rpms / libreswan

Clone
Source Code
GIT

Files

  1.   500d1e8e65418e76e1531591078663593bbfd12d
  2.   SOURCES
  3.   libreswan-3.12-1144120-camellia-ikev2.patch
Blob Blame History Raw 
diff -Naur libreswan-3.12-orig/include/ietf_constants.h libreswan-3.12/include/ietf_constants.h
--- libreswan-3.12-orig/include/ietf_constants.h	2014-11-06 22:52:50.000000000 -0500
+++ libreswan-3.12/include/ietf_constants.h	2014-12-03 20:32:48.588715740 -0500
@@ -825,6 +825,9 @@
 	IKEv2_ENCR_INVALID = 65536,
 };
 
+#define IKEv2_ENCR_CAMELLIA_CBC_ikev1 IKEv2_RESERVED_IEEE_P1619_XTS_AES
+
+
 enum ikev2_trans_type_prf {
 	IKEv2_PRF_HMAC_MD5 = 1, /* RFC2104 */
 	IKEv2_PRF_HMAC_SHA1 = 2, /* RFC2104 */
diff -Naur libreswan-3.12-orig/lib/libswan/kernel_alg.c libreswan-3.12/lib/libswan/kernel_alg.c
--- libreswan-3.12-orig/lib/libswan/kernel_alg.c	2014-11-06 22:52:50.000000000 -0500
+++ libreswan-3.12/lib/libswan/kernel_alg.c	2014-12-03 20:32:48.590715792 -0500
@@ -193,6 +193,11 @@
 	/*
 	 * test #1: encrypt algo must be present
 	 */
+
+	/* fixup broken IANA registry */
+	if (alg_id == ESP_CAMELLIA)
+		alg_id = ESP_CAMELLIAv1;
+
 	if (!ESP_EALG_PRESENT(alg_id)) {
 		DBG(DBG_KERNEL,
 			DBG_log("check_kernel_encrypt_alg(%d,%d): alg not present in system",
@@ -476,6 +481,10 @@
 	int sadb_aalg, sadb_ealg;
 	static struct esp_info ei_buf; /* static ??? fixme */
 
+	/* fixup broken IANA registry */
+	if (transid == ESP_CAMELLIA)
+		transid = ESP_CAMELLIAv1;
+
 	DBG(DBG_PARSING,
 		DBG_log("kernel_alg_esp_info(): transid=%d, keylen=%d,auth=%d, ",
 			transid, keylen, auth));
diff -Naur libreswan-3.12-orig/programs/pluto/crypto.c libreswan-3.12/programs/pluto/crypto.c
--- libreswan-3.12-orig/programs/pluto/crypto.c	2014-11-06 22:52:50.000000000 -0500
+++ libreswan-3.12/programs/pluto/crypto.c	2014-12-03 20:32:48.591715818 -0500
@@ -376,6 +376,7 @@
 		case IKEv2_ENCR_AES_GCM_8:
 		case IKEv2_ENCR_AES_GCM_12:
 		case IKEv2_ENCR_AES_GCM_16:
+		case IKEv2_ENCR_CAMELLIA_CBC_ikev1: /* IANA ikev1/ipsec-v3 fixup */
 		case IKEv2_ENCR_CAMELLIA_CBC:
 		case IKEv2_ENCR_NULL_AUTH_AES_GMAC:
 			return AES_KEY_DEF_LEN;
diff -Naur libreswan-3.12-orig/programs/pluto/ike_alg.c libreswan-3.12/programs/pluto/ike_alg.c
--- libreswan-3.12-orig/programs/pluto/ike_alg.c	2014-11-06 22:52:50.000000000 -0500
+++ libreswan-3.12/programs/pluto/ike_alg.c	2014-12-03 20:32:48.592715843 -0500
@@ -189,9 +189,18 @@
 				   enum ikev2_trans_type_encr algo_v2id)
 {
 	struct ike_alg *e = ike_alg_base[algo_type];
+	int search_algo_v2id = algo_v2id;
+
+	/*
+	 * these types are mixed up, so go along with it :(
+	 * IKEv2_ENCR_CAMELLIA_CBC_ikev1 == ESP_CAMELLIAv1 
+	 * IKEv2_ENCR_CAMELLIA_CBC == ESP_CAMELLIA
+	 */
+	if (algo_type == IKE_ALG_ENCRYPT && algo_v2id == IKEv2_ENCR_CAMELLIA_CBC_ikev1)
+		search_algo_v2id = IKEv2_ENCR_CAMELLIA_CBC;
 
 	for (; e != NULL; e = e->algo_next) {
-		if (e->algo_v2id == algo_v2id)
+		if (e->algo_v2id == search_algo_v2id)
 			break;
 	}
 	return e;
diff -Naur libreswan-3.12-orig/programs/pluto/ikev2_spdb_struct.c libreswan-3.12/programs/pluto/ikev2_spdb_struct.c
--- libreswan-3.12-orig/programs/pluto/ikev2_spdb_struct.c	2014-11-06 22:52:50.000000000 -0500
+++ libreswan-3.12/programs/pluto/ikev2_spdb_struct.c	2014-12-03 20:32:48.594715892 -0500
@@ -466,8 +466,13 @@
 				unsigned int attr_cnt;
 
 				dtfone->protoid = dp->protoid;
-				if (!f->parentSA)
+
+				if (!f->parentSA) {
 					dtfone->encr_transid = tr->transid;
+					/* IANA ikev1 / ipsec-v3 fixup */
+					if (dtfone->encr_transid == IKEv2_ENCR_CAMELLIA_CBC_ikev1)
+						dtfone->encr_transid = IKEv2_ENCR_CAMELLIA_CBC;
+				}
 
 				for (attr_cnt = 0; attr_cnt < tr->attr_cnt;
 				     attr_cnt++) {
@@ -527,10 +532,12 @@
 							break;
 
 						case ENCAPSULATION_MODE:
-							/* XXX */
 							break;
 
 						default:
+							libreswan_log(
+								"sa_v2_convert(): Ignored unknown IPsec transform attribute type: %d",
+								attr->type.ipsec);
 							break;
 						}
 					}
@@ -1881,10 +1888,10 @@
 			case IKEv2_ENCR_CAMELLIA_CCM_A:
 			case IKEv2_ENCR_CAMELLIA_CCM_B:
 			case IKEv2_ENCR_CAMELLIA_CCM_C:
-				/* no IKE struct encrypt_desc yet */
-				/* fall through */
+				/* no IKE struct encrypt_desc yet, fall through */
 			case IKEv2_ENCR_AES_CBC:
 			case IKEv2_ENCR_CAMELLIA_CBC:
+			case IKEv2_ENCR_CAMELLIA_CBC_ikev1: /* IANA ikev1/ipsec-v3 fixup */
 				/* these all have mandatory key length attributes */
 				if (ta.enckeylen == 0) {
 					loglog(RC_LOG_SERIOUS, "Missing mandatory KEY_LENGTH attribute - refusing proposal");
@@ -1892,7 +1899,7 @@
 				}
 				break;
 			default:
-				loglog(RC_LOG_SERIOUS, "Did not find valid ESP encrypter - refusing proposal");
+				loglog(RC_LOG_SERIOUS, "Did not find valid ESP encrypter for %d - refusing proposal", ta.encrypt);
 				pexpect(ta.encrypt == IKEv2_ENCR_NULL); /* fire photon torpedo! */
 				return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN;
 			}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation