support of AES_XCBC and CAMELLIA ESP cipher by pluto
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 18 Apr 2008 17:01:45 +0000 (17:01 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 18 Apr 2008 17:01:45 +0000 (17:01 -0000)
src/libfreeswan/pfkeyv2.h
src/pluto/alg_info.c
src/pluto/kernel.c
src/pluto/kernel_netlink.c

index 2c501fc..0decd4a 100644 (file)
@@ -312,49 +312,39 @@ struct sadb_protocol {
 #define SADB_X_SAFLAGS_CLEARFLOW       4
 #define SADB_X_SAFLAGS_INFLOW          8
 
-/* not obvious, but these are the same values as used in isakmp,
- * and in freeswan/ipsec_policy.h. If you need to add any, they
- * should be added as according to
- *   http://www.iana.org/assignments/isakmp-registry
- *
- * and if not, then please try to use a private-use value, and
- * consider asking IANA to assign a value.
- */
-#define SADB_AALG_NONE                  0
-#define SADB_AALG_MD5_HMAC             2
-#define SADB_AALG_SHA1_HMAC            3
-#define SADB_AALG_DES_MAC              4
-#define SADB_AALG_SHA2_256_HMAC                5
-#define SADB_AALG_SHA2_384_HMAC                6
-#define SADB_AALG_SHA2_512_HMAC                7
-#define SADB_AALG_RIPEMD_160_HMAC      8
-#define SADB_AALG_AES_XCBC_MAC         9
+/* Authentication algorithms */
+#define SADB_AALG_NONE                 0
+#define SADB_AALG_MD5HMAC              2
+#define SADB_AALG_SHA1HMAC             3
+#define SADB_X_AALG_SHA2_256HMAC       5
+#define SADB_X_AALG_SHA2_384HMAC       6
+#define SADB_X_AALG_SHA2_512HMAC       7
+#define SADB_X_AALG_RIPEMD160HMAC      8
+#define SADB_X_AALG_AES_XCBC_MAC       9
 #define SADB_X_AALG_NULL               251     /* kame */
 #define SADB_AALG_MAX                  251
 
+/* Encryption algorithms */
 #define SADB_EALG_NONE                 0
-#define SADB_EALG_DES_CBC              2
-#define SADB_EALG_3DES_CBC             3
-#define SADB_EALG_RC5_CBC              4
-#define SADB_EALG_IDEA_CBC             5
-#define SADB_EALG_CAST_CBC             6
-#define SADB_EALG_BLOWFISH_CBC         7
+#define SADB_EALG_DESCBC               2
+#define SADB_EALG_3DESCBC              3
+#define SADB_X_EALG_CASTCBC            6
+#define SADB_X_EALG_BLOWFISHCBC                7
 #define SADB_EALG_NULL                 11
-#define SADB_EALG_AES_CBC              12
-#define SADB_EALG_AES_CTR              13
-#define SADB_X_EALG_SERPENT_CBC                252
-#define SADB_X_EALG_TWOFISH_CBC                253
-#define SADB_EALG_MAX                  253
-
-#define SADB_X_CALG_NONE          0
-#define SADB_X_CALG_OUI           1
-#define SADB_X_CALG_DEFLATE       2
-#define SADB_X_CALG_LZS           3
-#define SADB_X_CALG_V42BIS        4
-#ifdef KERNEL26_HAS_KAME_DUPLICATES
-#define SADB_X_CALG_LZJH          4
-#endif
-#define SADB_X_CALG_MAX           4
+#define SADB_X_EALG_AESCBC             12
+#define SADB_X_EALG_CAMELLIACBC                22
+#define SADB_EALG_MAX                   253 /* last EALG */
+/* private allocations should use 249-255 (RFC2407) */
+#define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+#define SADB_X_EALG_TWOFISHCBC  253     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+
+/* Compression algorithms */
+#define SADB_X_CALG_NONE               0
+#define SADB_X_CALG_OUI                        1
+#define SADB_X_CALG_DEFLATE            2
+#define SADB_X_CALG_LZS                        3
+#define SADB_X_CALG_LZJH               4
+#define SADB_X_CALG_MAX                        4
 
 #define SADB_X_TALG_NONE          0
 #define SADB_X_TALG_IPv4_in_IPv4  1
@@ -363,13 +353,11 @@ struct sadb_protocol {
 #define SADB_X_TALG_IPv6_in_IPv6  4
 #define SADB_X_TALG_MAX           4
 
+/* Identity Extension values */
+#define SADB_IDENTTYPE_RESERVED        0
+#define SADB_IDENTTYPE_PREFIX  1
+#define SADB_IDENTTYPE_FQDN    2
+#define SADB_IDENTTYPE_USERFQDN        3
+#define SADB_IDENTTYPE_MAX     3
 
-#define SADB_IDENTTYPE_RESERVED   0
-#define SADB_IDENTTYPE_PREFIX     1
-#define SADB_IDENTTYPE_FQDN       2
-#define SADB_IDENTTYPE_USERFQDN   3
-#define SADB_X_IDENTTYPE_CONNECTION 4
-#define SADB_IDENTTYPE_MAX        4
-
-#define SADB_KEY_FLAGS_MAX     0
 #endif /* __PFKEY_V2_H */
index 2187fae..c998e54 100644 (file)
@@ -96,8 +96,8 @@ alg_info_esp_sadb2aa(int sadb_aalg)
     int auth = 0;
 
     switch(sadb_aalg) {
-       case SADB_AALG_MD5_HMAC:
-       case SADB_AALG_SHA1_HMAC:
+       case SADB_AALG_MD5HMAC:
+       case SADB_AALG_SHA1HMAC:
            auth = sadb_aalg - 1;
            break;
        /* since they are the same ...  :)  */
@@ -195,7 +195,11 @@ aalg_getbyname_esp(const char *const str, int len)
 
     /* interpret 'SHA' as 'SHA1' */
     if (strncasecmp("SHA", str, len) == 0)
-       return enum_search(&auth_alg_names, "AUTH_ALGORITHM_HMAC_SHA1");
+       return AUTH_ALGORITHM_HMAC_SHA1;
+
+    /* interpret 'AESXCBC' as 'AES_XCBC_MAC' */
+    if (strncasecmp("AESXCBC", str, len) == 0)
+       return AUTH_ALGORITHM_AES_XCBC_MAC;
 
     ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_HMAC_", str ,len);
     if (ret >= 0)
index 1b74ad6..09b4bba 100644 (file)
@@ -1827,30 +1827,30 @@ setup_half_ipsec_sa(struct state *st, bool inbound)
        static const struct esp_info esp_info[] = {
            { ESP_NULL, AUTH_ALGORITHM_HMAC_MD5,
                0, HMAC_MD5_KEY_LEN,
-               SADB_EALG_NULL, SADB_AALG_MD5_HMAC },
+               SADB_EALG_NULL, SADB_AALG_MD5HMAC },
            { ESP_NULL, AUTH_ALGORITHM_HMAC_SHA1,
                0, HMAC_SHA1_KEY_LEN,
-               SADB_EALG_NULL, SADB_AALG_SHA1_HMAC },
+               SADB_EALG_NULL, SADB_AALG_SHA1HMAC },
 
            { ESP_DES, AUTH_ALGORITHM_NONE,
                DES_CBC_BLOCK_SIZE, 0,
-               SADB_EALG_DES_CBC, SADB_AALG_NONE },
+               SADB_EALG_DESCBC, SADB_AALG_NONE },
            { ESP_DES, AUTH_ALGORITHM_HMAC_MD5,
                DES_CBC_BLOCK_SIZE, HMAC_MD5_KEY_LEN,
-               SADB_EALG_DES_CBC, SADB_AALG_MD5_HMAC },
+               SADB_EALG_DESCBC, SADB_AALG_MD5HMAC },
            { ESP_DES, AUTH_ALGORITHM_HMAC_SHA1,
                DES_CBC_BLOCK_SIZE,
-               HMAC_SHA1_KEY_LEN, SADB_EALG_DES_CBC, SADB_AALG_SHA1_HMAC },
+               HMAC_SHA1_KEY_LEN, SADB_EALG_DESCBC, SADB_AALG_SHA1HMAC },
 
            { ESP_3DES, AUTH_ALGORITHM_NONE,
                DES_CBC_BLOCK_SIZE * 3, 0,
-               SADB_EALG_3DES_CBC, SADB_AALG_NONE },
+               SADB_EALG_3DESCBC, SADB_AALG_NONE },
            { ESP_3DES, AUTH_ALGORITHM_HMAC_MD5,
                DES_CBC_BLOCK_SIZE * 3, HMAC_MD5_KEY_LEN,
-               SADB_EALG_3DES_CBC, SADB_AALG_MD5_HMAC },
+               SADB_EALG_3DESCBC, SADB_AALG_MD5HMAC },
            { ESP_3DES, AUTH_ALGORITHM_HMAC_SHA1,
                DES_CBC_BLOCK_SIZE * 3, HMAC_SHA1_KEY_LEN,
-               SADB_EALG_3DES_CBC, SADB_AALG_SHA1_HMAC },
+               SADB_EALG_3DESCBC, SADB_AALG_SHA1HMAC },
        };
 
        u_int8_t natt_type = 0;
@@ -1976,11 +1976,11 @@ setup_half_ipsec_sa(struct state *st, bool inbound)
        switch (st->st_ah.attrs.auth)
        {
        case AUTH_ALGORITHM_HMAC_MD5:
-           authalg = SADB_AALG_MD5_HMAC;
+           authalg = SADB_AALG_MD5HMAC;
            break;
 
        case AUTH_ALGORITHM_HMAC_SHA1:
-           authalg = SADB_AALG_SHA1_HMAC;
+           authalg = SADB_AALG_SHA1HMAC;
            break;
 
        default:
index c9be3e6..2850a7f 100644 (file)
@@ -83,12 +83,13 @@ static sparse_names xfrm_type_names = {
 /* Authentication algorithms */
 static sparse_names aalg_list = {
        { SADB_X_AALG_NULL, "digest_null" },
-       { SADB_AALG_MD5_HMAC, "md5" },
-       { SADB_AALG_SHA1_HMAC, "sha1" },
-       { SADB_AALG_SHA2_256_HMAC, "sha256" },
-       { SADB_AALG_SHA2_384_HMAC, "sha384" },
-       { SADB_AALG_SHA2_512_HMAC, "sha512" },
-       { SADB_AALG_RIPEMD_160_HMAC, "ripemd160" },
+       { SADB_AALG_MD5HMAC, "md5" },
+       { SADB_AALG_SHA1HMAC, "sha1" },
+       { SADB_X_AALG_SHA2_256HMAC, "sha256" },
+       { SADB_X_AALG_SHA2_384HMAC, "sha384" },
+       { SADB_X_AALG_SHA2_512HMAC, "sha512" },
+       { SADB_X_AALG_RIPEMD160HMAC, "ripemd160" },
+       { SADB_X_AALG_AES_XCBC_MAC, "aesxcbc"},
        { SADB_X_AALG_NULL, "null" },
        { 0, sparse_end }
 };
@@ -96,14 +97,14 @@ static sparse_names aalg_list = {
 /* Encryption algorithms */
 static sparse_names ealg_list = {
        { SADB_EALG_NULL, "cipher_null" },
-       { SADB_EALG_DES_CBC, "des" },
-       { SADB_EALG_3DES_CBC, "des3_ede" },
-       { SADB_EALG_IDEA_CBC, "idea" },
-       { SADB_EALG_CAST_CBC, "cast128" },
-       { SADB_EALG_BLOWFISH_CBC, "blowfish" },
-       { SADB_EALG_AES_CBC, "aes" },
-       { SADB_X_EALG_SERPENT_CBC, "serpent" },
-       { SADB_X_EALG_TWOFISH_CBC, "twofish" },
+       { SADB_EALG_DESCBC, "des" },
+       { SADB_EALG_3DESCBC, "des3_ede" },
+       { SADB_X_EALG_CASTCBC, "cast128" },
+       { SADB_X_EALG_BLOWFISHCBC, "blowfish" },
+       { SADB_X_EALG_AESCBC, "aes" },
+       { SADB_X_EALG_CAMELLIACBC, "camellia" },
+       { SADB_X_EALG_SERPENTCBC, "serpent" },
+       { SADB_X_EALG_TWOFISHCBC, "twofish" },
        { 0, sparse_end }
 };