Context Navigation

isakmp_newg.c @ b376ae1

55-freebsd-126-freebsd-12

Last change on this file since b376ae1 was b376ae1, checked in by Christian Mauderer <christian.mauderer@…>, on 05/03/18 at 12:15:11

ipsec-tools: Port libipsec, setkey and racoon.

Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.

Property mode set to 100644

File size: 6.3 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2	#ifdef __rtems__
3	#include <machine/rtems-bsd-program.h>
4	#include "rtems-bsd-racoon-namespace.h"
5	#endif /* __rtems__ */
6
7	/* $NetBSD: isakmp_newg.c,v 1.4 2006/09/09 16:22:09 manu Exp $ */
8
9	/* $KAME: isakmp_newg.c,v 1.10 2002/09/27 05:55:52 itojun Exp $ */
10
11	/*
12	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
13	* All rights reserved.
14	*
15	* Redistribution and use in source and binary forms, with or without
16	* modification, are permitted provided that the following conditions
17	* are met:
18	* 1. Redistributions of source code must retain the above copyright
19	* notice, this list of conditions and the following disclaimer.
20	* 2. Redistributions in binary form must reproduce the above copyright
21	* notice, this list of conditions and the following disclaimer in the
22	* documentation and/or other materials provided with the distribution.
23	* 3. Neither the name of the project nor the names of its contributors
24	* may be used to endorse or promote products derived from this software
25	* without specific prior written permission.
26	*
27	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
28	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
31	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37	* SUCH DAMAGE.
38	*/
39
40	#include "config.h"
41
42	#include <sys/types.h>
43	#include <sys/param.h>
44
45	#include <stdlib.h>
46	#include <stdio.h>
47	#include <string.h>
48	#include <errno.h>
49
50	#include "var.h"
51	#include "misc.h"
52	#include "vmbuf.h"
53	#include "plog.h"
54	#include "sockmisc.h"
55	#include "debug.h"
56
57	#include "schedule.h"
58	#include "cfparse_proto.h"
59	#include "isakmp_var.h"
60	#include "isakmp.h"
61	#include "isakmp_newg.h"
62	#include "oakley.h"
63	#include "ipsec_doi.h"
64	#include "crypto_openssl.h"
65	#include "handler.h"
66	#include "pfkey.h"
67	#include "admin.h"
68	#include "str2val.h"
69	#include "vendorid.h"
70
71	/*
72	* New group mode as responder
73	*/
74	int
75	isakmp_newgroup_r(iph1, msg)
76	struct ph1handle *iph1;
77	vchar_t *msg;
78	{
79	#if 0
80	struct isakmp isakmp = (struct isakmp )msg->v;
81	struct isakmp_pl_hash *hash = NULL;
82	struct isakmp_pl_sa *sa = NULL;
83	int error = -1;
84	vchar_t *buf;
85	struct oakley_sa *osa;
86	int len;
87
88	/* validate the type of next payload */
89	/*
90	* ISAKMP_ETYPE_NEWGRP,
91	* ISAKMP_NPTYPE_HASH, (ISAKMP_NPTYPE_VID), ISAKMP_NPTYPE_SA,
92	* ISAKMP_NPTYPE_NONE
93	*/
94	{
95	vchar_t *pbuf = NULL;
96	struct isakmp_parse_t *pa;
97
98	if ((pbuf = isakmp_parse(msg)) == NULL)
99	goto end;
100
101	for (pa = (struct isakmp_parse_t *)pbuf->v;
102	pa->type != ISAKMP_NPTYPE_NONE;
103	pa++) {
104
105	switch (pa->type) {
106	case ISAKMP_NPTYPE_HASH:
107	if (hash) {
108	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
109	plog(LLV_ERROR, LOCATION, iph1->remote,
110	"received multiple payload type %d.\n",
111	pa->type);
112	vfree(pbuf);
113	goto end;
114	}
115	hash = (struct isakmp_pl_hash *)pa->ptr;
116	break;
117	case ISAKMP_NPTYPE_SA:
118	if (sa) {
119	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
120	plog(LLV_ERROR, LOCATION, iph1->remote,
121	"received multiple payload type %d.\n",
122	pa->type);
123	vfree(pbuf);
124	goto end;
125	}
126	sa = (struct isakmp_pl_sa *)pa->ptr;
127	break;
128	case ISAKMP_NPTYPE_VID:
129	(void)check_vendorid(pa->ptr);
130	break;
131	default:
132	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
133	plog(LLV_ERROR, LOCATION, iph1->remote,
134	"ignore the packet, "
135	"received unexpecting payload type %d.\n",
136	pa->type);
137	vfree(pbuf);
138	goto end;
139	}
140	}
141	vfree(pbuf);
142
143	if (!hash \|\| !sa) {
144	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
145	plog(LLV_ERROR, LOCATION, iph1->remote,
146	"no HASH, or no SA payload.\n");
147	goto end;
148	}
149	}
150
151	/* validate HASH */
152	{
153	char *r_hash;
154	vchar_t *my_hash = NULL;
155	int result;
156
157	plog(LLV_DEBUG, LOCATION, NULL, "validate HASH\n");
158
159	len = sizeof(isakmp->msgid) + ntohs(sa->h.len);
160	buf = vmalloc(len);
161	if (buf == NULL) {
162	plog(LLV_ERROR, LOCATION, NULL,
163	"failed to get buffer to send.\n");
164	goto end;
165	}
166	memcpy(buf->v, &isakmp->msgid, sizeof(isakmp->msgid));
167	memcpy(buf->v + sizeof(isakmp->msgid), sa, ntohs(sa->h.len));
168
169	plog(LLV_DEBUG, LOCATION, NULL, "hash source\n");
170	plogdump(LLV_DEBUG, buf->v, buf->l);
171
172	my_hash = isakmp_prf(iph1->skeyid_a, buf, iph1);
173	vfree(buf);
174	if (my_hash == NULL)
175	goto end;
176
177	plog(LLV_DEBUG, LOCATION, NULL, "hash result\n");
178	plogdump(LLV_DEBUG, my_hash->v, my_hash->l);
179
180	r_hash = (char )hash + sizeof(hash);
181
182	plog(LLV_DEBUG, LOCATION, NULL, "original hash\n"));
183	plogdump(LLV_DEBUG, r_hash, ntohs(hash->h.len) - sizeof(*hash)));
184
185	result = memcmp(my_hash->v, r_hash, my_hash->l);
186	vfree(my_hash);
187
188	if (result) {
189	plog(LLV_ERROR, LOCATION, iph1->remote,
190	"HASH mismatch.\n");
191	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_HASH_INFORMATION, NULL);
192	goto end;
193	}
194	}
195
196	/* check SA payload and get new one for use */
197	buf = ipsecdoi_get_proposal((struct ipsecdoi_sa *)sa,
198	OAKLEY_NEWGROUP_MODE);
199	if (buf == NULL) {
200	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, NULL);
201	goto end;
202	}
203
204	/* save sa parameters */
205	osa = ipsecdoi_get_oakley(buf);
206	if (osa == NULL) {
207	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, NULL);
208	goto end;
209	}
210	vfree(buf);
211
212	switch (osa->dhgrp) {
213	case OAKLEY_ATTR_GRP_DESC_MODP768:
214	case OAKLEY_ATTR_GRP_DESC_MODP1024:
215	case OAKLEY_ATTR_GRP_DESC_MODP1536:
216	/XXX/
217	default:
218	isakmp_info_send_n1(iph1, ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, NULL);
219	plog(LLV_ERROR, LOCATION, NULL,
220	"dh group %d isn't supported.\n", osa->dhgrp);
221	goto end;
222	}
223
224	plog(LLV_INFO, LOCATION, iph1->remote,
225	"got new dh group %s.\n", isakmp_pindex(&iph1->index, 0));
226
227	error = 0;
228
229	end:
230	if (error) {
231	if (iph1 != NULL)
232	(void)isakmp_free_ph1(iph1);
233	}
234	return error;
235	#endif
236	return 0;
237	}
238
239	#ifdef __rtems__
240	#include "rtems-bsd-racoon-isakmp_newg-data.h"
241	#endif /* __rtems__ */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/racoon/isakmp_newg.c @ b376ae1

Download in other formats: