static int doit(unsigned protoid, const char *str)
{
struct alg_info *ai;
enum_names *enames, *anames, *gnames;
const char *err;
int i;
switch (protoid) {
case PROTO_IPSEC_ESP: {
struct alg_info_esp *ai_esp;
struct esp_info *esp_info;
enames=&esp_transformid_names;
anames=&auth_alg_names;
gnames=NULL;
ai_esp=alg_info_esp_create_from_str(str, &err);
ai = (struct alg_info *) ai_esp;
if (!ai) goto err;
alg_info_addref(ai);
ALG_INFO_ESP_FOREACH(ai_esp, esp_info, i) {
printf("(%d = \"%s\" [%d], ",
esp_info->esp_ealg_id,
enum_name(enames, esp_info->esp_ealg_id),
esp_info->esp_ealg_keylen);
printf("%d = \"%s\" [%d])\n",
esp_info->esp_aalg_id,
enum_name(anames, esp_info->esp_aalg_id),
esp_info->esp_aalg_keylen);
}
break;
}
case PROTO_ISAKMP: {
struct alg_info_ike *ai_ike;
struct ike_info *ike_info;
enames=&oakley_enc_names;
anames=&oakley_hash_names;
gnames=&oakley_group_names;
ai_ike = alg_info_ike_create_from_str(str, &err);
ai = (struct alg_info *) ai_ike;
if (!ai) goto err;
alg_info_addref(ai);
ALG_INFO_IKE_FOREACH(ai_ike, ike_info, i) {
printf("(%d = \"%s\" [%d], ",
ike_info->ike_ealg,
enum_name(enames, ike_info->ike_ealg),
ike_info->ike_eklen);
printf("%d = \"%s\" [%d], ",
ike_info->ike_halg,
enum_name(anames, ike_info->ike_halg),
ike_info->ike_hklen);
printf("%d = \"%s\")\n",
ike_info->ike_modp,
ike_info->ike_modp ?
enum_name(gnames, ike_info->ike_modp):
"<default>");
}
break;
}
main(int argc, char *argv[]) {
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_esp *aii;
char err_buf[100];
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
EF_PROTECT_BELOW = 1;
progname = argv[0];
leak_detective = 1;
tool_init_log();
init_crypto();
{
int algo;
for (algo = 1; algo <= K_SADB_EALG_MAX; algo++)
esp_ealg[(algo)].sadb_alg_id = (algo);
}
{
int algo;
for (algo = 1; algo <= K_SADB_AALG_MAX; algo++)
esp_aalg[(algo)].sadb_alg_id = (algo);
}
esp_ealg_num = 10;
esp_aalg_num = 10;
aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf));
gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE,
aii,
TRUE);
sa_print(gsp);
gsp = sa_v2_convert(gsp);
sa_v2_print(gsp);
tool_close_log();
free_sa(gsp);
exit(0);
}
static int decode_esp(char *algname)
{
char err_buf[256] = ""; /* ??? big enough? */
int esp_alg;
struct alg_info_esp *alg_info = alg_info_esp_create_from_str(algname, err_buf, sizeof(err_buf));
if (alg_info != NULL) {
int esp_ealg_id, esp_aalg_id;
esp_alg = XF_OTHER_ALG;
if (alg_info->ai.alg_info_cnt > 1) {
fprintf(stderr, "%s: Invalid encryption algorithm '%s' "
"follows '--esp' option: lead too many(%d) "
"transforms\n",
progname, algname,
alg_info->ai.alg_info_cnt);
exit(1);
}
alg_string = algname;
esp_info = &alg_info->esp[0];
if (debug) {
fprintf(stdout,
"%s: alg_info: cnt=%d ealg[0]=%d aalg[0]=%d\n",
progname,
alg_info->ai.alg_info_cnt,
esp_info->encryptalg,
esp_info->authalg);
}
esp_ealg_id = esp_info->transid;
esp_aalg_id = esp_info->auth;
if (kernel_alg_proc_read()) {
err_t ugh;
proc_read_ok++;
ugh = check_kernel_encrypt_alg(esp_ealg_id, 0);
if (ugh != NULL) {
fprintf(stderr, "%s: ESP encryptalg=%d (\"%s\") "
"not present - %s\n",
progname,
esp_ealg_id,
enum_name(&esp_transformid_names,
esp_ealg_id),
ugh);
exit(1);
}
if (!kernel_alg_esp_auth_ok(esp_aalg_id, 0)) {
/* ??? this message looks badly worded */
fprintf(stderr, "%s: ESP authalg=%d (\"%s\") - alg not present\n",
progname, esp_aalg_id,
enum_name(&auth_alg_names,
esp_aalg_id));
exit(1);
}
}
} else {
fprintf(stderr,
"%s: Invalid encryption algorithm '%s' follows '--esp' option %s\n",
progname, algname, err_buf);
exit(1);
}
return esp_alg;
}
