📄 pgpike.c
字号:
pContext->allowedAlgorithms.modp3072 = FALSE;
pContext->allowedAlgorithms.modp4096 = FALSE;
pContext->allowedAlgorithms.modp6144 = FALSE;
pContext->allowedAlgorithms.modp8192 = FALSE;
/* pContext->ecdhGroups elements are NULLs.
Since EC context with precomputation enabled
consumes a lot of memory, initialize it on demand.
So, if EC is not used, no memory is allocated.
If EC is used, only neccesary EC context will be initialized.
*/
pgpAssert( pContext->ecdhGroups[0].c == NULL );
/* Create common generator for the prime field */
err = PGPNewBigNum( pContext->pgpContext, TRUE, &pContext->dhPrimeG );
if( IsntPGPError(err) )
err = PGPBigNumSetQ( pContext->dhPrimeG, 2 );
if( IsntPGPError(err) )
*outRef = ( PGPikeContextRef ) pContext;
}
else
err = kPGPError_OutOfMemory;
done:
if( IsPGPError( err ) && IsntNull( *outRef ) )
{
pgpContextMemFree( context, pContext );
*outRef = NULL;
}
pgpAssertErrWithPtr( err, *outRef );
return err;
}
PGPError
PGPFreeIKEContext(
PGPikeContextRef ref )
{
PGPError err = kPGPError_NoErr;
PGPikeContextPriv * ike;
PGPUInt32 groupIndex;
PGPValidatePtr( ref );
ike = (PGPikeContextPriv *)ref;
if( IsntNull( ike->pending ) )
{
PGPikeDestination * walkD,
* nextD;
pgpAssert( 0 );
/* REPORT THIS ASSERTION AND SUBMIT LOG */
for( walkD = ike->pending; IsntNull( walkD ); walkD = nextD )
{
nextD = walkD->nextD;
(void)PGPFreeData( walkD );
}
}
while( IsntNull( ike->partner ) )
(void)pgpIKEFreePartner( ike->partner );
while( IsntNull( ike->sa ) )
{
PGPipsecSA * oldHead = ike->sa;
ike->sa = oldHead->nextSA;
(void)PGPFreeData( oldHead );
}
err = pgpContextMemFree( ike->pgpContext, ike->defaultIKEProps ); CKERR;
err = pgpContextMemFree( ike->pgpContext, ike->defaultIPSECProps ); CKERR;
/* Free common prime group data */
if( ike->dhPrimeG != kPGPInvalidBigNumRef )
(void) PGPFreeBigNum( ike->dhPrimeG );
/* Free shared EC groups, possibly allocated if EC was used */
for( groupIndex = 0;
groupIndex < ( sizeof( ike->ecdhGroups ) / sizeof( ike->ecdhGroups[0] ) );
groupIndex++ )
{
if( ike->ecdhGroups[groupIndex].c != NULL )
err = pgpECIKEFreeContext( ike->ecdhGroups[groupIndex].c );
}
err = pgpContextMemFree( ike->pgpContext, ref ); CKERR;
done:
return err;
}
PGPError
pgpIKEFreePartner(
PGPikePartner * partner )
{
PGPError err = kPGPError_NoErr;
PGPikePartner * cp,
* lp;
PGPikePendingDest * walkPend;
if( partner->ready )
{
if( partner->virtualIP && partner->assignedIP )
{
PGPikeMTIdentity mtIdentity;
pgpClearMemory( &mtIdentity, sizeof(PGPikeMTIdentity) );
mtIdentity.active = FALSE;
mtIdentity.ipAddress = partner->ipAddress;
mtIdentity.assignedIP = partner->assignedIP;
mtIdentity.assignedDNS = partner->assignedDNS;
mtIdentity.assignedWINS = partner->assignedWINS;
err = (partner->ike->msgProc)(
(PGPikeContextRef)partner->ike, partner->ike->userData,
kPGPike_MT_Identity, &mtIdentity ); CKERR;
partner->assignedIP = 0;
partner->virtualIP = FALSE;
}
err = pgpIKELocalAlert( partner->ike, partner->ipAddress,
kPGPike_AL_None, kPGPike_IA_DeadPhase1SA, FALSE );
}
/* delink ourself */
cp = partner->ike->partner; /* get head of list */
lp = NULL;
while( IsntNull( cp ) )
{
if( cp == partner )
{
if( IsntNull( lp ) )
lp->nextPartner = cp->nextPartner;
else
partner->ike->partner = cp->nextPartner;
break;
}
lp = cp;
cp = cp->nextPartner;
}
while( IsntNull( partner->exchanges ) )
{
err = pgpIKEFreeExchange( partner->exchanges ); CKERR;
}
if( IsntNull( partner->sharedKey ) )
{
err = PGPFreeData( partner->sharedKey ); CKERR;
}
if( IsntNull( partner->idData ) )
{
err = PGPFreeData( partner->idData ); CKERR;
}
if( PGPKeyDBRefIsValid( partner->pgpAuthKey.baseKeyDB ) )
{
err = PGPFreeKeyDB( partner->pgpAuthKey.baseKeyDB ); CKERR;
}
if( PGPKeyDBRefIsValid( partner->x509AuthKey.baseKeyDB ) )
{
err = PGPFreeKeyDB( partner->x509AuthKey.baseKeyDB ); CKERR;
}
if( IsntNull( partner->pgpAuthKey.pass ) )
{
err = PGPFreeData( partner->pgpAuthKey.pass ); CKERR;
}
if( IsntNull( partner->x509AuthKey.pass ) )
{
err = PGPFreeData( partner->x509AuthKey.pass ); CKERR;
}
walkPend = partner->pendList;
while( IsntNull( partner->pendList ) )
{
walkPend = partner->pendList;
partner->pendList = partner->pendList->nextDest;
(void) PGPFreeData( walkPend );
}
if( PGPCBCContextRefIsValid( partner->cbc ) )
{
err = PGPFreeCBCContext( partner->cbc ); CKERR;
}
if( PGPKeyDBRefIsValid( partner->remoteKeyDB ) )
{
err = PGPFreeKeyDB( partner->remoteKeyDB ); CKERR;
}
err = PGPFreeData( partner );
done:
return err;
}
PGPError
pgpIKEFreeExchange(
PGPikeExchange * exchange )
{
PGPError err = kPGPError_NoErr;
PGPikeExchange * cn,
* ln;
PGPikeProposal * cp,
* lp = NULL;
if( IsNull( exchange ) )
goto done;
exchange->ike->numExchanges--;
/* delink ourself */
if( IsntNull( exchange->destination ) )
(void)PGPFreeData( exchange->destination );
cn = exchange->partner->exchanges; /* get head of list */
ln = NULL;
while( IsntNull( cn ) )
{
if( cn == exchange )
{
if( IsntNull( ln ) )
ln->nextExchange = cn->nextExchange;
else
exchange->partner->exchanges = cn->nextExchange;
break;
}
ln = cn;
cn = cn->nextExchange;
}
cp = exchange->proposals;
while( IsntNull( cp ) )
{
lp = cp;
cp = cp->nextProposal;
(void)PGPFreeData( lp );
}
pgpIKEFreeConfigs( exchange );
if( exchange->isPrimeDH ) {
if( exchange->primeDH.dhP != kPGPInvalidBigNumRef )
(void) PGPFreeBigNum( exchange->primeDH.dhP );
if( exchange->primeDH.xSecretDH != kPGPInvalidBigNumRef )
(void) PGPFreeBigNum( exchange->primeDH.xSecretDH );
}
if( IsntNull( exchange->gXY ) )
(void) PGPFreeData( exchange->gXY );
if( IsntNull( exchange->dhYi ) )
(void) PGPFreeData( exchange->dhYi );
if( IsntNull( exchange->dhYr ) )
(void) PGPFreeData( exchange->dhYr );
if( IsntNull( exchange->initSABody ) )
(void)PGPFreeData( exchange->initSABody );
if( IsntNull( exchange->idBody ) )
(void)PGPFreeData( exchange->idBody );
if( IsntNull( exchange->idRBody ) )
(void)PGPFreeData( exchange->idRBody );
if( IsntNull( exchange->lastPkt ) )
(void)PGPFreeData( exchange->lastPkt );
(void)PGPFreeData( exchange );
done:
return err;
}
void
pgpIKEFreeConfigs(
PGPikeExchange * exchange )
{
PGPUInt32 configIndex;
if( IsNull( exchange ) )
return;
for( configIndex = 0; configIndex < exchange->numConfigs; configIndex++ )
{
if( IsntNull( exchange->configs[configIndex].valueP ) )
{
(void) PGPFreeData( exchange->configs[configIndex].valueP );
exchange->configs[configIndex].valueP = NULL;
}
pgpClearMemory( &exchange->configs[configIndex], sizeof(PGPikeConfigItem) );
}
exchange->numConfigs = 0;
}
PGPError
PGPikeProcessMessage(
PGPikeContextRef ref,
PGPikeMessageType msg,
void * data )
{
PGPError err = kPGPError_NoErr;
PGPikeContextPriv * ike;
PGPValidatePtr( ref );
ike = (PGPikeContextPriv *)ref;
switch( msg )
{
case kPGPike_MT_Idle:
