Permalink
Browse files

improved making an ike message processing from <vanhu@free.fr>

  • Loading branch information...
1 parent ba621ea commit 249592fede566cdc17ef33ef2ea5b0a556fb3b6c sakane committed Mar 3, 2004
@@ -1,4 +1,4 @@
-/* $KAME: isakmp.c,v 1.179 2003/11/13 02:30:20 sakane Exp $ */
+/* $KAME: isakmp.c,v 1.180 2004/03/03 05:39:58 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -2045,28 +2045,34 @@ isakmp_newmsgid2(iph1)
/*
* set values into allocated buffer of isakmp header for phase 1
*/
-caddr_t
-set_isakmp_header(vbuf, iph1, nptype)
+struct isakmp_construct
+set_isakmp_header(vbuf, iph1)
vchar_t *vbuf;
struct ph1handle *iph1;
- int nptype;
{
struct isakmp *isakmp;
+ struct isakmp_construct res;
+
+ res.buff=NULL;
+ res.np=NULL;
if (vbuf->l < sizeof(*isakmp))
- return NULL;
+ return res;
isakmp = (struct isakmp *)vbuf->v;
memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t));
memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t));
- isakmp->np = nptype;
+ isakmp->np = ISAKMP_NPTYPE_NONE ;
isakmp->v = iph1->version;
isakmp->etype = iph1->etype;
isakmp->flags = iph1->flags;
isakmp->msgid = iph1->msgid;
isakmp->len = htonl(vbuf->l);
- return vbuf->v + sizeof(*isakmp);
+ res.np=&(isakmp->np);
+ res.buff=vbuf->v + sizeof(*isakmp);
+
+ return res;
}
/*
@@ -2096,6 +2102,36 @@ set_isakmp_header2(vbuf, iph2, nptype)
return vbuf->v + sizeof(*isakmp);
}
+
+/*
+ * set values into allocated buffer of isakmp payload.
+ */
+struct isakmp_construct
+set_isakmp_payload_c(constr, src, nptype)
+ struct isakmp_construct constr;
+ vchar_t *src;
+ int nptype;
+{
+ struct isakmp_gen *gen;
+ caddr_t p = constr.buff;
+
+ plog(LLV_DEBUG, LOCATION, NULL, "add payload of len %d, next type %d\n",
+ src->l, nptype);
+
+ *constr.np=nptype;
+ gen = (struct isakmp_gen *)p;
+ gen->np = ISAKMP_NPTYPE_NONE ;
+ gen->len = htons(sizeof(*gen) + src->l);
+ p += sizeof(*gen);
+ memcpy(p, src->v, src->l);
+ p += src->l;
+
+ constr.np=&(gen->np);
+ constr.buff=p;
+
+ return constr;
+}
+
/*
* set values into allocated buffer of isakmp payload.
*/
@@ -2121,6 +2157,7 @@ set_isakmp_payload(buf, src, nptype)
return p;
}
+
static int
etypesw1(etype)
int etype;
@@ -1,4 +1,4 @@
-/* $KAME: isakmp_agg.c,v 1.56 2003/11/13 02:30:20 sakane Exp $ */
+/* $KAME: isakmp_agg.c,v 1.57 2004/03/03 05:39:59 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,12 +93,11 @@ agg_i1send(iph1, msg)
vchar_t *msg; /* must be null */
{
struct isakmp_gen *gen;
- caddr_t p;
+ struct isakmp_construct p;
int tlen;
int need_cr = 0;
vchar_t *cr = NULL, *gsstoken = NULL;
int error = -1;
- int nptype;
#ifdef HAVE_GSSAPI
int len;
#endif
@@ -185,43 +184,32 @@ agg_i1send(iph1, msg)
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, ISAKMP_NPTYPE_SA);
- if (p == NULL)
+ p = set_isakmp_header(iph1->sendbuf, iph1);
+ if (p.buff == NULL)
goto end;
/* set SA payload to propose */
- p = set_isakmp_payload(p, iph1->sa, ISAKMP_NPTYPE_KE);
+ p = set_isakmp_payload_c(p, iph1->sa, ISAKMP_NPTYPE_SA);
/* create isakmp KE payload */
- p = set_isakmp_payload(p, iph1->dhpub, ISAKMP_NPTYPE_NONCE);
+ p = set_isakmp_payload_c(p, iph1->dhpub, ISAKMP_NPTYPE_KE);
/* create isakmp NONCE payload */
- p = set_isakmp_payload(p, iph1->nonce, ISAKMP_NPTYPE_ID);
+ p = set_isakmp_payload_c(p, iph1->nonce, ISAKMP_NPTYPE_NONCE);
/* create isakmp ID payload */
-#ifdef HAVE_GSSAPI
- if (iph1->rmconf->proposal->authmethod ==
- OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
- nptype = ISAKMP_NPTYPE_GSS;
- else
-#endif
- if (need_cr)
- nptype = ISAKMP_NPTYPE_CR;
- else
- nptype = ISAKMP_NPTYPE_NONE;
-
- p = set_isakmp_payload(p, iph1->id, nptype);
+ p = set_isakmp_payload_c(p, iph1->id, ISAKMP_NPTYPE_ID);
#ifdef HAVE_GSSAPI
if (iph1->rmconf->proposal->authmethod ==
OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
gssapi_get_token_to_send(iph1, &gsstoken);
- p = set_isakmp_payload(p, gsstoken, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, gsstoken, ISAKMP_NPTYPE_GSS);
} else
#endif
if (need_cr)
/* create isakmp CR payload */
- p = set_isakmp_payload(p, cr, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, cr, ISAKMP_NPTYPE_CR);
#ifdef HAVE_PRINT_ISAKMP_C
isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
@@ -449,7 +437,7 @@ agg_i2send(iph1, msg)
vchar_t *msg;
{
struct isakmp_gen *gen;
- char *p;
+ struct isakmp_construct p;
int tlen;
int need_cert = 0;
int error = -1;
@@ -488,12 +476,12 @@ agg_i2send(iph1, msg)
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, ISAKMP_NPTYPE_HASH);
- if (p == NULL)
+ p = set_isakmp_header(iph1->sendbuf, iph1);
+ if (p.buff == NULL)
goto end;
/* set HASH payload */
- p = set_isakmp_payload(p, iph1->hash, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, iph1->hash, ISAKMP_NPTYPE_HASH);
break;
#ifdef HAVE_SIGNING_C
case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
@@ -521,17 +509,15 @@ agg_i2send(iph1, msg)
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, need_cert
- ? ISAKMP_NPTYPE_CERT
- : ISAKMP_NPTYPE_SIG);
- if (p == NULL)
+ p = set_isakmp_header(iph1->sendbuf, iph1);
+ if (p.buff == NULL)
goto end;
/* add CERT payload if there */
if (need_cert)
- p = set_isakmp_payload(p, iph1->cert->pl, ISAKMP_NPTYPE_SIG);
+ p = set_isakmp_payload_c(p, iph1->cert->pl, ISAKMP_NPTYPE_CERT);
/* add SIG payload */
- p = set_isakmp_payload(p, iph1->sig, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, iph1->sig, ISAKMP_NPTYPE_SIG);
break;
#endif
case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
@@ -557,10 +543,10 @@ agg_i2send(iph1, msg)
goto end;
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, ISAKMP_NPTYPE_HASH);
+ p = set_isakmp_header(iph1->sendbuf, iph1);
if (p == NULL)
goto end;
- p = set_isakmp_payload(p, gsshash, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, gsshash, ISAKMP_NPTYPE_HASH);
break;
#endif
}
@@ -744,7 +730,7 @@ agg_r1send(iph1, msg)
vchar_t *msg;
{
struct isakmp_gen *gen;
- char *p;
+ struct isakmp_construct p;
int tlen;
int need_cr = 0;
int need_cert = 0;
@@ -852,37 +838,32 @@ agg_r1send(iph1, msg)
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, ISAKMP_NPTYPE_SA);
- if (p == NULL)
+ p = set_isakmp_header(iph1->sendbuf, iph1);
+ if (p.buff == NULL)
goto end;
/* set SA payload to reply */
- p = set_isakmp_payload(p, iph1->sa_ret, ISAKMP_NPTYPE_KE);
+ p = set_isakmp_payload_c(p, iph1->sa_ret, ISAKMP_NPTYPE_SA);
/* create isakmp KE payload */
- p = set_isakmp_payload(p, iph1->dhpub, ISAKMP_NPTYPE_NONCE);
+ p = set_isakmp_payload_c(p, iph1->dhpub, ISAKMP_NPTYPE_KE);
/* create isakmp NONCE payload */
- p = set_isakmp_payload(p, iph1->nonce, ISAKMP_NPTYPE_ID);
+ p = set_isakmp_payload_c(p, iph1->nonce, ISAKMP_NPTYPE_NONCE);
/* create isakmp ID payload */
- p = set_isakmp_payload(p, iph1->id, ISAKMP_NPTYPE_HASH);
+ p = set_isakmp_payload_c(p, iph1->id, ISAKMP_NPTYPE_ID);
/* create isakmp HASH payload */
- p = set_isakmp_payload(p, iph1->hash,
- vid ? ISAKMP_NPTYPE_VID
- : (need_cr ? ISAKMP_NPTYPE_CR
- : ISAKMP_NPTYPE_NONE));
+ p = set_isakmp_payload_c(p, iph1->hash, ISAKMP_NPTYPE_HASH);
/* append vendor id, if needed */
if (vid)
- p = set_isakmp_payload(p, vid,
- need_cr ? ISAKMP_NPTYPE_CR
- : ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, vid, ISAKMP_NPTYPE_VID);
/* create isakmp CR payload if needed */
if (need_cr)
- p = set_isakmp_payload(p, cr, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, cr, ISAKMP_NPTYPE_CR);
break;
#ifdef HAVE_SIGNING_C
case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
@@ -918,42 +899,35 @@ agg_r1send(iph1, msg)
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, ISAKMP_NPTYPE_SA);
- if (p == NULL)
+ p = set_isakmp_header(iph1->sendbuf, iph1);
+ if (p.buff == NULL)
goto end;
/* set SA payload to reply */
- p = set_isakmp_payload(p, iph1->sa_ret, ISAKMP_NPTYPE_KE);
+ p = set_isakmp_payload_c(p, iph1->sa_ret, ISAKMP_NPTYPE_SA);
/* create isakmp KE payload */
- p = set_isakmp_payload(p, iph1->dhpub, ISAKMP_NPTYPE_NONCE);
+ p = set_isakmp_payload_c(p, iph1->dhpub, ISAKMP_NPTYPE_KE);
/* create isakmp NONCE payload */
- p = set_isakmp_payload(p, iph1->nonce, ISAKMP_NPTYPE_ID);
+ p = set_isakmp_payload_c(p, iph1->nonce, ISAKMP_NPTYPE_NONCE);
/* add ID payload */
- p = set_isakmp_payload(p, iph1->id, need_cert
- ? ISAKMP_NPTYPE_CERT
- : ISAKMP_NPTYPE_SIG);
+ p = set_isakmp_payload_c(p, iph1->id, ISAKMP_NPTYPE_ID);
/* add CERT payload if there */
if (need_cert)
- p = set_isakmp_payload(p, iph1->cert->pl, ISAKMP_NPTYPE_SIG);
+ p = set_isakmp_payload_c(p, iph1->cert->pl, ISAKMP_NPTYPE_CERT);
/* add SIG payload */
- p = set_isakmp_payload(p, iph1->sig,
- vid ? ISAKMP_NPTYPE_VID
- : (need_cr ? ISAKMP_NPTYPE_CR
- : ISAKMP_NPTYPE_NONE));
+ p = set_isakmp_payload_c(p, iph1->sig, ISAKMP_NPTYPE_SIG);
/* append vendor id, if needed */
if (vid)
- p = set_isakmp_payload(p, vid,
- need_cr ? ISAKMP_NPTYPE_CR
- : ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, vid, ISAKMP_NPTYPE_VID);
/* create isakmp CR payload if needed */
if (need_cr)
- p = set_isakmp_payload(p, cr, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, cr, ISAKMP_NPTYPE_CR);
break;
#endif
case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
@@ -998,34 +972,32 @@ agg_r1send(iph1, msg)
}
/* set isakmp header */
- p = set_isakmp_header(iph1->sendbuf, iph1, ISAKMP_NPTYPE_SA);
- if (p == NULL)
+ p = set_isakmp_header(iph1->sendbuf, iph1);
+ if (p.buff == NULL)
goto end;
/* set SA payload to reply */
- p = set_isakmp_payload(p, gss_sa, ISAKMP_NPTYPE_KE);
+ p = set_isakmp_payload_c(p, gss_sa, ISAKMP_NPTYPE_SA);
/* create isakmp KE payload */
- p = set_isakmp_payload(p, iph1->dhpub, ISAKMP_NPTYPE_NONCE);
+ p = set_isakmp_payload_c(p, iph1->dhpub, ISAKMP_NPTYPE_KE);
/* create isakmp NONCE payload */
- p = set_isakmp_payload(p, iph1->nonce, ISAKMP_NPTYPE_ID);
+ p = set_isakmp_payload_c(p, iph1->nonce, ISAKMP_NPTYPE_NONCE);
/* create isakmp ID payload */
- p = set_isakmp_payload(p, iph1->id, ISAKMP_NPTYPE_GSS);
+ p = set_isakmp_payload_c(p, iph1->id, ISAKMP_NPTYPE_ID);
/* create GSS payload */
gssapi_get_token_to_send(iph1, &gsstoken);
- p = set_isakmp_payload(p, gsstoken, ISAKMP_NPTYPE_HASH);
+ p = set_isakmp_payload_c(p, gsstoken, ISAKMP_NPTYPE_GSS);
/* create isakmp HASH payload */
- p = set_isakmp_payload(p, gsshash,
- vid != NULL ? ISAKMP_NPTYPE_VID
- : ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, gsshash, ISAKMP_NPTYPE_HASH);
/* append vendor id, if needed */
if (vid)
- p = set_isakmp_payload(p, vid, ISAKMP_NPTYPE_NONE);
+ p = set_isakmp_payload_c(p, vid, ISAKMP_NPTYPE_VID);
break;
#endif
}
Oops, something went wrong.

0 comments on commit 249592f

Please sign in to comment.