[Swan-dev] making "struct ike_alg" look like an IKEv2 transform?
Andrew Cagney
andrew.cagney at gmail.com
Tue Dec 8 16:18:54 UTC 2015
Per-earlier e-mail, I'm looking at how IKEv2 proposals are handled.
Part of that is creating an IKEv2 specific proposal table. In line
with the IKEv2 spec, it can be abstracted as:
local_proposals[nr-proposals][nr-transform-types] = {
{
[ENCR] = { aes-gcm-256, aes-gcm-128, ... }
[PRF] = { sha1, sha2, ... }
[DH] = { modp2048, ... }
},
.....
}
while my proof-of-concept implementation looks more like:
struct transform aes_gcm16_128 = { .id = IKEv2_ENCR_AES_GCM_8,
.attr_keylen = 128, };
struct transform aes_gcm16_256 = { .id = IKEv2_ENCR_AES_GCM_16,
.attr_keylen = 256, };
struct transform *encr__aes_gcm16_256__aes_gcm16_128[] = {
&aes_gcm16_256, &aes_gcm16_128, NULL,
};
struct proposal prop01 = {
.transforms = {
[IKEv2_TRANS_TYPE_ENCR] = encr__aes_gcm16_256__aes_gcm16_128,
...
}
struct proposal *proposals[] = {
&prop01,
I'd like to avoid duplicating those magic numbers and instead use the
existing "struct ike_alg" vis:
const struct struct encrypt_desc algo_aes_gcm16_256, algo_aes_gcm16_128;
const struct ike_alg *encr__aes_gcm16_256__aes_gcm16_128[] = {
&algo_aes_gcm16_256.common, &algo_aes_gcm16_128.common, NULL,
};
it doesn't work. Beyond the obvious:
- these structures are not public
- these structures are not constant
which eventually be fixed, there's a problem with keylen's:
- it isn't in "struct ike_alg"
- the containing structure, such as "struct encrypt_desc", also does
not contain a keylen, just keylen suggestions (min, max, def)
addressing this gets more complex. I see several ways forward:
- stick with what I have
- add a pointer to the "ike_alg" objects to my transform object
- eliminate the keylen suggestions, at least from the POV of IKEv2 (to
be honest they are magic already)
thoughts,
Andrew
More information about the Swan-dev
mailing list