ipsec-tools/racoon/isakmp_frag.c

   1 /* $Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp $ */
   2
   3 /*
   4  * Copyright (C) 2004 Emmanuel Dreyfus
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  * 3. Neither the name of the project nor the names of its contributors
  16  *    may be used to endorse or promote products derived from this software
  17  *    without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31
  32 #include "config.h"
  33
  34 #include <sys/types.h>
  35 #include <sys/param.h>
  36 #include <sys/socket.h>
  37 #include <sys/queue.h>
  38
  39 #include <netinet/in.h>
  40 #include <arpa/inet.h>
  41
  42 #include <openssl/md5.h>
  43
  44 #include <stdlib.h>
  45 #include <stdio.h>
  46 #include <fcntl.h>
  47 #include <string.h>
  48 #include <errno.h>
  49 #if TIME_WITH_SYS_TIME
  50 # include <sys/time.h>
  51 # include <time.h>
  52 #else
  53 # if HAVE_SYS_TIME_H
  54 #  include <sys/time.h>
  55 # else
  56 #  include <time.h>
  57 # endif
  58 #endif
  59 #include <netdb.h>
  60 #ifdef HAVE_UNISTD_H
  61 #include <unistd.h>
  62 #endif
  63 #include <ctype.h>
  64
  65 #include "var.h"
  66 #include "misc.h"
  67 #include "vmbuf.h"
  68 #include "plog.h"
  69 #include "sockmisc.h"
  70 #include "schedule.h"
  71 #include "debug.h"
  72
  73 #include "isakmp_var.h"
  74 #include "isakmp.h"
  75 #include "handler.h"
  76 #include "isakmp_frag.h"
  77 #include "strnames.h"
  78
  79 int
  80 isakmp_sendfrags(iph1, buf)
  81         struct ph1handle *iph1;
  82         vchar_t *buf;
  83 {
  84         struct isakmp *hdr;
  85         struct isakmp_frag *fraghdr;
  86         caddr_t data;
  87         caddr_t sdata;
  88         size_t datalen;
  89         size_t max_datalen;
  90         size_t fraglen;
  91         vchar_t *frag;
  92         unsigned int trailer;
  93         unsigned int fragnum = 0;
  94         size_t len;
  95         int etype;
  96
  97         /*
  98          * Catch the exchange type for later: the fragments and the
  99          * fragmented packet must have the same exchange type.
 100          */
 101         hdr = (struct isakmp *)buf->v;
 102         etype = hdr->etype;
 103
 104         /*
 105          * We want to send a a packet smaller than ISAKMP_FRAG_MAXLEN
 106          * First compute the maximum data length that will fit in it
 107          */
 108         max_datalen = ISAKMP_FRAG_MAXLEN -
 109             (sizeof(*hdr) + sizeof(*fraghdr) + sizeof(trailer));
 110
 111         sdata = buf->v;
 112         len = buf->l;
 113
 114         while (len > 0) {
 115                 fragnum++;
 116
 117                 if (len > max_datalen)
 118                         datalen = max_datalen;
 119                 else
 120                         datalen = len;
 121
 122                 fraglen = sizeof(*hdr)
 123                         + sizeof(*fraghdr)
 124                         + datalen;
 125
 126                 if ((frag = vmalloc(fraglen)) == NULL) {
 127                         plog(LLV_ERROR, LOCATION, NULL,
 128                             "Cannot allocate memory\n");
 129                         return -1;
 130                 }
 131
 132                 set_isakmp_header1(frag, iph1, ISAKMP_NPTYPE_FRAG);
 133                 hdr = (struct isakmp *)frag->v;
 134                 hdr->etype = etype;
 135
 136                 fraghdr = (struct isakmp_frag *)(hdr + 1);
 137                 fraghdr->unknown0 = htons(0);
 138                 fraghdr->len = htons(fraglen - sizeof(*hdr));
 139                 fraghdr->unknown1 = htons(1);
 140                 fraghdr->index = fragnum;
 141                 if (len == datalen)
 142                         fraghdr->flags = ISAKMP_FRAG_LAST;
 143                 else
 144                         fraghdr->flags = 0;
 145
 146                 data = (caddr_t)(fraghdr + 1);
 147                 memcpy(data, sdata, datalen);
 148
 149                 if (isakmp_send(iph1, frag) < 0) {
 150                         plog(LLV_ERROR, LOCATION, NULL, "isakmp_send failed\n");
 151                         return -1;
 152                 }
 153
 154                 vfree(frag);
 155
 156                 len -= datalen;
 157                 sdata += datalen;
 158         }
 159
 160         return fragnum;
 161 }
 162
 163 unsigned int
 164 vendorid_frag_cap(gen)
 165         struct isakmp_gen *gen;
 166 {
 167         int *hp;
 168
 169         hp = (int *)(gen + 1);
 170
 171         return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
 172 }
 173
 174 int
 175 isakmp_frag_extract(iph1, msg)
 176         struct ph1handle *iph1;
 177         vchar_t *msg;
 178 {
 179         struct isakmp *isakmp;
 180         struct isakmp_frag *frag;
 181         struct isakmp_frag_item *item;
 182         vchar_t *buf;
 183         size_t len;
 184         int last_frag = 0;
 185         char *data;
 186         int i;
 187
 188         if (msg->l < sizeof(*isakmp) + sizeof(*frag)) {
 189                 plog(LLV_ERROR, LOCATION, NULL, "Message too short\n");
 190                 return -1;
 191         }
 192
 193         isakmp = (struct isakmp *)msg->v;
 194         frag = (struct isakmp_frag *)(isakmp + 1);
 195
 196         /*
 197          * frag->len is the frag payload data plus the frag payload header,
 198          * whose size is sizeof(*frag)
 199          */
 200         if (msg->l < sizeof(*isakmp) + ntohs(frag->len)) {
 201                 plog(LLV_ERROR, LOCATION, NULL, "Fragment too short\n");
 202                 return -1;
 203         }
 204
 205         if ((buf = vmalloc(ntohs(frag->len) - sizeof(*frag))) == NULL) {
 206                 plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
 207                 return -1;
 208         }
 209
 210         if ((item = racoon_malloc(sizeof(*item))) == NULL) {
 211                 plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
 212                 vfree(buf);
 213                 return -1;
 214         }
 215
 216         data = (char *)(frag + 1);
 217         memcpy(buf->v, data, buf->l);
 218
 219         item->frag_num = frag->index;
 220         item->frag_last = (frag->flags & ISAKMP_FRAG_LAST);
 221         item->frag_next = NULL;
 222         item->frag_packet = buf;
 223
 224         /* Look for the last frag while inserting the new item in the chain */
 225         if (item->frag_last)
 226                 last_frag = item->frag_num;
 227
 228         if (iph1->frag_chain == NULL) {
 229                 iph1->frag_chain = item;
 230         } else {
 231                 struct isakmp_frag_item *current;
 232
 233                 current = iph1->frag_chain;
 234                 while (current->frag_next) {
 235                         if (current->frag_last)
 236                                 last_frag = item->frag_num;
 237                         current = current->frag_next;
 238                 }
 239                 current->frag_next = item;
 240         }
 241
 242         /* If we saw the last frag, check if the chain is complete */
 243         if (last_frag != 0) {
 244                 for (i = 1; i <= last_frag; i++) {
 245                         item = iph1->frag_chain;
 246                         do {
 247                                 if (item->frag_num == i)
 248                                         break;
 249                                 item = item->frag_next;
 250                         } while (item != NULL);
 251
 252                         if (item == NULL) /* Not found */
 253                                 break;
 254                 }
 255
 256                 if (item != NULL) /* It is complete */
 257                         return 1;
 258         }
 259
 260         return 0;
 261 }
 262
 263 vchar_t *
 264 isakmp_frag_reassembly(iph1)
 265         struct ph1handle *iph1;
 266 {
 267         struct isakmp_frag_item *item;
 268         size_t len = 0;
 269         vchar_t *buf = NULL;
 270         int frag_count = 0;
 271         int i;
 272         char *data;
 273
 274         if ((item = iph1->frag_chain) == NULL) {
 275                 plog(LLV_ERROR, LOCATION, NULL, "No fragment to reassemble\n");
 276                 goto out;
 277         }
 278
 279         do {
 280                 frag_count++;
 281                 len += item->frag_packet->l;
 282                 item = item->frag_next;
 283         } while (item != NULL);
 284
 285         if ((buf = vmalloc(len)) == NULL) {
 286                 plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
 287                 goto out;
 288         }
 289         data = buf->v;
 290
 291         for (i = 1; i <= frag_count; i++) {
 292                 item = iph1->frag_chain;
 293                 do {
 294                         if (item->frag_num == i)
 295                                 break;
 296                         item = item->frag_next;
 297                 } while (item != NULL);
 298
 299                 if (item == NULL) {
 300                         plog(LLV_ERROR, LOCATION, NULL,
 301                             "Missing fragment #%d\n", i);
 302                         vfree(buf);
 303                         buf = NULL;
 304                         goto out;
 305                 }
 306                 memcpy(data, item->frag_packet->v, item->frag_packet->l);
 307                 data += item->frag_packet->l;
 308         }
 309
 310 out:
 311         item = iph1->frag_chain;
 312         do {
 313                 struct isakmp_frag_item *next_item;
 314
 315                 next_item = item->frag_next;
 316
 317                 vfree(item->frag_packet);
 318                 racoon_free(item);
 319
 320                 item = next_item;
 321         } while (item != NULL);
 322
 323         iph1->frag_chain = NULL;
 324
 325         return buf;
 326 }
 327
 328 vchar_t *
 329 isakmp_frag_addcap(buf, cap)
 330         vchar_t *buf;
 331         int cap;
 332 {
 333         int *capp;
 334         size_t len;
 335
 336         /* If the capability has not been added, add room now */
 337         len = buf->l;
 338         if (len == MD5_DIGEST_LENGTH) {
 339                 if ((buf = vrealloc(buf, len + sizeof(cap))) == NULL) {
 340                         plog(LLV_ERROR, LOCATION, NULL,
 341                             "Cannot allocate memory\n");
 342                         return NULL;
 343                 }
 344                 capp = (int *)(buf->v + len);
 345                 *capp = htonl(0);
 346         }
 347
 348         capp = (int *)(buf->v + MD5_DIGEST_LENGTH);
 349         *capp |= htonl(cap);
 350
 351         return buf;
 352 }
 353