📄 iketestmain.cp
字号:
pgpAssertNoErr( err );
err = PGPikeProcessMessage( mIKEContext2, kPGPike_MT_Idle, NULL );
pgpAssertNoErr( err );
sockTime.tv_sec = 0;
sockTime.tv_usec = 0;
sockSet.fd_count = 1;
sockSet.fd_array[0] = mSocket;
if( PGPSelect( 1, &sockSet, NULL, NULL, &sockTime ) > 0 )
{
sourceSize = sizeof(sourceIP);
sockResult = PGPReceiveFrom( mSocket, mIncomingPacket, kIKETestInPacketSize,
kPGPReceiveFlagNone, (PGPSocketAddress *) &sourceIP,
&sourceSize );
if( sockResult > 0 )
{
pkt.ipAddress = sourceIP.sin_addr.s_addr;
pkt.packetSize = sockResult;
pkt.packet = mIncomingPacket;
err = PGPikeProcessMessage( mIKEContext1, kPGPike_MT_Packet, &pkt );
pgpAssertNoErr( err );
}
}
}
PGPError
CIKETestApp::IKECallback(
PGPikeContextRef ike,
void * inUserData,
PGPikeMessageType msg,
void * data )
{
PGPError err = kPGPError_NoErr;
CIKETestApp * app = (CIKETestApp *)inUserData;
switch( msg )
{
case kPGPike_MT_SARequestFailed:
if( ike == app->mIKEContext1 )
printf( "(1) " );
else
printf( "(2) " );
printf( "SA REQUEST FAILED\n" );
SysBeep(1);
break;
case kPGPike_MT_SAEstablished:
{
PGPikeSA * sa = (PGPikeSA *)data;
PGPUInt16 tInx;
PGPUInt16 kInx;
if( ike == app->mIKEContext1 )
app->mIPSECSA1 = sa;
else
app->mIPSECSA2 = sa;
printf( "SA Established - IP: %u.%u.%u.%u Life: S: %u K: %u",
( sa->ipAddress >> 24 ), ( sa->ipAddress >> 16 ) & 0xFF,
( sa->ipAddress >> 8 ) & 0xFF, ( sa->ipAddress & 0xFF ),
sa->secLifeTime, sa->kbLifeTime );
printf( " # Protocols: %u\n", sa->numTransforms );
printf(" Dest - IP: %u.%u.%u.%u -> %u.%u.%u.%u (%s)\n",
( sa->ipAddrStart >> 24 ), ( sa->ipAddrStart >> 16 ) & 0xFF,
( sa->ipAddrStart >> 8 ) & 0xFF, ( sa->ipAddrStart & 0xFF ),
( sa->ipMaskEnd >> 24 ), ( sa->ipMaskEnd >> 16 ) & 0xFF,
( sa->ipMaskEnd >> 8 ) & 0xFF, ( sa->ipMaskEnd & 0xFF ),
sa->destIsRange ? "Range" : "Mask" );
for( tInx = 0; tInx < sa->numTransforms; tInx++ )
{
printf( " SPI: %x:%x\n",
*(PGPUInt32 *)&sa->transform[tInx].u.ipsec.inSPI,
*(PGPUInt32 *)&sa->transform[tInx].u.ipsec.outSPI );
printf( " (%u) Prot:", tInx );
switch( sa->transform[tInx].u.ipsec.protocol )
{
case kPGPike_PR_AH:
printf( "AH" );
switch( sa->transform[tInx].u.ipsec.u.ah.t.authAttr )
{
case kPGPike_AA_HMAC_MD5:
printf("/HMAC-MD5" );
break;
case kPGPike_AA_HMAC_SHA:
printf("/HMAC-SHA-1" );
break;
default:
printf( "/?AUTH" );
break;
}
switch( sa->transform[tInx].u.ipsec.u.ah.t.mode )
{
case kPGPike_PM_Tunnel:
printf( "/Tunnel\n" );
break;
case kPGPike_PM_Transport:
printf( "/Transport\n" );
break;
default:
printf( "/?MODE\n" );
break;
}
printf( " inAutKey (first 4): " );
for( kInx = 0; kInx < 8; kInx++ )
{
printf( "%02x",
(PGPUInt32)sa->transform[tInx].u.ipsec.u.ah.inAuthKey[kInx] );
}
printf( " outAutKey (first 4): " );
for( kInx = 0; kInx < 8; kInx++ )
{
printf( "%02x",
(PGPUInt32)sa->transform[tInx].u.ipsec.u.ah.outAuthKey[kInx] );
}
printf( "\n" );
break;
case kPGPike_PR_ESP:
printf( "ESP" );
switch( sa->transform[tInx].u.ipsec.u.esp.t.cipher )
{
case kPGPike_ET_3DES:
printf("/3DES" );
break;
case kPGPike_ET_CAST:
printf("/CAST5" );
break;
case kPGPike_ET_DES:
printf( "/DES" );
break;
case kPGPike_ET_DES_IV64:
printf( "/DES_IV64" );
break;
case kPGPike_ET_NULL:
printf( "/NULL" );
break;
default:
printf( "/?CIPHER" );
break;
}
switch( sa->transform[tInx].u.ipsec.u.esp.t.authAttr )
{
case kPGPike_AA_HMAC_MD5:
printf("/HMAC-MD5" );
break;
case kPGPike_AA_HMAC_SHA:
printf("/HMAC-SHA-1" );
break;
case kPGPike_AA_None:
printf("/NOAUTH" );
break;
default:
printf( "/?AUTH" );
break;
}
switch( sa->transform[tInx].u.ipsec.u.esp.t.mode )
{
case kPGPike_PM_Tunnel:
printf( "/Tunnel\n" );
break;
case kPGPike_PM_Transport:
printf( "/Transport\n" );
break;
default:
printf( "/?MODE\n" );
break;
}
printf( " inESPKey: " );
for( kInx = 0; kInx < 24; kInx++ )
{
printf( "%02x",
(PGPUInt32)sa->transform[tInx].u.ipsec.u.esp.inESPKey[kInx] );
}
printf( "\n outESPKey: " );
for( kInx = 0; kInx < 24; kInx++ )
{
printf( "%02x",
(PGPUInt32)sa->transform[tInx].u.ipsec.u.esp.outESPKey[kInx] );
}
printf( "\n inAutKey: " );
for( kInx = 0; kInx < 8; kInx++ )
{
printf( "%02x",
(PGPUInt32)sa->transform[tInx].u.ipsec.u.esp.inAuthKey[kInx] );
}
printf( " outAutKey: " );
for( kInx = 0; kInx < 8; kInx++ )
{
printf( "%02x",
(PGPUInt32)sa->transform[tInx].u.ipsec.u.esp.outAuthKey[kInx] );
}
printf( "\n" );
break;
case kPGPike_PR_IPCOMP:
printf( "IPCOMP\n" );
break;
default:
printf( "UNKNOWN\n" );
break;
}
}
printf( "\n" );
SysBeep(1);
break;
}
case kPGPike_MT_SADied:
if( ike == app->mIKEContext1 )
printf( "(1) " );
else
printf( "(2) " );
printf( "SA DIED\n" );
break;
case kPGPike_MT_SAUpdate:
if( ike == app->mIKEContext1 )
printf( "(1) " );
else
printf( "(2) " );
printf( "SA Update\n" );
break;
case kPGPike_MT_PolicyCheck:
{
PGPikeMTSASetup * saSetup = (PGPikeMTSASetup *)data;
saSetup->approved = TRUE;
saSetup->localIPAddress = app->mLocalIP;
saSetup->doi = kPGPike_DOI_IPSEC;
saSetup->u.ipsec.packetMode = kPGPike_PM_Tunnel;
if( app->mSelfTestMode )
{
}
/* draft-ietf-ipsec-internet-key-00.txt */
saSetup->sharedKey = (PGPByte *) kTestSharedKey;
saSetup->sharedKeySize = strlen( kTestSharedKey );
saSetup->u.ipsec.idData = (PGPByte *) &app->mLocalIP;
saSetup->u.ipsec.idDataSize = sizeof(app->mLocalIP);
saSetup->u.ipsec.idType = kPGPike_ID_IPV4_Addr;
break;
}
case kPGPike_MT_ClientIDCheck:
{
PGPikeMTClientIDCheck * cidCheck = (PGPikeMTClientIDCheck *)data;
cidCheck->approved = TRUE;
break;
}
case kPGPike_MT_LocalPGPCert:
{
PGPikeMTCert * cert = (PGPikeMTCert *)data;
PGPKeyRef testKey;
PGPKeyListRef impKeyList;
PGPKeyIterRef impKeyIter;
if( !app->mTestKeyX509 )
{
err = PGPOrderKeySet( app->mTestKeySet, kPGPAnyOrdering, &impKeyList );
pgpAssertNoErr(err);
err = PGPNewKeyIter( impKeyList, &impKeyIter );
pgpAssertNoErr(err);
err = PGPKeyIterNext( impKeyIter, &testKey );
pgpAssertNoErr(err);
err = PGPFreeKeyIter( impKeyIter );
pgpAssertNoErr(err);
err = PGPFreeKeyList( impKeyList );
pgpAssertNoErr(err);
cert->authKey = testKey;
cert->isPassKey = FALSE;
cert->pass = NULL;
cert->passLength = 0;
}
break;
}
case kPGPike_MT_LocalX509Cert:
{
PGPikeMTCert * cert = (PGPikeMTCert *)data;
PGPKeyRef testKey;
PGPUserIDRef testUID;
PGPSigRef testCert = kInvalidPGPSigRef;
PGPKeyListRef impKeyList;
PGPKeyIterRef impKeyIter;
PGPBoolean x509;
if( app->mTestKeyX509 )
{
err = PGPOrderKeySet( app->mTestKeySet, kPGPAnyOrdering, &impKeyList );
pgpAssertNoErr(err);
err = PGPNewKeyIter( impKeyList, &impKeyIter );
pgpAssertNoErr(err);
err = PGPKeyIterNext( impKeyIter, &testKey );
pgpAssertNoErr(err);
err = PGPKeyIterNextUserID( impKeyIter, &testUID );
pgpAssertNoErr(err);
while( IsntPGPError( PGPKeyIterNextUIDSig( impKeyIter, &testCert ) ) )
{
PGPGetSigBoolean( testCert, kPGPSigPropIsX509, &x509 );
if( x509 )
break;
}
err = PGPFreeKeyIter( impKeyIter );
pgpAssertNoErr(err);
err = PGPFreeKeyList( impKeyList );
pgpAssertNoErr(err);
cert->authKey = testKey;
cert->authCert = testCert;
cert->authCertChain = NULL;
cert->isPassKey = FALSE;
cert->pass = NULL;
cert->passLength = 0;
}
break;
}
case kPGPike_MT_RemoteCert:
{
PGPikeMTRemoteCert * rcert = (PGPikeMTRemoteCert *)data;
rcert->approved = TRUE;
printf( "Approved remote key\n" );
if( rcert->remoteCert )
printf( " -- key is X.509\n" );
break;
}
case kPGPike_MT_Packet:
{
PGPikeMTPacket * pkt = (PGPikeMTPacket *)data;
static PGPUInt16 dropper = 0;
//if( ++dropper == 2 )
// break;
if( app->mSelfTestMode )
{
app->AddPacket( ( ike == app->mIKEContext1 ) ?
FALSE : TRUE,
pkt->packet, pkt->packetSize );
}
else
{
PGPSocketAddressInternet theAddress;
PGPInt32 sockResult;
theAddress.sin_family = kPGPAddressFamilyInternet;
theAddress.sin_addr.s_addr = pkt->ipAddress;
theAddress.sin_port = kPGPike_TestPort;
sockResult = PGPSendTo( app->mSocket, pkt->packet, pkt->packetSize, kPGPSendFlagNone,
(PGPSocketAddress *) &theAddress, sizeof(theAddress) );
//pgpAssert( sockResult > 0 );
}
break;
}
case kPGPike_MT_Alert:
{
PGPikeMTAlert * alt = (PGPikeMTAlert *)data;
if( ike == app->mIKEContext1 )
printf( "(1)" );
else
printf( "(2)" );
printf( "IKE ALERT: %d ", alt->alert );
if( alt->remoteGenerated )
printf( "(remote)" );
printf("\n");
break;
}
case kPGPike_MT_DebugLog:
{
char * debugStr = (char *)data;
printf( "%s", debugStr );
break;
}
}
return err;
}
void
CIKETestApp::AddPacket(
PGPBoolean c1,
PGPByte * data,
PGPSize dataSize )
{
IKETestPacket * pkt,
* walk;
pkt = (IKETestPacket *)NewPtr( sizeof(IKETestPacket) );
pkt->next = NULL;
pkt->dataSize = dataSize;
pgpCopyMemory( data, pkt->data, dataSize );
if( c1 )
{
if( IsNull( mPacketC1 ) )
mPacketC1 = pkt;
else
{
for( walk = mPacketC1; IsntNull( walk->next ); walk = walk->next )
;
walk->next = pkt;
}
}
else
{
if( IsNull( mPacketC2 ) )
mPacketC2 = pkt;
else
{
for( walk = mPacketC2; IsntNull( walk->next ); walk = walk->next )
;
walk->next = pkt;
}
}
}
PGPError
CIKETestApp::SocketsCallback(
PGPContextRef context,
struct PGPEvent * event,
PGPUserValue callBackArg)
{
#pragma unused(callBackArg)
#pragma unused(event)
#pragma unused(context)
LThread::Yield();
return noErr;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -