int main(void) {
struct db_context *ctx=db_prop_new(PROTO_ISAKMP, 0, 0);
db_trans_add(ctx, KEY_IKE);
db_attr_add_values(ctx, OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_DES_CBC);
db_attr_add_values(ctx, OAKLEY_HASH_ALGORITHM, OAKLEY_MD5);
db_attr_add_values(ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(ctx, OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1024);
db_trans_add(ctx, KEY_IKE);
db_attr_add_values(ctx, OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_3DES_CBC);
db_attr_add_values(ctx, OAKLEY_HASH_ALGORITHM, OAKLEY_MD5);
db_attr_add_values(ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(ctx, OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1024);
db_trans_add(ctx, KEY_IKE);
db_attr_add_values(ctx, OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_AES_CBC);
db_attr_add_values(ctx, OAKLEY_HASH_ALGORITHM, OAKLEY_MD5);
db_attr_add_values(ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
db_attr_add_values(ctx, OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1536);
db_trans_add(ctx, ESP_3DES);
db_attr_add_values(ctx, AUTH_ALGORITHM, AUTH_ALGORITHM_HMAC_SHA1);
db_trans_add(ctx, ESP_DES);
db_attr_add_values(ctx, AUTH_ALGORITHM, AUTH_ALGORITHM_HMAC_SHA1);
db_print(ctx);
db_destroy(ctx);
return 0;
}
static bool
kernel_alg_db_add(struct db_context *db_ctx
, struct esp_info *esp_info
, lset_t policy
, bool logit)
{
int ealg_i, aalg_i;
if(policy & POLICY_ENCRYPT) {
ealg_i=esp_info->esp_ealg_id;
if (!ESP_EALG_PRESENT(ealg_i)) {
if(logit) {
openswan_loglog(RC_LOG_SERIOUS
, "requested kernel enc ealg_id=%d not present"
, ealg_i);
} else {
DBG_log("requested kernel enc ealg_id=%d not present", ealg_i);
}
return FALSE;
}
}
aalg_i=alg_info_esp_aa2sadb(esp_info->esp_aalg_id);
if (!ESP_AALG_PRESENT(aalg_i)) {
DBG_log("kernel_alg_db_add() kernel auth "
"aalg_id=%d not present",
aalg_i);
return FALSE;
}
/* do algo policy */
kernel_alg_policy_algorithms(esp_info);
if(policy & POLICY_ENCRYPT) {
/* open new transformation */
db_trans_add(db_ctx, ealg_i);
/* add ESP auth attr */
db_attr_add_values(db_ctx,
AUTH_ALGORITHM, esp_info->esp_aalg_id);
/* add keylegth if specified in esp= string */
if (esp_info->esp_ealg_keylen) {
db_attr_add_values(db_ctx,
KEY_LENGTH, esp_info->esp_ealg_keylen);
}
} else if(policy & POLICY_AUTHENTICATE) {
/* open new transformation */
db_trans_add(db_ctx, aalg_i);
/* add ESP auth attr */
db_attr_add_values(db_ctx,
AUTH_ALGORITHM, esp_info->esp_aalg_id);
}
return TRUE;
}
/*
* Create an OAKLEY proposal based on alg_info and policy
*/
struct db_context *
ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
{
struct db_context *db_ctx = NULL;
struct ike_info *ike_info;
unsigned ealg, halg, modp, eklen=0;
struct encrypt_desc *enc_desc;
int i;
if (!ai) {
whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
"for this connection "
"(check ike algorithm string)");
goto fail;
}
policy &= POLICY_ID_AUTH_MASK;
db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
/* for each group */
ALG_INFO_IKE_FOREACH(ai, ike_info, i) {
ealg = ike_info->ike_ealg;
halg = ike_info->ike_halg;
modp = ike_info->ike_modp;
eklen= ike_info->ike_eklen;
if (!ike_alg_enc_present(ealg)) {
DBG_log(__FUNCTION__ "() "
"ike enc ealg=%d not present",
ealg);
continue;
}
if (!ike_alg_hash_present(halg)) {
DBG_log(__FUNCTION__ "() "
"ike hash halg=%d not present",
halg);
continue;
}
enc_desc = ike_alg_get_encrypter(ealg);
passert(enc_desc != NULL);
if (eklen
/*
&& eklen != enc_desc->keydeflen)
*/
&& (eklen < enc_desc->keyminlen
|| eklen > enc_desc->keymaxlen))
{
DBG_log(__FUNCTION__ "() "
"ealg=%d (specified) keylen:%d, "
"not valid "
/*
"keylen != %d"
*/
"min=%d, max=%d"
, ealg
, eklen
/*
, enc_desc->keydeflen
*/
, enc_desc->keyminlen
, enc_desc->keymaxlen
);
continue;
}
if (policy & POLICY_RSASIG) {
db_trans_add(db_ctx, KEY_IKE);
db_attr_add_values(db_ctx,
OAKLEY_ENCRYPTION_ALGORITHM, ealg);
db_attr_add_values(db_ctx,
OAKLEY_HASH_ALGORITHM, halg);
if (eklen)
db_attr_add_values(db_ctx,
OAKLEY_KEY_LENGTH, eklen);
db_attr_add_values(db_ctx,
OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(db_ctx,
OAKLEY_GROUP_DESCRIPTION, modp);
}
if (policy & POLICY_PSK) {
db_trans_add(db_ctx, KEY_IKE);
db_attr_add_values(db_ctx,
OAKLEY_ENCRYPTION_ALGORITHM, ealg);
db_attr_add_values(db_ctx,
OAKLEY_HASH_ALGORITHM, halg);
if (ike_info->ike_eklen)
db_attr_add_values(db_ctx,
OAKLEY_KEY_LENGTH, ike_info->ike_eklen);
db_attr_add_values(db_ctx,
OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
db_attr_add_values(db_ctx,
OAKLEY_GROUP_DESCRIPTION, modp);
}
}