fixed debug output of ah transforms
[strongswan.git] / src / pluto / kernel_alg.c
1 /* Kernel runtime algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <stdio.h>
16 #include <string.h>
17 #include <stdlib.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <unistd.h>
22 #include <sys/queue.h>
23
24 #include <pfkeyv2.h>
25 #include <pfkey.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "connections.h"
33 #include "state.h"
34 #include "packet.h"
35 #include "spdb.h"
36 #include "kernel.h"
37 #include "kernel_alg.h"
38 #include "alg_info.h"
39 #include "log.h"
40 #include "whack.h"
41 #include "db_ops.h"
42
43 /* ALG storage */
44 static struct sadb_alg esp_aalg[SADB_AALG_MAX+1];
45 static struct sadb_alg esp_ealg[SADB_EALG_MAX+1];
46 static int esp_ealg_num = 0;
47 static int esp_aalg_num = 0;
48
49 #define ESP_EALG_PRESENT(algo) (((algo)<=SADB_EALG_MAX)&&(esp_ealg[(algo)].sadb_alg_id==(algo)))
50 #define ESP_EALG_FOR_EACH_UPDOWN(algo) \
51 for (algo=SADB_EALG_MAX; algo >0 ; algo--) \
52 if (ESP_EALG_PRESENT(algo))
53 #define ESP_AALG_PRESENT(algo) ((algo<=SADB_AALG_MAX)&&(esp_aalg[(algo)].sadb_alg_id==(algo)))
54 #define ESP_AALG_FOR_EACH_UPDOWN(algo) \
55 for (algo=SADB_AALG_MAX; algo >0 ; algo--) \
56 if (ESP_AALG_PRESENT(algo))
57
58 static struct sadb_alg* sadb_alg_ptr (int satype, int exttype, int alg_id,
59 int rw)
60 {
61 struct sadb_alg *alg_p = NULL;
62
63 switch (exttype)
64 {
65 case SADB_EXT_SUPPORTED_AUTH:
66 if (alg_id > SADB_AALG_MAX)
67 return NULL;
68 break;
69 case SADB_EXT_SUPPORTED_ENCRYPT:
70 if (alg_id > SADB_EALG_MAX)
71 return NULL;
72 break;
73 default:
74 return NULL;
75 }
76
77 switch (satype)
78 {
79 case SADB_SATYPE_ESP:
80 alg_p = (exttype == SADB_EXT_SUPPORTED_ENCRYPT)?
81 &esp_ealg[alg_id] : &esp_aalg[alg_id];
82 /* get for write: increment elem count */
83 if (rw)
84 {
85 (exttype == SADB_EXT_SUPPORTED_ENCRYPT)?
86 esp_ealg_num++ : esp_aalg_num++;
87 }
88 break;
89 case SADB_SATYPE_AH:
90 default:
91 return NULL;
92 }
93
94 return alg_p;
95 }
96
97 const struct sadb_alg* kernel_alg_sadb_alg_get(int satype, int exttype,
98 int alg_id)
99 {
100 return sadb_alg_ptr(satype, exttype, alg_id, 0);
101 }
102
103 /*
104 * Forget previous registration
105 */
106 static void kernel_alg_init(void)
107 {
108 DBG(DBG_KLIPS,
109 DBG_log("alg_init(): memset(%p, 0, %d) memset(%p, 0, %d)",
110 &esp_aalg, (int)sizeof (esp_aalg),
111 &esp_ealg, (int)sizeof (esp_ealg))
112 )
113 memset (&esp_aalg, 0, sizeof (esp_aalg));
114 memset (&esp_ealg, 0, sizeof (esp_ealg));
115 esp_ealg_num=esp_aalg_num = 0;
116 }
117
118 static int kernel_alg_add(int satype, int exttype,
119 const struct sadb_alg *sadb_alg)
120 {
121 struct sadb_alg *alg_p = NULL;
122 int alg_id = sadb_alg->sadb_alg_id;
123
124 DBG(DBG_KLIPS,
125 DBG_log("kernel_alg_add(): satype=%d, exttype=%d, alg_id=%d",
126 satype, exttype, sadb_alg->sadb_alg_id)
127 )
128 if (!(alg_p = sadb_alg_ptr(satype, exttype, alg_id, 1)))
129 return -1;
130
131 /* This logic "mimics" KLIPS: first algo implementation will be used */
132 if (alg_p->sadb_alg_id)
133 {
134 DBG(DBG_KLIPS,
135 DBG_log("kernel_alg_add(): discarding already setup "
136 "satype=%d, exttype=%d, alg_id=%d",
137 satype, exttype, sadb_alg->sadb_alg_id)
138 )
139 return 0;
140 }
141 *alg_p = *sadb_alg;
142 return 1;
143 }
144
145 bool kernel_alg_esp_enc_ok(u_int alg_id, u_int key_len,
146 struct alg_info_esp *alg_info __attribute__((unused)))
147 {
148 struct sadb_alg *alg_p = NULL;
149
150 /*
151 * test #1: encrypt algo must be present
152 */
153 int ret = ESP_EALG_PRESENT(alg_id);
154 if (!ret) goto out;
155
156 alg_p = &esp_ealg[alg_id];
157
158 /*
159 * test #2: if key_len specified, it must be in range
160 */
161 if (key_len
162 && (key_len < alg_p->sadb_alg_minbits || key_len > alg_p->sadb_alg_maxbits))
163 {
164 plog("kernel_alg_db_add() key_len not in range: alg_id=%d, "
165 "key_len=%d, alg_minbits=%d, alg_maxbits=%d"
166 , alg_id, key_len
167 , alg_p->sadb_alg_minbits
168 , alg_p->sadb_alg_maxbits);
169 ret = FALSE;
170 }
171
172 out:
173 if (ret)
174 {
175 DBG(DBG_KLIPS,
176 DBG_log("kernel_alg_esp_enc_ok(%d,%d): "
177 "alg_id=%d, "
178 "alg_ivlen=%d, alg_minbits=%d, alg_maxbits=%d, "
179 "res=%d, ret=%d"
180 , alg_id, key_len
181 , alg_p->sadb_alg_id
182 , alg_p->sadb_alg_ivlen
183 , alg_p->sadb_alg_minbits
184 , alg_p->sadb_alg_maxbits
185 , alg_p->sadb_alg_reserved
186 , ret);
187 )
188 }
189 else
190 {
191 DBG(DBG_KLIPS,
192 DBG_log("kernel_alg_esp_enc_ok(%d,%d): NO", alg_id, key_len);
193 )
194 }
195 return ret;
196 }
197
198 /*
199 * ML: make F_STRICT logic consider enc,auth algorithms
200 */
201 bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg,
202 struct alg_info_esp *alg_info)
203 {
204 int ealg_insecure;
205
206 /*
207 * key_len passed comes from esp_attrs read from peer
208 * For many older algoritms (eg 3DES) this key_len is fixed
209 * and get passed as 0.
210 * ... then get default key_len
211 */
212 if (key_len == 0)
213 key_len = kernel_alg_esp_enc_keylen(ealg) * BITS_PER_BYTE;
214
215 /*
216 * simple test to toss low key_len, will accept it only
217 * if specified in "esp" string
218 */
219 ealg_insecure = (key_len < 128) ;
220
221 if (ealg_insecure
222 || (alg_info && alg_info->alg_info_flags & ALG_INFO_F_STRICT))
223 {
224 int i;
225 struct esp_info *esp_info;
226
227 if (alg_info)
228 {
229 ALG_INFO_ESP_FOREACH(alg_info, esp_info, i)
230 {
231 if (esp_info->esp_ealg_id == ealg
232 && (esp_info->esp_ealg_keylen == 0 || key_len == 0
233 || esp_info->esp_ealg_keylen == key_len)
234 && esp_info->esp_aalg_id == aalg)
235 {
236 if (ealg_insecure)
237 {
238 loglog(RC_LOG_SERIOUS
239 , "You should NOT use insecure ESP algorithms [%s (%d)]!"
