80f24019b4afb45cbf259633b80d95356a27c7d4
[strongswan.git] / src / pluto / kernel_alg.c
1 /* Kernel runtime algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <stdio.h>
16 #include <string.h>
17 #include <stdlib.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <unistd.h>
22 #include <sys/queue.h>
23
24 #include <pfkeyv2.h>
25 #include <pfkey.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "connections.h"
33 #include "state.h"
34 #include "packet.h"
35 #include "spdb.h"
36 #include "kernel.h"
37 #include "kernel_alg.h"
38 #include "alg_info.h"
39 #include "log.h"
40 #include "whack.h"
41 #include "db_ops.h"
42
43 /* ALG storage */
44 static struct sadb_alg esp_aalg[SADB_AALG_MAX+1];
45 static struct sadb_alg esp_ealg[SADB_EALG_MAX+1];
46 static int esp_ealg_num = 0;
47 static int esp_aalg_num = 0;
48
49 #define ESP_EALG_PRESENT(algo) (((algo)<=SADB_EALG_MAX)&&(esp_ealg[(algo)].sadb_alg_id==(algo)))
50 #define ESP_EALG_FOR_EACH_UPDOWN(algo) \
51 for (algo=SADB_EALG_MAX; algo >0 ; algo--) \
52 if (ESP_EALG_PRESENT(algo))
53 #define ESP_AALG_PRESENT(algo) ((algo<=SADB_AALG_MAX)&&(esp_aalg[(algo)].sadb_alg_id==(algo)))
54 #define ESP_AALG_FOR_EACH_UPDOWN(algo) \
55 for (algo=SADB_AALG_MAX; algo >0 ; algo--) \
56 if (ESP_AALG_PRESENT(algo))
57
58 static struct sadb_alg*
59 sadb_alg_ptr (int satype, int exttype, int alg_id, int rw)
60 {
61 struct sadb_alg *alg_p = NULL;
62
63 switch (exttype)
64 {
65 case SADB_EXT_SUPPORTED_AUTH:
66 if (alg_id > SADB_AALG_MAX)
67 return NULL;
68 break;
69 case SADB_EXT_SUPPORTED_ENCRYPT:
70 if (alg_id > SADB_EALG_MAX)
71 return NULL;
72 break;
73 default:
74 return NULL;
75 }
76
77 switch (satype)
78 {
79 case SADB_SATYPE_ESP:
80 alg_p = (exttype == SADB_EXT_SUPPORTED_ENCRYPT)?
81 &esp_ealg[alg_id] : &esp_aalg[alg_id];
82 /* get for write: increment elem count */
83 if (rw)
84 {
85 (exttype == SADB_EXT_SUPPORTED_ENCRYPT)?
86 esp_ealg_num++ : esp_aalg_num++;
87 }
88 break;
89 case SADB_SATYPE_AH:
90 default:
91 return NULL;
92 }
93
94 return alg_p;
95 }
96
97 const struct sadb_alg *
98 kernel_alg_sadb_alg_get(int satype, int exttype, int alg_id)
99 {
100 return sadb_alg_ptr(satype, exttype, alg_id, 0);
101 }
102
103 /*
104 * Forget previous registration
105 */
106 static void
107 kernel_alg_init(void)
108 {
109 DBG(DBG_KLIPS,
110 DBG_log("alg_init(): memset(%p, 0, %d) memset(%p, 0, %d)",
111 &esp_aalg, (int)sizeof (esp_aalg),
112 &esp_ealg, (int)sizeof (esp_ealg))
113 )
114 memset (&esp_aalg, 0, sizeof (esp_aalg));
115 memset (&esp_ealg, 0, sizeof (esp_ealg));
116 esp_ealg_num=esp_aalg_num = 0;
117 }
118
119 static int
120 kernel_alg_add(int satype, int exttype, const struct sadb_alg *sadb_alg)
121 {
122 struct sadb_alg *alg_p = NULL;
123 int alg_id = sadb_alg->sadb_alg_id;
124
125 DBG(DBG_KLIPS,
126 DBG_log("kernel_alg_add(): satype=%d, exttype=%d, alg_id=%d",
127 satype, exttype, sadb_alg->sadb_alg_id)
128 )
129 if (!(alg_p = sadb_alg_ptr(satype, exttype, alg_id, 1)))
130 return -1;
131
132 /* This logic "mimics" KLIPS: first algo implementation will be used */
133 if (alg_p->sadb_alg_id)
134 {
135 DBG(DBG_KLIPS,
136 DBG_log("kernel_alg_add(): discarding already setup "
137 "satype=%d, exttype=%d, alg_id=%d",
138 satype, exttype, sadb_alg->sadb_alg_id)
139 )
140 return 0;
141 }
142 *alg_p = *sadb_alg;
143 return 1;
144 }
145
146 bool
147 kernel_alg_esp_enc_ok(u_int alg_id, u_int key_len,
148 struct alg_info_esp *alg_info __attribute__((unused)))
149 {
150 struct sadb_alg *alg_p = NULL;
151
152 /*
153 * test #1: encrypt algo must be present
154 */
155 int ret = ESP_EALG_PRESENT(alg_id);
156 if (!ret) goto out;
157
158 alg_p = &esp_ealg[alg_id];
159
160 /*
161 * test #2: if key_len specified, it must be in range
162 */
163 if (key_len
164 && (key_len < alg_p->sadb_alg_minbits || key_len > alg_p->sadb_alg_maxbits))
165 {
166 plog("kernel_alg_db_add() key_len not in range: alg_id=%d, "
167 "key_len=%d, alg_minbits=%d, alg_maxbits=%d"
168 , alg_id, key_len
169 , alg_p->sadb_alg_minbits
170 , alg_p->sadb_alg_maxbits);
171 ret = FALSE;
172 }
173
174 out:
175 if (ret)
176 {
177 DBG(DBG_KLIPS,
178 DBG_log("kernel_alg_esp_enc_ok(%d,%d): "
179 "alg_id=%d, "
180 "alg_ivlen=%d, alg_minbits=%d, alg_maxbits=%d, "
181 "res=%d, ret=%d"
182 , alg_id, key_len
183 , alg_p->sadb_alg_id
184 , alg_p->sadb_alg_ivlen
185 , alg_p->sadb_alg_minbits
186 , alg_p->sadb_alg_maxbits
187 , alg_p->sadb_alg_reserved
188 , ret);
189 )
190 }
191 else
192 {
193 DBG(DBG_KLIPS,
194 DBG_log("kernel_alg_esp_enc_ok(%d,%d): NO", alg_id, key_len);
195 )
196 }
197 return ret;
198 }
199
200 /*
201 * ML: make F_STRICT logic consider enc,auth algorithms
202 */
203 #ifndef NO_PLUTO
204 bool
205 kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg, struct alg_info_esp *alg_info)
206 {
207 int ealg_insecure;
208
209 /*
210 * key_len passed comes from esp_attrs read from peer
211 * For many older algoritms (eg 3DES) this key_len is fixed
212 * and get passed as 0.
213 * ... then get default key_len
214 */
215 if (key_len == 0)
216 key_len = kernel_alg_esp_enc_keylen(ealg) * BITS_PER_BYTE;
217
218 /*
219 * simple test to toss low key_len, will accept it only
220 * if specified in "esp" string
221 */
222 ealg_insecure = (key_len < 128) ;
223
224 if (ealg_insecure
225 || (alg_info && alg_info->alg_info_flags & ALG_INFO_F_STRICT))
226 {
227 int i;
228 struct esp_info *esp_info;
229
230 if (alg_info)
231 {
232 ALG_INFO_ESP_FOREACH(alg_info, esp_info, i)
233 {
234 if (esp_info->esp_ealg_id == ealg
235 && (esp_info->esp_ealg_keylen == 0 || key_len == 0
236 || esp_info->esp_ealg_keylen == key_len)
237 && esp_info->esp_aalg_id == aalg)
238 {
239 if (ealg_insecure)
240 {
241 loglog(RC_LOG_SERIOUS
242 , "You should NOT use insecure ESP algorithms [%s (%d)]!"
243 , enum_name(&esp_transformid_names, ealg), key_len);
244 }
245 return TRUE;
246 }
247 }
248 }
249 plog("IPSec Transform [%s (%d), %s] refused due to %s",
250 enum_name(&esp_transformid_names, ealg), key_len,
251 enum_name(&auth_alg_names, aalg),
252 ealg_insecure ? "insecure key_len and enc. alg. not listed in \"esp\" string" : "strict flag");
253 return FALSE;
254 }
255 return TRUE;
256 }
257 #endif /* NO_PLUTO */
258
259 /*
260 * Load kernel_alg arrays from /proc
261 * used in manual mode from klips/utils/spi.c
262 */
263 int
264 kernel_alg_proc_read(void)
265 {
266 int satype;
267 int supp_exttype;
268 int alg_id, ivlen, minbits, maxbits;
269 struct sadb_alg sadb_alg;
270 int ret;
271 char buf[128];
272
273 FILE *fp=fopen("/proc/net/pf_key_supported", "r");
274
275 if (!fp)
276 return -1;
277
278 kernel_alg_init();
279
280 while (fgets(buf, sizeof(buf), fp))
281 {
282 if (buf[0] != ' ') /* skip titles */
283 continue;
284
285 sscanf(buf, "%d %d %d %d %d %d"
286 ,&satype, &supp_exttype
287 , &alg_id, &ivlen
288 , &minbits, &maxbits);
289
290 switch (satype)
291 {
292 case SADB_SATYPE_ESP:
293 switch(supp_exttype)
294 {
295 case SADB_EXT_SUPPORTED_AUTH:
296 case SADB_EXT_SUPPORTED_ENCRYPT:
297 sadb_alg.sadb_alg_id = alg_id;
298 sadb_alg.sadb_alg_ivlen = ivlen;
299 sadb_alg.sadb_alg_minbits = minbits;
300 sadb_alg.sadb_alg_maxbits = maxbits;
301 ret = kernel_alg_add(satype, supp_exttype, &sadb_alg);
302 DBG(DBG_CRYPT,
303 DBG_log("kernel_alg_proc_read() alg_id=%d, "
304 "alg_ivlen=%d, alg_minbits=%d, alg_maxbits=%d, "
305 "ret=%d"
306 , sadb_alg.sadb_alg_id
307 , sadb_alg.sadb_alg_ivlen
308 , sadb_alg.sadb_alg_minbits
309 , sadb_alg.sadb_alg_maxbits
310 , ret)
311 )
312 }
313 default:
314 continue;
315 }
316 }
317 fclose(fp);
318 return 0;
319 }
320
321 /*
322 * Load kernel_alg arrays pluto's SADB_REGISTER
323 * user by pluto/kernel.c
324 */
325
326 void
327 kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
328 {
329 /* Trick: one 'type-mangle-able' pointer to ease offset/assign */
330 union {
331 const struct sadb_msg *msg;
332 const struct sadb_supported *supported;
333 const struct sadb_ext *ext;
334 const struct sadb_alg *alg;
335 const char *ch;
336 } sadb;
337
338 int satype;
339 int msglen;
340 int i = 0;
341
342 /* Initialize alg arrays */
343 kernel_alg_init();
344 satype = msg_buf->sadb_msg_satype;
345 sadb.msg = msg_buf;
346 msglen = sadb.msg->sadb_msg_len*IPSEC_PFKEYv2_ALIGN;
347 msglen -= sizeof(struct sadb_msg);
348 buflen -= sizeof(struct sadb_msg);
349 passert(buflen > 0);
350
351 sadb.msg++;
352
353 while(msglen)
354 {
355 int supp_exttype = sadb.supported->sadb_supported_exttype;
356 int supp_len = sadb.supported->sadb_supported_len*IPSEC_PFKEYv2_ALIGN;
357
358 DBG(DBG_KLIPS,
359 DBG_log("kernel_alg_register_pfkey(): SADB_SATYPE_%s: "
360 "sadb_msg_len=%d sadb_supported_len=%d"
361 , satype==SADB_SATYPE_ESP? "ESP" : "AH"
362 , msg_buf->sadb_msg_len, supp_len)
363 )
364 sadb.supported++;
365 msglen -= supp_len;
366 buflen -= supp_len;
367 passert(buflen >= 0);
368
369 for (supp_len -= sizeof(struct sadb_supported);
370 supp_len;
371 supp_len -= sizeof(struct sadb_alg), sadb.alg++,i++)
372 {
373 int ret = kernel_alg_add(satype, supp_exttype, sadb.alg);
374
375 DBG(DBG_KLIPS,
376 DBG_log("kernel_alg_register_pfkey(): SADB_SATYPE_%s: "
377 "alg[%d], exttype=%d, satype=%d, alg_id=%d, "
378 "alg_ivlen=%d, alg_minbits=%d, alg_maxbits=%d, "
379 "res=%d, ret=%d"
380 , satype==SADB_SATYPE_ESP? "ESP" : "AH"
381 , i
382 , supp_exttype
383 , satype
384 , sadb.alg->sadb_alg_id
385 , sadb.alg->sadb_alg_ivlen
386 , sadb.alg->sadb_alg_minbits
387 , sadb.alg->sadb_alg_maxbits
388 , sadb.alg->sadb_alg_reserved
389 , ret)
390 )
391 }
392 }
393 }
394
395 u_int
396 kernel_alg_esp_enc_keylen(u_int alg_id)
397 {
398 u_int keylen = 0;
399
400 if (!ESP_EALG_PRESENT(alg_id))
401 goto none;
402
403 keylen = esp_ealg[alg_id].sadb_alg_maxbits/BITS_PER_BYTE;
404
405 switch (alg_id)
406 {
407 /*
408 * this is veryUgly[TM]
409 * Peer should have sent KEY_LENGTH attribute for ESP_AES
410 * but if not do force it to 128 instead of using sadb_alg_maxbits
411 * from kernel.
