2 * Algorithm info parsing and creation functions
3 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
5 * $Id: alg_info.c,v 1.3 2004-08-02 04:35:32 gerg Exp $
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 #include <netinet/in.h>
22 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
32 #include "constants.h"
39 #include "kernel_alg.h"
43 * macros/functions for compilation without pluto (eg: spi for manual conns)
46 #define passert(x) assert(x)
47 extern int debug; /* eg: spi.c */
48 #define DBG(cond, action) { if (debug) { action ; } }
49 #define DBG_log(x, args...) fprintf(stderr, x "\n" , ##args);
50 #define alloc_thing(thing, name) alloc_bytes(sizeof (thing), name)
51 void * alloc_bytes(size_t size, const char *name) {
54 fprintf(stderr, "unable to malloc %lu bytes for %s",
55 (unsigned long) size, name);
56 memset(p, '\0', size);
59 #define pfreeany(ptr) free(ptr)
62 /* sadb/ESP aa attrib converters */
64 alg_info_esp_aa2sadb(int auth)
68 case AUTH_ALGORITHM_HMAC_MD5:
69 case AUTH_ALGORITHM_HMAC_SHA1:
72 case AUTH_ALGORITHM_HMAC_SHA2_256:
73 case AUTH_ALGORITHM_HMAC_SHA2_384:
74 case AUTH_ALGORITHM_HMAC_SHA2_512:
75 case AUTH_ALGORITHM_HMAC_RIPEMD:
85 int /* __attribute__ ((unused)) */
86 alg_info_esp_sadb2aa(int sadb_aalg)
90 case SADB_AALG_MD5HMAC:
91 case SADB_AALG_SHA1HMAC:
94 /* since they are the same ... :) */
95 case AUTH_ALGORITHM_HMAC_SHA2_256:
96 case AUTH_ALGORITHM_HMAC_SHA2_384:
97 case AUTH_ALGORITHM_HMAC_SHA2_512:
98 case AUTH_ALGORITHM_HMAC_RIPEMD:
109 * Search enum_name array with in prefixed uppercase
112 enum_search_prefix (enum_names *ed, const char *prefix, const char *str, int strlength)
117 int len=sizeof(buf)-1; /* reserve space for final \0 */
121 ret=enum_search(ed, buf);
125 * Search enum_name array with in prefixed and postfixed uppercase
128 enum_search_ppfix (enum_names *ed, const char *prefix, const char *postfix, const char *str, int strlength)
133 int len=sizeof(buf)-1; /* reserve space for final \0 */
137 strcat(buf, postfix);
138 DBG(DBG_CRYPT, DBG_log("%s() calling enum_search(%p, \"%s\")",
139 __FUNCTION__, ed, buf));
140 ret=enum_search(ed, buf);
146 * Search enum_name array with in prefixed uppercase
149 enum_search_prefix (enum_names *ed, const char *prefix, const char *str, int strlength)
154 int len=sizeof(buf)-1; /* reserve space for final \0 */
155 for (ptr=buf; *prefix; *ptr++=*prefix++, len--);
156 while (strlength--&&len--&&*str) *ptr++=toupper(*str++);
158 DBG(DBG_CRYPT, DBG_log(__FUNCTION__ "() "
159 "calling enum_search(%p, \"%s\")", ed, buf));
160 ret=enum_search(ed, buf);
164 * Search enum_name array with in prefixed and postfixed uppercase
167 enum_search_ppfix (enum_names *ed, const char *prefix, const char *postfix, const char *str, int strlength)
172 int len=sizeof(buf)-1; /* reserve space for final \0 */
173 for (ptr=buf; *prefix; *ptr++=*prefix++, len--);
174 while (strlength--&&len--&&*str) *ptr++=toupper(*str++);
175 while (len--&&*postfix) *ptr++=*postfix++;
177 DBG(DBG_CRYPT, DBG_log(__FUNCTION__ "() "
178 "calling enum_search(%p, \"%s\")", ed, buf));
179 ret=enum_search(ed, buf);
184 * Search esp_transformid_names for a match, eg:
185 * "3des" <=> "ESP_3DES"
187 #define ESP_MAGIC_ID 0x00ffff01
189 ealg_getbyname_esp(const char *const str, int len)
194 /* leave special case for eg: "id248" string */
195 if (strcmp("id", str)==0)
197 ret=enum_search_prefix(&esp_transformid_names, "ESP_", str, len);
202 * Search auth_alg_names for a match, eg:
203 * "md5" <=> "AUTH_ALGORITHM_HMAC_MD5"
206 aalg_getbyname_esp(const char *const str, int len)
212 ret=enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_HMAC_",str,len);
213 if (ret>=0) goto out;
214 ret=enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_",str,len);
215 if (ret>=0) goto out;
216 sscanf(str, "id%d%n", &ret, &num);
217 if (ret >=0 && num!=strlen(str))
223 modp_getbyname_esp(const char *const str, int len)
228 ret=enum_search_prefix(&oakley_group_names,"OAKLEY_GROUP_",str,len);
229 if (ret>=0) goto out;
230 ret=enum_search_ppfix(&oakley_group_names, "OAKLEY_GROUP_", " (extension)", str, len);
235 alg_info_free(struct alg_info *alg_info) {
239 * Raw add routine: only checks for no duplicates
242 __alg_info_esp_add (struct alg_info_esp *alg_info, int ealg_id, unsigned ek_bits, int aalg_id, unsigned ak_bits)
244 struct esp_info *esp_info=alg_info->esp;
245 unsigned cnt=alg_info->alg_info_cnt, i;
246 /* check for overflows */
247 passert(cnt < elemsof(alg_info->esp));
248 /* dont add duplicates */
250 if ( esp_info[i].esp_ealg_id==ealg_id &&
251 (!ek_bits || esp_info[i].esp_ealg_keylen==ek_bits) &&
252 esp_info[i].esp_aalg_id==aalg_id &&
253 (!ak_bits || esp_info[i].esp_aalg_keylen==ak_bits))
255 esp_info[cnt].esp_ealg_id=ealg_id;
256 esp_info[cnt].esp_ealg_keylen=ek_bits;
257 esp_info[cnt].esp_aalg_id=aalg_id;
258 esp_info[cnt].esp_aalg_keylen=ak_bits;
260 esp_info[cnt].encryptalg=ealg_id;
261 esp_info[cnt].authalg=alg_info_esp_aa2sadb(aalg_id);
262 alg_info->alg_info_cnt++;
263 DBG(DBG_CRYPT, DBG_log("%s() ealg=%d aalg=%d cnt=%d", __FUNCTION__,
264 ealg_id, aalg_id, alg_info->alg_info_cnt));
268 * Add ESP alg info _with_ logic (policy):
271 alg_info_esp_add (struct alg_info *alg_info, int ealg_id, int ek_bits, int aalg_id, int ak_bits)
273 /* Policy: default to 3DES */
278 __alg_info_esp_add((struct alg_info_esp *)alg_info,
282 /* Policy: default to MD5 and SHA1 */
283 __alg_info_esp_add((struct alg_info_esp *)alg_info,
285 AUTH_ALGORITHM_HMAC_MD5, ak_bits);
286 __alg_info_esp_add((struct alg_info_esp *)alg_info,
288 AUTH_ALGORITHM_HMAC_SHA1, ak_bits);
293 /**************************************
297 *************************************/
299 * Search oakley_enc_names for a match, eg:
300 * "3des_cbc" <=> "OAKLEY_3DES_CBC"
303 ealg_getbyname_ike(const char *const str, int len)
308 ret=enum_search_prefix(&oakley_enc_names,"OAKLEY_",str,len);
309 if (ret>=0) goto out;
310 ret=enum_search_ppfix(&oakley_enc_names, "OAKLEY_", "_CBC", str, len);
315 * Search oakley_hash_names for a match, eg:
316 * "md5" <=> "OAKLEY_MD5"
319 aalg_getbyname_ike(const char *const str, int len)
325 ret=enum_search_prefix(&oakley_hash_names,"OAKLEY_",str,len);
326 if (ret>=0) goto out;
327 sscanf(str, "id%d%n", &ret, &num);
328 if (ret >=0 && num!=strlen(str))
334 * Search oakley_group_names for a match, eg:
335 * "modp1024" <=> "OAKLEY_GROUP_MODP1024"
338 modp_getbyname_ike(const char *const str, int len)
