ims-volte-vowifi
/
doubango
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

This commit is contained in:
bossiel 2010-02-21 19:30:58 +00:00
parent 12d9e6325a
commit d5d1083ac5
17 changed files with 0 additions and 1872 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
trunk/tinyIPSec/test/ReadMe.txt
View File

@ -1,33 +0,0 @@
========================================================================
CONSOLE APPLICATION : test Project Overview
========================================================================
AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files that
make up your test application.
test.vcproj
This is the main project file for VC++ projects generated using an Application Wizard.
It contains information about the version of Visual C++ that generated the file, and
information about the platforms, configurations, and project features selected with the
Application Wizard.
test.cpp
This is the main application source file.
/////////////////////////////////////////////////////////////////////////////
Other standard files:
StdAfx.h, StdAfx.cpp
These files are used to build a precompiled header (PCH) file
named test.pch and a precompiled types file named StdAfx.obj.
/////////////////////////////////////////////////////////////////////////////
Other notes:
AppWizard uses "TODO:" comments to indicate parts of the source code you
should add to or customize.
/////////////////////////////////////////////////////////////////////////////

26
trunk/tinyIPSec/test/stdafx.c
View File

@ -1,26 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
#include "stdafx.h"
// TODO: reference any additional headers you need in STDAFX.H
// and not in this file

34
trunk/tinyIPSec/test/stdafx.h
View File

@ -1,34 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
#pragma once
#ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later.
#define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows.
#endif
#include <stdio.h>
#include <tchar.h>
// TODO: reference additional headers your program requires here

150
trunk/tinyIPSec/test/test.c
View File

@ -1,150 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
#include "stdafx.h"
#include "tipsec.h"
#include "tsk_debug.h"
#define ADDR_REMOTE "192.168.0.9" //"2a01:e35:8b32:7050:6122:2706:2124:32ca"//"192.168.0.15"
#define ADDR_LOCAL "192.168.0.12" //"2a01:e35:8b32:7050:6122:2706:2124:32cb"//"192.168.0.14"
#define USE_IPV6 0
#define IK "1234567890123456"
#define CK "1234567890121234"
#define PORT_UC 1010
#define PORT_US 2020
#define PORT_PC 3030
#define PORT_PS 4040
#define SPI_PC 2222
#define SPI_PS 3333
int _tmain(int argc, _TCHAR* argv[])
{
int ret;
tipsec_lifetime_t lifetime = 600000; /* Always set it to the maximum value. (Not possible to update the value after REGISTER 200OK. ) */
tipsec_context_t * ctx = TIPSEC_CONTEXT_CREATE(ipproto_tcp, USE_IPV6, mode_trans, ealg_aes, algo_hmac_md5_96, proto_both, IK, CK);
if((ret = tipsec_set_local(ctx, ADDR_LOCAL, ADDR_REMOTE, PORT_UC, PORT_US))){
goto bail;
}
/* Now send your first request with security-client header using
*/
TSK_DEBUG_INFO("Security-Client: ipsec-3gpp; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
TIPSEC_ALG_TO_STR(ctx->alg), TIPSEC_EALG_TO_STR(ctx->ealg), ctx->spi_uc, ctx->spi_us, ctx->port_uc, ctx->port_us
);
getchar();
/* get and process the 401/407
*/
if((ret = tipsec_set_remote(ctx, SPI_PC, SPI_PS, PORT_PC, PORT_PS, lifetime))){
goto bail;
}
/* Start */
if((ret = tipsec_start(ctx))){
goto bail;
}
TSK_DEBUG_INFO("ALL IS OOOOOOOK");
getchar();
if((ret = tipsec_stop(ctx))){
goto bail;
}
bail:
TSK_OBJECT_SAFE_FREE(ctx);
//ipsec_context_t* context = 0;
//uint32_t spi_local_s = 0, spi_local_c = 0, spi_remote_s = 0, spi_remote_c = 0;
////http://www.arib.or.jp/IMT-2000/V740Dec09/2_T63/ARIB-STD-T63/Rel7/33/A33203-790.pdf
///* create context */
//IPSEC_CONTEXT_CREATE(context);
//// FIXME: check context validity
///* set algorithms, proto and mode */
//context->auth = iaa_hmac_md5_96;
//context->encrypt = iea_null;
//context->proto = ipp_esp;
//context->mode = ipm_transport;
//
///* set ik and ck */
//ipsec_set_ck(context, CK);
//ipsec_set_ik(context, IK);
///* set local and remote IPs */
//context->localIP = ipsec_strdup(LOCAL_IP);
//context->remoteIP = ipsec_strdup(REMOTE_IP);
//context->ipv6 = 0;
///* set local ports */
//context->SAs[ipd_incoming_req].port = PORT_LOCAL_S; /* US <- PC */
//context->SAs[ipd_incoming_rep].port = PORT_LOCAL_C; /* UC <- PS */
///* get local spis */
//spi_local_s = ipsec_get_spi(context, ipd_incoming_req);
//spi_local_c = ipsec_get_spi(context, ipd_incoming_rep);
///*******
// now send your first request with security-client header using
// ...
//*/
//printf("Security-Client: ipsec-3gpp; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
// IPSEC_AUTH_ALG_STR(context->auth), IPSEC_ENC_ALG_STR(context->encrypt), spi_local_c, spi_local_s, PORT_LOCAL_C, PORT_LOCAL_S
// );
//getchar();
///*
// get and process the 401/407
// ...
//*/
//printf("Security-Server: ipsec-3gpp; q=0.1; alg=%s; ealg=%s; spi-c=%u; spi-s=%u; port-c=%u; port-s=%u\n\n",
// IPSEC_AUTH_ALG_STR(context->auth), IPSEC_ENC_ALG_STR(context->encrypt), SPI_REMOTE_C, SPI_REMOTE_S, PORT_REMOTE_C, PORT_REMOTE_S
// );
///* set values for remote entity */
//context->SAs[ipd_outgoing_rep].port = PORT_REMOTE_C; /* US -> PC */
//context->SAs[ipd_outgoing_rep].spi = SPI_REMOTE_C; /* US -> PC */
//context->SAs[ipd_outgoing_req].port = PORT_REMOTE_S; /* UC -> PS */
//context->SAs[ipd_outgoing_req].spi = SPI_REMOTE_S; /* UC -> PS */
///* bound SAs and begin sending/receiving sip messages */
//ipsec_sa_bound(context, ipd_incoming_rep);
//ipsec_sa_bound(context, ipd_incoming_req);
//ipsec_sa_bound(context, ipd_outgoing_rep);
//ipsec_sa_bound(context, ipd_outgoing_req);
//getchar();
///* free context */
//IPSEC_CONTEXT_SAFE_FREE(context);
return 0;
}

205
trunk/tinyIPSec/test/test.vcproj
View File

@ -1,205 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="test"
ProjectGUID="{E40FEB1F-BE85-488D-BCBE-89668F6EBBF7}"
RootNamespace="test"
Keyword="Win32Proj"
TargetFrameworkVersion="131072"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="&quot;$(DOUBANGO_HOME)\thirdparties\win32\include&quot;;&quot;$(DOUBANGO_HOME)\tinyIPSec\tinyIPSec\src&quot;;&quot;$(DOUBANGO_HOME)\tinySAK\src&quot;"
PreprocessorDefinitions="DEBUG_LEVEL=DEBUG_LEVEL_INFO;WIN32;_DEBUG;_CONSOLE"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
Detect64BitPortabilityProblems="true"
DebugInformationFormat="4"
CompileAs="1"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="&quot;$(outDir)\tinyIPSec.lib&quot; &quot;$(outDir)\tinySAK.lib&quot;"
LinkIncremental="2"
GenerateDebugInformation="true"
SubSystem="1"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
RuntimeLibrary="2"
UsePrecompiledHeader="0"
WarningLevel="3"
Detect64BitPortabilityProblems="true"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
LinkIncremental="1"
GenerateDebugInformation="true"
SubSystem="1"
OptimizeReferences="2"
EnableCOMDATFolding="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\stdafx.c"
>
</File>
<File
RelativePath=".\test.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
RelativePath=".\stdafx.h"
>
</File>
</Filter>
<File
RelativePath=".\ReadMe.txt"
>
</File>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

86
trunk/tinyIPSec/tinyIPSec/src/tinyipsec_config.h
View File

@ -1,86 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
#ifndef TINYIPSEC_CONFIG_H
#define TINYIPSEC_CONFIG_H
#if HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef __SYMBIAN32__
#undef _WIN32 /* Because of WINSCW */
#endif
/* Windows (XP/Vista/7/CE and Windows Mobile) macro definition.
*/
#if defined(WIN32)|| defined(_WIN32) || defined(_WIN32_WCE)
# define TIPSEC_UNDER_WINDOWS 1
#endif
/* Used on Windows and Symbian systems to export/import public functions and global variables.
*/
#if !defined(__GNUC__) && defined(TINYIPSEC_EXPORTS)
# define TINYIPSEC_API __declspec(dllexport)
# define TINYIPSEC_GEXTERN __declspec(dllexport)
#elif !defined(__GNUC__) /*&& defined(TINYIPSEC_IMPORTS)*/
# define TINYIPSEC_API __declspec(dllimport)
# define TINYIPSEC_GEXTERN __declspec(dllimport)
#else
# define TINYIPSEC_API
# define TINYIPSEC_GEXTERN extern
#endif
/* Guards against C++ name mangling
*/
#ifdef __cplusplus
# define TIPSEC_BEGIN_DECLS extern "C" {
# define TIPSEC_END_DECLS }
#else
# define TIPSEC_BEGIN_DECLS
# define TIPSEC_END_DECLS
#endif
/* Disable some well-known warnings
*/
#ifdef _MSC_VER
# define _CRT_SECURE_NO_WARNINGS
# pragma warning( disable : 4996 )
#endif
#if TIPSEC_UNDER_WINDOWS && !defined(_WIN32_WCE)
# include <ws2tcpip.h>
#endif
//
// IPSEC
//
#if (_WIN32_WINNT >= 0x0600)
# define HAVE_IPSEC_VISTA 1
#elif (_WIN32_WINNT >= 0x0501)
# define HAVE_IPSEC_XP 1
#elif HAVE_IPSEC_TOOLS
# define HAVE_IPSEC_RACOON 1
#endif
#endif /* TINYIPSEC_CONFIG_H */

30
trunk/tinyIPSec/tinyIPSec/src/tipsec.c
View File

@ -1,30 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tipsec.c
* @brief IPSec manager.
*
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
*
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
*/
#include "tipsec.h"

41
trunk/tinyIPSec/tinyIPSec/src/tipsec.h
View File

@ -1,41 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tipsec.h
* @brief IPSec manager.
*
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
*
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
*/
#ifndef TINYIPSEC_IPSEC_H
#define TINYIPSEC_IPSEC_H
#include "tinyIPSEC_config.h"
#include "tipsec_common.h"
TSK_BEGIN_DECLS
TSK_END_DECLS
#endif /* TINYIPSEC_IPSEC_H */

60
trunk/tinyIPSec/tinyIPSec/src/tipsec_common.c
View File

@ -1,60 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tipsec_common.c
* @brief IPSec common functions.
*
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
*
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
*/
#include "tipsec_common.h"
#include "tsk_debug.h"
#if !HAVE_IPSEC_VISTA && !HAVE_IPSEC_XP && !HAVE_IPSEC_RACOON
int tipsec_start(tipsec_context_t* ctx)
{
TSK_DEBUG_ERROR("No IPSec implementation found.");
return -1;
}
int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
{
TSK_DEBUG_ERROR("No IPSec implementation found.");
return -1;
}
int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps)
{
TSK_DEBUG_ERROR("No IPSec implementation found.");
return -1;
}
int tipsec_stop(tipsec_context_t* ctx)
{
TSK_DEBUG_ERROR("No IPSec implementation found.");
return -1;
}
#endif

237
trunk/tinyIPSec/tinyIPSec/src/tipsec_common.h
View File

@ -1,237 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tipsec_common.h
* @brief IPSec common functions.
*
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
*
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
*/
#ifndef TINYIPSEC_IPSEC_COMMON_H
#define TINYIPSEC_IPSEC_COMMON_H
#include "tinyIPSEC_config.h"
#include "tsk_string.h"
TSK_BEGIN_DECLS
#define TIPSEC_CONTEXT_CREATE(ipproto, use_ipv6, mode, ealg, alg, protocol, ik, ck)\
tsk_object_new(tipsec_context_def_t, (tipsec_ipproto_t)ipproto, (int)use_ipv6, (tipsec_mode_t)mode, (tipsec_ealgorithm_t)ealg, (tipsec_algorithm_t)alg, (tipsec_protocol_t)protocol, (const tipsec_key_t*)ik, (const tipsec_key_t*)ck)
#define TIPSEC_CONTEXT(ctx) ((tipsec_context_t*)(ctx))
#define TIPSEC_IPPROTO_FROM_STR(ipproto) (tsk_strequals(ipproto, "tcp") ? ipproto_tcp : ipproto_udp)
#define TIPSEC_IPPROTO_TO_STR(ipproto) (ipproto == ipproto_tcp ? "tcp" : "udp")
#define TIPSEC_MODE_FROM_STR(mode) (tsk_strequals(mode, "trans") ? mode_trans : mode_tun)
#define TIPSEC_MODE_TO_STR(mode) (mode == mode_trans ? "trans" : "tun")
#define TIPSEC_EALG_FROM_STR(ealg) (tsk_strequals(ealg, "des-ede3-cbc") ? ealg_des_ede3_cbc : (tsk_strequals(ealg, "aes") ? ealg_aes : ealg_null))
#define TIPSEC_EALG_TO_STR(ealg) (ealg == ealg_des_ede3_cbc ? "des-ede3-cbc" : (ealg == ealg_aes ? "aes" : "null"))
#define TIPSEC_ALG_FROM_STR(alg) (tsk_strequals(alg, "hmac-sha-1-96") ? algo_hmac_sha_1_96 : algo_hmac_md5_96)
#define TIPSEC_ALG_TO_STR(alg) (alg == algo_hmac_sha_1_96 ? "hmac-sha-1-96" : "hmac-md5-96")
#define TIPSEC_PROTOCOL_FROM_STR(protocol) (tsk_strequals(protocol, "ah") ? proto_ah : ((tsk_strequals(protocol, "esp")) ? proto_esp : proto_both)
#define TIPSEC_PROTOCOL_TO_STR(protocol) (protocol == proto_esp ? "esp" : (protocol == proto_ah ? "ah" : "ah/esp"))
/**
* @def TIPSEC_KEY_SIZE
*
* @brief Size of IK (Integrity Key) and CK (Confidentiality Key).
*
* @remarks Mamadou, 2/21/2010.
**/
#define TIPSEC_KEY_LEN 16
#define TIPSEC_IK_LEN 20
#define TIPSEC_CK_LEN 24
typedef uint32_t tipsec_lifetime_t;
typedef uint32_t tipsec_spi_t;
typedef uint16_t tipsec_port_t;
//typedef uint8_t tipsec_key_t[TIPSEC_KEY_SIZE];
typedef void tipsec_key_t;
/**
* @enum tipsec_mode_e
*
* @brief List of IPSec modes.
**/
typedef enum tipsec_mode_e
{
//! IPSec transport mode.
mode_trans,
//! IPSec tunneling mode.
mode_tun
}
tipsec_mode_t;
/**
* @enum tipsec_protocol_e
*
* @brief List of IPSec protocols.
**/
typedef enum tipsec_protocol_e
{
//! AH protocol.
proto_ah,
//! ESP protocol.
proto_esp,
//! Both AH and ESP protocols.
proto_both
}
tipsec_protocol_t;
/**
* @enum tipsec_ipproto_e
*
* @brief List of Internet protocols.
**/
typedef enum tipsec_ipproto_e
{
//! UDP.
ipproto_udp,
//! TCP.
ipproto_tcp
}
tipsec_ipproto_t;
/**
* @enum tipsec_algorithm_e
*
* @brief List of IPSec algorithms.
**/
typedef enum tipsec_algorithm_e
{
//! hmac-md5-96 algorithm.
algo_hmac_md5_96,
//! hmac-sha-1-96 algorithm.
algo_hmac_sha_1_96
}
tipsec_algorithm_t;
/**
* @enum tipsec_ealgorithm_e
*
* @brief List of IPSec encrypt-algorithms.
**/
typedef enum tipsec_ealgorithm_e
{
//! des-ede3-cbc encrypt-algorithm.
ealg_des_ede3_cbc,
//! aes encrypt-algorithm.
ealg_aes,
//! null encrypt-algorithm.
ealg_null
}
tipsec_ealgorithm_t;
/**
* @enum tipsec_state_e
*
* @brief List of IPSec states.
**/
typedef enum tipsec_state_e
{
//! The default state. At this state no SA is created. It's the first and default state.
state_initial,
//! Partial state. At this state only inbound SAs (with their SPIs) have been created.
state_inbound,
//! Full state. At this state both inbound and outbound SAs have been create. It's the final state.
state_full,
//! All SAs are in active mode.
state_active
}
tipsec_state_t;
typedef struct tipsec_context_s
{
TSK_DECLARE_OBJECT;
//! Indicates whether the context have been initialized or not.
unsigned initialized;
//! Indicates whether the context have been started or not.
unsigned started:1;
//! The current state of the IPSec context.
tipsec_state_t state;
//! Indicates whether to use IPv6 addresses or not.
unsigned use_ipv6:1;
//! The network protocol.
tipsec_ipproto_t ipproto;
//! IPSec mode.
tipsec_mode_t mode;
//! Encrypt algorithm ().
tipsec_ealgorithm_t ealg;
//! Algorithm.
tipsec_algorithm_t alg;
//! IPSec protocol.
tipsec_protocol_t protocol;
//! Remote address (Proxy-CSCF).
void* addr_remote;
//! Proxy-CSCF client SPI.
tipsec_spi_t spi_pc;
//! Proxy-CSCF server SPI.
tipsec_spi_t spi_ps;
//! Proxy-CSCF client port.
tipsec_port_t port_pc;
//! Proxy-CSCF server port.
tipsec_port_t port_ps;
//! Local address (UE).
void* addr_local;
//! UE client SPI.
tipsec_spi_t spi_uc;
//! UE server SPI.
tipsec_spi_t spi_us;
//! UE client port.
tipsec_port_t port_uc;
//! UE server port.
tipsec_port_t port_us;
//! The confidentiality key.
tipsec_key_t *ck;
//! The integrity key.
tipsec_key_t *ik;
//! reg-await-auth timer value.
tipsec_lifetime_t lifetime;
}
tipsec_context_t;
#define TINYIPSEC_DECLARE_CONTEXT tipsec_context_t context
TINYIPSEC_GEXTERN const void *tipsec_context_def_t;
TINYIPSEC_API int tipsec_start(tipsec_context_t* ctx);
TINYIPSEC_API int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us);
TINYIPSEC_API int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime);
TINYIPSEC_API int tipsec_stop(tipsec_context_t* ctx);
TSK_END_DECLS
#endif /* TINYIPSEC_IPSEC_COMMON_H */

