[Swan-dev] the great algorithm rename

Andrew Cagney andrew.cagney at gmail.com
Thu Jun 22 16:37:17 UTC 2017

A two part "trivial" change I've had sitting here for some time is to
update logging so that algorithm names are more consistently qualified
and upper case.  For instance:

    cipher: camellia -> CAMELLIA_CBC
    prf: sha -> HMAC_SHA1
    integ: sha2_256 -> HMAC_SHA2_256_128 (lets ignore truncbug for now)

In Part 1 the changes are: update the 'struct ike_alg .name' field per
above; and take the opportunity to tweak the only affected printf()
call (so "integ=" prints integrity - for IKEv1 it was printing the PRF
- and "group=..." -> "dh=...")

- for IKEv2, the result is:

-134 "ikev2-ike=aes128-sha1" #4: STATE_PARENT_I2: sent v2I2, expected
v2R2 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=sha group=MODP2048}
+134 "ikev2-ike=aes128-sha1" #4: STATE_PARENT_I2: sent v2I2, expected
v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1

(I've got to wonder if the meaningless auth=IKEv2 should also be stripped out)

- for IKEv1 things are similar:

-004 "westnet-eastnet-aggr" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA
established {auth=RSA_SIG cipher=3des_cbc_192 integ=sha
+004 "westnet-eastnet-aggr" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA
established {auth=RSA_SIG cipher=3DES_CBC_192 integ=HMAC_SHA1_96

Part 2 then follows this up by replacing the IKEv1 centric
enum_show_shortb() calls found in ike_info.c and esp_info.c:



with ike_info->encrypt->common.name (et.al.).  The result is:

-IKE algorithms found:  AES_CBC(7)_256-SHA2_256(4)-MODP2048(14)
+IKE algorithms found:  AES_CBC_256-HMAC_SHA2_256-MODP2048

and, unlike before, the new output can be fed straight back into the parser!

Hopefully I'll be able to push this in a few weeks,

More information about the Swan-dev mailing list