some code optimizations
This commit is contained in:
parent
e1573b3fe8
commit
4b615edab4
|
@ -196,6 +196,7 @@ static kernel_algorithm_t integrity_algs[] = {
|
|||
{AUTH_HMAC_MD5_96, "md5" },
|
||||
{AUTH_HMAC_SHA1_96, "sha1" },
|
||||
{AUTH_HMAC_SHA2_256_96, "sha256" },
|
||||
{AUTH_HMAC_SHA2_256_128, "hmac(sha256)" },
|
||||
{AUTH_HMAC_SHA2_384_192, "hmac(sha384)" },
|
||||
{AUTH_HMAC_SHA2_512_256, "hmac(sha512)" },
|
||||
/* {AUTH_DES_MAC, "***" }, */
|
||||
|
@ -1064,33 +1065,8 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
|
|||
}
|
||||
}
|
||||
|
||||
if (int_alg == AUTH_HMAC_SHA2_256_128)
|
||||
if (int_alg != AUTH_UNDEFINED)
|
||||
{
|
||||
/* the kernel uses SHA256 with 96 bit truncation by default,
|
||||
* use specified truncation size supported by newer kernels */
|
||||
rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC;
|
||||
alg_name = "hmac(sha256)";
|
||||
DBG2(DBG_KNL, " using integrity algorithm %N with key size %d",
|
||||
integrity_algorithm_names, int_alg, int_key.len * 8);
|
||||
|
||||
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len);
|
||||
hdr->nlmsg_len += rthdr->rta_len;
|
||||
if (hdr->nlmsg_len > sizeof(request))
|
||||
{
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
struct xfrm_algo_auth* algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
|
||||
algo->alg_key_len = int_key.len * 8;
|
||||
algo->alg_trunc_len = 128;
|
||||
strcpy(algo->alg_name, alg_name);
|
||||
memcpy(algo->alg_key, int_key.ptr, int_key.len);
|
||||
|
||||
rthdr = XFRM_RTA_NEXT(rthdr);
|
||||
}
|
||||
else if (int_alg != AUTH_UNDEFINED)
|
||||
{
|
||||
rthdr->rta_type = XFRMA_ALG_AUTH;
|
||||
alg_name = lookup_algorithm(integrity_algs, int_alg);
|
||||
if (alg_name == NULL)
|
||||
{
|
||||
|
@ -1101,18 +1077,45 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
|
|||
DBG2(DBG_KNL, " using integrity algorithm %N with key size %d",
|
||||
integrity_algorithm_names, int_alg, int_key.len * 8);
|
||||
|
||||
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len);
|
||||
hdr->nlmsg_len += rthdr->rta_len;
|
||||
if (hdr->nlmsg_len > sizeof(request))
|
||||
if (int_alg == AUTH_HMAC_SHA2_256_128)
|
||||
{
|
||||
return FAILED;
|
||||
struct xfrm_algo_auth* algo;
|
||||
|
||||
/* the kernel uses SHA256 with 96 bit truncation by default,
|
||||
* use specified truncation size supported by newer kernels */
|
||||
rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC;
|
||||
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len);
|
||||
|
||||
hdr->nlmsg_len += rthdr->rta_len;
|
||||
if (hdr->nlmsg_len > sizeof(request))
|
||||
{
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
|
||||
algo->alg_key_len = int_key.len * 8;
|
||||
algo->alg_trunc_len = 128;
|
||||
strcpy(algo->alg_name, alg_name);
|
||||
memcpy(algo->alg_key, int_key.ptr, int_key.len);
|
||||
}
|
||||
else
|
||||
{
|
||||
struct xfrm_algo* algo;
|
||||
|
||||
struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
|
||||
algo->alg_key_len = int_key.len * 8;
|
||||
strcpy(algo->alg_name, alg_name);
|
||||
memcpy(algo->alg_key, int_key.ptr, int_key.len);
|
||||
rthdr->rta_type = XFRMA_ALG_AUTH;
|
||||
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len);
|
||||
|
||||
hdr->nlmsg_len += rthdr->rta_len;
|
||||
if (hdr->nlmsg_len > sizeof(request))
|
||||
{
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
algo = (struct xfrm_algo*)RTA_DATA(rthdr);
|
||||
algo->alg_key_len = int_key.len * 8;
|
||||
strcpy(algo->alg_name, alg_name);
|
||||
memcpy(algo->alg_key, int_key.ptr, int_key.len);
|
||||
}
|
||||
rthdr = XFRM_RTA_NEXT(rthdr);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue