Add SHA2 support
This commit is contained in:
manu
parent
7736ad81cf
commit
132d72e25b
|
|
@ -31,6 +31,14 @@
|
|||
on phase 2 initiation retries when the phase 2 had been queued
|
||||
for a phase 1.
|
||||
|
||||
2005-06-19 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
From Uri <urimobile@optonline.net> and Larry Baird <lab@gta.com>:
|
||||
* src/libipsec/pfkey_dump.c src/setkey/test-pfkey.c
|
||||
src/racoon/{algorithm.c|cftoken.l|eaytest.c|ipsec_doi.c}
|
||||
src/racoon/{ipsec_doi.h|pfkey.c|strnames.c}: Add SHA2 support
|
||||
|
||||
|
||||
2005-06-07 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
From Larry Baird <lab@gta.com>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: pfkey_dump.c,v 1.6 2005/06/28 16:04:54 christos Exp $ */
|
||||
/* $NetBSD: pfkey_dump.c,v 1.7 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
|
||||
|
||||
|
|
@ -160,13 +160,13 @@ static struct val2str str_alg_auth[] = {
|
|||
{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
|
||||
#endif
|
||||
#ifdef SADB_X_AALG_SHA2_256
|
||||
{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
|
||||
{ SADB_X_AALG_SHA2_256, "hmac-sha256", },
|
||||
#endif
|
||||
#ifdef SADB_X_AALG_SHA2_384
|
||||
{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
|
||||
{ SADB_X_AALG_SHA2_384, "hmac-sha384", },
|
||||
#endif
|
||||
#ifdef SADB_X_AALG_SHA2_512
|
||||
{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
|
||||
{ SADB_X_AALG_SHA2_512, "hmac-sha512", },
|
||||
#endif
|
||||
#ifdef SADB_X_AALG_RIPEMD160HMAC
|
||||
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: algorithm.c,v 1.1.1.2 2005/02/23 14:54:11 manu Exp $ */
|
||||
/* $NetBSD: algorithm.c,v 1.2 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* Id: algorithm.c,v 1.11 2004/10/24 17:36:46 manubsd Exp */
|
||||
|
||||
|
|
@ -194,15 +194,15 @@ static struct hmac_algorithm ipsec_hmacdef[] = {
|
|||
NULL, eay_null_hashlen,
|
||||
NULL, },
|
||||
#ifdef WITH_SHA2
|
||||
{ "hmac_sha2_256", algtype_hmac_sha2_256, IPSECDOI_ATTR_SHA2_256,
|
||||
{ "hmac_sha2_256", algtype_hmac_sha2_256,IPSECDOI_ATTR_AUTH_HMAC_SHA2_256,
|
||||
NULL, NULL,
|
||||
NULL, eay_sha2_256_hashlen,
|
||||
NULL, },
|
||||
{ "hmac_sha2_384", algtype_hmac_sha2_384, IPSECDOI_ATTR_SHA2_384,
|
||||
{ "hmac_sha2_384", algtype_hmac_sha2_384,IPSECDOI_ATTR_AUTH_HMAC_SHA2_384,
|
||||
NULL, NULL,
|
||||
NULL, eay_sha2_384_hashlen,
|
||||
NULL, },
|
||||
{ "hmac_sha2_512", algtype_hmac_sha2_512, IPSECDOI_ATTR_SHA2_512,
|
||||
{ "hmac_sha2_512", algtype_hmac_sha2_512,IPSECDOI_ATTR_AUTH_HMAC_SHA2_512,
|
||||
NULL, NULL,
|
||||
NULL, eay_sha2_512_hashlen,
|
||||
NULL, },
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/* $NetBSD: cftoken.l,v 1.2 2005/05/10 09:54:43 manu Exp $ */
|
||||
/* $NetBSD: cftoken.l,v 1.3 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* $Id: cftoken.l,v 1.2 2005/05/10 09:54:43 manu Exp $ */
|
||||
/* $Id: cftoken.l,v 1.3 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
%{
|
||||
/*
|
||||
|
|
@ -400,16 +400,22 @@ non_auth { YYD; yylval.num = algtype_non_auth; return(ALGORITHMTYPE); }
