_esp.c

This directory contains source code for tcpdump, a tool for network monitoring and data acquisition

/*
 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
 *      The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that: (1) source code distributions
 * retain the above copyright notice and this paragraph in its entirety, (2)
 * distributions including binary code include the above copyright notice and
 * this paragraph in its entirety in the documentation or other materials
 * provided with the distribution, and (3) all advertising materials mentioning
 * features or use of this software display the following acknowledgement:
 * ``This product includes software developed by the University of California,
 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
 * the University nor the names of its contributors may be used to endorse
 * or promote products derived from this software without specific prior
 * written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#if 0
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/tcpdump/print-esp.c,v 1.5 1999/12/15 08:10:18 fenner Exp $ (LBL)";
#endif

#include <stdio.h>
#include <string.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>

#ifdef USE_SSL
  #include <des.h>
  #include <blowfish.h>
  #include <rc5.h>
  #include <cast.h>
#endif

#include "interfac.h"
#include "a2name.h"
#include "ip.h"
#include "ip6.h"
#include "esp.h"

#if 0
/* there's no standard definition so we are on our own
 */
struct esp
{
  u_int32_t esp_spi;            /* ESP */
/* variable size, 32bit bound */
/* Initialization Vector */
/* variable size */
/* Payload data */
/* variable size */
/* padding */
/* 8bit *//* pad size */
/* 8bit *//* next header */
/* 8bit *//* next header */
/* variable size, 32bit bound */
/* Authentication data (new IPsec) */
};

struct newesp
{
  u_int32_t esp_spi;            /* ESP */
  u_int32_t esp_seq;            /* Sequence number */
/*variable size *//* (IV and) Payload data */
/*variable size *//* padding */
/*8bit *//* pad size */
/*8bit *//* next header */
/*8bit *//* next header */
/*variable size, 32bit bound *//* Authentication data */
};
#endif


int esp_print (const u_char *bp, const u_char *bp2, int *nhdr)
{
  struct ip      *ip  = NULL;
  struct ip6_hdr *ip6 = NULL;

  const struct esp *esp = (struct esp*) bp;
  const u_char     *ep  = snapend;

  DWORD spi = ntohl (esp->esp_spi);

  enum { NONE, DESCBC, BLOWFISH,
         RC5, CAST128, DES3CBC
       } algo = NONE;

  int     advance, len;
  int     ivlen  = 0;
  char   *secret = NULL;
  u_char *ivoff;

  if ((u_char*) (esp + 1) >= ep - sizeof(struct esp))
  {
    PUTS ("[|ESP]");
    goto fail;
  }
  PRINTF ("ESP(spi=%u,seq=0x%lx)",
          spi, ntohl(*(u_int32_t*) (esp + 1)));

  /* if we don't have decryption key, we can't decrypt this packet.
   */
  if (!espsecret)
     goto fail;

  if (!strncmp(espsecret, "des-cbc:", 8) && strlen(espsecret + 8) == 8)
  {
    algo   = DESCBC;
    ivlen  = 8;
    secret = espsecret + 8;
  }
  else if (!strncmp (espsecret, "blowfish-cbc:", 13))
  {
    algo   = BLOWFISH;
    ivlen  = 8;
    secret = espsecret + 13;
  }
  else if (!strncmp (espsecret, "rc5-cbc:", 8))
  {
    algo   = RC5;
    ivlen  = 8;
    secret = espsecret + 8;
  }
  else if (!strncmp (espsecret, "cast128-cbc:", 12))
  {
    algo   = CAST128;
    ivlen  = 8;
    secret = espsecret + 12;
  }
  else if (!strncmp (espsecret, "3des-cbc:", 9) && strlen (espsecret+9) == 24)
  {
    algo   = DES3CBC;
    ivlen  = 8;
    secret = espsecret + 9;
  }
  else if (!strncmp (espsecret, "none:", 5))
  {
    algo   = NONE;
    ivlen  = 0;
    secret = espsecret + 5;
  }
  else if (strlen (espsecret) == 8)
  {
    algo   = DESCBC;
    ivlen  = 8;
    secret = espsecret;
  }
  else
  {
    algo   = NONE;
    ivlen  = 0;
    secret = espsecret;
  }

  ip = (struct ip*) bp2;

  switch (IP_V(ip))
  {
#ifdef USE_INET6
    case 6:
         ip6 = (struct ip6_hdr *) bp2;
         ip = NULL;
         /* we do not attempt to decrypt jumbograms */
         if (!ntohs (ip6->ip6_plen))
            goto fail;
         /* if we can't get nexthdr, we do not need to decrypt it */
         len = sizeof(*ip6) + ntohs (ip6->ip6_plen);
         break;
#endif

    case 4:
#ifdef USE_INET6
         ip6 = NULL;
#endif
         len = ntohs (ip->ip_len);
         break;

    default:
         goto fail;
  }

  /* if we can't get nexthdr, we do not need to decrypt it */
  if (ep - bp2 < len)
     goto fail;

  ivoff = (u_char *) (esp + 1) + sizeof(u_int32_t);

  switch (algo)
  {
#ifndef USE_SSL
    case DESCBC:
    case BLOWFISH:
    case RC5:
    case CAST128:
    case DES3CBC:
         goto fail;
#else

    case DESCBC:
         {
           u_char iv[8], *p;
           des_key_schedule schedule;

           switch (ivlen)
           {
             case 4:
                  memcpy (iv, ivoff, 4);
                  memcpy (&iv[4], ivoff, 4);
                  p = &iv[4];
                  *p++ ^= 0xff;
                  *p++ ^= 0xff;
                  *p++ ^= 0xff;
                  *p++ ^= 0xff;
                  break;
             case 8:
                  memcpy (iv, ivoff, 8);
                  break;
                default:
                  goto fail;
           }

           des_check_key = 0;
           des_set_key ((void*)secret, schedule);

           p = ivoff + ivlen;
           des_cbc_encrypt ((void*)p, (void*)p, (long)(ep-p),
                            schedule, (void*)iv, DES_DECRYPT);
           advance = ivoff - (u_char *) esp + ivlen;
           break;
         }

    case BLOWFISH:
         {
           BF_KEY schedule;
           u_char *p;

           BF_set_key (&schedule, strlen(secret), secret);

           p = ivoff + ivlen;
           BF_cbc_encrypt (p, p, (long)(ep-p), &schedule, ivoff, BF_DECRYPT);
           advance = ivoff - (u_char *) esp + ivlen;
           break;
         }

    case RC5:
         {
           RC5_32_KEY schedule;
           u_char *p;

           RC5_32_set_key (&schedule, strlen(secret), secret, RC5_16_ROUNDS);

           p = ivoff + ivlen;
           RC5_32_cbc_encrypt (p, p, (long)(ep-p), &schedule, ivoff, RC5_DECRYPT);
           advance = ivoff - (u_char *) esp + ivlen;
           break;
         }

    case CAST128:
         {
           CAST_KEY schedule;
           u_char *p;

           CAST_set_key (&schedule, strlen(secret), secret);

           p = ivoff + ivlen;
           CAST_cbc_encrypt (p, p, (long)(ep-p), &schedule, ivoff, CAST_DECRYPT);
           advance = ivoff - (u_char*)esp + ivlen;
           break;
         }

    case DES3CBC:
         {
           des_key_schedule s1, s2, s3;
           u_char *p;

           des_check_key = 0;
           des_set_key ((void*)secret, s1);
           des_set_key ((void*)(secret+8), s2);
           des_set_key ((void*)(secret+16), s3);

           p = ivoff + ivlen;
           des_ede3_cbc_encrypt ((void*)p, (void*)p, (long)(ep-p),
                                 s1, s2, s3, (void*)ivoff, DES_DECRYPT);
           advance = ivoff - (u_char*) esp + ivlen;
           break;
         }
#endif  /* USE_SSL */

    case NONE:
    default:
         advance = sizeof(struct esp) + sizeof(u_int32_t);
         break;
  }

  /* sanity check for pad length */
  if (ep - bp < *(ep - 2))
     goto fail;

  if (nhdr)
     *nhdr = *(ep - 1);

  PUTS (": ");
  return (advance);

fail:
  if (nhdr)
     *nhdr = -1;
  return 65536;
}