1# $NetBSD: algorithms.sh,v 1.7 2021/12/05 02:49:21 msaitoh Exp $ 2# 3# Copyright (c) 2017 Internet Initiative Japan Inc. 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25# POSSIBILITY OF SUCH DAMAGE. 26# 27 28ESP_ENCRYPTION_ALGORITHMS="des-cbc 3des-cbc null blowfish-cbc cast128-cbc \ 29 des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac" 30ESP_ENCRYPTION_ALGORITHMS_MINIMUM="null rijndael-cbc" 31 32# Valid key lengths of ESP encryption algorithms 33# des-cbc 64 34# 3des-cbc 192 35# null 0 to 2048 XXX only accept 0 length 36# blowfish-cbc 40 to 448 37# cast128-cbc 40 to 128 38# des-deriv 64 39# 3des-deriv 192 XXX not implemented 40# rijndael-cbc 128/192/256 41# twofish-cbc 0 to 256 XXX not supported 42# aes-ctr 160/224/288 43# camellia-cbc 128/192/256 44# aes-gcm-16 160/224/288 45# aes-gmac 160/224/288 46valid_keys_descbc="64" 47invalid_keys_descbc="56 72" 48valid_keys_3descbc="192" 49invalid_keys_3descbc="184 200" 50#valid_keys_null="0 2048" 51valid_keys_null="0" 52invalid_keys_null="8" 53valid_keys_blowfishcbc="40 448" 54invalid_keys_blowfishcbc="32 456" 55valid_keys_cast128cbc="40 128" 56invalid_keys_cast128cbc="32 136" 57valid_keys_desderiv="64" 58invalid_keys_desderiv="56 72" 59#valid_keys_3desderiv="192" 60#invalid_keys_3desderiv="184 200" 61valid_keys_rijndaelcbc="128 192 256" 62invalid_keys_rijndaelcbc="120 136 184 200 248 264" 63#valid_keys_twofishcbc="0 256" 64#invalid_keys_twofishcbc="264" 65valid_keys_aesctr="160 224 288" 66invalid_keys_aesctr="152 168 216 232 280 296" 67valid_keys_camelliacbc="128 192 256" 68invalid_keys_camelliacbc="120 136 184 200 248 264" 69valid_keys_aesgcm16="160 224 288" 70invalid_keys_aesgcm16="152 168 216 232 280 296" 71valid_keys_aesgmac="160 224 288" 72invalid_keys_aesgmac="152 168 216 232 280 296" 73 74AH_AUTHENTICATION_ALGORITHMS="hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 null \ 75 hmac-sha256 hmac-sha384 hmac-sha512 hmac-ripemd160 aes-xcbc-mac" 76AH_AUTHENTICATION_ALGORITHMS_MINIMUM="null hmac-sha512" 77 78# Valid key lengths of AH authentication algorithms 79# hmac-md5 128 80# hmac-sha1 160 81# keyed-md5 128 82# keyed-sha1 160 83# null 0 to 2048 84# hmac-sha256 256 85# hmac-sha384 384 86# hmac-sha512 512 87# hmac-ripemd160 160 88# aes-xcbc-mac 128 89# tcp-md5 8 to 640 XXX not enabled in rump kernels 90valid_keys_hmacmd5="128" 91invalid_keys_hmacmd5="120 136" 92valid_keys_hmacsha1="160" 93invalid_keys_hmacsha1="152 168" 94valid_keys_keyedmd5="128" 95invalid_keys_keyedmd5="120 136" 96valid_keys_keyedsha1="160" 97invalid_keys_keyedsha1="152 168" 98#valid_keys_null="0 2048" 99valid_keys_null="0" 100invalid_keys_null="8" 101valid_keys_hmacsha256="256" 102invalid_keys_hmacsha256="248 264" 103valid_keys_hmacsha384="384" 104invalid_keys_hmacsha384="376 392" 105valid_keys_hmacsha512="512" 106invalid_keys_hmacsha512="504 520" 107valid_keys_hmacripemd160="160" 108invalid_keys_hmacripemd160="152 168" 109valid_keys_aesxcbcmac="128" 110invalid_keys_aesxcbcmac="120 136" 111#valid_keys_tcpmd5="8 640" 112#invalid_keys_tcpmd5="648" 113 114IPCOMP_COMPRESSION_ALGORITHMS="deflate" 115IPCOMP_COMPRESSION_ALGORITHMS_MINIMUM="deflate" 116valid_keys_deflate="0" 117invalid_keys_deflate="8" 118minlen_deflate="90" 119 120get_one_valid_keylen() 121{ 122 local algo=$1 123 local _algo=$(echo $algo | sed 's/-//g') 124 local len= 125 local keylengths= 126 127 eval keylengths="\$valid_keys_${_algo}" 128 129 for len in $(echo $keylengths); do 130 break; 131 done 132 133 echo $len 134} 135 136get_valid_keylengths() 137{ 138 local algo=$1 139 local _algo=$(echo $algo | sed 's/-//g') 140 141 eval keylengths="\$valid_keys_${_algo}" 142 echo $keylengths 143} 144 145get_invalid_keylengths() 146{ 147 local algo=$1 148 local _algo=$(echo $algo | sed 's/-//g') 149 150 eval keylengths="\$invalid_keys_${_algo}" 151 echo $keylengths 152} 153 154generate_key() 155{ 156 local keylen=$(($1 / 8)) 157 local key= 158 159 while [ $keylen -gt 0 ]; do 160 key="${key}a" 161 keylen=$((keylen - 1)) 162 done 163 if [ ! -z "$key" ]; then 164 key="\"$key\"" 165 fi 166 167 echo $key 168} 169 170generate_algo_args() 171{ 172 local proto=$1 173 local algo=$2 174 local keylen=$(get_one_valid_keylen $algo) 175 local key=$(generate_key $keylen) 176 177 if [ $proto = esp -o $proto = "esp-udp" ]; then 178 echo "-E $algo $key" 179 elif [ $proto = ah ]; then 180 echo "-A $algo $key" 181 else 182 echo "-C $algo $key" 183 fi 184} 185 186get_minlen() 187{ 188 local algo=$1 189 local minlen= 190 191 eval minlen="\$minlen_${algo}" 192 echo $minlen 193} 194