main(int argc, char *argv[]) { int len; char *infile; EF_PROTECT_FREE=1; EF_FREE_WIPES =1; progname = argv[0]; leak_detective = 1; if(argc > 2 ) { fprintf(stderr, "Usage: %s <whackrecord>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); infile = argv[1]; readwhackmsg(infile); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_ike *aii; char err_buf[256]; /* ??? big enough? */ EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; tool_init_log(); init_crypto(); aii = alg_info_ike_create_from_str("3des", err_buf, sizeof(err_buf)); gsp = oakley_alg_makedb(aii, &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT], FALSE); sa_print(gsp); sa_v2_convert(&gsp); sa_v2_print(gsp); tool_close_log(); free_sa(&gsp); exit(0); }
main(int argc, char *argv[]) { int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_ike *aii; err_t ugh; progname = argv[0]; leak_detective=1; tool_init_log(); init_crypto(); aii = alg_info_ike_create_from_str("3des", &ugh); gsp = oakley_alg_makedb(aii , &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT] , -1); sa_print(gsp); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int i; struct db_sa *sa1 = NULL; progname = argv[0]; leak_detective = 1; tool_init_log(); for (i = 0; i < elemsof(oakley_sadb); i++) { /* make sure that leak reports and EFence reports get * placed in the right order. */ fflush(stdout); fflush(stderr); printf("\nmain mode oakley: %u\n", i); sa_print(&oakley_sadb[i]); sa1 = sa_copy_sa_first(&oakley_sadb[i]); sa_print(sa1); free_sa(sa1); fflush(stdout); report_leaks(); } tool_close_log(); exit(0); }
main(int argc, char *argv[]) { progname = argv[0]; tool_init_log(); /* our enum names */ do_test(&connection_kind_names, 256); do_test(&certpolicy_type_names, 256); /* IETF registry based enum names */ do_test(&version_names, 256); do_test(&doi_names, 256); do_test(&ikev1_payload_names, 256); do_test(&ikev2_payload_names, 256); do_test(&payload_names_ikev1orv2, 256); do_test(&ikev1_exchange_names, 256); do_test(&ikev2_exchange_names, 256); do_test(&exchange_names_ikev1orv2, 256); do_test(&protocol_names, 256); /* why not ikev1_protocol_names ? */ do_test(&ikev2_protocol_names, 256); do_test(&isakmp_transformid_names, 256); do_test(&ah_transformid_names, 256); do_test(&esp_transformid_names, 256); do_test(&ipcomp_transformid_names, 256); do_test(&oakley_attr_names, 256); do_test(&ipsec_attr_names, 256); do_test(&sa_lifetime_names, 256); do_test(&oakley_lifetime_names, 256); do_test(&oakley_auth_names, 256); do_test(&oakley_enc_names, 256); do_test(&oakley_hash_names, 256); do_test(&oakley_group_names, 256); do_test(&ikev1_notify_names, 16384); do_test(&ikev2_notify_names, 16384); do_test(&ikev2_ts_type_names, 256); do_test(&enc_mode_names, 256); do_test(&auth_alg_names, 256); do_test(&xauth_type_names, 256); do_test(&xauth_attr_names, 256); do_test(&attr_msg_type_names, 256); do_test(&ikev2_sec_proto_id_names, 256); do_test(&ikev2_auth_names, 256); do_test(&ikev2_trans_type_encr_names, 256); do_test(&ikev2_trans_type_prf_names, 256); do_test(&ikev2_trans_type_integ_names, 256); do_test(&ikev2_trans_type_esn_names, 256); do_test(&ikev2_trans_type_names, 256); do_test(&ike_cert_type_names, 256); do_test(&ikev2_cert_type_names, 256); do_test(&modecfg_attr_names, 256); do_test(&ike_idtype_names, 256); do_test(&ikev2_idtype_names, 256); report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { bool recalculate = FALSE; int len; err_t err = NULL; char *infile; char *conn_name; int lineno=0; struct connection *c1 = NULL; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { recalculate = 1; /* do all crypto */ argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); //list_public_keys(FALSE, FALSE); assert(orient(c1, 500)); show_one_connection(c1, whack_log); kick_adns_connection_lookup(c1, &c1->spd.that, TRUE); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; err_t err = NULL; char *infile; char *conn_name; int lineno=0; struct starter_config *cfg = NULL; struct starter_conn *conn = NULL; //EF_PROTECT_FREE=1; progname = argv[0]; leak_detective = 1; if(argc < 4) { fprintf(stderr, "Usage: %s <cfgrootdir> <cfgfile> <conn-name>.. \n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); //init_fake_vendorid(); rootdir[0]='\0'; strlcat(rootdir, argv[1], sizeof(rootdir)); starter_use_log(1, 1, 1); cfg = confread_load(argv[2], &err, FALSE, NULL,FALSE); argv+=3; argc-=3; /* load all conns marked as auto=add or better */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { for(; argc>0; argc--, argv++) { conn_name = *argv; printf("processing conn: %s\n", conn_name); if(strcasecmp(conn->name, conn_name)==0) { struct whack_message msg1; if(starter_whack_build_basic_conn(cfg, &msg1, conn)==0) { add_connection(&msg1); } } } } confread_free(cfg); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; struct connection *c1; struct state *st; EF_PROTECT_FREE=1; EF_FREE_WIPES =1; progname = argv[0]; leak_detective = 1; if(argc != 3) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentI1.pcap"); c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE); run_continuation(r); /* now invoke the timer event to cause a re-transmission */ handle_next_timer_event(); /* clean up so that we can see any leaks */ delete_state(st); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_esp *aii; char err_buf[100]; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; EF_PROTECT_BELOW = 1; progname = argv[0]; leak_detective = 1; tool_init_log(); init_crypto(); { int algo; for (algo = 1; algo <= K_SADB_EALG_MAX; algo++) esp_ealg[(algo)].sadb_alg_id = (algo); } { int algo; for (algo = 1; algo <= K_SADB_AALG_MAX; algo++) esp_aalg[(algo)].sadb_alg_id = (algo); } esp_ealg_num = 10; esp_aalg_num = 10; aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf)); gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE, aii, TRUE); sa_print(gsp); gsp = sa_v2_convert(gsp); sa_v2_print(gsp); tool_close_log(); free_sa(gsp); exit(0); }
int main(int argc, char *argv[]) { int i; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; progname = argv[0]; leak_detective=1; tool_init_log(); for(i=0; i < elemsof(oakley_sadb); i++) { printf("\nmain mode oakley: %u\n", i); sa_print(&oakley_sadb[i]); sa1 = sa_copy_sa(&oakley_sadb[i], 0); if(sa2 != NULL) { free_sa(sa2); } sa2 = sa_copy_sa(sa1, 0); free_sa(sa1); printf("copy 2\n"); sa_print(sa2); } for(i=0; i < elemsof(oakley_am_sadb); i++) { printf("\naggr mode oakley: %u\n", i); sa_print(&oakley_am_sadb[i]); sa1 = sa_copy_sa(&oakley_am_sadb[i], 0); if(sa2 != NULL) { free_sa(sa2); } sa2 = sa_copy_sa(sa1, 0); free_sa(sa1); printf("copy 2\n"); sa_print(sa2); } if(sa2 != NULL) free_sa(sa2); report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); hostpair_list(); report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int i; struct id one; progname = argv[0]; tool_init_log(); t1(); t2(); t3(); t4(); t5(); t6(); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; progname = argv[0]; leak_detective = 1; tool_init_log(); for (i = 0; i < elemsof(oakley_sadb); i++) { gsp = sa_copy_sa(&oakley_empty, 0); printf("\nmain mode oakley: %u\n", i); //sa_print(&oakley_sadb[i]); sa1 = sa_copy_sa(&oakley_sadb[i], 0); sa2 = sa_merge_proposals(gsp, sa1); printf("sa1:\n"); sa_print(sa1); printf("gsp:\n"); sa_print(gsp); printf("sa2:\n"); sa_print(sa2); free_sa(sa1); free_sa(sa2); free_sa(gsp); report_leaks(); } tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { __u32 spi = 0; int c; ip_said said; const char *error_s; char ipsaid_txt[SATOT_BUF]; int outif = 0; int error = 0; ssize_t io_error; int argcount = argc; pid_t mypid; int listenreply = 0; unsigned char authalg, encryptalg; struct sadb_ext *extensions[K_SADB_EXT_MAX + 1]; struct sadb_msg *pfkey_msg; char *edst_opt, *spi_opt, *proto_opt, *af_opt, *said_opt, *dst_opt, *src_opt; u_int32_t natt; u_int16_t sport, dport; uint32_t life[life_maxsever][life_maxtype]; char *life_opt[life_maxsever][life_maxtype]; struct stat sts; struct sadb_builds sab; progname = argv[0]; mypid = getpid(); natt = 0; sport = 0; dport = 0; tool_init_log(); zero(&said); /* OK: no pointer fields */ edst_opt = spi_opt = proto_opt = af_opt = said_opt = dst_opt = src_opt = NULL; { int i, j; for (i = 0; i < life_maxsever; i++) { for (j = 0; j < life_maxtype; j++) { life_opt[i][j] = NULL; life[i][j] = 0; } } } while ((c = getopt_long(argc, argv, "" /*"H:P:Z:46dcA:E:e:s:a:w:i:D:S:hvgl:+:f:"*/, longopts, 0)) != EOF) { unsigned long u; err_t ugh; switch (c) { case 'g': debug = TRUE; pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX; /* paul: this is a plutoism? cur_debugging = 0xffffffff; */ argcount--; break; case 'R': listenreply = 1; argcount--; break; case 'r': dumpsaref = 1; argcount--; break; case 'b': /* set the SAref to use */ ugh = ttoulb(optarg, 0, 0, INT_MAX, &u); if (ugh != NULL) { fprintf(stderr, "%s: Invalid SAREFi parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } saref_me = u; argcount--; break; case 'B': /* set the SAref to use for outgoing packets */ ugh = ttoulb(optarg, 0, 0, INT_MAX, &u); if (ugh != NULL) { fprintf(stderr, "%s: Invalid SAREFo parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } saref_him = u; argcount--; break; case 'O': /* set interface from which packet should arrive */ ugh = ttoulb(optarg, 0, 0, INT_MAX, &u); if (ugh != NULL) { fprintf(stderr, "%s: Invalid outif parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } outif = u; argcount--; break; case 'l': { static const char combine_fmt[] = "%s --label %s"; size_t room = strlen(argv[0]) + sizeof(combine_fmt) + strlen(optarg); progname = malloc(room); snprintf(progname, room, combine_fmt, argv[0], optarg); tool_close_log(); tool_init_log(); argcount -= 2; break; } case 'H': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } if (streq(optarg, "hmac-md5-96")) { alg = XF_AHHMACMD5; } else if (streq(optarg, "hmac-sha1-96")) { alg = XF_AHHMACSHA1; } else { fprintf(stderr, "%s: Unknown authentication algorithm '%s' follows '--ah' option.\n", progname, optarg); exit(1); } if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case 'P': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } alg = decode_esp(optarg); if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case 'Z': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } if (streq(optarg, "deflate")) { alg = XF_COMPDEFLATE; } else if (streq(optarg, "lzs")) { alg = XF_COMPLZS; } else { fprintf(stderr, "%s: Unknown compression algorithm '%s' follows '--comp' option.\n", progname, optarg); exit(1); } if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case '4': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } alg = XF_IP4; address_family = AF_INET; if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case '6': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } alg = XF_IP6; address_family = AF_INET6; if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case 'd': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } alg = XF_DEL; if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case 'c': if (alg) { fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n", progname); exit(1); } alg = XF_CLR; if (debug) { fprintf(stdout, "%s: Algorithm %d selected.\n", progname, alg); } break; case 'e': if (said_opt) { fprintf(stderr, "%s: Error, EDST parameter redefined:%s, already defined in SA:%s\n", progname, optarg, said_opt); exit(1); } if (edst_opt) { fprintf(stderr, "%s: Error, EDST parameter redefined:%s, already defined as:%s\n", progname, optarg, edst_opt); exit(1); } error_s = ttoaddr(optarg, 0, address_family, &edst); if (error_s != NULL) { if (error_s) { fprintf(stderr, "%s: Error, %s converting --edst argument:%s\n", progname, error_s, optarg); exit(1); } } edst_opt = optarg; if (debug) { ipstr_buf b; fprintf(stdout, "%s: edst=%s.\n", progname, ipstr(&edst, &b)); } break; case 's': if (said_opt != NULL) { fprintf(stderr, "%s: Error, SPI parameter redefined:%s, already defined in SA:%s\n", progname, optarg, said_opt); exit(1); } if (spi_opt != NULL) { fprintf(stderr, "%s: Error, SPI parameter redefined:%s, already defined as:%s\n", progname, optarg, spi_opt); exit(1); } ugh = ttoulb(optarg, 0, 0, 0xFFFFFFFFul, &u); if (ugh == NULL && u < 0x100) ugh = "0 - 0xFF are reserved"; if (ugh != NULL) { fprintf(stderr, "%s: Invalid SPI parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } spi = u; spi_opt = optarg; break; case 'p': if (said_opt != NULL) { fprintf(stderr, "%s: Error, PROTO parameter redefined:%s, already defined in SA:%s\n", progname, optarg, said_opt); exit(1); } if (proto_opt != NULL) { fprintf(stderr, "%s: Error, PROTO parameter redefined:%s, already defined as:%s\n", progname, optarg, proto_opt); exit(1); } if (streq(optarg, "ah")) { proto = SA_AH; } else if (streq(optarg, "esp")) { proto = SA_ESP; } else if (streq(optarg, "tun")) { proto = SA_IPIP; } else if (streq(optarg, "comp")) { proto = SA_COMP; } else { fprintf(stderr, "%s: Invalid PROTO parameter: %s\n", progname, optarg); exit(1); } proto_opt = optarg; break; case 'a': if (said_opt) { fprintf(stderr, "%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined in SA:%s\n", progname, optarg, said_opt); exit(1); } if (af_opt) { fprintf(stderr, "%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined as:%s\n", progname, optarg, af_opt); exit(1); } if (streq(optarg, "inet")) { address_family = AF_INET; /* currently we ensure that all addresses belong to the same address family */ anyaddr(address_family, &dst); anyaddr(address_family, &edst); anyaddr(address_family, &src); } else if (streq(optarg, "inet6")) { address_family = AF_INET6; /* currently we ensure that all addresses belong to the same address family */ anyaddr(address_family, &dst); anyaddr(address_family, &edst); anyaddr(address_family, &src); } else { fprintf(stderr, "%s: Invalid ADDRESS FAMILY parameter: %s.\n", progname, optarg); exit(1); } af_opt = optarg; break; case 'I': if (said_opt) { fprintf(stderr, "%s: Error, SAID parameter redefined:%s, already defined in SA:%s\n", progname, optarg, said_opt); exit(1); } if (proto_opt) { fprintf(stderr, "%s: Error, PROTO parameter redefined in SA:%s, already defined as:%s\n", progname, optarg, proto_opt); exit(1); } if (edst_opt) { fprintf(stderr, "%s: Error, EDST parameter redefined in SA:%s, already defined as:%s\n", progname, optarg, edst_opt); exit(1); } if (spi_opt) { fprintf(stderr, "%s: Error, SPI parameter redefined in SA:%s, already defined as:%s\n", progname, optarg, spi_opt); exit(1); } error_s = ttosa(optarg, 0, &said); if (error_s != NULL) { fprintf(stderr, "%s: Error, %s converting --sa argument:%s\n", progname, error_s, optarg); exit(1); } if (debug) { satot(&said, 0, ipsaid_txt, sizeof(ipsaid_txt)); fprintf(stdout, "%s: said=%s.\n", progname, ipsaid_txt); } /* init the src and dst with the same address family */ if (address_family == 0) { address_family = addrtypeof(&said.dst); } else if (address_family != addrtypeof(&said.dst)) { fprintf(stderr, "%s: Error, specified address family (%d) is different that of SAID: %s\n", progname, address_family, optarg); exit(1); } anyaddr(address_family, &dst); anyaddr(address_family, &edst); anyaddr(address_family, &src); said_opt = optarg; break; case 'A': decode_blob(optarg, "Authentication Key", &authkey, &authkeylen); break; case 'E': decode_blob(optarg, "Encryption Key", &enckey, &enckeylen); break; case 'w': { err_t ugh = ttoul(optarg, 0, 0, &replay_window); if (ugh != NULL) { fprintf(stderr, "%s: Invalid replay_window parameter: %s\n", progname, ugh); exit(1); } if (!(1 <= replay_window && replay_window <= 64)) { fprintf(stderr, "%s: Failed -- Illegal window size: arg=%s, replay_window=%lu, must be 1 <= size <= 64.\n", progname, optarg, replay_window); exit(1); } } break; case 'i': decode_blob(optarg, "IV", &iv, &ivlen); break; case 'D': if (dst_opt) { fprintf(stderr, "%s: Error, DST parameter redefined:%s, already defined as:%s\n", progname, optarg, dst_opt); exit(1); } error_s = ttoaddr(optarg, 0, address_family, &dst); if (error_s != NULL) { fprintf(stderr, "%s: Error, %s converting --dst argument:%s\n", progname, error_s, optarg); exit(1); } dst_opt = optarg; if (debug) { ipstr_buf b; fprintf(stdout, "%s: dst=%s.\n", progname, ipstr(&dst, &b)); } break; case 'F': /* src port */ { unsigned long u; err_t ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u); if (ugh != NULL) { fprintf(stderr, "%s: Invalid source port parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } sport = u; } break; case 'G': /* dst port */ { unsigned long u; err_t ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u); if (ugh != NULL) { fprintf(stderr, "%s: Invalid destination port parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } dport = u; } break; case 'N': /* nat-type */ if (strcaseeq(optarg, "nonesp")) { natt = ESPINUDP_WITH_NON_ESP; } else if (strcaseeq(optarg, "none")) { natt = 0; } else { /* ??? what does this do? Where is it documented? */ unsigned long u; err_t ugh = ttoulb(optarg, 0, 0, 0xFFFFFFFFul, &u); if (ugh != NULL) { fprintf(stderr, "%s: Invalid character in natt parameter \"%s\": %s\n", progname, optarg, ugh); exit(1); } natt = u; } break; case 'S': if (src_opt) { fprintf(stderr, "%s: Error, SRC parameter redefined:%s, already defined as:%s\n", progname, optarg, src_opt); exit(1); } error_s = ttoaddr(optarg, 0, address_family, &src); if (error_s != NULL) { fprintf(stderr, "%s: Error, %s converting --src argument:%s\n", progname, error_s, optarg); exit(1); } src_opt = optarg; if (debug) { ipstr_buf b; fprintf(stdout, "%s: src=%s.\n", progname, ipstr(&src, &b)); } break; case 'h': usage(progname, stdout); exit(0); case '?': usage(progname, stderr); exit(1); case 'v': fprintf(stdout, "%s, %s\n", progname, ipsec_version_code()); exit(1); case 'f': if (parse_life_options(life, life_opt, optarg) != 0) exit(1); break; default: fprintf(stderr, "%s: unrecognized option '%c', update option processing.\n", progname, c); exit(1); } } if (debug) { fprintf(stdout, "%s: All options processed.\n", progname); } if (stat("/proc/net/pfkey", &sts) == 0) { fprintf(stderr, "%s: NETKEY does not use the ipsec spi command. Use 'ip xfrm' instead.\n", progname); exit(1); } if (argcount == 1) { int ret = 1; if ((stat("/proc/net/ipsec_spi", &sts)) != 0) { fprintf(stderr, "%s: No spi - no IPsec support in kernel (are the modules loaded?)