[Swan-dev] the great algorithm rename
Andrew Cagney
andrew.cagney at gmail.com
Thu Jun 22 16:37:17 UTC 2017
A two part "trivial" change I've had sitting here for some time is to
update logging so that algorithm names are more consistently qualified
and upper case. For instance:
cipher: camellia -> CAMELLIA_CBC
prf: sha -> HMAC_SHA1
integ: sha2_256 -> HMAC_SHA2_256_128 (lets ignore truncbug for now)
In Part 1 the changes are: update the 'struct ike_alg .name' field per
above; and take the opportunity to tweak the only affected printf()
call (so "integ=" prints integrity - for IKEv1 it was printing the PRF
- and "group=..." -> "dh=...")
- for IKEv2, the result is:
-134 "ikev2-ike=aes128-sha1" #4: STATE_PARENT_I2: sent v2I2, expected
v2R2 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=sha group=MODP2048}
+134 "ikev2-ike=aes128-sha1" #4: STATE_PARENT_I2: sent v2I2, expected
v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1
dh=MODP2048}
(I've got to wonder if the meaningless auth=IKEv2 should also be stripped out)
- for IKEv1 things are similar:
-004 "westnet-eastnet-aggr" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA
established {auth=RSA_SIG cipher=3des_cbc_192 integ=sha
group=MODP1536}
+004 "westnet-eastnet-aggr" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA
established {auth=RSA_SIG cipher=3DES_CBC_192 integ=HMAC_SHA1_96
dh=MODP1536}
Part 2 then follows this up by replacing the IKEv1 centric
enum_show_shortb() calls found in ike_info.c and esp_info.c:
"%s(%d)_%03d-%s(%d)-%s(%d)",
enum_show_shortb(&oakley_enc_names,
ike_info->ike_encrypt->common.ikev1_oakley_id,
&enc_buf),
ike_info->ike_encrypt->common.ikev1_oakley_id
with ike_info->encrypt->common.name (et.al.). The result is:
-IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)-MODP2048(14)
+IKE algorithms found: AES_CBC_256-HMAC_SHA2_256-MODP2048
and, unlike before, the new output can be fed straight back into the parser!
Hopefully I'll be able to push this in a few weeks,
Andrew
More information about the Swan-dev
mailing list