387
int decode_esp(char *algname)
391
if(!strcmp(algname, "3des-md5-96")) {
392
esp_alg = XF_ESP3DESMD596;
393
} else if(!strcmp(algname, "3des-sha1-96")) {
394
esp_alg = XF_ESP3DESSHA196;
395
} else if(!strcmp(algname, "3des")) {
396
esp_alg = XF_ESP3DES;
398
} else if((alg_info=alg_info_esp_create_from_str(algname, &alg_err, FALSE))) {
399
int esp_ealg_id, esp_aalg_id;
401
esp_alg = XF_OTHER_ALG;
402
if (alg_info->alg_info_cnt>1) {
403
fprintf(stderr, "%s: Invalid encryption algorithm '%s' "
404
"follows '--esp' option: lead too many(%d) "
406
progname, algname, alg_info->alg_info_cnt);
410
esp_info=&alg_info->esp[0];
412
fprintf(stdout, "%s: alg_info: cnt=%d ealg[0]=%d aalg[0]=%d\n",
414
alg_info->alg_info_cnt,
415
esp_info->encryptalg,
418
esp_ealg_id=esp_info->esp_ealg_id;
419
esp_aalg_id=esp_info->esp_aalg_id;
420
if (kernel_alg_proc_read()==0) {
425
ugh = kernel_alg_esp_enc_ok(esp_ealg_id, 0, 0);
428
fprintf(stderr, "%s: ESP encryptalg=%d (\"%s\") "
429
"not present - %s\n",
432
enum_name(&esp_transformid_names, esp_ealg_id),
437
ugh = kernel_alg_esp_auth_ok(esp_aalg_id, 0);
440
fprintf(stderr, "%s: ESP authalg=%d (\"%s\") - %s "
442
progname, esp_aalg_id,
443
enum_name(&auth_alg_names, esp_aalg_id), ugh);
447
#endif /* KERNEL_ALG */
449
fprintf(stderr, "%s: Invalid encryption algorithm '%s' follows '--esp' option.\n",
363
459
main(int argc, char *argv[])
670
764
fprintf(stderr, "%s: Error, SAID parameter redefined:%s, already defined in SA:%s\n",
671
program_name, optarg, said_opt);
765
progname, optarg, said_opt);
675
769
fprintf(stderr, "%s: Error, PROTO parameter redefined in SA:%s, already defined as:%s\n",
676
program_name, optarg, proto_opt);
770
progname, optarg, proto_opt);
680
774
fprintf(stderr, "%s: Error, EDST parameter redefined in SA:%s, already defined as:%s\n",
681
program_name, optarg, edst_opt);
775
progname, optarg, edst_opt);
685
779
fprintf(stderr, "%s: Error, SPI parameter redefined in SA:%s, already defined as:%s\n",
686
program_name, optarg, spi_opt);
780
progname, optarg, spi_opt);
689
783
error_s = ttosa(optarg, 0, &said);
690
784
if(error_s != NULL) {
691
785
fprintf(stderr, "%s: Error, %s converting --sa argument:%s\n",
692
program_name, error_s, optarg);
786
progname, error_s, optarg);
696
790
satot(&said, 0, ipsaid_txt, sizeof(ipsaid_txt));
697
791
fprintf(stdout, "%s: said=%s.\n",
701
795
/* init the src and dst with the same address family */
813
907
fprintf(stderr, "%s: Error, DST parameter redefined:%s, already defined as:%s\n",
814
program_name, optarg, dst_opt);
908
progname, optarg, dst_opt);
817
911
error_s = ttoaddr(optarg, 0, address_family, &dst);
818
912
if(error_s != NULL) {
819
913
fprintf(stderr, "%s: Error, %s converting --dst argument:%s\n",
820
program_name, error_s, optarg);
914
progname, error_s, optarg);
823
917
dst_opt = optarg;
825
919
addrtot(&dst, 0, ipaddr_txt, sizeof(ipaddr_txt));
826
920
fprintf(stdout, "%s: dst=%s.\n",
833
927
fprintf(stderr, "%s: Error, SRC parameter redefined:%s, already defined as:%s\n",
834
program_name, optarg, src_opt);
928
progname, optarg, src_opt);
837
931
error_s = ttoaddr(optarg, 0, address_family, &src);
838
932
if(error_s != NULL) {
839
933
fprintf(stderr, "%s: Error, %s converting --src argument:%s\n",
840
program_name, error_s, optarg);
934
progname, error_s, optarg);
843
937
src_opt = optarg;
845
939
addrtot(&src, 0, ipaddr_txt, sizeof(ipaddr_txt));
846
940
