ipsec-317.220.1.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / algorithm.c

diff --git a/ipsec-tools/racoon/algorithm.c b/ipsec-tools/racoon/algorithm.c
index 3440fc31e474694a7b24023440399bc086a525c7..4aaa0eaebe9291a9d7e1760360182c0fb12e5529 100644 (file)
--- a/ipsec-tools/racoon/algorithm.c
+++ b/ipsec-tools/racoon/algorithm.c
@@ -75,12 +75,13 @@ static struct hash_algorithm oakley_hashdef[] = {
 #endif
 };
 
+
 static struct hmac_algorithm oakley_hmacdef[] = {
-{ "hmac_md5",  algtype_md5,            OAKLEY_ATTR_HASH_ALG_MD5,
+{ "hmac_md5",  algtype_hmac_md5_128,       OAKLEY_ATTR_HASH_ALG_MD5,
                eay_hmacmd5_init,       eay_hmacmd5_update,
                eay_hmacmd5_final,      NULL,
                eay_hmacmd5_one, },
-{ "hmac_sha1", algtype_sha1,           OAKLEY_ATTR_HASH_ALG_SHA,
+{ "hmac_sha1", algtype_hmac_sha1_160,          OAKLEY_ATTR_HASH_ALG_SHA,
                eay_hmacsha1_init,      eay_hmacsha1_update,
                eay_hmacsha1_final,     NULL,
                eay_hmacsha1_one, },
@@ -101,33 +102,16 @@ static struct hmac_algorithm oakley_hmacdef[] = {
 };
 
 static struct enc_algorithm oakley_encdef[] = {
-{ "des",       algtype_des,            OAKLEY_ATTR_ENC_ALG_DES,        8,
+{ "des",       algtype_des,            OAKLEY_ATTR_ENC_ALG_DES,
+        8,
                eay_des_encrypt,        eay_des_decrypt,
                eay_des_weakkey,        eay_des_keylen, },
-#ifdef HAVE_OPENSSL
-#ifdef HAVE_OPENSSL_IDEA_H
-{ "idea",      algtype_idea,           OAKLEY_ATTR_ENC_ALG_IDEA,       8,
-               eay_idea_encrypt,       eay_idea_decrypt,
-               eay_idea_weakkey,       eay_idea_keylen, },
-#endif
-{ "blowfish",  algtype_blowfish,       OAKLEY_ATTR_ENC_ALG_BLOWFISH,   8,
-               eay_bf_encrypt,         eay_bf_decrypt,
-               eay_bf_weakkey,         eay_bf_keylen, },
-#ifdef HAVE_OPENSSL_RC5_H
-{ "rc5",       algtype_rc5,            OAKLEY_ATTR_ENC_ALG_RC5,        8,
-               eay_rc5_encrypt,        eay_rc5_decrypt,
-               eay_rc5_weakkey,        eay_rc5_keylen, },
-#endif
-#endif
-{ "3des",      algtype_3des,           OAKLEY_ATTR_ENC_ALG_3DES,       8,
+{ "3des",      algtype_3des,           OAKLEY_ATTR_ENC_ALG_3DES,
+        8,
                eay_3des_encrypt,       eay_3des_decrypt,
                eay_3des_weakkey,       eay_3des_keylen, },
-#ifdef HAVE_OPENSSL
-{ "cast",      algtype_cast128,        OAKLEY_ATTR_ENC_ALG_CAST,       8,
-               eay_cast_encrypt,       eay_cast_decrypt,
-               eay_cast_weakkey,       eay_cast_keylen, },
-#endif
-{ "aes",       algtype_aes,    OAKLEY_ATTR_ENC_ALG_AES,        16,
+{ "aes",       algtype_aes,    OAKLEY_ATTR_ENC_ALG_AES,
+        16,
                eay_aes_encrypt,        eay_aes_decrypt,
                eay_aes_weakkey,        eay_aes_keylen, },
 };
@@ -142,19 +126,6 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "3des",      algtype_3des,           IPSECDOI_ESP_3DES,              8,
                NULL,                   NULL,
                NULL,                   eay_3des_keylen, },
-#ifdef HAVE_OPENSSL
-#ifdef HAVE_OPENSSL_RC5_H
-{ "rc5",       algtype_rc5,            IPSECDOI_ESP_RC5,               8,
-               NULL,                   NULL,
-               NULL,                   eay_rc5_keylen, },
-#endif
-{ "cast",      algtype_cast128,        IPSECDOI_ESP_CAST,              8,
-               NULL,                   NULL,
-               NULL,                   eay_cast_keylen, },
-{ "blowfish",  algtype_blowfish,       IPSECDOI_ESP_BLOWFISH,          8,
-               NULL,                   NULL,
-               NULL,                   eay_bf_keylen, },
-#endif
 { "des-iv32",  algtype_des_iv32,       IPSECDOI_ESP_DES_IV32,          8,
                NULL,                   NULL,
                NULL,                   eay_des_keylen, },
@@ -164,41 +135,27 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "aes",       algtype_aes,            IPSECDOI_ESP_AES,               16,
                NULL,                   NULL,
                NULL,                   eay_aes_keylen, },
-#ifdef HAVE_OPENSSL
-{ "twofish",   algtype_twofish,        IPSECDOI_ESP_TWOFISH,           16,
-               NULL,                   NULL,
-               NULL,                   eay_twofish_keylen, },
-#ifdef HAVE_OPENSSL_IDEA_H
-{ "3idea",     algtype_3idea,          IPSECDOI_ESP_3IDEA,             8,
-               NULL,                   NULL,
-               NULL,                   NULL, },
-{ "idea",      algtype_idea,           IPSECDOI_ESP_IDEA,              8,
-               NULL,                   NULL,
-               NULL,                   NULL, },
-#endif
-{ "rc4",       algtype_rc4,            IPSECDOI_ESP_RC4,               8,
-               NULL,                   NULL,
-               NULL,                   NULL, },
-#endif
 };
 
 static struct hmac_algorithm ipsec_hmacdef[] = {
-{ "md5",       algtype_hmac_md5,       IPSECDOI_ATTR_AUTH_HMAC_MD5,
+{ "hmac_md5_96",       algtype_hmac_md5_96,    IPSECDOI_ATTR_AUTH_HMAC_MD5_96,
                NULL,                   NULL,
                NULL,                   eay_md5_hashlen,
                NULL, },
-{ "sha1",      algtype_hmac_sha1,      IPSECDOI_ATTR_AUTH_HMAC_SHA1,
+{ "hmac_sha1_96",      algtype_hmac_sha1_96,   IPSECDOI_ATTR_AUTH_HMAC_SHA1_96,
                NULL,                   NULL,
                NULL,                   eay_sha1_hashlen,
                NULL, },
-#ifdef HAVE_OPENSSL
-{ "kpdk",      algtype_kpdk,           IPSECDOI_ATTR_AUTH_KPDK,
+{ "md5",       algtype_hmac_md5_128,   IPSECDOI_ATTR_AUTH_HMAC_MD5,
                NULL,                   NULL,
-               NULL,                   eay_kpdk_hashlen,
+               NULL,                   eay_md5_hashlen,
                NULL, },
-#endif
-{ "null",      algtype_non_auth,       IPSECDOI_ATTR_AUTH_NONE,
+{ "sha1",      algtype_hmac_sha1_160,  IPSECDOI_ATTR_AUTH_HMAC_SHA1,
                NULL,                   NULL,
+               NULL,                   eay_sha1_hashlen,
+               NULL, },
+{ "null",      algtype_non_auth,       IPSECDOI_ATTR_AUTH_NONE,
+        NULL,                  NULL,
                NULL,                   eay_null_hashlen,
                NULL, },
 #ifdef WITH_SHA2
@@ -207,7 +164,7 @@ static struct hmac_algorithm ipsec_hmacdef[] = {
                NULL,                   eay_sha2_256_hashlen,
                NULL, },
 { "hmac_sha2_384",     algtype_hmac_sha2_384,IPSECDOI_ATTR_AUTH_HMAC_SHA2_384,
-               NULL,                   NULL,
+        NULL,                  NULL,
                NULL,                   eay_sha2_384_hashlen,
                NULL, },
 { "hmac_sha2_512",     algtype_hmac_sha2_512,IPSECDOI_ATTR_AUTH_HMAC_SHA2_512,
@@ -263,6 +220,12 @@ static struct misc_algorithm oakley_authdef[] = {
 
 { "xauth_rsa_client",  algtype_xauth_rsa_c,    
     OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, },
+    
+{ "eap_psk_client", algtype_eap_psk_c,
+    OAKLEY_ATTR_AUTH_METHOD_EAP_PSKEY_I, },
+    
+{ "eap_rsa_client", algtype_eap_rsa_c,
+    OAKLEY_ATTR_AUTH_METHOD_EAP_RSASIG_I, },
 #endif
 };
 
@@ -285,12 +248,12 @@ static struct dh_algorithm oakley_dhdef[] = {
                &dh_modp8192, },
 };
 
-static struct hash_algorithm *alg_oakley_hashdef __P((int));
-static struct hmac_algorithm *alg_oakley_hmacdef __P((int));
-static struct enc_algorithm *alg_oakley_encdef __P((int));
-static struct enc_algorithm *alg_ipsec_encdef __P((int));
-static struct hmac_algorithm *alg_ipsec_hmacdef __P((int));
-static struct dh_algorithm *alg_oakley_dhdef __P((int));
+static struct hash_algorithm *alg_oakley_hashdef (int);
+static struct hmac_algorithm *alg_oakley_hmacdef (int);
+static struct enc_algorithm *alg_oakley_encdef (int);
+static struct enc_algorithm *alg_ipsec_encdef (int);
+static struct hmac_algorithm *alg_ipsec_hmacdef (int);
+static struct dh_algorithm *alg_oakley_dhdef (int);
 
 /* oakley hash algorithm */
 static struct hash_algorithm *
@@ -301,7 +264,7 @@ alg_oakley_hashdef(doi)
 
        for (i = 0; i < ARRAYLEN(oakley_hashdef); i++)
                if (doi == oakley_hashdef[i].doi) {
-                       plog(LLV_DEBUG, LOCATION, NULL, "hash(%s)\n",
+                       plog(ASL_LEVEL_DEBUG, "hash(%s)\n",
                                oakley_hashdef[i].name);
                        return &oakley_hashdef[i];
                }
@@ -384,7 +347,7 @@ alg_oakley_hmacdef(doi)
 
        for (i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
                if (doi == oakley_hmacdef[i].doi) {
-                       plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
+                       plog(ASL_LEVEL_DEBUG, "hmac(%s)\n",
                                oakley_hmacdef[i].name);
                        return &oakley_hmacdef[i];
                }
@@ -428,7 +391,7 @@ alg_oakley_hmacdef_one(doi, key, buf)
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
-       syslog(LOG_NOTICE, "%s(%s size=%zu): %8.6f", __func__,
+       plog(ASL_LEVEL_NOTICE, "%s(%s size=%zu): %8.6f", __func__,
                f->name, buf->l, timedelta(&start, &end));
 #endif
 
@@ -444,7 +407,7 @@ alg_oakley_encdef(doi)
 
        for (i = 0; i < ARRAYLEN(oakley_encdef); i++)
                if (doi == oakley_encdef[i].doi) {
-                       plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
+                       plog(ASL_LEVEL_DEBUG, "encryption(%s)\n",
                                oakley_encdef[i].name);
                        return &oakley_encdef[i];
                }
@@ -540,7 +503,7 @@ alg_oakley_encdef_decrypt(doi, buf, key, iv)
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
-       syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
+       plog(ASL_LEVEL_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
                f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
        return res;
@@ -569,7 +532,7 @@ alg_oakley_encdef_encrypt(doi, buf, key, iv)
 
 #ifdef ENABLE_STATS
        gettimeofday(&end, NULL);
-       syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
+       plog(ASL_LEVEL_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
                f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
        return res;
@@ -584,7 +547,7 @@ alg_ipsec_encdef(doi)
 
        for (i = 0; i < ARRAYLEN(ipsec_encdef); i++)
                if (doi == ipsec_encdef[i].doi) {
-                       plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
+                       plog(ASL_LEVEL_DEBUG, "encryption(%s)\n",
                                ipsec_encdef[i].name);
                        return &ipsec_encdef[i];
                }
@@ -627,7 +590,7 @@ alg_ipsec_hmacdef(doi)
 
        for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
                if (doi == ipsec_hmacdef[i].doi) {
-                       plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
+                       plog(ASL_LEVEL_DEBUG, "hmac(%s)\n",
                                ipsec_hmacdef[i].name);
                        return &ipsec_hmacdef[i];
                }
@@ -685,7 +648,7 @@ alg_oakley_dhdef(doi)
 
        for (i = 0; i < ARRAYLEN(oakley_dhdef); i++)
                if (doi == oakley_dhdef[i].doi) {
-                       plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
+                       plog(ASL_LEVEL_DEBUG, "hmac(%s)\n",
                                oakley_dhdef[i].name);
                        return &oakley_dhdef[i];
                }
@@ -820,8 +783,8 @@ check_keylen(class, type, len)
                break;
        default:
                /* unknown class, punt */
-               plog(LLV_ERROR, LOCATION, NULL,
-                       "unknown algclass %d\n", class);
+               plog(ASL_LEVEL_ERR, 
+                       "unknown algorithm class %d\n", class);
                return -1;
        }
 
@@ -833,7 +796,7 @@ check_keylen(class, type, len)
        case algtype_aes:
        case algtype_twofish:
                if (len % 8 != 0) {
-                       plog(LLV_ERROR, LOCATION, NULL,
+                       plog(ASL_LEVEL_ERR, 
                                "key length %d is not multiple of 8\n", len);
                        return -1;
                }
@@ -865,14 +828,14 @@ check_keylen(class, type, len)
                break;
        default:
                if (len) {
-                       plog(LLV_ERROR, LOCATION, NULL,
+                       plog(ASL_LEVEL_ERR, 
                                "key length is not allowed");
                        return -1;
                }
                break;
        }
        if (badrange) {
-               plog(LLV_ERROR, LOCATION, NULL,
+               plog(ASL_LEVEL_ERR, 
                        "key length out of range\n");
                return -1;
        }