343 ret=enum_search_prefix(&oakley_group_names,"OAKLEY_GROUP_",str,len);
344 if (ret>=0) goto out;
345 ret=enum_search_ppfix(&oakley_group_names, "OAKLEY_GROUP_", " (extension)", str, len);
350 __alg_info_ike_add (struct alg_info_ike *alg_info, int ealg_id, unsigned ek_bits, int aalg_id, unsigned ak_bits, int modp_id)
352 struct ike_info *ike_info=alg_info->ike;
353 unsigned cnt=alg_info->alg_info_cnt, i;
354 /* check for overflows */
355 passert(cnt < elemsof(alg_info->ike));
356 /* dont add duplicates */
358 if ( ike_info[i].ike_ealg==ealg_id &&
359 (!ek_bits || ike_info[i].ike_eklen==ek_bits) &&
360 ike_info[i].ike_halg==aalg_id &&
361 (!ak_bits || ike_info[i].ike_hklen==ak_bits) &&
362 ike_info[i].ike_modp==modp_id
365 ike_info[cnt].ike_ealg=ealg_id;
366 ike_info[cnt].ike_eklen=ek_bits;
367 ike_info[cnt].ike_halg=aalg_id;
368 ike_info[cnt].ike_hklen=ak_bits;
369 ike_info[cnt].ike_modp=modp_id;
370 alg_info->alg_info_cnt++;
371 DBG(DBG_CRYPT, DBG_log("%s() ealg=%d aalg=%d modp_id=%d, cnt=%d",
373 ealg_id, aalg_id, modp_id,
374 alg_info->alg_info_cnt));
378 * Proposals will be built by looping over default_ike_groups array and
379 * merging alg_info (ike_info) contents
383 static int default_ike_groups[] = {
384 OAKLEY_GROUP_MODP1536,
385 OAKLEY_GROUP_MODP1024
389 * Add IKE alg info _with_ logic (policy):
392 alg_info_ike_add (struct alg_info *alg_info, int ealg_id, int ek_bits, int aalg_id, int ak_bits, int modp_id)
395 n_groups=elemsof(default_ike_groups);
396 /* if specified modp_id avoid loop over default_ike_groups */
402 for (;n_groups--;i++) {
403 modp_id=default_ike_groups[i];
405 /* Policy: default to 3DES */
407 ealg_id=OAKLEY_3DES_CBC;
410 __alg_info_ike_add((struct alg_info_ike *)alg_info,
415 /* Policy: default to MD5 and SHA */
416 __alg_info_ike_add((struct alg_info_ike *)alg_info,
418 OAKLEY_MD5, ak_bits, modp_id);
419 __alg_info_ike_add((struct alg_info_ike *)alg_info,
421 OAKLEY_SHA, ak_bits, modp_id);
426 #endif /* NO_PLUTO */
429 * Creates a new alg_info by parsing passed string
431 enum parser_state_esp {
433 ST_EA, /* encrypt algo */
435 ST_EK, /* enc. key length */
437 ST_AA, /* auth algo */
439 ST_AK, /* auth. key length */
441 ST_MODP, /* modp spec */
447 static const char *parser_state_esp_names[] = {
463 static const char *parser_state_name_esp(enum parser_state_esp state) {
464 return parser_state_esp_names[state];
466 /* XXX:jjo to implement different parser for ESP and IKE */
467 struct parser_context {
468 unsigned state, old_state;
473 int (*ealg_getbyname)(const char *const str, int len);
474 int (*aalg_getbyname)(const char *const str, int len);
475 int (*modp_getbyname)(const char *const str, int len);
484 static inline void parser_set_state(struct parser_context *p_ctx, enum parser_state_esp state) {
485 if (state!=p_ctx->state) {
486 p_ctx->old_state=p_ctx->state;
492 parser_machine(struct parser_context *p_ctx)
495 /* special 'absolute' cases */
496 p_ctx->err="No error.";
498 /* chars that end algo strings */
500 case 0: /* end-of-string */
501 case '!': /* flag as strict algo list */
502 case ',': /* algo string separator */
503 switch(p_ctx->state) {
511 enum parser_state_esp next_state=0;
513 case 0: next_state=ST_EOF;break;
514 case ',': next_state=ST_END;break;
515 case '!': next_state=ST_FLAG_STRICT;break;
517 /* ch? parser_set_state(p_ctx, ST_END) : parser_set_state(p_ctx, ST_EOF) ; */
518 parser_set_state(p_ctx, next_state);
522 p_ctx->err="String ended with invalid char";
527 switch(p_ctx->state) {
532 *(p_ctx->ealg_str++)=ch;
533 parser_set_state(p_ctx, ST_EA);
536 p_ctx->err="No alphanum. char initially found";
539 if (isalpha(ch) || ch == '_') {
540 *(p_ctx->ealg_str++)=ch;
544 /* bravely switch to enc keylen */
545 *(p_ctx->ealg_str)=0;
546 parser_set_state(p_ctx, ST_EK);
550 *(p_ctx->ealg_str)=0;
551 parser_set_state(p_ctx, ST_EA_END);
554 p_ctx->err="No valid char found after enc alg string";
558 /* bravely switch to enc keylen */
559 parser_set_state(p_ctx, ST_EK);
563 parser_set_state(p_ctx, ST_AA);
566 p_ctx->err="No alphanum char found after enc alg separator";
570 parser_set_state(p_ctx, ST_EK_END);
574 p_ctx->eklen=p_ctx->eklen*10+ch-'0';
577 p_ctx->err="Non digit or valid separator found while reading enc keylen";
581 parser_set_state(p_ctx, ST_AA);
584 p_ctx->err="Non alpha char found after enc keylen end separator";
588 *(p_ctx->aalg_str++)=0;
589 parser_set_state(p_ctx, ST_AA_END);
592 if (isalnum(ch) || ch=='_') {
593 *(p_ctx->aalg_str++)=ch;
596 p_ctx->err="Non alphanum or valid separator found in auth string";
600 parser_set_state(p_ctx, ST_AK);
603 /* Only allow modpXXXX string if we have
604 * a modp_getbyname method
606 if ((p_ctx->modp_getbyname) && isalpha(ch)) {
607 parser_set_state(p_ctx, ST_MODP);
610 p_ctx->err="Non initial digit found for auth keylen";
614 parser_set_state(p_ctx, ST_AK_END);
618 p_ctx->aklen=p_ctx->aklen*10+ch-'0';
621 p_ctx->err="Non digit found for auth keylen";
624 /* Only allow modpXXXX string if we have
625 * a modp_getbyname method
627 if ((p_ctx->modp_getbyname) && isalpha(ch)) {
628 parser_set_state(p_ctx, ST_MODP);
631 p_ctx->err="Non alpha char found after auth keylen";
635 *(p_ctx->modp_str++)=ch;
638 p_ctx->err="Non alphanum char found after in modp string";
642 parser_set_state(p_ctx, ST_END);
644 p_ctx->err="Flags character(s) must be at end of whole string";
657 parser_set_state(p_ctx, ST_ERR);
661 * Must be called for each "new" char, with new
662 * character in ctx.ch
665 parser_init(struct parser_context *p_ctx, unsigned protoid)
667 memset(p_ctx, 0, sizeof (*p_ctx));
668 p_ctx->protoid=protoid; /* XXX: jjo */
669 p_ctx->protoid=PROTO_IPSEC_ESP;
670 p_ctx->ealg_str=p_ctx->ealg_buf;
671 p_ctx->aalg_str=p_ctx->aalg_buf;
672 p_ctx->modp_str=p_ctx->modp_buf;
676 p_ctx->ealg_getbyname=ealg_getbyname_ike;
677 p_ctx->aalg_getbyname=aalg_getbyname_ike;
678 p_ctx->modp_getbyname=modp_getbyname_ike;
680 case PROTO_IPSEC_ESP:
681 p_ctx->ealg_getbyname=ealg_getbyname_esp;
682 p_ctx->aalg_getbyname=aalg_getbyname_esp;
687 parser_alg_info_add(struct parser_context *p_ctx, struct alg_info *alg_info)
689 int ealg_id, aalg_id;
692 const struct oakley_group_desc *gd;
695 if (*p_ctx->ealg_buf) {
696 ealg_id=p_ctx->ealg_getbyname(p_ctx->ealg_buf, strlen(p_ctx->ealg_buf));
697 if (ealg_id==ESP_MAGIC_ID) {
698 ealg_id=p_ctx->eklen;
702 p_ctx->err="enc_alg not found";
