From: Andreas Steffen Date: Thu, 1 Jul 2021 17:42:55 +0000 (+0200) Subject: Rename MODP_NONE to KE_NONE X-Git-Tag: 5.9.7dr2~1^2~35 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b7c167f97216a3b8ca1766fa288bf5622f5e8774;p=thirdparty%2Fstrongswan.git Rename MODP_NONE to KE_NONE --- diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index a5b47547e3..986d6106bd 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -489,7 +489,7 @@ METHOD(child_cfg_t, get_ke_method, key_exchange_method_t, { enumerator_t *enumerator; proposal_t *proposal; - uint16_t method = MODP_NONE; + uint16_t method = KE_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index c6ac5dcbc2..cb60e7ffdf 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -353,7 +353,7 @@ METHOD(ike_cfg_t, get_ke_method, key_exchange_method_t, { enumerator_t *enumerator; proposal_t *proposal; - uint16_t method = MODP_NONE; + uint16_t method = KE_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 65de372730..565654dd3c 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -234,7 +234,7 @@ ke_payload_t *ke_payload_create(payload_type_t type) .destroy = _destroy, }, .next_payload = PL_NONE, - .ke_method = MODP_NONE, + .ke_method = KE_NONE, .type = type, ); this->payload_length = get_header_length(this); diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index fea564f172..b65ee98a38 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -253,7 +253,7 @@ METHOD(task_t, build_i, status_t, message->add_payload(message, &sa_payload->payload_interface); group = this->ike_cfg->get_ke_method(this->ike_cfg); - if (group == MODP_NONE) + if (group == KE_NONE) { DBG1(DBG_IKE, "DH group selection failed"); return FAILED; diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 0fed96e95b..84c4d79556 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -782,7 +782,7 @@ static status_t send_notify(private_quick_mode_t *this, notify_type_t type) /** * Prepare a list of proposals from child_config containing only the specified - * DH group, unless it is set to MODP_NONE. + * DH group, unless it is set to KE_NONE. */ static linked_list_t *get_proposals(private_quick_mode_t *this, key_exchange_method_t group) @@ -795,7 +795,7 @@ static linked_list_t *get_proposals(private_quick_mode_t *this, enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &proposal)) { - if (group != MODP_NONE) + if (group != KE_NONE) { if (!proposal->has_ke_method(proposal, group)) { @@ -867,7 +867,7 @@ METHOD(task_t, build_i, status_t, } group = this->config->get_ke_method(this->config); - if (group != MODP_NONE) + if (group != KE_NONE) { proposal_t *proposal; uint16_t preferred_group; @@ -900,7 +900,7 @@ METHOD(task_t, build_i, status_t, } else { - list = get_proposals(this, MODP_NONE); + list = get_proposals(this, KE_NONE); } get_lifetimes(this); @@ -915,7 +915,7 @@ METHOD(task_t, build_i, status_t, { return FAILED; } - if (group != MODP_NONE) + if (group != KE_NONE) { if (!add_ke(this, message)) { diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index e6b2a9318a..ddc0df798b 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -325,7 +325,7 @@ static bool update_and_check_proposals(private_child_create_t *this) proposal->set_spi(proposal, this->my_spi); /* move the selected DH group to the front, if any */ - if (this->dh_group != MODP_NONE) + if (this->dh_group != KE_NONE) { /* proposals that don't contain the selected group are * moved to the back */ if (!proposal->promote_ke_method(proposal, this->dh_group)) @@ -348,7 +348,7 @@ static bool update_and_check_proposals(private_child_create_t *this) enumerator->destroy(enumerator); other_dh_groups->destroy(other_dh_groups); - return this->dh_group == MODP_NONE || found; + return this->dh_group == KE_NONE || found; } /** @@ -571,7 +571,7 @@ static status_t select_and_install(private_child_create_t *this, DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal"); DESTROY_IF(this->dh); this->dh = NULL; - this->dh_group = MODP_NONE; + this->dh_group = KE_NONE; } if (this->initiator) @@ -1156,7 +1156,7 @@ METHOD(task_t, build_i, status_t, message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED); return SUCCESS; } - if (!this->retry && this->dh_group == MODP_NONE) + if (!this->retry && this->dh_group == KE_NONE) { /* during a rekeying the group might already be set */ this->dh_group = this->config->get_ke_method(this->config); } @@ -1245,7 +1245,7 @@ METHOD(task_t, build_i, status_t, } this->proposals = this->config->get_proposals(this->config, - this->dh_group == MODP_NONE); + this->dh_group == KE_NONE); this->mode = this->config->get_mode(this->config); this->child.if_id_in_def = this->ike_sa->get_if_id(this->ike_sa, TRUE); @@ -1292,7 +1292,7 @@ METHOD(task_t, build_i, status_t, return FAILED; } - if (this->dh_group != MODP_NONE) + if (this->dh_group != KE_NONE) { this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat, this->dh_group); @@ -1819,7 +1819,7 @@ METHOD(task_t, process_i, status_t, case INVALID_KE_PAYLOAD: { chunk_t data; - uint16_t group = MODP_NONE; + uint16_t group = KE_NONE; data = notify->get_notification_data(notify); if (data.len == sizeof(group)) @@ -2016,7 +2016,7 @@ METHOD(task_t, migrate, void, } if (!this->rekey && !this->retry) { - this->dh_group = MODP_NONE; + this->dh_group = KE_NONE; } this->ike_sa = ike_sa; this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); @@ -2102,7 +2102,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, .config = config, .packet_tsi = tsi ? tsi->clone(tsi) : NULL, .packet_tsr = tsr ? tsr->clone(tsr) : NULL, - .dh_group = MODP_NONE, + .dh_group = KE_NONE, .keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa), .mode = MODE_TUNNEL, .tfcv3 = TRUE, diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 29f3ccc405..f5c5482876 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -1146,7 +1146,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) }, .ike_sa = ike_sa, .initiator = initiator, - .dh_group = MODP_NONE, + .dh_group = KE_NONE, .keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa), .old_sa = old_sa, .signature_authentication = lib->settings->get_bool(lib->settings, diff --git a/src/libimcv/pts/pts_dh_group.c b/src/libimcv/pts/pts_dh_group.c index f57547eb68..91b5f2bfe4 100644 --- a/src/libimcv/pts/pts_dh_group.c +++ b/src/libimcv/pts/pts_dh_group.c @@ -180,6 +180,6 @@ key_exchange_method_t pts_dh_group_to_ike(pts_dh_group_t dh_group) case PTS_DH_GROUP_IKE20: return ECP_384_BIT; default: - return MODP_NONE; + return KE_NONE; } } diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c index 91f355222f..d672ec7e8f 100644 --- a/src/libstrongswan/crypto/key_exchange.c +++ b/src/libstrongswan/crypto/key_exchange.c @@ -18,8 +18,8 @@ #include "key_exchange.h" -ENUM_BEGIN(key_exchange_method_names, MODP_NONE, MODP_1024_BIT, - "MODP_NONE", +ENUM_BEGIN(key_exchange_method_names, KE_NONE, MODP_1024_BIT, + "KE_NONE", "MODP_768", "MODP_1024"); ENUM_NEXT(key_exchange_method_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT, @@ -58,8 +58,8 @@ ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT, "MODP_CUSTOM"); ENUM_END(key_exchange_method_names, MODP_CUSTOM); -ENUM_BEGIN(key_exchange_method_names_short, MODP_NONE, MODP_1024_BIT, - "modpnone", +ENUM_BEGIN(key_exchange_method_names_short, KE_NONE, MODP_1024_BIT, + "none", "modp768", "modp1024"); ENUM_NEXT(key_exchange_method_names_short, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT, @@ -607,7 +607,7 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value) case MODP_CUSTOM: valid = TRUE; break; - case MODP_NONE: + case KE_NONE: /* fail */ break; /* compile-warn unhandled methods, fail verification */ diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h index 48f86e3b6e..b55ed558ed 100644 --- a/src/libstrongswan/crypto/key_exchange.h +++ b/src/libstrongswan/crypto/key_exchange.h @@ -41,7 +41,7 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t; * Curve25519 and Curve448 groups are defined in RFC 8031. */ enum key_exchange_method_t { - MODP_NONE = 0, + KE_NONE = 0, MODP_768_BIT = 1, MODP_1024_BIT = 2, MODP_1536_BIT = 5, diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index 655409a34d..3ecba9fb29 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -271,7 +271,7 @@ METHOD(proposal_t, has_ke_method, bool, } enumerator->destroy(enumerator); - if (!any && ke == MODP_NONE) + if (!any && ke == KE_NONE) { found = TRUE; } @@ -692,7 +692,7 @@ static bool check_proposal(private_proposal_t *this) DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals"); return FALSE; } - /* remove MODP_NONE from IKE proposal */ + /* remove KE_NONE from IKE proposal */ e = array_create_enumerator(this->transforms); while (e->enumerate(e, &entry)) { diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index d6cc5cfb19..8456fe4ea0 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -149,7 +149,8 @@ prfmd5, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0 prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0 prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0 prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0 -modpnone, KEY_EXCHANGE_METHOD, MODP_NONE, 0 +none, KEY_EXCHANGE_METHOD, KE_NONE, 0 +modpnone, KEY_EXCHANGE_METHOD, KE_NONE, 0 modpnull, KEY_EXCHANGE_METHOD, MODP_NULL, 0 modp768, KEY_EXCHANGE_METHOD, MODP_768_BIT, 0 modp1024, KEY_EXCHANGE_METHOD, MODP_1024_BIT, 0 diff --git a/src/libstrongswan/tests/suites/test_crypto_factory.c b/src/libstrongswan/tests/suites/test_crypto_factory.c index 2b4bf1a84d..48db5d811a 100644 --- a/src/libstrongswan/tests/suites/test_crypto_factory.c +++ b/src/libstrongswan/tests/suites/test_crypto_factory.c @@ -182,43 +182,43 @@ static struct { } data[4]; } ke_data[] = { { NULL, NULL, { - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin1", NULL, { { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin1", NULL, { { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, { MODP_1024_BIT, ke_create_modp1024_second, "plugin2" }, - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin2", NULL, { { MODP_1024_BIT, ke_create_modp1024_second, "plugin2" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin1", "plugin1", { { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, { "plugin1", "plugin1", { { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, { "plugin1", "plugin1", { { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, { MODP_2048_BIT, ke_create_modp2048_second, "plugin2" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, { "plugin1", "plugin2", { { MODP_2048_BIT, ke_create_modp2048_second, "plugin2" }, { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, }; @@ -249,7 +249,7 @@ START_TEST(test_create_ke) factory = crypto_factory_create(); - for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++) + for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++) { ck_assert(factory->add_ke(factory, ke_data[_i].data[i].ke, ke_data[_i].data[i].plugin, @@ -283,10 +283,10 @@ START_TEST(test_create_ke) } } ck_assert(!enumerator->enumerate(enumerator)); - ck_assert_int_eq(ke_data[_i].data[i].ke, MODP_NONE); + ck_assert_int_eq(ke_data[_i].data[i].ke, KE_NONE); enumerator->destroy(enumerator); - for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++) + for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++) { factory->remove_ke(factory, ke_data[_i].data[i].create); } diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c index fa4e402901..7827b1bccc 100644 --- a/src/libstrongswan/tests/suites/test_proposal.c +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -55,7 +55,7 @@ static struct { { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, { PROTO_IKE, "aes128", NULL }, { PROTO_IKE, "aes128-sha256", NULL }, - { PROTO_IKE, "aes128-sha256-modpnone", NULL }, + { PROTO_IKE, "aes128-sha256-none", NULL }, { PROTO_IKE, "aes128-prfsha256", NULL }, { PROTO_IKE, "aes128-prfsha256-modp2048", NULL }, { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, @@ -129,20 +129,20 @@ static struct { { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE }, { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE }, { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-ecp256", "aes128-sha256", PROPOSAL_SKIP_KE }, - { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, - { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, - { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, - { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, - { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, - { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-none", NULL }, + { PROTO_ESP, "aes128-sha256-none", "aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-none", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256-none-modp3072", "aes128-sha256-modp3072" }, + { PROTO_ESP, "aes128-sha256-none-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, { PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL }, { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" }, { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, - { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, - { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072-none", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, }; START_TEST(test_select) diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 895f2aedb9..cb0e003c94 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -508,33 +508,33 @@ typedef struct { */ static suite_algs_t suite_algs[] = { /* Cipher suites of TLS 1.3: key exchange and authentication - * delegated to extensions, therefore KEY_ANY, MODP_NONE, PRF_UNDEFINED */ + * delegated to extensions, therefore KEY_ANY, KE_NONE, PRF_UNDEFINED */ { TLS_AES_256_GCM_SHA384, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA384, PRF_UNDEFINED, AUTH_HMAC_SHA2_384_384, ENCR_AES_GCM_ICV16, 32, TLS_1_3, TLS_1_3, }, { TLS_AES_128_GCM_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_AES_GCM_ICV16, 16, TLS_1_3, TLS_1_3, }, { TLS_CHACHA20_POLY1305_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_CHACHA20_POLY1305, 32, TLS_1_3, TLS_1_3, }, { TLS_AES_128_CCM_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV16, 16, TLS_1_3, TLS_1_3, }, { TLS_AES_128_CCM_8_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV8, 16, TLS_1_3, TLS_1_3, @@ -673,61 +673,61 @@ static suite_algs_t suite_algs[] = { SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_AES_256_GCM_SHA384, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA384, PRF_HMAC_SHA2_384, AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_256_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_256_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32, SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_AES_128_GCM_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_128_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_128_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16, SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32, SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16, SSL_3_0, TLS_1_2, @@ -745,13 +745,13 @@ static suite_algs_t suite_algs[] = { TLS_1_0, TLS_1_2, }, { TLS_RSA_WITH_NULL_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_NULL_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_NULL, 0, SSL_3_0, TLS_1_2, @@ -836,7 +836,7 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset, } if (current.dh && current.dh != suites[i].dh) { - if (suites[i].dh != MODP_NONE && + if (suites[i].dh != KE_NONE && !(key_exchange_is_ecdh(current.dh) && key_exchange_is_ecdh(suites[i].dh))) { /* skip DH group, does not match nor NONE nor both ECDH */ @@ -926,14 +926,14 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this, } if (strcaseeq(token, "dhe-rsa") && !key_exchange_is_ecdh(suites[i].dh) && - suites[i].dh != MODP_NONE && + suites[i].dh != KE_NONE && suites[i].key == KEY_RSA) { suites[remaining++] = suites[i]; break; } if (strcaseeq(token, "rsa") && - suites[i].dh == MODP_NONE && + suites[i].dh == KE_NONE && suites[i].key == KEY_RSA) { suites[remaining++] = suites[i]; @@ -1610,7 +1610,7 @@ METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*, static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this, key_exchange_method_t orig) { - key_exchange_method_t current, first = MODP_NONE; + key_exchange_method_t current, first = KE_NONE; enumerator_t *enumerator; enumerator = create_ec_enumerator(this); @@ -1621,7 +1621,7 @@ static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this, enumerator->destroy(enumerator); return orig; } - else if (first == MODP_NONE) + else if (first == KE_NONE) { first = current; } @@ -1644,7 +1644,7 @@ METHOD(tls_crypto_t, get_dh_group, key_exchange_method_t, } return algs->dh; } - return MODP_NONE; + return KE_NONE; } METHOD(tls_crypto_t, set_protection, void, diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h index 9f4f30d5b3..42d3087543 100644 --- a/src/libtls/tls_crypto.h +++ b/src/libtls/tls_crypto.h @@ -464,7 +464,7 @@ struct tls_crypto_t { /** * Get the Diffie-Hellman group to use, if any. * - * @return Diffie-Hellman group, or MODP_NONE + * @return Diffie-Hellman group, or KE_NONE */ key_exchange_method_t (*get_dh_group)(tls_crypto_t *this); diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index c776ed9154..04f4bcb37c 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -172,7 +172,7 @@ static bool verify_requested_key_type(private_tls_peer_t *this, uint16_t key_type) { enumerator_t *enumerator; - key_exchange_method_t group, found = MODP_NONE; + key_exchange_method_t group, found = KE_NONE; tls_named_group_t curve; enumerator = this->crypto->create_ec_enumerator(this->crypto); @@ -186,7 +186,7 @@ static bool verify_requested_key_type(private_tls_peer_t *this, } enumerator->destroy(enumerator); - if (found == MODP_NONE) + if (found == KE_NONE) { DBG1(DBG_TLS, "server requested key exchange we didn't propose"); return FALSE; @@ -828,7 +828,7 @@ static status_t process_key_exchange(private_tls_peer_t *this, TLS_SERVER_KEY_EXCHANGE, reader->peek(reader)); group = this->crypto->get_dh_group(this->crypto); - if (group == MODP_NONE) + if (group == KE_NONE) { DBG1(DBG_TLS, "received Server Key Exchange, but not required " "for current suite");