240 , enum_name(&esp_transformid_names, ealg), key_len);
241 }
242 return TRUE;
243 }
244 }
245 }
246 plog("IPSec Transform [%s (%d), %s] refused due to %s",
247 enum_name(&esp_transformid_names, ealg), key_len,
248 enum_name(&auth_alg_names, aalg),
249 ealg_insecure ? "insecure key_len and enc. alg. not listed in \"esp\" string" : "strict flag");
250 return FALSE;
251 }
252 return TRUE;
253 }
254
255 /**
256 * Load kernel_alg arrays from /proc used in manual mode from klips/utils/spi.c
257 */
258 int kernel_alg_proc_read(void)
259 {
260 int satype;
261 int supp_exttype;
262 int alg_id, ivlen, minbits, maxbits;
263 struct sadb_alg sadb_alg;
264 int ret;
265 char buf[128];
266
267 FILE *fp=fopen("/proc/net/pf_key_supported", "r");
268
269 if (!fp)
270 return -1;
271
272 kernel_alg_init();
273
274 while (fgets(buf, sizeof(buf), fp))
275 {
276 if (buf[0] != ' ') /* skip titles */
277 continue;
278
279 sscanf(buf, "%d %d %d %d %d %d"
280 ,&satype, &supp_exttype
281 , &alg_id, &ivlen
282 , &minbits, &maxbits);
283
284 switch (satype)
285 {
286 case SADB_SATYPE_ESP:
287 switch(supp_exttype)
288 {
289 case SADB_EXT_SUPPORTED_AUTH:
290 case SADB_EXT_SUPPORTED_ENCRYPT:
291 sadb_alg.sadb_alg_id = alg_id;
292 sadb_alg.sadb_alg_ivlen = ivlen;
293 sadb_alg.sadb_alg_minbits = minbits;
294 sadb_alg.sadb_alg_maxbits = maxbits;
295 ret = kernel_alg_add(satype, supp_exttype, &sadb_alg);
296 DBG(DBG_CRYPT,
297 DBG_log("kernel_alg_proc_read() alg_id=%d, "
298 "alg_ivlen=%d, alg_minbits=%d, alg_maxbits=%d, "
299 "ret=%d"
300 , sadb_alg.sadb_alg_id
301 , sadb_alg.sadb_alg_ivlen
302 , sadb_alg.sadb_alg_minbits
303 , sadb_alg.sadb_alg_maxbits
304 , ret)
305 )
306 }
307 default:
308 continue;
309 }
310 }
311 fclose(fp);
312 return 0;
313 }
314
315 /**
316 * Load kernel_alg arrays pluto's SADB_REGISTER user by pluto/kernel.c
317 */
318 void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
319 {
320 /* Trick: one 'type-mangle-able' pointer to ease offset/assign */
321 union {
322 const struct sadb_msg *msg;
323 const struct sadb_supported *supported;
324 const struct sadb_ext *ext;
325 const struct sadb_alg *alg;
326 const char *ch;
327 } sadb;
328
329 int satype;
330 int msglen;
331 int i = 0;
332
333 /* Initialize alg arrays */
334 kernel_alg_init();
335 satype = msg_buf->sadb_msg_satype;
336 sadb.msg = msg_buf;
337 msglen = sadb.msg->sadb_msg_len*IPSEC_PFKEYv2_ALIGN;
338 msglen -= sizeof(struct sadb_msg);
339 buflen -= sizeof(struct sadb_msg);
340 passert(buflen > 0);
341
342 sadb.msg++;
343
344 while(msglen)
345 {
346 int supp_exttype = sadb.supported->sadb_supported_exttype;
347 int supp_len = sadb.supported->sadb_supported_len*IPSEC_PFKEYv2_ALIGN;
348
349 DBG(DBG_KLIPS,
350 DBG_log("kernel_alg_register_pfkey(): SADB_SATYPE_%s: "
351 "sadb_msg_len=%d sadb_supported_len=%d"
352 , satype==SADB_SATYPE_ESP? "ESP" : "AH"
353 , msg_buf->sadb_msg_len, supp_len)
354 )
355 sadb.supported++;
356 msglen -= supp_len;
357 buflen -= supp_len;
358 passert(buflen >= 0);
359
360 for (supp_len -= sizeof(struct sadb_supported);
361 supp_len;
362 supp_len -= sizeof(struct sadb_alg), sadb.alg++,i++)
363 {
364 int ret = kernel_alg_add(satype, supp_exttype, sadb.alg);
365
366 DBG(DBG_KLIPS,
367 DBG_log("kernel_alg_register_pfkey(): SADB_SATYPE_%s: "
368 "alg[%d], exttype=%d, satype=%d, alg_id=%d, "
369 "alg_ivlen=%d, alg_minbits=%d, alg_maxbits=%d, "
370 "res=%d, ret=%d"
371 , satype==SADB_SATYPE_ESP? "ESP" : "AH"
372 , i
373 , supp_exttype
374 , satype
375 , sadb.alg->sadb_alg_id
376 , sadb.alg->sadb_alg_ivlen
377 , sadb.alg->sadb_alg_minbits
378 , sadb.alg->sadb_alg_maxbits
379 , sadb.alg->sadb_alg_reserved
380 , ret)
381 )
382 }
383 }
384 }
385
386 u_int kernel_alg_esp_enc_keylen(u_int alg_id)
387 {
388 u_int keylen = 0;
389
390 if (!ESP_EALG_PRESENT(alg_id))
391 goto none;
392
393 keylen = esp_ealg[alg_id].sadb_alg_maxbits/BITS_PER_BYTE;
394
395 switch (alg_id)
396 {
397 /*
398 * this is veryUgly[TM]
399 * Peer should have sent KEY_LENGTH attribute for ESP_AES
400 * but if not do force it to 128 instead of using sadb_alg_maxbits
401 * from kernel.
402 */
403 case ESP_AES:
404 keylen = 128/BITS_PER_BYTE;
405 break;
406 }
407
408 none:
409 DBG(DBG_KLIPS,
410 DBG_log("kernel_alg_esp_enc_keylen():"
411 "alg_id=%d, keylen=%d",
412 alg_id, keylen)
413 )
414 return keylen;
415 }
416
417 struct sadb_alg* kernel_alg_esp_sadb_alg(u_int alg_id)
418 {
419 struct sadb_alg *sadb_alg = (ESP_EALG_PRESENT(alg_id))
420 ? &esp_ealg[alg_id] : NULL;
421
422 DBG(DBG_KLIPS,
423 DBG_log("kernel_alg_esp_sadb_alg(): alg_id=%d, sadb_alg=%p"
424 , alg_id, sadb_alg)
425 )
426 return sadb_alg;
427 }
428
429 void kernel_alg_list(void)
430 {
431 u_int sadb_id;
432
433 whack_log(RC_COMMENT, " ");
434 whack_log(RC_COMMENT, "List of registered ESP Encryption Algorithms:");
435 whack_log(RC_COMMENT, " ");
436
437 for (sadb_id = 1; sadb_id <= SADB_EALG_MAX; sadb_id++)
438 {
439 if (ESP_EALG_PRESENT(sadb_id))
440 {
441 struct sadb_alg *alg_p = &esp_ealg[sadb_id];
442
443 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d"
444 , sadb_id
445 , enum_name(&esp_transformid_names, sadb_id)
446 , alg_p->sadb_alg_ivlen
447 , alg_p->sadb_alg_minbits
448 , alg_p->sadb_alg_maxbits
449 );
450 }
451 }
452
453 whack_log(RC_COMMENT, " ");
454 whack_log(RC_COMMENT, "List of registered ESP Authentication Algorithms:");
455 whack_log(RC_COMMENT, " ");
456
457 for (sadb_id = 1; sadb_id <= SADB_AALG_MAX; sadb_id++)
458 {
459 if (ESP_AALG_PRESENT(sadb_id))
460 {
461 u_int aaid = alg_info_esp_sadb2aa(sadb_id);
462 struct sadb_alg *alg_p = &esp_aalg[sadb_id];
463
464 whack_log(RC_COMMENT, "#%-5d %s, keylen: %d-%d"
465 , aaid
466 , enum_name(&auth_alg_names, aaid)
467 , alg_p->sadb_alg_minbits
468 , alg_p->sadb_alg_maxbits
469 );
470 }
471 }
472 }
473
474 void kernel_alg_show_connection(struct connection *c, const char *instance)
475 {
476 struct state *st = state_with_serialno(c->newest_ipsec_sa);
477
478 if (st && st->st_esp.present)
479 {
480 const char *aalg_name;
481
482 aalg_name = (st->st_ah.present) ?
483 enum_show(&ah_transformid_names, st->st_ah.attrs.transid):
484 enum_show(&auth_alg_names, st->st_esp.attrs.transid);
485
486 whack_log(RC_COMMENT,
487 "\"%s\"%s: ESP%s proposal: %s_%d/%s/%s",
488 c->name,
489 instance,
490 (st->st_ah.present) ? "/AH" : "",
491 enum_show(&esp_transformid_names, st->st_esp.attrs.transid),
492 st->st_esp.attrs.key_len,
493 aalg_name,
494 c->policy & POLICY_PFS ?
495 c->alg_info_esp->esp_pfsgroup ?
496 enum_show(&oakley_group_names,
497 c->alg_info_esp->esp_pfsgroup)
498 : "<Phase1>"
499 : "<N/A>"
500 );
501 }
502 }
503
504 bool kernel_alg_esp_auth_ok(u_int auth,
505 struct alg_info_esp *alg_info __attribute__((unused)))
506 {
507 return ESP_AALG_PRESENT(alg_info_esp_aa2sadb(auth));
508 }
509
510 u_int kernel_alg_esp_auth_keylen(u_int auth)
511 {
512 u_int sadb_aalg = alg_info_esp_aa2sadb(auth);
513
514 u_int a_keylen = (sadb_aalg)
515 ? esp_aalg[sadb_aalg].sadb_alg_maxbits/BITS_PER_BYTE
516 : 0;
517
518 DBG(DBG_CONTROL | DBG_CRYPT | DBG_PARSING,
519 DBG_log("kernel_alg_esp_auth_keylen(auth=%d, sadb_aalg=%d): "
520 "a_keylen=%d", auth, sadb_aalg, a_keylen)
521 )
522 return a_keylen;
523 }
524
525 struct esp_info* kernel_alg_esp_info(int transid, int auth)
526 {
527 int sadb_aalg, sadb_ealg;
528 static struct esp_info ei_buf;
529
530 sadb_ealg = transid;
531 sadb_aalg = alg_info_esp_aa2sadb(auth);
532
533 if (!ESP_EALG_PRESENT(sadb_ealg))
534 goto none;
535 if (!ESP_AALG_PRESENT(sadb_aalg))
536 goto none;
537
538 memset(&ei_buf, 0, sizeof (ei_buf));
539 ei_buf.transid = transid;
540 ei_buf.auth = auth;
541
542 /* don't return "default" keylen because this value is used from
543 * setup_half_ipsec_sa() to "validate" keylen
544 * In effect, enckeylen will be used as "max" value
545 */
546 ei_buf.enckeylen = esp_ealg[sadb_ealg].sadb_alg_maxbits/BITS_PER_BYTE;
547 ei_buf.authkeylen = esp_aalg[sadb_aalg].sadb_alg_maxbits/BITS_PER_BYTE;
548 ei_buf.encryptalg = sadb_ealg;
549 ei_buf.authalg = sadb_aalg;
550
551 DBG(DBG_PARSING,
552 DBG_log("kernel_alg_esp_info():"
553 "transid=%d, auth=%d, ei=%p, "
554 "enckeylen=%d, authkeylen=%d, encryptalg=%d, authalg=%d",
555 transid, auth, &ei_buf,
556 (int)ei_buf.enckeylen, (int)ei_buf.authkeylen,
557 ei_buf.encryptalg, ei_buf.authalg)
558 )
559 return &ei_buf;
560
561 none:
562 DBG(DBG_PARSING,
563 DBG_log("kernel_alg_esp_info():"
564 "transid=%d, auth=%d, ei=NULL",
565 transid, auth)
566 )
567 return NULL;
568 }
569
570 static void kernel_alg_policy_algorithms(struct esp_info *esp_info)
571 {
572 u_int ealg_id = esp_info->esp_ealg_id;
573
574 switch(ealg_id)
575 {
576 case 0:
577 case ESP_DES:
578 case ESP_3DES:
579 case ESP_NULL:
580 case ESP_CAST:
581 break;
582 default:
583 if (!esp_info->esp_ealg_keylen)
584 {
585 /* algos that need KEY_LENGTH
586 *
587 * Note: this is a very dirty hack ;-)
588 * Idea: Add a key_length_needed attribute to
589 * esp_ealg ??
590 */
591 esp_info->esp_ealg_keylen = esp_ealg[ealg_id].sadb_alg_maxbits;
592 }
593 }
594 }
595
596 static bool kernel_alg_db_add(struct db_context *db_ctx,
597 struct esp_info *esp_info, lset_t policy)
598 {
599 u_int ealg_id, aalg_id;
600
601 ealg_id = esp_info->esp_ealg_id;
602
603 if (!ESP_EALG_PRESENT(ealg_id))
604 {
605 DBG_log("kernel_alg_db_add() kernel enc ealg_id=%d not present", ealg_id);
606 return FALSE;
607 }
608
609 if (!(policy & POLICY_AUTHENTICATE)) /* skip ESP auth attrs for AH */
610 {
611 aalg_id = alg_info_esp_aa2sadb(esp_info->esp_aalg_id);
612
613 if (!ESP_AALG_PRESENT(aalg_id))
614 {
615 DBG_log("kernel_alg_db_add() kernel auth "
616 "aalg_id=%d not present", aalg_id);
617 return FALSE;
618 }
619 }
620
621 /* do algo policy */
622 kernel_alg_policy_algorithms(esp_info);
623
624 /* open new transformation */
625 db_trans_add(db_ctx, ealg_id);
626
627 /* add ESP auth attr */
628 if (!(policy & POLICY_AUTHENTICATE))
629 db_attr_add_values(db_ctx, AUTH_ALGORITHM, esp_info->esp_aalg_id);
630
631 /* add keylegth if specified in esp= string */
632 if (esp_info->esp_ealg_keylen)
633 db_attr_add_values(db_ctx, KEY_LENGTH, esp_info->esp_ealg_keylen);
634
635 return TRUE;
636 }
637
638 /*
639 * Create proposal with runtime kernel algos, merging
640 * with passed proposal if not NULL
641 *
642 * for now this function does free() previous returned
643 * malloced pointer (this quirk allows easier spdb.c change)
644 */
645 struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info,
646 lset_t policy )
647 {
648 const struct esp_info *esp_info;
649 struct esp_info tmp_esp_info;
650 struct db_context *ctx_new=NULL;
651 struct db_trans *t;
652 struct db_prop *prop;
653 u_int trans_cnt;
654 int tn = 0;
655
656 if (!(policy & POLICY_ENCRYPT)) /* not possible, I think */
657 return NULL;
658
659 trans_cnt = esp_ealg_num * esp_aalg_num;
660 DBG(DBG_EMITTING,
661 DBG_log("kernel_alg_db_prop_new() initial trans_cnt=%d"
662 , trans_cnt)
663 )
664
665 /* pass aprox. number of transforms and attributes */
666 ctx_new = db_prop_new(PROTO_IPSEC_ESP, trans_cnt, trans_cnt * 2);
667
668 /*
669 * Loop: for each element (struct esp_info) of alg_info,
670 * if kernel support is present then build the transform (and attrs)
671 * if NULL alg_info, propose everything ...
672 */
673
674 if (alg_info)
675 {
676 int i;
677
678 ALG_INFO_ESP_FOREACH(alg_info, esp_info, i)
679 {
680 tmp_esp_info = *esp_info;
681 kernel_alg_db_add(ctx_new, &tmp_esp_info, policy);
682 }
683 }
684 else
685 {
686 u_int ealg_id;
687
688 ESP_EALG_FOR_EACH_UPDOWN(ealg_id)
689 {
690 u_int aalg_id;
691
692 tmp_esp_info.esp_ealg_id = ealg_id;
693 tmp_esp_info.esp_ealg_keylen = 0;
694
695 for (aalg_id = 1; aalg_id <= SADB_AALG_MAX; aalg_id++)
696 {
697 if (ESP_AALG_PRESENT(aalg_id))
698 {
699 tmp_esp_info.esp_aalg_id = alg_info_esp_sadb2aa(aalg_id);
700 tmp_esp_info.esp_aalg_keylen = 0;
701 kernel_alg_db_add(ctx_new, &tmp_esp_info, policy);
702 }
703 }
704 }
705 }
706
707 prop = db_prop_get(ctx_new);
708
709 DBG(DBG_CONTROL|DBG_EMITTING,
710 DBG_log("kernel_alg_db_prop_new() "
711 "will return p_new->protoid=%d, p_new->trans_cnt=%d"
712 , prop->protoid, prop->trans_cnt)
713 )
714
715 for (t = prop->trans, tn = 0; tn < prop->trans_cnt; tn++)
716 {
717 DBG(DBG_CONTROL|DBG_EMITTING,
718 DBG_log("kernel_alg_db_prop_new() "
719 " trans[%d]: transid=%d, attr_cnt=%d, "
720 "attrs[0].type=%d, attrs[0].val=%d"
721 , tn
722 , t[tn].transid, t[tn].attr_cnt
723 , t[tn].attrs[0].type, t[tn].attrs[0].val)
724 )
725 }
726 return ctx_new;
727 }
728