ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Added algorithm lookup via kernel_interface_t to the various kernel interfaces

This commit is contained in:
Tobias Brunner 2012-09-13 15:22:37 +02:00
parent 524fb37ccd
commit 08ad639f32
5 changed files with 72 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
View File

@ -820,8 +820,22 @@ static kernel_algorithm_t compression_algs[] = {
/** /**
* Look up a kernel algorithm ID and its key size * Look up a kernel algorithm ID and its key size
*/ */
static int lookup_algorithm(kernel_algorithm_t *list, int ikev2) static int lookup_algorithm(transform_type_t type, int ikev2)
{ {
kernel_algorithm_t *list;
int alg = 0;
switch (type)
{
case ENCRYPTION_ALGORITHM:
list = encryption_algs;
break;
case INTEGRITY_ALGORITHM:
list = integrity_algs;
break;
default:
return 0;
}
while (list->ikev2 != END_OF_LIST) while (list->ikev2 != END_OF_LIST)
{ {
if (ikev2 == list->ikev2) if (ikev2 == list->ikev2)
@ -830,7 +844,9 @@ static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
} }
list++; list++;
} }
return 0; hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
type, &alg, NULL);
return alg;
} }
/** /**
@ -1713,8 +1729,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa->sadb_sa_spi = spi; sa->sadb_sa_spi = spi;
sa->sadb_sa_state = SADB_SASTATE_MATURE; sa->sadb_sa_state = SADB_SASTATE_MATURE;
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32; sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
PFKEY_EXT_ADD(msg, sa); PFKEY_EXT_ADD(msg, sa);
add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC);

35
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
View File

@ -243,8 +243,25 @@ static kernel_algorithm_t compression_algs[] = {
/** /**
* Look up a kernel algorithm name and its key size * Look up a kernel algorithm name and its key size
*/ */
static char* lookup_algorithm(kernel_algorithm_t *list, int ikev2) static char* lookup_algorithm(transform_type_t type, int ikev2)
{ {
kernel_algorithm_t *list;
char *name = NULL;
switch (type)
{
case ENCRYPTION_ALGORITHM:
list = encryption_algs;
break;
case INTEGRITY_ALGORITHM:
list = integrity_algs;
break;
case COMPRESSION_ALGORITHM:
list = compression_algs;
break;
default:
return NULL;
}
while (list->ikev2 != END_OF_LIST) while (list->ikev2 != END_OF_LIST)
{ {
if (list->ikev2 == ikev2) if (list->ikev2 == ikev2)
@ -253,7 +270,9 @@ static char* lookup_algorithm(kernel_algorithm_t *list, int ikev2)
} }
list++; list++;
} }
return NULL; hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
type, NULL, &name);
return name;
} }
typedef struct private_kernel_netlink_ipsec_t private_kernel_netlink_ipsec_t; typedef struct private_kernel_netlink_ipsec_t private_kernel_netlink_ipsec_t;
@ -1222,12 +1241,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{ {
struct xfrm_algo_aead *algo; struct xfrm_algo_aead *algo;
alg_name = lookup_algorithm(encryption_algs, enc_alg); alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
if (alg_name == NULL) if (alg_name == NULL)
{ {
DBG1(DBG_KNL, "algorithm %N not supported by kernel!", DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
encryption_algorithm_names, enc_alg); encryption_algorithm_names, enc_alg);
goto failed; goto failed;
} }
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8); encryption_algorithm_names, enc_alg, enc_key.len * 8);
@ -1254,7 +1273,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{ {
struct xfrm_algo *algo; struct xfrm_algo *algo;
alg_name = lookup_algorithm(encryption_algs, enc_alg); alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
if (alg_name == NULL) if (alg_name == NULL)
{ {
DBG1(DBG_KNL, "algorithm %N not supported by kernel!", DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
@ -1285,7 +1304,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{ {
u_int trunc_len = 0; u_int trunc_len = 0;
alg_name = lookup_algorithm(integrity_algs, int_alg); alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
if (alg_name == NULL) if (alg_name == NULL)
{ {
DBG1(DBG_KNL, "algorithm %N not supported by kernel!", DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
@ -1355,7 +1374,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
if (ipcomp != IPCOMP_NONE) if (ipcomp != IPCOMP_NONE)
{ {
rthdr->rta_type = XFRMA_ALG_COMP; rthdr->rta_type = XFRMA_ALG_COMP;
alg_name = lookup_algorithm(compression_algs, ipcomp); alg_name = lookup_algorithm(COMPRESSION_ALGORITHM, ipcomp);
if (alg_name == NULL) if (alg_name == NULL)
{ {
DBG1(DBG_KNL, "algorithm %N not supported by kernel!", DBG1(DBG_KNL, "algorithm %N not supported by kernel!",

24
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
View File

@ -807,8 +807,22 @@ static kernel_algorithm_t compression_algs[] = {
/** /**
* Look up a kernel algorithm ID and its key size * Look up a kernel algorithm ID and its key size
*/ */
static int lookup_algorithm(kernel_algorithm_t *list, int ikev2) static int lookup_algorithm(transform_type_t type, int ikev2)
{ {
kernel_algorithm_t *list;
int alg = 0;
switch (type)
{
case ENCRYPTION_ALGORITHM:
list = encryption_algs;
break;
case INTEGRITY_ALGORITHM:
list = integrity_algs;
break;
default:
return 0;
}
while (list->ikev2 != END_OF_LIST) while (list->ikev2 != END_OF_LIST)
{ {
if (ikev2 == list->ikev2) if (ikev2 == list->ikev2)
@ -817,7 +831,9 @@ static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
} }
list++; list++;
} }
return 0; hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
type, &alg, NULL);
return alg;
} }
/** /**
@ -1510,8 +1526,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa->sadb_sa_len = PFKEY_LEN(len); sa->sadb_sa_len = PFKEY_LEN(len);
sa->sadb_sa_spi = spi; sa->sadb_sa_spi = spi;
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32; sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
PFKEY_EXT_ADD(msg, sa); PFKEY_EXT_ADD(msg, sa);
sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);

7
src/libstrongswan/crypto/transform.c
View File

@ -15,12 +15,13 @@
#include <crypto/transform.h> #include <crypto/transform.h>
ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, AEAD_ALGORITHM, ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM,
"UNDEFINED_TRANSFORM_TYPE", "UNDEFINED_TRANSFORM_TYPE",
"HASH_ALGORITHM", "HASH_ALGORITHM",
"RANDOM_NUMBER_GENERATOR", "RANDOM_NUMBER_GENERATOR",
"AEAD_ALGORITHM"); "AEAD_ALGORITHM",
ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, AEAD_ALGORITHM, "COMPRESSION_ALGORITHM");
ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM,
"ENCRYPTION_ALGORITHM", "ENCRYPTION_ALGORITHM",
"PSEUDO_RANDOM_FUNCTION", "PSEUDO_RANDOM_FUNCTION",
"INTEGRITY_ALGORITHM", "INTEGRITY_ALGORITHM",

1
src/libstrongswan/crypto/transform.h
View File

@ -33,6 +33,7 @@ enum transform_type_t {
HASH_ALGORITHM = 242, HASH_ALGORITHM = 242,
RANDOM_NUMBER_GENERATOR = 243, RANDOM_NUMBER_GENERATOR = 243,
AEAD_ALGORITHM = 244, AEAD_ALGORITHM = 244,
COMPRESSION_ALGORITHM = 245,
ENCRYPTION_ALGORITHM = 1, ENCRYPTION_ALGORITHM = 1,
PSEUDO_RANDOM_FUNCTION = 2, PSEUDO_RANDOM_FUNCTION = 2,
INTEGRITY_ALGORITHM = 3, INTEGRITY_ALGORITHM = 3,