236 lines
9.0 KiB
Diff
236 lines
9.0 KiB
Diff
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
|
|
index 4750108..9efbf48 100644
|
|
--- a/src/charon/Makefile.am
|
|
+++ b/src/charon/Makefile.am
|
|
@@ -8,7 +8,7 @@ config/backend_manager.c config/backend_manager.h config/backend.h \
|
|
config/child_cfg.c config/child_cfg.h \
|
|
config/ike_cfg.c config/ike_cfg.h \
|
|
config/peer_cfg.c config/peer_cfg.h \
|
|
-config/proposal.c config/proposal.h config/proposal_keywords.c config/proposal_keywords.h \
|
|
+config/proposal.c config/proposal.h \
|
|
config/auth_cfg.c config/auth_cfg.h \
|
|
config/traffic_selector.c config/traffic_selector.h \
|
|
config/attributes/attribute_provider.h \
|
|
@@ -109,13 +109,6 @@ AM_CFLAGS = -rdynamic \
|
|
-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
|
|
charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm $(DLLIB)
|
|
|
|
-EXTRA_DIST = config/proposal_keywords.txt
|
|
-BUILT_SOURCES = $(srcdir)/config/proposal_keywords.c
|
|
-MAINTAINERCLEANFILES = $(srcdir)/config/proposal_keywords.c
|
|
-
|
|
-$(srcdir)/config/proposal_keywords.c: $(srcdir)/config/proposal_keywords.txt $(srcdir)/config/proposal_keywords.h
|
|
- $(GPERF) -C -G -c -t -D < $(srcdir)/config/proposal_keywords.txt > $@
|
|
-
|
|
# compile options
|
|
#################
|
|
|
|
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
|
|
index 894c7bf..5ae565e 100644
|
|
--- a/src/charon/config/proposal.c
|
|
+++ b/src/charon/config/proposal.c
|
|
@@ -17,16 +17,16 @@
|
|
#include <string.h>
|
|
|
|
#include "proposal.h"
|
|
-#include "proposal_keywords.h"
|
|
|
|
#include <daemon.h>
|
|
#include <utils/linked_list.h>
|
|
#include <utils/identification.h>
|
|
#include <utils/lexparser.h>
|
|
+#include <crypto/transform.h>
|
|
#include <crypto/prfs/prf.h>
|
|
#include <crypto/crypters/crypter.h>
|
|
#include <crypto/signers/signer.h>
|
|
-
|
|
+#include <crypto/proposal/proposal_keywords.h>
|
|
|
|
ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
|
|
"PROTO_NONE",
|
|
@@ -35,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
|
|
"ESP",
|
|
);
|
|
|
|
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE,
|
|
- "UNDEFINED_TRANSFORM_TYPE");
|
|
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
|
|
- "ENCRYPTION_ALGORITHM",
|
|
- "PSEUDO_RANDOM_FUNCTION",
|
|
- "INTEGRITY_ALGORITHM",
|
|
- "DIFFIE_HELLMAN_GROUP",
|
|
- "EXTENDED_SEQUENCE_NUMBERS");
|
|
-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
|
|
-
|
|
ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
|
|
"NO_EXT_SEQ",
|
|
"EXT_SEQ",
|
|
@@ -594,7 +584,7 @@ struct proposal_token {
|
|
*/
|
|
static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
|
|
{
|
|
- const proposal_token_t *token = in_word_set(alg.ptr, alg.len);
|
|
+ const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len);
|
|
|
|
if (token == NULL)
|
|
{
|
|
diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
|
|
index 398c8c2..bc7a8c5 100644
|
|
--- a/src/charon/config/proposal.h
|
|
+++ b/src/charon/config/proposal.h
|
|
@@ -22,7 +22,6 @@
|
|
#define PROPOSAL_H_
|
|
|
|
typedef enum protocol_id_t protocol_id_t;
|
|
-typedef enum transform_type_t transform_type_t;
|
|
typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
|
|
typedef struct proposal_t proposal_t;
|
|
|
|
@@ -30,6 +29,7 @@ typedef struct proposal_t proposal_t;
|
|
#include <utils/identification.h>
|
|
#include <utils/linked_list.h>
|
|
#include <utils/host.h>
|
|
+#include <crypto/transform.h>
|
|
#include <crypto/crypters/crypter.h>
|
|
#include <crypto/signers/signer.h>
|
|
#include <crypto/diffie_hellman.h>
|
|
@@ -50,25 +50,6 @@ enum protocol_id_t {
|
|
*/
|
|
extern enum_name_t *protocol_id_names;
|
|
|
|
-
|
|
-/**
|
|
- * Type of a transform, as in IKEv2 RFC 3.3.2.
|
|
- */
|
|
-enum transform_type_t {
|
|
- UNDEFINED_TRANSFORM_TYPE = 241,
|
|
- ENCRYPTION_ALGORITHM = 1,
|
|
- PSEUDO_RANDOM_FUNCTION = 2,
|
|
- INTEGRITY_ALGORITHM = 3,
|
|
- DIFFIE_HELLMAN_GROUP = 4,
|
|
- EXTENDED_SEQUENCE_NUMBERS = 5
|
|
-};
|
|
-
|
|
-/**
|
|
- * enum names for transform_type_t.
|
|
- */
|
|
-extern enum_name_t *transform_type_names;
|
|
-
|
|
-
|
|
/**
|
|
* Extended sequence numbers, as in IKEv2 RFC 3.3.2.
|
|
*/
|
|
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
|
|
index e689dc2..089d089 100644
|
|
--- a/src/libstrongswan/Makefile.am
|
|
+++ b/src/libstrongswan/Makefile.am
|
|
@@ -22,12 +22,14 @@ asn1/pem.c asn1/pem.h \
|
|
crypto/crypters/crypter.c crypto/crypters/crypter.h \
|
|
crypto/hashers/hasher.h crypto/hashers/hasher.c \
|
|
crypto/pkcs9.c crypto/pkcs9.h \
|
|
+crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
|
|
crypto/prfs/prf.c crypto/prfs/prf.h \
|
|
crypto/rngs/rng.c crypto/rngs/rng.h \
|
|
crypto/prf_plus.h crypto/prf_plus.c \
|
|
crypto/signers/signer.c crypto/signers/signer.h \
|
|
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
|
|
crypto/crypto_factory.c crypto/crypto_factory.h \
|
|
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
|
|
+crypto/transform.c crypto/transform.h \
|
|
credentials/credential_factory.c credentials/credential_factory.h \
|
|
credentials/builder.c credentials/builder.h \
|
|
credentials/keys/private_key.c credentials/keys/private_key.h \
|
|
@@ -80,9 +82,17 @@ if USE_VSTR
|
|
libstrongswan_la_LIBADD += -lvstr
|
|
endif
|
|
|
|
-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
|
|
-BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
|
|
-MAINTAINERCLEANFILES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
|
|
+EXTRA_DIST = \
|
|
+asn1/oid.txt asn1/oid.pl \
|
|
+crypto/proposal/proposal_keywords.txt
|
|
+
|
|
+BUILT_SOURCES = \
|
|
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
|
|
+$(srcdir)/crypto/proposal/proposal_keywords.c
|
|
+
|
|
+MAINTAINERCLEANFILES = \
|
|
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
|
|
+$(srcdir)/crypto/proposal/proposal_keywords.c
|
|
|
|
$(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
|
|
(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
|
|
@@ -90,6 +100,11 @@ $(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
|
|
$(srcdir)/asn1/oid.h : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
|
|
(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
|
|
|
|
+$(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposal_keywords.txt \
|
|
+ $(srcdir)/crypto/proposal/proposal_keywords.h
|
|
+ $(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
|
|
+ $(srcdir)/crypto/proposal/proposal_keywords.txt > $@
|
|
+
|
|
|
|
# build plugins with their own Makefile
|
|
#######################################
|
|
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
|
|
index c2a5709..ca15bb5 100644
|
|
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
|
|
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
|
|
@@ -18,7 +18,8 @@
|
|
|
|
typedef struct proposal_token proposal_token_t;
|
|
|
|
-extern const proposal_token_t* in_word_set(register const char *str, register unsigned int len);
|
|
+extern const proposal_token_t* proposal_get_token(register const char *str,
|
|
+ register unsigned int len);
|
|
|
|
#endif /* _PROPOSAL_KEYWORDS_H_ */
|
|
|
|
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
|
|
index 16e0383..0502424 100644
|
|
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
|
|
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
|
|
@@ -16,10 +16,10 @@
|
|
|
|
#include <string.h>
|
|
|
|
-#include "proposal.h"
|
|
-
|
|
+#include <crypto/transform.h>
|
|
#include <crypto/crypters/crypter.h>
|
|
#include <crypto/signers/signer.h>
|
|
+#include <crypto/diffie_hellman.h>
|
|
|
|
%}
|
|
struct proposal_token {
|
|
@@ -30,6 +30,7 @@ struct proposal_token {
|
|
};
|
|
%%
|
|
null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
|
|
+3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0
|
|
aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
|
|
aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192
|
|
aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256
|
|
@@ -72,7 +73,6 @@ aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
|
|
aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
|
|
aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
|
|
aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
|
|
-3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0
|
|
blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
|
|
blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
|
|
blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256
|
|
@@ -80,6 +80,12 @@ camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
|
|
camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192
|
|
camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256
|
|
cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128
|
|
+serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
|
|
+serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192
|
|
+serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256
|
|
+twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
|
|
+twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192
|
|
+twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256
|
|
sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
|
|
sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
|
|
sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
|