diff --git a/programs/pluto/spdb.c b/programs/pluto/spdb.c index 8ec60ec..b64e466 100644 --- a/programs/pluto/spdb.c +++ b/programs/pluto/spdb.c @@ -209,13 +209,6 @@ static struct db_attr otpsk1536aes128sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, }; -static struct db_attr otpsk1536aes128xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_PRESHARED_KEY }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, -}; static struct db_attr otpsk1536aes256sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_SHA1 }, @@ -230,13 +223,6 @@ static struct db_attr otpsk1536aes256sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, }; -static struct db_attr otpsk1536aes256xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_PRESHARED_KEY }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, -}; static struct db_attr otpsk2048aes128sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, @@ -252,13 +238,6 @@ static struct db_attr otpsk2048aes128sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, }; -static struct db_attr otpsk2048aes128xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_PRESHARED_KEY }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, -}; static struct db_attr otpsk2048aes256sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_SHA1 }, @@ -273,13 +252,6 @@ static struct db_attr otpsk2048aes256sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, }; -static struct db_attr otpsk2048aes256xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_PRESHARED_KEY }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, -}; static struct db_attr otpsk2048aes16gcm128sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_GCM_16 }, @@ -552,13 +524,6 @@ static struct db_attr otnull2048aes128sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, }; -static struct db_attr otnull2048aes128xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_AUTH_NULL }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, -}; static struct db_attr otnull2048aes256sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_SHA1 }, @@ -573,13 +538,6 @@ static struct db_attr otnull2048aes256sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, }; -static struct db_attr otnull2048aes256xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_AUTH_NULL }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, -}; static struct db_attr otnull2048aes16gcm128sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_GCM_16 }, @@ -751,13 +709,6 @@ static struct db_attr otrsasig1536aes128sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, }; -static struct db_attr otrsasig1536aes128xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_RSA_SIG }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, -}; static struct db_attr otrsasig1536aes256sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_SHA1 }, @@ -772,13 +723,6 @@ static struct db_attr otrsasig1536aes256sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, }; -static struct db_attr otrsasig1536aes256xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_RSA_SIG }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP1536 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, -}; static struct db_attr otrsasig2048aes128sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, @@ -794,13 +738,6 @@ static struct db_attr otrsasig2048aes128sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, }; -static struct db_attr otrsasig2048aes128xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_RSA_SIG }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 128 }, -}; static struct db_attr otrsasig2048aes256sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_SHA1 }, @@ -815,13 +752,6 @@ static struct db_attr otrsasig2048aes256sha2[] = { { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, }; -static struct db_attr otrsasig2048aes256xaes[] = { - { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_CBC }, - { .type.oakley = OAKLEY_HASH_ALGORITHM, .val = OAKLEY_AES_XCBC }, - { .type.oakley = OAKLEY_AUTHENTICATION_METHOD, .val = OAKLEY_RSA_SIG }, - { .type.oakley = OAKLEY_GROUP_DESCRIPTION, .val = OAKLEY_GROUP_MODP2048 }, - { .type.oakley = OAKLEY_KEY_LENGTH, .val = 256 }, -}; static struct db_attr otrsasig2048aes16gcm128sha1[] = { { .type.oakley = OAKLEY_ENCRYPTION_ALGORITHM, .val = OAKLEY_AES_GCM_16 }, @@ -1476,27 +1406,23 @@ static struct db_trans IKEv2_oakley_trans_psk[] = { /* * IKEv2 proposal #2: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP1536, MODP2048 */ { AD_TR(KEY_IKE, otpsk1536aes256sha1) }, { AD_TR(KEY_IKE, otpsk1536aes256sha2) }, - { AD_TR(KEY_IKE, otpsk1536aes256xaes) }, { AD_TR(KEY_IKE, otpsk2048aes256sha1) }, { AD_TR(KEY_IKE, otpsk2048aes256sha2) }, - { AD_TR(KEY_IKE, otpsk2048aes256xaes) }, /* * IKEv2 proposal #3: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP1536, MODP2048 */ { AD_TR(KEY_IKE, otpsk1536aes128sha1) }, { AD_TR(KEY_IKE, otpsk1536aes128sha2) }, - { AD_TR(KEY_IKE, otpsk1536aes128xaes) }, { AD_TR(KEY_IKE, otpsk2048aes128sha1) }, { AD_TR(KEY_IKE, otpsk2048aes128sha2) }, - { AD_TR(KEY_IKE, otpsk2048aes128xaes) }, }; static struct db_trans IKEv2_oakley_trans_null[] = { @@ -1529,21 +1455,19 @@ static struct db_trans IKEv2_oakley_trans_null[] = { /* * IKEv2 proposal #2: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP2048 */ { AD_TR(KEY_IKE, otnull2048aes256sha1) }, { AD_TR(KEY_IKE, otnull2048aes256sha2) }, - { AD_TR(KEY_IKE, otnull2048aes256xaes) }, /* * IKEv2 proposal #3: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP2048 */ { AD_TR(KEY_IKE, otnull2048aes128sha1) }, { AD_TR(KEY_IKE, otnull2048aes128sha2) }, - { AD_TR(KEY_IKE, otnull2048aes128xaes) }, }; static struct db_trans IKEv2_oakley_trans_rsasig[] = { @@ -1576,27 +1500,23 @@ static struct db_trans IKEv2_oakley_trans_rsasig[] = { /* * IKEv2 proposal #2: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP1536, MODP2048 */ { AD_TR(KEY_IKE, otrsasig1536aes256sha1) }, { AD_TR(KEY_IKE, otrsasig1536aes256sha2) }, - { AD_TR(KEY_IKE, otrsasig1536aes256xaes) }, { AD_TR(KEY_IKE, otrsasig2048aes256sha1) }, { AD_TR(KEY_IKE, otrsasig2048aes256sha2) }, - { AD_TR(KEY_IKE, otrsasig2048aes256xaes) }, /* * IKEv2 proposal #3: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP1536, MODP2048 */ { AD_TR(KEY_IKE, otrsasig1536aes128sha1) }, { AD_TR(KEY_IKE, otrsasig1536aes128sha2) }, - { AD_TR(KEY_IKE, otrsasig1536aes128xaes) }, { AD_TR(KEY_IKE, otrsasig2048aes128sha1) }, { AD_TR(KEY_IKE, otrsasig2048aes128sha2) }, - { AD_TR(KEY_IKE, otrsasig2048aes128xaes) }, }; /* In this table, either PSK or RSA sig is accepted. @@ -1647,39 +1567,31 @@ static struct db_trans IKEv2_oakley_trans_pskrsasig[] = { /* * IKEv2 proposal #2: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP1536, MODP2048 */ { AD_TR(KEY_IKE, otrsasig1536aes256sha1) }, { AD_TR(KEY_IKE, otpsk1536aes256sha1) }, { AD_TR(KEY_IKE, otrsasig1536aes256sha2) }, { AD_TR(KEY_IKE, otpsk1536aes256sha2) }, - { AD_TR(KEY_IKE, otrsasig1536aes256xaes) }, - { AD_TR(KEY_IKE, otpsk1536aes256xaes) }, { AD_TR(KEY_IKE, otrsasig2048aes256sha1) }, { AD_TR(KEY_IKE, otpsk2048aes256sha1) }, { AD_TR(KEY_IKE, otrsasig2048aes256sha2) }, { AD_TR(KEY_IKE, otpsk2048aes256sha2) }, - { AD_TR(KEY_IKE, otrsasig2048aes256xaes) }, - { AD_TR(KEY_IKE, otpsk2048aes256xaes) }, /* * IKEv2 proposal #3: * AES_CBC[256] - * SHA1, SHA2_256, AES_XCBC + * SHA1, SHA2_256 * MODP1536, MODP2048 */ { AD_TR(KEY_IKE, otrsasig1536aes128sha1) }, { AD_TR(KEY_IKE, otpsk1536aes128sha1) }, { AD_TR(KEY_IKE, otrsasig1536aes128sha2) }, { AD_TR(KEY_IKE, otpsk1536aes128sha2) }, - { AD_TR(KEY_IKE, otrsasig1536aes128xaes) }, - { AD_TR(KEY_IKE, otpsk1536aes128xaes) }, { AD_TR(KEY_IKE, otrsasig2048aes128sha1) }, { AD_TR(KEY_IKE, otpsk2048aes128sha1) }, { AD_TR(KEY_IKE, otrsasig2048aes128sha2) }, { AD_TR(KEY_IKE, otpsk2048aes128sha2) }, - { AD_TR(KEY_IKE, otrsasig2048aes128xaes) }, - { AD_TR(KEY_IKE, otpsk2048aes128xaes) }, }; /*