12949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project/* $NetBSD: print-ah.c,v 1.4 1996/05/20 00:41:16 fvdl Exp $ */ 22949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 32949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project/* 42949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994 52949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * The Regents of the University of California. All rights reserved. 62949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * 72949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * Redistribution and use in source and binary forms, with or without 82949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * modification, are permitted provided that: (1) source code distributions 92949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * retain the above copyright notice and this paragraph in its entirety, (2) 102949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * distributions including binary code include the above copyright notice and 112949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * this paragraph in its entirety in the documentation or other materials 122949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * provided with the distribution, and (3) all advertising materials mentioning 132949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * features or use of this software display the following acknowledgement: 142949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * ``This product includes software developed by the University of California, 152949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 162949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * the University nor the names of its contributors may be used to endorse 172949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * or promote products derived from this software without specific prior 182949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * written permission. 192949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 202949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 212949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 222949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project */ 232949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 242949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifndef lint 252949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectstatic const char rcsid[] _U_ = 2653f17a9db278d33517d9888dd77848f554522a38JP Abgrall "@(#) $Header: /tcpdump/master/tcpdump/print-esp.c,v 1.58 2007-12-07 00:03:07 mcr Exp $ (LBL)"; 272949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 282949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 292949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_CONFIG_H 302949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "config.h" 312949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 322949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 332949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include <string.h> 342949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 352949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include <tcpdump-stdinc.h> 362949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 372949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include <stdlib.h> 382949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 3953f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* Any code in this file that depends on HAVE_LIBCRYPTO depends on 4053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * HAVE_OPENSSL_EVP_H too. Undefining the former when the latter isn't defined 4153f17a9db278d33517d9888dd77848f554522a38JP Abgrall * is the simplest way of handling the dependency. 4253f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 432949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_LIBCRYPTO 442949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_OPENSSL_EVP_H 452949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include <openssl/evp.h> 4653f17a9db278d33517d9888dd77848f554522a38JP Abgrall#else 4753f17a9db278d33517d9888dd77848f554522a38JP Abgrall#undef HAVE_LIBCRYPTO 482949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 492949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 502949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 512949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include <stdio.h> 522949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 532949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "ip.h" 542949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "esp.h" 552949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef INET6 562949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "ip6.h" 572949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 582949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 592949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "netdissect.h" 602949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "addrtoname.h" 612949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#include "extract.h" 622949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 632949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifndef HAVE_SOCKADDR_STORAGE 642949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef INET6 652949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectstruct sockaddr_storage { 662949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project union { 672949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_in sin; 682949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_in6 sin6; 692949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } un; 702949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project}; 712949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#else 722949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#define sockaddr_storage sockaddr 732949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 742949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif /* HAVE_SOCKADDR_STORAGE */ 752949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 762949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_LIBCRYPTO 772949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectstruct sa_list { 782949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sa_list *next; 792949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_storage daddr; 8053f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_int32_t spi; /* if == 0, then IKEv2 */ 8153f17a9db278d33517d9888dd77848f554522a38JP Abgrall int initiator; 8253f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char spii[8]; /* for IKEv2 */ 8353f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char spir[8]; 842949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project const EVP_CIPHER *evp; 852949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int ivlen; 862949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int authlen; 8753f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char authsecret[256]; 8853f17a9db278d33517d9888dd77848f554522a38JP Abgrall int authsecret_len; 892949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project u_char secret[256]; /* is that big enough for all secrets? */ 902949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int secretlen; 912949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project}; 922949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 9353f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 9453f17a9db278d33517d9888dd77848f554522a38JP Abgrall * this will adjust ndo_packetp and ndo_snapend to new buffer! 9553f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 9653f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_DEPRECATED_API 9753f17a9db278d33517d9888dd77848f554522a38JP Abgrallint esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, 9853f17a9db278d33517d9888dd77848f554522a38JP Abgrall int initiator, 9953f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char spii[8], u_char spir[8], 10053f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char *buf, u_char *end) 10153f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 10253f17a9db278d33517d9888dd77848f554522a38JP Abgrall struct sa_list *sa; 10353f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char *iv; 10453f17a9db278d33517d9888dd77848f554522a38JP Abgrall int len; 10553f17a9db278d33517d9888dd77848f554522a38JP Abgrall EVP_CIPHER_CTX ctx; 10653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 10753f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* initiator arg is any non-zero value */ 10853f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(initiator) initiator=1; 10953f17a9db278d33517d9888dd77848f554522a38JP Abgrall 11053f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* see if we can find the SA, and if so, decode it */ 11153f17a9db278d33517d9888dd77848f554522a38JP Abgrall for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { 11253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (sa->spi == 0 11353f17a9db278d33517d9888dd77848f554522a38JP Abgrall && initiator == sa->initiator 11453f17a9db278d33517d9888dd77848f554522a38JP Abgrall && memcmp(spii, sa->spii, 8) == 0 11553f17a9db278d33517d9888dd77848f554522a38JP Abgrall && memcmp(spir, sa->spir, 8) == 0) 11653f17a9db278d33517d9888dd77848f554522a38JP Abgrall break; 11753f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 11853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 11953f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(sa == NULL) return 0; 12053f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(sa->evp == NULL) return 0; 12153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 12253f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* 12353f17a9db278d33517d9888dd77848f554522a38JP Abgrall * remove authenticator, and see if we still have something to 12453f17a9db278d33517d9888dd77848f554522a38JP Abgrall * work with 12553f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 12653f17a9db278d33517d9888dd77848f554522a38JP Abgrall end = end - sa->authlen; 12753f17a9db278d33517d9888dd77848f554522a38JP Abgrall iv = buf; 12853f17a9db278d33517d9888dd77848f554522a38JP Abgrall buf = buf + sa->ivlen; 12953f17a9db278d33517d9888dd77848f554522a38JP Abgrall len = end-buf; 13053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 13153f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(end <= buf) return 0; 13253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 13353f17a9db278d33517d9888dd77848f554522a38JP Abgrall memset(&ctx, 0, sizeof(ctx)); 13453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (EVP_CipherInit(&ctx, sa->evp, sa->secret, NULL, 0) < 0) 13553f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "espkey init failed"); 13653f17a9db278d33517d9888dd77848f554522a38JP Abgrall EVP_CipherInit(&ctx, NULL, NULL, iv, 0); 13753f17a9db278d33517d9888dd77848f554522a38JP Abgrall EVP_Cipher(&ctx, buf, buf, len); 13853f17a9db278d33517d9888dd77848f554522a38JP Abgrall EVP_CIPHER_CTX_cleanup(&ctx); 13953f17a9db278d33517d9888dd77848f554522a38JP Abgrall 14053f17a9db278d33517d9888dd77848f554522a38JP Abgrall ndo->ndo_packetp = buf; 14153f17a9db278d33517d9888dd77848f554522a38JP Abgrall ndo->ndo_snapend = end; 14253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 14353f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 1; 14453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 14553f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 14653f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_RST 14753f17a9db278d33517d9888dd77848f554522a38JP Abgrall 1482949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectstatic void esp_print_addsa(netdissect_options *ndo, 1492949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sa_list *sa, int sa_def) 1502949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project{ 1512949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* copy the "sa" */ 1522949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1532949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sa_list *nsa; 1542949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1552949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project nsa = (struct sa_list *)malloc(sizeof(struct sa_list)); 1562949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (nsa == NULL) 1572949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_error)(ndo, "ran out of memory to allocate sa structure"); 1582949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1592949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project *nsa = *sa; 1602949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1612949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (sa_def) 1622949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ndo->ndo_sa_default = nsa; 1632949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1642949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project nsa->next = ndo->ndo_sa_list_head; 1652949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ndo->ndo_sa_list_head = nsa; 1662949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project} 1672949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1682949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1692949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectstatic u_int hexdigit(netdissect_options *ndo, char hex) 1702949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project{ 1712949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (hex >= '0' && hex <= '9') 1722949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return (hex - '0'); 1732949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project else if (hex >= 'A' && hex <= 'F') 1742949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return (hex - 'A' + 10); 1752949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project else if (hex >= 'a' && hex <= 'f') 1762949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return (hex - 'a' + 10); 1772949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project else { 1782949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_error)(ndo, "invalid hex digit %c in espsecret\n", hex); 1792949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return 0; 1802949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 1812949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project} 1822949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1832949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectstatic u_int hex2byte(netdissect_options *ndo, char *hexstring) 1842949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project{ 1852949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project u_int byte; 1862949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1872949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project byte = (hexdigit(ndo, hexstring[0]) << 4) + hexdigit(ndo, hexstring[1]); 1882949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return byte; 1892949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project} 1902949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 1912949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project/* 19253f17a9db278d33517d9888dd77848f554522a38JP Abgrall * returns size of binary, 0 on failure. 19353f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 19453f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic 19553f17a9db278d33517d9888dd77848f554522a38JP Abgrallint espprint_decode_hex(netdissect_options *ndo, 19653f17a9db278d33517d9888dd77848f554522a38JP Abgrall u_char *binbuf, unsigned int binbuf_len, 19753f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *hex) 19853f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 19953f17a9db278d33517d9888dd77848f554522a38JP Abgrall unsigned int len; 20053f17a9db278d33517d9888dd77848f554522a38JP Abgrall int i; 20153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 20253f17a9db278d33517d9888dd77848f554522a38JP Abgrall len = strlen(hex) / 2; 20353f17a9db278d33517d9888dd77848f554522a38JP Abgrall 20453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (len > binbuf_len) { 20553f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "secret is too big: %d\n", len); 20653f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 0; 20753f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 20853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 20953f17a9db278d33517d9888dd77848f554522a38JP Abgrall i = 0; 21053f17a9db278d33517d9888dd77848f554522a38JP Abgrall while (hex[0] != '\0' && hex[1]!='\0') { 21153f17a9db278d33517d9888dd77848f554522a38JP Abgrall binbuf[i] = hex2byte(ndo, hex); 21253f17a9db278d33517d9888dd77848f554522a38JP Abgrall hex += 2; 21353f17a9db278d33517d9888dd77848f554522a38JP Abgrall i++; 21453f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 21553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 21653f17a9db278d33517d9888dd77848f554522a38JP Abgrall return i; 21753f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 21853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 21953f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 2202949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * decode the form: SPINUM@IP <tab> ALGONAME:0xsecret 22153f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 22253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 22353f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_DEPRECATED_API 22453f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic int 22553f17a9db278d33517d9888dd77848f554522a38JP Abgrallespprint_decode_encalgo(netdissect_options *ndo, 22653f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *decode, struct sa_list *sa) 22753f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 22853f17a9db278d33517d9888dd77848f554522a38JP Abgrall size_t i; 22953f17a9db278d33517d9888dd77848f554522a38JP Abgrall const EVP_CIPHER *evp; 23053f17a9db278d33517d9888dd77848f554522a38JP Abgrall int authlen = 0; 23153f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *colon, *p; 23253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 23353f17a9db278d33517d9888dd77848f554522a38JP Abgrall colon = strchr(decode, ':'); 23453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (colon == NULL) { 23553f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "failed to decode espsecret: %s\n", decode); 23653f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 0; 23753f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 23853f17a9db278d33517d9888dd77848f554522a38JP Abgrall *colon = '\0'; 23953f17a9db278d33517d9888dd77848f554522a38JP Abgrall 24053f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (strlen(decode) > strlen("-hmac96") && 24153f17a9db278d33517d9888dd77848f554522a38JP Abgrall !strcmp(decode + strlen(decode) - strlen("-hmac96"), 24253f17a9db278d33517d9888dd77848f554522a38JP Abgrall "-hmac96")) { 24353f17a9db278d33517d9888dd77848f554522a38JP Abgrall p = strstr(decode, "-hmac96"); 24453f17a9db278d33517d9888dd77848f554522a38JP Abgrall *p = '\0'; 24553f17a9db278d33517d9888dd77848f554522a38JP Abgrall authlen = 12; 24653f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 24753f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (strlen(decode) > strlen("-cbc") && 24853f17a9db278d33517d9888dd77848f554522a38JP Abgrall !strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) { 24953f17a9db278d33517d9888dd77848f554522a38JP Abgrall p = strstr(decode, "-cbc"); 25053f17a9db278d33517d9888dd77848f554522a38JP Abgrall *p = '\0'; 25153f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 25253f17a9db278d33517d9888dd77848f554522a38JP Abgrall evp = EVP_get_cipherbyname(decode); 25353f17a9db278d33517d9888dd77848f554522a38JP Abgrall 25453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (!evp) { 25553f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "failed to find cipher algo %s\n", decode); 25653f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->evp = NULL; 25753f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->authlen = 0; 25853f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->ivlen = 0; 25953f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 0; 26053f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 26153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 26253f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->evp = evp; 26353f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->authlen = authlen; 26453f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->ivlen = EVP_CIPHER_iv_length(evp); 26553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 26653f17a9db278d33517d9888dd77848f554522a38JP Abgrall colon++; 26753f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (colon[0] == '0' && colon[1] == 'x') { 26853f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* decode some hex! */ 26953f17a9db278d33517d9888dd77848f554522a38JP Abgrall 27053f17a9db278d33517d9888dd77848f554522a38JP Abgrall colon += 2; 27153f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->secretlen = espprint_decode_hex(ndo, sa->secret, sizeof(sa->secret), colon); 27253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(sa->secretlen == 0) return 0; 27353f17a9db278d33517d9888dd77848f554522a38JP Abgrall } else { 27453f17a9db278d33517d9888dd77848f554522a38JP Abgrall i = strlen(colon); 27553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 27653f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (i < sizeof(sa->secret)) { 27753f17a9db278d33517d9888dd77848f554522a38JP Abgrall memcpy(sa->secret, colon, i); 27853f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->secretlen = i; 27953f17a9db278d33517d9888dd77848f554522a38JP Abgrall } else { 28053f17a9db278d33517d9888dd77848f554522a38JP Abgrall memcpy(sa->secret, colon, sizeof(sa->secret)); 28153f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->secretlen = sizeof(sa->secret); 28253f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 28353f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 28453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 28553f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 1; 28653f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 28753f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_RST 28853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 28953f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 29053f17a9db278d33517d9888dd77848f554522a38JP Abgrall * for the moment, ignore the auth algorith, just hard code the authenticator 29153f17a9db278d33517d9888dd77848f554522a38JP Abgrall * length. Need to research how openssl looks up HMAC stuff. 29253f17a9db278d33517d9888dd77848f554522a38JP Abgrall */ 29353f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic int 29453f17a9db278d33517d9888dd77848f554522a38JP Abgrallespprint_decode_authalgo(netdissect_options *ndo, 29553f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *decode, struct sa_list *sa) 29653f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 29753f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *colon; 29853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 29953f17a9db278d33517d9888dd77848f554522a38JP Abgrall colon = strchr(decode, ':'); 30053f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (colon == NULL) { 30153f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "failed to decode espsecret: %s\n", decode); 30253f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 0; 30353f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 30453f17a9db278d33517d9888dd77848f554522a38JP Abgrall *colon = '\0'; 30553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 30653f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(strcasecmp(colon,"sha1") == 0 || 30753f17a9db278d33517d9888dd77848f554522a38JP Abgrall strcasecmp(colon,"md5") == 0) { 30853f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa->authlen = 12; 30953f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 31053f17a9db278d33517d9888dd77848f554522a38JP Abgrall return 1; 31153f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 31253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 31353f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic void esp_print_decode_ikeline(netdissect_options *ndo, char *line, 31453f17a9db278d33517d9888dd77848f554522a38JP Abgrall const char *file, int lineno) 31553f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 31653f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* it's an IKEv2 secret, store it instead */ 31753f17a9db278d33517d9888dd77848f554522a38JP Abgrall struct sa_list sa1; 31853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 31953f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *init; 32053f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *icookie, *rcookie; 32153f17a9db278d33517d9888dd77848f554522a38JP Abgrall int ilen, rlen; 32253f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *authkey; 32353f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *enckey; 32453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 32553f17a9db278d33517d9888dd77848f554522a38JP Abgrall init = strsep(&line, " \t"); 32653f17a9db278d33517d9888dd77848f554522a38JP Abgrall icookie = strsep(&line, " \t"); 32753f17a9db278d33517d9888dd77848f554522a38JP Abgrall rcookie = strsep(&line, " \t"); 32853f17a9db278d33517d9888dd77848f554522a38JP Abgrall authkey = strsep(&line, " \t"); 32953f17a9db278d33517d9888dd77848f554522a38JP Abgrall enckey = strsep(&line, " \t"); 33053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 33153f17a9db278d33517d9888dd77848f554522a38JP Abgrall /* if any fields are missing */ 33253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(!init || !icookie || !rcookie || !authkey || !enckey) { 33353f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "print_esp: failed to find all fields for ikev2 at %s:%u", 33453f17a9db278d33517d9888dd77848f554522a38JP Abgrall file, lineno); 33553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 33653f17a9db278d33517d9888dd77848f554522a38JP Abgrall return; 33753f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 33853f17a9db278d33517d9888dd77848f554522a38JP Abgrall 33953f17a9db278d33517d9888dd77848f554522a38JP Abgrall ilen = strlen(icookie); 34053f17a9db278d33517d9888dd77848f554522a38JP Abgrall rlen = strlen(rcookie); 34153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 34253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if((init[0]!='I' && init[0]!='R') 34353f17a9db278d33517d9888dd77848f554522a38JP Abgrall || icookie[0]!='0' || icookie[1]!='x' 34453f17a9db278d33517d9888dd77848f554522a38JP Abgrall || rcookie[0]!='0' || rcookie[1]!='x' 34553f17a9db278d33517d9888dd77848f554522a38JP Abgrall || ilen!=18 34653f17a9db278d33517d9888dd77848f554522a38JP Abgrall || rlen!=18) { 34753f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "print_esp: line %s:%u improperly formatted.", 34853f17a9db278d33517d9888dd77848f554522a38JP Abgrall file, lineno); 34953f17a9db278d33517d9888dd77848f554522a38JP Abgrall 35053f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "init=%s icookie=%s(%u) rcookie=%s(%u)", 35153f17a9db278d33517d9888dd77848f554522a38JP Abgrall init, icookie, ilen, rcookie, rlen); 35253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 35353f17a9db278d33517d9888dd77848f554522a38JP Abgrall return; 35453f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 35553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 35653f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa1.spi = 0; 35753f17a9db278d33517d9888dd77848f554522a38JP Abgrall sa1.initiator = (init[0] == 'I'); 35853f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(espprint_decode_hex(ndo, sa1.spii, sizeof(sa1.spii), icookie+2)!