📄 pgpipsec.c
字号:
ikeSA.transform[index].u.ipsec.u.ah.outAuthKey;
ahSPI = PGPEndianToUInt32(kPGPBigEndian,
sa->ikeSA.transform[index].u.ipsec.outSPI);
}
}
else if (sa->ikeSA.transform[index].u.ipsec.protocol ==
kPGPike_PR_ESP)
{
DBG_PRINT(("Using kPGPike_PR_ESP\n"););
switch (sa->ikeSA.transform[index].u.ipsec.u.esp.t.cipher)
{
case kPGPike_ET_3DES:
espCipher = kPGPCipherAlgorithm_3DES;
DBG_PRINT(("Using kPGPCipherAlgorithm_3DES\n"););
useESP = TRUE;
break;
case kPGPike_ET_CAST:
DBG_PRINT(("Using kPGPCipherAlgorithm_CAST5\n"););
espCipher = kPGPCipherAlgorithm_CAST5;
useESP = TRUE;
break;
case kPGPike_ET_DES_IV64:
espCipher = kPGPCipherAlgorithm_3DES;
DBG_PRINT(("Using kPGPCipherAlgorithm_3DES in 1DES mode\n"););
useESP = TRUE;
break;
case kPGPike_ET_DES:
espCipher = kPGPCipherAlgorithm_3DES;
DBG_PRINT(("Using kPGPCipherAlgorithm_3DES as 1DES no IV\n"););
useESP = TRUE;
break;
case kPGPike_ET_NULL:
DBG_PRINT(("Using NULL algorithm\n"););
espCipher = kPGPCipherAlgorithm_None;
break;
default:
err = kPGPError_BadCipherNumber;
}
switch (sa->ikeSA.transform[index].u.ipsec.u.esp.t.authAttr)
{
case kPGPike_AA_HMAC_MD5:
DBG_PRINT(("Using kPGPHashAlgorithm_MD5\n"););
espHash = kPGPHashAlgorithm_MD5;
useESP = TRUE;
break;
case kPGPike_AA_HMAC_SHA:
DBG_PRINT(("Using kPGPHashAlgorithm_SHA\n"););
espHash = kPGPHashAlgorithm_SHA;
useESP = TRUE;
break;
case kPGPike_AA_None:
DBG_PRINT(("Not using a hash algorithm\n"););
espHash = kPGPHashAlgorithm_Invalid;
break;
default:
err = kPGPError_BadHashNumber;
}
if (incoming)
{
espCipherKey = sa->
ikeSA.transform[index].u.ipsec.u.esp.inESPKey;
espHashKey = sa->
ikeSA.transform[index].u.ipsec.u.esp.inAuthKey;
espSPI = PGPEndianToUInt32(kPGPBigEndian,
sa->ikeSA.transform[index].u.ipsec.inSPI);
}
else
{
espCipherKey = sa->
ikeSA.transform[index].u.ipsec.u.esp.outESPKey;
espHashKey = sa->
ikeSA.transform[index].u.ipsec.u.esp.outAuthKey;
espSPI = PGPEndianToUInt32(kPGPBigEndian,
sa->ikeSA.transform[index].u.ipsec.outSPI);
espIV = sa->
ikeSA.transform[index].u.ipsec.u.esp.explicitIV;
}
}
else if (sa->ikeSA.transform[index].u.ipsec.protocol ==
kPGPike_PR_IPCOMP)
{
DBG_PRINT(("Using kPGPike_PR_IPCOMP\n"););
switch (sa->ikeSA.transform[index].u.ipsec.u.ipcomp.t.compAlg)
{
case kPGPike_IC_Deflate:
compAlg = kPGPCompAlgorithm_Deflate;
DBG_PRINT(("Using kPGPCompAlgorithm_Deflate\n"););
useIPCOMP = TRUE;
break;
case kPGPike_IC_LZS:
DBG_PRINT(("Using kPGPCompAlgorithm_LZS\n"););
compAlg = kPGPCompAlgorithm_LZS;
useIPCOMP = TRUE;
break;
case kPGPike_IC_None:
DBG_PRINT(("No compression\n"););
compAlg = kPGPCompAlgorithm_None;
break;
default:
err = kPGPError_BadParams;
}
}
}
if (!useESP && !useAH)
useIPCOMP = FALSE;
tunnelAH = !useESP && !useIPCOMP && tunnel;
tunnelESP = !useIPCOMP && tunnel;
inPtr = inPacket;
if (useESP && (useAH || useIPCOMP))
outPtr = &(tempBuffer[0]);
else if (useAH && useIPCOMP)
outPtr = &(tempBuffer[0]);
else
outPtr = outPacket;
if (incoming)
{
if (useAH && IsntPGPError(err))
{
sequenceWindow = sa->sequenceWindow;
upperSequence = sa->sequenceWindowUpper;
lowerSequence = sa->sequenceWindowLower;
err = pgpVerifyIPsecAuthentication(pContext->ipsecContext,
MAX_DATASIZE, inPtr, tunnelAH, ahHash, ahHashKey,
&sequenceWindow, &upperSequence, &lowerSequence,
outPtr);
inPtr = outPtr;
if (useESP && useIPCOMP)
outPtr = &(tempBuffer[1]);
else
outPtr = outPacket;
}
if (useESP && IsntPGPError(err))
{
sequenceWindow = sa->sequenceWindow;
upperSequence = sa->sequenceWindowUpper;
lowerSequence = sa->sequenceWindowLower;
err = pgpIPsecDecrypt(pContext->ipsecContext, MAX_DATASIZE,
inPtr, tunnelESP, espCipher, espCipherKey, espHash,
espHashKey, &sequenceWindow, &upperSequence,
&lowerSequence, outPtr);
inPtr = outPtr;
outPtr = outPacket;
}
if (IsntPGPError(err) && (useESP || useAH))
{
sa->sequenceWindow = sequenceWindow;
sa->sequenceWindowUpper = upperSequence;
sa->sequenceWindowLower = lowerSequence;
}
if (useIPCOMP && IsntPGPError(err))
{
err = pgpIPsecDecompress(pContext->ipsecContext, MAX_DATASIZE,
inPtr, tunnel, compAlg, outPtr);
while (err == kPGPError_BufferTooSmall)
{
ndisPtr = packet;
tempPtr = outPacket;
tempPtr->dataSize = 0;
while (IsntNull(tempPtr->next))
{
ndisPtr = ndisPtr->link;
tempPtr = tempPtr->next;
tempPtr->dataSize = 0;
}
tempPtr->next = (PGPIPsecBuffer *) PGPNewData(memoryMgr,
sizeof(PGPIPsecBuffer),
0);
if (IsntNull(tempPtr->next))
{
ndisPtr->link =
PGPNdisPacketAllocWithSrcPacket(&status, adapter);
if (IsntNull(ndisPtr->link))
{
tempPtr->next->data =
&(ndisPtr->link->
xformBlock[ETHERNET_HDRLENGTH + 20]);
tempPtr->next->dataSize = 0;
tempPtr->next->allocatedSize = MAX_DATASIZE;
tempPtr->next->next = NULL;
ndisPtr->link->link = NULL;
}
else
err = kPGPError_OutOfMemory;
}
else
err = kPGPError_OutOfMemory;
if (err == kPGPError_BufferTooSmall)
err = pgpIPsecDecompress(pContext->ipsecContext,
MAX_DATASIZE, inPtr, tunnel, compAlg, outPtr);
}
}
}
else
{
if (secondCall)
{
pgpClearDFBit(inPtr);
pgpSetIPHeaderChecksum(inPtr);
}
if (useIPCOMP && IsntPGPError(err))
{
err = pgpIPsecCompress(pContext->ipsecContext, MAX_DATASIZE,
inPtr, tunnel, gatewayIP, compAlg, outPtr, &didUseIPCOMP);
inPtr = outPtr;
if (useESP && useAH)
outPtr = &(tempBuffer[1]);
else
outPtr = outPacket;
tunnelESP = tunnel && useESP && !didUseIPCOMP;
tunnelAH = tunnel && useAH && !useESP && !didUseIPCOMP;
}
if (useESP && IsntPGPError(err))
{
err = pgpIPsecEncrypt(pContext->ipsecContext, MAX_DATASIZE,
inPtr, tunnelESP, gatewayIP, espCipher, espCipherKey,
espIV, espHash, espHashKey, espSPI, sa->packetsSent + 1,
outPtr);
inPtr = outPtr;
outPtr = outPacket;
}
if (useAH && IsntPGPError(err))
{
err = pgpApplyIPsecAuthentication(pContext->ipsecContext,
MAX_DATASIZE, inPtr, tunnelAH, gatewayIP, ahHash,
ahHashKey, ahSPI, sa->packetsSent + 1, outPtr);
}
}
if (IsntPGPError(err))
{
packet->xformBlockLen = outPacket->dataSize + ETHERNET_HDRLENGTH;
packet->firstXformBlock = TRUE;
outPtr = outPacket->next;
if (IsNull(packet->link) || IsNull(outPtr))
{
packet->lastXformBlock = TRUE;
ndisPtr = NULL;
}
else if (outPtr->dataSize == 0)
{
packet->lastXformBlock = TRUE;
ndisPtr = NULL;
}
else
{
ndisPtr = packet->link;
packet->lastXformBlock = FALSE;
}
while (IsntNull(ndisPtr))
{
ndisPtr->xformBlockLen = ETHERNET_HDRLENGTH + 20 +
outPtr->dataSize;
ndisPtr->firstXformBlock = FALSE;
ndisPtr->lastXformBlock = FALSE;
if (IsNull(outPtr->next))
{
ndisPtr->lastXformBlock = TRUE;
ndisPtr = NULL;
}
else if (outPtr->next->dataSize == 0)
{
ndisPtr->lastXformBlock = TRUE;
ndisPtr = NULL;
}
else
{
outPtr = outPtr->next;
ndisPtr = ndisPtr->link;
}
}
}
for (index=0; index<2; index++)
{
if (IsntNull(tempBuffer[index].data))
PGPFreeData(tempBuffer[index].data);
inPtr = tempBuffer[index].next;
while (IsntNull(inPtr))
{
if (IsntNull(inPtr->data))
PGPFreeData(inPtr->data);
tempPtr = inPtr;
inPtr = inPtr->next;
PGPFreeData(tempPtr);
}
}
inPtr = inPacket;
while (IsntNull(inPtr))
{
if (secondCall)
PGPFreeData(inPtr->data);
tempPtr = inPtr;
inPtr = inPtr->next;
PGPFreeData(tempPtr);
}
outPtr = outPacket;
while (IsntNull(outPtr))
{
tempPtr = outPtr;
outPtr = outPtr->next;
PGPFreeData(tempPtr);
}
DBG_LEAVE(err);
return err;
}
/*__Editor_settings____
Local Variables:
tab-width: 4
End:
vi: ts=4 sw=4
vim: si
_____________________*/
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -