support of AES_XCBC and CAMELLIA ESP cipher by pluto
This commit is contained in:
parent
855c9a9089
commit
1da277f045
|
@ -312,49 +312,39 @@ struct sadb_protocol {
|
|||
#define SADB_X_SAFLAGS_CLEARFLOW 4
|
||||
#define SADB_X_SAFLAGS_INFLOW 8
|
||||
|
||||
/* not obvious, but these are the same values as used in isakmp,
|
||||
* and in freeswan/ipsec_policy.h. If you need to add any, they
|
||||
* should be added as according to
|
||||
* http://www.iana.org/assignments/isakmp-registry
|
||||
*
|
||||
* and if not, then please try to use a private-use value, and
|
||||
* consider asking IANA to assign a value.
|
||||
*/
|
||||
#define SADB_AALG_NONE 0
|
||||
#define SADB_AALG_MD5_HMAC 2
|
||||
#define SADB_AALG_SHA1_HMAC 3
|
||||
#define SADB_AALG_DES_MAC 4
|
||||
#define SADB_AALG_SHA2_256_HMAC 5
|
||||
#define SADB_AALG_SHA2_384_HMAC 6
|
||||
#define SADB_AALG_SHA2_512_HMAC 7
|
||||
#define SADB_AALG_RIPEMD_160_HMAC 8
|
||||
#define SADB_AALG_AES_XCBC_MAC 9
|
||||
/* Authentication algorithms */
|
||||
#define SADB_AALG_NONE 0
|
||||
#define SADB_AALG_MD5HMAC 2
|
||||
#define SADB_AALG_SHA1HMAC 3
|
||||
#define SADB_X_AALG_SHA2_256HMAC 5
|
||||
#define SADB_X_AALG_SHA2_384HMAC 6
|
||||
#define SADB_X_AALG_SHA2_512HMAC 7
|
||||
#define SADB_X_AALG_RIPEMD160HMAC 8
|
||||
#define SADB_X_AALG_AES_XCBC_MAC 9
|
||||
#define SADB_X_AALG_NULL 251 /* kame */
|
||||
#define SADB_AALG_MAX 251
|
||||
|
||||
/* Encryption algorithms */
|
||||
#define SADB_EALG_NONE 0
|
||||
#define SADB_EALG_DES_CBC 2
|
||||
#define SADB_EALG_3DES_CBC 3
|
||||
#define SADB_EALG_RC5_CBC 4
|
||||
#define SADB_EALG_IDEA_CBC 5
|
||||
#define SADB_EALG_CAST_CBC 6
|
||||
#define SADB_EALG_BLOWFISH_CBC 7
|
||||
#define SADB_EALG_DESCBC 2
|
||||
#define SADB_EALG_3DESCBC 3
|
||||
#define SADB_X_EALG_CASTCBC 6
|
||||
#define SADB_X_EALG_BLOWFISHCBC 7
|
||||
#define SADB_EALG_NULL 11
|
||||
#define SADB_EALG_AES_CBC 12
|
||||
#define SADB_EALG_AES_CTR 13
|
||||
#define SADB_X_EALG_SERPENT_CBC 252
|
||||
#define SADB_X_EALG_TWOFISH_CBC 253
|
||||
#define SADB_EALG_MAX 253
|
||||
#define SADB_X_EALG_AESCBC 12
|
||||
#define SADB_X_EALG_CAMELLIACBC 22
|
||||
#define SADB_EALG_MAX 253 /* last EALG */
|
||||
/* private allocations should use 249-255 (RFC2407) */
|
||||
#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
|
||||
#define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
|
||||
|
||||
#define SADB_X_CALG_NONE 0
|
||||
#define SADB_X_CALG_OUI 1
|
||||
#define SADB_X_CALG_DEFLATE 2
|
||||
#define SADB_X_CALG_LZS 3
|
||||
#define SADB_X_CALG_V42BIS 4
|
||||
#ifdef KERNEL26_HAS_KAME_DUPLICATES
|
||||
#define SADB_X_CALG_LZJH 4
|
||||
#endif
|
||||
#define SADB_X_CALG_MAX 4
|
||||
/* Compression algorithms */
|
||||
#define SADB_X_CALG_NONE 0
|
||||
#define SADB_X_CALG_OUI 1
|
||||
#define SADB_X_CALG_DEFLATE 2
|
||||
#define SADB_X_CALG_LZS 3
|
||||
#define SADB_X_CALG_LZJH 4
|
||||
#define SADB_X_CALG_MAX 4
|
||||
|
||||
#define SADB_X_TALG_NONE 0
|
||||
#define SADB_X_TALG_IPv4_in_IPv4 1
|
||||
|
@ -363,13 +353,11 @@ struct sadb_protocol {
|
|||
#define SADB_X_TALG_IPv6_in_IPv6 4
|
||||
#define SADB_X_TALG_MAX 4
|
||||
|
||||
/* Identity Extension values */
|
||||
#define SADB_IDENTTYPE_RESERVED 0
|
||||
#define SADB_IDENTTYPE_PREFIX 1
|
||||
#define SADB_IDENTTYPE_FQDN 2
|
||||
#define SADB_IDENTTYPE_USERFQDN 3
|
||||
#define SADB_IDENTTYPE_MAX 3
|
||||
|
||||
#define SADB_IDENTTYPE_RESERVED 0
|
||||
#define SADB_IDENTTYPE_PREFIX 1
|
||||
#define SADB_IDENTTYPE_FQDN 2
|
||||
#define SADB_IDENTTYPE_USERFQDN 3
|
||||
#define SADB_X_IDENTTYPE_CONNECTION 4
|
||||
#define SADB_IDENTTYPE_MAX 4
|
||||
|
||||
#define SADB_KEY_FLAGS_MAX 0
|
||||
#endif /* __PFKEY_V2_H */
|
||||
|
|
|
@ -96,8 +96,8 @@ alg_info_esp_sadb2aa(int sadb_aalg)
|
|||
int auth = 0;
|
||||
|
||||
switch(sadb_aalg) {
|
||||
case SADB_AALG_MD5_HMAC:
|
||||
case SADB_AALG_SHA1_HMAC:
|
||||
case SADB_AALG_MD5HMAC:
|
||||
case SADB_AALG_SHA1HMAC:
|
||||
auth = sadb_aalg - 1;
|
||||
break;
|
||||
/* since they are the same ... :) */
|
||||
|
@ -195,7 +195,11 @@ aalg_getbyname_esp(const char *const str, int len)
|
|||
|
||||
/* interpret 'SHA' as 'SHA1' */
|
||||
if (strncasecmp("SHA", str, len) == 0)
|
||||
return enum_search(&auth_alg_names, "AUTH_ALGORITHM_HMAC_SHA1");
|
||||
return AUTH_ALGORITHM_HMAC_SHA1;
|
||||
|
||||
/* interpret 'AESXCBC' as 'AES_XCBC_MAC' */
|
||||
if (strncasecmp("AESXCBC", str, len) == 0)
|
||||
return AUTH_ALGORITHM_AES_XCBC_MAC;
|
||||
|
||||
ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_HMAC_", str ,len);
|
||||
if (ret >= 0)
|
||||
|
|
|
@ -1827,30 +1827,30 @@ setup_half_ipsec_sa(struct state *st, bool inbound)
|
|||
static const struct esp_info esp_info[] = {
|
||||
{ ESP_NULL, AUTH_ALGORITHM_HMAC_MD5,
|
||||
0, HMAC_MD5_KEY_LEN,
|
||||
SADB_EALG_NULL, SADB_AALG_MD5_HMAC },
|
||||
SADB_EALG_NULL, SADB_AALG_MD5HMAC },
|
||||
{ ESP_NULL, AUTH_ALGORITHM_HMAC_SHA1,
|
||||
0, HMAC_SHA1_KEY_LEN,
|
||||
SADB_EALG_NULL, SADB_AALG_SHA1_HMAC },
|
||||
SADB_EALG_NULL, SADB_AALG_SHA1HMAC },
|
||||
|
||||
{ ESP_DES, AUTH_ALGORITHM_NONE,
|
||||
DES_CBC_BLOCK_SIZE, 0,
|
||||
SADB_EALG_DES_CBC, SADB_AALG_NONE },
|
||||
SADB_EALG_DESCBC, SADB_AALG_NONE },
|
||||
{ ESP_DES, AUTH_ALGORITHM_HMAC_MD5,
|
||||
DES_CBC_BLOCK_SIZE, HMAC_MD5_KEY_LEN,
|
||||
SADB_EALG_DES_CBC, SADB_AALG_MD5_HMAC },
|
||||
SADB_EALG_DESCBC, SADB_AALG_MD5HMAC },
|
||||
{ ESP_DES, AUTH_ALGORITHM_HMAC_SHA1,
|
||||
DES_CBC_BLOCK_SIZE,
|
||||
HMAC_SHA1_KEY_LEN, SADB_EALG_DES_CBC, SADB_AALG_SHA1_HMAC },
|
||||
HMAC_SHA1_KEY_LEN, SADB_EALG_DESCBC, SADB_AALG_SHA1HMAC },
|
