1/* $KAME: strnames.c,v 1.23 2001/12/12 18:23:42 sakane Exp $ */ 2 3/* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/types.h> 33#include <sys/param.h> 34#include <sys/socket.h> 35 36#include <netinet/ipsec.h> 37#include <netinet/in.h> 38 39#include <stdio.h> 40 41#include "var.h" 42#include "misc.h" 43#include "vmbuf.h" 44 45#include "isakmp_var.h" 46#include "isakmp.h" 47#include "ipsec_doi.h" 48#include "oakley.h" 49#include "handler.h" 50#include "pfkey.h" 51#include "strnames.h" 52#include "algorithm.h" 53 54struct ksmap { 55 int key; 56 char *str; 57 char *(*f) __P((int)); 58}; 59 60static char *num2str __P((int n)); 61 62static char * 63num2str(n) 64 int n; 65{ 66 static char buf[20]; 67 68 snprintf(buf, sizeof(buf), "%d", n); 69 70 return buf; 71} 72 73/* isakmp.h */ 74char * 75s_isakmp_state(t, d, s) 76 int t, d, s; 77{ 78 switch (t) { 79 case ISAKMP_ETYPE_AGG: 80 switch (d) { 81 case INITIATOR: 82 switch (s) { 83 case PHASE1ST_MSG1SENT: 84 return "agg I msg1"; 85 case PHASE1ST_ESTABLISHED: 86 return "agg I msg2"; 87 default: 88 break; 89 } 90 case RESPONDER: 91 switch (s) { 92 case PHASE1ST_MSG1SENT: 93 return "agg R msg1"; 94 default: 95 break; 96 } 97 } 98 break; 99 case ISAKMP_ETYPE_BASE: 100 switch (d) { 101 case INITIATOR: 102 switch (s) { 103 case PHASE1ST_MSG1SENT: 104 return "base I msg1"; 105 case PHASE1ST_MSG2SENT: 106 return "base I msg2"; 107 default: 108 break; 109 } 110 case RESPONDER: 111 switch (s) { 112 case PHASE1ST_MSG1SENT: 113 return "base R msg1"; 114 case PHASE1ST_ESTABLISHED: 115 return "base R msg2"; 116 default: 117 break; 118 } 119 } 120 break; 121 case ISAKMP_ETYPE_IDENT: 122 switch (d) { 123 case INITIATOR: 124 switch (s) { 125 case PHASE1ST_MSG1SENT: 126 return "ident I msg1"; 127 case PHASE1ST_MSG2SENT: 128 return "ident I msg2"; 129 case PHASE1ST_MSG3SENT: 130 return "ident I msg3"; 131 default: 132 break; 133 } 134 case RESPONDER: 135 switch (s) { 136 case PHASE1ST_MSG1SENT: 137 return "ident R msg1"; 138 case PHASE1ST_MSG2SENT: 139 return "ident R msg2"; 140 case PHASE1ST_ESTABLISHED: 141 return "ident R msg3"; 142 default: 143 break; 144 } 145 } 146 break; 147 case ISAKMP_ETYPE_QUICK: 148 switch (d) { 149 case INITIATOR: 150 switch (s) { 151 case PHASE2ST_MSG1SENT: 152 return "quick I msg1"; 153 case PHASE2ST_ADDSA: 154 return "quick I msg2"; 155 default: 156 break; 157 } 158 case RESPONDER: 159 switch (s) { 160 case PHASE2ST_MSG1SENT: 161 return "quick R msg1"; 162 case PHASE2ST_COMMIT: 163 return "quick R msg2"; 164 default: 165 break; 166 } 167 } 168 break; 169 default: 170 case ISAKMP_ETYPE_NONE: 171 case ISAKMP_ETYPE_AUTH: 172 case ISAKMP_ETYPE_INFO: 173 case ISAKMP_ETYPE_NEWGRP: 174 case ISAKMP_ETYPE_ACKINFO: 175 break; 176 } 177 /*NOTREACHED*/ 178 179 return "???"; 180} 181 182static struct ksmap name_isakmp_certtype[] = { 183{ ISAKMP_CERT_NONE, "NONE", NULL }, 184{ ISAKMP_CERT_PKCS7, "PKCS #7 wrapped X.509 certificate", NULL }, 185{ ISAKMP_CERT_PGP, "PGP Certificate", NULL }, 186{ ISAKMP_CERT_DNS, "DNS Signed Key", NULL }, 187{ ISAKMP_CERT_X509SIGN, "X.509 Certificate Signature", NULL }, 188{ ISAKMP_CERT_X509KE, "X.509 Certificate Key Exchange", NULL }, 189{ ISAKMP_CERT_KERBEROS, "Kerberos Tokens", NULL }, 190{ ISAKMP_CERT_CRL, "Certificate Revocation List (CRL)", NULL }, 191{ ISAKMP_CERT_ARL, "Authority Revocation List (ARL)", NULL }, 192{ ISAKMP_CERT_SPKI, "SPKI Certificate", NULL }, 193{ ISAKMP_CERT_X509ATTR, "X.509 Certificate Attribute", NULL }, 194}; 195 196char * 197s_isakmp_certtype(k) 198 int k; 199{ 200 int i; 201 for (i = 0; i < ARRAYLEN(name_isakmp_certtype); i++) 202 if (name_isakmp_certtype[i].key == k) 203 return name_isakmp_certtype[i].str; 204 return num2str(k); 205} 206 207static struct ksmap name_isakmp_etype[] = { 208{ ISAKMP_ETYPE_NONE, "None", NULL }, 209{ ISAKMP_ETYPE_BASE, "Base", NULL }, 210{ ISAKMP_ETYPE_IDENT, "Identity Protection", NULL }, 211{ ISAKMP_ETYPE_AUTH, "Authentication Only", NULL }, 212{ ISAKMP_ETYPE_AGG, "Aggressive", NULL }, 213{ ISAKMP_ETYPE_INFO, "Informational", NULL }, 214{ ISAKMP_ETYPE_QUICK, "Quick", NULL }, 215{ ISAKMP_ETYPE_NEWGRP, "New Group", NULL }, 216{ ISAKMP_ETYPE_ACKINFO, "Acknowledged Informational", NULL }, 217}; 218 219char * 220s_isakmp_etype(k) 221 int k; 222{ 223 int i; 224 for (i = 0; i < ARRAYLEN(name_isakmp_etype); i++) 225 if (name_isakmp_etype[i].key == k) 226 return name_isakmp_etype[i].str; 227 return num2str(k); 228} 229 230static struct ksmap name_isakmp_notify_msg[] = { 231{ ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, "INVALID-PAYLOAD-TYPE", NULL }, 232{ ISAKMP_NTYPE_DOI_NOT_SUPPORTED, "DOI-NOT-SUPPORTED", NULL }, 233{ ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED, "SITUATION-NOT-SUPPORTED", NULL }, 234{ ISAKMP_NTYPE_INVALID_COOKIE, "INVALID-COOKIE", NULL }, 235{ ISAKMP_NTYPE_INVALID_MAJOR_VERSION, "INVALID-MAJOR-VERSION", NULL }, 236{ ISAKMP_NTYPE_INVALID_MINOR_VERSION, "INVALID-MINOR-VERSION", NULL }, 237{ ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE, "INVALID-EXCHANGE-TYPE", NULL }, 238{ ISAKMP_NTYPE_INVALID_FLAGS, "INVALID-FLAGS", NULL }, 239{ ISAKMP_NTYPE_INVALID_MESSAGE_ID, "INVALID-MESSAGE-ID", NULL }, 240{ ISAKMP_NTYPE_INVALID_PROTOCOL_ID, "INVALID-PROTOCOL-ID", NULL }, 241{ ISAKMP_NTYPE_INVALID_SPI, "INVALID-SPI", NULL }, 242{ ISAKMP_NTYPE_INVALID_TRANSFORM_ID, "INVALID-TRANSFORM-ID", NULL }, 243{ ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, "ATTRIBUTES-NOT-SUPPORTED", NULL }, 244{ ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN, "NO-PROPOSAL-CHOSEN", NULL }, 245{ ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX, "BAD-PROPOSAL-SYNTAX", NULL }, 246{ ISAKMP_NTYPE_PAYLOAD_MALFORMED, "PAYLOAD-MALFORMED", NULL }, 247{ ISAKMP_NTYPE_INVALID_KEY_INFORMATION, "INVALID-KEY-INFORMATION", NULL }, 248{ ISAKMP_NTYPE_INVALID_ID_INFORMATION, "INVALID-ID-INFORMATION", NULL }, 249{ ISAKMP_NTYPE_INVALID_CERT_ENCODING, "INVALID-CERT-ENCODING", NULL }, 250{ ISAKMP_NTYPE_INVALID_CERTIFICATE, "INVALID-CERTIFICATE", NULL }, 251{ ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX, "BAD-CERT-REQUEST-SYNTAX", NULL }, 252{ ISAKMP_NTYPE_INVALID_CERT_AUTHORITY, "INVALID-CERT-AUTHORITY", NULL }, 253{ ISAKMP_NTYPE_INVALID_HASH_INFORMATION, "INVALID-HASH-INFORMATION", NULL }, 254{ ISAKMP_NTYPE_AUTHENTICATION_FAILED, "AUTHENTICATION-FAILED", NULL }, 255{ ISAKMP_NTYPE_INVALID_SIGNATURE, "INVALID-SIGNATURE", NULL }, 256{ ISAKMP_NTYPE_ADDRESS_NOTIFICATION, "ADDRESS-NOTIFICATION", NULL }, 257{ ISAKMP_NTYPE_NOTIFY_SA_LIFETIME, "NOTIFY-SA-LIFETIME", NULL }, 258{ ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE, "CERTIFICATE-UNAVAILABLE", NULL }, 259{ ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE, "UNSUPPORTED-EXCHANGE-TYPE", NULL }, 260{ ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS, "UNEQUAL-PAYLOAD-LENGTHS", NULL }, 261{ ISAKMP_NTYPE_CONNECTED, "CONNECTED", NULL }, 262{ ISAKMP_NTYPE_RESPONDER_LIFETIME, "RESPONDER-LIFETIME", NULL }, 263{ ISAKMP_NTYPE_REPLAY_STATUS, "REPLAY-STATUS", NULL }, 264{ ISAKMP_NTYPE_INITIAL_CONTACT, "INITIAL-CONTACT", NULL }, 265{ ISAKMP_LOG_RETRY_LIMIT_REACHED, "RETRY-LIMIT-REACHED", NULL }, 266}; 267 268char * 269s_isakmp_notify_msg(k) 270 int k; 271{ 272 int i; 273 for (i = 0; i < ARRAYLEN(name_isakmp_notify_msg); i++) 274 if (name_isakmp_notify_msg[i].key == k) 275 return name_isakmp_notify_msg[i].str; 276 277 return num2str(k); 278} 279 280static struct ksmap name_isakmp_nptype[] = { 281{ ISAKMP_NPTYPE_NONE, "none", NULL }, 282{ ISAKMP_NPTYPE_SA, "sa", NULL }, 283{ ISAKMP_NPTYPE_P, "prop", NULL }, 284{ ISAKMP_NPTYPE_T, "trns", NULL }, 285{ ISAKMP_NPTYPE_KE, "ke", NULL }, 286{ ISAKMP_NPTYPE_ID, "id", NULL }, 287{ ISAKMP_NPTYPE_CERT, "cert", NULL }, 288{ ISAKMP_NPTYPE_CR, "cr", NULL }, 289{ ISAKMP_NPTYPE_HASH, "hash", NULL }, 290{ ISAKMP_NPTYPE_SIG, "sig", NULL }, 291{ ISAKMP_NPTYPE_NONCE, "nonce", NULL }, 292{ ISAKMP_NPTYPE_N, "notify", NULL }, 293{ ISAKMP_NPTYPE_D, "delete", NULL }, 294{ ISAKMP_NPTYPE_VID, "vid", NULL }, 295{ ISAKMP_NPTYPE_GSS, "gss id", NULL }, 296}; 297 298char * 299s_isakmp_nptype(k) 300 int k; 301{ 302 int i; 303 for (i = 0; i < ARRAYLEN(name_isakmp_nptype); i++) 304 if (name_isakmp_nptype[i].key == k) 305 return name_isakmp_nptype[i].str; 306 return num2str(k); 307} 308 309/* ipsec_doi.h */ 310static struct ksmap name_ipsecdoi_proto[] = { 311{ IPSECDOI_PROTO_ISAKMP, "ISAKMP", s_ipsecdoi_trns_isakmp }, 312{ IPSECDOI_PROTO_IPSEC_AH, "AH", s_ipsecdoi_trns_ah }, 313{ IPSECDOI_PROTO_IPSEC_ESP, "ESP", s_ipsecdoi_trns_esp }, 314{ IPSECDOI_PROTO_IPCOMP, "IPCOMP", s_ipsecdoi_trns_ipcomp }, 315}; 316 317char * 318s_ipsecdoi_proto(k) 319 int k; 320{ 321 int i; 322 for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++) 323 if (name_ipsecdoi_proto[i].key == k) 324 return name_ipsecdoi_proto[i].str; 325 return num2str(k); 326} 327 328static struct ksmap name_ipsecdoi_trns_isakmp[] = { 329{ IPSECDOI_KEY_IKE, "IKE", NULL }, 330}; 331 332char * 333s_ipsecdoi_trns_isakmp(k) 334 int k; 335{ 336 int i; 337 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_isakmp); i++) 338 if (name_ipsecdoi_trns_isakmp[i].key == k) 339 return name_ipsecdoi_trns_isakmp[i].str; 340 return num2str(k); 341} 342 343static struct ksmap name_ipsecdoi_trns_ah[] = { 344{ IPSECDOI_AH_MD5, "MD5", NULL }, 345{ IPSECDOI_AH_SHA, "SHA", NULL }, 346{ IPSECDOI_AH_DES, "DES", NULL }, 347}; 348 349char * 350s_ipsecdoi_trns_ah(k) 351 int k; 352{ 353 int i; 354 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_ah); i++) 355 if (name_ipsecdoi_trns_ah[i].key == k) 356 return name_ipsecdoi_trns_ah[i].str; 357 return num2str(k); 358} 359 360static struct ksmap name_ipsecdoi_trns_esp[] = { 361{ IPSECDOI_ESP_DES_IV64, "DES_IV64", NULL }, 362{ IPSECDOI_ESP_DES, "DES", NULL }, 363{ IPSECDOI_ESP_3DES, "3DES", NULL }, 364{ IPSECDOI_ESP_RC5, "RC5", NULL }, 365{ IPSECDOI_ESP_IDEA, "IDEA", NULL }, 366{ IPSECDOI_ESP_CAST, "CAST", NULL }, 367{ IPSECDOI_ESP_BLOWFISH, "BLOWFISH", NULL }, 368{ IPSECDOI_ESP_3IDEA, "3IDEA", NULL }, 369{ IPSECDOI_ESP_DES_IV32, "DES_IV32", NULL }, 370{ IPSECDOI_ESP_RC4, "RC4", NULL }, 371{ IPSECDOI_ESP_NULL, "NULL", NULL }, 372{ IPSECDOI_ESP_RIJNDAEL, "RIJNDAEL", NULL }, 373{ IPSECDOI_ESP_TWOFISH, "TWOFISH", NULL }, 374}; 375 376char * 377s_ipsecdoi_trns_esp(k) 378 int k; 379{ 380 int i; 381 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_esp); i++) 382 if (name_ipsecdoi_trns_esp[i].key == k) 383 return name_ipsecdoi_trns_esp[i].str; 384 return num2str(k); 385} 386 387static struct ksmap name_ipsecdoi_trns_ipcomp[] = { 388{ IPSECDOI_IPCOMP_OUI, "OUI", NULL}, 389{ IPSECDOI_IPCOMP_DEFLATE, "DEFLATE", NULL}, 390{ IPSECDOI_IPCOMP_LZS, "LZS", NULL}, 391}; 392 393char * 394s_ipsecdoi_trns_ipcomp(k) 395 int k; 396{ 397 int i; 398 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_ipcomp); i++) 399 if (name_ipsecdoi_trns_ipcomp[i].key == k) 400 return name_ipsecdoi_trns_ipcomp[i].str; 401 return num2str(k); 402} 403 404char * 405s_ipsecdoi_trns(proto, trns) 406 int proto, trns; 407{ 408 int i; 409 for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++) 410 if (name_ipsecdoi_proto[i].key == proto 411 && name_ipsecdoi_proto[i].f) 412 return (name_ipsecdoi_proto[i].f)(trns); 413 return num2str(trns); 414} 415 416static struct ksmap name_attr_ipsec[] = { 417{ IPSECDOI_ATTR_SA_LD_TYPE, "SA Life Type", s_ipsecdoi_ltype }, 418{ IPSECDOI_ATTR_SA_LD, "SA Life Duration", NULL }, 419{ IPSECDOI_ATTR_GRP_DESC, "Group Description", NULL }, 420{ IPSECDOI_ATTR_ENC_MODE, "Encription Mode", s_ipsecdoi_encmode }, 421{ IPSECDOI_ATTR_AUTH, "Authentication Algorithm", s_ipsecdoi_auth }, 422{ IPSECDOI_ATTR_KEY_LENGTH, "Key Length", NULL }, 423{ IPSECDOI_ATTR_KEY_ROUNDS, "Key Rounds", NULL }, 424{ IPSECDOI_ATTR_COMP_DICT_SIZE, "Compression Dictionary Size", NULL }, 425{ IPSECDOI_ATTR_COMP_PRIVALG, "Compression Private Algorithm", NULL }, 426}; 427 428char * 429s_ipsecdoi_attr(k) 430 int k; 431{ 432 int i; 433 for (i = 0; i < ARRAYLEN(name_attr_ipsec); i++) 434 if (name_attr_ipsec[i].key == k) 435 return name_attr_ipsec[i].str; 436 return num2str(k); 437} 438 439static struct ksmap name_attr_ipsec_ltype[] = { 440{ IPSECDOI_ATTR_SA_LD_TYPE_SEC, "seconds", NULL }, 441{ IPSECDOI_ATTR_SA_LD_TYPE_KB, "kilobytes", NULL }, 442}; 443 444char * 445s_ipsecdoi_ltype(k) 446 int k; 447{ 448 int i; 449 for (i = 0; i < ARRAYLEN(name_attr_ipsec_ltype); i++) 450 if (name_attr_ipsec_ltype[i].key == k) 451 return name_attr_ipsec_ltype[i].str; 452 return num2str(k); 453} 454 455static struct ksmap name_attr_ipsec_encmode[] = { 456{ IPSECDOI_ATTR_ENC_MODE_ANY, "Any", NULL }, 457{ IPSECDOI_ATTR_ENC_MODE_TUNNEL, "Tunnel", NULL }, 458{ IPSECDOI_ATTR_ENC_MODE_TRNS, "Transport", NULL }, 459}; 460 461char * 462s_ipsecdoi_encmode(k) 463 int k; 464{ 465 int i; 466 for (i = 0; i < ARRAYLEN(name_attr_ipsec_encmode); i++) 467 if (name_attr_ipsec_encmode[i].key == k) 468 return name_attr_ipsec_encmode[i].str; 469 return num2str(k); 470} 471 472static struct ksmap name_attr_ipsec_auth[] = { 473{ IPSECDOI_ATTR_AUTH_HMAC_MD5, "hmac-md5", NULL }, 474{ IPSECDOI_ATTR_AUTH_HMAC_SHA1, "hmac-sha", NULL }, 475{ IPSECDOI_ATTR_AUTH_DES_MAC, "des-mac", NULL }, 476{ IPSECDOI_ATTR_AUTH_KPDK, "kpdk", NULL }, 477}; 478 479char * 480s_ipsecdoi_auth(k) 481 int k; 482{ 483 int i; 484 for (i = 0; i < ARRAYLEN(name_attr_ipsec_auth); i++) 485 if (name_attr_ipsec_auth[i].key == k) 486 return name_attr_ipsec_auth[i].str; 487 return num2str(k); 488} 489 490char * 491s_ipsecdoi_attr_v(type, val) 492 int type, val; 493{ 494 int i; 495 for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++) 496 if (name_attr_ipsec[i].key == type 497 && name_attr_ipsec[i].f) 498 return (name_attr_ipsec[i].f)(val); 499 return num2str(val); 500} 501 502static struct ksmap name_ipsecdoi_ident[] = { 503{ IPSECDOI_ID_IPV4_ADDR, "IPv4_address", NULL }, 504{ IPSECDOI_ID_FQDN, "FQDN", NULL }, 505{ IPSECDOI_ID_USER_FQDN, "User_FQDN", NULL }, 506{ IPSECDOI_ID_IPV4_ADDR_SUBNET, "IPv4_subnet", NULL }, 507{ IPSECDOI_ID_IPV6_ADDR, "IPv6_address", NULL }, 508{ IPSECDOI_ID_IPV6_ADDR_SUBNET, "IPv6_subnet", NULL }, 509{ IPSECDOI_ID_IPV4_ADDR_RANGE, "IPv4_address_range", NULL }, 510{ IPSECDOI_ID_IPV6_ADDR_RANGE, "IPv6_address_range", NULL }, 511{ IPSECDOI_ID_DER_ASN1_DN, "DER_ASN1_DN", NULL }, 512{ IPSECDOI_ID_DER_ASN1_GN, "DER_ASN1_GN", NULL }, 513{ IPSECDOI_ID_KEY_ID, "KEY_ID", NULL }, 514}; 515 516char * 517s_ipsecdoi_ident(k) 518 int k; 519{ 520 int i; 521 for (i = 0; i < ARRAYLEN(name_ipsecdoi_ident); i++) 522 if (name_ipsecdoi_ident[i].key == k) 523 return name_ipsecdoi_ident[i].str; 524 return num2str(k); 525} 526 527/* oakley.h */ 528static struct ksmap name_oakley_attr[] = { 529{ OAKLEY_ATTR_ENC_ALG, "Encryption Algorithm", s_attr_isakmp_enc }, 530{ OAKLEY_ATTR_HASH_ALG, "Hash Algorithm", s_attr_isakmp_hash }, 531{ OAKLEY_ATTR_AUTH_METHOD, "Authentication Method", s_oakley_attr_method }, 532{ OAKLEY_ATTR_GRP_DESC, "Group Description", s_attr_isakmp_desc }, 533{ OAKLEY_ATTR_GRP_TYPE, "Group Type", s_attr_isakmp_group }, 534{ OAKLEY_ATTR_GRP_PI, "Group Prime/Irreducible Polynomial", NULL }, 535{ OAKLEY_ATTR_GRP_GEN_ONE, "Group Generator One", NULL }, 536{ OAKLEY_ATTR_GRP_GEN_TWO, "Group Generator Two", NULL }, 537{ OAKLEY_ATTR_GRP_CURVE_A, "Group Curve A", NULL }, 538{ OAKLEY_ATTR_GRP_CURVE_B, "Group Curve B", NULL }, 539{ OAKLEY_ATTR_SA_LD_TYPE, "Life Type", s_attr_isakmp_ltype }, 540{ OAKLEY_ATTR_SA_LD, "Life Duration", NULL }, 541{ OAKLEY_ATTR_PRF, "PRF", NULL }, 542{ OAKLEY_ATTR_KEY_LEN, "Key Length", NULL }, 543{ OAKLEY_ATTR_FIELD_SIZE, "Field Size", NULL }, 544{ OAKLEY_ATTR_GRP_ORDER, "Group Order", NULL }, 545{ OAKLEY_ATTR_BLOCK_SIZE, "Block Size", NULL }, 546{ OAKLEY_ATTR_GSS_ID, "GSS-API endpoint name",NULL }, 547}; 548 549char * 550s_oakley_attr(k) 551 int k; 552{ 553 int i; 554 for (i = 0; i < ARRAYLEN(name_oakley_attr); i++) 555 if (name_oakley_attr[i].key == k) 556 return name_oakley_attr[i].str; 557 return num2str(k); 558} 559 560static struct ksmap name_attr_isakmp_enc[] = { 561{ OAKLEY_ATTR_ENC_ALG_DES, "DES-CBC", NULL }, 562{ OAKLEY_ATTR_ENC_ALG_IDEA, "IDEA-CBC", NULL }, 563{ OAKLEY_ATTR_ENC_ALG_BLOWFISH, "Blowfish-CBC", NULL }, 564{ OAKLEY_ATTR_ENC_ALG_RC5, "RC5-R16-B64-CBC", NULL }, 565{ OAKLEY_ATTR_ENC_ALG_3DES, "3DES-CBC", NULL }, 566{ OAKLEY_ATTR_ENC_ALG_CAST, "CAST-CBC", NULL }, 567}; 568 569char * 570s_attr_isakmp_enc(k) 571 int k; 572{ 573 int i; 574 for (i = 0; i < ARRAYLEN(name_attr_isakmp_enc); i++) 575 if (name_attr_isakmp_enc[i].key == k) 576 return name_attr_isakmp_enc[i].str; 577 return num2str(k); 578} 579 580static struct ksmap name_attr_isakmp_hash[] = { 581{ OAKLEY_ATTR_HASH_ALG_MD5, "MD5", NULL }, 582{ OAKLEY_ATTR_HASH_ALG_SHA, "SHA", NULL }, 583{ OAKLEY_ATTR_HASH_ALG_TIGER, "Tiger", NULL }, 584}; 585 586char * 587s_attr_isakmp_hash(k) 588 int k; 589{ 590 int i; 591 for (i = 0; i < ARRAYLEN(name_attr_isakmp_hash); i++) 592 if (name_attr_isakmp_hash[i].key == k) 593 return name_attr_isakmp_hash[i].str; 594 return num2str(k); 595} 596 597static struct ksmap name_attr_isakmp_method[] = { 598{ OAKLEY_ATTR_AUTH_METHOD_PSKEY, "pre-shared key", NULL }, 599{ OAKLEY_ATTR_AUTH_METHOD_DSSSIG, "DSS signatures", NULL }, 600{ OAKLEY_ATTR_AUTH_METHOD_RSASIG, "RSA signatures", NULL }, 601{ OAKLEY_ATTR_AUTH_METHOD_RSAENC, "Encryption with RSA", NULL }, 602{ OAKLEY_ATTR_AUTH_METHOD_RSAREV, "Revised encryption with RSA", NULL }, 603{ OAKLEY_ATTR_AUTH_METHOD_EGENC, "Encryption with El-Gamal", NULL }, 604{ OAKLEY_ATTR_AUTH_METHOD_EGREV, "Revised encryption with El-Gamal", NULL }, 605{ OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, "GSS-API on Kerberos 5", NULL }, 606}; 607 608char * 609s_oakley_attr_method(k) 610 int k; 611{ 612 int i; 613 for (i = 0; i < ARRAYLEN(name_attr_isakmp_method); i++) 614 if (name_attr_isakmp_method[i].key == k) 615 return