"Fossies" - the Fresh Open Source Software Archive

Member "vpnc-0.5.3/supp.c" (19 Nov 2008, 3941 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "supp.c" see the Fossies "Dox" file reference documentation.

    1 /* Algorithm support checks
    2    Copyright (C) 2005 Maurice Massar
    3    Reorganised 2006 by Dan Villiom Podlaski Christiansen
    4 
    5    This program is free software; you can redistribute it and/or modify
    6    it under the terms of the GNU General Public License as published by
    7    the Free Software Foundation; either version 2 of the License, or
    8    (at your option) any later version.
    9    
   10    This program is distributed in the hope that it will be useful,
   11    but WITHOUT ANY WARRANTY; without even the implied warranty of
   12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   13    GNU General Public License for more details.
   14    
   15    You should have received a copy of the GNU General Public License
   16    along with this program; if not, write to the Free Software
   17    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   18 
   19    $Id: supp.c 312 2008-06-15 18:09:42Z Joerg Mayer $
   20 */
   21 
   22 #include "supp.h"
   23 #include "math_group.h"
   24 #include "config.h"
   25 #include "isakmp.h"
   26 
   27 #include <gcrypt.h>
   28 #include <stdlib.h>
   29 
   30 const supported_algo_t supp_dh_group[] = {
   31     {"nopfs", 0, 0, 0, 0},
   32     {"dh1", OAKLEY_GRP_1, IKE_GROUP_MODP_768,  IKE_GROUP_MODP_768,  0},
   33     {"dh2", OAKLEY_GRP_2, IKE_GROUP_MODP_1024, IKE_GROUP_MODP_1024, 0},
   34     {"dh5", OAKLEY_GRP_5, IKE_GROUP_MODP_1536, IKE_GROUP_MODP_1536, 0},
   35     /*{ "dh7", OAKLEY_GRP_7, IKE_GROUP_EC2N_163K, IKE_GROUP_EC2N_163K, 0 } note: code missing */
   36     {NULL, 0, 0, 0, 0}
   37 };
   38 
   39 const supported_algo_t supp_hash[] = {
   40     {"md5", GCRY_MD_MD5, IKE_HASH_MD5, IPSEC_AUTH_HMAC_MD5, 0},
   41     {"sha1", GCRY_MD_SHA1, IKE_HASH_SHA, IPSEC_AUTH_HMAC_SHA, 0},
   42     {NULL, 0, 0, 0, 0}
   43 };
   44 
   45 const supported_algo_t supp_crypt[] = {
   46     {"null", GCRY_CIPHER_NONE, IKE_ENC_NO_CBC, ISAKMP_IPSEC_ESP_NULL, 0},
   47     {"des", GCRY_CIPHER_DES, IKE_ENC_DES_CBC, ISAKMP_IPSEC_ESP_DES, 0},
   48     {"3des", GCRY_CIPHER_3DES, IKE_ENC_3DES_CBC, ISAKMP_IPSEC_ESP_3DES, 0},
   49     {"aes128", GCRY_CIPHER_AES128, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 128},
   50     {"aes192", GCRY_CIPHER_AES192, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 192},
   51     {"aes256", GCRY_CIPHER_AES256, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 256},
   52     {NULL, 0, 0, 0, 0}
   53 };
   54 
   55 const supported_algo_t supp_auth[] = {
   56     {"psk", 0, IKE_AUTH_PRESHARED, 0, 0},
   57     {"psk+xauth", 0, IKE_AUTH_XAUTHInitPreShared, 0, 0},
   58 #ifdef OPENSSL_GPL_VIOLATION
   59 #if 0
   60     {"cert(dsa)", 0, IKE_AUTH_RSA_SIG, 0, 0},
   61     {"cert(rsasig)", 0, IKE_AUTH_DSS, 0, 0},
   62     {"hybrid(dsa)", 0, IKE_AUTH_DSS, 0, 0},
   63 #endif /* 0 */
   64     {"hybrid(rsa)", 0, IKE_AUTH_HybridInitRSA, 0, 0},
   65 #endif /* OPENSSL_GPL_VIOLATION */
   66     {NULL, 0, 0, 0, 0}
   67 };
   68 
   69 const supported_algo_t *get_algo(enum algo_group what, enum supp_algo_key key, int id,
   70     const char *name, int keylen)
   71 {
   72     const supported_algo_t *sa = NULL;
   73     int i = 0, val = 0;
   74     const char *valname = NULL;
   75 
   76     switch (what) {
   77     case SUPP_ALGO_DH_GROUP:
   78         sa = supp_dh_group;
   79         break;
   80     case SUPP_ALGO_HASH:
   81         sa = supp_hash;
   82         break;
   83     case SUPP_ALGO_CRYPT:
   84         sa = supp_crypt;
   85         break;
   86     case SUPP_ALGO_AUTH:
   87         sa = supp_auth;
   88         break;
   89     default:
   90         abort();
   91     }
   92 
   93     for (i = 0; sa[i].name != NULL; i++) {
   94         switch (key) {
   95         case SUPP_ALGO_NAME:
   96             valname = sa[i].name;
   97             break;
   98         case SUPP_ALGO_MY_ID:
   99             val = sa[i].my_id;
  100             break;
  101         case SUPP_ALGO_IKE_SA:
  102             val = sa[i].ike_sa_id;
  103             break;
  104         case SUPP_ALGO_IPSEC_SA:
  105             val = sa[i].ipsec_sa_id;
  106             break;
  107         default:
  108             abort();
  109         }
  110         if ((key == SUPP_ALGO_NAME) ? !strcasecmp(name, valname) : (val == id))
  111             if (keylen == sa[i].keylen)
  112                 return sa + i;
  113     }
  114 
  115     return NULL;
  116 }
  117 
  118 const supported_algo_t *get_dh_group_ike(void)
  119 {
  120     return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, config[CONFIG_IKE_DH], 0);
  121 }
  122 const supported_algo_t *get_dh_group_ipsec(int server_setting)
  123 {
  124     const char *pfs_setting = config[CONFIG_IPSEC_PFS];
  125 
  126     if (!strcmp(config[CONFIG_IPSEC_PFS], "server")) {
  127         /* treat server_setting == -1 (unknown) as 0 */
  128         pfs_setting = (server_setting == 1) ? "dh2" : "nopfs";
  129     }
  130 
  131     return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, pfs_setting, 0);
  132 }