]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/vendorid.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-34.0.3.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / vendorid.c
1 /* $Id: vendorid.c,v 1.7 2005/01/29 16:34:25 vanhu Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include "config.h"
33
34 #include <sys/types.h>
35 #include <sys/param.h>
36
37 #include <stdlib.h>
38 #include <stdio.h>
39 #include <string.h>
40 #include <errno.h>
41 #include <ctype.h>
42
43 #include "var.h"
44 #include "misc.h"
45 #include "vmbuf.h"
46 #include "plog.h"
47 #include "debug.h"
48
49 #include "localconf.h"
50 #include "isakmp_var.h"
51 #include "isakmp.h"
52 #include "vendorid.h"
53 #include "crypto_openssl.h"
54
55 static struct vendor_id all_vendor_ids[] = {
56 { VENDORID_KAME , "KAME/racoon" },
57 { VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
58 { VENDORID_GSSAPI , "GSSAPI" },
59 { VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY" },
60 { VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00" },
61 { VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01" },
62 { VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02" },
63 { VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n" },
64 { VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03" },
65 { VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04" },
66 { VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05" },
67 { VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06" },
68 { VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07" },
69 { VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08" },
70 #ifdef __APPLE__
71 { VENDORID_NATT_APPLE , "draft-ietf-ipsec-nat-t-ike" },
72 #endif
73 { VENDORID_NATT_RFC , "RFC 3947" },
74 { VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
75 { VENDORID_UNITY , "CISCO-UNITY" },
76 { VENDORID_FRAG , "FRAGMENTATION" },
77 /* Just a readable string for DPD ... */
78 { VENDORID_DPD , "DPD" },
79 };
80
81 #define NUMVENDORIDS (sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))
82
83 #define DPD_MAJOR_VERSION 0x01
84 #define DPD_MINOR_VERSION 0x00
85
86 const char vendorid_dpd_hash[] = {
87 0xAF, 0xCA, 0xD7, 0x13,
88 0x68, 0xA1, 0xF1, 0xC9,
89 0x6B, 0x86, 0x96, 0xFC,
90 0x77, 0x57, DPD_MAJOR_VERSION, DPD_MINOR_VERSION
91 };
92
93
94 static vchar_t *vendorid_fixup(int, vchar_t *t);
95
96 static struct vendor_id *
97 lookup_vendor_id_by_id (int id)
98 {
99 int i;
100
101 for (i = 0; i < NUMVENDORIDS; i++)
102 if (all_vendor_ids[i].id == id)
103 return &all_vendor_ids[i];
104
105 return NULL;
106 }
107
108 const char *
109 vid_string_by_id (int id)
110 {
111 struct vendor_id *current;
112
113 if (id == VENDORID_DPD)
114 return vendorid_dpd_hash;
115
116 current = lookup_vendor_id_by_id(id);
117
118 return current ? current->string : NULL;
119 }
120
121 static struct vendor_id *
122 lookup_vendor_id_by_hash (const char *hash)
123 {
124 int i;
125 unsigned char *h = (unsigned char *)hash;
126
127 for (i = 0; i < NUMVENDORIDS; i++)
128 if (strncmp(all_vendor_ids[i].hash->v, hash,
129 all_vendor_ids[i].hash->l) == 0)
130 return &all_vendor_ids[i];
131
132 return NULL;
133 }
134
135 void
136 compute_vendorids (void)
137 {
138 int i;
139 vchar_t vid;
140
141 for (i = 0; i < NUMVENDORIDS; i++) {
142 /* VENDORID_DPD is not a MD5 sum... */
143 if(i == VENDORID_DPD){
144 all_vendor_ids[i].hash = vmalloc(sizeof(vendorid_dpd_hash));
145 if (all_vendor_ids[i].hash == NULL) {
146 plog(LLV_ERROR2, LOCATION, NULL,
147 "unable to get memory for VID hash\n");
148 exit(1); /* this really shouldn't happen */
149 }
150 memcpy(all_vendor_ids[i].hash->v, vendorid_dpd_hash,
151 sizeof(vendorid_dpd_hash));
152 continue;
153 }
154
155 vid.v = (char *) all_vendor_ids[i].string;
156 vid.l = strlen(vid.v);
157
158 all_vendor_ids[i].hash = eay_md5_one(&vid);
159 if (all_vendor_ids[i].hash == NULL)
160 plog(LLV_ERROR, LOCATION, NULL,
161 "unable to hash vendor ID string\n");
162
163 /* Special cases */
164 all_vendor_ids[i].hash =
165 vendorid_fixup(all_vendor_ids[i].id,
166 all_vendor_ids[i].hash);
167 }
168 }
169
170 /*
171 * set hashed vendor id.
172 * hash function is always MD5.
173 */
174 vchar_t *
175 set_vendorid(int vendorid)
176 {
177 struct vendor_id *current;
178 vchar_t vid, *new;
179
180 if (vendorid == VENDORID_UNKNOWN) {
181 /*
182 * The default unknown ID gets translated to
183 * KAME/racoon.
184 */
185 vendorid = VENDORID_KAME;
186 }
187
188 current = lookup_vendor_id_by_id(vendorid);
189 if (current == NULL) {
190 plog(LLV_ERROR, LOCATION, NULL,
191 "invalid vendor ID index: %d\n", vendorid);
192 return (NULL);
193 }
194
195 /* The rest of racoon expects a private copy
196 * of the VID that could be free'd after use.
197 * That's why we don't return the original pointer. */
198 return vdup(current->hash);
199 }
200
201 /*
202 * Check the vendor ID payload -- return the vendor ID index
203 * if we find a recognized one, or UNKNOWN if we don't.
204 *
205 * gen ... points to Vendor ID payload.
206 */
207 int
208 check_vendorid(struct isakmp_gen *gen)
209 {
210 vchar_t vid, *vidhash;
211 int i, vidlen;
212 struct vendor_id *current;
213
214 if (gen == NULL)
215 return (VENDORID_UNKNOWN);
216
217 vidlen = ntohs(gen->len) - sizeof(*gen);
218
219 current = lookup_vendor_id_by_hash((char *)(gen + 1));
220 if (!current)
221 goto unknown;
222
223 if (current->hash->l < vidlen)
224 plog(LLV_INFO, LOCATION, NULL,
225 "received broken Microsoft ID: %s\n",
226 current->string);
227 else
228 plog(LLV_INFO, LOCATION, NULL,
229 "received Vendor ID: %s\n",
230 current->string);
231
232 return current->id;
233
234 unknown:
235 plog(LLV_DEBUG, LOCATION, NULL, "received unknown Vendor ID\n");
236 return (VENDORID_UNKNOWN);
237 }
238
239 static vchar_t *
240 vendorid_fixup(vendorid, vidhash)
241 int vendorid;
242 vchar_t *vidhash;
243 {
244 switch(vendorid) {
245 case VENDORID_XAUTH: { /* The vendor Id is truncated */
246 vchar_t *tmp;
247
248 if ((tmp = vmalloc(8)) == NULL) {
249 plog(LLV_ERROR, LOCATION, NULL,
250 "unable to hash vendor ID string\n");
251 return NULL;
252 }
253
254 memcpy(tmp->v, vidhash->v, 8);
255 vfree(vidhash);
256 vidhash = tmp;
257
258 break;
259 }
260 case VENDORID_UNITY: /* Two bytes tweak */
261 vidhash->v[14] = 0x01;
262 vidhash->v[15] = 0x00;
263 break;
264
265 default:
266 break;
267 }
268
269 return vidhash;
270 }
mirror of ipsec