X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/52b7d2ce06d68d0a9160d16f6e7c08c21c149d0d..ed5ea7fc1f63ae1e11ea74854408b785d896577f:/ipsec-tools/racoon/algorithm.c?ds=inline diff --git a/ipsec-tools/racoon/algorithm.c b/ipsec-tools/racoon/algorithm.c index 1af0150..3440fc3 100644 --- a/ipsec-tools/racoon/algorithm.c +++ b/ipsec-tools/racoon/algorithm.c @@ -104,6 +104,7 @@ static struct enc_algorithm oakley_encdef[] = { { "des", algtype_des, OAKLEY_ATTR_ENC_ALG_DES, 8, eay_des_encrypt, eay_des_decrypt, eay_des_weakkey, eay_des_keylen, }, +#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL_IDEA_H { "idea", algtype_idea, OAKLEY_ATTR_ENC_ALG_IDEA, 8, eay_idea_encrypt, eay_idea_decrypt, @@ -117,12 +118,15 @@ static struct enc_algorithm oakley_encdef[] = { eay_rc5_encrypt, eay_rc5_decrypt, eay_rc5_weakkey, eay_rc5_keylen, }, #endif +#endif { "3des", algtype_3des, OAKLEY_ATTR_ENC_ALG_3DES, 8, eay_3des_encrypt, eay_3des_decrypt, eay_3des_weakkey, eay_3des_keylen, }, +#ifdef HAVE_OPENSSL { "cast", algtype_cast128, OAKLEY_ATTR_ENC_ALG_CAST, 8, eay_cast_encrypt, eay_cast_decrypt, eay_cast_weakkey, eay_cast_keylen, }, +#endif { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16, eay_aes_encrypt, eay_aes_decrypt, eay_aes_weakkey, eay_aes_keylen, }, @@ -138,6 +142,7 @@ static struct enc_algorithm ipsec_encdef[] = { { "3des", algtype_3des, IPSECDOI_ESP_3DES, 8, NULL, NULL, NULL, eay_3des_keylen, }, +#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL_RC5_H { "rc5", algtype_rc5, IPSECDOI_ESP_RC5, 8, NULL, NULL, @@ -149,6 +154,7 @@ static struct enc_algorithm ipsec_encdef[] = { { "blowfish", algtype_blowfish, IPSECDOI_ESP_BLOWFISH, 8, NULL, NULL, NULL, eay_bf_keylen, }, +#endif { "des-iv32", algtype_des_iv32, IPSECDOI_ESP_DES_IV32, 8, NULL, NULL, NULL, eay_des_keylen, }, @@ -158,6 +164,7 @@ static struct enc_algorithm ipsec_encdef[] = { { "aes", algtype_aes, IPSECDOI_ESP_AES, 16, NULL, NULL, NULL, eay_aes_keylen, }, +#ifdef HAVE_OPENSSL { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16, NULL, NULL, NULL, eay_twofish_keylen, }, @@ -172,6 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = { { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8, NULL, NULL, NULL, NULL, }, +#endif }; static struct hmac_algorithm ipsec_hmacdef[] = { @@ -183,10 +191,12 @@ static struct hmac_algorithm ipsec_hmacdef[] = { NULL, NULL, NULL, eay_sha1_hashlen, NULL, }, +#ifdef HAVE_OPENSSL { "kpdk", algtype_kpdk, IPSECDOI_ATTR_AUTH_KPDK, NULL, NULL, NULL, eay_kpdk_hashlen, NULL, }, +#endif { "null", algtype_non_auth, IPSECDOI_ATTR_AUTH_NONE, NULL, NULL, NULL, eay_null_hashlen, @@ -213,22 +223,46 @@ static struct misc_algorithm ipsec_compdef[] = { { "lzs", algtype_lzs, IPSECDOI_IPCOMP_LZS, }, }; +/* + * In case of asymetric modes (hybrid xauth), what's racoon mode of + * operations ; it seems that the proposal should always use the + * initiator half (unless a server initiates a connection, which is + * not handled, and probably not useful). + */ static struct misc_algorithm oakley_authdef[] = { -{ "pre_shared_key", algtype_psk, OAKLEY_ATTR_AUTH_METHOD_PSKEY, }, -{ "dsssig", algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, }, -{ "rsasig", algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, }, -{ "rsaenc", algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, }, -{ "rsarev", algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, }, -{ "gssapi_krb", algtype_gssapikrb, OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, }, +{ "pre_shared_key", algtype_psk, OAKLEY_ATTR_AUTH_METHOD_PSKEY, }, +{ "dsssig", algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, }, +{ "rsasig", algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, }, +{ "rsaenc", algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, }, +{ "rsarev", algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, }, + +{ "gssapi_krb", algtype_gssapikrb, + OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, }, + #ifdef ENABLE_HYBRID -{ "hybrid_rsa_server", algtype_hybrid_rsa_s, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, }, -{ "hybrid_dss_server", algtype_hybrid_dss_s, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, }, -{ "hybrid_rsa_client", algtype_hybrid_rsa_c, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, }, -{ "hybrid_dss_client", algtype_hybrid_dss_c, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, }, +{ "hybrid_rsa_server", algtype_hybrid_rsa_s, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, }, + +{ "hybrid_dss_server", algtype_hybrid_dss_s, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, }, + +{ "xauth_psk_server", algtype_xauth_psk_s, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R, }, + +{ "xauth_rsa_server", algtype_xauth_rsa_s, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R, }, + +{ "hybrid_rsa_client", algtype_hybrid_rsa_c, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, }, + +{ "hybrid_dss_client", algtype_hybrid_dss_c, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, }, + +{ "xauth_psk_client", algtype_xauth_psk_c, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I, }, + +{ "xauth_rsa_client", algtype_xauth_rsa_c, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, }, #endif }; @@ -394,7 +428,7 @@ alg_oakley_hmacdef_one(doi, key, buf) #ifdef ENABLE_STATS gettimeofday(&end, NULL); - syslog(LOG_NOTICE, "%s(%s size=%d): %8.6f", __func__, + syslog(LOG_NOTICE, "%s(%s size=%zu): %8.6f", __func__, f->name, buf->l, timedelta(&start, &end)); #endif @@ -506,7 +540,7 @@ alg_oakley_encdef_decrypt(doi, buf, key, iv) #ifdef ENABLE_STATS gettimeofday(&end, NULL); - syslog(LOG_NOTICE, "%s(%s klen=%d size=%d): %8.6f", __func__, + syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__, f->name, key->l << 3, buf->l, timedelta(&start, &end)); #endif return res; @@ -535,7 +569,7 @@ alg_oakley_encdef_encrypt(doi, buf, key, iv) #ifdef ENABLE_STATS gettimeofday(&end, NULL); - syslog(LOG_NOTICE, "%s(%s klen=%d size=%d): %8.6f", __func__, + syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__, f->name, key->l << 3, buf->l, timedelta(&start, &end)); #endif return res; @@ -594,7 +628,7 @@ alg_ipsec_hmacdef(doi) for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++) if (doi == ipsec_hmacdef[i].doi) { plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n", - oakley_hmacdef[i].name); + ipsec_hmacdef[i].name); return &ipsec_hmacdef[i]; } return NULL;