\n", progname); } else { ret = system("cat /proc/net/ipsec_spi"); ret = ret != -1 && WIFEXITED(ret) ? WEXITSTATUS(ret) : 1; } exit(ret); } switch (alg) { case XF_OTHER_ALG: /* validate keysizes */ if (proc_read_ok) { const struct sadb_alg *alg_p; size_t keylen, minbits, maxbits; alg_p = kernel_alg_sadb_alg_get(SADB_SATYPE_ESP, SADB_EXT_SUPPORTED_ENCRYPT, esp_info->encryptalg); assert(alg_p != NULL); keylen = enckeylen * 8; minbits = alg_p->sadb_alg_minbits; maxbits = alg_p->sadb_alg_maxbits; /* * if explicit keylen told in encrypt algo, eg "aes128" * check actual keylen "equality" */ if (esp_info->enckeylen && esp_info->enckeylen != keylen) { fprintf(stderr, "%s: invalid encryption keylen=%d, " "required %d by encrypt algo string=\"%s\"\n", progname, (int)keylen, (int)esp_info->enckeylen, alg_string); exit(1); } /* thanks DES for this sh*t */ if (minbits > keylen || maxbits < keylen) { fprintf(stderr, "%s: invalid encryption keylen=%d, " "must be between %d and %d bits\n", progname, (int)keylen, (int)minbits, (int)maxbits); exit(1); } alg_p = kernel_alg_sadb_alg_get(SADB_SATYPE_ESP, SADB_EXT_SUPPORTED_AUTH, esp_info->authalg); assert(alg_p); keylen = authkeylen * 8; minbits = alg_p->sadb_alg_minbits; maxbits = alg_p->sadb_alg_maxbits; if (minbits > keylen || maxbits < keylen) { fprintf(stderr, "%s: invalid auth keylen=%d, " "must be between %d and %d bits\n", progname, (int)keylen, (int)minbits, (int)maxbits); exit(1); } } /* * ??? this break was added in a2791fda77a5cfcc6bc992fbc5019f4448112f88 * It is likely correct, but we're not sure. * Luckily this code is probably never used. */ break; case XF_IP4: case XF_IP6: case XF_DEL: case XF_COMPDEFLATE: case XF_COMPLZS: if (!said_opt) { if (isanyaddr(&edst)) { fprintf(stderr, "%s: SA destination not specified.\n", progname); exit(1); } if (!spi) { fprintf(stderr, "%s: SA SPI not specified.\n", progname); exit(1); } if (!proto) { fprintf(stderr, "%s: SA PROTO not specified.\n", progname); exit(1); } initsaid(&edst, htonl(spi), proto, &said); } else { proto = said.proto; spi = ntohl(said.spi); edst = said.dst; } if ((address_family != 0) && (address_family != addrtypeof(&said.dst))) { fprintf(stderr, "%s: Defined address family and address family of SA missmatch.\n", progname); exit(1); } if (debug) { fprintf(stdout, "%s: SA valid.\n", progname); } break; case XF_CLR: break; default: fprintf(stderr, "%s: No action chosen. See '%s --help' for usage.\n", progname, progname); exit(1); } switch (alg) { case XF_CLR: case XF_DEL: case XF_IP4: case XF_IP6: case XF_COMPDEFLATE: case XF_COMPLZS: case XF_OTHER_ALG: break; default: fprintf(stderr, "%s: No action chosen. See '%s --help' for usage.\n", progname, progname); exit(1); } if (debug) { fprintf(stdout, "%s: Algorithm ok.\n", progname); } pfkey_sock = pfkey_open_sock_with_error(); if (pfkey_sock < 0) exit(1); /* Build an SADB_ADD message to send down. */ /* It needs <base, SA, address(SD), key(AE)> minimum. */ /* Lifetime(HS) could be added before addresses. */ pfkey_extensions_init(extensions); error = pfkey_msg_hdr_build(&extensions[0], alg == XF_DEL ? SADB_DELETE : alg == XF_CLR ? SADB_FLUSH : SADB_ADD, proto2satype(proto), 0, ++pfkey_seq, mypid); if (error != 0) { fprintf(stderr, "%s: Trouble building message header, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } switch (alg) { case XF_OTHER_ALG: authalg = esp_info->authalg; if (debug) { fprintf(stdout, "%s: debug: authalg=%d\n", progname, authalg); } break; default: authalg = SADB_AALG_NONE; } switch (alg) { case XF_COMPDEFLATE: encryptalg = SADB_X_CALG_DEFLATE; break; case XF_COMPLZS: encryptalg = SADB_X_CALG_LZS; break; case XF_OTHER_ALG: encryptalg = esp_info->encryptalg; if (debug) { fprintf(stdout, "%s: debug: encryptalg=%d\n", progname, encryptalg); } break; default: encryptalg = SADB_EALG_NONE; } /* IE: pfkey_msg->sadb_msg_type == SADB_FLUSH */ if (!(alg == XF_CLR)) { sab.sa_base.sadb_sa_len = 0; sab.sa_base.sadb_sa_exttype = SADB_EXT_SA; sab.sa_base.sadb_sa_spi = htonl(spi); sab.sa_base.sadb_sa_replay = replay_window; sab.sa_base.sadb_sa_state = K_SADB_SASTATE_MATURE; sab.sa_base.sadb_sa_auth = authalg; sab.sa_base.sadb_sa_encrypt = encryptalg; sab.sa_base.sadb_sa_flags = 0; sab.sa_base.sadb_x_sa_ref = IPSEC_SAREF_NULL; sab.sa_base.sadb_x_reserved[0] = 0; sab.sa_base.sadb_x_reserved[1] = 0; sab.sa_base.sadb_x_reserved[2] = 0; sab.sa_base.sadb_x_reserved[3] = 0; error = pfkey_sa_builds(&extensions[SADB_EXT_SA], sab); if (error != 0) { fprintf(stderr, "%s: Trouble building sa extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } if (saref_me || saref_him) { error = pfkey_saref_build(&extensions[ K_SADB_X_EXT_SAREF], saref_me, saref_him); if (error) { fprintf(stderr, "%s: Trouble building saref extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } } if (outif != 0) { error = pfkey_outif_build(&extensions[ SADB_X_EXT_PLUMBIF], outif); if (error != 0) { fprintf(stderr, "%s: Trouble building outif extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } } if (debug) { fprintf(stdout, "%s: extensions[0]=0p%p previously set with msg_hdr.\n", progname, extensions[0]); } if (debug) { fprintf(stdout, "%s: assembled SA extension, pfkey msg authalg=%d encalg=%d.\n", progname, authalg, encryptalg); } if (debug) { int i, j; for (i = 0; i < life_maxsever; i++) { for (j = 0; j < life_maxtype; j++) { fprintf(stdout, "%s: i=%d, j=%d, life_opt[%d][%d]=0p%p, life[%d][%d]=%d\n", progname, i, j, i, j, life_opt[i][j], i, j, life[i][j]); } } } emit_lifetime("lifetime_s", SADB_EXT_LIFETIME_SOFT, extensions, life_opt[life_soft], life[life_soft]); emit_lifetime("lifetime_h", SADB_EXT_LIFETIME_HARD, extensions, life_opt[life_hard], life[life_hard]); if (debug) { ipstr_buf b; fprintf(stdout, "%s: assembling address_s extension (%s).\n", progname, ipstr(&src, &b)); } error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], SADB_EXT_ADDRESS_SRC, 0, 0, sockaddrof(&src)); if (error != 0) { ipstr_buf b; fprintf(stderr, "%s: Trouble building address_s extension (%s), error=%d.\n", progname, ipstr(&src, &b), error); pfkey_extensions_free(extensions); exit(1); } error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], SADB_EXT_ADDRESS_DST, 0, 0, sockaddrof(&edst)); if (error != 0) { ipstr_buf b; fprintf(stderr, "%s: Trouble building address_d extension (%s), error=%d.\n", progname, ipstr(&edst, &b), error); pfkey_extensions_free(extensions); exit(1); } switch (alg) { /* Allow no auth ... after all is local root decision 8) */ case XF_OTHER_ALG: if (!authalg) break; error = pfkey_key_build(&extensions[SADB_EXT_KEY_AUTH], SADB_EXT_KEY_AUTH, authkeylen * 8, authkey); if (error != 0) { fprintf(stderr, "%s: Trouble building key_a extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } if (debug) { fprintf(stdout, "%s: key_a extension assembled.\n", progname); } break; default: break; } switch (alg) { case XF_OTHER_ALG: if (enckeylen == 0) { if (debug) fprintf(stdout, "%s: key not provided (NULL alg?).\n", progname); break; } error = pfkey_key_build(&extensions[SADB_EXT_KEY_ENCRYPT], SADB_EXT_KEY_ENCRYPT, enckeylen * 8, enckey); if (error != 0) { fprintf(stderr, "%s: Trouble building key_e extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } if (debug) { fprintf(stdout, "%s: key_e extension assembled.