Support for specifying aes-{128,192,256}. Originial idea by Prabhu

Gurumurthy, tweaks and commit-ready diff by Mitja Muzenic!  Thanks
guys!

ok todd@

4 files changed, 31 insertions, 6 deletions

diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index 735e58040bc..12464bf84e9 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ike.c,v 1.62 2008/01/04 11:06:02 hshoexer Exp $	*/
+/*	$OpenBSD: ike.c,v 1.63 2008/02/22 23:51:31 hshoexer Exp $	*/
 /*
  * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
  *
@@ -231,6 +231,15 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
 			case ENCXF_AES:
 				fprintf(fd, "AES");
 				break;
+			case ENCXF_AES_128:
+				fprintf(fd, "AES-128");
+				break;
+			case ENCXF_AES_192:
+				fprintf(fd, "AES-192");
+				break;
+			case ENCXF_AES_256:
+				fprintf(fd, "AES-256");
+				break;
 			case ENCXF_AESCTR:
 				fprintf(fd, "AESCTR");
 				break;
@@ -366,6 +375,15 @@ ike_section_p1(struct ipsec_rule *r, FILE *fd)
 		case ENCXF_AES:
 			fprintf(fd, "AES");
 			break;
+		case ENCXF_AES_128:
+			fprintf(fd, "AES-128");
+			break;
+		case ENCXF_AES_192:
+			fprintf(fd, "AES-192");
+			break;
+		case ENCXF_AES_256:
+			fprintf(fd, "AES-256");
+			break;
 		case ENCXF_BLOWFISH:
 			fprintf(fd, "BLF");
 			break;
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index 5f421970be3..1faaef51cb3 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ipsec.conf.5,v 1.116 2008/02/12 06:12:25 jmc Exp $
+.\"	$OpenBSD: ipsec.conf.5,v 1.117 2008/02/22 23:51:31 hshoexer Exp $
 .\"
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 12 2008 $
+.Dd $Mdocdate: February 22 2008 $
 .Dt IPSEC.CONF 5
 .Os
 .Sh NAME
@@ -545,6 +545,9 @@ keyword:
 .It Li des Ta "56 bits"
 .It Li 3des Ta "168 bits"
 .It Li aes Ta "128 bits"
+.It Li aes-128 Ta "128 bits"
+.It Li aes-192 Ta "192 bits"
+.It Li aes-256 Ta "256 bits"
 .It Li aesctr Ta "160 bits" Ta "[phase 2 only]"
 .It Li blowfish Ta "160 bits"
 .It Li cast Ta "128 bits"
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index 60a9348a0db..8c2e1142f63 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsecctl.h,v 1.55 2007/10/13 16:35:18 deraadt Exp $	*/
+/*	$OpenBSD: ipsecctl.h,v 1.56 2008/02/22 23:51:31 hshoexer Exp $	*/
 /*
  * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
  *
@@ -63,7 +63,8 @@ enum {
 };
 enum {
 	ENCXF_UNKNOWN, ENCXF_NONE, ENCXF_3DES_CBC, ENCXF_DES_CBC, ENCXF_AES,
-	ENCXF_AESCTR, ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL, ENCXF_SKIPJACK
+	ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR, 
+	ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL, ENCXF_SKIPJACK
 };
 enum {
 	COMPXF_UNKNOWN, COMPXF_DEFLATE, COMPXF_LZS
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index a9bfec5bf17..4c79ccb658d 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.132 2007/11/12 23:59:41 mpf Exp $	*/
+/*	$OpenBSD: parse.y,v 1.133 2008/02/22 23:51:31 hshoexer Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -102,6 +102,9 @@ const struct ipsec_xf encxfs[] = {
 	{ "3des-cbc",		ENCXF_3DES_CBC,		24,	24 },
 	{ "des-cbc",		ENCXF_DES_CBC,		8,	8 },
 	{ "aes",		ENCXF_AES,		16,	32 },
+	{ "aes-128",		ENCXF_AES_128,		16,	16 },
+	{ "aes-192",		ENCXF_AES_192,		24,	24 },
+	{ "aes-256",		ENCXF_AES_256,		32,	32 },
 	{ "aesctr",		ENCXF_AESCTR,		16+4,	32+4 },
 	{ "blowfish",		ENCXF_BLOWFISH,		5,	56 },
 	{ "cast128",		ENCXF_CAST128,		5,	16 },