diff options
Diffstat (limited to 'keyexchange/isakmpd-20041012/isakmp_doi.c')
-rw-r--r-- | keyexchange/isakmpd-20041012/isakmp_doi.c | 264 |
1 files changed, 0 insertions, 264 deletions
diff --git a/keyexchange/isakmpd-20041012/isakmp_doi.c b/keyexchange/isakmpd-20041012/isakmp_doi.c deleted file mode 100644 index 2fc8c1d..0000000 --- a/keyexchange/isakmpd-20041012/isakmp_doi.c +++ /dev/null @@ -1,264 +0,0 @@ -/* $OpenBSD: isakmp_doi.c,v 1.22 2004/06/20 17:17:35 ho Exp $ */ -/* $EOM: isakmp_doi.c,v 1.42 2000/09/12 16:29:41 ho Exp $ */ - -/* - * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -/* - * XXX This DOI is very fuzzily defined, and should perhaps be short-circuited - * to the IPsec DOI instead. At the moment I will have it as its own DOI, - * as the ISAKMP architecture seems to imply it should be done like this. - */ - -#include <sys/types.h> - -#include "sysdep.h" - -#include "doi.h" -#include "exchange.h" -#include "isakmp.h" -#include "isakmp_doi.h" -#include "ipsec.h" -#include "log.h" -#include "message.h" -#include "sa.h" -#include "util.h" - -#ifdef USE_DEBUG -static int isakmp_debug_attribute(u_int16_t, u_int8_t *, u_int16_t, - void *); -#endif -static void isakmp_finalize_exchange(struct message *); -static struct keystate *isakmp_get_keystate(struct message *); -static int isakmp_initiator(struct message *); -static int isakmp_responder(struct message *); -static void isakmp_setup_situation(u_int8_t *); -static size_t isakmp_situation_size(void); -static u_int8_t isakmp_spi_size(u_int8_t); -static int isakmp_validate_attribute(u_int16_t, u_int8_t *, u_int16_t, - void *); -static int isakmp_validate_exchange(u_int8_t); -static int isakmp_validate_id_information(u_int8_t, u_int8_t *, - u_int8_t *, size_t, struct exchange *); -static int isakmp_validate_key_information(u_int8_t *, size_t); -static int isakmp_validate_notification(u_int16_t); -static int isakmp_validate_proto(u_int8_t); -static int isakmp_validate_situation(u_int8_t *, size_t *, size_t); -static int isakmp_validate_transform_id(u_int8_t, u_int8_t); - -static struct doi isakmp_doi = { - {0}, ISAKMP_DOI_ISAKMP, 0, 0, 0, -#ifdef USE_DEBUG - isakmp_debug_attribute, -#endif - 0, /* delete_spi not needed. */ - 0, /* exchange_script not needed. */ - isakmp_finalize_exchange, - 0, /* free_exchange_data not needed. */ - 0, /* free_proto_data not needed. */ - 0, /* free_sa_data not needed. */ - isakmp_get_keystate, - 0, /* get_spi not needed. */ - 0, /* handle_leftover_payload not needed. */ - 0, /* informational_post_hook not needed. */ - 0, /* informational_pre_hook not needed. */ - 0, /* XXX need maybe be filled-in. */ - 0, /* proto_init not needed. */ - isakmp_setup_situation, - isakmp_situation_size, - isakmp_spi_size, - isakmp_validate_attribute, - isakmp_validate_exchange, - isakmp_validate_id_information, - isakmp_validate_key_information, - isakmp_validate_notification, - isakmp_validate_proto, - isakmp_validate_situation, - isakmp_validate_transform_id, - isakmp_initiator, - isakmp_responder, -#ifdef USE_DEBUG - ipsec_decode_ids -#endif -}; - -/* Requires doi_init to already have been called. */ -void -isakmp_doi_init(void) -{ - doi_register(&isakmp_doi); -} - -#ifdef USE_DEBUG -int -isakmp_debug_attribute(u_int16_t type, u_int8_t *value, u_int16_t len, - void *vmsg) -{ - /* XXX Not implemented yet. */ - return 0; -} -#endif /* USE_DEBUG */ - -static void -isakmp_finalize_exchange(struct message *msg) -{ -} - -static struct keystate * -isakmp_get_keystate(struct message *msg) -{ - return 0; -} - -static void -isakmp_setup_situation(u_int8_t *buf) -{ - /* Nothing to do. */ -} - -static size_t -isakmp_situation_size(void) -{ - return 0; -} - -static u_int8_t -isakmp_spi_size(u_int8_t proto) -{ - /* One way to specify ISAKMP SPIs is to say they're zero-sized. */ - return 0; -} - -static int -isakmp_validate_attribute(u_int16_t type, u_int8_t *value, u_int16_t len, - void *vmsg) -{ - /* XXX Not implemented yet. */ - return -1; -} - -static int -isakmp_validate_exchange(u_int8_t exch) -{ - /* If we get here the exchange is invalid. */ - return -1; -} - -static int -isakmp_validate_id_information(u_int8_t type, u_int8_t *extra, u_int8_t *buf, - size_t sz, struct exchange *exchange) -{ - return zero_test(extra, ISAKMP_ID_DOI_DATA_LEN); -} - -static int -isakmp_validate_key_information(u_int8_t *buf, size_t sz) -{ - /* Nothing to do. */ - return 0; -} - -static int -isakmp_validate_notification(u_int16_t type) -{ - /* If we get here the message type is invalid. */ - return -1; -} - -static int -isakmp_validate_proto(u_int8_t proto) -{ - /* If we get here the protocol is invalid. */ - return -1; -} - -static int -isakmp_validate_situation(u_int8_t *buf, size_t *sz, size_t len) -{ - /* There are no situations in the ISAKMP DOI. */ - *sz = 0; - return 0; -} - -static int -isakmp_validate_transform_id(u_int8_t proto, u_int8_t transform_id) -{ - /* XXX Not yet implemented. */ - return -1; -} - -static int -isakmp_initiator(struct message *msg) -{ - if (msg->exchange->type != ISAKMP_EXCH_INFO) { - log_print("isakmp_initiator: unsupported exchange type %d " - "in phase %d", msg->exchange->type, msg->exchange->phase); - return -1; - } - return message_send_info(msg); -} - -static int -isakmp_responder(struct message *msg) -{ - struct payload *p; - - switch (msg->exchange->type) { - case ISAKMP_EXCH_INFO: - for (p = payload_first(msg, ISAKMP_PAYLOAD_NOTIFY); p; - p = TAILQ_NEXT(p, link)) { - LOG_DBG((LOG_EXCHANGE, 10, "isakmp_responder: " - "got NOTIFY of type %s, ignoring", - constant_name(isakmp_notify_cst, - GET_ISAKMP_NOTIFY_MSG_TYPE(p->p)))); - p->flags |= PL_MARK; - } - - for (p = payload_first(msg, ISAKMP_PAYLOAD_DELETE); p; - p = TAILQ_NEXT(p, link)) { - LOG_DBG((LOG_EXCHANGE, 10, - "isakmp_responder: got DELETE, ignoring")); - p->flags |= PL_MARK; - } - return 0; - -#ifdef USE_ISAKMP_CFG - case ISAKMP_EXCH_TRANSACTION: - /* return 0 isakmp_cfg_responder (msg); */ -#endif /* USE_ISAKMP_CFG */ - - default: - /* XXX So far we don't accept any proposals. */ - if (payload_first(msg, ISAKMP_PAYLOAD_SA)) { - message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, - 0, 1, 0); - return -1; - } - } - return 0; -} |