int
alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info)
{
char *ptr=buf;
int ret;
struct esp_info *esp_info;
int cnt;
int eklen, aklen;
ptr=buf;
ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) {
if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL) &&
(kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL))) {
eklen=esp_info->esp_ealg_keylen;
if (!eklen)
eklen=kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)*BITS_PER_BYTE;
aklen=esp_info->esp_aalg_keylen;
if (!aklen)
aklen=kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)*BITS_PER_BYTE;
ret=snprintf(ptr, buflen, "%d_%03d-%d_%03d, ",
esp_info->esp_ealg_id,
eklen,
esp_info->esp_aalg_id,
aklen);
ptr+=ret;
buflen-=ret;
if (buflen<0) break;
}
}
return ptr-buf;
}
/*
* print which ESP algorithm has actually been selected, based upon which
* ones are actually loaded.
*/
int
alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info)
{
char *ptr=buf;
int ret;
struct esp_info *esp_info;
int cnt;
int eklen, aklen;
const char *sep="";
ptr=buf;
buf[0]=0; strncat(buf, "none", buflen);
ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) {
if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL)) {
DBG_log("esp algid=%d not available", esp_info->esp_ealg_id);
continue;
}
if (kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL)) {
DBG_log("auth algid=%d not available", esp_info->esp_aalg_id);
continue;
}
eklen=esp_info->esp_ealg_keylen;
if (!eklen)
eklen=kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)*BITS_PER_BYTE;
aklen=esp_info->esp_aalg_keylen;
if (!aklen)
aklen=kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)*BITS_PER_BYTE;
ret=snprintf(ptr, buflen, "%s%s(%d)_%03d-%s(%d)_%03d"
, sep
, enum_name(&esp_transformid_names, esp_info->esp_ealg_id)+sizeof("ESP")
, esp_info->esp_ealg_id, eklen
, enum_name(&auth_alg_names, esp_info->esp_aalg_id)+sizeof("AUTH_ALGORITHM_HMAC")
, esp_info->esp_aalg_id, aklen);
ptr+=ret;
buflen-=ret;
if (buflen<0) break;
sep = ", ";
}
return ptr-buf;
}
/*
* print which ESP algorithm has actually been selected, based upon which
* ones are actually loaded.
*/
static void alg_info_snprint_esp(char *buf, size_t buflen,
struct alg_info_esp *alg_info)
{
char *ptr = buf;
int ret;
struct esp_info *esp_info;
int cnt;
const char *sep = "";
passert(buflen >= sizeof("none"));
ptr = buf;
jam_str(buf, buflen, "none");
ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) {
err_t ugh = check_kernel_encrypt_alg(esp_info->transid, 0);
if (ugh != NULL) {
DBG_log("esp algid=%d not available: %s",
esp_info->transid, ugh);
continue;
}
if (!kernel_alg_esp_auth_ok(esp_info->auth, NULL)) {
DBG_log("auth algid=%d not available",
esp_info->auth);
continue;
}
ret = snprint_esp_info(ptr, buflen, sep, esp_info);
if (ret < 0 || (size_t)ret >= buflen) {
DBG_log("alg_info_snprint_esp: buffer too short for snprintf");
break;
}
ptr += ret;
buflen -= ret;
sep = ", ";
}
static int decode_esp(char *algname)
{
char err_buf[256] = ""; /* ??? big enough? */
int esp_alg;
struct alg_info_esp *alg_info = alg_info_esp_create_from_str(algname, err_buf, sizeof(err_buf));
if (alg_info != NULL) {
int esp_ealg_id, esp_aalg_id;
esp_alg = XF_OTHER_ALG;
if (alg_info->ai.alg_info_cnt > 1) {
fprintf(stderr, "%s: Invalid encryption algorithm '%s' "
"follows '--esp' option: lead too many(%d) "
"transforms\n",
progname, algname,
alg_info->ai.alg_info_cnt);
exit(1);
}
alg_string = algname;
esp_info = &alg_info->esp[0];
if (debug) {
fprintf(stdout,
"%s: alg_info: cnt=%d ealg[0]=%d aalg[0]=%d\n",
progname,
alg_info->ai.alg_info_cnt,
esp_info->encryptalg,
esp_info->authalg);
}
esp_ealg_id = esp_info->transid;
esp_aalg_id = esp_info->auth;
if (kernel_alg_proc_read()) {
err_t ugh;
proc_read_ok++;
ugh = check_kernel_encrypt_alg(esp_ealg_id, 0);
if (ugh != NULL) {
fprintf(stderr, "%s: ESP encryptalg=%d (\"%s\") "
"not present - %s\n",
progname,
esp_ealg_id,
enum_name(&esp_transformid_names,
esp_ealg_id),
ugh);
exit(1);
}
if (!kernel_alg_esp_auth_ok(esp_aalg_id, 0)) {
/* ??? this message looks badly worded */
fprintf(stderr, "%s: ESP authalg=%d (\"%s\") - alg not present\n",
progname, esp_aalg_id,
enum_name(&auth_alg_names,
esp_aalg_id));
exit(1);
}
}
} else {
fprintf(stderr,
"%s: Invalid encryption algorithm '%s' follows '--esp' option %s\n",
progname, algname, err_buf);
exit(1);
}
return esp_alg;
}