err = pgpIKEIdle( ike );
break;
case kPGPike_MT_SARequest:
err = pgpIKEHandleSARequest( ike, (PGPikeMTSASetup *) data );
break;
case kPGPike_MT_SARekey:
err = pgpIKEHandleSAEvent( ike, FALSE, (PGPipsecSA *) data );
break;
case kPGPike_MT_SADied:
err = pgpIKEHandleSAEvent( ike, TRUE, (PGPipsecSA *) data );
break;
case kPGPike_MT_AuthCheck:
err = pgpIKEHandleAuthCheck( ike, (PGPikeMTAuthCheck *) data );
break;
case kPGPike_MT_Packet:
err = pgpIKEHandlePacket( ike, (PGPikeMTPacket *) data );
#if PGPIKE_VERBOSE
/*{
PGPUInt32 saCount = 0;
PGPipsecSA * sa;
for( sa = ike->sa; IsntNull( sa ); sa = sa->nextSA )
saCount++;
pgpIKEDebugLog( ike, "\tsaCount: %d\n", saCount );
}*/
#endif
break;
case kPGPike_MT_Pref:
err = pgpIKESetPref( ike, (PGPikeMTPref *) data );
break;
case kPGPike_MT_SAKillAll:
{
PGPipsecSA * sa,
* nextSA = NULL;
PGPikePartner * partner;
for( sa = ike->sa; IsntNull( sa ); sa = nextSA )
{
nextSA = sa->nextSA;
sa->activeIn = FALSE;
if( pgpIKEFindSAPartner( ike, sa, TRUE, &partner ) )
{
err = pgpIKEKillSA( &partner, sa );
}
else
{
err = (ike->msgProc)(
(PGPikeContextRef)ike, ike->userData,
kPGPike_MT_SADied, sa );
(void)pgpIKEFreeSA( ike, sa );
}
if( IsPGPError( err ) )
break;
}
break;
}
case kPGPike_MT_PolicyCheck:
case kPGPike_MT_SAEstablished:
case kPGPike_MT_LocalPGPCert:
case kPGPike_MT_LocalX509Cert:
case kPGPike_MT_RemoteCert:
case kPGPike_MT_Alert:
default:
err = kPGPError_ItemNotFound;/* these msgs are only sent FROM pgpIKE */
break;
}
if( IsPGPError( err ) )
{
if( err == kPGPError_UserAbort )
err = kPGPError_NoErr;
else
{
#if PGPIKE_DEBUG
pgpIKEDebugLog( ike, FALSE, "\tPGPError: %ld\n", err );
#endif
}
}
return err;
}
PGPBoolean
pgpIKEFindSAPartner(
PGPikeContextPriv * ike,
PGPipsecSA * sa,
PGPBoolean mustBeReady,
PGPikePartner ** partnerP )
{
PGPError err = kPGPError_NoErr;
PGPikePartner * partner;
*partnerP = NULL;
for( partner = ike->partner; IsntNull( partner );
partner = partner->nextPartner )
{
if( ( sa->ipAddress == partner->ipAddress ) ||
( sa->bIsRemoteIPNAT && ( sa->ipAddress == partner->preNATIPAddress )) )
{
if( partner->ready || !mustBeReady )
{
*partnerP = partner;
goto done;
}
}
}
err = kPGPError_ItemNotFound;
done:
return ( err != kPGPError_ItemNotFound );
}
PGPError
pgpIKEFreeSA(
PGPikeContextPriv * ike,
PGPipsecSA * sa )
{
PGPError err = kPGPError_NoErr;
err = pgpIKELocalAlert( ike, sa->ipAddress,
kPGPike_AL_None, kPGPike_IA_DeadPhase2SA, FALSE );
if( IsntNull( sa->prevSA ) )
sa->prevSA->nextSA = sa->nextSA;
else
ike->sa = sa->nextSA;
if( IsntNull( sa->nextSA ) )
sa->nextSA->prevSA = sa->prevSA;
(void)PGPFreeData( sa );
return err;
}
PGPError
pgpIKESetConfigData(
PGPMemoryMgrRef memMgr,
PGPikeConfigItem * config,
PGPikeConfigType configType,
PGPikeAttributeType attrType,
PGPUInt16 transactionID,
char * configData )
{
PGPError err = kPGPError_NoErr;
PGPUInt16 replyLen;
replyLen = strlen( configData );
config->configType = configType;
config->transactionID = transactionID;
config->attribute = attrType;
config->valueP = PGPNewSecureData( memMgr, replyLen, 0 );
if( IsntNull( config->valueP ) )
pgpCopyMemory( configData, config->valueP, replyLen );
else
err = kPGPError_OutOfMemory;
config->valueSize = replyLen;
return err;
}
PGPError
pgpIKEHandleAuthCheck(
PGPikeContextPriv * ike,
PGPikeMTAuthCheck * authCheck )
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -