int
alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info)
{
char *ptr=buf;
int ret;
struct ike_info *ike_info;
int cnt;
int eklen, aklen;
const char *sep="";
struct encrypt_desc *enc_desc;
struct hash_desc *hash_desc;
ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) {
if (ike_alg_enc_present(ike_info->ike_ealg)
&& (ike_alg_hash_present(ike_info->ike_halg))
&& (lookup_group(ike_info->ike_modp))) {
enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg);
passert(enc_desc != NULL);
hash_desc=ike_alg_get_hasher(ike_info->ike_halg);
passert(hash_desc != NULL);
eklen=ike_info->ike_eklen;
if (!eklen)
eklen=enc_desc->keydeflen;
aklen=ike_info->ike_hklen;
if (!aklen)
aklen=hash_desc->hash_digest_len * BITS_PER_BYTE;
ret=snprintf(ptr, buflen, "%s%s(%d)_%03d-%s(%d)_%03d-%s(%d)"
, sep
, enum_name(&oakley_enc_names, ike_info->ike_ealg)+sizeof("OAKLEY")
, ike_info->ike_ealg, eklen
, enum_name(&oakley_hash_names, ike_info->ike_halg)+sizeof("OAKLEY")
, ike_info->ike_halg, aklen
, enum_name(&oakley_group_names, ike_info->ike_modp)+sizeof("OAKLEY_GROUP")
, ike_info->ike_modp);
ptr+=ret;
buflen-=ret;
if (buflen<0) break;
sep = ", ";
}
}
return ptr-buf;
}
int
alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info)
{
char *ptr=buf;
int ret;
struct ike_info *ike_info;
int cnt;
int eklen, aklen;
struct encrypt_desc *enc_desc;
struct hash_desc *hash_desc;
ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) {
if (ike_alg_enc_present(ike_info->ike_ealg)
&& (ike_alg_hash_present(ike_info->ike_halg))
&& (lookup_group(ike_info->ike_modp))) {
enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg);
passert(enc_desc != NULL);
hash_desc=ike_alg_get_hasher(ike_info->ike_halg);
passert(hash_desc != NULL);
eklen=ike_info->ike_eklen;
if (!eklen)
eklen=enc_desc->keydeflen;
aklen=ike_info->ike_hklen;
if (!aklen)
aklen=hash_desc->hash_digest_len * BITS_PER_BYTE;
ret=snprintf(ptr, buflen, "%d_%03d-%d_%03d-%d, ",
ike_info->ike_ealg,
eklen,
ike_info->ike_halg,
aklen,
ike_info->ike_modp);
ptr+=ret;
buflen-=ret;
if (buflen<0) break;
}
}
return ptr-buf;
}
/*
* Create an OAKLEY proposal based on alg_info and policy
*/
struct db_context *
ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
{
struct db_context *db_ctx = NULL;
struct ike_info *ike_info;
unsigned ealg, halg, modp, eklen=0;
struct encrypt_desc *enc_desc;
int i;
if (!ai) {
whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
"for this connection "
"(check ike algorithm string)");
goto fail;
}
policy &= POLICY_ID_AUTH_MASK;
db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
/* for each group */
ALG_INFO_IKE_FOREACH(ai, ike_info, i) {
ealg = ike_info->ike_ealg;
halg = ike_info->ike_halg;
modp = ike_info->ike_modp;
eklen= ike_info->ike_eklen;
if (!ike_alg_enc_present(ealg)) {
DBG_log(__FUNCTION__ "() "
"ike enc ealg=%d not present",
ealg);
continue;
}
if (!ike_alg_hash_present(halg)) {
DBG_log(__FUNCTION__ "() "
"ike hash halg=%d not present",
halg);
continue;
}
enc_desc = ike_alg_get_encrypter(ealg);
passert(enc_desc != NULL);
if (eklen
/*
&& eklen != enc_desc->keydeflen)
*/
&& (eklen < enc_desc->keyminlen
|| eklen > enc_desc->keymaxlen))
{
DBG_log(__FUNCTION__ "() "
"ealg=%d (specified) keylen:%d, "
"not valid "
/*
"keylen != %d"
*/
"min=%d, max=%d"
, ealg
, eklen
/*
, enc_desc->keydeflen
*/
, enc_desc->keyminlen
, enc_desc->keymaxlen
);
continue;
}
if (policy & POLICY_RSASIG) {
db_trans_add(db_ctx, KEY_IKE);
db_attr_add_values(db_ctx,
OAKLEY_ENCRYPTION_ALGORITHM, ealg);
db_attr_add_values(db_ctx,
OAKLEY_HASH_ALGORITHM, halg);
if (eklen)
db_attr_add_values(db_ctx,
OAKLEY_KEY_LENGTH, eklen);
db_attr_add_values(db_ctx,
OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(db_ctx,
OAKLEY_GROUP_DESCRIPTION, modp);
}
if (policy & POLICY_PSK) {
db_trans_add(db_ctx, KEY_IKE);
db_attr_add_values(db_ctx,
OAKLEY_ENCRYPTION_ALGORITHM, ealg);
db_attr_add_values(db_ctx,
OAKLEY_HASH_ALGORITHM, halg);
if (ike_info->ike_eklen)
db_attr_add_values(db_ctx,
OAKLEY_KEY_LENGTH, ike_info->ike_eklen);
db_attr_add_values(db_ctx,
OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
db_attr_add_values(db_ctx,
OAKLEY_GROUP_DESCRIPTION, modp);
}
}