name_attr_isakmp_method[i].str; 616 return num2str(k); 617} 618 619static struct ksmap name_attr_isakmp_desc[] = { 620{ OAKLEY_ATTR_GRP_DESC_MODP768, "768-bit MODP group", NULL }, 621{ OAKLEY_ATTR_GRP_DESC_MODP1024, "1024-bit MODP group", NULL }, 622{ OAKLEY_ATTR_GRP_DESC_EC2N155, "EC2N group on GP[2^155]", NULL }, 623{ OAKLEY_ATTR_GRP_DESC_EC2N185, "EC2N group on GP[2^185]", NULL }, 624{ OAKLEY_ATTR_GRP_DESC_MODP1536, "1536-bit MODP group", NULL }, 625{ OAKLEY_ATTR_GRP_DESC_MODP2048, "2048-bit MODP group", NULL }, 626{ OAKLEY_ATTR_GRP_DESC_MODP3072, "3072-bit MODP group", NULL }, 627{ OAKLEY_ATTR_GRP_DESC_MODP4096, "4096-bit MODP group", NULL }, 628{ OAKLEY_ATTR_GRP_DESC_MODP6144, "6144-bit MODP group", NULL }, 629{ OAKLEY_ATTR_GRP_DESC_MODP8192, "8192-bit MODP group", NULL }, 630}; 631 632char * 633s_attr_isakmp_desc(k) 634 int k; 635{ 636 int i; 637 for (i = 0; i < ARRAYLEN(name_attr_isakmp_desc); i++) 638 if (name_attr_isakmp_desc[i].key == k) 639 return name_attr_isakmp_desc[i].str; 640 return num2str(k); 641} 642 643static struct ksmap name_attr_isakmp_group[] = { 644{ OAKLEY_ATTR_GRP_TYPE_MODP, "MODP", NULL }, 645{ OAKLEY_ATTR_GRP_TYPE_ECP, "ECP", NULL }, 646{ OAKLEY_ATTR_GRP_TYPE_EC2N, "EC2N", NULL }, 647}; 648 649char * 650s_attr_isakmp_group(k) 651 int k; 652{ 653 int i; 654 for (i = 0; i < ARRAYLEN(name_attr_isakmp_group); i++) 655 if (name_attr_isakmp_group[i].key == k) 656 return name_attr_isakmp_group[i].str; 657 return num2str(k); 658} 659 660static struct ksmap name_attr_isakmp_ltype[] = { 661{ OAKLEY_ATTR_SA_LD_TYPE_SEC, "seconds", NULL }, 662{ OAKLEY_ATTR_SA_LD_TYPE_KB, "kilobytes", NULL }, 663}; 664 665char * 666s_attr_isakmp_ltype(k) 667 int k; 668{ 669 int i; 670 for (i = 0; i < ARRAYLEN(name_attr_isakmp_ltype); i++) 671 if (name_attr_isakmp_ltype[i].key == k) 672 return name_attr_isakmp_ltype[i].str; 673 return num2str(k); 674} 675 676char * 677s_oakley_attr_v(type, val) 678 int type, val; 679{ 680 int i; 681 for (i = 0; i < ARRAYLEN(name_oakley_attr); i++) 682 if (name_oakley_attr[i].key == type 683 && name_oakley_attr[i].f) 684 return (name_oakley_attr[i].f)(val); 685 return num2str(val); 686} 687 688/* netinet6/ipsec.h */ 689static struct ksmap name_ipsec_level[] = { 690{ IPSEC_LEVEL_USE, "use", NULL }, 691{ IPSEC_LEVEL_REQUIRE, "require", NULL }, 692{ IPSEC_LEVEL_UNIQUE, "unique", NULL }, 693}; 694 695char * 696s_ipsec_level(k) 697 int k; 698{ 699 int i; 700 for (i = 0; i < ARRAYLEN(name_ipsec_level); i++) 701 if (name_ipsec_level[i].key == k) 702 return name_ipsec_level[i].str; 703 return num2str(k); 704} 705 706static struct ksmap name_algclass[] = { 707{ algclass_ipsec_enc, "ipsec enc", s_ipsecdoi_trns_esp }, 708{ algclass_ipsec_auth, "ipsec auth", s_ipsecdoi_trns_ah }, 709{ algclass_ipsec_comp, "ipsec comp", s_ipsecdoi_trns_ipcomp }, 710{ algclass_isakmp_enc, "isakmp enc", s_attr_isakmp_enc }, 711{ algclass_isakmp_hash, "isakmp hash", s_attr_isakmp_hash }, 712{ algclass_isakmp_dh, "isakmp dh", s_attr_isakmp_desc }, 713{ algclass_isakmp_ameth, "isakmp auth method", s_oakley_attr_method }, 714}; 715 716char * 717s_algclass(k) 718 int k; 719{ 720 int i; 721 for (i = 0; i < ARRAYLEN(name_algclass); i++) 722 if (name_algclass[i].key == k) 723 return name_algclass[i].str; 724 return num2str(k); 725} 726 727char * 728s_algtype(class, n) 729 int class, n; 730{ 731 int i; 732 for (i = 0; i < ARRAYLEN(name_algclass); i++) 733 if (name_algclass[i].key == class 734 && name_algclass[i].f) 735 return (name_algclass[i].f)(n); 736 return num2str(n); 737} 738 739/* pfkey.h */ 740static struct ksmap name_pfkey_type[] = { 741{ SADB_GETSPI, "GETSPI", NULL }, 742{ SADB_UPDATE, "UPDATE", NULL }, 743{ SADB_ADD, "ADD", NULL }, 744{ SADB_DELETE, "DELETE", NULL }, 745{ SADB_GET, "GET", NULL }, 746{ SADB_ACQUIRE, "ACQUIRE", NULL }, 747{ SADB_REGISTER, "REGISTER", NULL }, 748{ SADB_EXPIRE, "EXPIRE", NULL }, 749{ SADB_FLUSH, "FLUSH", NULL }, 750{ SADB_DUMP, "DUMP", NULL }, 751{ SADB_X_PROMISC, "X_PRIMISC", NULL }, 752{ SADB_X_PCHANGE, "X_PCHANGE", NULL }, 753{ SADB_X_SPDUPDATE, "X_SPDUPDATE", NULL }, 754{ SADB_X_SPDADD, "X_SPDADD", NULL }, 755{ SADB_X_SPDDELETE, "X_SPDDELETE", NULL }, 756{ SADB_X_SPDGET, "X_SPDGET", NULL }, 757{ SADB_X_SPDACQUIRE, "X_SPDACQUIRE", NULL }, 758{ SADB_X_SPDDUMP, "X_SPDDUMP", NULL }, 759{ SADB_X_SPDFLUSH, "X_SPDFLUSH", NULL }, 760{ SADB_X_SPDSETIDX, "X_SPDSETIDX", NULL }, 761{ SADB_X_SPDEXPIRE, "X_SPDEXPIRE", NULL }, 762{ SADB_X_SPDDELETE2, "X_SPDDELETE2", NULL }, 763}; 764 765char * 766s_pfkey_type(k) 767 int k; 768{ 769 int i; 770 for (i = 0; i < ARRAYLEN(name_pfkey_type); i++) 771 if (name_pfkey_type[i].key == k) 772 return name_pfkey_type[i].str; 773 return num2str(k); 774} 775 776static struct ksmap name_pfkey_satype[] = { 777{ SADB_SATYPE_UNSPEC, "UNSPEC", NULL }, 778{ SADB_SATYPE_AH, "AH", NULL }, 779{ SADB_SATYPE_ESP, "ESP", NULL }, 780{ SADB_SATYPE_RSVP, "RSVP", NULL }, 781{ SADB_SATYPE_OSPFV2, "OSPFV2", NULL }, 782{ SADB_SATYPE_RIPV2, "RIPV2", NULL }, 783{ SADB_SATYPE_MIP, "MIP", NULL }, 784{ SADB_X_SATYPE_IPCOMP, "IPCOMP", NULL }, 785}; 786 787char * 788s_pfkey_satype(k) 789 int k; 790{ 791 int i; 792 for (i = 0; i < ARRAYLEN(name_pfkey_satype); i++) 793 if (name_pfkey_satype[i].key == k) 794 return name_pfkey_satype[i].str; 795 return num2str(k); 796} 797 798static struct ksmap name_direction[] = { 799{ IPSEC_DIR_INBOUND, "in", NULL }, 800{ IPSEC_DIR_OUTBOUND, "out", NULL }, 801}; 802 803char * 804s_direction(k) 805 int k; 806{ 807 int i; 808 for (i = 0; i < ARRAYLEN(name_direction); i++) 809 if (name_direction[i].key == k) 810 return name_direction[i].str; 811 return num2str(k); 812} 813 814char * 815s_proto(k) 816 int k; 817{ 818 switch (k) { 819 case IPPROTO_ICMP: 820 return "icmp"; 821 case IPPROTO_TCP: 822 return "tcp"; 823 case IPPROTO_UDP: 824 return "udp"; 825 case IPPROTO_ICMPV6: 826 return "icmpv6"; 827 case IPSEC_ULPROTO_ANY: 828 return "any"; 829 } 830 831 return num2str(k); 832} 833