int encode_uuid(unsigned char *uuid, unsigned char *out) { unsigned long i, len, ret; unsigned cnt = 0, ar = 0; unsigned char *ptr; ptr = uuid; len = strlen(uuid); for (i = 0; i < len; i++) { if (uuid[i] == '-') { uuid[i] = '\0'; if (ar < 3) { ret = hex2raw(ptr, out); inverse(out, ret); out += ret; cnt += ret; } else { ret = hex2raw(ptr, out); out += ret; cnt += ret; } ptr = uuid+i+1; ar++; } } out[len] = '\0'; ret = hex2raw(ptr, out); out += ret; cnt += ret; return cnt; }
static void ui_delete(char *cmd) { char cookies_str[ISAKMP_HDR_COOKIES_LEN * 2 + 1]; char message_id_str[ISAKMP_HDR_MESSAGE_ID_LEN * 2 + 1]; u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN]; u_int8_t message_id_buf[ISAKMP_HDR_MESSAGE_ID_LEN]; u_int8_t *message_id = message_id_buf; struct sa *sa; if (sscanf(cmd, "d %32s %8s", cookies_str, message_id_str) != 2) { log_print("ui_delete: command \"%s\" malformed", cmd); return; } if (strcmp(message_id_str, "-") == 0) message_id = 0; if (hex2raw(cookies_str, cookies, ISAKMP_HDR_COOKIES_LEN) == -1 || (message_id && hex2raw(message_id_str, message_id_buf, ISAKMP_HDR_MESSAGE_ID_LEN) == -1)) { log_print("ui_delete: command \"%s\" has bad arguments", cmd); return; } sa = sa_lookup(cookies, message_id); if (!sa) { log_print("ui_delete: command \"%s\" found no SA", cmd); return; } LOG_DBG((LOG_UI, 20, "ui_delete: deleting SA for cookie \"%s\" msgid \"%s\"", cookies_str, message_id_str)); sa_delete(sa, 1); }
/* From printable to cert */ void * x509_from_printable(char *cert) { u_int8_t *buf; int plen, ret; void *foo; plen = (strlen(cert) + 1) / 2; buf = malloc(plen); if (!buf) { log_error("x509_from_printable: malloc (%d) failed", plen); return 0; } ret = hex2raw(cert, buf, plen); if (ret == -1) { free(buf); log_print("x509_from_printable: badly formatted cert"); return 0; } foo = x509_cert_get(buf, plen); free(buf); if (!foo) log_print("x509_from_printable: " "could not retrieve certificate"); return foo; }
/* * Find and decode the configured key (pre-shared or public) for the * peer denoted by ID. Stash the len in KEYLEN. */ static void * ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen) { char *key, *buf; #if defined (USE_X509) || defined (USE_KEYNOTE) char *keyfile; #if defined (USE_X509) BIO *keyh; RSA *rsakey; size_t fsize; #endif #endif switch (type) { case IKE_AUTH_PRE_SHARED: /* Get the pre-shared key for our peer. */ key = conf_get_str (id, "Authentication"); if (!key && local_id) key = conf_get_str (local_id, "Authentication"); if (!key) { log_print ("ike_auth_get_key: " "no key found for peer \"%s\" or local ID \"%s\"", id, local_id); return 0; } /* If the key starts with 0x it is in hex format. */ if (strncasecmp (key, "0x", 2) == 0) { *keylen = (strlen (key) - 1) / 2; buf = malloc (*keylen); if (!buf) { log_print ("ike_auth_get_key: malloc (%lu) failed", (unsigned long)*keylen); return 0; } if (hex2raw (key + 2, (unsigned char *)buf, *keylen)) { free (buf); log_print ("ike_auth_get_key: invalid hex key %s", key); return 0; } key = buf; } else *keylen = strlen (key); break; case IKE_AUTH_RSA_SIG: #if defined (USE_X509) || defined (USE_KEYNOTE) #if defined (USE_KEYNOTE) if (local_id && (keyfile = conf_get_str ("KeyNote", "Credential-directory")) != 0) { struct stat sb; struct keynote_deckey dc; char *privkeyfile, *buf2; int fd, pkflen; size_t size; pkflen = strlen (keyfile) + strlen (local_id) + sizeof PRIVATE_KEY_FILE + sizeof "//" - 1; privkeyfile = calloc (pkflen, sizeof (char)); if (!privkeyfile) { log_print ("ike_auth_get_key: failed to allocate %d bytes", pkflen); return 0; } snprintf (privkeyfile, pkflen, "%s/%s/%s", keyfile, local_id, PRIVATE_KEY_FILE); keyfile = privkeyfile; if (stat (keyfile, &sb) < 0) { free (keyfile); goto ignorekeynote; } size = (size_t)sb.st_size; fd = open (keyfile, O_RDONLY, 0); if (fd < 0) { log_print ("ike_auth_get_key: failed opening \"%s\"", keyfile); free (keyfile); return 0; } buf = calloc (size + 1, sizeof (char)); if (!buf) { log_print ("ike_auth_get_key: failed allocating %lu bytes", (unsigned long)size + 1); free (keyfile); return 0; } if (read (fd, buf, size) != size) { free (buf); log_print ("ike_auth_get_key: " "failed reading %lu bytes from \"%s\"", (unsigned long)size, keyfile); free (keyfile); return 0; } close (fd); /* Parse private key string */ buf2 = kn_get_string (buf); free (buf); if (kn_decode_key (&dc, buf2, KEYNOTE_PRIVATE_KEY) == -1) { free (buf2); log_print ("ike_auth_get_key: failed decoding key in \"%s\"", keyfile); free (keyfile); return 0; } free (buf2); if (dc.dec_algorithm != KEYNOTE_ALGORITHM_RSA) { log_print ("ike_auth_get_key: wrong algorithm type %d in \"%s\"", dc.dec_algorithm, keyfile); free (keyfile); kn_free_key (&dc); return 0; } free (keyfile); return dc.dec_key; } ignorekeynote: #endif /* USE_KEYNOTE */ #ifdef USE_X509 /* Otherwise, try X.509 */ keyfile = conf_get_str ("X509-certificates", "Private-key"); if (check_file_secrecy (keyfile, &fsize)) return 0; keyh = BIO_new (BIO_s_file ()); if (keyh == NULL) { log_print ("ike_auth_get_key: " "BIO_new (BIO_s_file ()) failed"); return 0; } if (BIO_read_filename (keyh, keyfile) == -1) { log_print ("ike_auth_get_key: " "BIO_read_filename (keyh, \"%s\") failed", keyfile); BIO_free (keyh); return 0; } #if SSLEAY_VERSION_NUMBER >= 0x00904100L rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL, NULL); #else rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL); #endif BIO_free (keyh); if (!rsakey) { log_print ("ike_auth_get_key: PEM_read_bio_RSAPrivateKey failed"); return 0; } return rsakey; #endif /* USE_X509 */ #endif /* USE_X509 || USE_KEYNOTE */ default: log_print ("ike_auth_get_key: unknown key type %d", type); return 0; } return key; }