Annotation of embedaddon/ipsec-tools/src/racoon/isakmp_newg.c, revision 1.1
1.1 ! misho 1: /* $NetBSD: isakmp_newg.c,v 1.4 2006/09/09 16:22:09 manu Exp $ */
! 2:
! 3: /* $KAME: isakmp_newg.c,v 1.10 2002/09/27 05:55:52 itojun Exp $ */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #include "config.h"
! 35:
! 36: #include <sys/types.h>
! 37: #include <sys/param.h>
! 38:
! 39: #include <stdlib.h>
! 40: #include <stdio.h>
! 41: #include <string.h>
! 42: #include <errno.h>
! 43:
! 44: #include "var.h"
! 45: #include "misc.h"
! 46: #include "vmbuf.h"
! 47: #include "plog.h"
! 48: #include "sockmisc.h"
! 49: #include "debug.h"
! 50:
! 51: #include "schedule.h"
! 52: #include "cfparse_proto.h"
! 53: #include "isakmp_var.h"
! 54: #include "isakmp.h"
! 55: #include "isakmp_newg.h"
! 56: #include "oakley.h"
! 57: #include "ipsec_doi.h"
! 58: #include "crypto_openssl.h"
! 59: #include "handler.h"
! 60: #include "pfkey.h"
! 61: #include "admin.h"
! 62: #include "str2val.h"
! 63: #include "vendorid.h"
! 64:
! 65: /*
! 66: * New group mode as responder
! 67: */
! 68: int
! 69: isakmp_newgroup_r(iph1, msg)
! 70: struct ph1handle *iph1;
! 71: vchar_t *msg;
! 72: {
! 73: #if 0
! 74: struct isakmp *isakmp = (struct isakmp *)msg->v;
! 75: struct isakmp_pl_hash *hash = NULL;
! 76: struct isakmp_pl_sa *sa = NULL;
! 77: int error = -1;
! 78: vchar_t *buf;
! 79: struct oakley_sa *osa;
! 80: int len;
! 81:
! 82: /* validate the type of next payload */
! 83: /*
! 84: * ISAKMP_ETYPE_NEWGRP,
! 85: * ISAKMP_NPTYPE_HASH, (ISAKMP_NPTYPE_VID), ISAKMP_NPTYPE_SA,
! 86: * ISAKMP_NPTYPE_NONE
! 87: */
! 88: {
! 89: vchar_t *pbuf = NULL;
! 90: struct isakmp_parse_t *pa;
! 91:
! 92: if ((pbuf = isakmp_parse(msg)) == NULL)
! 93: goto end;
! 94:
! 95: for (pa = (struct isakmp_parse_t *)pbuf->v;
! 96: pa->type != ISAKMP_NPTYPE_NONE;
! 97: pa++) {
! 98:
! 99: switch (pa->type) {
! 100: case ISAKMP_NPTYPE_HASH:
! 101: if (hash) {
! 102: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
! 103: plog(LLV_ERROR, LOCATION, iph1->remote,
! 104: "received multiple payload type %d.\n",
! 105: pa->type);
! 106: vfree(pbuf);
! 107: goto end;
! 108: }
! 109: hash = (struct isakmp_pl_hash *)pa->ptr;
! 110: break;
! 111: case ISAKMP_NPTYPE_SA:
! 112: if (sa) {
! 113: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
! 114: plog(LLV_ERROR, LOCATION, iph1->remote,
! 115: "received multiple payload type %d.\n",
! 116: pa->type);
! 117: vfree(pbuf);
! 118: goto end;
! 119: }
! 120: sa = (struct isakmp_pl_sa *)pa->ptr;
! 121: break;
! 122: case ISAKMP_NPTYPE_VID:
! 123: (void)check_vendorid(pa->ptr);
! 124: break;
! 125: default:
! 126: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
! 127: plog(LLV_ERROR, LOCATION, iph1->remote,
! 128: "ignore the packet, "
! 129: "received unexpecting payload type %d.\n",
! 130: pa->type);
! 131: vfree(pbuf);
! 132: goto end;
! 133: }
! 134: }
! 135: vfree(pbuf);
! 136:
! 137: if (!hash || !sa) {
! 138: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
! 139: plog(LLV_ERROR, LOCATION, iph1->remote,
! 140: "no HASH, or no SA payload.\n");
! 141: goto end;
! 142: }
! 143: }
! 144:
! 145: /* validate HASH */
! 146: {
! 147: char *r_hash;
! 148: vchar_t *my_hash = NULL;
! 149: int result;
! 150:
! 151: plog(LLV_DEBUG, LOCATION, NULL, "validate HASH\n");
! 152:
! 153: len = sizeof(isakmp->msgid) + ntohs(sa->h.len);
! 154: buf = vmalloc(len);
! 155: if (buf == NULL) {
! 156: plog(LLV_ERROR, LOCATION, NULL,
! 157: "failed to get buffer to send.\n");
! 158: goto end;
! 159: }
! 160: memcpy(buf->v, &isakmp->msgid, sizeof(isakmp->msgid));
! 161: memcpy(buf->v + sizeof(isakmp->msgid), sa, ntohs(sa->h.len));
! 162:
! 163: plog(LLV_DEBUG, LOCATION, NULL, "hash source\n");
! 164: plogdump(LLV_DEBUG, buf->v, buf->l);
! 165:
! 166: my_hash = isakmp_prf(iph1->skeyid_a, buf, iph1);
! 167: vfree(buf);
! 168: if (my_hash == NULL)
! 169: goto end;
! 170:
! 171: plog(LLV_DEBUG, LOCATION, NULL, "hash result\n");
! 172: plogdump(LLV_DEBUG, my_hash->v, my_hash->l);
! 173:
! 174: r_hash = (char *)hash + sizeof(*hash);
! 175:
! 176: plog(LLV_DEBUG, LOCATION, NULL, "original hash\n"));
! 177: plogdump(LLV_DEBUG, r_hash, ntohs(hash->h.len) - sizeof(*hash)));
! 178:
! 179: result = memcmp(my_hash->v, r_hash, my_hash->l);
! 180: vfree(my_hash);
! 181:
! 182: if (result) {
! 183: plog(LLV_ERROR, LOCATION, iph1->remote,
! 184: "HASH mismatch.\n");
! 185: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_HASH_INFORMATION, NULL);
! 186: goto end;
! 187: }
! 188: }
! 189:
! 190: /* check SA payload and get new one for use */
! 191: buf = ipsecdoi_get_proposal((struct ipsecdoi_sa *)sa,
! 192: OAKLEY_NEWGROUP_MODE);
! 193: if (buf == NULL) {
! 194: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, NULL);
! 195: goto end;
! 196: }
! 197:
! 198: /* save sa parameters */
! 199: osa = ipsecdoi_get_oakley(buf);
! 200: if (osa == NULL) {
! 201: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, NULL);
! 202: goto end;
! 203: }
! 204: vfree(buf);
! 205:
! 206: switch (osa->dhgrp) {
! 207: case OAKLEY_ATTR_GRP_DESC_MODP768:
! 208: case OAKLEY_ATTR_GRP_DESC_MODP1024:
! 209: case OAKLEY_ATTR_GRP_DESC_MODP1536:
! 210: /*XXX*/
! 211: default:
! 212: isakmp_info_send_n1(iph1, ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, NULL);
! 213: plog(LLV_ERROR, LOCATION, NULL,
! 214: "dh group %d isn't supported.\n", osa->dhgrp);
! 215: goto end;
! 216: }
! 217:
! 218: plog(LLV_INFO, LOCATION, iph1->remote,
! 219: "got new dh group %s.\n", isakmp_pindex(&iph1->index, 0));
! 220:
! 221: error = 0;
! 222:
! 223: end:
! 224: if (error) {
! 225: if (iph1 != NULL)
! 226: (void)isakmp_free_ph1(iph1);
! 227: }
! 228: return error;
! 229: #endif
! 230: return 0;
! 231: }
! 232:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to isakmp_newg.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon