]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/vendorid.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-146.2.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / vendorid.c
1 /* $Id: vendorid.c,v 1.7 2005/01/29 16:34:25 vanhu Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include "config.h"
33
34 #include <sys/types.h>
35 #include <sys/param.h>
36
37 #include <stdlib.h>
38 #include <stdio.h>
39 #include <string.h>
40 #include <errno.h>
41 #include <ctype.h>
42
43 #include "var.h"
44 #include "misc.h"
45 #include "vmbuf.h"
46 #include "plog.h"
47 #include "debug.h"
48
49 #include "localconf.h"
50 #include "isakmp_var.h"
51 #include "isakmp.h"
52 #include "vendorid.h"
53 #include "crypto_openssl.h"
54
55 static struct vendor_id all_vendor_ids[] = {
56 { VENDORID_KAME , "KAME/racoon" },
57 { VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
58 { VENDORID_GSSAPI , "GSSAPI" },
59 { VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY" },
60 { VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00" },
61 { VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01" },
62 { VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02" },
63 { VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n" },
64 { VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03" },
65 { VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04" },
66 { VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05" },
67 { VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06" },
68 { VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07" },
69 { VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08" },
70 { VENDORID_NATT_APPLE , "draft-ietf-ipsec-nat-t-ike" },
71 { VENDORID_NATT_RFC , "RFC 3947" },
72 { VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
73 { VENDORID_UNITY , "CISCO-UNITY" },
74 { VENDORID_FRAG , "FRAGMENTATION" },
75 /* Just a readable string for DPD ... */
76 { VENDORID_DPD , "DPD" },
77 };
78
79 #define NUMVENDORIDS (sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))
80
81 #define DPD_MAJOR_VERSION 0x01
82 #define DPD_MINOR_VERSION 0x00
83
84 const char vendorid_dpd_hash[] = {
85 0xAF, 0xCA, 0xD7, 0x13,
86 0x68, 0xA1, 0xF1, 0xC9,
87 0x6B, 0x86, 0x96, 0xFC,
88 0x77, 0x57, DPD_MAJOR_VERSION, DPD_MINOR_VERSION
89 };
90
91
92 static vchar_t *vendorid_fixup(int, vchar_t *t);
93
94 static struct vendor_id *
95 lookup_vendor_id_by_id (int id)
96 {
97 int i;
98
99 for (i = 0; i < NUMVENDORIDS; i++)
100 if (all_vendor_ids[i].id == id)
101 return &all_vendor_ids[i];
102
103 return NULL;
104 }
105
106 const char *
107 vid_string_by_id (int id)
108 {
109 struct vendor_id *current;
110
111 if (id == VENDORID_DPD)
112 return vendorid_dpd_hash;
113
114 current = lookup_vendor_id_by_id(id);
115
116 return current ? current->string : NULL;
117 }
118
119 static struct vendor_id *
120 lookup_vendor_id_by_hash (const char *hash)
121 {
122 int i;
123 unsigned char *h = (unsigned char *)hash;
124
125 for (i = 0; i < NUMVENDORIDS; i++)
126 if (strncmp(all_vendor_ids[i].hash->v, hash,
127 all_vendor_ids[i].hash->l) == 0)
128 return &all_vendor_ids[i];
129
130 return NULL;
131 }
132
133 void
134 compute_vendorids (void)
135 {
136 int i;
137 vchar_t vid;
138
139 for (i = 0; i < NUMVENDORIDS; i++) {
140 /* VENDORID_DPD is not a MD5 sum... */
141 if(i == VENDORID_DPD){
142 all_vendor_ids[i].hash = vmalloc(sizeof(vendorid_dpd_hash));
143 if (all_vendor_ids[i].hash == NULL) {
144 plog(LLV_ERROR2, LOCATION, NULL,
145 "unable to get memory for VID hash\n");
146 exit(1); /* this really shouldn't happen */
147 }
148 memcpy(all_vendor_ids[i].hash->v, vendorid_dpd_hash,
149 sizeof(vendorid_dpd_hash));
150 continue;
151 }
152
153 vid.v = (char *) all_vendor_ids[i].string;
154 vid.l = strlen(vid.v);
155
156 all_vendor_ids[i].hash = eay_md5_one(&vid);
157 if (all_vendor_ids[i].hash == NULL)
158 plog(LLV_ERROR, LOCATION, NULL,
159 "unable to hash vendor ID string\n");
160
161 /* Special cases */
162 all_vendor_ids[i].hash =
163 vendorid_fixup(all_vendor_ids[i].id,
164 all_vendor_ids[i].hash);
165 }
166 }
167
168 /*
169 * set hashed vendor id.
170 * hash function is always MD5.
171 */
172 vchar_t *
173 set_vendorid(int vendorid)
174 {
175 struct vendor_id *current;
176 vchar_t vid, *new;
177
178 if (vendorid == VENDORID_UNKNOWN) {
179 /*
180 * The default unknown ID gets translated to
181 * KAME/racoon.
182 */
183 vendorid = VENDORID_KAME;
184 }
185
186 current = lookup_vendor_id_by_id(vendorid);
187 if (current == NULL) {
188 plog(LLV_ERROR, LOCATION, NULL,
189 "invalid vendor ID index: %d\n", vendorid);
190 return (NULL);
191 }
192
193 /* The rest of racoon expects a private copy
194 * of the VID that could be free'd after use.
195 * That's why we don't return the original pointer. */
196 return vdup(current->hash);
197 }
198
199 /*
200 * Check the vendor ID payload -- return the vendor ID index
201 * if we find a recognized one, or UNKNOWN if we don't.
202 *
203 * gen ... points to Vendor ID payload.
204 */
205 int
206 check_vendorid(struct isakmp_gen *gen)
207 {
208 vchar_t vid, *vidhash;
209 int i, vidlen;
210 struct vendor_id *current;
211
212 if (gen == NULL)
213 return (VENDORID_UNKNOWN);
214
215 vidlen = ntohs(gen->len) - sizeof(*gen);
216
217 current = lookup_vendor_id_by_hash((char *)(gen + 1));
218 if (!current)
219 goto unknown;
220
221 if (current->hash->l < vidlen)
222 plog(LLV_INFO, LOCATION, NULL,
223 "received broken Microsoft ID: %s\n",
224 current->string);
225 else
226 plog(LLV_INFO, LOCATION, NULL,
227 "received Vendor ID: %s\n",
228 current->string);
229
230 return current->id;
231
232 unknown:
233 plog(LLV_DEBUG, LOCATION, NULL, "received unknown Vendor ID:\n");
234 plogdump(LLV_DEBUG, (char *)(gen + 1), vidlen);
235 return (VENDORID_UNKNOWN);
236 }
237
238 static vchar_t *
239 vendorid_fixup(vendorid, vidhash)
240 int vendorid;
241 vchar_t *vidhash;
242 {
243 switch(vendorid) {
244 case VENDORID_XAUTH: { /* The vendor Id is truncated */
245 vchar_t *tmp;
246
247 if ((tmp = vmalloc(8)) == NULL) {
248 plog(LLV_ERROR, LOCATION, NULL,
249 "unable to hash vendor ID string\n");
250 return NULL;
251 }
252
253 memcpy(tmp->v, vidhash->v, 8);
254 vfree(vidhash);
255 vidhash = tmp;
256
257 break;
258 }
259 case VENDORID_UNITY: /* Two bytes tweak */
260 vidhash->v[14] = 0x01;
261 vidhash->v[15] = 0x00;
262 break;
263
264 default:
265 break;
266 }
267
268 return vidhash;
269 }
mirror of ipsec