main(int argc, char *argv[]) { int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_esp *aii; char err_buf[100]; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; EF_PROTECT_BELOW = 1; progname = argv[0]; leak_detective = 1; tool_init_log(); init_crypto(); { int algo; for (algo = 1; algo <= K_SADB_EALG_MAX; algo++) esp_ealg[(algo)].sadb_alg_id = (algo); } { int algo; for (algo = 1; algo <= K_SADB_AALG_MAX; algo++) esp_aalg[(algo)].sadb_alg_id = (algo); } esp_ealg_num = 10; esp_aalg_num = 10; aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf)); gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE, aii, TRUE); sa_print(gsp); gsp = sa_v2_convert(gsp); sa_v2_print(gsp); tool_close_log(); free_sa(gsp); exit(0); }
static int initiate_a_connection(struct connection *c , void *arg) { struct initiate_stuff *is = (struct initiate_stuff *)arg; int whackfd = is->whackfd; lset_t moredebug = is->moredebug; enum crypto_importance importance = is->importance; int success = 0; set_cur_connection(c); /* turn on any extra debugging asked for */ c->extra_debugging |= moredebug; if (!oriented(*c)) { loglog(RC_ORIENT, "We cannot identify ourselves with either end of this connection."); } else if (NEVER_NEGOTIATE(c->policy)) { loglog(RC_INITSHUNT , "cannot initiate an authby=never connection"); } else if (c->kind != CK_PERMANENT) { if (isanyaddr(&c->spd.that.host_addr)) { #ifdef DYNAMICDNS if (c->dnshostname != NULL) { loglog(RC_NOPEERIP, "cannot initiate connection without resolved dynamic peer IP address, will keep retrying"); success = 1; c->policy |= POLICY_UP; } else #endif loglog(RC_NOPEERIP, "cannot initiate connection without knowing peer IP address (kind=%s)" , enum_show(&connection_kind_names, c->kind)); } else loglog(RC_WILDCARD, "cannot initiate connection with ID wildcards (kind=%s)" , enum_show(&connection_kind_names, c->kind)); } else { /* We will only request an IPsec SA if policy isn't empty * (ignoring Main Mode items). * This is a fudge, but not yet important. * If we are to proceed asynchronously, whackfd will be NULL_FD. */ c->policy |= POLICY_UP; if(c->policy & (POLICY_ENCRYPT|POLICY_AUTHENTICATE)) { struct alg_info_esp *alg = c->alg_info_esp; struct db_sa *phase2_sa = kernel_alg_makedb(c->policy, alg, TRUE); if(alg != NULL && phase2_sa == NULL) { whack_log(RC_NOALGO, "can not initiate: no acceptable kernel algorithms loaded"); reset_cur_connection(); close_any(is->whackfd); return 0; } free_sa(phase2_sa); } { whackfd = dup(whackfd); ipsecdoi_initiate(whackfd, c, c->policy, 1 , SOS_NOBODY, importance , NULL_POLICY ); success = 1; } } reset_cur_connection(); return success; }