|
|||
hmac_md5 { YYD; yylval.num = algtype_hmac_md5; return(ALGORITHMTYPE); }
|
||||
hmac_sha1 { YYD; yylval.num = algtype_hmac_sha1; return(ALGORITHMTYPE); }
|
||||
hmac_sha2_256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
|
||||
hmac_sha256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
|
||||
hmac_sha2_384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
|
||||
hmac_sha384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
|
||||
hmac_sha2_512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
|
||||
hmac_sha512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
|
||||
des_mac { YYD; yylval.num = algtype_des_mac; return(ALGORITHMTYPE); }
|
||||
kpdk { YYD; yylval.num = algtype_kpdk; return(ALGORITHMTYPE); }
|
||||
md5 { YYD; yylval.num = algtype_md5; return(ALGORITHMTYPE); }
|
||||
sha1 { YYD; yylval.num = algtype_sha1; return(ALGORITHMTYPE); }
|
||||
tiger { YYD; yylval.num = algtype_tiger; return(ALGORITHMTYPE); }
|
||||
sha2_256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
|
||||
sha256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
|
||||
sha2_384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
|
||||
sha384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
|
||||
sha2_512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
|
||||
sha512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
|
||||
oui { YYD; yylval.num = algtype_oui; return(ALGORITHMTYPE); }
|
||||
deflate { YYD; yylval.num = algtype_deflate; return(ALGORITHMTYPE); }
|
||||
lzs { YYD; yylval.num = algtype_lzs; return(ALGORITHMTYPE); }
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: eaytest.c,v 1.1.1.2 2005/02/23 14:54:14 manu Exp $ */
|
||||
/* $NetBSD: eaytest.c,v 1.2 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* Id: eaytest.c,v 1.20.4.1 2005/02/18 10:23:10 manubsd Exp */
|
||||
|
||||
|
|
@ -735,7 +735,11 @@ hmactest(ac, av)
|
|||
vchar_t mod;
|
||||
caddr_t ctx;
|
||||
|
||||
#ifdef WITH_SHA2
|
||||
printf("\n**Test for HMAC MD5, SHA1, and SHA256.**\n");
|
||||
#else
|
||||
printf("\n**Test for HMAC MD5 & SHA1.**\n");
|
||||
#endif
|
||||
|
||||
key = vmalloc(strlen(keyword));
|
||||
memcpy(key->v, keyword, key->l);
|
||||
|
|
@ -774,20 +778,6 @@ hmactest(ac, av)
|
|||
free(mod.v);
|
||||
vfree(res);
|
||||
|
||||
#ifdef WITH_SHA2
|
||||
/* HMAC SHA2 */
|
||||
printf("HMAC SHA2 by eay_hmacsha2_256_one()\n");
|
||||
res = eay_hmacsha2_256_one(key, data);
|
||||
PVDUMP(res);
|
||||
mod.v = str2val(r_hsha2, 16, &mod.l);
|
||||
if (memcmp(res->v, mod.v, mod.l)) {
|
||||
printf(" XXX NG XXX\n");
|
||||
return -1;
|
||||
}
|
||||
free(mod.v);
|
||||
vfree(res);
|
||||
#endif
|
||||
|
||||
/* HMAC SHA1 */
|
||||
printf("HMAC SHA1 by eay_hmacsha1_one()\n");
|
||||
res = eay_hmacsha1_one(key, data);
|
||||
|
|
@ -800,7 +790,7 @@ hmactest(ac, av)
|
|||
free(mod.v);
|
||||
vfree(res);
|
||||
|
||||
/* HMAC MD5 */
|
||||
/* HMAC SHA1 */
|
||||
printf("HMAC SHA1 by eay_hmacsha1_xxx()\n");
|
||||
ctx = eay_hmacsha1_init(key);
|
||||
eay_hmacsha1_update(ctx, data1);
|
||||
|
|
@ -815,6 +805,20 @@ hmactest(ac, av)
