Beispiel #1
0
static bool 
kernel_alg_db_add(struct db_context *db_ctx
		  , struct esp_info *esp_info
		  , lset_t policy
		  , bool logit)
{
	int ealg_i, aalg_i;

	if(policy & POLICY_ENCRYPT) {
	    ealg_i=esp_info->esp_ealg_id;
	    if (!ESP_EALG_PRESENT(ealg_i)) {
		if(logit) {
		    openswan_loglog(RC_LOG_SERIOUS
				    , "requested kernel enc ealg_id=%d not present"
				    , ealg_i);
		} else {
		    DBG_log("requested kernel enc ealg_id=%d not present", ealg_i);
		}
		return FALSE;
	    }
	}

	aalg_i=alg_info_esp_aa2sadb(esp_info->esp_aalg_id);
	if (!ESP_AALG_PRESENT(aalg_i)) {
	    DBG_log("kernel_alg_db_add() kernel auth "
		    "aalg_id=%d not present",
		    aalg_i);
	    return FALSE;
	}

	/* 	do algo policy */
	kernel_alg_policy_algorithms(esp_info);

	if(policy & POLICY_ENCRYPT) {
	    /*	open new transformation */
	    db_trans_add(db_ctx, ealg_i);

	    /* add ESP auth attr */
	    db_attr_add_values(db_ctx, 
			       AUTH_ALGORITHM, esp_info->esp_aalg_id);

	    /*	add keylegth if specified in esp= string */
	    if (esp_info->esp_ealg_keylen) {
		db_attr_add_values(db_ctx, 
				   KEY_LENGTH, esp_info->esp_ealg_keylen);
	    }

	} else if(policy & POLICY_AUTHENTICATE) {
	    /*	open new transformation */
	    db_trans_add(db_ctx, aalg_i);

	    /* add ESP auth attr */
	    db_attr_add_values(db_ctx, 
			       AUTH_ALGORITHM, esp_info->esp_aalg_id);

	}

	return TRUE;
}
bool
kernel_alg_esp_enc_ok(int alg_id, unsigned int key_len, struct alg_info_esp *alg_info)
{
	struct sadb_alg *alg_p=NULL;
	/* 
	 * test #1: encrypt algo must be present 
	 */
	int ret=ESP_EALG_PRESENT(alg_id);
	if (!ret) goto out;

	alg_p=&esp_ealg[alg_id];
	/* 
	 * test #2: if key_len specified, it must be in range 
	 */
	if ((key_len) && ((key_len < alg_p->sadb_alg_minbits) ||
			 (key_len > alg_p->sadb_alg_maxbits))) {
		log (__FUNCTION__ "() key_len not in range: alg_id=%d, "
				"key_len=%d, alg_minbits=%d, alg_maxbits=%d",
				alg_id, key_len,
				alg_p->sadb_alg_minbits,
				alg_p->sadb_alg_maxbits
		       );
		ret = FALSE;
	} 
	/* 
	 * test #3: if alg_info specified AND strict flag, only
	 * only allow algo iff listed in st->alg_info_esp
	 */
	else if (alg_info && (alg_info->alg_info_flags & ALG_INFO_F_STRICT) ) {
		int i;
		struct esp_info *esp_info;
		ALG_INFO_ESP_FOREACH(alg_info, esp_info, i) {
			if ((esp_info->esp_ealg_id == alg_id) &&
				((esp_info->esp_ealg_keylen==0) || (key_len==0) ||
				 (esp_info->esp_ealg_keylen==key_len))) {
				ret = TRUE;
				goto out;
			}
		}
		log(__FUNCTION__ "() strict flag and algo not in alg_info: "
				"alg_id=%d, "
				"key_len=%d, alg_minbits=%d, alg_maxbits=%d",
				alg_id, key_len,
				alg_p->sadb_alg_minbits,
				alg_p->sadb_alg_maxbits
		   );
		ret = FALSE;
	}
Beispiel #3
0
	{
		esp_ealg[esp_ealg_temp[i].sadb_alg_id] = esp_ealg_temp[i];
	}
	
}


err_t kernel_alg_esp_enc_ok(int alg_id, unsigned int key_len, struct alg_info_esp *alg_info __attribute__((unused)))
{
	struct sadb_alg *alg_p=NULL;
	err_t ugh = NULL;

	/* 
	 * test #1: encrypt algo must be present 
	 */
	int ret=ESP_EALG_PRESENT(alg_id);
	if (!ret) goto out;

	alg_p=&esp_ealg[alg_id];
	/* 
	 * test #2: if key_len specified, it must be in range 
	 */
	if ((key_len) && ((key_len < alg_p->sadb_alg_minbits) || (key_len > alg_p->sadb_alg_maxbits))) 
	{
	  
	  ugh = builddiag("kernel_alg_db_add() key_len not in range: alg_id=%d, "	  "key_len=%d, alg_minbits=%d, alg_maxbits=%d", alg_id, key_len, alg_p->sadb_alg_minbits, alg_p->sadb_alg_maxbits);
	} 

out:
	if (!ugh && alg_p != NULL) 
	{