/*
+ * Copyright (C) 2016-2019 Andreas Steffen
* Copyright (C) 2010-2020 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
"NTRU_256");
ENUM_NEXT(key_exchange_method_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
"NEWHOPE_128");
-ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
+ENUM_NEXT(key_exchange_method_names, KE_BIKE1_L1, KE_SIKE_L5, NH_128_BIT,
+ "BIKE1_L1",
+ "BIKE1_L3",
+ "BIKE1_L5",
+ "BIKE2_L1",
+ "BIKE2_L3",
+ "BIKE2_L5",
+ "BIKE3_L1",
+ "BIKE3_L3",
+ "BIKE3_L5",
+ "FRODO_AES_L1",
+ "FRODO_AES_L3",
+ "FRODO_AES_L5",
+ "FRODO_SHAKE_L1",
+ "FRODO_SHAKE_L3",
+ "FRODO_SHAKE_L5",
+ "KYBER_L1",
+ "KYBER_L3",
+ "KYBER_L5",
+ "NEWHOPE_L1",
+ "NEWHOPE_L5",
+ "NTRU_HPS_L1",
+ "NTRU_HPS_L3",
+ "NTRU_HPS_L5",
+ "NTRU_HRSS_L3",
+ "SABER_L1",
+ "SABER_L3",
+ "SABER_L5",
+ "SIKE_L1",
+ "SIKE_L2",
+ "SIKE_L3",
+ "SIKE_L5");
+ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, KE_SIKE_L5,
"MODP_CUSTOM");
ENUM_END(key_exchange_method_names, MODP_CUSTOM);
"ntru256");
ENUM_NEXT(key_exchange_method_names_short, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
"newhope128");
-ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
+ENUM_NEXT(key_exchange_method_names_short, KE_BIKE1_L1, KE_SIKE_L5, NH_128_BIT,
+ "bike11",
+ "bike13",
+ "bike15",
+ "bike21",
+ "bike23",
+ "bike25",
+ "bike31",
+ "bike33",
+ "bike35",
+ "frodoa1",
+ "frodoa3",
+ "frodoa5",
+ "frodos1",
+ "frodos3",
+ "frodos5",
+ "kyber1",
+ "kyber3",
+ "kyber5",
+ "newhope1",
+ "newhope5",
+ "ntrup1",
+ "ntrup3",
+ "ntrup5",
+ "ntrur3",
+ "saber1",
+ "saber3",
+ "saber5",
+ "sike1",
+ "sike2",
+ "sike3",
+ "sike5");
+ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, KE_SIKE_L5,
"modpcustom");
ENUM_END(key_exchange_method_names_short, MODP_CUSTOM);
}
}
+/*
+ * Described in header
+ */
+bool key_exchange_is_kem(key_exchange_method_t ke)
+{
+ switch (ke)
+ {
+ case KE_BIKE1_L1:
+ case KE_BIKE1_L3:
+ case KE_BIKE1_L5:
+ case KE_BIKE2_L1:
+ case KE_BIKE2_L3:
+ case KE_BIKE2_L5:
+ case KE_BIKE3_L1:
+ case KE_BIKE3_L3:
+ case KE_BIKE3_L5:
+ case KE_FRODO_AES_L1:
+ case KE_FRODO_AES_L3:
+ case KE_FRODO_AES_L5:
+ case KE_FRODO_SHAKE_L1:
+ case KE_FRODO_SHAKE_L3:
+ case KE_FRODO_SHAKE_L5:
+ case KE_KYBER_L1:
+ case KE_KYBER_L3:
+ case KE_KYBER_L5:
+ case KE_NEWHOPE_L1:
+ case KE_NEWHOPE_L5:
+ case KE_NTRU_HPS_L1:
+ case KE_NTRU_HPS_L3:
+ case KE_NTRU_HPS_L5:
+ case KE_NTRU_HRSS_L3:
+ case KE_SABER_L1:
+ case KE_SABER_L3:
+ case KE_SABER_L5:
+ case KE_SIKE_L1:
+ case KE_SIKE_L2:
+ case KE_SIKE_L3:
+ case KE_SIKE_L5:
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
+
/*
* Described in header
*/
case NTRU_192_BIT:
case NTRU_256_BIT:
case NH_128_BIT:
+ case KE_BIKE1_L1:
+ case KE_BIKE1_L3:
+ case KE_BIKE1_L5:
+ case KE_BIKE2_L1:
+ case KE_BIKE2_L3:
+ case KE_BIKE2_L5:
+ case KE_BIKE3_L1:
+ case KE_BIKE3_L3:
+ case KE_BIKE3_L5:
+ case KE_FRODO_AES_L1:
+ case KE_FRODO_AES_L3:
+ case KE_FRODO_AES_L5:
+ case KE_FRODO_SHAKE_L1:
+ case KE_FRODO_SHAKE_L3:
+ case KE_FRODO_SHAKE_L5:
+ case KE_KYBER_L1:
+ case KE_KYBER_L3:
+ case KE_KYBER_L5:
+ case KE_NEWHOPE_L1:
+ case KE_NEWHOPE_L5:
+ case KE_NTRU_HPS_L1:
+ case KE_NTRU_HPS_L3:
+ case KE_NTRU_HPS_L5:
+ case KE_NTRU_HRSS_L3:
+ case KE_SABER_L1:
+ case KE_SABER_L3:
+ case KE_SABER_L5:
+ case KE_SIKE_L1:
+ case KE_SIKE_L2:
+ case KE_SIKE_L3:
+ case KE_SIKE_L5:
/* verification currently not supported, do in plugin */
valid = FALSE;
break;
CURVE_25519 = 31,
CURVE_448 = 32,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
- MODP_NULL = 1024,
- /** MODP group with custom generator/prime */
+ MODP_NULL = 1024,
/** Parameters defined by IEEE 1363.1, in PRIVATE USE */
- NTRU_112_BIT = 1030,
- NTRU_128_BIT = 1031,
- NTRU_192_BIT = 1032,
- NTRU_256_BIT = 1033,
- NH_128_BIT = 1040,
+ NTRU_112_BIT = 1030,
+ NTRU_128_BIT = 1031,
+ NTRU_192_BIT = 1032,
+ NTRU_256_BIT = 1033,
+ NH_128_BIT = 1040,
+ /** NIST round 2 KEM candidates, in PRIVATE USE */
+ KE_BIKE1_L1 = 1050,
+ KE_BIKE1_L3 = 1051,
+ KE_BIKE1_L5 = 1052,
+ KE_BIKE2_L1 = 1053,
+ KE_BIKE2_L3 = 1054,
+ KE_BIKE2_L5 = 1055,
+ KE_BIKE3_L1 = 1056,
+ KE_BIKE3_L3 = 1057,
+ KE_BIKE3_L5 = 1058,
+ KE_FRODO_AES_L1 = 1059,
+ KE_FRODO_AES_L3 = 1060,
+ KE_FRODO_AES_L5 = 1061,
+ KE_FRODO_SHAKE_L1 = 1062,
+ KE_FRODO_SHAKE_L3 = 1063,
+ KE_FRODO_SHAKE_L5 = 1064,
+ KE_KYBER_L1 = 1065,
+ KE_KYBER_L3 = 1066,
+ KE_KYBER_L5 = 1067,
+ KE_NEWHOPE_L1 = 1068,
+ KE_NEWHOPE_L5 = 1069,
+ KE_NTRU_HPS_L1 = 1070,
+ KE_NTRU_HPS_L3 = 1071,
+ KE_NTRU_HPS_L5 = 1072,
+ KE_NTRU_HRSS_L3 = 1073,
+ KE_SABER_L1 = 1074,
+ KE_SABER_L3 = 1075,
+ KE_SABER_L5 = 1076,
+ KE_SIKE_L1 = 1077,
+ KE_SIKE_L2 = 1078,
+ KE_SIKE_L3 = 1079,
+ KE_SIKE_L5 = 1080,
+ /** MODP group with custom generator/prime */
/** internally used DH group with additional parameters g and p, outside
* of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
MODP_CUSTOM = 65536,
__attribute__((warn_unused_result));
/**
- * Sets the public key from the peer.
+ * Sets the public key received from the peer.
*
* @note This operation should be relatively quick. Costly public key
* validation operations or key derivation should be implemented in
__attribute__((warn_unused_result));
/**
- * Set an explicit own private key to use.
+ * Set a seed used for the derivation of private key material.
*
- * Calling this method is usually not required, as the DH backend generates
- * an appropriate private value itself. It is optional to implement, and
+ * Calling this method is usually not required, as the key exchange objects
+ * generate the private key material themselves. This is optional to implement, and
* used mostly for testing purposes. The private key may be the actual key
* or a seed for a DRBG.
*
*/
bool key_exchange_is_ecdh(key_exchange_method_t ke);
+/**
+ * Check if the key exchange method is a Key Encapsulation Mechanism (KEM)
+ *
+ * @return TRUE if KEM used
+ */
+bool key_exchange_is_kem(key_exchange_method_t ke);
+
/**
* Check if a public key is valid for given key exchange method.
*
ntru192, KEY_EXCHANGE_METHOD, NTRU_192_BIT, 0
ntru256, KEY_EXCHANGE_METHOD, NTRU_256_BIT, 0
newhope128, KEY_EXCHANGE_METHOD, NH_128_BIT, 0
+newhope1, KEY_EXCHANGE_METHOD, KE_NEWHOPE_L1, 0
+newhope5, KEY_EXCHANGE_METHOD, KE_NEWHOPE_L5, 0
+frodoa1, KEY_EXCHANGE_METHOD, KE_FRODO_AES_L1, 0
+frodoa3, KEY_EXCHANGE_METHOD, KE_FRODO_AES_L3, 0
+frodoa5, KEY_EXCHANGE_METHOD, KE_FRODO_AES_L5, 0
+frodos1, KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L1, 0
+frodos3, KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L3, 0
+frodos5, KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L5, 0
+kyber1, KEY_EXCHANGE_METHOD, KE_KYBER_L1, 0
+kyber3, KEY_EXCHANGE_METHOD, KE_KYBER_L3, 0
+kyber5, KEY_EXCHANGE_METHOD, KE_KYBER_L5, 0
+bike11, KEY_EXCHANGE_METHOD, KE_BIKE1_L1, 0
+bike13, KEY_EXCHANGE_METHOD, KE_BIKE1_L3, 0
+bike15, KEY_EXCHANGE_METHOD, KE_BIKE1_L5, 0
+bike21, KEY_EXCHANGE_METHOD, KE_BIKE2_L1, 0
+bike23, KEY_EXCHANGE_METHOD, KE_BIKE2_L3, 0
+bike25, KEY_EXCHANGE_METHOD, KE_BIKE2_L5, 0
+bike31, KEY_EXCHANGE_METHOD, KE_BIKE3_L1, 0
+bike33, KEY_EXCHANGE_METHOD, KE_BIKE3_L3, 0
+bike35, KEY_EXCHANGE_METHOD, KE_BIKE3_L5, 0
+sike1, KEY_EXCHANGE_METHOD, KE_SIKE_L1, 0
+sike2, KEY_EXCHANGE_METHOD, KE_SIKE_L2, 0
+sike3, KEY_EXCHANGE_METHOD, KE_SIKE_L3, 0
+sike5, KEY_EXCHANGE_METHOD, KE_SIKE_L5, 0
+ntrup1, KEY_EXCHANGE_METHOD, KE_NTRU_HPS_L1, 0
+ntrup3, KEY_EXCHANGE_METHOD, KE_NTRU_HPS_L3, 0
+ntrup5, KEY_EXCHANGE_METHOD, KE_NTRU_HPS_L5, 0
+ntrur3, KEY_EXCHANGE_METHOD, KE_NTRU_HRSS_L3, 0
+saber1, KEY_EXCHANGE_METHOD, KE_SABER_L1, 0
+saber3, KEY_EXCHANGE_METHOD, KE_SABER_L3, 0
+saber5, KEY_EXCHANGE_METHOD, KE_SABER_L5, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
projects / thirdparty / strongswan.git / commitdiff
