Annotation of embedaddon/strongswan/src/conftest/hooks/ike_auth_fill.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010 Martin Willi
! 3: * Copyright (C) 2010 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "hook.h"
! 17:
! 18: #include <time.h>
! 19: #include <netinet/udp.h>
! 20:
! 21: #include <encoding/payloads/cert_payload.h>
! 22: #include <encoding/payloads/encrypted_payload.h>
! 23:
! 24: typedef struct private_ike_auth_fill_t private_ike_auth_fill_t;
! 25:
! 26: /**
! 27: * Private data of an ike_auth_fill_t object.
! 28: */
! 29: struct private_ike_auth_fill_t {
! 30:
! 31: /**
! 32: * Implements the hook_t interface.
! 33: */
! 34: hook_t hook;
! 35:
! 36: /**
! 37: * Alter requests or responses?
! 38: */
! 39: bool req;
! 40:
! 41: /**
! 42: * ID of message to alter.
! 43: */
! 44: int id;
! 45:
! 46: /**
! 47: * Number of bytes to fill IKE_AUTH up
! 48: */
! 49: int bytes;
! 50: };
! 51:
! 52: /** size of non ESP-Marker */
! 53: #define NON_ESP_MARKER_LEN 4
! 54: /** length of fixed encryption payload header */
! 55: #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
! 56: /** length of fixed cert payload header */
! 57: #define CERT_PAYLOAD_HEADER_LENGTH 5
! 58: /**
! 59: * Calculate packet size on wire (without ethernet/IP header)
! 60: */
! 61: static size_t calculate_wire_size(message_t *message, ike_sa_t *ike_sa)
! 62: {
! 63: enumerator_t *enumerator;
! 64: payload_t *payload;
! 65: size_t size = 0;
! 66:
! 67: enumerator = message->create_payload_enumerator(message);
! 68: while (enumerator->enumerate(enumerator, &payload))
! 69: {
! 70: size += payload->get_length(payload);
! 71: }
! 72: enumerator->destroy(enumerator);
! 73:
! 74: if (message->get_exchange_type(message) != IKE_SA_INIT)
! 75: {
! 76: keymat_t *keymat;
! 77: aead_t *aead;
! 78: size_t bs;
! 79:
! 80: keymat = ike_sa->get_keymat(ike_sa);
! 81: aead = keymat->get_aead(keymat, FALSE);
! 82: if (aead)
! 83: {
! 84: bs = aead->get_block_size(aead);
! 85: size += ENCRYPTION_PAYLOAD_HEADER_LENGTH + NON_ESP_MARKER_LEN +
! 86: aead->get_icv_size(aead) + aead->get_iv_size(aead) +
! 87: (bs - (size % bs));
! 88: }
! 89: }
! 90: return sizeof(struct udphdr) + IKE_HEADER_LENGTH + size;
! 91: }
! 92:
! 93: METHOD(listener_t, message, bool,
! 94: private_ike_auth_fill_t *this, ike_sa_t *ike_sa, message_t *message,
! 95: bool incoming, bool plain)
! 96: {
! 97: if (!incoming && plain &&
! 98: message->get_request(message) == this->req &&
! 99: message->get_message_id(message) == this->id)
! 100: {
! 101: cert_payload_t *pld;
! 102: size_t size, diff;
! 103: chunk_t data;
! 104:
! 105: size = calculate_wire_size(message, ike_sa);
! 106: if (size < this->bytes - CERT_PAYLOAD_HEADER_LENGTH)
! 107: {
! 108: diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH;
! 109: data = chunk_alloc(diff);
! 110: memset(data.ptr, 0x12, data.len);
! 111: pld = cert_payload_create_custom(PLV2_CERTIFICATE, 201, data);
! 112: message->add_payload(message, &pld->payload_interface);
! 113: DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff);
! 114: }
! 115: }
! 116: return TRUE;
! 117: }
! 118:
! 119: METHOD(hook_t, destroy, void,
! 120: private_ike_auth_fill_t *this)
! 121: {
! 122: free(this);
! 123: }
! 124:
! 125: /**
! 126: * Create the IKE_AUTH fill hook
! 127: */
! 128: hook_t *ike_auth_fill_hook_create(char *name)
! 129: {
! 130: private_ike_auth_fill_t *this;
! 131:
! 132: INIT(this,
! 133: .hook = {
! 134: .listener = {
! 135: .message = _message,
! 136: },
! 137: .destroy = _destroy,
! 138: },
! 139: .req = conftest->test->get_bool(conftest->test,
! 140: "hooks.%s.request", TRUE, name),
! 141: .id = conftest->test->get_int(conftest->test,
! 142: "hooks.%s.id", 1, name),
! 143: .bytes = conftest->test->get_int(conftest->test,
! 144: "hooks.%s.bytes", 0, name),
! 145: );
! 146:
! 147: return &this->hook;
! 148: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ike_auth_fill.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / conftest / hooks