ecc: Added ECC Brainpool ECDH groups as registered with IANA

diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 1124ee6f76a0afd942ee82ea9d5c126d9e1a6ca4..3d319d2d4b0be42538c590bc8e8efca103d45e9d 100644 (file)
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -32,13 +32,17 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
        "ECP_256",
        "ECP_384",
        "ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
+ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
        "MODP_1024_160",
        "MODP_2048_224",
        "MODP_2048_256",
        "ECP_192",
-       "ECP_224");
-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_224_BIT,
+       "ECP_224",
+       "ECP_224_BP",
+       "ECP_256_BP",
+       "ECP_384_BP",
+       "ECP_512_BP");
+ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
        "MODP_NULL",
        "MODP_CUSTOM");
 ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
@@ -462,6 +466,10 @@ bool diffie_hellman_group_is_ec(diffie_hellman_group_t group)
                case ECP_521_BIT:
                case ECP_192_BIT:
                case ECP_224_BIT:
+               case ECP_224_BP:
+               case ECP_256_BP:
+               case ECP_384_BP:
+               case ECP_512_BP:
                        return TRUE;
                default:
                        return FALSE;

diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index cab3b1ba7532e093d9294ff107593f8f5b69ad31..edf6bbd6da74dc8601b07bd96d83da28b77b598f 100644 (file)
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -36,6 +36,7 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t;
  * See IKEv2 RFC 3.3.2 and RFC 3526.
  *
  * ECP groups are defined in RFC 4753 and RFC 5114.
+ * ECC Brainpool groups are defined in RFC 6954.
  */
 enum diffie_hellman_group_t {
        MODP_NONE     =  0,
@@ -55,6 +56,10 @@ enum diffie_hellman_group_t {
        MODP_2048_256 = 24,
        ECP_192_BIT   = 25,
        ECP_224_BIT   = 26,
+       ECP_224_BP    = 27,
+       ECP_256_BP    = 28,
+       ECP_384_BP    = 29,
+       ECP_512_BP    = 30,
        /** insecure NULL diffie hellman group for testing, in PRIVATE USE */
        MODP_NULL = 1024,
        /** MODP group with custom generator/prime */

diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 445438f039f7b84ae23c79ef13fd5e309f8212a2..c484320cacfa15b81141af428c3bc3ac4cdeacc2 100644 (file)
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -157,5 +157,9 @@ ecp521,           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,               0
 modp1024s160,     DIFFIE_HELLMAN_GROUP, MODP_1024_160,             0
 modp2048s224,     DIFFIE_HELLMAN_GROUP, MODP_2048_224,             0
 modp2048s256,     DIFFIE_HELLMAN_GROUP, MODP_2048_256,             0
+ecp224bp,         DIFFIE_HELLMAN_GROUP, ECP_224_BP,                0
+ecp256bp,         DIFFIE_HELLMAN_GROUP, ECP_256_BP,                0
+ecp384bp,         DIFFIE_HELLMAN_GROUP, ECP_384_BP,                0
+ecp512bp,         DIFFIE_HELLMAN_GROUP, ECP_512_BP,                0
 noesn,            EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,   0
 esn,              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0