creating default IKE proposals dynamically using algorithm enumeration API

author: Martin Willi <martin@strongswan.org> 2008-08-28 11:07:57 +0000
committer: Martin Willi <martin@strongswan.org> 2008-08-28 11:07:57 +0000
commit: e577ad3985904c2e4ee71a50f4ea62e2b045e00c (patch)
tree: 330aa6d4fe90ffbfeb6b839e6489ff4367155042 /src
parent: f1b014b9a33990d08fb16871092c2a050da77517 (diff)
download: strongswan-e577ad3985904c2e4ee71a50f4ea62e2b045e00c.tar.bz2
strongswan-e577ad3985904c2e4ee71a50f4ea62e2b045e00c.tar.xz
5 files changed, 138 insertions, 53 deletions
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index 043bbba3c..75d75f2cb 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -938,6 +938,112 @@ proposal_t *proposal_create(protocol_id_t protocol)
 	return &this->public;
 }
 
+/**
+ * Add supported IKE algorithms to proposal
+ */
+static void proposal_add_supported_ike(private_proposal_t *this)
+{
+	enumerator_t *enumerator;
+	encryption_algorithm_t encryption;
+	integrity_algorithm_t integrity;
+	pseudo_random_function_t prf;
+	diffie_hellman_group_t group;
+	
+	enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
+	while (enumerator->enumerate(enumerator, &encryption))
+	{
+		switch (encryption)
+		{
+			case ENCR_AES_CBC:
+				/* we assume that we support all AES sizes */
+				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
+				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
+				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+				break;
+			case ENCR_3DES:
+			case ENCR_AES_CTR:
+			case ENCR_AES_CCM_ICV8:
+			case ENCR_AES_CCM_ICV12:
+			case ENCR_AES_CCM_ICV16:
+			case ENCR_AES_GCM_ICV8:
+			case ENCR_AES_GCM_ICV12:
+			case ENCR_AES_GCM_ICV16:
+				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
+				break;
+			case ENCR_DES:
+				/* no, thanks */
+				break;
+			default:
+				break;
+		}	
+	}
+	enumerator->destroy(enumerator);
+	
+	enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
+	while (enumerator->enumerate(enumerator, &integrity))
+	{
+		switch (integrity)
+		{
+			case AUTH_HMAC_SHA1_96:
+			case AUTH_HMAC_SHA2_256_128:
+			case AUTH_HMAC_SHA2_384_192:
+			case AUTH_HMAC_SHA2_512_256:
+			case AUTH_HMAC_MD5_96:
+			case AUTH_AES_XCBC_96:
+				add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
+				break;
+			default:
+				break;
+		}	
+	}
+	enumerator->destroy(enumerator);
+	
+	enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
+	while (enumerator->enumerate(enumerator, &prf))
+	{
+		switch (prf)
+		{
+			case PRF_HMAC_SHA1:
+			case PRF_HMAC_SHA2_256:
+			case PRF_HMAC_SHA2_384:
+			case PRF_HMAC_SHA2_512:
+			case PRF_HMAC_MD5:
+			case PRF_AES128_XCBC:
+				add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	
+	enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+	while (enumerator->enumerate(enumerator, &group))
+	{
+		switch (group)
+		{
+			case MODP_768_BIT:
+				/* weak */
+				break;
+			case MODP_1024_BIT:
+			case MODP_1536_BIT:
+			case MODP_2048_BIT:
+			case MODP_4096_BIT:
+			case MODP_8192_BIT:
+			case ECP_256_BIT:
+			case ECP_384_BIT:
+			case ECP_521_BIT:
+			case ECP_192_BIT:
+			case ECP_224_BIT:
+				add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
 /*
  * Describtion in header-file
  */
@@ -948,27 +1054,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 	switch (protocol)
 	{
 		case PROTO_IKE:
-			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         128);
-			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         192);
-			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         256);
-			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_3DES,              0);
-			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_AES_XCBC_96,       0);
-			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_256_128, 0);
-			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96,      0);
-			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,       0);
-			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_384_192, 0);
-			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_512_256, 0);
-			add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC,        0);
-			add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256,      0);
-			add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1,          0);
-			add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,           0);
-			add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384,      0);
-			add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512,      0);
-			add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_2048_BIT,          0);
-			add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_1536_BIT,          0);
-			add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_1024_BIT,          0);
-			add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_4096_BIT,          0);
-			add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_8192_BIT,          0);
+			proposal_add_supported_ike(this);
 			break;
 		case PROTO_ESP:
 			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         128);
@@ -990,7 +1076,6 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 		default:
 			break;
 	}
-	
 	return &this->public;
 }
 
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index 4fb98c1d2..0dd6c1d4d 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -52,10 +52,10 @@ plugin_t *plugin_create()
 	
 	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
 	
-	lib->crypto->add_crypter(lib->crypto, ENCR_DES,
-							 (crypter_constructor_t)des_crypter_create);
 	lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
 							 (crypter_constructor_t)des_crypter_create);
+	lib->crypto->add_crypter(lib->crypto, ENCR_DES,
+							 (crypter_constructor_t)des_crypter_create);
 	
 	return &this->public.plugin;
 }
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index ffae66933..c153d8608 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -58,14 +58,10 @@ plugin_t *plugin_create()
 	
 	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
 	
-	lib->crypto->add_dh(lib->crypto, MODP_768_BIT, 
-						(dh_constructor_t)gmp_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, 
 						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, 
 						(dh_constructor_t)gmp_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, 
-						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, 
 						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, 
@@ -74,6 +70,10 @@ plugin_t *plugin_create()
 						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, 
 						(dh_constructor_t)gmp_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+						(dh_constructor_t)gmp_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_768_BIT, 
+						(dh_constructor_t)gmp_diffie_hellman_create);
 	
 	lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
 						(builder_constructor_t)gmp_rsa_private_key_builder);
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index 246fbb031..bf9626bd6 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -55,25 +55,25 @@ plugin_t *plugin_create()
 	
 	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
 	
-	lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, 
+	lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, 
 						 (prf_constructor_t)hmac_prf_create);
 	lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, 
 						 (prf_constructor_t)hmac_prf_create);
-	lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, 
+	lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, 
 						 (prf_constructor_t)hmac_prf_create);
 	lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, 
 						 (prf_constructor_t)hmac_prf_create);
 	lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, 
 						 (prf_constructor_t)hmac_prf_create);
 	
-	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, 
-							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, 
 							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, 
 							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, 
 							(signer_constructor_t)hmac_signer_create);
+	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, 
+							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, 
 							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, 
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a45e46a80..d4e0f6fa9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -87,7 +87,7 @@ plugin_t *plugin_create()
 	ENGINE_register_all_complete();
 	
 	/* crypter */
-	lib->crypto->add_crypter(lib->crypto, ENCR_DES,
+	lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
 					(crypter_constructor_t)openssl_crypter_create);
 	lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
 					(crypter_constructor_t)openssl_crypter_create);
@@ -99,9 +99,9 @@ plugin_t *plugin_create()
 					(crypter_constructor_t)openssl_crypter_create);
 	lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
 					(crypter_constructor_t)openssl_crypter_create);
-	lib->crypto->add_crypter(lib->crypto, ENCR_NULL,
+	lib->crypto->add_crypter(lib->crypto, ENCR_DES,
 					(crypter_constructor_t)openssl_crypter_create);
-	lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
+	lib->crypto->add_crypter(lib->crypto, ENCR_NULL,
 					(crypter_constructor_t)openssl_crypter_create);
 	
 	/* hasher */
@@ -118,15 +118,23 @@ plugin_t *plugin_create()
 	lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
 					(hasher_constructor_t)openssl_hasher_create);
 	
+	/* ec diffie hellman */
+	lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	
 	/* diffie hellman */
-	lib->crypto->add_dh(lib->crypto, MODP_768_BIT, 
-						(dh_constructor_t)openssl_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, 
 						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, 
 						(dh_constructor_t)openssl_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, 
-						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, 
 						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, 
@@ -135,18 +143,10 @@ plugin_t *plugin_create()
 						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, 
 						(dh_constructor_t)openssl_diffie_hellman_create);
-	
-	/* ec diffie hellman */
-	lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+						(dh_constructor_t)openssl_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_768_BIT, 
+						(dh_constructor_t)openssl_diffie_hellman_create);
 	
 	/* rsa */
 	lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
author	Martin Willi <martin@strongswan.org>	2008-08-28 11:07:57 +0000
committer	Martin Willi <martin@strongswan.org>	2008-08-28 11:07:57 +0000
commit	e577ad3985904c2e4ee71a50f4ea62e2b045e00c (patch)
tree	330aa6d4fe90ffbfeb6b839e6489ff4367155042 /src
parent	f1b014b9a33990d08fb16871092c2a050da77517 (diff)
download	strongswan-e577ad3985904c2e4ee71a50f4ea62e2b045e00c.tar.bz2 strongswan-e577ad3985904c2e4ee71a50f4ea62e2b045e00c.tar.xz