xref: /openbsd-src/sbin/isakmpd/vendor.c (revision f2c2b5e4b789b7e1b346fd121690e979ed5ad6db)

/*	$OpenBSD: vendor.c,v 1.6 2017/11/08 13:33:49 patrick Exp $	*/
/*
 * Copyright (c) 2006 Hans-Joerg Hoexer <hshoexer@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>

#include "exchange.h"
#include "hash.h"
#include "log.h"
#include "message.h"
#include "vendor.h"

static struct vendor_cap openbsd_vendor_cap[] = {
	{ "OpenBSD-6.3", NULL, 0 },
};

#define NUMVIDS	(sizeof openbsd_vendor_cap / sizeof openbsd_vendor_cap[0])

static int
setup_vendor_hashes(void)
{
	struct hash	*hash;
	int		 i, n = NUMVIDS;

	hash = hash_get(HASH_MD5);
	if (!hash) {
		log_print("setup_vendor_hashes: could not find MD5 hash");
		return -1;
	}

	for (i = 0; i < n; i++) {
		openbsd_vendor_cap[i].hashsize = hash->hashsize;
		openbsd_vendor_cap[i].hash = calloc(hash->hashsize,
		    sizeof(u_int8_t));
		if (openbsd_vendor_cap[i].hash == NULL) {
			log_error("setup_vendor_hashes: calloc failed");
			goto errout;
		}

		hash->Init(hash->ctx);
		hash->Update(hash->ctx,
		    (unsigned char *)openbsd_vendor_cap[i].text,
		    strlen(openbsd_vendor_cap[i].text));
		hash->Final(openbsd_vendor_cap[i].hash, hash->ctx);

		LOG_DBG((LOG_EXCHANGE, 50, "setup_vendor_hashes: "
		    "MD5(\"%s\") (%lu bytes)", openbsd_vendor_cap[i].text,
		    (unsigned long)hash->hashsize));
		LOG_DBG_BUF((LOG_EXCHANGE, 50, "setup_vendor_hashes",
		    openbsd_vendor_cap[i].hash, hash->hashsize));
	}
	return 0;

errout:
	for (i = 0; i < n; i++)
		free(openbsd_vendor_cap[i].hash);
	return -1;
}

void
vendor_init(void)
{
	setup_vendor_hashes();
}

int
add_vendor_openbsd(struct message *msg)
{
	u_int8_t	*buf;
	size_t		 buflen;
	int		 i, n = NUMVIDS;

	for (i = 0; i < n; i++) {
		buflen = openbsd_vendor_cap[i].hashsize + ISAKMP_GEN_SZ;
		if ((buf = calloc(buflen, sizeof(char))) == NULL) {
			log_error("add_vendor_payload: calloc(%lu) failed",
			    (unsigned long)buflen);
			return -1;
		}

		SET_ISAKMP_GEN_LENGTH(buf, buflen);
		memcpy(buf + ISAKMP_VENDOR_ID_OFF, openbsd_vendor_cap[i].hash,
		    openbsd_vendor_cap[i].hashsize);
		if (message_add_payload(msg, ISAKMP_PAYLOAD_VENDOR, buf,
		    buflen, 1)) {
			free(buf);
			return -1;
		}
	}

	return 0;
}

void
check_vendor_openbsd(struct message *msg, struct payload *p)
{
	u_int8_t	*pbuf = p->p;
	ssize_t		 vlen;
	int		 i, n = NUMVIDS;

	if (msg->exchange->flags & EXCHANGE_FLAG_OPENBSD) {
		p->flags |= PL_MARK;
		return;
	}

	vlen = GET_ISAKMP_GEN_LENGTH(pbuf) - ISAKMP_GEN_SZ;

	for (i = 0; i < n; i++) {
		if (vlen != openbsd_vendor_cap[i].hashsize) {
			LOG_DBG((LOG_EXCHANGE, 90,
			    "check_vendor_openbsd: bad size %lu != %lu",
			    (unsigned long)vlen,
			    (unsigned long)openbsd_vendor_cap[i].hashsize));
			continue;
		}
		if (memcmp(openbsd_vendor_cap[i].hash, pbuf + ISAKMP_GEN_SZ,
		    vlen) == 0) {
			msg->exchange->flags |= EXCHANGE_FLAG_OPENBSD;
			LOG_DBG((LOG_EXCHANGE, 10, "check_vendor_openbsd: "
			    "OpenBSD (%s)", openbsd_vendor_cap[i].text));
		}
		p->flags |= PL_MARK;
	}
}