OpenSolaris_b135/pkgdefs/common_files/i.ipsecalgsbase
#!/bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
while read src dest
do
if [ ! -f $dest ] ; then
#
# new install or upgrade from much older OS revision
# just copy in the new base ipsecalgs file
#
cp $src $dest
else
#
# upgrade from a previous version of the ipsecalgs file
# There might be third party algorithms in this file and
# changes that need to be preserved, so we just substitute
# in the protocols and algorithms that we know we need to
# either update or revert from past mistakes.
#
#
# We construct the sed command like this to avoid
# lines greater than 80 characters
#
sedcmd="-e 's/CKM_BF_CBC/CKM_BLOWFISH_CBC/'"
sedcmd="${sedcmd} -e 's/CKM_BLOWFISH_CBC|128\/32-128,8/"
sedcmd="${sedcmd}CKM_BLOWFISH_CBC|128\/32-448,8/'"
sedcmd="${sedcmd} -e 's/CKM_BLOWFISH_CBC|128\/32-448,8/"
sedcmd="${sedcmd}CKM_BLOWFISH_CBC|128/'"
sedcmd="${sedcmd} -e 's/AES_CBC|128|/AES_CBC|128\/128-256,64|/'"
eval sed $sedcmd $dest > $dest.$$
#
# Add in SHA-2 support if not already there
#
nawk -F\| '\
BEGIN {sha256 = 0; sha384 = 0; sha512 = 0;
ccm8 = 0; ccm12 = 0; ccm16 = 0;
gcm8 = 0; gcm12 = 0; gcm16 = 0; default = 1}
function add_sha(flag, doi, shasize) {
if (flag)
return flag;
printf("ALG|2|%d|", doi);
printf("hmac-sha%d,", shasize)
printf("sha%d,", shasize)
printf("sha-%d,", shasize)
printf("hmac-sha-%d|", shasize)
printf("CKM_SHA%d_HMAC_GENERAL|", shasize)
printf("%d|%d\n", shasize, shasize / 16);
return 1;
}
function add_combined(doi, block, ivlen, mac, salt, flgs,
mechanism, default, label ) {
printf("ALG|3|%d|", doi)
if (default)
printf("%s,", label)
printf("%s%d|%s|", label, mac, mechanism)
printf("128/128-256,64|%d|", block)
printf("%d,%d,%d|%d\n", ivlen, mac, salt, flgs)
}
function add_aes_ccm(flag, doi, block, ivlen, mac, salt, flgs,
default) {
if (flag)
return;
mechanism = "CKM_AES_CCM"
label = "aes-ccm"
add_combined(doi, block, ivlen, mac, salt, flgs,
mechanism, default, label)
}
function add_aes_gcm(flag, doi, block, ivlen, mac, salt, flgs,
default) {
if (flag)
return;
mechanism = "CKM_AES_GCM"
label = "aes-gcm"
add_combined(doi, block, ivlen, mac, salt, flgs,
mechanism, default, label)
}
/^#/ || /^$/ || /^PROTO/ {print; next};
{
if ($2 == 2) {
if ($3 == 5) {
if (sha256) {
next;
}
sha256 = 1;
}
if ($3 == 6) {
if (sha384)
next;
sha384 = 1;
}
if ($3 == 7) {
if (sha512)
next;
sha512 = 1;
}
print;
next;
}
if ($2 == 3) {
if($3 == 0) {
# Time to add in missing Auth algs
# before the Encr algs.
sha256 = add_sha(sha256, 5, 256);
sha384 = add_sha(sha384 ,6, 384);
sha512 = add_sha(sha512, 7, 512);
print;
} else {
if ($3 == 14)
ccm8 = 1;
if ($3 == 15)
ccm12 = 1;
if ($3 == 16)
ccm16 = 1;
if ($3 == 18)
gcm8 = 1;
if ($3 == 19)
gcm12 = 1;
if ($3 == 20)
gcm16 = 1;
print;
}
}
}
# Add in ccm/gcm if missing.
END {
add_aes_ccm(ccm8, 14, 16, 8, 8, 3, 15, 0)
add_aes_ccm(ccm12, 15, 16, 8, 12, 3, 15, 0)
add_aes_ccm(ccm16, 16, 16, 8, 16, 3, 15, default)
add_aes_gcm(gcm8, 18, 16, 8, 8, 4, 23, 0)
add_aes_gcm(gcm12, 19, 16, 8, 12, 4, 23, 0)
add_aes_gcm(gcm16, 20, 16, 8, 16, 4, 23, default)
}' $dest.$$ > $dest.2.$$
mv $dest.2.$$ $dest
rm $dest.$$
# Set correct permissions
chmod 0644 $dest
fi
done
exit 0