Added algorithm lookup via kernel_interface_t to the various kernel interfaces
authorTobias Brunner <tobias@strongswan.org>
Thu, 13 Sep 2012 13:22:37 +0000 (15:22 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 13 Sep 2012 13:48:49 +0000 (15:48 +0200)
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/libstrongswan/crypto/transform.c
src/libstrongswan/crypto/transform.h

index 5f077b2..fa7f610 100644 (file)
@@ -820,8 +820,22 @@ static kernel_algorithm_t compression_algs[] = {
 /**
  * Look up a kernel algorithm ID and its key size
  */
-static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
+static int lookup_algorithm(transform_type_t type, int ikev2)
 {
+       kernel_algorithm_t *list;
+       int alg = 0;
+
+       switch (type)
+       {
+               case ENCRYPTION_ALGORITHM:
+                       list = encryption_algs;
+                       break;
+               case INTEGRITY_ALGORITHM:
+                       list = integrity_algs;
+                       break;
+               default:
+                       return 0;
+       }
        while (list->ikev2 != END_OF_LIST)
        {
                if (ikev2 == list->ikev2)
@@ -830,7 +844,9 @@ static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
                }
                list++;
        }
-       return 0;
+       hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
+                                                                                         type, &alg, NULL);
+       return alg;
 }
 
 /**
@@ -1713,8 +1729,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        sa->sadb_sa_spi = spi;
        sa->sadb_sa_state = SADB_SASTATE_MATURE;
        sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
-       sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg);
-       sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg);
+       sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
+       sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
        PFKEY_EXT_ADD(msg, sa);
 
        add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC);
index ef0a08c..ac9d9fe 100644 (file)
@@ -243,8 +243,25 @@ static kernel_algorithm_t compression_algs[] = {
 /**
  * Look up a kernel algorithm name and its key size
  */
-static char* lookup_algorithm(kernel_algorithm_t *list, int ikev2)
+static char* lookup_algorithm(transform_type_t type, int ikev2)
 {
+       kernel_algorithm_t *list;
+       char *name = NULL;
+
+       switch (type)
+       {
+               case ENCRYPTION_ALGORITHM:
+                       list = encryption_algs;
+                       break;
+               case INTEGRITY_ALGORITHM:
+                       list = integrity_algs;
+                       break;
+               case COMPRESSION_ALGORITHM:
+                       list = compression_algs;
+                       break;
+               default:
+                       return NULL;
+       }
        while (list->ikev2 != END_OF_LIST)
        {
                if (list->ikev2 == ikev2)
@@ -253,7 +270,9 @@ static char* lookup_algorithm(kernel_algorithm_t *list, int ikev2)
                }
                list++;
        }
-       return NULL;
+       hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
+                                                                                         type, NULL, &name);
+       return name;
 }
 
 typedef struct private_kernel_netlink_ipsec_t private_kernel_netlink_ipsec_t;
@@ -1222,12 +1241,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                {
                        struct xfrm_algo_aead *algo;
 
-                       alg_name = lookup_algorithm(encryption_algs, enc_alg);
+                       alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
                        if (alg_name == NULL)
                        {
                                DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
-                                        encryption_algorithm_names, enc_alg);
-                               goto failed;
+                                                encryption_algorithm_names, enc_alg);
+                                       goto failed;
                        }
                        DBG2(DBG_KNL, "  using encryption algorithm %N with key size %d",
                                 encryption_algorithm_names, enc_alg, enc_key.len * 8);
@@ -1254,7 +1273,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                {
                        struct xfrm_algo *algo;
 
-                       alg_name = lookup_algorithm(encryption_algs, enc_alg);
+                       alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
                        if (alg_name == NULL)
                        {
                                DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
@@ -1285,7 +1304,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        {
                u_int trunc_len = 0;
 
-               alg_name = lookup_algorithm(integrity_algs, int_alg);
+               alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
                if (alg_name == NULL)
                {
                        DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
@@ -1355,7 +1374,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        if (ipcomp != IPCOMP_NONE)
        {
                rthdr->rta_type = XFRMA_ALG_COMP;
-               alg_name = lookup_algorithm(compression_algs, ipcomp);
+               alg_name = lookup_algorithm(COMPRESSION_ALGORITHM, ipcomp);
                if (alg_name == NULL)
                {
                        DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
index 1342267..a562ddd 100644 (file)
@@ -807,8 +807,22 @@ static kernel_algorithm_t compression_algs[] = {
 /**
  * Look up a kernel algorithm ID and its key size
  */
-static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
+static int lookup_algorithm(transform_type_t type, int ikev2)
 {
+       kernel_algorithm_t *list;
+       int alg = 0;
+
+       switch (type)
+       {
+               case ENCRYPTION_ALGORITHM:
+                       list = encryption_algs;
+                       break;
+               case INTEGRITY_ALGORITHM:
+                       list = integrity_algs;
+                       break;
+               default:
+                       return 0;
+       }
        while (list->ikev2 != END_OF_LIST)
        {
                if (ikev2 == list->ikev2)
@@ -817,7 +831,9 @@ static int lookup_algorithm(kernel_algorithm_t *list, int ikev2)
                }
                list++;
        }
-       return 0;
+       hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
+                                                                                         type, &alg, NULL);
+       return alg;
 }
 
 /**
@@ -1510,8 +1526,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        sa->sadb_sa_len = PFKEY_LEN(len);
        sa->sadb_sa_spi = spi;
        sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
-       sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg);
-       sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg);
+       sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
+       sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
        PFKEY_EXT_ADD(msg, sa);
 
        sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
index 1e108f1..5625297 100644 (file)
 
 #include <crypto/transform.h>
 
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, AEAD_ALGORITHM,
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM,
        "UNDEFINED_TRANSFORM_TYPE",
        "HASH_ALGORITHM",
        "RANDOM_NUMBER_GENERATOR",
-       "AEAD_ALGORITHM");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, AEAD_ALGORITHM,
+       "AEAD_ALGORITHM",
+       "COMPRESSION_ALGORITHM");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM,
        "ENCRYPTION_ALGORITHM",
        "PSEUDO_RANDOM_FUNCTION",
        "INTEGRITY_ALGORITHM",
index 7469a37..311df06 100644 (file)
@@ -33,6 +33,7 @@ enum transform_type_t {
        HASH_ALGORITHM = 242,
        RANDOM_NUMBER_GENERATOR = 243,
        AEAD_ALGORITHM = 244,
+       COMPRESSION_ALGORITHM = 245,
        ENCRYPTION_ALGORITHM = 1,
        PSEUDO_RANDOM_FUNCTION = 2,
        INTEGRITY_ALGORITHM = 3,