⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站

📄 pfkey_v2_parser.c

📁 FREESWAN VPN源代码包
💻 C
📖 第 1 页 / 共 5 页
字号:
errlab:	return error;}DEBUG_NO_STATIC intpfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr){	int error = 0;	struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)pfkey_ext;	if(!pfkey_x_nat_t_port) {		printk("klips_debug:pfkey_x_nat_t_port_process: "		       "null pointer passed in\n");		SENDERR(EINVAL);	}	KLIPS_PRINT(debug_pfkey,		    "klips_debug:pfkey_x_nat_t_port_process: %d/%d.\n",			pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype,			pfkey_x_nat_t_port->sadb_x_nat_t_port_port);	if(!extr || !extr->tdb) {		KLIPS_PRINT(debug_pfkey,			    "klips_debug:pfkey_nat_t_type_process: "			    "extr or extr->tdb is NULL, fatal\n");		SENDERR(EINVAL);	}	switch(pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype) {		case SADB_X_EXT_NAT_T_SPORT:			extr->tdb->ips_natt_sport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port;			break;		case SADB_X_EXT_NAT_T_DPORT:			extr->tdb->ips_natt_dport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port;			break;		default:			KLIPS_PRINT(debug_pfkey,			    "klips_debug:pfkey_x_nat_t_port_process: "			    "unknown exttype %d.\n",			    pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype);			SENDERR(EINVAL);			break;	}errlab:	return error;}#endifDEBUG_NO_STATIC intpfkey_x_protocol_process(struct sadb_ext *pfkey_ext,			 struct pfkey_extracted_data *extr){	int error = 0;	struct sadb_protocol * p = (struct sadb_protocol *)pfkey_ext;	KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_protocol_process: %p\n", extr);        	if (extr == 0) {		KLIPS_PRINT(debug_pfkey,                      "klips_debug:pfkey_x_protocol_process:"			    "extr is NULL, fatal\n");		SENDERR(EINVAL);	}	if (extr->eroute == 0) {		KLIPS_PRINT(debug_pfkey,                      "klips_debug:pfkey_x_protocol_process:"			    "extr->eroute is NULL, fatal\n");		SENDERR(EINVAL);	}	extr->eroute->er_eaddr.sen_proto = p->sadb_protocol_proto;	extr->eroute->er_emask.sen_proto = p->sadb_protocol_proto ? ~0:0;	KLIPS_PRINT(debug_pfkey,		    "klips_debug:pfkey_x_protocol_process: protocol = %d.\n",		    p->sadb_protocol_proto); errlab:	return error;}DEBUG_NO_STATIC intpfkey_ipsec_sa_init(struct ipsec_sa *tdbp, struct sadb_ext **extensions){        int error = 0;        char sa[SATOA_BUF];	size_t sa_len;	char ipaddr_txt[ADDRTOA_BUF];	char ipaddr2_txt[ADDRTOA_BUF];#if defined (CONFIG_IPSEC_AUTH_HMAC_MD5) || defined (CONFIG_IPSEC_AUTH_HMAC_SHA1)        int i;	unsigned char kb[AHMD596_BLKLEN];#endif#ifdef CONFIG_IPSEC_ALG	struct ipsec_alg_enc *ixt_e = NULL;	struct ipsec_alg_auth *ixt_a = NULL;#endif /* CONFIG_IPSEC_ALG */	if(!tdbp) {		KLIPS_PRINT(debug_pfkey,			    "klips_debug:pfkey_ipsec_sa_init: "			    "tdbp is NULL, fatal\n");		SENDERR(EINVAL);	}	sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);        KLIPS_PRINT(debug_pfkey,		    "klips_debug:pfkey_ipsec_sa_init: "		    "(pfkey defined) called for SA:%s\n",		    sa_len ? sa : " (error)");	KLIPS_PRINT(debug_pfkey,		    "klips_debug:pfkey_ipsec_sa_init: "		    "calling init routine of %s%s%s\n",		    IPS_XFORM_NAME(tdbp));		switch(tdbp->tdb_said.proto) {		#ifdef CONFIG_IPSEC_IPIP	case IPPROTO_IPIP: {		addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr,			0,			ipaddr_txt, sizeof(ipaddr_txt));		addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr,			0,			ipaddr2_txt, sizeof(ipaddr_txt));		KLIPS_PRINT(debug_pfkey,			    "klips_debug:pfkey_ipsec_sa_init: "			    "(pfkey defined) IPIP tdb set for %s->%s.\n",			    ipaddr_txt,			    ipaddr2_txt);	}	break;#endif /* !CONFIG_IPSEC_IPIP */#ifdef CONFIG_IPSEC_AH	case IPPROTO_AH:		switch(tdbp->tdb_authalg) {# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5		case AH_MD5: {			unsigned char *akp;			unsigned int aks;			MD5_CTX *ictx;			MD5_CTX *octx;						if(tdbp->tdb_key_bits_a != (AHMD596_KLEN * 8)) {				KLIPS_PRINT(debug_pfkey,					    "klips_debug:pfkey_ipsec_sa_init: "					    "incorrect key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/,					    tdbp->tdb_key_bits_a, AHMD596_KLEN * 8);				SENDERR(EINVAL);			}			#  if 0 /* we don't really want to print these unless there are really big problems */			KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,				    "klips_debug:pfkey_ipsec_sa_init: "				    "hmac md5-96 key is 0x%08x %08x %08x %08x\n",				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)),				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)),				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)),				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+3)));#  endif						tdbp->tdb_auth_bits = AHMD596_ALEN * 8;						/* save the pointer to the key material */			akp = tdbp->tdb_key_a;			aks = tdbp->tdb_key_a_size;						if((tdbp->tdb_key_a = (caddr_t)			    kmalloc(sizeof(struct md5_ctx), GFP_ATOMIC)) == NULL) {				tdbp->tdb_key_a = akp;				SENDERR(ENOMEM);			}			tdbp->tdb_key_a_size = sizeof(struct md5_ctx);			for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) {				kb[i] = akp[i] ^ HMAC_IPAD;			}			for (; i < AHMD596_BLKLEN; i++) {				kb[i] = HMAC_IPAD;			}			ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx);			MD5Init(ictx);			MD5Update(ictx, kb, AHMD596_BLKLEN);			for (i = 0; i < AHMD596_BLKLEN; i++) {				kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);			}			octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx);			MD5Init(octx);			MD5Update(octx, kb, AHMD596_BLKLEN);			#  if 0 /* we don't really want to print these unless there are really big problems */			KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,				    "klips_debug:pfkey_ipsec_sa_init: "				    "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n",				    ((__u32*)ictx)[0],				    ((__u32*)ictx)[1],				    ((__u32*)ictx)[2],				    ((__u32*)ictx)[3],				    ((__u32*)octx)[0],				    ((__u32*)octx)[1],				    ((__u32*)octx)[2],				    ((__u32*)octx)[3] );#  endif						/* zero key buffer -- paranoid */			memset(akp, 0, aks);			kfree(akp);		}		break;# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1		case AH_SHA: {			unsigned char *akp;			unsigned int aks;			SHA1_CTX *ictx;			SHA1_CTX *octx;						if(tdbp->tdb_key_bits_a != (AHSHA196_KLEN * 8)) {				KLIPS_PRINT(debug_pfkey,					    "klips_debug:pfkey_ipsec_sa_init: "					    "incorrect key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/,					    tdbp->tdb_key_bits_a, AHSHA196_KLEN * 8);				SENDERR(EINVAL);			}			#  if 0 /* we don't really want to print these unless there are really big problems */			KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,				    "klips_debug:pfkey_ipsec_sa_init: "				    "hmac sha1-96 key is 0x%08x %08x %08x %08x\n",				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)),				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)),				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)),				    ntohl(*(((__u32 *)tdbp->tdb_key_a)+3)));#  endif						tdbp->tdb_auth_bits = AHSHA196_ALEN * 8;						/* save the pointer to the key material */			akp = tdbp->tdb_key_a;			aks = tdbp->tdb_key_a_size;						if((tdbp->tdb_key_a = (caddr_t)			    kmalloc(sizeof(struct sha1_ctx), GFP_ATOMIC)) == NULL) {				tdbp->tdb_key_a = akp;				SENDERR(ENOMEM);			}			tdbp->tdb_key_a_size = sizeof(struct sha1_ctx);			for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) {				kb[i] = akp[i] ^ HMAC_IPAD;			}			for (; i < AHMD596_BLKLEN; i++) {				kb[i] = HMAC_IPAD;			}			ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx);			SHA1Init(ictx);			SHA1Update(ictx, kb, AHSHA196_BLKLEN);			for (i = 0; i < AHSHA196_BLKLEN; i++) {				kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);			}			octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx);			SHA1Init(octx);			SHA1Update(octx, kb, AHSHA196_BLKLEN);			#  if 0 /* we don't really want to print these unless there are really big problems */			KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,				    "klips_debug:pfkey_ipsec_sa_init: "				    "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", 				    ((__u32*)ictx)[0],				    ((__u32*)ictx)[1],				    ((__u32*)ictx)[2],				    ((__u32*)ictx)[3],				    ((__u32*)octx)[0],				    ((__u32*)octx)[1],				    ((__u32*)octx)[2],				    ((__u32*)octx)[3] );#  endif						/* zero key buffer -- paranoid */			memset(akp, 0, aks);			kfree(akp);		}		break;# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */		default:			KLIPS_PRINT(debug_pfkey,				    "klips_debug:pfkey_ipsec_sa_init: "				    "authalg=%d support not available in the kernel",				    tdbp->tdb_authalg);			SENDERR(EINVAL);		}	break;#endif /* CONFIG_IPSEC_AH */#ifdef CONFIG_IPSEC_ESP	case IPPROTO_ESP: {#if defined (CONFIG_IPSEC_AUTH_HMAC_MD5) || defined (CONFIG_IPSEC_AUTH_HMAC_SHA1)		unsigned char *akp;		unsigned int aks;#endif#if defined (CONFIG_IPSEC_ENC_3DES)		unsigned char *ekp;		unsigned int eks;#endif				tdbp->tdb_iv_size = 0;#ifdef CONFIG_IPSEC_ALG		if ((ixt_e=IPSEC_ALG_SA_ESP_ENC(tdbp))) {			tdbp->tdb_iv_size = ixt_e->ixt_ivlen/8;		} else	#endif /* CONFIG_IPSEC_ALG */		switch(tdbp->tdb_encalg) {# ifdef CONFIG_IPSEC_ENC_3DES		case ESP_3DES:# endif /* CONFIG_IPSEC_ENC_3DES */# if defined(CONFIG_IPSEC_ENC_3DES)			tdbp->tdb_iv_size = EMT_ESPDES_IV_SZ;# endif /* defined(CONFIG_IPSEC_ENC_3DES) */                case ESP_NONE:			break;		default:			KLIPS_PRINT(debug_pfkey,				    "klips_debug:pfkey_ipsec_sa_init: "				    "encalg=%d support not available in the kernel",				    tdbp->tdb_encalg);			SENDERR(EINVAL);		}		/* Create IV */		if (tdbp->tdb_iv_size) {			if((tdbp->tdb_iv = (caddr_t)			    kmalloc(tdbp->tdb_iv_size, GFP_ATOMIC)) == NULL) {				SENDERR(ENOMEM);			}			get_random_bytes((void *)tdbp->tdb_iv, tdbp->tdb_iv_size);			tdbp->tdb_iv_bits = tdbp->tdb_iv_size * 8;		}		#ifdef CONFIG_IPSEC_ALG		if (ixt_e) {			if ((error=ipsec_alg_enc_key_create(tdbp)) < 0)				SENDERR(-error);		} else#endif /* CONFIG_IPSEC_ALG */		switch(tdbp->tdb_encalg) {# ifdef CONFIG_IPSEC_ENC_3DES		case ESP_3DES:			if(tdbp->tdb_key_bits_e != (EMT_ESP3DES_KEY_SZ * 8)) {				KLIPS_PRINT(debug_pfkey,					    "klips_debug:pfkey_ipsec_sa_init: "					    "incorrect encryption key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/,					    tdbp->tdb_key_bits_e, EMT_ESP3DES_KEY_SZ * 8);				SENDERR(EINVAL);			}						/* save encryption key pointer */			ekp = tdbp->tdb_key_e;			eks = tdbp->tdb_key_e_size;						if((tdbp->tdb_key_e = (caddr_t)			    kmalloc(3 * sizeof(struct des_eks), GFP_ATOMIC)) == NULL) {				tdbp->tdb_key_e = ekp;				SENDERR(ENOMEM);			}			tdbp->tdb_key_e_size = 3 * sizeof(struct des_eks);			for(i = 0; i < 3; i++) {#if KLIPS_DIVULGE_CYPHER_KEY				KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,					    "klips_debug:pfkey_ipsec_sa_init: "					    "3des key %d/3 is 0x%08x%08x\n",					    i + 1,					    ntohl(*((__u32 *)ekp + i * 2)),					    ntohl(*((__u32 *)ekp + i * 2 + 1)));#  endif#if KLIPS_FIXES_DES_PARITY								/* force parity */				des_set_odd_parity((des_cblock *)(ekp + EMT_ESPDES_KEY_SZ * i));#endif				error = des_set_key((des_cblock *)(ekp + EMT_ESPDES_KEY_SZ * i),						    ((struct des_eks *)(tdbp->tdb_key_e))[i].ks);				if (error == -1)					printk("klips_debug:pfkey_ipsec_sa_init: "					       "parity error in des key %d/3\n",					       i + 1);				else if (error == -2)					printk("klips_debug:pfkey_ipsec_sa_init: "					       "illegal weak des key %d/3\n", i + 1);				if (error) {					memset(ekp, 0, eks);					kfree(ekp);					SENDERR(EINVAL);				}			}			/* paranoid */			memset(ekp, 0, eks);			kfree(ekp);			break;# endif /* CONFIG_IPSEC_ENC_3DES */                case ESP_NONE:			break;		default:			KLIPS_PRINT(debug_pfkey,				    "klips_debug:pfkey_ipsec_sa_init: "				    "encalg=%d support not available in the kernel",				    tdbp->tdb_encalg);			SENDERR(EINVAL);		}#ifdef CONFIG_IPSEC_ALG		if ((ixt_a=IPSEC_ALG_SA_ESP_AUTH(tdbp))) {			if ((error=ipsec_alg_auth_key_create(tdbp)) < 0)				SENDERR(-error);

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -