/*
* Generic (enc, auth) registration entry point
*/
int register_ipsec_alg(struct ipsec_alg *ixt)
{
int ret=-EINVAL;
/* Validation */
if (ixt==NULL)
barf_out("NULL ipsec_alg object passed\n");
if ((ixt->ixt_version&0xffffff00) != (IPSEC_ALG_VERSION&0xffffff00))
barf_out("incorrect version: %d.%d.%d-%d, "
"must be %d.%d.%d[-%d]\n",
IPSEC_ALG_VERSION_QUAD(ixt->ixt_version),
IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION));
switch(ixt->ixt_alg_type) {
case IPSEC_ALG_TYPE_AUTH:
if ((ret=check_auth((struct ipsec_alg_auth *)ixt)<0))
goto out;
break;
case IPSEC_ALG_TYPE_ENCRYPT:
if ((ret=check_enc((struct ipsec_alg_enc *)ixt)<0))
goto out;
/*
* Adapted two lines below:
* ivlen == 0 is possible (NULL enc has blocksize==1)
*
* fixed NULL support by David De Reu <*****@*****.**>
*/
if (ixt->ixt_support.ias_ivlen == 0
&& ixt->ixt_blocksize > 1) {
ixt->ixt_support.ias_ivlen = ixt->ixt_blocksize*8;
}
break;
default:
barf_out("alg_type=%d not supported\n", ixt->ixt_alg_type);
}
INIT_LIST_HEAD(&ixt->ixt_list);
ret = ipsec_alg_insert(ixt);
if (ret<0)
barf_out(KERN_WARNING "ipsec_alg for alg_id=%d failed."
"Not loaded (ret=%d).\n",
ixt->ixt_support.ias_id, ret);
ret = pfkey_list_insert_supported((struct ipsec_alg_supported *)&ixt->ixt_support
, &(pfkey_supported_list[K_SADB_SATYPE_ESP]));
if (ret==0) {
ixt->ixt_state |= IPSEC_ALG_ST_SUPP;
/* send register event to userspace */
pfkey_register_reply(K_SADB_SATYPE_ESP, NULL);
} else
printk(KERN_ERR "pfkey_list_insert_supported returned %d. "
"Loading anyway.\n", ret);
ret=0;
out:
return ret;
}
int ipsec_alg_init(void) {
KLIPS_PRINT(1, "klips_info:ipsec_alg_init: "
"KLIPS alg v=%d.%d.%d-%d (EALG_MAX=%d, AALG_MAX=%d)\n",
IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION),
SADB_EALG_MAX, SADB_AALG_MAX);
/* Initialize tables */
write_lock_bh(&ipsec_alg_lock);
ipsec_alg_hash_init();
write_unlock_bh(&ipsec_alg_lock);
/* Initialize static algos */
KLIPS_PRINT(1, "klips_info:ipsec_alg_init: "
"calling ipsec_alg_static_init()\n");
/* If we are suppose to use our AES, and don't have
* CryptoAPI enabled...
*/
#if defined(CONFIG_KLIPS_ENC_AES) && CONFIG_KLIPS_ENC_AES && !defined(CONFIG_KLIPS_ENC_AES_MODULE)
#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI
#warning "Using built-in AES rather than CryptoAPI AES"
#endif
{
extern int ipsec_aes_init(void);
ipsec_aes_init();
}
#endif
#if defined(CONFIG_KLIPS_ENC_3DES) && CONFIG_KLIPS_ENC_3DES && !defined(CONFIG_KLIPS_ENC_3DES_MODULE)
#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI
#warning "Using built-in 3des rather than CryptoAPI 3des"
#endif
{
extern int ipsec_3des_init(void);
ipsec_3des_init();
}
#endif
#if defined(CONFIG_KLIPS_ENC_NULL) && CONFIG_KLIPS_ENC_NULL && !defined(CONFIG_KLIPS_ENC_NULL_MODULE)
#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI
#warning "Using built-in null cipher rather than CryptoAPI null cipher"
#endif
#warning "Building with null cipher (ESP_NULL), blame on you :-)"
{
extern int ipsec_null_init(void);
ipsec_null_init();
}
#endif
/* If we are doing CryptoAPI, then init */
#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI && !defined(CONFIG_KLIPS_ENC_CRYPTOAPI_MODULE)
{
extern int ipsec_cryptoapi_init(void);
ipsec_cryptoapi_init();
}
#endif
return 0;
}
int ipsec_alg_init(void) {
KLIPS_PRINT(1, "klips_info:ipsec_alg_init: "
"KLIPS alg v=%d.%d.%d-%d (EALG_MAX=%d, AALG_MAX=%d)\n",
IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION),
SADB_EALG_MAX, SADB_AALG_MAX);
/* Initialize tables */
write_lock_bh(&ipsec_alg_lock);
ipsec_alg_hash_init();
write_unlock_bh(&ipsec_alg_lock);
/* Initialize static algos */
KLIPS_PRINT(1, "klips_info:ipsec_alg_init: "
"calling ipsec_alg_static_init()\n");
ipsec_alg_static_init();
return 0;
}
