X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/e8d9021d008d9729f3dfcdc16bb03a990513b007..e627a751fc4d26304657fc20440abb72632b1e6e:/ipsec-tools/racoon/algorithm.c

diff --git a/ipsec-tools/racoon/algorithm.c b/ipsec-tools/racoon/algorithm.c
index 3440fc3..4aaa0ea 100644
--- a/ipsec-tools/racoon/algorithm.c
+++ b/ipsec-tools/racoon/algorithm.c
@@ -75,12 +75,13 @@ static struct hash_algorithm oakley_hashdef[] = {
 #endif
 };
 
+
 static struct hmac_algorithm oakley_hmacdef[] = {
-{ "hmac_md5",	algtype_md5,		OAKLEY_ATTR_HASH_ALG_MD5,
+{ "hmac_md5",	algtype_hmac_md5_128,       OAKLEY_ATTR_HASH_ALG_MD5,
 		eay_hmacmd5_init,	eay_hmacmd5_update,
 		eay_hmacmd5_final,	NULL,
 		eay_hmacmd5_one, },
-{ "hmac_sha1",	algtype_sha1,		OAKLEY_ATTR_HASH_ALG_SHA,
+{ "hmac_sha1",	algtype_hmac_sha1_160,		OAKLEY_ATTR_HASH_ALG_SHA,
 		eay_hmacsha1_init,	eay_hmacsha1_update,
 		eay_hmacsha1_final,	NULL,
 		eay_hmacsha1_one, },
@@ -101,33 +102,16 @@ static struct hmac_algorithm oakley_hmacdef[] = {
 };
 
 static struct enc_algorithm oakley_encdef[] = {
-{ "des",	algtype_des,		OAKLEY_ATTR_ENC_ALG_DES,	8,
+{ "des",	algtype_des,		OAKLEY_ATTR_ENC_ALG_DES,
+        8,
 		eay_des_encrypt,	eay_des_decrypt,
 		eay_des_weakkey,	eay_des_keylen, },
-#ifdef HAVE_OPENSSL
-#ifdef HAVE_OPENSSL_IDEA_H
-{ "idea",	algtype_idea,		OAKLEY_ATTR_ENC_ALG_IDEA,	8,
-		eay_idea_encrypt,	eay_idea_decrypt,
-		eay_idea_weakkey,	eay_idea_keylen, },
-#endif
-{ "blowfish",	algtype_blowfish,	OAKLEY_ATTR_ENC_ALG_BLOWFISH,	8,
-		eay_bf_encrypt,		eay_bf_decrypt,
-		eay_bf_weakkey,		eay_bf_keylen, },
-#ifdef HAVE_OPENSSL_RC5_H
-{ "rc5",	algtype_rc5,		OAKLEY_ATTR_ENC_ALG_RC5,	8,
-		eay_rc5_encrypt,	eay_rc5_decrypt,
-		eay_rc5_weakkey,	eay_rc5_keylen, },
-#endif
-#endif
-{ "3des",	algtype_3des,		OAKLEY_ATTR_ENC_ALG_3DES,	8,
+{ "3des",	algtype_3des,		OAKLEY_ATTR_ENC_ALG_3DES,
+        8,
 		eay_3des_encrypt,	eay_3des_decrypt,
 		eay_3des_weakkey,	eay_3des_keylen, },
-#ifdef HAVE_OPENSSL
-{ "cast",	algtype_cast128,	OAKLEY_ATTR_ENC_ALG_CAST,	8,
-		eay_cast_encrypt,	eay_cast_decrypt,
-		eay_cast_weakkey,	eay_cast_keylen, },
-#endif
-{ "aes",	algtype_aes,	OAKLEY_ATTR_ENC_ALG_AES,	16,
+{ "aes",	algtype_aes,	OAKLEY_ATTR_ENC_ALG_AES,
+        16,
 		eay_aes_encrypt,	eay_aes_decrypt,
 		eay_aes_weakkey,	eay_aes_keylen, },
 };
@@ -142,19 +126,6 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "3des",	algtype_3des,		IPSECDOI_ESP_3DES,		8,
 		NULL,			NULL,
 		NULL,			eay_3des_keylen, },
-#ifdef HAVE_OPENSSL
-#ifdef HAVE_OPENSSL_RC5_H
-{ "rc5",	algtype_rc5,		IPSECDOI_ESP_RC5,		8,
-		NULL,			NULL,
-		NULL,			eay_rc5_keylen, },
-#endif
-{ "cast",	algtype_cast128,	IPSECDOI_ESP_CAST,		8,
-		NULL,			NULL,
-		NULL,			eay_cast_keylen, },
-{ "blowfish",	algtype_blowfish,	IPSECDOI_ESP_BLOWFISH,		8,
-		NULL,			NULL,
-		NULL,			eay_bf_keylen, },
-#endif
 { "des-iv32",	algtype_des_iv32,	IPSECDOI_ESP_DES_IV32,		8,
 		NULL,			NULL,
 		NULL,			eay_des_keylen, },
@@ -164,41 +135,27 @@ static struct enc_algorithm ipsec_encdef[] = {
 { "aes",	algtype_aes,		IPSECDOI_ESP_AES,		16,
 		NULL,			NULL,
 		NULL,			eay_aes_keylen, },
-#ifdef HAVE_OPENSSL
-{ "twofish",	algtype_twofish,	IPSECDOI_ESP_TWOFISH,		16,
-		NULL,			NULL,
-		NULL,			eay_twofish_keylen, },
-#ifdef HAVE_OPENSSL_IDEA_H
-{ "3idea",	algtype_3idea,		IPSECDOI_ESP_3IDEA,		8,
-		NULL,			NULL,
-		NULL,			NULL, },
-{ "idea",	algtype_idea,		IPSECDOI_ESP_IDEA,		8,
-		NULL,			NULL,
-		NULL,			NULL, },
-#endif
-{ "rc4",	algtype_rc4,		IPSECDOI_ESP_RC4,		8,
-		NULL,			NULL,
-		NULL,			NULL, },
-#endif
 };
 
 static struct hmac_algorithm ipsec_hmacdef[] = {
-{ "md5",	algtype_hmac_md5,	IPSECDOI_ATTR_AUTH_HMAC_MD5,
+{ "hmac_md5_96",	algtype_hmac_md5_96,	IPSECDOI_ATTR_AUTH_HMAC_MD5_96,
 		NULL,			NULL,
 		NULL,			eay_md5_hashlen,
 		NULL, },
-{ "sha1",	algtype_hmac_sha1,	IPSECDOI_ATTR_AUTH_HMAC_SHA1,
+{ "hmac_sha1_96",	algtype_hmac_sha1_96,	IPSECDOI_ATTR_AUTH_HMAC_SHA1_96,
 		NULL,			NULL,
 		NULL,			eay_sha1_hashlen,
 		NULL, },
-#ifdef HAVE_OPENSSL
-{ "kpdk",	algtype_kpdk,		IPSECDOI_ATTR_AUTH_KPDK,
+{ "md5",	algtype_hmac_md5_128,	IPSECDOI_ATTR_AUTH_HMAC_MD5,
 		NULL,			NULL,
-		NULL,			eay_kpdk_hashlen,
+		NULL,			eay_md5_hashlen,
 		NULL, },
-#endif
-{ "null",	algtype_non_auth,	IPSECDOI_ATTR_AUTH_NONE,
+{ "sha1",	algtype_hmac_sha1_160,	IPSECDOI_ATTR_AUTH_HMAC_SHA1,
 		NULL,			NULL,
+		NULL,			eay_sha1_hashlen,
+		NULL, },
+{ "null",	algtype_non_auth,	IPSECDOI_ATTR_AUTH_NONE,
+        NULL,			NULL,
 		NULL,			eay_null_hashlen,
 		NULL, },
 #ifdef WITH_SHA2
@@ -207,7 +164,7 @@ static struct hmac_algorithm ipsec_hmacdef[] = {
 		NULL,			eay_sha2_256_hashlen,
 		NULL, },
 { "hmac_sha2_384",	algtype_hmac_sha2_384,IPSECDOI_ATTR_AUTH_HMAC_SHA2_384,
-		NULL,			NULL,
+        NULL,			NULL,
 		NULL,			eay_sha2_384_hashlen,
 		NULL, },
 { "hmac_sha2_512",	algtype_hmac_sha2_512,IPSECDOI_ATTR_AUTH_HMAC_SHA2_512,
@@ -263,6 +220,12 @@ static struct misc_algorithm oakley_authdef[] = {
 
 { "xauth_rsa_client",	algtype_xauth_rsa_c,	
     OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, },
+    
+{ "eap_psk_client", algtype_eap_psk_c,
+    OAKLEY_ATTR_AUTH_METHOD_EAP_PSKEY_I, },
+    
+{ "eap_rsa_client", algtype_eap_rsa_c,
+    OAKLEY_ATTR_AUTH_METHOD_EAP_RSASIG_I, },
 #endif
 };
 
@@ -285,12 +248,12 @@ static struct dh_algorithm oakley_dhdef[] = {
 		&dh_modp8192, },
 };
 
-static struct hash_algorithm *alg_oakley_hashdef __P((int));
-static struct hmac_algorithm *alg_oakley_hmacdef __P((int));
-static struct enc_algorithm *alg_oakley_encdef __P((int));
-static struct enc_algorithm *alg_ipsec_encdef __P((int));
-static struct hmac_algorithm *alg_ipsec_hmacdef __P((int));
-static struct dh_algorithm *alg_oakley_dhdef __P((int));
+static struct hash_algorithm *alg_oakley_hashdef (int);
+static struct hmac_algorithm *alg_oakley_hmacdef (int);
+static struct enc_algorithm *alg_oakley_encdef (int);
+static struct enc_algorithm *alg_ipsec_encdef (int);
+static struct hmac_algorithm *alg_ipsec_hmacdef (int);
+static struct dh_algorithm *alg_oakley_dhdef (int);
 
 /* oakley hash algorithm */
 static struct hash_algorithm *
@@ -301,7 +264,7 @@ alg_oakley_hashdef(doi)
 
 	for (i = 0; i < ARRAYLEN(oakley_hashdef); i++)
 		if (doi == oakley_hashdef[i].doi) {
-			plog(LLV_DEBUG, LOCATION, NULL, "hash(%s)\n",
+			plog(ASL_LEVEL_DEBUG, "hash(%s)\n",
 				oakley_hashdef[i].name);
 			return &oakley_hashdef[i];
 		}
@@ -384,7 +347,7 @@ alg_oakley_hmacdef(doi)
 
 	for (i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
 		if (doi == oakley_hmacdef[i].doi) {
-			plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
+			plog(ASL_LEVEL_DEBUG, "hmac(%s)\n",
 				oakley_hmacdef[i].name);
 			return &oakley_hmacdef[i];
 		}
@@ -428,7 +391,7 @@ alg_oakley_hmacdef_one(doi, key, buf)
 
 #ifdef ENABLE_STATS
 	gettimeofday(&end, NULL);
-	syslog(LOG_NOTICE, "%s(%s size=%zu): %8.6f", __func__,
+	plog(ASL_LEVEL_NOTICE, "%s(%s size=%zu): %8.6f", __func__,
 		f->name, buf->l, timedelta(&start, &end));
 #endif
 
@@ -444,7 +407,7 @@ alg_oakley_encdef(doi)
 
 	for (i = 0; i < ARRAYLEN(oakley_encdef); i++)
 		if (doi == oakley_encdef[i].doi) {
-			plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
+			plog(ASL_LEVEL_DEBUG, "encryption(%s)\n",
 				oakley_encdef[i].name);
 			return &oakley_encdef[i];
 		}
@@ -540,7 +503,7 @@ alg_oakley_encdef_decrypt(doi, buf, key, iv)
 
 #ifdef ENABLE_STATS
 	gettimeofday(&end, NULL);
-	syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
+	plog(ASL_LEVEL_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
 		f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
 	return res;
@@ -569,7 +532,7 @@ alg_oakley_encdef_encrypt(doi, buf, key, iv)
 
 #ifdef ENABLE_STATS
 	gettimeofday(&end, NULL);
-	syslog(LOG_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
+	plog(ASL_LEVEL_NOTICE, "%s(%s klen=%zu size=%zu): %8.6f", __func__,
 		f->name, key->l << 3, buf->l, timedelta(&start, &end));
 #endif
 	return res;
@@ -584,7 +547,7 @@ alg_ipsec_encdef(doi)
 
 	for (i = 0; i < ARRAYLEN(ipsec_encdef); i++)
 		if (doi == ipsec_encdef[i].doi) {
-			plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
+			plog(ASL_LEVEL_DEBUG, "encryption(%s)\n",
 				ipsec_encdef[i].name);
 			return &ipsec_encdef[i];
 		}
@@ -627,7 +590,7 @@ alg_ipsec_hmacdef(doi)
 
 	for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
 		if (doi == ipsec_hmacdef[i].doi) {
-			plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
+			plog(ASL_LEVEL_DEBUG, "hmac(%s)\n",
 				ipsec_hmacdef[i].name);
 			return &ipsec_hmacdef[i];
 		}
@@ -685,7 +648,7 @@ alg_oakley_dhdef(doi)
 
 	for (i = 0; i < ARRAYLEN(oakley_dhdef); i++)
 		if (doi == oakley_dhdef[i].doi) {
-			plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
+			plog(ASL_LEVEL_DEBUG, "hmac(%s)\n",
 				oakley_dhdef[i].name);
 			return &oakley_dhdef[i];
 		}
@@ -820,8 +783,8 @@ check_keylen(class, type, len)
 		break;
 	default:
 		/* unknown class, punt */
-		plog(LLV_ERROR, LOCATION, NULL,
-			"unknown algclass %d\n", class);
+		plog(ASL_LEVEL_ERR, 
+			"unknown algorithm class %d\n", class);
 		return -1;
 	}
 
@@ -833,7 +796,7 @@ check_keylen(class, type, len)
 	case algtype_aes:
 	case algtype_twofish:
 		if (len % 8 != 0) {
-			plog(LLV_ERROR, LOCATION, NULL,
+			plog(ASL_LEVEL_ERR, 
 				"key length %d is not multiple of 8\n", len);
 			return -1;
 		}
@@ -865,14 +828,14 @@ check_keylen(class, type, len)
 		break;
 	default:
 		if (len) {
-			plog(LLV_ERROR, LOCATION, NULL,
+			plog(ASL_LEVEL_ERR, 
 				"key length is not allowed");
 			return -1;
 		}
 		break;
 	}
 	if (badrange) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"key length out of range\n");
 		return -1;
 	}