diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2012-10-25 15:01:57 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2012-10-25 15:01:57 +0000 |
| commit | e36e950ec781bb2b0554b74cc09726e309c62a76 (patch) | |
| tree | 5da75e5df861c03b025c05c343fcbbd23ef52a25 /sbin/iked/parse.y | |
| parent | dccc5deff3bbe1a353692c996f93156eb3e1d0ef (diff) | |
Move the arrays of default IKE and ESP transforms into parse.y instead
of generating them with genmap from ikev2.h. They're only really
needed in parse.y and this diff also allows to simplify genmap.sh.
Diffstat (limited to 'sbin/iked/parse.y')
| -rw-r--r-- | sbin/iked/parse.y | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 2093ac1aedf..4ee1f15b61b 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.27 2012/09/18 12:07:59 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.28 2012/10/25 15:01:56 reyk Exp $ */ /* $vantronix: parse.y,v 1.22 2010/06/03 11:08:34 reyk Exp $ */ /* @@ -116,6 +116,39 @@ struct ipsec_mode { u_int8_t ike_exch; }; +struct iked_transform ikev2_default_ike_transforms[] = { + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 256 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_3DES }, + { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA2_256 }, + { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA1 }, + { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_MD5 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_MD5_96 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048_256 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1536 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1024 }, + { 0 } +}; +size_t ikev2_default_nike_transforms = ((sizeof(ikev2_default_ike_transforms) / + sizeof(ikev2_default_ike_transforms[0])) - 1); + +struct iked_transform ikev2_default_esp_transforms[] = { + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 256 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, + { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_ESN }, + { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_NONE }, + { 0 } +}; +size_t ikev2_default_nesp_transforms = ((sizeof(ikev2_default_esp_transforms) / + sizeof(ikev2_default_esp_transforms[0])) - 1); + const struct ipsec_xf authxfs[] = { { "hmac-md5", IKEV2_XFORMAUTH_HMAC_MD5_96, 16 }, { "hmac-sha1", IKEV2_XFORMAUTH_HMAC_SHA1_96, 20 }, |