diff options
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsec/photurisd/attributes.h | 2 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/compute_secrets.c | 18 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/config.c | 5 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/cookie.c | 9 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/cookie.h | 5 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/exchange.c | 101 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/exchange.h | 4 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/handle_value_request.c | 20 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/handle_value_response.c | 11 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/identity.c | 165 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/identity.h | 15 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/photuris_cookie_request.c | 4 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/photuris_cookie_response.c | 4 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/photurisd.1 | 39 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/photurisd.c | 14 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/state.c | 2 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/state.h | 4 | ||||
| -rw-r--r-- | sbin/ipsec/startkey/startkey.1 | 11 |
18 files changed, 298 insertions, 135 deletions
diff --git a/sbin/ipsec/photurisd/attributes.h b/sbin/ipsec/photurisd/attributes.h index b72f9baedfd..aaafd307eee 100644 --- a/sbin/ipsec/photurisd/attributes.h +++ b/sbin/ipsec/photurisd/attributes.h @@ -46,7 +46,9 @@ #define AT_AH_ATTRIB 1 #define AT_ESP_ATTRIB 2 #define AT_MD5_DP 3 +#define AT_SHA1_DP 4 #define AT_MD5_KDP 5 +#define AT_SHA1_KDP 6 #define AT_DES_CBC 8 #define AT_ORG 255 diff --git a/sbin/ipsec/photurisd/compute_secrets.c b/sbin/ipsec/photurisd/compute_secrets.c index 2511208501d..c3622479b8f 100644 --- a/sbin/ipsec/photurisd/compute_secrets.c +++ b/sbin/ipsec/photurisd/compute_secrets.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: compute_secrets.c,v 1.2 1997/07/23 12:28:46 provos Exp $"; +static char rcsid[] = "$Id: compute_secrets.c,v 1.3 1997/07/24 23:47:08 provos Exp $"; #endif #define _SECRETS_C_ @@ -283,22 +283,18 @@ MD5privacykey(struct stateob *st, u_int8_t *key, u_int8_t *packet, { MD5_CTX ctx, ctxb; u_int16_t i, n; - struct moduli_cache *mod; u_int8_t digest[16]; MD5Init(&ctxb); MD5Update(&ctxb, packet, 2*COOKIE_SIZE + 4 + SPI_SIZE); - if((mod=mod_find_modgen(st->modulus,st->generator)) == NULL) - return -1; - if (owner) { - MD5Update(&ctxb, mod->exchangevalue, mod->exchangesize); + MD5Update(&ctxb, st->exchangevalue, st->exchangesize); MD5Update(&ctxb, st->texchange, st->texchangesize); } else { MD5Update(&ctxb, st->texchange, st->texchangesize); - MD5Update(&ctxb, mod->exchangevalue, mod->exchangesize); + MD5Update(&ctxb, st->exchangevalue, st->exchangesize); } /* As many shared secrets we used already */ @@ -328,22 +324,18 @@ SHA1privacykey(struct stateob *st, u_int8_t *key, u_int8_t *packet, { SHA1_CTX ctx, ctxb; u_int16_t i, n; - struct moduli_cache *mod; u_int8_t digest[20]; SHA1Init(&ctxb); SHA1Update(&ctxb, packet, 2*COOKIE_SIZE + 4 + SPI_SIZE); - if((mod=mod_find_modgen(st->modulus,st->generator)) == NULL) - return -1; - if (owner) { - SHA1Update(&ctxb, mod->exchangevalue, mod->exchangesize); + SHA1Update(&ctxb, st->exchangevalue, st->exchangesize); SHA1Update(&ctxb, st->texchange, st->texchangesize); } else { SHA1Update(&ctxb, st->texchange, st->texchangesize); - SHA1Update(&ctxb, mod->exchangevalue, mod->exchangesize); + SHA1Update(&ctxb, st->exchangevalue, st->exchangesize); } diff --git a/sbin/ipsec/photurisd/config.c b/sbin/ipsec/photurisd/config.c index 34f7932cbea..4b5bc370c40 100644 --- a/sbin/ipsec/photurisd/config.c +++ b/sbin/ipsec/photurisd/config.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: config.c,v 1.3 1997/07/23 12:28:46 provos Exp $"; +static char rcsid[] = "$Id: config.c,v 1.4 1997/07/24 23:47:09 provos Exp $"; #endif #define _CONFIG_C_ @@ -155,6 +155,9 @@ init_attributes(void) } else if (!strcmp(p, "AT_MD5_DP")) { attrib[0] = AT_MD5_DP; attrib[1] = 0; + } else if (!strcmp(p, "AT_SHA1_DP")) { + attrib[0] = AT_SHA1_DP; + attrib[1] = 0; } else if (!strcmp(p, "AT_MD5_KDP")) { attrib[0] = AT_MD5_KDP; attrib[1] = 0; diff --git a/sbin/ipsec/photurisd/cookie.c b/sbin/ipsec/photurisd/cookie.c index 70991e525e2..b1392431d7a 100644 --- a/sbin/ipsec/photurisd/cookie.c +++ b/sbin/ipsec/photurisd/cookie.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: cookie.c,v 1.1 1997/07/18 22:48:48 provos Exp $"; +static char rcsid[] = "$Id: cookie.c,v 1.2 1997/07/24 23:47:10 provos Exp $"; #endif #define _COOKIE_C_ @@ -69,7 +69,8 @@ secret_generate(u_int8_t *secret, u_int16_t size) } int -cookie_generate(struct stateob *st, u_int8_t *cookie, u_int16_t size) +cookie_generate(struct stateob *st, u_int8_t *cookie, u_int16_t size, + u_int8_t *data, u_int16_t dsize) { MD5_CTX ctx; u_int8_t digest[16]; @@ -91,6 +92,10 @@ cookie_generate(struct stateob *st, u_int8_t *cookie, u_int16_t size) MD5Update(&ctx, secret, SECRET_SIZE); MD5Update(&ctx, st->icookie, COOKIE_SIZE); + /* For the responder cookie we also hash the schemes */ + if (data != NULL && dsize) + MD5Update(&ctx, data, dsize); + MD5Final(digest, &ctx); bcopy(digest, cookie, size); diff --git a/sbin/ipsec/photurisd/cookie.h b/sbin/ipsec/photurisd/cookie.h index 3da8ee490c9..8d9d8df83dc 100644 --- a/sbin/ipsec/photurisd/cookie.h +++ b/sbin/ipsec/photurisd/cookie.h @@ -27,7 +27,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: cookie.h,v 1.1 1997/07/18 22:48:48 provos Exp $ */ +/* $Id: cookie.h,v 1.2 1997/07/24 23:47:11 provos Exp $ */ /* * cookie.h: * cookie generation header file @@ -51,5 +51,6 @@ static u_int8_t rsecret[SECRET_SIZE]; /* Responder secret */ EXTERN void reset_secret(void); EXTERN int secret_generate(u_int8_t *secret, u_int16_t size); EXTERN int cookie_generate(struct stateob *st, - u_int8_t *cookie, u_int16_t size); + u_int8_t *cookie, u_int16_t size, + u_int8_t *data, u_int16_t dsize); #endif diff --git a/sbin/ipsec/photurisd/exchange.c b/sbin/ipsec/photurisd/exchange.c index 0198bda91e1..9340c5eee5c 100644 --- a/sbin/ipsec/photurisd/exchange.c +++ b/sbin/ipsec/photurisd/exchange.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: exchange.c,v 1.1 1997/07/18 22:48:48 provos Exp $"; +static char rcsid[] = "$Id: exchange.c,v 1.2 1997/07/24 23:47:11 provos Exp $"; #endif #define _EXCHANGE_C_ @@ -205,6 +205,35 @@ mpz_to_varpre(u_int8_t *value, u_int16_t *size, mpz_t p, mpz_t gbits) return 0; } + +int +exchange_check_value(mpz_t exchange, mpz_t gen, mpz_t mod) +{ + size_t bits; + mpz_t test; + + bits = mpz_sizeinbase(mod, 2); + if (mpz_sizeinbase(mod, 2) < bits/2) + return 0; + + mpz_init(test); + mpz_sub_ui(test, gen, 1); + if (!mpz_cmp(exchange,test)) { + mpz_clear(test); + return 0; + } + mpz_set_ui(test, 1); + if (!mpz_cmp(exchange,test)) { + mpz_clear(test); + return 0; + } + + /* XXX - more tests need to go here */ + + mpz_clear(test); + return 1; +} + /* * Finds to a given modulus and generator cached information * which is used to create the private value and exchange value @@ -284,13 +313,24 @@ exchange_make_values(struct stateob *st, mpz_t modulus, mpz_t generator) if (p->exchangevalue == NULL) { mpz_t tmp, bits; - mpz_init(tmp); - mpz_powm(tmp, p->generator, p->private_value, p->modulus); - mpz_init(bits); mod = scheme_get_mod(st->scheme); varpre_get_number_bits(bits, mod); + mpz_init(tmp); + + mpz_powm(tmp, p->generator, p->private_value, p->modulus); + + /* + * If our exchange value is defective we need to make a new one + * to avoid subgroup confinement. + */ + while (!exchange_check_value(tmp, p->generator, p->modulus)) { + make_random_mpz(p->private_value, bits); + mpz_powm(tmp, p->generator, p->private_value, p->modulus); + } + + p->exchangesize = BUFFER_SIZE; mpz_to_varpre(buffer, &(p->exchangesize), tmp, bits); @@ -306,48 +346,69 @@ exchange_make_values(struct stateob *st, mpz_t modulus, mpz_t generator) mpz_clear(tmp); } } + if (st->exchangevalue != NULL) + free(st->exchangevalue); + st->exchangevalue = calloc(p->exchangesize, sizeof(u_int8_t)); + if (st->exchangevalue == NULL) { + log_error(1, "calloc() in exchange_make_values()"); + return -1; + } + bcopy(p->exchangevalue, st->exchangevalue, p->exchangesize); + st->exchangesize = p->exchangesize; mpz_set(st->modulus, p->modulus); mpz_set(st->generator, p->generator); return 0; } -/* - * Generates the exchange values needed for the value_request - * and value_response packets. - */ - int -exchange_value_generate(struct stateob *st, u_int8_t *value, u_int16_t *size) +exchange_set_generator(mpz_t generator, u_int8_t *scheme, u_int8_t *gen) { - mpz_t modulus,generator; - struct moduli_cache *p; - u_int8_t *varpre; - - switch (ntohs(*((u_int16_t *) st->scheme))) { + switch (ntohs(*((u_int16_t *)scheme))) { case DH_G_2_MD5: /* DH: Generator of 2 */ case DH_G_2_DES_MD5: /* DH: Generator of 2 + privacy */ case DH_G_2_3DES_SHA1: - mpz_init_set_ui(generator,2); + mpz_set_ui(generator,2); break; case DH_G_3_MD5: case DH_G_3_DES_MD5: case DH_G_3_3DES_SHA1: - mpz_init_set_ui(generator,3); + mpz_set_ui(generator,3); break; case DH_G_5_MD5: case DH_G_5_DES_MD5: case DH_G_5_3DES_SHA1: - mpz_init_set_ui(generator,5); + mpz_set_ui(generator,5); break; default: - log_error(0, "Unsupported exchange scheme: %d\n", - *((u_int16_t *)st->scheme)); + log_error(0, "Unsupported exchange scheme %d", + *((u_int16_t *)scheme)); return -1; } + return 0; +} + +/* + * Generates the exchange values needed for the value_request + * and value_response packets. + */ + +int +exchange_value_generate(struct stateob *st, u_int8_t *value, u_int16_t *size) +{ + mpz_t modulus,generator; + struct moduli_cache *p; + u_int8_t *varpre; if ((varpre = scheme_get_mod(st->scheme)) == NULL) return -1; + mpz_init(generator); + if (exchange_set_generator(generator, st->scheme, + scheme_get_gen(st->scheme)) == -1) { + mpz_clear(generator); + return -1; + } + mpz_init_set_varpre(modulus, varpre); if(exchange_make_values(st, modulus, generator) == -1) { diff --git a/sbin/ipsec/photurisd/exchange.h b/sbin/ipsec/photurisd/exchange.h index 0d806cd754f..c8e86a8c994 100644 --- a/sbin/ipsec/photurisd/exchange.h +++ b/sbin/ipsec/photurisd/exchange.h @@ -27,7 +27,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: exchange.h,v 1.1 1997/07/18 22:48:49 provos Exp $ */ +/* $Id: exchange.h,v 1.2 1997/07/24 23:47:12 provos Exp $ */ /* * exchange.h: * exchange generation header file @@ -50,6 +50,8 @@ EXTERN u_int8_t *mpz_set_varpre(mpz_t a, u_int8_t *varpre); EXTERN u_int8_t *mpz_init_set_varpre(mpz_t a, u_int8_t *varpre); EXTERN void mpz_get_number_bits(mpz_t rop, mpz_t p); EXTERN int mpz_to_varpre(u_int8_t *value, u_int16_t *size, mpz_t p, mpz_t bits); +EXTERN int exchange_set_generator(mpz_t, u_int8_t *, u_int8_t *); +EXTERN int exchange_check_value(mpz_t, mpz_t, mpz_t); EXTERN int exchange_make_values(struct stateob *, mpz_t, mpz_t ); EXTERN int exchange_value_generate(struct stateob *, u_int8_t *, u_int16_t *); diff --git a/sbin/ipsec/photurisd/handle_value_request.c b/sbin/ipsec/photurisd/handle_value_request.c index c16ac7d17b4..4abd1f3402e 100644 --- a/sbin/ipsec/photurisd/handle_value_request.c +++ b/sbin/ipsec/photurisd/handle_value_request.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: handle_value_request.c,v 1.2 1997/07/22 11:18:23 provos Exp $"; +static char rcsid[] = "$Id: handle_value_request.c,v 1.3 1997/07/24 23:47:13 provos Exp $"; #endif #include <stdio.h> @@ -65,6 +65,7 @@ handle_value_request(u_char *packet, int size, { struct value_request *header; struct stateob *st; + mpz_t test, gen, mod; u_int8_t *p, *modp, *refp, *genp = NULL; u_int16_t i, sstart, vsize, asize, modsize, modflag; u_int8_t scheme_ref[2]; @@ -85,7 +86,7 @@ handle_value_request(u_char *packet, int size, tempst.port = global_port; tempst.counter = header->counter; - cookie_generate(&tempst, rcookie, COOKIE_SIZE); + cookie_generate(&tempst, rcookie, COOKIE_SIZE, schemes, ssize); /* Check for invalid cookie */ if (bcmp(rcookie, header->rcookie, COOKIE_SIZE)) { @@ -147,6 +148,21 @@ handle_value_request(u_char *packet, int size, if (asize + i != size) return -1; /* attributes dont match udp length */ + /* now check the exchange value */ + mpz_init_set_varpre(test, VALUE_REQUEST_VALUE(header)); + mpz_init_set_varpre(mod, modp); + mpz_init(gen); + if (exchange_set_generator(gen, header->scheme, genp) == -1 || + !exchange_check_value(test, gen, mod)) { + mpz_clear(test); + mpz_clear(gen); + mpz_clear(mod); + return 0; + } + mpz_clear(test); + mpz_clear(gen); + mpz_clear(mod); + if ((st = state_new()) == NULL) return -1; diff --git a/sbin/ipsec/photurisd/handle_value_response.c b/sbin/ipsec/photurisd/handle_value_response.c index 1fcf263bca8..34311281236 100644 --- a/sbin/ipsec/photurisd/handle_value_response.c +++ b/sbin/ipsec/photurisd/handle_value_response.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: handle_value_response.c,v 1.1 1997/07/18 22:48:50 provos Exp $"; +static char rcsid[] = "$Id: handle_value_response.c,v 1.2 1997/07/24 23:47:14 provos Exp $"; #endif #include <stdlib.h> @@ -64,6 +64,7 @@ handle_value_response(u_char *packet, int size, char *address, { struct value_response *header; struct stateob *st; + mpz_t test; u_int8_t *p; u_int16_t i, asize; @@ -94,6 +95,14 @@ handle_value_response(u_char *packet, int size, char *address, if (asize + i != size) return -1; /* attributes dont match udp length */ + /* Now check the exchange value for defects */ + mpz_init_set_varpre(test, VALUE_RESPONSE_VALUE(header)); + if (!exchange_check_value(test, st->generator, st->modulus)) { + mpz_clear(test); + return 0; + } + mpz_clear(test); + /* Fill the state object */ st->uSPIoattrib = calloc(i, sizeof(u_int8_t)); if (st->uSPIoattrib == NULL) { diff --git a/sbin/ipsec/photurisd/identity.c b/sbin/ipsec/photurisd/identity.c index 2b015be02ab..6b905929d92 100644 --- a/sbin/ipsec/photurisd/identity.c +++ b/sbin/ipsec/photurisd/identity.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: identity.c,v 1.2 1997/07/23 12:28:50 provos Exp $"; +static char rcsid[] = "$Id: identity.c,v 1.3 1997/07/24 23:47:15 provos Exp $"; #endif #define _IDENTITY_C_ @@ -69,6 +69,25 @@ static char rcsid[] = "$Id: identity.c,v 1.2 1997/07/23 12:28:50 provos Exp $"; static struct identity *idob = NULL; +static union { + MD5_CTX md5ctx; + SHA1_CTX sha1ctx; +} Ctx; + +/* Identity transforms */ +/* XXX - argh, cast the funtions */ + +static struct idxform idxform[] = { + { AT_MD5_DP, MD5_SIZE, (void *)&Ctx.md5ctx, + (void (*)(void *))MD5Init, + (void (*)(void *, unsigned char *, unsigned int))MD5Update, + (void (*)(unsigned char *, void *))MD5Final }, + { AT_SHA1_DP, SHA1_SIZE, (void *)&Ctx.sha1ctx, + (void (*)(void *))SHA1Init, + (void (*)(void *, unsigned char *, unsigned int))SHA1Update, + (void (*)(unsigned char *, void *))SHA1Final }, +}; + int init_identities(char *name, struct identity *root) { @@ -368,11 +387,12 @@ choose_identity(struct stateob *st, u_int8_t *packet, u_int16_t *size, int mode = 0; rsize = *size; - /* XXX - we only have one identity choice at the moment. */ + /* XXX - preference of identity choice ? */ tmp = 0; while(attribsize>0 && !tmp) { switch(*attributes) { case AT_MD5_DP: + case AT_SHA1_DP: tmp = 1; break; default: @@ -409,7 +429,7 @@ choose_identity(struct stateob *st, u_int8_t *packet, u_int16_t *size, packet += asize; - /* Chooses identity and secrets for Owner and User */ + /* Choose identity and secrets for Owner and User */ if (st->uSPIsecret == NULL && st->uSPIident != NULL) mode |= ID_REMOTE; if (st->oSPIsecret == NULL) @@ -436,6 +456,8 @@ get_identity_verification_size(struct stateob *st, u_int8_t *choice) switch(*choice) { case AT_MD5_DP: return (128/8)+2; + case AT_SHA1_DP: + return (160/8)+2; default: log_error(0, "Unknown identity choice: %d\n", *choice); return 0; @@ -446,16 +468,20 @@ int create_identity_verification(struct stateob *st, u_int8_t *buffer, u_int8_t *packet, u_int16_t size) { - int hash_size; - switch(*(st->oSPIidentchoice)) { - case AT_MD5_DP: - hash_size = MD5idsign(st, buffer+2, packet, size); - break; - default: - log_error(0, "Unknown identity choice: %d\n", + int hash_size, i; + + for (i=0; i<sizeof(idxform)/sizeof(idxform[0]); i++) + if (*(st->oSPIidentchoice) == idxform[i].type) + break; + + if (i == sizeof(idxform)/sizeof(idxform[0])) { + log_error(0, "Unknown identity choice: %d", *(st->oSPIidentchoice)); return 0; } + + hash_size = idsign(st, &idxform[i], buffer+2, packet,size); + if(hash_size) { /* Create varpre number from digest */ buffer[0] = hash_size >> 5 & 0xFF; @@ -480,54 +506,56 @@ int verify_identity_verification(struct stateob *st, u_int8_t *buffer, u_int8_t *packet, u_int16_t size) { - switch(*(st->uSPIidentchoice)) { - case AT_MD5_DP: - if (varpre2octets(buffer) != 18) - return 0; - return MD5idverify(st, buffer+2, packet, size); - default: - log_error(0, "Unknown identity choice %d in verify_identity_verification()", - *(st->uSPIidentchoice)); - return 0; - } + int i; + + for (i=0; i<sizeof(idxform)/sizeof(idxform[0]); i++) + if (*(st->uSPIidentchoice) == idxform[i].type) + break; + + if (i == sizeof(idxform)/sizeof(idxform[0])) { + log_error(0, "Unknown identity choice %d in verify_identity_verification()", + *(st->uSPIidentchoice)); + return 0; + } + + if (varpre2octets(buffer) != idxform[i].hashsize +2) + return 0; + return idverify(st, &idxform[i], buffer+2, packet, size); } int -MD5idsign(struct stateob *st, u_int8_t *signature, - u_int8_t *packet, u_int16_t psize) +idsign(struct stateob *st, struct idxform *hash, u_int8_t *signature, + u_int8_t *packet, u_int16_t psize) { - MD5_CTX ctx; - struct moduli_cache *mod; struct identity_message *p; - MD5Init(&ctx); + hash->Init(hash->ctx); - MD5Update(&ctx, st->shared, st->sharedsize); + hash->Update(hash->ctx, st->shared, st->sharedsize); - MD5Update(&ctx, st->icookie, COOKIE_SIZE); - MD5Update(&ctx, st->rcookie, COOKIE_SIZE); - MD5Update(&ctx, st->roschemes, st->roschemesize); + hash->Update(hash->ctx, st->icookie, COOKIE_SIZE); + hash->Update(hash->ctx, st->rcookie, COOKIE_SIZE); + hash->Update(hash->ctx, st->roschemes, st->roschemesize); /* Our exchange value */ - mod = mod_find_modgen(st->modulus, st->generator); - MD5Update(&ctx, mod->exchangevalue, mod->exchangesize); - MD5Update(&ctx, st->oSPIoattrib, st->oSPIoattribsize); - MD5Update(&ctx, st->oSPIident, strlen(st->oSPIident)); - MD5Update(&ctx, st->oSPIsecret, st->oSPIsecretsize); + hash->Update(hash->ctx, st->exchangevalue, st->exchangesize); + hash->Update(hash->ctx, st->oSPIoattrib, st->oSPIoattribsize); + hash->Update(hash->ctx, st->oSPIident, strlen(st->oSPIident)); + hash->Update(hash->ctx, st->oSPIsecret, st->oSPIsecretsize); /* Their exchange value */ - MD5Update(&ctx, st->texchange, st->texchangesize); - MD5Update(&ctx, st->uSPIoattrib, st->uSPIoattribsize); + hash->Update(hash->ctx, st->texchange, st->texchangesize); + hash->Update(hash->ctx, st->uSPIoattrib, st->uSPIoattribsize); if(st->uSPIident != NULL) { - MD5Update(&ctx, st->uSPIident, strlen(st->uSPIident)); - MD5Update(&ctx, st->uSPIsecret, st->uSPIsecretsize); + hash->Update(hash->ctx, st->uSPIident, strlen(st->uSPIident)); + hash->Update(hash->ctx, st->uSPIsecret, st->uSPIsecretsize); } /* Hash type, lifetime + spi fields */ p = (struct identity_message *)packet; - MD5Update(&ctx, (char *)&(p->type), IDENTITY_MESSAGE_MIN - 2*COOKIE_SIZE); + hash->Update(hash->ctx, (char *)&(p->type), IDENTITY_MESSAGE_MIN - 2*COOKIE_SIZE); /* Hash attribute choice, padding */ packet += IDENTITY_MESSAGE_MIN; @@ -536,77 +564,76 @@ MD5idsign(struct stateob *st, u_int8_t *signature, psize -= varpre2octets(packet) + 2 + MD5_SIZE; packet += varpre2octets(packet) + 2 + MD5_SIZE; - MD5Update(&ctx, packet, psize); + hash->Update(hash->ctx, packet, psize); /* Data fill */ - MD5Final(NULL, &ctx); + hash->Final(NULL, hash->ctx); /* And finally the trailing key */ - MD5Update(&ctx, st->shared, st->sharedsize); + hash->Update(hash->ctx, st->shared, st->sharedsize); - MD5Final(signature, &ctx); + hash->Final(signature, hash->ctx); - return MD5_SIZE; + return hash->hashsize; } int -MD5idverify(struct stateob *st, u_int8_t *signature, - u_int8_t *packet, u_int16_t psize) +idverify(struct stateob *st, struct idxform *hash, u_int8_t *signature, + u_int8_t *packet, u_int16_t psize) { - MD5_CTX ctx; - u_int8_t digest[16]; - struct moduli_cache *mod; + u_int8_t digest[20]; /* XXX - needs adjusting */ struct identity_message *p; p = (struct identity_message *)packet; - MD5Init(&ctx); + hash->Init(hash->ctx); /* Our shared secret */ - MD5Update(&ctx, st->shared, st->sharedsize); + hash->Update(hash->ctx, st->shared, st->sharedsize); - MD5Update(&ctx, st->icookie, COOKIE_SIZE); - MD5Update(&ctx, st->rcookie, COOKIE_SIZE); - MD5Update(&ctx, st->roschemes, st->roschemesize); + hash->Update(hash->ctx, st->icookie, COOKIE_SIZE); + hash->Update(hash->ctx, st->rcookie, COOKIE_SIZE); + hash->Update(hash->ctx, st->roschemes, st->roschemesize); /* Their exchange value */ - MD5Update(&ctx, st->texchange, st->texchangesize); - MD5Update(&ctx, st->uSPIoattrib, st->uSPIoattribsize); - MD5Update(&ctx, st->uSPIident, strlen(st->uSPIident)); - MD5Update(&ctx, st->uSPIsecret, st->uSPIsecretsize); + hash->Update(hash->ctx, st->texchange, st->texchangesize); + hash->Update(hash->ctx, st->uSPIoattrib, st->uSPIoattribsize); + hash->Update(hash->ctx, st->uSPIident, strlen(st->uSPIident)); + hash->Update(hash->ctx, st->uSPIsecret, st->uSPIsecretsize); /* Our exchange value */ - mod = mod_find_modgen(st->modulus, st->generator); - MD5Update(&ctx, mod->exchangevalue, mod->exchangesize); - MD5Update(&ctx, st->oSPIoattrib, st->oSPIoattribsize); + hash->Update(hash->ctx, st->exchangevalue, st->exchangesize); + hash->Update(hash->ctx, st->oSPIoattrib, st->oSPIoattribsize); /* Determine if the sender knew our secret already */ if(p->type != IDENTITY_REQUEST) { - MD5Update(&ctx, st->oSPIident, strlen(st->oSPIident)); - MD5Update(&ctx, st->oSPIsecret, st->oSPIsecretsize); + hash->Update(hash->ctx, st->oSPIident, strlen(st->oSPIident)); + hash->Update(hash->ctx, st->oSPIsecret, st->oSPIsecretsize); } /* Hash type, lifetime + spi fields */ - MD5Update(&ctx, (char *)&(p->type), IDENTITY_MESSAGE_MIN - 2*COOKIE_SIZE); + hash->Update(hash->ctx, (char *)&(p->type), IDENTITY_MESSAGE_MIN - 2*COOKIE_SIZE); packet += IDENTITY_MESSAGE_MIN; psize -= IDENTITY_MESSAGE_MIN + packet[1] + 2; packet += packet[1] + 2; psize -= varpre2octets(packet) + 2 + MD5_SIZE; packet += varpre2octets(packet) + 2 + MD5_SIZE; - MD5Update(&ctx, packet, psize); + hash->Update(hash->ctx, packet, psize); /* Data fill */ - MD5Final(NULL, &ctx); + hash->Final(NULL, hash->ctx); /* And finally the trailing key */ - MD5Update(&ctx, st->shared, st->sharedsize); + hash->Update(hash->ctx, st->shared, st->sharedsize); - MD5Final(digest, &ctx); + hash->Final(digest, hash->ctx); - return !bcmp(digest, signature, MD5_SIZE); + return !bcmp(digest, signature, hash->hashsize); } +/* Functions for handling the linked list of identities */ + int identity_insert(struct identity **idob, struct identity *ob) { diff --git a/sbin/ipsec/photurisd/identity.h b/sbin/ipsec/photurisd/identity.h index 0b6d3d69459..8e26d7223fa 100644 --- a/sbin/ipsec/photurisd/identity.h +++ b/sbin/ipsec/photurisd/identity.h @@ -74,6 +74,15 @@ struct identity { #define MD5_SIZE 16 #define SHA1_SIZE 20 +struct idxform { + u_int8_t type; /* Type of the transform */ + u_int8_t hashsize; /* Size of the hash */ + void *ctx; /* Pointer to a context */ + void (*Init)(void *); + void (*Update)(void *, unsigned char *, unsigned int); + void (*Final)(unsigned char *, void *); +}; + int init_identities(char *name, struct identity *ob); int identity_insert(struct identity **idob, struct identity *ob); int identity_unlink(struct identity **idob, struct identity *ob); @@ -92,6 +101,8 @@ int create_identity_verification(struct stateob *st, u_int8_t *buffer, int verify_identity_verification(struct stateob *st, u_int8_t *buffer, u_int8_t *packet, u_int16_t size); -int MD5idsign(struct stateob *, u_int8_t *, u_int8_t *, u_int16_t); -int MD5idverify(struct stateob *, u_int8_t *, u_int8_t *, u_int16_t); +int idsign(struct stateob *, struct idxform *, u_int8_t *, + u_int8_t *, u_int16_t); +int idverify(struct stateob *, struct idxform *, u_int8_t *, + u_int8_t *, u_int16_t); #endif diff --git a/sbin/ipsec/photurisd/photuris_cookie_request.c b/sbin/ipsec/photurisd/photuris_cookie_request.c index ac1922e1ca7..d1b279dc0c2 100644 --- a/sbin/ipsec/photurisd/photuris_cookie_request.c +++ b/sbin/ipsec/photurisd/photuris_cookie_request.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: photuris_cookie_request.c,v 1.1 1997/07/18 22:48:49 provos Exp $"; +static char rcsid[] = "$Id: photuris_cookie_request.c,v 1.2 1997/07/24 23:47:16 provos Exp $"; #endif #include <stdio.h> @@ -83,7 +83,7 @@ photuris_cookie_request(struct stateob *st, u_char *buffer, int *size) } } - cookie_generate(st, st->icookie, COOKIE_SIZE); + cookie_generate(st, st->icookie, COOKIE_SIZE, NULL, 0); st->phase = COOKIE_REQUEST; st->lifetime = exchange_timeout + time(NULL); diff --git a/sbin/ipsec/photurisd/photuris_cookie_response.c b/sbin/ipsec/photurisd/photuris_cookie_response.c index 0a8230dc600..45fa28f17ba 100644 --- a/sbin/ipsec/photurisd/photuris_cookie_response.c +++ b/sbin/ipsec/photurisd/photuris_cookie_response.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: photuris_cookie_response.c,v 1.2 1997/07/22 11:18:23 provos Exp $"; +static char rcsid[] = "$Id: photuris_cookie_response.c,v 1.3 1997/07/24 23:47:17 provos Exp $"; #endif #include <stdio.h> @@ -83,7 +83,7 @@ photuris_cookie_response(struct stateob *st, u_char *buffer, int *size, if (tempst.counter == 0) tempst.counter = 1; - cookie_generate(&tempst, header->rcookie, COOKIE_SIZE); + cookie_generate(&tempst, header->rcookie, COOKIE_SIZE, schemes, ssize); header->counter = tempst.counter; diff --git a/sbin/ipsec/photurisd/photurisd.1 b/sbin/ipsec/photurisd/photurisd.1 index a8760128b43..1c4f3a5fc37 100644 --- a/sbin/ipsec/photurisd/photurisd.1 +++ b/sbin/ipsec/photurisd/photurisd.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: photurisd.1,v 1.5 1997/07/23 12:28:53 provos Exp $ +.\" $OpenBSD: photurisd.1,v 1.6 1997/07/24 23:47:18 provos Exp $ .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -37,7 +37,7 @@ .Nd IPSec key management daemon .Sh SYNOPSIS .Nm photurisd -.Op Fl fi +.Op Fl ci .Op Fl d Ar directory .Sh DESCRIPTION The @@ -53,10 +53,10 @@ socket for kernel requests. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl f +.It Fl c The -.Fl f -option is used to obmit the primality check of the bootstrapped moduli. +.Fl c +option is used to force a primality check of the bootstrapped moduli. .It Fl i The .Fl i @@ -112,7 +112,23 @@ They are followed by an integer. The file .Pa attributes.conf contains the attributes, i.e. different choices of encryption -and authenication, offered to the other peer. +and authenication, offered to the other peer. If a line starts with an ip +address and a space seperated netmask the following attributes are only +offered to hosts lying in that net range. Possible attributes are: +.Bl -tag -width AT_ESP_ATTRIB -offset indent +.It AT_AH_ATTRIB +Starts the list of authentication attributes. +.It AT_ESP_ATTRIB +Starts the list of encryption attributes. +.It AT_MD5_DP +MD5 symmetric identification. This attribute must be offered. +.It AT_SHA1_DP +SHA1 symmetric identification. +.It AT_MD5_KDP +Simple MD5 keyed authentication. +.It AT_DES_CBC +DES CBC encryption. +.El .Pp The file .Pa secrets.conf @@ -129,13 +145,15 @@ The keywords .Nm port , .Nm options , .Nm tsrc , -.Nm tdsr +.Nm tdsr , +.Nm exchange_lifetime , +.Nm spi_lifetime and .Nm user are understood in the .Pa photuris.startup file. The values