📄 ipsec_ah_message.c
字号:
icvSize = 4 * sptr_ipsec_ah_message->authentication_data_length_in_words; if( ipsec_ah_message_calculate_icv (sptr_ipsec_ah_message, p_ip_message, calculated_icv, context) == FALSE ) { return (FALSE); } memcpy (sptr_ipsec_ah_message->bptr_authentication_data, calculated_icv,icvSize); #if defined(IPSEC_VERBOSE_PACKET_DEBUGGING) ike_debug_printf_bytes(IKE_ERROR_PRINTF, "<ipsec_ah_message_sign(): calculated_icv>\n", calculated_icv, icvSize); #endif return (TRUE); }/******************************************************************************/BOOL ipsec_ah_message_verify ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IP_VI_MESSAGE *p_ip_message, CCIContext context ) { UCHAR *calculated_icv; UINT icvSize; if ((calculated_icv = alloca (cciCtxDigestLenGet (context))) == NULL) { taskSuspend (0); } icvSize = 4 * sptr_ipsec_ah_message->authentication_data_length_in_words; if( ipsec_ah_message_calculate_icv (sptr_ipsec_ah_message, p_ip_message, calculated_icv, context) == FALSE ) { return (FALSE); } #if defined(IPSEC_VERBOSE_PACKET_DEBUGGING) ike_debug_printf_bytes(IKE_ERROR_PRINTF, "<ipsec_ah_message_verify(): received_icv>\n", sptr_ipsec_ah_message->bptr_authentication_data, icvSize); ike_debug_printf_bytes(IKE_ERROR_PRINTF, "<ipsec_ah_message_verify: calculated_icv>\n", calculated_icv, icvSize); #endif return ( (memcmp(sptr_ipsec_ah_message->bptr_authentication_data, calculated_icv, icvSize) == 0) ? TRUE : FALSE ); }/*****************************************************************************/static BOOL ipsec_ah_message_calculate_icv ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IP_VI_MESSAGE *p_ip_message, UCHAR *bptr_icv, CCIContext context ) { cci_st cci_status; UINT extended_front; UINT total_length; UINT digest_length; /*(UINT) CCI_SHA1_DIGESTSIZE;*/ UCHAR *bptr_data; digest_length = cciCtxDigestLenGet (context); /* The payload of the IP_MESSAGE points to the start of AH payload i.e. after AH ICV */ extended_front = ipsec_ah_construct_ip_and_ah_for_icv_computation (sptr_ipsec_ah_message, p_ip_message); /* The payload of the IP_MESSAGE points to the start of IP header */ total_length = packetBufDataSizeGet( (PACKETBUF *)(p_ip_message->pPayload)); bptr_data = packetBufDataGet(p_ip_message->pPayload); if (bptr_data == NULL) { return (FALSE); } /* Authentication*/ if ((cci_status = cciHmacUpdate (context, bptr_data, total_length)) != CCI_SUCCESS) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPsec: %s%s (%d)\n", __FUNCTION__, "(): cciHmacUpdate() Failed.", cci_status); return (FALSE); } else if ((cci_status = cciHmacFinal (context, bptr_icv, &digest_length)) != CCI_SUCCESS) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPsec: %s%s (%d)\n", __FUNCTION__, "(): Failed Authentication.", cci_status); return (FALSE); } /* now we need to restore the packet front */ if (packetBufReduceFront(p_ip_message->pPayload, extended_front) == FALSE) { return (FALSE); } return (TRUE); }/******************************************************************************/static UINT ipsec_ah_construct_ip_and_ah_for_icv_computation ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, IP_VI_MESSAGE *p_ip_message ) { UINT ah_header_length; UINT ip_header_length = 0; UCHAR *bptr_packet; ah_header_length = ipsec_ah_message_get_serialization_length (sptr_ipsec_ah_message); /* Eventualluy we will use some sort of function call as below to * get the serialization size for the IP message. * ip_header_length = ip_message_get_serialization_length (p_ip_message); * For the time being we will use the Minimum IP header Header length. */ if (p_ip_message->version == IP_V4) { ip_header_length = IP_PACKET_HEADER_MINIMUM_LENGTH; } #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) else { ip_header_length = IPV6_PACKET_HEADER_MINIMUM_LENGTH; } #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */ bptr_packet = packetBufWritableHeaderGet(p_ip_message->pPayload, ah_header_length + ip_header_length); if (bptr_packet == NULL) { return (0); } ipsec_ah_construct_ip_for_icv_computation (p_ip_message, &bptr_packet, ah_header_length); ipsec_ah_construct_ah_for_icv_computation (sptr_ipsec_ah_message, &bptr_packet); /* now we need to extend the packet in front */ if (packetBufExtendFront(p_ip_message->pPayload, ah_header_length + ip_header_length) == FALSE) { return (0); } return (ah_header_length + ip_header_length); }/******************************************************************************/static void ipsec_ah_construct_ip_for_icv_computation ( IP_VI_MESSAGE *p_ip_message, UCHAR ** bptr_packet, UINT ah_header_length ) { UINT total_length, payload_length; IP_VERSION_NUMBER ip_version; ip_version = p_ip_message->version; if (ip_version == IP_V4) { /*IPv4 Processing*/ UINT version_and_header_length; version_and_header_length = IP_VERSION_4; version_and_header_length <<= 4; version_and_header_length |= IP_PACKET_HEADER_MINIMUM_LENGTH / IP_WORD_SIZE; wrSecSerializeUChar (version_and_header_length, bptr_packet); wrSecSerializeUChar (0, bptr_packet); /* TOS */ total_length = IP_PACKET_HEADER_MINIMUM_LENGTH + ah_header_length + packetBufDataSizeGet(p_ip_message->pPayload); wrSecSerializeUShort (total_length, bptr_packet); wrSecSerializeUShort (((IP_V4_MESSAGE *)p_ip_message)->datagram_identifier, bptr_packet); wrSecSerializeUShort (0, bptr_packet); /* flag and fragment */ wrSecSerializeUChar (0, bptr_packet); /* ttl */ wrSecSerializeUChar (AH_PROTOCOL, bptr_packet); wrSecSerializeUShort (0, bptr_packet); /* checksum */ wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&(((IP_V4_MESSAGE *)p_ip_message)->source_address), bptr_packet); wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&(((IP_V4_MESSAGE *)p_ip_message)->destination_address), bptr_packet); } else if (ip_version == IP_V6) { /*IPv6 Processing*/ UINT version_class_flow; version_class_flow = IP_V6 << 28; wrSecSerializeULong (version_class_flow, bptr_packet); payload_length = ah_header_length + packetBufDataSizeGet(p_ip_message->pPayload); wrSecSerializeUShort (payload_length, bptr_packet); wrSecSerializeUChar (AH_PROTOCOL, bptr_packet); wrSecSerializeUChar (0, bptr_packet); /* Hop Limit */ wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&(((IP_V6_MESSAGE *)p_ip_message)->source_address), bptr_packet); wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&(((IP_V6_MESSAGE *)p_ip_message)->destination_address), bptr_packet); } else { ipsec_printf (IPSEC_WARNING_PRINTF, "IPsec: IP Message: INVALID_VERSION\n"); } }/******************************************************************************/static void ipsec_ah_construct_ah_for_icv_computation ( IPSEC_AH_MESSAGE *sptr_ipsec_ah_message, UCHAR ** bptr_packet ) { UINT reserved; /* do all the serialization stuff here */ wrSecSerializeUChar (sptr_ipsec_ah_message->next_header, (UCHAR ** )bptr_packet); wrSecSerializeUChar (sptr_ipsec_ah_message->payload_length, (UCHAR ** )bptr_packet); reserved = 0; wrSecSerializeUShort (reserved, bptr_packet); wrSecSerializeULong (sptr_ipsec_ah_message->spi, bptr_packet); wrSecSerializeULong (sptr_ipsec_ah_message->sequence_number, bptr_packet); memset (*bptr_packet, 0x00, (sptr_ipsec_ah_message->authentication_data_length_in_words * 4)); }/******************************************************************************/UINT ipsec_ah_peek_at_security_parameters_index ( IP_VI_MESSAGE *p_ip_message ) { PACKETBUF * pPacket; UCHAR * bptr_packet; UINT spi; pPacket = p_ip_message->pPayload; bptr_packet = packetBufDataGet(pPacket); if (bptr_packet == NULL) { return (FALSE); } bptr_packet += sizeof (UCHAR) + sizeof (UCHAR) + sizeof (USHORT); spi = wrSecDeserializeULong (&bptr_packet); return (spi); }/******************************************************************************/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -