{
enumerator_t *enumerator;
proposal_t *proposal;
- uint16_t method = MODP_NONE;
+ uint16_t method = KE_NONE;
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal))
{
enumerator_t *enumerator;
proposal_t *proposal;
- uint16_t method = MODP_NONE;
+ uint16_t method = KE_NONE;
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal))
.destroy = _destroy,
},
.next_payload = PL_NONE,
- .ke_method = MODP_NONE,
+ .ke_method = KE_NONE,
.type = type,
);
this->payload_length = get_header_length(this);
message->add_payload(message, &sa_payload->payload_interface);
group = this->ike_cfg->get_ke_method(this->ike_cfg);
- if (group == MODP_NONE)
+ if (group == KE_NONE)
{
DBG1(DBG_IKE, "DH group selection failed");
return FAILED;
/**
* Prepare a list of proposals from child_config containing only the specified
- * DH group, unless it is set to MODP_NONE.
+ * DH group, unless it is set to KE_NONE.
*/
static linked_list_t *get_proposals(private_quick_mode_t *this,
key_exchange_method_t group)
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &proposal))
{
- if (group != MODP_NONE)
+ if (group != KE_NONE)
{
if (!proposal->has_ke_method(proposal, group))
{
}
group = this->config->get_ke_method(this->config);
- if (group != MODP_NONE)
+ if (group != KE_NONE)
{
proposal_t *proposal;
uint16_t preferred_group;
}
else
{
- list = get_proposals(this, MODP_NONE);
+ list = get_proposals(this, KE_NONE);
}
get_lifetimes(this);
{
return FAILED;
}
- if (group != MODP_NONE)
+ if (group != KE_NONE)
{
if (!add_ke(this, message))
{
proposal->set_spi(proposal, this->my_spi);
/* move the selected DH group to the front, if any */
- if (this->dh_group != MODP_NONE)
+ if (this->dh_group != KE_NONE)
{ /* proposals that don't contain the selected group are
* moved to the back */
if (!proposal->promote_ke_method(proposal, this->dh_group))
enumerator->destroy(enumerator);
other_dh_groups->destroy(other_dh_groups);
- return this->dh_group == MODP_NONE || found;
+ return this->dh_group == KE_NONE || found;
}
/**
DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal");
DESTROY_IF(this->dh);
this->dh = NULL;
- this->dh_group = MODP_NONE;
+ this->dh_group = KE_NONE;
}
if (this->initiator)
message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
return SUCCESS;
}
- if (!this->retry && this->dh_group == MODP_NONE)
+ if (!this->retry && this->dh_group == KE_NONE)
{ /* during a rekeying the group might already be set */
this->dh_group = this->config->get_ke_method(this->config);
}
}
this->proposals = this->config->get_proposals(this->config,
- this->dh_group == MODP_NONE);
+ this->dh_group == KE_NONE);
this->mode = this->config->get_mode(this->config);
this->child.if_id_in_def = this->ike_sa->get_if_id(this->ike_sa, TRUE);
return FAILED;
}
- if (this->dh_group != MODP_NONE)
+ if (this->dh_group != KE_NONE)
{
this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
this->dh_group);
case INVALID_KE_PAYLOAD:
{
chunk_t data;
- uint16_t group = MODP_NONE;
+ uint16_t group = KE_NONE;
data = notify->get_notification_data(notify);
if (data.len == sizeof(group))
}
if (!this->rekey && !this->retry)
{
- this->dh_group = MODP_NONE;
+ this->dh_group = KE_NONE;
}
this->ike_sa = ike_sa;
this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
.config = config,
.packet_tsi = tsi ? tsi->clone(tsi) : NULL,
.packet_tsr = tsr ? tsr->clone(tsr) : NULL,
- .dh_group = MODP_NONE,
+ .dh_group = KE_NONE,
.keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
.mode = MODE_TUNNEL,
.tfcv3 = TRUE,
},
.ike_sa = ike_sa,
.initiator = initiator,
- .dh_group = MODP_NONE,
+ .dh_group = KE_NONE,
.keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
.old_sa = old_sa,
.signature_authentication = lib->settings->get_bool(lib->settings,
case PTS_DH_GROUP_IKE20:
return ECP_384_BIT;
default:
- return MODP_NONE;
+ return KE_NONE;
}
}
#include "key_exchange.h"
-ENUM_BEGIN(key_exchange_method_names, MODP_NONE, MODP_1024_BIT,
- "MODP_NONE",
+ENUM_BEGIN(key_exchange_method_names, KE_NONE, MODP_1024_BIT,
+ "KE_NONE",
"MODP_768",
"MODP_1024");
ENUM_NEXT(key_exchange_method_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
"MODP_CUSTOM");
ENUM_END(key_exchange_method_names, MODP_CUSTOM);
-ENUM_BEGIN(key_exchange_method_names_short, MODP_NONE, MODP_1024_BIT,
- "modpnone",
+ENUM_BEGIN(key_exchange_method_names_short, KE_NONE, MODP_1024_BIT,
+ "none",
"modp768",
"modp1024");
ENUM_NEXT(key_exchange_method_names_short, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
case MODP_CUSTOM:
valid = TRUE;
break;
- case MODP_NONE:
+ case KE_NONE:
/* fail */
break;
/* compile-warn unhandled methods, fail verification */
* Curve25519 and Curve448 groups are defined in RFC 8031.
*/
enum key_exchange_method_t {
- MODP_NONE = 0,
+ KE_NONE = 0,
MODP_768_BIT = 1,
MODP_1024_BIT = 2,
MODP_1536_BIT = 5,
}
enumerator->destroy(enumerator);
- if (!any && ke == MODP_NONE)
+ if (!any && ke == KE_NONE)
{
found = TRUE;
}
DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals");
return FALSE;
}
- /* remove MODP_NONE from IKE proposal */
+ /* remove KE_NONE from IKE proposal */
e = array_create_enumerator(this->transforms);
while (e->enumerate(e, &entry))
{
prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0
prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0
prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0
-modpnone, KEY_EXCHANGE_METHOD, MODP_NONE, 0
+none, KEY_EXCHANGE_METHOD, KE_NONE, 0
+modpnone, KEY_EXCHANGE_METHOD, KE_NONE, 0
modpnull, KEY_EXCHANGE_METHOD, MODP_NULL, 0
modp768, KEY_EXCHANGE_METHOD, MODP_768_BIT, 0
modp1024, KEY_EXCHANGE_METHOD, MODP_1024_BIT, 0
} data[4];
} ke_data[] = {
{ NULL, NULL, {
- { MODP_NONE, NULL, NULL }
+ { KE_NONE, NULL, NULL }
}},
{ "plugin1", NULL, {
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
- { MODP_NONE, NULL, NULL }
+ { KE_NONE, NULL, NULL }
}},
{ "plugin1", NULL, {
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_1024_BIT, ke_create_modp1024_second, "plugin2" },
- { MODP_NONE, NULL, NULL }
+ { KE_NONE, NULL, NULL }
}},
{ "plugin2", NULL, {
{ MODP_1024_BIT, ke_create_modp1024_second, "plugin2" },
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
- { MODP_NONE, NULL, NULL }
+ { KE_NONE, NULL, NULL }
}},
{ "plugin1", "plugin1", {
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
- { MODP_NONE, NULL }
+ { KE_NONE, NULL }
}},
{ "plugin1", "plugin1", {
{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
- { MODP_NONE, NULL }
+ { KE_NONE, NULL }
}},
{ "plugin1", "plugin1", {
{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
{ MODP_2048_BIT, ke_create_modp2048_second, "plugin2" },
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
- { MODP_NONE, NULL }
+ { KE_NONE, NULL }
}},
{ "plugin1", "plugin2", {
{ MODP_2048_BIT, ke_create_modp2048_second, "plugin2" },
{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
- { MODP_NONE, NULL }
+ { KE_NONE, NULL }
}},
};
factory = crypto_factory_create();
- for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++)
+ for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++)
{
ck_assert(factory->add_ke(factory, ke_data[_i].data[i].ke,
ke_data[_i].data[i].plugin,
}
}
ck_assert(!enumerator->enumerate(enumerator));
- ck_assert_int_eq(ke_data[_i].data[i].ke, MODP_NONE);
+ ck_assert_int_eq(ke_data[_i].data[i].ke, KE_NONE);
enumerator->destroy(enumerator);
- for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++)
+ for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++)
{
factory->remove_ke(factory, ke_data[_i].data[i].create);
}
{ PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
{ PROTO_IKE, "aes128", NULL },
{ PROTO_IKE, "aes128-sha256", NULL },
- { PROTO_IKE, "aes128-sha256-modpnone", NULL },
+ { PROTO_IKE, "aes128-sha256-none", NULL },
{ PROTO_IKE, "aes128-prfsha256", NULL },
{ PROTO_IKE, "aes128-prfsha256-modp2048", NULL },
{ PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-ecp256", "aes128-sha256", PROPOSAL_SKIP_KE },
- { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
- { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
- { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
- { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
- { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
- { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-none", NULL },
+ { PROTO_ESP, "aes128-sha256-none", "aes128-sha256-modp3072", NULL },
+ { PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-none", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256-none-modp3072", "aes128-sha256-modp3072" },
+ { PROTO_ESP, "aes128-sha256-none-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256" },
{ PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
{ PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL },
{ PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
{ PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" },
{ PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" },
{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
- { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
- { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
+ { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256-modp3072" },
+ { PROTO_IKE, "aes128-sha256-modp3072-none", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
};
START_TEST(test_select)
*/
static suite_algs_t suite_algs[] = {
/* Cipher suites of TLS 1.3: key exchange and authentication
- * delegated to extensions, therefore KEY_ANY, MODP_NONE, PRF_UNDEFINED */
+ * delegated to extensions, therefore KEY_ANY, KE_NONE, PRF_UNDEFINED */
{ TLS_AES_256_GCM_SHA384,
- KEY_ANY, MODP_NONE,
+ KEY_ANY, KE_NONE,
HASH_SHA384, PRF_UNDEFINED,
AUTH_HMAC_SHA2_384_384, ENCR_AES_GCM_ICV16, 32,
TLS_1_3, TLS_1_3,
},
{ TLS_AES_128_GCM_SHA256,
- KEY_ANY, MODP_NONE,
+ KEY_ANY, KE_NONE,
HASH_SHA256, PRF_UNDEFINED,
AUTH_HMAC_SHA2_256_256, ENCR_AES_GCM_ICV16, 16,
TLS_1_3, TLS_1_3,
},
{ TLS_CHACHA20_POLY1305_SHA256,
- KEY_ANY, MODP_NONE,
+ KEY_ANY, KE_NONE,
HASH_SHA256, PRF_UNDEFINED,
AUTH_HMAC_SHA2_256_256, ENCR_CHACHA20_POLY1305, 32,
TLS_1_3, TLS_1_3,
},
{ TLS_AES_128_CCM_SHA256,
- KEY_ANY, MODP_NONE,
+ KEY_ANY, KE_NONE,
HASH_SHA256, PRF_UNDEFINED,
AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV16, 16,
TLS_1_3, TLS_1_3,
},
{ TLS_AES_128_CCM_8_SHA256,
- KEY_ANY, MODP_NONE,
+ KEY_ANY, KE_NONE,
HASH_SHA256, PRF_UNDEFINED,
AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV8, 16,
TLS_1_3, TLS_1_3,
SSL_3_0, TLS_1_2,
},
{ TLS_RSA_WITH_AES_256_GCM_SHA384,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA384, PRF_HMAC_SHA2_384,
AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_AES_256_CBC_SHA256,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_AES_256_CBC_SHA,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32,
SSL_3_0, TLS_1_2,
},
{ TLS_RSA_WITH_AES_128_GCM_SHA256,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_AES_128_CBC_SHA256,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_AES_128_CBC_SHA,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16,
SSL_3_0, TLS_1_2,
},
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32,
SSL_3_0, TLS_1_2,
},
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16,
SSL_3_0, TLS_1_2,
TLS_1_0, TLS_1_2,
},
{ TLS_RSA_WITH_NULL_SHA256,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0,
TLS_1_2, TLS_1_2,
},
{ TLS_RSA_WITH_NULL_SHA,
- KEY_RSA, MODP_NONE,
+ KEY_RSA, KE_NONE,
HASH_SHA256, PRF_HMAC_SHA2_256,
AUTH_HMAC_SHA1_160, ENCR_NULL, 0,
SSL_3_0, TLS_1_2,
}
if (current.dh && current.dh != suites[i].dh)
{
- if (suites[i].dh != MODP_NONE &&
+ if (suites[i].dh != KE_NONE &&
!(key_exchange_is_ecdh(current.dh) &&
key_exchange_is_ecdh(suites[i].dh)))
{ /* skip DH group, does not match nor NONE nor both ECDH */
}
if (strcaseeq(token, "dhe-rsa") &&
!key_exchange_is_ecdh(suites[i].dh) &&
- suites[i].dh != MODP_NONE &&
+ suites[i].dh != KE_NONE &&
suites[i].key == KEY_RSA)
{
suites[remaining++] = suites[i];
break;
}
if (strcaseeq(token, "rsa") &&
- suites[i].dh == MODP_NONE &&
+ suites[i].dh == KE_NONE &&
suites[i].key == KEY_RSA)
{
suites[remaining++] = suites[i];
static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this,
key_exchange_method_t orig)
{
- key_exchange_method_t current, first = MODP_NONE;
+ key_exchange_method_t current, first = KE_NONE;
enumerator_t *enumerator;
enumerator = create_ec_enumerator(this);
enumerator->destroy(enumerator);
return orig;
}
- else if (first == MODP_NONE)
+ else if (first == KE_NONE)
{
first = current;
}
}
return algs->dh;
}
- return MODP_NONE;
+ return KE_NONE;
}
METHOD(tls_crypto_t, set_protection, void,
/**
* Get the Diffie-Hellman group to use, if any.
*
- * @return Diffie-Hellman group, or MODP_NONE
+ * @return Diffie-Hellman group, or KE_NONE
*/
key_exchange_method_t (*get_dh_group)(tls_crypto_t *this);
uint16_t key_type)
{
enumerator_t *enumerator;
- key_exchange_method_t group, found = MODP_NONE;
+ key_exchange_method_t group, found = KE_NONE;
tls_named_group_t curve;
enumerator = this->crypto->create_ec_enumerator(this->crypto);
}
enumerator->destroy(enumerator);
- if (found == MODP_NONE)
+ if (found == KE_NONE)
{
DBG1(DBG_TLS, "server requested key exchange we didn't propose");
return FALSE;
TLS_SERVER_KEY_EXCHANGE, reader->peek(reader));
group = this->crypto->get_dh_group(this->crypto);
- if (group == MODP_NONE)
+ if (group == KE_NONE)
{
DBG1(DBG_TLS, "received Server Key Exchange, but not required "
"for current suite");
projects / thirdparty / strongswan.git / commitdiff