0
trunk/tinyIPSec/tinyIPSec/src/tipsec_racoon.c
View File

0
trunk/tinyIPSec/tinyIPSec/src/tipsec_racoon.h
View File

690
trunk/tinyIPSec/tinyIPSec/src/tipsec_vista.c
View File

@ -1,690 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tipsec_vista.c
* @brief Windows Vista/7 IPsec implementation using WFP.
*
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
*
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
*/
#include "tipsec_vista.h"
#if HAVE_IPSEC_VISTA
#include "tsk_memory.h"
#include "tsk_debug.h"
#include <Fwpmu.h>
typedef FWP_BYTE_BLOB* PFWP_BYTE_BLOB;
#define TINYIPSEC_FILTER_NAME TEXT("tinyIPSEC")
#define TINYIPSEC_PROVIDER_KEY NULL
#define TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST 20
#define TINYIPSEC_SA_MAX_LIFETIME 172799
#define TINYIPSEC_VISTA_GET_ALGO(algo) (algo == algo_hmac_md5_96) ? IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 : IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96
#define TINYIPSEC_VISTA_GET_EALGO(ealg) (ealg == ealg_des_ede3_cbc) ? IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES : ( (ealg == ealg_aes) ? IPSEC_CIPHER_TRANSFORM_ID_AES_128 : IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL )
#define TINYIPSEC_VISTA_GET_MODE(mode) (mode == mode_tun) ? IPSEC_TRAFFIC_TYPE_TUNNEL : IPSEC_TRAFFIC_TYPE_TRANSPORT
#define TINYIPSEC_VISTA_GET_IPPROTO(ipproto) (ipproto == ipproto_tcp) ? IPPROTO_TCP : IPPROTO_UDP
#define TINYIPSEC_VISTA_GET_IPVER(ipv6) (ipv6) ? FWP_IP_VERSION_V6 : FWP_IP_VERSION_V4
#define TINYIPSEC_VISTA_GET_PROTO(proto) (proto == proto_ah) ? IPSEC_TRANSFORM_AH : ( (proto == proto_esp) ? IPSEC_TRANSFORM_ESP_AUTH : IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER );
/* as WFP do not provide null encryption I define my own*/
static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL=
{
(IPSEC_CIPHER_TYPE)NULL,
(IPSEC_CIPHER_TYPE)NULL
};
typedef struct tipsec_context_vista_s
{
TINYIPSEC_DECLARE_CONTEXT;
UINT64 saId_us;
UINT64 saId_uc;
HANDLE engine;
}
tipsec_context_vista_t;
#define TIPSEC_CONTEXT_VISTA(ctx) ((tipsec_context_vista_t*)(ctx))
int tipsec_create_localSA(__in const tipsec_context_vista_t* context, __in tipsec_port_t local_port, __out tipsec_spi_t *spi, UINT64 *saId);
int tipsec_boundSA(__in const tipsec_context_vista_t* context, __in UINT64 local_saId, __in tipsec_spi_t remote_spi, __in BOOLEAN toInbound);
int tipsec_flush_all(const tipsec_context_vista_t* context);
void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId);
int tipsec_start(tipsec_context_t* ctx)
{
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
int ret = -1;
if(!ctx_vista){
ret = -1;
goto bail;
}
if(TIPSEC_CONTEXT(ctx_vista)->started){
TSK_DEBUG_WARN("The IPSec context already started.");
ret = -2;
goto bail;
}
if(TIPSEC_CONTEXT(ctx_vista)->state != state_full){
TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
ret = -3;
goto bail;
}
/* VERY IMPORTANT: The SA context functions must be called in a specific order:
(http://msdn.microsoft.com/en-us/library/bb540652(VS.85).aspx).
IPsecSaContextCreate0
IPsecSaContextGetSpi0
IPsecSaContextAddInbound0
IPsecSaContextAddOutbound0
*/
/* US <- PC */
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_us, TIPSEC_CONTEXT(ctx_vista)->spi_us, TRUE))){
TSK_DEBUG_ERROR("Failed to setup [US <- PC] SA.");
goto bail;
}
/* UC <- PS */
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_uc, TIPSEC_CONTEXT(ctx_vista)->spi_uc, TRUE))){
TSK_DEBUG_ERROR("Failed to setup [UC <- PS] SA.");
goto bail;
}
/* UC -> PS */
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_uc, TIPSEC_CONTEXT(ctx_vista)->spi_ps, FALSE))){
TSK_DEBUG_ERROR("Failed to setup [UC -> PS] SA.");
goto bail;
}
/* US -> PC */
if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_us, TIPSEC_CONTEXT(ctx_vista)->spi_pc, FALSE))){
TSK_DEBUG_ERROR("Failed to setup [US -> PC] SA.");
goto bail;
}
// Set the state to active.
TIPSEC_CONTEXT(ctx_vista)->state = state_active;
TIPSEC_CONTEXT(ctx_vista)->started = 1;
bail:
return ret;
}
int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
{
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
int ret;
if(!ctx_vista){
ret = -1;
goto bail;
}
if(!addr_local || !port_uc || !port_us){
ret = -2;
goto bail;
}
if(!TIPSEC_CONTEXT(ctx_vista)->initialized){
TSK_DEBUG_ERROR("IPSec engine not initialized.");
ret = -3;
goto bail;
}
if(TIPSEC_CONTEXT(ctx_vista)->state != state_initial){
TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
ret = -4;
goto bail;
}
TSK_FREE(TIPSEC_CONTEXT(ctx_vista)->addr_local);
TSK_FREE(TIPSEC_CONTEXT(ctx_vista)->addr_remote);
/* Set local IP */
if(TIPSEC_CONTEXT(ctx_vista)->use_ipv6){
TIPSEC_CONTEXT(ctx_vista)->addr_local = tsk_calloc(16, sizeof(uint8_t));
TIPSEC_CONTEXT(ctx_vista)->addr_remote = tsk_calloc(16, sizeof(uint8_t));
if ((ret = inet_pton(AF_INET6, addr_local, TIPSEC_CONTEXT(ctx_vista)->addr_local)) != 1 ){
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_local, ret);
goto bail;
} else ret = 0;
if ((ret = inet_pton(AF_INET6, addr_remote, TIPSEC_CONTEXT(ctx_vista)->addr_remote)) != 1 ){
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_remote, ret);
goto bail;
} else ret = 0;
}
else{
TIPSEC_CONTEXT(ctx_vista)->addr_local = tsk_calloc(4, sizeof(uint8_t));
TIPSEC_CONTEXT(ctx_vista)->addr_remote = tsk_calloc(4, sizeof(uint8_t));
if ((ret = inet_pton(AF_INET, addr_local, TIPSEC_CONTEXT(ctx_vista)->addr_local)) != 1 ){
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_local, ret);
goto bail;
}
else {
*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_local) = ntohl(*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_local));
ret = 0;
}
if ((ret = inet_pton(AF_INET, addr_remote, TIPSEC_CONTEXT(ctx_vista)->addr_remote)) != 1 ){
TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_remote, ret);
goto bail;
}
else{
*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_remote) = ntohl(*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_remote));
ret = 0;
}
}
/* Set ports */
TIPSEC_CONTEXT(ctx_vista)->port_uc = port_uc;
TIPSEC_CONTEXT(ctx_vista)->port_us = port_us;
if((ret = tipsec_create_localSA(ctx_vista, TIPSEC_CONTEXT(ctx_vista)->port_uc, &TIPSEC_CONTEXT(ctx_vista)->spi_uc, &ctx_vista->saId_uc))){
goto bail;
}
if((ret = tipsec_create_localSA(ctx_vista, TIPSEC_CONTEXT(ctx_vista)->port_us, &TIPSEC_CONTEXT(ctx_vista)->spi_us, &ctx_vista->saId_us))){
goto bail;
}
TIPSEC_CONTEXT(ctx_vista)->state = state_inbound;
bail:
return ret;
}
int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime)
{
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
int ret = -1;
if(!ctx_vista){
ret = -1;
goto bail;
}
if(!lifetime || !port_pc || !port_ps){
ret = -2;
goto bail;
}
if(TIPSEC_CONTEXT(ctx_vista)->state != state_inbound){
TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
ret = -3;
goto bail;
}
/* Set Lifetime */
TIPSEC_CONTEXT(ctx_vista)->lifetime = lifetime;
/* Set ports */
TIPSEC_CONTEXT(ctx_vista)->port_ps = port_ps;
TIPSEC_CONTEXT(ctx_vista)->port_pc = port_pc;
/* Set spis */
TIPSEC_CONTEXT(ctx_vista)->spi_ps = spi_ps;
TIPSEC_CONTEXT(ctx_vista)->spi_pc = spi_pc;
TIPSEC_CONTEXT(ctx_vista)->state = state_full;
ret = 0;
bail:
return ret;
}
int tipsec_stop(tipsec_context_t* ctx)
{
tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
int ret = -1;
if(!ctx_vista){
ret = -1;
goto bail;
}
if(!TIPSEC_CONTEXT(ctx_vista)->started){
TSK_DEBUG_WARN("The IPSec context not started.");
ret = -2;
goto bail;
}
/* Flush (delete) all SAs associated to tinyIPSEC */
tipsec_flush_all(ctx_vista);
TIPSEC_CONTEXT(ctx_vista)->started = 0;
TIPSEC_CONTEXT(ctx_vista)->state = state_initial;
bail:
return ret;
}
int tipsec_create_localSA(__in const tipsec_context_vista_t* context, __in tipsec_port_t local_port, __out tipsec_spi_t *spi, UINT64 *saId)
{
DWORD result = NO_ERROR;
UINT64 tmpInFilterId = 0, tmpOutFilterId = 0, tmpSaId = 0;
FWPM_FILTER0 filter;
IPSEC_TRAFFIC0 outTraffic;
IPSEC_GETSPI0 getSpi;
int ret = -1;
FWPM_FILTER_CONDITION0 conds[4];
conds[0].fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS;
conds[0].matchType = FWP_MATCH_EQUAL;
*spi = 0;
*saId = 0;
if(TIPSEC_CONTEXT(context)->use_ipv6){
conds[0].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
conds[0].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)TIPSEC_CONTEXT(context)->addr_local;
}
else{
conds[0].conditionValue.type = FWP_UINT32;
conds[0].conditionValue.uint32 = *((UINT32*)TIPSEC_CONTEXT(context)->addr_local);
}
conds[1].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
conds[1].matchType = FWP_MATCH_EQUAL;
if(TIPSEC_CONTEXT(context)->use_ipv6){
conds[1].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
conds[1].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)TIPSEC_CONTEXT(context)->addr_remote;
}
else{
conds[1].conditionValue.type = FWP_UINT32;
conds[1].conditionValue.uint32 = *((UINT32*)TIPSEC_CONTEXT(context)->addr_remote);
}
conds[2].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = local_port;
conds[3].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[3].matchType = FWP_MATCH_EQUAL;
conds[3].conditionValue.type = FWP_UINT8;
conds[3].conditionValue.uint16 = TINYIPSEC_VISTA_GET_IPPROTO(TIPSEC_CONTEXT(context)->ipproto);
// Fill in the common fields shared by both filters.
memset(&filter, 0, sizeof(filter));
// For MUI compatibility, object names should be indirect strings. See
// SHLoadIndirectString for details.
filter.displayData.name = (PWSTR)TINYIPSEC_FILTER_NAME;
// Link all objects to our provider. When multiple providers are installed
// on a computer, this makes it easy to determine who added what.
filter.providerKey = (GUID*)TINYIPSEC_PROVIDER_KEY;
filter.numFilterConditions = 4;
filter.filterCondition = conds;
filter.action.type = FWP_ACTION_CALLOUT_TERMINATING;
filter.flags = FWPM_FILTER_FLAG_NONE;
//filter.weight.type = FWP_EMPTY;
// Add the inbound filter.
filter.layerKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_LAYER_INBOUND_TRANSPORT_V6 : FWPM_LAYER_INBOUND_TRANSPORT_V4;
if(TIPSEC_CONTEXT(context)->mode == mode_tun){
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4;
}
else{
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4;
}
if((result = FwpmFilterAdd0(context->engine, &filter, NULL, &tmpInFilterId)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("FwpmFilterAdd0 (inbound) failed with error code [%x]", result);
goto CLEANUP;
}
// Add the outbound filter.
filter.layerKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_LAYER_OUTBOUND_TRANSPORT_V6 : FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
if(TIPSEC_CONTEXT(context)->mode == mode_tun){
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4;
}
else{
filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4;
}
if((result = FwpmFilterAdd0(context->engine, &filter, NULL, &tmpOutFilterId)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("FwpmFilterAdd0(outbound) failed with error code [%x]", result);
goto CLEANUP;
}
// Create the SA context using the outbound traffic descriptor.
memset(&outTraffic, 0, sizeof(outTraffic));
outTraffic.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
if(TIPSEC_CONTEXT(context)->use_ipv6){
memcpy(outTraffic.localV6Address, TIPSEC_CONTEXT(context)->addr_local, 16);
memcpy(outTraffic.remoteV6Address, TIPSEC_CONTEXT(context)->addr_remote, 16);
}
else{
outTraffic.localV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_local);
outTraffic.remoteV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_remote);
}
outTraffic.trafficType = TINYIPSEC_VISTA_GET_MODE(TIPSEC_CONTEXT(context)->mode);
outTraffic.ipsecFilterId = tmpOutFilterId;
if((result = IPsecSaContextCreate0(context->engine, &outTraffic, NULL, &tmpSaId)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("IPsecSaContextCreate0 failed with error code [%x]", result);
goto CLEANUP;
}
// Get the inbound SPI using the inbound traffic descriptor.
memset(&getSpi, 0, sizeof(getSpi));
getSpi.inboundIpsecTraffic.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
if(TIPSEC_CONTEXT(context)->use_ipv6){
memcpy(getSpi.inboundIpsecTraffic.localV6Address, TIPSEC_CONTEXT(context)->addr_local, 16);
memcpy(getSpi.inboundIpsecTraffic.remoteV6Address, TIPSEC_CONTEXT(context)->addr_remote, 16);
}
else{
getSpi.inboundIpsecTraffic.localV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_local);
getSpi.inboundIpsecTraffic.remoteV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_remote);
}
getSpi.inboundIpsecTraffic.trafficType = TINYIPSEC_VISTA_GET_MODE(TIPSEC_CONTEXT(context)->mode);
getSpi.inboundIpsecTraffic.ipsecFilterId = tmpInFilterId;
getSpi.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
if((result = IPsecSaContextGetSpi0(context->engine, tmpSaId, &getSpi, spi))){
TSK_DEBUG_ERROR("IPsecSaContextGetSpi0 failed with error code [%x]", result);
goto CLEANUP;
}
//// Return the various LUIDs to the caller, so he can clean up.
//*inFilterId = tmpInFilterId;
//*outFilterId = tmpOutFilterId;
*saId = tmpSaId;
CLEANUP:
if (result != NO_ERROR){
DeleteSaContextAndFilters(context->engine, tmpInFilterId, tmpOutFilterId, tmpSaId);
}else ret = 0;
return ret;
}
int tipsec_boundSA(__in const tipsec_context_vista_t* context, __in UINT64 local_saId, __in tipsec_spi_t remote_spi, __in BOOLEAN toInbound)
{
UINT32 i=0, j=0;
DWORD result = NO_ERROR;
IPSEC_SA0 sa;
IPSEC_SA_BUNDLE0 bundle;
IPSEC_SA_AUTH_INFORMATION0 authInfo;
PFWP_BYTE_BLOB ik = (PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik;
PFWP_BYTE_BLOB ck = (PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck;
memset(&sa, 0, sizeof(sa));
sa.spi = remote_spi;
sa.saTransformType = TINYIPSEC_VISTA_GET_PROTO(TIPSEC_CONTEXT(context)->protocol);
//
// Keys padding
//
if(TIPSEC_CONTEXT(context)->alg == algo_hmac_sha_1_96){
if(ik->size < TIPSEC_IK_LEN){
for(i = ik->size; i<TIPSEC_KEY_LEN; i++){
ik->data[i] = 0x00; /* Already done by "tsk_calloc" but ... */
}
ik->size = TIPSEC_IK_LEN;
}
}
if(TIPSEC_CONTEXT(context)->ealg == ealg_des_ede3_cbc){
if(ck->size < TIPSEC_CK_LEN){
for(i = ck->size; i<TIPSEC_CK_LEN; i++){
ck->data[i] = ck->data[j++];
}
ck->size = TIPSEC_CK_LEN;
}
}
//
// In all case create Authentication info
//
memset(&authInfo, 0, sizeof(authInfo));
authInfo.authTransform.authTransformId = TINYIPSEC_VISTA_GET_ALGO(TIPSEC_CONTEXT(context)->alg);
authInfo.authKey = *ik;
if( sa.saTransformType == IPSEC_TRANSFORM_AH ){
sa.ahInformation = &authInfo;
}
else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH ){
sa.espAuthInformation = &authInfo;
}
else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER ){
IPSEC_SA_CIPHER_INFORMATION0 cipherInfo;
IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0 cipherAuthInfo;
memset(&cipherInfo, 0, sizeof(cipherInfo));
cipherInfo.cipherTransform.cipherTransformId = TINYIPSEC_VISTA_GET_EALGO(TIPSEC_CONTEXT(context)->ealg);
cipherInfo.cipherKey = *ck;
memset(&cipherAuthInfo, 0, sizeof(cipherAuthInfo));
cipherAuthInfo.saAuthInformation = authInfo;
cipherAuthInfo.saCipherInformation = cipherInfo;
sa.espAuthAndCipherInformation = &cipherAuthInfo;
}
memset(&bundle, 0, sizeof(bundle));
bundle.numSAs = 1;
bundle.saList = &sa;
bundle.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
bundle.lifetime.lifetimeSeconds = (TIPSEC_CONTEXT(context)->lifetime > TINYIPSEC_SA_MAX_LIFETIME) ? TINYIPSEC_SA_MAX_LIFETIME : TIPSEC_CONTEXT(context)->lifetime;
/* From remote to local (inbound) ? */
if(toInbound){
if((result = IPsecSaContextAddInbound0(context->engine, local_saId, &bundle)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("IPsecSaContextAddInbound0 failed with error code [%x]", result);
goto CLEANUP;
}
}
else{
if((result = IPsecSaContextAddOutbound0(context->engine, local_saId, &bundle)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("IPsecSaContextAddOutbound0 failed with error code [%x]", result);
goto CLEANUP;
}
}
CLEANUP:
return (result == ERROR_SUCCESS) ? 0 : -1;
}
void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId)
{
DWORD result;
// Allow the LUIDs to be zero, so we can use this function to cleanup
// partial results.
if (saId != 0)
{
result = IPsecSaContextDeleteById0(engine, saId);
if (result != ERROR_SUCCESS)
{
// There's not much we can do if delete fails, so continue trying to
// clean up the remaining objects.
TSK_DEBUG_ERROR("IPsecSaContextDeleteById0 = 0x%08X\n", result);
}
}
if (outFilterId != 0)
{
result = FwpmFilterDeleteById0(engine, outFilterId);
if (result != ERROR_SUCCESS)
{
TSK_DEBUG_ERROR("FwpmFilterDeleteById0 = 0x%08X\n", result);
}
}
if (inFilterId != 0)
{
result = FwpmFilterDeleteById0(engine, inFilterId);
if (result != ERROR_SUCCESS)
{
TSK_DEBUG_ERROR("FwpmFilterDeleteById0 = 0x%08X\n", result);
}
}
}
int tipsec_flush_all(const tipsec_context_vista_t* context)
{
UINT32 i;
int ret = -1;
if(context)
{
HANDLE enumHandle = NULL;
IPSEC_SA_DETAILS0** entries = NULL;
UINT32 numEntriesReturned = 0;
DWORD result;
if((result = IPsecSaCreateEnumHandle0(context->engine, NULL, &enumHandle)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("IPsecSaCreateEnumHandle0 failed with error code [%x].", result);
goto CLEANUP;
}
if((result = IPsecSaEnum0(context->engine, enumHandle, TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST, &entries, &numEntriesReturned)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("IPsecSaEnum0 failed with error code [%x].", result);
goto CLEANUP;
}
for(i = 0; i<numEntriesReturned; i++)
{
IPSEC_SA_DETAILS0* entry = (entries)[i];
if( !wcscmp(entry->transportFilter->displayData.name, TINYIPSEC_FILTER_NAME))
{
if((result = FwpmFilterDeleteById0(context->engine, entry->transportFilter->filterId)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("FwpmFilterDeleteById0 failed with error code [%x].", result);
goto CLEANUP;
}
}
}
if((result = IPsecSaDestroyEnumHandle0(context->engine, enumHandle)) != ERROR_SUCCESS){
TSK_DEBUG_ERROR("IPsecSaDestroyEnumHandle0 failed with error code [%x].", result);
goto CLEANUP;
}
TSK_DEBUG_INFO("All SAs have been flushed.");
ret = 0;
CLEANUP:
FwpmFreeMemory0((void**)entries);
}
return ret;
}
//=================================================================================================
// IPSec context object definition
//
static void* tipsec_context_create(void * self, va_list * app)
{
tipsec_context_vista_t *context = self;
if(context)
{
DWORD code;
const tipsec_key_t *ik;
const tipsec_key_t *ck;
TIPSEC_CONTEXT(context)->ipproto = va_arg(*app, tipsec_ipproto_t);
TIPSEC_CONTEXT(context)->use_ipv6 = va_arg(*app, int);
TIPSEC_CONTEXT(context)->mode = va_arg(*app, tipsec_mode_t);
TIPSEC_CONTEXT(context)->ealg = va_arg(*app, tipsec_ealgorithm_t);
TIPSEC_CONTEXT(context)->alg = va_arg(*app, tipsec_algorithm_t);
TIPSEC_CONTEXT(context)->protocol = va_arg(*app, tipsec_protocol_t);
ik = va_arg(*app, const tipsec_key_t*);
ck = va_arg(*app, const tipsec_key_t*);
/* Compute ik and ck */
TIPSEC_CONTEXT(context)->ik = tsk_calloc(1, sizeof(FWP_BYTE_BLOB));
TIPSEC_CONTEXT(context)->ck = tsk_calloc(1, sizeof(FWP_BYTE_BLOB));
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik)->data = tsk_calloc(1, TIPSEC_IK_LEN);
memcpy(((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik)->data, ik, TIPSEC_KEY_LEN);
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik)->size = TIPSEC_KEY_LEN;
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck)->data = tsk_calloc(1, TIPSEC_CK_LEN);
memcpy(((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck)->data, ck, TIPSEC_KEY_LEN);
((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck)->size = TIPSEC_KEY_LEN;
/* Open engine */
if((code = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, &context->engine))){
TIPSEC_CONTEXT(context)->initialized = 0;
TSK_DEBUG_ERROR("FwpmEngineOpen0 failed with error code [%x].", code);
}
else{
TIPSEC_CONTEXT(context)->initialized = 1;
}
TIPSEC_CONTEXT(context)->state = state_initial;
}
return self;
}
static void* tipsec_context_destroy(void * self)
{
tipsec_context_vista_t *context = self;
if(context)
{
DWORD code;
if(TIPSEC_CONTEXT(context)->started){
tipsec_stop(TIPSEC_CONTEXT(context));
}
/* Close engine */
if((code = FwpmEngineClose0(context->engine))){
TSK_DEBUG_ERROR("FwpmEngineClose0 failed with error code [%x].", code);
}
TSK_FREE(TIPSEC_CONTEXT(context)->addr_local);
TSK_FREE(TIPSEC_CONTEXT(context)->addr_remote);
TSK_FREE(TIPSEC_CONTEXT(context)->ik);
TSK_FREE(TIPSEC_CONTEXT(context)->ck);
}
return self;
}
static int tipsec_context_cmp(const void *obj1, const void *obj2)
{
return-1;
}
static const tsk_object_def_t tipsec_context_def_s =
{
sizeof(tipsec_context_vista_t),
tipsec_context_create,
tipsec_context_destroy,
tipsec_context_cmp,
};
const void *tipsec_context_def_t = &tipsec_context_def_s;
#endif /* HAVE_IPSEC_VISTA */

