moved IKEv2 proposals and transforms to libstrongswan

9 files changed, 342 insertions, 49 deletions

diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index 475010825..9efbf4870 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -8,7 +8,7 @@ config/backend_manager.c config/backend_manager.h config/backend.h \
 config/child_cfg.c config/child_cfg.h \
 config/ike_cfg.c config/ike_cfg.h \
 config/peer_cfg.c config/peer_cfg.h \
-config/proposal.c config/proposal.h config/proposal_keywords.c config/proposal_keywords.h \
+config/proposal.c config/proposal.h \
 config/auth_cfg.c config/auth_cfg.h \
 config/traffic_selector.c config/traffic_selector.h \
 config/attributes/attribute_provider.h \
@@ -109,13 +109,6 @@ AM_CFLAGS = -rdynamic \
   -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
 charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm $(DLLIB)
 
-EXTRA_DIST = config/proposal_keywords.txt
-BUILT_SOURCES = $(srcdir)/config/proposal_keywords.c
-MAINTAINERCLEANFILES = $(srcdir)/config/proposal_keywords.c
-
-$(srcdir)/config/proposal_keywords.c:	$(srcdir)/config/proposal_keywords.txt $(srcdir)/config/proposal_keywords.h
-		$(GPERF) -C -G -c -t -D < $(srcdir)/config/proposal_keywords.txt > $@
-
 # compile options
 #################
 
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index 894c7bfdc..5ae565ecf 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -17,16 +17,16 @@
 #include <string.h>
 
 #include "proposal.h"
-#include "proposal_keywords.h"
 
 #include <daemon.h>
 #include <utils/linked_list.h>
 #include <utils/identification.h>
 #include <utils/lexparser.h>
+#include <crypto/transform.h>
 #include <crypto/prfs/prf.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
-
+#include <crypto/proposal/proposal_keywords.h>
 
 ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
 	"PROTO_NONE",
@@ -35,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
 	"ESP",
 );
 
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
-	"UNDEFINED_TRANSFORM_TYPE");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
-	"ENCRYPTION_ALGORITHM",
-	"PSEUDO_RANDOM_FUNCTION",
-	"INTEGRITY_ALGORITHM",
-	"DIFFIE_HELLMAN_GROUP",
-	"EXTENDED_SEQUENCE_NUMBERS");
-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
-
 ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
 	"NO_EXT_SEQ",
 	"EXT_SEQ",
@@ -594,7 +584,7 @@ struct proposal_token {
  */
 static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
 {
-	const proposal_token_t *token = in_word_set(alg.ptr, alg.len);
+	const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len);
 
 	if (token == NULL)
 	{
diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
index 398c8c242..bc7a8c5e7 100644
--- a/src/charon/config/proposal.h
+++ b/src/charon/config/proposal.h
@@ -22,7 +22,6 @@
 #define PROPOSAL_H_
 
 typedef enum protocol_id_t protocol_id_t;
-typedef enum transform_type_t transform_type_t;
 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
 typedef struct proposal_t proposal_t;
 
@@ -30,6 +29,7 @@ typedef struct proposal_t proposal_t;
 #include <utils/identification.h>
 #include <utils/linked_list.h>
 #include <utils/host.h>
+#include <crypto/transform.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 #include <crypto/diffie_hellman.h>
@@ -50,25 +50,6 @@ enum protocol_id_t {
  */
 extern enum_name_t *protocol_id_names;
 
-
-/**
- * Type of a transform, as in IKEv2 RFC 3.3.2.
- */
-enum transform_type_t {
-	UNDEFINED_TRANSFORM_TYPE = 241,
-	ENCRYPTION_ALGORITHM = 1,
-	PSEUDO_RANDOM_FUNCTION = 2,
-	INTEGRITY_ALGORITHM = 3,
-	DIFFIE_HELLMAN_GROUP = 4,
-	EXTENDED_SEQUENCE_NUMBERS = 5
-};
-
-/**
- * enum names for transform_type_t.
- */
-extern enum_name_t *transform_type_names;
-
-
 /**
  * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
  */
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index e689dc261..089d089f5 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -22,12 +22,14 @@ asn1/pem.c asn1/pem.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/pkcs9.c crypto/pkcs9.h \
+crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
 crypto/prfs/prf.c crypto/prfs/prf.h \
 crypto/rngs/rng.c crypto/rngs/rng.h \
 crypto/prf_plus.h crypto/prf_plus.c \
 crypto/signers/signer.c crypto/signers/signer.h \
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
 crypto/crypto_factory.c crypto/crypto_factory.h \
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/transform.c crypto/transform.h \
 credentials/credential_factory.c credentials/credential_factory.h \
 credentials/builder.c credentials/builder.h \
 credentials/keys/private_key.c credentials/keys/private_key.h \
@@ -80,9 +82,17 @@ if USE_VSTR
   libstrongswan_la_LIBADD += -lvstr
 endif
 
-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
-BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
-MAINTAINERCLEANFILES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
+EXTRA_DIST = \
+asn1/oid.txt asn1/oid.pl \
+crypto/proposal/proposal_keywords.txt
+
+BUILT_SOURCES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
+
+MAINTAINERCLEANFILES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
 
 $(srcdir)/asn1/oid.c :	$(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
 		(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
@@ -90,6 +100,11 @@ $(srcdir)/asn1/oid.c :	$(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
 $(srcdir)/asn1/oid.h :	$(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
 		(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
 
+$(srcdir)/crypto/proposal/proposal_keywords.c:	$(srcdir)/crypto/proposal/proposal_keywords.txt \
+												$(srcdir)/crypto/proposal/proposal_keywords.h
+		$(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
+												$(srcdir)/crypto/proposal/proposal_keywords.txt > $@
+
 
 # build plugins with their own Makefile
 #######################################
diff --git a/src/libstrongswan/crypto/proposal.diff b/src/libstrongswan/crypto/proposal.diff
new file mode 100644
index 000000000..1f9b79ed3
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal.diff
@@ -0,0 +1,235 @@
+diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
+index 4750108..9efbf48 100644
+--- a/src/charon/Makefile.am
++++ b/src/charon/Makefile.am
+@@ -8,7 +8,7 @@ config/backend_manager.c config/backend_manager.h config/backend.h \
+ config/child_cfg.c config/child_cfg.h \
+ config/ike_cfg.c config/ike_cfg.h \
+ config/peer_cfg.c config/peer_cfg.h \
+-config/proposal.c config/proposal.h config/proposal_keywords.c config/proposal_keywords.h \
++config/proposal.c config/proposal.h \
+ config/auth_cfg.c config/auth_cfg.h \
+ config/traffic_selector.c config/traffic_selector.h \
+ config/attributes/attribute_provider.h \
+@@ -109,13 +109,6 @@ AM_CFLAGS = -rdynamic \
+   -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+ charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm $(DLLIB)
+ 
+-EXTRA_DIST = config/proposal_keywords.txt
+-BUILT_SOURCES = $(srcdir)/config/proposal_keywords.c
+-MAINTAINERCLEANFILES = $(srcdir)/config/proposal_keywords.c
+-
+-$(srcdir)/config/proposal_keywords.c:	$(srcdir)/config/proposal_keywords.txt $(srcdir)/config/proposal_keywords.h
+-		$(GPERF) -C -G -c -t -D < $(srcdir)/config/proposal_keywords.txt > $@
+-
+ # compile options
+ #################
+ 
+diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
+index 894c7bf..5ae565e 100644
+--- a/src/charon/config/proposal.c
++++ b/src/charon/config/proposal.c
+@@ -17,16 +17,16 @@
+ #include <string.h>
+ 
+ #include "proposal.h"
+-#include "proposal_keywords.h"
+ 
+ #include <daemon.h>
+ #include <utils/linked_list.h>
+ #include <utils/identification.h>
+ #include <utils/lexparser.h>
++#include <crypto/transform.h>
+ #include <crypto/prfs/prf.h>
+ #include <crypto/crypters/crypter.h>
+ #include <crypto/signers/signer.h>
+-
++#include <crypto/proposal/proposal_keywords.h>
+ 
+ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
+ 	"PROTO_NONE",
+@@ -35,16 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
+ 	"ESP",
+ );
+ 
+-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
+-	"UNDEFINED_TRANSFORM_TYPE");
+-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
+-	"ENCRYPTION_ALGORITHM",
+-	"PSEUDO_RANDOM_FUNCTION",
+-	"INTEGRITY_ALGORITHM",
+-	"DIFFIE_HELLMAN_GROUP",
+-	"EXTENDED_SEQUENCE_NUMBERS");
+-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+-
+ ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
+ 	"NO_EXT_SEQ",
+ 	"EXT_SEQ",
+@@ -594,7 +584,7 @@ struct proposal_token {
+  */
+ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
+ {
+-	const proposal_token_t *token = in_word_set(alg.ptr, alg.len);
++	const proposal_token_t *token = proposal_get_token(alg.ptr, alg.len);
+ 
+ 	if (token == NULL)
+ 	{
+diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
+index 398c8c2..bc7a8c5 100644
+--- a/src/charon/config/proposal.h
++++ b/src/charon/config/proposal.h
+@@ -22,7 +22,6 @@
+ #define PROPOSAL_H_
+ 
+ typedef enum protocol_id_t protocol_id_t;
+-typedef enum transform_type_t transform_type_t;
+ typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
+ typedef struct proposal_t proposal_t;
+ 
+@@ -30,6 +29,7 @@ typedef struct proposal_t proposal_t;
+ #include <utils/identification.h>
+ #include <utils/linked_list.h>
+ #include <utils/host.h>
++#include <crypto/transform.h>
+ #include <crypto/crypters/crypter.h>
+ #include <crypto/signers/signer.h>
+ #include <crypto/diffie_hellman.h>
+@@ -50,25 +50,6 @@ enum protocol_id_t {
+  */
+ extern enum_name_t *protocol_id_names;
+ 
+-
+-/**
+- * Type of a transform, as in IKEv2 RFC 3.3.2.
+- */
+-enum transform_type_t {
+-	UNDEFINED_TRANSFORM_TYPE = 241,
+-	ENCRYPTION_ALGORITHM = 1,
+-	PSEUDO_RANDOM_FUNCTION = 2,
+-	INTEGRITY_ALGORITHM = 3,
+-	DIFFIE_HELLMAN_GROUP = 4,
+-	EXTENDED_SEQUENCE_NUMBERS = 5
+-};
+-
+-/**
+- * enum names for transform_type_t.
+- */
+-extern enum_name_t *transform_type_names;
+-
+-
+ /**
+  * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
+  */
+diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
+index e689dc2..089d089 100644
+--- a/src/libstrongswan/Makefile.am
++++ b/src/libstrongswan/Makefile.am
+@@ -22,12 +22,14 @@ asn1/pem.c asn1/pem.h \
+ crypto/crypters/crypter.c crypto/crypters/crypter.h \
+ crypto/hashers/hasher.h crypto/hashers/hasher.c \
+ crypto/pkcs9.c crypto/pkcs9.h \
++crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
+ crypto/prfs/prf.c crypto/prfs/prf.h \
+ crypto/rngs/rng.c crypto/rngs/rng.h \
+ crypto/prf_plus.h crypto/prf_plus.c \
+ crypto/signers/signer.c crypto/signers/signer.h \
+-crypto/diffie_hellman.c crypto/diffie_hellman.h \
+ crypto/crypto_factory.c crypto/crypto_factory.h \
++crypto/diffie_hellman.c crypto/diffie_hellman.h \
++crypto/transform.c crypto/transform.h \
+ credentials/credential_factory.c credentials/credential_factory.h \
+ credentials/builder.c credentials/builder.h \
+ credentials/keys/private_key.c credentials/keys/private_key.h \
+@@ -80,9 +82,17 @@ if USE_VSTR
+   libstrongswan_la_LIBADD += -lvstr
+ endif
+ 
+-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
+-BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
+-MAINTAINERCLEANFILES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h
++EXTRA_DIST = \
++asn1/oid.txt asn1/oid.pl \
++crypto/proposal/proposal_keywords.txt
++
++BUILT_SOURCES = \
++$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
++$(srcdir)/crypto/proposal/proposal_keywords.c
++
++MAINTAINERCLEANFILES = \
++$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
++$(srcdir)/crypto/proposal/proposal_keywords.c
+ 
+ $(srcdir)/asn1/oid.c :	$(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ 		(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+@@ -90,6 +100,11 @@ $(srcdir)/asn1/oid.c :	$(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ $(srcdir)/asn1/oid.h :	$(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ 		(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+ 
++$(srcdir)/crypto/proposal/proposal_keywords.c:	$(srcdir)/crypto/proposal/proposal_keywords.txt \
++												$(srcdir)/crypto/proposal/proposal_keywords.h
++		$(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
++												$(srcdir)/crypto/proposal/proposal_keywords.txt > $@
++
+ 
+ # build plugins with their own Makefile
+ #######################################
+diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
+index c2a5709..ca15bb5 100644
+--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
++++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
+@@ -18,7 +18,8 @@
+ 
+ typedef struct proposal_token proposal_token_t;
+ 
+-extern const proposal_token_t* in_word_set(register const char *str, register unsigned int len);
++extern const proposal_token_t* proposal_get_token(register const char *str,
++												  register unsigned int len);
+ 
+ #endif /* _PROPOSAL_KEYWORDS_H_ */
+ 
+diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+index 16e0383..0502424 100644
+--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
++++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+@@ -16,10 +16,10 @@
+ 
+ #include <string.h>
+ 
+-#include "proposal.h"
+-
++#include <crypto/transform.h>
+ #include <crypto/crypters/crypter.h>
+ #include <crypto/signers/signer.h>
++#include <crypto/diffie_hellman.h>
+ 
+ %}
+ struct proposal_token {
+@@ -30,6 +30,7 @@ struct proposal_token {
+ };
+ %%
+ null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
++3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
+ aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
+ aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
+ aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
+@@ -72,7 +73,6 @@ aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
+ aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
+ aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
+ aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
+-3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
+ blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
+ blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192
+ blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256
+@@ -80,6 +80,12 @@ camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
+ camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192
+ camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256
+ cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,              128
++serpent128,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128
++serpent192,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       192
++serpent256,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       256
++twofish128,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128
++twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       192
++twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       256
+ sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
+ sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
+ sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
diff --git a/src/charon/config/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index c2a5709be..ca15bb508 100644
--- a/src/charon/config/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -18,7 +18,8 @@
 
 typedef struct proposal_token proposal_token_t;
 
-extern const proposal_token_t* in_word_set(register const char *str, register unsigned int len);
+extern const proposal_token_t* proposal_get_token(register const char *str,
+												  register unsigned int len);
 
 #endif /* _PROPOSAL_KEYWORDS_H_ */
 
diff --git a/src/charon/config/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 16e03830c..0502424ae 100644
--- a/src/charon/config/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -16,10 +16,10 @@
 
 #include <string.h>
 
-#include "proposal.h"
-
+#include <crypto/transform.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
+#include <crypto/diffie_hellman.h>
 
 %}
 struct proposal_token {
@@ -30,6 +30,7 @@ struct proposal_token {
 };
 %%
 null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
+3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
 aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
 aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
 aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
@@ -72,7 +73,6 @@ aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
 aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
 aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
 aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
-3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
 blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
 blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192
 blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256
@@ -80,6 +80,12 @@ camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
 camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192
 camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256
 cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,              128
+serpent128,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128
+serpent192,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       192
+serpent256,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       256
+twofish128,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128
+twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       192
+twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       256
 sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
 sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
 sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
new file mode 100644
index 000000000..b6e481d13
--- /dev/null
+++ b/src/libstrongswan/crypto/transform.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/transform.h>
+
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
+	"UNDEFINED_TRANSFORM_TYPE");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
+	"ENCRYPTION_ALGORITHM",
+	"PSEUDO_RANDOM_FUNCTION",
+	"INTEGRITY_ALGORITHM",
+	"DIFFIE_HELLMAN_GROUP",
+	"EXTENDED_SEQUENCE_NUMBERS");
+ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
new file mode 100644
index 000000000..df332f0f7
--- /dev/null
+++ b/src/libstrongswan/crypto/transform.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup transforms transforms
+ * @{ @ingroup crypto
+ */
+
+#ifndef TRANSFORM_H_
+#define TRANSFORM_H_
+
+typedef enum transform_type_t transform_type_t;
+
+#include <library.h>
+
+/**
+ * Type of a transform, as in IKEv2 RFC 3.3.2.
+ */
+enum transform_type_t {
+	UNDEFINED_TRANSFORM_TYPE = 241,
+	ENCRYPTION_ALGORITHM = 1,
+	PSEUDO_RANDOM_FUNCTION = 2,
+	INTEGRITY_ALGORITHM = 3,
+	DIFFIE_HELLMAN_GROUP = 4,
+	EXTENDED_SEQUENCE_NUMBERS = 5
+};
+
+/**
+ * enum names for transform_type_t.
+ */
+extern enum_name_t *transform_type_names;
+
+#endif /** TRANSFORM_H_ @}*/