inline uint64_t GlzDecoder::decode_64()
{
uint64_t long_word = decode_32();
long_word <<= 32;
long_word |= decode_32();
return long_word;
}
/*
* Print phase 1 specific information.
*/
static void
report_phase1(FILE *fd, struct sa *sa)
{
/* Cookies. */
fprintf(fd, "icookie %08x%08x rcookie %08x%08x\n",
decode_32(sa->cookies), decode_32(sa->cookies + 4),
decode_32(sa->cookies + 8), decode_32(sa->cookies + 12));
}
/* Validate an attribute. Return 0 on match. */
static int
sa_validate_xf_attrs(u_int16_t type, u_int8_t *value, u_int16_t len,
void *arg)
{
int val0, val1;
struct attr_validation_state *avs =
(struct attr_validation_state *)arg;
LOG_DBG((LOG_SA, 95, "sa_validate_xf_attrs: phase %d mode %d type %d "
"len %d", avs->phase, avs->mode, type, len));
/* Make sure the phase and type are valid. */
if (avs->phase == 1) {
if (type < IKE_ATTR_ENCRYPTION_ALGORITHM ||
type > IKE_ATTR_BLOCK_SIZE)
return 1;
} else if (avs->phase == 2) {
if (type < IPSEC_ATTR_SA_LIFE_TYPE ||
type > IPSEC_ATTR_ECN_TUNNEL)
return 1;
} else
return 1;
if (avs->mode == 0) { /* Load attrs. */
avs->attrp[type] = value;
avs->len[type] = len;
return 0;
}
/* Checking for a missing attribute is an immediate failure. */
if (!avs->attrp[type])
return 1;
/* Match the loaded attribute against this one, mark it as checked. */
avs->checked[type]++;
switch (len) {
case 2:
val0 = (int)decode_16(value);
break;
case 4:
val0 = (int)decode_32(value);
break;
default:
return 1;
}
switch (avs->len[type]) {
case 2:
val1 = (int)decode_16(avs->attrp[type]);
break;
case 4:
val1 = (int)decode_32(avs->attrp[type]);
break;
default:
return 1;
}
/* Return 0 when the values are equal. */
return (val0 != val1);
}
/*
* Dump the internal state of SA to the report channel, with HEADER
* prepended to each line.
*/
void
sa_dump(int cls, int level, char *header, struct sa *sa)
{
struct proto *proto;
char spi_header[80];
int i;
LOG_DBG((cls, level, "%s: %p %s phase %d doi %d flags 0x%x", header,
sa, sa->name ? sa->name : "<unnamed>", sa->phase, sa->doi->id,
sa->flags));
LOG_DBG((cls, level, "%s: icookie %08x%08x rcookie %08x%08x", header,
decode_32(sa->cookies), decode_32(sa->cookies + 4),
decode_32(sa->cookies + 8), decode_32(sa->cookies + 12)));
LOG_DBG((cls, level, "%s: msgid %08x refcnt %d", header,
decode_32(sa->message_id), sa->refcnt));
LOG_DBG((cls, level, "%s: life secs %llu kb %llu", header, sa->seconds,
sa->kilobytes));
for (proto = TAILQ_FIRST(&sa->protos); proto;
proto = TAILQ_NEXT(proto, link)) {
LOG_DBG((cls, level, "%s: suite %d proto %d", header,
proto->no, proto->proto));
LOG_DBG((cls, level,
"%s: spi_sz[0] %d spi[0] %p spi_sz[1] %d spi[1] %p",
header, proto->spi_sz[0], proto->spi[0], proto->spi_sz[1],
proto->spi[1]));
LOG_DBG((cls, level, "%s: %s, %s", header,
!sa->doi ? "<nodoi>" :
sa->doi->decode_ids("initiator id: %s, responder id: %s",
sa->id_i, sa->id_i_len,
sa->id_r, sa->id_r_len, 0),
!sa->transport ? "<no transport>" :
sa->transport->vtbl->decode_ids(sa->transport)));
for (i = 0; i < 2; i++)
if (proto->spi[i]) {
snprintf(spi_header, sizeof spi_header,
"%s: spi[%d]", header, i);
LOG_DBG_BUF((cls, level, spi_header,
proto->spi[i], proto->spi_sz[i]));
}
}
}
void GlzDecoder::decode_header()
{
uint32_t magic;
int version;
uint8_t tmp;
int stride;
magic = decode_32();
if (magic != LZ_MAGIC) {
_debug_calls.warn(std::string("bad magic\n"));
}
version = decode_32();
if (version != LZ_VERSION) {
_debug_calls.warn(std::string("bad version\n"));
}
tmp = *(_in_now++);
_image.type = (LzImageType)(tmp & LZ_IMAGE_TYPE_MASK);
_image.top_down = (tmp >> LZ_IMAGE_TYPE_LOG) ? true : false;
_image.width = decode_32();
_image.height = decode_32();
stride = decode_32();
if (IS_IMAGE_TYPE_PLT[_image.type]) {
_image.gross_pixels = stride * PLT_PIXELS_PER_BYTE[_image.type] * _image.height;
} else {
_image.gross_pixels = _image.width * _image.height;
}
_image.id = decode_64();
_image.win_head_dist = decode_32();
}
/*
* Convert the unsigned LEN-sized number at BUF of network byteorder to a
* 32-bit unsigned integer of host byteorder pointed to by VAL.
