Annotation of embedaddon/ipsec-tools/src/racoon/algorithm.c, revision 1.1
1.1 ! misho 1: /* $NetBSD: algorithm.c,v 1.8 2006/10/06 12:02:27 manu Exp $ */
! 2:
! 3: /* Id: algorithm.c,v 1.15 2006/05/23 20:23:09 manubsd Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #include "config.h"
! 35:
! 36: #include <sys/param.h>
! 37: #include <sys/types.h>
! 38: #include <stdlib.h>
! 39:
! 40: #include "var.h"
! 41: #include "misc.h"
! 42: #include "vmbuf.h"
! 43: #include "plog.h"
! 44: #include "debug.h"
! 45:
! 46: #include "crypto_openssl.h"
! 47: #include "dhgroup.h"
! 48: #include "algorithm.h"
! 49: #include "oakley.h"
! 50: #include "isakmp_var.h"
! 51: #include "isakmp.h"
! 52: #include "ipsec_doi.h"
! 53: #include "gcmalloc.h"
! 54:
! 55: static struct hash_algorithm oakley_hashdef[] = {
! 56: { "md5", algtype_md5, OAKLEY_ATTR_HASH_ALG_MD5,
! 57: eay_md5_init, eay_md5_update,
! 58: eay_md5_final, eay_md5_hashlen,
! 59: eay_md5_one, },
! 60: { "sha1", algtype_sha1, OAKLEY_ATTR_HASH_ALG_SHA,
! 61: eay_sha1_init, eay_sha1_update,
! 62: eay_sha1_final, eay_sha1_hashlen,
! 63: eay_sha1_one, },
! 64: #ifdef WITH_SHA2
! 65: { "sha2_256", algtype_sha2_256, OAKLEY_ATTR_HASH_ALG_SHA2_256,
! 66: eay_sha2_256_init, eay_sha2_256_update,
! 67: eay_sha2_256_final, eay_sha2_256_hashlen,
! 68: eay_sha2_256_one, },
! 69: { "sha2_384", algtype_sha2_384, OAKLEY_ATTR_HASH_ALG_SHA2_384,
! 70: eay_sha2_384_init, eay_sha2_384_update,
! 71: eay_sha2_384_final, eay_sha2_384_hashlen,
! 72: eay_sha2_384_one, },
! 73: { "sha2_512", algtype_sha2_512, OAKLEY_ATTR_HASH_ALG_SHA2_512,
! 74: eay_sha2_512_init, eay_sha2_512_update,
! 75: eay_sha2_512_final, eay_sha2_512_hashlen,
! 76: eay_sha2_512_one, },
! 77: #endif
! 78: };
! 79:
! 80: static struct hmac_algorithm oakley_hmacdef[] = {
! 81: { "hmac_md5", algtype_md5, OAKLEY_ATTR_HASH_ALG_MD5,
! 82: eay_hmacmd5_init, eay_hmacmd5_update,
! 83: eay_hmacmd5_final, NULL,
! 84: eay_hmacmd5_one, },
! 85: { "hmac_sha1", algtype_sha1, OAKLEY_ATTR_HASH_ALG_SHA,
! 86: eay_hmacsha1_init, eay_hmacsha1_update,
! 87: eay_hmacsha1_final, NULL,
! 88: eay_hmacsha1_one, },
! 89: #ifdef WITH_SHA2
! 90: { "hmac_sha2_256", algtype_sha2_256, OAKLEY_ATTR_HASH_ALG_SHA2_256,
! 91: eay_hmacsha2_256_init, eay_hmacsha2_256_update,
! 92: eay_hmacsha2_256_final, NULL,
! 93: eay_hmacsha2_256_one, },
! 94: { "hmac_sha2_384", algtype_sha2_384, OAKLEY_ATTR_HASH_ALG_SHA2_384,
! 95: eay_hmacsha2_384_init, eay_hmacsha2_384_update,
! 96: eay_hmacsha2_384_final, NULL,
! 97: eay_hmacsha2_384_one, },
! 98: { "hmac_sha2_512", algtype_sha2_512, OAKLEY_ATTR_HASH_ALG_SHA2_512,
! 99: eay_hmacsha2_512_init, eay_hmacsha2_512_update,
! 100: eay_hmacsha2_512_final, NULL,
! 101: eay_hmacsha2_512_one, },
! 102: #endif
! 103: };
! 104:
! 105: static struct enc_algorithm oakley_encdef[] = {
! 106: { "des", algtype_des, OAKLEY_ATTR_ENC_ALG_DES, 8,
! 107: eay_des_encrypt, eay_des_decrypt,
! 108: eay_des_weakkey, eay_des_keylen, },
! 109: #ifdef HAVE_OPENSSL_IDEA_H
! 110: { "idea", algtype_idea, OAKLEY_ATTR_ENC_ALG_IDEA, 8,
! 111: eay_idea_encrypt, eay_idea_decrypt,
! 112: eay_idea_weakkey, eay_idea_keylen, },
! 113: #endif
! 114: { "blowfish", algtype_blowfish, OAKLEY_ATTR_ENC_ALG_BLOWFISH, 8,
! 115: eay_bf_encrypt, eay_bf_decrypt,
! 116: eay_bf_weakkey, eay_bf_keylen, },
! 117: #ifdef HAVE_OPENSSL_RC5_H
! 118: { "rc5", algtype_rc5, OAKLEY_ATTR_ENC_ALG_RC5, 8,
! 119: eay_rc5_encrypt, eay_rc5_decrypt,
! 120: eay_rc5_weakkey, eay_rc5_keylen, },
! 121: #endif
! 122: { "3des", algtype_3des, OAKLEY_ATTR_ENC_ALG_3DES, 8,
! 123: eay_3des_encrypt, eay_3des_decrypt,
! 124: eay_3des_weakkey, eay_3des_keylen, },
! 125: { "cast", algtype_cast128, OAKLEY_ATTR_ENC_ALG_CAST, 8,
! 126: eay_cast_encrypt, eay_cast_decrypt,
! 127: eay_cast_weakkey, eay_cast_keylen, },
! 128: { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
! 129: eay_aes_encrypt, eay_aes_decrypt,
! 130: eay_aes_weakkey, eay_aes_keylen, },
! 131: #ifdef HAVE_OPENSSL_CAMELLIA_H
! 132: { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16,
! 133: eay_camellia_encrypt, eay_camellia_decrypt,
! 134: eay_camellia_weakkey, eay_camellia_keylen, },
! 135: #endif
! 136: };
! 137:
! 138: static struct enc_algorithm ipsec_encdef[] = {
! 139: { "des-iv64", algtype_des_iv64, IPSECDOI_ESP_DES_IV64, 8,
! 140: NULL, NULL,
! 141: NULL, eay_des_keylen, },
! 142: { "des", algtype_des, IPSECDOI_ESP_DES, 8,
! 143: NULL, NULL,
! 144: NULL, eay_des_keylen, },
! 145: { "3des", algtype_3des, IPSECDOI_ESP_3DES, 8,
! 146: NULL, NULL,
! 147: NULL, eay_3des_keylen, },
! 148: #ifdef HAVE_OPENSSL_RC5_H
! 149: { "rc5", algtype_rc5, IPSECDOI_ESP_RC5, 8,
! 150: NULL, NULL,
! 151: NULL, eay_rc5_keylen, },
! 152: #endif
! 153: { "cast", algtype_cast128, IPSECDOI_ESP_CAST, 8,
! 154: NULL, NULL,
! 155: NULL, eay_cast_keylen, },
! 156: { "blowfish", algtype_blowfish, IPSECDOI_ESP_BLOWFISH, 8,
! 157: NULL, NULL,
! 158: NULL, eay_bf_keylen, },
! 159: { "des-iv32", algtype_des_iv32, IPSECDOI_ESP_DES_IV32, 8,
! 160: NULL, NULL,
! 161: NULL, eay_des_keylen, },
! 162: { "null", algtype_null_enc, IPSECDOI_ESP_NULL, 8,
! 163: NULL, NULL,
! 164: NULL, eay_null_keylen, },
! 165: { "aes", algtype_aes, IPSECDOI_ESP_AES, 16,
! 166: NULL, NULL,
! 167: NULL, eay_aes_keylen, },
! 168: { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
! 169: NULL, NULL,
! 170: NULL, eay_twofish_keylen, },
! 171: #ifdef HAVE_OPENSSL_IDEA_H
! 172: { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
! 173: NULL, NULL,
! 174: NULL, NULL, },
! 175: { "idea", algtype_idea, IPSECDOI_ESP_IDEA, 8,
! 176: NULL, NULL,
! 177: NULL, NULL, },
! 178: #endif
! 179: { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
! 180: NULL, NULL,
! 181: NULL, NULL, },
! 182: #ifdef HAVE_OPENSSL_CAMELLIA_H
! 183: { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16,
! 184: NULL, NULL,
! 185: NULL, eay_camellia_keylen, },
! 186: #endif
! 187: };
! 188:
! 189: static struct hmac_algorithm ipsec_hmacdef[] = {
! 190: { "md5", algtype_hmac_md5, IPSECDOI_ATTR_AUTH_HMAC_MD5,
! 191: NULL, NULL,
! 192: NULL, eay_md5_hashlen,
! 193: NULL, },
! 194: { "sha1", algtype_hmac_sha1, IPSECDOI_ATTR_AUTH_HMAC_SHA1,
! 195: NULL, NULL,
! 196: NULL, eay_sha1_hashlen,
! 197: NULL, },
! 198: { "kpdk", algtype_kpdk, IPSECDOI_ATTR_AUTH_KPDK,
! 199: NULL, NULL,
! 200: NULL, eay_kpdk_hashlen,
! 201: NULL, },
! 202: { "null", algtype_non_auth, IPSECDOI_ATTR_AUTH_NONE,
! 203: NULL, NULL,
! 204: NULL, eay_null_hashlen,
! 205: NULL, },
! 206: #ifdef WITH_SHA2
! 207: { "hmac_sha2_256", algtype_hmac_sha2_256,IPSECDOI_ATTR_AUTH_HMAC_SHA2_256,
! 208: NULL, NULL,
! 209: NULL, eay_sha2_256_hashlen,
! 210: NULL, },
! 211: { "hmac_sha2_384", algtype_hmac_sha2_384,IPSECDOI_ATTR_AUTH_HMAC_SHA2_384,
! 212: NULL, NULL,
! 213: NULL, eay_sha2_384_hashlen,
! 214: NULL, },
! 215: { "hmac_sha2_512", algtype_hmac_sha2_512,IPSECDOI_ATTR_AUTH_HMAC_SHA2_512,
! 216: NULL, NULL,
! 217: NULL, eay_sha2_512_hashlen,
! 218: NULL, },
! 219: #endif
! 220: };
! 221:
! 222: static struct misc_algorithm ipsec_compdef[] = {
! 223: { "oui", algtype_oui, IPSECDOI_IPCOMP_OUI, },
! 224: { "deflate", algtype_deflate, IPSECDOI_IPCOMP_DEFLATE, },
! 225: { "lzs", algtype_lzs, IPSECDOI_IPCOMP_LZS, },
! 226: };
! 227:
! 228: /*
! 229: * In case of asymetric modes (hybrid xauth), what's racoon mode of
! 230: * operations ; it seems that the proposal should always use the
! 231: * initiator half (unless a server initiates a connection, which is
! 232: * not handled, and probably not useful).
! 233: */
! 234: static struct misc_algorithm oakley_authdef[] = {
! 235: { "pre_shared_key", algtype_psk, OAKLEY_ATTR_AUTH_METHOD_PSKEY, },
! 236: { "dsssig", algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, },
! 237: { "rsasig", algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, },
! 238: { "rsaenc", algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, },
! 239: { "rsarev", algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, },
! 240:
! 241: { "gssapi_krb", algtype_gssapikrb,
! 242: OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, },
! 243:
! 244: #ifdef ENABLE_HYBRID
! 245: { "hybrid_rsa_server", algtype_hybrid_rsa_s,
! 246: OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, },
! 247:
! 248: { "hybrid_dss_server", algtype_hybrid_dss_s,
! 249: OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, },
! 250:
! 251: { "xauth_psk_server", algtype_xauth_psk_s,
! 252: OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R, },
! 253:
! 254: { "xauth_rsa_server", algtype_xauth_rsa_s,
! 255: OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R, },
! 256:
! 257: { "hybrid_rsa_client", algtype_hybrid_rsa_c,
! 258: OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, },
! 259:
! 260: { "hybrid_dss_client", algtype_hybrid_dss_c,
! 261: OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, },
! 262:
! 263: { "xauth_psk_client", algtype_xauth_psk_c,
! 264: OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I, },
! 265:
! 266: { "xauth_rsa_client", algtype_xauth_rsa_c,
! 267: OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, },
! 268: #endif
! 269: };
! 270:
! 271: static struct dh_algorithm oakley_dhdef[] = {
! 272: { "modp768", algtype_modp768, OAKLEY_ATTR_GRP_DESC_MODP768,
! 273: &dh_modp768, },
! 274: { "modp1024", algtype_modp1024, OAKLEY_ATTR_GRP_DESC_MODP1024,
! 275: &dh_modp1024, },
! 276: { "modp1536", algtype_modp1536, OAKLEY_ATTR_GRP_DESC_MODP1536,
! 277: &dh_modp1536, },
! 278: { "modp2048", algtype_modp2048, OAKLEY_ATTR_GRP_DESC_MODP2048,
! 279: &dh_modp2048, },
! 280: { "modp3072", algtype_modp3072, OAKLEY_ATTR_GRP_DESC_MODP3072,
! 281: &dh_modp3072, },
! 282: { "modp4096", algtype_modp4096, OAKLEY_ATTR_GRP_DESC_MODP4096,
! 283: &dh_modp4096, },
! 284: { "modp6144", algtype_modp6144, OAKLEY_ATTR_GRP_DESC_MODP6144,
! 285: &dh_modp6144, },
! 286: { "modp8192", algtype_modp8192, OAKLEY_ATTR_GRP_DESC_MODP8192,
! 287: &dh_modp8192, },
! 288: };
! 289:
! 290: static struct hash_algorithm *alg_oakley_hashdef __P((int));
! 291: static struct hmac_algorithm *alg_oakley_hmacdef __P((int));
! 292: static struct enc_algorithm *alg_oakley_encdef __P((int));
! 293: static struct enc_algorithm *alg_ipsec_encdef __P((int));
! 294: static struct hmac_algorithm *alg_ipsec_hmacdef __P((int));
! 295: static struct dh_algorithm *alg_oakley_dhdef __P((int));
! 296:
! 297: /* oakley hash algorithm */
! 298: static struct hash_algorithm *
! 299: alg_oakley_hashdef(doi)
! 300: int doi;
! 301: {
! 302: int i;
! 303:
! 304: for (i = 0; i < ARRAYLEN(oakley_hashdef); i++)
! 305: if (doi == oakley_hashdef[i].doi) {
! 306: plog(LLV_DEBUG, LOCATION, NULL, "hash(%s)\n",
! 307: oakley_hashdef[i].name);
! 308: return &oakley_hashdef[i];
! 309: }
! 310: return NULL;
! 311: }
! 312:
! 313: int
! 314: alg_oakley_hashdef_ok(doi)
! 315: int doi;
! 316: {
! 317: struct hash_algorithm *f;
! 318:
! 319: f = alg_oakley_hashdef(doi);
! 320: if (f == NULL)
! 321: return 0;
! 322:
! 323: return 1;
! 324: }
! 325:
! 326: int
! 327: alg_oakley_hashdef_doi(type)
! 328: int type;
! 329: {
! 330: int i, res = -1;
! 331:
! 332: for (i = 0; i < ARRAYLEN(oakley_hashdef); i++)
! 333: if (type == oakley_hashdef[i].type) {
! 334: res = oakley_hashdef[i].doi;
! 335: break;
! 336: }
! 337: return res;
! 338: }
! 339:
! 340: int
! 341: alg_oakley_hashdef_hashlen(doi)
! 342: int doi;
! 343: {
! 344: struct hash_algorithm *f;
! 345:
! 346: f = alg_oakley_hashdef(doi);
! 347: if (f == NULL || f->hashlen == NULL)
! 348: return 0;
! 349:
! 350: return (f->hashlen)();
! 351: }
! 352:
! 353: const char *
! 354: alg_oakley_hashdef_name (doi)
! 355: int doi;
! 356: {
! 357: struct hash_algorithm *f;
! 358:
! 359: f = alg_oakley_hashdef(doi);
! 360: if (f == NULL)
! 361: return "*UNKNOWN*";
! 362:
! 363: return f->name;
! 364: }
! 365:
! 366: vchar_t *
! 367: alg_oakley_hashdef_one(doi, buf)
! 368: int doi;
! 369: vchar_t *buf;
! 370: {
! 371: struct hash_algorithm *f;
! 372:
! 373: f = alg_oakley_hashdef(doi);
! 374: if (f == NULL || f->hashlen == NULL)
! 375: return NULL;
! 376:
! 377: return (f->one)(buf);
! 378: }
! 379:
! 380: /* oakley hmac algorithm */
! 381: static struct hmac_algorithm *
! 382: alg_oakley_hmacdef(doi)
! 383: int doi;
! 384: {
! 385: int i;
! 386:
! 387: for (i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
! 388: if (doi == oakley_hmacdef[i].doi) {
! 389: plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
! 390: oakley_hmacdef[i].name);
! 391: return &oakley_hmacdef[i];
! 392: }
! 393: return NULL;
! 394: }
! 395:
! 396: int
! 397: alg_oakley_hmacdef_doi(type)
! 398: int type;
! 399: {
! 400: int i, res = -1;
! 401:
! 402: for (i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
