📄 pgpipsec.c
字号:
/*____________________________________________________________________________
Copyright (C) 1998 Network Associates, Inc.
All rights reserved.
$Id: pgpIPsec.c,v 1.34.4.2 1999/06/16 22:09:04 dgal Exp $
____________________________________________________________________________*/
#ifndef USERLAND_TEST
#define USERLAND_TEST 0
#endif
#if USERLAND_TEST
#define DBG_FUNC(x)
#define DBG_ENTER()
#define DBG_PRINT(x)
#define DBG_LEAVE(x)
#include "pgpNetKernel.h"
#else
#include "pgpNetKernel.h"
#include "vpndbg.h"
#endif
#include "pgpIPsecAH.h"
#include "pgpIPsecESP.h"
#include "pgpIPsecComp.h"
#include "pgpIPheader.h"
#include "pgpEndianConversion.h"
#include "pgpMem.h"
#include "pgpIPsecContextPriv.h"
#define ETHERNET_HDRLENGTH 14
PGPError
PGPnetIPsecGetAddrAndSPI(struct _PGPnetPMContext *pContext,
PGPNDIS_PACKET *packet,
PGPUInt32 *ipAddress,
PGPUInt32 *spi)
{
PGPIPsecBuffer inPacket;
PGPUInt32 tempSPI;
PGPError err = kPGPError_NoErr;
if (IsNull(pContext) || IsNull(packet) || IsNull(ipAddress) ||
IsNull(spi))
return kPGPError_BadParams;
*spi = 0;
if (packet->xformBlockLen > 0)
{
inPacket.data = &(packet->xformBlock[ETHERNET_HDRLENGTH]);
inPacket.dataSize = packet->xformBlockLen - ETHERNET_HDRLENGTH;
}
else
{
inPacket.data = &(packet->srcBlock[ETHERNET_HDRLENGTH]);
inPacket.dataSize = packet->srcBlockLen - ETHERNET_HDRLENGTH;
}
inPacket.allocatedSize = MAX_DATASIZE + 20;
inPacket.next = NULL;
pgpGetSrcIPAddress(&inPacket, ipAddress);
pgpIPsecESPGetSPI(&inPacket, &tempSPI);
if (!tempSPI)
pgpIPsecAHGetSPI(&inPacket, &tempSPI);
*spi = tempSPI;
return err;
}
PGPError
PGPnetIPsecApplySA(PVPN_ADAPTER adapter,
struct _PGPnetPMContext *pContext,
PGPNDIS_PACKET *packet,
PGPnetKernelSA *sa,
PGPBoolean incoming,
PGPBoolean tunnel)
{
PGPMemoryMgrRef memoryMgr;
PGPCipherAlgorithm espCipher = kPGPCipherAlgorithm_None;
PGPHashAlgorithm espHash = kPGPHashAlgorithm_Invalid;
PGPHashAlgorithm ahHash = kPGPHashAlgorithm_Invalid;
PGPCompressionAlgorithm compAlg = kPGPCompAlgorithm_None;
PGPUInt16 index;
PGPByte *espCipherKey;
PGPByte *espIV;
PGPByte *espHashKey;
PGPByte *ahHashKey;
PGPUInt32 espSPI;
PGPUInt32 ahSPI;
PGPUInt32 gatewayIP;
PGPUInt32 sequenceWindow;
PGPUInt32 upperSequence;
PGPUInt32 lowerSequence;
PGPBoolean tunnelAH;
PGPBoolean tunnelESP;
PGPBoolean useESP;
PGPBoolean useAH;
PGPBoolean useIPCOMP;
PGPBoolean didUseIPCOMP;
PGPBoolean lastSrcBlock;
PGPBoolean secondCall;
PGPIPsecBuffer *inPacket = NULL;
PGPIPsecBuffer *outPacket = NULL;
PGPIPsecBuffer *inPtr = NULL;
PGPIPsecBuffer *outPtr = NULL;
PGPIPsecBuffer *tempPtr = NULL;
PGPIPsecBuffer tempBuffer[2];
PGPIPsecBuffer *tempBufferPtr1;
PGPIPsecBuffer *tempBufferPtr2;
PGPNDIS_PACKET *ndisPtr;
NDIS_STATUS status;
PGPError err = kPGPError_NoErr;
DBG_FUNC("PGPnetIPsecApplySA")
DBG_ENTER();
if (IsNull(pContext) || IsNull(packet)) {
DBG_LEAVE(kPGPError_BadParams);
return kPGPError_BadParams;
}
memoryMgr = pContext->ipsecContext->memory;
ndisPtr = packet;
if (!ndisPtr->firstSrcBlock)
return kPGPError_BadParams;
if (packet->xformBlockLen > 0)
secondCall = TRUE;
else
secondCall = FALSE;
inPacket = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer), 0);
if (IsNull(inPacket))
err = kPGPError_OutOfMemory;
else
{
if (secondCall)
{
inPacket->data = (PGPByte *) PGPNewData(memoryMgr,
MAX_DATASIZE + 20,
0);
if (IsNull(inPacket->data))
err = kPGPError_OutOfMemory;
else
{
pgpCopyMemory(&(ndisPtr->xformBlock[ETHERNET_HDRLENGTH]),
inPacket->data,
ndisPtr->xformBlockLen - ETHERNET_HDRLENGTH);
}
inPacket->dataSize = ndisPtr->xformBlockLen - ETHERNET_HDRLENGTH;
}
else
{
inPacket->data = &(ndisPtr->srcBlock[ETHERNET_HDRLENGTH]);
inPacket->dataSize = ndisPtr->srcBlockLen - ETHERNET_HDRLENGTH;
}
inPacket->allocatedSize = MAX_DATASIZE + 20;
inPacket->next = NULL;
}
outPacket = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer), 0);
if (IsNull(outPacket))
err = kPGPError_OutOfMemory;
else
{
outPacket->data = &(ndisPtr->xformBlock[ETHERNET_HDRLENGTH]);
outPacket->dataSize = 0;
outPacket->allocatedSize = MAX_DATASIZE + 20;
outPacket->next = NULL;
}
for (index=0; index<2; index++)
{
tempBuffer[index].data = (PGPByte *) PGPNewData(memoryMgr,
MAX_DATASIZE + 20,
0);
if (IsNull(tempBuffer[index].data))
err = kPGPError_OutOfMemory;
else
{
tempBuffer[index].dataSize = 0;
tempBuffer[index].allocatedSize = MAX_DATASIZE + 20;
tempBuffer[index].next = NULL;
}
}
inPtr = inPacket;
outPtr = outPacket;
tempBufferPtr1 = &(tempBuffer[0]);
tempBufferPtr2 = &(tempBuffer[1]);
if (secondCall)
lastSrcBlock = ndisPtr->lastXformBlock;
else
lastSrcBlock = ndisPtr->lastSrcBlock;
while (IsntNull(ndisPtr->link) && IsntPGPError(err))
{
if (!lastSrcBlock)
{
inPtr->next = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer), 0);
if (IsNull(inPtr->next))
err = kPGPError_OutOfMemory;
}
else
inPtr->next = NULL;
outPtr->next = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer), 0);
if (IsNull(outPtr->next))
err = kPGPError_OutOfMemory;
tempBufferPtr1->next = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer),
0);
if (IsNull(tempBufferPtr1->next))
{
err = kPGPError_OutOfMemory;
break;
}
tempBufferPtr1 = tempBufferPtr1->next;
tempBufferPtr1->data = (PGPByte *) PGPNewData(memoryMgr,
MAX_DATASIZE,
0);
if (IsNull(tempBufferPtr1->data))
err = kPGPError_OutOfMemory;
else
{
tempBufferPtr1->dataSize = 0;
tempBufferPtr1->allocatedSize = MAX_DATASIZE;
tempBufferPtr1->next = NULL;
}
tempBufferPtr2->next = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer),
0);
if (IsNull(tempBufferPtr2->next))
{
err = kPGPError_OutOfMemory;
break;
}
tempBufferPtr2 = tempBufferPtr2->next;
tempBufferPtr2->data = (PGPByte *) PGPNewData(memoryMgr,
MAX_DATASIZE,
0);
if (IsNull(tempBufferPtr2->data))
err = kPGPError_OutOfMemory;
else
{
tempBufferPtr2->dataSize = 0;
tempBufferPtr2->allocatedSize = MAX_DATASIZE;
tempBufferPtr2->next = NULL;
}
if (IsntPGPError(err))
{
outPtr = outPtr->next;
ndisPtr = ndisPtr->link;
if (!lastSrcBlock)
{
inPtr = inPtr->next;
if (secondCall)
{
inPtr->data = (PGPByte *) PGPNewData(memoryMgr,
MAX_DATASIZE, 0);
if (IsNull(inPtr->data))
err = kPGPError_OutOfMemory;
else
{
pgpCopyMemory(&(ndisPtr->
xformBlock[ETHERNET_HDRLENGTH + 20]),
inPtr->data,
ndisPtr->xformBlockLen - ETHERNET_HDRLENGTH - 20);
}
inPtr->dataSize = ndisPtr->xformBlockLen -
ETHERNET_HDRLENGTH - 20;
lastSrcBlock = ndisPtr->lastXformBlock;
}
else
{
inPtr->data = &(ndisPtr->
srcBlock[ETHERNET_HDRLENGTH + 20]);
inPtr->dataSize = ndisPtr->srcBlockLen -
ETHERNET_HDRLENGTH - 20;
lastSrcBlock = ndisPtr->lastSrcBlock;
}
inPtr->allocatedSize = MAX_DATASIZE;
inPtr->next = NULL;
}
outPtr->data = &(ndisPtr->xformBlock[ETHERNET_HDRLENGTH + 20]);
outPtr->dataSize = 0;
outPtr->allocatedSize = MAX_DATASIZE;
outPtr->next = NULL;
}
}
if (tunnel)
gatewayIP = sa->ikeSA.ipAddress;
else
gatewayIP = 0;
useESP = FALSE;
useAH = FALSE;
useIPCOMP = FALSE;
for (index=0; index<sa->ikeSA.numTransforms; index++)
{
if (sa->ikeSA.transform[index].u.ipsec.protocol == kPGPike_PR_AH)
{
switch (sa->ikeSA.transform[index].u.ipsec.u.ah.t.authAlg)
{
case kPGPike_AH_MD5:
ahHash = kPGPHashAlgorithm_MD5;
useAH = TRUE;
break;
case kPGPike_AH_SHA:
ahHash = kPGPHashAlgorithm_SHA;
useAH = TRUE;
break;
default:
err = kPGPError_BadHashNumber;
}
if (incoming)
{
ahHashKey = sa->ikeSA.transform[index].u.ipsec.u.ah.inAuthKey;
ahSPI = PGPEndianToUInt32(kPGPBigEndian,
sa->ikeSA.transform[index].u.ipsec.inSPI);
}
else
{
ahHashKey = sa->
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -