Add clean implementation of IPSec for Windows Vista/7.
This commit is contained in:
parent
01d592e032
commit
12d9e6325a
|
@ -20,90 +20,130 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#include "stdafx.h"
|
#include "stdafx.h"
|
||||||
#include "ipsec_api.h"
|
#include "tipsec.h"
|
||||||
|
|
||||||
#define REMOTE_IP "192.168.0.9" //"2a01:e35:8b32:7050:6122:2706:2124:32ca"//"192.168.0.15"
|
#include "tsk_debug.h"
|
||||||
#define LOCAL_IP "192.168.0.12" //"2a01:e35:8b32:7050:6122:2706:2124:32cb"//"192.168.0.14"
|
|
||||||
|
#define ADDR_REMOTE "192.168.0.9" //"2a01:e35:8b32:7050:6122:2706:2124:32ca"//"192.168.0.15"
|
||||||
|
#define ADDR_LOCAL "192.168.0.12" //"2a01:e35:8b32:7050:6122:2706:2124:32cb"//"192.168.0.14"
|
||||||
|
#define USE_IPV6 0
|
||||||
|
|
||||||
#define IK "1234567890123456"
|
#define IK "1234567890123456"
|
||||||
#define CK "1234567890121234"
|
#define CK "1234567890121234"
|
||||||
|
|
||||||
#define PORT_LOCAL_C 1010
|
#define PORT_UC 1010
|
||||||
#define PORT_LOCAL_S 2020
|
#define PORT_US 2020
|
||||||
|
|
||||||
#define PORT_REMOTE_C 3030
|
#define PORT_PC 3030
|
||||||
#define PORT_REMOTE_S 4040
|
#define PORT_PS 4040
|
||||||
#define SPI_REMOTE_C 2222
|
#define SPI_PC 2222
|
||||||
#define SPI_REMOTE_S 3333
|
#define SPI_PS 3333
|
||||||
|
|
||||||
int _tmain(int argc, _TCHAR* argv[])
|
int _tmain(int argc, _TCHAR* argv[])
|
||||||
{
|
{
|
||||||
ipsec_context_t* context = 0;
|
int ret;
|
||||||
uint32_t spi_local_s = 0, spi_local_c = 0, spi_remote_s = 0, spi_remote_c = 0;
|
tipsec_lifetime_t lifetime = 600000; /* Always set it to the maximum value. (Not possible to update the value after REGISTER 200OK. ) */
|
||||||
|
|
||||||
//http://www.arib.or.jp/IMT-2000/V740Dec09/2_T63/ARIB-STD-T63/Rel7/33/A33203-790.pdf
|
tipsec_context_t * ctx = TIPSEC_CONTEXT_CREATE(ipproto_tcp, USE_IPV6, mode_trans, ealg_aes, algo_hmac_md5_96, proto_both, IK, CK);
|
||||||
/* create context */
|
|
||||||
IPSEC_CONTEXT_CREATE(context);
|
|
||||||
|
|
||||||
// FIXME: check context validity
|
if((ret = tipsec_set_local(ctx, ADDR_LOCAL, ADDR_REMOTE, PORT_UC, PORT_US))){
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
/* set algorithms, proto and mode */
|
/* Now send your first request with security-client header using
|
||||||
context->auth = iaa_hmac_md5_96;
|
|
||||||
context->encrypt = iea_null;
|
|
||||||
context->proto = ipp_esp;
|
|
||||||
context->mode = ipm_transport;
|
|
||||||
|
|
||||||
/* set ik and ck */
|
|
||||||
ipsec_set_ck(context, CK);
|
|
||||||
ipsec_set_ik(context, IK);
|
|
||||||
|
|
||||||
/* set local and remote IPs */
|
|
||||||
context->localIP = ipsec_strdup(LOCAL_IP);
|
|
||||||
context->remoteIP = ipsec_strdup(REMOTE_IP);
|
|
||||||
context->ipv6 = 0;
|
|
||||||
|
|
||||||
/* set local ports */
|
|
||||||
context->SAs[ipd_incoming_req].port = PORT_LOCAL_S; /* US <- PC */
|
|
||||||
context->SAs[ipd_incoming_rep].port = PORT_LOCAL_C; /* UC <- PS */
|
|
||||||
|
|
||||||
/* get local spis */
|
|
||||||
spi_local_s = ipsec_get_spi(context, ipd_incoming_req);
|
|
||||||
spi_local_c = ipsec_get_spi(context, ipd_incoming_rep);
|
|
||||||
|
|
||||||
/*******
|
|
||||||
now send your first request with security-client header using
|
|
||||||
...
|
|
||||||
*/
|
*/
|
||||||
printf("Security-Client: ipsec-3gpp; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
|
TSK_DEBUG_INFO("Security-Client: ipsec-3gpp; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
|
||||||
IPSEC_AUTH_ALG_STR(context->auth), IPSEC_ENC_ALG_STR(context->encrypt), spi_local_c, spi_local_s, PORT_LOCAL_C, PORT_LOCAL_S
|
TIPSEC_ALG_TO_STR(ctx->alg), TIPSEC_EALG_TO_STR(ctx->ealg), ctx->spi_uc, ctx->spi_us, ctx->port_uc, ctx->port_us
|
||||||
);
|
);
|
||||||
getchar();
|
getchar();
|
||||||
|
|
||||||
/*
|
/* get and process the 401/407
|
||||||
get and process the 401/407
|
|
||||||
...
|
|
||||||
*/
|
*/
|
||||||
printf("Security-Server: ipsec-3gpp; q=0.1; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
|
if((ret = tipsec_set_remote(ctx, SPI_PC, SPI_PS, PORT_PC, PORT_PS, lifetime))){
|
||||||
IPSEC_AUTH_ALG_STR(context->auth), IPSEC_ENC_ALG_STR(context->encrypt), SPI_REMOTE_C, SPI_REMOTE_S, PORT_REMOTE_C, PORT_REMOTE_S
|
goto bail;
|
||||||
);
|
}
|
||||||
|
|
||||||
/* set values for remote entity */
|
/* Start */
|
||||||
context->SAs[ipd_outgoing_rep].port = PORT_REMOTE_C; /* US -> PC */
|
if((ret = tipsec_start(ctx))){
|
||||||
context->SAs[ipd_outgoing_rep].spi = SPI_REMOTE_C; /* US -> PC */
|
goto bail;
|
||||||
context->SAs[ipd_outgoing_req].port = PORT_REMOTE_S; /* UC -> PS */
|
}
|
||||||
context->SAs[ipd_outgoing_req].spi = SPI_REMOTE_S; /* UC -> PS */
|
|
||||||
|
|
||||||
|
|
||||||
/* bound SAs and begin sending/receiving sip messages */
|
|
||||||
ipsec_sa_bound(context, ipd_incoming_rep);
|
|
||||||
ipsec_sa_bound(context, ipd_incoming_req);
|
|
||||||
ipsec_sa_bound(context, ipd_outgoing_rep);
|
|
||||||
ipsec_sa_bound(context, ipd_outgoing_req);
|
|
||||||
|
|
||||||
|
TSK_DEBUG_INFO("ALL IS OOOOOOOK");
|
||||||
getchar();
|
getchar();
|
||||||
|
|
||||||
/* free context */
|
if((ret = tipsec_stop(ctx))){
|
||||||
IPSEC_CONTEXT_SAFE_FREE(context);
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
bail:
|
||||||
|
TSK_OBJECT_SAFE_FREE(ctx);
|
||||||
|
|
||||||
|
//ipsec_context_t* context = 0;
|
||||||
|
//uint32_t spi_local_s = 0, spi_local_c = 0, spi_remote_s = 0, spi_remote_c = 0;
|
||||||
|
|
||||||
|
////http://www.arib.or.jp/IMT-2000/V740Dec09/2_T63/ARIB-STD-T63/Rel7/33/A33203-790.pdf
|
||||||
|
///* create context */
|
||||||
|
//IPSEC_CONTEXT_CREATE(context);
|
||||||
|
|
||||||
|
//// FIXME: check context validity
|
||||||
|
|
||||||
|
///* set algorithms, proto and mode */
|
||||||
|
//context->auth = iaa_hmac_md5_96;
|
||||||
|
//context->encrypt = iea_null;
|
||||||
|
//context->proto = ipp_esp;
|
||||||
|
//context->mode = ipm_transport;
|
||||||
|
//
|
||||||
|
///* set ik and ck */
|
||||||
|
//ipsec_set_ck(context, CK);
|
||||||
|
//ipsec_set_ik(context, IK);
|
||||||
|
|
||||||
|
///* set local and remote IPs */
|
||||||
|
//context->localIP = ipsec_strdup(LOCAL_IP);
|
||||||
|
//context->remoteIP = ipsec_strdup(REMOTE_IP);
|
||||||
|
//context->ipv6 = 0;
|
||||||
|
|
||||||
|
///* set local ports */
|
||||||
|
//context->SAs[ipd_incoming_req].port = PORT_LOCAL_S; /* US <- PC */
|
||||||
|
//context->SAs[ipd_incoming_rep].port = PORT_LOCAL_C; /* UC <- PS */
|
||||||
|
|
||||||
|
///* get local spis */
|
||||||
|
//spi_local_s = ipsec_get_spi(context, ipd_incoming_req);
|
||||||
|
//spi_local_c = ipsec_get_spi(context, ipd_incoming_rep);
|
||||||
|
|
||||||
|
///*******
|
||||||
|
// now send your first request with security-client header using
|
||||||
|
// ...
|
||||||
|
//*/
|
||||||
|
//printf("Security-Client: ipsec-3gpp; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
|
||||||
|
// IPSEC_AUTH_ALG_STR(context->auth), IPSEC_ENC_ALG_STR(context->encrypt), spi_local_c, spi_local_s, PORT_LOCAL_C, PORT_LOCAL_S
|
||||||
|
// );
|
||||||
|
//getchar();
|
||||||
|
|
||||||
|
///*
|
||||||
|
// get and process the 401/407
|
||||||
|
// ...
|
||||||
|
//*/
|
||||||
|
//printf("Security-Server: ipsec-3gpp; q=0.1; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
|
||||||
|
// IPSEC_AUTH_ALG_STR(context->auth), IPSEC_ENC_ALG_STR(context->encrypt), SPI_REMOTE_C, SPI_REMOTE_S, PORT_REMOTE_C, PORT_REMOTE_S
|
||||||
|
// );
|
||||||
|
|
||||||
|
///* set values for remote entity */
|
||||||
|
//context->SAs[ipd_outgoing_rep].port = PORT_REMOTE_C; /* US -> PC */
|
||||||
|
//context->SAs[ipd_outgoing_rep].spi = SPI_REMOTE_C; /* US -> PC */
|
||||||
|
//context->SAs[ipd_outgoing_req].port = PORT_REMOTE_S; /* UC -> PS */
|
||||||
|
//context->SAs[ipd_outgoing_req].spi = SPI_REMOTE_S; /* UC -> PS */
|
||||||
|
|
||||||
|
|
||||||
|
///* bound SAs and begin sending/receiving sip messages */
|
||||||
|
//ipsec_sa_bound(context, ipd_incoming_rep);
|
||||||
|
//ipsec_sa_bound(context, ipd_incoming_req);
|
||||||
|
//ipsec_sa_bound(context, ipd_outgoing_rep);
|
||||||
|
//ipsec_sa_bound(context, ipd_outgoing_req);
|
||||||
|
|
||||||
|
//getchar();
|
||||||
|
|
||||||
|
///* free context */
|
||||||
|
//IPSEC_CONTEXT_SAFE_FREE(context);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,8 +41,8 @@
|
||||||
<Tool
|
<Tool
|
||||||
Name="VCCLCompilerTool"
|
Name="VCCLCompilerTool"
|
||||||
Optimization="0"
|
Optimization="0"
|
||||||
AdditionalIncludeDirectories="$(SolutionDir)tinyIPSec\src"
|
AdditionalIncludeDirectories=""$(DOUBANGO_HOME)\thirdparties\win32\include";"$(DOUBANGO_HOME)\tinyIPSec\tinyIPSec\src";"$(DOUBANGO_HOME)\tinySAK\src""
|
||||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
|
PreprocessorDefinitions="DEBUG_LEVEL=DEBUG_LEVEL_INFO;WIN32;_DEBUG;_CONSOLE"
|
||||||
MinimalRebuild="true"
|
MinimalRebuild="true"
|
||||||
BasicRuntimeChecks="3"
|
BasicRuntimeChecks="3"
|
||||||
RuntimeLibrary="3"
|
RuntimeLibrary="3"
|
||||||
|
@ -63,7 +63,7 @@
|
||||||
/>
|
/>
|
||||||
<Tool
|
<Tool
|
||||||
Name="VCLinkerTool"
|
Name="VCLinkerTool"
|
||||||
AdditionalDependencies=""$(outDir)\tinyIPSec.lib""
|
AdditionalDependencies=""$(outDir)\tinyIPSec.lib" "$(outDir)\tinySAK.lib""
|
||||||
LinkIncremental="2"
|
LinkIncremental="2"
|
||||||
GenerateDebugInformation="true"
|
GenerateDebugInformation="true"
|
||||||
SubSystem="1"
|
SubSystem="1"
|
||||||
|
|
|
@ -5,20 +5,38 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tinyIPSec", "tinyIPSec\tiny
|
||||||
EndProject
|
EndProject
|
||||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test\test.vcproj", "{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}"
|
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test\test.vcproj", "{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}"
|
||||||
EndProject
|
EndProject
|
||||||
|
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tinySAK", "..\tinySAK\tinySAK.vcproj", "{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}"
|
||||||
|
EndProject
|
||||||
Global
|
Global
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||||
Debug|Win32 = Debug|Win32
|
Debug|Win32 = Debug|Win32
|
||||||
|
Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I) = Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
Release|Win32 = Release|Win32
|
Release|Win32 = Release|Win32
|
||||||
|
Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I) = Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
||||||
{002FF064-588F-402E-A096-C8D033F49F40}.Debug|Win32.ActiveCfg = Debug|Win32
|
{002FF064-588F-402E-A096-C8D033F49F40}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
{002FF064-588F-402E-A096-C8D033F49F40}.Debug|Win32.Build.0 = Debug|Win32
|
{002FF064-588F-402E-A096-C8D033F49F40}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
|
{002FF064-588F-402E-A096-C8D033F49F40}.Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).ActiveCfg = Debug|Win32
|
||||||
{002FF064-588F-402E-A096-C8D033F49F40}.Release|Win32.ActiveCfg = Release|Win32
|
{002FF064-588F-402E-A096-C8D033F49F40}.Release|Win32.ActiveCfg = Release|Win32
|
||||||
{002FF064-588F-402E-A096-C8D033F49F40}.Release|Win32.Build.0 = Release|Win32
|
{002FF064-588F-402E-A096-C8D033F49F40}.Release|Win32.Build.0 = Release|Win32
|
||||||
|
{002FF064-588F-402E-A096-C8D033F49F40}.Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).ActiveCfg = Release|Win32
|
||||||
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Debug|Win32.ActiveCfg = Debug|Win32
|
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Debug|Win32.Build.0 = Debug|Win32
|
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
|
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).ActiveCfg = Debug|Win32
|
||||||
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Release|Win32.ActiveCfg = Release|Win32
|
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Release|Win32.ActiveCfg = Release|Win32
|
||||||
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Release|Win32.Build.0 = Release|Win32
|
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Release|Win32.Build.0 = Release|Win32
|
||||||
|
{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}.Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).ActiveCfg = Release|Win32
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).ActiveCfg = Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).Build.0 = Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).Deploy.0 = Debug|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Release|Win32.ActiveCfg = Release|Win32
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Release|Win32.Build.0 = Release|Win32
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).ActiveCfg = Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).Build.0 = Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
|
{6BC9B796-10C6-4CF7-A6E4-E2DACCDA84DA}.Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I).Deploy.0 = Release|Windows Mobile 5.0 Pocket PC SDK (ARMV4I)
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
GlobalSection(SolutionProperties) = preSolution
|
||||||
HideSolutionNode = FALSE
|
HideSolutionNode = FALSE
|
||||||
|
|
|
@ -1,150 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2009 Mamadou Diop.
|
|
||||||
*
|
|
||||||
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
|
||||||
*
|
|
||||||
* This file is part of Open Source Doubango Framework.
|
|
||||||
*
|
|
||||||
* DOUBANGO is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* DOUBANGO is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with DOUBANGO.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
#ifndef _TINYIPSEC_IPSEC_H_
|
|
||||||
#define _TINYIPSEC_IPSEC_H_
|
|
||||||
|
|
||||||
#include "tinyipsec_config.h"
|
|
||||||
#include "ipsec_utils.h"
|
|
||||||
|
|
||||||
typedef unsigned long ipsec_error_t;
|
|
||||||
#define SA_COUNT 4
|
|
||||||
#define SA_DEFAULT_LIFETIME 3600 /* 1 hour */
|
|
||||||
|
|
||||||
#define IPSEC_KEY_LEN 16
|
|
||||||
#define IPSEC_IK_LEN 20
|
|
||||||
#define IPSEC_CK_LEN 24
|
|
||||||
|
|
||||||
#define IPSEC_AUTH_ALG_STR(alg) (alg == iaa_hmac_md5_96) ? "hmac-md5-96" : "hmac-sha-1-96"
|
|
||||||
#define IPSEC_ENC_ALG_STR(enc) (enc == iea_3des) ? "des-ede3-cbc" : (enc== iea_aes ? "aes-cbc" : "null")
|
|
||||||
#define IPSEC_MODE_STR(mode) (mode == ipm_transport) ? "trans" : "tun"
|
|
||||||
#define IPSEC_PROTO_STR(proto) (proto == ipp_ah) ? "ah" : "esp"
|
|
||||||
|
|
||||||
/* function pointer ... */
|
|
||||||
typedef void (*ipsec_sa_opaque_func_free)(void** opaque);
|
|
||||||
|
|
||||||
/* context */
|
|
||||||
#define IPSEC_CONTEXT_CREATE(ctx) IPSEC_XXX_CREATE(ctx, context)
|
|
||||||
#define IPSEC_CONTEXT_SAFE_FREE(ctx) IPSEC_XXX_SAFE_FREE(ctx, context)
|
|
||||||
|
|
||||||
/* SA */
|
|
||||||
#define IPSEC_SA_CREATE(_sa) IPSEC_XXX_CREATE(_sa, sa)
|
|
||||||
#define IPSEC_SA_SAFE_FREE(_sa) IPSEC_XXX_SAFE_FREE(_sa, sa)
|
|
||||||
|
|
||||||
/* directions */
|
|
||||||
typedef enum ipsec_direction_s
|
|
||||||
{
|
|
||||||
ipd_incoming_req = 0x00, /* US <- PC */
|
|
||||||
ipd_incoming_rep, /* UC <- PS */
|
|
||||||
ipd_outgoing_req, /* UC -> PS */
|
|
||||||
ipd_outgoing_rep /* US -> PC */
|
|
||||||
}
|
|
||||||
ipsec_direction_t;
|
|
||||||
|
|
||||||
/* encryption algorithm */
|
|
||||||
typedef enum ipsec_encrypt_algo_s
|
|
||||||
{
|
|
||||||
iea_null = 0x00,
|
|
||||||
iea_des,
|
|
||||||
iea_3des,
|
|
||||||
iea_aes
|
|
||||||
}
|
|
||||||
ipsec_encrypt_algo_t;
|
|
||||||
|
|
||||||
/* authentication algorithm */
|
|
||||||
typedef enum ipsec_auth_algo_s
|
|
||||||
{
|
|
||||||
iaa_hmac_md5_96 = 0x00,
|
|
||||||
iaa_hmac_sha1_96
|
|
||||||
}
|
|
||||||
ipsec_auth_algo_t;
|
|
||||||
|
|
||||||
/* ipsec protocol */
|
|
||||||
typedef enum ipsec_protocol_s
|
|
||||||
{
|
|
||||||
ipp_esp = (0x01 << 1),
|
|
||||||
ipp_ah = (0x01 << 2),
|
|
||||||
ipp_both = (ipp_esp | ipp_ah)
|
|
||||||
}
|
|
||||||
ipsec_protocol_t;
|
|
||||||
|
|
||||||
/* ipsec transport */
|
|
||||||
typedef enum ipsec_transport_s
|
|
||||||
{
|
|
||||||
ipt_udp = 0x00,
|
|
||||||
ipt_tcp
|
|
||||||
}
|
|
||||||
ipsec_transport_t;
|
|
||||||
|
|
||||||
/* ipsec mode of operation */
|
|
||||||
typedef enum ipsec_mode_s
|
|
||||||
{
|
|
||||||
ipm_transport = 0x00,
|
|
||||||
ipm_tunnel
|
|
||||||
}
|
|
||||||
ipsec_mode_t;
|
|
||||||
|
|
||||||
/* ipsec sa */
|
|
||||||
typedef struct ipsec_sa_s
|
|
||||||
{
|
|
||||||
uint32_t lifetime; /* sa lifetime */
|
|
||||||
uint32_t spi; /* a unique parameter index */
|
|
||||||
//ipsec_direction_t direction; /* direction */
|
|
||||||
|
|
||||||
//char* ip;
|
|
||||||
uint16_t port;
|
|
||||||
|
|
||||||
ipsec_sa_opaque_func_free opaque_func_free;
|
|
||||||
void* opaque; /* platform specific */
|
|
||||||
}
|
|
||||||
ipsec_sa_t;
|
|
||||||
|
|
||||||
/* ipsec context */
|
|
||||||
typedef struct ipsec_context_s
|
|
||||||
{
|
|
||||||
ipsec_encrypt_algo_t encrypt; /* encryption algorithm */
|
|
||||||
ipsec_auth_algo_t auth; /* authentication algorithm */
|
|
||||||
ipsec_mode_t mode; /* mode of operation */
|
|
||||||
ipsec_transport_t trans; /* network transport */
|
|
||||||
ipsec_protocol_t proto; /* protocol type */
|
|
||||||
|
|
||||||
int ipv6;
|
|
||||||
char* localIP;
|
|
||||||
char* remoteIP;
|
|
||||||
|
|
||||||
ipsec_sa_t SAs[SA_COUNT];
|
|
||||||
|
|
||||||
void* opaque; /* platform specific */
|
|
||||||
}
|
|
||||||
ipsec_context_t;
|
|
||||||
|
|
||||||
TINYIPSEC_API ipsec_error_t ipsec_context_init(ipsec_context_t* context);
|
|
||||||
TINYIPSEC_API uint32_t ipsec_get_spi(const ipsec_context_t* context, ipsec_direction_t direction);
|
|
||||||
TINYIPSEC_API void ipsec_set_ik(ipsec_context_t* context, const char ik[IPSEC_KEY_LEN]);
|
|
||||||
TINYIPSEC_API void ipsec_set_ck(ipsec_context_t* context, const char ck[IPSEC_KEY_LEN]);
|
|
||||||
TINYIPSEC_API int ipsec_sa_bound(ipsec_context_t* context, ipsec_direction_t direction);
|
|
||||||
TINYIPSEC_API void ipsec_flush(const ipsec_context_t* context);
|
|
||||||
TINYIPSEC_API void ipsec_context_free(ipsec_context_t** context);
|
|
||||||
|
|
||||||
TINYIPSEC_API void ipsec_sa_init(ipsec_sa_t* sa);
|
|
||||||
TINYIPSEC_API void ipsec_sa_free(ipsec_sa_t* sa);
|
|
||||||
|
|
||||||
#endif /* _TINYIPSEC_IPSEC_H_ */
|
|
|
@ -1,74 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2009 Mamadou Diop.
|
|
||||||
*
|
|
||||||
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
|
||||||
*
|
|
||||||
* This file is part of Open Source Doubango Framework.
|
|
||||||
*
|
|
||||||
* DOUBANGO is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* DOUBANGO is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with DOUBANGO.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
#include "ipsec.h"
|
|
||||||
#include <time.h>
|
|
||||||
|
|
||||||
#if HAVE_LINUX_IPSEC
|
|
||||||
|
|
||||||
/* ipsec context for linux platform */
|
|
||||||
typedef struct ipsec_linux_context_s
|
|
||||||
{
|
|
||||||
int FIXME;
|
|
||||||
}
|
|
||||||
ipsec_linux_context_t;
|
|
||||||
|
|
||||||
/* initialize ipsec context */
|
|
||||||
/* returns 0 if succeed and nonzero otherwise */
|
|
||||||
ipsec_error_t ipsec_context_init(ipsec_context_t* context)
|
|
||||||
{
|
|
||||||
memset(context, 0, sizeof(ipsec_context_t));
|
|
||||||
srand (time(0));
|
|
||||||
|
|
||||||
/* SAs */
|
|
||||||
for(i=0; i<SA_COUNT; i++)
|
|
||||||
{
|
|
||||||
ipsec_sa_init(context->SAs[i]);
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* free ipsec context */
|
|
||||||
void ipsec_context_free(ipsec_context_t** context)
|
|
||||||
{
|
|
||||||
if(*context)
|
|
||||||
{
|
|
||||||
/* flush all SAs */
|
|
||||||
ipsec_flush(*context);
|
|
||||||
|
|
||||||
/* SAs */
|
|
||||||
for(i=0; i<SA_COUNT; i++)
|
|
||||||
{
|
|
||||||
ipsec_sa_free(&(context->SAs[i]));
|
|
||||||
}
|
|
||||||
|
|
||||||
free(*context);
|
|
||||||
(*context) = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* flush all associated ipsec SAs */
|
|
||||||
void ipsec_flush(const ipsec_context_t* context)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* HAVE_IPSEC_TOOLS */
|
|
|
@ -1,560 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2009 Mamadou Diop.
|
|
||||||
*
|
|
||||||
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
|
||||||
*
|
|
||||||
* This file is part of Open Source Doubango Framework.
|
|
||||||
*
|
|
||||||
* DOUBANGO is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* DOUBANGO is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with DOUBANGO.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
#include "ipsec.h"
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <time.h>
|
|
||||||
|
|
||||||
#include <Fwpmu.h>
|
|
||||||
|
|
||||||
#if HAVE_WIN32_IPSEC
|
|
||||||
|
|
||||||
#define CLEANUP_ON_ERROR(result) if(result != ERROR_SUCCESS) goto CLEANUP;
|
|
||||||
#define TINYIPSEC_FILTER_NAME TEXT("tinyIPSEC")
|
|
||||||
#define TINYIPSEC_PROVIDER_KEY NULL
|
|
||||||
#define WIN32_SA_MAX_LIFETIME 172799
|
|
||||||
#define TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST 20
|
|
||||||
#define GET_CONTEXT_OPAQUE(context) ((ipsec_win32_context_opaque_t*)(context)->opaque)
|
|
||||||
#define GET_SA_OPAQUE(sa) ((ipsec_win32_sa_opaque_t*)(sa).opaque)
|
|
||||||
#if defined(DEBUG) || defined(_DEBUG)
|
|
||||||
# define DEBUG_PRINT printf
|
|
||||||
#else
|
|
||||||
# define DEBUG_PRINT
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define GET_WIN32_AUTH_ID(auth) (auth == iaa_hmac_md5_96) ? IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 : IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96
|
|
||||||
#define GET_WIN32_ENC_ID(enc) (enc == iea_3des) ? IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES : ( (enc == iea_aes) ? IPSEC_CIPHER_TRANSFORM_ID_AES_128 : IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL )
|
|
||||||
#define GET_WIN32_MODE(mode) (mode == ipm_tunnel) ? IPSEC_TRAFFIC_TYPE_TUNNEL : IPSEC_TRAFFIC_TYPE_TRANSPORT
|
|
||||||
#define GET_WIN32_TRANS(trans) (trans == ipt_tcp) ? IPPROTO_TCP : IPPROTO_UDP
|
|
||||||
#define GET_WIN32_IPVER(ipv6) (ipv6) ? FWP_IP_VERSION_V6 : FWP_IP_VERSION_V4
|
|
||||||
#define GET_WIN32_PROTO(proto) (proto == ipp_ah) ? IPSEC_TRANSFORM_AH : ( (proto == ipp_esp) ? IPSEC_TRANSFORM_ESP_AUTH : IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER );
|
|
||||||
|
|
||||||
/* ipsec opaques for win32 platform */
|
|
||||||
typedef struct ipsec_win32_context_opaque_s
|
|
||||||
{
|
|
||||||
FWP_BYTE_BLOB ik;
|
|
||||||
FWP_BYTE_BLOB ck;
|
|
||||||
|
|
||||||
HANDLE engine;
|
|
||||||
}
|
|
||||||
ipsec_win32_context_opaque_t;
|
|
||||||
|
|
||||||
/* sa endpoint definition*/
|
|
||||||
typedef struct ipsec_sa_endpoints_s
|
|
||||||
{
|
|
||||||
union
|
|
||||||
{
|
|
||||||
UINT32 localV4Address;
|
|
||||||
UINT8 localV6Address[ 16 ];
|
|
||||||
};
|
|
||||||
union
|
|
||||||
{
|
|
||||||
UINT32 remoteV4Address;
|
|
||||||
UINT8 remoteV6Address[ 16 ];
|
|
||||||
};
|
|
||||||
}ipsec_sa_endpoints_t;
|
|
||||||
|
|
||||||
/* as WFP do not provide null encryption I define my own*/
|
|
||||||
static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL=
|
|
||||||
{
|
|
||||||
(IPSEC_CIPHER_TYPE)NULL,
|
|
||||||
(IPSEC_CIPHER_TYPE)NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
typedef struct ipsec_win32_sa_opaque_s
|
|
||||||
{
|
|
||||||
IPSEC_SA_SPI spi;
|
|
||||||
UINT64 inFilterId;
|
|
||||||
UINT64 outFilterId;
|
|
||||||
UINT64 saId;
|
|
||||||
|
|
||||||
ipsec_sa_endpoints_t endpoint;
|
|
||||||
}
|
|
||||||
ipsec_win32_sa_opaque_t;
|
|
||||||
|
|
||||||
void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId);
|
|
||||||
DWORD getInboundSPI(ipsec_context_t* context, ipsec_direction_t direction);
|
|
||||||
ipsec_sa_endpoints_t get_endpoint(const ipsec_context_t* context);
|
|
||||||
|
|
||||||
/* free win32 opaque */
|
|
||||||
void ipsec_win32_sa_opaque_free(void** _opaque)
|
|
||||||
{
|
|
||||||
if(*_opaque)
|
|
||||||
{
|
|
||||||
ipsec_win32_sa_opaque_t** opaque = ((ipsec_win32_sa_opaque_t**)_opaque);
|
|
||||||
free(*opaque);
|
|
||||||
(*opaque) = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* initialize ipsec context */
|
|
||||||
/* returns 0 if succeed and nonzero otherwise */
|
|
||||||
ipsec_error_t ipsec_context_init(ipsec_context_t* context)
|
|
||||||
{
|
|
||||||
ipsec_error_t code = ERROR_SUCCESS;
|
|
||||||
int i = 0;
|
|
||||||
|
|
||||||
memset(context, 0, sizeof(ipsec_context_t));
|
|
||||||
srand((unsigned int)time(0));
|
|
||||||
|
|
||||||
/* opaque */
|
|
||||||
context->opaque = malloc(sizeof(ipsec_win32_context_opaque_t));
|
|
||||||
memset(context->opaque, 0, sizeof(ipsec_win32_context_opaque_t));
|
|
||||||
|
|
||||||
/* SAs */
|
|
||||||
for(i=0; i<SA_COUNT; i++)
|
|
||||||
{
|
|
||||||
ipsec_sa_init(&(context->SAs[i]));
|
|
||||||
context->SAs[i].opaque = malloc(sizeof(ipsec_win32_sa_opaque_t));
|
|
||||||
memset(context->SAs[i].opaque, 0, sizeof(ipsec_win32_sa_opaque_t));
|
|
||||||
context->SAs[i].opaque_func_free = ipsec_win32_sa_opaque_free;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* open engine */
|
|
||||||
if(code = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, &GET_CONTEXT_OPAQUE(context)->engine))
|
|
||||||
{
|
|
||||||
return code;
|
|
||||||
}
|
|
||||||
|
|
||||||
return code;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* get spi */
|
|
||||||
uint32_t ipsec_get_spi(const ipsec_context_t* context, ipsec_direction_t direction)
|
|
||||||
{
|
|
||||||
switch(direction)
|
|
||||||
{
|
|
||||||
case ipd_incoming_req: /* US <- PC */
|
|
||||||
case ipd_incoming_rep: /* UC <- PS */
|
|
||||||
{
|
|
||||||
/* already set do not change */
|
|
||||||
if(!context->SAs[direction].spi)
|
|
||||||
getInboundSPI(context, direction);
|
|
||||||
|
|
||||||
return context->SAs[direction].spi;
|
|
||||||
}
|
|
||||||
case ipd_outgoing_req: /* UC -> PS */
|
|
||||||
case ipd_outgoing_rep: /* US -> PC */
|
|
||||||
default:
|
|
||||||
{
|
|
||||||
return context->SAs[direction].spi;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* set integrity key */
|
|
||||||
void ipsec_set_ik(ipsec_context_t* context, const char ik[IPSEC_KEY_LEN])
|
|
||||||
{
|
|
||||||
IPSEC_SAFE_FREE(GET_CONTEXT_OPAQUE(context)->ik.data);
|
|
||||||
|
|
||||||
GET_CONTEXT_OPAQUE(context)->ik.data = malloc(IPSEC_IK_LEN);
|
|
||||||
memset(GET_CONTEXT_OPAQUE(context)->ik.data, 0, IPSEC_IK_LEN);
|
|
||||||
|
|
||||||
memcpy(GET_CONTEXT_OPAQUE(context)->ik.data, ik, IPSEC_KEY_LEN);
|
|
||||||
GET_CONTEXT_OPAQUE(context)->ik.size = IPSEC_KEY_LEN;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* set cipher key */
|
|
||||||
void ipsec_set_ck(ipsec_context_t* context, const char ck[IPSEC_KEY_LEN])
|
|
||||||
{
|
|
||||||
IPSEC_SAFE_FREE(GET_CONTEXT_OPAQUE(context)->ck.data);
|
|
||||||
|
|
||||||
GET_CONTEXT_OPAQUE(context)->ck.data = malloc(IPSEC_CK_LEN);
|
|
||||||
memset(GET_CONTEXT_OPAQUE(context)->ck.data, 0, IPSEC_IK_LEN);
|
|
||||||
|
|
||||||
memcpy(GET_CONTEXT_OPAQUE(context)->ck.data, ck, IPSEC_KEY_LEN);
|
|
||||||
GET_CONTEXT_OPAQUE(context)->ck.size = IPSEC_KEY_LEN;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* free ipsec context */
|
|
||||||
void ipsec_context_free(ipsec_context_t** context)
|
|
||||||
{
|
|
||||||
int i = 0;
|
|
||||||
|
|
||||||
if(*context)
|
|
||||||
{
|
|
||||||
/* flush all SAs */
|
|
||||||
ipsec_flush(*context);
|
|
||||||
|
|
||||||
/* SAs */
|
|
||||||
for(i=0; i<SA_COUNT; i++)
|
|
||||||
{
|
|
||||||
ipsec_sa_free(&((*context)->SAs[i]));
|
|
||||||
}
|
|
||||||
|
|
||||||
/* free ik and ck */
|
|
||||||
IPSEC_SAFE_FREE(GET_CONTEXT_OPAQUE(*context)->ck.data);
|
|
||||||
IPSEC_SAFE_FREE(GET_CONTEXT_OPAQUE(*context)->ik.data);
|
|
||||||
|
|
||||||
/* close engine */
|
|
||||||
FwpmEngineClose0(GET_CONTEXT_OPAQUE(*context)->engine);
|
|
||||||
|
|
||||||
/* free local/remote ip */
|
|
||||||
IPSEC_SAFE_FREE((*context)->localIP);
|
|
||||||
IPSEC_SAFE_FREE((*context)->remoteIP);
|
|
||||||
|
|
||||||
free(*context);
|
|
||||||
(*context) = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* bound SA */
|
|
||||||
/* returns zero if succeed and nozero otherwise */
|
|
||||||
int ipsec_sa_bound(ipsec_context_t* context, ipsec_direction_t direction)
|
|
||||||
{
|
|
||||||
int i=0, j=0;
|
|
||||||
DWORD result = NO_ERROR;
|
|
||||||
IPSEC_SA0 sa;
|
|
||||||
IPSEC_SA_BUNDLE0 bundle;
|
|
||||||
IPSEC_SA_AUTH_INFORMATION0 authInfo;
|
|
||||||
HANDLE engine = GET_CONTEXT_OPAQUE(context)->engine;
|
|
||||||
|
|
||||||
memset(&sa, 0, sizeof(sa));
|
|
||||||
sa.spi = context->SAs[direction].spi;
|
|
||||||
sa.saTransformType = GET_WIN32_PROTO(context->proto);
|
|
||||||
|
|
||||||
//
|
|
||||||
// Keys padding
|
|
||||||
//
|
|
||||||
if(context->auth == iaa_hmac_sha1_96)
|
|
||||||
{
|
|
||||||
if(GET_CONTEXT_OPAQUE(context)->ik.size < IPSEC_IK_LEN)
|
|
||||||
{
|
|
||||||
for(i=GET_CONTEXT_OPAQUE(context)->ik.size; i<IPSEC_IK_LEN; i++)
|
|
||||||
{
|
|
||||||
((UINT8*)GET_CONTEXT_OPAQUE(context)->ik.data)[i] = 0x00;
|
|
||||||
}
|
|
||||||
GET_CONTEXT_OPAQUE(context)->ik.size = IPSEC_IK_LEN;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(context->encrypt == iea_3des)
|
|
||||||
{
|
|
||||||
if(GET_CONTEXT_OPAQUE(context)->ck.size < IPSEC_CK_LEN)
|
|
||||||
{
|
|
||||||
for(i=GET_CONTEXT_OPAQUE(context)->ck.size; i<IPSEC_CK_LEN; i++)
|
|
||||||
{
|
|
||||||
((UINT8*)GET_CONTEXT_OPAQUE(context)->ck.data)[i] = ((UINT8*)GET_CONTEXT_OPAQUE(context)->ck.data)[j++];
|
|
||||||
}
|
|
||||||
GET_CONTEXT_OPAQUE(context)->ck.size = IPSEC_CK_LEN;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// In all case create Authentication info
|
|
||||||
//
|
|
||||||
memset(&authInfo, 0, sizeof(authInfo));
|
|
||||||
authInfo.authTransform.authTransformId = GET_WIN32_AUTH_ID(context->auth);
|
|
||||||
authInfo.authKey = GET_CONTEXT_OPAQUE(context)->ik;
|
|
||||||
|
|
||||||
if( sa.saTransformType == IPSEC_TRANSFORM_AH )
|
|
||||||
{
|
|
||||||
sa.ahInformation = &authInfo;
|
|
||||||
}
|
|
||||||
else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH )
|
|
||||||
{
|
|
||||||
sa.espAuthInformation = &authInfo;
|
|
||||||
}
|
|
||||||
else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER )
|
|
||||||
{
|
|
||||||
IPSEC_SA_CIPHER_INFORMATION0 cipherInfo;
|
|
||||||
IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0 cipherAuthInfo;
|
|
||||||
|
|
||||||
memset(&cipherInfo, 0, sizeof(cipherInfo));
|
|
||||||
cipherInfo.cipherTransform.cipherTransformId = GET_WIN32_ENC_ID(context->encrypt);
|
|
||||||
cipherInfo.cipherKey = GET_CONTEXT_OPAQUE(context)->ck;
|
|
||||||
|
|
||||||
memset(&cipherAuthInfo, 0, sizeof(cipherAuthInfo));
|
|
||||||
cipherAuthInfo.saAuthInformation = authInfo;
|
|
||||||
cipherAuthInfo.saCipherInformation = cipherInfo;
|
|
||||||
|
|
||||||
sa.espAuthAndCipherInformation = &cipherAuthInfo;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&bundle, 0, sizeof(bundle));
|
|
||||||
bundle.numSAs = 1;
|
|
||||||
bundle.saList = &sa;
|
|
||||||
bundle.ipVersion = (context->ipv6) ? FWP_IP_VERSION_V6 : FWP_IP_VERSION_V4;
|
|
||||||
bundle.lifetime.lifetimeSeconds = (context->SAs[direction].lifetime > WIN32_SA_MAX_LIFETIME) ? WIN32_SA_MAX_LIFETIME : context->SAs[direction].lifetime;
|
|
||||||
|
|
||||||
/* inbound ? */
|
|
||||||
if(direction == ipd_incoming_rep || direction == ipd_incoming_req){
|
|
||||||
result = IPsecSaContextAddInbound0(engine, GET_SA_OPAQUE(context->SAs[direction])->saId, &bundle);
|
|
||||||
}
|
|
||||||
else{
|
|
||||||
result = IPsecSaContextAddOutbound0(engine, GET_SA_OPAQUE(context->SAs[direction == ipd_outgoing_rep ? ipd_incoming_req : ipd_incoming_rep])->saId, &bundle);
|
|
||||||
DEBUG_PRINT("saId=%d\n", GET_SA_OPAQUE(context->SAs[direction])->saId);
|
|
||||||
}
|
|
||||||
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
CLEANUP:
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* get inbound spi */
|
|
||||||
DWORD getInboundSPI(ipsec_context_t* context, ipsec_direction_t direction)
|
|
||||||
{
|
|
||||||
#define CONDITIONS_COUNT 4
|
|
||||||
DWORD result = NO_ERROR;
|
|
||||||
UINT64 tmpInFilterId = 0, tmpOutFilterId = 0, tmpSaId = 0;
|
|
||||||
FWPM_FILTER0 filter;
|
|
||||||
IPSEC_TRAFFIC0 outTraffic;
|
|
||||||
IPSEC_GETSPI0 getSpi;
|
|
||||||
ipsec_sa_endpoints_t endpoint = get_endpoint(context);
|
|
||||||
HANDLE engine = GET_CONTEXT_OPAQUE(context)->engine;
|
|
||||||
FWPM_FILTER_CONDITION0 conds[CONDITIONS_COUNT];
|
|
||||||
conds[0].fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS;
|
|
||||||
conds[0].matchType = FWP_MATCH_EQUAL;
|
|
||||||
|
|
||||||
if(context->ipv6)
|
|
||||||
{
|
|
||||||
conds[0].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
|
|
||||||
conds[0].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)endpoint.localV6Address;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
conds[0].conditionValue.type = FWP_UINT32;
|
|
||||||
conds[0].conditionValue.uint32 = endpoint.localV4Address;
|
|
||||||
}
|
|
||||||
conds[1].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
|
|
||||||
conds[1].matchType = FWP_MATCH_EQUAL;
|
|
||||||
if(context->ipv6)
|
|
||||||
{
|
|
||||||
conds[1].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
|
|
||||||
conds[1].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)endpoint.remoteV6Address;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
conds[1].conditionValue.type = FWP_UINT32;
|
|
||||||
conds[1].conditionValue.uint32 = endpoint.remoteV4Address;
|
|
||||||
}
|
|
||||||
|
|
||||||
conds[2].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
|
|
||||||
conds[2].matchType = FWP_MATCH_EQUAL;
|
|
||||||
conds[2].conditionValue.type = FWP_UINT16;
|
|
||||||
conds[2].conditionValue.uint16 = context->SAs[direction].port;
|
|
||||||
|
|
||||||
conds[3].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
|
|
||||||
conds[3].matchType = FWP_MATCH_EQUAL;
|
|
||||||
conds[3].conditionValue.type = FWP_UINT8;
|
|
||||||
conds[3].conditionValue.uint16 = GET_WIN32_TRANS(context->trans);
|
|
||||||
|
|
||||||
// Fill in the common fields shared by both filters.
|
|
||||||
memset(&filter, 0, sizeof(filter));
|
|
||||||
// For MUI compatibility, object names should be indirect strings. See
|
|
||||||
// SHLoadIndirectString for details.
|
|
||||||
filter.displayData.name = (PWSTR)TINYIPSEC_FILTER_NAME;
|
|
||||||
// Link all objects to our provider. When multiple providers are installed
|
|
||||||
// on a computer, this makes it easy to determine who added what.
|
|
||||||
filter.providerKey = (GUID*)TINYIPSEC_PROVIDER_KEY;
|
|
||||||
filter.numFilterConditions = CONDITIONS_COUNT;
|
|
||||||
filter.filterCondition = conds;
|
|
||||||
filter.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
|
||||||
//filter.weight.type = FWP_EMPTY;
|
|
||||||
|
|
||||||
// Add the inbound filter.
|
|
||||||
filter.layerKey = (context->ipv6) ? FWPM_LAYER_INBOUND_TRANSPORT_V6 : FWPM_LAYER_INBOUND_TRANSPORT_V4;
|
|
||||||
if(context->mode == ipm_tunnel)
|
|
||||||
{
|
|
||||||
filter.action.calloutKey = (context->ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
filter.action.calloutKey = (context->ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4;
|
|
||||||
}
|
|
||||||
result = FwpmFilterAdd0(engine, &filter, NULL, &tmpInFilterId);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
// Add the outbound filter.
|
|
||||||
filter.layerKey = (context->ipv6) ? FWPM_LAYER_OUTBOUND_TRANSPORT_V6 : FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
|
|
||||||
if(context->mode == ipm_tunnel)
|
|
||||||
{
|
|
||||||
filter.action.calloutKey = (context->ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
filter.action.calloutKey = (context->ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4;
|
|
||||||
}
|
|
||||||
result = FwpmFilterAdd0(engine, &filter, NULL, &tmpOutFilterId);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
// Create the SA context using the outbound traffic descriptor.
|
|
||||||
memset(&outTraffic, 0, sizeof(outTraffic));
|
|
||||||
outTraffic.ipVersion = GET_WIN32_IPVER(context->ipv6);
|
|
||||||
if(context->ipv6)
|
|
||||||
{
|
|
||||||
memcpy(outTraffic.localV6Address, endpoint.localV6Address, 16);
|
|
||||||
memcpy(outTraffic.remoteV6Address, endpoint.remoteV6Address, 16);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
outTraffic.localV4Address = endpoint.localV4Address;
|
|
||||||
outTraffic.remoteV4Address = endpoint.remoteV4Address;
|
|
||||||
}
|
|
||||||
outTraffic.trafficType = GET_WIN32_MODE(context->mode);
|
|
||||||
outTraffic.ipsecFilterId = tmpOutFilterId;
|
|
||||||
result = IPsecSaContextCreate0(engine, &outTraffic, NULL, &tmpSaId);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
// Get the inbound SPI using the inbound traffic descriptor.
|
|
||||||
memset(&getSpi, 0, sizeof(getSpi));
|
|
||||||
getSpi.inboundIpsecTraffic.ipVersion = GET_WIN32_IPVER(context->ipv6);
|
|
||||||
if(context->ipv6)
|
|
||||||
{
|
|
||||||
memcpy(getSpi.inboundIpsecTraffic.localV6Address, endpoint.localV6Address, 16);
|
|
||||||
memcpy(getSpi.inboundIpsecTraffic.remoteV6Address, endpoint.remoteV6Address, 16);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
getSpi.inboundIpsecTraffic.localV4Address = endpoint.localV4Address;
|
|
||||||
getSpi.inboundIpsecTraffic.remoteV4Address = endpoint.remoteV4Address;
|
|
||||||
}
|
|
||||||
getSpi.inboundIpsecTraffic.trafficType = GET_WIN32_MODE(context->mode);
|
|
||||||
getSpi.inboundIpsecTraffic.ipsecFilterId = tmpInFilterId;
|
|
||||||
getSpi.ipVersion = GET_WIN32_IPVER(context->ipv6);
|
|
||||||
result = IPsecSaContextGetSpi0(engine, tmpSaId, &getSpi, &(context->SAs[direction].spi));
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
//// Return the various LUIDs to the caller, so he can clean up.
|
|
||||||
GET_SA_OPAQUE(context->SAs[direction])->inFilterId = tmpInFilterId;
|
|
||||||
GET_SA_OPAQUE(context->SAs[direction])->outFilterId = tmpOutFilterId;
|
|
||||||
GET_SA_OPAQUE(context->SAs[direction])->saId = tmpSaId;
|
|
||||||
DEBUG_PRINT("tmpSaId=%d\n", tmpSaId);
|
|
||||||
CLEANUP:
|
|
||||||
if (result != NO_ERROR)
|
|
||||||
{
|
|
||||||
DeleteSaContextAndFilters(engine, tmpInFilterId, tmpOutFilterId, tmpSaId);
|
|
||||||
}
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* flush all associated ipsec SAs */
|
|
||||||
void ipsec_flush(const ipsec_context_t* context)
|
|
||||||
{
|
|
||||||
HANDLE engine = NULL;
|
|
||||||
UINT32 i;
|
|
||||||
|
|
||||||
if(context && (engine = GET_CONTEXT_OPAQUE(context)->engine))
|
|
||||||
{
|
|
||||||
HANDLE enumHandle = NULL;
|
|
||||||
IPSEC_SA_DETAILS0** entries = NULL;
|
|
||||||
UINT32 numEntriesReturned = 0;
|
|
||||||
|
|
||||||
DWORD result = IPsecSaCreateEnumHandle0(engine, NULL, &enumHandle);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
result = IPsecSaEnum0(engine, enumHandle, TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST, &entries, &numEntriesReturned);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
for(i = 0; i<numEntriesReturned; i++)
|
|
||||||
{
|
|
||||||
IPSEC_SA_DETAILS0* entry = (entries)[i];
|
|
||||||
if( !wcscmp(entry->transportFilter->displayData.name, TINYIPSEC_FILTER_NAME))
|
|
||||||
{
|
|
||||||
result = FwpmFilterDeleteById0(engine, entry->transportFilter->filterId);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
result = IPsecSaDestroyEnumHandle0(engine, enumHandle);
|
|
||||||
CLEANUP_ON_ERROR(result);
|
|
||||||
|
|
||||||
CLEANUP:
|
|
||||||
FwpmFreeMemory0((void**)entries);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Helper function to delete an SA context and the associated transport filters. */
|
|
||||||
void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId)
|
|
||||||
{
|
|
||||||
DWORD result;
|
|
||||||
|
|
||||||
// Allow the LUIDs to be zero, so we can use this function to cleanup
|
|
||||||
// partial results.
|
|
||||||
if (saId != 0)
|
|
||||||
{
|
|
||||||
result = IPsecSaContextDeleteById0(engine, saId);
|
|
||||||
if (result != ERROR_SUCCESS)
|
|
||||||
{
|
|
||||||
// There's not much we can do if delete fails, so continue trying to
|
|
||||||
// clean up the remaining objects.
|
|
||||||
DEBUG_PRINT("IPsecSaContextDeleteById0 = 0x%08X\n", result);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (outFilterId != 0)
|
|
||||||
{
|
|
||||||
result = FwpmFilterDeleteById0(engine, outFilterId);
|
|
||||||
if (result != ERROR_SUCCESS)
|
|
||||||
{
|
|
||||||
DEBUG_PRINT("FwpmFilterDeleteById0 = 0x%08X\n", result);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (inFilterId != 0)
|
|
||||||
{
|
|
||||||
result = FwpmFilterDeleteById0(engine, inFilterId);
|
|
||||||
if (result != ERROR_SUCCESS)
|
|
||||||
{
|
|
||||||
DEBUG_PRINT("FwpmFilterDeleteById0 = 0x%08X\n", result);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ipsec_sa_endpoints_t get_endpoint(const ipsec_context_t* context)
|
|
||||||
{
|
|
||||||
#define IPV4_ADDR_LEN 4
|
|
||||||
#define IPV6_ADDR_LEN 16
|
|
||||||
|
|
||||||
ipsec_sa_endpoints_t endpoint;
|
|
||||||
void *localBuff, *remoteBuff;
|
|
||||||
|
|
||||||
if(!context->ipv6)
|
|
||||||
{
|
|
||||||
localBuff = malloc(IPV4_ADDR_LEN); memset(localBuff, NULL, IPV4_ADDR_LEN);
|
|
||||||
remoteBuff = malloc(IPV4_ADDR_LEN); memset(remoteBuff, NULL, IPV4_ADDR_LEN);
|
|
||||||
|
|
||||||
if ( inet_pton(AF_INET, context->localIP, localBuff) == 1 )
|
|
||||||
endpoint.localV4Address = ntohl ( *((ULONG*)localBuff) );
|
|
||||||
|
|
||||||
if ( inet_pton(AF_INET, context->remoteIP, remoteBuff) == 1 )
|
|
||||||
endpoint.remoteV4Address = ntohl ( *((ULONG*)remoteBuff) );
|
|
||||||
|
|
||||||
free(localBuff);
|
|
||||||
free(remoteBuff);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
localBuff = malloc(IPV6_ADDR_LEN); memset(localBuff, NULL, IPV6_ADDR_LEN);
|
|
||||||
remoteBuff = malloc(IPV6_ADDR_LEN); memset(remoteBuff, NULL, IPV6_ADDR_LEN);
|
|
||||||
|
|
||||||
if ( inet_pton(AF_INET6, context->localIP, localBuff) == 1 )
|
|
||||||
memcpy(endpoint.localV6Address, localBuff, IPV6_ADDR_LEN);
|
|
||||||
|
|
||||||
if ( inet_pton(AF_INET6, context->remoteIP, remoteBuff) == 1 )
|
|
||||||
memcpy(endpoint.remoteV6Address, remoteBuff, IPV6_ADDR_LEN);
|
|
||||||
|
|
||||||
free(localBuff);
|
|
||||||
free(remoteBuff);
|
|
||||||
}
|
|
||||||
|
|
||||||
return endpoint;
|
|
||||||
}
|
|
||||||
|
|
||||||
#undef GET_CONTEXT_OPAQUE
|
|
||||||
#endif /* HAVE_WIN32_IPSEC */
|
|
|
@ -1,95 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2009 Mamadou Diop.
|
|
||||||
*
|
|
||||||
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
|
||||||
*
|
|
||||||
* This file is part of Open Source Doubango Framework.
|
|
||||||
*
|
|
||||||
* DOUBANGO is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* DOUBANGO is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with DOUBANGO.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
#include "ipsec_utils.h"
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
#if defined(_MSC_VER) || defined(WIN32)
|
|
||||||
# define snprintf _snprintf
|
|
||||||
# define vsnprintf _vsnprintf
|
|
||||||
# define strdup _strdup
|
|
||||||
# define stricmp _stricmp
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* My own sprintf implementation */
|
|
||||||
/* ATTENTION: use 'IPSEC_SAFE_FREE' macro to free the returned string */
|
|
||||||
void ipsec_strcat(char** destination, const char* source)
|
|
||||||
{
|
|
||||||
size_t index = 0;
|
|
||||||
|
|
||||||
if(!source) return;
|
|
||||||
|
|
||||||
if(!*destination){
|
|
||||||
*destination = (char*)malloc(strlen(source)+1);
|
|
||||||
strncpy(*destination, source, strlen(source)+1);
|
|
||||||
}else{
|
|
||||||
index = strlen(*destination);
|
|
||||||
*destination = realloc(*destination, index + strlen(source)+1);
|
|
||||||
strncpy(((*destination)+index), source, strlen(source)+1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* My own sprintf implementation */
|
|
||||||
/* ATTENTION: use 'IPSEC_SAFE_FREE' macro to free the returned string */
|
|
||||||
int ipsec_sprintf(char** str, const char* format, ...)
|
|
||||||
{
|
|
||||||
int len = 0;
|
|
||||||
va_list list;
|
|
||||||
|
|
||||||
/* initialize variable arguments */
|
|
||||||
va_start(list, format);
|
|
||||||
|
|
||||||
/* compute destination len */
|
|
||||||
len = vsnprintf(0, 0, format, list);
|
|
||||||
*str = (char*)malloc(len+1);
|
|
||||||
vsnprintf(*str, len, format, list);
|
|
||||||
(*str)[len] = '\0';
|
|
||||||
|
|
||||||
/* reset variable arguments */
|
|
||||||
va_end( list );
|
|
||||||
|
|
||||||
return len;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* My own strdup implementation */
|
|
||||||
/* ATTENTION: use 'IPSEC_SAFE_FREE' macro to free the returned string */
|
|
||||||
char* ipsec_strdup(const char *s1)
|
|
||||||
{
|
|
||||||
return strdup(s1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* update @str value with @newval */
|
|
||||||
void ipsec_strupdate(char** str, const char* newval)
|
|
||||||
{
|
|
||||||
IPSEC_SAFE_FREE(*str);
|
|
||||||
*str = ipsec_strdup(newval);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* My own stricmp implementation */
|
|
||||||
int ipsec_stricmp(const char* s1, const char* s2)
|
|
||||||
{
|
|
||||||
return stricmp(s1, s2);
|
|
||||||
}
|
|
|
@ -1,46 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2009 Mamadou Diop.
|
|
||||||
*
|
|
||||||
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
|
||||||
*
|
|
||||||
* This file is part of Open Source Doubango Framework.
|
|
||||||
*
|
|
||||||
* DOUBANGO is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* DOUBANGO is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with DOUBANGO.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
#ifndef _TINYIPSEC_UTILS_H_
|
|
||||||
#define _TINYIPSEC_UTILS_H_
|
|
||||||
|
|
||||||
#include "tinyipsec_config.h"
|
|
||||||
|
|
||||||
// FIXME:
|
|
||||||
typedef unsigned int uint32_t;
|
|
||||||
typedef unsigned short uint16_t;
|
|
||||||
|
|
||||||
#define IPSEC_SAFE_FREE(ptr) if(ptr) {(void)free(ptr); ptr=0;}
|
|
||||||
|
|
||||||
/* macro helpers to create/free structures */
|
|
||||||
#define IPSEC_XXX_CREATE(xxx, prefix)\
|
|
||||||
xxx = (ipsec_##prefix##_t*)malloc(sizeof(ipsec_##prefix##_t)); \
|
|
||||||
ipsec_##prefix##_init(xxx);
|
|
||||||
#define IPSEC_XXX_SAFE_FREE(xxx, prefix)\
|
|
||||||
if(xxx) { ipsec_##prefix##_free(&(xxx)); xxx = 0; }
|
|
||||||
|
|
||||||
TINYIPSEC_API void ipsec_strcat(char** destination, const char* source);
|
|
||||||
TINYIPSEC_API int ipsec_sprintf(char** str, const char* format, ...);
|
|
||||||
TINYIPSEC_API char* ipsec_strdup(const char* s1);
|
|
||||||
TINYIPSEC_API void ipsec_strupdate(char** str, const char* newval);
|
|
||||||
TINYIPSEC_API int ipsec_stricmp(const char* s1, const char* s2);
|
|
||||||
|
|
||||||
#endif /* _TINYIPSEC_UTILS_H_ */
|
|
|
@ -23,33 +23,64 @@
|
||||||
#ifndef TINYIPSEC_CONFIG_H
|
#ifndef TINYIPSEC_CONFIG_H
|
||||||
#define TINYIPSEC_CONFIG_H
|
#define TINYIPSEC_CONFIG_H
|
||||||
|
|
||||||
#ifdef WIN32
|
#if HAVE_CONFIG_H
|
||||||
//#include <windows.h>
|
#include "config.h"
|
||||||
#include <ws2tcpip.h>
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if (defined(WIN32) || defined(__SYMBIAN32__)) && defined(TINYIPSEC_EXPORTS)
|
#ifdef __SYMBIAN32__
|
||||||
|
#undef _WIN32 /* Because of WINSCW */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Windows (XP/Vista/7/CE and Windows Mobile) macro definition.
|
||||||
|
*/
|
||||||
|
#if defined(WIN32)|| defined(_WIN32) || defined(_WIN32_WCE)
|
||||||
|
# define TIPSEC_UNDER_WINDOWS 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Used on Windows and Symbian systems to export/import public functions and global variables.
|
||||||
|
*/
|
||||||
|
#if !defined(__GNUC__) && defined(TINYIPSEC_EXPORTS)
|
||||||
# define TINYIPSEC_API __declspec(dllexport)
|
# define TINYIPSEC_API __declspec(dllexport)
|
||||||
#elif (defined(WIN32) || defined(__SYMBIAN32__)) && defined(TINYIPSEC_IMPORTS)
|
# define TINYIPSEC_GEXTERN __declspec(dllexport)
|
||||||
|
#elif !defined(__GNUC__) /*&& defined(TINYIPSEC_IMPORTS)*/
|
||||||
# define TINYIPSEC_API __declspec(dllimport)
|
# define TINYIPSEC_API __declspec(dllimport)
|
||||||
|
# define TINYIPSEC_GEXTERN __declspec(dllimport)
|
||||||
#else
|
#else
|
||||||
# define TINYIPSEC_API
|
# define TINYIPSEC_API
|
||||||
|
# define TINYIPSEC_GEXTERN extern
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
//
|
/* Guards against C++ name mangling
|
||||||
// Disable some well-known warnings
|
*/
|
||||||
//
|
#ifdef __cplusplus
|
||||||
|
# define TIPSEC_BEGIN_DECLS extern "C" {
|
||||||
|
# define TIPSEC_END_DECLS }
|
||||||
|
#else
|
||||||
|
# define TIPSEC_BEGIN_DECLS
|
||||||
|
# define TIPSEC_END_DECLS
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Disable some well-known warnings
|
||||||
|
*/
|
||||||
#ifdef _MSC_VER
|
#ifdef _MSC_VER
|
||||||
# define _CRT_SECURE_NO_WARNINGS
|
# define _CRT_SECURE_NO_WARNINGS
|
||||||
|
# pragma warning( disable : 4996 )
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if TIPSEC_UNDER_WINDOWS && !defined(_WIN32_WCE)
|
||||||
|
# include <ws2tcpip.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
//
|
//
|
||||||
// IPSEC
|
// IPSEC
|
||||||
//
|
//
|
||||||
#if (_WIN32_WINNT >= 0x0600 || WINVER >= 0x0600)
|
#if (_WIN32_WINNT >= 0x0600)
|
||||||
# define HAVE_WIN32_IPSEC 1
|
# define HAVE_IPSEC_VISTA 1
|
||||||
|
#elif (_WIN32_WINNT >= 0x0501)
|
||||||
|
# define HAVE_IPSEC_XP 1
|
||||||
#elif HAVE_IPSEC_TOOLS
|
#elif HAVE_IPSEC_TOOLS
|
||||||
# define HAVE_LINUX_IPSEC 1
|
# define HAVE_IPSEC_RACOON 1
|
||||||
#endif /* IPSEC */
|
#endif
|
||||||
|
|
||||||
|
#endif /* TINYIPSEC_CONFIG_H */
|
||||||
|
|
||||||
#endif // TINYIPSEC_CONFIG_H
|
|
||||||
|
|
|
@ -19,10 +19,12 @@
|
||||||
* along with DOUBANGO.
|
* along with DOUBANGO.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#ifndef _TINYIPSEC_API_H_
|
|
||||||
#define _TINYIPSEC_API_H_
|
|
||||||
|
|
||||||
#include "ipsec.h"
|
/**@file tipsec.c
|
||||||
|
* @brief IPSec manager.
|
||||||
|
*
|
||||||
#endif /* _TINYIPSEC_API_H_ */
|
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
|
||||||
|
*
|
||||||
|
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
|
||||||
|
*/
|
||||||
|
#include "tipsec.h"
|
|
@ -19,28 +19,23 @@
|
||||||
* along with DOUBANGO.
|
* along with DOUBANGO.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#include "ipsec.h"
|
|
||||||
|
|
||||||
/* init ipsec SA */
|
/**@file tipsec.h
|
||||||
void ipsec_sa_init(ipsec_sa_t* sa)
|
* @brief IPSec manager.
|
||||||
{
|
*
|
||||||
memset(sa, 0, sizeof(ipsec_sa_t));
|
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
|
||||||
sa->lifetime = SA_DEFAULT_LIFETIME;
|
*
|
||||||
}
|
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
|
||||||
|
*/
|
||||||
|
#ifndef TINYIPSEC_IPSEC_H
|
||||||
|
#define TINYIPSEC_IPSEC_H
|
||||||
|
|
||||||
/* free ipsec SA */
|
#include "tinyIPSEC_config.h"
|
||||||
void ipsec_sa_free(ipsec_sa_t* sa)
|
|
||||||
{
|
|
||||||
if(sa)
|
|
||||||
{
|
|
||||||
if((sa)->opaque)
|
|
||||||
{
|
|
||||||
if((sa)->opaque_func_free) (sa)->opaque_func_free(&((sa)->opaque));
|
|
||||||
free((sa)->opaque);
|
|
||||||
(sa)->opaque = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
free(sa);
|
#include "tipsec_common.h"
|
||||||
(sa) = 0;
|
|
||||||
}
|
TSK_BEGIN_DECLS
|
||||||
}
|
|
||||||
|
TSK_END_DECLS
|
||||||
|
|
||||||
|
#endif /* TINYIPSEC_IPSEC_H */
|
|
@ -0,0 +1,60 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2009 Mamadou Diop.
|
||||||
|
*
|
||||||
|
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
||||||
|
*
|
||||||
|
* This file is part of Open Source Doubango Framework.
|
||||||
|
*
|
||||||
|
* DOUBANGO is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* DOUBANGO is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with DOUBANGO.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**@file tipsec_common.c
|
||||||
|
* @brief IPSec common functions.
|
||||||
|
*
|
||||||
|
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
|
||||||
|
*
|
||||||
|
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
|
||||||
|
*/
|
||||||
|
#include "tipsec_common.h"
|
||||||
|
|
||||||
|
#include "tsk_debug.h"
|
||||||
|
|
||||||
|
#if !HAVE_IPSEC_VISTA && !HAVE_IPSEC_XP && !HAVE_IPSEC_RACOON
|
||||||
|
|
||||||
|
int tipsec_start(tipsec_context_t* ctx)
|
||||||
|
{
|
||||||
|
TSK_DEBUG_ERROR("No IPSec implementation found.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
|
||||||
|
{
|
||||||
|
TSK_DEBUG_ERROR("No IPSec implementation found.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps)
|
||||||
|
{
|
||||||
|
TSK_DEBUG_ERROR("No IPSec implementation found.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_stop(tipsec_context_t* ctx)
|
||||||
|
{
|
||||||
|
TSK_DEBUG_ERROR("No IPSec implementation found.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
|
@ -0,0 +1,237 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2009 Mamadou Diop.
|
||||||
|
*
|
||||||
|
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
||||||
|
*
|
||||||
|
* This file is part of Open Source Doubango Framework.
|
||||||
|
*
|
||||||
|
* DOUBANGO is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* DOUBANGO is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with DOUBANGO.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**@file tipsec_common.h
|
||||||
|
* @brief IPSec common functions.
|
||||||
|
*
|
||||||
|
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
|
||||||
|
*
|
||||||
|
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
|
||||||
|
*/
|
||||||
|
#ifndef TINYIPSEC_IPSEC_COMMON_H
|
||||||
|
#define TINYIPSEC_IPSEC_COMMON_H
|
||||||
|
|
||||||
|
#include "tinyIPSEC_config.h"
|
||||||
|
|
||||||
|
#include "tsk_string.h"
|
||||||
|
|
||||||
|
TSK_BEGIN_DECLS
|
||||||
|
|
||||||
|
#define TIPSEC_CONTEXT_CREATE(ipproto, use_ipv6, mode, ealg, alg, protocol, ik, ck)\
|
||||||
|
tsk_object_new(tipsec_context_def_t, (tipsec_ipproto_t)ipproto, (int)use_ipv6, (tipsec_mode_t)mode, (tipsec_ealgorithm_t)ealg, (tipsec_algorithm_t)alg, (tipsec_protocol_t)protocol, (const tipsec_key_t*)ik, (const tipsec_key_t*)ck)
|
||||||
|
|
||||||
|
#define TIPSEC_CONTEXT(ctx) ((tipsec_context_t*)(ctx))
|
||||||
|
|
||||||
|
#define TIPSEC_IPPROTO_FROM_STR(ipproto) (tsk_strequals(ipproto, "tcp") ? ipproto_tcp : ipproto_udp)
|
||||||
|
#define TIPSEC_IPPROTO_TO_STR(ipproto) (ipproto == ipproto_tcp ? "tcp" : "udp")
|
||||||
|
|
||||||
|
#define TIPSEC_MODE_FROM_STR(mode) (tsk_strequals(mode, "trans") ? mode_trans : mode_tun)
|
||||||
|
#define TIPSEC_MODE_TO_STR(mode) (mode == mode_trans ? "trans" : "tun")
|
||||||
|
|
||||||
|
#define TIPSEC_EALG_FROM_STR(ealg) (tsk_strequals(ealg, "des-ede3-cbc") ? ealg_des_ede3_cbc : (tsk_strequals(ealg, "aes") ? ealg_aes : ealg_null))
|
||||||
|
#define TIPSEC_EALG_TO_STR(ealg) (ealg == ealg_des_ede3_cbc ? "des-ede3-cbc" : (ealg == ealg_aes ? "aes" : "null"))
|
||||||
|
|
||||||
|
#define TIPSEC_ALG_FROM_STR(alg) (tsk_strequals(alg, "hmac-sha-1-96") ? algo_hmac_sha_1_96 : algo_hmac_md5_96)
|
||||||
|
#define TIPSEC_ALG_TO_STR(alg) (alg == algo_hmac_sha_1_96 ? "hmac-sha-1-96" : "hmac-md5-96")
|
||||||
|
|
||||||
|
#define TIPSEC_PROTOCOL_FROM_STR(protocol) (tsk_strequals(protocol, "ah") ? proto_ah : ((tsk_strequals(protocol, "esp")) ? proto_esp : proto_both)
|
||||||
|
#define TIPSEC_PROTOCOL_TO_STR(protocol) (protocol == proto_esp ? "esp" : (protocol == proto_ah ? "ah" : "ah/esp"))
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @def TIPSEC_KEY_SIZE
|
||||||
|
*
|
||||||
|
* @brief Size of IK (Integrity Key) and CK (Confidentiality Key).
|
||||||
|
*
|
||||||
|
* @remarks Mamadou, 2/21/2010.
|
||||||
|
**/
|
||||||
|
#define TIPSEC_KEY_LEN 16
|
||||||
|
#define TIPSEC_IK_LEN 20
|
||||||
|
#define TIPSEC_CK_LEN 24
|
||||||
|
|
||||||
|
typedef uint32_t tipsec_lifetime_t;
|
||||||
|
typedef uint32_t tipsec_spi_t;
|
||||||
|
typedef uint16_t tipsec_port_t;
|
||||||
|
//typedef uint8_t tipsec_key_t[TIPSEC_KEY_SIZE];
|
||||||
|
typedef void tipsec_key_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @enum tipsec_mode_e
|
||||||
|
*
|
||||||
|
* @brief List of IPSec modes.
|
||||||
|
**/
|
||||||
|
typedef enum tipsec_mode_e
|
||||||
|
{
|
||||||
|
//! IPSec transport mode.
|
||||||
|
mode_trans,
|
||||||
|
//! IPSec tunneling mode.
|
||||||
|
mode_tun
|
||||||
|
}
|
||||||
|
tipsec_mode_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @enum tipsec_protocol_e
|
||||||
|
*
|
||||||
|
* @brief List of IPSec protocols.
|
||||||
|
**/
|
||||||
|
typedef enum tipsec_protocol_e
|
||||||
|
{
|
||||||
|
//! AH protocol.
|
||||||
|
proto_ah,
|
||||||
|
//! ESP protocol.
|
||||||
|
proto_esp,
|
||||||
|
//! Both AH and ESP protocols.
|
||||||
|
proto_both
|
||||||
|
}
|
||||||
|
tipsec_protocol_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @enum tipsec_ipproto_e
|
||||||
|
*
|
||||||
|
* @brief List of Internet protocols.
|
||||||
|
**/
|
||||||
|
typedef enum tipsec_ipproto_e
|
||||||
|
{
|
||||||
|
//! UDP.
|
||||||
|
ipproto_udp,
|
||||||
|
//! TCP.
|
||||||
|
ipproto_tcp
|
||||||
|
}
|
||||||
|
tipsec_ipproto_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @enum tipsec_algorithm_e
|
||||||
|
*
|
||||||
|
* @brief List of IPSec algorithms.
|
||||||
|
**/
|
||||||
|
typedef enum tipsec_algorithm_e
|
||||||
|
{
|
||||||
|
//! hmac-md5-96 algorithm.
|
||||||
|
algo_hmac_md5_96,
|
||||||
|
//! hmac-sha-1-96 algorithm.
|
||||||
|
algo_hmac_sha_1_96
|
||||||
|
}
|
||||||
|
tipsec_algorithm_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @enum tipsec_ealgorithm_e
|
||||||
|
*
|
||||||
|
* @brief List of IPSec encrypt-algorithms.
|
||||||
|
**/
|
||||||
|
typedef enum tipsec_ealgorithm_e
|
||||||
|
{
|
||||||
|
//! des-ede3-cbc encrypt-algorithm.
|
||||||
|
ealg_des_ede3_cbc,
|
||||||
|
//! aes encrypt-algorithm.
|
||||||
|
ealg_aes,
|
||||||
|
//! null encrypt-algorithm.
|
||||||
|
ealg_null
|
||||||
|
}
|
||||||
|
tipsec_ealgorithm_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @enum tipsec_state_e
|
||||||
|
*
|
||||||
|
* @brief List of IPSec states.
|
||||||
|
**/
|
||||||
|
typedef enum tipsec_state_e
|
||||||
|
{
|
||||||
|
//! The default state. At this state no SA is created. It's the first and default state.
|
||||||
|
state_initial,
|
||||||
|
//! Partial state. At this state only inbound SAs (with their SPIs) have been created.
|
||||||
|
state_inbound,
|
||||||
|
//! Full state. At this state both inbound and outbound SAs have been create. It's the final state.
|
||||||
|
state_full,
|
||||||
|
//! All SAs are in active mode.
|
||||||
|
state_active
|
||||||
|
}
|
||||||
|
tipsec_state_t;
|
||||||
|
|
||||||
|
typedef struct tipsec_context_s
|
||||||
|
{
|
||||||
|
TSK_DECLARE_OBJECT;
|
||||||
|
|
||||||
|
//! Indicates whether the context have been initialized or not.
|
||||||
|
unsigned initialized;
|
||||||
|
//! Indicates whether the context have been started or not.
|
||||||
|
unsigned started:1;
|
||||||
|
|
||||||
|
//! The current state of the IPSec context.
|
||||||
|
tipsec_state_t state;
|
||||||
|
|
||||||
|
//! Indicates whether to use IPv6 addresses or not.
|
||||||
|
unsigned use_ipv6:1;
|
||||||
|
//! The network protocol.
|
||||||
|
tipsec_ipproto_t ipproto;
|
||||||
|
|
||||||
|
//! IPSec mode.
|
||||||
|
tipsec_mode_t mode;
|
||||||
|
//! Encrypt algorithm ().
|
||||||
|
tipsec_ealgorithm_t ealg;
|
||||||
|
//! Algorithm.
|
||||||
|
tipsec_algorithm_t alg;
|
||||||
|
//! IPSec protocol.
|
||||||
|
tipsec_protocol_t protocol;
|
||||||
|
|
||||||
|
//! Remote address (Proxy-CSCF).
|
||||||
|
void* addr_remote;
|
||||||
|
//! Proxy-CSCF client SPI.
|
||||||
|
tipsec_spi_t spi_pc;
|
||||||
|
//! Proxy-CSCF server SPI.
|
||||||
|
tipsec_spi_t spi_ps;
|
||||||
|
//! Proxy-CSCF client port.
|
||||||
|
tipsec_port_t port_pc;
|
||||||
|
//! Proxy-CSCF server port.
|
||||||
|
tipsec_port_t port_ps;
|
||||||
|
|
||||||
|
//! Local address (UE).
|
||||||
|
void* addr_local;
|
||||||
|
//! UE client SPI.
|
||||||
|
tipsec_spi_t spi_uc;
|
||||||
|
//! UE server SPI.
|
||||||
|
tipsec_spi_t spi_us;
|
||||||
|
//! UE client port.
|
||||||
|
tipsec_port_t port_uc;
|
||||||
|
//! UE server port.
|
||||||
|
tipsec_port_t port_us;
|
||||||
|
|
||||||
|
//! The confidentiality key.
|
||||||
|
tipsec_key_t *ck;
|
||||||
|
//! The integrity key.
|
||||||
|
tipsec_key_t *ik;
|
||||||
|
|
||||||
|
//! reg-await-auth timer value.
|
||||||
|
tipsec_lifetime_t lifetime;
|
||||||
|
}
|
||||||
|
tipsec_context_t;
|
||||||
|
|
||||||
|
#define TINYIPSEC_DECLARE_CONTEXT tipsec_context_t context
|
||||||
|
|
||||||
|
TINYIPSEC_GEXTERN const void *tipsec_context_def_t;
|
||||||
|
|
||||||
|
TINYIPSEC_API int tipsec_start(tipsec_context_t* ctx);
|
||||||
|
TINYIPSEC_API int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us);
|
||||||
|
TINYIPSEC_API int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime);
|
||||||
|
TINYIPSEC_API int tipsec_stop(tipsec_context_t* ctx);
|
||||||
|
|
||||||
|
TSK_END_DECLS
|
||||||
|
|
||||||
|
#endif /* TINYIPSEC_IPSEC_COMMON_H */
|
|
@ -0,0 +1,690 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2009 Mamadou Diop.
|
||||||
|
*
|
||||||
|
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
||||||
|
*
|
||||||
|
* This file is part of Open Source Doubango Framework.
|
||||||
|
*
|
||||||
|
* DOUBANGO is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* DOUBANGO is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with DOUBANGO.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**@file tipsec_vista.c
|
||||||
|
* @brief Windows Vista/7 IPsec implementation using WFP.
|
||||||
|
*
|
||||||
|
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
|
||||||
|
*
|
||||||
|
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
|
||||||
|
*/
|
||||||
|
#include "tipsec_vista.h"
|
||||||
|
|
||||||
|
#if HAVE_IPSEC_VISTA
|
||||||
|
|
||||||
|
#include "tsk_memory.h"
|
||||||
|
#include "tsk_debug.h"
|
||||||
|
|
||||||
|
#include <Fwpmu.h>
|
||||||
|
|
||||||
|
|
||||||
|
typedef FWP_BYTE_BLOB* PFWP_BYTE_BLOB;
|
||||||
|
|
||||||
|
#define TINYIPSEC_FILTER_NAME TEXT("tinyIPSEC")
|
||||||
|
#define TINYIPSEC_PROVIDER_KEY NULL
|
||||||
|
|
||||||
|
#define TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST 20
|
||||||
|
#define TINYIPSEC_SA_MAX_LIFETIME 172799
|
||||||
|
|
||||||
|
#define TINYIPSEC_VISTA_GET_ALGO(algo) (algo == algo_hmac_md5_96) ? IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 : IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96
|
||||||
|
#define TINYIPSEC_VISTA_GET_EALGO(ealg) (ealg == ealg_des_ede3_cbc) ? IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES : ( (ealg == ealg_aes) ? IPSEC_CIPHER_TRANSFORM_ID_AES_128 : IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL )
|
||||||
|
#define TINYIPSEC_VISTA_GET_MODE(mode) (mode == mode_tun) ? IPSEC_TRAFFIC_TYPE_TUNNEL : IPSEC_TRAFFIC_TYPE_TRANSPORT
|
||||||
|
#define TINYIPSEC_VISTA_GET_IPPROTO(ipproto) (ipproto == ipproto_tcp) ? IPPROTO_TCP : IPPROTO_UDP
|
||||||
|
#define TINYIPSEC_VISTA_GET_IPVER(ipv6) (ipv6) ? FWP_IP_VERSION_V6 : FWP_IP_VERSION_V4
|
||||||
|
#define TINYIPSEC_VISTA_GET_PROTO(proto) (proto == proto_ah) ? IPSEC_TRANSFORM_AH : ( (proto == proto_esp) ? IPSEC_TRANSFORM_ESP_AUTH : IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER );
|
||||||
|
|
||||||
|
/* as WFP do not provide null encryption I define my own*/
|
||||||
|
static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL=
|
||||||
|
{
|
||||||
|
(IPSEC_CIPHER_TYPE)NULL,
|
||||||
|
(IPSEC_CIPHER_TYPE)NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct tipsec_context_vista_s
|
||||||
|
{
|
||||||
|
TINYIPSEC_DECLARE_CONTEXT;
|
||||||
|
|
||||||
|
UINT64 saId_us;
|
||||||
|
UINT64 saId_uc;
|
||||||
|
|
||||||
|
HANDLE engine;
|
||||||
|
}
|
||||||
|
tipsec_context_vista_t;
|
||||||
|
|
||||||
|
#define TIPSEC_CONTEXT_VISTA(ctx) ((tipsec_context_vista_t*)(ctx))
|
||||||
|
|
||||||
|
int tipsec_create_localSA(__in const tipsec_context_vista_t* context, __in tipsec_port_t local_port, __out tipsec_spi_t *spi, UINT64 *saId);
|
||||||
|
int tipsec_boundSA(__in const tipsec_context_vista_t* context, __in UINT64 local_saId, __in tipsec_spi_t remote_spi, __in BOOLEAN toInbound);
|
||||||
|
|
||||||
|
int tipsec_flush_all(const tipsec_context_vista_t* context);
|
||||||
|
void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId);
|
||||||
|
|
||||||
|
int tipsec_start(tipsec_context_t* ctx)
|
||||||
|
{
|
||||||
|
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if(!ctx_vista){
|
||||||
|
ret = -1;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(TIPSEC_CONTEXT(ctx_vista)->started){
|
||||||
|
TSK_DEBUG_WARN("The IPSec context already started.");
|
||||||
|
ret = -2;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(TIPSEC_CONTEXT(ctx_vista)->state != state_full){
|
||||||
|
TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
|
||||||
|
ret = -3;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* VERY IMPORTANT: The SA context functions must be called in a specific order:
|
||||||
|
(http://msdn.microsoft.com/en-us/library/bb540652(VS.85).aspx).
|
||||||
|
|
||||||
|
IPsecSaContextCreate0
|
||||||
|
IPsecSaContextGetSpi0
|
||||||
|
IPsecSaContextAddInbound0
|
||||||
|
IPsecSaContextAddOutbound0
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* US <- PC */
|
||||||
|
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_us, TIPSEC_CONTEXT(ctx_vista)->spi_us, TRUE))){
|
||||||
|
TSK_DEBUG_ERROR("Failed to setup [US <- PC] SA.");
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
/* UC <- PS */
|
||||||
|
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_uc, TIPSEC_CONTEXT(ctx_vista)->spi_uc, TRUE))){
|
||||||
|
TSK_DEBUG_ERROR("Failed to setup [UC <- PS] SA.");
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* UC -> PS */
|
||||||
|
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_uc, TIPSEC_CONTEXT(ctx_vista)->spi_ps, FALSE))){
|
||||||
|
TSK_DEBUG_ERROR("Failed to setup [UC -> PS] SA.");
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
/* US -> PC */
|
||||||
|
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_us, TIPSEC_CONTEXT(ctx_vista)->spi_pc, FALSE))){
|
||||||
|
TSK_DEBUG_ERROR("Failed to setup [US -> PC] SA.");
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the state to active.
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->state = state_active;
|
||||||
|
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->started = 1;
|
||||||
|
|
||||||
|
bail:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
|
||||||
|
{
|
||||||
|
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if(!ctx_vista){
|
||||||
|
ret = -1;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!addr_local || !port_uc || !port_us){
|
||||||
|
ret = -2;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!TIPSEC_CONTEXT(ctx_vista)->initialized){
|
||||||
|
TSK_DEBUG_ERROR("IPSec engine not initialized.");
|
||||||
|
ret = -3;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(TIPSEC_CONTEXT(ctx_vista)->state != state_initial){
|
||||||
|
TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
|
||||||
|
ret = -4;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
TSK_FREE(TIPSEC_CONTEXT(ctx_vista)->addr_local);
|
||||||
|
TSK_FREE(TIPSEC_CONTEXT(ctx_vista)->addr_remote);
|
||||||
|
|
||||||
|
/* Set local IP */
|
||||||
|
if(TIPSEC_CONTEXT(ctx_vista)->use_ipv6){
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->addr_local = tsk_calloc(16, sizeof(uint8_t));
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->addr_remote = tsk_calloc(16, sizeof(uint8_t));
|
||||||
|
|
||||||
|
if ((ret = inet_pton(AF_INET6, addr_local, TIPSEC_CONTEXT(ctx_vista)->addr_local)) != 1 ){
|
||||||
|
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_local, ret);
|
||||||
|
goto bail;
|
||||||
|
} else ret = 0;
|
||||||
|
if ((ret = inet_pton(AF_INET6, addr_remote, TIPSEC_CONTEXT(ctx_vista)->addr_remote)) != 1 ){
|
||||||
|
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_remote, ret);
|
||||||
|
goto bail;
|
||||||
|
} else ret = 0;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->addr_local = tsk_calloc(4, sizeof(uint8_t));
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->addr_remote = tsk_calloc(4, sizeof(uint8_t));
|
||||||
|
|
||||||
|
if ((ret = inet_pton(AF_INET, addr_local, TIPSEC_CONTEXT(ctx_vista)->addr_local)) != 1 ){
|
||||||
|
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_local, ret);
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_local) = ntohl(*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_local));
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
if ((ret = inet_pton(AF_INET, addr_remote, TIPSEC_CONTEXT(ctx_vista)->addr_remote)) != 1 ){
|
||||||
|
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_remote, ret);
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_remote) = ntohl(*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_remote));
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set ports */
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->port_uc = port_uc;
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->port_us = port_us;
|
||||||
|
|
||||||
|
if((ret = tipsec_create_localSA(ctx_vista, TIPSEC_CONTEXT(ctx_vista)->port_uc, &TIPSEC_CONTEXT(ctx_vista)->spi_uc, &ctx_vista->saId_uc))){
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if((ret = tipsec_create_localSA(ctx_vista, TIPSEC_CONTEXT(ctx_vista)->port_us, &TIPSEC_CONTEXT(ctx_vista)->spi_us, &ctx_vista->saId_us))){
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->state = state_inbound;
|
||||||
|
|
||||||
|
bail:
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime)
|
||||||
|
{
|
||||||
|
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if(!ctx_vista){
|
||||||
|
ret = -1;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!lifetime || !port_pc || !port_ps){
|
||||||
|
ret = -2;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(TIPSEC_CONTEXT(ctx_vista)->state != state_inbound){
|
||||||
|
TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
|
||||||
|
ret = -3;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set Lifetime */
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->lifetime = lifetime;
|
||||||
|
|
||||||
|
/* Set ports */
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->port_ps = port_ps;
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->port_pc = port_pc;
|
||||||
|
|
||||||
|
/* Set spis */
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->spi_ps = spi_ps;
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->spi_pc = spi_pc;
|
||||||
|
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->state = state_full;
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
|
bail:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_stop(tipsec_context_t* ctx)
|
||||||
|
{
|
||||||
|
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if(!ctx_vista){
|
||||||
|
ret = -1;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!TIPSEC_CONTEXT(ctx_vista)->started){
|
||||||
|
TSK_DEBUG_WARN("The IPSec context not started.");
|
||||||
|
ret = -2;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Flush (delete) all SAs associated to tinyIPSEC */
|
||||||
|
tipsec_flush_all(ctx_vista);
|
||||||
|
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->started = 0;
|
||||||
|
TIPSEC_CONTEXT(ctx_vista)->state = state_initial;
|
||||||
|
|
||||||
|
bail:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_create_localSA(__in const tipsec_context_vista_t* context, __in tipsec_port_t local_port, __out tipsec_spi_t *spi, UINT64 *saId)
|
||||||
|
{
|
||||||
|
DWORD result = NO_ERROR;
|
||||||
|
UINT64 tmpInFilterId = 0, tmpOutFilterId = 0, tmpSaId = 0;
|
||||||
|
FWPM_FILTER0 filter;
|
||||||
|
IPSEC_TRAFFIC0 outTraffic;
|
||||||
|
IPSEC_GETSPI0 getSpi;
|
||||||
|
int ret = -1;
|
||||||
|
FWPM_FILTER_CONDITION0 conds[4];
|
||||||
|
conds[0].fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS;
|
||||||
|
conds[0].matchType = FWP_MATCH_EQUAL;
|
||||||
|
|
||||||
|
*spi = 0;
|
||||||
|
*saId = 0;
|
||||||
|
|
||||||
|
if(TIPSEC_CONTEXT(context)->use_ipv6){
|
||||||
|
conds[0].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
|
||||||
|
conds[0].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)TIPSEC_CONTEXT(context)->addr_local;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
conds[0].conditionValue.type = FWP_UINT32;
|
||||||
|
conds[0].conditionValue.uint32 = *((UINT32*)TIPSEC_CONTEXT(context)->addr_local);
|
||||||
|
}
|
||||||
|
conds[1].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
|
||||||
|
conds[1].matchType = FWP_MATCH_EQUAL;
|
||||||
|
if(TIPSEC_CONTEXT(context)->use_ipv6){
|
||||||
|
conds[1].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
|
||||||
|
conds[1].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)TIPSEC_CONTEXT(context)->addr_remote;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
conds[1].conditionValue.type = FWP_UINT32;
|
||||||
|
conds[1].conditionValue.uint32 = *((UINT32*)TIPSEC_CONTEXT(context)->addr_remote);
|
||||||
|
}
|
||||||
|
|
||||||
|
conds[2].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
|
||||||
|
conds[2].matchType = FWP_MATCH_EQUAL;
|
||||||
|
conds[2].conditionValue.type = FWP_UINT16;
|
||||||
|
conds[2].conditionValue.uint16 = local_port;
|
||||||
|
|
||||||
|
conds[3].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
|
||||||
|
conds[3].matchType = FWP_MATCH_EQUAL;
|
||||||
|
conds[3].conditionValue.type = FWP_UINT8;
|
||||||
|
conds[3].conditionValue.uint16 = TINYIPSEC_VISTA_GET_IPPROTO(TIPSEC_CONTEXT(context)->ipproto);
|
||||||
|
|
||||||
|
// Fill in the common fields shared by both filters.
|
||||||
|
memset(&filter, 0, sizeof(filter));
|
||||||
|
// For MUI compatibility, object names should be indirect strings. See
|
||||||
|
// SHLoadIndirectString for details.
|
||||||
|
filter.displayData.name = (PWSTR)TINYIPSEC_FILTER_NAME;
|
||||||
|
// Link all objects to our provider. When multiple providers are installed
|
||||||
|
// on a computer, this makes it easy to determine who added what.
|
||||||
|
filter.providerKey = (GUID*)TINYIPSEC_PROVIDER_KEY;
|
||||||
|
filter.numFilterConditions = 4;
|
||||||
|
filter.filterCondition = conds;
|
||||||
|
filter.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||||
|
filter.flags = FWPM_FILTER_FLAG_NONE;
|
||||||
|
//filter.weight.type = FWP_EMPTY;
|
||||||
|
|
||||||
|
// Add the inbound filter.
|
||||||
|
filter.layerKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_LAYER_INBOUND_TRANSPORT_V6 : FWPM_LAYER_INBOUND_TRANSPORT_V4;
|
||||||
|
if(TIPSEC_CONTEXT(context)->mode == mode_tun){
|
||||||
|
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4;
|
||||||
|
}
|
||||||
|
if((result = FwpmFilterAdd0(context->engine, &filter, NULL, &tmpInFilterId)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("FwpmFilterAdd0 (inbound) failed with error code [%x]", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add the outbound filter.
|
||||||
|
filter.layerKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_LAYER_OUTBOUND_TRANSPORT_V6 : FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
|
||||||
|
if(TIPSEC_CONTEXT(context)->mode == mode_tun){
|
||||||
|
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4;
|
||||||
|
}
|
||||||
|
if((result = FwpmFilterAdd0(context->engine, &filter, NULL, &tmpOutFilterId)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("FwpmFilterAdd0(outbound) failed with error code [%x]", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create the SA context using the outbound traffic descriptor.
|
||||||
|
memset(&outTraffic, 0, sizeof(outTraffic));
|
||||||
|
outTraffic.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
|
||||||
|
if(TIPSEC_CONTEXT(context)->use_ipv6){
|
||||||
|
memcpy(outTraffic.localV6Address, TIPSEC_CONTEXT(context)->addr_local, 16);
|
||||||
|
memcpy(outTraffic.remoteV6Address, TIPSEC_CONTEXT(context)->addr_remote, 16);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
outTraffic.localV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_local);
|
||||||
|
outTraffic.remoteV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_remote);
|
||||||
|
}
|
||||||
|
outTraffic.trafficType = TINYIPSEC_VISTA_GET_MODE(TIPSEC_CONTEXT(context)->mode);
|
||||||
|
outTraffic.ipsecFilterId = tmpOutFilterId;
|
||||||
|
if((result = IPsecSaContextCreate0(context->engine, &outTraffic, NULL, &tmpSaId)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaContextCreate0 failed with error code [%x]", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the inbound SPI using the inbound traffic descriptor.
|
||||||
|
memset(&getSpi, 0, sizeof(getSpi));
|
||||||
|
getSpi.inboundIpsecTraffic.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
|
||||||
|
if(TIPSEC_CONTEXT(context)->use_ipv6){
|
||||||
|
memcpy(getSpi.inboundIpsecTraffic.localV6Address, TIPSEC_CONTEXT(context)->addr_local, 16);
|
||||||
|
memcpy(getSpi.inboundIpsecTraffic.remoteV6Address, TIPSEC_CONTEXT(context)->addr_remote, 16);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
getSpi.inboundIpsecTraffic.localV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_local);
|
||||||
|
getSpi.inboundIpsecTraffic.remoteV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_remote);
|
||||||
|
}
|
||||||
|
getSpi.inboundIpsecTraffic.trafficType = TINYIPSEC_VISTA_GET_MODE(TIPSEC_CONTEXT(context)->mode);
|
||||||
|
getSpi.inboundIpsecTraffic.ipsecFilterId = tmpInFilterId;
|
||||||
|
getSpi.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
|
||||||
|
if((result = IPsecSaContextGetSpi0(context->engine, tmpSaId, &getSpi, spi))){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaContextGetSpi0 failed with error code [%x]", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
//// Return the various LUIDs to the caller, so he can clean up.
|
||||||
|
//*inFilterId = tmpInFilterId;
|
||||||
|
//*outFilterId = tmpOutFilterId;
|
||||||
|
*saId = tmpSaId;
|
||||||
|
|
||||||
|
CLEANUP:
|
||||||
|
if (result != NO_ERROR){
|
||||||
|
DeleteSaContextAndFilters(context->engine, tmpInFilterId, tmpOutFilterId, tmpSaId);
|
||||||
|
}else ret = 0;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_boundSA(__in const tipsec_context_vista_t* context, __in UINT64 local_saId, __in tipsec_spi_t remote_spi, __in BOOLEAN toInbound)
|
||||||
|
{
|
||||||
|
UINT32 i=0, j=0;
|
||||||
|
DWORD result = NO_ERROR;
|
||||||
|
IPSEC_SA0 sa;
|
||||||
|
IPSEC_SA_BUNDLE0 bundle;
|
||||||
|
IPSEC_SA_AUTH_INFORMATION0 authInfo;
|
||||||
|
PFWP_BYTE_BLOB ik = (PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik;
|
||||||
|
PFWP_BYTE_BLOB ck = (PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck;
|
||||||
|
|
||||||
|
memset(&sa, 0, sizeof(sa));
|
||||||
|
sa.spi = remote_spi;
|
||||||
|
sa.saTransformType = TINYIPSEC_VISTA_GET_PROTO(TIPSEC_CONTEXT(context)->protocol);
|
||||||
|
|
||||||
|
|
||||||
|
//
|
||||||
|
// Keys padding
|
||||||
|
//
|
||||||
|
if(TIPSEC_CONTEXT(context)->alg == algo_hmac_sha_1_96){
|
||||||
|
if(ik->size < TIPSEC_IK_LEN){
|
||||||
|
for(i = ik->size; i<TIPSEC_KEY_LEN; i++){
|
||||||
|
ik->data[i] = 0x00; /* Already done by "tsk_calloc" but ... */
|
||||||
|
}
|
||||||
|
ik->size = TIPSEC_IK_LEN;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(TIPSEC_CONTEXT(context)->ealg == ealg_des_ede3_cbc){
|
||||||
|
if(ck->size < TIPSEC_CK_LEN){
|
||||||
|
for(i = ck->size; i<TIPSEC_CK_LEN; i++){
|
||||||
|
ck->data[i] = ck->data[j++];
|
||||||
|
}
|
||||||
|
ck->size = TIPSEC_CK_LEN;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// In all case create Authentication info
|
||||||
|
//
|
||||||
|
memset(&authInfo, 0, sizeof(authInfo));
|
||||||
|
authInfo.authTransform.authTransformId = TINYIPSEC_VISTA_GET_ALGO(TIPSEC_CONTEXT(context)->alg);
|
||||||
|
authInfo.authKey = *ik;
|
||||||
|
|
||||||
|
if( sa.saTransformType == IPSEC_TRANSFORM_AH ){
|
||||||
|
sa.ahInformation = &authInfo;
|
||||||
|
}
|
||||||
|
else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH ){
|
||||||
|
sa.espAuthInformation = &authInfo;
|
||||||
|
}
|
||||||
|
else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER ){
|
||||||
|
IPSEC_SA_CIPHER_INFORMATION0 cipherInfo;
|
||||||
|
IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0 cipherAuthInfo;
|
||||||
|
|
||||||
|
memset(&cipherInfo, 0, sizeof(cipherInfo));
|
||||||
|
cipherInfo.cipherTransform.cipherTransformId = TINYIPSEC_VISTA_GET_EALGO(TIPSEC_CONTEXT(context)->ealg);
|
||||||
|
cipherInfo.cipherKey = *ck;
|
||||||
|
|
||||||
|
memset(&cipherAuthInfo, 0, sizeof(cipherAuthInfo));
|
||||||
|
cipherAuthInfo.saAuthInformation = authInfo;
|
||||||
|
cipherAuthInfo.saCipherInformation = cipherInfo;
|
||||||
|
|
||||||
|
sa.espAuthAndCipherInformation = &cipherAuthInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&bundle, 0, sizeof(bundle));
|
||||||
|
bundle.numSAs = 1;
|
||||||
|
bundle.saList = &sa;
|
||||||
|
bundle.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
|
||||||
|
bundle.lifetime.lifetimeSeconds = (TIPSEC_CONTEXT(context)->lifetime > TINYIPSEC_SA_MAX_LIFETIME) ? TINYIPSEC_SA_MAX_LIFETIME : TIPSEC_CONTEXT(context)->lifetime;
|
||||||
|
|
||||||
|
/* From remote to local (inbound) ? */
|
||||||
|
if(toInbound){
|
||||||
|
if((result = IPsecSaContextAddInbound0(context->engine, local_saId, &bundle)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaContextAddInbound0 failed with error code [%x]", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
if((result = IPsecSaContextAddOutbound0(context->engine, local_saId, &bundle)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaContextAddOutbound0 failed with error code [%x]", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
CLEANUP:
|
||||||
|
return (result == ERROR_SUCCESS) ? 0 : -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId)
|
||||||
|
{
|
||||||
|
DWORD result;
|
||||||
|
|
||||||
|
// Allow the LUIDs to be zero, so we can use this function to cleanup
|
||||||
|
// partial results.
|
||||||
|
if (saId != 0)
|
||||||
|
{
|
||||||
|
result = IPsecSaContextDeleteById0(engine, saId);
|
||||||
|
if (result != ERROR_SUCCESS)
|
||||||
|
{
|
||||||
|
// There's not much we can do if delete fails, so continue trying to
|
||||||
|
// clean up the remaining objects.