! 403: if (type == oakley_hmacdef[i].type) {
! 404: res = oakley_hmacdef[i].doi;
! 405: break;
! 406: }
! 407: return res;
! 408: }
! 409:
! 410: vchar_t *
! 411: alg_oakley_hmacdef_one(doi, key, buf)
! 412: int doi;
! 413: vchar_t *key, *buf;
! 414: {
! 415: struct hmac_algorithm *f;
! 416: vchar_t *res;
! 417: #ifdef ENABLE_STATS
! 418: struct timeval start, end;
! 419: #endif
! 420:
! 421: f = alg_oakley_hmacdef(doi);
! 422: if (f == NULL || f->one == NULL)
! 423: return NULL;
! 424:
! 425: #ifdef ENABLE_STATS
! 426: gettimeofday(&start, NULL);
! 427: #endif
! 428:
! 429: res = (f->one)(key, buf);
! 430:
! 431: #ifdef ENABLE_STATS
! 432: gettimeofday(&end, NULL);
! 433: syslog(LOG_NOTICE, "%s(%s size=%zu): %8.6f", __func__,
! 434: f->name, buf->l, timedelta(&start, &end));
! 435: #endif
! 436:
! 437: return res;
! 438: }
! 439:
! 440: /* oakley encryption algorithm */
! 441: static struct enc_algorithm *
! 442: alg_oakley_encdef(doi)
! 443: int doi;
! 444: {
! 445: int i;
! 446:
! 447: for (i = 0; i < ARRAYLEN(oakley_encdef); i++)
! 448: if (doi == oakley_encdef[i].doi) {
! 449: plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
! 450: oakley_encdef[i].name);
! 451: return &oakley_encdef[i];
! 452: }
! 453: return NULL;
! 454: }
! 455:
! 456: int
! 457: alg_oakley_encdef_ok(doi)
! 458: int doi;
! 459: {
! 460: struct enc_algorithm *f;
! 461:
! 462: f = alg_oakley_encdef(doi);
! 463: if (f == NULL)
! 464: return 0;
! 465:
! 466: return 1;
! 467: }
! 468:
! 469: int
! 470: alg_oakley_encdef_doi(type)
! 471: int type;
! 472: {
! 473: int i, res = -1;
! 474:
! 475: for (i = 0; i < ARRAYLEN(oakley_encdef); i++)
! 476: if (type == oakley_encdef[i].type) {
! 477: res = oakley_encdef[i].doi;
! 478: break;
! 479: }
! 480: return res;
! 481: }
! 482:
! 483: int
! 484: alg_oakley_encdef_keylen(doi, len)
! 485: int doi, len;
! 486: {
! 487: struct enc_algorithm *f;
! 488:
! 489: f = alg_oakley_encdef(doi);
! 490: if (f == NULL || f->keylen == NULL)
! 491: return -1;
! 492:
! 493: return (f->keylen)(len);
! 494: }
! 495:
! 496: int
! 497: alg_oakley_encdef_blocklen(doi)
! 498: int doi;
! 499: {
! 500: struct enc_algorithm *f;
! 501:
! 502: f = alg_oakley_encdef(doi);
! 503: if (f == NULL)
! 504: return -1;
! 505:
! 506: return f->blocklen;
! 507: }
! 508:
! 509: const char *
! 510: alg_oakley_encdef_name (doi)
! 511: int doi;
! 512: {
! 513: struct enc_algorithm *f;
! 514:
! 515: f = alg_oakley_encdef(doi);
! 516: if (f == NULL)
! 517: return "*UNKNOWN*";
! 518:
! 519: return f->name;
! 520: }
! 521:
! 522: vchar_t *
! 523: alg_oakley_encdef_decrypt(doi, buf, key, iv)
! 524: int doi;
! 525: vchar_t *buf, *key, *iv;
! 526: {
! 527: vchar_t *res;
! 528: struct enc_algorithm *f;
! 529: #ifdef ENABLE_STATS
! 530: struct timeval start, end;
! 531: #endif
! 532:
! 533: f = alg_oakley_encdef(doi);
! 534: if (f == NULL || f->decrypt == NULL)
! 535: return NULL;
! 536:
! 537: #ifdef ENABLE_STATS
! 538: gettimeofday(&start, NULL);
! 539: #endif
! 540:
! 541: res = (f->decrypt)(buf, key, iv);
! 542:
! 543: #ifdef ENABLE_STATS
! 544: gettimeofday(&end, NULL);
! 545: syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
! 546: f->name, key->l << 3, buf->l, timedelta(&start, &end));
! 547: #endif
! 548: return res;
! 549: }
! 550:
! 551: vchar_t *
! 552: alg_oakley_encdef_encrypt(doi, buf, key, iv)
! 553: int doi;
! 554: vchar_t *buf, *key, *iv;
! 555: {
! 556: vchar_t *res;
! 557: struct enc_algorithm *f;
! 558: #ifdef ENABLE_STATS
! 559: struct timeval start, end;
! 560: #endif
! 561:
! 562: f = alg_oakley_encdef(doi);
! 563: if (f == NULL || f->encrypt == NULL)
! 564: return NULL;
! 565:
! 566: #ifdef ENABLE_STATS
! 567: gettimeofday(&start, NULL);
! 568: #endif
! 569:
! 570: res = (f->encrypt)(buf, key, iv);
! 571:
! 572: #ifdef ENABLE_STATS
! 573: gettimeofday(&end, NULL);
! 574: syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
! 575: f->name, key->l << 3, buf->l, timedelta(&start, &end));
! 576: #endif
! 577: return res;
! 578: }
! 579:
! 580: /* ipsec encryption algorithm */
! 581: static struct enc_algorithm *
! 582: alg_ipsec_encdef(doi)
! 583: int doi;
! 584: {
! 585: int i;
! 586:
! 587: for (i = 0; i < ARRAYLEN(ipsec_encdef); i++)
! 588: if (doi == ipsec_encdef[i].doi) {
! 589: plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
! 590: ipsec_encdef[i].name);
! 591: return &ipsec_encdef[i];
! 592: }
! 593: return NULL;
! 594: }
! 595:
! 596: int
! 597: alg_ipsec_encdef_doi(type)
! 598: int type;
! 599: {
! 600: int i, res = -1;
! 601:
! 602: for (i = 0; i < ARRAYLEN(ipsec_encdef); i++)
! 603: if (type == ipsec_encdef[i].type) {
! 604: res = ipsec_encdef[i].doi;
! 605: break;
! 606: }
! 607: return res;
! 608: }
! 609:
! 610: int
! 611: alg_ipsec_encdef_keylen(doi, len)
! 612: int doi, len;
! 613: {
! 614: struct enc_algorithm *f;
! 615:
! 616: f = alg_ipsec_encdef(doi);
! 617: if (f == NULL || f->keylen == NULL)
! 618: return -1;
! 619:
! 620: return (f->keylen)(len);
! 621: }
! 622:
! 623: /* ipsec hmac algorithm */
! 624: static struct hmac_algorithm *
! 625: alg_ipsec_hmacdef(doi)
! 626: int doi;
! 627: {
! 628: int i;
! 629:
! 630: for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
! 631: if (doi == ipsec_hmacdef[i].doi) {
! 632: plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
! 633: ipsec_hmacdef[i].name);
! 634: return &ipsec_hmacdef[i];
! 635: }
! 636: return NULL;
! 637: }
! 638:
! 639: int
! 640: alg_ipsec_hmacdef_doi(type)
! 641: int type;
! 642: {
! 643: int i, res = -1;
! 644:
! 645: for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
! 646: if (type == ipsec_hmacdef[i].type) {
! 647: res = ipsec_hmacdef[i].doi;
! 648: break;
! 649: }
! 650: return res;
! 651: }
! 652:
! 653: int
! 654: alg_ipsec_hmacdef_hashlen(doi)
! 655: int doi;
! 656: {
! 657: struct hmac_algorithm *f;
! 658:
! 659: f = alg_ipsec_hmacdef(doi);
! 660: if (f == NULL || f->hashlen == NULL)
! 661: return -1;
! 662:
! 663: return (f->hashlen)();
! 664: }
! 665:
! 666: /* ip compression */
! 667: int
! 668: alg_ipsec_compdef_doi(type)
! 669: int type;
! 670: {
! 671: int i, res = -1;
! 672:
! 673: for (i = 0; i < ARRAYLEN(ipsec_compdef); i++)
! 674: if (type == ipsec_compdef[i].type) {
! 675: res = ipsec_compdef[i].doi;
! 676: break;
! 677: }
! 678: return res;
! 679: }
! 680:
! 681: /* dh algorithm */
! 682: static struct dh_algorithm *
! 683: alg_oakley_dhdef(doi)
! 684: int doi;
! 685: {
! 686: int i;
! 687:
! 688: for (i = 0; i < ARRAYLEN(oakley_dhdef); i++)
! 689: if (doi == oakley_dhdef[i].doi) {
! 690: plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
! 691: oakley_dhdef[i].name);
! 692: return &oakley_dhdef[i];
! 693: }
! 694: return NULL;
! 695: }
! 696:
! 697: int
! 698: alg_oakley_dhdef_ok(doi)
! 699: int doi;
! 700: {
! 701: struct dh_algorithm *f;
! 702:
! 703: f = alg_oakley_dhdef(doi);
! 704: if (f == NULL)
! 705: return 0;
! 706:
! 707: return 1;
! 708: }
! 709:
! 710: int
! 711: alg_oakley_dhdef_doi(type)
! 712: int type;
! 713: {
! 714: int i, res = -1;
! 715:
! 716: for (i = 0; i < ARRAYLEN(oakley_dhdef); i++)
! 717: if (type == oakley_dhdef[i].type) {
! 718: res = oakley_dhdef[i].doi;
! 719: break;
! 720: }
! 721: return res;
! 722: }
! 723:
! 724: struct dhgroup *
! 725: alg_oakley_dhdef_group(doi)
! 726: int doi;
! 727: {
! 728: struct dh_algorithm *f;
! 729:
! 730: f = alg_oakley_dhdef(doi);
! 731: if (f == NULL || f->dhgroup == NULL)
! 732: return NULL;
! 733:
! 734: return f->dhgroup;
! 735: }
! 736:
! 737: const char *
! 738: alg_oakley_dhdef_name (doi)
! 739: int doi;
! 740: {
! 741: struct dh_algorithm *f;
! 742:
! 743: f = alg_oakley_dhdef(doi);
! 744: if (f == NULL)
! 745: return "*UNKNOWN*";
! 746: return f->name;
! 747: }
! 748:
! 749: /* authentication method */
! 750: int
! 751: alg_oakley_authdef_doi(type)
! 752: int type;
! 753: {
! 754: int i, res = -1;
! 755:
! 756: for (i = 0; i < ARRAYLEN(oakley_authdef); i++)
! 757: if (type == oakley_authdef[i].type) {
! 758: res = oakley_authdef[i].doi;
! 759: break;
! 760: }
! 761: return res;
! 762: }
! 763:
! 764: const char *
! 765: alg_oakley_authdef_name (doi)
! 766: int doi;
! 767: {
! 768: int i;
! 769:
! 770: for (i = 0; i < ARRAYLEN(oakley_authdef); i++)
! 771: if (doi == oakley_authdef[i].doi) {
! 772: return oakley_authdef[i].name;
! 773: }
! 774: return "*UNKNOWN*";
! 775: }
! 776:
! 777: /*
! 778: * give the default key length
! 779: * OUT: -1: NG
! 780: * 0: fixed key cipher, key length not allowed
! 781: * positive: default key length
! 782: */
! 783: int
! 784: default_keylen(class, type)
! 785: int class, type;
! 786: {
! 787:
! 788: switch (class) {
! 789: case algclass_isakmp_enc:
! 790: case algclass_ipsec_enc:
! 791: break;
! 792: default:
! 793: return 0;
! 794: }
! 795:
! 796: switch (type) {
! 797: case algtype_blowfish:
! 798: case algtype_rc5:
! 799: case algtype_cast128:
! 800: case algtype_aes:
! 801: case algtype_twofish:
! 802: case algtype_camellia:
! 803: return 128;
! 804: default:
! 805: return 0;
! 806: }
! 807: }
! 808:
! 809: /*
! 810: * check key length
! 811: * OUT: -1: NG
! 812: * 0: OK
! 813: */
! 814: int
! 815: check_keylen(class, type, len)
! 816: int class, type, len;
! 817: {
! 818: int badrange;
! 819:
! 820: switch (class) {
! 821: case algclass_isakmp_enc:
! 822: case algclass_ipsec_enc:
! 823: break;
! 824: default:
! 825: /* unknown class, punt */
! 826: plog(LLV_ERROR, LOCATION, NULL,
! 827: "unknown algclass %d\n", class);
! 828: return -1;
! 829: }
! 830:
! 831: /* key length must be multiple of 8 bytes - RFC2451 2.2 */
! 832: switch (type) {
! 833: case algtype_blowfish:
! 834: case algtype_rc5:
! 835: case algtype_cast128:
! 836: case algtype_aes:
! 837: case algtype_twofish:
! 838: case algtype_camellia:
! 839: if (len % 8 != 0) {
! 840: plog(LLV_ERROR, LOCATION, NULL,
! 841: "key length %d is not multiple of 8\n", len);
! 842: return -1;
! 843: }
! 844: break;
! 845: }
! 846:
! 847: /* key length range */
! 848: badrange = 0;
! 849: switch (type) {
! 850: case algtype_blowfish:
! 851: if (len < 40 || 448 < len)
! 852: badrange++;
! 853: break;
! 854: case algtype_rc5:
! 855: if (len < 40 || 2040 < len)
! 856: badrange++;
! 857: break;
! 858: case algtype_cast128:
! 859: if (len < 40 || 128 < len)
! 860: badrange++;
! 861: break;
! 862: case algtype_aes:
! 863: if (!(len == 128 || len == 192 || len == 256))
! 864: badrange++;
! 865: break;
! 866: case algtype_twofish:
! 867: if (len < 40 || 256 < len)
! 868: badrange++;
! 869: break;
! 870: case algtype_camellia:
! 871: if (!(len == 128 || len == 192 || len == 256))
! 872: badrange++;
! 873: break;
! 874: default:
! 875: if (len) {
! 876: plog(LLV_ERROR, LOCATION, NULL,
! 877: "key length is not allowed");
! 878: return -1;
! 879: }
! 880: break;
! 881: }
! 882: if (badrange) {
! 883: plog(LLV_ERROR, LOCATION, NULL,
! 884: "key length out of range\n");
! 885: return -1;
! 886: }
! 887:
! 888: return 0;
! 889: }
! 890:
! 891: /*
! 892: * convert algorithm type to DOI value.
! 893: * OUT -1 : NG
! 894: * other: converted.
! 895: */
! 896: int
! 897: algtype2doi(class, type)
! 898: int class, type;
! 899: {
! 900: int res = -1;
! 901:
! 902: switch (class) {
! 903: case algclass_ipsec_enc:
! 904: res = alg_ipsec_encdef_doi(type);
! 905: break;
! 906: case algclass_ipsec_auth:
! 907: res = alg_ipsec_hmacdef_doi(type);
! 908: break;
! 909: case algclass_ipsec_comp:
! 910: res = alg_ipsec_compdef_doi(type);
! 911: break;
! 912: case algclass_isakmp_enc:
! 913: res = alg_oakley_encdef_doi(type);
! 914: break;
! 915: case algclass_isakmp_hash:
! 916: res = alg_oakley_hashdef_doi(type);
! 917: break;
! 918: case algclass_isakmp_dh:
! 919: res = alg_oakley_dhdef_doi(type);
! 920: break;
! 921: case algclass_isakmp_ameth:
! 922: res = alg_oakley_authdef_doi(type);
! 923: break;
! 924: }
! 925: return res;
! 926: }
! 927:
! 928: /*
! 929: * convert algorithm class to DOI value.
! 930: * OUT -1 : NG
! 931: * other: converted.
! 932: */
! 933: int
! 934: algclass2doi(class)
! 935: int class;
! 936: {
! 937: switch (class) {
! 938: case algclass_ipsec_enc:
! 939: return IPSECDOI_PROTO_IPSEC_ESP;
! 940: case algclass_ipsec_auth:
! 941: return IPSECDOI_ATTR_AUTH;
! 942: case algclass_ipsec_comp:
! 943: return IPSECDOI_PROTO_IPCOMP;
! 944: case algclass_isakmp_enc:
! 945: return OAKLEY_ATTR_ENC_ALG;
! 946: case algclass_isakmp_hash:
! 947: return OAKLEY_ATTR_HASH_ALG;
! 948: case algclass_isakmp_dh:
! 949: return OAKLEY_ATTR_GRP_DESC;
! 950: case algclass_isakmp_ameth:
! 951: return OAKLEY_ATTR_AUTH_METHOD;
! 952: default:
! 953: return -1;
! 954: }
! 955: /*NOTREACHED*/
! 956: return -1;
! 957: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to algorithm.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon