]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/setkey/test-pfkey.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-34.0.2.tar.gz
[apple/ipsec.git] / ipsec-tools / setkey / test-pfkey.c
1 /* $KAME: test-pfkey.c,v 1.4 2000/06/07 00:29:14 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/socket.h>
35 #include <net/route.h>
36 #include <netinet/in.h>
37 #ifdef __APPLE__
38 #include <System/net/pfkeyv2.h>
39 #include <System/netkey/keydb.h>
40 #include <System/netkey/key_var.h>
41 #include <System/netkey/key_debug.h>
42 #else
43 #include <net/pfkeyv2.h>
44 #include <netkey/keydb.h>
45 #include <netkey/key_var.h>
46 #include <netkey/key_debug.h>
47 #endif
48
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <limits.h>
52 #include <string.h>
53 #include <ctype.h>
54 #include <unistd.h>
55 #include <errno.h>
56 #include <netdb.h>
57
58 u_char m_buf[BUFSIZ];
59 u_int m_len;
60 char *pname;
61
62 void Usage __P((void));
63 int sendkeymsg __P((void));
64 void key_setsadbmsg __P((u_int));
65 void key_setsadbsens __P((void));
66 void key_setsadbprop __P((void));
67 void key_setsadbid __P((u_int, caddr_t));
68 void key_setsadblft __P((u_int, u_int));
69 void key_setspirange __P((void));
70 void key_setsadbkey __P((u_int, caddr_t));
71 void key_setsadbsa __P((void));
72 void key_setsadbaddr __P((u_int, u_int, caddr_t));
73 void key_setsadbextbuf __P((caddr_t, int, caddr_t, int, caddr_t, int));
74
75 void
76 Usage()
77 {
78 printf("Usage:\t%s number\n", pname);
79 exit(0);
80 }
81
82 int
83 main(ac, av)
84 int ac;
85 char **av;
86 {
87 pname = *av;
88
89 if (ac == 1) Usage();
90
91 key_setsadbmsg(atoi(*(av+1)));
92 sendkeymsg();
93
94 exit(0);
95 }
96
97 /* %%% */
98 int
99 sendkeymsg()
100 {
101 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
102 int so, len;
103
104 if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
105 perror("socket(PF_KEY)");
106 goto end;
107 }
108 #if 0
109 {
110 #include <sys/time.h>
111 struct timeval tv;
112 tv.tv_sec = 1;
113 tv.tv_usec = 0;
114 if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) {
115 perror("setsockopt");
116 goto end;
117 }
118 }
119 #endif
120
121 pfkey_sadump((struct sadb_msg *)m_buf);
122
123 if ((len = send(so, m_buf, m_len, 0)) < 0) {
124 perror("send");
125 goto end;
126 }
127
128 if ((len = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
129 perror("recv");
130 goto end;
131 }
132
133 pfkey_sadump((struct sadb_msg *)rbuf);
134
135 end:
136 (void)close(so);
137 return(0);
138 }
139
140 void
141 key_setsadbmsg(type)
142 u_int type;
143 {
144 struct sadb_msg m_msg;
145
146 memset(&m_msg, 0, sizeof(m_msg));
147 m_msg.sadb_msg_version = PF_KEY_V2;
148 m_msg.sadb_msg_type = type;
149 m_msg.sadb_msg_errno = 0;
150 m_msg.sadb_msg_satype = SADB_SATYPE_ESP;
151 #if 0
152 m_msg.sadb_msg_reserved = 0;
153 #endif
154 m_msg.sadb_msg_seq = 0;
155 m_msg.sadb_msg_pid = getpid();
156
157 m_len = sizeof(struct sadb_msg);
158 memcpy(m_buf, &m_msg, m_len);
159
160 switch (type) {
161 case SADB_GETSPI:
162 /*<base, address(SD), SPI range>*/
163 key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "10.0.3.4");
164 key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "127.0.0.1");
165 key_setspirange();
166 /*<base, SA(*), address(SD)>*/
167 break;
168
169 case SADB_ADD:
170 /* <base, SA, (lifetime(HSC),) address(SD), (address(P),)
171 key(AE), (identity(SD),) (sensitivity)> */
172 key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
173 case SADB_UPDATE:
174 key_setsadbsa();
175 key_setsadblft(SADB_EXT_LIFETIME_HARD, 10);
176 key_setsadblft(SADB_EXT_LIFETIME_SOFT, 5);
177 key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
178 key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
179 /* XXX key_setsadbkey(SADB_EXT_KEY_AUTH, "abcde"); */
180 key_setsadbkey(SADB_EXT_KEY_AUTH, "1234567812345678");
181 key_setsadbkey(SADB_EXT_KEY_ENCRYPT, "12345678");
182 key_setsadbid(SADB_EXT_IDENTITY_SRC, "hoge1234@hoge.com");
183 key_setsadbid(SADB_EXT_IDENTITY_DST, "hage5678@hage.net");
184 key_setsadbsens();
185 /* <base, SA, (lifetime(HSC),) address(SD), (address(P),)
186 (identity(SD),) (sensitivity)> */
187 break;
188
189 case SADB_DELETE:
190 /* <base, SA(*), address(SDP)> */
191 key_setsadbsa();
192 key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
193 key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
194 key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
195 /* <base, SA(*), address(SDP)> */
196 break;
197
198 case SADB_GET:
199 /* <base, SA(*), address(SDP)> */
200 key_setsadbsa();
201 key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
202 key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
203 key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
204 /* <base, SA, (lifetime(HSC),) address(SD), (address(P),)
205 key(AE), (identity(SD),) (sensitivity)> */
206 break;
207
208 case SADB_ACQUIRE:
209 /* <base, address(SD), (address(P),) (identity(SD),)
210 (sensitivity,) proposal> */
211 key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
212 key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
213 key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
214 key_setsadbid(SADB_EXT_IDENTITY_SRC, "hoge1234@hoge.com");
215 key_setsadbid(SADB_EXT_IDENTITY_DST, "hage5678@hage.net");
216 key_setsadbsens();
217 key_setsadbprop();
218 /* <base, address(SD), (address(P),) (identity(SD),)
219 (sensitivity,) proposal> */
220 break;
221
222 case SADB_REGISTER:
223 /* <base> */
224 /* <base, supported> */
225 break;
226
227 case SADB_EXPIRE:
228 case SADB_FLUSH:
229 break;
230
231 case SADB_DUMP:
232 break;
233
234 case SADB_X_PROMISC:
235 /* <base> */
236 /* <base, base(, others)> */
237 break;
238
239 case SADB_X_PCHANGE:
240 break;
241
242 /* for SPD management */
243 case SADB_X_SPDFLUSH:
244 case SADB_X_SPDDUMP:
245 break;
246
247 case SADB_X_SPDADD:
248 #if 0
249 {
250 struct sadb_x_policy m_policy;
251
252 m_policy.sadb_x_policy_len = PFKEY_UNIT64(sizeof(m_policy));
253 m_policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
254 m_policy.sadb_x_policy_type = SADB_X_PL_IPSEC;
255 m_policy.sadb_x_policy_esp_trans = 1;
256 m_policy.sadb_x_policy_ah_trans = 2;
257 m_policy.sadb_x_policy_esp_network = 3;
258 m_policy.sadb_x_policy_ah_network = 4;
259 m_policy.sadb_x_policy_reserved = 0;
260
261 memcpy(m_buf + m_len, &m_policy, sizeof(struct sadb_x_policy));
262 m_len += sizeof(struct sadb_x_policy);
263 }
264 #endif
265
266 case SADB_X_SPDDELETE:
267 key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
268 key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
269 break;
270 }
271
272 ((struct sadb_msg *)m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len);
273
274 return;
275 }
276
277 void
278 key_setsadbsens()
279 {
280 struct sadb_sens m_sens;
281 u_char buf[64];
282 u_int s, i, slen, ilen, len;
283
284 /* make sens & integ */
285 s = htonl(0x01234567);
286 i = htonl(0x89abcdef);
287 slen = sizeof(s);
288 ilen = sizeof(i);
289 memcpy(buf, &s, slen);
290 memcpy(buf + slen, &i, ilen);
291
292 len = sizeof(m_sens) + PFKEY_ALIGN8(slen) + PFKEY_ALIGN8(ilen);
293 m_sens.sadb_sens_len = PFKEY_UNIT64(len);
294 m_sens.sadb_sens_exttype = SADB_EXT_SENSITIVITY;
295 m_sens.sadb_sens_dpd = 1;
296 m_sens.sadb_sens_sens_level = 2;
297 m_sens.sadb_sens_sens_len = PFKEY_ALIGN8(slen);
298 m_sens.sadb_sens_integ_level = 3;
299 m_sens.sadb_sens_integ_len = PFKEY_ALIGN8(ilen);
300 m_sens.sadb_sens_reserved = 0;
301
302 key_setsadbextbuf(m_buf, m_len,
303 (caddr_t)&m_sens, sizeof(struct sadb_sens),
304 buf, slen + ilen);
305 m_len += len;
306
307 return;
308 }
309
310 void
311 key_setsadbprop()
312 {
313 struct sadb_prop m_prop;
314 struct sadb_comb *m_comb;
315 u_char buf[256];
316 #if defined(SADB_X_EALG_AESCBC) && defined(SADB_X_AALG_SHA2_256)
317 u_int len = sizeof(m_prop) + sizeof(m_comb) * 3;
318 #else
319 u_int len = sizeof(m_prop) + sizeof(m_comb) * 2;
320 #endif
321
322 /* make prop & comb */
323 m_prop.sadb_prop_len = PFKEY_UNIT64(len);
324 m_prop.sadb_prop_exttype = SADB_EXT_PROPOSAL;
325 m_prop.sadb_prop_replay = 0;
326 m_prop.sadb_prop_reserved[0] = 0;
327 m_prop.sadb_prop_reserved[1] = 0;
328 m_prop.sadb_prop_reserved[2] = 0;
329
330 /* the 1st is ESP DES-CBC HMAC-MD5 */
331 m_comb = (struct sadb_comb *)buf;
332 m_comb->sadb_comb_auth = SADB_AALG_MD5HMAC;
333 m_comb->sadb_comb_encrypt = SADB_EALG_DESCBC;
334 m_comb->sadb_comb_flags = 0;
335 m_comb->sadb_comb_auth_minbits = 8;
336 m_comb->sadb_comb_auth_maxbits = 96;
337 m_comb->sadb_comb_encrypt_minbits = 64;
338 m_comb->sadb_comb_encrypt_maxbits = 64;
339 m_comb->sadb_comb_reserved = 0;
340 m_comb->sadb_comb_soft_allocations = 0;
341 m_comb->sadb_comb_hard_allocations = 0;
342 m_comb->sadb_comb_soft_bytes = 0;
343 m_comb->sadb_comb_hard_bytes = 0;
344 m_comb->sadb_comb_soft_addtime = 0;
345 m_comb->sadb_comb_hard_addtime = 0;
346 m_comb->sadb_comb_soft_usetime = 0;
347 m_comb->sadb_comb_hard_usetime = 0;
348
349 /* the 2st is ESP 3DES-CBC and AH HMAC-SHA1 */
350 m_comb = (struct sadb_comb *)(buf + sizeof(*m_comb));
351 m_comb->sadb_comb_auth = SADB_AALG_SHA1HMAC;
352 m_comb->sadb_comb_encrypt = SADB_EALG_3DESCBC;
353 m_comb->sadb_comb_flags = 0;
354 m_comb->sadb_comb_auth_minbits = 8;
355 m_comb->sadb_comb_auth_maxbits = 96;
356 m_comb->sadb_comb_encrypt_minbits = 64;
357 m_comb->sadb_comb_encrypt_maxbits = 64;
358 m_comb->sadb_comb_reserved = 0;
359 m_comb->sadb_comb_soft_allocations = 0;
360 m_comb->sadb_comb_hard_allocations = 0;
361 m_comb->sadb_comb_soft_bytes = 0;
362 m_comb->sadb_comb_hard_bytes = 0;
363 m_comb->sadb_comb_soft_addtime = 0;
364 m_comb->sadb_comb_hard_addtime = 0;
365 m_comb->sadb_comb_soft_usetime = 0;
366 m_comb->sadb_comb_hard_usetime = 0;
367
368 key_setsadbextbuf(m_buf, m_len,
369 (caddr_t)&m_prop, sizeof(struct sadb_prop),
370 buf, sizeof(*m_comb) * 2);
371 m_len += len;
372
373 #if defined(SADB_X_EALG_AESCBC) && defined(SADB_X_AALG_SHA2_256)
374 /* the 3rd is ESP AES-CBC and AH HMAC-SHA256 */
375 m_comb = (struct sadb_comb *)(buf + sizeof(*m_comb));
376 m_comb->sadb_comb_auth = SADB_X_AALG_SHA2_256;
377 m_comb->sadb_comb_encrypt = SADB_X_EALG_AESCBC;
378 m_comb->sadb_comb_flags = 0;
379 m_comb->sadb_comb_auth_minbits = 8;
380 m_comb->sadb_comb_auth_maxbits = 96;
381 m_comb->sadb_comb_encrypt_minbits = 128;
382 m_comb->sadb_comb_encrypt_maxbits = 128;
383 m_comb->sadb_comb_reserved = 0;
384 m_comb->sadb_comb_soft_allocations = 0;
385 m_comb->sadb_comb_hard_allocations = 0;
386 m_comb->sadb_comb_soft_bytes = 0;
387 m_comb->sadb_comb_hard_bytes = 0;
388 m_comb->sadb_comb_soft_addtime = 0;
389 m_comb->sadb_comb_hard_addtime = 0;
390 m_comb->sadb_comb_soft_usetime = 0;
391 m_comb->sadb_comb_hard_usetime = 0;
392
393 key_setsadbextbuf(m_buf, m_len,
394 (caddr_t)&m_prop, sizeof(struct sadb_prop),
395 buf, sizeof(*m_comb) * 3);
396 m_len += len;
397 #else
398 key_setsadbextbuf(m_buf, m_len,
399 (caddr_t)&m_prop, sizeof(struct sadb_prop),
400 buf, sizeof(*m_comb) * 2);
401 m_len += len;
402 #endif
403 return;
404 }
405
406 void
407 key_setsadbid(ext, str)
408 u_int ext;
409 caddr_t str;
410 {
411 struct sadb_ident m_id;
412 u_int idlen = strlen(str), len;
413
414 len = sizeof(m_id) + PFKEY_ALIGN8(idlen);
415 m_id.sadb_ident_len = PFKEY_UNIT64(len);
416 m_id.sadb_ident_exttype = ext;
417 m_id.sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
418 m_id.sadb_ident_reserved = 0;
419 m_id.sadb_ident_id = getpid();
420
421 key_setsadbextbuf(m_buf, m_len,
422 (caddr_t)&m_id, sizeof(struct sadb_ident),
423 str, idlen);
424 m_len += len;
425
426 return;
427 }
428
429 void
430 key_setsadblft(ext, time)
431 u_int ext, time;
432 {
433 struct sadb_lifetime m_lft;
434
435 m_lft.sadb_lifetime_len = PFKEY_UNIT64(sizeof(m_lft));
436 m_lft.sadb_lifetime_exttype = ext;
437 m_lft.sadb_lifetime_allocations = 0x2;
438 m_lft.sadb_lifetime_bytes = 0x1000;
439 m_lft.sadb_lifetime_addtime = time;
440 m_lft.sadb_lifetime_usetime = 0x0020;
441
442 memcpy(m_buf + m_len, &m_lft, sizeof(struct sadb_lifetime));
443 m_len += sizeof(struct sadb_lifetime);
444
445 return;
446 }
447
448 void
449 key_setspirange()
450 {
451 struct sadb_spirange m_spi;
452
453 m_spi.sadb_spirange_len = PFKEY_UNIT64(sizeof(m_spi));
454 m_spi.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
455 m_spi.sadb_spirange_min = 0x00001000;
456 m_spi.sadb_spirange_max = 0x00002000;
457 m_spi.sadb_spirange_reserved = 0;
458
459 memcpy(m_buf + m_len, &m_spi, sizeof(struct sadb_spirange));
460 m_len += sizeof(struct sadb_spirange);
461
462 return;
463 }
464
465 void
466 key_setsadbkey(ext, str)
467 u_int ext;
468 caddr_t str;
469 {
470 struct sadb_key m_key;
471 u_int keylen = strlen(str);
472 u_int len;
473
474 len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
475 m_key.sadb_key_len = PFKEY_UNIT64(len);
476 m_key.sadb_key_exttype = ext;
477 m_key.sadb_key_bits = keylen * 8;
478 m_key.sadb_key_reserved = 0;
479
480 key_setsadbextbuf(m_buf, m_len,
481 (caddr_t)&m_key, sizeof(struct sadb_key),
482 str, keylen);
483 m_len += len;
484
485 return;
486 }
487
488 void
489 key_setsadbsa()
490 {
491 struct sadb_sa m_sa;
492
493 m_sa.sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
494 m_sa.sadb_sa_exttype = SADB_EXT_SA;
495 m_sa.sadb_sa_spi = htonl(0x12345678);
496 m_sa.sadb_sa_replay = 4;
497 m_sa.sadb_sa_state = 0;
498 m_sa.sadb_sa_auth = SADB_AALG_MD5HMAC;
499 m_sa.sadb_sa_encrypt = SADB_EALG_DESCBC;
500 m_sa.sadb_sa_flags = 0;
501
502 memcpy(m_buf + m_len, &m_sa, sizeof(struct sadb_sa));
503 m_len += sizeof(struct sadb_sa);
504
505 return;
506 }
507
508 void
509 key_setsadbaddr(ext, af, str)
510 u_int ext, af;
511 caddr_t str;
512 {
513 struct sadb_address m_addr;
514 u_int len;
515 struct addrinfo hints, *res;
516 const char *serv;
517 int plen;
518
519 switch (af) {
520 case AF_INET:
521 plen = sizeof(struct in_addr) << 3;
522 break;
523 case AF_INET6:
524 plen = sizeof(struct in6_addr) << 3;
525 break;
526 default:
527 /* XXX bark */
528 exit(1);
529 }
530
531 /* make sockaddr buffer */
532 memset(&hints, 0, sizeof(hints));
533 hints.ai_family = af;
534 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
535 hints.ai_flags = AI_NUMERICHOST;
536 serv = (ext == SADB_EXT_ADDRESS_PROXY ? "0" : "4660"); /*0x1234*/
537 if (getaddrinfo(str, serv, &hints, &res) != 0 || res->ai_next) {
538 /* XXX bark */
539 exit(1);
540 }
541
542 len = sizeof(struct sadb_address) + PFKEY_ALIGN8(res->ai_addrlen);
543 m_addr.sadb_address_len = PFKEY_UNIT64(len);
544 m_addr.sadb_address_exttype = ext;
545 m_addr.sadb_address_proto =
546 (ext == SADB_EXT_ADDRESS_PROXY ? 0 : IPPROTO_TCP);
547 m_addr.sadb_address_prefixlen = plen;
548 m_addr.sadb_address_reserved = 0;
549
550 key_setsadbextbuf(m_buf, m_len,
551 (caddr_t)&m_addr, sizeof(struct sadb_address),
552 (caddr_t)res->ai_addr, res->ai_addrlen);
553 m_len += len;
554
555 freeaddrinfo(res);
556
557 return;
558 }
559
560 void
561 key_setsadbextbuf(dst, off, ebuf, elen, vbuf, vlen)
562 caddr_t dst, ebuf, vbuf;
563 int off, elen, vlen;
564 {
565 memset(dst + off, 0, elen + vlen);
566 memcpy(dst + off, (caddr_t)ebuf, elen);
567 memcpy(dst + off + elen, vbuf, vlen);
568
569 return;
570 }
571
mirror of ipsec