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaContextDeleteById0 = 0x%08X\n", result);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (outFilterId != 0)
|
||||||
|
{
|
||||||
|
result = FwpmFilterDeleteById0(engine, outFilterId);
|
||||||
|
if (result != ERROR_SUCCESS)
|
||||||
|
{
|
||||||
|
TSK_DEBUG_ERROR("FwpmFilterDeleteById0 = 0x%08X\n", result);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (inFilterId != 0)
|
||||||
|
{
|
||||||
|
result = FwpmFilterDeleteById0(engine, inFilterId);
|
||||||
|
if (result != ERROR_SUCCESS)
|
||||||
|
{
|
||||||
|
TSK_DEBUG_ERROR("FwpmFilterDeleteById0 = 0x%08X\n", result);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int tipsec_flush_all(const tipsec_context_vista_t* context)
|
||||||
|
{
|
||||||
|
UINT32 i;
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if(context)
|
||||||
|
{
|
||||||
|
HANDLE enumHandle = NULL;
|
||||||
|
IPSEC_SA_DETAILS0** entries = NULL;
|
||||||
|
UINT32 numEntriesReturned = 0;
|
||||||
|
DWORD result;
|
||||||
|
|
||||||
|
if((result = IPsecSaCreateEnumHandle0(context->engine, NULL, &enumHandle)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaCreateEnumHandle0 failed with error code [%x].", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
if((result = IPsecSaEnum0(context->engine, enumHandle, TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST, &entries, &numEntriesReturned)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaEnum0 failed with error code [%x].", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
for(i = 0; i<numEntriesReturned; i++)
|
||||||
|
{
|
||||||
|
IPSEC_SA_DETAILS0* entry = (entries)[i];
|
||||||
|
if( !wcscmp(entry->transportFilter->displayData.name, TINYIPSEC_FILTER_NAME))
|
||||||
|
{
|
||||||
|
if((result = FwpmFilterDeleteById0(context->engine, entry->transportFilter->filterId)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("FwpmFilterDeleteById0 failed with error code [%x].", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if((result = IPsecSaDestroyEnumHandle0(context->engine, enumHandle)) != ERROR_SUCCESS){
|
||||||
|
TSK_DEBUG_ERROR("IPsecSaDestroyEnumHandle0 failed with error code [%x].", result);
|
||||||
|
goto CLEANUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
TSK_DEBUG_INFO("All SAs have been flushed.");
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
|
CLEANUP:
|
||||||
|
FwpmFreeMemory0((void**)entries);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
//=================================================================================================
|
||||||
|
// IPSec context object definition
|
||||||
|
//
|
||||||
|
static void* tipsec_context_create(void * self, va_list * app)
|
||||||
|
{
|
||||||
|
tipsec_context_vista_t *context = self;
|
||||||
|
if(context)
|
||||||
|
{
|
||||||
|
DWORD code;
|
||||||
|
|
||||||
|
const tipsec_key_t *ik;
|
||||||
|
const tipsec_key_t *ck;
|
||||||
|
|
||||||
|
TIPSEC_CONTEXT(context)->ipproto = va_arg(*app, tipsec_ipproto_t);
|
||||||
|
TIPSEC_CONTEXT(context)->use_ipv6 = va_arg(*app, int);
|
||||||
|
TIPSEC_CONTEXT(context)->mode = va_arg(*app, tipsec_mode_t);
|
||||||
|
TIPSEC_CONTEXT(context)->ealg = va_arg(*app, tipsec_ealgorithm_t);
|
||||||
|
TIPSEC_CONTEXT(context)->alg = va_arg(*app, tipsec_algorithm_t);
|
||||||
|
TIPSEC_CONTEXT(context)->protocol = va_arg(*app, tipsec_protocol_t);
|
||||||
|
|
||||||
|
ik = va_arg(*app, const tipsec_key_t*);
|
||||||
|
ck = va_arg(*app, const tipsec_key_t*);
|
||||||
|
|
||||||
|
/* Compute ik and ck */
|
||||||
|
TIPSEC_CONTEXT(context)->ik = tsk_calloc(1, sizeof(FWP_BYTE_BLOB));
|
||||||
|
TIPSEC_CONTEXT(context)->ck = tsk_calloc(1, sizeof(FWP_BYTE_BLOB));
|
||||||
|
|
||||||
|
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik)->data = tsk_calloc(1, TIPSEC_IK_LEN);
|
||||||
|
memcpy(((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik)->data, ik, TIPSEC_KEY_LEN);
|
||||||
|
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik)->size = TIPSEC_KEY_LEN;
|
||||||
|
|
||||||
|
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck)->data = tsk_calloc(1, TIPSEC_CK_LEN);
|
||||||
|
memcpy(((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck)->data, ck, TIPSEC_KEY_LEN);
|
||||||
|
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck)->size = TIPSEC_KEY_LEN;
|
||||||
|
|
||||||
|
/* Open engine */
|
||||||
|
if((code = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, &context->engine))){
|
||||||
|
TIPSEC_CONTEXT(context)->initialized = 0;
|
||||||
|
TSK_DEBUG_ERROR("FwpmEngineOpen0 failed with error code [%x].", code);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
TIPSEC_CONTEXT(context)->initialized = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
TIPSEC_CONTEXT(context)->state = state_initial;
|
||||||
|
}
|
||||||
|
return self;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void* tipsec_context_destroy(void * self)
|
||||||
|
{
|
||||||
|
tipsec_context_vista_t *context = self;
|
||||||
|
if(context)
|
||||||
|
{
|
||||||
|
DWORD code;
|
||||||
|
|
||||||
|
if(TIPSEC_CONTEXT(context)->started){
|
||||||
|
tipsec_stop(TIPSEC_CONTEXT(context));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Close engine */
|
||||||
|
if((code = FwpmEngineClose0(context->engine))){
|
||||||
|
TSK_DEBUG_ERROR("FwpmEngineClose0 failed with error code [%x].", code);
|
||||||
|
}
|
||||||
|
|
||||||
|
TSK_FREE(TIPSEC_CONTEXT(context)->addr_local);
|
||||||
|
TSK_FREE(TIPSEC_CONTEXT(context)->addr_remote);
|
||||||
|
|
||||||
|
TSK_FREE(TIPSEC_CONTEXT(context)->ik);
|
||||||
|
TSK_FREE(TIPSEC_CONTEXT(context)->ck);
|
||||||
|
}
|
||||||
|
|
||||||
|
return self;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int tipsec_context_cmp(const void *obj1, const void *obj2)
|
||||||
|
{
|
||||||
|
return-1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static const tsk_object_def_t tipsec_context_def_s =
|
||||||
|
{
|
||||||
|
sizeof(tipsec_context_vista_t),
|
||||||
|
tipsec_context_create,
|
||||||
|
tipsec_context_destroy,
|
||||||
|
tipsec_context_cmp,
|
||||||
|
};
|
||||||
|
const void *tipsec_context_def_t = &tipsec_context_def_s;
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* HAVE_IPSEC_VISTA */
|
|
@ -0,0 +1,49 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2009 Mamadou Diop.
|
||||||
|
*
|
||||||
|
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
|
||||||
|
*
|
||||||
|
* This file is part of Open Source Doubango Framework.
|
||||||
|
*
|
||||||
|
* DOUBANGO is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* DOUBANGO is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with DOUBANGO.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**@file tipsec_vista.h
|
||||||
|
* @brief Windows Vista/7 IPsec implementation using WFP.
|
||||||
|
*
|
||||||
|
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
|
||||||
|
*
|
||||||
|
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
|
||||||
|
*/
|
||||||
|
#ifndef TINYIPSEC_IPSEC_VISTA_H
|
||||||
|
#define TINYIPSEC_IPSEC_VISTA_H
|
||||||
|
|
||||||
|
#include "tinyIPSEC_config.h"
|
||||||
|
|
||||||
|
#include "tipsec_common.h"
|
||||||
|
|
||||||
|
TSK_BEGIN_DECLS
|
||||||
|
|
||||||
|
#if HAVE_IPSEC_VISTA
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* HAVE_IPSEC_VISTA */
|
||||||
|
|
||||||
|
|
||||||
|
TSK_END_DECLS
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* TINYIPSEC_IPSEC_VISTA_H */
|
|
@ -41,13 +41,15 @@
|
||||||
<Tool
|
<Tool
|
||||||
Name="VCCLCompilerTool"
|
Name="VCCLCompilerTool"
|
||||||
Optimization="0"
|
Optimization="0"
|
||||||
|
AdditionalIncludeDirectories=""$(DOUBANGO_HOME)\thirdparties\win32\include";"$(DOUBANGO_HOME)\tinySAK\src""
|
||||||
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;TINYIPSEC_EXPORTS"
|
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;TINYIPSEC_EXPORTS"
|
||||||
MinimalRebuild="true"
|
MinimalRebuild="true"
|
||||||
BasicRuntimeChecks="3"
|
BasicRuntimeChecks="3"
|
||||||
RuntimeLibrary="3"
|
RuntimeLibrary="3"
|
||||||
UsePrecompiledHeader="0"
|
UsePrecompiledHeader="0"
|
||||||
WarningLevel="3"
|
WarningLevel="3"
|
||||||
Detect64BitPortabilityProblems="true"
|
WarnAsError="true"
|
||||||
|
Detect64BitPortabilityProblems="false"
|
||||||
DebugInformationFormat="4"
|
DebugInformationFormat="4"
|
||||||
CompileAs="1"
|
CompileAs="1"
|
||||||
/>
|
/>
|
||||||
|
@ -62,7 +64,7 @@
|
||||||
/>
|
/>
|
||||||
<Tool
|
<Tool
|
||||||
Name="VCLinkerTool"
|
Name="VCLinkerTool"
|
||||||
AdditionalDependencies="Fwpuclnt.lib Ws2_32.lib"
|
AdditionalDependencies="Fwpuclnt.lib Ws2_32.lib $(OutDir)\tinySAK.lib"
|
||||||
LinkIncremental="2"
|
LinkIncremental="2"
|
||||||
GenerateDebugInformation="true"
|
GenerateDebugInformation="true"
|
||||||
SubSystem="2"
|
SubSystem="2"
|
||||||
|
@ -175,42 +177,54 @@
|
||||||
Name="source"
|
Name="source"
|
||||||
>
|
>
|
||||||
<File
|
<File
|
||||||
RelativePath=".\src\ipsec.c"
|
RelativePath=".\src\tipsec.c"
|
||||||
>
|
>
|
||||||
</File>
|
</File>
|
||||||
<File
|
<File
|
||||||
RelativePath=".\src\ipsec.linux.c"
|
RelativePath=".\src\tipsec_common.c"
|
||||||
>
|
>
|
||||||
</File>
|
</File>
|
||||||
<File
|
<File
|
||||||
RelativePath=".\src\ipsec.win32.c"
|
RelativePath=".\src\tipsec_racoon.c"
|
||||||
>
|
>
|
||||||
</File>
|
</File>
|
||||||
<File
|
<File
|
||||||
RelativePath=".\src\ipsec_utils.c"
|
RelativePath=".\src\tipsec_vista.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath=".\src\tipsec_xp.c"
|
||||||
>
|
>
|
||||||
</File>
|
</File>
|
||||||
</Filter>
|
</Filter>
|
||||||
<Filter
|
<Filter
|
||||||
Name="include"
|
Name="include"
|
||||||
>
|
>
|
||||||
<File
|
|
||||||
RelativePath=".\src\ipsec.h"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath=".\src\ipsec_utils.h"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
<File
|
||||||
RelativePath=".\src\tinyipsec_config.h"
|
RelativePath=".\src\tinyipsec_config.h"
|
||||||
>
|
>
|
||||||
</File>
|
</File>
|
||||||
</Filter>
|
|
||||||
<File
|
<File
|
||||||
RelativePath=".\src\ipsec_api.h"
|
RelativePath=".\src\tipsec.h"
|
||||||
>
|
>
|
||||||
</File>
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath=".\src\tipsec_common.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath=".\src\tipsec_racoon.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath=".\src\tipsec_vista.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath=".\src\tipsec_xp.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
</Filter>
|
||||||
</Files>
|
</Files>
|
||||||
<Globals>
|
<Globals>
|
||||||
</Globals>
|
</Globals>
|
||||||
|
|
Loading…
Reference in New Issue