fprintf(stdout, "%s: src=%s.\n",
852
usage(program_name, stdout);
946
usage(progname, stdout);
855
usage(program_name, stderr);
949
usage(progname, stderr);
858
fprintf(stdout, "%s, %s\n", program_name, spi_c_version);
952
fprintf(stdout, "%s, %s\n", progname, spi_c_version);
860
954
case '+': /* optionsfrom */
861
955
optionsfrom(optarg, &argc, &argv, optind, stderr);
985
/* validate keysizes */
987
const struct sadb_alg *alg_p;
988
int keylen, minbits, maxbits;
989
alg_p=kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,SADB_EXT_SUPPORTED_ENCRYPT,
990
esp_info->encryptalg);
992
keylen=enckeylen * 8;
994
if (alg_p->sadb_alg_id==ESP_3DES || alg_p->sadb_alg_id==ESP_DES) {
995
maxbits=minbits=alg_p->sadb_alg_minbits * 8 /7;
997
minbits=alg_p->sadb_alg_minbits;
998
maxbits=alg_p->sadb_alg_maxbits;
1001
* if explicit keylen told in encrypt algo, eg "aes128"
1002
* check actual keylen "equality"
1004
if (esp_info->esp_ealg_keylen &&
1005
esp_info->esp_ealg_keylen!=keylen) {
1006
fprintf(stderr, "%s: invalid encryption keylen=%d, "
1007
"required %d by encrypt algo string=\"%s\"\n",
1010
(int)esp_info->esp_ealg_keylen,
1015
/* thanks DES for this sh*t */
1017
if (minbits > keylen || maxbits < keylen) {
1018
fprintf(stderr, "%s: invalid encryption keylen=%d, "
1019
"must be between %d and %d bits\n",
1021
keylen, minbits, maxbits);
1024
alg_p=kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,SADB_EXT_SUPPORTED_AUTH,
1027
keylen=authkeylen * 8;
1028
minbits=alg_p->sadb_alg_minbits;
1029
maxbits=alg_p->sadb_alg_maxbits;
1030
if (minbits > keylen || maxbits < keylen) {
1031
fprintf(stderr, "%s: invalid auth keylen=%d, "
1032
"must be between %d and %d bits\n",
1034
keylen, minbits, maxbits);
1039
#endif /* KERNEL_ALG */
1696
1904
* Removed DES usage.
1697
1905
* Changed usage of memset on extensions to pfkey_extensions_init().
1699
* Revision 1.54 1999/12/29 21:17:41 rgb
1700
* Changed pfkey_msg_build() I/F to include a struct sadb_msg**
1701
* parameter for cleaner manipulation of extensions[] and to guard
1702
* against potential memory leaks.
1703
* Changed the I/F to pfkey_msg_free() for the same reason.
1705
* Revision 1.53 1999/12/10 17:35:37 rgb
1706
* Added address debugging.
1707
* Fixed undetected spi followed by said sanity check bug.
1708
* Fixed unset spi and edst using said bug.
1710
* Revision 1.52 1999/12/09 23:13:53 rgb
1711
* Added argument to pfkey_sa_build() to do eroutes.
1713
* Revision 1.51 1999/12/07 18:29:13 rgb
1714
* Converted local functions to static to limit scope.
1715
* Removed unused cruft.
1716
* Changed types to unsigned to quiet compiler.
1717
* Cleaned up compiler directives.
1719
* Revision 1.50 1999/12/01 22:19:04 rgb
1720
* Change pfkey_sa_build to accept an SPI in network byte order.
1721
* Minor reformatting.
1722
* Close socket after cleanup.
1723
* Moved pfkey_lib_debug variable into the library.
1725
* Revision 1.49 1999/11/27 11:53:56 rgb
1726
* Fix pfkey_v2_parse calls.
1727
* Add argument to pfkey_msg_parse() for direction.
1728
* Move parse-after-build check inside pfkey_msg_build().
1730
* Revision 1.48 1999/11/25 19:05:12 rgb
1731
* Add parser calls to parse newly built message and disabled signal
1733
* Zapped all manual pfkey assignment code in favour of build library
1735
* Clean out other unused code.
1737
* Revision 1.47 1999/11/25 09:08:46 rgb
1738
* Turn debug compiler directive into command line switch.
