Rename MODP_NONE to KE_NONE

2025-10-06 00:00:47 -04:00 · 2021-07-01 19:42:55 +02:00 · 2021-07-01 19:42:55 +02:00 · ef597b2e2c
commit ef597b2e2c
parent f0aafa85e2
17 changed files with 78 additions and 77 deletions
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@ -478,7 +478,7 @@ METHOD(child_cfg_t, get_ke_method, key_exchange_method_t,
 {
 	enumerator_t *enumerator;
 	proposal_t *proposal;
-	uint16_t method = MODP_NONE;
+	uint16_t method = KE_NONE;

 	enumerator = this->proposals->create_enumerator(this->proposals);
 	while (enumerator->enumerate(enumerator, &proposal))
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@ -352,7 +352,7 @@ METHOD(ike_cfg_t, get_ke_method, key_exchange_method_t,
 {
 	enumerator_t *enumerator;
 	proposal_t *proposal;
-	uint16_t method = MODP_NONE;
+	uint16_t method = KE_NONE;

 	enumerator = this->proposals->create_enumerator(this->proposals);
 	while (enumerator->enumerate(enumerator, &proposal))
--- a/src/libcharon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
@ -234,7 +234,7 @@ ke_payload_t *ke_payload_create(payload_type_t type)
 			.destroy = _destroy,
 		},
 		.next_payload = PL_NONE,
-		.ke_method = MODP_NONE,
+		.ke_method = KE_NONE,
 		.type = type,
 	);
 	this->payload_length = get_header_length(this);
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@ -254,7 +254,7 @@ METHOD(task_t, build_i, status_t,
 			message->add_payload(message, &sa_payload->payload_interface);

 			group = this->ike_cfg->get_ke_method(this->ike_cfg);
-			if (group == MODP_NONE)
+			if (group == KE_NONE)
 			{
 				DBG1(DBG_IKE, "DH group selection failed");
 				return FAILED;
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@ -781,7 +781,7 @@ static status_t send_notify(private_quick_mode_t *this, notify_type_t type)

 /**
 * Prepare a list of proposals from child_config containing only the specified
- * DH group, unless it is set to MODP_NONE.
+ * DH group, unless it is set to KE_NONE.
 */
 static linked_list_t *get_proposals(private_quick_mode_t *this,
 									key_exchange_method_t group)
@ -794,7 +794,7 @@ static linked_list_t *get_proposals(private_quick_mode_t *this,
 	enumerator = list->create_enumerator(list);
 	while (enumerator->enumerate(enumerator, &proposal))
 	{
-		if (group != MODP_NONE)
+		if (group != KE_NONE)
 		{
 			if (!proposal->has_ke_method(proposal, group))
 			{
@ -866,7 +866,7 @@ METHOD(task_t, build_i, status_t,
 			}

 			group = this->config->get_ke_method(this->config);
-			if (group != MODP_NONE)
+			if (group != KE_NONE)
 			{
 				proposal_t *proposal;
 				uint16_t preferred_group;
@ -899,7 +899,7 @@ METHOD(task_t, build_i, status_t,
 			}
 			else
 			{
-				list = get_proposals(this, MODP_NONE);
+				list = get_proposals(this, KE_NONE);
 			}

 			get_lifetimes(this);
@ -914,7 +914,7 @@ METHOD(task_t, build_i, status_t,
 			{
 				return FAILED;
 			}
-			if (group != MODP_NONE)
+			if (group != KE_NONE)
 			{
 				if (!add_ke(this, message))
 				{
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@ -313,7 +313,7 @@ static bool update_and_check_proposals(private_child_create_t *this)
 		proposal->set_spi(proposal, this->my_spi);

 		/* move the selected DH group to the front, if any */
-		if (this->dh_group != MODP_NONE)
+		if (this->dh_group != KE_NONE)
 		{	/* proposals that don't contain the selected group are
 			 * moved to the back */
 			if (!proposal->promote_ke_method(proposal, this->dh_group))
@ -336,7 +336,7 @@ static bool update_and_check_proposals(private_child_create_t *this)
 	enumerator->destroy(enumerator);
 	other_dh_groups->destroy(other_dh_groups);

-	return this->dh_group == MODP_NONE || found;
+	return this->dh_group == KE_NONE || found;
 }

 /**
@ -615,7 +615,7 @@ static status_t select_and_install(private_child_create_t *this,
 		DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal");
 		DESTROY_IF(this->dh);
 		this->dh = NULL;
-		this->dh_group = MODP_NONE;
+		this->dh_group = KE_NONE;
 	}

 	if (this->initiator)
@ -1099,7 +1099,7 @@ METHOD(task_t, build_i, status_t,
 									chunk_empty);
 				return SUCCESS;
 			}
-			if (!this->retry && this->dh_group == MODP_NONE)
+			if (!this->retry && this->dh_group == KE_NONE)
 			{	/* during a rekeying the group might already be set */
 				this->dh_group = this->config->get_ke_method(this->config);
 			}
@ -1172,7 +1172,7 @@ METHOD(task_t, build_i, status_t,
 								this->packet_tsr->clone(this->packet_tsr));
 	}
 	this->proposals = this->config->get_proposals(this->config,
-												  this->dh_group == MODP_NONE);
+												  this->dh_group == KE_NONE);
 	this->mode = this->config->get_mode(this->config);

 	this->child.if_id_in_def = this->ike_sa->get_if_id(this->ike_sa, TRUE);
@ -1209,7 +1209,7 @@ METHOD(task_t, build_i, status_t,
 		return FAILED;
 	}

-	if (this->dh_group != MODP_NONE)
+	if (this->dh_group != KE_NONE)
 	{
 		this->dh = this->keymat->keymat.create_ke(&this->keymat->keymat,
 												  this->dh_group);
@ -1685,7 +1685,7 @@ METHOD(task_t, process_i, status_t,
 				case INVALID_KE_PAYLOAD:
 				{
 					chunk_t data;
-					uint16_t group = MODP_NONE;
+					uint16_t group = KE_NONE;

 					data = notify->get_notification_data(notify);
 					if (data.len == sizeof(group))
@ -1861,7 +1861,7 @@ METHOD(task_t, migrate, void,
 	}
 	if (!this->rekey && !this->retry)
 	{
-		this->dh_group = MODP_NONE;
+		this->dh_group = KE_NONE;
 	}
 	this->ike_sa = ike_sa;
 	this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
@ -1938,7 +1938,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa,
 		.config = config,
 		.packet_tsi = tsi ? tsi->clone(tsi) : NULL,
 		.packet_tsr = tsr ? tsr->clone(tsr) : NULL,
-		.dh_group = MODP_NONE,
+		.dh_group = KE_NONE,
 		.keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
 		.mode = MODE_TUNNEL,
 		.tfcv3 = TRUE,
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@ -1145,7 +1145,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
 		},
 		.ike_sa = ike_sa,
 		.initiator = initiator,
-		.dh_group = MODP_NONE,
+		.dh_group = KE_NONE,
 		.keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
 		.old_sa = old_sa,
 		.signature_authentication = lib->settings->get_bool(lib->settings,
--- a/src/libimcv/pts/pts_dh_group.c
+++ b/src/libimcv/pts/pts_dh_group.c
@ -179,6 +179,6 @@ key_exchange_method_t pts_dh_group_to_ike(pts_dh_group_t dh_group)
 		case PTS_DH_GROUP_IKE20:
 			return ECP_384_BIT;
 		default:
-			return MODP_NONE;
+			return KE_NONE;
 	}
 }
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@ -17,8 +17,8 @@

 #include "key_exchange.h"

-ENUM_BEGIN(key_exchange_method_names, MODP_NONE, MODP_1024_BIT,
-	"MODP_NONE",
+ENUM_BEGIN(key_exchange_method_names, KE_NONE, MODP_1024_BIT,
+	"KE_NONE",
 	"MODP_768",
 	"MODP_1024");
 ENUM_NEXT(key_exchange_method_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
@ -57,8 +57,8 @@ ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
 	"MODP_CUSTOM");
 ENUM_END(key_exchange_method_names, MODP_CUSTOM);

-ENUM_BEGIN(key_exchange_method_names_short, MODP_NONE, MODP_1024_BIT,
-	"modpnone",
+ENUM_BEGIN(key_exchange_method_names_short, KE_NONE, MODP_1024_BIT,
+	"none",
 	"modp768",
 	"modp1024");
 ENUM_NEXT(key_exchange_method_names_short, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
@ -606,7 +606,7 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 		case MODP_CUSTOM:
 			valid = TRUE;
 			break;
-		case MODP_NONE:
+		case KE_NONE:
 			/* fail */
 			break;
 		/* compile-warn unhandled methods, fail verification */
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@ -40,7 +40,7 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t;
 * Curve25519 and Curve448 groups are defined in RFC 8031.
 */
 enum key_exchange_method_t {
-	MODP_NONE     =  0,
+	KE_NONE       =  0,
 	MODP_768_BIT  =  1,
 	MODP_1024_BIT =  2,
 	MODP_1536_BIT =  5,
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@ -270,7 +270,7 @@ METHOD(proposal_t, has_ke_method, bool,
 	}
 	enumerator->destroy(enumerator);

-	if (!any && ke == MODP_NONE)
+	if (!any && ke == KE_NONE)
 	{
 		found = TRUE;
 	}
@ -691,7 +691,7 @@ static bool check_proposal(private_proposal_t *this)
 			DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals");
 			return FALSE;
 		}
-		/* remove MODP_NONE from IKE proposal */
+		/* remove KE_NONE from IKE proposal */
 		e = array_create_enumerator(this->transforms);
 		while (e->enumerate(e, &entry))
 		{
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@ -148,7 +148,8 @@ prfmd5,           PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,            0
 prfaesxcbc,       PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC,         0
 prfcamelliaxcbc,  PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC,    0
 prfaescmac,       PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC,         0
-modpnone,         KEY_EXCHANGE_METHOD, MODP_NONE,                  0
+none,             KEY_EXCHANGE_METHOD, KE_NONE,                    0
+modpnone,         KEY_EXCHANGE_METHOD, KE_NONE,                    0
 modpnull,         KEY_EXCHANGE_METHOD, MODP_NULL,                  0
 modp768,          KEY_EXCHANGE_METHOD, MODP_768_BIT,               0
 modp1024,         KEY_EXCHANGE_METHOD, MODP_1024_BIT,              0
--- a/src/libstrongswan/tests/suites/test_crypto_factory.c
+++ b/src/libstrongswan/tests/suites/test_crypto_factory.c
@ -181,43 +181,43 @@ static struct {
 	} data[4];
 } ke_data[] = {
 	{ NULL, NULL, {
-		{ MODP_NONE, NULL, NULL }
+		{ KE_NONE, NULL, NULL }
 	}},
 	{ "plugin1", NULL, {
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
-		{ MODP_NONE, NULL, NULL }
+		{ KE_NONE, NULL, NULL }
 	}},
 	{ "plugin1", NULL, {
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
 		{ MODP_1024_BIT, ke_create_modp1024_second, "plugin2" },
-		{ MODP_NONE, NULL, NULL }
+		{ KE_NONE, NULL, NULL }
 	}},
 	{ "plugin2", NULL, {
 		{ MODP_1024_BIT, ke_create_modp1024_second, "plugin2" },
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
-		{ MODP_NONE, NULL, NULL }
+		{ KE_NONE, NULL, NULL }
 	}},
 	{ "plugin1", "plugin1", {
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
 		{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
-		{ MODP_NONE, NULL }
+		{ KE_NONE, NULL }
 	}},
 	{ "plugin1", "plugin1", {
 		{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
-		{ MODP_NONE, NULL }
+		{ KE_NONE, NULL }
 	}},
 	{ "plugin1", "plugin1", {
 		{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
 		{ MODP_2048_BIT, ke_create_modp2048_second, "plugin2" },
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
-		{ MODP_NONE, NULL }
+		{ KE_NONE, NULL }
 	}},
 	{ "plugin1", "plugin2", {
 		{ MODP_2048_BIT, ke_create_modp2048_second, "plugin2" },
 		{ MODP_2048_BIT, ke_create_modp2048, "plugin1" },
 		{ MODP_1024_BIT, ke_create_modp1024, "plugin1" },
-		{ MODP_NONE, NULL }
+		{ KE_NONE, NULL }
 	}},
 };

@ -248,7 +248,7 @@ START_TEST(test_create_ke)


 	factory = crypto_factory_create();
-	for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++)
+	for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++)
 	{
 		ck_assert(factory->add_ke(factory, ke_data[_i].data[i].ke,
 								  ke_data[_i].data[i].plugin,
@ -282,10 +282,10 @@ START_TEST(test_create_ke)
 		}
 	}
 	ck_assert(!enumerator->enumerate(enumerator));
-	ck_assert_int_eq(ke_data[_i].data[i].ke, MODP_NONE);
+	ck_assert_int_eq(ke_data[_i].data[i].ke, KE_NONE);
 	enumerator->destroy(enumerator);

-	for (i = 0; ke_data[_i].data[i].ke != MODP_NONE; i++)
+	for (i = 0; ke_data[_i].data[i].ke != KE_NONE; i++)
 	{
 		factory->remove_ke(factory, ke_data[_i].data[i].create);
 	}
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@ -54,7 +54,7 @@ static struct {
 	{ PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
 	{ PROTO_IKE, "aes128", NULL },
 	{ PROTO_IKE, "aes128-sha256", NULL },
-	{ PROTO_IKE, "aes128-sha256-modpnone", NULL },
+	{ PROTO_IKE, "aes128-sha256-none", NULL },
 	{ PROTO_IKE, "aes128-prfsha256", NULL },
 	{ PROTO_IKE, "aes128-prfsha256-modp2048", NULL },
 	{ PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
@ -128,20 +128,20 @@ static struct {
 	{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
 	{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_KE },
 	{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-ecp256", "aes128-sha256", PROPOSAL_SKIP_KE },
-	{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
-	{ PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
-	{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
-	{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
-	{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
-	{ PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+	{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-none", NULL },
+	{ PROTO_ESP, "aes128-sha256-none", "aes128-sha256-modp3072", NULL },
+	{ PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256", "aes128-sha256" },
+	{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-none", "aes128-sha256" },
+	{ PROTO_ESP, "aes128-sha256-modp3072-none", "aes128-sha256-none-modp3072", "aes128-sha256-modp3072" },
+	{ PROTO_ESP, "aes128-sha256-none-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256" },
 	{ PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
 	{ PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL },
 	{ PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
 	{ PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" },
 	{ PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" },
 	{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
-	{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
-	{ PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
+	{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-none", "aes128-sha256-modp3072" },
+	{ PROTO_IKE, "aes128-sha256-modp3072-none", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
 };

 START_TEST(test_select)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -509,33 +509,33 @@ typedef struct {
 */
 static suite_algs_t suite_algs[] = {
 	/* Cipher suites of TLS 1.3: key exchange and authentication
-	 * delegated to extensions, therefore KEY_ANY, MODP_NONE, PRF_UNDEFINED */
+	 * delegated to extensions, therefore KEY_ANY, KE_NONE, PRF_UNDEFINED */
 	{ TLS_AES_256_GCM_SHA384,
-		KEY_ANY, MODP_NONE,
+		KEY_ANY, KE_NONE,
 		HASH_SHA384, PRF_UNDEFINED,
 		AUTH_HMAC_SHA2_384_384, ENCR_AES_GCM_ICV16, 32,
 		TLS_1_3, TLS_1_3,
 	},
 	{ TLS_AES_128_GCM_SHA256,
-		KEY_ANY, MODP_NONE,
+		KEY_ANY, KE_NONE,
 		HASH_SHA256, PRF_UNDEFINED,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_GCM_ICV16, 16,
 		TLS_1_3, TLS_1_3,
 	},
 	{ TLS_CHACHA20_POLY1305_SHA256,
-		KEY_ANY, MODP_NONE,
+		KEY_ANY, KE_NONE,
 		HASH_SHA256, PRF_UNDEFINED,
 		AUTH_HMAC_SHA2_256_256, ENCR_CHACHA20_POLY1305, 32,
 		TLS_1_3, TLS_1_3,
 	},
 	{ TLS_AES_128_CCM_SHA256,
-		KEY_ANY, MODP_NONE,
+		KEY_ANY, KE_NONE,
 		HASH_SHA256, PRF_UNDEFINED,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV16, 16,
 		TLS_1_3, TLS_1_3,
 	},
 	{ TLS_AES_128_CCM_8_SHA256,
-		KEY_ANY, MODP_NONE,
+		KEY_ANY, KE_NONE,
 		HASH_SHA256, PRF_UNDEFINED,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV8, 16,
 		TLS_1_3, TLS_1_3,
@ -674,61 +674,61 @@ static suite_algs_t suite_algs[] = {
 		SSL_3_0, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_AES_256_GCM_SHA384,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA384, PRF_HMAC_SHA2_384,
 		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_AES_256_CBC_SHA256,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_AES_256_CBC_SHA,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32,
 		SSL_3_0, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_AES_128_GCM_SHA256,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_AES_128_CBC_SHA256,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_AES_128_CBC_SHA,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16,
 		SSL_3_0, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32,
 		SSL_3_0, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16,
 		SSL_3_0, TLS_1_2,
@ -746,13 +746,13 @@ static suite_algs_t suite_algs[] = {
 		TLS_1_0, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_NULL_SHA256,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0,
 		TLS_1_2, TLS_1_2,
 	},
 	{ TLS_RSA_WITH_NULL_SHA,
-		KEY_RSA, MODP_NONE,
+		KEY_RSA, KE_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_NULL, 0,
 		SSL_3_0, TLS_1_2,
@ -837,7 +837,7 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset,
 			}
 			if (current.dh && current.dh != suites[i].dh)
 			{
-				if (suites[i].dh != MODP_NONE &&
+				if (suites[i].dh != KE_NONE &&
 					!(key_exchange_is_ecdh(current.dh) &&
 					  key_exchange_is_ecdh(suites[i].dh)))
 				{	/* skip DH group, does not match nor NONE nor both ECDH */
@ -927,14 +927,14 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
 				}
 				if (strcaseeq(token, "dhe-rsa") &&
 					!key_exchange_is_ecdh(suites[i].dh) &&
-					suites[i].dh != MODP_NONE &&
+					suites[i].dh != KE_NONE &&
 					suites[i].key == KEY_RSA)
 				{
 					suites[remaining++] = suites[i];
 					break;
 				}
 				if (strcaseeq(token, "rsa") &&
-					suites[i].dh == MODP_NONE &&
+					suites[i].dh == KE_NONE &&
 					suites[i].key == KEY_RSA)
 				{
 					suites[remaining++] = suites[i];
@ -1611,7 +1611,7 @@ METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*,
 static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this,
 												key_exchange_method_t orig)
 {
-	key_exchange_method_t current, first = MODP_NONE;
+	key_exchange_method_t current, first = KE_NONE;
 	enumerator_t *enumerator;

 	enumerator = create_ec_enumerator(this);
@ -1622,7 +1622,7 @@ static key_exchange_method_t supported_ec_group(private_tls_crypto_t *this,
 			enumerator->destroy(enumerator);
 			return orig;
 		}
-		else if (first == MODP_NONE)
+		else if (first == KE_NONE)
 		{
 			first = current;
 		}
@ -1645,7 +1645,7 @@ METHOD(tls_crypto_t, get_dh_group, key_exchange_method_t,
 		}
 		return algs->dh;
 	}
-	return MODP_NONE;
+	return KE_NONE;
 }

 METHOD(tls_crypto_t, set_protection, void,
--- a/src/libtls/tls_crypto.h
+++ b/src/libtls/tls_crypto.h
@ -465,7 +465,7 @@ struct tls_crypto_t {
 	/**
 	 * Get the Diffie-Hellman group to use, if any.
 	 *
-	 * @return				Diffie-Hellman group, or MODP_NONE
+	 * @return				Diffie-Hellman group, or KE_NONE
 	 */
 	key_exchange_method_t (*get_dh_group)(tls_crypto_t *this);

--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@ -174,7 +174,7 @@ static bool verify_requested_key_type(private_tls_peer_t *this,
 									  uint16_t key_type)
 {
 	enumerator_t *enumerator;
-	key_exchange_method_t group, found = MODP_NONE;
+	key_exchange_method_t group, found = KE_NONE;
 	tls_named_group_t curve;

 	enumerator = this->crypto->create_ec_enumerator(this->crypto);
@ -188,7 +188,7 @@ static bool verify_requested_key_type(private_tls_peer_t *this,
 	}
 	enumerator->destroy(enumerator);

-	if (found == MODP_NONE)
+	if (found == KE_NONE)
 	{
 		DBG1(DBG_TLS, "server requested key exchange we didn't propose");
 		return FALSE;
@ -864,7 +864,7 @@ static status_t process_key_exchange(private_tls_peer_t *this,
 								TLS_SERVER_KEY_EXCHANGE, reader->peek(reader));

 	group = this->crypto->get_dh_group(this->crypto);
-	if (group == MODP_NONE)
+	if (group == KE_NONE)
 	{
 		DBG1(DBG_TLS, "received Server Key Exchange, but not required "
 			 "for current suite");