[apple/ipsec.git] / ipsec-tools / racoon / vendorid.c

/* $Id: vendorid.c,v 1.7 2005/01/29 16:34:25 vanhu Exp $ */

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <sys/types.h>
#include <sys/param.h>

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <ctype.h>

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "debug.h"

#include "localconf.h"
#include "isakmp_var.h"
#include "isakmp.h"
#include "vendorid.h"
#include "crypto_openssl.h"

static struct vendor_id all_vendor_ids[] = {
{ VENDORID_KAME       , "KAME/racoon" },
{ VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
{ VENDORID_GSSAPI     , "GSSAPI" },
{ VENDORID_MS_NT5     , "MS NT5 ISAKMPOAKLEY" },
{ VENDORID_NATT_00    , "draft-ietf-ipsec-nat-t-ike-00" },
{ VENDORID_NATT_01    , "draft-ietf-ipsec-nat-t-ike-01" },
{ VENDORID_NATT_02    , "draft-ietf-ipsec-nat-t-ike-02" },
{ VENDORID_NATT_02_N  , "draft-ietf-ipsec-nat-t-ike-02\n" },
{ VENDORID_NATT_03    , "draft-ietf-ipsec-nat-t-ike-03" },
{ VENDORID_NATT_04    , "draft-ietf-ipsec-nat-t-ike-04" },
{ VENDORID_NATT_05    , "draft-ietf-ipsec-nat-t-ike-05" },
{ VENDORID_NATT_06    , "draft-ietf-ipsec-nat-t-ike-06" },
{ VENDORID_NATT_07    , "draft-ietf-ipsec-nat-t-ike-07" },
{ VENDORID_NATT_08    , "draft-ietf-ipsec-nat-t-ike-08" },
#ifdef __APPLE__
{ VENDORID_NATT_APPLE , "draft-ietf-ipsec-nat-t-ike" },
#endif
{ VENDORID_NATT_RFC   , "RFC 3947" },
{ VENDORID_XAUTH      , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
{ VENDORID_UNITY      , "CISCO-UNITY" },
{ VENDORID_FRAG       , "FRAGMENTATION" },
/* Just a readable string for DPD ... */
{ VENDORID_DPD        , "DPD" },
};

#define NUMVENDORIDS	(sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))

#define DPD_MAJOR_VERSION	0x01
#define DPD_MINOR_VERSION	0x00

const char vendorid_dpd_hash[] = {
	0xAF, 0xCA, 0xD7, 0x13,
	0x68, 0xA1, 0xF1, 0xC9,
	0x6B, 0x86, 0x96, 0xFC,
	0x77, 0x57, DPD_MAJOR_VERSION, DPD_MINOR_VERSION
};


static vchar_t *vendorid_fixup(int, vchar_t *t);

static struct vendor_id *
lookup_vendor_id_by_id (int id)
{
	int i;

	for (i = 0; i < NUMVENDORIDS; i++)
		if (all_vendor_ids[i].id == id)
			return &all_vendor_ids[i];

	return NULL;
}

const char *
vid_string_by_id (int id)
{
	struct vendor_id *current;

	if (id == VENDORID_DPD)
		return vendorid_dpd_hash;

	current = lookup_vendor_id_by_id(id);

	return current ? current->string : NULL;
}

static struct vendor_id *
lookup_vendor_id_by_hash (const char *hash)
{
	int i;
	unsigned char *h = (unsigned char *)hash;

	for (i = 0; i < NUMVENDORIDS; i++)
		if (strncmp(all_vendor_ids[i].hash->v, hash,
			    all_vendor_ids[i].hash->l) == 0)
			return &all_vendor_ids[i];

	return NULL;
}

void
compute_vendorids (void)
{
	int i;
	vchar_t vid;

	for (i = 0; i < NUMVENDORIDS; i++) {
		/* VENDORID_DPD is not a MD5 sum... */
		if(i == VENDORID_DPD){
			all_vendor_ids[i].hash = vmalloc(sizeof(vendorid_dpd_hash));
			if (all_vendor_ids[i].hash == NULL) {
				plog(LLV_ERROR2, LOCATION, NULL,
					"unable to get memory for VID hash\n");
				exit(1); /* this really shouldn't happen */
			}
			memcpy(all_vendor_ids[i].hash->v, vendorid_dpd_hash,
				   sizeof(vendorid_dpd_hash));
			continue;
		}

		vid.v = (char *) all_vendor_ids[i].string;
		vid.l = strlen(vid.v);

		all_vendor_ids[i].hash = eay_md5_one(&vid);
		if (all_vendor_ids[i].hash == NULL)
			plog(LLV_ERROR, LOCATION, NULL,
			    "unable to hash vendor ID string\n");

		/* Special cases */
		all_vendor_ids[i].hash =
			vendorid_fixup(all_vendor_ids[i].id,
				       all_vendor_ids[i].hash);
	}
}

/*
 * set hashed vendor id.
 * hash function is always MD5.
 */
vchar_t *
set_vendorid(int vendorid)
{
	struct vendor_id *current;
	vchar_t vid, *new;

	if (vendorid == VENDORID_UNKNOWN) {
		/*
		 * The default unknown ID gets translated to
		 * KAME/racoon.
		 */
		vendorid = VENDORID_KAME;
	}

	current = lookup_vendor_id_by_id(vendorid);
	if (current == NULL) {
		plog(LLV_ERROR, LOCATION, NULL,
		    "invalid vendor ID index: %d\n", vendorid);
		return (NULL);
	}

	/* The rest of racoon expects a private copy 
	 * of the VID that could be free'd after use.
	 * That's why we don't return the original pointer. */
	return vdup(current->hash);
}

/*
 * Check the vendor ID payload -- return the vendor ID index
 * if we find a recognized one, or UNKNOWN if we don't.
 *
 * gen ... points to Vendor ID payload.
 */
int
check_vendorid(struct isakmp_gen *gen)
{
	vchar_t vid, *vidhash;
	int i, vidlen;
	struct vendor_id *current;

	if (gen == NULL)
		return (VENDORID_UNKNOWN);

	vidlen = ntohs(gen->len) - sizeof(*gen);

	current = lookup_vendor_id_by_hash((char *)(gen + 1));
	if (!current)
		goto unknown;
	
	if (current->hash->l < vidlen)
		plog(LLV_INFO, LOCATION, NULL,
		     "received broken Microsoft ID: %s\n",
		     current->string);
	else
		plog(LLV_INFO, LOCATION, NULL,
		     "received Vendor ID: %s\n",
		     current->string);

	return current->id;

unknown:
	plog(LLV_DEBUG, LOCATION, NULL, "received unknown Vendor ID\n");
	return (VENDORID_UNKNOWN);
}

static vchar_t * 
vendorid_fixup(vendorid, vidhash)
	int vendorid;		 
	vchar_t *vidhash;
{			   
	switch(vendorid) {
	case VENDORID_XAUTH: {	/* The vendor Id is truncated */
		vchar_t *tmp;					    
				  
		if ((tmp = vmalloc(8)) == NULL) {
			plog(LLV_ERROR, LOCATION, NULL,
			    "unable to hash vendor ID string\n");
			return NULL;				    
		}			
		  
		memcpy(tmp->v, vidhash->v, 8);
		vfree(vidhash);		  
		vidhash = tmp;
				   
		break;
	} 
	case VENDORID_UNITY:	/* Two bytes tweak */
		vidhash->v[14] = 0x01;		  
		vidhash->v[15] = 0x00;
		break;		   

	default:     
		break;
	}		
	
	return vidhash;
}
Commit	Line	Data
52b7d2ce A	1	/* $Id: vendorid.c,v 1.7 2005/01/29 16:34:25 vanhu Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	#include "config.h"
	33
	34	#include <sys/types.h>
	35	#include <sys/param.h>
	36
	37	#include <stdlib.h>
	38	#include <stdio.h>
	39	#include <string.h>
	40	#include <errno.h>
	41	#include <ctype.h>
	42
	43	#include "var.h"
	44	#include "misc.h"
	45	#include "vmbuf.h"
	46	#include "plog.h"
	47	#include "debug.h"
	48
	49	#include "localconf.h"
	50	#include "isakmp_var.h"
	51	#include "isakmp.h"
	52	#include "vendorid.h"
	53	#include "crypto_openssl.h"
	54
	55	static struct vendor_id all_vendor_ids[] = {
	56	{ VENDORID_KAME , "KAME/racoon" },
	57	{ VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
	58	{ VENDORID_GSSAPI , "GSSAPI" },
	59	{ VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY" },
	60	{ VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00" },
	61	{ VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01" },
	62	{ VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02" },
	63	{ VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n" },
	64	{ VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03" },
65	{ VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04" },
66	{ VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05" },
67	{ VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06" },
68	{ VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07" },
69	{ VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08" },
70	#ifdef __APPLE__
71	{ VENDORID_NATT_APPLE , "draft-ietf-ipsec-nat-t-ike" },
72	#endif
73	{ VENDORID_NATT_RFC , "RFC 3947" },
74	{ VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
75	{ VENDORID_UNITY , "CISCO-UNITY" },
76	{ VENDORID_FRAG , "FRAGMENTATION" },
77	/* Just a readable string for DPD ... */
78	{ VENDORID_DPD , "DPD" },
79	};
80
81	#define NUMVENDORIDS (sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))
82
83	#define DPD_MAJOR_VERSION 0x01
84	#define DPD_MINOR_VERSION 0x00
85
86	const char vendorid_dpd_hash[] = {
87	0xAF, 0xCA, 0xD7, 0x13,
88	0x68, 0xA1, 0xF1, 0xC9,
89	0x6B, 0x86, 0x96, 0xFC,
90	0x77, 0x57, DPD_MAJOR_VERSION, DPD_MINOR_VERSION
91	};
92
93
94	static vchar_t vendorid_fixup(int, vchar_t t);
95
96	static struct vendor_id *
97	lookup_vendor_id_by_id (int id)
98	{
99	int i;
100
101	for (i = 0; i < NUMVENDORIDS; i++)
102	if (all_vendor_ids[i].id == id)
103	return &all_vendor_ids[i];
104
105	return NULL;
106	}
107
108	const char *
109	vid_string_by_id (int id)
110	{
111	struct vendor_id *current;
112
113	if (id == VENDORID_DPD)
114	return vendorid_dpd_hash;
115
116	current = lookup_vendor_id_by_id(id);
117
118	return current ? current->string : NULL;
119	}
120
121	static struct vendor_id *
122	lookup_vendor_id_by_hash (const char *hash)
123	{
124	int i;
125	unsigned char h = (unsigned char )hash;
126
127	for (i = 0; i < NUMVENDORIDS; i++)
128	if (strncmp(all_vendor_ids[i].hash->v, hash,
129	all_vendor_ids[i].hash->l) == 0)
130	return &all_vendor_ids[i];
131
132	return NULL;
133	}
134
135	void
136	compute_vendorids (void)
137	{
138	int i;
139	vchar_t vid;
140
141	for (i = 0; i < NUMVENDORIDS; i++) {
142	/* VENDORID_DPD is not a MD5 sum... */
143	if(i == VENDORID_DPD){
144	all_vendor_ids[i].hash = vmalloc(sizeof(vendorid_dpd_hash));
145	if (all_vendor_ids[i].hash == NULL) {
146	plog(LLV_ERROR2, LOCATION, NULL,
147	"unable to get memory for VID hash\n");
148	exit(1); /* this really shouldn't happen */
149	}
150	memcpy(all_vendor_ids[i].hash->v, vendorid_dpd_hash,
151	sizeof(vendorid_dpd_hash));
152	continue;
153	}
154
155	vid.v = (char *) all_vendor_ids[i].string;
156	vid.l = strlen(vid.v);
157
158	all_vendor_ids[i].hash = eay_md5_one(&vid);
159	if (all_vendor_ids[i].hash == NULL)
160	plog(LLV_ERROR, LOCATION, NULL,
161	"unable to hash vendor ID string\n");
162
163	/* Special cases */
164	all_vendor_ids[i].hash =
165	vendorid_fixup(all_vendor_ids[i].id,
166	all_vendor_ids[i].hash);
167	}
168	}
169
170	/*
171	* set hashed vendor id.
172	* hash function is always MD5.
173	*/
174	vchar_t *
175	set_vendorid(int vendorid)
176	{
177	struct vendor_id *current;
178	vchar_t vid, *new;
179
180	if (vendorid == VENDORID_UNKNOWN) {
181	/*
182	* The default unknown ID gets translated to
183	* KAME/racoon.
184	*/
185	vendorid = VENDORID_KAME;
186	}
187
188	current = lookup_vendor_id_by_id(vendorid);
189	if (current == NULL) {
190	plog(LLV_ERROR, LOCATION, NULL,
191	"invalid vendor ID index: %d\n", vendorid);
192	return (NULL);
193	}
194
195	/* The rest of racoon expects a private copy
196	* of the VID that could be free'd after use.
197	* That's why we don't return the original pointer. */
198	return vdup(current->hash);
199	}
200
201	/*
202	* Check the vendor ID payload -- return the vendor ID index
203	* if we find a recognized one, or UNKNOWN if we don't.
204	*
205	* gen ... points to Vendor ID payload.
206	*/
207	int
208	check_vendorid(struct isakmp_gen *gen)
209	{
210	vchar_t vid, *vidhash;
211	int i, vidlen;
212	struct vendor_id *current;
213
214	if (gen == NULL)
215	return (VENDORID_UNKNOWN);
216
217	vidlen = ntohs(gen->len) - sizeof(*gen);
218
219	current = lookup_vendor_id_by_hash((char *)(gen + 1));
220	if (!current)
221	goto unknown;
222
223	if (current->hash->l < vidlen)
224	plog(LLV_INFO, LOCATION, NULL,
225	"received broken Microsoft ID: %s\n",
226	current->string);
227	else
228	plog(LLV_INFO, LOCATION, NULL,
229	"received Vendor ID: %s\n",
230	current->string);
231
232	return current->id;
233
234	unknown:
235	plog(LLV_DEBUG, LOCATION, NULL, "received unknown Vendor ID\n");
236	return (VENDORID_UNKNOWN);
237	}
238
239	static vchar_t *
240	vendorid_fixup(vendorid, vidhash)
241	int vendorid;
242	vchar_t *vidhash;
243	{
244	switch(vendorid) {
245	case VENDORID_XAUTH: { /* The vendor Id is truncated */
246	vchar_t *tmp;
247
248	if ((tmp = vmalloc(8)) == NULL) {
249	plog(LLV_ERROR, LOCATION, NULL,
250	"unable to hash vendor ID string\n");
251	return NULL;
252	}
253
254	memcpy(tmp->v, vidhash->v, 8);
255	vfree(vidhash);
256	vidhash = tmp;
257
258	break;
259	}
260	case VENDORID_UNITY: /* Two bytes tweak */
261	vidhash->v[14] = 0x01;
262	vidhash->v[15] = 0x00;
263	break;
264
265	default:
266	break;
267	}
268
269	return vidhash;
270	}