\n", progname); } break; default: break; } } if (natt != 0) { bool success; int err; err = pfkey_x_nat_t_type_build(&extensions[ K_SADB_X_EXT_NAT_T_TYPE], natt); success = pfkey_build(err, "pfkey_nat_t_type Add ESP SA", ipsaid_txt, extensions); if (!success) return FALSE; if (debug) fprintf(stderr, "setting natt_type to %d\n", natt); if (sport != 0) { err = pfkey_x_nat_t_port_build( &extensions[K_SADB_X_EXT_NAT_T_SPORT], K_SADB_X_EXT_NAT_T_SPORT, sport); success = pfkey_build(err, "pfkey_nat_t_sport Add ESP SA", ipsaid_txt, extensions); if (debug) fprintf(stderr, "setting natt_sport to %d\n", sport); if (!success) return FALSE; } if (dport != 0) { err = pfkey_x_nat_t_port_build( &extensions[K_SADB_X_EXT_NAT_T_DPORT], K_SADB_X_EXT_NAT_T_DPORT, dport); success = pfkey_build(err, "pfkey_nat_t_dport Add ESP SA", ipsaid_txt, extensions); if (debug) fprintf(stderr, "setting natt_dport to %d\n", dport); if (!success) return FALSE; } #if 0 /* not yet implemented */ if (natt != 0 && !isanyaddr(&natt_oa)) { ip_str_buf b; success = pfkeyext_address(SADB_X_EXT_NAT_T_OA, &natt_oa, "pfkey_nat_t_oa Add ESP SA", ipsaid_txt, extensions); if (debug) fprintf(stderr, "setting nat_oa to %s\n", ipstr(&natt_oa, &b)); if (!success) return FALSE; } #endif } if (debug) { fprintf(stdout, "%s: assembling pfkey msg....\n", progname); } error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN); if (error != 0) { fprintf(stderr, "%s: Trouble building pfkey message, error=%d.\n", progname, error); pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); exit(1); } if (debug) { fprintf(stdout, "%s: assembled.\n", progname); } if (debug) { fprintf(stdout, "%s: writing pfkey msg.\n", progname); } io_error = write(pfkey_sock, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); if (io_error < 0) { fprintf(stderr, "%s: pfkey write failed (errno=%d): ", progname, errno); pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); switch (errno) { case EACCES: fprintf(stderr, "access denied. "); if (getuid() == 0) fprintf(stderr, "Check permissions. Should be 600.\n"); else fprintf(stderr, "You must be root to open this file.\n"); break; case EUNATCH: fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n"); break; case EBUSY: fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n"); break; case EINVAL: fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); break; case ENODEV: fprintf(stderr, "KLIPS not loaded or enabled.\n"); fprintf(stderr, "No device?!?\n"); break; case ENOBUFS: fprintf(stderr, "No kernel memory to allocate SA.\n"); break; case ESOCKTNOSUPPORT: fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n"); break; case EEXIST: fprintf(stderr, "SA already in use. Delete old one first.\n"); break; case ENOENT: fprintf(stderr, "device does not exist. See Libreswan installation procedure.\n"); break; case ENXIO: case ESRCH: fprintf(stderr, "SA does not exist. Cannot delete.\n"); break; case ENOSPC: fprintf(stderr, "no room in kernel SAref table. Cannot process request.\n"); break; case ESPIPE: fprintf(stderr, "kernel SAref table internal error. Cannot process request.\n"); break; default: fprintf(stderr, "Unknown socket write error %d (%s). Please report as much detail as possible to development team.\n", errno, strerror(errno)); } exit(1); } else if (io_error != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) { fprintf(stderr, "%s: pfkey write truncated to %d bytes\n", progname, (int)io_error); pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); exit(1); } if (debug) { fprintf(stdout, "%s: pfkey command written to socket.\n", progname); } if (pfkey_msg != NULL) { pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); } if (debug) { fprintf(stdout, "%s: pfkey message buffer freed.\n", progname); } if (authkey != NULL) { memset(authkey, 0, authkeylen); free(authkey); } if (enckey != NULL) { memset(enckey, 0, enckeylen); free(enckey); } if (iv != NULL) { memset(iv, 0, ivlen); free(iv); } if (listenreply || saref_me || dumpsaref) { ssize_t readlen; unsigned char pfkey_buf[PFKEYv2_MAX_MSGSIZE]; while ((readlen = read(pfkey_sock, pfkey_buf, sizeof(pfkey_buf))) > 0) { struct sadb_ext *extensions[K_SADB_EXT_MAX + 1]; pfkey_extensions_init(extensions); pfkey_msg = (struct sadb_msg *)pfkey_buf; /* first, see if we got enough for an sadb_msg */ if ((size_t)readlen < sizeof(struct sadb_msg)) { if (debug) { printf("%s: runt packet of size: %ld (<%lu)\n", progname, (long)readlen, (unsigned long)sizeof(struct sadb_msg)); } continue; } /* okay, we got enough for a message, print it out */ if (debug) { printf("%s: pfkey v%d msg received. type=%d(%s) seq=%d len=%d pid=%d errno=%d satype=%d(%s)\n", progname, pfkey_msg->sadb_msg_version, pfkey_msg->sadb_msg_type, pfkey_v2_sadb_type_string(pfkey_msg-> sadb_msg_type), pfkey_msg->sadb_msg_seq, pfkey_msg->sadb_msg_len, pfkey_msg->sadb_msg_pid, pfkey_msg->sadb_msg_errno, pfkey_msg->sadb_msg_satype, satype2name(pfkey_msg->sadb_msg_satype)); } if (readlen != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) { if (debug) { printf("%s: packet size read from socket=%d doesn't equal sadb_msg_len %u * %u; message not decoded\n", progname, (int)readlen, (unsigned)pfkey_msg->sadb_msg_len, (unsigned)IPSEC_PFKEYv2_ALIGN); } continue; } if (pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_OUT)) { if (debug) { printf("%s: unparseable PF_KEY message.\n", progname); } continue; } if (debug) { printf("%s: parseable PF_KEY message.\n", progname); } if ((pid_t)pfkey_msg->sadb_msg_pid == mypid) { if (saref_me || dumpsaref) { struct sadb_x_saref *s = (struct sadb_x_saref *) extensions[ K_SADB_X_EXT_SAREF]; if (s != NULL) { printf("%s: saref=%d/%d\n", progname, s->sadb_x_saref_me, s->sadb_x_saref_him); } } break; } } } (void) close(pfkey_sock); /* close the socket */ if (debug || listenreply) printf("%s: exited normally\n", progname); exit(0); }
