static bool kernel_alg_db_add(struct db_context *db_ctx , struct esp_info *esp_info , lset_t policy , bool logit) { int ealg_i, aalg_i; if(policy & POLICY_ENCRYPT) { ealg_i=esp_info->esp_ealg_id; if (!ESP_EALG_PRESENT(ealg_i)) { if(logit) { openswan_loglog(RC_LOG_SERIOUS , "requested kernel enc ealg_id=%d not present" , ealg_i); } else { DBG_log("requested kernel enc ealg_id=%d not present", ealg_i); } return FALSE; } } aalg_i=alg_info_esp_aa2sadb(esp_info->esp_aalg_id); if (!ESP_AALG_PRESENT(aalg_i)) { DBG_log("kernel_alg_db_add() kernel auth " "aalg_id=%d not present", aalg_i); return FALSE; } /* do algo policy */ kernel_alg_policy_algorithms(esp_info); if(policy & POLICY_ENCRYPT) { /* open new transformation */ db_trans_add(db_ctx, ealg_i); /* add ESP auth attr */ db_attr_add_values(db_ctx, AUTH_ALGORITHM, esp_info->esp_aalg_id); /* add keylegth if specified in esp= string */ if (esp_info->esp_ealg_keylen) { db_attr_add_values(db_ctx, KEY_LENGTH, esp_info->esp_ealg_keylen); } } else if(policy & POLICY_AUTHENTICATE) { /* open new transformation */ db_trans_add(db_ctx, aalg_i); /* add ESP auth attr */ db_attr_add_values(db_ctx, AUTH_ALGORITHM, esp_info->esp_aalg_id); } return TRUE; }
bool kernel_alg_esp_enc_ok(int alg_id, unsigned int key_len, struct alg_info_esp *alg_info) { struct sadb_alg *alg_p=NULL; /* * test #1: encrypt algo must be present */ int ret=ESP_EALG_PRESENT(alg_id); if (!ret) goto out; alg_p=&esp_ealg[alg_id]; /* * test #2: if key_len specified, it must be in range */ if ((key_len) && ((key_len < alg_p->sadb_alg_minbits) || (key_len > alg_p->sadb_alg_maxbits))) { log (__FUNCTION__ "() key_len not in range: alg_id=%d, " "key_len=%d, alg_minbits=%d, alg_maxbits=%d", alg_id, key_len, alg_p->sadb_alg_minbits, alg_p->sadb_alg_maxbits ); ret = FALSE; } /* * test #3: if alg_info specified AND strict flag, only * only allow algo iff listed in st->alg_info_esp */ else if (alg_info && (alg_info->alg_info_flags & ALG_INFO_F_STRICT) ) { int i; struct esp_info *esp_info; ALG_INFO_ESP_FOREACH(alg_info, esp_info, i) { if ((esp_info->esp_ealg_id == alg_id) && ((esp_info->esp_ealg_keylen==0) || (key_len==0) || (esp_info->esp_ealg_keylen==key_len))) { ret = TRUE; goto out; } } log(__FUNCTION__ "() strict flag and algo not in alg_info: " "alg_id=%d, " "key_len=%d, alg_minbits=%d, alg_maxbits=%d", alg_id, key_len, alg_p->sadb_alg_minbits, alg_p->sadb_alg_maxbits ); ret = FALSE; }
{ esp_ealg[esp_ealg_temp[i].sadb_alg_id] = esp_ealg_temp[i]; } } err_t kernel_alg_esp_enc_ok(int alg_id, unsigned int key_len, struct alg_info_esp *alg_info __attribute__((unused))) { struct sadb_alg *alg_p=NULL; err_t ugh = NULL; /* * test #1: encrypt algo must be present */ int ret=ESP_EALG_PRESENT(alg_id); if (!ret) goto out; alg_p=&esp_ealg[alg_id]; /* * test #2: if key_len specified, it must be in range */ if ((key_len) && ((key_len < alg_p->sadb_alg_minbits) || (key_len > alg_p->sadb_alg_maxbits))) { ugh = builddiag("kernel_alg_db_add() key_len not in range: alg_id=%d, " "key_len=%d, alg_minbits=%d, alg_maxbits=%d", alg_id, key_len, alg_p->sadb_alg_minbits, alg_p->sadb_alg_maxbits); } out: if (!ugh && alg_p != NULL) {