1999-10-18 05:56:53 +08:00
|
|
|
/* $NetBSD: print-ah.c,v 1.4 1996/05/20 00:41:16 fvdl Exp $ */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that: (1) source code distributions
|
|
|
|
|
* retain the above copyright notice and this paragraph in its entirety, (2)
|
|
|
|
|
* distributions including binary code include the above copyright notice and
|
|
|
|
|
* this paragraph in its entirety in the documentation or other materials
|
|
|
|
|
* provided with the distribution, and (3) all advertising materials mentioning
|
|
|
|
|
* features or use of this software display the following acknowledgement:
|
|
|
|
|
* ``This product includes software developed by the University of California,
|
|
|
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
|
|
|
|
* the University nor the names of its contributors may be used to endorse
|
|
|
|
|
* or promote products derived from this software without specific prior
|
|
|
|
|
* written permission.
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
|
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef lint
|
1999-12-15 16:10:17 +08:00
|
|
|
static const char rcsid[] =
|
2003-02-05 10:38:45 +08:00
|
|
|
"@(#) $Header: /tcpdump/master/tcpdump/print-esp.c,v 1.32 2003-02-05 02:38:45 guy Exp $ (LBL)";
|
1999-10-18 05:56:53 +08:00
|
|
|
#endif
|
|
|
|
|
|
1999-11-21 17:36:43 +08:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
#include <string.h>
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2002-08-01 16:52:55 +08:00
|
|
|
#include <tcpdump-stdinc.h>
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2000-01-15 10:33:06 +08:00
|
|
|
#ifdef HAVE_LIBCRYPTO
|
2001-04-13 10:56:37 +08:00
|
|
|
#include <openssl/des.h>
|
|
|
|
|
#include <openssl/blowfish.h>
|
2002-04-07 10:16:03 +08:00
|
|
|
#ifdef HAVE_OPENSSL_RC5_H
|
2001-04-13 10:56:37 +08:00
|
|
|
#include <openssl/rc5.h>
|
1999-10-30 13:11:06 +08:00
|
|
|
#endif
|
2002-04-07 10:16:03 +08:00
|
|
|
#ifdef HAVE_OPENSSL_CAST_H
|
2001-04-13 10:56:37 +08:00
|
|
|
#include <openssl/cast.h>
|
1999-10-30 13:11:06 +08:00
|
|
|
#endif
|
1999-10-18 05:56:53 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
2000-09-23 16:54:24 +08:00
|
|
|
#include "ip.h"
|
2000-10-06 19:32:17 +08:00
|
|
|
#include "esp.h"
|
2000-10-07 13:53:09 +08:00
|
|
|
#ifdef INET6
|
|
|
|
|
#include "ip6.h"
|
|
|
|
|
#endif
|
1999-10-30 13:11:06 +08:00
|
|
|
|
2002-01-21 19:39:58 +08:00
|
|
|
#define AVOID_CHURN 1
|
1999-10-18 05:56:53 +08:00
|
|
|
#include "interface.h"
|
|
|
|
|
#include "addrtoname.h"
|
2002-12-11 15:13:49 +08:00
|
|
|
#include "extract.h"
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2002-01-21 19:39:58 +08:00
|
|
|
static struct esp_algorithm *espsecret_xform=NULL; /* cache of decoded alg. */
|
|
|
|
|
static char *espsecret_key=NULL;
|
2003-02-05 10:38:45 +08:00
|
|
|
static int espsecret_keylen=0;
|
2002-01-21 19:39:58 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
enum cipher { NONE,
|
|
|
|
|
DESCBC,
|
|
|
|
|
BLOWFISH,
|
|
|
|
|
RC5,
|
|
|
|
|
CAST128,
|
|
|
|
|
DES3CBC};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
struct esp_algorithm {
|
Add a few more GCC warnings on GCC >= 2 for ".devel" builds.
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
2002-09-05 08:00:07 +08:00
|
|
|
const char *name;
|
2002-01-21 19:39:58 +08:00
|
|
|
enum cipher algo;
|
|
|
|
|
int ivlen;
|
|
|
|
|
int authlen;
|
|
|
|
|
int replaysize;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct esp_algorithm esp_xforms[]={
|
|
|
|
|
{"none", NONE, 0, 0, 0},
|
|
|
|
|
{"des-cbc", DESCBC, 8, 0, 0},
|
|
|
|
|
{"des-cbc-hmac96", DESCBC, 8, 12, 4},
|
|
|
|
|
{"blowfish-cbc", BLOWFISH,8, 0, 0},
|
|
|
|
|
{"blowfish-cbc-hmac96", BLOWFISH,8, 12, 4},
|
|
|
|
|
{"rc5-cbc", RC5, 8, 0, 0},
|
|
|
|
|
{"rc5-cbc-hmac96", RC5, 8, 12, 4},
|
|
|
|
|
{"cast128-cbc", CAST128, 8, 0, 0},
|
|
|
|
|
{"cast128-cbc-hmac96", CAST128, 8, 12, 4},
|
|
|
|
|
{"3des-cbc-hmac96", DES3CBC, 8, 12, 4},
|
2002-07-28 03:30:36 +08:00
|
|
|
{NULL, NONE, 0, 0, 0}
|
2002-01-21 19:39:58 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int hexdigit(char hex)
|
|
|
|
|
{
|
|
|
|
|
if(hex >= '0' && hex <= '9') {
|
|
|
|
|
return (hex - '0');
|
|
|
|
|
} else if(hex >= 'A' && hex <= 'F') {
|
|
|
|
|
return (hex - 'A' + 10);
|
|
|
|
|
} else if(hex >= 'a' && hex <= 'f') {
|
|
|
|
|
return (hex - 'a' + 10);
|
|
|
|
|
} else {
|
|
|
|
|
printf("invalid hex digit %c in espsecret\n", hex);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int hex2byte(char *hexstring)
|
|
|
|
|
{
|
|
|
|
|
int byte;
|
|
|
|
|
|
|
|
|
|
byte = (hexdigit(hexstring[0]) << 4) +
|
|
|
|
|
hexdigit(hexstring[1]);
|
|
|
|
|
return byte;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-01-23 13:23:16 +08:00
|
|
|
static void esp_print_decodesecret(void)
|
2002-01-21 19:39:58 +08:00
|
|
|
{
|
|
|
|
|
char *colon;
|
|
|
|
|
int len, i;
|
|
|
|
|
struct esp_algorithm *xf;
|
2002-07-28 03:30:36 +08:00
|
|
|
struct esp_algorithm *null_xf =
|
|
|
|
|
&esp_xforms[sizeof(esp_xforms)/sizeof(esp_xforms[0]) - 1];
|
2002-01-21 19:39:58 +08:00
|
|
|
|
|
|
|
|
if(espsecret == NULL) {
|
2002-07-28 03:30:36 +08:00
|
|
|
/* set to NULL transform */
|
|
|
|
|
espsecret_xform = null_xf;
|
2002-01-21 19:39:58 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(espsecret_key != NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
colon = strchr(espsecret, ':');
|
|
|
|
|
if(colon == NULL) {
|
|
|
|
|
printf("failed to decode espsecret: %s\n",
|
|
|
|
|
espsecret);
|
2002-07-28 03:30:36 +08:00
|
|
|
/* set to NULL transform */
|
|
|
|
|
espsecret_xform = null_xf;
|
|
|
|
|
return;
|
2002-01-21 19:39:58 +08:00
|
|
|
}
|
|
|
|
|
|
2002-07-28 03:30:36 +08:00
|
|
|
len = colon - espsecret;
|
2002-01-21 19:39:58 +08:00
|
|
|
xf = esp_xforms;
|
|
|
|
|
while(xf->name && strncasecmp(espsecret, xf->name, len)!=0) {
|
|
|
|
|
xf++;
|
|
|
|
|
}
|
|
|
|
|
if(xf->name == NULL) {
|
|
|
|
|
printf("failed to find cipher algo %s\n",
|
|
|
|
|
espsecret);
|
2002-07-28 03:30:36 +08:00
|
|
|
/* set to NULL transform */
|
|
|
|
|
espsecret_xform = null_xf;
|
2002-01-21 19:39:58 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
espsecret_xform = xf;
|
|
|
|
|
|
|
|
|
|
colon++;
|
|
|
|
|
if(colon[0]=='0' && colon[1]=='x') {
|
|
|
|
|
/* decode some hex! */
|
|
|
|
|
colon+=2;
|
|
|
|
|
len = strlen(colon) / 2;
|
|
|
|
|
espsecret_key = (char *)malloc(len);
|
|
|
|
|
if(espsecret_key == NULL) {
|
|
|
|
|
fprintf(stderr, "%s: ran out of memory (%d) to allocate secret key\n",
|
|
|
|
|
program_name, len);
|
|
|
|
|
exit(2);
|
|
|
|
|
}
|
|
|
|
|
i = 0;
|
|
|
|
|
while(colon[0] != '\0' && colon[1]!='\0') {
|
|
|
|
|
espsecret_key[i]=hex2byte(colon);
|
|
|
|
|
colon+=2;
|
|
|
|
|
i++;
|
|
|
|
|
}
|
2003-02-05 10:38:45 +08:00
|
|
|
espsecret_keylen = len;
|
2002-01-21 19:39:58 +08:00
|
|
|
} else {
|
|
|
|
|
espsecret_key = colon;
|
2003-02-05 10:38:45 +08:00
|
|
|
espsecret_keylen = strlen(colon);
|
2002-01-21 19:39:58 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
int
|
2002-01-21 19:39:58 +08:00
|
|
|
esp_print(register const u_char *bp, register const u_char *bp2,
|
|
|
|
|
int *nhdr, int *padlen)
|
1999-10-30 13:11:06 +08:00
|
|
|
{
|
2002-07-28 03:30:36 +08:00
|
|
|
register const struct newesp *esp;
|
1999-10-30 13:11:06 +08:00
|
|
|
register const u_char *ep;
|
|
|
|
|
struct ip *ip = NULL;
|
|
|
|
|
#ifdef INET6
|
|
|
|
|
struct ip6_hdr *ip6 = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
int advance;
|
|
|
|
|
int len;
|
2002-01-21 19:39:58 +08:00
|
|
|
char *secret;
|
1999-10-30 13:11:06 +08:00
|
|
|
int ivlen = 0;
|
|
|
|
|
u_char *ivoff;
|
2002-01-25 13:51:51 +08:00
|
|
|
#ifdef HAVE_LIBCRYPTO
|
2002-01-21 19:39:58 +08:00
|
|
|
u_char *p;
|
2002-01-25 13:51:51 +08:00
|
|
|
#endif
|
2002-06-12 01:08:37 +08:00
|
|
|
|
2002-07-28 03:30:36 +08:00
|
|
|
esp = (struct newesp *)bp;
|
2002-01-21 19:39:58 +08:00
|
|
|
secret = NULL;
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
/* keep secret out of a register */
|
|
|
|
|
p = (u_char *)&secret;
|
|
|
|
|
#endif
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2000-10-03 10:19:04 +08:00
|
|
|
/* 'ep' points to the end of available data. */
|
1999-10-30 13:11:06 +08:00
|
|
|
ep = snapend;
|
|
|
|
|
|
2002-07-28 03:30:36 +08:00
|
|
|
if ((u_char *)(esp + 1) >= ep) {
|
1999-10-30 13:11:06 +08:00
|
|
|
fputs("[|ESP]", stdout);
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2002-12-11 15:13:49 +08:00
|
|
|
printf("ESP(spi=0x%08x", EXTRACT_32BITS(&esp->esp_spi));
|
|
|
|
|
printf(",seq=0x%x", EXTRACT_32BITS(&esp->esp_seq));
|
1999-10-30 13:11:06 +08:00
|
|
|
printf(")");
|
|
|
|
|
|
|
|
|
|
/* if we don't have decryption key, we can't decrypt this packet. */
|
|
|
|
|
if (!espsecret)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
2002-01-21 19:39:58 +08:00
|
|
|
if(!espsecret_xform) {
|
|
|
|
|
esp_print_decodesecret();
|
|
|
|
|
}
|
2002-07-28 03:30:36 +08:00
|
|
|
if(espsecret_xform->name == NULL) {
|
2002-01-21 19:39:58 +08:00
|
|
|
goto fail;
|
1999-10-30 13:11:06 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ip = (struct ip *)bp2;
|
2000-10-03 10:54:54 +08:00
|
|
|
switch (IP_V(ip)) {
|
1999-10-30 13:11:06 +08:00
|
|
|
#ifdef INET6
|
|
|
