int
encode_uuid(unsigned char *uuid, unsigned char *out)
{
unsigned long i, len, ret;
unsigned cnt = 0, ar = 0;
unsigned char *ptr;
ptr = uuid;
len = strlen(uuid);
for (i = 0; i < len; i++) {
if (uuid[i] == '-') {
uuid[i] = '\0';
if (ar < 3) {
ret = hex2raw(ptr, out);
inverse(out, ret);
out += ret; cnt += ret;
}
else {
ret = hex2raw(ptr, out);
out += ret; cnt += ret;
}
ptr = uuid+i+1;
ar++;
}
}
out[len] = '\0';
ret = hex2raw(ptr, out);
out += ret; cnt += ret;
return cnt;
}
static void
ui_delete(char *cmd)
{
char cookies_str[ISAKMP_HDR_COOKIES_LEN * 2 + 1];
char message_id_str[ISAKMP_HDR_MESSAGE_ID_LEN * 2 + 1];
u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN];
u_int8_t message_id_buf[ISAKMP_HDR_MESSAGE_ID_LEN];
u_int8_t *message_id = message_id_buf;
struct sa *sa;
if (sscanf(cmd, "d %32s %8s", cookies_str, message_id_str) != 2) {
log_print("ui_delete: command \"%s\" malformed", cmd);
return;
}
if (strcmp(message_id_str, "-") == 0)
message_id = 0;
if (hex2raw(cookies_str, cookies, ISAKMP_HDR_COOKIES_LEN) == -1 ||
(message_id && hex2raw(message_id_str, message_id_buf,
ISAKMP_HDR_MESSAGE_ID_LEN) == -1)) {
log_print("ui_delete: command \"%s\" has bad arguments", cmd);
return;
}
sa = sa_lookup(cookies, message_id);
if (!sa) {
log_print("ui_delete: command \"%s\" found no SA", cmd);
return;
}
LOG_DBG((LOG_UI, 20,
"ui_delete: deleting SA for cookie \"%s\" msgid \"%s\"",
cookies_str, message_id_str));
sa_delete(sa, 1);
}
/* From printable to cert */
void *
x509_from_printable(char *cert)
{
u_int8_t *buf;
int plen, ret;
void *foo;
plen = (strlen(cert) + 1) / 2;
buf = malloc(plen);
if (!buf) {
log_error("x509_from_printable: malloc (%d) failed", plen);
return 0;
}
ret = hex2raw(cert, buf, plen);
if (ret == -1) {
free(buf);
log_print("x509_from_printable: badly formatted cert");
return 0;
}
foo = x509_cert_get(buf, plen);
free(buf);
if (!foo)
log_print("x509_from_printable: "
"could not retrieve certificate");
return foo;
}
/*
* Find and decode the configured key (pre-shared or public) for the
* peer denoted by ID. Stash the len in KEYLEN.
*/
static void *
ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
{
char *key, *buf;
#if defined (USE_X509) || defined (USE_KEYNOTE)
char *keyfile;
#if defined (USE_X509)
BIO *keyh;
RSA *rsakey;
size_t fsize;
#endif
#endif
switch (type)
{
case IKE_AUTH_PRE_SHARED:
/* Get the pre-shared key for our peer. */
key = conf_get_str (id, "Authentication");
if (!key && local_id)
key = conf_get_str (local_id, "Authentication");
if (!key)
{
log_print ("ike_auth_get_key: "
"no key found for peer \"%s\" or local ID \"%s\"",
id, local_id);
return 0;
}
/* If the key starts with 0x it is in hex format. */
if (strncasecmp (key, "0x", 2) == 0)
{
*keylen = (strlen (key) - 1) / 2;
buf = malloc (*keylen);
if (!buf)
{
log_print ("ike_auth_get_key: malloc (%lu) failed",
(unsigned long)*keylen);
return 0;
}
if (hex2raw (key + 2, (unsigned char *)buf, *keylen))
{
free (buf);
log_print ("ike_auth_get_key: invalid hex key %s", key);
return 0;
}
key = buf;
}
else
*keylen = strlen (key);
break;
case IKE_AUTH_RSA_SIG:
#if defined (USE_X509) || defined (USE_KEYNOTE)
#if defined (USE_KEYNOTE)
if (local_id &&
(keyfile = conf_get_str ("KeyNote", "Credential-directory")) != 0)
{
struct stat sb;
struct keynote_deckey dc;
char *privkeyfile, *buf2;
int fd, pkflen;
size_t size;
pkflen = strlen (keyfile) + strlen (local_id) +
sizeof PRIVATE_KEY_FILE + sizeof "//" - 1;
privkeyfile = calloc (pkflen, sizeof (char));
if (!privkeyfile)
{
log_print ("ike_auth_get_key: failed to allocate %d bytes",
pkflen);
return 0;
}
snprintf (privkeyfile, pkflen, "%s/%s/%s", keyfile, local_id,
PRIVATE_KEY_FILE);
keyfile = privkeyfile;
if (stat (keyfile, &sb) < 0)
{
free (keyfile);
goto ignorekeynote;
}
size = (size_t)sb.st_size;
fd = open (keyfile, O_RDONLY, 0);
if (fd < 0)
{
log_print ("ike_auth_get_key: failed opening \"%s\"", keyfile);
free (keyfile);
return 0;
}
buf = calloc (size + 1, sizeof (char));
if (!buf)
{
log_print ("ike_auth_get_key: failed allocating %lu bytes",
(unsigned long)size + 1);
free (keyfile);
return 0;
}
if (read (fd, buf, size) != size)
{
free (buf);
log_print ("ike_auth_get_key: "
"failed reading %lu bytes from \"%s\"",
(unsigned long)size, keyfile);
free (keyfile);
return 0;
}
close (fd);
/* Parse private key string */
buf2 = kn_get_string (buf);
free (buf);
if (kn_decode_key (&dc, buf2, KEYNOTE_PRIVATE_KEY) == -1)
{
free (buf2);
log_print ("ike_auth_get_key: failed decoding key in \"%s\"",
keyfile);
free (keyfile);
return 0;
}
free (buf2);
if (dc.dec_algorithm != KEYNOTE_ALGORITHM_RSA)
{
log_print ("ike_auth_get_key: wrong algorithm type %d in \"%s\"",
dc.dec_algorithm, keyfile);
free (keyfile);
kn_free_key (&dc);
return 0;
}
free (keyfile);
return dc.dec_key;
}
ignorekeynote:
#endif /* USE_KEYNOTE */
#ifdef USE_X509
/* Otherwise, try X.509 */
keyfile = conf_get_str ("X509-certificates", "Private-key");
if (check_file_secrecy (keyfile, &fsize))
return 0;
keyh = BIO_new (BIO_s_file ());
if (keyh == NULL)
{
log_print ("ike_auth_get_key: "
"BIO_new (BIO_s_file ()) failed");
return 0;
}
if (BIO_read_filename (keyh, keyfile) == -1)
{
log_print ("ike_auth_get_key: "
"BIO_read_filename (keyh, \"%s\") failed",
keyfile);
BIO_free (keyh);
return 0;
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL, NULL);
#else
rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL);
#endif
BIO_free (keyh);
if (!rsakey)
{
log_print ("ike_auth_get_key: PEM_read_bio_RSAPrivateKey failed");
return 0;
}
return rsakey;
#endif /* USE_X509 */
#endif /* USE_X509 || USE_KEYNOTE */
default:
log_print ("ike_auth_get_key: unknown key type %d", type);
return 0;
}
return key;
}
