X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/52b7d2ce06d68d0a9160d16f6e7c08c21c149d0d..fce29cd989a6ce7aa0e28bd9ade0752be16cb893:/ipsec-tools/racoon/algorithm.c?ds=sidebyside diff --git a/ipsec-tools/racoon/algorithm.c b/ipsec-tools/racoon/algorithm.c index 1af0150..1fdd9e7 100644 --- a/ipsec-tools/racoon/algorithm.c +++ b/ipsec-tools/racoon/algorithm.c @@ -213,22 +213,46 @@ static struct misc_algorithm ipsec_compdef[] = { { "lzs", algtype_lzs, IPSECDOI_IPCOMP_LZS, }, }; +/* + * In case of asymetric modes (hybrid xauth), what's racoon mode of + * operations ; it seems that the proposal should always use the + * initiator half (unless a server initiates a connection, which is + * not handled, and probably not useful). + */ static struct misc_algorithm oakley_authdef[] = { -{ "pre_shared_key", algtype_psk, OAKLEY_ATTR_AUTH_METHOD_PSKEY, }, -{ "dsssig", algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, }, -{ "rsasig", algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, }, -{ "rsaenc", algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, }, -{ "rsarev", algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, }, -{ "gssapi_krb", algtype_gssapikrb, OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, }, +{ "pre_shared_key", algtype_psk, OAKLEY_ATTR_AUTH_METHOD_PSKEY, }, +{ "dsssig", algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, }, +{ "rsasig", algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, }, +{ "rsaenc", algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, }, +{ "rsarev", algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, }, + +{ "gssapi_krb", algtype_gssapikrb, + OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, }, + #ifdef ENABLE_HYBRID -{ "hybrid_rsa_server", algtype_hybrid_rsa_s, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, }, -{ "hybrid_dss_server", algtype_hybrid_dss_s, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, }, -{ "hybrid_rsa_client", algtype_hybrid_rsa_c, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, }, -{ "hybrid_dss_client", algtype_hybrid_dss_c, - OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, }, +{ "hybrid_rsa_server", algtype_hybrid_rsa_s, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, }, + +{ "hybrid_dss_server", algtype_hybrid_dss_s, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, }, + +{ "xauth_psk_server", algtype_xauth_psk_s, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R, }, + +{ "xauth_rsa_server", algtype_xauth_rsa_s, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R, }, + +{ "hybrid_rsa_client", algtype_hybrid_rsa_c, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, }, + +{ "hybrid_dss_client", algtype_hybrid_dss_c, + OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, }, + +{ "xauth_psk_client", algtype_xauth_psk_c, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I, }, + +{ "xauth_rsa_client", algtype_xauth_rsa_c, + OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, }, #endif }; @@ -394,7 +418,7 @@ alg_oakley_hmacdef_one(doi, key, buf) #ifdef ENABLE_STATS gettimeofday(&end, NULL); - syslog(LOG_NOTICE, "%s(%s size=%d): %8.6f", __func__, + syslog(LOG_NOTICE, "%s(%s size=%zu): %8.6f", __func__, f->name, buf->l, timedelta(&start, &end)); #endif @@ -506,7 +530,7 @@ alg_oakley_encdef_decrypt(doi, buf, key, iv) #ifdef ENABLE_STATS gettimeofday(&end, NULL); - syslog(LOG_NOTICE, "%s(%s klen=%d size=%d): %8.6f", __func__, + syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__, f->name, key->l << 3, buf->l, timedelta(&start, &end)); #endif return res; @@ -535,7 +559,7 @@ alg_oakley_encdef_encrypt(doi, buf, key, iv) #ifdef ENABLE_STATS gettimeofday(&end, NULL); - syslog(LOG_NOTICE, "%s(%s klen=%d size=%d): %8.6f", __func__, + syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__, f->name, key->l << 3, buf->l, timedelta(&start, &end)); #endif return res; @@ -594,7 +618,7 @@ alg_ipsec_hmacdef(doi) for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++) if (doi == ipsec_hmacdef[i].doi) { plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n", - oakley_hmacdef[i].name); + ipsec_hmacdef[i].name); return &ipsec_hmacdef[i]; } return NULL;