From ef597b2e2c90a28c05ca7ab2cfcdca71c5044214 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Thu, 1 Jul 2021 19:42:55 +0200 Subject: [PATCH] Rename MODP_NONE to KE_NONE --- src/libcharon/config/child_cfg.c | 2 +- src/libcharon/config/ike_cfg.c | 2 +- src/libcharon/encoding/payloads/ke_payload.c | 2 +- .../sa/ikev1/tasks/aggressive_mode.c | 2 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 10 ++-- src/libcharon/sa/ikev2/tasks/child_create.c | 18 +++---- src/libcharon/sa/ikev2/tasks/ike_init.c | 2 +- src/libimcv/pts/pts_dh_group.c | 2 +- src/libstrongswan/crypto/key_exchange.c | 10 ++-- src/libstrongswan/crypto/key_exchange.h | 2 +- src/libstrongswan/crypto/proposal/proposal.c | 4 +- .../proposal/proposal_keywords_static.txt | 3 +- .../tests/suites/test_crypto_factory.c | 22 ++++----- .../tests/suites/test_proposal.c | 18 +++---- src/libtls/tls_crypto.c | 48 +++++++++---------- src/libtls/tls_crypto.h | 2 +- src/libtls/tls_peer.c | 6 +-- 17 files changed, 78 insertions(+), 77 deletions(-) diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index dc6e668bd1..ae719551ca 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -478,7 +478,7 @@ METHOD(child_cfg_t, get_ke_method, key_exchange_method_t, { enumerator_t *enumerator; proposal_t *proposal; - uint16_t method = MODP_NONE; + uint16_t method = KE_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 589b41905c..ba03e17a1f 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -352,7 +352,7 @@ METHOD(ike_cfg_t, get_ke_method, key_exchange_method_t, { enumerator_t *enumerator; proposal_t *proposal; - uint16_t method = MODP_NONE; + uint16_t method = KE_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 278f10d93c..ce6106220c 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -234,7 +234,7 @@ ke_payload_t *ke_payload_create(payload_type_t type) .destroy = _destroy, }, .next_payload = PL_NONE, - .ke_method = MODP_NONE, + .ke_method = KE_NONE, .type = type, ); this->payload_length = get_header_length(this); diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 2092579469..e4d31b9de6 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -254,7 +254,7 @@ METHOD(task_t, build_i, status_t, message->add_payload(message, &sa_payload->payload_interface); group = this->ike_cfg->get_ke_method(this->ike_cfg); - if (group == MODP_NONE) + if (group == KE_NONE) { DBG1(DBG_IKE, "DH group selection failed"); return FAILED; diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index fa168c62fd..f1eeaa2499 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -781,7 +781,7 @@ static status_t send_notify(private_quick_mode_t *this, notify_type_t type) /** * Prepare a list of proposals from child_config containing only the specified - * DH group, unless it is set to MODP_NONE. + * DH group, unless it is set to KE_NONE. */ static linked_list_t *get_proposals(private_quick_mode_t *this, key_exchange_method_t group) @@ -794,7 +794,7 @@ static linked_list_t *get_proposals(private_quick_mode_t *this, enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &proposal)) { - if (group != MODP_NONE) + if (group != KE_NONE) { if (!proposal->has_ke_method(proposal, group)) { @@ -866,7 +866,7 @@ METHOD(task_t, build_i, status_t, } group = this->config->get_ke_method(this->config); - if (group != MODP_NONE) + if (group != KE_NONE) { proposal_t *proposal; uint16_t preferred_group; @@ -899,7 +899,7 @@ METHOD(task_t, build_i, status_t, } else { - list = get_proposals(this, MODP_NONE); + list = get_proposals(this, KE_NONE); } get_lifetimes(this); @@ -914,7 +914,7 @@ METHOD(task_t, build_i, status_t, { return FAILED; } - if (group != MODP_NONE) + if (group != KE_NONE) { if (!add_ke(this, message)) { diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 2f3229292c..c43159257b 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -313,7 +313,7 @@ static bool update_and_check_proposals(private_child_create_t *this) proposal->set_spi(proposal, this->my_spi); /* move the selected DH group to the front, if any */ - if (this->dh_group != MODP_NONE) + if (this->dh_group != KE_NONE) { /* proposals that don't contain the selected group are * moved to the back */ if (!proposal->promote_ke_method(proposal, this->dh_group)) @@ -336,7 +336,7 @@ static bool update_and_check_proposals(private_child_create_t *this) enumerator->destroy(enumerator); other_dh_groups->destroy(other_dh_groups); - return this->dh_group == MODP_NONE || found; + return this->dh_group == KE_NONE || found; } /** @@ -615,7 +615,7 @@ static status_t select_and_install(private_child_create_t *this, DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal"); DESTROY_IF(this->dh); this->dh = NULL; - this->dh_group = MODP_NONE; + this->dh_group = KE_NONE; } if (this->initiator) @@ -1099,7 +1099,7 @@ METHOD(task_t, build_i, status_t, chunk_empty); return SUCCESS; } - if (!this->retry && this->dh_group == MODP_NONE) + if (!this->retry && this->dh_group == KE_NONE) { /* during a rekeying the group might already be set */ this->dh_group = this->config->get_ke_method(this->config); } @@ -1172,7 +1172,7 @@ METHOD(task_t, build_i, status_t, this->packet_tsr->clone(this->packet_tsr)); } this->proposals = this->config->get_proposals(this->config, - this->dh_group == MODP_NONE); + this->dh_group == KE_NONE); this->mode = this->config->get_mode(this->config); this->child.if_id_in_def = this->ike_sa->get_if_id(this->ike_sa, TRUE); @@ -1209,7 +1209,7 @@ METHOD(task_t, build_i, status_t, return FAILED; } - if (this->dh_group != MODP_NONE) + if (this->dh_group != KE_NONE) { this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat, this->dh_group); @@ -1685,7 +1685,7 @@ METHOD(task_t, process_i, status_t, case INVALID_KE_PAYLOAD: { chunk_t data; - uint16_t group = MODP_NONE; + uint16_t group = KE_NONE; data = notify->get_notification_data(notify); if (data.len == sizeof(group)) @@ -1861,7 +1861,7 @@ METHOD(task_t, migrate, void, } if (!this->rekey && !this->retry) { - this->dh_group = MODP_NONE; + this->dh_group = KE_NONE; } this->ike_sa = ike_sa; this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); @@ -1938,7 +1938,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, .config = config, .packet_tsi = tsi ? tsi->clone(tsi) : NULL, .packet_tsr = tsr ? tsr->clone(tsr) : NULL, - .dh_group = MODP_NONE, + .dh_group = KE_NONE, .keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa), .mode = MODE_TUNNEL, .tfcv3 = TRUE, diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 1c33a805cc..82b6d28ad6 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -1145,7 +1145,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) }, .ike_sa = ike_sa, .initiator = initiator, - .dh_group = MODP_NONE, + .dh_group = KE_NONE, .keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa), .old_sa = old_sa, .signature_authentication = lib->settings->get_bool(lib->settings, diff --git a/src/libimcv/pts/pts_dh_group.c b/src/libimcv/pts/pts_dh_group.c index 02f772222b..f9a32e2b8c 100644 --- a/src/libimcv/pts/pts_dh_group.c +++ b/src/libimcv/pts/pts_dh_group.c @@ -179,6 +179,6 @@ key_exchange_method_t pts_dh_group_to_ike(pts_dh_group_t dh_group) case PTS_DH_GROUP_IKE20: return ECP_384_BIT; default: - return MODP_NONE; + return KE_NONE; } } diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c index fe0b190475..584aabe776 100644 --- a/src/libstrongswan/crypto/key_exchange.c +++ b/src/libstrongswan/crypto/key_exchange.c @@ -17,8 +17,8 @@ #include "key_exchange.h" -ENUM_BEGIN(key_exchange_method_names, MODP_NONE, MODP_1024_BIT, - "MODP_NONE", +ENUM_BEGIN(key_exchange_method_names, KE_NONE, MODP_1024_BIT, + "KE_NONE", "MODP_768", "MODP_1024"); ENUM_NEXT(key_exchange_method_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT, @@ -57,8 +57,8 @@ ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT, "MODP_CUSTOM"); ENUM_END(key_exchange_method_names, MODP_CUSTOM); -ENUM_BEGIN(key_exchange_method_names_short, MODP_NONE, MODP_1024_BIT, - "modpnone", +ENUM_BEGIN(key_exchange_method_names_short, KE_NONE, MODP_1024_BIT, + "none", "modp768", "modp1024"); ENUM_NEXT(key_exchange_method_names_short, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT, @@ -606,7 +606,7 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value) case MODP_CUSTOM: valid = TRUE; break; - case MODP_NONE: + case KE_NONE: /* fail */ break; /* compile-warn unhandled methods, fail verification */ diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h index 9cb43f010b..eabd4123ab 100644 --- a/src/libstrongswan/crypto/key_exchange.h +++ b/src/libstrongswan/crypto/key_exchange.h @@ -40,7 +40,7 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t; * Curve25519 and Curve448 groups are defined in RFC 8031. */ enum key_exchange_method_t { - MODP_NONE = 0, + KE_NONE = 0, MODP_768_BIT = 1, MODP_1024_BIT = 2, MODP_1536_BIT = 5, diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index 84f609c8e7..8d64542444 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -270,7 +270,7 @@ METHOD(proposal_t, has_ke_method, bool, } enumerator->destroy(enumerator); - if (!any && ke == MODP_NONE) + if (!any && ke == KE_NONE) { found = TRUE; } @@ -691,7 +691,7 @@ static bool check_proposal(private_proposal_t *this) DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals"); return FALSE; } - /* remove MODP_NONE from IKE proposal */ + /* remove KE_NONE from IKE proposal */ e = array_create_enumerator(this->transforms); while (e->enumerate(e, &entry)) { diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 84ea235833..64686bea2f 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -148,7 +148,8 @@ prfmd5, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0 prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0 prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0 prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0 -modpnone, KEY_EXCHANGE_METHOD, MODP_NONE, 0 +none, KEY_EXCHANGE_METHOD, KE_NONE, 0 +modpnone, KEY_EXCHANGE_METHOD, KE_NONE, 0 modpnull, KEY_EXCHANGE_METHOD, MODP_NULL, 0 modp768, KEY_EXCHANGE_METHOD, MODP_768_BIT, 0 modp1024, KEY_EXCHANGE_METHOD, MODP_1024_BIT, 0 diff --git a/src/libstrongswan/tests/suites/test_crypto_factory.c b/src/libstrongswan/tests/suites/test_crypto_factory.c index 7180ee37bb..01ff2d1dd3 100644 --- a/src/libstrongswan/tests/suites/test_crypto_factory.c +++ b/src/libstrongswan/tests/suites/test_crypto_factory.c @@ -181,43 +181,43 @@ static struct { } data[4]; } ke_data[] = { { NULL, NULL, { - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin1", NULL, { { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin1", NULL, { { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, { MODP_1024_BIT, ke_create_modp1024_second, "plugin2" }, - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin2", NULL, { { MODP_1024_BIT, ke_create_modp1024_second, "plugin2" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL, NULL } + { KE_NONE, NULL, NULL } }}, { "plugin1", "plugin1", { { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, { "plugin1", "plugin1", { { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, { "plugin1", "plugin1", { { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, { MODP_2048_BIT, ke_create_modp2048_second, "plugin2" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, { "plugin1", "plugin2", { { MODP_2048_BIT, ke_create_modp2048_second, "plugin2" }, { MODP_2048_BIT, ke_create_modp2048, "plugin1" }, { MODP_1024_BIT, ke_create_modp1024, "plugin1" }, - { MODP_NONE, NULL } + { KE_NONE, NULL } }}, }; @@ -248,7 +248,7 @@ START_TEST(test_create_ke) factory = crypto_factory_create(); - for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++) + for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++) { ck_assert(factory->add_ke(factory, ke_data[_i].data[i].ke, ke_data[_i].data[i].plugin, @@ -282,10 +282,10 @@ START_TEST(test_create_ke) } } ck_assert(!enumerator->enumerate(enumerator)); - ck_assert_int_eq(ke_data[_i].data[i].ke, MODP_NONE); + ck_assert_int_eq(ke_data[_i].data[i].ke, KE_NONE); enumerator->destroy(enumerator); - for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++) + for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++) { factory->remove_ke(factory, ke_data[_i].data[i].create); } diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c index 20cbfdaa22..f21f8d12de 100644 --- a/src/libstrongswan/tests/suites/test_proposal.c +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -54,7 +54,7 @@ static struct { { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, { PROTO_IKE, "aes128", NULL }, { PROTO_IKE, "aes128-sha256", NULL }, - { PROTO_IKE, "aes128-sha256-modpnone", NULL }, + { PROTO_IKE, "aes128-sha256-none", NULL }, { PROTO_IKE, "aes128-prfsha256", NULL }, { PROTO_IKE, "aes128-prfsha256-modp2048", NULL }, { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, @@ -128,20 +128,20 @@ static struct { { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE }, { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE }, { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-ecp256", "aes128-sha256", PROPOSAL_SKIP_KE }, - { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, - { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, - { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, - { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, - { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, - { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-none", NULL }, + { PROTO_ESP, "aes128-sha256-none", "aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-none", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256-none-modp3072", "aes128-sha256-modp3072" }, + { PROTO_ESP, "aes128-sha256-none-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, { PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL }, { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" }, { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, - { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, - { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072-none", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, }; START_TEST(test_select) diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 0f8d93606b..67d2ecb683 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -509,33 +509,33 @@ typedef struct { */ static suite_algs_t suite_algs[] = { /* Cipher suites of TLS 1.3: key exchange and authentication - * delegated to extensions, therefore KEY_ANY, MODP_NONE, PRF_UNDEFINED */ + * delegated to extensions, therefore KEY_ANY, KE_NONE, PRF_UNDEFINED */ { TLS_AES_256_GCM_SHA384, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA384, PRF_UNDEFINED, AUTH_HMAC_SHA2_384_384, ENCR_AES_GCM_ICV16, 32, TLS_1_3, TLS_1_3, }, { TLS_AES_128_GCM_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_AES_GCM_ICV16, 16, TLS_1_3, TLS_1_3, }, { TLS_CHACHA20_POLY1305_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_CHACHA20_POLY1305, 32, TLS_1_3, TLS_1_3, }, { TLS_AES_128_CCM_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV16, 16, TLS_1_3, TLS_1_3, }, { TLS_AES_128_CCM_8_SHA256, - KEY_ANY, MODP_NONE, + KEY_ANY, KE_NONE, HASH_SHA256, PRF_UNDEFINED, AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV8, 16, TLS_1_3, TLS_1_3, @@ -674,61 +674,61 @@ static suite_algs_t suite_algs[] = { SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_AES_256_GCM_SHA384, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA384, PRF_HMAC_SHA2_384, AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_256_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_256_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32, SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_AES_128_GCM_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_128_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_AES_128_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16, SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32, SSL_3_0, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16, SSL_3_0, TLS_1_2, @@ -746,13 +746,13 @@ static suite_algs_t suite_algs[] = { TLS_1_0, TLS_1_2, }, { TLS_RSA_WITH_NULL_SHA256, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0, TLS_1_2, TLS_1_2, }, { TLS_RSA_WITH_NULL_SHA, - KEY_RSA, MODP_NONE, + KEY_RSA, KE_NONE, HASH_SHA256, PRF_HMAC_SHA2_256, AUTH_HMAC_SHA1_160, ENCR_NULL, 0, SSL_3_0, TLS_1_2, @@ -837,7 +837,7 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset, } if (current.dh && current.dh != suites[i].dh) { - if (suites[i].dh != MODP_NONE && + if (suites[i].dh != KE_NONE && !(key_exchange_is_ecdh(current.dh) && key_exchange_is_ecdh(suites[i].dh))) { /* skip DH group, does not match nor NONE nor both ECDH */ @@ -927,14 +927,14 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this, } if (strcaseeq(token, "dhe-rsa") && !key_exchange_is_ecdh(suites[i].dh) && - suites[i].dh != MODP_NONE && + suites[i].dh != KE_NONE && suites[i].key == KEY_RSA) { suites[remaining++] = suites[i]; break; } if (strcaseeq(token, "rsa") && - suites[i].dh == MODP_NONE && + suites[i].dh == KE_NONE && suites[i].key == KEY_RSA) { suites[remaining++] = suites[i]; @@ -1611,7 +1611,7 @@ METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*, static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this, key_exchange_method_t orig) { - key_exchange_method_t current, first = MODP_NONE; + key_exchange_method_t current, first = KE_NONE; enumerator_t *enumerator; enumerator = create_ec_enumerator(this); @@ -1622,7 +1622,7 @@ static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this, enumerator->destroy(enumerator); return orig; } - else if (first == MODP_NONE) + else if (first == KE_NONE) { first = current; } @@ -1645,7 +1645,7 @@ METHOD(tls_crypto_t, get_dh_group, key_exchange_method_t, } return algs->dh; } - return MODP_NONE; + return KE_NONE; } METHOD(tls_crypto_t, set_protection, void, diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h index a9e7c97f91..31c19928da 100644 --- a/src/libtls/tls_crypto.h +++ b/src/libtls/tls_crypto.h @@ -465,7 +465,7 @@ struct tls_crypto_t { /** * Get the Diffie-Hellman group to use, if any. * - * @return Diffie-Hellman group, or MODP_NONE + * @return Diffie-Hellman group, or KE_NONE */ key_exchange_method_t (*get_dh_group)(tls_crypto_t *this); diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index fb3ee296ba..569381518e 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -174,7 +174,7 @@ static bool verify_requested_key_type(private_tls_peer_t *this, uint16_t key_type) { enumerator_t *enumerator; - key_exchange_method_t group, found = MODP_NONE; + key_exchange_method_t group, found = KE_NONE; tls_named_group_t curve; enumerator = this->crypto->create_ec_enumerator(this->crypto); @@ -188,7 +188,7 @@ static bool verify_requested_key_type(private_tls_peer_t *this, } enumerator->destroy(enumerator); - if (found == MODP_NONE) + if (found == KE_NONE) { DBG1(DBG_TLS, "server requested key exchange we didn't propose"); return FALSE; @@ -864,7 +864,7 @@ static status_t process_key_exchange(private_tls_peer_t *this, TLS_SERVER_KEY_EXCHANGE, reader->peek(reader)); group = this->crypto->get_dh_group(this->crypto); - if (group == MODP_NONE) + if (group == KE_NONE) { DBG1(DBG_TLS, "received Server Key Exchange, but not required " "for current suite");