diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2001-01-26 11:34:09 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2001-01-26 11:34:09 +0000 |
commit | a35fc8c0e0c41c0e6a4d15f10830e55a41173829 (patch) | |
tree | 395f7779b596a1ca851896ab70168d28a0f46039 /sbin/isakmpd | |
parent | 357f350df412081108ea92adbc0dd739527481df (diff) |
Move in foreign OS support. The OpenBSD repository is now the official
isakmpd home.
Diffstat (limited to 'sbin/isakmpd')
32 files changed, 4540 insertions, 0 deletions
diff --git a/sbin/isakmpd/sysdep/common/blf.h b/sbin/isakmpd/sysdep/common/blf.h new file mode 100644 index 00000000000..042668138bc --- /dev/null +++ b/sbin/isakmpd/sysdep/common/blf.h @@ -0,0 +1,79 @@ +/* $OpenBSD: blf.h,v 1.1 2001/01/26 11:33:59 niklas Exp $ */ +/* + * Blowfish - a fast block cipher designed by Bruce Schneier + * + * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _BLF_H_ +#define _BLF_H_ + +#ifndef __P +#define __P(args) args +#endif + +/* Schneier states the maximum key length to be 56 bytes. + * The way how the subkeys are initalized by the key up + * to (N+2)*4 i.e. 72 bytes are utilized. + * Warning: For normal blowfish encryption only 56 bytes + * of the key affect all cipherbits. + */ + +#define BLF_N 16 /* Number of Subkeys */ +#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ + +/* Blowfish context */ +typedef struct BlowfishContext { + u_int32_t S[4][256]; /* S-Boxes */ + u_int32_t P[BLF_N + 2]; /* Subkeys */ +} blf_ctx; + +/* Raw access to customized Blowfish + * blf_key is just: + * Blowfish_initstate( state ) + * Blowfish_expand0state( state, key, keylen ) + */ + +void Blowfish_encipher __P((blf_ctx *, u_int32_t *, u_int32_t *)); +void Blowfish_decipher __P((blf_ctx *, u_int32_t *, u_int32_t *)); +void Blowfish_initstate __P((blf_ctx *)); +void Blowfish_expand0state __P((blf_ctx *, const u_int8_t *, u_int16_t)); +void Blowfish_expandstate + __P((blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t)); + +/* Standard Blowfish */ + +void blf_key __P((blf_ctx *, const u_int8_t *, u_int16_t)); +void blf_enc __P((blf_ctx *, u_int32_t *, u_int16_t)); +void blf_dec __P((blf_ctx *, u_int32_t *, u_int16_t)); + +/* Converts u_int8_t to u_int32_t */ +u_int32_t Blowfish_stream2word __P((const u_int8_t *, u_int16_t , u_int16_t *)); + +#endif diff --git a/sbin/isakmpd/sysdep/common/cast.h b/sbin/isakmpd/sysdep/common/cast.h new file mode 100644 index 00000000000..c130986ee64 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/cast.h @@ -0,0 +1,22 @@ +/* $OpenBSD: cast.h,v 1.1 2001/01/26 11:34:00 niklas Exp $ */ +/* + * CAST-128 in C + * Written by Steve Reid <sreid@sea-to-sky.net> + * 100% Public Domain - no warranty + * Released 1997.10.11 + */ + +#ifndef _CAST_H_ +#define _CAST_H_ + +typedef struct { + u_int32_t xkey[32]; /* Key, after expansion */ + int rounds; /* Number of rounds to use, 12 or 16 */ +} cast_key; + +void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes); +void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock); +void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock); + +#endif /* ifndef _CAST_H_ */ + diff --git a/sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile b/sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile new file mode 100644 index 00000000000..88874133a7b --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile @@ -0,0 +1,62 @@ +# $Id: GNUmakefile,v 1.1 2001/01/26 11:34:00 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +.CURDIR:= $(shell pwd) + +LIB= sysdep +SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c +NOMAN= +CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine + +lib${LIB}.a: ${SRCS:%.c=%.o} + ar cq $@ ${SRCS:%.c=%.o} + +clean: + rm -f lib${LIB}.a ${SRCS:%.c=%.o} + +cleandir: clean cleandepend + +depend: .depend + +.depend: ${SRCS} + @rm -f .depend + ${MKDEP} ${CFLAGS} ${SRCS} > .depend + +cleandepend: + rm -f .depend + +ifneq ($(findstring clean,$(MAKECMDGOALS)),clean) +-include .depend +endif diff --git a/sbin/isakmpd/sysdep/common/libsysdep/Makefile b/sbin/isakmpd/sysdep/common/libsysdep/Makefile new file mode 100644 index 00000000000..3604b6059ad --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/Makefile @@ -0,0 +1,48 @@ +# $Id: Makefile,v 1.1 2001/01/26 11:34:00 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# +OPSYS!= uname -s + +LIB= sysdep +SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c +NOPROFILE= +NOPIC= +NOMAN= +.if ${OPSYS} == "NetBSD" +CPPFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine +.else +CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine +.endif + +.include <bsd.lib.mk> diff --git a/sbin/isakmpd/sysdep/common/libsysdep/arc4random.c b/sbin/isakmpd/sysdep/common/libsysdep/arc4random.c new file mode 100644 index 00000000000..fffc2c1d8b2 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/arc4random.c @@ -0,0 +1,176 @@ +/* $OpenBSD: arc4random.c,v 1.1 2001/01/26 11:34:00 niklas Exp $ */ + +/* + * Arc4 random number generator for OpenBSD. + * Copyright 1996 David Mazieres <dm@lcs.mit.edu>. + * + * Modification and redistribution in source and binary forms is + * permitted provided that due credit is given to the author and the + * OpenBSD project (for instance by leaving this copyright notice + * intact). + */ + +/* + * This code is derived from section 17.1 of Applied Cryptography, + * second edition, which describes a stream cipher allegedly + * compatible with RSA Labs "RC4" cipher (the actual description of + * which is a trade secret). The same algorithm is used as a stream + * cipher called "arcfour" in Tatu Ylonen's ssh package. + * + * Here the stream cipher has been modified always to include the time + * when initializing the state. That makes it impossible to + * regenerate the same random sequence twice, so this can't be used + * for encryption, but will generate good random numbers. + * + * RC4 is a registered trademark of RSA Laboratories. + */ + +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/time.h> + +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +struct arc4_stream { + u_int8_t i; + u_int8_t j; + u_int8_t s[256]; +}; + +int rs_initialized; +static struct arc4_stream rs; + +static inline void +arc4_init(as) + struct arc4_stream *as; +{ + int n; + + for (n = 0; n < 256; n++) + as->s[n] = n; + as->i = 0; + as->j = 0; +} + +static inline void +arc4_addrandom(as, dat, datlen) + struct arc4_stream *as; + u_char *dat; + int datlen; +{ + int n; + u_int8_t si; + + as->i--; + for (n = 0; n < 256; n++) { + as->i = (as->i + 1); + si = as->s[as->i]; + as->j = (as->j + si + dat[n % datlen]); + as->s[as->i] = as->s[as->j]; + as->s[as->j] = si; + } +} + +static void +arc4_stir(as) + struct arc4_stream *as; +{ + int fd; + struct { + struct timeval tv; + u_int8_t rnd[128 - sizeof(struct timeval)]; + } rdat; + + gettimeofday(&rdat.tv, NULL); + fd = open("/dev/arandom", O_RDONLY); + if (fd >= 0) { + read(fd, rdat.rnd, sizeof(rdat.rnd)); + close(fd); + } + /* fd < 0? Ah, what the heck. We'll just take whatever was on the + * stack... */ + + arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); +} + +static inline u_int8_t +arc4_getbyte(as) + struct arc4_stream *as; +{ + u_int8_t si, sj; + + as->i = (as->i + 1); + si = as->s[as->i]; + as->j = (as->j + si); + sj = as->s[as->j]; + as->s[as->i] = sj; + as->s[as->j] = si; + return (as->s[(si + sj) & 0xff]); +} + +static inline u_int32_t +arc4_getword(as) + struct arc4_stream *as; +{ + u_int32_t val; + val = arc4_getbyte(as) << 24; + val |= arc4_getbyte(as) << 16; + val |= arc4_getbyte(as) << 8; + val |= arc4_getbyte(as); + return val; +} + +void +arc4random_stir() +{ + if (!rs_initialized) { + arc4_init(&rs); + rs_initialized = 1; + } + arc4_stir(&rs); +} + +void +arc4random_addrandom(dat, datlen) + u_char *dat; + int datlen; +{ + if (!rs_initialized) + arc4random_stir(); + arc4_addrandom(&rs, dat, datlen); +} + +u_int32_t +arc4random() +{ + if (!rs_initialized) + arc4random_stir(); + return arc4_getword(&rs); +} + +#if 0 +/*-------- Test code for i386 --------*/ +#include <stdio.h> +#include <machine/pctr.h> +int +main(int argc, char **argv) +{ + const int iter = 1000000; + int i; + pctrval v; + + v = rdtsc(); + for (i = 0; i < iter; i++) + arc4random(); + v = rdtsc() - v; + v /= iter; + + printf("%qd cycles\n", v); +} +#endif diff --git a/sbin/isakmpd/sysdep/common/libsysdep/blowfish.c b/sbin/isakmpd/sysdep/common/libsysdep/blowfish.c new file mode 100644 index 00000000000..d2ce5dfcea4 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/blowfish.c @@ -0,0 +1,774 @@ +/* $OpenBSD: blowfish.c,v 1.1 2001/01/26 11:34:01 niklas Exp $ */ +/* + * Blowfish block cipher for OpenBSD + * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> + * All rights reserved. + * + * Implementation advice by David Mazieres <dm@lcs.mit.edu>. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code is derived from section 14.3 and the given source + * in section V of Applied Cryptography, second edition. + * Blowfish is an unpatented fast block cipher designed by + * Bruce Schneier. + */ + +#if 0 +#include <stdio.h> /* used for debugging */ +#include <string.h> +#endif + +#include <sys/types.h> +#include <blf.h> + +#undef inline +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +/* Function for Feistel Networks */ + +#define F(bc, x) ((((bc)->S[0][((x) & 0xFF000000) >> 24] \ + + (bc)->S[1][((x) &0xFF0000 ) >> 16]) \ + ^ (bc)->S[2][((x) & 0xFF00) >> 8]) \ + + (bc)->S[3][(x) & 0x00FF]) + +#define BLFRND(bc,i,j,n) (i ^= F(bc,j) ^ (bc)->P[n]) + +void +Blowfish_encipher(c, xl, xr) + blf_ctx *c; + u_int32_t *xl; + u_int32_t *xr; +{ + u_int32_t Xl; + u_int32_t Xr; + + Xl = *xl; + Xr = *xr; + + Xl ^= c->P[0]; + BLFRND(c, Xr, Xl, 1); BLFRND(c, Xl, Xr, 2); + BLFRND(c, Xr, Xl, 3); BLFRND(c, Xl, Xr, 4); + BLFRND(c, Xr, Xl, 5); BLFRND(c, Xl, Xr, 6); + BLFRND(c, Xr, Xl, 7); BLFRND(c, Xl, Xr, 8); + BLFRND(c, Xr, Xl, 9); BLFRND(c, Xl, Xr, 10); + BLFRND(c, Xr, Xl, 11); BLFRND(c, Xl, Xr, 12); + BLFRND(c, Xr, Xl, 13); BLFRND(c, Xl, Xr, 14); + BLFRND(c, Xr, Xl, 15); BLFRND(c, Xl, Xr, 16); + + *xl = Xr ^ c->P[17]; + *xr = Xl; +} + +void +Blowfish_decipher(c, xl, xr) + blf_ctx *c; + u_int32_t *xl; + u_int32_t *xr; +{ + u_int32_t Xl; + u_int32_t Xr; + + Xl = *xl; + Xr = *xr; + + Xl ^= c->P[17]; + BLFRND(c, Xr, Xl, 16); BLFRND(c, Xl, Xr, 15); + BLFRND(c, Xr, Xl, 14); BLFRND(c, Xl, Xr, 13); + BLFRND(c, Xr, Xl, 12); BLFRND(c, Xl, Xr, 11); + BLFRND(c, Xr, Xl, 10); BLFRND(c, Xl, Xr, 9); + BLFRND(c, Xr, Xl, 8); BLFRND(c, Xl, Xr, 7); + BLFRND(c, Xr, Xl, 6); BLFRND(c, Xl, Xr, 5); + BLFRND(c, Xr, Xl, 4); BLFRND(c, Xl, Xr, 3); + BLFRND(c, Xr, Xl, 2); BLFRND(c, Xl, Xr, 1); + + *xl = Xr ^ c->P[0]; + *xr = Xl; +} + +void +Blowfish_initstate(c) + blf_ctx *c; +{ + +/* P-box and S-box tables initialized with digits of Pi */ + + const blf_ctx initstate = + + { { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, + { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, + { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, + { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} + }, + { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } }; + + *c = initstate; + +} + +#ifdef __STDC__ +u_int32_t +Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current) +#else +u_int32_t +Blowfish_stream2word(data, databytes, current) + const u_int8_t *data; + u_int16_t databytes; + u_int16_t *current; +#endif +{ + u_int8_t i; + u_int16_t j; + u_int32_t temp; + + temp = 0x00000000; + j = *current; + + for (i = 0; i < 4; i++, j++) { + if (j >= databytes) + j = 0; + temp = (temp << 8) | data[j]; + } + + *current = j; + return temp; +} + +#if __STDC__ +void +Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) +#else +void +Blowfish_expand0state(c, key, keybytes) + blf_ctx *c; + const u_int8_t *key; + u_int16_t keybytes; +#endif +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } +} + + +#if __STDC__ +void +Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, + const u_int8_t *key, u_int16_t keybytes) +#else +void +Blowfish_expandstate(c, data, databytes, key, keybytes) + blf_ctx *c; + const u_int8_t *data; + u_int16_t databytes; + const u_int8_t *key; + u_int16_t keybytes; +#endif +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } + +} + +#if __STDC__ +void +blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) +#else +void +blf_key(c, k, len) + blf_ctx *c; + const u_int8_t *k; + u_int16_t len; +#endif +{ + /* Initalize S-boxes and subkeys with Pi */ + Blowfish_initstate(c); + + /* Transform S-boxes and subkeys with key */ + Blowfish_expand0state(c, k, len); +} + +#if __STDC__ +void +blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +#else +void +blf_enc(c, data, blocks) + blf_ctx *c; + u_int32_t *data; + u_int16_t blocks; +#endif +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_encipher(c, d, d + 1); + d += 2; + } +} + +#if __STDC__ +void +blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +#else +void +blf_dec(c, data, blocks) + blf_ctx *c; + u_int32_t *data; + u_int16_t blocks; +#endif +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_decipher(c, d, d + 1); + d += 2; + } +} + +#if __STDC__ +void +blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +#else +void +blf_ecb_encrypt(c, data, len) + blf_ctx *c; + u_int8_t *data; + u_int32_t len; +#endif +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +#if __STDC__ +void +blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +#else +void +blf_ecb_decrypt(c, data, len) + blf_ctx *c; + u_int8_t *data; + u_int32_t len; +#endif +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +#if __STDC__ +void +blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) +#else +void +blf_cbc_encrypt(c, iv, data, len) + blf_ctx *c; + u_int8_t *iv; + u_int8_t *data; + u_int32_t len; +#endif +{ + u_int32_t l, r; + u_int32_t i, j; + + for (i = 0; i < len; i += 8) { + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + iv = data; + data += 8; + } +} + +#if __STDC__ +void +blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) +#else +void +blf_cbc_decrypt(c, iva, data, len) + blf_ctx *c; + u_int8_t *iva; + u_int8_t *data; + u_int32_t len; +#endif +{ + u_int32_t l, r; + u_int8_t *iv; + u_int32_t i, j; + + iv = data + len - 16; + data = data + len - 8; + for (i = len - 8; i >= 8; i -= 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + iv -= 8; + data -= 8; + } + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iva[j]; +} + +#if 0 +void +report(u_int32_t data[], u_int16_t len) +{ + u_int16_t i; + for (i = 0; i < len; i += 2) + printf("Block %0hd: %08lx %08lx.\n", + i / 2, data[i], data[i + 1]); +} +void +main(void) +{ + + blf_ctx c; + char key[] = "AAAAA"; + char key2[] = "abcdefghijklmnopqrstuvwxyz"; + + u_int32_t data[10]; + u_int32_t data2[] = + {0x424c4f57l, 0x46495348l}; + + u_int16_t i; + + /* First test */ + for (i = 0; i < 10; i++) + data[i] = i; + + blf_key(&c, (u_int8_t *) key, 5); + blf_enc(&c, data, 5); + blf_dec(&c, data, 1); + blf_dec(&c, data + 2, 4); + printf("Should read as 0 - 9.\n"); + report(data, 10); + + /* Second test */ + blf_key(&c, (u_int8_t *) key2, strlen(key2)); + blf_enc(&c, data2, 1); + printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); + report(data2, 2); + blf_dec(&c, data2, 1); + report(data2, 2); +} +#endif diff --git a/sbin/isakmpd/sysdep/common/libsysdep/cast.c b/sbin/isakmpd/sysdep/common/libsysdep/cast.c new file mode 100644 index 00000000000..35509546ab7 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/cast.c @@ -0,0 +1,29 @@ +/* + * Created by Martin Rinman, rinman@erlang.ericsson.se + * Copyright (C) 1998 Ericsson Radio Systems AB + */ + + +#include <assert.h> +#include <sys/types.h> + +#include "cast.h" + + +void +cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes) { + assert("cast_setkey not implemented yet"); +} + +void +cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) { + assert("cast_encrypt not implemented yet"); +} + +void +cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) { + assert("cast_decrypt not implemented yet"); +} + + + diff --git a/sbin/isakmpd/sysdep/common/libsysdep/md5.c b/sbin/isakmpd/sysdep/common/libsysdep/md5.c new file mode 100644 index 00000000000..34e89fc2fed --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/md5.c @@ -0,0 +1,390 @@ +/* + * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic + * changes to accomodate it in the kernel by ji. + */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +/* + * Additions by JI + * + * HAVEMEMCOPY is defined if mem* routines are available + * + * HAVEHTON is defined if htons() and htonl() can be used + * for big/little endian conversions + * + */ + +#include <stddef.h> +#include <string.h> + +#include "md5.h" + +#ifndef WIN32 +#include "endian.h" /* sets BYTE_ORDER, LITTLE_ENDIAN, and BIG_ENDIAN */ +#endif + +#define HAVEMEMCOPY 1 /* use ISO C's memcpy and memset */ + +/* Constants for MD5Transform routine. + */ + +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + +#define MD5Transform _MD5Transform + +static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); + +#if BYTE_ORDER == LITTLE_ENDIAN +#define Encode MD5_memcpy +#define Decode MD5_memcpy +#else +static void Encode PROTO_LIST + ((unsigned char *, UINT4 *, unsigned int)); +static void Decode PROTO_LIST + ((UINT4 *, unsigned char *, unsigned int)); +#endif + +#ifdef HAVEMEMCOPY +#include <memory.h> +#define MD5_memcpy memcpy +#define MD5_memset memset +#else +#ifdef HAVEBCOPY +#define MD5_memcpy(_a,_b,_c) memcpy((_a), (_b),(_c)) +#define MD5_memset(_a,_b,_c) memset((_a), '\0',(_c)) +#else +static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); +static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); +#endif +#endif +static unsigned char PADDING[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G, H and I are basic MD5 functions. + */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits. + */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +/* MD5 initialization. Begins an MD5 operation, writing a new context. + */ +void MD5Init (context) +MD5_CTX *context; /* context */ +{ + context->count[0] = context->count[1] = 0; + /* Load magic initialization constants. +*/ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* MD5 block update operation. Continues an MD5 message-digest + operation, processing another message block, and updating the + context. + */ +void MD5Update (context, input, inputLen) +MD5_CTX *context; /* context */ +unsigned char *input; /* input block */ +unsigned int inputLen; /* length of input block */ +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int)((context->count[0] >> 3) & 0x3F); + + /* Update number of bits */ + if ((context->count[0] += ((UINT4)inputLen << 3)) + < ((UINT4)inputLen << 3)) + context->count[1]++; + context->count[1] += ((UINT4)inputLen >> 29); + + partLen = 64 - index; + + /* Transform as many times as possible. +*/ + if (inputLen >= partLen) { + MD5_memcpy + ((POINTER)&context->buffer[index], (POINTER)input, partLen); + MD5Transform (context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + MD5Transform (context->state, &input[i]); + + index = 0; + } + else + i = 0; + + /* Buffer remaining input */ + MD5_memcpy + ((POINTER)&context->buffer[index], (POINTER)&input[i], + inputLen-i); +} + +/* MD5 finalization. Ends an MD5 message-digest operation, writing the + the message digest and zeroizing the context. + */ +void MD5Final (digest, context) +unsigned char digest[16]; /* message digest */ +MD5_CTX *context; /* context */ +{ + unsigned char bits[8]; + unsigned int index, padLen; + + /* Save number of bits */ + Encode (bits, context->count, 8); + + /* Pad out to 56 mod 64. +*/ + index = (unsigned int)((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + MD5Update (context, PADDING, padLen); + + /* Append length (before padding) */ + MD5Update (context, bits, 8); + + if (digest != NULL) /* Bill Simpson's padding */ + { + /* store state in digest */ + Encode (digest, context->state, 16); + + /* Zeroize sensitive information. + */ + MD5_memset ((POINTER)context, 0, sizeof (*context)); + } +} + +/* MD5 basic transformation. Transforms state based on block. + */ +static void MD5Transform (state, block) +UINT4 state[4]; +unsigned char block[64]; +{ + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + + Decode (x, block, 64); + + /* Round 1 */ + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. +*/ + MD5_memset ((POINTER)x, 0, sizeof (x)); +} + +#if BYTE_ORDER != LITTLE_ENDIAN + +/* Encodes input (UINT4) into output (unsigned char). Assumes len is + a multiple of 4. + */ +static void Encode (output, input, len) +unsigned char *output; +UINT4 *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = (unsigned char)(input[i] & 0xff); + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); + } +} + +/* Decodes input (unsigned char) into output (UINT4). Assumes len is + a multiple of 4. + */ +static void Decode (output, input, len) +UINT4 *output; +unsigned char *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | + (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); +} + +#endif + +#ifndef HAVEMEMCOPY +#ifndef HAVEBCOPY +/* Note: Replace "for loop" with standard memcpy if possible. + */ + +static void MD5_memcpy (output, input, len) +POINTER output; +POINTER input; +unsigned int len; +{ + unsigned int i; + + for (i = 0; i < len; i++) + + output[i] = input[i]; +} + +/* Note: Replace "for loop" with standard memset if possible. + */ +static void MD5_memset (output, value, len) +POINTER output; +int value; +unsigned int len; +{ + unsigned int i; + + for (i = 0; i < len; i++) + ((char *)output)[i] = (char)value; +} +#endif +#endif + diff --git a/sbin/isakmpd/sysdep/common/libsysdep/sha1.c b/sbin/isakmpd/sysdep/common/libsysdep/sha1.c new file mode 100644 index 00000000000..19db0c468d7 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/libsysdep/sha1.c @@ -0,0 +1,171 @@ +/* +SHA-1 in C +By Steve Reid <steve@edmweb.com> +100% Public Domain + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#define SHA1HANDSOFF + +#include <string.h> + +#include "sha1.h" +#ifndef WIN32 + #include "endian.h" /* sets BYTE_ORDER, LITTLE_ENDIAN, and BIG_ENDIAN */ +#endif + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if BYTE_ORDER == LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#elif BYTE_ORDER == BIG_ENDIAN +#define blk0(i) block->l[i] +#else +#error "Endianness not defined!" +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void SHA1Transform(unsigned long state[5], unsigned char buffer[64]) +{ +unsigned long a, b, c, d, e; +typedef union { + unsigned char c[64]; + unsigned long l[16]; +} CHAR64LONG16; +CHAR64LONG16* block; +#ifdef SHA1HANDSOFF +static CHAR64LONG16 workspace; + block = &workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len) +{ +unsigned int i; +unsigned long j; + + j = context->count[0]; + if ((context->count[0] += len << 3) < j) context->count[1] += (len>>29)+1; + j = (j >> 3) & 63; + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ +unsigned long i, j; +unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1Update(context, (unsigned char *)"\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1Update(context, (unsigned char *)"\0", 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + i = j = 0; + memset(context->buffer, '\0', 64); + memset(context->state, '\0', 20); + memset(context->count, '\0', 8); + memset(&finalcount, '\0', 8); +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ + SHA1Transform(context->state, context->buffer); +#endif +} diff --git a/sbin/isakmpd/sysdep/common/md5.h b/sbin/isakmpd/sysdep/common/md5.h new file mode 100644 index 00000000000..88b24ff94f8 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/md5.h @@ -0,0 +1,71 @@ +/* GLOBAL.H - RSAREF types and constants + */ + +/* PROTOTYPES should be set to one if and only if the compiler supports + function argument prototyping. + The following makes PROTOTYPES default to 0 if it has not already + been defined with C compiler flags. + */ +#ifndef PROTOTYPES +#define PROTOTYPES 1 +#endif + +/* POINTER defines a generic pointer type */ +typedef unsigned char *POINTER; + +/* UINT2 defines a two byte word */ +typedef unsigned short int UINT2; + +/* UINT4 defines a four byte word */ +typedef unsigned long int UINT4; + +/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. + If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it + returns an empty list. + */ + +#if PROTOTYPES +#define PROTO_LIST(list) list +#else +#define PROTO_LIST(list) () +#endif + + +/* MD5.H - header file for MD5C.C + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +/* MD5 context. */ +typedef struct { + UINT4 state[4]; /* state (ABCD) */ + UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ + unsigned char buffer[64]; /* input buffer */ +} MD5_CTX; + +void MD5Init PROTO_LIST ((MD5_CTX *)); +void MD5Update PROTO_LIST + ((MD5_CTX *, unsigned char *, unsigned int)); +void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); + +#define _MD5_H_ diff --git a/sbin/isakmpd/sysdep/common/sha1.h b/sbin/isakmpd/sysdep/common/sha1.h new file mode 100644 index 00000000000..fb675715ef8 --- /dev/null +++ b/sbin/isakmpd/sysdep/common/sha1.h @@ -0,0 +1,16 @@ +/* +SHA-1 in C +By Steve Reid <steve@edmweb.com> +100% Public Domain +*/ + +typedef struct { + unsigned long state[5]; + unsigned long count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + +void SHA1Transform(unsigned long state[5], unsigned char buffer[64]); +void SHA1Init(SHA1_CTX* context); +void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len); +void SHA1Final(unsigned char digest[20], SHA1_CTX* context); diff --git a/sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep new file mode 100644 index 00000000000..eba18c46c3d --- /dev/null +++ b/sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep @@ -0,0 +1,66 @@ +# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:01 niklas Exp $ + +# +# Copyright (c) 1999 Håkan Olsson. All rights reserved. +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +LIBGMP:= /usr/lib/libgmp.a +LIBCRYPTO:= /usr/lib/libcrypto.a +LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep +LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a + +LDADD+= -lgmp ${LIBSYSDEP} +DPADD+= ${LIBGMP} ${LIBSYSDEP} + +FEATURES= debug tripledes blowdish cast ec aggressive +# Not yet +#FEATURES+= policy x509 + +IPSEC_SRCS= pf_key_v2.c +IPSEC_CFLAGS= -DUSE_PF_KEY_V2 + +USE_LIBCRYPTO= defined + +# hack libsysdep.a dependency +${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: + cd ${LIBSYSDEPDIR} && + ${MAKE} --no-print-directory ${MAKEFLAGS} \ + CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS} + +depend: ${LIBSYSDEPDIR}/.depend + +ifeq ($(findstring clean, $(MAKECMDGOALS)), clean) +SUBDIR+= sysdep/common/libsysdep +MAKEFLAGS+= --no-print-directory +endif + diff --git a/sbin/isakmpd/sysdep/freebsd/Makefile.sysdep b/sbin/isakmpd/sysdep/freebsd/Makefile.sysdep new file mode 100644 index 00000000000..ff3064c1872 --- /dev/null +++ b/sbin/isakmpd/sysdep/freebsd/Makefile.sysdep @@ -0,0 +1,78 @@ +# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:03 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER INN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# Override default features +FEATURES= tripledes blowfish cast ec aggressive debug + +.if defined(TOPDIR) +LIBSYSDEPDIR= ${TOPDIR}/sysdep/common/libsysdep +.else +LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep +.endif + +LDADD+= -lgmp ${LIBSYSDEPDIR}/libsysdep.a -L/usr/local/lib +DPADD+= ${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a + +CFLAGS+= -I${.CURDIR}/sysdep/common -I/usr/include \ + -I/usr/local/include -I/usr/local/include/openssl + +IPSEC_SRCS= pf_key_v2.c +IPSEC_CFLAGS= -DUSE_PF_KEY_V2 + +USE_LIBCRYPTO= defined + +# This is a hack in order to make sure libsysdep is built before the +# linkstage of isakmpd. As a side effect the link is always done even if +# not necessary. Well, I just don't care. +GENERATED+= sysdep-target +sysdep-target: + cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS} + +# Kludge around much strange behaviour in /usr/share/mk/bsd.*/mk, don't build certpatch +SUBDIR= + +.if make(clean) +SUBDIR+= sysdep/common/libsysdep +.endif + +# Kludge around bug in /usr/share/mk/bsd.subdir.mk +NO_REGRESS= defined + +# Kludge around bug/feature in /usr/share/mk/bsd.man.mk +MAN8= isakmpd.8 +MAN5= isakmpd.conf.5 isakmpd.policy.5 + +obj: + mkdir obj diff --git a/sbin/isakmpd/sysdep/freebsd/sysdep-os.h b/sbin/isakmpd/sysdep/freebsd/sysdep-os.h new file mode 100644 index 00000000000..23809ef5bed --- /dev/null +++ b/sbin/isakmpd/sysdep/freebsd/sysdep-os.h @@ -0,0 +1,68 @@ +/* $Id: sysdep-os.h,v 1.1 2001/01/26 11:34:03 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#ifndef _SYSDEP_OS_H_ + +#define _SYSDEP_OS_H_ + +#define KAME + +#include <netinet6/ipsec.h> + +/* We need in_addr_t, in_port_t & socklen_t. */ +typedef u_int32_t in_addr_t; +typedef u_int16_t in_port_t; +typedef u_int32_t socklen_t; + +#if 0 +/* OpenSSL differs from OpenBSD very slightly... */ + +#define SHA1Init SHA1_Init +#define SHA1Update SHA1_Update +#define SHA1Final SHA1_Final + +#define cast_key CAST_KEY +#define cast_setkey(k, d, l) CAST_set_key ((k), (l), (d)) +#define cast_encrypt(k, i, o) do { \ + memcpy ((o), (i), BLOCKSIZE); \ + CAST_encrypt ((CAST_LONG *)(o), (k)); \ +} +#define cast_decrypt(k, i, o) do { \ + memcpy ((o), (i), BLOCKSIZE); \ + CAST_decrypt ((CAST_LONG *)(o), (k)); \ +} +#endif + +#endif /* _SYSDEP_OS_H_ */ diff --git a/sbin/isakmpd/sysdep/freebsd/sysdep.c b/sbin/isakmpd/sysdep/freebsd/sysdep.c new file mode 100644 index 00000000000..257401acf83 --- /dev/null +++ b/sbin/isakmpd/sysdep/freebsd/sysdep.c @@ -0,0 +1,205 @@ +/* $Id: sysdep.c,v 1.1 2001/01/26 11:34:03 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdlib.h> +#include <string.h> + +#include "sysdep.h" + +#include "util.h" + +#ifdef NEED_SYSDEP_APP +#include "app.h" +#include "conf.h" +#include "ipsec.h" + +#ifdef USE_PF_KEY_V2 +#include "pf_key_v2.h" +#define KEY_API(x) pf_key_v2_##x +#else +#include <net/encap.h> +#include "pf_encap.h" +#define KEY_API(x) pf_encap_##x +#endif + +#endif NEED_SYSDEP_APP +#include "log.h" + +extern char *__progname; + +/* + * An as strong as possible random number generator, reverting to a + * deterministic pseudo-random one if regrand is set. + */ +u_int32_t +sysdep_random () +{ + return random(); +} + +/* Return the basename of the command used to invoke us. */ +char * +sysdep_progname () +{ + return __progname; +} + +/* As regress/ use this file I protect the sysdep_app_* stuff like this. */ +#ifdef NEED_SYSDEP_APP +/* + * Prepare the application we negotiate SAs for (i.e. the IPsec stack) + * for communication. We return a file descriptor useable to select(2) on. + */ +int +sysdep_app_open () +{ + return KEY_API(open) (); +} + +/* + * When select(2) has noticed our application needs attendance, this is what + * gets called. FD is the file descriptor causing the alarm. + */ +void +sysdep_app_handler (int fd) +{ + KEY_API (handler) (fd); +} + +/* Check that the connection named NAME is active, or else make it active. */ +void +sysdep_connection_check (char *name) +{ + KEY_API (connection_check) (name); +} + +/* + * Generate a SPI for protocol PROTO and the source/destination pair given by + * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. + */ +u_int8_t * +sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, + int srclen, struct sockaddr *dst, int dstlen) +{ + if (app_none) + { + *sz = IPSEC_SPI_SIZE; + /* XXX should be random instead I think. */ + return strdup ("\x12\x34\x56\x78"); + } + return KEY_API (get_spi) (sz, proto, src, srclen, dst, dstlen); +} + +/* Force communication on socket FD to go in the clear. */ +int +sysdep_cleartext (int fd) +{ +#if 0 + int level; +#endif + + if (app_none) + return 0; + +#if 0 + /* + * Need to bypass system security policy, so I can send and + * receive key management datagrams in the clear. + */ + level = IPSEC_LEVEL_BYPASS; + if (setsockopt (fd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level, sizeof level) + == -1) + { + log_error ("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_AUTH_LEVEL, ...) failed", fd); + return -1; + } + if (setsockopt (fd, IPPROTO_IP, IP_ESP_TRANS_LEVEL, (char *)&level, + sizeof level) == -1) + { + log_error ("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_ESP_TRANS_LEVEL, ...) " + "failed", fd); + return -1; + } + if (setsockopt (fd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, (char *)&level, + sizeof level) == -1) + { + log_error("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, ...) " + "failed", fd); + return -1; + } +#endif + return 0; +} + +int +sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming) +{ + if (app_none) + return 0; + return KEY_API (delete_spi) (sa, proto, incoming); +} + +int +sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa) +{ + if (app_none) + return 0; + return KEY_API (enable_sa) (sa, isakmp_sa); +} + +int +sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1, + struct proto *proto2, int incoming) +{ + if (app_none) + return 0; + return KEY_API (group_spis) (sa, proto1, proto2, incoming); +} + +int +sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming) +{ + if (app_none) + return 0; + return KEY_API (set_spi) (sa, proto, incoming); +} +#endif diff --git a/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep new file mode 100644 index 00000000000..6c694f49a28 --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep @@ -0,0 +1,77 @@ +# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:04 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# In order for this to work, invocations need to set FREESWAN to the +# directory where FreeS/WAN is installed. + +ifndef FREESWAN +FREESWAN= /usr/src/freeswan +endif + +BINDIR= /usr/local/sbin +# Partly good for RedHat 5.2, but man(1) does not find them so I have it +# disabled for now. +#MANDIR= /var/catman/cat +#MAN5= isakmpd.conf.0 +#MAN8= isakmpd.0 +NOMAN= + +LIBGMP= ${FREESWAN}/gmp/libgmp.a +LIBDES= ${FREESWAN}/libdes/libdes.a +LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep +LIBSYSDEP= ${LIBSYSDEPDIR}/libsysdep.a + +FEATURES= tripledes blowfish cast ec aggressive debug + +SRCS+= klips.c + +LDADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBDES} -ldl +DPADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBDES} + +CFLAGS+= -I${FREESWAN}/gmp -I${FREESWAN}/libdes \ + -I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \ + -I${.CURDIR}/sysdep/common -DSYMBOL_PREFIX='"_"' + +HAVE_DLOPEN= defined + +${LIBSYSDEP}: + cd ${LIBSYSDEPDIR}; \ + ${MAKE} --no-print-directory ${MAKEFLAGS} CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" + +ifneq ($(findstring install,$(MAKECMDGOALS)),install) +SUBDIR+= sysdep/common/libsysdep +# The regress/ subdir is completely broken in the linux environment +SUBDIR:= $(filter-out regress,${SUBDIR}) +endif diff --git a/sbin/isakmpd/sysdep/linux/Makefile.sysdep b/sbin/isakmpd/sysdep/linux/Makefile.sysdep new file mode 100644 index 00000000000..94ae607a2c6 --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/Makefile.sysdep @@ -0,0 +1,86 @@ +# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:04 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# In order for this to work, invocations need to set FREESWAN to the +# directory where FreeS/WAN is installed. + +BINDIR= /usr/local/sbin +# Partly good for RedHat 5.2, but man(1) does not find them so I have it +# disabled for now. +#MANDIR= /var/catman/cat +#MAN5= isakmpd.conf.0 +#MAN8= isakmpd.0 +NOMAN= + +IPSEC_SRCS= klips.c + +LDADD+= ${.CURDIR}/sysdep/common/libsysdep/libsysdep.a \ + ${FREESWAN}/gmp/libgmp.a +DPADD+= ${.CURDIR}/sysdep/common/libsysdep/libsysdep.a \ + ${FREESWAN}/gmp/libgmp.a + +CFLAGS+= ${DEBUG} -I${FREESWAN}/gmp -I${FREESWAN}/libdes \ + -I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \ + -I${.CURDIR}/sysdep/common + +# XXX Is this test correct? Is the prefix "_" on ELF-systems too? +HAVE_DLOPEN= defined +LDADD+= -ldl +DPADD+= /usr/lib/libdl.a +CFLAGS+= -DSYMBOL_PREFIX='"_"' + +#USE_LIBCRYPTO= defined +#USE_KEYNOTE= defined + +.ifndef USE_LIBCRYPTO +DESLIB= ${FREESWAN}/libdes/libdes.a +DESLIBDEP= ${FREESWAN}/libdes/libdes.a +.endif + +# This is a hack in order to make sure libsysdep is built before the +# linkstage of isakmpd. As a side effect the link is always done even if +# not necessary. Well, I just don't care. +GENERATED+= sysdep-target +sysdep-target: + cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS} + +.if make(clean) +SUBDIR+= sysdep/common/libsysdep +.endif + +# The regress/ subdir is completely broken in the linux environment +.if !make(install) +SUBDIR:= ${SUBDIR:Nregress} +.endif diff --git a/sbin/isakmpd/sysdep/linux/README b/sbin/isakmpd/sysdep/linux/README new file mode 100644 index 00000000000..6238820e91d --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/README @@ -0,0 +1,16 @@ +$Id: README,v 1.1 2001/01/26 11:34:04 niklas Exp $ + +Currently, you have to manually configure any ipsec interfaces and do the +association betweent these and the physical ones. This is done like +this in FreeS/WAN: + +ipsec tncfg --attach --virtual ipsec0 --physical eth0 +ifconfig ipsec0 A.B.C.D netmask E.F.G.H + +Then there is one special configuration option in the IPSec-connection +sections for Phase 2 of the configuration file, named Next-hop, which +should be set to the next hop's IP address along the way to the peer: + +Next-hop= I.J.K.L + +This is specific to the way FreeS/WAN works. diff --git a/sbin/isakmpd/sysdep/linux/klips.c b/sbin/isakmpd/sysdep/linux/klips.c new file mode 100644 index 00000000000..cd042d7f718 --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/klips.c @@ -0,0 +1,687 @@ +/* $Id: klips.c,v 1.1 2001/01/26 11:34:04 niklas Exp $ */ + +/* + * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <asm/types.h> +#include <sys/types.h> +#include <sys/ioctl.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <linux/sockios.h> +#include <net/route.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <unistd.h> + +#include <freeswan.h> +#include <net/ipsec/radij.h> +#include <net/ipsec/ipsec_encap.h> +#include <net/ipsec/ipsec_netlink.h> +#include <net/ipsec/ipsec_xform.h> +#include <net/ipsec/ipsec_ipe4.h> +#include <net/ipsec/ipsec_ah.h> +#include <net/ipsec/ipsec_esp.h> + +#include "sysdep.h" + +#include "conf.h" +#include "exchange.h" +#include "hash.h" +#include "ipsec.h" +#include "ipsec_doi.h" +#include "ipsec_num.h" +#include "isakmp.h" +#include "log.h" +#include "klips.h" +#include "sa.h" +#include "timer.h" +#include "transport.h" + +#define KLIPS_DEVICE "/dev/ipsec" + +#define PROC_ROUTE_FILE "/proc/net/route" +#define PROC_ROUTE_FMT "%16s %128s %128s %X %d %d %d %128s %d %d %d\n" + +/* XXX Maybe these are available through some system-supplied define? */ +#define AH_NEW_XENCAP_LEN (3 * sizeof(u_short) + 2 * sizeof(u_char)) +#define ESP_NEW_XENCAP_LEN sizeof (struct espblkrply_edata) +#define EMT_GRPSPIS_COMPLEN (sizeof (((struct encap_msghdr *)0)->em_rel[0])) + +/* How often should we check that connections we require to be up, are up? */ +#define KLIPS_CHECK_FREQ 60 + +static int klips_socket; + +/* Open the KLIPS device. */ +int +klips_open () +{ + int fd; + + fd = open (KLIPS_DEVICE, O_RDWR); + if (fd == -1) + { + log_error ("klips_open: open (\"%s\", O_RDWR) failed", KLIPS_DEVICE); + return -1; + } + klips_socket = fd; + return fd; +} + +/* Write a KLIPS request down to the kernel. */ +static int +klips_write (struct encap_msghdr *em) +{ + ssize_t n; + + em->em_magic = EM_MAGIC; + em->em_version = 0; + + LOG_DBG_BUF ((LOG_SYSDEP, 30, "klips_write: em", (u_int8_t *)em, + em->em_msglen)); + n = write (klips_socket, em, em->em_msglen); + if (n == -1) + { + log_error ("write (%d, ...) failed", klips_socket); + return -1; + } + if ((size_t)n != em->em_msglen) + { + log_error ("write (%d, ...) returned prematurely", klips_socket); + return -1; + } + return 0; +} + +/* + * Generate a SPI for protocol PROTO and the source/destination pair given by + * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. + */ +u_int8_t * +klips_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, int srclen, + struct sockaddr *dst, int dstlen) +{ + u_int8_t *spi; + u_int32_t spinum; + + *sz = IPSEC_SPI_SIZE; + spi = malloc (*sz); + if (!spi) + return 0; + do + spinum = sysdep_random (); + while (spinum < IPSEC_SPI_LOW); + spinum = htonl (spinum); + memcpy (spi, &spinum, *sz); + + LOG_DBG_BUF ((LOG_SYSDEP, 50, "klips_get_spi: spi", spi, *sz)); + + return spi; +} + +/* Group 2 SPIs in a chain. XXX Not fully implemented yet. */ +int +klips_group_spis (struct sa *sa, struct proto *proto1, struct proto *proto2, + int incoming) +{ + struct encap_msghdr *emsg = 0; + struct sockaddr *dst; + int dstlen; + + emsg = calloc (1, EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN); + if (!emsg) + return -1; + + emsg->em_msglen = EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN; + emsg->em_type = EMT_GRPSPIS; + + /* + * XXX The code below is wrong if we are in tunnel mode. + * The fix is to reorder stuff so the IP-in-IP SA will always come + * upfront, and if there are two such, one is dropped. + */ + memcpy (&emsg->em_rel[0].emr_spi, proto1->spi[incoming], + sizeof emsg->em_rel[0].emr_spi); + memcpy (&emsg->em_rel[1].emr_spi, proto2->spi[incoming], + sizeof emsg->em_rel[1].emr_spi); + if (incoming) + sa->transport->vtbl->get_src (sa->transport, &dst, &dstlen); + else + sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen); + emsg->em_rel[0].emr_dst + = emsg->em_rel[1].emr_dst = ((struct sockaddr_in *)dst)->sin_addr; + /* XXX What if IPCOMP etc. comes along? */ + emsg->em_rel[0].emr_proto + = proto1->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH; + emsg->em_rel[1].emr_proto + = proto2->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH; + + if (klips_write (emsg)) + goto cleanup; + free (emsg); + + LOG_DBG ((LOG_SYSDEP, 50, "klips_group_spis: done")); + + return 0; + + cleanup: + if (emsg) + free (emsg); + return -1; +} + +/* Store/update a SPI with full information into the kernel. */ +int +klips_set_spi (struct sa *sa, struct proto *proto, int incoming) +{ + struct encap_msghdr *emsg = 0; + struct ipsec_proto *iproto = proto->data; + struct sockaddr *dst, *src; + int dstlen, srclen, keylen, hashlen; + size_t len; + struct ipe4_xdata *ip4x; + + /* Actually works for all. */ + struct espblkrply_edata *edx; + + /* Actually works for all. */ + struct ahhmacmd5_edata *amx; + + switch (proto->proto) + { + case IPSEC_PROTO_IPSEC_ESP: + keylen = ipsec_esp_enckeylength (proto); + hashlen = ipsec_esp_authkeylength (proto); + len = EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN; + emsg = calloc (1, len); + if (!emsg) + return -1; + + emsg->em_proto = IPPROTO_ESP; + + edx = (struct espblkrply_edata *)emsg->em_dat; + + /* Funny expression due to I just want one switch. */ + switch (proto->id | (iproto->auth << 8)) + { + case IPSEC_ESP_DES: + case IPSEC_ESP_DES_IV32: + case IPSEC_ESP_DES_IV64: + emsg->em_alg = XF_ESPDES; + break; + + case IPSEC_ESP_3DES: + emsg->em_alg = XF_ESP3DES; + break; + + case IPSEC_ESP_DES | (IPSEC_AUTH_HMAC_MD5 << 8): + case IPSEC_ESP_DES_IV32 | (IPSEC_AUTH_HMAC_MD5 << 8): + case IPSEC_ESP_DES_IV64 | (IPSEC_AUTH_HMAC_MD5 << 8): + emsg->em_alg = XF_ESPDESMD596; + break; + + case IPSEC_ESP_3DES | (IPSEC_AUTH_HMAC_MD5 << 8): + emsg->em_alg = XF_ESP3DESMD596; + break; + + case IPSEC_ESP_DES | (IPSEC_AUTH_HMAC_SHA << 8): + case IPSEC_ESP_DES_IV32 | (IPSEC_AUTH_HMAC_SHA << 8): + case IPSEC_ESP_DES_IV64 | (IPSEC_AUTH_HMAC_SHA << 8): + emsg->em_alg = XF_ESPDESSHA196; + break; + + case IPSEC_ESP_3DES | (IPSEC_AUTH_HMAC_SHA << 8): + emsg->em_alg = XF_ESP3DESSHA196; + break; + + default: + LOG_DBG ((LOG_SYSDEP, 10, + "klips_set_spi: Unsupported enc/auth alg negotiated")); + return -1; + } + + /* XXX What if we have a protocol requiring IV? */ + edx->eme_ivlen = EMT_ESPDES_IV_SZ; + edx->eme_klen = keylen; + edx->ame_klen = hashlen; +#if 0 + /* I have reason to believe Shared-SADB won't work at all in KLIPS. */ + edx->eme_ooowin + = conf_get_str ("General", "Shared-SADB") ? 0 : iproto->replay_window; +#else + edx->eme_ooowin = iproto->replay_window; +#endif + /* + * XXX Pluto sets the unused by KLIPS flag EME_INITIATOR in + * edx->eme_flags, if the party is the initiator. Should we too? + */ + edx->eme_flags = 0; + memcpy (edx->eme_key, iproto->keymat[incoming], keylen); + if (iproto->auth) + memcpy (edx->ame_key, iproto->keymat[incoming] + keylen, hashlen); + break; + + case IPSEC_PROTO_IPSEC_AH: + hashlen = ipsec_ah_keylength (proto); + len = EMT_SETSPI_FLEN + AH_NEW_XENCAP_LEN + hashlen; + emsg = calloc (1, len); + if (!emsg) + return -1; + + emsg->em_proto = IPPROTO_AH; + + amx = (struct ahhmacmd5_edata *)emsg->em_dat; + + switch (proto->id) + { + case IPSEC_AH_MD5: + emsg->em_alg = XF_AHHMACMD5; + break; + + case IPSEC_AH_SHA: + emsg->em_alg = XF_AHHMACSHA1; + break; + + default: + /* XXX Log? */ + goto cleanup; + } + + /* XXX Should we be able to send in different lengths here? */ + amx->ame_alen = amx->ame_klen = hashlen; +#if 0 + /* I have reason to believe Shared-SADB won't work at all in KLIPS. */ + amx->ame_ooowin + = conf_get_str ("General", "Shared-SADB") ? 0 : iproto->replay_window; +#else + amx->ame_ooowin = iproto->replay_window; +#endif + amx->ame_replayp = amx->ame_ooowin > 0; + memcpy (amx->ame_key, iproto->keymat[incoming], hashlen); + break; + + default: + /* XXX Log? */ + goto cleanup; + } + + emsg->em_msglen = len; + emsg->em_type = EMT_SETSPI; + memcpy (&emsg->em_spi, proto->spi[incoming], sizeof emsg->em_spi); + emsg->em_flags = incoming ? EMT_INBOUND : 0; + + /* + * XXX Addresses has to be thought through. Assumes IPv4. + */ + sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen); + sa->transport->vtbl->get_src (sa->transport, &src, &srclen); + emsg->em_dst + = ((struct sockaddr_in *)(incoming ? src : dst))->sin_addr; + + /* + * Klips does not know about expirations, thus we need to do them inside + * isakmpd. + */ + if (sa->seconds) + if (sa_setup_expirations (sa)) + goto cleanup; + + LOG_DBG ((LOG_SYSDEP, 10, "klips_set_spi: proto %d dst %s SPI 0x%x", + emsg->em_proto, inet_ntoa (emsg->em_dst), htonl (emsg->em_spi))); + if (klips_write (emsg)) + goto cleanup; + free (emsg); + + /* If we are tunneling we have to setup an IP in IP tunnel too. */ + if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL) + { + len = EMT_SETSPI_FLEN + EMT_IPE4_ULEN; + emsg = calloc (1, len); + if (!emsg) + goto cleanup; + + emsg->em_proto = IPPROTO_IPIP; + emsg->em_msglen = len; + emsg->em_type = EMT_SETSPI; + /* + * XXX Code in Pluto suggests this is not possible, but that we have + * to have a unique SPI for the IP4 SA. + */ + memcpy (&emsg->em_spi, proto->spi[incoming], sizeof emsg->em_spi); + emsg->em_flags = 0; + emsg->em_alg = XF_IP4; + + ip4x = (struct ipe4_xdata *)emsg->em_dat; + ip4x->i4_dst = emsg->em_dst + = ((struct sockaddr_in *)(incoming ? src : dst))->sin_addr; + ip4x->i4_src + = ((struct sockaddr_in *)(incoming ? dst : src))->sin_addr; + + LOG_DBG ((LOG_SYSDEP, 10, "klips_set_spi: proto %d dst %s SPI 0x%x", + emsg->em_proto, inet_ntoa (emsg->em_dst), + htonl (emsg->em_spi))); + if (klips_write (emsg)) + goto cleanup; + free (emsg); + + /* + * Grouping the IP-in-IP SA with the IPSec one means we must be careful + * in klips_group_spis so that we'll remove duplicate IP-in-IP SAs + * and get everything grouped in the right order. + * + * XXX Could we not share code with klips_group_spis here? + */ + emsg = calloc (1, EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN); + if (!emsg) + goto cleanup; + + emsg->em_msglen = EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN; + emsg->em_type = EMT_GRPSPIS; + + memcpy (&emsg->em_rel[0].emr_spi, proto->spi[incoming], + sizeof emsg->em_rel[0].emr_spi); + memcpy (&emsg->em_rel[1].emr_spi, proto->spi[incoming], + sizeof emsg->em_rel[1].emr_spi); + emsg->em_rel[0].emr_dst = emsg->em_rel[1].emr_dst + = ((struct sockaddr_in *)(incoming ? src : dst))->sin_addr; + + emsg->em_rel[0].emr_proto = IPPROTO_IPIP; + /* XXX What if IPCOMP etc. comes along? */ + emsg->em_rel[1].emr_proto + = proto->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH; + + if (klips_write (emsg)) + goto cleanup; + free (emsg); + } + + LOG_DBG ((LOG_SYSDEP, 50, "klips_set_spi: done")); + + return 0; + + cleanup: + /* XXX Cleanup the potential SAs we have setup. */ + if (emsg) + free (emsg); + return -1; +} + +/* + * Delete the IPSec SA represented by the INCOMING direction in protocol PROTO + * of the IKE security association SA. + */ +int +klips_delete_spi (struct sa *sa, struct proto *proto, int incoming) +{ + struct encap_msghdr *emsg = 0; + struct sockaddr *dst; + int dstlen; + struct ipsec_proto *iproto = proto->data; + + emsg = calloc (1, EMT_SETSPI_FLEN); + if (!emsg) + return -1; + + emsg->em_msglen = EMT_SETSPI_FLEN; + emsg->em_type = EMT_DELSPI; + + memcpy (&emsg->em_spi, proto->spi[incoming], sizeof emsg->em_spi); + if (incoming) + sa->transport->vtbl->get_src (sa->transport, &dst, &dstlen); + else + sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen); + emsg->em_dst = ((struct sockaddr_in *)dst)->sin_addr; + /* XXX What if IPCOMP etc. comes along? */ + emsg->em_proto + = (iproto->encap_mode == IPSEC_ENCAP_TUNNEL ? IPPROTO_IPIP + : proto->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH); + + if (klips_write (emsg)) + goto cleanup; + free (emsg); + + LOG_DBG ((LOG_SYSDEP, 50, "klips_delete_spi: done")); + + return 0; + + cleanup: + if (emsg) + free (emsg); + return -1; +} + +int +klips_hex_decode (char *src, u_char *dst, int dstsize) +{ + char *p, *pe; + u_char *q, *qe, ch, cl; + + pe = src + strlen (src); + qe = dst + dstsize; + + for (p = src, q = dst; p < pe && q < qe && isxdigit ((int)*p); p += 2) + { + ch = tolower (p[0]); + cl = tolower (p[1]); + + if ((ch >= '0') && (ch <= '9')) + ch -= '0'; + else if ((ch >= 'a') && (ch <= 'f')) + ch -= 'a' - 10; + else + return -1; + + if ((cl >= '0') && (cl <= '9')) + cl -= '0'; + else if ((cl >= 'a') && (cl <= 'f')) + cl -= 'a' - 10; + else + return -1; + + *q++ = (ch << 4) | cl; + } + + return (int)(q - dst); +} + +/* Consult kernel routing table for next-hop lookup. From dugsong@monkey.org */ +u_long +klips_route_get (u_long dst) +{ + FILE *f; + char buf[BUFSIZ]; + char ifbuf[16], netbuf[128], gatebuf[128], maskbuf[128]; + int i, iflags, refcnt, use, metric, mss, win, irtt; + u_long ret, gate, net, mask; + + if ((f = fopen (PROC_ROUTE_FILE, "r")) == NULL) + return dst; + + ret = dst; + + while (fgets (buf, sizeof buf, f) != NULL) + { + i = sscanf (buf, PROC_ROUTE_FMT, ifbuf, netbuf, gatebuf, &iflags, + &refcnt, &use, &metric, maskbuf, &mss, &win, &irtt); + if (i < 10 || !(iflags & RTF_UP)) + continue; + + klips_hex_decode (netbuf, (u_char *)&net, sizeof net); + klips_hex_decode (gatebuf, (u_char *)&gate, sizeof gate); + klips_hex_decode (maskbuf, (u_char *)&mask, sizeof mask); + + net = htonl (net); + gate = htonl (gate); + mask = htonl (mask); + + if ((dst & mask) == net) + { + if (gate != INADDR_ANY) + ret = gate; + break; + } + } + + fclose (f); + return ret; +} + +/* Enable a flow given a SA. */ +int +klips_enable_sa (struct sa *sa, struct sa *isakmp_sa) +{ + struct ipsec_sa *isa = sa->data; + struct sockaddr *dst; + int dstlen; + struct proto *proto = TAILQ_FIRST (&sa->protos); + struct ipsec_proto *iproto = proto->data; + struct encap_msghdr emsg; + int s = -1; + struct rtentry rt; + + sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen); + + /* XXX Is this needed? */ + memset (&emsg, '\0', sizeof emsg); + + emsg.em_msglen = sizeof emsg; + emsg.em_type = EMT_RPLACEROUTE; + + memcpy (&emsg.em_erspi, proto->spi[0], sizeof emsg.em_erspi); + emsg.em_erdst = ((struct sockaddr_in *)dst)->sin_addr; + + LOG_DBG ((LOG_SYSDEP, 50, "klips_enable_sa: src %x %x dst %x %x", + ntohl (isa->src_net), ntohl (isa->src_mask), ntohl (isa->dst_net), + ntohl (isa->dst_mask))); + + /* XXX Magic constant from Pluto (26 = AF_ISDN in BSD). */ + emsg.em_eaddr.sen_family = emsg.em_emask.sen_family = 26; + emsg.em_eaddr.sen_type = SENT_IP4; + /* XXX Magic constant from Pluto. */ + emsg.em_emask.sen_type = 255; + emsg.em_eaddr.sen_len = emsg.em_emask.sen_len + = sizeof (struct sockaddr_encap); + + emsg.em_eaddr.sen_ip_src.s_addr = isa->src_net; + emsg.em_emask.sen_ip_src.s_addr = isa->src_mask; + emsg.em_eaddr.sen_ip_dst.s_addr = isa->dst_net; + emsg.em_emask.sen_ip_dst.s_addr = isa->dst_mask; + + /* XXX What if IPCOMP etc. comes along? */ + emsg.em_erproto + = (iproto->encap_mode == IPSEC_ENCAP_TUNNEL ? IPPROTO_IPIP + : proto->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH); + + if (klips_write (&emsg)) + { + emsg.em_type = EMT_SETEROUTE; + if (klips_write (&emsg)) + goto cleanup; + } + + s = socket (PF_INET, SOCK_DGRAM, AF_UNSPEC); + if (s == -1) + { + log_error ("klips_enable_sa: " + "socket(PF_INET, SOCK_DGRAM, AF_UNSPEC) failed"); + goto cleanup; + } + + memset (&rt, '\0', sizeof rt); + rt.rt_dst.sa_family = AF_INET; + ((struct sockaddr_in *)&rt.rt_dst)->sin_addr.s_addr = isa->dst_net; + rt.rt_genmask.sa_family = AF_INET; + ((struct sockaddr_in *)&rt.rt_genmask)->sin_addr.s_addr = isa->dst_mask; + rt.rt_gateway.sa_family = AF_INET; + + ((struct sockaddr_in *)&rt.rt_gateway)->sin_addr.s_addr + = klips_route_get (emsg.em_erdst.s_addr); + + rt.rt_flags = RTF_UP | RTF_GATEWAY; + /* XXX What if we have multiple interfaces? */ + rt.rt_dev = "ipsec0"; + + if (ioctl (s, SIOCDELRT, &rt) == -1 && errno != ESRCH) + { + log_error ("klips_enable_sa: ioctl (%d, SIOCDELRT, %p) failed", s, &rt); + goto cleanup; + } + + if (ioctl (s, SIOCADDRT, &rt) == -1) + { + log_error ("klips_enable_sa: ioctl (%d, SIOCADDRT, %p) failed", s, &rt); + goto cleanup; + } + + close (s); + return 0; + + cleanup: + if (s != -1) + close (s); + return -1; +} + +static void +klips_stayalive (struct exchange *exchange, void *vconn, int fail) +{ + char *conn = vconn; + struct sa *sa; + + /* XXX What if it is phase 1? */ + sa = sa_lookup_by_name (conn, 2); + if (sa) + sa->flags |= SA_FLAG_STAYALIVE; +} + +/* Establish the connection in VCONN and set the stayalive flag for it. */ +void +klips_connection_check (char *conn) +{ + if (!sa_lookup_by_name (conn, 2)) + { + LOG_DBG ((LOG_SYSDEP, 70, "klips_connection_check: SA for %s missing", + conn)); + exchange_establish (conn, klips_stayalive, conn); + } + else + LOG_DBG ((LOG_SYSDEP, 70, "klips_connection_check: SA for %s exists", + conn)); +} diff --git a/sbin/isakmpd/sysdep/linux/klips.h b/sbin/isakmpd/sysdep/linux/klips.h new file mode 100644 index 00000000000..fdc1fcbe369 --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/klips.h @@ -0,0 +1,56 @@ +/* $Id: klips.h,v 1.1 2001/01/26 11:34:04 niklas Exp $ */ + +/* + * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#ifndef _KLIPS_H_ +#define _KLIPS_H_ + +#include <sys/types.h> +#include <sys/queue.h> + +struct proto; +struct sa; +struct sockaddr; + +extern void klips_connection_check (char *); +extern int klips_delete_spi (struct sa *, struct proto *, int); +extern int klips_enable_sa (struct sa *, struct sa *); +extern u_int8_t *klips_get_spi (size_t *, u_int8_t, struct sockaddr *, int, + struct sockaddr *, int); +extern int klips_group_spis (struct sa *, struct proto *, struct proto *, + int); +extern int klips_open (void); +extern int klips_set_spi (struct sa *, struct proto *, int); + +#endif /* _KLIPS_H_ */ diff --git a/sbin/isakmpd/sysdep/linux/sys/queue.h b/sbin/isakmpd/sysdep/linux/sys/queue.h new file mode 100644 index 00000000000..6af6f7418bd --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/sys/queue.h @@ -0,0 +1,337 @@ +/* $OpenBSD: queue.h,v 1.3 2001/01/26 11:34:05 niklas Exp $ */ +/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _SYS_QUEUE_H_ +#define _SYS_QUEUE_H_ + +#ifndef NULL +#define NULL ((void *)0) +#endif + +/* + * This file defines four types of data structures: lists, simple queues, + * tail queues, and circular queues. + * + * A list is headed by a single forward pointer (or an array of forward + * pointers for a hash table header). The elements are doubly linked + * so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before + * or after an existing element or at the head of the list. A list + * may only be traversed in the forward direction. + * + * A simple queue is headed by a pair of pointers, one the head of the + * list and the other to the tail of the list. The elements are singly + * linked to save space, so only elements can only be removed from the + * head of the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the + * list. A simple queue may only be traversed in the forward direction. + * + * A tail queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or + * after an existing element, at the head of the list, or at the end of + * the list. A tail queue may be traversed in either direction. + * + * A circle queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the list. + * A circle queue may be traversed in either direction, but has a more + * complex end of list detection. + * + * For details on the use of these macros, see the queue(3) manual page. + */ + +/* + * List definitions. + */ +#define LIST_HEAD(name, type) \ +struct name { \ + struct type *lh_first; /* first element */ \ +} + +#define LIST_ENTRY(type) \ +struct { \ + struct type *le_next; /* next element */ \ + struct type **le_prev; /* address of previous next element */ \ +} + +#define LIST_FIRST(head) ((head)->lh_first) +#define LIST_NEXT(elm, field) ((elm)->field.le_next) +#define LIST_END(head) NULL + +/* + * List functions. + */ +#define LIST_INIT(head) do { \ + (head)->lh_first = NULL; \ +} while (0) + +#define LIST_INSERT_AFTER(listelm, elm, field) do { \ + if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ + (listelm)->field.le_next->field.le_prev = \ + &(elm)->field.le_next; \ + (listelm)->field.le_next = (elm); \ + (elm)->field.le_prev = &(listelm)->field.le_next; \ +} while (0) + +#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.le_prev = (listelm)->field.le_prev; \ + (elm)->field.le_next = (listelm); \ + *(listelm)->field.le_prev = (elm); \ + (listelm)->field.le_prev = &(elm)->field.le_next; \ +} while (0) + +#define LIST_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.le_next = (head)->lh_first) != NULL) \ + (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ + (head)->lh_first = (elm); \ + (elm)->field.le_prev = &(head)->lh_first; \ +} while (0) + +#define LIST_REMOVE(elm, field) do { \ + if ((elm)->field.le_next != NULL) \ + (elm)->field.le_next->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = (elm)->field.le_next; \ +} while (0) + +/* + * Simple queue definitions. + */ +#define SIMPLEQ_HEAD(name, type) \ +struct name { \ + struct type *sqh_first; /* first element */ \ + struct type **sqh_last; /* addr of last next element */ \ +} + +#define SIMPLEQ_ENTRY(type) \ +struct { \ + struct type *sqe_next; /* next element */ \ +} + +/* + * Simple queue functions. + */ +#define SIMPLEQ_INIT(head) do { \ + (head)->sqh_first = NULL; \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (head)->sqh_first = (elm); \ +} while (0) + +#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.sqe_next = NULL; \ + *(head)->sqh_last = (elm); \ + (head)->sqh_last = &(elm)->field.sqe_next; \ +} while (0) + +#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (listelm)->field.sqe_next = (elm); \ +} while (0) + +#define SIMPLEQ_REMOVE_HEAD(head, elm, field) do { \ + if (((head)->sqh_first = (elm)->field.sqe_next) == NULL) \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +/* + * Tail queue definitions. + */ +#define TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + + +#define TAILQ_FIRST(head) ((head)->tqh_first) +#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) +#define TAILQ_END(head) NULL +#define TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +#define TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) + +/* + * Tail queue functions. + */ +#define TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (0) + +#define TAILQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (0) + +#define TAILQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (0) + +#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (0) + +#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (0) + +#define TAILQ_REMOVE(head, elm, field) do { \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ +} while (0) + +/* + * Circular queue definitions. + */ +#define CIRCLEQ_HEAD(name, type) \ +struct name { \ + struct type *cqh_first; /* first element */ \ + struct type *cqh_last; /* last element */ \ +} + +#define CIRCLEQ_ENTRY(type) \ +struct { \ + struct type *cqe_next; /* next element */ \ + struct type *cqe_prev; /* previous element */ \ +} + +#define CIRCLEQ_FIRST(head) ((head)->cqh_first) +#define CIRCLEQ_LAST(head) ((head)->cqh_last) +#define CIRCLEQ_END(head) ((void *)(head)) +#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) +#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) + +/* + * Circular queue functions. + */ +#define CIRCLEQ_INIT(head) do { \ + (head)->cqh_first = (void *)(head); \ + (head)->cqh_last = (void *)(head); \ +} while (0) + +#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm)->field.cqe_next; \ + (elm)->field.cqe_prev = (listelm); \ + if ((listelm)->field.cqe_next == (void *)(head)) \ + (head)->cqh_last = (elm); \ + else \ + (listelm)->field.cqe_next->field.cqe_prev = (elm); \ + (listelm)->field.cqe_next = (elm); \ +} while (0) + +#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm); \ + (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ + if ((listelm)->field.cqe_prev == (void *)(head)) \ + (head)->cqh_first = (elm); \ + else \ + (listelm)->field.cqe_prev->field.cqe_next = (elm); \ + (listelm)->field.cqe_prev = (elm); \ +} while (0) + +#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.cqe_next = (head)->cqh_first; \ + (elm)->field.cqe_prev = (void *)(head); \ + if ((head)->cqh_last == (void *)(head)) \ + (head)->cqh_last = (elm); \ + else \ + (head)->cqh_first->field.cqe_prev = (elm); \ + (head)->cqh_first = (elm); \ +} while (0) + +#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.cqe_next = (void *)(head); \ + (elm)->field.cqe_prev = (head)->cqh_last; \ + if ((head)->cqh_first == (void *)(head)) \ + (head)->cqh_first = (elm); \ + else \ + (head)->cqh_last->field.cqe_next = (elm); \ + (head)->cqh_last = (elm); \ +} while (0) + +#define CIRCLEQ_REMOVE(head, elm, field) do { \ + if ((elm)->field.cqe_next == (void *)(head)) \ + (head)->cqh_last = (elm)->field.cqe_prev; \ + else \ + (elm)->field.cqe_next->field.cqe_prev = \ + (elm)->field.cqe_prev; \ + if ((elm)->field.cqe_prev == (void *)(head)) \ + (head)->cqh_first = (elm)->field.cqe_next; \ + else \ + (elm)->field.cqe_prev->field.cqe_next = \ + (elm)->field.cqe_next; \ +} while (0) +#endif /* !_SYS_QUEUE_H_ */ diff --git a/sbin/isakmpd/sysdep/linux/sysdep-os.h b/sbin/isakmpd/sysdep/linux/sysdep-os.h new file mode 100644 index 00000000000..4d5362e0d2f --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/sysdep-os.h @@ -0,0 +1,51 @@ +/* $Id: sysdep-os.h,v 1.3 2001/01/26 11:34:04 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#ifndef _SYSDEP_OS_H_ +#define _SYSDEP_OS_H_ + +typedef u_int16_t in_port_t; +typedef u_int32_t in_addr_t; + +#if 0 +/* + * Why -D__USE_GNU does not work in order to get this from stdio.h beats me. + */ +extern int asprintf __P((char **, const char *, ...)); +#endif + +#define DL_LAZY RTLD_LAZY + +#endif /* _SYSDEP_OS_H_ */ diff --git a/sbin/isakmpd/sysdep/linux/sysdep.c b/sbin/isakmpd/sysdep/linux/sysdep.c new file mode 100644 index 00000000000..d96d6d86a10 --- /dev/null +++ b/sbin/isakmpd/sysdep/linux/sysdep.c @@ -0,0 +1,165 @@ +/* $Id: sysdep.c,v 1.3 2001/01/26 11:34:04 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <netinet/in.h> +#include <stdlib.h> +#include <string.h> +#include <fcntl.h> +#include <md5.h> +#include <unistd.h> + +#include "sysdep.h" + +#ifdef NEED_SYSDEP_APP +#include "app.h" +#include "conf.h" +#include "ipsec.h" +#include "klips.h" +#endif NEED_SYSDEP_APP +#include "log.h" +#include "sysdep.h" + +extern char *__progname; + +u_int32_t +sysdep_random () +{ + u_int32_t rndval; + u_char sig[16]; + MD5_CTX ctx; + int fd, i; + struct { + struct timeval tv; + u_int rnd[(128 - sizeof (struct timeval)) / sizeof (u_int)]; + } rdat; + + fd = open ("/dev/urandom", O_RDONLY); + if (fd != -1) + { + read (fd, rdat.rnd, sizeof(rdat.rnd)); + close (fd); + } + MD5Init (&ctx); + MD5Update (&ctx, (char *)&rdat, sizeof(rdat)); + MD5Final (sig, &ctx); + + rndval = 0; + for (i = 0; i < 4; i++) + { + u_int32_t *tmp = (u_int32_t *)&sig[i * 4]; + rndval ^= *tmp; + } + + return rndval; +} + +char * +sysdep_progname () +{ + return __progname; +} + +/* As regress/ use this file I protect the sysdep_app_* stuff like this. */ +#ifdef NEED_SYSDEP_APP +int +sysdep_app_open () +{ + return klips_open (); +} + +void +sysdep_app_handler (int fd) +{ +} + +/* Check that the connection named NAME is active, or else make it active. */ +void +sysdep_connection_check (char *name) +{ + klips_connection_check (name); +} + +/* + * Generate a SPI for protocol PROTO and the source/destination pair given by + * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. + */ +u_int8_t * +sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, + int srclen, struct sockaddr *dst, int dstlen) +{ + if (app_none) + { + *sz = IPSEC_SPI_SIZE; + /* XXX should be random instead I think. */ + return strdup ("\x12\x34\x56\x78"); + } + + return klips_get_spi (sz, proto, src, srclen, dst, dstlen); +} + +int +sysdep_cleartext (int fd) +{ + return 0; +} + +int +sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming) +{ + return klips_delete_spi (sa, proto, incoming); +} + +int +sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa) +{ + return klips_enable_sa (sa, isakmp_sa); +} + +int +sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1, + struct proto *proto2, int incoming) +{ + return klips_group_spis (sa, proto1, proto2, incoming); +} + +int +sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming) +{ + return klips_set_spi (sa, proto, incoming); +} +#endif diff --git a/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep new file mode 100644 index 00000000000..ed85b505b62 --- /dev/null +++ b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep @@ -0,0 +1,66 @@ +# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:06 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# Copyright (c) 2000 Håkan Olsson. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +LIBGMP:= /usr/pkg/lib/libgmp.a +LIBCRYPTO:= /usr/lib/libcrypto.a + +LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep +LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a + +LDADD+= ${LIBGMP} ${LIBSYSDEP} +DPADD+= ${LIBGMP} ${LIBSYSDEP} + +FEATURES= debug tripledes blowfish cast ec aggressive +# Not yet +#FEATURES+= policy x509 + +CFLAGS+= -DNO_RSA -DNO_RC5 -DNO_IDEA \ + -I${.CURDIR}/sysdep/common -I/usr/include/openssl \ + -I/usr/include/machine -I/usr/pkg/include + +IPSEC_SRCS= pf_key_v2.c +IPSEC_CFLAGS= -DUSE_PF_KEY_V2 + +USE_LIBCRYPTO= defined +#HAVE_DLOPEN= defined + +# +# hack libsysdep.a dependency +# +${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: + @cd ${LIBSYSDEPDIR} && \ + ${MAKE} --no-print-directory ${MAKEFLAGS} \ + CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS} + +depend: ${LIBSYSDEPDIR}/.depend + +ifeq ($(findstring clean, $(MAKECMDGOALS)), clean) +SUBDIR+= sysdep/common/libsysdep +MAKEFLAGS+= --no-print-directory +endif diff --git a/sbin/isakmpd/sysdep/netbsd/Makefile.sysdep b/sbin/isakmpd/sysdep/netbsd/Makefile.sysdep new file mode 100644 index 00000000000..abb13f1d74b --- /dev/null +++ b/sbin/isakmpd/sysdep/netbsd/Makefile.sysdep @@ -0,0 +1,82 @@ +# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:06 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# Copyright (c) 2000 H\xe5kan Olsson. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER INN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# Override default features +FEATURES= tripledes blowfish cast ec aggressive debug +# Not yet +#FEATURES+= policy x509 + +LIBGMP= /usr/pkg/lib/libgmp.a +LIBCRYPTO= /usr/lib/libcrypto.a +LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep + +LDADD+= ${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a -lipsec +DPADD+= ${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a ${LIBIPSEC} + +CFLAGS+= -DNO_RSA -DNO_IDEA -DNO_RC5 \ + -I${.CURDIR}/sysdep/common +.if exists(/usr/pkg/include/openssl/rsa.h) +CFLAGS+= -I/usr/pkg/include/openssl +.elif exists(/usr/include/openssl/rsa.h) +CFLAGS+= -I/usr/include -I/usr/include/openssl +.endif +# mandatory for gmp +CFLAGS+= -I/usr/pkg/include +LDADD+= -L/usr/pkg/lib + +IPSEC_SRCS= pf_key_v2.c +IPSEC_CFLAGS= -DUSE_PF_KEY_V2 + +USE_LIBCRYPTO= defined +USE_GMP= defined + +# This is a hack in order to make sure libsysdep is built before the +# linkstage of isakmpd. As a side effect the link is always done even if +# not necessary. Well, I just don't care. +GENERATED+= sysdep-target +sysdep-target: + cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS} + +.if make(clean) || make(cleandir) +SUBDIR+= sysdep/common/libsysdep +.endif + +# Kludge around bug in /usr/share/mk/bsd.subdir.mk +NO_REGRESS= defined + +obj: + mkdir obj + +beforedepend: + rm -f ssl +.if exists(/usr/pkg/include/openssl/rsa.h) + ln -sf /usr/pkg/include/openssl ssl +.elif exists(/usr/include/openssl/rsa.h) + ln -sf /usr/include/openssl ssl +.endif diff --git a/sbin/isakmpd/sysdep/netbsd/sysdep-os.h b/sbin/isakmpd/sysdep/netbsd/sysdep-os.h new file mode 100644 index 00000000000..1690da4a166 --- /dev/null +++ b/sbin/isakmpd/sysdep/netbsd/sysdep-os.h @@ -0,0 +1,38 @@ +/* $Id: sysdep-os.h,v 1.1 2001/01/26 11:34:06 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * Copyright (c) 2000 H\xe5kan Olsson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _SYSDEP_OS_H_ + +#define _SYSDEP_OS_H_ + +#define KAME + +#include <netinet6/ipsec.h> + +#endif /* _SYSDEP_OS_H_ */ diff --git a/sbin/isakmpd/sysdep/netbsd/sysdep.c b/sbin/isakmpd/sysdep/netbsd/sysdep.c new file mode 100644 index 00000000000..c1bf23dde14 --- /dev/null +++ b/sbin/isakmpd/sysdep/netbsd/sysdep.c @@ -0,0 +1,194 @@ +/* $Id: sysdep.c,v 1.1 2001/01/26 11:34:06 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * Copyright (c) 2000 H\xe5kan Olsson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdlib.h> +#include <string.h> + +#include "sysdep.h" + +#include "util.h" + +#ifdef NEED_SYSDEP_APP +#include "app.h" +#include "conf.h" +#include "ipsec.h" + +#ifdef USE_PF_KEY_V2 +#include "pf_key_v2.h" +#define KEY_API(x) pf_key_v2_##x +#else +#include <net/encap.h> +#include "pf_encap.h" +#define KEY_API(x) pf_encap_##x +#endif + +#endif NEED_SYSDEP_APP +#include "log.h" + +extern char *__progname; + +/* + * An as strong as possible random number generator, reverting to a + * deterministic pseudo-random one if regrand is set. + */ +u_int32_t +sysdep_random () +{ + return random(); +} + +/* Return the basename of the command used to invoke us. */ +char * +sysdep_progname () +{ + return __progname; +} + +/* As regress/ use this file I protect the sysdep_app_* stuff like this. */ +#ifdef NEED_SYSDEP_APP +/* + * Prepare the application we negotiate SAs for (i.e. the IPsec stack) + * for communication. We return a file descriptor useable to select(2) on. + */ +int +sysdep_app_open () +{ + return KEY_API(open) (); +} + +/* + * When select(2) has noticed our application needs attendance, this is what + * gets called. FD is the file descriptor causing the alarm. + */ +void +sysdep_app_handler (int fd) +{ + KEY_API (handler) (fd); +} + +/* Check that the connection named NAME is active, or else make it active. */ +void +sysdep_connection_check (char *name) +{ + KEY_API (connection_check) (name); +} + +/* + * Generate a SPI for protocol PROTO and the source/destination pair given by + * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. + */ +u_int8_t * +sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, + int srclen, struct sockaddr *dst, int dstlen) +{ + if (app_none) + { + *sz = IPSEC_SPI_SIZE; + /* XXX should be random instead I think. */ + return strdup ("\x12\x34\x56\x78"); + } + return KEY_API (get_spi) (sz, proto, src, srclen, dst, dstlen); +} + +/* Force communication on socket FD to go in the clear. */ +int +sysdep_cleartext (int fd) +{ + char *buf; + char *policy[] = { "in bypass", "out bypass", NULL }; + char **p; + + if (app_none) + return 0; + + /* + * Need to bypass system security policy, so I can send and + * receive key management datagrams in the clear. + */ + + for (p = policy; p && *p; p++) + { + buf = ipsec_set_policy (*p, strlen(*p)); + if (buf == NULL) + { + log_error ("sysdep_cleartext: %s: %s", *p, ipsec_strerror()); + return -1; + } + + if (setsockopt(fd, IPPROTO_IP, IP_IPSEC_POLICY, buf, + ipsec_get_policylen(buf)) < 0) + { + log_error ("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_IPSEC_POLICY, ...) failed", + fd); + return -1; + } + free(buf); + } + + return 0; +} + +int +sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming) +{ + if (app_none) + return 0; + return KEY_API (delete_spi) (sa, proto, incoming); +} + +int +sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa) +{ + if (app_none) + return 0; + return KEY_API (enable_sa) (sa, isakmp_sa); +} + +int +sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1, + struct proto *proto2, int incoming) +{ + if (app_none) + return 0; + return KEY_API (group_spis) (sa, proto1, proto2, incoming); +} + +int +sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming) +{ + if (app_none) + return 0; + return KEY_API (set_spi) (sa, proto, incoming); +} +#endif diff --git a/sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep new file mode 100644 index 00000000000..27a2ec0f8d3 --- /dev/null +++ b/sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep @@ -0,0 +1,60 @@ +# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:07 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# Compile-time configuration of otherwise optional features +FEATURES= tripledes blowfish cast policy x509 ec aggressive debug + +LIBGMP:= /usr/lib/libgmp.a +LIBDES:= /usr/lib/libdes.a + +LDADD+= -lgmp +DPADD+= ${LIBGMP} + +IPSEC_SRCS= pf_encap.c + +# XXX This test does not work as MACHINE_ARCH does not get defined by GNU make. +# Furthermore these defines should not happen for neither mips, powerpc nor vax +# just like alpha. +#ifneq (${MACHINE_ARCH},alpha) +#HAVE_DLOPEN= defined +#CFLAGS+= -DSYMBOL_PREFIX='"_"' +#endif + +USE_LIBCRYPTO= defined + +ifndef USE_LIBCRYPTO +DESLIB= -ldes +DESLIBDEP= ${LIBDES} +endif diff --git a/sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep b/sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep new file mode 100644 index 00000000000..b40a349f729 --- /dev/null +++ b/sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep @@ -0,0 +1,57 @@ +# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:08 niklas Exp $ + +# +# Copyright (c) 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +FEATURES+= gmp + +IPSEC_SRCS= pf_encap.c + +# Some OpenBSD systems do not provide dlopen(3). +.if ${MACHINE_ARCH} != "alpha" && ${MACHINE_ARCH} != "mips" && ${MACHINE_ARCH} != "powerpc" && ${MACHINE_ARCH} != "vax" +HAVE_DLOPEN= defined +CFLAGS+= -DSYMBOL_PREFIX='"_"' +.endif + +#USE_LIBCRYPTO= defined +#USE_KEYNOTE= defined + +.ifndef USE_LIBCRYPTO +DESLIB= -ldes +DESLIBDEP= ${LIBDES} + +# The apps/ and regress/ subdirs are broken in the openbsd-encap environment +# unless libcrypto is available (and even then they are not tested). +SUBDIR:= ${SUBDIR:Napps} +NO_REGRESS= defined +.endif diff --git a/sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h b/sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h new file mode 100644 index 00000000000..da5b6d4ed84 --- /dev/null +++ b/sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h @@ -0,0 +1,42 @@ +/* $Id: sysdep-os.h,v 1.1 2001/01/26 11:34:08 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#ifndef _SYSDEP_OS_H_ +#define _SYSDEP_OS_H_ + +/* We need socklen_t. */ +typedef u_int32_t socklen_t; + +#endif /* _SYSDEP_OS_H_ */ diff --git a/sbin/isakmpd/sysdep/openbsd-encap/sysdep.c b/sbin/isakmpd/sysdep/openbsd-encap/sysdep.c new file mode 100644 index 00000000000..1a1a1fa4832 --- /dev/null +++ b/sbin/isakmpd/sysdep/openbsd-encap/sysdep.c @@ -0,0 +1,204 @@ +/* $Id: sysdep.c,v 1.1 2001/01/26 11:34:08 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdlib.h> +#include <string.h> + +#include "sysdep.h" + +#include "util.h" + +#ifdef NEED_SYSDEP_APP +#include "app.h" +#include "conf.h" +#include "ipsec.h" + +#ifdef USE_PF_KEY_V2 +#include "pf_key_v2.h" +#define KEY_API(x) pf_key_v2_##x +#else +#include <net/encap.h> +#include "pf_encap.h" +#define KEY_API(x) pf_encap_##x +#endif + +#endif NEED_SYSDEP_APP +#include "log.h" + +extern char *__progname; + +/* + * An as strong as possible random number generator, reverting to a + * deterministic pseudo-random one if regrand is set. + */ +u_int32_t +sysdep_random () +{ + if (!regrand) + return arc4random (); + else + return random(); +} + +/* Return the basename of the command used to invoke us. */ +char * +sysdep_progname () +{ + return __progname; +} + +/* As regress/ use this file I protect the sysdep_app_* stuff like this. */ +#ifdef NEED_SYSDEP_APP +/* + * Prepare the application we negotiate SAs for (i.e. the IPsec stack) + * for communication. We return a file descriptor useable to select(2) on. + */ +int +sysdep_app_open () +{ + return KEY_API(open) (); +} + +/* + * When select(2) has noticed our application needs attendance, this is what + * gets called. FD is the file descriptor causing the alarm. + */ +void +sysdep_app_handler (int fd) +{ + KEY_API (handler) (fd); +} + +/* Check that the connection named NAME is active, or else make it active. */ +void +sysdep_connection_check (char *name) +{ + KEY_API (connection_check) (name); +} + +/* + * Generate a SPI for protocol PROTO and the source/destination pair given by + * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. + */ +u_int8_t * +sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, + int srclen, struct sockaddr *dst, int dstlen) +{ + if (app_none) + { + *sz = IPSEC_SPI_SIZE; + /* XXX should be random instead I think. */ + return strdup ("\x12\x34\x56\x78"); + } + return KEY_API (get_spi) (sz, proto, src, srclen, dst, dstlen); +} + +/* Force communication on socket FD to go in the clear. */ +int +sysdep_cleartext (int fd) +{ + int level; + + if (app_none) + return 0; + + /* + * Need to bypass system security policy, so I can send and + * receive key management datagrams in the clear. + */ + level = IPSEC_LEVEL_BYPASS; + if (setsockopt (fd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level, sizeof level) + == -1) + { + log_error ("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_AUTH_LEVEL, ...) failed", fd); + return -1; + } + if (setsockopt (fd, IPPROTO_IP, IP_ESP_TRANS_LEVEL, (char *)&level, + sizeof level) == -1) + { + log_error ("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_ESP_TRANS_LEVEL, ...) " + "failed", fd); + return -1; + } + if (setsockopt (fd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, (char *)&level, + sizeof level) == -1) + { + log_error("sysdep_cleartext: " + "setsockopt (%d, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, ...) " + "failed", fd); + return -1; + } + return 0; +} + +int +sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming) +{ + if (app_none) + return 0; + return KEY_API (delete_spi) (sa, proto, incoming); +} + +int +sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa) +{ + if (app_none) + return 0; + return KEY_API (enable_sa) (sa, isakmp_sa); +} + +int +sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1, + struct proto *proto2, int incoming) +{ + if (app_none) + return 0; + return KEY_API (group_spis) (sa, proto1, proto2, incoming); +} + +int +sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming) +{ + if (app_none) + return 0; + return KEY_API (set_spi) (sa, proto, incoming); +} +#endif diff --git a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep new file mode 100644 index 00000000000..629c9d896f3 --- /dev/null +++ b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep @@ -0,0 +1,67 @@ +# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:07 niklas Exp $ + +# +# Copyright (c) 1999 Håkan Olsson. All rights reserved. +# Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + + +LIBGMP:= /usr/lib/libgmp.a +LIBCRYPTO:= /usr/lib/libcrypto.a + +IPSEC_SRCS= pf_key_v2.c +IPSEC_CFLAGS= -DUSE_PF_KEY_V2 + +CFLAGS+= -DHAVE_GETNAMEINFO + +# XXX This test does not work as MACHINE_ARCH does not get defined by GNU make. +# Furthermore these defines should not happen for neither mips, powerpc nor vax +# just like alpha. +ifneq (${MACHINE_ARCH},alpha) +HAVE_DLOPEN= defined +CFLAGS+= -DSYMBOL_PREFIX='"_"' +endif + +USE_LIBCRYPTO= defined +ifneq (${MACHINE_ARCH},alpha) +ifneq (${MACHINE_ARCH},vax) +ifneq (${MACHINE_ARCH},m88k) +SRCS+= keynote_compat.c +endif +endif +endif +USE_KEYNOTE= defined + +ifndef USE_LIBCRYPTO +DESLIB= -ldes +DESLIBDEP= ${LIBDES} +endif |