are as follows: -.Bl -tag -width options -offset indent +.Bl -tag -width exchange_lifetime -offset indent .It dst The destination IP address with which the exchange is to be established. .It port @@ -153,6 +171,11 @@ for the tunnel to be created. .It tdst The destination address with netmask for which packets are accepted for the tunnel being created. +.It exchange_lifetime +Determines the lifetime of the exchange. After an exchange expires +no new SPIs are created. +.It spi_lifetime +Determines the lifetime of each created SPI in the exchange. .It user The user name for whom the keying shall be done. Preconfigured secrets are taken from the users secret file. diff --git a/sbin/ipsec/photurisd/photurisd.c b/sbin/ipsec/photurisd/photurisd.c index 3e19ec0c8b3..485e26a384c 100644 --- a/sbin/ipsec/photurisd/photurisd.c +++ b/sbin/ipsec/photurisd/photurisd.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: photurisd.c,v 1.2 1997/07/23 12:28:53 provos Exp $"; +static char rcsid[] = "$Id: photurisd.c,v 1.3 1997/07/24 23:47:18 provos Exp $"; #endif #define _PHOTURIS_C_ @@ -67,8 +67,8 @@ usage(void) { FILE *f = stderr; - fprintf(f, "usage: photurisd [-fi] [-d directory]\n"); - fprintf(f, "\t-f don't check primes on startup\n"); + fprintf(f, "usage: photurisd [-ci] [-d directory]\n"); + fprintf(f, "\t-c check primes on startup\n"); fprintf(f, "\t-t ignore startup file %s\n", PHOTURIS_STARTUP); fprintf(f, "\t-d specifies the startup dir\n"); exit(1); @@ -110,15 +110,15 @@ init_vars(void) void main(int argc, char **argv) { int ch; - int primes = 1, ignore = 0; + int primes = 0, ignore = 0; char *dir = PHOTURIS_DIR; daemon_mode = 0; - while ((ch = getopt(argc, argv, "fid:")) != -1) + while ((ch = getopt(argc, argv, "cid:")) != -1) switch((char)ch) { - case 'f': - primes = 0; + case 'c': + primes = 1; break; case 'i': ignore = 1; diff --git a/sbin/ipsec/photurisd/state.c b/sbin/ipsec/photurisd/state.c index 0d7a1f2d6be..6256c8275c4 100644 --- a/sbin/ipsec/photurisd/state.c +++ b/sbin/ipsec/photurisd/state.c @@ -113,6 +113,8 @@ state_value_reset(struct stateob *ob) if (ob->texchange != NULL) free(ob->texchange); + if (ob->exchangevalue != NULL) + free(ob->exchangevalue); if (ob->roschemes != NULL) free(ob->roschemes); diff --git a/sbin/ipsec/photurisd/state.h b/sbin/ipsec/photurisd/state.h index ddd59eaf0fe..823ea69c44e 100644 --- a/sbin/ipsec/photurisd/state.h +++ b/sbin/ipsec/photurisd/state.h @@ -27,7 +27,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: state.h,v 1.2 1997/07/23 12:28:56 provos Exp $ */ +/* $Id: state.h,v 1.3 1997/07/24 23:47:20 provos Exp $ */ /* * state.h: * state object @@ -112,6 +112,8 @@ struct stateob { mpz_t generator; /* Generator for look up in cache */ u_int8_t *texchange; /* Their exchange value */ u_int16_t texchangesize; + u_int8_t *exchangevalue; /* Our exchange value */ + u_int16_t exchangesize; u_int8_t *shared; /* Shared secret */ u_int16_t sharedsize; diff --git a/sbin/ipsec/startkey/startkey.1 b/sbin/ipsec/startkey/startkey.1 index 689d2e2254d..b08d7b4b796 100644 --- a/sbin/ipsec/startkey/startkey.1 +++ b/sbin/ipsec/startkey/startkey.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: startkey.1,v 1.2 1997/07/23 12:28:57 provos Exp $ +.\" $OpenBSD: startkey.1,v 1.3 1997/07/24 23:47:21 provos Exp $ .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -61,7 +61,9 @@ The options .Nm port , .Nm options , .Nm tsrc , -.Nm tdsr +.Nm tdsr , +.Nm exchange_lifetime , +.Nm spi_lifetime and .Nm user are understood by the daemon. @@ -84,6 +86,11 @@ for the tunnel to be created. .It tdst The destination address with netmask for which packets are accepted for the tunnel being created. +.It exchange_lifetime +Determines the lifetime of the exchange. After an exchange expires +no new SPIs are created. +.It spi_lifetime +Determines the lifetime of each created SPI in the exchange. .It user The user name for whom the keying shall be done. Preconfigured secrets are taken from the users secret file. |