Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 303895 Details for
Bug 439771
[IPv6-DoD] openswan and strongswan fail to interoperate with IKEv2
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Transmit IKEv2 key length attribute
openswan-xmit-ikev2-keylen.patch (text/plain), 5.31 KB, created by
Herbert Xu
on 2008-04-27 07:28:10 UTC
(
hide
)
Description:
Transmit IKEv2 key length attribute
Filename:
MIME Type:
Creator:
Herbert Xu
Created:
2008-04-27 07:28:10 UTC
Size:
5.31 KB
patch
obsolete
>Only in openswan-2.6.12: OBJ.linux.x86_64 >diff -ur openswan-2.6.12.orig/include/ietf_constants.h openswan-2.6.12/include/ietf_constants.h >--- openswan-2.6.12.orig/include/ietf_constants.h 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/include/ietf_constants.h 2008-04-25 20:13:24.000000000 +0800 >@@ -487,6 +487,10 @@ > IKEv2_ESN_DISABLED = 0, > IKEv2_ESN_ENABLED = 1, > }; >+ >+enum ikev2_trans_attr { >+ IKEv2_KEY_LENGTH = 14, >+}; > > > /* many transform values are moved to openswan/ipsec_policy.h >diff -ur openswan-2.6.12.orig/include/names_constant.h openswan-2.6.12/include/names_constant.h >--- openswan-2.6.12.orig/include/names_constant.h 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/include/names_constant.h 2008-04-25 20:36:15.000000000 +0800 >@@ -70,6 +70,7 @@ > extern enum_names trans_type_esn_names; > extern enum_names *ikev2_transid_val_descs[]; > extern const unsigned int ikev2_transid_val_descs_size; >+extern enum_names ikev2_attr_names; > extern enum_names ikev2_cert_type_names; > extern enum_names ikev2_notify_names; > >diff -ur openswan-2.6.12.orig/include/packet.h openswan-2.6.12/include/packet.h >--- openswan-2.6.12.orig/include/packet.h 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/include/packet.h 2008-04-25 20:37:42.000000000 +0800 >@@ -230,7 +230,8 @@ > > extern struct_desc > isakmp_oakley_attribute_desc, >- isakmp_ipsec_attribute_desc; >+ isakmp_ipsec_attribute_desc, >+ isakmp_ikev2_attribute_desc; > > /* ISAKMP Security Association Payload > * layout from RFC 2408 "ISAKMP" section 3.4 >diff -ur openswan-2.6.12.orig/lib/libopenswan/constants.c openswan-2.6.12/lib/libopenswan/constants.c >--- openswan-2.6.12.orig/lib/libopenswan/constants.c 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/lib/libopenswan/constants.c 2008-04-25 20:36:02.000000000 +0800 >@@ -1019,6 +1019,16 @@ > &trans_type_esn_names, /* 5 */ > }; > const unsigned int ikev2_transid_val_descs_size = elemsof(ikev2_transid_val_descs); >+ >+/* Transform Attributes */ >+static const char *const ikev2_attr_name[]={ >+ "KEY_LENGTH", >+}; >+ >+enum_names ikev2_attr_names = { >+ IKEv2_KEY_LENGTH + ISAKMP_ATTR_AF_TV, >+ IKEv2_KEY_LENGTH + ISAKMP_ATTR_AF_TV, >+ ikev2_attr_name, NULL }; > > > /* socket address family info */ >diff -ur openswan-2.6.12.orig/lib/libpluto/packet.c openswan-2.6.12/lib/libpluto/packet.c >--- openswan-2.6.12.orig/lib/libpluto/packet.c 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/lib/libpluto/packet.c 2008-04-25 20:33:39.000000000 +0800 >@@ -130,6 +130,17 @@ > "ISAKMP ModeCfg attribute", > isaat_fields_xauth, sizeof(struct isakmp_attribute) }; > >+/* IKEv2 Attributes */ >+static field_desc isaat_fields_ikev2[] = { >+ { ft_af_enum, 16/BITS_PER_BYTE, "af+type", &ikev2_attr_names }, >+ { ft_lv, 16/BITS_PER_BYTE, "length/value", NULL }, >+ { ft_end, 0, NULL, NULL } >+}; >+ >+struct_desc isakmp_ikev2_attribute_desc = { >+ "ISAKMP IKEv2 attribute", >+ isaat_fields_ikev2, sizeof(struct isakmp_attribute) }; >+ > /* ISAKMP Security Association Payload > * layout from RFC 2408 "ISAKMP" section 3.4 > * A variable length Situation follows. >diff -ur openswan-2.6.12.orig/programs/pluto/spdb_v2_struct.c openswan-2.6.12/programs/pluto/spdb_v2_struct.c >--- openswan-2.6.12.orig/programs/pluto/spdb_v2_struct.c 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/programs/pluto/spdb_v2_struct.c 2008-04-25 20:42:54.000000000 +0800 >@@ -149,6 +149,7 @@ > struct db_v2_trans *tr = &vpc->trans[ts_cnt]; > struct ikev2_trans t; > pb_stream at_pbs; >+ unsigned int attr_cnt; > > #if 0 > XXX; >@@ -171,8 +172,13 @@ > if (!out_struct(&t, &ikev2_trans_desc, &t_pbs, &at_pbs)) > return_on(ret, FALSE); > >- /* here we need to send out the attributes */ >- /* XXX */ >+ for (attr_cnt=0; attr_cnt < tr->attr_cnt; attr_cnt++) { >+ struct db_attr *attr = &tr->attrs[attr_cnt]; >+ >+ out_attr(attr->type.ikev2, attr->val >+ , &isakmp_ikev2_attribute_desc, NULL, &at_pbs); >+ } >+ > close_output_pbs(&at_pbs); > } > close_output_pbs(&t_pbs); >@@ -194,6 +200,7 @@ > u_int16_t integ_transid; /* Transform-Id */ > u_int16_t prf_transid; /* Transform-Id */ > u_int16_t group_transid; /* Transform-Id */ >+ u_int16_t encr_keylen; /* Key length in bits */ > }; > > enum ikev2_trans_type_encr v1tov2_encr(int oakley) >@@ -250,6 +257,7 @@ > struct db_trans_flat *dtfset; > struct db_trans_flat *dtfone; > struct db_trans_flat *dtflast; >+ struct db_attr *attrs; > struct db_v2_trans *tr; > struct db_v2_prop_conj *pc; > struct db_v2_prop *pr; >@@ -313,6 +321,10 @@ > dtfone->group_transid = attr->val; > break; > >+ case OAKLEY_KEY_LENGTH: >+ dtfone->encr_keylen = attr->val; >+ break; >+ > default: > break; > } >@@ -323,7 +335,7 @@ > break; > > case KEY_LENGTH: >- /* XXX */ >+ dtfone->encr_keylen = attr->val; > break; > > case ENCAPSULATION_MODE: >@@ -411,6 +423,13 @@ > tr_pos = 0; > tr[tr_pos].transform_type = IKEv2_TRANS_TYPE_ENCR; > tr[tr_pos].transid = dtfone->encr_transid; >+ if(dtfone->encr_keylen) { >+ attrs = alloc_bytes(sizeof(struct db_attr), "db_attrs"); >+ tr[tr_pos].attrs = attrs; >+ tr[tr_pos].attr_cnt = 1; >+ attrs->type.ikev2 = IKEv2_KEY_LENGTH; >+ attrs->val = dtfone->encr_keylen; >+ } > tr_pos++; > > if(dtfone->integ_transid == 0) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=303895">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 439771
:
299701
|
299702
|
299703
|
299704
|
299705
|
299706
|
300892
|
303405
|
303894
|
303895
|
303896
|
303963
|
303964
|
304445
|
305744
|
305745
|
305940