diff options
| author |   reyk <reyk@openbsd.org> | 2014-08-25 14:36:10 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2014-08-25 14:36:10 +0000 |
| commit | 547eb84d8267cf4072670bf272bb8265ae4d7ae4 (patch) | |
| tree | d4aa04e5b10b2fdfeea52e810e53749ab02f8fd1 | |
| parent | Previosuly forgot the Makefile bit: add mime.types (diff) | |
| download | wireguard-openbsd-547eb84d8267cf4072670bf272bb8265ae4d7ae4.tar.xz wireguard-openbsd-547eb84d8267cf4072670bf272bb8265ae4d7ae4.zip | |
Add support for DH groups 27-30 using the Brainpool curves which have
previously been added to LibreSSL's libcrypto.
ok markus@ mikeb@
| -rw-r--r-- | sbin/iked/dh.c | 10 | ||||
| -rw-r--r-- | sbin/iked/iked.conf.5 | 8 | ||||
| -rw-r--r-- | sbin/iked/parse.y | 10 |
3 files changed, 22 insertions, 6 deletions
diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c index 862812c4aa7..8033a026564 100644 --- a/sbin/iked/dh.c +++ b/sbin/iked/dh.c @@ -1,7 +1,7 @@ -/* $OpenBSD: dh.c,v 1.12 2014/07/10 12:50:05 jsg Exp $ */ +/* $OpenBSD: dh.c,v 1.13 2014/08/25 14:36:10 reyk Exp $ */ /* - * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> + * Copyright (c) 2010-2014 Reyk Floeter <reyk@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -278,7 +278,11 @@ struct group_id ike_groups[] = { "5E2327CFEF98C582664B4C0F6CC41659" }, { GROUP_ECP, 25, 192, NULL, NULL, NID_X9_62_prime192v1 }, - { GROUP_ECP, 26, 224, NULL, NULL, NID_secp224r1 } + { GROUP_ECP, 26, 224, NULL, NULL, NID_secp224r1 }, + { GROUP_ECP, 27, 224, NULL, NULL, NID_brainpoolP224r1 }, + { GROUP_ECP, 28, 256, NULL, NULL, NID_brainpoolP256r1 }, + { GROUP_ECP, 29, 384, NULL, NULL, NID_brainpoolP384r1 }, + { GROUP_ECP, 30, 512, NULL, NULL, NID_brainpoolP512r1 } }; void diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5 index b4926f521a0..fbe71bb154f 100644 --- a/sbin/iked/iked.conf.5 +++ b/sbin/iked/iked.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.conf.5,v 1.33 2014/08/05 16:34:03 reyk Exp $ +.\" $OpenBSD: iked.conf.5,v 1.34 2014/08/25 14:36:10 reyk Exp $ .\" .\" Copyright (c) 2010 - 2014 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 5 2014 $ +.Dd $Mdocdate: August 25 2014 $ .Dt IKED.CONF 5 .Os .Sh NAME @@ -816,6 +816,10 @@ keyword: .It Li modp2048-256 Ta grp24 Ta 2048 Ta "MODP, 256 bit Prime Order Subgroup" .It Li ecp192 Ta grp25 Ta 192 Ta "ECP" .It Li ecp224 Ta grp26 Ta 224 Ta "ECP" +.It Li brainpool224 Ta grp27 Ta 224 Ta "ECP, brainpoolP224r1" +.It Li brainpool256 Ta grp28 Ta 256 Ta "ECP, brainpoolP256r1" +.It Li brainpool384 Ta grp29 Ta 384 Ta "ECP, brainpoolP384r1" +.It Li brainpool512 Ta grp30 Ta 512 Ta "ECP, brainpoolP512r1" .El .Pp The currently supported group types are either diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 24cfe6bf9c4..9e8efeeb4d1 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.38 2014/05/06 10:24:22 markus Exp $ */ +/* $OpenBSD: parse.y,v 1.39 2014/08/25 14:36:10 reyk Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -237,6 +237,14 @@ const struct ipsec_xf groupxfs[] = { { "grp25", IKEV2_XFORMDH_ECP_192 }, { "ecp224", IKEV2_XFORMDH_ECP_224 }, { "grp26", IKEV2_XFORMDH_ECP_224 }, + { "brainpool224", IKEV2_XFORMDH_BRAINPOOL_P224R1 }, + { "grp27", IKEV2_XFORMDH_BRAINPOOL_P224R1 }, + { "brainpool256", IKEV2_XFORMDH_BRAINPOOL_P256R1 }, + { "grp28", IKEV2_XFORMDH_BRAINPOOL_P256R1 }, + { "brainpool384", IKEV2_XFORMDH_BRAINPOOL_P384R1 }, + { "grp29", IKEV2_XFORMDH_BRAINPOOL_P384R1 }, + { "brainpool512", IKEV2_XFORMDH_BRAINPOOL_P512R1 }, + { "grp30", IKEV2_XFORMDH_BRAINPOOL_P512R1 }, { NULL } }; |