static int doit(unsigned protoid, const char *str) { struct alg_info *ai; enum_names *enames, *anames, *gnames; const char *err; int i; switch (protoid) { case PROTO_IPSEC_ESP: { struct alg_info_esp *ai_esp; struct esp_info *esp_info; enames=&esp_transformid_names; anames=&auth_alg_names; gnames=NULL; ai_esp=alg_info_esp_create_from_str(str, &err); ai = (struct alg_info *) ai_esp; if (!ai) goto err; alg_info_addref(ai); ALG_INFO_ESP_FOREACH(ai_esp, esp_info, i) { printf("(%d = \"%s\" [%d], ", esp_info->esp_ealg_id, enum_name(enames, esp_info->esp_ealg_id), esp_info->esp_ealg_keylen); printf("%d = \"%s\" [%d])\n", esp_info->esp_aalg_id, enum_name(anames, esp_info->esp_aalg_id), esp_info->esp_aalg_keylen); } break; } case PROTO_ISAKMP: { struct alg_info_ike *ai_ike; struct ike_info *ike_info; enames=&oakley_enc_names; anames=&oakley_hash_names; gnames=&oakley_group_names; ai_ike = alg_info_ike_create_from_str(str, &err); ai = (struct alg_info *) ai_ike; if (!ai) goto err; alg_info_addref(ai); ALG_INFO_IKE_FOREACH(ai_ike, ike_info, i) { printf("(%d = \"%s\" [%d], ", ike_info->ike_ealg, enum_name(enames, ike_info->ike_ealg), ike_info->ike_eklen); printf("%d = \"%s\" [%d], ", ike_info->ike_halg, enum_name(anames, ike_info->ike_halg), ike_info->ike_hklen); printf("%d = \"%s\")\n", ike_info->ike_modp, ike_info->ike_modp ? enum_name(gnames, ike_info->ike_modp): "<default>"); } break; }
main(int argc, char *argv[]) { int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_esp *aii; char err_buf[100]; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; EF_PROTECT_BELOW = 1; progname = argv[0]; leak_detective = 1; tool_init_log(); init_crypto(); { int algo; for (algo = 1; algo <= K_SADB_EALG_MAX; algo++) esp_ealg[(algo)].sadb_alg_id = (algo); } { int algo; for (algo = 1; algo <= K_SADB_AALG_MAX; algo++) esp_aalg[(algo)].sadb_alg_id = (algo); } esp_ealg_num = 10; esp_aalg_num = 10; aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf)); gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE, aii, TRUE); sa_print(gsp); gsp = sa_v2_convert(gsp); sa_v2_print(gsp); tool_close_log(); free_sa(gsp); exit(0); }
static int decode_esp(char *algname) { char err_buf[256] = ""; /* ??? big enough? */ int esp_alg; struct alg_info_esp *alg_info = alg_info_esp_create_from_str(algname, err_buf, sizeof(err_buf)); if (alg_info != NULL) { int esp_ealg_id, esp_aalg_id; esp_alg = XF_OTHER_ALG; if (alg_info->ai.alg_info_cnt > 1) { fprintf(stderr, "%s: Invalid encryption algorithm '%s' " "follows '--esp' option: lead too many(%d) " "transforms\n", progname, algname, alg_info->ai.alg_info_cnt); exit(1); } alg_string = algname; esp_info = &alg_info->esp[0]; if (debug) { fprintf(stdout, "%s: alg_info: cnt=%d ealg[0]=%d aalg[0]=%d\n", progname, alg_info->ai.alg_info_cnt, esp_info->encryptalg, esp_info->authalg); } esp_ealg_id = esp_info->transid; esp_aalg_id = esp_info->auth; if (kernel_alg_proc_read()) { err_t ugh; proc_read_ok++; ugh = check_kernel_encrypt_alg(esp_ealg_id, 0); if (ugh != NULL) { fprintf(stderr, "%s: ESP encryptalg=%d (\"%s\") " "not present - %s\n", progname, esp_ealg_id, enum_name(&esp_transformid_names, esp_ealg_id), ugh); exit(1); } if (!kernel_alg_esp_auth_ok(esp_aalg_id, 0)) { /* ??? this message looks badly worded */ fprintf(stderr, "%s: ESP authalg=%d (\"%s\") - alg not present\n", progname, esp_aalg_id, enum_name(&auth_alg_names, esp_aalg_id)); exit(1); } } } else { fprintf(stderr, "%s: Invalid encryption algorithm '%s' follows '--esp' option %s\n", progname, algname, err_buf); exit(1); } return esp_alg; }