1739
* Fix unused argument bug in usage.
1740
* Delete unused variables and code.
1741
* Add default to alg switch to catch algo not set.
1742
* Added error return checking from pfkey_build routines.
1743
* Clarified assignment in conditional with parens.
1744
* Fixed extension pointer bugs passing args to pfkey_build routines.
1746
* Revision 1.46 1999/11/24 17:22:25 rgb
1747
* Fix PFKEY_BUILD_LIB compiler directives.
1748
* Fix bug in memset(extensions) size argument.
1749
* Fix bug in extensions type and calling style.
1750
* Fix PFKEY_BUILD_LIB ifdef boundary bug.
1752
* Revision 1.45 1999/11/23 23:11:18 rgb
1753
* Added pfkey_v2_build calls.
1754
* Sort out pfkey and freeswan headers, putting them in a library path.
1755
* Corrected a couple of bugs in as-yet-inactive code.
1756
* Clarified indention of pfkey_msg assembly code.
1758
* Revision 1.44 1999/11/18 04:56:07 rgb
1759
* Change expected signal type comment.
1760
* Add signal handler degugging code.
1761
* Temporarily remove select() code for signal debugging.
1762
* Fix minor sequence number bug.
1764
* Revision 1.43 1999/10/27 20:01:01 rgb
1765
* Enabled the signal handler.
1766
* Changed pfkey_seq from post-increment to pre-increment.
1768
* Revision 1.42 1999/10/16 00:26:34 rgb
1769
* Add to pfkey lifetime support.
1770
* Attempt to add pfkey socket receive support.
1771
* Change to more intuitive name of pfkey socket variable.
1773
* Revision 1.41 1999/07/08 19:18:33 rgb
1774
* Shut off debugging by default.
1776
* Revision 1.40 1999/06/10 16:12:53 rgb
1777
* Add autoconf to use pfkey.
1778
* Add error return code description.
1780
* Revision 1.39 1999/04/29 15:26:54 rgb
1781
* Debug pfkey support.
1782
* Add debugging instrumentation.
1783
* Add error return code checks.
1784
* Add support for DELETE and CLR messages.
1785
* Add support for IPPROTO_IPIP.
1786
* Copy in src address.
1787
* Set sin_zero properly.
1788
* Add ident_d support(untested).
1789
* Fix msg header copy length bug.
1790
* Add kludge to support FLUSH.
1792
* Revision 1.38 1999/04/15 15:37:28 rgb
1793
* Forward check changes from POST1_00 branch.
1795
* Revision 1.34.2.2 1999/04/13 20:58:10 rgb
1796
* Add argc==1 --> /proc/net/ipsec_*.
1798
* Revision 1.34.2.1 1999/03/30 17:07:04 rgb
1799
* Make main() return type explicit.
1801
* OOO window size htons bugfix.
1803
* Revision 1.37 1999/04/11 00:12:08 henry
1806
* Revision 1.36 1999/04/06 04:54:38 rgb
1807
* Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
1808
* patch shell fixes.
1810
* Revision 1.35 1999/03/17 15:40:07 rgb
1811
* Make explicit main() return type of int.
1812
* Fix memory clear bug in spi.c.
1814
* Revision 1.34 1999/02/16 05:20:49 rgb
1815
* Fix memory clear bugs just prior to normal exit that were causing ipsec
1816
* manual scripts to fail and potentially leaving large core files.
1818
* Revision 1.33 1999/02/09 00:13:16 rgb
1819
* Fix replay window htonl bug.
1821
* Revision 1.32 1999/01/22 06:35:54 rgb
1823
* Added algorithm switch code.
1824
* Removed IV requirement, now an option (kept code for back-compat).
1826
* Add error-checking.
1827
* Removed PFKEY code, will re-add later.
1829
* Revision 1.31 1998/11/12 21:08:04 rgb
1830
* Add --label option to identify caller from scripts.
1832
* Revision 1.30 1998/11/11 18:34:12 rgb
1833
* Fixed #includes for RH5.1.
1835
* Revision 1.29 1998/11/11 07:14:18 rgb
1836
* #include cleanup to hopefully compile under RH5.1.
1838
* Revision 1.28 1998/11/10 05:34:11 rgb
1839
* Add support for SA direction flag.
1840
* Add more specific error output messages.
1842
* Revision 1.27 1998/10/27 00:31:12 rgb
1843
* Set replay structure flag to 0 (not used).
