diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/config/proposal.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/diffie_hellman.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/diffie_hellman.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_plugin.c | 4 |
5 files changed, 25 insertions, 2 deletions
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index 45d0108c2..e0da8ce41 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -766,6 +766,14 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) { add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); } + else if (strncmp(alg.ptr, "ecp192", alg.len) == 0) + { + add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0); + } + else if (strncmp(alg.ptr, "ecp224", alg.len) == 0) + { + add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0); + } else if (strncmp(alg.ptr, "ecp256", alg.len) == 0) { add_algorithm(this, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0); diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index a91507454..feb0029ed 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -33,5 +33,8 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT, "ECP_256_BIT", "ECP_384_BIT", "ECP_521_BIT"); -ENUM_END(diffie_hellman_group_names, ECP_521_BIT); +ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT, + "ECP_192_BIT", + "ECP_224_BIT"); +ENUM_END(diffie_hellman_group_names, ECP_224_BIT); diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 53d89c377..b94c679dc 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -35,7 +35,7 @@ typedef struct diffie_hellman_t diffie_hellman_t; * The modulus (or group) to use for a Diffie-Hellman calculation. * See IKEv2 RFC 3.3.2 and RFC 3526. * - * ECP groups are defined in RFC 4753. + * ECP groups are defined in RFC 4753 and RFC 5114. */ enum diffie_hellman_group_t { MODP_NONE = 0, @@ -50,6 +50,8 @@ enum diffie_hellman_group_t { ECP_256_BIT = 19, ECP_384_BIT = 20, ECP_521_BIT = 21, + ECP_192_BIT = 25, + ECP_224_BIT = 26, }; diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 0aeaf6b31..46371d2cc 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -314,6 +314,12 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro switch (group) { + case ECP_192_BIT: + this->key = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1); + break; + case ECP_224_BIT: + this->key = EC_KEY_new_by_curve_name(NID_secp224r1); + break; case ECP_256_BIT: this->key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); break; diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 7e57c7ab3..697a2c986 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -125,6 +125,10 @@ plugin_t *plugin_create() (dh_constructor_t)openssl_diffie_hellman_create); /* ec diffie hellman */ + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_256_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_384_BIT, |