static bool
kernel_alg_db_add(struct db_context *db_ctx
, struct esp_info *esp_info
, lset_t policy
, bool logit)
{
int ealg_i, aalg_i;
if(policy & POLICY_ENCRYPT) {
ealg_i=esp_info->esp_ealg_id;
if (!ESP_EALG_PRESENT(ealg_i)) {
if(logit) {
openswan_loglog(RC_LOG_SERIOUS
, "requested kernel enc ealg_id=%d not present"
, ealg_i);
} else {
DBG_log("requested kernel enc ealg_id=%d not present", ealg_i);
}
return FALSE;
}
}
aalg_i=alg_info_esp_aa2sadb(esp_info->esp_aalg_id);
if (!ESP_AALG_PRESENT(aalg_i)) {
DBG_log("kernel_alg_db_add() kernel auth "
"aalg_id=%d not present",
aalg_i);
return FALSE;
}
/* do algo policy */
kernel_alg_policy_algorithms(esp_info);
if(policy & POLICY_ENCRYPT) {
/* open new transformation */
db_trans_add(db_ctx, ealg_i);
/* add ESP auth attr */
db_attr_add_values(db_ctx,
AUTH_ALGORITHM, esp_info->esp_aalg_id);
/* add keylegth if specified in esp= string */
if (esp_info->esp_ealg_keylen) {
db_attr_add_values(db_ctx,
KEY_LENGTH, esp_info->esp_ealg_keylen);
}
} else if(policy & POLICY_AUTHENTICATE) {
/* open new transformation */
db_trans_add(db_ctx, aalg_i);
/* add ESP auth attr */
db_attr_add_values(db_ctx,
AUTH_ALGORITHM, esp_info->esp_aalg_id);
}
return TRUE;
}
bool
kernel_alg_esp_enc_ok(int alg_id, unsigned int key_len, struct alg_info_esp *alg_info)
{
struct sadb_alg *alg_p=NULL;
/*
* test #1: encrypt algo must be present
*/
int ret=ESP_EALG_PRESENT(alg_id);
if (!ret) goto out;
alg_p=&esp_ealg[alg_id];
/*
* test #2: if key_len specified, it must be in range
*/
if ((key_len) && ((key_len < alg_p->sadb_alg_minbits) ||
(key_len > alg_p->sadb_alg_maxbits))) {
log (__FUNCTION__ "() key_len not in range: alg_id=%d, "
"key_len=%d, alg_minbits=%d, alg_maxbits=%d",
alg_id, key_len,
alg_p->sadb_alg_minbits,
alg_p->sadb_alg_maxbits
);
ret = FALSE;
}
/*
* test #3: if alg_info specified AND strict flag, only
* only allow algo iff listed in st->alg_info_esp
*/
else if (alg_info && (alg_info->alg_info_flags & ALG_INFO_F_STRICT) ) {
int i;
struct esp_info *esp_info;
ALG_INFO_ESP_FOREACH(alg_info, esp_info, i) {
if ((esp_info->esp_ealg_id == alg_id) &&
((esp_info->esp_ealg_keylen==0) || (key_len==0) ||
(esp_info->esp_ealg_keylen==key_len))) {
ret = TRUE;
goto out;
}
}
log(__FUNCTION__ "() strict flag and algo not in alg_info: "
"alg_id=%d, "
"key_len=%d, alg_minbits=%d, alg_maxbits=%d",
alg_id, key_len,
alg_p->sadb_alg_minbits,
alg_p->sadb_alg_maxbits
);
ret = FALSE;
}
{
esp_ealg[esp_ealg_temp[i].sadb_alg_id] = esp_ealg_temp[i];
}
}
err_t kernel_alg_esp_enc_ok(int alg_id, unsigned int key_len, struct alg_info_esp *alg_info __attribute__((unused)))
{
struct sadb_alg *alg_p=NULL;
err_t ugh = NULL;
/*
* test #1: encrypt algo must be present
*/
int ret=ESP_EALG_PRESENT(alg_id);
if (!ret) goto out;
alg_p=&esp_ealg[alg_id];
/*
* test #2: if key_len specified, it must be in range
*/
if ((key_len) && ((key_len < alg_p->sadb_alg_minbits) || (key_len > alg_p->sadb_alg_maxbits)))
{
ugh = builddiag("kernel_alg_db_add() key_len not in range: alg_id=%d, " "key_len=%d, alg_minbits=%d, alg_maxbits=%d", alg_id, key_len, alg_p->sadb_alg_minbits, alg_p->sadb_alg_maxbits);
}
out:
if (!ugh && alg_p != NULL)
{
