vpnc: supp.c | Fossies

"Fossies" - the Fresh Open Source Software Archive

Member "vpnc-0.5.3/supp.c" (19 Nov 2008, 3941 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "supp.c" see the Fossies "Dox" file reference documentation.

1 /* Algorithm support checks 2 Copyright (C) 2005 Maurice Massar 3 Reorganised 2006 by Dan Villiom Podlaski Christiansen 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License as published by 7 the Free Software Foundation; either version 2 of the License, or 8 (at your option) any later version. 9 10 This program is distributed in the hope that it will be useful, 11 but WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public License 16 along with this program; if not, write to the Free Software 17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 19 $Id: supp.c 312 2008-06-15 18:09:42Z Joerg Mayer $ 20 */ 21 22 #include "supp.h" 23 #include "math_group.h" 24 #include "config.h" 25 #include "isakmp.h" 26 27 #include <gcrypt.h> 28 #include <stdlib.h> 29 30 const supported_algo_t supp_dh_group[] = { 31 {"nopfs", 0, 0, 0, 0}, 32 {"dh1", OAKLEY_GRP_1, IKE_GROUP_MODP_768, IKE_GROUP_MODP_768, 0}, 33 {"dh2", OAKLEY_GRP_2, IKE_GROUP_MODP_1024, IKE_GROUP_MODP_1024, 0}, 34 {"dh5", OAKLEY_GRP_5, IKE_GROUP_MODP_1536, IKE_GROUP_MODP_1536, 0}, 35 /*{ "dh7", OAKLEY_GRP_7, IKE_GROUP_EC2N_163K, IKE_GROUP_EC2N_163K, 0 } note: code missing */ 36 {NULL, 0, 0, 0, 0} 37 }; 38 39 const supported_algo_t supp_hash[] = { 40 {"md5", GCRY_MD_MD5, IKE_HASH_MD5, IPSEC_AUTH_HMAC_MD5, 0}, 41 {"sha1", GCRY_MD_SHA1, IKE_HASH_SHA, IPSEC_AUTH_HMAC_SHA, 0}, 42 {NULL, 0, 0, 0, 0} 43 }; 44 45 const supported_algo_t supp_crypt[] = { 46 {"null", GCRY_CIPHER_NONE, IKE_ENC_NO_CBC, ISAKMP_IPSEC_ESP_NULL, 0}, 47 {"des", GCRY_CIPHER_DES, IKE_ENC_DES_CBC, ISAKMP_IPSEC_ESP_DES, 0}, 48 {"3des", GCRY_CIPHER_3DES, IKE_ENC_3DES_CBC, ISAKMP_IPSEC_ESP_3DES, 0}, 49 {"aes128", GCRY_CIPHER_AES128, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 128}, 50 {"aes192", GCRY_CIPHER_AES192, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 192}, 51 {"aes256", GCRY_CIPHER_AES256, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 256}, 52 {NULL, 0, 0, 0, 0} 53 }; 54 55 const supported_algo_t supp_auth[] = { 56 {"psk", 0, IKE_AUTH_PRESHARED, 0, 0}, 57 {"psk+xauth", 0, IKE_AUTH_XAUTHInitPreShared, 0, 0}, 58 #ifdef OPENSSL_GPL_VIOLATION 59 #if 0 60 {"cert(dsa)", 0, IKE_AUTH_RSA_SIG, 0, 0}, 61 {"cert(rsasig)", 0, IKE_AUTH_DSS, 0, 0}, 62 {"hybrid(dsa)", 0, IKE_AUTH_DSS, 0, 0}, 63 #endif /* 0 */ 64 {"hybrid(rsa)", 0, IKE_AUTH_HybridInitRSA, 0, 0}, 65 #endif /* OPENSSL_GPL_VIOLATION */ 66 {NULL, 0, 0, 0, 0} 67 }; 68 69 const supported_algo_t *get_algo(enum algo_group what, enum supp_algo_key key, int id, 70 const char *name, int keylen) 71 { 72 const supported_algo_t *sa = NULL; 73 int i = 0, val = 0; 74 const char *valname = NULL; 75 76 switch (what) { 77 case SUPP_ALGO_DH_GROUP: 78 sa = supp_dh_group; 79 break; 80 case SUPP_ALGO_HASH: 81 sa = supp_hash; 82 break; 83 case SUPP_ALGO_CRYPT: 84 sa = supp_crypt; 85 break; 86 case SUPP_ALGO_AUTH: 87 sa = supp_auth; 88 break; 89 default: 90 abort(); 91 } 92 93 for (i = 0; sa[i].name != NULL; i++) { 94 switch (key) { 95 case SUPP_ALGO_NAME: 96 valname = sa[i].name; 97 break; 98 case SUPP_ALGO_MY_ID: 99 val = sa[i].my_id; 100 break; 101 case SUPP_ALGO_IKE_SA: 102 val = sa[i].ike_sa_id; 103 break; 104 case SUPP_ALGO_IPSEC_SA: 105 val = sa[i].ipsec_sa_id; 106 break; 107 default: 108 abort(); 109 } 110 if ((key == SUPP_ALGO_NAME) ? !strcasecmp(name, valname) : (val == id)) 111 if (keylen == sa[i].keylen) 112 return sa + i; 113 } 114 115 return NULL; 116 } 117 118 const supported_algo_t *get_dh_group_ike(void) 119 { 120 return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, config[CONFIG_IKE_DH], 0); 121 } 122 const supported_algo_t *get_dh_group_ipsec(int server_setting) 123 { 124 const char *pfs_setting = config[CONFIG_IPSEC_PFS]; 125 126 if (!strcmp(config[CONFIG_IPSEC_PFS], "server")) { 127 /* treat server_setting == -1 (unknown) as 0 */ 128 pfs_setting = (server_setting == 1) ? "dh2" : "nopfs"; 129 } 130 131 return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, pfs_setting, 0); 132 }