALLBACK((plugin_feature_callback_t)register_load_tester, NULL),
PLUGIN_PROVIDE(CUSTOM, "load-tester"),
fprintf(out, "_%u", ks);
}
}
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD,
&alg, NULL))
{
- fprintf(out, "/%N", diffie_hellman_group_names, alg);
+ fprintf(out, "/%N", key_exchange_method_names, alg);
}
if (proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
&alg, NULL) && alg == EXT_SEQ_NUMBERS)
ext_out_function_t xof;
key_derivation_function_t kdf;
drbg_type_t drbg;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
rng_quality_t quality;
const char *plugin_name;
int len;
enumerator->destroy(enumerator);
fprintf(out, "\n dh-group: ");
len = 13;
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
- print_alg(out, &len, diffie_hellman_group_names, group, plugin_name);
+ print_alg(out, &len, key_exchange_method_names, group, plugin_name);
}
enumerator->destroy(enumerator);
fprintf(out, "\n random-gen:");
b->add_kv(b, "integ-keysize", "%u", ks);
}
}
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD,
&alg, NULL))
{
- b->add_kv(b, "dh-group", "%N", diffie_hellman_group_names, alg);
+ b->add_kv(b, "dh-group", "%N", key_exchange_method_names, alg);
}
if (proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
&alg, NULL) && alg == EXT_SEQ_NUMBERS)
{
b->add_kv(b, "prf-alg", "%N", pseudo_random_function_names, alg);
}
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &alg, NULL))
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD, &alg, NULL))
{
- b->add_kv(b, "dh-group", "%N", diffie_hellman_group_names, alg);
+ b->add_kv(b, "dh-group", "%N", key_exchange_method_names, alg);
}
}
add_condition(b, ike_sa, "ppk", COND_PPK);
ext_out_function_t xof;
key_derivation_function_t kdf;
drbg_type_t drbg;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
rng_quality_t quality;
const char *plugin_name;
b->end_section(b);
b->begin_section(b, "dh");
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
- add_algorithm(b, diffie_hellman_group_names, group, plugin_name);
+ add_algorithm(b, key_exchange_method_names, group, plugin_name);
}
enumerator->destroy(enumerator);
b->end_section(b);
* Described in header.
*/
authenticator_t *authenticator_create_v1(ike_sa_t *ike_sa, bool initiator,
- auth_method_t auth_method, diffie_hellman_t *dh,
+ auth_method_t auth_method, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload)
{
* @return authenticator, NULL if not supported
*/
authenticator_t *authenticator_create_v1(ike_sa_t *ike_sa, bool initiator,
- auth_method_t auth_method, diffie_hellman_t *dh,
+ auth_method_t auth_method, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload);
* Described in header.
*/
hybrid_authenticator_t *hybrid_authenticator_create(ike_sa_t *ike_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload)
{
* @return hybrid authenticator
*/
hybrid_authenticator_t *hybrid_authenticator_create(ike_sa_t *ike_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload);
/**
* DH key exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Others DH public value
keymat_v1_t *keymat;
chunk_t hash, dh;
- if (!this->dh->get_my_public_value(this->dh, &dh))
+ if (!this->dh->get_public_key(this->dh, &dh))
{
return FAILED;
}
return FAILED;
}
- if (!this->dh->get_my_public_value(this->dh, &dh))
+ if (!this->dh->get_public_key(this->dh, &dh))
{
return FAILED;
}
* Described in header.
*/
psk_v1_authenticator_t *psk_v1_authenticator_create(ike_sa_t *ike_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload, bool hybrid)
{
* @return PSK authenticator
*/
psk_v1_authenticator_t *psk_v1_authenticator_create(ike_sa_t *ike_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload, bool hybrid);
/**
* DH key exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Others DH public value
return NOT_FOUND;
}
- if (!this->dh->get_my_public_value(this->dh, &dh))
+ if (!this->dh->get_public_key(this->dh, &dh))
{
private->destroy(private);
return FAILED;
}
id = this->ike_sa->get_other_id(this->ike_sa);
- if (!this->dh->get_my_public_value(this->dh, &dh))
+ if (!this->dh->get_public_key(this->dh, &dh))
{
return FAILED;
}
* Described in header.
*/
pubkey_v1_authenticator_t *pubkey_v1_authenticator_create(ike_sa_t *ike_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload, key_type_t type)
{
* @return pubkey authenticator
*/
pubkey_v1_authenticator_t *pubkey_v1_authenticator_create(ike_sa_t *ike_sa,
- bool initiator, diffie_hellman_t *dh,
+ bool initiator, key_exchange_t *dh,
chunk_t dh_value, chunk_t sa_payload,
chunk_t id_payload, key_type_t type);
}
METHOD(keymat_v1_t, derive_ike_keys, bool,
- private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+ private_keymat_v1_t *this, proposal_t *proposal, key_exchange_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
auth_method_t auth, shared_key_t *shared_key)
{
return FALSE;
}
- if (!dh->get_my_public_value(dh, &dh_me))
+ if (!dh->get_public_key(dh, &dh_me))
{
return FALSE;
}
}
METHOD(keymat_v1_t, derive_child_keys, bool,
- private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+ private_keymat_v1_t *this, proposal_t *proposal, key_exchange_t *dh,
uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r,
chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r)
{
return IKEV1;
}
-METHOD(keymat_t, create_dh, diffie_hellman_t*,
- private_keymat_v1_t *this, diffie_hellman_group_t group)
+METHOD(keymat_t, create_ke, key_exchange_t*,
+ private_keymat_v1_t *this, key_exchange_method_t method)
{
- return lib->crypto->create_dh(lib->crypto, group);
+ return lib->crypto->create_ke(lib->crypto, method);
}
METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
.public = {
.keymat = {
.get_version = _get_version,
- .create_dh = _create_dh,
+ .create_ke = _create_ke,
.create_nonce_gen = _create_nonce_gen,
.get_aead = _get_aead,
.destroy = _destroy,
* crypters and authentication functions.
*
* @param proposal selected algorithms
- * @param dh diffie hellman key allocated by create_dh()
+ * @param dh diffie hellman key allocated by create_ke()
* @param dh_other public DH value from other peer
* @param nonce_i initiators nonce value
* @param nonce_r responders nonce value
* @return TRUE on success
*/
bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
- diffie_hellman_t *dh, chunk_t dh_other,
+ key_exchange_t *dh, chunk_t dh_other,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
auth_method_t auth, shared_key_t *shared_key);
* @param integ_r allocated responders integrity key
*/
bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal,
- diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r,
+ key_exchange_t *dh, uint32_t spi_i, uint32_t spi_r,
chunk_t nonce_i, chunk_t nonce_r,
chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r);
/**
* DH exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Keymat derivation (from SA)
}
METHOD(phase1_t, create_dh, bool,
- private_phase1_t *this, diffie_hellman_group_t group)
+ private_phase1_t *this, key_exchange_method_t group)
{
- this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat, group);
+ this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat, group);
return this->dh != NULL;
}
nonce_gen_t *nonceg;
chunk_t nonce;
- ke_payload = ke_payload_create_from_diffie_hellman(PLV1_KEY_EXCHANGE,
- this->dh);
+ ke_payload = ke_payload_create_from_key_exchange(PLV1_KEY_EXCHANGE,
+ this->dh);
if (!ke_payload)
{
DBG1(DBG_IKE, "creating KE payload failed");
return FALSE;
}
this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload));
- if (!this->dh->set_other_public_value(this->dh, this->dh_value))
+ if (!this->dh->set_public_key(this->dh, this->dh_value))
{
DBG1(DBG_IKE, "unable to apply received KE value");
return FALSE;
typedef struct phase1_t phase1_t;
#include <sa/ike_sa.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
/**
* Common phase 1 helper for main and aggressive mode.
* @param group negotiated DH group
* @return TRUE if group supported
*/
- bool (*create_dh)(phase1_t *this, diffie_hellman_group_t group);
+ bool (*create_dh)(phase1_t *this, key_exchange_method_t group);
/**
* Derive key material.
message->add_payload(message, &sa_payload->payload_interface);
- group = this->ike_cfg->get_dh_group(this->ike_cfg);
+ group = this->ike_cfg->get_ke_method(this->ike_cfg);
if (group == MODP_NONE)
{
DBG1(DBG_IKE, "DH group selection failed");
if (!this->ph1->create_dh(this->ph1, group))
{
DBG1(DBG_IKE, "DH group %N not supported",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, group);
return FAILED;
}
if (!this->ph1->add_nonce_ke(this->ph1, message))
}
if (!this->proposal->get_algorithm(this->proposal,
- DIFFIE_HELLMAN_GROUP, &group, NULL))
+ KEY_EXCHANGE_METHOD, &group, NULL))
{
DBG1(DBG_IKE, "DH group selection failed");
return send_notify(this, INVALID_KEY_INFORMATION);
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
if (!this->proposal->get_algorithm(this->proposal,
- DIFFIE_HELLMAN_GROUP, &group, NULL))
+ KEY_EXCHANGE_METHOD, &group, NULL))
{
DBG1(DBG_IKE, "DH group selection failed");
return send_notify(this, NO_PROPOSAL_CHOSEN);
return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!this->proposal->get_algorithm(this->proposal,
- DIFFIE_HELLMAN_GROUP, &group, NULL))
+ KEY_EXCHANGE_METHOD, &group, NULL))
{
DBG1(DBG_IKE, "DH group selection failed");
return send_notify(this, INVALID_KEY_INFORMATION);
/**
* DH exchange, when PFS is in use
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Negotiated lifetime of new SA
{
ke_payload_t *ke_payload;
- ke_payload = ke_payload_create_from_diffie_hellman(PLV1_KEY_EXCHANGE,
- this->dh);
+ ke_payload = ke_payload_create_from_key_exchange(PLV1_KEY_EXCHANGE,
+ this->dh);
if (!ke_payload)
{
DBG1(DBG_IKE, "creating KE payload failed");
DBG1(DBG_IKE, "KE payload missing");
return FALSE;
}
- if (!this->dh->set_other_public_value(this->dh,
+ if (!this->dh->set_public_key(this->dh,
ke_payload->get_key_exchange_data(ke_payload)))
{
DBG1(DBG_IKE, "unable to apply received KE value");
* DH group, unless it is set to MODP_NONE.
*/
static linked_list_t *get_proposals(private_quick_mode_t *this,
- diffie_hellman_group_t group)
+ key_exchange_method_t group)
{
linked_list_t *list;
proposal_t *proposal;
{
if (group != MODP_NONE)
{
- if (!proposal->has_dh_group(proposal, group))
+ if (!proposal->has_ke_method(proposal, group))
{
list->remove_at(list, enumerator);
proposal->destroy(proposal);
continue;
}
- proposal->promote_dh_group(proposal, group);
+ proposal->promote_ke_method(proposal, group);
}
proposal->set_spi(proposal, this->spi_i);
}
sa_payload_t *sa_payload;
linked_list_t *list, *tsi, *tsr;
proposal_t *proposal;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
encap_t encap;
this->mode = this->config->get_mode(this->config);
return FAILED;
}
- group = this->config->get_dh_group(this->config);
+ group = this->config->get_ke_method(this->config);
if (group != MODP_NONE)
{
proposal_t *proposal;
uint16_t preferred_group;
proposal = this->ike_sa->get_proposal(this->ike_sa);
- proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD,
&preferred_group, NULL);
/* try the negotiated DH group from IKE_SA */
list = get_proposals(this, preferred_group);
list = get_proposals(this, group);
}
- this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
+ this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
group);
if (!this->dh)
{
DBG1(DBG_IKE, "configured DH group %N not supported",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, group);
list->destroy_offset(list, offsetof(proposal_t, destroy));
return FAILED;
}
}
if (this->proposal->get_algorithm(this->proposal,
- DIFFIE_HELLMAN_GROUP, &group, NULL))
+ KEY_EXCHANGE_METHOD, &group, NULL))
{
- this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
+ this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
group);
if (!this->dh)
{
DBG1(DBG_IKE, "negotiated DH group %N not supported",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, group);
return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!get_ke(this, message))
return IKEV2;
}
-METHOD(keymat_t, create_dh, diffie_hellman_t*,
- private_keymat_v2_t *this, diffie_hellman_group_t group)
+METHOD(keymat_t, create_ke, key_exchange_t*,
+ private_keymat_v2_t *this, key_exchange_method_t method)
{
- return lib->crypto->create_dh(lib->crypto, group);
+ return lib->crypto->create_ke(lib->crypto, method);
}
METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
}
METHOD(keymat_v2_t, derive_ike_keys, bool,
- private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+ private_keymat_v2_t *this, proposal_t *proposal, key_exchange_t *dh,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
}
METHOD(keymat_v2_t, derive_child_keys, bool,
- private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+ private_keymat_v2_t *this, proposal_t *proposal, key_exchange_t *dh,
chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r)
{
.public = {
.keymat = {
.get_version = _get_version,
- .create_dh = _create_dh,
+ .create_ke = _create_ke,
.create_nonce_gen = _create_nonce_gen,
.get_aead = _get_aead,
.destroy = _destroy,
* crypters and authentication functions.
*
* @param proposal selected algorithms
- * @param dh diffie hellman key allocated by create_dh()
+ * @param dh diffie hellman key allocated by create_ke()
* @param nonce_i initiators nonce value
* @param nonce_r responders nonce value
* @param id IKE_SA identifier
* @return TRUE on success
*/
bool (*derive_ike_keys)(keymat_v2_t *this, proposal_t *proposal,
- diffie_hellman_t *dh, chunk_t nonce_i,
+ key_exchange_t *dh, chunk_t nonce_i,
chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function,
chunk_t rekey_skd);
* If no PFS is used for the CHILD_SA, dh can be NULL.
*
* @param proposal selected algorithms
- * @param dh diffie hellman key allocated by create_dh(), or NULL
+ * @param dh diffie hellman key allocated by create_ke(), or NULL
* @param nonce_i initiators nonce value
* @param nonce_r responders nonce value
* @param encr_i chunk to write initiators encryption key to
* @return TRUE on success
*/
bool (*derive_child_keys)(keymat_v2_t *this,
- proposal_t *proposal, diffie_hellman_t *dh,
+ proposal_t *proposal, key_exchange_t *dh,
chunk_t nonce_i, chunk_t nonce_r,
chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r);
#include <daemon.h>
#include <sa/ikev2/keymat_v2.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
#include <credentials/certificates/x509.h>
#include <encoding/payloads/sa_payload.h>
#include <encoding/payloads/ke_payload.h>
/**
* optional diffie hellman exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Applying DH public value failed?
/**
* group used for DH exchange
*/
- diffie_hellman_group_t dh_group;
+ key_exchange_method_t dh_group;
/**
* IKE_SAs keymat
if (this->dh_group != MODP_NONE)
{ /* proposals that don't contain the selected group are
* moved to the back */
- if (!proposal->promote_dh_group(proposal, this->dh_group))
+ if (!proposal->promote_ke_method(proposal, this->dh_group))
{
this->proposals->remove_at(this->proposals, enumerator);
other_dh_groups->insert_last(other_dh_groups, proposal);
if (no_dh)
{
- flags |= PROPOSAL_SKIP_DH;
+ flags |= PROPOSAL_SKIP_KE;
}
if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN) &&
!lib->settings->get_bool(lib->settings, "%s.accept_private_algs",
}
this->child_sa->set_proposal(this->child_sa, this->proposal);
- if (!this->proposal->has_dh_group(this->proposal, this->dh_group))
+ if (!this->proposal->has_ke_method(this->proposal, this->dh_group))
{
uint16_t group;
- if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
+ if (this->proposal->get_algorithm(this->proposal, KEY_EXCHANGE_METHOD,
&group, NULL))
{
DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N",
- diffie_hellman_group_names, this->dh_group,
- diffie_hellman_group_names, group);
+ key_exchange_method_names, this->dh_group,
+ key_exchange_method_names, group);
this->dh_group = group;
return INVALID_ARG;
}
/* diffie hellman exchange, if PFS enabled */
if (this->dh)
{
- ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
- this->dh);
+ ke_payload = ke_payload_create_from_key_exchange(PLV2_KEY_EXCHANGE,
+ this->dh);
if (!ke_payload)
{
DBG1(DBG_IKE, "creating KE payload failed");
ke_payload = (ke_payload_t*)payload;
if (!this->initiator)
{
- this->dh_group = ke_payload->get_dh_group_number(ke_payload);
- this->dh = this->keymat->keymat.create_dh(
+ this->dh_group = ke_payload->get_key_exchange_method(
+ ke_payload);
+ this->dh = this->keymat->keymat.create_ke(
&this->keymat->keymat, this->dh_group);
}
else if (this->dh)
{
- this->dh_failed = this->dh->get_dh_group(this->dh) !=
- ke_payload->get_dh_group_number(ke_payload);
+ this->dh_failed = this->dh->get_method(this->dh) !=
+ ke_payload->get_key_exchange_method(ke_payload);
}
if (this->dh && !this->dh_failed)
{
- this->dh_failed = !this->dh->set_other_public_value(this->dh,
+ this->dh_failed = !this->dh->set_public_key(this->dh,
ke_payload->get_key_exchange_data(ke_payload));
}
break;
}
if (!this->retry && this->dh_group == MODP_NONE)
{ /* during a rekeying the group might already be set */
- this->dh_group = this->config->get_dh_group(this->config);
+ this->dh_group = this->config->get_ke_method(this->config);
}
break;
case IKE_AUTH:
{
DBG1(DBG_IKE, "requested DH group %N not contained in any of our "
"proposals",
- diffie_hellman_group_names, this->dh_group);
+ key_exchange_method_names, this->dh_group);
return FAILED;
}
if (this->dh_group != MODP_NONE)
{
- this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
+ this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
this->dh_group);
}
if (this->retry)
{
DBG1(DBG_IKE, "already retried with DH group %N, "
- "ignore requested %N", diffie_hellman_group_names,
- this->dh_group, diffie_hellman_group_names, group);
+ "ignore requested %N", key_exchange_method_names,
+ this->dh_group, key_exchange_method_names, group);
handle_child_sa_failure(this, message);
/* an error in CHILD_SA creation is not critical */
return SUCCESS;
}
DBG1(DBG_IKE, "peer didn't accept DH group %N, "
- "it requested %N", diffie_hellman_group_names,
- this->dh_group, diffie_hellman_group_names, group);
+ "it requested %N", key_exchange_method_names,
+ this->dh_group, key_exchange_method_names, group);
this->retry = TRUE;
this->dh_group = group;
this->child_sa->set_state(this->child_sa, CHILD_RETRYING);
}
METHOD(child_create_t, use_dh_group, void,
- private_child_create_t *this, diffie_hellman_group_t dh_group)
+ private_child_create_t *this, key_exchange_method_t dh_group)
{
this->dh_group = dh_group;
}
*
* @param dh_group DH group to use
*/
- void (*use_dh_group)(child_create_t *this, diffie_hellman_group_t dh_group);
+ void (*use_dh_group)(child_create_t *this, key_exchange_method_t dh_group);
/**
* Get the lower of the two nonces, used for rekey collisions.
config->get_ref(config), TRUE, NULL, NULL);
proposal = this->child_sa->get_proposal(this->child_sa);
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD,
&dh_group, NULL))
{ /* reuse the DH group negotiated previously */
this->child_create->use_dh_group(this->child_create, dh_group);
#include <bio/bio_reader.h>
#include <bio/bio_writer.h>
#include <sa/ikev2/keymat_v2.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
#include <crypto/hashers/hash_algorithm_set.h>
#include <encoding/payloads/sa_payload.h>
#include <encoding/payloads/ke_payload.h>
/**
* diffie hellman group to use
*/
- diffie_hellman_group_t dh_group;
+ key_exchange_method_t dh_group;
/**
* diffie hellman key exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Applying DH public value failed?
proposal->set_spi(proposal, id->get_initiator_spi(id));
}
/* move the selected DH group to the front of the proposal */
- if (!proposal->promote_dh_group(proposal, this->dh_group))
+ if (!proposal->promote_ke_method(proposal, this->dh_group))
{ /* the proposal does not include the group, move to the back */
proposal_list->remove_at(proposal_list, enumerator);
other_dh_groups->insert_last(other_dh_groups, proposal);
}
message->add_payload(message, (payload_t*)sa_payload);
- ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
- this->dh);
+ ke_payload = ke_payload_create_from_key_exchange(PLV2_KEY_EXCHANGE,
+ this->dh);
if (!ke_payload)
{
DBG1(DBG_IKE, "creating KE payload failed");
{
ke_payload = (ke_payload_t*)payload;
- this->dh_group = ke_payload->get_dh_group_number(ke_payload);
+ this->dh_group = ke_payload->get_key_exchange_method(ke_payload);
break;
}
case PLV2_NONCE:
}
if (ke_payload && this->proposal &&
- this->proposal->has_dh_group(this->proposal, this->dh_group))
+ this->proposal->has_ke_method(this->proposal, this->dh_group))
{
if (!this->initiator)
{
- this->dh = this->keymat->keymat.create_dh(
+ this->dh = this->keymat->keymat.create_ke(
&this->keymat->keymat, this->dh_group);
}
else if (this->dh)
{
- this->dh_failed = this->dh->get_dh_group(this->dh) != this->dh_group;
+ this->dh_failed = this->dh->get_method(this->dh) != this->dh_group;
}
if (this->dh && !this->dh_failed)
{
- this->dh_failed = !this->dh->set_other_public_value(this->dh,
+ this->dh_failed = !this->dh->set_public_key(this->dh,
ke_payload->get_key_exchange_data(ke_payload));
}
}
uint16_t dh_group;
proposal = this->old_sa->get_proposal(this->old_sa);
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+ if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD,
&dh_group, NULL))
{
this->dh_group = dh_group;
}
else
{ /* this shouldn't happen, but let's be safe */
- this->dh_group = ike_cfg->get_dh_group(ike_cfg);
+ this->dh_group = ike_cfg->get_ke_method(ike_cfg);
}
}
else
{
- this->dh_group = ike_cfg->get_dh_group(ike_cfg);
+ this->dh_group = ike_cfg->get_ke_method(ike_cfg);
}
- this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
+ this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
this->dh_group);
if (!this->dh)
{
DBG1(DBG_IKE, "configured DH group %N not supported",
- diffie_hellman_group_names, this->dh_group);
+ key_exchange_method_names, this->dh_group);
return FAILED;
}
}
- else if (this->dh->get_dh_group(this->dh) != this->dh_group)
+ else if (this->dh->get_method(this->dh) != this->dh_group)
{ /* reset DH instance if group changed (INVALID_KE_PAYLOAD) */
this->dh->destroy(this->dh);
- this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
+ this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
this->dh_group);
if (!this->dh)
{
DBG1(DBG_IKE, "requested DH group %N not supported",
- diffie_hellman_group_names, this->dh_group);
+ key_exchange_method_names, this->dh_group);
return FAILED;
}
}
}
if (this->dh == NULL ||
- !this->proposal->has_dh_group(this->proposal, this->dh_group))
+ !this->proposal->has_ke_method(this->proposal, this->dh_group))
{
uint16_t group;
- if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
+ if (this->proposal->get_algorithm(this->proposal, KEY_EXCHANGE_METHOD,
&group, NULL))
{
DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N",
- diffie_hellman_group_names, this->dh_group,
- diffie_hellman_group_names, group);
+ key_exchange_method_names, this->dh_group,
+ key_exchange_method_names, group);
this->dh_group = group;
group = htons(group);
message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
case INVALID_KE_PAYLOAD:
{
chunk_t data;
- diffie_hellman_group_t bad_group;
+ key_exchange_method_t bad_group;
bad_group = this->dh_group;
data = notify->get_notification_data(notify);
this->dh_group = ntohs(*((uint16_t*)data.ptr));
DBG1(DBG_IKE, "peer didn't accept DH group %N, "
- "it requested %N", diffie_hellman_group_names,
- bad_group, diffie_hellman_group_names, this->dh_group);
+ "it requested %N", key_exchange_method_names,
+ bad_group, key_exchange_method_names, this->dh_group);
if (this->old_sa == NULL)
{ /* reset the IKE_SA if we are not rekeying */
}
if (this->dh == NULL ||
- !this->proposal->has_dh_group(this->proposal, this->dh_group))
+ !this->proposal->has_ke_method(this->proposal, this->dh_group))
{
DBG1(DBG_IKE, "peer DH group selection invalid");
return FAILED;
ike_version_t (*get_version)(keymat_t *this);
/**
- * Create a diffie hellman object for key agreement.
+ * Create a key exchange object for key agreement.
*
- * The diffie hellman is either for IKE negotiation/rekeying or
- * CHILD_SA rekeying (using PFS). The resulting DH object must be passed
- * to derive_keys or to derive_child_keys and destroyed after use.
+ * The key exchange is either for IKE negotiation/rekeying or
+ * CHILD_SA rekeying (using PFS). The resulting object must be passed
+ * to derive_ike_keys() or to derive_child_keys() and destroyed after use.
*
- * Only DH objects allocated through this method are passed to other
- * keymat_t methods, allowing private DH implementations. In some cases
- * (such as retrying with a COOKIE), a DH object allocated from a different
+ * Only objects allocated through this method are passed to other
+ * keymat_t methods, allowing private KE implementations. In some cases
+ * (such as retrying with a COOKIE), a KE object allocated from a different
* keymat_t instance may be passed to other methods.
*
- * @param group diffie hellman group
- * @return DH object, NULL if group not supported
+ * @param method key exchange method
+ * @return key exchange object, NULL if method not supported
*/
- diffie_hellman_t* (*create_dh)(keymat_t *this,
- diffie_hellman_group_t group);
+ key_exchange_t* (*create_ke)(keymat_t *this, key_exchange_method_t method);
/**
* Create a nonce generator object.
chunk_t chunk, exp;
keymat_t keymat = {
.get_version = _get_version,
- .create_dh = (void*)return_null,
+ .create_ke = (void*)return_null,
.create_nonce_gen = (void*)return_null,
.get_aead = _get_aead,
};
private_exchange_test_helper_t *this;
private_backend_t *backend;
plugin_feature_t features[] = {
- PLUGIN_REGISTER(DH, mock_dh_create),
+ PLUGIN_REGISTER(KE, mock_dh_create),
/* we only need to support a limited number of DH groups */
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
+ PLUGIN_PROVIDE(KE, ECP_256_BIT),
PLUGIN_REGISTER(NONCE_GEN, create_nonce_gen),
PLUGIN_PROVIDE(NONCE_GEN),
PLUGIN_DEPENDS(RNG, RNG_WEAK),
/**
* Public interface
*/
- diffie_hellman_t public;
+ key_exchange_t public;
/**
- * Instantiated DH group
+ * Instantiated key exchagne method
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t method;
};
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_clone(mock_key);
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_diffie_hellman_t *this, chunk_t value)
{
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_diffie_hellman_t *this, chunk_t *secret)
{
*secret = chunk_clone(mock_key);
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_diffie_hellman_t *this)
{
- return this->group;
+ return this->method;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_diffie_hellman_t *this)
{
free(this);
/**
* See header
*/
-diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group)
+key_exchange_t *mock_dh_create(key_exchange_method_t method)
{
private_diffie_hellman_t *this;
INIT(this,
.public = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
- .group = group,
+ .method = method,
);
return &this->public;
}
#ifndef MOCK_DH_H_
#define MOCK_DH_H_
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
/**
- * Creates a diffie_hellman_t object.
+ * Creates a key_exchange_t object.
*
- * @param group Diffie Hellman group, supports MODP_NULL only
+ * @param method key_exchange method, supports MODP_NULL only
* @return created object
*/
-diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group);
+key_exchange_t *mock_dh_create(key_exchange_method_t method);
#endif /** MOCK_DH_H_ @}*/
/**
* PTS Diffie-Hellman Secret
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* PTS Diffie-Hellman Initiator Nonce
METHOD(pts_t, create_dh_nonce, bool,
private_pts_t *this, pts_dh_group_t group, int nonce_len)
{
- diffie_hellman_group_t dh_group;
+ key_exchange_method_t dh_group;
chunk_t *nonce;
rng_t *rng;
dh_group = pts_dh_group_to_ike(group);
DBG2(DBG_PTS, "selected PTS DH group is %N",
- diffie_hellman_group_names, dh_group);
+ key_exchange_method_names, dh_group);
DESTROY_IF(this->dh);
- this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
+ this->dh = lib->crypto->create_ke(lib->crypto, dh_group);
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
METHOD(pts_t, get_my_public_value, bool,
private_pts_t *this, chunk_t *value, chunk_t *nonce)
{
- if (!this->dh->get_my_public_value(this->dh, value))
+ if (!this->dh->get_public_key(this->dh, value))
{
return FALSE;
}
METHOD(pts_t, set_peer_public_value, bool,
private_pts_t *this, chunk_t value, chunk_t nonce)
{
- if (!this->dh->set_other_public_value(this->dh, value))
+ if (!this->dh->set_public_key(this->dh, value))
{
return FALSE;
}
bool pts_dh_group_probe(pts_dh_group_t *dh_groups, bool mandatory_dh_groups)
{
enumerator_t *enumerator;
- diffie_hellman_group_t dh_group;
+ key_exchange_method_t dh_group;
const char *plugin_name;
char format1[] = " %s PTS DH group %N[%s] available";
char format2[] = " %s PTS DH group %N not available";
*dh_groups = PTS_DH_GROUP_NONE;
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &dh_group, &plugin_name))
{
if (dh_group == MODP_1024_BIT)
{
*dh_groups |= PTS_DH_GROUP_IKE2;
- DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ DBG2(DBG_PTS, format1, "optional ", key_exchange_method_names,
dh_group, plugin_name);
}
else if (dh_group == MODP_1536_BIT)
{
*dh_groups |= PTS_DH_GROUP_IKE5;
- DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ DBG2(DBG_PTS, format1, "optional ", key_exchange_method_names,
dh_group, plugin_name);
}
else if (dh_group == MODP_2048_BIT)
{
*dh_groups |= PTS_DH_GROUP_IKE14;
- DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ DBG2(DBG_PTS, format1, "optional ", key_exchange_method_names,
dh_group, plugin_name);
}
else if (dh_group == ECP_256_BIT)
{
*dh_groups |= PTS_DH_GROUP_IKE19;
- DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names,
+ DBG2(DBG_PTS, format1, "mandatory", key_exchange_method_names,
dh_group, plugin_name);
}
else if (dh_group == ECP_384_BIT)
{
*dh_groups |= PTS_DH_GROUP_IKE20;
- DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ DBG2(DBG_PTS, format1, "optional ", key_exchange_method_names,
dh_group, plugin_name);
}
}
}
if (mandatory_dh_groups)
{
- DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
+ DBG1(DBG_PTS, format2, "mandatory", key_exchange_method_names,
ECP_256_BIT);
return FALSE;
}
/**
* Described in header.
*/
-diffie_hellman_group_t pts_dh_group_to_ike(pts_dh_group_t dh_group)
+key_exchange_method_t pts_dh_group_to_ike(pts_dh_group_t dh_group)
{
switch (dh_group)
{
#define PTS_DH_GROUP_H_
#include <library.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
typedef enum pts_dh_group_t pts_dh_group_t;
pts_dh_group_t offered_groups);
/**
- * Convert pts_dh_group_t to diffie_hellman_group_t
+ * Convert pts_dh_group_t to key_exchange_method_t
*
* @param dh_group PTS DH group type
* @return IKE DH group type
*/
-diffie_hellman_group_t pts_dh_group_to_ike(pts_dh_group_t dh_group);
+key_exchange_method_t pts_dh_group_to_ike(pts_dh_group_t dh_group);
#endif /** PTS_DH_GROUP_H_ @}*/
crypto/rngs/rng.c crypto/rngs/rng_tester.c \
crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
-crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
+crypto/key_exchange.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \
crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
crypto/rngs/rng.c crypto/rngs/rng_tester.c \
crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
-crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
+crypto/key_exchange.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \
crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
crypto/rngs/rng.h crypto/rngs/rng_tester.h \
crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \
crypto/signers/signer.h crypto/signers/mac_signer.h \
-crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
+crypto/crypto_factory.h crypto/crypto_tester.h crypto/key_exchange.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
drbg_constructor_t create_drbg;
rng_constructor_t create_rng;
nonce_gen_constructor_t create_nonce_gen;
- dh_constructor_t create_dh;
+ ke_constructor_t create_ke;
void *create;
};
};
linked_list_t *nonce_gens;
/**
- * registered diffie hellman, as entry_t
+ * registered key exchange methods, as entry_t
*/
- linked_list_t *dhs;
+ linked_list_t *kes;
/**
* test manager to test crypto algorithms
return nonce_gen;
}
-METHOD(crypto_factory_t, create_dh, diffie_hellman_t*,
- private_crypto_factory_t *this, diffie_hellman_group_t group, ...)
+METHOD(crypto_factory_t, create_ke, key_exchange_t*,
+ private_crypto_factory_t *this, key_exchange_method_t method, ...)
{
enumerator_t *enumerator;
entry_t *entry;
- va_list args;
chunk_t g = chunk_empty, p = chunk_empty;
- diffie_hellman_t *diffie_hellman = NULL;
+ key_exchange_t *ke = NULL;
- if (group == MODP_CUSTOM)
+ if (method == MODP_CUSTOM)
{
- va_start(args, group);
- g = va_arg(args, chunk_t);
- p = va_arg(args, chunk_t);
- va_end(args);
+ VA_ARGS_GET(method, g, p);
}
this->lock->read_lock(this->lock);
- enumerator = this->dhs->create_enumerator(this->dhs);
+ enumerator = this->kes->create_enumerator(this->kes);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->algo == group)
+ if (entry->algo == method)
{
- if (this->test_on_create && group != MODP_CUSTOM &&
- !this->tester->test_dh(this->tester, group,
- entry->create_dh, NULL, entry->plugin_name))
+ if (this->test_on_create && method != MODP_CUSTOM &&
+ !this->tester->test_ke(this->tester, method,
+ entry->create_ke, NULL, entry->plugin_name))
{
continue;
}
- diffie_hellman = entry->create_dh(group, g, p);
- if (diffie_hellman)
+ ke = entry->create_ke(method, g, p);
+ if (ke)
{
break;
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
- return diffie_hellman;
+ return ke;
}
/**
this->lock->unlock(this->lock);
}
-METHOD(crypto_factory_t, add_dh, bool,
- private_crypto_factory_t *this, diffie_hellman_group_t group,
- const char *plugin_name, dh_constructor_t create)
+METHOD(crypto_factory_t, add_ke, bool,
+ private_crypto_factory_t *this, key_exchange_method_t group,
+ const char *plugin_name, ke_constructor_t create)
{
u_int speed = 0;
if (!this->test_on_add ||
- this->tester->test_dh(this->tester, group, create,
+ this->tester->test_ke(this->tester, group, create,
this->bench ? &speed : NULL, plugin_name))
{
- add_entry(this, this->dhs, group, plugin_name, 0, create);
+ add_entry(this, this->kes, group, plugin_name, 0, create);
return TRUE;
}
this->test_failures++;
return FALSE;
}
-METHOD(crypto_factory_t, remove_dh, void,
- private_crypto_factory_t *this, dh_constructor_t create)
+METHOD(crypto_factory_t, remove_ke, void,
+ private_crypto_factory_t *this, ke_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
this->lock->write_lock(this->lock);
- enumerator = this->dhs->create_enumerator(this->dhs);
+ enumerator = this->kes->create_enumerator(this->kes);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->create_dh == create)
+ if (entry->create_ke == create)
{
- this->dhs->remove_at(this->dhs, enumerator);
+ this->kes->remove_at(this->kes, enumerator);
free(entry);
}
}
return create_enumerator(this, this->drbgs, drbg_filter);
}
-CALLBACK(dh_filter, bool,
+CALLBACK(ke_filter, bool,
void *n, enumerator_t *orig, va_list args)
{
entry_t *entry;
- diffie_hellman_group_t *algo;
+ key_exchange_method_t *algo;
const char **plugin_name;
VA_ARGS_VGET(args, algo, plugin_name);
return FALSE;
}
-METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*,
+METHOD(crypto_factory_t, create_ke_enumerator, enumerator_t*,
private_crypto_factory_t *this)
{
- return create_enumerator(this, this->dhs, dh_filter);
+ return create_enumerator(this, this->kes, ke_filter);
}
CALLBACK(rng_filter, bool,
return this->tester->add_drbg_vector(this->tester, vector);
case RANDOM_NUMBER_GENERATOR:
return this->tester->add_rng_vector(this->tester, vector);
- case DIFFIE_HELLMAN_GROUP:
- return this->tester->add_dh_vector(this->tester, vector);
+ case KEY_EXCHANGE_METHOD:
+ return this->tester->add_ke_vector(this->tester, vector);
default:
DBG1(DBG_LIB, "%N test vectors not supported, ignored",
transform_type_names, type);
*valid = this->tester->test_rng(this->tester, entry->algo,
entry->create_rng, NULL, entry->plugin_name);
break;
- case DIFFIE_HELLMAN_GROUP:
- *valid = this->tester->test_dh(this->tester, entry->algo,
- entry->create_dh, NULL, entry->plugin_name);
+ case KEY_EXCHANGE_METHOD:
+ *valid = this->tester->test_ke(this->tester, entry->algo,
+ entry->create_ke, NULL, entry->plugin_name);
break;
default:
return FALSE;
case RANDOM_NUMBER_GENERATOR:
inner = this->rngs->create_enumerator(this->rngs);
break;
- case DIFFIE_HELLMAN_GROUP:
- inner = this->dhs->create_enumerator(this->dhs);
+ case KEY_EXCHANGE_METHOD:
+ inner = this->kes->create_enumerator(this->kes);
break;
default:
this->lock->unlock(this->lock);
this->drbgs->destroy(this->drbgs);
this->rngs->destroy(this->rngs);
this->nonce_gens->destroy(this->nonce_gens);
- this->dhs->destroy(this->dhs);
+ this->kes->destroy(this->kes);
this->tester->destroy(this->tester);
this->lock->destroy(this->lock);
free(this);
.create_drbg = _create_drbg,
.create_rng = _create_rng,
.create_nonce_gen = _create_nonce_gen,
- .create_dh = _create_dh,
+ .create_ke = _create_ke,
.add_crypter = _add_crypter,
.remove_crypter = _remove_crypter,
.add_aead = _add_aead,
.remove_rng = _remove_rng,
.add_nonce_gen = _add_nonce_gen,
.remove_nonce_gen = _remove_nonce_gen,
- .add_dh = _add_dh,
- .remove_dh = _remove_dh,
+ .add_ke = _add_ke,
+ .remove_ke = _remove_ke,
.create_crypter_enumerator = _create_crypter_enumerator,
.create_aead_enumerator = _create_aead_enumerator,
.create_signer_enumerator = _create_signer_enumerator,
.create_xof_enumerator = _create_xof_enumerator,
.create_kdf_enumerator = _create_kdf_enumerator,
.create_drbg_enumerator = _create_drbg_enumerator,
- .create_dh_enumerator = _create_dh_enumerator,
+ .create_ke_enumerator = _create_ke_enumerator,
.create_rng_enumerator = _create_rng_enumerator,
.create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
.add_test_vector = _add_test_vector,
.drbgs = linked_list_create(),
.rngs = linked_list_create(),
.nonce_gens = linked_list_create(),
- .dhs = linked_list_create(),
+ .kes = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.tester = crypto_tester_create(),
.test_on_add = lib->settings->get_bool(lib->settings,
#include <crypto/kdfs/kdf.h>
#include <crypto/drbgs/drbg.h>
#include <crypto/nonce_gen.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
#include <crypto/transform.h>
#define CRYPTO_MAX_ALG_LINE 120 /* characters */
typedef nonce_gen_t* (*nonce_gen_constructor_t)();
/**
- * Constructor function for diffie hellman
+ * Constructor function for key exchange methods
*
- * The DH constructor accepts additional arguments for:
+ * The key exchange method constructor accepts additional arguments for:
* - MODP_CUSTOM: chunk_t generator, chunk_t prime
*/
-typedef diffie_hellman_t* (*dh_constructor_t)(diffie_hellman_group_t group, ...);
+typedef key_exchange_t* (*ke_constructor_t)(key_exchange_method_t method, ...);
/**
* Handles crypto modules and creates instances.
nonce_gen_t* (*create_nonce_gen)(crypto_factory_t *this);
/**
- * Create a diffie hellman instance.
+ * Create a key exchange method instance.
*
- * Additional arguments are passed to the DH constructor.
+ * Additional arguments are passed to the key exchange method constructor.
*
- * @param group diffie hellman group
- * @return diffie_hellman_t instance, NULL if not supported
+ * @param method key exchange method
+ * @return key_exchange_t instance, NULL if not supported
*/
- diffie_hellman_t* (*create_dh)(crypto_factory_t *this,
- diffie_hellman_group_t group, ...);
+ key_exchange_t* (*create_ke)(crypto_factory_t *this,
+ key_exchange_method_t method, ...);
/**
* Register a crypter constructor.
nonce_gen_constructor_t create);
/**
- * Register a diffie hellman constructor.
+ * Register a key exchange method constructor.
*
- * @param group dh group to constructor
+ * @param method key exchange method to constructor
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
*/
- bool (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group,
- const char *plugin_name, dh_constructor_t create);
+ bool (*add_ke)(crypto_factory_t *this, key_exchange_method_t method,
+ const char *plugin_name, ke_constructor_t create);
/**
- * Unregister a diffie hellman constructor.
+ * Unregister a key exchange method constructor.
*
* @param create constructor function to unregister
*/
- void (*remove_dh)(crypto_factory_t *this, dh_constructor_t create);
+ void (*remove_ke)(crypto_factory_t *this, ke_constructor_t create);
/**
* Create an enumerator over all registered crypter algorithms.
enumerator_t* (*create_drbg_enumerator)(crypto_factory_t *this);
/**
- * Create an enumerator over all registered diffie hellman groups.
+ * Create an enumerator over all registered key exchange method.
*
- * @return enumerator over diffie_hellman_group_t, plugin
+ * @return enumerator over key_exchange_method_t, plugin
*/
- enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this);
+ enumerator_t* (*create_ke_enumerator)(crypto_factory_t *this);
/**
* Create an enumerator over all registered random generators.
linked_list_t *rng;
/**
- * List of Diffie-Hellman test vectors
+ * List of key exchange method test vectors
*/
- linked_list_t *dh;
+ linked_list_t *ke;
/**
* Is a test vector required to pass a test?
}
/**
- * Benchmark a DH backend
+ * Benchmark a key exchange backend
*/
-static u_int bench_dh(private_crypto_tester_t *this,
- diffie_hellman_group_t group, dh_constructor_t create)
+static u_int bench_ke(private_crypto_tester_t *this,
+ key_exchange_method_t method, ke_constructor_t create)
{
chunk_t pub = chunk_empty, shared = chunk_empty;
- diffie_hellman_t *dh;
+ key_exchange_t *ke;
struct timespec start;
u_int runs;
start_timing(&start);
while (end_timing(&start) < this->bench_time)
{
- dh = create(group);
- if (!dh)
+ ke = create(method);
+ if (!ke)
{
return 0;
}
- if (dh->get_my_public_value(dh, &pub) &&
- dh->set_other_public_value(dh, pub) &&
- dh->get_shared_secret(dh, &shared))
+ if (ke->get_public_key(ke, &pub) &&
+ ke->set_public_key(ke, pub) &&
+ ke->get_shared_secret(ke, &shared))
{
runs++;
}
chunk_free(&pub);
chunk_free(&shared);
- dh->destroy(dh);
+ ke->destroy(ke);
}
return runs;
}
-METHOD(crypto_tester_t, test_dh, bool,
- private_crypto_tester_t *this, diffie_hellman_group_t group,
- dh_constructor_t create, u_int *speed, const char *plugin_name)
+METHOD(crypto_tester_t, test_ke, bool,
+ private_crypto_tester_t *this, key_exchange_method_t method,
+ ke_constructor_t create, u_int *speed, const char *plugin_name)
{
enumerator_t *enumerator;
- dh_test_vector_t *v;
+ ke_test_vector_t *v;
bool failed = FALSE;
u_int tested = 0;
- enumerator = this->dh->create_enumerator(this->dh);
+ enumerator = this->ke->create_enumerator(this->ke);
while (enumerator->enumerate(enumerator, &v))
{
- diffie_hellman_t *a, *b;
+ key_exchange_t *a, *b;
chunk_t apub, bpub, asec, bsec;
- if (v->group != group)
+ if (v->method != method)
{
continue;
}
- a = create(group);
- b = create(group);
+ a = create(method);
+ b = create(method);
if (!a || !b)
{
DESTROY_IF(a);
failed = TRUE;
tested++;
DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
- diffie_hellman_group_names, group, plugin_name);
+ key_exchange_method_names, method, plugin_name);
break;
}
- if (!a->set_private_value || !b->set_private_value)
+ if (!a->set_private_key || !b->set_private_key)
{ /* does not support testing */
a->destroy(a);
b->destroy(b);
apub = bpub = asec = bsec = chunk_empty;
- if (!a->set_private_value(a, chunk_create(v->priv_a, v->priv_len)) ||
- !b->set_private_value(b, chunk_create(v->priv_b, v->priv_len)))
+ if (!a->set_private_key(a, chunk_create(v->priv_a, v->priv_len)) ||
+ !b->set_private_key(b, chunk_create(v->priv_b, v->priv_len)))
{
goto failure;
}
- if (!a->get_my_public_value(a, &apub) ||
+ if (!a->get_public_key(a, &apub) ||
!chunk_equals(apub, chunk_create(v->pub_a, v->pub_len)))
{
goto failure;
}
- if (!b->get_my_public_value(b, &bpub) ||
+ if (!b->get_public_key(b, &bpub) ||
!chunk_equals(bpub, chunk_create(v->pub_b, v->pub_len)))
{
goto failure;
}
- if (!a->set_other_public_value(a, bpub) ||
- !b->set_other_public_value(b, apub))
+ if (!a->set_public_key(a, bpub) ||
+ !b->set_public_key(b, apub))
{
goto failure;
}
if (failed)
{
DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
- diffie_hellman_group_names, group, plugin_name, get_name(v));
+ key_exchange_method_names, method, plugin_name, get_name(v));
break;
}
}
{
DBG1(DBG_LIB, "%s %N[%s]: no test vectors found / untestable",
this->required ? "disabled" : "enabled ",
- diffie_hellman_group_names, group, plugin_name);
+ key_exchange_method_names, method, plugin_name);
return !this->required;
}
if (!failed)
{
if (speed)
{
- *speed = bench_dh(this, group, create);
+ *speed = bench_ke(this, method, create);
DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points",
- diffie_hellman_group_names, group, plugin_name, tested, *speed);
+ key_exchange_method_names, method, plugin_name, tested, *speed);
}
else
{
DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors",
- diffie_hellman_group_names, group, plugin_name, tested);
+ key_exchange_method_names, method, plugin_name, tested);
}
}
return !failed;
this->rng->insert_last(this->rng, vector);
}
-METHOD(crypto_tester_t, add_dh_vector, void,
- private_crypto_tester_t *this, dh_test_vector_t *vector)
+METHOD(crypto_tester_t, add_ke_vector, void,
+ private_crypto_tester_t *this, ke_test_vector_t *vector)
{
- this->dh->insert_last(this->dh, vector);
+ this->ke->insert_last(this->ke, vector);
}
METHOD(crypto_tester_t, destroy, void,
this->kdf->destroy(this->kdf);
this->drbg->destroy(this->drbg);
this->rng->destroy(this->rng);
- this->dh->destroy(this->dh);
+ this->ke->destroy(this->ke);
free(this);
}
.test_kdf = _test_kdf,
.test_drbg = _test_drbg,
.test_rng = _test_rng,
- .test_dh = _test_dh,
+ .test_ke = _test_ke,
.add_crypter_vector = _add_crypter_vector,
.add_aead_vector = _add_aead_vector,
.add_signer_vector = _add_signer_vector,
.add_kdf_vector = _add_kdf_vector,
.add_drbg_vector = _add_drbg_vector,
.add_rng_vector = _add_rng_vector,
- .add_dh_vector = _add_dh_vector,
+ .add_ke_vector = _add_ke_vector,
.destroy = _destroy,
},
.crypter = linked_list_create(),
.kdf = linked_list_create(),
.drbg = linked_list_create(),
.rng = linked_list_create(),
- .dh = linked_list_create(),
+ .ke = linked_list_create(),
.required = lib->settings->get_bool(lib->settings,
"%s.crypto_test.required", FALSE, lib->ns),
typedef struct kdf_test_args_t kdf_test_args_t;
typedef struct drbg_test_vector_t drbg_test_vector_t;
typedef struct rng_test_vector_t rng_test_vector_t;
-typedef struct dh_test_vector_t dh_test_vector_t;
+typedef struct ke_test_vector_t ke_test_vector_t;
struct crypter_test_vector_t {
/** encryption algorithm this vector tests */
void *user;
};
-struct dh_test_vector_t {
- /** diffie hellman group to test */
- diffie_hellman_group_t group;
- /** private value of alice */
+struct ke_test_vector_t {
+ /** key exchange method to test */
+ key_exchange_method_t method;
+ /** private key of alice */
u_char *priv_a;
- /** private value of bob */
+ /** private key of bob */
u_char *priv_b;
- /** length of private values */
+ /** length of private keys */
size_t priv_len;
- /** expected public value of alice */
+ /** expected public key of alice */
u_char *pub_a;
- /** expected public value of bob */
+ /** expected public key of bob */
u_char *pub_b;
- /** size of public values */
+ /** size of public keys */
size_t pub_len;
/** expected shared secret */
u_char *shared;
rng_constructor_t create,
u_int *speed, const char *plugin_name);
/**
- * Test a Diffie-Hellman implementation.
+ * Test a key exchange implementation.
*
- * @param group group to test
- * @param create constructor function for the DH backend
- * @param speed speed test result, NULL to omit
+ * @param ke key exchange method to test
+ * @param create constructor function for the key exchange method
+ * @param speed speeed test result, NULL to omit
* @return TRUE if test passed
*/
- bool (*test_dh)(crypto_tester_t *this, diffie_hellman_group_t group,
- dh_constructor_t create,
+ bool (*test_ke)(crypto_tester_t *this, key_exchange_method_t ke,
+ ke_constructor_t create,
u_int *speed, const char *plugin_name);
/**
*
* @param vector pointer to test vector
*/
- void (*add_dh_vector)(crypto_tester_t *this, dh_test_vector_t *vector);
+ void (*add_ke_vector)(crypto_tester_t *this, ke_test_vector_t *vector);
/**
* Destroy a crypto_tester_t.
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2019 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
*
* for more details.
*/
-#include "diffie_hellman.h"
+#include "key_exchange.h"
-ENUM_BEGIN(diffie_hellman_group_names, MODP_NONE, MODP_1024_BIT,
+ENUM_BEGIN(key_exchange_method_names, MODP_NONE, MODP_1024_BIT,
"MODP_NONE",
"MODP_768",
"MODP_1024");
-ENUM_NEXT(diffie_hellman_group_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
+ENUM_NEXT(key_exchange_method_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
"MODP_1536");
-ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
+ENUM_NEXT(key_exchange_method_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
"MODP_2048",
"MODP_3072",
"MODP_4096",
"ECP_256",
"ECP_384",
"ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
+ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
"MODP_1024_160",
"MODP_2048_224",
"MODP_2048_256",
"ECP_512_BP",
"CURVE_25519",
"CURVE_448");
-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, CURVE_448,
+ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, CURVE_448,
"MODP_NULL");
-ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
+ENUM_NEXT(key_exchange_method_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
"NTRU_112",
"NTRU_128",
"NTRU_192",
"NTRU_256");
-ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
+ENUM_NEXT(key_exchange_method_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
"NEWHOPE_128");
-ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
+ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
"MODP_CUSTOM");
-ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
+ENUM_END(key_exchange_method_names, MODP_CUSTOM);
-ENUM_BEGIN(diffie_hellman_group_names_short, MODP_NONE, MODP_1024_BIT,
+ENUM_BEGIN(key_exchange_method_names_short, MODP_NONE, MODP_1024_BIT,
"modpnone",
"modp768",
"modp1024");
-ENUM_NEXT(diffie_hellman_group_names_short, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
+ENUM_NEXT(key_exchange_method_names_short, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
"modp1536");
-ENUM_NEXT(diffie_hellman_group_names_short, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
+ENUM_NEXT(key_exchange_method_names_short, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
"modp2048",
"modp3072",
"modp4096",
"ecp256",
"ecp384",
"ecp521");
-ENUM_NEXT(diffie_hellman_group_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT,
+ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT,
"modp1024s160",
"modp2048s224",
"modp2048s256",
"ecp512bp",
"curve25519",
"curve448");
-ENUM_NEXT(diffie_hellman_group_names_short, MODP_NULL, MODP_NULL, CURVE_448,
+ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, CURVE_448,
"modpnull");
-ENUM_NEXT(diffie_hellman_group_names_short, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
+ENUM_NEXT(key_exchange_method_names_short, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
"ntru112",
"ntru128",
"ntru192",
"ntru256");
-ENUM_NEXT(diffie_hellman_group_names_short, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
+ENUM_NEXT(key_exchange_method_names_short, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
"newhope128");
-ENUM_NEXT(diffie_hellman_group_names_short, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
+ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
"modpcustom");
-ENUM_END(diffie_hellman_group_names_short, MODP_CUSTOM);
+ENUM_END(key_exchange_method_names_short, MODP_CUSTOM);
/**
- * List of known diffie hellman group parameters.
+ * List of known Diffie-Hellman group parameters.
*/
static struct {
/* Public part of the struct */
diffie_hellman_params_t public;
/* The group identifier as specified in IKEv2 */
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
} dh_params[] = {
{
.group = MODP_768_BIT, .public = {
},
};
-/**
- * See header.
+/*
+ * Described in header
*/
void diffie_hellman_init()
{
}
}
-/**
- * Described in header.
+/*
+ * Described in header
*/
-diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
+diffie_hellman_params_t *diffie_hellman_get_params(key_exchange_method_t ke)
{
int i;
for (i = 0; i < countof(dh_params); i++)
{
- if (dh_params[i].group == group)
+ if (dh_params[i].group == ke)
{
return &dh_params[i].public;
}
return NULL;
}
-/**
- * See header.
+/*
+ * Described in header
*/
-bool diffie_hellman_group_is_ec(diffie_hellman_group_t group)
+bool key_exchange_is_ecdh(key_exchange_method_t ke)
{
- switch (group)
+ switch (ke)
{
case ECP_256_BIT:
case ECP_384_BIT:
}
}
-/**
- * See header.
+/*
+ * Described in header
*/
-bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value)
+bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
{
diffie_hellman_params_t *params;
bool valid = FALSE;
- switch (group)
+ switch (ke)
{
case MODP_768_BIT:
case MODP_1024_BIT:
case MODP_1024_160:
case MODP_2048_224:
case MODP_2048_256:
- params = diffie_hellman_get_params(group);
+ params = diffie_hellman_get_params(ke);
if (params)
{
valid = value.len == params->prime.len;
case MODP_NONE:
/* fail */
break;
- /* compile-warn unhandled groups, fail verification */
+ /* compile-warn unhandled methods, fail verification */
}
if (!valid)
{
DBG1(DBG_ENC, "invalid DH public value size (%zu bytes) for %N",
- value.len, diffie_hellman_group_names, group);
+ value.len, key_exchange_method_names, ke);
}
return valid;
}
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2019 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
*
*/
/**
- * @defgroup diffie_hellman diffie_hellman
+ * @defgroup key_exchange key_exchange
* @{ @ingroup crypto
*/
-#ifndef DIFFIE_HELLMAN_H_
-#define DIFFIE_HELLMAN_H_
+#ifndef KEY_EXCHANGE_H_
+#define KEY_EXCHANGE_H_
-typedef enum diffie_hellman_group_t diffie_hellman_group_t;
-typedef struct diffie_hellman_t diffie_hellman_t;
+typedef enum key_exchange_method_t key_exchange_method_t;
+typedef struct key_exchange_t key_exchange_t;
typedef struct diffie_hellman_params_t diffie_hellman_params_t;
#include <library.h>
/**
- * Diffie-Hellman group.
+ * Key exchange method.
*
* The modulus (or group) to use for a Diffie-Hellman calculation.
* See IKEv2 RFC 3.3.2 and RFC 3526.
* ECC Brainpool groups are defined in RFC 6954.
* Curve25519 and Curve448 groups are defined in RFC 8031.
*/
-enum diffie_hellman_group_t {
+enum key_exchange_method_t {
MODP_NONE = 0,
MODP_768_BIT = 1,
MODP_1024_BIT = 2,
};
/**
- * enum name for diffie_hellman_group_t.
+ * enum name for key_exchange_method_t.
*/
-extern enum_name_t *diffie_hellman_group_names;
+extern enum_name_t *key_exchange_method_names;
/**
- * enum names for diffie_hellman_group_t (matching proposal keywords).
+ * enum names for key_exchange_method_t (matching proposal keywords).
*/
-extern enum_name_t *diffie_hellman_group_names_short;
+extern enum_name_t *key_exchange_method_names_short;
/**
- * Implementation of the Diffie-Hellman algorithm, as in RFC2631.
+ * Implementation of a key exchange algorithms (e.g. Diffie-Hellman).
*/
-struct diffie_hellman_t {
+struct key_exchange_t {
/**
- * Returns the shared secret of this diffie hellman exchange.
+ * Returns the shared secret of this key exchange method.
*
- * Space for returned secret is allocated and must be freed by the caller.
- *
- * @param secret shared secret will be written into this chunk
+ * @param secret shared secret (allocated)
* @return TRUE if shared secret computed successfully
*/
- bool (*get_shared_secret)(diffie_hellman_t *this, chunk_t *secret)
+ bool (*get_shared_secret)(key_exchange_t *this, chunk_t *secret)
__attribute__((warn_unused_result));
/**
- * Sets the public value of partner.
- *
- * Chunk gets cloned and can be destroyed afterwards.
+ * Sets the public key from the peer.
*
- * @param value public value of partner
- * @return TRUE if other public value verified and set
+ * @param value public key of peer
+ * @return TRUE if other public key verified and set
*/
- bool (*set_other_public_value)(diffie_hellman_t *this, chunk_t value)
+ bool (*set_public_key)(key_exchange_t *this, chunk_t value)
__attribute__((warn_unused_result));
/**
- * Gets the own public value to transmit.
- *
- * Space for returned chunk is allocated and must be freed by the caller.
+ * Gets the own public key to transmit.
*
- * @param value public value of caller is stored at this location
- * @return TRUE if public value retrieved
+ * @param value public key (allocated)
+ * @return TRUE if public key retrieved
*/
- bool (*get_my_public_value) (diffie_hellman_t *this, chunk_t *value)
+ bool (*get_public_key)(key_exchange_t *this, chunk_t *value)
__attribute__((warn_unused_result));
/**
- * Set an explicit own private value to use.
+ * Set an explicit own private key to use.
*
* Calling this method is usually not required, as the DH backend generates
* an appropriate private value itself. It is optional to implement, and
- * used mostly for testing purposes.
+ * used mostly for testing purposes. The private key may be the actual key
+ * or a seed for a DRBG.
*
- * @param value private value to set
+ * @param value private key value to set
*/
- bool (*set_private_value)(diffie_hellman_t *this, chunk_t value)
+ bool (*set_private_key)(key_exchange_t *this, chunk_t value)
__attribute__((warn_unused_result));
/**
- * Get the DH group used.
+ * Get the key exchange method used.
*
- * @return DH group set in construction
+ * @return key exchange method set in construction
*/
- diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this);
+ key_exchange_method_t (*get_method)(key_exchange_t *this);
/**
- * Destroys a diffie_hellman_t object.
+ * Destroys a key_exchange_t object.
*/
- void (*destroy) (diffie_hellman_t *this);
+ void (*destroy)(key_exchange_t *this);
};
/**
- * Parameters for a specific diffie hellman group.
+ * Parameters for a specific Diffie-Hellman group.
*/
struct diffie_hellman_params_t {
void diffie_hellman_init();
/**
- * Get the parameters associated with the specified diffie hellman group.
+ * Get the parameters associated with the specified Diffie-Hellman group.
*
* Before calling this method, use diffie_hellman_init() to initialize the
* DH group table. This is usually done by library_init().
*
- * @param group DH group
+ * @param ke key exchange method (DH group)
* @return The parameters or NULL, if the group is not supported
*/
-diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group);
+diffie_hellman_params_t *diffie_hellman_get_params(key_exchange_method_t ke);
/**
- * Check if a given DH group is an ECDH group
+ * Check if a given key exchange method is an ECDH group.
*
- * @param group group to check
- * @return TRUE if group is an ECP group
+ * @param ke key exchange method to check
+ * @return TRUE if key exchange method is an ECP group
*/
-bool diffie_hellman_group_is_ec(diffie_hellman_group_t group);
+bool key_exchange_is_ecdh(key_exchange_method_t ke);
/**
- * Check if a diffie hellman public value is valid for given group.
+ * Check if a public key is valid for given key exchange method.
*
- * @param group group the value is used in
- * @param value public DH value to check
- * @return TRUE if value looks valid for group
+ * @param ke key exchange method
+ * @param value public key to check
+ * @return TRUE if value looks valid
*/
-bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value);
+bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value);
-#endif /** DIFFIE_HELLMAN_H_ @}*/
+#endif /** KEY_EXCHANGE_H_ @}*/
return found;
}
-METHOD(proposal_t, has_dh_group, bool,
- private_proposal_t *this, diffie_hellman_group_t group)
+METHOD(proposal_t, has_ke_method, bool,
+ private_proposal_t *this, key_exchange_method_t ke)
{
bool found = FALSE, any = FALSE;
enumerator_t *enumerator;
uint16_t current;
- enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP);
+ enumerator = create_enumerator(this, KEY_EXCHANGE_METHOD);
while (enumerator->enumerate(enumerator, ¤t, NULL))
{
any = TRUE;
- if (current == group)
+ if (current == ke)
{
found = TRUE;
break;
}
enumerator->destroy(enumerator);
- if (!any && group == MODP_NONE)
+ if (!any && ke == MODP_NONE)
{
found = TRUE;
}
return found;
}
-METHOD(proposal_t, promote_dh_group, bool,
- private_proposal_t *this, diffie_hellman_group_t group)
+METHOD(proposal_t, promote_ke_method, bool,
+ private_proposal_t *this, key_exchange_method_t method)
{
enumerator_t *enumerator;
entry_t *entry;
enumerator = array_create_enumerator(this->transforms);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->type == DIFFIE_HELLMAN_GROUP &&
- entry->alg == group)
+ if (entry->type == KEY_EXCHANGE_METHOD &&
+ entry->alg == method)
{
array_remove_at(this->transforms, enumerator);
found = TRUE;
if (found)
{
entry_t entry = {
- .type = DIFFIE_HELLMAN_GROUP,
- .alg = group,
+ .type = KEY_EXCHANGE_METHOD,
+ .alg = method,
};
array_insert(this->transforms, ARRAY_HEAD, &entry);
}
uint16_t alg1, alg2, ks1, ks2;
bool found = FALSE, optional = FALSE;
- if (type == DIFFIE_HELLMAN_GROUP)
+ if (type == KEY_EXCHANGE_METHOD)
{
optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
}
{
continue;
}
- if (type == DIFFIE_HELLMAN_GROUP && (flags & PROPOSAL_SKIP_DH))
+ if (type == KEY_EXCHANGE_METHOD && (flags & PROPOSAL_SKIP_KE))
{
continue;
}
{
continue;
}
- if (entry->type == DIFFIE_HELLMAN_GROUP && (flags & PROPOSAL_SKIP_DH))
+ if (entry->type == KEY_EXCHANGE_METHOD && (flags & PROPOSAL_SKIP_KE))
{
continue;
}
e = array_create_enumerator(this->transforms);
while (e->enumerate(e, &entry))
{
- if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg)
+ if (entry->type == KEY_EXCHANGE_METHOD && !entry->alg)
{
array_remove_at(this->transforms, e);
}
}
e->destroy(e);
- if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL))
+ if (!get_algorithm(this, KEY_EXCHANGE_METHOD, NULL, NULL))
{
DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals");
return FALSE;
.add_algorithm = _add_algorithm,
.create_enumerator = _create_enumerator,
.get_algorithm = _get_algorithm,
- .has_dh_group = _has_dh_group,
- .promote_dh_group = _promote_dh_group,
+ .has_ke_method = _has_ke_method,
+ .promote_ke_method = _promote_ke_method,
.select = _select_proposal,
.matches = _matches,
.get_protocol = _get_protocol,
encryption_algorithm_t encryption;
integrity_algorithm_t integrity;
pseudo_random_function_t prf;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
const char *plugin_name;
if (aead)
enumerator->destroy(enumerator);
/* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
switch (group)
case NTRU_192_BIT:
case NTRU_256_BIT:
case NH_128_BIT:
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+ add_algorithm(this, KEY_EXCHANGE_METHOD, group, 0);
break;
default:
break;
enumerator->destroy(enumerator);
/* Round 2 adds other algorithms with at least 128 bit security strength */
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
switch (group)
case MODP_4096_BIT:
case MODP_6144_BIT:
case MODP_8192_BIT:
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+ add_algorithm(this, KEY_EXCHANGE_METHOD, group, 0);
break;
default:
break;
enumerator->destroy(enumerator);
/* Round 3 adds algorithms with less than 128 bit security strength */
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
switch (group)
/* rarely used */
break;
case MODP_2048_BIT:
- add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+ add_algorithm(this, KEY_EXCHANGE_METHOD, group, 0);
break;
default:
break;
#include <crypto/transform.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
/**
* Protocol ID of a proposal.
PROPOSAL_PREFER_SUPPLIED = (1<<0),
/** Whether to skip and ignore algorithms from a private range. */
PROPOSAL_SKIP_PRIVATE = (1<<1),
- /** Whether to skip and ignore diffie hellman groups. */
- PROPOSAL_SKIP_DH = (1<<2),
+ /** Whether to skip and ignore key exchange methods. */
+ PROPOSAL_SKIP_KE = (1<<2),
};
/**
uint16_t *alg, uint16_t *key_size);
/**
- * Check if the proposal has a specific DH group.
+ * Check if the proposal has a specific key exchange method.
*
- * @param group group to check for
+ * @param method key exchange method to check for
* @return TRUE if algorithm included
*/
- bool (*has_dh_group)(proposal_t *this, diffie_hellman_group_t group);
+ bool (*has_ke_method)(proposal_t *this, key_exchange_method_t method);
/**
- * Move the given DH group to the front of the list if it was contained in
- * the proposal.
+ * Move the given key exchange method to the front of the list if it was
+ * contained in the proposal.
*
- * @param group group to promote
+ * @param method key exchange method to promote
* @return TRUE if algorithm included
*/
- bool (*promote_dh_group)(proposal_t *this, diffie_hellman_group_t group);
+ bool (*promote_ke_method)(proposal_t *this, key_exchange_method_t method);
/**
* Compare two proposals and select a matching subset.
#include <crypto/transform.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
%}
struct proposal_token {
prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0
prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0
prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0
-modpnone, DIFFIE_HELLMAN_GROUP, MODP_NONE, 0
-modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
-modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
-modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
-modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0
-modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0
-modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0
-modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0
-modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0
-modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0
-ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0
-ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
-ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
-ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
-ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
-modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0
-modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0
-modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0
-ecp224bp, DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0
-ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0
-ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0
-ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0
-curve25519, DIFFIE_HELLMAN_GROUP, CURVE_25519, 0
-x25519, DIFFIE_HELLMAN_GROUP, CURVE_25519, 0
-curve448, DIFFIE_HELLMAN_GROUP, CURVE_448, 0
-x448, DIFFIE_HELLMAN_GROUP, CURVE_448, 0
-ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0
-ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0
-ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0
-ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0
-newhope128, DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0
+modpnone, KEY_EXCHANGE_METHOD, MODP_NONE, 0
+modpnull, KEY_EXCHANGE_METHOD, MODP_NULL, 0
+modp768, KEY_EXCHANGE_METHOD, MODP_768_BIT, 0
+modp1024, KEY_EXCHANGE_METHOD, MODP_1024_BIT, 0
+modp1536, KEY_EXCHANGE_METHOD, MODP_1536_BIT, 0
+modp2048, KEY_EXCHANGE_METHOD, MODP_2048_BIT, 0
+modp3072, KEY_EXCHANGE_METHOD, MODP_3072_BIT, 0
+modp4096, KEY_EXCHANGE_METHOD, MODP_4096_BIT, 0
+modp6144, KEY_EXCHANGE_METHOD, MODP_6144_BIT, 0
+modp8192, KEY_EXCHANGE_METHOD, MODP_8192_BIT, 0
+ecp192, KEY_EXCHANGE_METHOD, ECP_192_BIT, 0
+ecp224, KEY_EXCHANGE_METHOD, ECP_224_BIT, 0
+ecp256, KEY_EXCHANGE_METHOD, ECP_256_BIT, 0
+ecp384, KEY_EXCHANGE_METHOD, ECP_384_BIT, 0
+ecp521, KEY_EXCHANGE_METHOD, ECP_521_BIT, 0
+modp1024s160, KEY_EXCHANGE_METHOD, MODP_1024_160, 0
+modp2048s224, KEY_EXCHANGE_METHOD, MODP_2048_224, 0
+modp2048s256, KEY_EXCHANGE_METHOD, MODP_2048_256, 0
+ecp224bp, KEY_EXCHANGE_METHOD, ECP_224_BP, 0
+ecp256bp, KEY_EXCHANGE_METHOD, ECP_256_BP, 0
+ecp384bp, KEY_EXCHANGE_METHOD, ECP_384_BP, 0
+ecp512bp, KEY_EXCHANGE_METHOD, ECP_512_BP, 0
+curve25519, KEY_EXCHANGE_METHOD, CURVE_25519, 0
+x25519, KEY_EXCHANGE_METHOD, CURVE_25519, 0
+curve448, KEY_EXCHANGE_METHOD, CURVE_448, 0
+x448, KEY_EXCHANGE_METHOD, CURVE_448, 0
+ntru112, KEY_EXCHANGE_METHOD, NTRU_112_BIT, 0
+ntru128, KEY_EXCHANGE_METHOD, NTRU_128_BIT, 0
+ntru192, KEY_EXCHANGE_METHOD, NTRU_192_BIT, 0
+ntru256, KEY_EXCHANGE_METHOD, NTRU_256_BIT, 0
+newhope128, KEY_EXCHANGE_METHOD, NH_128_BIT, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
"ENCRYPTION_ALGORITHM",
"PSEUDO_RANDOM_FUNCTION",
"INTEGRITY_ALGORITHM",
- "DIFFIE_HELLMAN_GROUP",
+ "KEY_EXCHANGE_METHOD",
"EXTENDED_SEQUENCE_NUMBERS");
ENUM_NEXT(transform_type_names, HASH_ALGORITHM, KEY_DERIVATION_FUNCTION,
EXTENDED_SEQUENCE_NUMBERS,
return pseudo_random_function_names;
case INTEGRITY_ALGORITHM:
return integrity_algorithm_names;
- case DIFFIE_HELLMAN_GROUP:
- return diffie_hellman_group_names;
+ case KEY_EXCHANGE_METHOD:
+ return key_exchange_method_names;
case EXTENDED_SEQUENCE_NUMBERS:
return extended_sequence_numbers_names;
case EXTENDED_OUTPUT_FUNCTION:
ENCRYPTION_ALGORITHM = 1,
PSEUDO_RANDOM_FUNCTION = 2,
INTEGRITY_ALGORITHM = 3,
- DIFFIE_HELLMAN_GROUP = 4,
+ KEY_EXCHANGE_METHOD = 4,
EXTENDED_SEQUENCE_NUMBERS = 5,
HASH_ALGORITHM = 256,
RANDOM_NUMBER_GENERATOR = 257,
/**
* Diffie Hellman group number
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* Private key
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_botan_diffie_hellman_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret);
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_botan_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_empty;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_botan_diffie_hellman_t *this, chunk_t value)
{
chunk_clear(&this->shared_secret);
return load_private_key(this, value);
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_botan_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_botan_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_botan_diffie_hellman_t *this)
{
botan_mp_destroy(this->p);
/*
* Generic internal constructor
*/
-static botan_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+static botan_diffie_hellman_t *create_generic(key_exchange_method_t group,
chunk_t g, chunk_t p, size_t exp_len)
{
private_botan_diffie_hellman_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
* Described in header.
*/
botan_diffie_hellman_t *botan_diffie_hellman_create(
- diffie_hellman_group_t group, ...)
+ key_exchange_method_t group, ...)
{
diffie_hellman_params_t *params;
chunk_t g, p;
typedef struct botan_diffie_hellman_t botan_diffie_hellman_t;
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
/**
* Implementation of the Diffie-Hellman algorithm using Botan.
struct botan_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new botan_diffie_hellman_t object.
*
- * @param group Diffie Hellman group number to use
+ * @param group Diffie-Hellman group number to use
* @param ... expects generator and prime as chunk_t if MODP_CUSTOM
* @return botan_diffie_hellman_t object,
* NULL if not supported
*/
botan_diffie_hellman_t *botan_diffie_hellman_create(
- diffie_hellman_group_t group, ...);
+ key_exchange_method_t group, ...);
#endif /** BOTAN_DIFFIE_HELLMAN_H_ @}*/
/**
* Diffie Hellman group
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* EC curve name
chunk_t shared_secret;
};
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_botan_ec_diffie_hellman_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return botan_dh_key_derivation(this->key, value, &this->shared_secret);
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_botan_ec_diffie_hellman_t *this, chunk_t *value)
{
chunk_t pkey = chunk_empty;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_botan_ec_diffie_hellman_t *this, chunk_t value)
{
botan_mp_t scalar;
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_botan_ec_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_botan_ec_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_botan_ec_diffie_hellman_t *this)
{
botan_privkey_destroy(this->key);
* Described in header.
*/
botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
- diffie_hellman_group_t group)
+ key_exchange_method_t group)
{
private_botan_ec_diffie_hellman_t *this;
botan_rng_t rng;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct botan_ec_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new botan_ec_diffie_hellman_t object.
*
- * @param group EC Diffie Hellman group number to use
+ * @param group EC Diffie-Hellman group number to use
* @return botan_ec_diffie_hellman_t object, NULL if not supported
*/
botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
- diffie_hellman_group_t group);
+ key_exchange_method_t group);
#endif /** BOTAN_EC_DIFFIE_HELLMAN_H_ @}*/
#ifdef BOTAN_HAS_DIFFIE_HELLMAN
/* MODP DH groups */
- PLUGIN_REGISTER(DH, botan_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_PROVIDE(DH, MODP_6144_BIT),
- PLUGIN_PROVIDE(DH, MODP_8192_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_160),
- PLUGIN_PROVIDE(DH, MODP_768_BIT),
- PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_REGISTER(KE, botan_diffie_hellman_create),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
+ PLUGIN_PROVIDE(KE, MODP_4096_BIT),
+ PLUGIN_PROVIDE(KE, MODP_6144_BIT),
+ PLUGIN_PROVIDE(KE, MODP_8192_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_224),
+ PLUGIN_PROVIDE(KE, MODP_2048_256),
+ PLUGIN_PROVIDE(KE, MODP_1536_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_160),
+ PLUGIN_PROVIDE(KE, MODP_768_BIT),
+ PLUGIN_PROVIDE(KE, MODP_CUSTOM),
#endif
#ifdef BOTAN_HAS_ECDH
/* EC DH groups */
- PLUGIN_REGISTER(DH, botan_ec_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, ECP_256_BIT),
- PLUGIN_PROVIDE(DH, ECP_384_BIT),
- PLUGIN_PROVIDE(DH, ECP_521_BIT),
- PLUGIN_PROVIDE(DH, ECP_256_BP),
- PLUGIN_PROVIDE(DH, ECP_384_BP),
- PLUGIN_PROVIDE(DH, ECP_512_BP),
+ PLUGIN_REGISTER(KE, botan_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(KE, ECP_256_BIT),
+ PLUGIN_PROVIDE(KE, ECP_384_BIT),
+ PLUGIN_PROVIDE(KE, ECP_521_BIT),
+ PLUGIN_PROVIDE(KE, ECP_256_BP),
+ PLUGIN_PROVIDE(KE, ECP_384_BP),
+ PLUGIN_PROVIDE(KE, ECP_512_BP),
#endif
#ifdef BOTAN_HAS_X25519
- PLUGIN_REGISTER(DH, botan_x25519_create),
- PLUGIN_PROVIDE(DH, CURVE_25519),
+ PLUGIN_REGISTER(KE, botan_x25519_create),
+ PLUGIN_PROVIDE(KE, CURVE_25519),
#endif
/* crypters */
/**
* Public interface
*/
- diffie_hellman_t public;
+ key_exchange_t public;
/**
* Private key
chunk_t shared_secret;
};
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_diffie_hellman_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(CURVE_25519, value))
+ if (!key_exchange_verify_pubkey(CURVE_25519, value))
{
return FALSE;
}
return botan_dh_key_derivation(this->key, value, &this->shared_secret);
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_diffie_hellman_t *this, chunk_t *value)
{
value->len = 0;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_diffie_hellman_t *this, chunk_t value)
{
if (value.len != 32)
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_diffie_hellman_t *this)
{
return CURVE_25519;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_diffie_hellman_t *this)
{
botan_privkey_destroy(this->key);
/*
* Described in header
*/
-diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
+key_exchange_t *botan_x25519_create(key_exchange_method_t ke)
{
private_diffie_hellman_t *this;
botan_rng_t rng;
INIT(this,
.public = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
);
/**
* Creates a new X25519 implementation using Botan.
*
- * @param group DH group, must be CURVE_25519
+ * @param ke key exchange method, must be CURVE_25519
* @return object, NULL if not supported
*/
-diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group);
+key_exchange_t *botan_x25519_create(key_exchange_method_t ke);
#endif /** BOTAN_X25519_H_ @}*/
return this->drv->set_key(this->drv, key);
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_curve25519_dh_t *this, chunk_t value)
{
if (value.len == CURVE25519_KEY_SIZE)
return FALSE;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_curve25519_dh_t *this, chunk_t *value)
{
u_char basepoint[CURVE25519_KEY_SIZE] = { 9 };
return FALSE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_curve25519_dh_t *this, chunk_t value)
{
if (value.len != CURVE25519_KEY_SIZE)
return this->drv->set_key(this->drv, value.ptr);
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_curve25519_dh_t *this, chunk_t *secret)
{
if (!this->computed)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_curve25519_dh_t *this)
{
return CURVE_25519;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_curve25519_dh_t *this)
{
this->drv->destroy(this->drv);
/*
* Described in header.
*/
-curve25519_dh_t *curve25519_dh_create(diffie_hellman_group_t group)
+curve25519_dh_t *curve25519_dh_create(key_exchange_method_t group)
{
private_curve25519_dh_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct curve25519_dh_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* @param group DH group, CURVE_25519
* @return curve25519_dh_t object, NULL on error
*/
-curve25519_dh_t *curve25519_dh_create(diffie_hellman_group_t group);
+curve25519_dh_t *curve25519_dh_create(key_exchange_method_t group);
#endif /** CURVE25519_DH_H_ @}*/
{
static plugin_feature_t f[] = {
/* X25519 DH group */
- PLUGIN_REGISTER(DH, curve25519_dh_create),
- PLUGIN_PROVIDE(DH, CURVE_25519),
+ PLUGIN_REGISTER(KE, curve25519_dh_create),
+ PLUGIN_PROVIDE(KE, CURVE_25519),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
/* Ed25519 private/public keys */
PLUGIN_REGISTER(PRIVKEY, curve25519_private_key_load, TRUE),
/**
* Diffie Hellman group number
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/*
* Generator value
size_t p_len;
};
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_gcrypt_dh_t *this, chunk_t value)
{
gcry_mpi_t p_min_1;
gcry_error_t err;
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return chunk;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_gcrypt_dh_t *this, chunk_t *value)
{
*value = export_mpi(this->ya, this->p_len);
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_gcrypt_dh_t *this, chunk_t value)
{
gcry_error_t err;
return !err;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_gcrypt_dh_t *this, chunk_t *secret)
{
if (!this->zz)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_gcrypt_dh_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_gcrypt_dh_t *this)
{
gcry_mpi_release(this->p);
/*
* Generic internal constructor
*/
-static gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
+static gcrypt_dh_t *create_generic(key_exchange_method_t group, size_t exp_len,
chunk_t g, chunk_t p)
{
private_gcrypt_dh_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
/*
* Described in header.
*/
-gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+gcrypt_dh_t *gcrypt_dh_create(key_exchange_method_t group)
{
diffie_hellman_params_t *params;
/*
* Described in header.
*/
-gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group, ...)
+gcrypt_dh_t *gcrypt_dh_create_custom(key_exchange_method_t group, ...)
{
if (group == MODP_CUSTOM)
{
struct gcrypt_dh_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* @param group Diffie Hellman group number to use
* @return gcrypt_dh_t object, NULL if not supported
*/
-gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group);
+gcrypt_dh_t *gcrypt_dh_create(key_exchange_method_t group);
/**
* Creates a new gcrypt_dh_t object for MODP_CUSTOM.
* @param ... expects generator and prime as chunk_t
* @return gcrypt_dh_t object, NULL if not supported
*/
-gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group, ...);
+gcrypt_dh_t *gcrypt_dh_create_custom(key_exchange_method_t group, ...);
#endif /** GCRYPT_DH_H_ @}*/
PLUGIN_PROVIDE(HASHER, HASH_SHA384),
PLUGIN_PROVIDE(HASHER, HASH_SHA512),
/* MODP DH groups */
- PLUGIN_REGISTER(DH, gcrypt_dh_create),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_PROVIDE(DH, MODP_6144_BIT),
- PLUGIN_PROVIDE(DH, MODP_8192_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_160),
- PLUGIN_PROVIDE(DH, MODP_768_BIT),
- PLUGIN_REGISTER(DH, gcrypt_dh_create_custom),
- PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_REGISTER(KE, gcrypt_dh_create),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
+ PLUGIN_PROVIDE(KE, MODP_4096_BIT),
+ PLUGIN_PROVIDE(KE, MODP_6144_BIT),
+ PLUGIN_PROVIDE(KE, MODP_8192_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_224),
+ PLUGIN_PROVIDE(KE, MODP_2048_256),
+ PLUGIN_PROVIDE(KE, MODP_1536_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_160),
+ PLUGIN_PROVIDE(KE, MODP_768_BIT),
+ PLUGIN_REGISTER(KE, gcrypt_dh_create_custom),
+ PLUGIN_PROVIDE(KE, MODP_CUSTOM),
/* RSA private/public key loading */
PLUGIN_REGISTER(PUBKEY, gcrypt_rsa_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
/**
* Diffie Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/*
* Generator value.
bool computed;
};
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_gmp_diffie_hellman_t *this, chunk_t value)
{
mpz_t p_min_1;
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return this->computed;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_gmp_diffie_hellman_t *this,chunk_t *value)
{
value->len = this->p_len;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_gmp_diffie_hellman_t *this, chunk_t value)
{
mpz_import(this->xa, value.len, 1, 1, 1, 0, value.ptr);
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_gmp_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_gmp_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_gmp_diffie_hellman_t *this)
{
mpz_clear(this->p);
/**
* Generic internal constructor
*/
-static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+static gmp_diffie_hellman_t *create_generic(key_exchange_method_t group,
size_t exp_len, chunk_t g, chunk_t p)
{
private_gmp_diffie_hellman_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
/*
* Described in header
*/
-gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
+gmp_diffie_hellman_t *gmp_diffie_hellman_create(key_exchange_method_t group)
{
diffie_hellman_params_t *params;
* Described in header
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
- diffie_hellman_group_t group, ...)
+ key_exchange_method_t group, ...)
{
if (group == MODP_CUSTOM)
{
struct gmp_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* @param group Diffie Hellman group number to use
* @return gmp_diffie_hellman_t object, NULL if not supported
*/
-gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group);
+gmp_diffie_hellman_t *gmp_diffie_hellman_create(key_exchange_method_t group);
/**
* Creates a new gmp_diffie_hellman_t object for MODP_CUSTOM.
* @return gmp_diffie_hellman_t object, NULL if not supported
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
- diffie_hellman_group_t group, ...);
+ key_exchange_method_t group, ...);
#endif /** GMP_DIFFIE_HELLMAN_H_ @}*/
{
static plugin_feature_t f[] = {
/* DH groups */
- PLUGIN_REGISTER(DH, gmp_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_REGISTER(KE, gmp_diffie_hellman_create),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(KE, MODP_4096_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(KE, MODP_6144_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(KE, MODP_8192_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(KE, MODP_2048_224),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(KE, MODP_2048_256),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1536_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(KE, MODP_1024_160),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(KE, MODP_768_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom),
- PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_REGISTER(KE, gmp_diffie_hellman_create_custom),
+ PLUGIN_PROVIDE(KE, MODP_CUSTOM),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
/* private/public keys */
PLUGIN_REGISTER(PRIVKEY, gmp_rsa_private_key_load, TRUE),
#include <ntt_fft.h>
#include <ntt_fft_reduce.h>
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
#include <utils/debug.h>
static const int seed_len = 32; /* 256 bits */
return r;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_newhope_ke_t *this, chunk_t *value)
{
uint16_t n, q;
}
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_newhope_ke_t *this, chunk_t *secret)
{
if (this->shared_secret.len == 0)
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_newhope_ke_t *this, chunk_t value)
{
newhope_reconciliation_t * rec;
if (value.len != poly_len + seed_len)
{
DBG1(DBG_LIB, "received %N KE payload of incorrect size",
- diffie_hellman_group_names, NH_128_BIT);
+ key_exchange_method_names, NH_128_BIT);
return FALSE;
}
a_seed = chunk_create(value.ptr + poly_len, seed_len);
if (value.len != poly_len + rec_len)
{
DBG1(DBG_LIB, "received %N KE payload of incorrect size",
- diffie_hellman_group_names, NH_128_BIT);
+ key_exchange_method_names, NH_128_BIT);
return FALSE;
}
}
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_newhope_ke_t *this)
{
return NH_128_BIT;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_newhope_ke_t *this)
{
chunk_clear(&this->shared_secret);
/*
* Described in header.
*/
-newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
+newhope_ke_t *newhope_ke_create(key_exchange_method_t ke, chunk_t g, chunk_t p)
{
private_newhope_ke_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct newhope_ke_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new newhope_ke_t object.
*
- * @param group New Hope DH group number
+ * @param ke New Hope key exchange number
* @param g not used
* @param p not used
* @return newhope_ke_t object, NULL if not supported
*/
-newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p);
+newhope_ke_t *newhope_ke_create(key_exchange_method_t ke, chunk_t g, chunk_t p);
#endif /** NEWHOPE_KE_H_ @}*/
private_newhope_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
- PLUGIN_REGISTER(DH, newhope_ke_create),
- PLUGIN_PROVIDE(DH, NH_128_BIT),
+ PLUGIN_REGISTER(KE, newhope_ke_create),
+ PLUGIN_PROVIDE(KE, NH_128_BIT),
PLUGIN_DEPENDS(XOF, XOF_SHAKE_128),
PLUGIN_DEPENDS(XOF, XOF_CHACHA20),
};
START_TEST(test_newhope_ke_good)
{
chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret;
- diffie_hellman_t *i_nh, *r_nh;
+ key_exchange_t *i_nh, *r_nh;
struct timespec start, stop;
int i;
for (i = 0; i < count; i++)
{
- i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ i_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(i_nh != NULL);
- ck_assert(i_nh->get_dh_group(i_nh) == NH_128_BIT);
+ ck_assert(i_nh->get_method(i_nh) == NH_128_BIT);
- ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+ ck_assert(i_nh->get_public_key(i_nh, &i_msg));
ck_assert(i_msg.len = 1824);
- r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ r_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(r_nh != NULL);
- ck_assert(r_nh->set_other_public_value(r_nh, i_msg));
- ck_assert(r_nh->get_my_public_value(r_nh, &r_msg));
+ ck_assert(r_nh->set_public_key(r_nh, i_msg));
+ ck_assert(r_nh->get_public_key(r_nh, &r_msg));
ck_assert(r_msg.len == 2048);
ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret));
ck_assert(r_shared_secret.len == 32);
- ck_assert(i_nh->set_other_public_value(i_nh, r_msg));
+ ck_assert(i_nh->set_public_key(i_nh, r_msg));
ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret));
ck_assert(i_shared_secret.len == 32);
ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
START_TEST(test_newhope_ke_wrong)
{
chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret;
- diffie_hellman_t *i_nh, *r_nh;
+ key_exchange_t *i_nh, *r_nh;
- i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ i_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(i_nh != NULL);
- ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+ ck_assert(i_nh->get_public_key(i_nh, &i_msg));
- r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ r_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(r_nh != NULL);
- ck_assert(r_nh->set_other_public_value(r_nh, i_msg));
- ck_assert(r_nh->get_my_public_value(r_nh, &r_msg));
+ ck_assert(r_nh->set_public_key(r_nh, i_msg));
+ ck_assert(r_nh->get_public_key(r_nh, &r_msg));
/* destroy 1st instance of i_nh */
i_nh->destroy(i_nh);
chunk_free(&i_msg);
/* create 2nd instance of i_nh */
- i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ i_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(i_nh != NULL);
- ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
- ck_assert(i_nh->set_other_public_value(i_nh, r_msg));
+ ck_assert(i_nh->get_public_key(i_nh, &i_msg));
+ ck_assert(i_nh->set_public_key(i_nh, r_msg));
ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret));
ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret));
START_TEST(test_newhope_ke_fail_i)
{
- diffie_hellman_t *i_nh;
+ key_exchange_t *i_nh;
char buf_ff[2048];
int i;
for (i = 0; i < countof(r_msg); i++)
{
- i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ i_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(i_nh != NULL);
- ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
- ck_assert(!i_nh->set_other_public_value(i_nh, r_msg[i]));
+ ck_assert(i_nh->get_public_key(i_nh, &i_msg));
+ ck_assert(!i_nh->set_public_key(i_nh, r_msg[i]));
chunk_free(&i_msg);
i_nh->destroy(i_nh);
}
START_TEST(test_newhope_ke_fail_r)
{
- diffie_hellman_t *r_nh;
+ key_exchange_t *r_nh;
char buf_ff[1824];
int i;
for (i = 0; i < countof(i_msg); i++)
{
- r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ r_nh = lib->crypto->create_ke(lib->crypto, NH_128_BIT);
ck_assert(r_nh != NULL);
- ck_assert(!r_nh->set_other_public_value(r_nh, i_msg[i]));
+ ck_assert(!r_nh->set_public_key(r_nh, i_msg[i]));
r_nh->destroy(r_nh);
}
}
#include "ntru_private_key.h"
#include "ntru_public_key.h"
-#include <crypto/diffie_hellman.h>
+#include <crypto/key_exchange.h>
#include <crypto/drbgs/drbg.h>
#include <utils/debug.h>
/**
* Diffie Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* NTRU Parameter Set
drbg_t *drbg;
};
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_ntru_ke_t *this, chunk_t *value)
{
*value = chunk_empty;
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_ntru_ke_t *this, chunk_t *secret)
{
if (!this->computed || !this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_ntru_ke_t *this, chunk_t value)
{
if (this->privkey)
return this->computed;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_ntru_ke_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_ntru_ke_t *this)
{
DESTROY_IF(this->privkey);
/*
* Described in header.
*/
-ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
+ntru_ke_t *ntru_ke_create(key_exchange_method_t group, chunk_t g, chunk_t p)
{
private_ntru_ke_t *this;
const ntru_param_set_id_t *param_sets;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct ntru_ke_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* @param p not used
* @return ntru_ke_t object, NULL if not supported
*/
-ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p);
+ntru_ke_t *ntru_ke_create(key_exchange_method_t group, chunk_t g, chunk_t p);
#endif /** NTRU_KE_H_ @}*/
private_ntru_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
- PLUGIN_REGISTER(DH, ntru_ke_create),
- PLUGIN_PROVIDE(DH, NTRU_112_BIT),
+ PLUGIN_REGISTER(KE, ntru_ke_create),
+ PLUGIN_PROVIDE(KE, NTRU_112_BIT),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
- PLUGIN_PROVIDE(DH, NTRU_128_BIT),
+ PLUGIN_PROVIDE(KE, NTRU_128_BIT),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
- PLUGIN_PROVIDE(DH, NTRU_192_BIT),
+ PLUGIN_PROVIDE(KE, NTRU_192_BIT),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
- PLUGIN_PROVIDE(DH, NTRU_256_BIT),
+ PLUGIN_PROVIDE(KE, NTRU_256_BIT),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
/**
* Diffie Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
/**
chunk_t shared_secret;
};
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_openssl_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_openssl_diffie_hellman_t *this, chunk_t *value)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#endif
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_openssl_diffie_hellman_t *this, chunk_t *secret)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_openssl_diffie_hellman_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return pub;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_openssl_diffie_hellman_t *this, chunk_t value)
{
BIGNUM *priv, *g = NULL, *p = NULL, *pub = NULL;
#else /* OPENSSL_VERSION_NUMBER */
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_openssl_diffie_hellman_t *this, chunk_t value)
{
BIGNUM *privkey;
#endif /* OPENSSL_VERSION_NUMBER */
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_openssl_diffie_hellman_t *this)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
* Described in header.
*/
openssl_diffie_hellman_t *openssl_diffie_hellman_create(
- diffie_hellman_group_t group, ...)
+ key_exchange_method_t group, ...)
{
private_openssl_diffie_hellman_t *this;
BIGNUM *g, *p;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct openssl_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new openssl_diffie_hellman_t object.
*
- * @param group Diffie Hellman group number to use
+ * @param group Diffie-Hellman group number to use
* @param ... expects generator and prime as chunk_t if MODP_CUSTOM
* @return openssl_diffie_hellman_t object, NULL if not supported
*/
openssl_diffie_hellman_t *openssl_diffie_hellman_create(
- diffie_hellman_group_t group, ...);
+ key_exchange_method_t group, ...);
#endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/
/**
* Diffie Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* EC private (public) key
}
#endif /* OPENSSL_VERSION_NUMBER < ... */
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_openssl_ec_diffie_hellman_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return TRUE;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_openssl_ec_diffie_hellman_t *this, chunk_t *value)
{
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
#endif
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_openssl_ec_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len &&
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_openssl_ec_diffie_hellman_t *this)
{
return this->group;
/*
* Described in header
*/
-int openssl_ecdh_group_to_nid(diffie_hellman_group_t group)
+int openssl_ecdh_group_to_nid(key_exchange_method_t group)
{
switch (group)
{
return chunk->len;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_openssl_ec_diffie_hellman_t *this, chunk_t value)
{
BIGNUM *priv = NULL;
#else /* OPENSSL_VERSION_NUMBER */
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_openssl_ec_diffie_hellman_t *this, chunk_t value)
{
EC_KEY *key = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_openssl_ec_diffie_hellman_t *this)
{
EC_GROUP_free(this->ec_group);
/*
* Described in header
*/
-openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
+openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(key_exchange_method_t group)
{
private_openssl_ec_diffie_hellman_t *this;
int curve;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct openssl_ec_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new openssl_ec_diffie_hellman_t object.
*
- * @param group EC Diffie Hellman group number to use
- * @return openssl_ec_diffie_hellman_t object, NULL if not supported
+ * @param group EC Diffie-Hellman group number to use
+ * @return openssl_ec_diffie_hellman_t object, NULL if unsupported
*/
-openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group);
+openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(
+ key_exchange_method_t group);
/**
* Map ECDH groups to OpenSSL NIDs for the ECC curve.
* @param group ECDH group
* @return NID for the curve
*/
-int openssl_ecdh_group_to_nid(diffie_hellman_group_t group);
+int openssl_ecdh_group_to_nid(key_exchange_method_t group);
#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/
* Check if the given DH group is in the list of supported curves.
*/
static bool ecdh_group_supported(EC_builtin_curve *curves, size_t num_curves,
- diffie_hellman_group_t group)
+ key_exchange_method_t group)
{
int j;
for (i = 0; i < count; i++)
{
if (to_add[i].kind != FEATURE_PROVIDE ||
- ecdh_group_supported(curves, num_curves, to_add[i].arg.dh_group))
+ ecdh_group_supported(curves, num_curves, to_add[i].arg.ke))
{
features[(*pos)++] = to_add[i];
}
#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_DH
/* MODP DH groups */
- PLUGIN_REGISTER(DH, openssl_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_PROVIDE(DH, MODP_6144_BIT),
- PLUGIN_PROVIDE(DH, MODP_8192_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_160),
- PLUGIN_PROVIDE(DH, MODP_768_BIT),
- PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_REGISTER(KE, openssl_diffie_hellman_create),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
+ PLUGIN_PROVIDE(KE, MODP_4096_BIT),
+ PLUGIN_PROVIDE(KE, MODP_6144_BIT),
+ PLUGIN_PROVIDE(KE, MODP_8192_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_224),
+ PLUGIN_PROVIDE(KE, MODP_2048_256),
+ PLUGIN_PROVIDE(KE, MODP_1536_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_160),
+ PLUGIN_PROVIDE(KE, MODP_768_BIT),
+ PLUGIN_PROVIDE(KE, MODP_CUSTOM),
#endif
#ifndef OPENSSL_NO_RSA
/* RSA private/public key loading */
#endif
#endif /* OPENSSL_NO_ECDSA */
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH)
- PLUGIN_REGISTER(DH, openssl_x_diffie_hellman_create),
+ PLUGIN_REGISTER(KE, openssl_x_diffie_hellman_create),
/* available since 1.1.0a, but we require 1.1.1 features */
- PLUGIN_PROVIDE(DH, CURVE_25519),
+ PLUGIN_PROVIDE(KE, CURVE_25519),
/* available since 1.1.1 */
- PLUGIN_PROVIDE(DH, CURVE_448),
+ PLUGIN_PROVIDE(KE, CURVE_448),
#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_ECDH */
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
/* EdDSA private/public key loading */
static plugin_feature_t f_ecdh[] = {
#ifndef OPENSSL_NO_ECDH
/* EC DH groups */
- PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, ECP_256_BIT),
- PLUGIN_PROVIDE(DH, ECP_384_BIT),
- PLUGIN_PROVIDE(DH, ECP_521_BIT),
- PLUGIN_PROVIDE(DH, ECP_224_BIT),
- PLUGIN_PROVIDE(DH, ECP_192_BIT),
+ PLUGIN_REGISTER(KE, openssl_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(KE, ECP_256_BIT),
+ PLUGIN_PROVIDE(KE, ECP_384_BIT),
+ PLUGIN_PROVIDE(KE, ECP_521_BIT),
+ PLUGIN_PROVIDE(KE, ECP_224_BIT),
+ PLUGIN_PROVIDE(KE, ECP_192_BIT),
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
- PLUGIN_PROVIDE(DH, ECP_256_BP),
- PLUGIN_PROVIDE(DH, ECP_384_BP),
- PLUGIN_PROVIDE(DH, ECP_512_BP),
- PLUGIN_PROVIDE(DH, ECP_224_BP),
+ PLUGIN_PROVIDE(KE, ECP_256_BP),
+ PLUGIN_PROVIDE(KE, ECP_384_BP),
+ PLUGIN_PROVIDE(KE, ECP_512_BP),
+ PLUGIN_PROVIDE(KE, ECP_224_BP),
#endif /* OPENSSL_VERSION_NUMBER */
#endif /* OPENSSL_NO_ECDH */
};
#include <utils/debug.h>
-typedef struct private_diffie_hellman_t private_diffie_hellman_t;
+typedef struct private_key_exchange_t private_key_exchange_t;
/**
* Private data
*/
-struct private_diffie_hellman_t {
+struct private_key_exchange_t {
/**
* Public interface.
*/
- diffie_hellman_t public;
+ key_exchange_t public;
/**
- * Diffie Hellman group number.
+ * Key exchange method.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t ke;
/**
* Private (public) key
};
/**
- * Map a DH group to a key type
+ * Map a key exchange method to a key type
*/
-static int map_key_type(diffie_hellman_group_t group)
+static int map_key_type(key_exchange_method_t ke)
{
- switch (group)
+ switch (ke)
{
case CURVE_25519:
return EVP_PKEY_X25519;
}
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
- private_diffie_hellman_t *this, chunk_t value)
+METHOD(key_exchange_t, set_public_key, bool,
+ private_key_exchange_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->ke, value))
{
return FALSE;
}
EVP_PKEY_free(this->pub);
- this->pub = EVP_PKEY_new_raw_public_key(map_key_type(this->group), NULL,
+ this->pub = EVP_PKEY_new_raw_public_key(map_key_type(this->ke), NULL,
value.ptr, value.len);
if (!this->pub)
{
DBG1(DBG_LIB, "%N public value is malformed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->ke);
return FALSE;
}
chunk_clear(&this->shared_secret);
return TRUE;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
- private_diffie_hellman_t *this, chunk_t *value)
+METHOD(key_exchange_t, get_public_key, bool,
+ private_key_exchange_t *this, chunk_t *value)
{
size_t len;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
- private_diffie_hellman_t *this, chunk_t value)
+METHOD(key_exchange_t, set_private_key, bool,
+ private_key_exchange_t *this, chunk_t value)
{
EVP_PKEY_free(this->key);
- this->key = EVP_PKEY_new_raw_private_key(map_key_type(this->group), NULL,
+ this->key = EVP_PKEY_new_raw_private_key(map_key_type(this->ke), NULL,
value.ptr, value.len);
if (!this->key)
{
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
- private_diffie_hellman_t *this, chunk_t *secret)
+METHOD(key_exchange_t, get_shared_secret, bool,
+ private_key_exchange_t *this, chunk_t *secret)
{
if (!this->shared_secret.len &&
!openssl_compute_shared_key(this->key, this->pub, &this->shared_secret))
{
DBG1(DBG_LIB, "%N shared secret computation failed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->ke);
return FALSE;
}
*secret = chunk_clone(this->shared_secret);
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
- private_diffie_hellman_t *this)
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
+ private_key_exchange_t *this)
{
- return this->group;
+ return this->ke;
}
-METHOD(diffie_hellman_t, destroy, void,
- private_diffie_hellman_t *this)
+METHOD(key_exchange_t, destroy, void,
+ private_key_exchange_t *this)
{
EVP_PKEY_free(this->key);
EVP_PKEY_free(this->pub);
/*
* Described in header
*/
-diffie_hellman_t *openssl_x_diffie_hellman_create(diffie_hellman_group_t group)
+key_exchange_t *openssl_x_diffie_hellman_create(key_exchange_method_t ke)
{
- private_diffie_hellman_t *this;
+ private_key_exchange_t *this;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *key = NULL;
- switch (group)
+ switch (ke)
{
case CURVE_25519:
ctx = EVP_PKEY_CTX_new_id(NID_X25519, NULL);
EVP_PKEY_keygen(ctx, &key) <= 0)
{
DBG1(DBG_LIB, "generating key for %N failed",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, ke);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
INIT(this,
.public = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
- .group = group,
+ .ke = ke,
.key = key,
);
return &this->public;
#include <library.h>
/**
- * Creates a new diffie_hellman_t object.
+ * Creates a new key_exchange_t object.
*
- * @param group Diffie Hellman group number to use
+ * @param ke key exchange method to use
* @return object, NULL if not supported
*/
-diffie_hellman_t *openssl_x_diffie_hellman_create(diffie_hellman_group_t group);
+key_exchange_t *openssl_x_diffie_hellman_create(key_exchange_method_t ke);
#endif /** OPENSSL_X_DIFFIE_HELLMAN_H_ @}*/
CK_SESSION_HANDLE session;
/**
- * Diffie Hellman group number.
+ * Diffie-Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* Handle for own private value
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_pkcs11_dh_t *this, chunk_t value)
{
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return derive_secret(this, value);
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_pkcs11_dh_t *this, chunk_t *value)
{
*value = chunk_clone(this->pub_key);
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_pkcs11_dh_t *this, chunk_t *secret)
{
if (!this->secret.ptr)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_pkcs11_dh_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_pkcs11_dh_t *this)
{
this->lib->f->C_CloseSession(this->session);
/**
* Generic internal constructor
*/
-static private_pkcs11_dh_t *create_generic(diffie_hellman_group_t group,
+static private_pkcs11_dh_t *create_generic(key_exchange_method_t group,
CK_MECHANISM_TYPE key,
CK_MECHANISM_TYPE derive)
{
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
return this;
}
-static pkcs11_dh_t *create_ecp(diffie_hellman_group_t group, chunk_t ecparam)
+static pkcs11_dh_t *create_ecp(key_exchange_method_t group, chunk_t ecparam)
{
private_pkcs11_dh_t *this = create_generic(group, CKM_EC_KEY_PAIR_GEN,
CKM_ECDH1_DERIVE);
/**
* Constructor for MODP DH
*/
-static pkcs11_dh_t *create_modp(diffie_hellman_group_t group, size_t exp_len,
+static pkcs11_dh_t *create_modp(key_exchange_method_t group, size_t exp_len,
chunk_t g, chunk_t p)
{
private_pkcs11_dh_t *this = create_generic(group, CKM_DH_PKCS_KEY_PAIR_GEN,
/**
* Lookup the EC params for the given group.
*/
-static chunk_t ecparams_lookup(diffie_hellman_group_t group)
+static chunk_t ecparams_lookup(key_exchange_method_t group)
{
switch (group)
{
/**
* Described in header.
*/
-pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group, ...)
+pkcs11_dh_t *pkcs11_dh_create(key_exchange_method_t group, ...)
{
switch (group)
{
struct pkcs11_dh_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new pkcs11_dh_t object.
*
- * @param group Diffie Hellman group number to use
+ * @param group Diffie-Hellman group number to use
* @param ... expects generator and prime as chunk_t if MODP_CUSTOM
* @return pkcs11_dh_t object, NULL if not supported
*/
-pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group, ...);
+pkcs11_dh_t *pkcs11_dh_create(key_exchange_method_t group, ...);
#endif /** PKCS11_DH_H_ @}*/
PLUGIN_PROVIDE(HASHER, HASH_SHA512),
};
static plugin_feature_t f_dh[] = {
- PLUGIN_REGISTER(DH, pkcs11_dh_create),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_PROVIDE(DH, MODP_6144_BIT),
- PLUGIN_PROVIDE(DH, MODP_8192_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_160),
- PLUGIN_PROVIDE(DH, MODP_768_BIT),
- PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_REGISTER(KE, pkcs11_dh_create),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_224),
+ PLUGIN_PROVIDE(KE, MODP_2048_256),
+ PLUGIN_PROVIDE(KE, MODP_1536_BIT),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
+ PLUGIN_PROVIDE(KE, MODP_4096_BIT),
+ PLUGIN_PROVIDE(KE, MODP_6144_BIT),
+ PLUGIN_PROVIDE(KE, MODP_8192_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_160),
+ PLUGIN_PROVIDE(KE, MODP_768_BIT),
+ PLUGIN_PROVIDE(KE, MODP_CUSTOM),
};
static plugin_feature_t f_ecdh[] = {
- PLUGIN_REGISTER(DH, pkcs11_dh_create),
- PLUGIN_PROVIDE(DH, ECP_192_BIT),
- PLUGIN_PROVIDE(DH, ECP_224_BIT),
- PLUGIN_PROVIDE(DH, ECP_256_BIT),
- PLUGIN_PROVIDE(DH, ECP_384_BIT),
- PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_REGISTER(KE, pkcs11_dh_create),
+ PLUGIN_PROVIDE(KE, ECP_192_BIT),
+ PLUGIN_PROVIDE(KE, ECP_224_BIT),
+ PLUGIN_PROVIDE(KE, ECP_256_BIT),
+ PLUGIN_PROVIDE(KE, ECP_384_BIT),
+ PLUGIN_PROVIDE(KE, ECP_521_BIT),
};
static plugin_feature_t f_rng[] = {
PLUGIN_REGISTER(RNG, pkcs11_rng_create),
"XOF",
"KDF",
"DRBG",
- "DH",
+ "KE",
"RNG",
"NONCE_GEN",
"PRIVKEY",
case FEATURE_DRBG:
data = chunk_from_thing(feature->arg.drbg);
break;
- case FEATURE_DH:
- data = chunk_from_thing(feature->arg.dh_group);
+ case FEATURE_KE:
+ data = chunk_from_thing(feature->arg.ke);
break;
case FEATURE_PRIVKEY:
data = chunk_from_thing(feature->arg.privkey);
return a->arg.kdf == b->arg.kdf;
case FEATURE_DRBG:
return a->arg.drbg == b->arg.drbg;
- case FEATURE_DH:
- return a->arg.dh_group == b->arg.dh_group;
+ case FEATURE_KE:
+ return a->arg.ke == b->arg.ke;
case FEATURE_RNG:
return a->arg.rng_quality <= b->arg.rng_quality;
case FEATURE_NONCE_GEN:
case FEATURE_XOF:
case FEATURE_KDF:
case FEATURE_DRBG:
- case FEATURE_DH:
+ case FEATURE_KE:
case FEATURE_NONCE_GEN:
case FEATURE_RESOLVER:
case FEATURE_PRIVKEY:
return str;
}
break;
- case FEATURE_DH:
+ case FEATURE_KE:
if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
- diffie_hellman_group_names, feature->arg.dh_group) > 0)
+ key_exchange_method_names, feature->arg.ke) > 0)
{
return str;
}
lib->crypto->add_drbg(lib->crypto, feature->arg.drbg,
name, reg->arg.reg.f);
break;
- case FEATURE_DH:
- lib->crypto->add_dh(lib->crypto, feature->arg.dh_group,
+ case FEATURE_KE:
+ lib->crypto->add_ke(lib->crypto, feature->arg.ke,
name, reg->arg.reg.f);
break;
case FEATURE_RNG:
case FEATURE_DRBG:
lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f);
break;
- case FEATURE_DH:
- lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f);
+ case FEATURE_KE:
+ lib->crypto->remove_ke(lib->crypto, reg->arg.reg.f);
break;
case FEATURE_RNG:
lib->crypto->remove_rng(lib->crypto, reg->arg.reg.f);
FEATURE_KDF,
/** drbg_t */
FEATURE_DRBG,
- /** diffie_hellman_t */
- FEATURE_DH,
+ /** key_exchange_t */
+ FEATURE_KE,
/** rng_t */
FEATURE_RNG,
/** nonce_gen_t */
drbg_type_t drbg;
/** FEATURE_HASHER */
hash_algorithm_t hasher;
- /** FEATURE_DH */
- diffie_hellman_group_t dh_group;
+ /** FEATURE_KE */
+ key_exchange_method_t ke;
/** FEATURE_RNG */
rng_quality_t rng_quality;
/** FEATURE_PRIVKEY */
#define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg)
#define _PLUGIN_FEATURE_KDF(kind, alg) __PLUGIN_FEATURE(kind, KDF, .kdf = alg)
#define _PLUGIN_FEATURE_DRBG(kind, type) __PLUGIN_FEATURE(kind, DRBG, .drbg = type)
-#define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group)
+#define _PLUGIN_FEATURE_KE(kind, method) __PLUGIN_FEATURE(kind, KE, .ke = method)
#define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality)
#define _PLUGIN_FEATURE_NONCE_GEN(kind, ...) __PLUGIN_FEATURE(kind, NONCE_GEN, .custom = NULL)
#define _PLUGIN_FEATURE_PRIVKEY(kind, type) __PLUGIN_FEATURE(kind, PRIVKEY, .privkey = type)
#define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_KDF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_DRBG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
-#define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_KE(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_NONCE_GEN(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_PRIVKEY(type, f, final) __PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final)
TEST_VECTOR_RNG(rng_runs_2)
TEST_VECTOR_RNG(rng_runs_3)
-TEST_VECTOR_DH(modp768)
-TEST_VECTOR_DH(modp1024)
-TEST_VECTOR_DH(modp1536)
-TEST_VECTOR_DH(modp2048)
-TEST_VECTOR_DH(modp3072)
-TEST_VECTOR_DH(modp4096)
-TEST_VECTOR_DH(modp6144)
-TEST_VECTOR_DH(modp8192)
-TEST_VECTOR_DH(modp1024_160)
-TEST_VECTOR_DH(modp2048_224)
-TEST_VECTOR_DH(modp2048_256)
-TEST_VECTOR_DH(ecp192)
-TEST_VECTOR_DH(ecp224)
-TEST_VECTOR_DH(ecp256)
-TEST_VECTOR_DH(ecp384)
-TEST_VECTOR_DH(ecp521)
-TEST_VECTOR_DH(ecp224bp)
-TEST_VECTOR_DH(ecp256bp)
-TEST_VECTOR_DH(ecp384bp)
-TEST_VECTOR_DH(ecp512bp)
-TEST_VECTOR_DH(curve25519_1)
-TEST_VECTOR_DH(curve25519_2)
-TEST_VECTOR_DH(curve448_1)
+TEST_VECTOR_KE(modp768)
+TEST_VECTOR_KE(modp1024)
+TEST_VECTOR_KE(modp1536)
+TEST_VECTOR_KE(modp2048)
+TEST_VECTOR_KE(modp3072)
+TEST_VECTOR_KE(modp4096)
+TEST_VECTOR_KE(modp6144)
+TEST_VECTOR_KE(modp8192)
+TEST_VECTOR_KE(modp1024_160)
+TEST_VECTOR_KE(modp2048_224)
+TEST_VECTOR_KE(modp2048_256)
+TEST_VECTOR_KE(ecp192)
+TEST_VECTOR_KE(ecp224)
+TEST_VECTOR_KE(ecp256)
+TEST_VECTOR_KE(ecp384)
+TEST_VECTOR_KE(ecp521)
+TEST_VECTOR_KE(ecp224bp)
+TEST_VECTOR_KE(ecp256bp)
+TEST_VECTOR_KE(ecp384bp)
+TEST_VECTOR_KE(ecp512bp)
+TEST_VECTOR_KE(curve25519_1)
+TEST_VECTOR_KE(curve25519_2)
+TEST_VECTOR_KE(curve448_1)
/**
* From RFC 7748
*/
-dh_test_vector_t curve25519_1 = {
- .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
+ke_test_vector_t curve25519_1 = {
+ .method = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
.priv_a = "\x77\x07\x6d\x0a\x73\x18\xa5\x7d\x3c\x16\xc1\x72\x51\xb2\x66\x45"
"\xdf\x4c\x2f\x87\xeb\xc0\x99\x2a\xb1\x77\xfb\xa5\x1d\xb9\x2c\x2a",
.priv_b = "\x5d\xab\x08\x7e\x62\x4a\x8a\x4b\x79\xe1\x7f\x8b\x83\x80\x0e\xe6"
/**
* From RFC 8031
*/
-dh_test_vector_t curve25519_2 = {
- .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
+ke_test_vector_t curve25519_2 = {
+ .method = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
.priv_a = "\x75\x1f\xb4\x30\x86\x55\xb4\x76\xb6\x78\x9b\x73\x25\xf9\xea\x8c"
"\xdd\xd1\x6a\x58\x53\x3f\xf6\xd9\xe6\x00\x09\x46\x4a\x5f\x9d\x94",
.priv_b = "\x0a\x54\x64\x52\x53\x29\x0d\x60\xdd\xad\xd0\xe0\x30\xba\xcd\x9e"
/**
* From RFC 7748
*/
-dh_test_vector_t curve448_1 = {
- .group = CURVE_448, .priv_len = 56, .pub_len = 56, .shared_len = 56,
+ke_test_vector_t curve448_1 = {
+ .method = CURVE_448, .priv_len = 56, .pub_len = 56, .shared_len = 56,
.priv_a = "\x9a\x8f\x49\x25\xd1\x51\x9f\x57\x75\xcf\x46\xb0\x4b\x58\x00\xd4"
"\xee\x9e\xe8\xba\xe8\xbc\x55\x65\xd4\x98\xc2\x8d\xd9\xc9\xba\xf5"
"\x74\xa9\x41\x97\x44\x89\x73\x91\x00\x63\x82\xa6\xf1\x27\xab\x1d"
* Test vectors from RFC5114
*/
-dh_test_vector_t ecp192 = {
- .group = ECP_192_BIT, .priv_len = 24, .pub_len = 48, .shared_len = 24,
+ke_test_vector_t ecp192 = {
+ .method = ECP_192_BIT, .priv_len = 24, .pub_len = 48, .shared_len = 24,
.priv_a = "\x32\x3f\xa3\x16\x9d\x8e\x9c\x65\x93\xf5\x94\x76\xbc\x14\x20\x00"
"\xab\x5b\xe0\xe2\x49\xc4\x34\x26",
.priv_b = "\x63\x1f\x95\xbb\x4a\x67\x63\x2c\x9c\x47\x6e\xee\x9a\xb6\x95\xab"
"\xe5\xff\x4f\x83\x7f\x54\xfe\xbe",
};
-dh_test_vector_t ecp224 = {
- .group = ECP_224_BIT, .priv_len = 28, .pub_len = 56, .shared_len = 28,
+ke_test_vector_t ecp224 = {
+ .method = ECP_224_BIT, .priv_len = 28, .pub_len = 56, .shared_len = 28,
.priv_a = "\xb5\x58\xeb\x6c\x28\x8d\xa7\x07\xbb\xb4\xf8\xfb\xae\x2a\xb9\xe9"
"\xcb\x62\xe3\xbc\x5c\x75\x73\xe2\x2e\x26\xd3\x7f",
.priv_b = "\xac\x3b\x1a\xdd\x3d\x97\x70\xe6\xf6\xa7\x08\xee\x9f\x3b\x8e\x0a"
"\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa",
};
-dh_test_vector_t ecp256 = {
- .group = ECP_256_BIT, .priv_len = 32, .pub_len = 64, .shared_len = 32,
+ke_test_vector_t ecp256 = {
+ .method = ECP_256_BIT, .priv_len = 32, .pub_len = 64, .shared_len = 32,
.priv_a = "\x81\x42\x64\x14\x5f\x2f\x56\xf2\xe9\x6a\x8e\x33\x7a\x12\x84\x99"
"\x3f\xaf\x43\x2a\x5a\xbc\xe5\x9e\x86\x7b\x72\x91\xd5\x07\xa3\xaf",
.priv_b = "\x2c\xe1\x78\x8e\xc1\x97\xe0\x96\xdb\x95\xa2\x00\xcc\x0a\xb2\x6a"
"\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88",
};
-dh_test_vector_t ecp384 = {
- .group = ECP_384_BIT, .priv_len = 48, .pub_len = 96, .shared_len = 48,
+ke_test_vector_t ecp384 = {
+ .method = ECP_384_BIT, .priv_len = 48, .pub_len = 96, .shared_len = 48,
.priv_a = "\xd2\x73\x35\xea\x71\x66\x4a\xf2\x44\xdd\x14\xe9\xfd\x12\x60\x71"
"\x5d\xfd\x8a\x79\x65\x57\x1c\x48\xd7\x09\xee\x7a\x79\x62\xa1\x56"
"\xd7\x06\xa9\x0c\xbc\xb5\xdf\x29\x86\xf0\x5f\xea\xdb\x93\x76\xf1",
"\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e",
};
-dh_test_vector_t ecp521 = {
- .group = ECP_521_BIT, .priv_len = 66, .pub_len = 132, .shared_len = 66,
+ke_test_vector_t ecp521 = {
+ .method = ECP_521_BIT, .priv_len = 66, .pub_len = 132, .shared_len = 66,
.priv_a = "\x01\x13\xf8\x2d\xa8\x25\x73\x5e\x3d\x97\x27\x66\x83\xb2\xb7\x42"
"\x77\xba\xd2\x73\x35\xea\x71\x66\x4a\xf2\x43\x0c\xc4\xf3\x34\x59"
"\xb9\x66\x9e\xe7\x8b\x3f\xfb\x9b\x86\x83\x01\x5d\x34\x4d\xcb\xfe"
* Test vectors from RFC6923/RFC7027
*/
-dh_test_vector_t ecp224bp = {
- .group = ECP_224_BP, .priv_len = 28, .pub_len = 56, .shared_len = 28,
+ke_test_vector_t ecp224bp = {
+ .method = ECP_224_BP, .priv_len = 28, .pub_len = 56, .shared_len = 28,
.priv_a = "\x7c\x4b\x7a\x2c\x8a\x4b\xad\x1f\xbb\x7d\x79\xcc\x09\x55\xdb\x7c"
"\x6a\x46\x60\xca\x64\xcc\x47\x78\x15\x9b\x49\x5e",
.priv_b = "\x63\x97\x6d\x4a\xae\x6c\xd0\xf6\xdd\x18\xde\xfe\xf5\x5d\x96\x56"
"\xdc\xcb\xe3\xb6\x5d\x0f\x96\x7d\xca\xb5\x74\xeb",
};
-dh_test_vector_t ecp256bp = {
- .group = ECP_256_BP, .priv_len = 32, .pub_len = 64, .shared_len = 32,
+ke_test_vector_t ecp256bp = {
+ .method = ECP_256_BP, .priv_len = 32, .pub_len = 64, .shared_len = 32,
.priv_a = "\x81\xdb\x1e\xe1\x00\x15\x0f\xf2\xea\x33\x8d\x70\x82\x71\xbe\x38"
"\x30\x0c\xb5\x42\x41\xd7\x99\x50\xf7\x7b\x06\x30\x39\x80\x4f\x1d",
.priv_b = "\x55\xe4\x0b\xc4\x1e\x37\xe3\xe2\xad\x25\xc3\xc6\x65\x45\x11\xff"
"\xf9\x65\x56\xec\x91\xe6\xae\x79\x39\xbc\xe3\x1f\x3a\x18\xbf\x2b",
};
-dh_test_vector_t ecp384bp = {
- .group = ECP_384_BP, .priv_len = 48, .pub_len = 96, .shared_len = 48,
+ke_test_vector_t ecp384bp = {
+ .method = ECP_384_BP, .priv_len = 48, .pub_len = 96, .shared_len = 48,
.priv_a = "\x1e\x20\xf5\xe0\x48\xa5\x88\x6f\x1f\x15\x7c\x74\xe9\x1b\xde\x2b"
"\x98\xc8\xb5\x2d\x58\xe5\x00\x3d\x57\x05\x3f\xc4\xb0\xbd\x65\xd6"
"\xf1\x5e\xb5\xd1\xee\x16\x10\xdf\x87\x07\x95\x14\x36\x27\xd0\x42",
"\xad\xf6\x40\x37\x15\xc3\x5d\x4f\xb2\xa5\x44\x4f\x57\x5d\x4f\x42",
};
-dh_test_vector_t ecp512bp = {
- .group = ECP_512_BP, .priv_len = 64, .pub_len = 128, .shared_len = 64,
+ke_test_vector_t ecp512bp = {
+ .method = ECP_512_BP, .priv_len = 64, .pub_len = 128, .shared_len = 64,
.priv_a = "\x16\x30\x2f\xf0\xdb\xbb\x5a\x8d\x73\x3d\xab\x71\x41\xc1\xb4\x5a"
"\xcb\xc8\x71\x59\x39\x67\x7f\x6a\x56\x85\x0a\x38\xbd\x87\xbd\x59"
"\xb0\x9e\x80\x27\x96\x09\xff\x33\x3e\xb9\xd4\xc0\x61\x23\x1f\xb2"
* these have been generated.
*/
-dh_test_vector_t modp768 = {
- .group = MODP_768_BIT, .priv_len = 32, .pub_len = 96, .shared_len = 96,
+ke_test_vector_t modp768 = {
+ .method = MODP_768_BIT, .priv_len = 32, .pub_len = 96, .shared_len = 96,
.priv_a = "\x60\x91\xff\xc6\xde\x28\xc1\xcc\xc7\xc6\x5d\xa6\x11\xab\xfa\xe8"
"\x6a\x10\x74\xb2\x22\x43\xe3\x70\x6c\xb6\xde\x2f\xe2\x9d\x11\x42",
.priv_b = "\x76\xe0\x2f\xc3\xea\xbe\x6a\x0f\xce\xd6\xc3\x1e\x59\x45\xd1\x67"
"\x3d\xaa\xad\x22\xe8\x68\xb7\xe2\x50\x02\x9d\x30\x7e\xe5\x41\x48",
};
-dh_test_vector_t modp1024 = {
- .group = MODP_1024_BIT, .priv_len = 32, .pub_len = 128, .shared_len = 128,
+ke_test_vector_t modp1024 = {
+ .method = MODP_1024_BIT, .priv_len = 32, .pub_len = 128, .shared_len = 128,
.priv_a = "\xe5\x3c\x20\x5d\xa0\xd8\xe4\xbf\xb4\x17\x49\x44\x32\x0f\xc6\xe4"
"\xea\x66\xfe\x44\xe3\xc9\x31\xac\x5d\xa1\x45\x0a\xea\x47\xeb\xcf",
.priv_b = "\x7f\x9a\xf7\x21\xeb\x7c\xd2\xa9\x00\xa3\x6e\x39\x9e\xbc\x5c\x65"
"\x48\x02\xd7\x4a\x4f\x75\x3b\x29\x4a\x96\x50\x3f\x26\x05\xd3\xf1",
};
-dh_test_vector_t modp1536 = {
- .group = MODP_1536_BIT, .priv_len = 32, .pub_len = 192, .shared_len = 192,
+ke_test_vector_t modp1536 = {
+ .method = MODP_1536_BIT, .priv_len = 32, .pub_len = 192, .shared_len = 192,
.priv_a = "\x22\xd9\xdc\xc7\x30\x79\x93\x6a\x85\x8c\x07\xaa\x85\xed\x07\xb3"
"\xd1\xe8\xb6\x70\xe7\xca\xaf\xa1\x92\x83\x76\x96\x07\x0f\xef\x29",
.priv_b = "\x32\x34\x74\xde\x77\x88\xe0\x03\x6b\x30\x95\x49\x56\x0b\x00\x0d"
"\x38\x1b\x1e\x5b\x7a\xa5\xd0\x9a\xb6\x6b\x74\x99\x7c\xba\xed\x20",
};
-dh_test_vector_t modp2048 = {
- .group = MODP_2048_BIT, .priv_len = 48, .pub_len = 256, .shared_len = 256,
+ke_test_vector_t modp2048 = {
+ .method = MODP_2048_BIT, .priv_len = 48, .pub_len = 256, .shared_len = 256,
.priv_a = "\xaf\x3b\xfd\x38\x62\xca\xa1\x17\x74\xce\x2b\x74\x84\x08\x07\xc1"
"\xde\x5c\xd6\xa7\x61\x9b\xb3\xa0\xc7\xaf\x39\xee\xda\xa6\xeb\x89"
"\xe2\xe9\xc1\x44\xb3\x62\x5b\x27\x31\x87\x9c\xb5\x8f\xa3\x76\x6d",
"\xee\x9c\x12\x15\xdd\x23\x93\xde\x02\xf5\xc1\x76\x7f\x07\x0e\x28",
};
-dh_test_vector_t modp3072 = {
- .group = MODP_3072_BIT, .priv_len = 48, .pub_len = 384, .shared_len = 384,
+ke_test_vector_t modp3072 = {
+ .method = MODP_3072_BIT, .priv_len = 48, .pub_len = 384, .shared_len = 384,
.priv_a = "\x51\xf8\xaa\xb6\x63\x20\x1e\xb2\x86\xba\xd2\x99\x32\xb2\xe5\x8a"
"\x92\x96\xbf\x2a\xa7\x78\x79\xcc\x8c\x64\x29\xd5\xa6\x68\xad\xf7"
"\x60\x57\xad\xc3\x77\xcc\x75\xfd\x86\x47\x96\xb8\xfa\x7b\x42\x8c",
"\xdc\x87\x87\x5b\xe5\x88\xc0\xcd\xee\xee\xfd\x19\xcc\x4f\x1d\x40",
};
-dh_test_vector_t modp4096 = {
- .group = MODP_4096_BIT, .priv_len = 64, .pub_len = 512, .shared_len = 512,
+ke_test_vector_t modp4096 = {
+ .method = MODP_4096_BIT, .priv_len = 64, .pub_len = 512, .shared_len = 512,
.priv_a = "\xab\x69\xbc\xe9\x61\xf9\x8a\xa9\xd5\x91\xe3\xfd\x9a\xbc\x46\xc8"
"\x0d\xde\x39\x02\x84\xf1\x91\x42\xe8\x81\x5a\xb0\x80\x54\x72\x2b"
"\xbd\x2e\x14\x1e\x27\x9e\xc7\xfd\x30\xaa\xfa\xca\x66\x40\x93\x73"
"\x4f\xb9\x39\x02\x12\xb9\xb2\xa3\x5d\x4a\xfa\x17\xb3\xee\xc0\x8a",
};
-dh_test_vector_t modp6144 = {
- .group = MODP_6144_BIT, .priv_len = 64, .pub_len = 768, .shared_len = 768,
+ke_test_vector_t modp6144 = {
+ .method = MODP_6144_BIT, .priv_len = 64, .pub_len = 768, .shared_len = 768,
.priv_a = "\xab\x36\xf0\x65\x7c\x4f\xba\xdc\x2a\x3b\x07\xed\xd1\xc8\xaf\xcb"
"\x42\xaf\xcd\x7f\xf9\x1c\x57\x01\x37\x25\x50\x0d\x89\x42\x9f\x34"
"\x79\x8f\x99\xf5\xde\x53\xd1\x08\x8f\xd9\xf6\x60\xa1\xa5\x2b\xe4"
"\xb8\xd0\xeb\x41\xb6\x7c\xfb\x9d\x9d\xfd\x62\x0e\xb7\x99\xca\x17",
};
-dh_test_vector_t modp8192 = {
- .group = MODP_8192_BIT, .priv_len = 64, .pub_len = 1024, .shared_len = 1024,
+ke_test_vector_t modp8192 = {
+ .method = MODP_8192_BIT, .priv_len = 64, .pub_len = 1024, .shared_len = 1024,
.priv_a = "\xa6\x48\x81\x47\x45\xfe\x1e\xd1\x98\x9b\x75\xba\x6d\xd5\x01\xe4"
"\x4e\x77\x6d\xc9\x97\xa0\xae\x27\x37\x64\x61\xb0\xee\x79\x65\x94"
"\xc2\xe6\xdb\x07\xe5\xf9\xd8\x7d\x94\x4d\x37\x01\x22\x38\xe5\x70"
* Test vectors from RFC5114
*/
-dh_test_vector_t modp1024_160 = {
- .group = MODP_1024_160, .priv_len = 20, .pub_len = 128, .shared_len = 128,
+ke_test_vector_t modp1024_160 = {
+ .method = MODP_1024_160, .priv_len = 20, .pub_len = 128, .shared_len = 128,
.priv_a = "\xB9\xA3\xB3\xAE\x8F\xEF\xC1\xA2\x93\x04\x96\x50\x70\x86\xF8\x45"
"\x5D\x48\x94\x3E",
.priv_b = "\x93\x92\xC9\xF9\xEB\x6A\x7A\x6A\x90\x22\xF7\xD8\x3E\x72\x23\xC6"
"\x16\x7E\xCD\x91\x55\x41\x6F\x46\xF4\x08\xED\x31\xB6\x3C\x6E\x6D",
};
-dh_test_vector_t modp2048_224 = {
- .group = MODP_2048_224, .priv_len = 28, .pub_len = 256, .shared_len = 256,
+ke_test_vector_t modp2048_224 = {
+ .method = MODP_2048_224, .priv_len = 28, .pub_len = 256, .shared_len = 256,
.priv_a = "\x22\xe6\x26\x01\xdb\xff\xd0\x67\x08\xa6\x80\xf7\x47\xf3\x61\xf7"
"\x6d\x8f\x4f\x72\x1a\x05\x48\xe4\x83\x29\x4b\x0c",
.priv_b = "\x4f\xf3\xbc\x96\xc7\xfc\x6a\x6d\x71\xd3\xb3\x63\x80\x0a\x7c\xdf"
"\x7f\xcb\x51\x0b\x69\x98\xff\xd3\xaa\x6d\xe7\x3c\xf9\xf6\x38\x69",
};
-dh_test_vector_t modp2048_256 = {
- .group = MODP_2048_256, .priv_len = 32, .pub_len = 256, .shared_len = 256,
+ke_test_vector_t modp2048_256 = {
+ .method = MODP_2048_256, .priv_len = 32, .pub_len = 256, .shared_len = 256,
.priv_a = "\x08\x81\x38\x2c\xdb\x87\x66\x0c\x6d\xc1\x3e\x61\x49\x38\xd5\xb9"
"\xc8\xb2\xf2\x48\x58\x1c\xc5\xe3\x1b\x35\x45\x43\x97\xfc\xe5\x0e",
.priv_b = "\x7d\x62\xa7\xe3\xef\x36\xde\x61\x7b\x13\xd1\xaf\xb8\x2c\x78\x0d"
#define TEST_VECTOR_KDF(x) extern kdf_test_vector_t x;
#define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x;
#define TEST_VECTOR_RNG(x) extern rng_test_vector_t x;
-#define TEST_VECTOR_DH(x) extern dh_test_vector_t x;
+#define TEST_VECTOR_KE(x) extern ke_test_vector_t x;
#include "test_vectors.h"
#undef TEST_VECTOR_KDF
#undef TEST_VECTOR_DRBG
#undef TEST_VECTOR_RNG
-#undef TEST_VECTOR_DH
+#undef TEST_VECTOR_KE
#define TEST_VECTOR_CRYPTER(x)
#define TEST_VECTOR_AEAD(x)
#define TEST_VECTOR_KDF(x)
#define TEST_VECTOR_DRBG(x)
#define TEST_VECTOR_RNG(x)
-#define TEST_VECTOR_DH(x)
+#define TEST_VECTOR_KE(x)
/* create test vector arrays */
#undef TEST_VECTOR_CRYPTER
#undef TEST_VECTOR_RNG
#define TEST_VECTOR_RNG(x)
-#undef TEST_VECTOR_DH
-#define TEST_VECTOR_DH(x) &x,
-static dh_test_vector_t *dh[] = {
+#undef TEST_VECTOR_KE
+#define TEST_VECTOR_KE(x) &x,
+static ke_test_vector_t *ke[] = {
#include "test_vectors.h"
};
-#undef TEST_VECTOR_DH
-#define TEST_VECTOR_DH(x)
+#undef TEST_VECTOR_KE
+#define TEST_VECTOR_KE(x)
typedef struct private_test_vectors_plugin_t private_test_vectors_plugin_t;
lib->crypto->add_test_vector(lib->crypto,
RANDOM_NUMBER_GENERATOR, rng[i]);
}
- for (i = 0; i < countof(dh); i++)
+ for (i = 0; i < countof(ke); i++)
{
lib->crypto->add_test_vector(lib->crypto,
- DIFFIE_HELLMAN_GROUP, dh[i]);
+ KEY_EXCHANGE_METHOD, ke[i]);
}
return &this->public.plugin;
wolfssl_diffie_hellman_t public;
/**
- * Diffie Hellman group number.
+ * Diffie-Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
- * Diffie Hellman object
+ * Diffie-Hellman object
*/
DhKey dh;
chunk_t shared_secret;
};
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_wolfssl_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_copy_pad(chunk_alloc(this->len), this->pub, 0x00);
return TRUE;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_wolfssl_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_wolfssl_diffie_hellman_t *this, chunk_t value)
{
word32 len;
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_wolfssl_diffie_hellman_t *this, chunk_t value)
{
bool success = FALSE;
return success;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_wolfssl_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_wolfssl_diffie_hellman_t *this)
{
wc_FreeDhKey(&this->dh);
/**
* Generic internal constructor
*/
-static wolfssl_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+static wolfssl_diffie_hellman_t *create_generic(key_exchange_method_t group,
chunk_t g, chunk_t p)
{
private_wolfssl_diffie_hellman_t *this;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
* Described in header
*/
wolfssl_diffie_hellman_t *wolfssl_diffie_hellman_create(
- diffie_hellman_group_t group, ...)
+ key_exchange_method_t group, ...)
{
diffie_hellman_params_t *params;
chunk_t g, p;
struct wolfssl_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new wolfssl_diffie_hellman_t object.
*
- * @param group Diffie Hellman group number to use
+ * @param group Diffie-Hellman group number to use
* @param ... expects generator and prime as chunk_t if MODP_CUSTOM
* @return wolfssl_diffie_hellman_t object, NULL if not supported
*/
wolfssl_diffie_hellman_t *wolfssl_diffie_hellman_create(
- diffie_hellman_group_t group, ...);
+ key_exchange_method_t group, ...);
#endif /** WOLFSSL_PLUGIN_DIFFIE_HELLMAN_H_ @}*/
/**
* Diffie Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* EC curve id for creating keys
return success;
}
-METHOD(diffie_hellman_t, set_other_public_value, bool,
+METHOD(key_exchange_t, set_public_key, bool,
private_wolfssl_ec_diffie_hellman_t *this, chunk_t value)
{
ecc_point *pub_key;
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
return TRUE;
}
-METHOD(diffie_hellman_t, get_my_public_value, bool,
+METHOD(key_exchange_t, get_public_key, bool,
private_wolfssl_ec_diffie_hellman_t *this,chunk_t *value)
{
return ecp2chunk(this->keysize, &this->key.pubkey, value, FALSE);
}
-METHOD(diffie_hellman_t, set_private_value, bool,
+METHOD(key_exchange_t, set_private_key, bool,
private_wolfssl_ec_diffie_hellman_t *this, chunk_t value)
{
bool success = FALSE;
return success;
}
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_wolfssl_ec_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_wolfssl_ec_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_wolfssl_ec_diffie_hellman_t *this)
{
wc_ecc_free(&this->key);
/*
* Described in header
*/
-wolfssl_ec_diffie_hellman_t *wolfssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
+wolfssl_ec_diffie_hellman_t *wolfssl_ec_diffie_hellman_create(key_exchange_method_t group)
{
private_wolfssl_ec_diffie_hellman_t *this;
WC_RNG rng;
INIT(this,
.public = {
- .dh = {
+ .ke = {
.get_shared_secret = _get_shared_secret,
- .set_other_public_value = _set_other_public_value,
- .get_my_public_value = _get_my_public_value,
- .set_private_value = _set_private_value,
- .get_dh_group = _get_dh_group,
+ .set_public_key = _set_public_key,
+ .get_public_key = _get_public_key,
+ .set_private_key = _set_private_key,
+ .get_method = _get_method,
.destroy = _destroy,
},
},
struct wolfssl_ec_diffie_hellman_t {
/**
- * Implements diffie_hellman_t interface.
+ * Implements key_exchange_t interface.
*/
- diffie_hellman_t dh;
+ key_exchange_t ke;
};
/**
* Creates a new wolfssl_ec_diffie_hellman_t object.
*
- * @param group EC Diffie Hellman group number to use
+ * @param group EC Diffie-Hellman group number to use
* @return wolfssl_ec_diffie_hellman_t object, NULL if not
* supported
*/
wolfssl_ec_diffie_hellman_t *wolfssl_ec_diffie_hellman_create(
- diffie_hellman_group_t group);
+ key_exchange_method_t group);
#endif /** WOLFSSL_PLUGIN_EC_DIFFIE_HELLMAN_H_ @}*/
#endif
#ifdef HAVE_ECC_DHE
/* EC DH groups */
- PLUGIN_REGISTER(DH, wolfssl_ec_diffie_hellman_create),
+ PLUGIN_REGISTER(KE, wolfssl_ec_diffie_hellman_create),
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256)
- PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(KE, ECP_256_BIT),
#endif
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384)
- PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(KE, ECP_384_BIT),
#endif
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 521)
- PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_PROVIDE(KE, ECP_521_BIT),
#endif
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224)
- PLUGIN_PROVIDE(DH, ECP_224_BIT),
+ PLUGIN_PROVIDE(KE, ECP_224_BIT),
#endif
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 192)
- PLUGIN_PROVIDE(DH, ECP_192_BIT),
+ PLUGIN_PROVIDE(KE, ECP_192_BIT),
#endif
#ifdef HAVE_ECC_BRAINPOOL
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256)
- PLUGIN_PROVIDE(DH, ECP_256_BP),
+ PLUGIN_PROVIDE(KE, ECP_256_BP),
#endif
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384)
- PLUGIN_PROVIDE(DH, ECP_384_BP),
+ PLUGIN_PROVIDE(KE, ECP_384_BP),
#endif
#if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 512)
- PLUGIN_PROVIDE(DH, ECP_512_BP),
+ PLUGIN_PROVIDE(KE, ECP_512_BP),
#endif
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
(!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224)
- PLUGIN_PROVIDE(DH, ECP_224_BP),
+ PLUGIN_PROVIDE(KE, ECP_224_BP),
#endif
#endif
#endif /* HAVE_ECC_DHE */
#ifndef NO_DH
/* MODP DH groups */
- PLUGIN_REGISTER(DH, wolfssl_diffie_hellman_create),
+ PLUGIN_REGISTER(KE, wolfssl_diffie_hellman_create),
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2)
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(KE, MODP_3072_BIT),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2)
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(KE, MODP_4096_BIT),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2)
- PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(KE, MODP_6144_BIT),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2)
- PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(KE, MODP_8192_BIT),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2)
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_PROVIDE(KE, MODP_2048_224),
+ PLUGIN_PROVIDE(KE, MODP_2048_256),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2)
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1536_BIT),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2)
- PLUGIN_PROVIDE(DH, MODP_1024_BIT),
- PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(KE, MODP_1024_BIT),
+ PLUGIN_PROVIDE(KE, MODP_1024_160),
#endif
#if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2)
- PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(KE, MODP_768_BIT),
#endif
- PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_PROVIDE(KE, MODP_CUSTOM),
#endif /* NO_DH */
#ifndef NO_RSA
/* RSA private/public key loading */
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC */
#if defined (HAVE_CURVE25519) || defined(HAVE_CURVE448)
- PLUGIN_REGISTER(DH, wolfssl_x_diffie_hellman_create),
+ PLUGIN_REGISTER(KE, wolfssl_x_diffie_hellman_create),
#ifdef HAVE_CURVE25519
- PLUGIN_PROVIDE(DH, CURVE_25519),
+ PLUGIN_PROVIDE(KE, CURVE_25519),
#endif
#ifdef HAVE_CURVE448
- PLUGIN_PROVIDE(DH, CURVE_448),
+ PLUGIN_PROVIDE(KE, CURVE_448),
#endif
#endif /* HAVE_CURVE25519 || HAVE_CURVE448 */
#if defined(HAVE_ED25519) || defined(HAVE_ED448)
* Private data
*/
struct private_diffie_hellman_t {
+
/**
* Public interface.
*/
- diffie_hellman_t public;
+ key_exchange_t public;
/**
* Diffie Hellman group number.
*/
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
/**
* Private (public) key
#ifdef HAVE_CURVE25519
-METHOD(diffie_hellman_t, set_other_public_value_25519, bool,
+METHOD(key_exchange_t, set_public_key_25519, bool,
private_diffie_hellman_t *this, chunk_t value)
{
word32 len = CURVE25519_KEYSIZE;
curve25519_key pub;
int ret;
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
if (ret != 0)
{
DBG1(DBG_LIB, "%N public key initialization failed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->group);
return FALSE;
}
if (ret != 0)
{
DBG1(DBG_LIB, "%N public value is malformed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->group);
return FALSE;
}
this->shared_secret.ptr, &len, EC25519_LITTLE_ENDIAN) != 0)
{
DBG1(DBG_LIB, "%N shared secret computation failed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->group);
chunk_clear(&this->shared_secret);
wc_curve25519_free(&pub);
return FALSE;
return TRUE;
}
-METHOD(diffie_hellman_t, get_my_public_value_25519, bool,
+METHOD(key_exchange_t, get_public_key_25519, bool,
private_diffie_hellman_t *this, chunk_t *value)
{
word32 len = CURVE25519_KEYSIZE;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value_25519, bool,
+METHOD(key_exchange_t, set_private_key_25519, bool,
private_diffie_hellman_t *this, chunk_t value)
{
curve25519_key pub;
#ifdef HAVE_CURVE448
-METHOD(diffie_hellman_t, set_other_public_value_448, bool,
+METHOD(key_exchange_t, set_public_key_448, bool,
private_diffie_hellman_t *this, chunk_t value)
{
word32 len = CURVE448_KEY_SIZE;
curve448_key pub;
int ret;
- if (!diffie_hellman_verify_value(this->group, value))
+ if (!key_exchange_verify_pubkey(this->group, value))
{
return FALSE;
}
if (ret != 0)
{
DBG1(DBG_LIB, "%N public key initialization failed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->group);
return FALSE;
}
if (ret != 0)
{
DBG1(DBG_LIB, "%N public value is malformed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->group);
return FALSE;
}
this->shared_secret.ptr, &len, EC448_LITTLE_ENDIAN) != 0)
{
DBG1(DBG_LIB, "%N shared secret computation failed",
- diffie_hellman_group_names, this->group);
+ key_exchange_method_names, this->group);
chunk_clear(&this->shared_secret);
wc_curve448_free(&pub);
return FALSE;
return TRUE;
}
-METHOD(diffie_hellman_t, get_my_public_value_448, bool,
+METHOD(key_exchange_t, get_public_key_448, bool,
private_diffie_hellman_t *this, chunk_t *value)
{
word32 len = CURVE448_KEY_SIZE;
return TRUE;
}
-METHOD(diffie_hellman_t, set_private_value_448, bool,
+METHOD(key_exchange_t, set_private_key_448, bool,
private_diffie_hellman_t *this, chunk_t value)
{
curve448_key pub;
#endif /* HAVE_CURVE448 */
-METHOD(diffie_hellman_t, get_shared_secret, bool,
+METHOD(key_exchange_t, get_shared_secret, bool,
private_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->shared_secret.len)
return TRUE;
}
-METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+METHOD(key_exchange_t, get_method, key_exchange_method_t,
private_diffie_hellman_t *this)
{
return this->group;
}
-METHOD(diffie_hellman_t, destroy, void,
+METHOD(key_exchange_t, destroy, void,
private_diffie_hellman_t *this)
{
if (this->group == CURVE_25519)
/*
* Described in header
*/
-diffie_hellman_t *wolfssl_x_diffie_hellman_create(diffie_hellman_group_t group)
+key_exchange_t *wolfssl_x_diffie_hellman_create(key_exchange_method_t group)
{
private_diffie_hellman_t *this;
WC_RNG rng;
INIT(this,
.public = {
.get_shared_secret = _get_shared_secret,
- .get_dh_group = _get_dh_group,
+ .get_method = _get_method,
.destroy = _destroy,
},
.group = group,
if (group == CURVE_25519)
{
#ifdef HAVE_CURVE25519
- this->public.set_other_public_value = _set_other_public_value_25519;
- this->public.get_my_public_value = _get_my_public_value_25519;
- this->public.set_private_value = _set_private_value_25519;
+ this->public.set_public_key = _set_public_key_25519;
+ this->public.get_public_key = _get_public_key_25519;
+ this->public.set_private_key = _set_private_key_25519;
if (wc_curve25519_init(&this->key.key25519) != 0)
{
else if (group == CURVE_448)
{
#ifdef HAVE_CURVE448
- this->public.set_other_public_value = _set_other_public_value_448;
- this->public.get_my_public_value = _get_my_public_value_448;
- this->public.set_private_value = _set_private_value_448;
+ this->public.set_public_key = _set_public_key_448;
+ this->public.get_public_key = _get_public_key_448;
+ this->public.set_private_key = _set_private_key_448;
if (wc_curve448_init(&this->key.key448) != 0)
{
#include <library.h>
/**
- * Creates a new diffie_hellman_t object.
+ * Creates a new key_exchange_t object.
*
- * @param group Diffie Hellman group number to use
+ * @param group Diffie-Hellman group number to use
* @return object, NULL if not supported
*/
-diffie_hellman_t *wolfssl_x_diffie_hellman_create(diffie_hellman_group_t group);
+key_exchange_t *wolfssl_x_diffie_hellman_create(key_exchange_method_t group);
#endif /** WOLFSSL_PLUGIN_X_DIFFIE_HELLMAN_H_ @}*/
}
END_TEST
-static diffie_hellman_t *dh_create(char *plugin)
+static key_exchange_t *ke_create(char *plugin)
{
- return (diffie_hellman_t*)plugin;
+ return (key_exchange_t*)plugin;
}
-static diffie_hellman_t *dh_create_modp1024(diffie_hellman_group_t group, ...)
+static key_exchange_t *ke_create_modp1024(key_exchange_method_t group, ...)
{
ck_assert(group == MODP_1024_BIT);
- return dh_create("plugin1");
+ return ke_create("plugin1");
}
-static diffie_hellman_t *dh_create_modp1024_second(diffie_hellman_group_t group,
- ...)
+static key_exchange_t *ke_create_modp1024_second(key_exchange_method_t group,
+ ...)
{
ck_assert(group == MODP_1024_BIT);
- return dh_create("plugin2");
+ return ke_create("plugin2");
}
-static diffie_hellman_t *dh_create_modp2048(diffie_hellman_group_t group, ...)
+static key_exchange_t *ke_create_modp2048(key_exchange_method_t group, ...)
{
ck_assert(group == MODP_2048_BIT);
- return dh_create("plugin1");
+ return ke_create("plugin1");
}
-static diffie_hellman_t *dh_create_modp2048_second(diffie_hellman_group_t group,
- ...)
+static key_exchange_t *ke_create_modp2048_second(key_exchange_method_t group,
+ ...)
{
ck_assert(group == MODP_2048_BIT);
- return dh_create("plugin2");
+ return ke_create("plugin2");
}
static struct {
char *exp1024;
char *exp2048;
struct {
- diffie_hellman_group_t g;
- dh_constructor_t create;
+ key_exchange_method_t ke;
+ ke_constructor_t create;
char *plugin;
} data[4];
-} dh_data[] = {
+} ke_data[] = {
{ NULL, NULL, {
{ MODP_NONE, NULL, NULL }
}},
{ "plugin1", NULL, {
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_NONE, NULL, NULL }
}},
{ "plugin1", NULL, {
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
- { MODP_1024_BIT, dh_create_modp1024_second, "plugin2" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
+ { MODP_1024_BIT, ke_create_modp1024_second, "plugin2" },
{ MODP_NONE, NULL, NULL }
}},
{ "plugin2", NULL, {
- { MODP_1024_BIT, dh_create_modp1024_second, "plugin2" },
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
+ { MODP_1024_BIT, ke_create_modp1024_second, "plugin2" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_NONE, NULL, NULL }
}},
{ "plugin1", "plugin1", {
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
- { MODP_2048_BIT, dh_create_modp2048, "plugin1" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
+ { MODP_2048_BIT, ke_create_modp2048, "plugin1" },
{ MODP_NONE, NULL }
}},
{ "plugin1", "plugin1", {
- { MODP_2048_BIT, dh_create_modp2048, "plugin1" },
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
+ { MODP_2048_BIT, ke_create_modp2048, "plugin1" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_NONE, NULL }
}},
{ "plugin1", "plugin1", {
- { MODP_2048_BIT, dh_create_modp2048, "plugin1" },
- { MODP_2048_BIT, dh_create_modp2048_second, "plugin2" },
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
+ { MODP_2048_BIT, ke_create_modp2048, "plugin1" },
+ { MODP_2048_BIT, ke_create_modp2048_second, "plugin2" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_NONE, NULL }
}},
{ "plugin1", "plugin2", {
- { MODP_2048_BIT, dh_create_modp2048_second, "plugin2" },
- { MODP_2048_BIT, dh_create_modp2048, "plugin1" },
- { MODP_1024_BIT, dh_create_modp1024, "plugin1" },
+ { MODP_2048_BIT, ke_create_modp2048_second, "plugin2" },
+ { MODP_2048_BIT, ke_create_modp2048, "plugin1" },
+ { MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_NONE, NULL }
}},
};
-static void verify_dh(crypto_factory_t *factory, diffie_hellman_group_t request,
+static void verify_ke(crypto_factory_t *factory, key_exchange_method_t request,
char *expected)
{
char *plugin;
- plugin = (char*)factory->create_dh(factory, request);
+ plugin = (char*)factory->create_ke(factory, request);
if (!expected)
{
ck_assert(!plugin);
}
}
-START_TEST(test_create_dh)
+START_TEST(test_create_ke)
{
enumerator_t *enumerator;
crypto_factory_t *factory;
- diffie_hellman_group_t group;
+ key_exchange_method_t ke;
char *plugin;
int i, len = 0;
factory = crypto_factory_create();
- for (i = 0; dh_data[_i].data[i].g != MODP_NONE; i++)
+ for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++)
{
- ck_assert(factory->add_dh(factory, dh_data[_i].data[i].g,
- dh_data[_i].data[i].plugin,
- dh_data[_i].data[i].create));
+ ck_assert(factory->add_ke(factory, ke_data[_i].data[i].ke,
+ ke_data[_i].data[i].plugin,
+ ke_data[_i].data[i].create));
}
- verify_dh(factory, MODP_1024_BIT, dh_data[_i].exp1024);
- verify_dh(factory, MODP_2048_BIT, dh_data[_i].exp2048);
+ verify_ke(factory, MODP_1024_BIT, ke_data[_i].exp1024);
+ verify_ke(factory, MODP_2048_BIT, ke_data[_i].exp2048);
- len = countof(dh_data[_i].data);
- enumerator = factory->create_dh_enumerator(factory);
- for (i = 0; enumerator->enumerate(enumerator, &group, &plugin) && i < len;)
+ len = countof(ke_data[_i].data);
+ enumerator = factory->create_ke_enumerator(factory);
+ for (i = 0; enumerator->enumerate(enumerator, &ke, &plugin) && i < len;)
{
- ck_assert_int_eq(dh_data[_i].data[i].g, group);
- while (dh_data[_i].data[i].g == group)
- { /* skip other entries by the same group */
+ ck_assert_int_eq(ke_data[_i].data[i].ke, ke);
+ while (ke_data[_i].data[i].ke == ke)
+ { /* skip other entries of the same method */
i++;
}
- switch (group)
+ switch (ke)
{
case MODP_1024_BIT:
- ck_assert(dh_data[_i].exp1024);
- ck_assert_str_eq(dh_data[_i].exp1024, plugin);
+ ck_assert(ke_data[_i].exp1024);
+ ck_assert_str_eq(ke_data[_i].exp1024, plugin);
break;
case MODP_2048_BIT:
- ck_assert(dh_data[_i].exp2048);
- ck_assert_str_eq(dh_data[_i].exp2048, plugin);
+ ck_assert(ke_data[_i].exp2048);
+ ck_assert_str_eq(ke_data[_i].exp2048, plugin);
break;
default:
- fail("unexpected DH group");
+ fail("unexpected key exchange method");
break;
}
}
ck_assert(!enumerator->enumerate(enumerator));
- ck_assert_int_eq(dh_data[_i].data[i].g, MODP_NONE);
+ ck_assert_int_eq(ke_data[_i].data[i].ke, MODP_NONE);
enumerator->destroy(enumerator);
- for (i = 0; dh_data[_i].data[i].g != MODP_NONE; i++)
+ for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++)
{
- factory->remove_dh(factory, dh_data[_i].data[i].create);
+ factory->remove_ke(factory, ke_data[_i].data[i].create);
}
factory->destroy(factory);
}
tcase_add_loop_test(tc, test_create_rng, 0, countof(rng_data));
suite_add_tcase(s, tc);
- tc = tcase_create("create_dh");
- tcase_add_loop_test(tc, test_create_dh, 0, countof(dh_data));
+ tc = tcase_create("create_ke");
+ tcase_add_loop_test(tc, test_create_ke, 0, countof(ke_data));
suite_add_tcase(s, tc);
return s;
* NTRU parameter sets to test
*/
static struct {
- diffie_hellman_group_t group;
- char *group_name;
+ key_exchange_method_t ke;
+ char *name;
} params[] = {
{ NTRU_112_BIT, "NTRU_112" },
{ NTRU_128_BIT, "NTRU_128" },
START_TEST(test_ntru_ke)
{
chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
- diffie_hellman_t *i_ntru, *r_ntru;
+ key_exchange_t *i_ntru, *r_ntru;
char buf[10];
int k, n, len;
k = (_i) / countof(parameter_sets);
n = (_i) % countof(parameter_sets);
- len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
- params[k].group);
+ len = snprintf(buf, sizeof(buf), "%N", key_exchange_method_names,
+ params[k].ke);
ck_assert(len == 8);
- ck_assert(streq(buf, params[k].group_name));
+ ck_assert(streq(buf, params[k].name));
lib->settings->set_str(lib->settings,
"libstrongswan.plugins.ntru.parameter_set", parameter_sets[n]);
- i_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
+ i_ntru = lib->crypto->create_ke(lib->crypto, params[k].ke);
ck_assert(i_ntru != NULL);
- ck_assert(i_ntru->get_dh_group(i_ntru) == params[k].group);
+ ck_assert(i_ntru->get_method(i_ntru) == params[k].ke);
- ck_assert(i_ntru->get_my_public_value(i_ntru, &pub_key));
+ ck_assert(i_ntru->get_public_key(i_ntru, &pub_key));
ck_assert(pub_key.len > 0);
- r_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
+ r_ntru = lib->crypto->create_ke(lib->crypto, params[k].ke);
ck_assert(r_ntru != NULL);
- ck_assert(r_ntru->set_other_public_value(r_ntru, pub_key));
- ck_assert(r_ntru->get_my_public_value(r_ntru, &cipher_text));
+ ck_assert(r_ntru->set_public_key(r_ntru, pub_key));
+ ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
ck_assert(cipher_text.len > 0);
ck_assert(r_ntru->get_shared_secret(r_ntru, &r_shared_secret));
ck_assert(r_shared_secret.len > 0);
- ck_assert(i_ntru->set_other_public_value(i_ntru, cipher_text));
+ ck_assert(i_ntru->set_public_key(i_ntru, cipher_text));
ck_assert(i_ntru->get_shared_secret(i_ntru, &i_shared_secret));
ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
START_TEST(test_ntru_retransmission)
{
- diffie_hellman_t *i_ntru;
+ key_exchange_t *i_ntru;
chunk_t pub_key1, pub_key2;
- i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
- ck_assert(i_ntru->get_my_public_value(i_ntru, &pub_key1));
- ck_assert(i_ntru->get_my_public_value(i_ntru, &pub_key2));
+ i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_256_BIT);
+ ck_assert(i_ntru->get_public_key(i_ntru, &pub_key1));
+ ck_assert(i_ntru->get_public_key(i_ntru, &pub_key2));
ck_assert(chunk_equals(pub_key1, pub_key2));
chunk_free(&pub_key1);
START_TEST(test_ntru_pubkey_oid)
{
- diffie_hellman_t *r_ntru;
+ key_exchange_t *r_ntru;
chunk_t cipher_text;
- r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
- ck_assert(!r_ntru->set_other_public_value(r_ntru, oid_tests[_i]));
- ck_assert(r_ntru->get_my_public_value(r_ntru, &cipher_text));
+ r_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
+ ck_assert(!r_ntru->set_public_key(r_ntru, oid_tests[_i]));
+ ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
ck_assert(cipher_text.len == 0);
r_ntru->destroy(r_ntru);
}
START_TEST(test_ntru_wrong_set)
{
- diffie_hellman_t *i_ntru, *r_ntru;
+ key_exchange_t *i_ntru, *r_ntru;
chunk_t pub_key, cipher_text;
lib->settings->set_str(lib->settings,
"libstrongswan.plugins.ntru.parameter_set",
"x9_98_bandwidth");
- i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
- ck_assert(i_ntru->get_my_public_value(i_ntru, &pub_key));
+ i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_112_BIT);
+ ck_assert(i_ntru->get_public_key(i_ntru, &pub_key));
lib->settings->set_str(lib->settings,
"libstrongswan.plugins.ntru.parameter_set",
"optimum");
- r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
- ck_assert(!r_ntru->set_other_public_value(r_ntru, pub_key));
- ck_assert(r_ntru->get_my_public_value(r_ntru, &cipher_text));
+ r_ntru = lib->crypto->create_ke(lib->crypto, NTRU_112_BIT);
+ ck_assert(!r_ntru->set_public_key(r_ntru, pub_key));
+ ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
ck_assert(cipher_text.len == 0);
chunk_free(&pub_key);
chunk_create(buf_ff, sizeof(buf_ff)),
};
- diffie_hellman_t *i_ntru;
+ key_exchange_t *i_ntru;
chunk_t pub_key, shared_secret;
int i;
for (i = 0; i < countof(test); i++)
{
- i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
- ck_assert(i_ntru->get_my_public_value(i_ntru, &pub_key));
- ck_assert(!i_ntru->set_other_public_value(i_ntru, test[i]));
+ i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
+ ck_assert(i_ntru->get_public_key(i_ntru, &pub_key));
+ ck_assert(!i_ntru->set_public_key(i_ntru, test[i]));
ck_assert(!i_ntru->get_shared_secret(i_ntru, &shared_secret));
ck_assert(shared_secret.len == 0);
START_TEST(test_ntru_wrong_ciphertext)
{
- diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
+ key_exchange_t *i_ntru, *r_ntru, *m_ntru;
chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
- i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
- r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
- m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
+ r_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
+ m_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
- ck_assert(i_ntru->get_my_public_value(i_ntru, &pub_key_i));
- ck_assert(m_ntru->get_my_public_value(m_ntru, &pub_key_m));
- ck_assert(r_ntru->set_other_public_value(r_ntru, pub_key_m));
- ck_assert(r_ntru->get_my_public_value(r_ntru, &cipher_text));
- ck_assert(!i_ntru->set_other_public_value(i_ntru, cipher_text));
+ ck_assert(i_ntru->get_public_key(i_ntru, &pub_key_i));
+ ck_assert(m_ntru->get_public_key(m_ntru, &pub_key_m));
+ ck_assert(r_ntru->set_public_key(r_ntru, pub_key_m));
+ ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
+ ck_assert(!i_ntru->set_public_key(i_ntru, cipher_text));
ck_assert(!i_ntru->get_shared_secret(i_ntru, &shared_secret));
ck_assert(shared_secret.len == 0);
START_TEST(test_dh_group_mapping)
{
- enum_name_t *e = diffie_hellman_group_names_short;
- diffie_hellman_group_t group;
+ enum_name_t *e = key_exchange_method_names_short;
+ key_exchange_method_t ke;
const proposal_token_t *token;
char *name;
do
{
- for (group = e->first; group <= e->last; group++)
+ for (ke = e->first; ke <= e->last; ke++)
{
- if (group == MODP_CUSTOM)
+ if (ke == MODP_CUSTOM)
{ /* can't be configured */
continue;
}
- name = e->names[group - e->first];
+ name = e->names[ke - e->first];
token = lib->proposal->get_token(lib->proposal, name);
ck_assert_msg(token, "%s can't be mapped", name);
- ck_assert_int_eq(token->type, DIFFIE_HELLMAN_GROUP);
- ck_assert_int_eq(token->algorithm, group);
+ ck_assert_int_eq(token->type, KEY_EXCHANGE_METHOD);
+ ck_assert_int_eq(token->algorithm, ke);
}
}
while ((e = e->next));
{ PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
{ PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL },
- { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", "aes128-sha256", PROPOSAL_SKIP_DH },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", "aes128-sha256", PROPOSAL_SKIP_KE },
{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL },
- { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_DH },
- { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_DH },
- { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-ecp256", "aes128-sha256", PROPOSAL_SKIP_DH },
+ { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-ecp256", "aes128-sha256", PROPOSAL_SKIP_KE },
{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
{ PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
{ "aes256-modp2048", "aes128-modp2048" }, NULL },
{ PROTO_ESP, { "aes128-modp1024", "aes256-modp1024" },
{ "aes256-modp2048", "aes128-modp2048" }, "aes128",
- PROPOSAL_SKIP_DH },
+ PROPOSAL_SKIP_KE },
{ PROTO_ESP, { "aes128-modp1024", "aes256-modp1024" },
{ "aes256-modp2048", "aes128-modp2048" }, "aes256",
- PROPOSAL_PREFER_SUPPLIED | PROPOSAL_SKIP_DH },
+ PROPOSAL_PREFER_SUPPLIED | PROPOSAL_SKIP_KE },
};
START_TEST(test_select_proposal)
}
END_TEST
-START_TEST(test_promote_dh_group)
+START_TEST(test_promote_ke_method)
{
proposal_t *proposal;
proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha256-modp3072-ecp256");
- ck_assert(proposal->promote_dh_group(proposal, ECP_256_BIT));
+ ck_assert(proposal->promote_ke_method(proposal, ECP_256_BIT));
assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/MODP_3072");
proposal->destroy(proposal);
}
END_TEST
-START_TEST(test_promote_dh_group_already_front)
+START_TEST(test_promote_ke_method_already_front)
{
proposal_t *proposal;
proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha256-modp3072-ecp256");
- ck_assert(proposal->promote_dh_group(proposal, MODP_3072_BIT));
+ ck_assert(proposal->promote_ke_method(proposal, MODP_3072_BIT));
assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
proposal->destroy(proposal);
}
END_TEST
-START_TEST(test_promote_dh_group_not_contained)
+START_TEST(test_promote_ke_method_not_contained)
{
proposal_t *proposal;
proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha256-modp3072-ecp256");
- ck_assert(!proposal->promote_dh_group(proposal, MODP_2048_BIT));
+ ck_assert(!proposal->promote_ke_method(proposal, MODP_2048_BIT));
assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
proposal->destroy(proposal);
}
{ PROTO_ESP, "aes128-serpent", "aes128-serpent" },
{ PROTO_ESP, "aes128-serpent", "aes128", PROPOSAL_SKIP_PRIVATE },
{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
- { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_DH },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
{ PROTO_ESP, "aes128-serpent-modp3072", "aes128-serpent",
- PROPOSAL_SKIP_DH },
+ PROPOSAL_SKIP_KE },
{ PROTO_ESP, "aes128-serpent-modp3072", "aes128",
- PROPOSAL_SKIP_PRIVATE | PROPOSAL_SKIP_DH },
+ PROPOSAL_SKIP_PRIVATE | PROPOSAL_SKIP_KE },
};
START_TEST(test_clone)
countof(select_proposal_data));
suite_add_tcase(s, tc);
- tc = tcase_create("promote_dh_group");
- tcase_add_test(tc, test_promote_dh_group);
- tcase_add_test(tc, test_promote_dh_group_already_front);
- tcase_add_test(tc, test_promote_dh_group_not_contained);
+ tc = tcase_create("promote_ke_method");
+ tcase_add_test(tc, test_promote_ke_method);
+ tcase_add_test(tc, test_promote_ke_method_already_front);
+ tcase_add_test(tc, test_promote_ke_method_not_contained);
suite_add_tcase(s, tc);
tc = tcase_create("unknown transform types");
KEY_DERIVATION_FUNCTION,
DETERMINISTIC_RANDOM_BIT_GENERATOR,
RANDOM_NUMBER_GENERATOR,
- DIFFIE_HELLMAN_GROUP,
+ KEY_EXCHANGE_METHOD,
};
START_TEST(test_vectors)
TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
TEST_SUITE_DEPEND(prf_plus_suite_create, KDF, KDF_PRF_PLUS)
-TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
+TEST_SUITE_DEPEND(ntru_suite_create, KE, NTRU_112_BIT)
TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519)
TEST_SUITE_DEPEND(ed448_suite_create, PRIVKEY_GEN, KEY_ED448)
static void test_tls_ke_groups(tls_version_t version, uint16_t port, bool cauth,
u_int i)
{
- diffie_hellman_group_t *groups;
+ key_exchange_method_t *groups;
char curve[128];
int count;
count = tls_crypto_get_supported_groups(&groups);
ck_assert(i < count);
- snprintf(curve, sizeof(curve), "%N", diffie_hellman_group_names_short,
+ snprintf(curve, sizeof(curve), "%N", key_exchange_method_names_short,
groups[i]);
lib->settings->set_str(lib->settings, "%s.tls.ke_group", curve, lib->ns);
typedef struct {
tls_cipher_suite_t suite;
key_type_t key;
- diffie_hellman_group_t dh;
+ key_exchange_method_t dh;
hash_algorithm_t hash;
pseudo_random_function_t prf;
integrity_algorithm_t mac;
if (current.dh && current.dh != suites[i].dh)
{
if (suites[i].dh != MODP_NONE &&
- !(diffie_hellman_group_is_ec(current.dh) &&
- diffie_hellman_group_is_ec(suites[i].dh)))
+ !(key_exchange_is_ecdh(current.dh) &&
+ key_exchange_is_ecdh(suites[i].dh)))
{ /* skip DH group, does not match nor NONE nor both ECDH */
continue;
}
while (enumerator->enumerate(enumerator, &token))
{
if (strcaseeq(token, "ecdhe-ecdsa") &&
- diffie_hellman_group_is_ec(suites[i].dh) &&
+ key_exchange_is_ecdh(suites[i].dh) &&
suites[i].key == KEY_ECDSA)
{
suites[remaining++] = suites[i];
break;
}
if (strcaseeq(token, "ecdhe-rsa") &&
- diffie_hellman_group_is_ec(suites[i].dh) &&
+ key_exchange_is_ecdh(suites[i].dh) &&
suites[i].key == KEY_RSA)
{
suites[remaining++] = suites[i];
break;
}
if (strcaseeq(token, "dhe-rsa") &&
- !diffie_hellman_group_is_ec(suites[i].dh) &&
+ !key_exchange_is_ecdh(suites[i].dh) &&
suites[i].dh != MODP_NONE &&
suites[i].key == KEY_RSA)
{
const proposal_token_t *tok;
tok = lib->proposal->get_token(lib->proposal, token);
- if (tok != NULL && tok->type == DIFFIE_HELLMAN_GROUP &&
+ if (tok != NULL && tok->type == KEY_EXCHANGE_METHOD &&
curve == tls_ec_group_to_curve(tok->algorithm))
{
enumerator->destroy(enumerator);
filter_suite(suites, count, offsetof(suite_algs_t, hash),
lib->crypto->create_hasher_enumerator);
filter_suite(suites, count, offsetof(suite_algs_t, dh),
- lib->crypto->create_dh_enumerator);
+ lib->crypto->create_ke_enumerator);
}
/**
* Mapping groups to TLS named curves
*/
static struct {
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
tls_named_group_t curve;
} curves[] = {
{ ECP_256_BIT, TLS_SECP256R1},
CALLBACK(group_filter, bool,
void *null, enumerator_t *orig, va_list args)
{
- diffie_hellman_group_t group, *group_out;
+ key_exchange_method_t group, *group_out;
tls_named_group_t curve, *curve_out;
char *plugin;
CALLBACK(config_filter, bool,
void *null, enumerator_t *orig, va_list args)
{
- diffie_hellman_group_t group, *group_out;
+ key_exchange_method_t group, *group_out;
tls_named_group_t curve, *curve_out;
VA_ARGS_VGET(args, group_out, curve_out);
{
return enumerator_create_filter(
enumerator_create_filter(
- lib->crypto->create_dh_enumerator(lib->crypto),
+ lib->crypto->create_ke_enumerator(lib->crypto),
group_filter, NULL, NULL),
config_filter, NULL, NULL);
}
* Check if the given ECDH group is supported or return the first one we
* actually do support.
*/
-static diffie_hellman_group_t supported_ec_group(private_tls_crypto_t *this,
- diffie_hellman_group_t orig)
+static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this,
+ key_exchange_method_t orig)
{
- diffie_hellman_group_t current, first = MODP_NONE;
+ key_exchange_method_t current, first = MODP_NONE;
enumerator_t *enumerator;
enumerator = create_ec_enumerator(this);
return first;
}
-METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
+METHOD(tls_crypto_t, get_dh_group, key_exchange_method_t,
private_tls_crypto_t *this)
{
suite_algs_t *algs;
algs = find_suite(this->suite);
if (algs)
{
- if (diffie_hellman_group_is_ec(algs->dh))
+ if (key_exchange_is_ecdh(algs->dh))
{
return supported_ec_group(this, algs->dh);
}
/**
* See header.
*/
-int tls_crypto_get_supported_groups(diffie_hellman_group_t **out)
+int tls_crypto_get_supported_groups(key_exchange_method_t **out)
{
enumerator_t *enumerator;
- diffie_hellman_group_t groups[countof(curves)];
- diffie_hellman_group_t group;
+ key_exchange_method_t groups[countof(curves)];
+ key_exchange_method_t group;
tls_named_group_t curve;
int count = 0, i;
enumerator = enumerator_create_filter(
- lib->crypto->create_dh_enumerator(lib->crypto),
+ lib->crypto->create_ke_enumerator(lib->crypto),
group_filter, NULL, NULL);
while (enumerator->enumerate(enumerator, &group, &curve))
if (out)
{
- *out = calloc(count, sizeof(diffie_hellman_group_t));
+ *out = calloc(count, sizeof(key_exchange_method_t));
for (i = 0; i < count; i++)
{
(*out)[i] = groups[i];
/**
* See header.
*/
-tls_named_group_t tls_ec_group_to_curve(diffie_hellman_group_t group)
+tls_named_group_t tls_ec_group_to_curve(key_exchange_method_t group)
{
int i;
/**
* Get the Diffie-Hellman group to use, if any.
*
- * @return Diffie Hellman group, ord MODP_NONE
+ * @return Diffie-Hellman group, or MODP_NONE
*/
- diffie_hellman_group_t (*get_dh_group)(tls_crypto_t *this);
+ key_exchange_method_t (*get_dh_group)(tls_crypto_t *this);
/**
* Write the list of supported signature schemes, either for certificates
/**
* Create an enumerator over supported ECDH groups.
*
- * Enumerates over (diffie_hellman_group_t, tls_named_group_t)
+ * Enumerates over (key_exchange_method_t, tls_named_group_t)
*
* @return enumerator
*/
* @param groups pointer to allocated DH group array, to free(), or NULL
* @return number of curves supported
*/
-int tls_crypto_get_supported_groups(diffie_hellman_group_t **groups);
+int tls_crypto_get_supported_groups(key_exchange_method_t **groups);
/**
* Get a list of all supported TLS signature schemes.
* @param group diffie hellman group indicator
* @return TLS group indicator
*/
-tls_named_group_t tls_ec_group_to_curve(diffie_hellman_group_t group);
+tls_named_group_t tls_ec_group_to_curve(key_exchange_method_t group);
/**
* Get the key type from a TLS signature scheme
/**
* DHE exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Requested DH group
};
/* Implemented in tls_server.c */
-bool tls_write_key_share(bio_writer_t **key_share, diffie_hellman_t *dh);
+bool tls_write_key_share(bio_writer_t **key_share, key_exchange_t *dh);
public_key_t *tls_find_public_key(auth_cfg_t *peer_auth, identification_t *id);
/**
uint16_t key_type)
{
enumerator_t *enumerator;
- diffie_hellman_group_t group, found = MODP_NONE;
+ key_exchange_method_t group, found = MODP_NONE;
tls_named_group_t curve;
enumerator = this->crypto->create_ec_enumerator(this->crypto);
DBG1(DBG_TLS, "server requested key exchange we didn't propose");
return FALSE;
}
- if (this->dh->get_dh_group(this->dh) == found)
+ if (this->dh->get_method(this->dh) == found)
{
DBG1(DBG_TLS, "server requested key exchange we already use");
return FALSE;
key_share = chunk_skip(key_share, 1);
}
if (!key_share.len ||
- !this->dh->set_other_public_value(this->dh, key_share) ||
+ !this->dh->set_public_key(this->dh, key_share) ||
!this->dh->get_shared_secret(this->dh, &shared_secret) ||
!this->crypto->derive_handshake_keys(this->crypto, shared_secret))
{
public->destroy(public);
free(chunk.ptr);
- this->dh = lib->crypto->create_dh(lib->crypto, MODP_CUSTOM,
+ this->dh = lib->crypto->create_ke(lib->crypto, MODP_CUSTOM,
generator, prime);
if (!this->dh)
{
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- if (!this->dh->set_other_public_value(this->dh, pub))
+ if (!this->dh->set_public_key(this->dh, pub))
{
DBG1(DBG_TLS, "applying DH public value failed");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
/**
* Get the EC group for a TLS named curve
*/
-static diffie_hellman_group_t curve_to_ec_group(private_tls_peer_t *this,
- tls_named_group_t curve)
+static key_exchange_method_t curve_to_ec_group(private_tls_peer_t *this,
+ tls_named_group_t curve)
{
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
tls_named_group_t current;
enumerator_t *enumerator;
static status_t process_ec_key_exchange(private_tls_peer_t *this,
bio_reader_t *reader)
{
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
public_key_t *public;
uint8_t type;
uint16_t curve;
public->destroy(public);
free(chunk.ptr);
- this->dh = lib->crypto->create_dh(lib->crypto, group);
+ this->dh = lib->crypto->create_ke(lib->crypto, group);
if (!this->dh)
{
DBG1(DBG_TLS, "DH group %N not supported",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, group);
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
pub = chunk_skip(pub, 1);
}
- if (!this->dh->set_other_public_value(this->dh, pub))
+ if (!this->dh->set_public_key(this->dh, pub))
{
DBG1(DBG_TLS, "applying DH public value failed");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
static status_t process_key_exchange(private_tls_peer_t *this,
bio_reader_t *reader)
{
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
this->crypto->append_handshake(this->crypto,
TLS_SERVER_KEY_EXCHANGE, reader->peek(reader));
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
return NEED_MORE;
}
- if (diffie_hellman_group_is_ec(group))
+ if (key_exchange_is_ecdh(group))
{
return process_ec_key_exchange(this, reader);
}
tls_cipher_suite_t *suites;
bio_writer_t *extensions, *curves = NULL, *versions, *key_share, *signatures;
tls_version_t version_max, version_min;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
tls_named_group_t curve;
enumerator_t *enumerator;
int count, i, v;
}
if (!this->dh)
{
- this->dh = lib->crypto->create_dh(lib->crypto, group);
+ this->dh = lib->crypto->create_ke(lib->crypto, group);
if (!this->dh)
{
continue;
}
chunk_clear(&premaster);
- if (!this->dh->get_my_public_value(this->dh, &pub))
+ if (!this->dh->get_public_key(this->dh, &pub))
{
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- switch (this->dh->get_dh_group(this->dh))
+ switch (this->dh->get_method(this->dh))
{
case MODP_CUSTOM:
writer->write_data16(writer, pub);
/**
* DHE exchange
*/
- diffie_hellman_t *dh;
+ key_exchange_t *dh;
/**
* Requested DH group
if (this->tls->get_version_max(this->tls) >= TLS_1_3)
{
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
tls_named_group_t curve, requesting_curve = 0;
enumerator_t *enumerator;
array_t *peer_key_shares;
{
DBG1(DBG_TLS, "using key exchange %N",
tls_named_group_names, curve);
- this->dh = lib->crypto->create_dh(lib->crypto, group);
+ this->dh = lib->crypto->create_ke(lib->crypto, group);
break;
}
}
peer.key_share = chunk_skip(peer.key_share, 1);
}
if (!peer.key_share.len ||
- !this->dh->set_other_public_value(this->dh, peer.key_share))
+ !this->dh->set_public_key(this->dh, peer.key_share))
{
DBG1(DBG_TLS, "DH key derivation failed");
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
bio_reader_t *reader)
{
chunk_t premaster, pub;
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
bool ec;
this->crypto->append_handshake(this->crypto,
TLS_CLIENT_KEY_EXCHANGE, reader->peek(reader));
- group = this->dh->get_dh_group(this->dh);
- ec = diffie_hellman_group_is_ec(group);
+ group = this->dh->get_method(this->dh);
+ ec = key_exchange_is_ecdh(group);
if ((ec && !reader->read_data8(reader, &pub)) ||
(!ec && (!reader->read_data16(reader, &pub) || pub.len == 0)))
{
}
pub = chunk_skip(pub, 1);
}
- if (!this->dh->set_other_public_value(this->dh, pub))
+ if (!this->dh->set_public_key(this->dh, pub))
{
DBG1(DBG_TLS, "applying DH public value failed");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
/**
* Write public key into key share extension
*/
-bool tls_write_key_share(bio_writer_t **key_share, diffie_hellman_t *dh)
+bool tls_write_key_share(bio_writer_t **key_share, key_exchange_t *dh)
{
bio_writer_t *writer;
tls_named_group_t curve;
{
return FALSE;
}
- curve = tls_ec_group_to_curve(dh->get_dh_group(dh));
- if (!curve || !dh->get_my_public_value(dh, &pub))
+ curve = tls_ec_group_to_curve(dh->get_method(dh));
+ if (!curve || !dh->get_public_key(dh, &pub))
{
return FALSE;
}
*/
static status_t send_server_key_exchange(private_tls_server_t *this,
tls_handshake_type_t *type, bio_writer_t *writer,
- diffie_hellman_group_t group)
+ key_exchange_method_t group)
{
diffie_hellman_params_t *params = NULL;
tls_named_group_t curve;
chunk_t chunk;
- if (diffie_hellman_group_is_ec(group))
+ if (key_exchange_is_ecdh(group))
{
curve = tls_ec_group_to_curve(group);
if (!curve || (!peer_supports_curve(this, curve) &&
if (!params)
{
DBG1(DBG_TLS, "no parameters found for DH group %N",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, group);
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- DBG2(DBG_TLS, "selected DH group %N", diffie_hellman_group_names, group);
+ DBG2(DBG_TLS, "selected DH group %N", key_exchange_method_names, group);
writer->write_data16(writer, params->prime);
writer->write_data16(writer, params->generator);
}
- this->dh = lib->crypto->create_dh(lib->crypto, group);
+ this->dh = lib->crypto->create_ke(lib->crypto, group);
if (!this->dh)
{
DBG1(DBG_TLS, "DH group %N not supported",
- diffie_hellman_group_names, group);
+ key_exchange_method_names, group);
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- if (!this->dh->get_my_public_value(this->dh, &chunk))
+ if (!this->dh->get_public_key(this->dh, &chunk))
{
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
METHOD(tls_handshake_t, build, status_t,
private_tls_server_t *this, tls_handshake_type_t *type, bio_writer_t *writer)
{
- diffie_hellman_group_t group;
+ key_exchange_method_t group;
if (this->tls->get_version_max(this->tls) < TLS_1_3)
{
static bool ecc_salt(TPM2B_PUBLIC *public, TPMI_ALG_HASH hash_alg,
chunk_t *secret, TPM2B_ENCRYPTED_SECRET *encryptedSalt)
{
- diffie_hellman_group_t ec_group;
- diffie_hellman_t *dh;
+ key_exchange_method_t ec_ke_method;
+ key_exchange_t *ke;
chunk_t ecdh_pubkey = chunk_empty, ecdh_pubkey_x, ecdh_pubkey_y;
chunk_t ecc_pubkey = chunk_empty, ecc_pubkey_x, ecc_pubkey_y;
chunk_t z = chunk_empty;
switch (public->publicArea.parameters.eccDetail.curveID)
{
case TPM2_ECC_NIST_P256:
- ec_group = ECP_256_BIT;
+ ec_ke_method = ECP_256_BIT;
break;
case TPM2_ECC_NIST_P384:
- ec_group = ECP_384_BIT;
+ ec_ke_method = ECP_384_BIT;
break;
case TPM2_ECC_NIST_P521:
- ec_group = ECP_521_BIT;
+ ec_ke_method = ECP_521_BIT;
break;
default:
DBG1(DBG_PTS, "type of ECC EK key not supported");
}
/* Generate ECDH key pair */
- dh = lib->crypto->create_dh(lib->crypto, ec_group);
- if (!dh)
+ ke = lib->crypto->create_ke(lib->crypto, ec_ke_method);
+ if (!ke)
{
DBG1(DBG_PTS, "DH group could not be created");
return FALSE;
}
- if (!dh->get_my_public_value(dh, &ecdh_pubkey))
+ if (!ke->get_public_key(ke, &ecdh_pubkey))
{
DBG1(DBG_PTS, "DH public key could not be generated");
- dh->destroy(dh);
+ ke->destroy(ke);
return FALSE;
}
ecdh_pubkey_x = chunk_create(ecdh_pubkey.ptr, ecdh_pubkey.len / 2);
ecc_pubkey = chunk_cat("cc", ecc_pubkey_x, ecc_pubkey_y);
/* compute point multiplication of ecc_pubkey with ecdh_privkey */
- if (!dh->set_other_public_value(dh, ecc_pubkey))
+ if (!ke->set_public_key(ke, ecc_pubkey))
{
DBG1(DBG_PTS, "ECC public could not be set");
goto error;
}
- if (!dh->get_shared_secret(dh, &z))
+ if (!ke->get_shared_secret(ke, &z))
{
DBG1(DBG_PTS, "could not create shared secret");
goto error;
success = TRUE;
error:
- dh->destroy(dh);
+ ke->destroy(ke);
chunk_free(&ecdh_pubkey);
chunk_free(&ecc_pubkey);
chunk_clear(&z);
projects / thirdparty / strongswan.git / commitdiff