*/
static int
extract_val(u_int8_t *buf, size_t len, u_int32_t *val)
{
switch (len) {
case 1:
*val = *buf;
break;
case 2:
*val = decode_16(buf);
break;
case 4:
*val = decode_32(buf);
break;
default:
return -1;
}
return 0;
}
/*
* Look at the attribute of type TYPE, located at VALUE for LEN bytes forward.
* The VVS argument holds a validation state kept across invocations.
* If the attribute is unacceptable to use, return non-zero, otherwise zero.
*/
static int
attribute_unacceptable (u_int16_t type, u_int8_t *value, u_int16_t len,
void *vvs)
{
struct validation_state *vs = vvs;
struct conf_list *life_conf;
struct conf_list_node *xf = vs->xf, *life;
char *tag = constant_lookup (ike_attr_cst, type);
char *str;
struct constant_map *map;
struct attr_node *node;
int rv;
if (!tag)
{
LOG_DBG ((LOG_NEGOTIATION, 60,
"attribute_unacceptable: attribute type %d not known", type));
return 1;
}
switch (type)
{
case IKE_ATTR_ENCRYPTION_ALGORITHM:
case IKE_ATTR_HASH_ALGORITHM:
case IKE_ATTR_AUTHENTICATION_METHOD:
case IKE_ATTR_GROUP_DESCRIPTION:
case IKE_ATTR_GROUP_TYPE:
case IKE_ATTR_PRF:
str = conf_get_str (xf->field, tag);
if (!str)
{
/* This attribute does not exist in this policy. */
LOG_DBG ((LOG_NEGOTIATION, 70,
"attribute_unacceptable: attr %s does not exist in %s",
tag, xf->field));
return 1;
}
map = constant_link_lookup (ike_attr_cst, type);
if (!map)
return 1;
if ((constant_value (map, str) == decode_16 (value)) ||
(!strcmp (str, "ANY")))
{
/* Mark this attribute as seen. */
node = malloc (sizeof *node);
if (!node)
{
log_error ("attribute_unacceptable: malloc (%lu) failed",
(unsigned long)sizeof *node);
return 1;
}
node->type = type;
LIST_INSERT_HEAD (&vs->attrs, node, link);
return 0;
}
LOG_DBG ((LOG_NEGOTIATION, 30,
"attribute_unacceptable: %s: got '%s', expected '%s'", tag,
constant_name (map, decode_16 (value)), str));
return 1;
case IKE_ATTR_GROUP_PRIME:
case IKE_ATTR_GROUP_GENERATOR_1:
case IKE_ATTR_GROUP_GENERATOR_2:
case IKE_ATTR_GROUP_CURVE_A:
case IKE_ATTR_GROUP_CURVE_B:
/* XXX Bignums not handled yet. */
return 1;
case IKE_ATTR_LIFE_TYPE:
case IKE_ATTR_LIFE_DURATION:
life_conf = conf_get_list (xf->field, "Life");
if (life_conf && !strcmp (conf_get_str (xf->field, "Life"), "ANY"))
return 0;
rv = 1;
if (!life_conf)
{
/* Life attributes given, but not in our policy. */
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"received unexpected life attribute"));
return 1;
}
/*
* Each lifetime type must match, otherwise we turn the proposal down.
* In order to do this we need to find the specific section of our
* policy's "Life" list and match its duration
*/
switch (type)
{
case IKE_ATTR_LIFE_TYPE:
for (life = TAILQ_FIRST (&life_conf->fields); life;
life = TAILQ_NEXT (life, link))
{
str = conf_get_str (life->field, "LIFE_TYPE");
if (!str)
{
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"section [%s] has no LIFE_TYPE", life->field));
continue;
}
/*
* If this is the type we are looking at, save a pointer
* to this section in vs->life.
*/
if (constant_value (ike_duration_cst, str) == decode_16 (value))
{
vs->life = strdup (life->field);
rv = 0;
goto bail_out;
}
}
LOG_DBG ((LOG_NEGOTIATION, 70,
"attribute_unacceptable: unrecognized LIFE_TYPE %d",
decode_16 (value)));
vs->life = 0;
break;
case IKE_ATTR_LIFE_DURATION:
if (!vs->life)
{
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"LIFE_DURATION without LIFE_TYPE"));
rv = 1;
goto bail_out;
}
str = conf_get_str (vs->life, "LIFE_DURATION");
if (str)
{
if (!strcmp (str, "ANY"))
rv = 0;
else
rv = !conf_match_num (vs->life, "LIFE_DURATION",
len == 4 ? decode_32 (value) :
decode_16 (value));
}
else
{
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"section [%s] has no LIFE_DURATION", vs->life));
rv = 1;
}
free (vs->life);
vs->life = 0;
break;
}
bail_out:
conf_free_list (life_conf);
return rv;
case IKE_ATTR_KEY_LENGTH:
case IKE_ATTR_FIELD_SIZE:
case IKE_ATTR_GROUP_ORDER:
if (conf_match_num (xf->field, tag, decode_16 (value)))
{
/* Mark this attribute as seen. */
node = malloc (sizeof *node);
if (!node)
{
log_error ("attribute_unacceptable: malloc (%lu) failed",
(unsigned long)sizeof *node);
return 1;
}
node->type = type;
LIST_INSERT_HEAD (&vs->attrs, node, link);
return 0;
}
return 1;
}
return 1;
}
