summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>1997-09-23 21:41:02 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>1997-09-23 21:41:02 +0000
commitfe95bae238b42c44702d2aef8cdfd43f8b38b0e3 (patch)
treed87cf0d4ab44a56a22aa4fa37b707063175fb1d8
parent28ee63f97a8dc29e8d90de28da5b7c96ee04c0ff (diff)
Addition for tunnel mode. I'm in Canada, i can write crypto code!
-rw-r--r--sbin/ipsec/ipsecadm/ipsecadm.18
-rw-r--r--sbin/ipsec/ipsecadm/ipsecadm.c30
-rw-r--r--sbin/ipsec/ipsecadm/xf_ah_new.c9
-rw-r--r--sbin/ipsec/ipsecadm/xf_ah_old.c7
-rw-r--r--sbin/ipsec/ipsecadm/xf_esp_new.c9
-rw-r--r--sbin/ipsec/ipsecadm/xf_esp_old.c7
6 files changed, 48 insertions, 22 deletions
diff --git a/sbin/ipsec/ipsecadm/ipsecadm.1 b/sbin/ipsec/ipsecadm/ipsecadm.1
index 6bd0fda59cf..f7c1d704792 100644
--- a/sbin/ipsec/ipsecadm/ipsecadm.1
+++ b/sbin/ipsec/ipsecadm/ipsecadm.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ipsecadm.1,v 1.1 1997/08/26 17:19:06 provos Exp $
+.\" $OpenBSD: ipsecadm.1,v 1.2 1997/09/23 21:40:59 angelos Exp $
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
@@ -60,6 +60,7 @@ modifiers are:
.Fl dst ,
.Fl src ,
.Fl spi ,
+.Fl tunnel ,
.Fl enc ,
.Fl auth ,
.Fl iv
@@ -71,6 +72,7 @@ encryption algorithmns can be applied. Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl spi ,
+.Fl tunnel ,
.Fl enc ,
.Fl iv
and
@@ -82,6 +84,7 @@ are:
.Fl dst ,
.Fl src ,
.Fl spi ,
+.Fl tunnel ,
.Fl auth ,
and
.Fl key .
@@ -91,6 +94,7 @@ hashes will be used for authentication. Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl spi ,
+.Fl tunnel ,
.Fl auth ,
and
.Fl key .
@@ -121,6 +125,8 @@ The source IP address for the SPI.
The destination IP address for the SPI.
.It spi
The unique Security Parameter Index (SPI).
+.It tunnel
+The source and destination IP addresses for the external IP header.
.It enc
The encryption algorithm to be used with the SPI. Possible values
are:
diff --git a/sbin/ipsec/ipsecadm/ipsecadm.c b/sbin/ipsec/ipsecadm/ipsecadm.c
index 7d63744a716..084b7c05911 100644
--- a/sbin/ipsec/ipsecadm/ipsecadm.c
+++ b/sbin/ipsec/ipsecadm/ipsecadm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecadm.c,v 1.7 1997/08/26 17:19:06 provos Exp $ */
+/* $OpenBSD: ipsecadm.c,v 1.8 1997/09/23 21:40:59 angelos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
* (except when noted otherwise).
@@ -73,11 +73,13 @@ typedef struct {
} transform;
int xf_esp_new __P((struct in_addr, struct in_addr, u_int32_t, int, int,
- u_char *, u_char *));
+ u_char *, u_char *, struct in_addr, struct in_addr));
int xf_esp_old __P((struct in_addr, struct in_addr, u_int32_t, int, u_char *,
- u_char *));
-int xf_ah_new __P((struct in_addr, struct in_addr, u_int32_t, int, u_char *));
-int xf_ah_old __P((struct in_addr, struct in_addr, u_int32_t, int, u_char *));
+ u_char *, struct in_addr, struct in_addr));
+int xf_ah_new __P((struct in_addr, struct in_addr, u_int32_t, int, u_char *,
+ struct in_addr, struct in_addr));
+int xf_ah_old __P((struct in_addr, struct in_addr, u_int32_t, int, u_char *,
+ struct in_addr, struct in_addr));
int xf_delspi __P((struct in_addr, u_int32_t, int, int));
int xf_grp __P((struct in_addr, u_int32_t, int, struct in_addr, u_int32_t, int));
@@ -126,6 +128,7 @@ usage()
"\t\t-enc <alg>\t encryption algorithm\n"
"\t\t-auth <alg>\t authentication algorithm\n"
"\t\t-src <ip>\t source address to be used\n"
+ "\t\t-tunnel <ip> <ip> tunneling addresses\n"
"\t\t-dst <ip>\t destination address to be used\n"
"\t\t-spi <val>\t SPI to be used\n"
"\t\t-key <val>\t key material to be used\n"
@@ -147,10 +150,10 @@ main(argc, argv)
int proto = IPPROTO_ESP, proto2 = IPPROTO_AH;
int chain = 0;
u_int32_t spi = 0, spi2 = 0;
- struct in_addr src, dst, dst2;
+ struct in_addr src, dst, dst2, osrc, odst;
u_char *ivp = NULL, *keyp = NULL;
- src.s_addr = dst.s_addr = dst2.s_addr = 0;
+ osrc.s_addr = odst.s_addr = src.s_addr = dst.s_addr = dst2.s_addr = 0;
if (argc < 2) {
usage();
@@ -232,6 +235,11 @@ main(argc, argv)
} else if (!strcmp(argv[i]+1, "src") && i+1 < argc) {
src.s_addr = inet_addr(argv[i+1]);
i++;
+ } else if (!strcmp(argv[i]+1, "tunnel") && i+2 < argc) {
+ osrc.s_addr = inet_addr(argv[i+1]);
+ i++;
+ odst.s_addr = inet_addr(argv[i+1]);
+ i++;
} else if (!strcmp(argv[i]+1, "dst") && i+1 < argc) {
dst.s_addr = inet_addr(argv[i+1]);
i++;
@@ -298,16 +306,16 @@ main(argc, argv)
if (isencauth(mode)) {
switch(mode) {
case ESP_NEW:
- xf_esp_new(src, dst, spi, enc, auth, ivp, keyp);
+ xf_esp_new(src, dst, spi, enc, auth, ivp, keyp, osrc, odst);
break;
case ESP_OLD:
- xf_esp_old(src, dst, spi, enc, ivp, keyp);
+ xf_esp_old(src, dst, spi, enc, ivp, keyp, osrc, odst);
break;
case AH_NEW:
- xf_ah_new(src, dst, spi, auth, keyp);
+ xf_ah_new(src, dst, spi, auth, keyp, osrc, odst);
break;
case AH_OLD:
- xf_ah_old(src, dst, spi, auth, keyp);
+ xf_ah_old(src, dst, spi, auth, keyp, osrc, odst);
break;
}
} else {
diff --git a/sbin/ipsec/ipsecadm/xf_ah_new.c b/sbin/ipsec/ipsecadm/xf_ah_new.c
index fb0acb1a589..55c21e59653 100644
--- a/sbin/ipsec/ipsecadm/xf_ah_new.c
+++ b/sbin/ipsec/ipsecadm/xf_ah_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xf_ah_new.c,v 1.1 1997/08/26 12:04:36 provos Exp $ */
+/* $OpenBSD: xf_ah_new.c,v 1.2 1997/09/23 21:41:00 angelos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
* (except when noted otherwise).
@@ -58,11 +58,12 @@ int xf_set __P(( struct encap_msghdr *));
int x2i __P((char *));
int
-xf_ah_new(src, dst, spi, auth, keyp)
+xf_ah_new(src, dst, spi, auth, keyp, osrc, odst)
struct in_addr src, dst;
u_int32_t spi;
int auth;
u_char *keyp;
+struct in_addr osrc, odst;
{
int klen, i;
@@ -79,13 +80,15 @@ u_char *keyp;
em->em_spi = spi;
em->em_src = src;
em->em_dst = dst;
+ em->em_osrc = osrc;
+ em->em_odst = odst;
em->em_alg = XF_NEW_AH;
em->em_sproto = IPPROTO_AH;
xd = (struct ah_new_xencap *)(em->em_dat);
xd->amx_hash_algorithm = auth;
- xd->amx_wnd = 32;
+ xd->amx_wnd = -1; /* Manual setup -- no sequence number */
xd->amx_keylen = klen;
bzero(xd->amx_key, klen);
diff --git a/sbin/ipsec/ipsecadm/xf_ah_old.c b/sbin/ipsec/ipsecadm/xf_ah_old.c
index d519fe348ea..bd58587e486 100644
--- a/sbin/ipsec/ipsecadm/xf_ah_old.c
+++ b/sbin/ipsec/ipsecadm/xf_ah_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xf_ah_old.c,v 1.1 1997/08/26 12:04:37 provos Exp $ */
+/* $OpenBSD: xf_ah_old.c,v 1.2 1997/09/23 21:41:00 angelos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
* (except when noted otherwise).
@@ -58,11 +58,12 @@ int xf_set __P(( struct encap_msghdr *));
int x2i __P((char *));
int
-xf_ah_old(src, dst, spi, auth, keyp)
+xf_ah_old(src, dst, spi, auth, keyp, osrc, odst)
struct in_addr src, dst;
u_int32_t spi;
int auth;
u_char *keyp;
+struct in_addr osrc, odst;
{
int klen, i;
@@ -79,6 +80,8 @@ u_char *keyp;
em->em_spi = spi;
em->em_src = src;
em->em_dst = dst;
+ em->em_osrc = osrc;
+ em->em_odst = odst;
em->em_alg = XF_OLD_AH;
em->em_sproto = IPPROTO_AH;
diff --git a/sbin/ipsec/ipsecadm/xf_esp_new.c b/sbin/ipsec/ipsecadm/xf_esp_new.c
index 76eab053137..af7a05b83c7 100644
--- a/sbin/ipsec/ipsecadm/xf_esp_new.c
+++ b/sbin/ipsec/ipsecadm/xf_esp_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xf_esp_new.c,v 1.1 1997/08/26 12:04:43 provos Exp $ */
+/* $OpenBSD: xf_esp_new.c,v 1.2 1997/09/23 21:41:01 angelos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
* (except when noted otherwise).
@@ -58,11 +58,12 @@ int xf_set __P(( struct encap_msghdr *));
int x2i __P((char *));
int
-xf_esp_new(src, dst, spi, enc, auth, ivp, keyp)
+xf_esp_new(src, dst, spi, enc, auth, ivp, keyp, osrc, odst)
struct in_addr src, dst;
u_int32_t spi;
int enc, auth;
u_char *ivp, *keyp;
+struct in_addr osrc, odst;
{
int i, klen, ivlen;
@@ -80,6 +81,8 @@ u_char *ivp, *keyp;
em->em_spi = spi;
em->em_src = src;
em->em_dst = dst;
+ em->em_osrc = osrc;
+ em->em_odst = odst;
em->em_alg = XF_NEW_ESP;
em->em_sproto = IPPROTO_ESP;
@@ -89,7 +92,7 @@ u_char *ivp, *keyp;
xd->edx_hash_algorithm = auth;
xd->edx_ivlen = ivlen;
xd->edx_keylen = klen;
- xd->edx_wnd = 32;
+ xd->edx_wnd = -1; /* Manual keying -- no seq */
xd->edx_flags = auth ? ESP_NEW_FLAG_AUTH : 0;
for (i = 0; i < ivlen; i++)
diff --git a/sbin/ipsec/ipsecadm/xf_esp_old.c b/sbin/ipsec/ipsecadm/xf_esp_old.c
index 98e2ad8b719..ec1ac975dcc 100644
--- a/sbin/ipsec/ipsecadm/xf_esp_old.c
+++ b/sbin/ipsec/ipsecadm/xf_esp_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xf_esp_old.c,v 1.1 1997/08/26 12:04:44 provos Exp $ */
+/* $OpenBSD: xf_esp_old.c,v 1.2 1997/09/23 21:41:01 angelos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
* (except when noted otherwise).
@@ -58,11 +58,12 @@ int xf_set __P(( struct encap_msghdr *));
int x2i __P((char *));
int
-xf_esp_old(src, dst, spi, enc, ivp, keyp)
+xf_esp_old(src, dst, spi, enc, ivp, keyp, osrc, odst)
struct in_addr src, dst;
u_int32_t spi;
int enc;
u_char *ivp, *keyp;
+struct in_addr osrc, odst;
{
int i, ivlen, klen;
@@ -80,6 +81,8 @@ u_char *ivp, *keyp;
em->em_spi = spi;
em->em_src = src;
em->em_dst = dst;
+ em->em_osrc = osrc;
+ em->em_odst = odst;
em->em_alg = XF_OLD_ESP;
em->em_sproto = IPPROTO_ESP;