=8) 35953f17a9db278d33517d9888dd77848f554522a38JP Abgrall return; 36053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 36153f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(espprint_decode_hex(ndo, sa1.spir, sizeof(sa1.spir), rcookie+2)!=8) 36253f17a9db278d33517d9888dd77848f554522a38JP Abgrall return; 36353f17a9db278d33517d9888dd77848f554522a38JP Abgrall 36453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(!espprint_decode_encalgo(ndo, enckey, &sa1)) return; 36553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 36653f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(!espprint_decode_authalgo(ndo, authkey, &sa1)) return; 36753f17a9db278d33517d9888dd77848f554522a38JP Abgrall 36853f17a9db278d33517d9888dd77848f554522a38JP Abgrall esp_print_addsa(ndo, &sa1, FALSE); 36953f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 37053f17a9db278d33517d9888dd77848f554522a38JP Abgrall 37153f17a9db278d33517d9888dd77848f554522a38JP Abgrall/* 3722949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * 3732949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * special form: file /name 3742949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * causes us to go read from this file instead. 3752949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * 3762949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project */ 37753f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic void esp_print_decode_onesecret(netdissect_options *ndo, char *line, 37853f17a9db278d33517d9888dd77848f554522a38JP Abgrall const char *file, int lineno) 3792949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project{ 3802949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sa_list sa1; 3812949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int sa_def; 3822949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 3832949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char *spikey; 3842949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char *decode; 3852949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 3862949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project spikey = strsep(&line, " \t"); 3872949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sa_def = 0; 3882949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project memset(&sa1, 0, sizeof(struct sa_list)); 3892949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 3902949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* if there is only one token, then it is an algo:key token */ 3912949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (line == NULL) { 3922949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project decode = spikey; 3932949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project spikey = NULL; 3942949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* memset(&sa1.daddr, 0, sizeof(sa1.daddr)); */ 3952949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* sa1.spi = 0; */ 3962949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sa_def = 1; 3972949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } else 3982949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project decode = line; 3992949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 4002949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (spikey && strcasecmp(spikey, "file") == 0) { 4012949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* open file and read it */ 4022949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project FILE *secretfile; 4032949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char fileline[1024]; 40453f17a9db278d33517d9888dd77848f554522a38JP Abgrall int lineno=0; 4052949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char *nl; 40653f17a9db278d33517d9888dd77848f554522a38JP Abgrall char *filename = line; 4072949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 40853f17a9db278d33517d9888dd77848f554522a38JP Abgrall secretfile = fopen(filename, FOPEN_READ_TXT); 4092949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (secretfile == NULL) { 41053f17a9db278d33517d9888dd77848f554522a38JP Abgrall perror(filename); 4112949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project exit(3); 4122949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 4132949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 4142949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project while (fgets(fileline, sizeof(fileline)-1, secretfile) != NULL) { 41553f17a9db278d33517d9888dd77848f554522a38JP Abgrall lineno++; 4162949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* remove newline from the line */ 4172949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project nl = strchr(fileline, '\n'); 4182949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (nl) 4192949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project *nl = '\0'; 4202949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (fileline[0] == '#') continue; 4212949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (fileline[0] == '\0') continue; 4222949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 42353f17a9db278d33517d9888dd77848f554522a38JP Abgrall esp_print_decode_onesecret(ndo, fileline, filename, lineno); 4242949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 4252949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project fclose(secretfile); 4262949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 4272949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return; 4282949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 4292949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 43053f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (spikey && strcasecmp(spikey, "ikev2") == 0) { 43153f17a9db278d33517d9888dd77848f554522a38JP Abgrall esp_print_decode_ikeline(ndo, line, file, lineno); 43253f17a9db278d33517d9888dd77848f554522a38JP Abgrall return; 43353f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 43453f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4352949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (spikey) { 43653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4372949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char *spistr, *foo; 4382949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project u_int32_t spino; 4392949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_in *sin; 4402949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef INET6 4412949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_in6 *sin6; 4422949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 44353f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4442949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project spistr = strsep(&spikey, "@"); 44553f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4462949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project spino = strtoul(spistr, &foo, 0); 4472949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (spistr == foo || !spikey) { 4482949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_warning)(ndo, "print_esp: failed to decode spi# %s\n", foo); 4492949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return; 4502949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 45153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4522949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sa1.spi = spino; 45353f17a9db278d33517d9888dd77848f554522a38JP Abgrall 4542949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sin = (struct sockaddr_in *)&sa1.daddr; 4552949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef INET6 4562949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sin6 = (struct sockaddr_in6 *)&sa1.daddr; 4572949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (inet_pton(AF_INET6, spikey, &sin6->sin6_addr) == 1) { 4582949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_SOCKADDR_SA_LEN 4592949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sin6->sin6_len = sizeof(struct sockaddr_in6); 4602949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 4612949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sin6->sin6_family = AF_INET6; 4622949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } else 4632949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 46453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (inet_pton(AF_INET, spikey, &sin->sin_addr) == 1) { 4652949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_SOCKADDR_SA_LEN 46653f17a9db278d33517d9888dd77848f554522a38JP Abgrall sin->sin_len = sizeof(struct sockaddr_in); 4672949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 46853f17a9db278d33517d9888dd77848f554522a38JP Abgrall sin->sin_family = AF_INET; 46953f17a9db278d33517d9888dd77848f554522a38JP Abgrall } else { 47053f17a9db278d33517d9888dd77848f554522a38JP Abgrall (*ndo->ndo_warning)(ndo, "print_esp: can not decode IP# %s\n", spikey); 47153f17a9db278d33517d9888dd77848f554522a38JP Abgrall return; 47253f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 4732949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 4742949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 4752949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (decode) { 4762949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* skip any blank spaces */ 4772949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project while (isspace((unsigned char)*decode)) 4782949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project decode++; 47953f17a9db278d33517d9888dd77848f554522a38JP Abgrall 48053f17a9db278d33517d9888dd77848f554522a38JP Abgrall if(!espprint_decode_encalgo(ndo, decode, &sa1)) { 4812949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return; 4822949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 4832949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 4842949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 4852949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project esp_print_addsa(ndo, &sa1, sa_def); 4862949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project} 4872949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 48853f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_DEPRECATED_API 48953f17a9db278d33517d9888dd77848f554522a38JP Abgrallstatic void esp_init(netdissect_options *ndo _U_) 49053f17a9db278d33517d9888dd77848f554522a38JP Abgrall{ 49153f17a9db278d33517d9888dd77848f554522a38JP Abgrall 49253f17a9db278d33517d9888dd77848f554522a38JP Abgrall OpenSSL_add_all_algorithms(); 49353f17a9db278d33517d9888dd77848f554522a38JP Abgrall EVP_add_cipher_alias(SN_des_ede3_cbc, "3des"); 49453f17a9db278d33517d9888dd77848f554522a38JP Abgrall} 49553f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_RST 49653f17a9db278d33517d9888dd77848f554522a38JP Abgrall 49753f17a9db278d33517d9888dd77848f554522a38JP Abgrallvoid esp_print_decodesecret(netdissect_options *ndo) 4982949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project{ 4992949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char *line; 5002949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project char *p; 50153f17a9db278d33517d9888dd77848f554522a38JP Abgrall static int initialized = 0; 50253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 50353f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (!initialized) { 50453f17a9db278d33517d9888dd77848f554522a38JP Abgrall esp_init(ndo); 50553f17a9db278d33517d9888dd77848f554522a38JP Abgrall initialized = 1; 50653f17a9db278d33517d9888dd77848f554522a38JP Abgrall } 5072949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5082949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project p = ndo->ndo_espsecret; 5092949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 51053f17a9db278d33517d9888dd77848f554522a38JP Abgrall while (p && p[0] != '\0') { 5112949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* pick out the first line or first thing until a comma */ 51253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if ((line = strsep(&p, "\n,")) == NULL) { 51353f17a9db278d33517d9888dd77848f554522a38JP Abgrall line = p; 51453f17a9db278d33517d9888dd77848f554522a38JP Abgrall p = NULL; 5152949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 5162949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 51753f17a9db278d33517d9888dd77848f554522a38JP Abgrall esp_print_decode_onesecret(ndo, line, "cmdline", 0); 5182949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 5192949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 52053f17a9db278d33517d9888dd77848f554522a38JP Abgrall ndo->ndo_espsecret = NULL; 5212949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project} 52253f17a9db278d33517d9888dd77848f554522a38JP Abgrall 5232949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5242949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 52553f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifdef HAVE_LIBCRYPTO 52653f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_DEPRECATED_API 52753f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 5282949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectint 5292949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectesp_print(netdissect_options *ndo, 5302949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project const u_char *bp, const int length, const u_char *bp2 5312949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifndef HAVE_LIBCRYPTO 5322949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project _U_ 5332949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5342949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project , 5352949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int *nhdr 5362949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifndef HAVE_LIBCRYPTO 5372949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project _U_ 5382949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5392949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project , 5402949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int *padlen 5412949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifndef HAVE_LIBCRYPTO 5422949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project _U_ 5432949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5442949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ) 5452949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project{ 5462949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project register const struct newesp *esp; 5472949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project register const u_char *ep; 5482949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_LIBCRYPTO 5492949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct ip *ip; 5502949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sa_list *sa = NULL; 5512949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef INET6 5522949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct ip6_hdr *ip6 = NULL; 5532949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5542949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int advance; 5552949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int len; 5562949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project u_char *secret; 5572949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project int ivlen = 0; 5582949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project u_char *ivoff; 5592949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project u_char *p; 5602949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project EVP_CIPHER_CTX ctx; 5612949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5622949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5632949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project esp = (struct newesp *)bp; 5642949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5652949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef HAVE_LIBCRYPTO 5662949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project secret = NULL; 5672949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project advance = 0; 5682949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5692949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5702949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#if 0 5712949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* keep secret out of a register */ 5722949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project p = (u_char *)&secret; 5732949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 5742949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5752949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* 'ep' points to the end of available data. */ 5762949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ep = ndo->ndo_snapend; 5772949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5782949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if ((u_char *)(esp + 1) >= ep) { 5792949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project fputs("[|ESP]", stdout); 5802949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 5812949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 5822949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_printf)(ndo, "ESP(spi=0x%08x", EXTRACT_32BITS(&esp->esp_spi)); 5832949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_printf)(ndo, ",seq=0x%x)", EXTRACT_32BITS(&esp->esp_seq)); 5842949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_printf)(ndo, ", length %u", length); 5852949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5862949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifndef HAVE_LIBCRYPTO 5872949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 5882949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#else 5892949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* initiailize SAs */ 5902949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (ndo->ndo_sa_list_head == NULL) { 5912949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (!ndo->ndo_espsecret) 5922949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 5932949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5942949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project esp_print_decodesecret(ndo); 5952949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 5962949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 5972949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (ndo->ndo_sa_list_head == NULL) 5982949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 5992949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6002949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ip = (struct ip *)bp2; 6012949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project switch (IP_V(ip)) { 6022949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#ifdef INET6 6032949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project case 6: 6042949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ip6 = (struct ip6_hdr *)bp2; 6052949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* we do not attempt to decrypt jumbograms */ 6062949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (!EXTRACT_16BITS(&ip6->ip6_plen)) 6072949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 6082949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* if we can't get nexthdr, we do not need to decrypt it */ 6092949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project len = sizeof(struct ip6_hdr) + EXTRACT_16BITS(&ip6->ip6_plen); 6102949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6112949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* see if we can find the SA, and if so, decode it */ 6122949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { 6132949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&sa->daddr; 61453f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (sa->spi == EXTRACT_32BITS(&esp->esp_spi) && 6152949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sin6->sin6_family == AF_INET6 && 61653f17a9db278d33517d9888dd77848f554522a38JP Abgrall UNALIGNED_MEMCMP(&sin6->sin6_addr, &ip6->ip6_dst, 6172949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sizeof(struct in6_addr)) == 0) { 6182949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project break; 6192949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 6202949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 6212949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project break; 6222949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif /*INET6*/ 6232949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project case 4: 6242949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* nexthdr & padding are in the last fragment */ 6252949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (EXTRACT_16BITS(&ip->ip_off) & IP_MF) 6262949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 6272949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project len = EXTRACT_16BITS(&ip->ip_len); 6282949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6292949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* see if we can find the SA, and if so, decode it */ 6302949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { 6312949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project struct sockaddr_in *sin = (struct sockaddr_in *)&sa->daddr; 63253f17a9db278d33517d9888dd77848f554522a38JP Abgrall if (sa->spi == EXTRACT_32BITS(&esp->esp_spi) && 6332949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sin->sin_family == AF_INET && 63453f17a9db278d33517d9888dd77848f554522a38JP Abgrall UNALIGNED_MEMCMP(&sin->sin_addr, &ip->ip_dst, 63553f17a9db278d33517d9888dd77848f554522a38JP Abgrall sizeof(struct in_addr)) == 0) { 6362949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project break; 6372949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 6382949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 6392949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project break; 6402949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project default: 6412949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 6422949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 6432949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6442949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* if we didn't find the specific one, then look for 6452949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * an unspecified one. 6462949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project */ 6472949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (sa == NULL) 6482949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project sa = ndo->ndo_sa_default; 6492949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6502949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* if not found fail */ 6512949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (sa == NULL) 6522949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 6532949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6542949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* if we can't get nexthdr, we do not need to decrypt it */ 6552949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (ep - bp2 < len) 6562949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 6572949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (ep - bp2 > len) { 6582949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* FCS included at end of frame (NetBSD 1.6 or later) */ 6592949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ep = bp2 + len; 6602949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } 6612949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6622949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ivoff = (u_char *)(esp + 1) + 0; 6632949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ivlen = sa->ivlen; 6642949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project secret = sa->secret; 6652949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project ep = ep - sa->authlen; 6662949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6672949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (sa->evp) { 6682949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project memset(&ctx, 0, sizeof(ctx)); 6692949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (EVP_CipherInit(&ctx, sa->evp, secret, NULL, 0) < 0) 6702949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (*ndo->ndo_warning)(ndo, "espkey init failed"); 6712949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6722949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project p = ivoff; 6732949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project EVP_CipherInit(&ctx, NULL, NULL, p, 0); 6742949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project EVP_Cipher(&ctx, p + ivlen, p + ivlen, ep - (p + ivlen)); 67553f17a9db278d33517d9888dd77848f554522a38JP Abgrall EVP_CIPHER_CTX_cleanup(&ctx); 6762949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project advance = ivoff - (u_char *)esp + ivlen; 6772949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project } else 6782949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project advance = sizeof(struct newesp); 6792949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6802949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project /* sanity check for pad length */ 6812949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (ep - bp < *(ep - 2)) 6822949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project goto fail; 6832949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6842949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (padlen) 6852949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project *padlen = *(ep - 2) + 2; 6862949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6872949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project if (nhdr) 6882949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project *nhdr = *(ep - 1); 6892949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6902949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project (ndo->ndo_printf)(ndo, ": "); 6912949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return advance; 6922949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project#endif 6932949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 6942949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Projectfail: 6952949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project return -1; 6962949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project} 69753f17a9db278d33517d9888dd77848f554522a38JP Abgrall#ifdef HAVE_LIBCRYPTO 69853f17a9db278d33517d9888dd77848f554522a38JP AbgrallUSES_APPLE_RST 69953f17a9db278d33517d9888dd77848f554522a38JP Abgrall#endif 7002949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project 7012949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project/* 7022949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * Local Variables: 7032949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * c-style: whitesmith 7042949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * c-basic-offset: 8 7052949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project * End: 7062949f58a438f6fd85f66a8b7ed4708042cde4b37The Android Open Source Project */ 707