int alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info) { char *ptr=buf; int ret; struct esp_info *esp_info; int cnt; int eklen, aklen; ptr=buf; ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) { if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL) && (kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL))) { eklen=esp_info->esp_ealg_keylen; if (!eklen) eklen=kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)*BITS_PER_BYTE; aklen=esp_info->esp_aalg_keylen; if (!aklen) aklen=kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)*BITS_PER_BYTE; ret=snprintf(ptr, buflen, "%d_%03d-%d_%03d, ", esp_info->esp_ealg_id, eklen, esp_info->esp_aalg_id, aklen); ptr+=ret; buflen-=ret; if (buflen<0) break; } } return ptr-buf; }
/* * print which ESP algorithm has actually been selected, based upon which * ones are actually loaded. */ int alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info) { char *ptr=buf; int ret; struct esp_info *esp_info; int cnt; int eklen, aklen; const char *sep=""; ptr=buf; buf[0]=0; strncat(buf, "none", buflen); ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) { if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL)) { DBG_log("esp algid=%d not available", esp_info->esp_ealg_id); continue; } if (kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL)) { DBG_log("auth algid=%d not available", esp_info->esp_aalg_id); continue; } eklen=esp_info->esp_ealg_keylen; if (!eklen) eklen=kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)*BITS_PER_BYTE; aklen=esp_info->esp_aalg_keylen; if (!aklen) aklen=kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)*BITS_PER_BYTE; ret=snprintf(ptr, buflen, "%s%s(%d)_%03d-%s(%d)_%03d" , sep , enum_name(&esp_transformid_names, esp_info->esp_ealg_id)+sizeof("ESP") , esp_info->esp_ealg_id, eklen , enum_name(&auth_alg_names, esp_info->esp_aalg_id)+sizeof("AUTH_ALGORITHM_HMAC") , esp_info->esp_aalg_id, aklen); ptr+=ret; buflen-=ret; if (buflen<0) break; sep = ", "; } return ptr-buf; }
/* * print which ESP algorithm has actually been selected, based upon which * ones are actually loaded. */ static void alg_info_snprint_esp(char *buf, size_t buflen, struct alg_info_esp *alg_info) { char *ptr = buf; int ret; struct esp_info *esp_info; int cnt; const char *sep = ""; passert(buflen >= sizeof("none")); ptr = buf; jam_str(buf, buflen, "none"); ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) { err_t ugh = check_kernel_encrypt_alg(esp_info->transid, 0); if (ugh != NULL) { DBG_log("esp algid=%d not available: %s", esp_info->transid, ugh); continue; } if (!kernel_alg_esp_auth_ok(esp_info->auth, NULL)) { DBG_log("auth algid=%d not available", esp_info->auth); continue; } ret = snprint_esp_info(ptr, buflen, sep, esp_info); if (ret < 0 || (size_t)ret >= buflen) { DBG_log("alg_info_snprint_esp: buffer too short for snprintf"); break; } ptr += ret; buflen -= ret; sep = ", "; }
static int decode_esp(char *algname) { char err_buf[256] = ""; /* ??? big enough? */ int esp_alg; struct alg_info_esp *alg_info = alg_info_esp_create_from_str(algname, err_buf, sizeof(err_buf)); if (alg_info != NULL) { int esp_ealg_id, esp_aalg_id; esp_alg = XF_OTHER_ALG; if (alg_info->ai.alg_info_cnt > 1) { fprintf(stderr, "%s: Invalid encryption algorithm '%s' " "follows '--esp' option: lead too many(%d) " "transforms\n", progname, algname, alg_info->ai.alg_info_cnt); exit(1); } alg_string = algname; esp_info = &alg_info->esp[0]; if (debug) { fprintf(stdout, "%s: alg_info: cnt=%d ealg[0]=%d aalg[0]=%d\n", progname, alg_info->ai.alg_info_cnt, esp_info->encryptalg, esp_info->authalg); } esp_ealg_id = esp_info->transid; esp_aalg_id = esp_info->auth; if (kernel_alg_proc_read()) { err_t ugh; proc_read_ok++; ugh = check_kernel_encrypt_alg(esp_ealg_id, 0); if (ugh != NULL) { fprintf(stderr, "%s: ESP encryptalg=%d (\"%s\") " "not present - %s\n", progname, esp_ealg_id, enum_name(&esp_transformid_names, esp_ealg_id), ugh); exit(1); } if (!kernel_alg_esp_auth_ok(esp_aalg_id, 0)) { /* ??? this message looks badly worded */ fprintf(stderr, "%s: ESP authalg=%d (\"%s\") - alg not present\n", progname, esp_aalg_id, enum_name(&auth_alg_names, esp_aalg_id)); exit(1); } } } else { fprintf(stderr, "%s: Invalid encryption algorithm '%s' follows '--esp' option %s\n", progname, algname, err_buf); exit(1); } return esp_alg; }