main(int argc, char *argv[]){ int len; char *infile; FILE *idfile; char idbuf[256]; int lineno = 0; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; lsw_init_rootdir("../../../baseconfigs/all"); progname = argv[0]; leak_detective = 1; if (argc != 3 ) { fprintf(stderr, "Usage: %s <whackrecord> <idfile>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); infile = argv[1]; readwhackmsg(infile); idfile = fopen(argv[2], "r"); if (!idfile) { perror(argv[2]); exit(11); } cur_debugging = DBG_CONTROL | DBG_CONTROLMORE; while (fgets(idbuf, sizeof(idbuf), idfile) != NULL) { struct state *st1; struct connection *nc; struct id peer_id; int aggrmode, initiate; char id1[256]; /* ignore comments */ if (idbuf[0] == '#') continue; st1 = new_state(); sscanf(idbuf, "%s %u %u", id1, &initiate, &aggrmode); /* set it to the first connection, there may be only one?? */ st1->st_connection = connections; /* safe: from new_state */ st1->st_oakley.auth = OAKLEY_RSA_SIG; passert(connections != NULL); atoid(id1, &peer_id, TRUE); nc = refine_host_connection(st1, &peer_id, initiate, aggrmode); printf("%u: %s -> conn: %s\n", ++lineno, id1, nc ? nc->name : "<none>"); } report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { bool recalculate = FALSE; int len; err_t e; err_t err = NULL; char *infile; char *conn_name; int lineno=0; struct connection *c1 = NULL; struct id moon, cassidy; struct adns_continuation *cr1 = NULL; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif initproctitle(argc, argv); progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { recalculate = 1; /* do all crypto */ argc--; argv++; } tool_init_log(); cur_debugging |= DBG_DNS; init_adns(); { int r; struct sigaction act; act.sa_handler = &childhandler; act.sa_flags = SA_RESTART; r = sigaction(SIGCHLD, &act, NULL); passert(r == 0); } reset_globals(); /* setup a query */ cr1 = alloc_thing(struct adns_continuation, "moon lookup"); moon.kind = ID_FQDN; strtochunk(moon.name, "moon.testing.openswan.org", "dns name"); e = start_adns_query(&moon, NULL, ns_t_key, moon_continue, cr1); freeanychunk(moon.name); process_dns_results(); #if 0 cr1 = alloc_thing(struct adns_continuation, "cassidy lookup"); cassidy.kind = ID_FQDN; strtochunk(cassidy.name, "cassidy.sandelman.ca", "dns name 2"); e = start_adns_query(&cassidy, NULL, ns_t_key, cassidy_continue, cr1); freeanychunk(cassidy.name); process_dns_results(); #endif /* re-use cassidy */ cr1 = alloc_thing(struct adns_continuation, "cassidy A lookup"); e = start_adns_hostname(AF_UNSPEC, "cassidy.sandelman.ca", cassidy_host_continue, cr1); process_dns_results(); stop_adns(); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; char *pcap1in; char *pcap2in; char *pcap_out; int lineno=0; int regression; struct connection *c1; struct state *st; EF_PROTECT_FREE=1; progname = argv[0]; leak_detective = 1; /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } if(argc != 5) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin1> <pcapin2> <pcapout>\n", progname); exit(10); } tool_init_log(); init_crypto(); load_oswcrypto(); init_fake_vendorid(); init_jamesjohnson_interface(); init_seam_kernelalgs(); infile = argv[0]; conn_name = argv[1]; pcap1in = argv[2]; pcap2in = argv[3]; pcap_out = argv[4]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1); /* omit the R1 reply */ send_packet_setup_pcap("/dev/null"); /* setup to process the I1 packet */ recv_pcap_setup(pcap1in); /* process first I1 packet */ cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; pcap_dispatch(pt, 1, recv_pcap_packet, NULL); /* set up output file */ send_packet_setup_pcap(pcap_out); pcap_close(pt); /* now process the I2 packet */ recv_pcap_setup(pcap2in); cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; pcap_dispatch(pt, 1, recv_pcap_packet2, NULL); /* clean up so that we can see any leaks */ st = state_with_serialno(1); if(st!=NULL) { free_state(st); } report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; struct state *st; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; if (argc != 3) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentI1.pcap"); c1 = con_by_name(conn_name, TRUE); c1->sa_keying_tries = 0; /* for this test case, make retries infinite */ maximum_retransmissions_initial = 2; show_one_connection(c1); st = sendI1(c1, DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE | DBG_WHACKWATCH); run_continuation(r); /* after three-retransmits, we fallback to trying IKEv1, if necessary */ handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); /* after three more retransmits, we go back to IKEv2 */ handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); /* as the state will have been renewed, it's hard to clean up */ report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int len; char *infile, *pcapin, *pcapout; char *conn_name; int lineno=0; struct connection *c1; struct state *st; char eb1[256]; /* error buffer for pcap open */ #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc <= 4) { usage: fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname); exit(10); } /* argv[1] == "-r" ?? */ tool_init_log(); init_crypto(); init_fake_vendorid(); init_fake_secrets(); init_jamesjohnson_interface(); infile = NULL; conn_name = NULL; pcapin = NULL; pcapout = NULL; argc--; argv++; if(argc > 0) { infile = argv[0]; argc--; argv++; } if(argc > 0) { conn_name = argv[0]; argc--; argv++; } if(argc > 0) { pcapin = argv[0]; argc--; argv++; } if(argc > 0) { pcapout = argv[0]; argc--; argv++; } if(conn_name == NULL || infile == NULL || pcapin == NULL || pcapout == NULL) { goto usage; } cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1, whack_log); send_packet_setup_pcap(pcapout); /* setup to process the I1 packet */ recv_pcap_setup(pcapin); cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; pcap_dispatch(pt, 1, recv_pcap_packet, NULL); /* clean up so that we can see any leaks */ st = state_with_serialno(1); if(st!=NULL) { delete_state(st); free_state(st); } delete_connection(c1, TRUE); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } if(argc != 4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname); exit(10); } tool_init_log(); init_crypto(); load_oswcrypto(); init_fake_vendorid(); init_parker_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); /* input packets */ recv_pcap_setup(argv[2]); /* output first packets to /dev/null */ send_packet_setup_pcap("/dev/null"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1); st = sendI1(c1, DBG_CONTROL, regression == 0); /* now accept the reply packet */ cur_debugging = DBG_CONTROL|DBG_PARSING; /* now output interesting packet to capture file */ send_packet_setup_pcap(argv[3]); pcap_dispatch(pt, 1, recv_pcap_packet, NULL); pcap_close(pt); recv_pcap_setup(argv[2]); pcap_dispatch(pt, 1, recv_pcap_packet, NULL); /* dump the delete message that comes out */ send_packet_setup_pcap("/dev/null"); delete_connection(c1, TRUE); st = state_with_serialno(1); if(st!=NULL) { free_state(st); } report_leaks(); tool_close_log(); exit(0); }
void exit_tool(int code) { tool_close_log(); exit(code); }
main(int argc, char *argv[]) { int i; chunk_t blob, crl_uri; err_t e; cert_t cacert,t1; time_t until; /* sadly, this is actually too late */ EF_DISABLE_BANNER = 1; progname = argv[0]; leak_detective=1; tool_init_log(); load_oswcrypto(); set_debugging(DBG_X509|DBG_PARSING|DBG_CONTROL); until =1421896274; set_fake_x509_time(until); /* Wed Jan 21 22:11:14 2015 */ #ifdef HAVE_LIBNSS { SECStatus nss_init_status= NSS_InitReadWrite("nss.d"); if (nss_init_status != SECSuccess) { fprintf(stderr, "NSS initialization failed (err %d)\n", PR_GetError()); exit(10); } else { printf("NSS Initialized\n"); PK11_SetPasswordFunc(getNSSPassword); } } #endif if(argc < 3) { fprintf(stderr, "Usage: nsscert CAcertfile.pem cert1.pem cert2.pem...\n"); exit(5); } /* skip argv0 */ argc--; argv++; /* load CAcert */ if(!load_cert(CERT_NONE, argv[0], TRUE, "cacert", &cacert)) { printf("could not load CA cert file: %s\n", argv[0]); exit(1); } add_authcert(cacert.u.x509, AUTH_CA); argc--; argv++; while(argc-- > 0) { char *file = *argv++; /* load target cert */ if(!load_cert(CERT_NONE, file, TRUE, "test1", &t1)) { printf("could not load cert file: %s\n", file); exit(1); } until += 86400; if(verify_x509cert(t1.u.x509, FALSE, &until) == FALSE) { printf("verify x509 failed\n"); exit(3); } printf("cert: %s is valid\n", file); free_x509cert(t1.u.x509); } free_x509cert(cacert.u.x509); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; pcap_t *pt; char eb1[256]; struct state *st; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; printf("Started %s\n", progname); leak_detective = 1; pluto_shared_secrets_file = "../../../baseconfigs/west/etc/ipsec.secrets"; lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d"); lsw_init_rootdir("../../../baseconfigs/west"); init_crypto(); init_seam_kernelalgs(); load_authcerts("CA cert", "../../../baseconfigs/west/etc/ipsec.d/cacerts", AUTH_CA); if (argc != 4) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; load_preshared_secrets(NULL_FD); readwhackmsg(infile); send_packet_setup_pcap("parentI2x509.pcap"); pt = pcap_open_offline(argv[3], eb1); if (!pt) { perror(argv[3]); exit(50); } c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); /* now, send the I1 packet, really just so that we are in the right * state to receive the R1 packet and process it. */ st = sendI1(c1, 0); cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE | DBG_PARSING | DBG_PRIVATE | DBG_CRYPT; pcap_dispatch(pt, 1, recv_pcap_packet1, NULL); { struct state *st; /* find st involved */ st = state_with_serialno(1); delete_state(st); /* find st involved */ st = state_with_serialno(2); if (st) delete_state(st); } report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { err_t err = NULL; struct addrinfo hints, *result1, *result2; unsigned char buffer1[1024]; unsigned int buffer1_len = sizeof(buffer1); unsigned int serial_size; int i,s; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif initproctitle(argc, argv); progname = argv[0]; leak_detective = 1; tool_init_log(); cur_debugging |= DBG_DNS; zero(&hints); hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */ hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ hints.ai_protocol = 0; /* Any protocol */ hints.ai_canonname = NULL; hints.ai_addr = NULL; hints.ai_next = NULL; if(argc==1) { printf("usage: %s [name]...\n", progname); exit(10); } for(i=1; i < argc; i++) { DBG_log("looking up: %s\n", argv[i]); s = getaddrinfo(argv[i], NULL, &hints, &result1); if(s!=0) { printf("lookup: %s a/aaaa lookup error: %s\n" , argv[i], gai_strerror(s)); continue; } /* sort things so they come out consistently */ result1 = sort_addr_info(result1); dump_addr_info(result1); /* now serialize it into the buffer */ serial_size = serialize_addr_info(result1, buffer1, buffer1_len); freeaddrinfo(result1); DBG_log("serialized size=%u\n", serial_size); result2 = deserialize_addr_info(buffer1, serial_size); dump_addr_info(result2); osw_freeaddrinfo(result2); } report_leaks(); tool_close_log(); exit(0); }
int main(int argc UNUSED, char *argv[]) { tool_init_log(argv[0]); /* * Need to ensure that NSS is initialized before calling * ike_alg_init(). Some sanity checks require a working NSS. */ lsw_nss_buf_t err; if (!lsw_nss_setup(NULL, 0, NULL, err)) { fprintf(stderr, "unexpected %s\n", err); exit(1); } ike_alg_init(); /* esp= */ fprintf(stdout, "\n---- ESP tests that should succeed ----\n"); do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP); do_test("3des-sha1;modp1024", PROTO_IPSEC_ESP); do_test("3des-sha1;modp1536", PROTO_IPSEC_ESP); do_test("3des-sha1;modp2048", PROTO_IPSEC_ESP); do_test("3des-sha1;dh22", PROTO_IPSEC_ESP); do_test("3des-sha1;dh23", PROTO_IPSEC_ESP); do_test("3des-sha1;dh24", PROTO_IPSEC_ESP); do_test("3des-sha1", PROTO_IPSEC_ESP); do_test("null-sha1", PROTO_IPSEC_ESP); do_test("aes", PROTO_IPSEC_ESP); do_test("aes_cbc", PROTO_IPSEC_ESP); do_test("aes-sha", PROTO_IPSEC_ESP); do_test("aes-sha1", PROTO_IPSEC_ESP); do_test("aes-sha2", PROTO_IPSEC_ESP); do_test("aes-sha256", PROTO_IPSEC_ESP); do_test("aes-sha384", PROTO_IPSEC_ESP); do_test("aes-sha512", PROTO_IPSEC_ESP); do_test("aes128-sha1", PROTO_IPSEC_ESP); do_test("aes128-aes_xcbc", PROTO_IPSEC_ESP); do_test("aes192-sha1", PROTO_IPSEC_ESP); do_test("aes256-sha1", PROTO_IPSEC_ESP); do_test("aes256-sha", PROTO_IPSEC_ESP); do_test("aes256-sha2", PROTO_IPSEC_ESP); do_test("aes256-sha2_256", PROTO_IPSEC_ESP); do_test("aes256-sha2_384", PROTO_IPSEC_ESP); do_test("aes256-sha2_512", PROTO_IPSEC_ESP); do_test("camellia", PROTO_IPSEC_ESP); do_test("camellia128", PROTO_IPSEC_ESP); do_test("camellia192", PROTO_IPSEC_ESP); do_test("camellia256", PROTO_IPSEC_ESP); do_test("aes_ccm_a-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_a-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_a-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_b-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_b-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_b-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_c-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_c-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_c-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_a-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_a-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_b-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_b-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_b-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_c-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_c-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_c-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm-null", PROTO_IPSEC_ESP); do_test("aes_gcm-null", PROTO_IPSEC_ESP); do_test("aes_ccm-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm-192-null", PROTO_IPSEC_ESP); #if 