|
|
case 6:
|
|
|
|
|
ip6 = (struct ip6_hdr *)bp2;
|
|
|
|
|
ip = NULL;
|
|
|
|
|
/* we do not attempt to decrypt jumbograms */
|
2002-12-11 15:13:49 +08:00
|
|
|
if (!EXTRACT_16BITS(&ip6->ip6_plen))
|
1999-10-30 13:11:06 +08:00
|
|
|
goto fail;
|
|
|
|
|
/* if we can't get nexthdr, we do not need to decrypt it */
|
2002-12-11 15:13:49 +08:00
|
|
|
len = sizeof(struct ip6_hdr) + EXTRACT_16BITS(&ip6->ip6_plen);
|
1999-10-30 13:11:06 +08:00
|
|
|
break;
|
|
|
|
|
#endif /*INET6*/
|
|
|
|
|
case 4:
|
2001-08-21 01:52:38 +08:00
|
|
|
/* nexthdr & padding are in the last fragment */
|
2002-12-11 15:13:49 +08:00
|
|
|
if (EXTRACT_16BITS(&ip->ip_off) & IP_MF)
|
2001-08-21 01:52:38 +08:00
|
|
|
goto fail;
|
1999-10-30 13:11:06 +08:00
|
|
|
#ifdef INET6
|
|
|
|
|
ip6 = NULL;
|
|
|
|
|
#endif
|
2002-12-11 15:13:49 +08:00
|
|
|
len = EXTRACT_16BITS(&ip->ip_len);
|
1999-10-30 13:11:06 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* if we can't get nexthdr, we do not need to decrypt it */
|
|
|
|
|
if (ep - bp2 < len)
|
|
|
|
|
goto fail;
|
2002-11-13 17:35:13 +08:00
|
|
|
if (ep - bp2 > len) {
|
|
|
|
|
/* FCS included at end of frame (NetBSD 1.6 or later) */
|
|
|
|
|
ep = bp2 + len;
|
|
|
|
|
}
|
1999-10-30 13:11:06 +08:00
|
|
|
|
2002-01-21 19:39:58 +08:00
|
|
|
ivoff = (u_char *)(esp + 1) + espsecret_xform->replaysize;
|
|
|
|
|
ivlen = espsecret_xform->ivlen;
|
|
|
|
|
secret = espsecret_key;
|
1999-10-30 13:11:06 +08:00
|
|
|
|
2002-01-21 19:39:58 +08:00
|
|
|
switch (espsecret_xform->algo) {
|
1999-10-30 13:11:06 +08:00
|
|
|
case DESCBC:
|
2000-01-15 10:33:06 +08:00
|
|
|
#ifdef HAVE_LIBCRYPTO
|
1999-10-30 13:11:06 +08:00
|
|
|
{
|
|
|
|
|
u_char iv[8];
|
2002-07-28 12:23:00 +08:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
|
|
|
|
DES_key_schedule schedule;
|
|
|
|
|
#else
|
1999-10-30 13:11:06 +08:00
|
|
|
des_key_schedule schedule;
|
2002-07-28 12:23:00 +08:00
|
|
|
#endif
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
switch (ivlen) {
|
|
|
|
|
case 4:
|
|
|
|
|
memcpy(iv, ivoff, 4);
|
|
|
|
|
memcpy(&iv[4], ivoff, 4);
|
|
|
|
|
p = &iv[4];
|
|
|
|
|
*p++ ^= 0xff;
|
|
|
|
|
*p++ ^= 0xff;
|
|
|
|
|
*p++ ^= 0xff;
|
|
|
|
|
*p++ ^= 0xff;
|
|
|
|
|
break;
|
|
|
|
|
case 8:
|
|
|
|
|
memcpy(iv, ivoff, 8);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2002-07-28 12:23:00 +08:00
|
|
|
p = ivoff + ivlen;
|
1999-10-30 13:11:06 +08:00
|
|
|
|
2003-02-05 10:38:45 +08:00
|
|
|
if (espsecret_keylen != 8)
|
|
|
|
|
goto fail;
|
2002-07-28 12:23:00 +08:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
|
|
|
|
DES_set_key_unchecked((DES_cblock *)secret, schedule);
|
|
|
|
|
|
|
|
|
|
DES_cbc_encrypt((const unsigned char *)p, p,
|
|
|
|
|
(long)(ep - p), schedule, (DES_cblock *)iv,
|
|
|
|
|
DES_DECRYPT);
|
|
|
|
|
#else
|
1999-10-30 13:11:06 +08:00
|
|
|
des_check_key = 0;
|
|
|
|
|
des_set_key((void *)secret, schedule);
|
|
|
|
|
|
|
|
|
|
des_cbc_encrypt((void *)p, (void *)p,
|
|
|
|
|
(long)(ep - p), schedule, (void *)iv,
|
|
|
|
|
DES_DECRYPT);
|
2002-07-28 12:23:00 +08:00
|
|
|
#endif
|
1999-10-30 13:11:06 +08:00
|
|
|
advance = ivoff - (u_char *)esp + ivlen;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
goto fail;
|
2000-01-15 10:33:06 +08:00
|
|
|
#endif /*HAVE_LIBCRYPTO*/
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
case BLOWFISH:
|
2000-01-15 10:33:06 +08:00
|
|
|
#ifdef HAVE_LIBCRYPTO
|
1999-10-30 13:11:06 +08:00
|
|
|
{
|
|
|
|
|
BF_KEY schedule;
|
|
|
|
|
|
2003-02-05 10:38:45 +08:00
|
|
|
if (espsecret_keylen < 5 || espsecret_keylen > 56)
|
|
|
|
|
goto fail;
|
|
|
|
|
BF_set_key(&schedule, espsecret_keylen, secret);
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
p = ivoff + ivlen;
|
|
|
|
|
BF_cbc_encrypt(p, p, (long)(ep - p), &schedule, ivoff,
|
|
|
|
|
BF_DECRYPT);
|
|
|
|
|
advance = ivoff - (u_char *)esp + ivlen;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
goto fail;
|
2000-01-15 10:33:06 +08:00
|
|
|
#endif /*HAVE_LIBCRYPTO*/
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
case RC5:
|
2000-01-15 10:33:06 +08:00
|
|
|
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_RC5_H)
|
1999-10-30 13:11:06 +08:00
|
|
|
{
|
|
|
|
|
RC5_32_KEY schedule;
|
|
|
|
|
|
2003-02-05 10:38:45 +08:00
|
|
|
if (espsecret_keylen < 5 || espsecret_keylen > 255)
|
|
|
|
|
goto fail;
|
|
|
|
|
RC5_32_set_key(&schedule, espsecret_keylen, secret,
|
1999-10-30 13:11:06 +08:00
|
|
|
RC5_16_ROUNDS);
|
|
|
|
|
|
|
|
|
|
p = ivoff + ivlen;
|
|
|
|
|
RC5_32_cbc_encrypt(p, p, (long)(ep - p), &schedule, ivoff,
|
|
|
|
|
RC5_DECRYPT);
|
|
|
|
|
advance = ivoff - (u_char *)esp + ivlen;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
goto fail;
|
2000-01-15 10:33:06 +08:00
|
|
|
#endif /*HAVE_LIBCRYPTO*/
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
case CAST128:
|
2000-01-15 10:33:06 +08:00
|
|
|
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_CAST_H) && !defined(HAVE_BUGGY_CAST128)
|
1999-10-30 13:11:06 +08:00
|
|
|
{
|
|
|
|
|
CAST_KEY schedule;
|
|
|
|
|
|
2003-02-05 10:38:45 +08:00
|
|
|
if (espsecret_keylen < 5 || espsecret_keylen > 16)
|
|
|
|
|
goto fail;
|
|
|
|
|
CAST_set_key(&schedule, espsecret_keylen, secret);
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
p = ivoff + ivlen;
|
|
|
|
|
CAST_cbc_encrypt(p, p, (long)(ep - p), &schedule, ivoff,
|
|
|
|
|
CAST_DECRYPT);
|
|
|
|
|
advance = ivoff - (u_char *)esp + ivlen;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
goto fail;
|
2000-01-15 10:33:06 +08:00
|
|
|
#endif /*HAVE_LIBCRYPTO*/
|
1999-10-30 13:11:06 +08:00
|
|
|
|
|
|
|
|
case DES3CBC:
|
2000-01-15 10:33:06 +08:00
|
|
|
#if defined(HAVE_LIBCRYPTO)
|
1999-10-30 13:11:06 +08:00
|
|
|
{
|
2002-07-28 12:23:00 +08:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
|
|
|
|
DES_key_schedule s1, s2, s3;
|
|
|
|
|
|
2003-02-05 10:38:45 +08:00
|
|
|
if (espsecret_keylen != 24)
|
|
|
|
|
goto fail;
|
2002-07-28 12:23:00 +08:00
|
|
|
DES_set_odd_parity((DES_cblock *)secret);
|
|
|
|
|
DES_set_odd_parity((DES_cblock *)(secret + 8));
|
|
|
|
|
DES_set_odd_parity((DES_cblock *)(secret + 16));
|
|
|
|
|
if(DES_set_key_checked((DES_cblock *)secret, s1) != 0) {
|
|
|
|
|
printf("failed to schedule key 1\n");
|
|
|
|
|
}
|
|
|
|
|
if(DES_set_key_checked((DES_cblock *)(secret + 8), s2)!=0) {
|
|
|
|
|
printf("failed to schedule key 2\n");
|
|
|
|
|
}
|
|
|
|
|
if(DES_set_key_checked((DES_cblock *)(secret + 16), s3)!=0) {
|
|
|
|
|
printf("failed to schedule key 3\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = ivoff + ivlen;
|
|
|
|
|
DES_ede3_cbc_encrypt((const unsigned char *)p, p,
|
|
|
|
|
(long)(ep - p),
|
|
|
|
|
&s1, &s2, &s3,
|
|
|
|
|
(DES_cblock *)ivoff, DES_DECRYPT);
|
|
|
|
|
#else
|
1999-10-30 13:11:06 +08:00
|
|
|
des_key_schedule s1, s2, s3;
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2003-02-05 10:38:45 +08:00
|
|
|
if (espsecret_keylen != 24)
|
|
|
|
|
goto fail;
|
2002-01-21 19:39:58 +08:00
|
|
|
des_check_key = 1;
|
|
|
|
|
des_set_odd_parity((void *)secret);
|
2002-02-18 16:54:56 +08:00
|
|
|
des_set_odd_parity((void *)(secret + 8));
|
|
|
|
|
des_set_odd_parity((void *)(secret + 16));
|
2002-01-21 19:39:58 +08:00
|
|
|
if(des_set_key((void *)secret, s1) != 0) {
|
|
|
|
|
printf("failed to schedule key 1\n");
|
|
|
|
|
}
|
|
|
|
|
if(des_set_key((void *)(secret + 8), s2)!=0) {
|
|
|
|
|
printf("failed to schedule key 2\n");
|
|
|
|
|
}
|
|
|
|
|
if(des_set_key((void *)(secret + 16), s3)!=0) {
|
|
|
|
|
printf("failed to schedule key 3\n");
|
|
|
|
|
}
|
1999-10-18 05:56:53 +08:00
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
p = ivoff + ivlen;
|
|
|
|
|
des_ede3_cbc_encrypt((void *)p, (void *)p,
|
2002-01-21 19:39:58 +08:00
|
|
|
(long)(ep - p),
|
|
|
|
|
s1, s2, s3,
|
|
|
|
|
(void *)ivoff, DES_DECRYPT);
|
2002-07-28 12:23:00 +08:00
|
|
|
#endif
|
1999-10-30 13:11:06 +08:00
|
|
|
advance = ivoff - (u_char *)esp + ivlen;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
goto fail;
|
2000-01-15 10:33:06 +08:00
|
|
|
#endif /*HAVE_LIBCRYPTO*/
|
1999-10-18 05:56:53 +08:00
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
case NONE:
|
|
|
|
|
default:
|
2002-07-28 03:30:36 +08:00
|
|
|
advance = sizeof(struct newesp) + espsecret_xform->replaysize;
|
1999-10-30 13:11:06 +08:00
|
|
|
break;
|
|
|
|
|
}
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2002-01-21 19:39:58 +08:00
|
|
|
ep = ep - espsecret_xform->authlen;
|
1999-10-30 13:11:06 +08:00
|
|
|
/* sanity check for pad length */
|
|
|
|
|
if (ep - bp < *(ep - 2))
|
|
|
|
|
goto fail;
|
1999-10-18 05:56:53 +08:00
|
|
|
|
2001-08-21 01:52:38 +08:00
|
|
|
if (padlen)
|
|
|
|
|
*padlen = *(ep - 2) + 2;
|
|
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
if (nhdr)
|
|
|
|
|
*nhdr = *(ep - 1);
|
1999-10-18 05:56:53 +08:00
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
printf(": ");
|
|
|
|
|
return advance;
|
1999-10-18 05:56:53 +08:00
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
fail:
|
|
|
|
|
if (nhdr)
|
|
|
|
|
*nhdr = -1;
|
|
|
|
|
return 65536;
|
1999-10-18 05:56:53 +08:00
|
|
|
}
|
