Home | History | Annotate | Download | only in racoon
      1 /*	$NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $	*/
      2 
      3 /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
      4 
      5 /*
      6  * Copyright (C) 2004 Emmanuel Dreyfus
      7  * All rights reserved.
      8  *
      9  * Redistribution and use in source and binary forms, with or without
     10  * modification, are permitted provided that the following conditions
     11  * are met:
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  * 2. Redistributions in binary form must reproduce the above copyright
     15  *    notice, this list of conditions and the following disclaimer in the
     16  *    documentation and/or other materials provided with the distribution.
     17  * 3. Neither the name of the project nor the names of its contributors
     18  *    may be used to endorse or promote products derived from this software
     19  *    without specific prior written permission.
     20  *
     21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
     22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
     25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     31  * SUCH DAMAGE.
     32  */
     33 
     34 #include "config.h"
     35 
     36 #include <sys/types.h>
     37 #include <sys/param.h>
     38 #include <sys/socket.h>
     39 #include <sys/queue.h>
     40 
     41 #include <netinet/in.h>
     42 #include <arpa/inet.h>
     43 
     44 #include <openssl/md5.h>
     45 
     46 #include <stdlib.h>
     47 #include <stdio.h>
     48 #include <fcntl.h>
     49 #include <string.h>
     50 #include <errno.h>
     51 #if TIME_WITH_SYS_TIME
     52 # include <sys/time.h>
     53 # include <time.h>
     54 #else
     55 # if HAVE_SYS_TIME_H
     56 #  include <sys/time.h>
     57 # else
     58 #  include <time.h>
     59 # endif
     60 #endif
     61 #include <netdb.h>
     62 #ifdef HAVE_UNISTD_H
     63 #include <unistd.h>
     64 #endif
     65 #include <ctype.h>
     66 
     67 #include "var.h"
     68 #include "misc.h"
     69 #include "vmbuf.h"
     70 #include "plog.h"
     71 #include "sockmisc.h"
     72 #include "schedule.h"
     73 #include "debug.h"
     74 
     75 #include "isakmp_var.h"
     76 #include "isakmp.h"
     77 #include "handler.h"
     78 #include "isakmp_frag.h"
     79 #include "strnames.h"
     80 
     81 int
     82 isakmp_sendfrags(iph1, buf)
     83 	struct ph1handle *iph1;
     84 	vchar_t *buf;
     85 {
     86 	struct isakmp *hdr;
     87 	struct isakmp_frag *fraghdr;
     88 	caddr_t data;
     89 	caddr_t sdata;
     90 	size_t datalen;
     91 	size_t max_datalen;
     92 	size_t fraglen;
     93 	vchar_t *frag;
     94 	unsigned int trailer;
     95 	unsigned int fragnum = 0;
     96 	size_t len;
     97 	int etype;
     98 
     99 	/*
    100 	 * Catch the exchange type for later: the fragments and the
    101 	 * fragmented packet must have the same exchange type.
    102 	 */
    103 	hdr = (struct isakmp *)buf->v;
    104 	etype = hdr->etype;
    105 
    106 	/*
    107 	 * We want to send a a packet smaller than ISAKMP_FRAG_MAXLEN
    108 	 * First compute the maximum data length that will fit in it
    109 	 */
    110 	max_datalen = ISAKMP_FRAG_MAXLEN -
    111 	    (sizeof(*hdr) + sizeof(*fraghdr) + sizeof(trailer));
    112 
    113 	sdata = buf->v;
    114 	len = buf->l;
    115 
    116 	while (len > 0) {
    117 		fragnum++;
    118 
    119 		if (len > max_datalen)
    120 			datalen = max_datalen;
    121 		else
    122 			datalen = len;
    123 
    124 		fraglen = sizeof(*hdr)
    125 			+ sizeof(*fraghdr)
    126 			+ datalen;
    127 
    128 		if ((frag = vmalloc(fraglen)) == NULL) {
    129 			plog(LLV_ERROR, LOCATION, NULL,
    130 			    "Cannot allocate memory\n");
    131 			return -1;
    132 		}
    133 
    134 		set_isakmp_header1(frag, iph1, ISAKMP_NPTYPE_FRAG);
    135 		hdr = (struct isakmp *)frag->v;
    136 		hdr->etype = etype;
    137 
    138 		fraghdr = (struct isakmp_frag *)(hdr + 1);
    139 		fraghdr->unknown0 = htons(0);
    140 		fraghdr->len = htons(fraglen - sizeof(*hdr));
    141 		fraghdr->unknown1 = htons(1);
    142 		fraghdr->index = fragnum;
    143 		if (len == datalen)
    144 			fraghdr->flags = ISAKMP_FRAG_LAST;
    145 		else
    146 			fraghdr->flags = 0;
    147 
    148 		data = (caddr_t)(fraghdr + 1);
    149 		memcpy(data, sdata, datalen);
    150 
    151 		if (isakmp_send(iph1, frag) < 0) {
    152 			plog(LLV_ERROR, LOCATION, NULL, "isakmp_send failed\n");
    153 			return -1;
    154 		}
    155 
    156 		vfree(frag);
    157 
    158 		len -= datalen;
    159 		sdata += datalen;
    160 	}
    161 
    162 	return fragnum;
    163 }
    164 
    165 unsigned int
    166 vendorid_frag_cap(gen)
    167 	struct isakmp_gen *gen;
    168 {
    169 	int *hp;
    170 
    171 	hp = (int *)(gen + 1);
    172 
    173 	return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
    174 }
    175 
    176 int
    177 isakmp_frag_extract(iph1, msg)
    178 	struct ph1handle *iph1;
    179 	vchar_t *msg;
    180 {
    181 	struct isakmp *isakmp;
    182 	struct isakmp_frag *frag;
    183 	struct isakmp_frag_item *item;
    184 	vchar_t *buf;
    185 	size_t len;
    186 	int last_frag = 0;
    187 	char *data;
    188 	int i;
    189 
    190 	if (msg->l < sizeof(*isakmp) + sizeof(*frag)) {
    191 		plog(LLV_ERROR, LOCATION, NULL, "Message too short\n");
    192 		return -1;
    193 	}
    194 
    195 	isakmp = (struct isakmp *)msg->v;
    196 	frag = (struct isakmp_frag *)(isakmp + 1);
    197 
    198 	/*
    199 	 * frag->len is the frag payload data plus the frag payload header,
    200 	 * whose size is sizeof(*frag)
    201 	 */
    202 	if (msg->l < sizeof(*isakmp) + ntohs(frag->len) ||
    203 	    ntohs(frag->len) < sizeof(*frag) + 1) {
    204 		plog(LLV_ERROR, LOCATION, NULL, "Fragment too short\n");
    205 		return -1;
    206 	}
    207 
    208 	if ((buf = vmalloc(ntohs(frag->len) - sizeof(*frag))) == NULL) {
    209 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
    210 		return -1;
    211 	}
    212 
    213 	if ((item = racoon_malloc(sizeof(*item))) == NULL) {
    214 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
    215 		vfree(buf);
    216 		return -1;
    217 	}
    218 
    219 	data = (char *)(frag + 1);
    220 	memcpy(buf->v, data, buf->l);
    221 
    222 	item->frag_num = frag->index;
    223 	item->frag_last = (frag->flags & ISAKMP_FRAG_LAST);
    224 	item->frag_next = NULL;
    225 	item->frag_packet = buf;
    226 
    227 	/* Look for the last frag while inserting the new item in the chain */
    228 	if (item->frag_last)
    229 		last_frag = item->frag_num;
    230 
    231 	if (iph1->frag_chain == NULL) {
    232 		iph1->frag_chain = item;
    233 	} else {
    234 		struct isakmp_frag_item *current;
    235 
    236 		current = iph1->frag_chain;
    237 		while (current->frag_next) {
    238 			if (current->frag_last)
    239 				last_frag = item->frag_num;
    240 			current = current->frag_next;
    241 		}
    242 		current->frag_next = item;
    243 	}
    244 
    245 	/* If we saw the last frag, check if the chain is complete */
    246 	if (last_frag != 0) {
    247 		for (i = 1; i <= last_frag; i++) {
    248 			item = iph1->frag_chain;
    249 			do {
    250 				if (item->frag_num == i)
    251 					break;
    252 				item = item->frag_next;
    253 			} while (item != NULL);
    254 
    255 			if (item == NULL) /* Not found */
    256 				break;
    257 		}
    258 
    259 		if (item != NULL) /* It is complete */
    260 			return 1;
    261 	}
    262 
    263 	return 0;
    264 }
    265 
    266 vchar_t *
    267 isakmp_frag_reassembly(iph1)
    268 	struct ph1handle *iph1;
    269 {
    270 	struct isakmp_frag_item *item;
    271 	size_t len = 0;
    272 	vchar_t *buf = NULL;
    273 	int frag_count = 0;
    274 	int i;
    275 	char *data;
    276 
    277 	if ((item = iph1->frag_chain) == NULL) {
    278 		plog(LLV_ERROR, LOCATION, NULL, "No fragment to reassemble\n");
    279 		goto out;
    280 	}
    281 
    282 	do {
    283 		frag_count++;
    284 		len += item->frag_packet->l;
    285 		item = item->frag_next;
    286 	} while (item != NULL);
    287 
    288 	if ((buf = vmalloc(len)) == NULL) {
    289 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
    290 		goto out;
    291 	}
    292 	data = buf->v;
    293 
    294 	for (i = 1; i <= frag_count; i++) {
    295 		item = iph1->frag_chain;
    296 		do {
    297 			if (item->frag_num == i)
    298 				break;
    299 			item = item->frag_next;
    300 		} while (item != NULL);
    301 
    302 		if (item == NULL) {
    303 			plog(LLV_ERROR, LOCATION, NULL,
    304 			    "Missing fragment #%d\n", i);
    305 			vfree(buf);
    306 			buf = NULL;
    307 			goto out;
    308 		}
    309 		memcpy(data, item->frag_packet->v, item->frag_packet->l);
    310 		data += item->frag_packet->l;
    311 	}
    312 
    313 out:
    314 	item = iph1->frag_chain;
    315 	do {
    316 		struct isakmp_frag_item *next_item;
    317 
    318 		next_item = item->frag_next;
    319 
    320 		vfree(item->frag_packet);
    321 		racoon_free(item);
    322 
    323 		item = next_item;
    324 	} while (item != NULL);
    325 
    326 	iph1->frag_chain = NULL;
    327 
    328 	return buf;
    329 }
    330 
    331 vchar_t *
    332 isakmp_frag_addcap(buf, cap)
    333 	vchar_t *buf;
    334 	int cap;
    335 {
    336 	int *capp;
    337 	size_t len;
    338 
    339 	/* If the capability has not been added, add room now */
    340 	len = buf->l;
    341 	if (len == MD5_DIGEST_LENGTH) {
    342 		if ((buf = vrealloc(buf, len + sizeof(cap))) == NULL) {
    343 			plog(LLV_ERROR, LOCATION, NULL,
    344 			    "Cannot allocate memory\n");
    345 			return NULL;
    346 		}
    347 		capp = (int *)(buf->v + len);
    348 		*capp = htonl(0);
    349 	}
    350 
    351 	capp = (int *)(buf->v + MD5_DIGEST_LENGTH);
    352 	*capp |= htonl(cap);
    353 
    354 	return buf;
    355 }
    356 
    357