49
trunk/tinyIPSec/tinyIPSec/src/tipsec_vista.h
View File

@ -1,49 +0,0 @@
/*
* Copyright (C) 2009 Mamadou Diop.
*
* Contact: Mamadou Diop <diopmamadou@yahoo.fr>
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tipsec_vista.h
* @brief Windows Vista/7 IPsec implementation using WFP.
*
* @author Mamadou Diop <diopmamadou(at)yahoo.fr>
*
* @date Created: Sat Nov 8 16:54:58 2009 mdiop
*/
#ifndef TINYIPSEC_IPSEC_VISTA_H
#define TINYIPSEC_IPSEC_VISTA_H
#include "tinyIPSEC_config.h"
#include "tipsec_common.h"
TSK_BEGIN_DECLS
#if HAVE_IPSEC_VISTA
#endif /* HAVE_IPSEC_VISTA */
TSK_END_DECLS
#endif /* TINYIPSEC_IPSEC_VISTA_H */

0
trunk/tinyIPSec/tinyIPSec/src/tipsec_xp.c
View File

0
trunk/tinyIPSec/tinyIPSec/src/tipsec_xp.h
View File

231
trunk/tinyIPSec/tinyIPSec/tinyIPSec.vcproj
View File

@ -1,231 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="tinyIPSec"
ProjectGUID="{002FF064-588F-402E-A096-C8D033F49F40}"
RootNamespace="tinyIPSec"
Keyword="Win32Proj"
TargetFrameworkVersion="131072"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="2"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="&quot;$(DOUBANGO_HOME)\thirdparties\win32\include&quot;;&quot;$(DOUBANGO_HOME)\tinySAK\src&quot;"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;TINYIPSEC_EXPORTS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
WarnAsError="true"
Detect64BitPortabilityProblems="false"
DebugInformationFormat="4"
CompileAs="1"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Fwpuclnt.lib Ws2_32.lib $(OutDir)\tinySAK.lib"
LinkIncremental="2"
GenerateDebugInformation="true"
SubSystem="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="2"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;TINYIPSEC_EXPORTS"
RuntimeLibrary="2"
UsePrecompiledHeader="0"
WarningLevel="3"
Detect64BitPortabilityProblems="true"
DebugInformationFormat="3"
CompileAs="1"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
LinkIncremental="1"
GenerateDebugInformation="true"
SubSystem="2"
OptimizeReferences="2"
EnableCOMDATFolding="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="source"
>
<File
RelativePath=".\src\tipsec.c"
>
</File>
<File
RelativePath=".\src\tipsec_common.c"
>
</File>
<File
RelativePath=".\src\tipsec_racoon.c"
>
</File>
<File
RelativePath=".\src\tipsec_vista.c"
>
</File>
<File
RelativePath=".\src\tipsec_xp.c"
>
</File>
</Filter>
<Filter
Name="include"
>
<File
RelativePath=".\src\tinyipsec_config.h"
>
</File>
<File
RelativePath=".\src\tipsec.h"
>
</File>
<File
RelativePath=".\src\tipsec_common.h"
>
</File>
<File
RelativePath=".\src\tipsec_racoon.h"
>
</File>
<File
RelativePath=".\src\tipsec_vista.h"
>
</File>
<File
RelativePath=".\src\tipsec_xp.h"
>
</File>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>