705 DBG(DBG_CRYPT, DBG_log("%s() ealg_getbyname(\"%s\")=%d",
710 if (*p_ctx->aalg_buf) {
711 aalg_id=p_ctx->aalg_getbyname(p_ctx->aalg_buf, strlen(p_ctx->aalg_buf));
713 p_ctx->err="hash_alg not found";
716 DBG(DBG_CRYPT, DBG_log("%s() aalg_getbyname(\"%s\")=%d",
721 if (p_ctx->modp_getbyname && *p_ctx->modp_buf) {
722 modp_id=p_ctx->modp_getbyname(p_ctx->modp_buf, strlen(p_ctx->modp_buf));
724 p_ctx->err="modp group not found";
727 DBG(DBG_CRYPT, DBG_log("%s() modp_getbyname(\"%s\")=%d",
732 switch(alg_info->alg_info_protoid) {
733 case PROTO_IPSEC_ESP:
734 alg_info_esp_add(alg_info,
735 ealg_id, p_ctx->eklen,
736 aalg_id, p_ctx->aklen);
740 if (modp_id && !(gd=lookup_group(modp_id))) {
741 p_ctx->err="found modp group id, but not supported";
744 alg_info_ike_add(alg_info,
745 ealg_id, p_ctx->eklen,
746 aalg_id, p_ctx->aklen,
758 alg_info_parse_str (struct alg_info *alg_info, const char *alg_str, const char **err_p)
760 struct parser_context ctx;
763 static char err_buf[256];
765 parser_init(&ctx, alg_info->alg_info_protoid);
766 if (err_p) *err_p=NULL;
767 /* use default if nul esp string */
769 switch (alg_info->alg_info_protoid) {
772 alg_info_ike_add(alg_info, 0, 0, 0, 0, 0);
775 case PROTO_IPSEC_ESP:
776 alg_info_esp_add(alg_info, 0, 0, 0, 0);
780 passert(alg_info->alg_info_protoid);
784 for(ret=0,ptr=alg_str;ret<ST_EOF;) {
786 ret= parser_machine(&ctx);
789 alg_info->alg_info_flags |= ALG_INFO_F_STRICT;
793 DBG(DBG_CRYPT, DBG_log("%s() "
794 "ealg_buf=%s aalg_buf=%s"
797 ctx.ealg_buf, ctx.aalg_buf,
798 ctx.eklen, ctx.aklen));
799 if (parser_alg_info_add(&ctx, alg_info)<0) {
800 snprintf(err_buf, sizeof(err_buf),
801 "%s, enc_alg=\"%s\", auth_alg=\"%s\", "
809 /* zero out for next run (ST_END) */
810 parser_init(&ctx, alg_info->alg_info_protoid);
813 snprintf(err_buf, sizeof(err_buf),
815 "just after \"%.*s\""
818 ptr-alg_str-1, alg_str ,
819 parser_state_name_esp(ctx.old_state) );
833 struct alg_info_esp *
834 alg_info_esp_create_from_str (const char *alg_str, const char **err_p)
836 struct alg_info_esp *alg_info_esp;
838 static char err_buf[256];
842 * alg_info storage should be sized dynamically
843 * but this may require 2passes to know
844 * transform count in advance.
846 alg_info_esp=alloc_thing (struct alg_info_esp, "alg_info_esp");
847 if (!alg_info_esp) goto out;
848 pfs_name=index (alg_str, ';');
850 memcpy(esp_buf, alg_str, pfs_name-alg_str);
851 esp_buf[pfs_name-alg_str] = 0;
854 /* if pfs strings AND first char is not '0' */
855 if (*pfs_name && pfs_name[0]!='0') {
856 ret=modp_getbyname_esp(pfs_name, strlen(pfs_name));
858 /* Bomb if pfsgroup not found */
859 DBG(DBG_CRYPT, DBG_log("%s(): "
860 "pfsgroup \"%s\" not found",
864 snprintf(err_buf, sizeof(err_buf),
865 "pfsgroup \"%s\" not found",
871 alg_info_esp->esp_pfsgroup=ret;
874 alg_info_esp->alg_info_protoid=PROTO_IPSEC_ESP;
875 ret=alg_info_parse_str((struct alg_info *)alg_info_esp, alg_str, err_p) ;
879 pfreeany(alg_info_esp);
886 struct alg_info_ike *
887 alg_info_ike_create_from_str (const char *alg_str, const char **err_p)
889 struct alg_info_ike *alg_info_ike;
891 * alg_info storage should be sized dynamically
892 * but this may require 2passes to know
893 * transform count in advance.
895 alg_info_ike=alloc_thing (struct alg_info_ike, "alg_info_ike");
896 if (!alg_info_ike) goto out;
897 alg_info_ike->alg_info_protoid=PROTO_ISAKMP;
898 if (alg_info_parse_str((struct alg_info *)alg_info_ike,
901 pfreeany(alg_info_ike);
909 * alg_info struct can be shared by
910 * several connections instances,
911 * handle free() with ref_cnts
914 alg_info_addref(struct alg_info *alg_info)
916 if (alg_info != NULL) {
918 DBG(DBG_CRYPT, DBG_log("%s() alg_info->ref_cnt=%d",
919 __FUNCTION__, alg_info->ref_cnt));
923 alg_info_delref(struct alg_info **alg_info_p)
925 struct alg_info *alg_info=*alg_info_p;
926 if (alg_info != NULL) {
927 passert(alg_info->ref_cnt != 0);
929 DBG(DBG_CRYPT, DBG_log("%s() alg_info->ref_cnt=%d",
930 __FUNCTION__, alg_info->ref_cnt));
931 if (alg_info->ref_cnt==0) {
932 DBG(DBG_CRYPT, DBG_log("%s() freeing alg_info",
934 alg_info_free(alg_info);
940 /* snprint already parsed transform list (alg_info) */
942 alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info)
946 struct esp_info *esp_info;
948 struct ike_info *ike_info;
951 /* ptr+=sprintf(buf, "{ealg[eklen],aalg[aklen]} = "); */
953 switch(alg_info->alg_info_protoid) {
954 case PROTO_IPSEC_ESP:
956 struct alg_info_esp *alg_info_esp=(struct alg_info_esp *)alg_info;
957 ALG_INFO_ESP_FOREACH(alg_info_esp, esp_info, cnt) {
958 np=snprintf(ptr, buflen, "%d_%03d-%d, "
959 , esp_info->esp_ealg_id
960 , esp_info->esp_ealg_keylen
961 , esp_info->esp_aalg_id);
965 if (alg_info_esp->esp_pfsgroup) {
966 np=snprintf(ptr, buflen, "; pfsgroup=%d; "
967 , alg_info_esp->esp_pfsgroup);
975 ALG_INFO_IKE_FOREACH((struct alg_info_ike *)alg_info, ike_info, cnt) {
976 np=snprintf(ptr, buflen, "%d_%03d-%d-%d, ",
987 np=snprintf(buf, buflen, "INVALID protoid=%d\n",
988 alg_info->alg_info_protoid);
991 ptr+=sprintf(ptr, "flags=%s",
992 alg_info->alg_info_flags&ALG_INFO_F_STRICT?
1000 alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info)
1004 struct esp_info *esp_info;
1007 /* ptr+=sprintf(buf, "{ealg[eklen],aalg[aklen]} = "); */
1010 ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) {
1011 if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL) &&
1012 (kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL))) {
1013 eklen=esp_info->esp_ealg_keylen;
1015 eklen=kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)*BITS_PER_BYTE;
1016 aklen=esp_info->esp_aalg_keylen;
1018 aklen=kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)*BITS_PER_BYTE;
1019 ret=snprintf(ptr, buflen, "%d/%03d-%d/%03d, ",
1020 esp_info->esp_ealg_id,
1022 esp_info->esp_aalg_id,
1032 alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info)
1036 struct ike_info *ike_info;
1039 struct encrypt_desc *enc_desc;
1040 struct hash_desc *hash_desc;
1041 /* ptr+=sprintf(buf, "{ealg[eklen],aalg[aklen]} = "); */
1044 ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) {
1045 if (ike_alg_enc_present(ike_info->ike_ealg) &&
1046 (ike_alg_hash_present(ike_info->ike_halg))) {
1047 enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg);
1048 passert(enc_desc != NULL);
1049 hash_desc=ike_alg_get_hasher(ike_info->ike_halg);
1050 passert(hash_desc != NULL);
1052 eklen=ike_info->ike_eklen;
1054 eklen=enc_desc->keydeflen;
1055 aklen=ike_info->ike_hklen;
1057 aklen=hash_desc->hash_digest_size * BITS_PER_BYTE;
1058 ret=snprintf(ptr, buflen, "%d_%03d-%d_%03d-%d, ",
1063 ike_info->ike_modp);
1070 #endif /* NO_PLUTO */