int main(void) {
struct db_context *ctx=db_prop_new(PROTO_ISAKMP, 0, 0);
db_trans_add(ctx, KEY_IKE);
db_attr_add_values(ctx, OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_DES_CBC);
db_attr_add_values(ctx, OAKLEY_HASH_ALGORITHM, OAKLEY_MD5);
db_attr_add_values(ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(ctx, OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1024);
db_trans_add(ctx, KEY_IKE);
db_attr_add_values(ctx, OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_3DES_CBC);
db_attr_add_values(ctx, OAKLEY_HASH_ALGORITHM, OAKLEY_MD5);
db_attr_add_values(ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(ctx, OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1024);
db_trans_add(ctx, KEY_IKE);
db_attr_add_values(ctx, OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_AES_CBC);
db_attr_add_values(ctx, OAKLEY_HASH_ALGORITHM, OAKLEY_MD5);
db_attr_add_values(ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
db_attr_add_values(ctx, OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1536);
db_trans_add(ctx, ESP_3DES);
db_attr_add_values(ctx, AUTH_ALGORITHM, AUTH_ALGORITHM_HMAC_SHA1);
db_trans_add(ctx, ESP_DES);
db_attr_add_values(ctx, AUTH_ALGORITHM, AUTH_ALGORITHM_HMAC_SHA1);
db_print(ctx);
db_destroy(ctx);
return 0;
}
/*
* Create proposal with runtime kernel algos, merging
* with passed proposal if not NULL
*
* for now this function does free() previous returned
* malloced pointer (this quirk allows easier spdb.c change)
*/
struct db_context *
kernel_alg_db_new(struct alg_info_esp *alg_info, lset_t policy, bool logit)
{
int ealg_i, aalg_i;
unsigned int tn=0;
int i;
const struct esp_info *esp_info;
struct esp_info tmp_esp_info;
struct db_context *ctx_new=NULL;
struct db_trans *t;
struct db_prop *prop;
unsigned int trans_cnt;
bool success = TRUE;
int protoid;
if(policy & POLICY_ENCRYPT) {
trans_cnt=(esp_ealg_num*esp_aalg_num);
protoid = PROTO_IPSEC_ESP;
} else if(policy & POLICY_AUTHENTICATE) {
trans_cnt=esp_aalg_num;
protoid = PROTO_IPSEC_AH;
}
DBG(DBG_EMITTING, DBG_log("kernel_alg_db_new() "
"initial trans_cnt=%d",
trans_cnt));
/* pass aprox. number of transforms and attributes */
ctx_new = db_prop_new(protoid, trans_cnt, trans_cnt * 2);
/*
* Loop: for each element (struct esp_info) of
* alg_info, if kernel support is present then
* build the transform (and attrs)
*
* if NULL alg_info, propose everything ...
*/
/* passert(alg_info!=0); */
if (alg_info) {
ALG_INFO_ESP_FOREACH(alg_info, esp_info, i) {
bool thistime;
tmp_esp_info = *esp_info;
thistime = kernel_alg_db_add(ctx_new
, &tmp_esp_info
, policy, logit);
if(thistime == FALSE) {
success=FALSE;
}
}
} else {
/*
* Create proposal with runtime kernel algos, merging
* with passed proposal if not NULL
*
* for now this function does free() previous returned
* malloced pointer (this quirk allows easier spdb.c change)
*/
struct db_context *
kernel_alg_db_new(struct alg_info_esp *alg_info, lset_t policy, bool logit)
{
int ealg_i, aalg_i, tn=0;
int i;
const struct esp_info *esp_info;
struct esp_info tmp_esp_info;
struct db_context *ctx_new=NULL;
struct db_trans *t;
struct db_prop *prop;
int trans_cnt;
bool success = TRUE;
if (!(policy & POLICY_ENCRYPT)) { /* possible for AH-only modes */
DBG(DBG_CONTROL
, DBG_log("algo code only works for encryption modes"));
return NULL;
}
trans_cnt=(esp_ealg_num*esp_aalg_num);
DBG(DBG_EMITTING, DBG_log("kernel_alg_db_new() "
"initial trans_cnt=%d",
trans_cnt));
/* pass aprox. number of transforms and attributes */
ctx_new = db_prop_new(PROTO_IPSEC_ESP, trans_cnt, trans_cnt * 2);
/*
* Loop: for each element (struct esp_info) of
* alg_info, if kernel support is present then
* build the transform (and attrs)
*
* if NULL alg_info, propose everything ...
*/
/* passert(alg_info!=0); */
if (alg_info) {
ALG_INFO_ESP_FOREACH(alg_info, esp_info, i) {
bool thistime;
tmp_esp_info = *esp_info;
thistime = kernel_alg_db_add(ctx_new
, &tmp_esp_info
, policy, logit);
if(thistime == FALSE) {
success=FALSE;
}
}
} else {
/*
* Create an OAKLEY proposal based on alg_info and policy
*/
struct db_context *
ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
{
struct db_context *db_ctx = NULL;
struct ike_info *ike_info;
unsigned ealg, halg, modp, eklen=0;
struct encrypt_desc *enc_desc;
int i;
if (!ai) {
whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
"for this connection "
"(check ike algorithm string)");
goto fail;
}
policy &= POLICY_ID_AUTH_MASK;
db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
/* for each group */
ALG_INFO_IKE_FOREACH(ai, ike_info, i) {
ealg = ike_info->ike_ealg;
halg = ike_info->ike_halg;
modp = ike_info->ike_modp;
eklen= ike_info->ike_eklen;
if (!ike_alg_enc_present(ealg)) {
DBG_log(__FUNCTION__ "() "
"ike enc ealg=%d not present",
ealg);
continue;
}
if (!ike_alg_hash_present(halg)) {
DBG_log(__FUNCTION__ "() "
"ike hash halg=%d not present",
halg);
continue;
}
enc_desc = ike_alg_get_encrypter(ealg);
passert(enc_desc != NULL);
if (eklen
/*
&& eklen != enc_desc->keydeflen)
*/
&& (eklen < enc_desc->keyminlen
|| eklen > enc_desc->keymaxlen))
{
DBG_log(__FUNCTION__ "() "
"ealg=%d (specified) keylen:%d, "
"not valid "
/*
"keylen != %d"
*/
"min=%d, max=%d"
, ealg
, eklen
/*
, enc_desc->keydeflen
*/
, enc_desc->keyminlen
, enc_desc->keymaxlen
);
continue;
}
if (policy & POLICY_RSASIG) {
db_trans_add(db_ctx, KEY_IKE);
db_attr_add_values(db_ctx,
OAKLEY_ENCRYPTION_ALGORITHM, ealg);
db_attr_add_values(db_ctx,
OAKLEY_HASH_ALGORITHM, halg);
if (eklen)
db_attr_add_values(db_ctx,
OAKLEY_KEY_LENGTH, eklen);
db_attr_add_values(db_ctx,
OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
db_attr_add_values(db_ctx,
OAKLEY_GROUP_DESCRIPTION, modp);
}
if (policy & POLICY_PSK) {
db_trans_add(db_ctx, KEY_IKE);
db_attr_add_values(db_ctx,
OAKLEY_ENCRYPTION_ALGORITHM, ealg);
db_attr_add_values(db_ctx,
OAKLEY_HASH_ALGORITHM, halg);
if (ike_info->ike_eklen)
db_attr_add_values(db_ctx,
OAKLEY_KEY_LENGTH, ike_info->ike_eklen);
db_attr_add_values(db_ctx,
OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
db_attr_add_values(db_ctx,
OAKLEY_GROUP_DESCRIPTION, modp);
}
}
