[Swan-dev] making "struct ike_alg" look like an IKEv2 transform?

Andrew Cagney andrew.cagney at gmail.com
Tue Dec 8 16:18:54 UTC 2015

Per-earlier e-mail, I'm looking at how IKEv2 proposals are handled.
Part of that is creating an IKEv2 specific proposal table.  In line
with the IKEv2 spec, it can be abstracted as:

    local_proposals[nr-proposals][nr-transform-types] = {
            [ENCR] = { aes-gcm-256, aes-gcm-128, ... }
            [PRF] = { sha1, sha2, ... }
            [DH] = { modp2048, ... }

while my proof-of-concept implementation looks more like:

struct transform aes_gcm16_128 = { .id = IKEv2_ENCR_AES_GCM_8,
.attr_keylen = 128, };
struct transform aes_gcm16_256 = { .id = IKEv2_ENCR_AES_GCM_16,
.attr_keylen = 256, };
struct transform *encr__aes_gcm16_256__aes_gcm16_128[] = {
        &aes_gcm16_256, &aes_gcm16_128, NULL,
struct proposal prop01 = {
        .transforms = {
                [IKEv2_TRANS_TYPE_ENCR] = encr__aes_gcm16_256__aes_gcm16_128,
struct proposal *proposals[] = {

I'd like to avoid duplicating those magic numbers and instead use the
existing "struct ike_alg" vis:

const struct struct encrypt_desc algo_aes_gcm16_256, algo_aes_gcm16_128;
const struct ike_alg *encr__aes_gcm16_256__aes_gcm16_128[] = {
        &algo_aes_gcm16_256.common, &algo_aes_gcm16_128.common, NULL,

it doesn't work.  Beyond the obvious:

- these structures are not public
- these structures are not constant

which eventually be fixed, there's a problem with keylen's:

- it isn't in "struct ike_alg"
- the containing structure, such as "struct encrypt_desc", also does
not contain a keylen, just keylen suggestions (min, max, def)

addressing this gets more complex.  I see several ways forward:

- stick with what I have
- add a pointer to the "ike_alg" objects to my transform object
- eliminate the keylen suggestions, at least from the POV of IKEv2 (to
be honest they are magic already)


More information about the Swan-dev mailing list