2 * Algorithm info parsing and creation functions
3 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
5 * $Id: alg_info.c,v 1.5 2004/09/29 22:42:49 as Exp $
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 #include <netinet/in.h>
22 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
29 #include <freeswan/ipsec_policy.h>
33 #include "constants.h"
41 #include "kernel_alg.h"
45 * macros/functions for compilation without pluto (eg: spi for manual conns)
48 #define passert(x) assert(x)
49 extern int debug
; /* eg: spi.c */
50 #define DBG(cond, action) { if (debug) { action ; } }
51 #define DBG_log(x, args...) fprintf(stderr, x "\n" , ##args);
52 #define RC_LOG_SERIOUS
53 #define loglog(x, args...) fprintf(stderr, ##args);
54 #define alloc_thing(thing, name) alloc_bytes(sizeof (thing), name)
55 void * alloc_bytes(size_t size
, const char *name
) {
58 fprintf(stderr
, "unable to malloc %lu bytes for %s",
59 (unsigned long) size
, name
);
60 memset(p
, '\0', size
);
63 #define pfreeany(ptr) free(ptr)
67 * sadb/ESP aa attrib converters
70 alg_info_esp_aa2sadb(int auth
)
75 case AUTH_ALGORITHM_HMAC_MD5
:
76 case AUTH_ALGORITHM_HMAC_SHA1
:
79 case AUTH_ALGORITHM_HMAC_SHA2_256
:
80 case AUTH_ALGORITHM_HMAC_SHA2_384
:
81 case AUTH_ALGORITHM_HMAC_SHA2_512
:
82 case AUTH_ALGORITHM_HMAC_RIPEMD
:
92 int /* __attribute__ ((unused)) */
93 alg_info_esp_sadb2aa(int sadb_aalg
)
98 case SADB_AALG_MD5_HMAC
:
99 case SADB_AALG_SHA1_HMAC
:
100 auth
= sadb_aalg
- 1;
102 /* since they are the same ... :) */
103 case AUTH_ALGORITHM_HMAC_SHA2_256
:
104 case AUTH_ALGORITHM_HMAC_SHA2_384
:
105 case AUTH_ALGORITHM_HMAC_SHA2_512
:
106 case AUTH_ALGORITHM_HMAC_RIPEMD
:
117 * Search enum_name array with in prefixed uppercase
120 enum_search_prefix (enum_names
*ed
, const char *prefix
, const char *str
, int strlen
)
125 int len
= sizeof(buf
) - 1; /* reserve space for final \0 */
127 for (ptr
= buf
; *prefix
; *ptr
++ = *prefix
++, len
--);
128 while (strlen
-- && len
-- && *str
) *ptr
++ = toupper(*str
++);
132 DBG_log("enum_search_prefix () calling enum_search(%p, \"%s\")"
135 ret
= enum_search(ed
, buf
);
140 * Search enum_name array with in prefixed and postfixed uppercase
143 enum_search_ppfix (enum_names
*ed
, const char *prefix
, const char *postfix
, const char *str
, int strlen
)
148 int len
= sizeof(buf
) - 1; /* reserve space for final \0 */
150 for (ptr
= buf
; *prefix
; *ptr
++ = *prefix
++, len
--);
151 while (strlen
-- && len
-- && *str
) *ptr
++ = toupper(*str
++);
152 while (len
-- && *postfix
) *ptr
++ = *postfix
++;
156 DBG_log("enum_search_ppfixi () calling enum_search(%p, \"%s\")"
159 ret
= enum_search(ed
, buf
);
164 * Search esp_transformid_names for a match, eg:
165 * "3des" <=> "ESP_3DES"
167 #define ESP_MAGIC_ID 0x00ffff01
170 ealg_getbyname_esp(const char *const str
, int len
)
175 /* leave special case for eg: "id248" string */
176 if (strcmp("id", str
) == 0)
179 return enum_search_prefix(&esp_transformid_names
, "ESP_", str
, len
);
183 * Search auth_alg_names for a match, eg:
184 * "md5" <=> "AUTH_ALGORITHM_HMAC_MD5"
187 aalg_getbyname_esp(const char *const str
, int len
)
195 ret
= enum_search_prefix(&auth_alg_names
,"AUTH_ALGORITHM_HMAC_", str
,len
);
199 ret
= enum_search_prefix(&auth_alg_names
,"AUTH_ALGORITHM_", str
, len
);
203 sscanf(str
, "id%d%n", &ret
, &num
);
204 return (ret
>= 0 && num
!= strlen(str
))? -1 : ret
;
208 modp_getbyname_esp(const char *const str
, int len
)
215 ret
= enum_search_prefix(&oakley_group_names
,"OAKLEY_GROUP_", str
, len
);
219 ret
= enum_search_ppfix(&oakley_group_names
, "OAKLEY_GROUP_", " (extension)", str
, len
);
224 alg_info_free(struct alg_info
*alg_info
)
230 * Raw add routine: only checks for no duplicates
233 __alg_info_esp_add (struct alg_info_esp
*alg_info
, int ealg_id
, unsigned ek_bits
, int aalg_id
, unsigned ak_bits
)
235 struct esp_info
*esp_info
=alg_info
->esp
;
236 unsigned cnt
= alg_info
->alg_info_cnt
, i
;
238 /* check for overflows */
239 passert(cnt
< elemsof(alg_info
->esp
));
241 /* dont add duplicates */
242 for (i
= 0; i
< cnt
; i
++)
244 if (esp_info
[i
].esp_ealg_id
== ealg_id
245 && (!ek_bits
|| esp_info
[i
].esp_ealg_keylen
== ek_bits
)
246 && esp_info
[i
].esp_aalg_id
== aalg_id
247 && (!ak_bits
|| esp_info
[i
].esp_aalg_keylen
== ak_bits
))
251 esp_info
[cnt
].esp_ealg_id
= ealg_id
;
252 esp_info
[cnt
].esp_ealg_keylen
= ek_bits
;
253 esp_info
[cnt
].esp_aalg_id
= aalg_id
;
254 esp_info
[cnt
].esp_aalg_keylen
= ak_bits
;
257 esp_info
[cnt
].encryptalg
= ealg_id
;
258 esp_info
[cnt
].authalg
= alg_info_esp_aa2sadb(aalg_id
);
259 alg_info
->alg_info_cnt
++;
262 DBG_log("__alg_info_esp_add() ealg=%d aalg=%d cnt=%d"
263 , ealg_id
, aalg_id
, alg_info
->alg_info_cnt
)
268 * Add ESP alg info _with_ logic (policy):
271 alg_info_esp_add (struct alg_info
*alg_info
, int ealg_id
, int ek_bits
, int aalg_id
, int ak_bits
)
273 /* Policy: default to 3DES */
282 /* Allow no auth for manual conns (from spi.c) */
285 __alg_info_esp_add((struct alg_info_esp
*)alg_info
,
290 /* Policy: default to MD5 and SHA1 */
291 __alg_info_esp_add((struct alg_info_esp
*)alg_info
,
293 AUTH_ALGORITHM_HMAC_MD5
, ak_bits
);
294 __alg_info_esp_add((struct alg_info_esp
*)alg_info
,
296 AUTH_ALGORITHM_HMAC_SHA1
, ak_bits
);
302 /**************************************
306 *************************************/
308 * Search oakley_enc_names for a match, eg:
309 * "3des_cbc" <=> "OAKLEY_3DES_CBC"
312 ealg_getbyname_ike(const char *const str
, int len
)
319 ret
= enum_search_prefix(&oakley_enc_names
,"OAKLEY_", str
, len
);
323 ret
= enum_search_ppfix(&oakley_enc_names
, "OAKLEY_", "_CBC", str
, len
);
328 * Search oakley_hash_names for a match, eg:
329 * "md5" <=> "OAKLEY_MD5"
332 aalg_getbyname_ike(const char *const str
, int len
)
340 ret
= enum_search_prefix(&oakley_hash_names
,"OAKLEY_", str
, len
);
344 sscanf(str
, "id%d%n", &ret
, &num
);
345 return (ret
>=0 && num
!= strlen(str
))? -1 : ret
;
349 * Search oakley_group_names for a match, eg:
350 * "modp1024" <=> "OAKLEY_GROUP_MODP1024"
353 modp_getbyname_ike(const char *const str
, int len
)
360 ret
= enum_search_prefix(&oakley_group_names
,"OAKLEY_GROUP_", str
, len
);
364 ret
= enum_search_ppfix(&oakley_group_names
, "OAKLEY_GROUP_", " (extension)", str
, len
);
369 __alg_info_ike_add (struct alg_info_ike
*alg_info
, int ealg_id
, unsigned ek_bits
, int aalg_id
, unsigned ak_bits
, int modp_id
)
371 struct ike_info
*ike_info
= alg_info
->ike
;
372 unsigned cnt
= alg_info
->alg_info_cnt
;
375 /* check for overflows */
376 passert(cnt
< elemsof(alg_info
->ike
));
378 /* dont add duplicates */
379 for (i
= 0;i
< cnt
; i
++)
381 if (ike_info
[i
].ike_ealg
== ealg_id
382 && (!ek_bits
|| ike_info
[i
].ike_eklen
== ek_bits
)
383 && ike_info
[i
].ike_halg
== aalg_id
384 && (!ak_bits
|| ike_info
[i
].ike_hklen
== ak_bits
)
385 && ike_info
[i
].ike_modp
==modp_id
)
389 ike_info
[cnt
].ike_ealg
= ealg_id
;
390 ike_info
[cnt
].ike_eklen
= ek_bits
;
391 ike_info
[cnt
].ike_halg
= aalg_id
;
392 ike_info
[cnt
].ike_hklen
= ak_bits
;
393 ike_info
[cnt
].ike_modp
= modp_id
;
394 alg_info
->alg_info_cnt
++;
397 DBG_log("__alg_info_ike_add() ealg=%d aalg=%d modp_id=%d, cnt=%d"
398 , ealg_id
, aalg_id
, modp_id
399 , alg_info
->alg_info_cnt
)
404 * Proposals will be built by looping over default_ike_groups array and
405 * merging alg_info (ike_info) contents
408 static int default_ike_groups
[] = {
409 OAKLEY_GROUP_MODP1536
,
410 OAKLEY_GROUP_MODP1024
414 * Add IKE alg info _with_ logic (policy):
417 alg_info_ike_add (struct alg_info
*alg_info
, int ealg_id
, int ek_bits
, int aalg_id
, int ak_bits
, int modp_id
)
420 int n_groups
= elemsof(default_ike_groups
);
422 /* if specified modp_id avoid loop over default_ike_groups */
429 for (; n_groups
--; i
++)
431 modp_id
= default_ike_groups
[i
];
433 /* Policy: default to 3DES */
435 ealg_id
= OAKLEY_3DES_CBC
;
440 __alg_info_ike_add((struct alg_info_ike
*)alg_info
,
446 /* Policy: default to MD5 and SHA */
447 __alg_info_ike_add((struct alg_info_ike
*)alg_info
,
451 __alg_info_ike_add((struct alg_info_ike
*)alg_info
,
459 #endif /* NO_PLUTO */
462 * Creates a new alg_info by parsing passed string
464 enum parser_state_esp
{
466 ST_EA
, /* encrypt algo */
468 ST_EK
, /* enc. key length */
470 ST_AA
, /* auth algo */
472 ST_AK
, /* auth. key length */
474 ST_MODP
, /* modp spec */
481 static const char *parser_state_esp_names
[] = {
499 parser_state_name_esp(enum parser_state_esp state
)
501 return parser_state_esp_names
[state
];
504 /* XXX:jjo to implement different parser for ESP and IKE */
505 struct parser_context
{
506 unsigned state
, old_state
;
511 int (*ealg_getbyname
)(const char *const str
, int len
);
512 int (*aalg_getbyname
)(const char *const str
, int len
);
513 int (*modp_getbyname
)(const char *const str
, int len
);
524 parser_set_state(struct parser_context
*p_ctx
, enum parser_state_esp state
)
526 if (state
!= p_ctx
->state
)
528 p_ctx
->old_state
= p_ctx
->state
;
529 p_ctx
->state
= state
;
534 parser_machine(struct parser_context
*p_ctx
)
538 /* special 'absolute' cases */
539 p_ctx
->err
= "No error.";
541 /* chars that end algo strings */
543 case 0: /* end-of-string */
544 case '!': /* flag as strict algo list */
545 case ',': /* algo string separator */
546 switch (p_ctx
->state
) {
554 enum parser_state_esp next_state
= 0;
564 next_state
= ST_FLAG_STRICT
;
567 /* ch? parser_set_state(p_ctx, ST_END) : parser_set_state(p_ctx, ST_EOF) ; */
568 parser_set_state(p_ctx
, next_state
);
572 p_ctx
->err
= "String ended with invalid char";
577 switch (p_ctx
->state
) {
583 *(p_ctx
->ealg_str
++) = ch
;
584 parser_set_state(p_ctx
, ST_EA
);
587 p_ctx
->err
= "No alphanum. char initially found";
590 if (isalpha(ch
) || ch
== '_')
592 *(p_ctx
->ealg_str
++) = ch
;
597 /* bravely switch to enc keylen */
598 *(p_ctx
->ealg_str
) = 0;
599 parser_set_state(p_ctx
, ST_EK
);
604 *(p_ctx
->ealg_str
) = 0;
605 parser_set_state(p_ctx
, ST_EA_END
);
608 p_ctx
->err
= "No valid char found after enc alg string";
613 /* bravely switch to enc keylen */
614 parser_set_state(p_ctx
, ST_EK
);
619 parser_set_state(p_ctx
, ST_AA
);
622 p_ctx
->err
= "No alphanum char found after enc alg separator";
627 parser_set_state(p_ctx
, ST_EK_END
);
632 p_ctx
->eklen
= p_ctx
->eklen
*10 + ch
- '0';
635 p_ctx
->err
= "Non digit or valid separator found while reading enc keylen";
640 parser_set_state(p_ctx
, ST_AA
);
643 p_ctx
->err
= "Non alpha char found after enc keylen end separator";
648 *(p_ctx
->aalg_str
++) = 0;
649 parser_set_state(p_ctx
, ST_AA_END
);
652 if (isalnum(ch
) || ch
== '_')
654 *(p_ctx
->aalg_str
++) = ch
;
657 p_ctx
->err
= "Non alphanum or valid separator found in auth string";
662 parser_set_state(p_ctx
, ST_AK
);
665 /* Only allow modpXXXX string if we have a modp_getbyname method */
666 if ((p_ctx
->modp_getbyname
) && isalpha(ch
))
668 parser_set_state(p_ctx
, ST_MODP
);
671 p_ctx
->err
= "Non initial digit found for auth keylen";
676 parser_set_state(p_ctx
, ST_AK_END
);
681 p_ctx
->aklen
= p_ctx
->aklen
*10 + ch
- '0';
684 p_ctx
->err
= "Non digit found for auth keylen";
687 /* Only allow modpXXXX string if we have a modp_getbyname method */
688 if ((p_ctx
->modp_getbyname
) && isalpha(ch
))
690 parser_set_state(p_ctx
, ST_MODP
);
693 p_ctx
->err
= "Non alpha char found after auth keylen";
698 *(p_ctx
->modp_str
++) = ch
;
701 p_ctx
->err
= "Non alphanum char found after in modp string";
705 parser_set_state(p_ctx
, ST_END
);
706 p_ctx
->err
= "Flags character(s) must be at end of whole string";
719 parser_set_state(p_ctx
, ST_ERR
);
724 * Must be called for each "new" char, with new
725 * character in ctx.ch
728 parser_init(struct parser_context
*p_ctx
, unsigned protoid
)
730 memset(p_ctx
, 0, sizeof (*p_ctx
));
731 p_ctx
->protoid
= protoid
; /* XXX: jjo */
732 p_ctx
->protoid
= PROTO_IPSEC_ESP
;
733 p_ctx
->ealg_str
= p_ctx
->ealg_buf
;
734 p_ctx
->aalg_str
= p_ctx
->aalg_buf
;
735 p_ctx
->modp_str
= p_ctx
->modp_buf
;
736 p_ctx
->state
= ST_INI
;
741 p_ctx
->ealg_getbyname
= ealg_getbyname_ike
;
742 p_ctx
->aalg_getbyname
= aalg_getbyname_ike
;
743 p_ctx
->modp_getbyname
= modp_getbyname_ike
;
746 case PROTO_IPSEC_ESP
:
747 p_ctx
->ealg_getbyname
= ealg_getbyname_esp
;
748 p_ctx
->aalg_getbyname
= aalg_getbyname_esp
;
754 parser_alg_info_add(struct parser_context
*p_ctx
, struct alg_info
*alg_info
)
760 const struct oakley_group_desc
*gd
;
763 if (*p_ctx
->ealg_buf
)
765 ealg_id
= p_ctx
->ealg_getbyname(p_ctx
->ealg_buf
, strlen(p_ctx
->ealg_buf
));
766 if (ealg_id
== ESP_MAGIC_ID
)
768 ealg_id
= p_ctx
->eklen
;
773 p_ctx
->err
= "enc_alg not found";
777 DBG_log("parser_alg_info_add() ealg_getbyname(\"%s\")=%d"
782 if (*p_ctx
->aalg_buf
)
784 aalg_id
= p_ctx
->aalg_getbyname(p_ctx
->aalg_buf
, strlen(p_ctx
->aalg_buf
));
787 p_ctx
->err
= "hash_alg not found";
791 DBG_log("parser_alg_info_add() aalg_getbyname(\"%s\")=%d"
796 if (p_ctx
->modp_getbyname
&& *p_ctx
->modp_buf
)
798 modp_id
= p_ctx
->modp_getbyname(p_ctx
->modp_buf
, strlen(p_ctx
->modp_buf
));
801 p_ctx
->err
= "modp group not found";
805 DBG_log("parser_alg_info_add() modp_getbyname(\"%s\")=%d"
810 switch (alg_info
->alg_info_protoid
) {
811 case PROTO_IPSEC_ESP
:
812 alg_info_esp_add(alg_info
,
813 ealg_id
, p_ctx
->eklen
,
814 aalg_id
, p_ctx
->aklen
);
818 if (modp_id
&& !(gd
= lookup_group(modp_id
)))
820 p_ctx
->err
= "found modp group id, but not supported";
823 alg_info_ike_add(alg_info
,
824 ealg_id
, p_ctx
->eklen
,
825 aalg_id
, p_ctx
->aklen
,
836 alg_info_parse_str (struct alg_info
*alg_info
, const char *alg_str
, const char **err_p
)
838 struct parser_context ctx
;
841 static char err_buf
[256];
844 parser_init(&ctx
, alg_info
->alg_info_protoid
);
848 /* use default if nul esp string */
851 switch (alg_info
->alg_info_protoid
) {
854 alg_info_ike_add(alg_info
, 0, 0, 0, 0, 0);
857 case PROTO_IPSEC_ESP
:
858 alg_info_esp_add(alg_info
, 0, 0, 0, 0);
862 passert(alg_info
->alg_info_protoid
);
866 for (ret
= 0, ptr
= alg_str
; ret
< ST_EOF
;)
869 ret
= parser_machine(&ctx
);
873 alg_info
->alg_info_flags
|= ALG_INFO_F_STRICT
;
878 DBG_log("alg_info_parse_str() ealg_buf=%s aalg_buf=%s"
880 ctx
.ealg_buf
, ctx
.aalg_buf
,
881 ctx
.eklen
, ctx
.aklen
)
883 if (parser_alg_info_add(&ctx
, alg_info
) < 0)
885 snprintf(err_buf
, sizeof(err_buf
),
886 "%s, enc_alg=\"%s\", auth_alg=\"%s\", modp=\"%s\"",
893 /* zero out for next run (ST_END) */
894 parser_init(&ctx
, alg_info
->alg_info_protoid
);
897 snprintf(err_buf
, sizeof(err_buf
),
898 "%s, just after \"%.*s\" (old_state=%s)",
900 (int)(ptr
-alg_str
-1), alg_str
,
901 parser_state_name_esp(ctx
.old_state
));
915 struct alg_info_esp
*
916 alg_info_esp_create_from_str (const char *alg_str
, const char **err_p
)
918 struct alg_info_esp
*alg_info_esp
;
920 static char err_buf
[256];
924 * alg_info storage should be sized dynamically
925 * but this may require 2passes to know
926 * transform count in advance.
928 alg_info_esp
= alloc_thing (struct alg_info_esp
, "alg_info_esp");
932 pfs_name
=index (alg_str
, ';');
935 memcpy(esp_buf
, alg_str
, pfs_name
-alg_str
);
936 esp_buf
[pfs_name
-alg_str
] = 0;
940 /* if pfs strings AND first char is not '0' */
941 if (*pfs_name
&& pfs_name
[0] != '0')
943 ret
= modp_getbyname_esp(pfs_name
, strlen(pfs_name
));
946 /* Bomb if pfsgroup not found */
948 DBG_log("alg_info_esp_create_from_str(): pfsgroup \"%s\" not found"
953 snprintf(err_buf
, sizeof(err_buf
),
954 "pfsgroup \"%s\" not found",
961 alg_info_esp
->esp_pfsgroup
= ret
;
965 alg_info_esp
->esp_pfsgroup
= 0;
967 alg_info_esp
->alg_info_protoid
= PROTO_IPSEC_ESP
;
968 ret
= alg_info_parse_str((struct alg_info
*)alg_info_esp
, alg_str
, err_p
) ;
972 pfreeany(alg_info_esp
);
979 struct alg_info_ike
*
980 alg_info_ike_create_from_str (const char *alg_str
, const char **err_p
)
982 struct alg_info_ike
*alg_info_ike
;
984 * alg_info storage should be sized dynamically
985 * but this may require 2passes to know
986 * transform count in advance.
988 alg_info_ike
= alloc_thing (struct alg_info_ike
, "alg_info_ike");
989 alg_info_ike
->alg_info_protoid
= PROTO_ISAKMP
;
991 if (alg_info_parse_str((struct alg_info
*)alg_info_ike
,
994 pfreeany(alg_info_ike
);
1002 * alg_info struct can be shared by
1003 * several connections instances,
1004 * handle free() with ref_cnts
1007 alg_info_addref(struct alg_info
*alg_info
)
1009 if (alg_info
!= NULL
)
1011 alg_info
->ref_cnt
++;
1013 DBG_log("alg_info_addref() alg_info->ref_cnt=%d"
1014 , alg_info
->ref_cnt
)
1020 alg_info_delref(struct alg_info
**alg_info_p
)
1022 struct alg_info
*alg_info
= *alg_info_p
;
1024 if (alg_info
!= NULL
)
1026 passert(alg_info
->ref_cnt
!= 0);
1027 alg_info
->ref_cnt
--;
1029 DBG_log("alg_info_delref() alg_info->ref_cnt=%d"
1030 , alg_info
->ref_cnt
)
1032 if (alg_info
->ref_cnt
== 0)
1035 DBG_log("alg_info_delref() freeing alg_info")
1037 alg_info_free(alg_info
);
1043 /* snprint already parsed transform list (alg_info) */
1045 alg_info_snprint(char *buf
, int buflen
, struct alg_info
*alg_info
)
1049 struct esp_info
*esp_info
;
1051 struct ike_info
*ike_info
;
1055 switch (alg_info
->alg_info_protoid
) {
1056 case PROTO_IPSEC_ESP
:
1058 struct alg_info_esp
*alg_info_esp
= (struct alg_info_esp
*)alg_info
;
1060 ALG_INFO_ESP_FOREACH(alg_info_esp
, esp_info
, cnt
)
1062 np
= snprintf(ptr
, buflen
, "%d_%03d-%d, "
1063 , esp_info
->esp_ealg_id
1064 , (int)esp_info
->esp_ealg_keylen
1065 , esp_info
->esp_aalg_id
);
1071 if (alg_info_esp
->esp_pfsgroup
)
1073 np
= snprintf(ptr
, buflen
, "; pfsgroup=%d; "
1074 , alg_info_esp
->esp_pfsgroup
);
1084 ALG_INFO_IKE_FOREACH((struct alg_info_ike
*)alg_info
, ike_info
, cnt
)
1086 np
= snprintf(ptr
, buflen
, "%d_%03d-%d-%d, "
1087 , ike_info
->ike_ealg
1088 , (int)ike_info
->ike_eklen
1089 , ike_info
->ike_halg
1090 , ike_info
->ike_modp
);
1099 np
= snprintf(buf
, buflen
, "INVALID protoid=%d\n"
1100 , alg_info
->alg_info_protoid
);
1106 np
= snprintf(ptr
, buflen
, "%s"
1107 , alg_info
->alg_info_flags
& ALG_INFO_F_STRICT
?
1114 loglog(RC_LOG_SERIOUS
1115 , "buffer space exhausted in alg_info_snprint_ike(), buflen=%d"
1124 alg_info_snprint_esp(char *buf
, int buflen
, struct alg_info_esp
*alg_info
)
1128 int cnt
= alg_info
->alg_info_cnt
;
1129 struct esp_info
*esp_info
= alg_info
->esp
;
1133 if (kernel_alg_esp_enc_ok(esp_info
->esp_ealg_id
, 0, NULL
)
1134 && kernel_alg_esp_auth_ok(esp_info
->esp_aalg_id
, NULL
))
1136 u_int eklen
= (esp_info
->esp_ealg_keylen
)
1137 ? esp_info
->esp_ealg_keylen
1138 : kernel_alg_esp_enc_keylen(esp_info
->esp_ealg_id
)
1141 u_int aklen
= esp_info
->esp_aalg_keylen
1142 ? esp_info
->esp_aalg_keylen
1143 : kernel_alg_esp_auth_keylen(esp_info
->esp_aalg_id
)
1146 int ret
= snprintf(ptr
, buflen
, "%d_%03d-%d_%03d, ",
1147 esp_info
->esp_ealg_id
, eklen
,
1148 esp_info
->esp_aalg_id
, aklen
);
1160 alg_info_snprint_ike(char *buf
, int buflen
, struct alg_info_ike
*alg_info
)
1164 int cnt
= alg_info
->alg_info_cnt
;
1165 struct ike_info
*ike_info
= alg_info
->ike
;
1169 struct encrypt_desc
*enc_desc
= ike_alg_get_encrypter(ike_info
->ike_ealg
);
1170 struct hash_desc
*hash_desc
= ike_alg_get_hasher(ike_info
->ike_halg
);
1172 if (enc_desc
!= NULL
&& hash_desc
!= NULL
1173 && lookup_group(ike_info
->ike_modp
))
1176 u_int eklen
= (ike_info
->ike_eklen
)
1177 ? ike_info
->ike_eklen
1178 : enc_desc
->keydeflen
;
1180 u_int aklen
= (ike_info
->ike_hklen
)
1181 ? ike_info
->ike_hklen
1182 : hash_desc
->hash_digest_size
* BITS_PER_BYTE
;
1184 int ret
= snprintf(ptr
, buflen
, "%d_%03d-%d_%03d-%d, ",
1185 ike_info
->ike_ealg
, eklen
,
1186 ike_info
->ike_halg
, aklen
,
1187 ike_info
->ike_modp
);
1197 #endif /* NO_PLUTO */