0 /* these are caught using "aliasing" and rewritten to the above syntax */ do_test("aes_ccm_8-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_8-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_8-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_12-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_12-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_12-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_16-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_16-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_16-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_8-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_8-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_8-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_12-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_12-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_12-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_16-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_16-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_16-256-null", PROTO_IPSEC_ESP); #endif /* other */ do_test("aes_ctr", PROTO_IPSEC_ESP); do_test("aesctr", PROTO_IPSEC_ESP); do_test("aes_ctr128", PROTO_IPSEC_ESP); do_test("aes_ctr192", PROTO_IPSEC_ESP); do_test("aes_ctr256", PROTO_IPSEC_ESP); do_test("serpent", PROTO_IPSEC_ESP); do_test("twofish", PROTO_IPSEC_ESP); do_test("mars", PROTO_IPSEC_ESP); /* * should this be supported - for now man page says not * do_test("modp1536", PROTO_IPSEC_ESP); */ fprintf(stdout, "\n---- ESP tests that should fail----\n"); do_test("3des168-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("3des-null", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes128-null", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes224-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes512-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes-sha1555", PROTO_IPSEC_ESP); /* should get rejected */ do_test("camellia666-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("blowfish", PROTO_IPSEC_ESP); /* obsoleted */ do_test("des-sha1", PROTO_IPSEC_ESP); /* obsoleted */ do_test("aes_ctr666", PROTO_IPSEC_ESP); /* bad key size */ do_test("aes128-sha2_128", PROTO_IPSEC_ESP); /* _128 does not exist */ do_test("aes256-sha2_256-4096", PROTO_IPSEC_ESP); /* double keysize */ do_test("aes256-sha2_256-128", PROTO_IPSEC_ESP); /* now what?? */ do_test("vanitycipher", PROTO_IPSEC_ESP); do_test("ase-sah", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes-sah1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */ do_test("aes-id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */ do_test("aes_gcm-md5", PROTO_IPSEC_ESP); /* AEAD must have auth null */ /* ah= */ fprintf(stdout, "\n---- AH tests that should succeed ----\n"); do_test("md5", PROTO_IPSEC_AH); do_test("sha", PROTO_IPSEC_AH); do_test("sha1", PROTO_IPSEC_AH); do_test("sha2", PROTO_IPSEC_AH); do_test("sha256", PROTO_IPSEC_AH); do_test("sha384", PROTO_IPSEC_AH); do_test("sha512", PROTO_IPSEC_AH); do_test("sha2_256", PROTO_IPSEC_AH); do_test("sha2_384", PROTO_IPSEC_AH); do_test("sha2_512", PROTO_IPSEC_AH); do_test("aes_xcbc", PROTO_IPSEC_AH); do_test("ripemd", PROTO_IPSEC_AH); fprintf(stdout, "\n---- AH tests that should fail ----\n"); do_test("aes-sha1", PROTO_IPSEC_AH); do_test("vanityhash1", PROTO_IPSEC_AH); do_test("aes_gcm_c-256", PROTO_IPSEC_AH); do_test("id3", PROTO_IPSEC_AH); /* should be rejected; idXXX removed */ do_test("3des", PROTO_IPSEC_AH); do_test("null", PROTO_IPSEC_AH); do_test("aes_gcm", PROTO_IPSEC_AH); do_test("aes_ccm", PROTO_IPSEC_AH); /* ike= */ fprintf(stdout, "\n---- IKE tests that should succeed ----\n"); do_test("3des-sha1", PROTO_ISAKMP); fprintf(stdout, "\n---- IKE tests that should fail ----\n"); do_test("id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */ do_test("3des-id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */ fflush(NULL); report_leaks(); lsw_nss_shutdown(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); //list_public_keys(FALSE, FALSE); #ifndef SKIP_ORIENT_ASSERT assert(orient(c1, 500)); #endif show_one_connection(c1); #ifndef SKIP_INITIATE /* do calculation if not -r for regression */ st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0); st = state_with_serialno(1); if(st!=NULL) { delete_state(st); free_state(st); } #endif delete_connection(c1, TRUE); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; pcap_t *pt; char eb1[256]; EF_PROTECT_BELOW = 1; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; init_crypto(); if (argc != 4) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentR1.pcap"); c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); pt = pcap_open_offline(argv[3], eb1); if (!pt) { perror(argv[3]); exit(50); } cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; pcap_dispatch(pt, 1, recv_pcap_packet, NULL); { struct state *st; /* find st involved */ st = state_with_serialno(1); delete_state(st); } report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; EF_PROTECT_FREE=1; progname = argv[0]; leak_detective = 1; if(argc != 4 && argc != 5) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_parker_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); /* input packets */ recv_pcap_setup(argv[2]); /* output packets */ send_packet_setup_pcap("OUTPUT/parentI2.pcap"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1); st = sendI1(c1, DBG_CONTROL, regression == 0); /* now accept the reply packet */ cur_debugging = DBG_CONTROL|DBG_PARSING; pcap_dispatch(pt, 1, recv_pcap_packet, NULL); st = state_with_serialno(1); if(st!=NULL) { delete_state(st); free_state(st); } report_leaks(); tool_close_log(); exit(0); }