diff options
| -rw-r--r-- | sbin/iked/genmap.sh | 33 | ||||
| -rw-r--r-- | sbin/iked/ikev2.h | 38 | ||||
| -rw-r--r-- | sbin/iked/parse.y | 35 |
3 files changed, 37 insertions, 69 deletions
diff --git a/sbin/iked/genmap.sh b/sbin/iked/genmap.sh index caaf34425c4..d1ffbc52b6a 100644 --- a/sbin/iked/genmap.sh +++ b/sbin/iked/genmap.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: genmap.sh,v 1.3 2012/09/18 12:07:59 reyk Exp $ +# $OpenBSD: genmap.sh,v 1.4 2012/10/25 15:01:56 reyk Exp $ # Copyright (c) 2010 Reyk Floeter <reyk@openbsd.org> # @@ -20,8 +20,6 @@ tok=$(echo ${2} | tr "[:upper:]" "[:lower:]") MAP=$(grep "struct iked_constmap" $1 | sed -Ee "s/.*${tok}_([^_]+)_map.*/\1/g") -DFLT=$(grep -E "#define ([^_]+)_DEFAULT_" $1 | - sed -Ee "s/.*${TOK}_DEFAULT_([^[:space:]]+).*/\1/g") cat <<EOF /* Automatically generated, do not edit */ @@ -47,32 +45,3 @@ for i in $MAP; do echo " { 0 }" echo "};" done - -for i in $DFLT; do - lower=$(echo $i | tr "[:upper:]" "[:lower:]") - upper=$(echo $i | tr "[:lower:]" "[:upper:]") - type=$(echo $lower | sed "s/[^_]*_//") - - sed -ne "{ - /${TOK}_DEFAULT_${i}/ { - /^$/ { H; d; q; }; - /[^\\\\]$/ { H; d; q; }; - }; - /${TOK}_DEFAULT_${i}/,/[^\\\\]$/{ H; d; }; - }; - $ { - g; - s/#define ${TOK}_DEFAULT_${upper}/\ -struct iked_${type} ${tok}_default_${lower}s[] =/; - s/\\\\//g; - s/}$/ { 0 }\\ -};/; - p; - };" $1 | sed -e "s/[[:blank:]]*$//g" - -cat <<EOF -size_t ${tok}_default_n${lower}s = ((sizeof(${tok}_default_${lower}s) / - sizeof(${tok}_default_${lower}s[0])) - 1); -EOF - -done diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h index 218f4b8d0b9..613af796b93 100644 --- a/sbin/iked/ikev2.h +++ b/sbin/iked/ikev2.h @@ -1,8 +1,7 @@ -/* $OpenBSD: ikev2.h,v 1.9 2012/09/18 12:07:59 reyk Exp $ */ -/* $vantronix: ikev2.h,v 1.27 2010/05/19 12:20:30 reyk Exp $ */ +/* $OpenBSD: ikev2.h,v 1.10 2012/10/25 15:01:56 reyk Exp $ */ /* - * Copyright (c) 2010 Reyk Floeter <reyk@openbsd.org> + * Copyright (c) 2010-2012 Reyk Floeter <reyk@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -25,39 +24,6 @@ #define IKEV2_KEYPAD "Key Pad for IKEv2" /* don't change! */ -#define IKEV2_DEFAULT_IKE_TRANSFORM { \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 256 }, \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_3DES }, \ - { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA2_256 }, \ - { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA1 }, \ - { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_MD5 }, \ - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },\ - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 },\ - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_MD5_96 },\ - { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048_256 }, \ - { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048 }, \ - { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1536 }, \ - { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1024 }, \ -} - -extern struct iked_transform ikev2_default_ike_transforms[]; -extern size_t ikev2_default_nike_transforms; - -#define IKEV2_DEFAULT_ESP_TRANSFORM { \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 256 }, \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, \ - { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, \ - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },\ - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 },\ - { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_ESN }, \ - { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_NONE }, \ -} - -extern struct iked_transform ikev2_default_esp_transforms[]; -extern size_t ikev2_default_nesp_transforms; - /* * IKEv2 pseudo states */ diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 2093ac1aedf..4ee1f15b61b 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.27 2012/09/18 12:07:59 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.28 2012/10/25 15:01:56 reyk Exp $ */ /* $vantronix: parse.y,v 1.22 2010/06/03 11:08:34 reyk Exp $ */ /* @@ -116,6 +116,39 @@ struct ipsec_mode { u_int8_t ike_exch; }; +struct iked_transform ikev2_default_ike_transforms[] = { + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 256 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_3DES }, + { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA2_256 }, + { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA1 }, + { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_MD5 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_MD5_96 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048_256 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1536 }, + { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1024 }, + { 0 } +}; +size_t ikev2_default_nike_transforms = ((sizeof(ikev2_default_ike_transforms) / + sizeof(ikev2_default_ike_transforms[0])) - 1); + +struct iked_transform ikev2_default_esp_transforms[] = { + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 256 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, + { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, + { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, + { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_ESN }, + { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_NONE }, + { 0 } +}; +size_t ikev2_default_nesp_transforms = ((sizeof(ikev2_default_esp_transforms) / + sizeof(ikev2_default_esp_transforms[0])) - 1); + const struct ipsec_xf authxfs[] = { { "hmac-md5", IKEV2_XFORMAUTH_HMAC_MD5_96, 16 }, { "hmac-sha1", IKEV2_XFORMAUTH_HMAC_SHA1_96, 20 }, |