]> git.saurik.com Git - apple/ipsec.git/blobdiff - ipsec-tools/racoon/algorithm.c
projects / apple / ipsec.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipsec-146.2.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / algorithm.c
diff --git a/ipsec-tools/racoon/algorithm.c b/ipsec-tools/racoon/algorithm.c
index 1af0150dafa228d4d3a146e3de167d45cdc323bd..3440fc31e474694a7b24023440399bc086a525c7 100644 (file)
--- a/ipsec-tools/racoon/algorithm.c
+++ b/ipsec-tools/racoon/algorithm.c
@@ -104,6 +104,7 @@ static struct enc_algorithm oakley_encdef[] = {
 { "des",       algtype_des,            OAKLEY_ATTR_ENC_ALG_DES,        8,
                eay_des_encrypt,        eay_des_decrypt,
                eay_des_weakkey,        eay_des_keylen, },
 { "des",       algtype_des,            OAKLEY_ATTR_ENC_ALG_DES,        8,
                eay_des_encrypt,        eay_des_decrypt,
                eay_des_weakkey,        eay_des_keylen, },
+#ifdef HAVE_OPENSSL
 #ifdef HAVE_OPENSSL_IDEA_H
 { "idea",      algtype_idea,           OAKLEY_ATTR_ENC_ALG_IDEA,       8,
                eay_idea_encrypt,       eay_idea_decrypt,
 #ifdef HAVE_OPENSSL_IDEA_H
 { "idea",      algtype_idea,           OAKLEY_ATTR_ENC_ALG_IDEA,       8,
                eay_idea_encrypt,       eay_idea_decrypt,
@@ -117,12 +118,15 @@ static struct enc_algorithm oakley_encdef[] = {
                eay_rc5_encrypt,        eay_rc5_decrypt,
                eay_rc5_weakkey,        eay_rc5_keylen, },
 #endif
                eay_rc5_encrypt,        eay_rc5_decrypt,
                eay_rc5_weakkey,        eay_rc5_keylen, },
 #endif
+#endif
 { "3des",      algtype_3des,           OAKLEY_ATTR_ENC_ALG_3DES,       8,
                eay_3des_encrypt,       eay_3des_decrypt,
                eay_3des_weakkey,       eay_3des_keylen, },
 { "3des",      algtype_3des,           OAKLEY_ATTR_ENC_ALG_3DES,       8,
                eay_3des_encrypt,       eay_3des_decrypt,
                eay_3des_weakkey,       eay_3des_keylen, },
+#ifdef HAVE_OPENSSL
 { "cast",      algtype_cast128,        OAKLEY_ATTR_ENC_ALG_CAST,       8,
                eay_cast_encrypt,       eay_cast_decrypt,
                eay_cast_weakkey,       eay_cast_keylen, },
 { "cast",      algtype_cast128,        OAKLEY_ATTR_ENC_ALG_CAST,       8,
                eay_cast_encrypt,       eay_cast_decrypt,
                eay_cast_weakkey,       eay_cast_keylen, },
+#endif
 { "aes",       algtype_aes,    OAKLEY_ATTR_ENC_ALG_AES,        16,
                eay_aes_encrypt,        eay_aes_decrypt,
                eay_aes_weakkey,        eay_aes_keylen, },
 { "aes",       algtype_aes,    OAKLEY_ATTR_ENC_ALG_AES,        16,
                eay_aes_encrypt,        eay_aes_decrypt,
                eay_aes_weakkey,        eay_aes_keylen, },
@@ -138,6 +142,7 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "3des",      algtype_3des,           IPSECDOI_ESP_3DES,              8,
                NULL,                   NULL,
                NULL,                   eay_3des_keylen, },
 { "3des",      algtype_3des,           IPSECDOI_ESP_3DES,              8,
                NULL,                   NULL,
                NULL,                   eay_3des_keylen, },
+#ifdef HAVE_OPENSSL
 #ifdef HAVE_OPENSSL_RC5_H
 { "rc5",       algtype_rc5,            IPSECDOI_ESP_RC5,               8,
                NULL,                   NULL,
 #ifdef HAVE_OPENSSL_RC5_H
 { "rc5",       algtype_rc5,            IPSECDOI_ESP_RC5,               8,
                NULL,                   NULL,
@@ -149,6 +154,7 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "blowfish",  algtype_blowfish,       IPSECDOI_ESP_BLOWFISH,          8,
                NULL,                   NULL,
                NULL,                   eay_bf_keylen, },
 { "blowfish",  algtype_blowfish,       IPSECDOI_ESP_BLOWFISH,          8,
                NULL,                   NULL,
                NULL,                   eay_bf_keylen, },
+#endif
 { "des-iv32",  algtype_des_iv32,       IPSECDOI_ESP_DES_IV32,          8,
                NULL,                   NULL,
                NULL,                   eay_des_keylen, },
 { "des-iv32",  algtype_des_iv32,       IPSECDOI_ESP_DES_IV32,          8,
                NULL,                   NULL,
                NULL,                   eay_des_keylen, },
@@ -158,6 +164,7 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "aes",       algtype_aes,            IPSECDOI_ESP_AES,               16,
                NULL,                   NULL,
                NULL,                   eay_aes_keylen, },
 { "aes",       algtype_aes,            IPSECDOI_ESP_AES,               16,
                NULL,                   NULL,
                NULL,                   eay_aes_keylen, },
+#ifdef HAVE_OPENSSL
 { "twofish",   algtype_twofish,        IPSECDOI_ESP_TWOFISH,           16,
                NULL,                   NULL,
                NULL,                   eay_twofish_keylen, },
 { "twofish",   algtype_twofish,        IPSECDOI_ESP_TWOFISH,           16,
                NULL,                   NULL,
                NULL,                   eay_twofish_keylen, },
@@ -172,6 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "rc4",       algtype_rc4,            IPSECDOI_ESP_RC4,               8,
                NULL,                   NULL,
                NULL,                   NULL, },
 { "rc4",       algtype_rc4,            IPSECDOI_ESP_RC4,               8,
                NULL,                   NULL,
                NULL,                   NULL, },
+#endif
 };
 
 static struct hmac_algorithm ipsec_hmacdef[] = {
 };
 
 static struct hmac_algorithm ipsec_hmacdef[] = {
@@ -183,10 +191,12 @@ static struct hmac_algorithm ipsec_hmacdef[] = {
                NULL,                   NULL,
                NULL,                   eay_sha1_hashlen,
                NULL, },
                NULL,                   NULL,
                NULL,                   eay_sha1_hashlen,
                NULL, },
+#ifdef HAVE_OPENSSL
 { "kpdk",      algtype_kpdk,           IPSECDOI_ATTR_AUTH_KPDK,
                NULL,                   NULL,
                NULL,                   eay_kpdk_hashlen,
                NULL, },
 { "kpdk",      algtype_kpdk,           IPSECDOI_ATTR_AUTH_KPDK,
                NULL,                   NULL,
                NULL,                   eay_kpdk_hashlen,
                NULL, },
+#endif
 { "null",      algtype_non_auth,       IPSECDOI_ATTR_AUTH_NONE,
                NULL,                   NULL,
                NULL,                   eay_null_hashlen,
 { "null",      algtype_non_auth,       IPSECDOI_ATTR_AUTH_NONE,
                NULL,                   NULL,
                NULL,                   eay_null_hashlen,
@@ -213,22 +223,46 @@ static struct misc_algorithm ipsec_compdef[] = {
 { "lzs",       algtype_lzs,            IPSECDOI_IPCOMP_LZS, },
 };
 
 { "lzs",       algtype_lzs,            IPSECDOI_IPCOMP_LZS, },
 };
 
+/*
+ * In case of asymetric modes (hybrid xauth), what's racoon mode of
+ * operations ; it seems that the proposal should always use the
+ * initiator half (unless a server initiates a connection, which is
+ * not handled, and probably not useful).
+ */
 static struct misc_algorithm oakley_authdef[] = {
 static struct misc_algorithm oakley_authdef[] = {
-{ "pre_shared_key",    algtype_psk,            OAKLEY_ATTR_AUTH_METHOD_PSKEY, },
-{ "dsssig",    algtype_dsssig,         OAKLEY_ATTR_AUTH_METHOD_DSSSIG, },
-{ "rsasig",    algtype_rsasig,         OAKLEY_ATTR_AUTH_METHOD_RSASIG, },
-{ "rsaenc",    algtype_rsaenc,         OAKLEY_ATTR_AUTH_METHOD_RSAENC, },
-{ "rsarev",    algtype_rsarev,         OAKLEY_ATTR_AUTH_METHOD_RSAREV, },
-{ "gssapi_krb",        algtype_gssapikrb,      OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, },
+{ "pre_shared_key",    algtype_psk,    OAKLEY_ATTR_AUTH_METHOD_PSKEY, },
+{ "dsssig",            algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, },
+{ "rsasig",            algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, },
+{ "rsaenc",            algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, },
+{ "rsarev",            algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, },
+
+{ "gssapi_krb",                algtype_gssapikrb,
+    OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, },
+
 #ifdef ENABLE_HYBRID
 #ifdef ENABLE_HYBRID
-{ "hybrid_rsa_server",        algtype_hybrid_rsa_s,
-       OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, },
-{ "hybrid_dss_server",        algtype_hybrid_dss_s,
-       OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, },
-{ "hybrid_rsa_client",        algtype_hybrid_rsa_c,
-       OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, },
-{ "hybrid_dss_client",        algtype_hybrid_dss_c,
-       OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, },
+{ "hybrid_rsa_server", algtype_hybrid_rsa_s,   
+    OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, },
+
+{ "hybrid_dss_server", algtype_hybrid_dss_s,   
+    OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, },
+
+{ "xauth_psk_server",  algtype_xauth_psk_s,    
+    OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R, },
+
+{ "xauth_rsa_server",  algtype_xauth_rsa_s,    
+    OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R, },
+
+{ "hybrid_rsa_client", algtype_hybrid_rsa_c,   
+    OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, },
+
+{ "hybrid_dss_client", algtype_hybrid_dss_c,   
+    OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, },
+
+{ "xauth_psk_client",  algtype_xauth_psk_c,    
+    OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I, },
+
+{ "xauth_rsa_client",  algtype_xauth_rsa_c,    
+    OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, },
 #endif
 };
 
 #endif
 };
 
@@ -394,7 +428,7 @@ alg_oakley_hmacdef_one(doi, key, buf)
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
-       syslog(LOG_NOTICE, "%s(%s size=%d): %8.6f", __func__,
+       syslog(LOG_NOTICE, "%s(%s size=%zu): %8.6f", __func__,
                f->name, buf->l, timedelta(&start, &end));
 #endif
 
                f->name, buf->l, timedelta(&start, &end));
 #endif
 
@@ -506,7 +540,7 @@ alg_oakley_encdef_decrypt(doi, buf, key, iv)
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
-       syslog(LOG_NOTICE, "%s(%s klen=%d size=%d): %8.6f", __func__,
+       syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
                f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
        return res;
                f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
        return res;
@@ -535,7 +569,7 @@ alg_oakley_encdef_encrypt(doi, buf, key, iv)
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
-       syslog(LOG_NOTICE, "%s(%s klen=%d size=%d): %8.6f", __func__,
+       syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
                f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
        return res;
                f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
        return res;
@@ -594,7 +628,7 @@ alg_ipsec_hmacdef(doi)
        for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
                if (doi == ipsec_hmacdef[i].doi) {
                        plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
        for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
                if (doi == ipsec_hmacdef[i].doi) {
                        plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
-                               oakley_hmacdef[i].name);
+                               ipsec_hmacdef[i].name);
                        return &ipsec_hmacdef[i];
                }
        return NULL;
                        return &ipsec_hmacdef[i];
                }
        return NULL;
mirror of ipsec