diff options
| author | Martin Willi <martin@strongswan.org> | 2008-10-15 08:37:56 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-10-15 08:37:56 +0000 |
| commit | 9f4e5f8c47a9d0ec6d4a47e423e3dcc12da556fa (patch) | |
| tree | 9803ec4b3f09cf972e3c97facf20281b3e3ce2d8 /src/charon/plugins/stroke | |
| parent | ff93a76cf1aa9555c81f093a63eec08431c6dba9 (diff) | |
| download | strongswan-9f4e5f8c47a9d0ec6d4a47e423e3dcc12da556fa.tar.bz2 strongswan-9f4e5f8c47a9d0ec6d4a47e423e3dcc12da556fa.tar.xz | |
store ESP keys in CHILD_SA
Diffstat (limited to 'src/charon/plugins/stroke')
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index d531dca47..926766b3e 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -126,11 +126,11 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) u_int32_t use_in, use_out, use_fwd; encryption_algorithm_t encr_alg; integrity_algorithm_t int_alg; - size_t encr_len, int_len; + chunk_t encr_key, int_key; ipsec_mode_t mode; - child_sa->get_stats(child_sa, &mode, &encr_alg, &encr_len, - &int_alg, &int_len, &rekey, &use_in, &use_out, + child_sa->get_stats(child_sa, &mode, &encr_alg, &encr_key, + &int_alg, &int_key, &rekey, &use_in, &use_out, &use_fwd); fprintf(out, "%12s{%d}: %N, %N", @@ -160,28 +160,38 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa)); - if (child_sa->get_protocol(child_sa) == PROTO_ESP) { - fprintf(out, "%N", encryption_algorithm_names, encr_alg); - - if (encr_len) - { - fprintf(out, "-%d", encr_len); - } - if (int_alg != AUTH_UNDEFINED) + switch (encr_alg) { - fprintf(out, "/"); + /* Algorithms with variable key size. + * GCM/CCM keys are actually shorted than their key data. */ + case ENCR_AES_GCM_ICV8: + case ENCR_AES_GCM_ICV12: + case ENCR_AES_GCM_ICV16: + encr_key.len -= 1; + /* FALL */ + case ENCR_AES_CCM_ICV8: + case ENCR_AES_CCM_ICV12: + case ENCR_AES_CCM_ICV16: + encr_key.len -= 3; + /* FALL */ + case ENCR_AES_CBC: + fprintf(out, "%N-%d", encryption_algorithm_names, + encr_alg, encr_key.len * 8); + break; + default: + fprintf(out, "%N", encryption_algorithm_names, encr_alg); + break; } } - - if (int_alg != AUTH_UNDEFINED) + switch (int_alg) { - fprintf(out, "%N", integrity_algorithm_names, int_alg); - if (int_len) - { - fprintf(out, "-%d", int_len); - } + case AUTH_UNDEFINED: + break; + default: + fprintf(out, "/%N", integrity_algorithm_names, int_alg); + break; } fprintf(out, ", rekeying "); |