diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-12-09 00:19:03 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-12-09 00:24:42 +0100 |
| commit | 4b615edab488d36d74346b350f69a6c5f7b1b20d (patch) | |
| tree | 678a0b91f79d0298d01dc2988017ea29a1dd136f /src | |
| parent | e1573b3fe85b1a0590a0758e4c5405584c4c9d3f (diff) | |
| download | strongswan-4b615edab488d36d74346b350f69a6c5f7b1b20d.tar.bz2 strongswan-4b615edab488d36d74346b350f69a6c5f7b1b20d.tar.xz | |
some code optimizations
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 71 |
1 files changed, 37 insertions, 34 deletions
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index d96d6fc61..e9da5d1c5 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -196,6 +196,7 @@ static kernel_algorithm_t integrity_algs[] = { {AUTH_HMAC_MD5_96, "md5" }, {AUTH_HMAC_SHA1_96, "sha1" }, {AUTH_HMAC_SHA2_256_96, "sha256" }, + {AUTH_HMAC_SHA2_256_128, "hmac(sha256)" }, {AUTH_HMAC_SHA2_384_192, "hmac(sha384)" }, {AUTH_HMAC_SHA2_512_256, "hmac(sha512)" }, /* {AUTH_DES_MAC, "***" }, */ @@ -1064,33 +1065,8 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } } - if (int_alg == AUTH_HMAC_SHA2_256_128) + if (int_alg != AUTH_UNDEFINED) { - /* the kernel uses SHA256 with 96 bit truncation by default, - * use specified truncation size supported by newer kernels */ - rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC; - alg_name = "hmac(sha256)"; - DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", - integrity_algorithm_names, int_alg, int_key.len * 8); - - rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len); - hdr->nlmsg_len += rthdr->rta_len; - if (hdr->nlmsg_len > sizeof(request)) - { - return FAILED; - } - - struct xfrm_algo_auth* algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr); - algo->alg_key_len = int_key.len * 8; - algo->alg_trunc_len = 128; - strcpy(algo->alg_name, alg_name); - memcpy(algo->alg_key, int_key.ptr, int_key.len); - - rthdr = XFRM_RTA_NEXT(rthdr); - } - else if (int_alg != AUTH_UNDEFINED) - { - rthdr->rta_type = XFRMA_ALG_AUTH; alg_name = lookup_algorithm(integrity_algs, int_alg); if (alg_name == NULL) { @@ -1101,18 +1077,45 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); - hdr->nlmsg_len += rthdr->rta_len; - if (hdr->nlmsg_len > sizeof(request)) + if (int_alg == AUTH_HMAC_SHA2_256_128) { - return FAILED; + struct xfrm_algo_auth* algo; + + /* the kernel uses SHA256 with 96 bit truncation by default, + * use specified truncation size supported by newer kernels */ + rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len); + + hdr->nlmsg_len += rthdr->rta_len; + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr); + algo->alg_key_len = int_key.len * 8; + algo->alg_trunc_len = 128; + strcpy(algo->alg_name, alg_name); + memcpy(algo->alg_key, int_key.ptr, int_key.len); } + else + { + struct xfrm_algo* algo; - struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); - algo->alg_key_len = int_key.len * 8; - strcpy(algo->alg_name, alg_name); - memcpy(algo->alg_key, int_key.ptr, int_key.len); + rthdr->rta_type = XFRMA_ALG_AUTH; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); + hdr->nlmsg_len += rthdr->rta_len; + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + algo = (struct xfrm_algo*)RTA_DATA(rthdr); + algo->alg_key_len = int_key.len * 8; + strcpy(algo->alg_name, alg_name); + memcpy(algo->alg_key, int_key.ptr, int_key.len); + } rthdr = XFRM_RTA_NEXT(rthdr); } |