Added algorithm lookup via kernel_interface_t to the various kernel interfaces
This commit is contained in:
parent
524fb37ccd
commit
08ad639f32
|
@ -820,8 +820,22 @@ static kernel_algorithm_t compression_algs[] = {
|
||||||
/**
|
/**
|
||||||
* Look up a kernel algorithm ID and its key size
|
* Look up a kernel algorithm ID and its key size
|
||||||
*/
|
*/
|
||||||
static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
|
static int lookup_algorithm(transform_type_t type, int ikev2)
|
||||||
{
|
{
|
||||||
|
kernel_algorithm_t *list;
|
||||||
|
int alg = 0;
|
||||||
|
|
||||||
|
switch (type)
|
||||||
|
{
|
||||||
|
case ENCRYPTION_ALGORITHM:
|
||||||
|
list = encryption_algs;
|
||||||
|
break;
|
||||||
|
case INTEGRITY_ALGORITHM:
|
||||||
|
list = integrity_algs;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
while (list->ikev2 != END_OF_LIST)
|
while (list->ikev2 != END_OF_LIST)
|
||||||
{
|
{
|
||||||
if (ikev2 == list->ikev2)
|
if (ikev2 == list->ikev2)
|
||||||
|
@ -830,7 +844,9 @@ static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
|
||||||
}
|
}
|
||||||
list++;
|
list++;
|
||||||
}
|
}
|
||||||
return 0;
|
hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
|
||||||
|
type, &alg, NULL);
|
||||||
|
return alg;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1713,8 +1729,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
||||||
sa->sadb_sa_spi = spi;
|
sa->sadb_sa_spi = spi;
|
||||||
sa->sadb_sa_state = SADB_SASTATE_MATURE;
|
sa->sadb_sa_state = SADB_SASTATE_MATURE;
|
||||||
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
|
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
|
||||||
sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg);
|
sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
|
||||||
sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg);
|
sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
|
||||||
PFKEY_EXT_ADD(msg, sa);
|
PFKEY_EXT_ADD(msg, sa);
|
||||||
|
|
||||||
add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC);
|
add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC);
|
||||||
|
|
|
@ -243,8 +243,25 @@ static kernel_algorithm_t compression_algs[] = {
|
||||||
/**
|
/**
|
||||||
* Look up a kernel algorithm name and its key size
|
* Look up a kernel algorithm name and its key size
|
||||||
*/
|
*/
|
||||||
static char* lookup_algorithm(kernel_algorithm_t *list, int ikev2)
|
static char* lookup_algorithm(transform_type_t type, int ikev2)
|
||||||
{
|
{
|
||||||
|
kernel_algorithm_t *list;
|
||||||
|
char *name = NULL;
|
||||||
|
|
||||||
|
switch (type)
|
||||||
|
{
|
||||||
|
case ENCRYPTION_ALGORITHM:
|
||||||
|
list = encryption_algs;
|
||||||
|
break;
|
||||||
|
case INTEGRITY_ALGORITHM:
|
||||||
|
list = integrity_algs;
|
||||||
|
break;
|
||||||
|
case COMPRESSION_ALGORITHM:
|
||||||
|
list = compression_algs;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
while (list->ikev2 != END_OF_LIST)
|
while (list->ikev2 != END_OF_LIST)
|
||||||
{
|
{
|
||||||
if (list->ikev2 == ikev2)
|
if (list->ikev2 == ikev2)
|
||||||
|
@ -253,7 +270,9 @@ static char* lookup_algorithm(kernel_algorithm_t *list, int ikev2)
|
||||||
}
|
}
|
||||||
list++;
|
list++;
|
||||||
}
|
}
|
||||||
return NULL;
|
hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
|
||||||
|
type, NULL, &name);
|
||||||
|
return name;
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef struct private_kernel_netlink_ipsec_t private_kernel_netlink_ipsec_t;
|
typedef struct private_kernel_netlink_ipsec_t private_kernel_netlink_ipsec_t;
|
||||||
|
@ -1222,12 +1241,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
||||||
{
|
{
|
||||||
struct xfrm_algo_aead *algo;
|
struct xfrm_algo_aead *algo;
|
||||||
|
|
||||||
alg_name = lookup_algorithm(encryption_algs, enc_alg);
|
alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
|
||||||
if (alg_name == NULL)
|
if (alg_name == NULL)
|
||||||
{
|
{
|
||||||
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
||||||
encryption_algorithm_names, enc_alg);
|
encryption_algorithm_names, enc_alg);
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
|
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
|
||||||
encryption_algorithm_names, enc_alg, enc_key.len * 8);
|
encryption_algorithm_names, enc_alg, enc_key.len * 8);
|
||||||
|
@ -1254,7 +1273,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
||||||
{
|
{
|
||||||
struct xfrm_algo *algo;
|
struct xfrm_algo *algo;
|
||||||
|
|
||||||
alg_name = lookup_algorithm(encryption_algs, enc_alg);
|
alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
|
||||||
if (alg_name == NULL)
|
if (alg_name == NULL)
|
||||||
{
|
{
|
||||||
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
||||||
|
@ -1285,7 +1304,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
||||||
{
|
{
|
||||||
u_int trunc_len = 0;
|
u_int trunc_len = 0;
|
||||||
|
|
||||||
alg_name = lookup_algorithm(integrity_algs, int_alg);
|
alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
|
||||||
if (alg_name == NULL)
|
if (alg_name == NULL)
|
||||||
{
|
{
|
||||||
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
||||||
|
@ -1355,7 +1374,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
||||||
if (ipcomp != IPCOMP_NONE)
|
if (ipcomp != IPCOMP_NONE)
|
||||||
{
|
{
|
||||||
rthdr->rta_type = XFRMA_ALG_COMP;
|
rthdr->rta_type = XFRMA_ALG_COMP;
|
||||||
alg_name = lookup_algorithm(compression_algs, ipcomp);
|
alg_name = lookup_algorithm(COMPRESSION_ALGORITHM, ipcomp);
|
||||||
if (alg_name == NULL)
|
if (alg_name == NULL)
|
||||||
{
|
{
|
||||||
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
|
||||||
|
|
|
@ -807,8 +807,22 @@ static kernel_algorithm_t compression_algs[] = {
|
||||||
/**
|
/**
|
||||||
* Look up a kernel algorithm ID and its key size
|
* Look up a kernel algorithm ID and its key size
|
||||||
*/
|
*/
|
||||||
static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
|
static int lookup_algorithm(transform_type_t type, int ikev2)
|
||||||
{
|
{
|
||||||
|
kernel_algorithm_t *list;
|
||||||
|
int alg = 0;
|
||||||
|
|
||||||
|
switch (type)
|
||||||
|
{
|
||||||
|
case ENCRYPTION_ALGORITHM:
|
||||||
|
list = encryption_algs;
|
||||||
|
break;
|
||||||
|
case INTEGRITY_ALGORITHM:
|
||||||
|
list = integrity_algs;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
while (list->ikev2 != END_OF_LIST)
|
while (list->ikev2 != END_OF_LIST)
|
||||||
{
|
{
|
||||||
if (ikev2 == list->ikev2)
|
if (ikev2 == list->ikev2)
|
||||||
|
@ -817,7 +831,9 @@ static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
|
||||||
}
|
}
|
||||||
list++;
|
list++;
|
||||||
}
|
}
|
||||||
return 0;
|
hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
|
||||||
|
type, &alg, NULL);
|
||||||
|
return alg;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1510,8 +1526,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
||||||
sa->sadb_sa_len = PFKEY_LEN(len);
|
sa->sadb_sa_len = PFKEY_LEN(len);
|
||||||
sa->sadb_sa_spi = spi;
|
sa->sadb_sa_spi = spi;
|
||||||
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
|
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
|
||||||
sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg);
|
sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
|
||||||
sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg);
|
sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
|
||||||
PFKEY_EXT_ADD(msg, sa);
|
PFKEY_EXT_ADD(msg, sa);
|
||||||
|
|
||||||
sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
|
sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
|
||||||
|
|
|
@ -15,12 +15,13 @@
|
||||||
|
|
||||||
#include <crypto/transform.h>
|
#include <crypto/transform.h>
|
||||||
|
|
||||||
ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, AEAD_ALGORITHM,
|
ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM,
|
||||||
"UNDEFINED_TRANSFORM_TYPE",
|
"UNDEFINED_TRANSFORM_TYPE",
|
||||||
"HASH_ALGORITHM",
|
"HASH_ALGORITHM",
|
||||||
"RANDOM_NUMBER_GENERATOR",
|
"RANDOM_NUMBER_GENERATOR",
|
||||||
"AEAD_ALGORITHM");
|
"AEAD_ALGORITHM",
|
||||||
ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, AEAD_ALGORITHM,
|
"COMPRESSION_ALGORITHM");
|
||||||
|
ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM,
|
||||||
"ENCRYPTION_ALGORITHM",
|
"ENCRYPTION_ALGORITHM",
|
||||||
"PSEUDO_RANDOM_FUNCTION",
|
"PSEUDO_RANDOM_FUNCTION",
|
||||||
"INTEGRITY_ALGORITHM",
|
"INTEGRITY_ALGORITHM",
|
||||||
|
|
|
@ -33,6 +33,7 @@ enum transform_type_t {
|
||||||
HASH_ALGORITHM = 242,
|
HASH_ALGORITHM = 242,
|
||||||
RANDOM_NUMBER_GENERATOR = 243,
|
RANDOM_NUMBER_GENERATOR = 243,
|
||||||
AEAD_ALGORITHM = 244,
|
AEAD_ALGORITHM = 244,
|
||||||
|
COMPRESSION_ALGORITHM = 245,
|
||||||
ENCRYPTION_ALGORITHM = 1,
|
ENCRYPTION_ALGORITHM = 1,
|
||||||
PSEUDO_RANDOM_FUNCTION = 2,
|
PSEUDO_RANDOM_FUNCTION = 2,
|
||||||
INTEGRITY_ALGORITHM = 3,
|
INTEGRITY_ALGORITHM = 3,
|
||||||
|
|
Loading…
Reference in New Issue