412 */
413 case ESP_AES:
414 keylen = 128/BITS_PER_BYTE;
415 break;
416 }
417
418 none:
419 DBG(DBG_KLIPS,
420 DBG_log("kernel_alg_esp_enc_keylen():"
421 "alg_id=%d, keylen=%d",
422 alg_id, keylen)
423 )
424 return keylen;
425 }
426
427 struct sadb_alg *
428 kernel_alg_esp_sadb_alg(u_int alg_id)
429 {
430 struct sadb_alg *sadb_alg = (ESP_EALG_PRESENT(alg_id))
431 ? &esp_ealg[alg_id] : NULL;
432
433 DBG(DBG_KLIPS,
434 DBG_log("kernel_alg_esp_sadb_alg(): alg_id=%d, sadb_alg=%p"
435 , alg_id, sadb_alg)
436 )
437 return sadb_alg;
438 }
439
440 #ifndef NO_PLUTO
441 void kernel_alg_list(void)
442 {
443 u_int sadb_id;
444
445 whack_log(RC_COMMENT, " ");
446 whack_log(RC_COMMENT, "List of registered ESP Encryption Algorithms:");
447 whack_log(RC_COMMENT, " ");
448
449 for (sadb_id = 1; sadb_id <= SADB_EALG_MAX; sadb_id++)
450 {
451 if (ESP_EALG_PRESENT(sadb_id))
452 {
453 struct sadb_alg *alg_p = &esp_ealg[sadb_id];
454
455 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d"
456 , sadb_id
457 , enum_name(&esp_transformid_names, sadb_id)
458 , alg_p->sadb_alg_ivlen
459 , alg_p->sadb_alg_minbits
460 , alg_p->sadb_alg_maxbits
461 );
462 }
463 }
464
465 whack_log(RC_COMMENT, " ");
466 whack_log(RC_COMMENT, "List of registered ESP Authentication Algorithms:");
467 whack_log(RC_COMMENT, " ");
468
469 for (sadb_id = 1; sadb_id <= SADB_AALG_MAX; sadb_id++)
470 {
471 if (ESP_AALG_PRESENT(sadb_id))
472 {
473 u_int aaid = alg_info_esp_sadb2aa(sadb_id);
474 struct sadb_alg *alg_p = &esp_aalg[sadb_id];
475
476 whack_log(RC_COMMENT, "#%-5d %s, keylen: %d-%d"
477 , aaid
478 , enum_name(&auth_alg_names, aaid)
479 , alg_p->sadb_alg_minbits
480 , alg_p->sadb_alg_maxbits
481 );
482 }
483 }
484 }
485
486 void
487 kernel_alg_show_connection(struct connection *c, const char *instance)
488 {
489 struct state *st = state_with_serialno(c->newest_ipsec_sa);
490
491 if (st && st->st_esp.present)
492 {
493 whack_log(RC_COMMENT
494 , "\"%s\"%s: ESP proposal: %s_%d/%s/%s"
495 , c->name
496 , instance
497 , enum_show(&esp_transformid_names, st->st_esp.attrs.transid)
498 , st->st_esp.attrs.key_len
499 , enum_show(&auth_alg_names, st->st_esp.attrs.auth)
500 , c->policy & POLICY_PFS ?
501 c->alg_info_esp->esp_pfsgroup ?
502 enum_show(&oakley_group_names,
503 c->alg_info_esp->esp_pfsgroup)
504 : "<Phase1>"
505 : "<N/A>"
506 );
507 }
508 }
509 #endif /* NO_PLUTO */
510
511 bool
512 kernel_alg_esp_auth_ok(u_int auth,
513 struct alg_info_esp *alg_info __attribute__((unused)))
514 {
515 return ESP_AALG_PRESENT(alg_info_esp_aa2sadb(auth));
516 }
517
518 u_int
519 kernel_alg_esp_auth_keylen(u_int auth)
520 {
521 u_int sadb_aalg = alg_info_esp_aa2sadb(auth);
522
523 u_int a_keylen = (sadb_aalg)
524 ? esp_aalg[sadb_aalg].sadb_alg_maxbits/BITS_PER_BYTE
525 : 0;
526
527 DBG(DBG_CONTROL | DBG_CRYPT | DBG_PARSING,
528 DBG_log("kernel_alg_esp_auth_keylen(auth=%d, sadb_aalg=%d): "
529 "a_keylen=%d", auth, sadb_aalg, a_keylen)
530 )
531 return a_keylen;
532 }
533
534 struct esp_info *
535 kernel_alg_esp_info(int transid, int auth)
536 {
537 int sadb_aalg, sadb_ealg;
538 static struct esp_info ei_buf;
539
540 sadb_ealg = transid;
541 sadb_aalg = alg_info_esp_aa2sadb(auth);
542
543 if (!ESP_EALG_PRESENT(sadb_ealg))
544 goto none;
545 if (!ESP_AALG_PRESENT(sadb_aalg))
546 goto none;
547
548 memset(&ei_buf, 0, sizeof (ei_buf));
549 ei_buf.transid = transid;
550 ei_buf.auth = auth;
551
552 /* don't return "default" keylen because this value is used from
553 * setup_half_ipsec_sa() to "validate" keylen
554 * In effect, enckeylen will be used as "max" value
555 */
556 ei_buf.enckeylen = esp_ealg[sadb_ealg].sadb_alg_maxbits/BITS_PER_BYTE;
557 ei_buf.authkeylen = esp_aalg[sadb_aalg].sadb_alg_maxbits/BITS_PER_BYTE;
558 ei_buf.encryptalg = sadb_ealg;
559 ei_buf.authalg = sadb_aalg;
560
561 DBG(DBG_PARSING,
562 DBG_log("kernel_alg_esp_info():"
563 "transid=%d, auth=%d, ei=%p, "
564 "enckeylen=%d, authkeylen=%d, encryptalg=%d, authalg=%d",
565 transid, auth, &ei_buf,
566 (int)ei_buf.enckeylen, (int)ei_buf.authkeylen,
567 ei_buf.encryptalg, ei_buf.authalg)
568 )
569 return &ei_buf;
570
571 none:
572 DBG(DBG_PARSING,
573 DBG_log("kernel_alg_esp_info():"
574 "transid=%d, auth=%d, ei=NULL",
575 transid, auth)
576 )
577 return NULL;
578 }
579
580 #ifndef NO_PLUTO
581 static void
582 kernel_alg_policy_algorithms(struct esp_info *esp_info)
583 {
584 u_int ealg_id = esp_info->esp_ealg_id;
585
586 switch(ealg_id)
587 {
588 case 0:
589 case ESP_DES:
590 case ESP_3DES:
591 case ESP_NULL:
592 case ESP_CAST:
593 break;
594 default:
595 if (!esp_info->esp_ealg_keylen)
596 {
597 /* algos that need KEY_LENGTH
598 *
599 * Note: this is a very dirty hack ;-)
600 * Idea: Add a key_length_needed attribute to
601 * esp_ealg ??
602 */
603 esp_info->esp_ealg_keylen = esp_ealg[ealg_id].sadb_alg_maxbits;
604 }
605 }
606 }
607
608 static bool
609 kernel_alg_db_add(struct db_context *db_ctx, struct esp_info *esp_info, lset_t policy)
610 {
611 u_int ealg_id, aalg_id;
612
613 ealg_id = esp_info->esp_ealg_id;
614
615 if (!ESP_EALG_PRESENT(ealg_id))
616 {
617 DBG_log("kernel_alg_db_add() kernel enc ealg_id=%d not present", ealg_id);
618 return FALSE;
619 }
620
621 if (!(policy & POLICY_AUTHENTICATE)) /* skip ESP auth attrs for AH */
622 {
623 aalg_id = alg_info_esp_aa2sadb(esp_info->esp_aalg_id);
624
625 if (!ESP_AALG_PRESENT(aalg_id))
626 {
627 DBG_log("kernel_alg_db_add() kernel auth "
628 "aalg_id=%d not present", aalg_id);
629 return FALSE;
630 }
631 }
632
633 /* do algo policy */
634 kernel_alg_policy_algorithms(esp_info);
635
636 /* open new transformation */
637 db_trans_add(db_ctx, ealg_id);
638
639 /* add ESP auth attr */
640 if (!(policy & POLICY_AUTHENTICATE))
641 db_attr_add_values(db_ctx, AUTH_ALGORITHM, esp_info->esp_aalg_id);
642
643 /* add keylegth if specified in esp= string */
644 if (esp_info->esp_ealg_keylen)
645 db_attr_add_values(db_ctx, KEY_LENGTH, esp_info->esp_ealg_keylen);
646
647 return TRUE;
648 }
649
650 /*
651 * Create proposal with runtime kernel algos, merging
652 * with passed proposal if not NULL
653 *
654 * for now this function does free() previous returned
655 * malloced pointer (this quirk allows easier spdb.c change)
656 */
657 struct db_context *
658 kernel_alg_db_new(struct alg_info_esp *alg_info, lset_t policy )
659 {
660 const struct esp_info *esp_info;
661 struct esp_info tmp_esp_info;
662 struct db_context *ctx_new=NULL;
663 struct db_trans *t;
664 struct db_prop *prop;
665 u_int trans_cnt;
666 int tn = 0;
667
668 if (!(policy & POLICY_ENCRYPT)) /* not possible, I think */
669 return NULL;
670
671 trans_cnt = esp_ealg_num * esp_aalg_num;
672 DBG(DBG_EMITTING,
673 DBG_log("kernel_alg_db_prop_new() initial trans_cnt=%d"
674 , trans_cnt)
675 )
676
677 /* pass aprox. number of transforms and attributes */
678 ctx_new = db_prop_new(PROTO_IPSEC_ESP, trans_cnt, trans_cnt * 2);
679
680 /*
681 * Loop: for each element (struct esp_info) of alg_info,
682 * if kernel support is present then build the transform (and attrs)
683 * if NULL alg_info, propose everything ...
684 */
685
686 if (alg_info)
687 {
688 int i;
689
690 ALG_INFO_ESP_FOREACH(alg_info, esp_info, i)
691 {
692 tmp_esp_info = *esp_info;
693 kernel_alg_db_add(ctx_new, &tmp_esp_info, policy);
694 }
695 }
696 else
697 {
698 u_int ealg_id;
699
700 ESP_EALG_FOR_EACH_UPDOWN(ealg_id)
701 {
702 u_int aalg_id;
703
704 tmp_esp_info.esp_ealg_id = ealg_id;
705 tmp_esp_info.esp_ealg_keylen = 0;
706
707 for (aalg_id = 1; aalg_id <= SADB_AALG_MAX; aalg_id++)
708 {
709 if (ESP_AALG_PRESENT(aalg_id))
710 {
711 tmp_esp_info.esp_aalg_id = alg_info_esp_sadb2aa(aalg_id);
712 tmp_esp_info.esp_aalg_keylen = 0;
713 kernel_alg_db_add(ctx_new, &tmp_esp_info, policy);
714 }
715 }
716 }
717 }
718
719 prop = db_prop_get(ctx_new);
720
721 DBG(DBG_CONTROL|DBG_EMITTING,
722 DBG_log("kernel_alg_db_prop_new() "
723 "will return p_new->protoid=%d, p_new->trans_cnt=%d"
724 , prop->protoid, prop->trans_cnt)
725 )
726
727 for (t = prop->trans, tn = 0; tn < prop->trans_cnt; tn++)
728 {
729 DBG(DBG_CONTROL|DBG_EMITTING,
730 DBG_log("kernel_alg_db_prop_new() "
731 " trans[%d]: transid=%d, attr_cnt=%d, "
732 "attrs[0].type=%d, attrs[0].val=%d"
733 , tn
734 , t[tn].transid, t[tn].attr_cnt
735 , t[tn].attrs[0].type, t[tn].attrs[0].val)
736 )
737 }
738 return ctx_new;
739 }
740 #endif /* NO_PLUTO */