📄 ipsec_ah_message.c
字号:
/* ipsec_ah_message.c - AH message routines*//******************************************************************************//* Copyright 2000-2006 Wind River Systems, Inc. *//******************************************************************************//*modification history--------------------03j,14feb06,rma IPVI_ADDRESS_SELECTOR optimizations.03i,13jan06,djp removed rwos dependencies03h,12jan06,djp removed rwos dependencies03g,08nov05,rlm Removed references to rw_packet routines.03f,05oct05,rlm Fixed include of ipsecDOItoCCI.h to reflect its new home in crypto/03f,28nov05,djp replace WRN_INET with WRSEC_INET03e,07feb05,rlm All failed alloca() calls now result in taskSuspend().03d,12jun2003,rparkhil added support for STACK_NAME03c,07Jan2003,rks(teamf1) replaced CCI_GET_DIGEST_LENGTH with cci_ctx_digest_length03b,14Nov2002,rks(teamf1) changes for CCI intergration03a,20Sep02,rks(teamf1) modification for IPv602b,27mar02,rpt changed AH "sign"/"verify"/"icv" function definitions to integrate with enhanced crypto interface "crypto_if.h"02a,19mar02,rpt replaced IP_MESSAGE by IP_VI_MESSAGE in func definitions 01a,19mar02,rpt extracted from WindNet IPSec 1.1, added modification history*//******************************************************************************/#include <vxWorks.h>#include <string.h>#include <taskLib.h>#include <netinet/in.h>#include <wrn/cci/cci.h>#include "../common/wrSecMem.h"#include "../common/wrSecInetAddr.h"#include "../common/wrSecSerialize.h"#include "../crypto/ipsecDOItoCCI.h"#include "ipsecP.h"#include "packetBuf.h"#include "ipsec_if.h"#include "ipsec_ah_message.h"#include "ipsec_print_routines.h"#if defined(IPSEC_VERBOSE_PACKET_DEBUGGING)#include "../ike/ike_print_routines.h"#endif/******************************************************************************/static BOOL ipsec_ah_message_calculate_icv ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IP_VI_MESSAGE *p_ip_message, UCHAR *bptr_icv, CCIContext context );static UINT ipsec_ah_construct_ip_and_ah_for_icv_computation ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IP_VI_MESSAGE *p_ip_message );static void ipsec_ah_construct_ip_for_icv_computation ( IP_VI_MESSAGE *p_ip_message, UCHAR ** bptr_packet, UINT ah_header_length );static void ipsec_ah_construct_ah_for_icv_computation ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, UCHAR ** bptr_packet );/******************************************************************************/IPSEC_AH_MESSAGE *ipsec_ah_message_create ( void ) { IPSEC_AH_MESSAGE *sptr_ipsec_ah_message; sptr_ipsec_ah_message = wrSecAlloc (sizeof (IPSEC_AH_MESSAGE)); if (sptr_ipsec_ah_message == NULL) { ipsec_printf_mon (IPSEC_ERROR_PRINTF, "IPsec: Error: ipsec_ah_message_create(): wrSecAlloc failed\n"); return (NULL); } return (sptr_ipsec_ah_message); }/******************************************************************************/BOOL ipsec_ah_message_construct ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IPSEC_AUTH_ALGORITHM_ID authentication_type ) { if (sptr_ipsec_ah_message == NULL) { return (FALSE); } if( ipsecAuthAlgIDtoCCIAlg(authentication_type) != CCI_UNSUPPORTED ) { /* 96 bits = 12 bytes = 3 words for SHA and MD5 */ sptr_ipsec_ah_message->authentication_data_length_in_words = IPSEC_AUTH_DIGEST_TRUNC / 4; } else { return (FALSE); } memset (sptr_ipsec_ah_message->bptr_authentication_data, 0x00, IPSEC_AUTH_DIGEST_TRUNC); /* for the description of payload length field see section 2.2 of RFC 2402 */ sptr_ipsec_ah_message->payload_length = sptr_ipsec_ah_message->authentication_data_length_in_words + 3 - 2; sptr_ipsec_ah_message->ah_authentication_type = authentication_type; return (TRUE); }/******************************************************************************/void ipsec_ah_message_destruct ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message ) { if (sptr_ipsec_ah_message == NULL) return; }/******************************************************************************/void ipsec_ah_message_delete ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message ) { if (sptr_ipsec_ah_message == NULL) return; wrSecFree (sptr_ipsec_ah_message); }/******************************************************************************/UINT ipsec_ah_message_get_serialization_length ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message ) { UINT length_of_ah_header_in_bytes; /* Next Header(1) + payload length (1) + reserved (2) */ length_of_ah_header_in_bytes = 4; /* SPI (4) */ length_of_ah_header_in_bytes += 4; /* Sequence Number (4) */ length_of_ah_header_in_bytes += 4; length_of_ah_header_in_bytes = length_of_ah_header_in_bytes + (sptr_ipsec_ah_message->authentication_data_length_in_words * 4); return (length_of_ah_header_in_bytes); }/******************************************************************************/BOOL ipsec_ah_message_deserialize ( IPSEC_AH_MESSAGE * sptr_ipsec_ah_message, PACKETBUF * pPacket ) { UINT authentication_data_length_in_words; UCHAR *bptr_packet; UINT reserved; UINT deserialization_length; bptr_packet = packetBufDataGet(pPacket); if (bptr_packet == NULL) { return (FALSE); } /* do all the deserialization stuff here */ sptr_ipsec_ah_message->next_header = (IP_TRANSPORT_PROTOCOL)wrSecDeserializeUChar (&bptr_packet); sptr_ipsec_ah_message->payload_length = wrSecDeserializeUChar (&bptr_packet); authentication_data_length_in_words = (sptr_ipsec_ah_message->payload_length + 2) - 3; /*make sure that the authentication data is of the length that we have*/ if (sptr_ipsec_ah_message->authentication_data_length_in_words != authentication_data_length_in_words) { return (FALSE); } reserved = wrSecDeserializeUShort(&bptr_packet); if (reserved != 0) { return (FALSE); } sptr_ipsec_ah_message->spi = wrSecDeserializeULong (&bptr_packet); sptr_ipsec_ah_message->sequence_number = wrSecDeserializeULong (&bptr_packet); memcpy (sptr_ipsec_ah_message->bptr_authentication_data, bptr_packet, (sptr_ipsec_ah_message->authentication_data_length_in_words * 4)); /* now we need to reduce the packet in front */ deserialization_length = ipsec_ah_message_get_serialization_length (sptr_ipsec_ah_message); if (packetBufReduceFront(pPacket, deserialization_length) == FALSE) { return (FALSE); } return (TRUE); }/******************************************************************************/UINT ipsec_ah_message_serialize ( IPSEC_AH_MESSAGE * sptr_ipsec_ah_message, PACKETBUF * pPacket ) { UCHAR *bptr_packet; UINT serialization_length; UINT reserved; serialization_length = ipsec_ah_message_get_serialization_length (sptr_ipsec_ah_message); bptr_packet = packetBufWritableHeaderGet(pPacket, serialization_length); if (bptr_packet == NULL) { return (0); } /* do all the serialization stuff here */ wrSecSerializeUChar (sptr_ipsec_ah_message->next_header, &bptr_packet); wrSecSerializeUChar (sptr_ipsec_ah_message->payload_length, &bptr_packet); reserved = 0; wrSecSerializeUShort (reserved, &bptr_packet); wrSecSerializeULong (sptr_ipsec_ah_message->spi, &bptr_packet); wrSecSerializeULong (sptr_ipsec_ah_message->sequence_number, &bptr_packet); memcpy (bptr_packet, sptr_ipsec_ah_message->bptr_authentication_data, (sptr_ipsec_ah_message->authentication_data_length_in_words * 4)); /* now we need to extend the packet in front */ if (packetBufExtendFront(pPacket, serialization_length) == FALSE) { return (0); } return (serialization_length); }/******************************************************************************/BOOL ipsec_ah_message_sign ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IP_VI_MESSAGE *p_ip_message, CCIContext context ) { UCHAR *calculated_icv; UINT icvSize; /* rlm 2002-11-06: * length of buffer for the HMAC digest depends on the algorithm being * used. Thus we allocate it on stack at runtime. */ if ((calculated_icv = alloca (cciCtxDigestLenGet (context))) == NULL) { taskSuspend (0); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -