/*
- * Copyright (C) 2010-2020 Tobias Brunner
+ * Copyright (C) 2016-2024 Andreas Steffen
+ * Copyright (C) 2010-2024 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
*
"ECP_256",
"ECP_384",
"ECP_521");
-ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
+ENUM_NEXT(key_exchange_method_names, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
"MODP_1024_160",
"MODP_2048_224",
"MODP_2048_256",
"ECP_384_BP",
"ECP_512_BP",
"CURVE_25519",
- "CURVE_448");
-ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, CURVE_448,
+ "CURVE_448",
+ "GOST3410_256",
+ "GOST3410_512",
+ "ML_KEM_512",
+ "ML_KEM_768",
+ "ML_KEM_1024");
+ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, ML_KEM_1024,
"MODP_NULL");
ENUM_NEXT(key_exchange_method_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
"NTRU_112",
"ecp256",
"ecp384",
"ecp521");
-ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT,
+ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
"modp1024s160",
"modp2048s224",
"modp2048s256",
"ecp384bp",
"ecp512bp",
"curve25519",
- "curve448");
-ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, CURVE_448,
+ "curve448",
+ "gost256",
+ "gost512",
+ "mlkem512",
+ "mlkem768",
+ "mlkem1024");
+ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, ML_KEM_1024,
"modpnull");
ENUM_NEXT(key_exchange_method_names_short, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
"ntru112",
case ECP_512_BP:
case CURVE_25519:
case CURVE_448:
+ case GOST3410_256:
+ case GOST3410_512:
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
+
+/*
+ * Described in header
+ */
+bool key_exchange_is_kem(key_exchange_method_t ke)
+{
+ switch (ke)
+ {
+ case ML_KEM_512:
+ case ML_KEM_768:
+ case ML_KEM_1024:
return TRUE;
default:
return FALSE;
case CURVE_448:
valid = value.len == 56;
break;
+ case GOST3410_256:
+ valid = value.len == 64;
+ break;
+ case GOST3410_512:
+ valid = value.len == 128;
+ break;
case NTRU_112_BIT:
case NTRU_128_BIT:
case NTRU_192_BIT:
case NTRU_256_BIT:
case NH_128_BIT:
+ case ML_KEM_512:
+ case ML_KEM_768:
+ case ML_KEM_1024:
/* verification currently not supported, do in plugin */
valid = FALSE;
break;
/*
- * Copyright (C) 2010-2020 Tobias Brunner
+ * Copyright (C) 2016-2024 Andreas Steffen
+ * Copyright (C) 2010-2024 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
*
* ECP groups are defined in RFC 4753 and RFC 5114.
* ECC Brainpool groups are defined in RFC 6954.
* Curve25519 and Curve448 groups are defined in RFC 8031.
+ * GOST R 34.10-2012 groups are defined in RFC 9385.
+ * ML-KEM methods are defined in draft-ipsecme-ml-kem-ikev2.
*/
enum key_exchange_method_t {
KE_NONE = 0,
ECP_512_BP = 30,
CURVE_25519 = 31,
CURVE_448 = 32,
+ GOST3410_256 = 33,
+ GOST3410_512 = 34,
+ ML_KEM_512 = 35,
+ ML_KEM_768 = 36,
+ ML_KEM_1024 = 37,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
- MODP_NULL = 1024,
- /** MODP group with custom generator/prime */
+ MODP_NULL = 1024,
/** Parameters defined by IEEE 1363.1, in PRIVATE USE */
- NTRU_112_BIT = 1030,
- NTRU_128_BIT = 1031,
- NTRU_192_BIT = 1032,
- NTRU_256_BIT = 1033,
- NH_128_BIT = 1040,
+ NTRU_112_BIT = 1030,
+ NTRU_128_BIT = 1031,
+ NTRU_192_BIT = 1032,
+ NTRU_256_BIT = 1033,
+ NH_128_BIT = 1040,
+ /** MODP group with custom generator/prime */
/** internally used DH group with additional parameters g and p, outside
* of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
- MODP_CUSTOM = 65536,
+ MODP_CUSTOM = 65536,
};
/**
__attribute__((warn_unused_result));
/**
- * Sets the public key from the peer.
+ * Sets the public key received from the peer.
*
* @note This operation should be relatively quick. Costly public key
* validation operations or key derivation should be implemented in
*/
bool key_exchange_is_ecdh(key_exchange_method_t ke);
+/**
+ * Check if the key exchange method is a Key Encapsulation Mechanism (KEM).
+ *
+ * @return TRUE if KEM used
+ */
+bool key_exchange_is_kem(key_exchange_method_t ke);
+
/**
* Check if a public key is valid for given key exchange method.
*
x25519, KEY_EXCHANGE_METHOD, CURVE_25519, 0
curve448, KEY_EXCHANGE_METHOD, CURVE_448, 0
x448, KEY_EXCHANGE_METHOD, CURVE_448, 0
+gost256, KEY_EXCHANGE_METHOD, GOST3410_256, 0
+gost512, KEY_EXCHANGE_METHOD, GOST3410_512, 0
+mlkem512, KEY_EXCHANGE_METHOD, ML_KEM_512, 0
+mlkem768, KEY_EXCHANGE_METHOD, ML_KEM_768, 0
+mlkem1024, KEY_EXCHANGE_METHOD, ML_KEM_1024, 0
ntru112, KEY_EXCHANGE_METHOD, NTRU_112_BIT, 0
ntru128, KEY_EXCHANGE_METHOD, NTRU_128_BIT, 0
ntru192, KEY_EXCHANGE_METHOD, NTRU_192_BIT, 0
projects / thirdparty / strongswan.git / commitdiff