1845
* Revision 1.26 1998/10/26 01:28:38 henry
1846
* use SA_* protocol names, not IPPROTO_*, to avoid compile problems
1848
* Revision 1.25 1998/10/25 02:45:39 rgb
1849
* Change program to program_name to bring in line with other utils.
1850
* Added debugging code to find null proto bug, premature exit on hex info bug.
1851
* Fixed premature exit on hex info bug.
1853
* Revision 1.24 1998/10/22 06:34:16 rgb
1854
* Fixed bad stucture pointer.
1855
* Fixed unknown var (cut and paste error).
1857
* Revision 1.23 1998/10/19 18:56:24 rgb
1858
* Added inclusion of freeswan.h.
1859
* sa_id structure implemented and used: now includes protocol.
1860
* Start to add some inactive pfkey2 code.
1862
* Revision 1.22 1998/10/09 18:47:30 rgb
1863
* Add 'optionfrom' to get more options from a named file.
1865
* Revision 1.21 1998/10/09 04:36:03 rgb
1866
* Standardise on '-96' notation for AH transforms.
1868
* Revision 1.20 1998/09/03 01:29:32 henry
1869
* improve atodata()-failed error messages a bit
1871
* Revision 1.19 1998/09/02 03:14:33 henry
1872
* no point in printing zero lengths used as error returns
1874
* Revision 1.18 1998/09/02 03:12:08 henry
1875
* --help output goes on stdout, not stderr
1877
* Revision 1.17 1998/09/01 19:50:50 henry
1878
* fix operator-precedence bug that often messed up --ah SPI creation
1881
* Revision 1.16 1998/08/28 03:14:12 rgb
1882
* Simplify/Clarify usage text.
1884
* Revision 1.15 1998/08/12 00:16:46 rgb
1885
* Removed a lot of old cruft that was commented out.
1886
* Updated usage text.
1887
* Added config options for new xforms.
1889
* Revision 1.14 1998/08/05 22:24:45 rgb
1890
* Change includes to accomodate RH5.x
1892
* Revision 1.13 1998/07/29 21:41:17 rgb
1893
* Fix spi bug, add hexadecimal value entry debugging.
1895
* Revision 1.12 1998/07/28 00:14:24 rgb
1896
* Convert from positional parameters to long options.
1897
* Add --clean option.
1898
* Add hostname lookup support.
1900
* Revision 1.11 1998/07/14 18:15:55 rgb
1901
* Fix undetected bug using AH-SHA1 with manual keying: The key was
1902
* truncated by the data structure used to get it to the kernel.
1904
* Revision 1.10 1998/07/09 18:14:11 rgb
1905
* Added error checking to IP's and keys.
1906
* Made most error messages more specific rather than spamming usage text.
1907
* Added more descriptive kernel error return codes and messages.
1908
* Converted all spi translations to unsigned.
1909
* Removed all invocations of perror.
1911
* Revision 1.9 1998/06/30 18:04:31 rgb
1912
* Fix compiler warning: couldn't find 'struct option' prototype.
1914
* Revision 1.8 1998/06/11 05:40:04 rgb
1915
* Make usage text more concise WRT replay window sizes and defaults.
1916
* Make error reporting more concise WRT exact IV and key lengths supported
1919
* Revision 1.7 1998/06/08 17:54:58 rgb
1920
* Fixed string escape code in usage.
1922
* Revision 1.6 1998/06/05 02:22:49 rgb
1923
* Clarify usage text and update for key splitting and i/r removal.
1924
* Require keys of exact length.
1926
* Revision 1.5 1998/05/27 20:54:11 rgb
1927
* Added --help and --version directives. Separated auth and encr keys.
1929
* Revision 1.4 1998/05/18 21:12:13 rgb
1930
* Clean up debugging code, clean up after keys, cleaner options setting.
1932
* Revision 1.3 1998/05/06 03:37:11 rgb
1933
* Fixed incorrect signed interpretation of command line spi to unsigned long.
1934
* It prevented deletion of ~spi values generated by pluto.
1936
* Revision 1.2 1998/05/01 23:34:01 rgb
1937
* Clarified the usage text.
1939
* Revision 1.1.1.1 1998/04/08 05:35:10 henry
1940
* RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
1942
* Revision 0.5 1997/06/03 04:31:55 ji
1943
* Added esp 3des-md5-96
1945
* Revision 0.4 1997/01/15 01:37:54 ji
1946
* New program in this release, replaces set* programs.