|
|||
free(mod.v);
|
||||
vfree(res);
|
||||
|
||||
#ifdef WITH_SHA2
|
||||
/* HMAC SHA2 */
|
||||
printf("HMAC SHA2 by eay_hmacsha2_256_one()\n");
|
||||
res = eay_hmacsha2_256_one(key, data);
|
||||
PVDUMP(res);
|
||||
mod.v = str2val(r_hsha2, 16, &mod.l);
|
||||
if (memcmp(res->v, mod.v, mod.l)) {
|
||||
printf(" XXX NG XXX\n");
|
||||
return -1;
|
||||
}
|
||||
free(mod.v);
|
||||
vfree(res);
|
||||
#endif
|
||||
|
||||
vfree(data);
|
||||
vfree(data1);
|
||||
vfree(data2);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ipsec_doi.c,v 1.7 2005/06/03 22:27:06 manu Exp $ */
|
||||
/* $NetBSD: ipsec_doi.c,v 1.8 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* Id: ipsec_doi.c,v 1.38 2005/05/31 16:07:55 monas Exp */
|
||||
|
||||
|
|
@ -1931,6 +1931,9 @@ check_trns_ah(t_id)
|
|||
switch (t_id) {
|
||||
case IPSECDOI_AH_MD5:
|
||||
case IPSECDOI_AH_SHA:
|
||||
case IPSECDOI_AH_SHA256:
|
||||
case IPSECDOI_AH_SHA384:
|
||||
case IPSECDOI_AH_SHA512:
|
||||
return 0;
|
||||
case IPSECDOI_AH_DES:
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
|
|
@ -2284,6 +2287,24 @@ ahmismatch:
|
|||
goto ahmismatch;
|
||||
}
|
||||
break;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
|
||||
if (proto_id == IPSECDOI_PROTO_IPSEC_AH) {
|
||||
if (trns->t_id != IPSECDOI_AH_SHA256)
|
||||
goto ahmismatch;
|
||||
}
|
||||
break;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
|
||||
if (proto_id == IPSECDOI_PROTO_IPSEC_AH) {
|
||||
if (trns->t_id != IPSECDOI_AH_SHA384)
|
||||
goto ahmismatch;
|
||||
}
|
||||
break;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
|
||||
if (proto_id == IPSECDOI_PROTO_IPSEC_AH) {
|
||||
if (trns->t_id != IPSECDOI_AH_SHA512)
|
||||
goto ahmismatch;
|
||||
}
|
||||
break;
|
||||
case IPSECDOI_ATTR_AUTH_DES_MAC:
|
||||
case IPSECDOI_ATTR_AUTH_KPDK:
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
|
|
@ -4142,6 +4163,12 @@ ipsecdoi_authalg2trnsid(alg)
|
|||
return IPSECDOI_AH_MD5;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
|
||||
return IPSECDOI_AH_SHA;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
|
||||
return IPSECDOI_AH_SHA256;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
|
||||
return IPSECDOI_AH_SHA384;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
|
||||
return IPSECDOI_AH_SHA512;
|
||||
case IPSECDOI_ATTR_AUTH_DES_MAC:
|
||||
return IPSECDOI_AH_DES;
|
||||
case IPSECDOI_ATTR_AUTH_KPDK:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ipsec_doi.h,v 1.1.1.2 2005/02/23 14:54:16 manu Exp $ */
|
||||
/* $NetBSD: ipsec_doi.h,v 1.2 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* Id: ipsec_doi.h,v 1.9 2005/01/29 16:34:24 vanhu Exp */
|
||||
|
||||
|
|
@ -54,9 +54,9 @@
|
|||
#define IPSECDOI_AH_MD5 2
|
||||
#define IPSECDOI_AH_SHA 3
|
||||
#define IPSECDOI_AH_DES 4
|
||||
#define IPSECDOI_AH_SHA2_256 5
|
||||
#define IPSECDOI_AH_SHA2_384 6
|
||||
#define IPSECDOI_AH_SHA2_512 7
|
||||
#define IPSECDOI_AH_SHA256 5
|
||||
#define IPSECDOI_AH_SHA384 6
|
||||
#define IPSECDOI_AH_SHA512 7
|
||||
|
||||
/* 4.4.1 IPSEC Security Protocol Identifiers */
|
||||
#define IPSECDOI_PROTO_IPSEC_ESP 3
|
||||
|
|
@ -119,9 +119,9 @@
|
|||
#define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2
|
||||
#define IPSECDOI_ATTR_AUTH_DES_MAC 3
|
||||
#define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/
|
||||
#define IPSECDOI_ATTR_SHA2_256 5
|
||||
#define IPSECDOI_ATTR_SHA2_384 6
|
||||
#define IPSECDOI_ATTR_SHA2_512 7
|
||||
#define IPSECDOI_ATTR_AUTH_HMAC_SHA2_256 5
|
||||
#define IPSECDOI_ATTR_AUTH_HMAC_SHA2_384 6
|
||||
#define IPSECDOI_ATTR_AUTH_HMAC_SHA2_512 7
|
||||
#define IPSECDOI_ATTR_AUTH_NONE 254 /* NOTE:internal use */
|
||||
/*
|
||||
* When negotiating ESP without authentication, the Auth
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: pfkey.c,v 1.6 2005/07/12 16:24:29 manu Exp $ */
|
||||
/* $NetBSD: pfkey.c,v 1.7 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* Id: pfkey.c,v 1.31.2.1 2005/02/18 10:01:40 vanhu Exp */
|
||||
|
||||
|
|
@ -447,6 +447,24 @@ ipsecdoi2pfkey_aalg(hashtype)
|
|||
return SADB_AALG_MD5HMAC;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
|
||||
return SADB_AALG_SHA1HMAC;
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
|
||||
#if (defined SADB_X_AALG_SHA2_256) && !defined(SADB_X_AALG_SHA2_256HMAC)
|
||||
return SADB_X_AALG_SHA2_256;
|
||||
#else
|
||||
return SADB_X_AALG_SHA2_256HMAC;
|
||||
#endif
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
|
||||
#if (defined SADB_X_AALG_SHA2_384) && !defined(SADB_X_AALG_SHA2_384HMAC)
|
||||
return SADB_X_AALG_SHA2_384;
|
||||
#else
|
||||
return SADB_X_AALG_SHA2_384HMAC;
|
||||
#endif
|
||||
case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
|
||||
#if (defined SADB_X_AALG_SHA2_512) && !defined(SADB_X_AALG_SHA2_512HMAC)
|
||||
return SADB_X_AALG_SHA2_512;
|
||||
#else
|
||||
return SADB_X_AALG_SHA2_512HMAC;
|
||||
#endif
|
||||
case IPSECDOI_ATTR_AUTH_KPDK: /* need special care */
|
||||
return SADB_AALG_NONE;
|
||||
|
||||
|
|
@ -2131,7 +2149,7 @@ pk_recvspdupdate(mhp)
|
|||
sp = getsp(&spidx);
|
||||
if (sp == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"such policy does not already exist: %s\n",
|
||||
"such policy does not already exist: \"%s\"\n",
|
||||
spidx2str(&spidx));
|
||||
} else {
|
||||
remsp(sp);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
.\" $NetBSD: racoon.conf.5,v 1.17 2005/07/07 12:34:17 tron Exp $
|
||||
.\" $NetBSD: racoon.conf.5,v 1.18 2005/07/12 16:49:52 manu Exp $
|
||||
.\"
|
||||
.\" $Id: racoon.conf.5,v 1.17 2005/07/07 12:34:17 tron Exp $
|
||||
.\" $Id: racoon.conf.5,v 1.18 2005/07/12 16:49:52 manu Exp $
|
||||
.\"
|
||||
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
.\" All rights reserved.
|
||||
|
|
@ -736,7 +736,7 @@ define the hash algorithm used for the phase 1 negotiation.
|
|||
This directive must be defined.
|
||||
.Ar algorithm
|
||||
is one of following:
|
||||
.Ic md5, sha1
|
||||
.Ic md5, sha1, sha256, sha384, sha512
|
||||
for Oakley.
|
||||
.\"
|
||||
.It Ic authentication_method Ar type ;
|
||||
|
|
@ -882,7 +882,7 @@ Note that the kernel may not support the algorithm you have specified.
|
|||
.\"
|
||||
.It Ic authentication_algorithm Ar algorithms ;
|
||||
.Ic des , 3des , des_iv64 , des_iv32 ,
|
||||
.Ic hmac_md5 , hmac_sha1 , non_auth
|
||||
.Ic hmac_md5 , hmac_sha1 , hmac_sha256, hmac_sha384, hmac_sha512, non_auth
|
||||
.Pq used with ESP authentication and AH
|
||||
.\"
|
||||
.It Ic compression_algorithm Ar algorithms ;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: strnames.c,v 1.1.1.2 2005/02/23 14:54:28 manu Exp $ */
|
||||
/* $NetBSD: strnames.c,v 1.2 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* $KAME: strnames.c,v 1.25 2003/11/13 10:53:26 itojun Exp $ */
|
||||
|
||||
|
|
@ -357,6 +357,9 @@ static struct ksmap name_ipsecdoi_trns_ah[] = {
|
|||
{ IPSECDOI_AH_MD5, "MD5", NULL },
|
||||
{ IPSECDOI_AH_SHA, "SHA", NULL },
|
||||
{ IPSECDOI_AH_DES, "DES", NULL },
|
||||
{ IPSECDOI_AH_SHA256, "SHA256", NULL },
|
||||
{ IPSECDOI_AH_SHA384, "SHA384", NULL },
|
||||
{ IPSECDOI_AH_SHA512, "SHA512", NULL },
|
||||
};
|
||||
|
||||
char *
|
||||
|
|
@ -487,10 +490,13 @@ s_ipsecdoi_encmode(k)
|
|||
}
|
||||
|
||||
static struct ksmap name_attr_ipsec_auth[] = {
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_MD5, "hmac-md5", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_SHA1, "hmac-sha", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_DES_MAC, "des-mac", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_KPDK, "kpdk", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_MD5, "hmac-md5", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_SHA1, "hmac-sha", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_SHA2_256, "hmac-sha256", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_SHA2_384, "hmac-sha384", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_HMAC_SHA2_512, "hmac-sha512", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_DES_MAC, "des-mac", NULL },
|
||||
{ IPSECDOI_ATTR_AUTH_KPDK, "kpdk", NULL },
|
||||
};
|
||||
|
||||
char *
|
||||
|
|
@ -598,6 +604,9 @@ static struct ksmap name_attr_isakmp_hash[] = {
|
|||
{ OAKLEY_ATTR_HASH_ALG_MD5, "MD5", NULL },
|
||||
{ OAKLEY_ATTR_HASH_ALG_SHA, "SHA", NULL },
|
||||
{ OAKLEY_ATTR_HASH_ALG_TIGER, "Tiger", NULL },
|
||||
{ OAKLEY_ATTR_HASH_ALG_SHA2_256,"SHA256", NULL },
|
||||
{ OAKLEY_ATTR_HASH_ALG_SHA2_384,"SHA384", NULL },
|
||||
{ OAKLEY_ATTR_HASH_ALG_SHA2_512,"SHA512", NULL },
|
||||
};
|
||||
|
||||
char *
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: setkey.8,v 1.12 2005/05/25 10:09:36 wiz Exp $
|
||||
.\" $NetBSD: setkey.8,v 1.13 2005/07/12 16:49:52 manu Exp $
|
||||
.\"
|
||||
.\" $KAME: setkey.8,v 1.93 2003/09/24 23:44:46 itojun Exp $
|
||||
.\"
|
||||
|
|
@ -692,12 +692,12 @@ keyed-md5 128 ah: 96bit ICV (no document)
|
|||
keyed-sha1 160 ah: 96bit ICV (no document)
|
||||
160 ah-old: 128bit ICV (no document)
|
||||
null 0 to 2048 for debugging
|
||||
hmac-sha2-256 256 ah: 96bit ICV
|
||||
hmac-sha256 256 ah: 96bit ICV
|
||||
(draft-ietf-ipsec-ciph-sha-256-00)
|
||||
256 ah-old: 128bit ICV (no document)
|
||||
hmac-sha2-384 384 ah: 96bit ICV (no document)
|
||||
hmac-sha384 384 ah: 96bit ICV (no document)
|
||||
384 ah-old: 128bit ICV (no document)
|
||||
hmac-sha2-512 512 ah: 96bit ICV (no document)
|
||||
hmac-sha512 512 ah: 96bit ICV (no document)
|
||||
512 ah-old: 128bit ICV (no document)
|
||||
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
||||
ah-old: 128bit ICV (no document)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: test-pfkey.c,v 1.1.1.2 2005/02/23 14:54:40 manu Exp $ */
|
||||
/* $NetBSD: test-pfkey.c,v 1.2 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* $KAME: test-pfkey.c,v 1.4 2000/06/07 00:29:14 itojun Exp $ */
|
||||
|
||||
|
|
@ -308,7 +308,11 @@ key_setsadbprop()
|
|||
struct sadb_prop m_prop;
|
||||
struct sadb_comb *m_comb;
|
||||
u_char buf[256];
|
||||
#if defined(SADB_X_EALG_AESCBC) && defined(SADB_X_AALG_SHA2_256)
|
||||
u_int len = sizeof(m_prop) + sizeof(m_comb) * 3;
|
||||
#else
|
||||
u_int len = sizeof(m_prop) + sizeof(m_comb) * 2;
|
||||
#endif
|
||||
|
||||
/* make prop & comb */
|
||||
m_prop.sadb_prop_len = PFKEY_UNIT64(len);
|
||||
|
|
@ -361,6 +365,36 @@ key_setsadbprop()
|
|||
buf, sizeof(*m_comb) * 2);
|
||||
m_len += len;
|
||||
|
||||
#if defined(SADB_X_EALG_AESCBC) && defined(SADB_X_AALG_SHA2_256)
|
||||
/* the 3rd is ESP AES-CBC and AH HMAC-SHA256 */
|
||||
m_comb = (struct sadb_comb *)(buf + sizeof(*m_comb));
|
||||
m_comb->sadb_comb_auth = SADB_X_AALG_SHA2_256;
|
||||
m_comb->sadb_comb_encrypt = SADB_X_EALG_AESCBC;
|
||||
m_comb->sadb_comb_flags = 0;
|
||||
m_comb->sadb_comb_auth_minbits = 8;
|
||||
m_comb->sadb_comb_auth_maxbits = 96;
|
||||
m_comb->sadb_comb_encrypt_minbits = 128;
|
||||
m_comb->sadb_comb_encrypt_maxbits = 128;
|
||||
m_comb->sadb_comb_reserved = 0;
|
||||
m_comb->sadb_comb_soft_allocations = 0;
|
||||
m_comb->sadb_comb_hard_allocations = 0;
|
||||
m_comb->sadb_comb_soft_bytes = 0;
|
||||
m_comb->sadb_comb_hard_bytes = 0;
|
||||
m_comb->sadb_comb_soft_addtime = 0;
|
||||
m_comb->sadb_comb_hard_addtime = 0;
|
||||
m_comb->sadb_comb_soft_usetime = 0;
|
||||
m_comb->sadb_comb_hard_usetime = 0;
|
||||
|
||||
key_setsadbextbuf(m_buf, m_len,
|
||||
(caddr_t)&m_prop, sizeof(struct sadb_prop),
|
||||
buf, sizeof(*m_comb) * 3);
|
||||
m_len += len;
|
||||
#else
|
||||
key_setsadbextbuf(m_buf, m_len,
|
||||
(caddr_t)&m_prop, sizeof(struct sadb_prop),
|
||||
buf, sizeof(*m_comb) * 2);
|
||||
m_len += len;
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: token.l,v 1.4 2005/06/26 23:49:31 christos Exp $ */
|
||||
/* $NetBSD: token.l,v 1.5 2005/07/12 16:49:52 manu Exp $ */
|
||||
|
||||
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
|
||||
|
||||
|
|
@ -178,8 +178,11 @@ tcp {
|
|||
<S_AUTHALG>keyed-md5 { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>keyed-sha1 { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
|
||||
<S_AUTHALG>tcp-md5 {
|
||||
|
|
|
|||
Loading…
Reference in New Issue