||||
|
||||
{ ESP_3DES, AUTH_ALGORITHM_NONE,
|
||||
DES_CBC_BLOCK_SIZE * 3, 0,
|
||||
SADB_EALG_3DES_CBC, SADB_AALG_NONE },
|
||||
SADB_EALG_3DESCBC, SADB_AALG_NONE },
|
||||
{ ESP_3DES, AUTH_ALGORITHM_HMAC_MD5,
|
||||
DES_CBC_BLOCK_SIZE * 3, HMAC_MD5_KEY_LEN,
|
||||
SADB_EALG_3DES_CBC, SADB_AALG_MD5_HMAC },
|
||||
SADB_EALG_3DESCBC, SADB_AALG_MD5HMAC },
|
||||
{ ESP_3DES, AUTH_ALGORITHM_HMAC_SHA1,
|
||||
DES_CBC_BLOCK_SIZE * 3, HMAC_SHA1_KEY_LEN,
|
||||
SADB_EALG_3DES_CBC, SADB_AALG_SHA1_HMAC },
|
||||
SADB_EALG_3DESCBC, SADB_AALG_SHA1HMAC },
|
||||
};
|
||||
|
||||
u_int8_t natt_type = 0;
|
||||
|
@ -1976,11 +1976,11 @@ setup_half_ipsec_sa(struct state *st, bool inbound)
|
|||
switch (st->st_ah.attrs.auth)
|
||||
{
|
||||
case AUTH_ALGORITHM_HMAC_MD5:
|
||||
authalg = SADB_AALG_MD5_HMAC;
|
||||
authalg = SADB_AALG_MD5HMAC;
|
||||
break;
|
||||
|
||||
case AUTH_ALGORITHM_HMAC_SHA1:
|
||||
authalg = SADB_AALG_SHA1_HMAC;
|
||||
authalg = SADB_AALG_SHA1HMAC;
|
||||
break;
|
||||
|
||||
default:
|
||||
|
|
|
@ -83,12 +83,13 @@ static sparse_names xfrm_type_names = {
|
|||
/* Authentication algorithms */
|
||||
static sparse_names aalg_list = {
|
||||
{ SADB_X_AALG_NULL, "digest_null" },
|
||||
{ SADB_AALG_MD5_HMAC, "md5" },
|
||||
{ SADB_AALG_SHA1_HMAC, "sha1" },
|
||||
{ SADB_AALG_SHA2_256_HMAC, "sha256" },
|
||||
{ SADB_AALG_SHA2_384_HMAC, "sha384" },
|
||||
{ SADB_AALG_SHA2_512_HMAC, "sha512" },
|
||||
{ SADB_AALG_RIPEMD_160_HMAC, "ripemd160" },
|
||||
{ SADB_AALG_MD5HMAC, "md5" },
|
||||
{ SADB_AALG_SHA1HMAC, "sha1" },
|
||||
{ SADB_X_AALG_SHA2_256HMAC, "sha256" },
|
||||
{ SADB_X_AALG_SHA2_384HMAC, "sha384" },
|
||||
{ SADB_X_AALG_SHA2_512HMAC, "sha512" },
|
||||
{ SADB_X_AALG_RIPEMD160HMAC, "ripemd160" },
|
||||
{ SADB_X_AALG_AES_XCBC_MAC, "aesxcbc"},
|
||||
{ SADB_X_AALG_NULL, "null" },
|
||||
{ 0, sparse_end }
|
||||
};
|
||||
|
@ -96,14 +97,14 @@ static sparse_names aalg_list = {
|
|||
/* Encryption algorithms */
|
||||
static sparse_names ealg_list = {
|
||||
{ SADB_EALG_NULL, "cipher_null" },
|
||||
{ SADB_EALG_DES_CBC, "des" },
|
||||
{ SADB_EALG_3DES_CBC, "des3_ede" },
|
||||
{ SADB_EALG_IDEA_CBC, "idea" },
|
||||
{ SADB_EALG_CAST_CBC, "cast128" },
|
||||
{ SADB_EALG_BLOWFISH_CBC, "blowfish" },
|
||||
{ SADB_EALG_AES_CBC, "aes" },
|
||||
{ SADB_X_EALG_SERPENT_CBC, "serpent" },
|
||||
{ SADB_X_EALG_TWOFISH_CBC, "twofish" },
|
||||
{ SADB_EALG_DESCBC, "des" },
|
||||
{ SADB_EALG_3DESCBC, "des3_ede" },
|
||||
{ SADB_X_EALG_CASTCBC, "cast128" },
|
||||
{ SADB_X_EALG_BLOWFISHCBC, "blowfish" },
|
||||
{ SADB_X_EALG_AESCBC, "aes" },
|
||||
{ SADB_X_EALG_CAMELLIACBC, "camellia" },
|
||||
{ SADB_X_EALG_SERPENTCBC, "serpent" },
|
||||
{ SADB_X_EALG_TWOFISHCBC, "twofish" },
|
||||
{ 0, sparse_end }
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue