i.ipsecalgsbase revision 628b0c67908adce18522d53bb2bf8d6c3b321579
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# CDDL HEADER START
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# The contents of this file are subject to the terms of the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# Common Development and Distribution License (the "License").
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# You may not use this file except in compliance with the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# See the License for the specific language governing permissions
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# and limitations under the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# When distributing Covered Code, include this CDDL HEADER in each
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# If applicable, add the following below this CDDL HEADER, with the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# fields enclosed by brackets "[]" replaced with your own identifying
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# information: Portions Copyright [yyyy] [name of copyright owner]
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# CDDL HEADER END
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
6ea3c0609e50782557505b88bb391b786bca32c9Garrett D'Amore# Use is subject to license terms.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if [ ! -f $dest ] ; then
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # new install or upgrade from much older OS revision
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # just copy in the new base ipsecalgs file
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # upgrade from a previous version of the ipsecalgs file
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # There might be third party algorithms in this file and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # changes that need to be preserved, so we just substitute
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # in the protocols and algorithms that we know we need to
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # either update or revert from past mistakes.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # We construct the sed command like this to avoid
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # lines greater than 80 characters
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sedcmd="${sedcmd} -e 's/CKM_BLOWFISH_CBC|128\/32-128,8/"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sedcmd="${sedcmd} -e 's/CKM_BLOWFISH_CBC|128\/32-448,8/"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sedcmd="${sedcmd} -e 's/AES_CBC|128|/AES_CBC|128\/128-256,64|/'"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # Add in SHA-2 support if not already there
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers BEGIN {sha256 = 0; sha384 = 0; sha512 = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ccm8 = 0; ccm12 = 0; ccm16 = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers gcm8 = 0; gcm12 = 0; gcm16 = 0; default = 1}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers function add_sha(flag, doi, shasize) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return flag;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("ALG|2|%d|", doi);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("hmac-sha%d,", shasize)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("sha%d,", shasize)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("sha-%d,", shasize)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("hmac-sha-%d|", shasize)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("CKM_SHA%d_HMAC_GENERAL|", shasize)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("%d|%d\n", shasize, shasize / 16);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers function add_combined(doi, block, ivlen, mac, salt, flgs,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers mechanism, default, label ) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("ALG|3|%d|", doi)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (default)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("%s,", label)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("%s%d|%s|", label, mac, mechanism)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("128/128-256,64|%d|", block)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers printf("%d,%d,%d|%d\n", ivlen, mac, salt, flgs)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers function add_aes_ccm(flag, doi, block, ivlen, mac, salt, flgs,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers mechanism = "CKM_AES_CCM"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers label = "aes-ccm"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_combined(doi, block, ivlen, mac, salt, flgs,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers mechanism, default, label)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers function add_aes_gcm(flag, doi, block, ivlen, mac, salt, flgs,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers mechanism = "CKM_AES_GCM"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers label = "aes-gcm"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_combined(doi, block, ivlen, mac, salt, flgs,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers mechanism, default, label)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /^#/ || /^$/ || /^PROTO/ {print; next};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($2 == 2) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 5) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (sha256) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sha256 = 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 6) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (sha384)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sha384 = 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 7) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (sha512)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sha512 = 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($2 == 3) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if($3 == 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # Time to add in missing Auth algs
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # before the Encr algs.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sha256 = add_sha(sha256, 5, 256);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sha384 = add_sha(sha384 ,6, 384);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sha512 = add_sha(sha512, 7, 512);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 14)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 15)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 16)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 18)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 19)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ($3 == 20)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # Add in ccm/gcm if missing.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_aes_ccm(ccm8, 14, 16, 8, 8, 3, 15, 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_aes_ccm(ccm12, 15, 16, 8, 12, 3, 15, 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_aes_ccm(ccm16, 16, 16, 8, 16, 3, 15, default)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_aes_gcm(gcm8, 18, 16, 8, 8, 4, 23, 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_aes_gcm(gcm12, 19, 16, 8, 12, 4, 23, 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers add_aes_gcm(gcm16, 20, 16, 8, 16, 4, 23, default)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers # Set correct permissions