/* Validate an attribute. Return 0 on match. */
static int
sa_validate_xf_attrs(u_int16_t type, u_int8_t *value, u_int16_t len,
void *arg)
{
int val0, val1;
struct attr_validation_state *avs =
(struct attr_validation_state *)arg;
LOG_DBG((LOG_SA, 95, "sa_validate_xf_attrs: phase %d mode %d type %d "
"len %d", avs->phase, avs->mode, type, len));
/* Make sure the phase and type are valid. */
if (avs->phase == 1) {
if (type < IKE_ATTR_ENCRYPTION_ALGORITHM ||
type > IKE_ATTR_BLOCK_SIZE)
return 1;
} else if (avs->phase == 2) {
if (type < IPSEC_ATTR_SA_LIFE_TYPE ||
type > IPSEC_ATTR_ECN_TUNNEL)
return 1;
} else
return 1;
if (avs->mode == 0) { /* Load attrs. */
avs->attrp[type] = value;
avs->len[type] = len;
return 0;
}
/* Checking for a missing attribute is an immediate failure. */
if (!avs->attrp[type])
return 1;
/* Match the loaded attribute against this one, mark it as checked. */
avs->checked[type]++;
switch (len) {
case 2:
val0 = (int)decode_16(value);
break;
case 4:
val0 = (int)decode_32(value);
break;
default:
return 1;
}
switch (avs->len[type]) {
case 2:
val1 = (int)decode_16(avs->attrp[type]);
break;
case 4:
val1 = (int)decode_32(avs->attrp[type]);
break;
default:
return 1;
}
/* Return 0 when the values are equal. */
return (val0 != val1);
}
int main(int argc, char **argv)
{
if(argc > 1)
{
int i;
char line[60], *bests, *opts = 0, bestc, optc = 0, c, *s;
uint8_t *val;
size_t n;
double optv = 0, bestv, v;
for(i = 1; i < argc; i++)
{
FILE *fp = fopen(argv[i], "r");
while(fscanf(fp, "%s", line) != EOF)
{
n = decode_16(line, &val);
c = 0;
bestv = 0.0;
bestc = 0;
bests = 0;
while(++c)
{
s = encode_char(xor_1char(val, n, c),n);
v = score_text(s, n);
//if(line[0] == '3' && line[1] == 'f' &&
//line[2] == '1' && line[3] == 'b')
//printf("%c :: %s :: %f\n", c, s, v);
if(v > bestv)
{
bestv = v;
bestc = c;
//free(bests);
bests = s;
}
//else
// free(s);
}
//printf("%s : %s\n", line, bests);
if(bestv > optv)
{
optv = bestv;
optc = bestc;
// free(opts);
opts = bests;
}
//else
// free(bests);
}
fclose(fp);
printf("File '%s' best guess:\n\tPlain-Text:"
"%s\n\tKey:%c\n\tScore:%f\n",
argv[i], opts, optc, optv);
}
}
}
/*
* Convert the unsigned LEN-sized number at BUF of network byteorder to a
* 32-bit unsigned integer of host byteorder pointed to by VAL.
*/
static int
extract_val(u_int8_t *buf, size_t len, u_int32_t *val)
{
switch (len) {
case 1:
*val = *buf;
break;
case 2:
*val = decode_16(buf);
break;
case 4:
*val = decode_32(buf);
break;
default:
return -1;
}
return 0;
}
/*
* Look at the attribute of type TYPE, located at VALUE for LEN bytes forward.
* The VVS argument holds a validation state kept across invocations.
* If the attribute is unacceptable to use, return non-zero, otherwise zero.
*/
static int
attribute_unacceptable (u_int16_t type, u_int8_t *value, u_int16_t len,
void *vvs)
{
struct validation_state *vs = vvs;
struct conf_list *life_conf;
struct conf_list_node *xf = vs->xf, *life;
char *tag = constant_lookup (ike_attr_cst, type);
char *str;
struct constant_map *map;
struct attr_node *node;
int rv;
if (!tag)
{
LOG_DBG ((LOG_NEGOTIATION, 60,
"attribute_unacceptable: attribute type %d not known", type));
return 1;
}
switch (type)
{
case IKE_ATTR_ENCRYPTION_ALGORITHM:
case IKE_ATTR_HASH_ALGORITHM:
case IKE_ATTR_AUTHENTICATION_METHOD:
case IKE_ATTR_GROUP_DESCRIPTION:
case IKE_ATTR_GROUP_TYPE:
case IKE_ATTR_PRF:
str = conf_get_str (xf->field, tag);
if (!str)
{
/* This attribute does not exist in this policy. */
LOG_DBG ((LOG_NEGOTIATION, 70,
"attribute_unacceptable: attr %s does not exist in %s",
tag, xf->field));
return 1;
}
map = constant_link_lookup (ike_attr_cst, type);
if (!map)
return 1;
if ((constant_value (map, str) == decode_16 (value)) ||
(!strcmp (str, "ANY")))
{
/* Mark this attribute as seen. */
node = malloc (sizeof *node);
if (!node)
{
log_error ("attribute_unacceptable: malloc (%lu) failed",
(unsigned long)sizeof *node);
return 1;
}
node->type = type;
LIST_INSERT_HEAD (&vs->attrs, node, link);
return 0;
}
LOG_DBG ((LOG_NEGOTIATION, 30,
"attribute_unacceptable: %s: got '%s', expected '%s'", tag,
constant_name (map, decode_16 (value)), str));
return 1;
case IKE_ATTR_GROUP_PRIME:
case IKE_ATTR_GROUP_GENERATOR_1:
case IKE_ATTR_GROUP_GENERATOR_2:
case IKE_ATTR_GROUP_CURVE_A:
case IKE_ATTR_GROUP_CURVE_B:
/* XXX Bignums not handled yet. */
return 1;
case IKE_ATTR_LIFE_TYPE:
case IKE_ATTR_LIFE_DURATION:
life_conf = conf_get_list (xf->field, "Life");
if (life_conf && !strcmp (conf_get_str (xf->field, "Life"), "ANY"))
return 0;
rv = 1;
if (!life_conf)
{
/* Life attributes given, but not in our policy. */
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"received unexpected life attribute"));
return 1;
}
/*
* Each lifetime type must match, otherwise we turn the proposal down.
* In order to do this we need to find the specific section of our
* policy's "Life" list and match its duration
*/
switch (type)
{
case IKE_ATTR_LIFE_TYPE:
for (life = TAILQ_FIRST (&life_conf->fields); life;
life = TAILQ_NEXT (life, link))
{
str = conf_get_str (life->field, "LIFE_TYPE");
if (!str)
{
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"section [%s] has no LIFE_TYPE", life->field));
continue;
}
/*
* If this is the type we are looking at, save a pointer
* to this section in vs->life.
*/
if (constant_value (ike_duration_cst, str) == decode_16 (value))
{
vs->life = strdup (life->field);
rv = 0;
goto bail_out;
}
}
LOG_DBG ((LOG_NEGOTIATION, 70,
"attribute_unacceptable: unrecognized LIFE_TYPE %d",
decode_16 (value)));
vs->life = 0;
break;
case IKE_ATTR_LIFE_DURATION:
if (!vs->life)
{
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"LIFE_DURATION without LIFE_TYPE"));
rv = 1;
goto bail_out;
}
str = conf_get_str (vs->life, "LIFE_DURATION");
if (str)
{
if (!strcmp (str, "ANY"))
rv = 0;
else
rv = !conf_match_num (vs->life, "LIFE_DURATION",
len == 4 ? decode_32 (value) :
decode_16 (value));
}
else
{
LOG_DBG ((LOG_NEGOTIATION, 70, "attribute_unacceptable: "
"section [%s] has no LIFE_DURATION", vs->life));
rv = 1;
}
free (vs->life);
vs->life = 0;
break;
}
bail_out:
conf_free_list (life_conf);
return rv;
case IKE_ATTR_KEY_LENGTH:
case IKE_ATTR_FIELD_SIZE:
case IKE_ATTR_GROUP_ORDER:
if (conf_match_num (xf->field, tag, decode_16 (value)))
{
/* Mark this attribute as seen. */
node = malloc (sizeof *node);
if (!node)
{
log_error ("attribute_unacceptable: malloc (%lu) failed",
(unsigned long)sizeof *node);
return 1;
}
node->type = type;
LIST_INSERT_HEAD (&vs->attrs, node, link);
return 0;
}
return 1;
}
return 1;
}
