int alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info) { char *ptr=buf; int ret; struct ike_info *ike_info; int cnt; int eklen, aklen; const char *sep=""; struct encrypt_desc *enc_desc; struct hash_desc *hash_desc; ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) { if (ike_alg_enc_present(ike_info->ike_ealg) && (ike_alg_hash_present(ike_info->ike_halg)) && (lookup_group(ike_info->ike_modp))) { enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg); passert(enc_desc != NULL); hash_desc=ike_alg_get_hasher(ike_info->ike_halg); passert(hash_desc != NULL); eklen=ike_info->ike_eklen; if (!eklen) eklen=enc_desc->keydeflen; aklen=ike_info->ike_hklen; if (!aklen) aklen=hash_desc->hash_digest_len * BITS_PER_BYTE; ret=snprintf(ptr, buflen, "%s%s(%d)_%03d-%s(%d)_%03d-%s(%d)" , sep , enum_name(&oakley_enc_names, ike_info->ike_ealg)+sizeof("OAKLEY") , ike_info->ike_ealg, eklen , enum_name(&oakley_hash_names, ike_info->ike_halg)+sizeof("OAKLEY") , ike_info->ike_halg, aklen , enum_name(&oakley_group_names, ike_info->ike_modp)+sizeof("OAKLEY_GROUP") , ike_info->ike_modp); ptr+=ret; buflen-=ret; if (buflen<0) break; sep = ", "; } } return ptr-buf; }
int alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info) { char *ptr=buf; int ret; struct ike_info *ike_info; int cnt; int eklen, aklen; struct encrypt_desc *enc_desc; struct hash_desc *hash_desc; ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) { if (ike_alg_enc_present(ike_info->ike_ealg) && (ike_alg_hash_present(ike_info->ike_halg)) && (lookup_group(ike_info->ike_modp))) { enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg); passert(enc_desc != NULL); hash_desc=ike_alg_get_hasher(ike_info->ike_halg); passert(hash_desc != NULL); eklen=ike_info->ike_eklen; if (!eklen) eklen=enc_desc->keydeflen; aklen=ike_info->ike_hklen; if (!aklen) aklen=hash_desc->hash_digest_len * BITS_PER_BYTE; ret=snprintf(ptr, buflen, "%d_%03d-%d_%03d-%d, ", ike_info->ike_ealg, eklen, ike_info->ike_halg, aklen, ike_info->ike_modp); ptr+=ret; buflen-=ret; if (buflen<0) break; } } return ptr-buf; }
/* * Create an OAKLEY proposal based on alg_info and policy */ struct db_context * ike_alg_db_new(struct alg_info_ike *ai , lset_t policy) { struct db_context *db_ctx = NULL; struct ike_info *ike_info; unsigned ealg, halg, modp, eklen=0; struct encrypt_desc *enc_desc; int i; if (!ai) { whack_log(RC_LOG_SERIOUS, "no IKE algorithms " "for this connection " "(check ike algorithm string)"); goto fail; } policy &= POLICY_ID_AUTH_MASK; db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5); /* for each group */ ALG_INFO_IKE_FOREACH(ai, ike_info, i) { ealg = ike_info->ike_ealg; halg = ike_info->ike_halg; modp = ike_info->ike_modp; eklen= ike_info->ike_eklen; if (!ike_alg_enc_present(ealg)) { DBG_log(__FUNCTION__ "() " "ike enc ealg=%d not present", ealg); continue; } if (!ike_alg_hash_present(halg)) { DBG_log(__FUNCTION__ "() " "ike hash halg=%d not present", halg); continue; } enc_desc = ike_alg_get_encrypter(ealg); passert(enc_desc != NULL); if (eklen /* && eklen != enc_desc->keydeflen) */ && (eklen < enc_desc->keyminlen || eklen > enc_desc->keymaxlen)) { DBG_log(__FUNCTION__ "() " "ealg=%d (specified) keylen:%d, " "not valid " /* "keylen != %d" */ "min=%d, max=%d" , ealg , eklen /* , enc_desc->keydeflen */ , enc_desc->keyminlen , enc_desc->keymaxlen ); continue; } if (policy & POLICY_RSASIG) { db_trans_add(db_ctx, KEY_IKE); db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg); db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg); if (eklen) db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen); db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG); db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp); } if (policy & POLICY_PSK) { db_trans_add(db_ctx, KEY_IKE); db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg); db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg); if (ike_info->ike_eklen) db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, ike_info->ike_eklen); db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY); db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp); } }