Context Navigation

vendorid.c @ b376ae1

55-freebsd-126-freebsd-12

Last change on this file since b376ae1 was b376ae1, checked in by Christian Mauderer <christian.mauderer@…>, on 05/03/18 at 12:15:11

ipsec-tools: Port libipsec, setkey and racoon.

Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.

Property mode set to 100644

File size: 8.4 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2	#ifdef __rtems__
3	#include <machine/rtems-bsd-program.h>
4	#include "rtems-bsd-racoon-namespace.h"
5	#endif /* __rtems__ */
6
7	/* $NetBSD: vendorid.c,v 1.8 2009/09/01 12:22:09 tteras Exp $ */
8
9	/* Id: vendorid.c,v 1.10 2006/02/22 16:10:21 vanhu Exp */
10
11	/*
12	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
13	* All rights reserved.
14	*
15	* Redistribution and use in source and binary forms, with or without
16	* modification, are permitted provided that the following conditions
17	* are met:
18	* 1. Redistributions of source code must retain the above copyright
19	* notice, this list of conditions and the following disclaimer.
20	* 2. Redistributions in binary form must reproduce the above copyright
21	* notice, this list of conditions and the following disclaimer in the
22	* documentation and/or other materials provided with the distribution.
23	* 3. Neither the name of the project nor the names of its contributors
24	* may be used to endorse or promote products derived from this software
25	* without specific prior written permission.
26	*
27	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
28	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
31	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37	* SUCH DAMAGE.
38	*/
39
40	#include "config.h"
41
42	#include <sys/types.h>
43	#include <sys/param.h>
44
45	#include <stdlib.h>
46	#include <stdio.h>
47	#include <string.h>
48	#include <errno.h>
49	#include <ctype.h>
50
51	#include "var.h"
52	#include "misc.h"
53	#include "vmbuf.h"
54	#include "plog.h"
55	#include "debug.h"
56
57	#include "localconf.h"
58	#include "isakmp_var.h"
59	#include "isakmp.h"
60	#include "vendorid.h"
61	#include "crypto_openssl.h"
62	#include "handler.h"
63	#include "remoteconf.h"
64	#ifdef ENABLE_NATT
65	#include "nattraversal.h"
66	#endif
67	#ifdef ENABLE_HYBRID
68	#include <resolv.h>
69	#include "isakmp_xauth.h"
70	#include "isakmp_cfg.h"
71	#endif
72
73	static struct vendor_id all_vendor_ids[] = {
74	{ VENDORID_IPSEC_TOOLS, "IPSec-Tools" },
75	{ VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
76	{ VENDORID_GSSAPI , "GSSAPI" },
77	{ VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY" },
78	{ VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00" },
79	{ VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01" },
80	{ VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02" },
81	{ VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n" },
82	{ VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03" },
83	{ VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04" },
84	{ VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05" },
85	{ VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06" },
86	{ VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07" },
87	{ VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08" },
88	{ VENDORID_NATT_RFC , "RFC 3947" },
89	{ VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
90	{ VENDORID_UNITY , "CISCO-UNITY" },
91	{ VENDORID_FRAG , "FRAGMENTATION" },
92	/* Just a readable string for DPD ... */
93	{ VENDORID_DPD , "DPD" },
94	/* Other known Vendor IDs */
95	{ VENDORID_KAME , "KAME/racoon" },
96	};
97
98	#define NUMVENDORIDS (sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))
99
100	#define DPD_MAJOR_VERSION 0x01
101	#define DPD_MINOR_VERSION 0x00
102
103	const char vendorid_dpd_hash[] = {
104	0xAF, 0xCA, 0xD7, 0x13,
105	0x68, 0xA1, 0xF1, 0xC9,
106	0x6B, 0x86, 0x96, 0xFC,
107	0x77, 0x57, DPD_MAJOR_VERSION, DPD_MINOR_VERSION
108	};
109
110
111	static vchar_t vendorid_fixup(int, vchar_t t);
112
113	static struct vendor_id *
114	lookup_vendor_id_by_id (int id)
115	{
116	int i;
117
118	for (i = 0; i < NUMVENDORIDS; i++)
119	if (all_vendor_ids[i].id == id)
120	return &all_vendor_ids[i];
121
122	return NULL;
123	}
124
125	const char *
126	vid_string_by_id (int id)
127	{
128	struct vendor_id *current;
129
130	if (id == VENDORID_DPD)
131	return vendorid_dpd_hash;
132
133	current = lookup_vendor_id_by_id(id);
134
135	return current ? current->string : NULL;
136	}
137
138	static struct vendor_id *
139	lookup_vendor_id_by_hash (const char *hash)
140	{
141	int i;
142	unsigned char h = (unsigned char )hash;
143
144	for (i = 0; i < NUMVENDORIDS; i++)
145	if (strncmp(all_vendor_ids[i].hash->v, hash,
146	all_vendor_ids[i].hash->l) == 0)
147	return &all_vendor_ids[i];
148
149	return NULL;
150	}
151
152	void
153	compute_vendorids (void)
154	{
155	int i;
156	vchar_t vid;
157
158	for (i = 0; i < NUMVENDORIDS; i++) {
159	/* VENDORID_DPD is not a MD5 sum... */
160	if(all_vendor_ids[i].id == VENDORID_DPD){
161	all_vendor_ids[i].hash = vmalloc(sizeof(vendorid_dpd_hash));
162	if (all_vendor_ids[i].hash == NULL) {
163	plog(LLV_ERROR, LOCATION, NULL,
164	"unable to get memory for VID hash\n");
165	exit(1); /* this really shouldn't happen */
166	}
167	memcpy(all_vendor_ids[i].hash->v, vendorid_dpd_hash,
168	sizeof(vendorid_dpd_hash));
169	continue;
170	}
171
172	vid.v = (char *) all_vendor_ids[i].string;
173	vid.l = strlen(vid.v);
174
175	all_vendor_ids[i].hash = eay_md5_one(&vid);
176	if (all_vendor_ids[i].hash == NULL)
177	plog(LLV_ERROR, LOCATION, NULL,
178	"unable to hash vendor ID string\n");
179
180	/* Special cases */
181	all_vendor_ids[i].hash =
182	vendorid_fixup(all_vendor_ids[i].id,
183	all_vendor_ids[i].hash);
184	}
185	}
186
187	/*
188	* set hashed vendor id.
189	* hash function is always MD5.
190	*/
191	vchar_t *
192	set_vendorid(int vendorid)
193	{
194	struct vendor_id *current;
195	vchar_t vid, *new;
196
197	if (vendorid == VENDORID_UNKNOWN) {
198	/*
199	* The default unknown ID gets translated to
200	* KAME/racoon.
201	*/
202	vendorid = VENDORID_DEFAULT;
203	}
204
205	current = lookup_vendor_id_by_id(vendorid);
206	if (current == NULL) {
207	plog(LLV_ERROR, LOCATION, NULL,
208	"invalid vendor ID index: %d\n", vendorid);
209	return (NULL);
210	}
211
212	/* The rest of racoon expects a private copy
213	* of the VID that could be free'd after use.
214	* That's why we don't return the original pointer. */
215	return vdup(current->hash);
216	}
217
218	/*
219	* Check the vendor ID payload -- return the vendor ID index
220	* if we find a recognized one, or UNKNOWN if we don't.
221	*
222	* gen ... points to Vendor ID payload.
223	*/
224	static int
225	check_vendorid(struct isakmp_gen *gen)
226	{
227	vchar_t vid, *vidhash;
228	int i, vidlen;
229	struct vendor_id *current;
230
231	if (gen == NULL)
232	return (VENDORID_UNKNOWN);
233
234	vidlen = ntohs(gen->len) - sizeof(*gen);
235
236	current = lookup_vendor_id_by_hash((char *)(gen + 1));
237	if (!current)
238	goto unknown;
239
240	if (current->hash->l < vidlen)
241	plog(LLV_INFO, LOCATION, NULL,
242	"received broken Microsoft ID: %s\n",
243	current->string);
244	else
245	plog(LLV_INFO, LOCATION, NULL,
246	"received Vendor ID: %s\n",
247	current->string);
248
249	return current->id;
250
251	unknown:
252	plog(LLV_DEBUG, LOCATION, NULL, "received unknown Vendor ID\n");
253	plogdump(LLV_DEBUG, (char *)(gen + 1), vidlen);
254	return (VENDORID_UNKNOWN);
255	}
256
257	int
258	handle_vendorid(struct ph1handle iph1, struct isakmp_gen gen)
259	{
260	int vid_numeric;
261
262	vid_numeric = check_vendorid(gen);
263	if (vid_numeric == VENDORID_UNKNOWN)
264	return vid_numeric;
265
266	iph1->vendorid_mask \|= BIT(vid_numeric);
267
268	#ifdef ENABLE_NATT
269	if (natt_vendorid(vid_numeric))
270	natt_handle_vendorid(iph1, vid_numeric);
271	#endif
272	#ifdef ENABLE_HYBRID
273	switch (vid_numeric) {
274	case VENDORID_XAUTH:
275	iph1->mode_cfg->flags \|= ISAKMP_CFG_VENDORID_XAUTH;
276	break;
277	case VENDORID_UNITY:
278	iph1->mode_cfg->flags \|= ISAKMP_CFG_VENDORID_UNITY;
279	break;
280	default:
281	break;
282	}
283	#endif
284	#ifdef ENABLE_DPD
285	if (vid_numeric == VENDORID_DPD &&
286	(iph1->rmconf == NULL \|\| iph1->rmconf->dpd)) {
287	iph1->dpd_support = 1;
288	plog(LLV_DEBUG, LOCATION, NULL, "remote supports DPD\n");
289	}
290	#endif
291
292	return vid_numeric;
293	}
294
295	static vchar_t *
296	vendorid_fixup(vendorid, vidhash)
297	int vendorid;
298	vchar_t *vidhash;
299	{
300	switch(vendorid) {
301	case VENDORID_XAUTH: { /* The vendor Id is truncated */
302	vchar_t *tmp;
303
304	if ((tmp = vmalloc(8)) == NULL) {
305	plog(LLV_ERROR, LOCATION, NULL,
306	"unable to hash vendor ID string\n");
307	return NULL;
308	}
309
310	memcpy(tmp->v, vidhash->v, 8);
311	vfree(vidhash);
312	vidhash = tmp;
313
314	break;
315	}
316	case VENDORID_UNITY: /* Two bytes tweak */
317	vidhash->v[14] = 0x01;
318	vidhash->v[15] = 0x00;
319	break;
320
321	default:
322	break;
323	}
324
325	return vidhash;
326	}
327	#ifdef __rtems__
328	#include "rtems-bsd-racoon-vendorid-data.h"
329	#endif /* __rtems__ */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/racoon/vendorid.c @ b376ae1

Download in other formats: