summaryrefslogtreecommitdiffstats
path: root/branches/1.0/tinyIPSec/src
diff options
context:
space:
mode:
Diffstat (limited to 'branches/1.0/tinyIPSec/src')
-rw-r--r--branches/1.0/tinyIPSec/src/tinyipsec_config.h92
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec.c47
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec.h41
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_common.c115
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_common.h280
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_racoon.c116
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_racoon.h49
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_vista.c728
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_vista.h49
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_xp.c652
-rw-r--r--branches/1.0/tinyIPSec/src/tipsec_xp.h50
11 files changed, 0 insertions, 2219 deletions
diff --git a/branches/1.0/tinyIPSec/src/tinyipsec_config.h b/branches/1.0/tinyIPSec/src/tinyipsec_config.h
deleted file mode 100644
index 4fa8880..0000000
--- a/branches/1.0/tinyIPSec/src/tinyipsec_config.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-#ifndef TINYIPSEC_CONFIG_H
-#define TINYIPSEC_CONFIG_H
-
-#ifdef __SYMBIAN32__
-#undef _WIN32 /* Because of WINSCW */
-#endif
-
-/* Windows (XP/Vista/7/CE and Windows Mobile) macro definition.
-*/
-#if defined(WIN32)|| defined(_WIN32) || defined(_WIN32_WCE)
-# define TIPSEC_UNDER_WINDOWS 1
-#endif
-
-/* Used on Windows and Symbian systems to export/import public functions and global variables.
-*/
-#if !defined(__GNUC__) && defined(TINYIPSEC_EXPORTS)
-# define TINYIPSEC_API __declspec(dllexport)
-# define TINYIPSEC_GEXTERN __declspec(dllexport)
-#elif !defined(__GNUC__) /*&& defined(TINYIPSEC_IMPORTS)*/
-# define TINYIPSEC_API __declspec(dllimport)
-# define TINYIPSEC_GEXTERN __declspec(dllimport)
-#else
-# define TINYIPSEC_API
-# define TINYIPSEC_GEXTERN extern
-#endif
-
-/* Guards against C++ name mangling
-*/
-#ifdef __cplusplus
-# define TIPSEC_BEGIN_DECLS extern "C" {
-# define TIPSEC_END_DECLS }
-#else
-# define TIPSEC_BEGIN_DECLS
-# define TIPSEC_END_DECLS
-#endif
-
-/* Disable some well-known warnings
-*/
-#ifdef _MSC_VER
-# define _CRT_SECURE_NO_WARNINGS
-# pragma warning( disable : 4996 )
-#endif
-
-#if TIPSEC_UNDER_WINDOWS && !defined(_WIN32_WCE)
-//# include <windows.h>
-//# include <ws2tcpip.h>
-# include <winsock2.h>
-#endif
-
-
-//
-// IPSEC
-//
-#if HAVE_IPSEC
-# if (_WIN32_WINNT >= 0x0600)
-# define HAVE_IPSEC_VISTA 1
-# elif (_WIN32_WINNT >= 0x0501)
-# define HAVE_IPSEC_XP 0
-# elif HAVE_IPSEC_TOOLS
-# define HAVE_IPSEC_RACOON 1
-# endif
-#endif
-
-
-#if HAVE_CONFIG_H
- #include "../config.h"
-#endif
-
-#endif /* TINYIPSEC_CONFIG_H */
-
diff --git a/branches/1.0/tinyIPSec/src/tipsec.c b/branches/1.0/tinyIPSec/src/tipsec.c
deleted file mode 100644
index 463df6f..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec.c
- * @brief IPSec manager.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#include "tipsec.h"
-
-/** @mainpage TinyIPSec API Overview
-*
-* This file is an overview of TinyIPSec API.
-*
-* <b>tinyIPSec</b> is responsible for IPSec SAs managment. It is used in conjunction with security agreement mechanism (RFC 3329)
-* to create, manage and terminate SAs. <br>
-*
-* @par Getting started
-*
-* - @ref tipsec_common_group
-*
-* - @ref tipsec_xp_group
-* - @ref tipsec_vista_group
-* - @ref tipsec_racoon_group
-*
-*/
diff --git a/branches/1.0/tinyIPSec/src/tipsec.h b/branches/1.0/tinyIPSec/src/tipsec.h
deleted file mode 100644
index 6495ef3..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec.h
- * @brief IPSec manager.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#ifndef TINYIPSEC_IPSEC_H
-#define TINYIPSEC_IPSEC_H
-
-#include "tinyipsec_config.h"
-
-#include "tipsec_common.h"
-
-TIPSEC_BEGIN_DECLS
-
-TIPSEC_END_DECLS
-
-#endif /* TINYIPSEC_IPSEC_H */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_common.c b/branches/1.0/tinyIPSec/src/tipsec_common.c
deleted file mode 100644
index 4ae44d7..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_common.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_common.c
- * @brief IPSec common functions.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#include "tipsec_common.h"
-
-#include "tsk_debug.h"
-
-/**@defgroup tipsec_common_group IPSec common.
-* Common to all OSes.
-*/
-
-tipsec_context_t* tipsec_context_create(tipsec_ipproto_t ipproto, tsk_bool_t use_ipv6, tipsec_mode_t mode, tipsec_ealgorithm_t ealg, tipsec_algorithm_t alg, tipsec_protocol_t protocol)
-{
- return tsk_object_new(tipsec_context_def_t, ipproto, use_ipv6, (tipsec_mode_t)mode, ealg, alg, protocol);
-}
-
-#if !HAVE_IPSEC_VISTA && !HAVE_IPSEC_XP && !HAVE_IPSEC_RACOON
-
-int tipsec_start(tipsec_context_t* ctx)
-{
- TSK_DEBUG_WARN("No IPSec implementation found.");
- return 0;
-}
-
-int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
-{
- TSK_DEBUG_WARN("No IPSec implementation found.");
-
- ctx->port_uc = port_uc;
- ctx->port_us = port_us;
- return -1;
-}
-
-int tipsec_set_keys(tipsec_context_t* ctx, const tipsec_key_t* ik, const tipsec_key_t* ck)
-{
- TSK_DEBUG_WARN("No IPSec implementation found.");
- return 0;
-}
-
-int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime)
-{
- TSK_DEBUG_WARN("No IPSec implementation found.");
- return 0;
-}
-
-int tipsec_stop(tipsec_context_t* ctx)
-{
- TSK_DEBUG_WARN("No IPSec implementation found.");
- return 0;
-}
-
-
-
-//=================================================================================================
-// IPSec context object definition
-//
-static tsk_object_t* tipsec_context_ctor(tsk_object_t * self, va_list * app)
-{
- tipsec_context_t *context = self;
- if(context){
- }
- return self;
-}
-
-static tsk_object_t* tipsec_context_dtor(tsk_object_t * self)
-{
- tipsec_context_t *context = self;
- if(context){
- }
-
- return self;
-}
-
-static int tipsec_context_cmp(const tsk_object_t *obj1, const tsk_object_t *obj2)
-{
- return-1;
-}
-
-static const tsk_object_def_t tipsec_context_def_s =
-{
-sizeof(tipsec_context_t),
-tipsec_context_ctor,
-tipsec_context_dtor,
-tipsec_context_cmp,
-};
-
-
-const void *tipsec_context_def_t = &tipsec_context_def_s;
-#endif
diff --git a/branches/1.0/tinyIPSec/src/tipsec_common.h b/branches/1.0/tinyIPSec/src/tipsec_common.h
deleted file mode 100644
index 49e03e1..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_common.h
+++ /dev/null
@@ -1,280 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_common.h
- * @brief IPSec common functions.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#ifndef TINYIPSEC_IPSEC_COMMON_H
-#define TINYIPSEC_IPSEC_COMMON_H
-
-#include "tinyipsec_config.h"
-
-#include "tsk_string.h"
-
-TIPSEC_BEGIN_DECLS
-
-/**@ingroup tipsec_common_group
-* Converts any IPSec context (XP, Vista, racoon ...) to the common IPSec context.
-* @param ctx The context to convert. MUST be declared using @ref TINYIPSEC_DECLARE_CONTEXT.
-* @retval A pointer to @ref tipsec_context_t.
-*/
-#define TIPSEC_CONTEXT(ctx) ((tipsec_context_t*)(ctx))
-
-/**@ingroup tipsec_common_group
-* @def TIPSEC_IPPROTO_FROM_STR
-*/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_IPPROTO_TO_STR
-*/
-#define TIPSEC_IPPROTO_FROM_STR(ipproto) (tsk_strequals(ipproto, "tcp") ? ipproto_tcp : (tsk_strequals(ipproto, "icmp") ? ipproto_icmp : ipproto_udp))
-#define TIPSEC_IPPROTO_TO_STR(ipproto) (ipproto == ipproto_tcp ? "tcp" : (ipproto == ipproto_icmp ? "icmp" : "udp"))
-
-/**@ingroup tipsec_common_group
-* @def TIPSEC_MODE_FROM_STR
-*/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_MODE_TO_STR
-*/
-#define TIPSEC_MODE_FROM_STR(mode) (tsk_strequals(mode, "tun") ? mode_tun : mode_trans)
-#define TIPSEC_MODE_TO_STR(mode) (mode == mode_tun ? "tun" : "trans")
-
-/**@ingroup tipsec_common_group
-* @def TIPSEC_EALG_FROM_STR
-*/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_EALG_TO_STR
-*/
-#define TIPSEC_EALG_FROM_STR(ealg) (tsk_strequals(ealg, "des-ede3-cbc") ? ealg_des_ede3_cbc : (tsk_strequals(ealg, "aes") ? ealg_aes : ealg_null))
-#define TIPSEC_EALG_TO_STR(ealg) (ealg == ealg_des_ede3_cbc ? "des-ede3-cbc" : (ealg == ealg_aes ? "aes" : "null"))
-
-/**@ingroup tipsec_common_group
-* @def TIPSEC_ALG_FROM_STR
-*/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_ALG_TO_STR
-*/
-#define TIPSEC_ALG_FROM_STR(alg) (tsk_strequals(alg, "hmac-sha-1-96") ? algo_hmac_sha_1_96 : algo_hmac_md5_96)
-#define TIPSEC_ALG_TO_STR(alg) (alg == algo_hmac_sha_1_96 ? "hmac-sha-1-96" : "hmac-md5-96")
-
-/**@ingroup tipsec_common_group
-* @def TIPSEC_PROTOCOL_FROM_STR
-*/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_PROTOCOL_TO_STR
-*/
-#define TIPSEC_PROTOCOL_FROM_STR(protocol) (tsk_strequals(protocol, "ah") ? proto_ah : ((tsk_strequals(protocol, "ah/esp")) ? proto_both : proto_esp))
-#define TIPSEC_PROTOCOL_TO_STR(protocol) (protocol == proto_ah ? "ah" : (protocol == proto_both ? "ah/esp" : "esp"))
-
-/**@ingroup tipsec_common_group
-* @def TIPSEC_KEY_LEN
- * Size of IK (Integrity Key) and CK (Confidentiality Key).
-**/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_IK_LEN
-*/
-/**@ingroup tipsec_common_group
-* @def TIPSEC_CK_LEN
-*/
-#define TIPSEC_KEY_LEN 16
-#define TIPSEC_IK_LEN 20
-#define TIPSEC_CK_LEN 24
-
-/**@ingroup tipsec_common_group
-* @def tipsec_lifetime_t
-*/
-/**@ingroup tipsec_common_group
-* @def tipsec_spi_t
-*/
-/**@ingroup tipsec_common_group
-* @def tipsec_port_t
-*/
-/**@ingroup tipsec_common_group
-* @def tipsec_key_t
-*/
-typedef uint64_t tipsec_lifetime_t;
-typedef uint32_t tipsec_spi_t;
-typedef uint16_t tipsec_port_t;
-typedef void tipsec_key_t;
-
-/**@ingroup tipsec_common_group
- * List of IPSec modes.
-**/
-typedef enum tipsec_mode_e
-{
- //! IPSec transport mode.
- mode_trans,
- //! IPSec tunneling mode.
- mode_tun
-}
-tipsec_mode_t;
-
-/**@ingroup tipsec_common_group
- * List of IPSec protocols.
-**/
-typedef enum tipsec_protocol_e
-{
- //! AH protocol.
- proto_ah,
- //! ESP protocol.
- proto_esp,
- //! Both AH and ESP protocols.
- proto_both
-}
-tipsec_protocol_t;
-
-/**@ingroup tipsec_common_group
- * List of Internet protocols.
-**/
-typedef enum tipsec_ipproto_e
-{
- //! UDP.
- ipproto_udp,
- //! TCP.
- ipproto_tcp,
- //! ICMP.
- ipproto_icmp
-}
-tipsec_ipproto_t;
-
-/**@ingroup tipsec_common_group
- * List of IPSec algorithms.
-**/
-typedef enum tipsec_algorithm_e
-{
- //! hmac-md5-96 algorithm.
- algo_hmac_md5_96,
- //! hmac-sha-1-96 algorithm.
- algo_hmac_sha_1_96
-}
-tipsec_algorithm_t;
-
-/**@ingroup tipsec_common_group
- * List of IPSec encrypt-algorithms.
-**/
-typedef enum tipsec_ealgorithm_e
-{
- //! des-ede3-cbc encrypt-algorithm.
- ealg_des_ede3_cbc,
- //! aes encrypt-algorithm.
- ealg_aes,
- //! null encrypt-algorithm.
- ealg_null
-}
-tipsec_ealgorithm_t;
-
-/**@ingroup tipsec_common_group
- * List of IPSec states.
-**/
-typedef enum tipsec_state_e
-{
- //! The default state. At this state no SA is created. It's the first and default state.
- state_initial,
- //! Partial state. At this state only inbound SAs (with their SPIs) have been created.
- state_inbound,
- //! Full state. At this state both inbound and outbound SAs have been create. It's the final state.
- state_full,
- //! All SAs are in active mode.
- state_active
-}
-tipsec_state_t;
-
-/**@ingroup tipsec_common_group
-* IPSec context. Common fields.
-*/
-typedef struct tipsec_context_s
-{
- TSK_DECLARE_OBJECT;
-
- //! Indicates whether the context have been initialized or not.
- unsigned initialized;
- //! Indicates whether the context have been started or not.
- unsigned started:1;
-
- //! The current state of the IPSec context.
- tipsec_state_t state;
-
- //! Indicates whether to use IPv6 addresses or not.
- unsigned use_ipv6:1;
- //! The network protocol.
- tipsec_ipproto_t ipproto;
-
- //! IPSec mode.
- tipsec_mode_t mode;
- //! Encrypt algorithm ().
- tipsec_ealgorithm_t ealg;
- //! Algorithm.
- tipsec_algorithm_t alg;
- //! IPSec protocol.
- tipsec_protocol_t protocol;
-
- //! Remote address (Proxy-CSCF).
- void* addr_remote;
- //! Proxy-CSCF client SPI.
- tipsec_spi_t spi_pc;
- //! Proxy-CSCF server SPI.
- tipsec_spi_t spi_ps;
- //! Proxy-CSCF client port.
- tipsec_port_t port_pc;
- //! Proxy-CSCF server port.
- tipsec_port_t port_ps;
-
- //! Local address (UE).
- void* addr_local;
- //! UE client SPI.
- tipsec_spi_t spi_uc;
- //! UE server SPI.
- tipsec_spi_t spi_us;
- //! UE client port.
- tipsec_port_t port_uc;
- //! UE server port.
- tipsec_port_t port_us;
-
- //! The confidentiality key.
- tipsec_key_t *ck;
- //! The integrity key.
- tipsec_key_t *ik;
-
- //! reg-await-auth timer value.
- tipsec_lifetime_t lifetime;
-}
-tipsec_context_t;
-
-/**@ingroup tipsec_common_group
-*/
-#define TINYIPSEC_DECLARE_CONTEXT tipsec_context_t context
-
-TINYIPSEC_GEXTERN const void *tipsec_context_def_t;
-
-TINYIPSEC_API tipsec_context_t* tipsec_context_create(tipsec_ipproto_t ipproto, tsk_bool_t use_ipv6, tipsec_mode_t mode, tipsec_ealgorithm_t ealg, tipsec_algorithm_t alg, tipsec_protocol_t protocol);
-TINYIPSEC_API int tipsec_start(tipsec_context_t* ctx);
-TINYIPSEC_API int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us);
-TINYIPSEC_API int tipsec_set_keys(tipsec_context_t* ctx, const tipsec_key_t* ik, const tipsec_key_t* ck);
-TINYIPSEC_API int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime);
-TINYIPSEC_API int tipsec_stop(tipsec_context_t* ctx);
-
-TIPSEC_END_DECLS
-
-#endif /* TINYIPSEC_IPSEC_COMMON_H */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_racoon.c b/branches/1.0/tinyIPSec/src/tipsec_racoon.c
deleted file mode 100644
index 0346244..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_racoon.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_racoon.c
- * @brief IPSec racoon functions.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#include "tipsec_racoon.h"
-
-#include "tsk_debug.h"
-
-/**@defgroup tipsec_racoon_group IPSec racoon implementation (IPSec-tools).
-* Supported algo: <b>hmac-md5-96</b> and <b>hmac-sha-1-96</b>.<br>
-* Supported ealg: <b>des-ede3-cbc</b>, <b>aes-cbc</b> and <b>null</b>.<br>
-* Supported mode: <b>tunnel</b> and <b>transport</b>.<br>
-* Supported proto: <b>ah</b> and <b>esp</b>.<br>
-* Supported IP proto: <b>tcp</b> and <b>udp</b>.<br>
-* Supported IP version: <b>IPv4</b> and <b>IPv6</b>.
-*/
-#if HAVE_IPSEC_RACOON
-
-/**@ingroup tipsec_racoon_group
-*/
-int tipsec_start(tipsec_context_t* ctx)
-{
- TSK_DEBUG_ERROR("No IPSec implementation found.");
- return -1;
-}
-
-/**@ingroup tipsec_racoon_group
-*/
-int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
-{
- TSK_DEBUG_ERROR("No IPSec implementation found.");
- return -1;
-}
-
-/**@ingroup tipsec_racoon_group
-*/
-int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime)
-{
- TSK_DEBUG_ERROR("No IPSec implementation found.");
- return -1;
-}
-
-/**@ingroup tipsec_racoon_group
-*/
-int tipsec_stop(tipsec_context_t* ctx)
-{
- TSK_DEBUG_ERROR("No IPSec implementation found.");
- return -1;
-}
-
-
-
-//=================================================================================================
-// IPSec context object definition
-//
-static tsk_object_t* tipsec_context_ctor(tsk_object_t * self, va_list * app)
-{
- tipsec_context_t *context = self;
- if(context){
- }
-bail:
- return self;
-}
-
-static tsk_object_t* tipsec_context_dtor(tsk_object_t * self)
-{
- tipsec_context_t *context = self;
- if(context){
- }
-
- return self;
-}
-
-static int tipsec_context_cmp(const tsk_object_t *obj1, const tsk_object_t *obj2)
-{
- return-1;
-}
-
-static const tsk_object_def_t tipsec_context_def_s =
-{
-sizeof(tipsec_context_t),
-tipsec_context_ctor,
-tipsec_context_dtor,
-tipsec_context_cmp,
-};
-
-
-const void *tipsec_context_def_t = &tipsec_context_def_s;
-
-
-#endif /* HAVE_IPSEC_RACOON */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_racoon.h b/branches/1.0/tinyIPSec/src/tipsec_racoon.h
deleted file mode 100644
index 6e2b221..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_racoon.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_racoon.h
- * @brief IPSec racoon functions.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#ifndef TINYIPSEC_IPSEC_RACOON_H
-#define TINYIPSEC_IPSEC_RACOON_H
-
-#include "tinyipsec_config.h"
-
-#include "tipsec_common.h"
-
-TIPSEC_BEGIN_DECLS
-
-#if HAVE_IPSEC_RACOON
-
-
-
-#endif /* HAVE_IPSEC_RACOON */
-
-
-TIPSEC_END_DECLS
-
-
-#endif /* TINYIPSEC_IPSEC_RACOON_H */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_vista.c b/branches/1.0/tinyIPSec/src/tipsec_vista.c
deleted file mode 100644
index b2b2f5f..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_vista.c
+++ /dev/null
@@ -1,728 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_vista.c
- * @brief Windows Vista/7 IPsec implementation using WFP.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#include "tipsec_vista.h"
-
-/**@defgroup tipsec_vista_group IPSec Vista/7 implementation (WFP).
-* Supported algo: <b>hmac-md5-96</b> and <b>hmac-sha-1-96</b>.<br>
-* Supported ealg: <b>des-ede3-cbc</b>, <b>aes-cbc</b> and <b>null</b>.<br>
-* Supported mode: <b>transport</b> only.<br>
-* Supported proto: <b>ah</b> and <b>esp</b>.<br>
-* Supported IP proto: <b>tcp</b> and <b>udp</b>.<br>
-* Supported IP version: <b>IPv4</b> and <b>IPv6</b>.
-*/
-
-#if HAVE_IPSEC_VISTA
-
-#include "tsk_memory.h"
-#include "tsk_debug.h"
-
-#if defined(_MSC_VER)
-# pragma comment(lib, "Fwpuclnt.lib")
-#endif
-
-#include <ws2tcpip.h>
-#include <Fwpmu.h>
-
-typedef FWP_BYTE_BLOB* PFWP_BYTE_BLOB;
-
-/**@ingroup tipsec_vista_group
-* @def TINYIPSEC_FILTER_NAME
-*/
-#define TINYIPSEC_FILTER_NAME TEXT("tinyIPSEC")
-#define TINYIPSEC_PROVIDER_KEY NULL
-
-/**@ingroup tipsec_vista_group
-* @def TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST
-*/
-/**@ingroup tipsec_vista_group
-* @def TINYIPSEC_SA_MAX_LIFETIME
-*/
-#define TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST 20
-#define TINYIPSEC_SA_MAX_LIFETIME 172799
-
-#define TINYIPSEC_VISTA_GET_ALGO(algo) (algo == algo_hmac_md5_96) ? IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 : IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96
-#define TINYIPSEC_VISTA_GET_EALGO(ealg) (ealg == ealg_des_ede3_cbc) ? IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES : ( (ealg == ealg_aes) ? IPSEC_CIPHER_TRANSFORM_ID_AES_128 : IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL )
-#define TINYIPSEC_VISTA_GET_MODE(mode) (mode == mode_tun) ? IPSEC_TRAFFIC_TYPE_TUNNEL : IPSEC_TRAFFIC_TYPE_TRANSPORT
-#define TINYIPSEC_VISTA_GET_IPPROTO(ipproto) (ipproto == ipproto_tcp) ? IPPROTO_TCP : IPPROTO_UDP
-#define TINYIPSEC_VISTA_GET_IPVER(ipv6) (ipv6) ? FWP_IP_VERSION_V6 : FWP_IP_VERSION_V4
-#define TINYIPSEC_VISTA_GET_PROTO(proto) (proto == proto_ah) ? IPSEC_TRANSFORM_AH : ( (proto == proto_esp) ? IPSEC_TRANSFORM_ESP_AUTH : IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER );
-
-/* as WFP do not provide null encryption I define my own*/
-static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_NULL_NULL=
-{
- (IPSEC_CIPHER_TYPE)NULL,
- (IPSEC_CIPHER_TYPE)NULL
-};
-
-/**@ingroup tipsec_vista_group
-* IPSec context.
-*/
-typedef struct tipsec_context_vista_s
-{
- TINYIPSEC_DECLARE_CONTEXT;
-
- UINT64 saId_us;
- UINT64 saId_uc;
-
- HANDLE engine;
-}
-tipsec_context_vista_t;
-
-/**@ingroup tipsec_vista_group
-*/
-#define TIPSEC_CONTEXT_VISTA(ctx) ((tipsec_context_vista_t*)(ctx))
-
-int tipsec_create_localSA(__in const tipsec_context_vista_t* context, __in tipsec_port_t local_port, __out tipsec_spi_t *spi, UINT64 *saId);
-int tipsec_boundSA(__in const tipsec_context_vista_t* context, __in UINT64 local_saId, __in tipsec_spi_t remote_spi, __in BOOLEAN toInbound);
-
-int tipsec_flush_all(const tipsec_context_vista_t* context);
-void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId);
-
-/**@ingroup tipsec_vista_group
-*/
-int tipsec_start(tipsec_context_t* ctx)
-{
- tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
- int ret = -1;
-
- if(!ctx_vista){
- ret = -1;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_vista)->started){
- TSK_DEBUG_WARN("The IPSec context already started.");
- ret = -2;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_vista)->state != state_full){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- /* VERY IMPORTANT: The SA context functions must be called in a specific order:
- (http://msdn.microsoft.com/en-us/library/bb540652(VS.85).aspx).
-
- IPsecSaContextCreate0
- IPsecSaContextGetSpi0
- IPsecSaContextAddInbound0
- IPsecSaContextAddOutbound0
- */
-
- /* US <- PC */
- if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_us, TIPSEC_CONTEXT(ctx_vista)->spi_us, TRUE))){
- TSK_DEBUG_ERROR("Failed to setup [US <- PC] SA.");
- goto bail;
- }
- /* UC <- PS */
- if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_uc, TIPSEC_CONTEXT(ctx_vista)->spi_uc, TRUE))){
- TSK_DEBUG_ERROR("Failed to setup [UC <- PS] SA.");
- goto bail;
- }
-
- /* UC -> PS */
- if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_uc, TIPSEC_CONTEXT(ctx_vista)->spi_ps, FALSE))){
- TSK_DEBUG_ERROR("Failed to setup [UC -> PS] SA.");
- goto bail;
- }
- /* US -> PC */
- if((ret = tipsec_boundSA(ctx_vista, ctx_vista->saId_us, TIPSEC_CONTEXT(ctx_vista)->spi_pc, FALSE))){
- TSK_DEBUG_ERROR("Failed to setup [US -> PC] SA.");
- goto bail;
- }
-
- // Set the state to active.
- TIPSEC_CONTEXT(ctx_vista)->state = state_active;
-
- TIPSEC_CONTEXT(ctx_vista)->started = 1;
-
-bail:
- return ret;
-}
-
-/**@ingroup tipsec_vista_group
-*/
-int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
-{
- tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
- int ret;
-
- if(!ctx_vista){
- ret = -1;
- goto bail;
- }
-
- if(!addr_local || !port_uc || !port_us){
- ret = -2;
- goto bail;
- }
-
- if(!TIPSEC_CONTEXT(ctx_vista)->initialized){
- TSK_DEBUG_ERROR("IPSec engine not initialized.");
- ret = -3;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_vista)->state != state_initial){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -4;
- goto bail;
- }
-
- TSK_FREE(TIPSEC_CONTEXT(ctx_vista)->addr_local);
- TSK_FREE(TIPSEC_CONTEXT(ctx_vista)->addr_remote);
-
- /* Set local IP */
- if(TIPSEC_CONTEXT(ctx_vista)->use_ipv6){
- TIPSEC_CONTEXT(ctx_vista)->addr_local = tsk_calloc(16, sizeof(uint8_t));
- TIPSEC_CONTEXT(ctx_vista)->addr_remote = tsk_calloc(16, sizeof(uint8_t));
-
- if ((ret = inet_pton(AF_INET6, addr_local, TIPSEC_CONTEXT(ctx_vista)->addr_local)) != 1 ){
- TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_local, ret);
- goto bail;
- } else ret = 0;
- if ((ret = inet_pton(AF_INET6, addr_remote, TIPSEC_CONTEXT(ctx_vista)->addr_remote)) != 1 ){
- TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_remote, ret);
- goto bail;
- } else ret = 0;
- }
- else{
- TIPSEC_CONTEXT(ctx_vista)->addr_local = tsk_calloc(4, sizeof(uint8_t));
- TIPSEC_CONTEXT(ctx_vista)->addr_remote = tsk_calloc(4, sizeof(uint8_t));
-
- if ((ret = inet_pton(AF_INET, addr_local, TIPSEC_CONTEXT(ctx_vista)->addr_local)) != 1 ){
- TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_local, ret);
- goto bail;
- }
- else {
- *((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_local) = ntohl(*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_local));
- ret = 0;
- }
- if ((ret = inet_pton(AF_INET, addr_remote, TIPSEC_CONTEXT(ctx_vista)->addr_remote)) != 1 ){
- TSK_DEBUG_ERROR("inet_pton(%s) have failed with error code [%x].", addr_remote, ret);
- goto bail;
- }
- else{
- *((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_remote) = ntohl(*((UINT32*)TIPSEC_CONTEXT(ctx_vista)->addr_remote));
- ret = 0;
- }
- }
-
- /* Set ports */
- TIPSEC_CONTEXT(ctx_vista)->port_uc = port_uc;
- TIPSEC_CONTEXT(ctx_vista)->port_us = port_us;
-
- if((ret = tipsec_create_localSA(ctx_vista, TIPSEC_CONTEXT(ctx_vista)->port_uc, &TIPSEC_CONTEXT(ctx_vista)->spi_uc, &ctx_vista->saId_uc))){
- goto bail;
- }
-
- if((ret = tipsec_create_localSA(ctx_vista, TIPSEC_CONTEXT(ctx_vista)->port_us, &TIPSEC_CONTEXT(ctx_vista)->spi_us, &ctx_vista->saId_us))){
- goto bail;
- }
-
- TIPSEC_CONTEXT(ctx_vista)->state = state_inbound;
-
-bail:
-
- return ret;
-}
-
-/**@ingroup tipsec_vista_group
-*/
-int tipsec_set_keys(tipsec_context_t* ctx, const tipsec_key_t* ik, const tipsec_key_t* ck)
-{
- if(!ctx || !ik || !ck){
- return -1;
- }
-
- /* Compute ik and ck */
- TIPSEC_CONTEXT(ctx)->ik = tsk_calloc(1, sizeof(FWP_BYTE_BLOB));
- TIPSEC_CONTEXT(ctx)->ck = tsk_calloc(1, sizeof(FWP_BYTE_BLOB));
-
- ((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(ctx)->ik)->data = tsk_calloc(1, TIPSEC_IK_LEN);
- memcpy(((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(ctx)->ik)->data, ik, TIPSEC_KEY_LEN);
- ((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(ctx)->ik)->size = TIPSEC_KEY_LEN;
-
- ((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(ctx)->ck)->data = tsk_calloc(1, TIPSEC_CK_LEN);
- memcpy(((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(ctx)->ck)->data, ck, TIPSEC_KEY_LEN);
- ((PFWP_BYTE_BLOB)TIPSEC_CONTEXT(ctx)->ck)->size = TIPSEC_KEY_LEN;
-
- return 0;
-}
-
-/**@ingroup tipsec_vista_group
-*/
-int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime)
-{
- tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
- int ret = -1;
-
- if(!ctx_vista){
- ret = -1;
- goto bail;
- }
-
- if(!lifetime || !port_pc || !port_ps){
- ret = -2;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_vista)->state != state_inbound){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- /* Set Lifetime */
- TIPSEC_CONTEXT(ctx_vista)->lifetime = lifetime;
-
- /* Set ports */
- TIPSEC_CONTEXT(ctx_vista)->port_ps = port_ps;
- TIPSEC_CONTEXT(ctx_vista)->port_pc = port_pc;
-
- /* Set spis */
- TIPSEC_CONTEXT(ctx_vista)->spi_ps = spi_ps;
- TIPSEC_CONTEXT(ctx_vista)->spi_pc = spi_pc;
-
- TIPSEC_CONTEXT(ctx_vista)->state = state_full;
-
- ret = 0;
-
-bail:
- return ret;
-}
-
-/**@ingroup tipsec_vista_group
-*/
-int tipsec_stop(tipsec_context_t* ctx)
-{
- tipsec_context_vista_t* ctx_vista = TIPSEC_CONTEXT_VISTA(ctx);
- int ret = -1;
-
- if(!ctx_vista){
- ret = -1;
- goto bail;
- }
-
- if(!TIPSEC_CONTEXT(ctx_vista)->started){
- TSK_DEBUG_WARN("The IPSec context not started.");
- ret = -2;
- goto bail;
- }
-
- /* Flush (delete) all SAs associated to tinyIPSEC */
- tipsec_flush_all(ctx_vista);
-
- TIPSEC_CONTEXT(ctx_vista)->started = 0;
- TIPSEC_CONTEXT(ctx_vista)->state = state_initial;
-
-bail:
- return ret;
-}
-
-int tipsec_create_localSA(__in const tipsec_context_vista_t* context, __in tipsec_port_t local_port, __out tipsec_spi_t *spi, UINT64 *saId)
-{
- DWORD result = NO_ERROR;
- UINT64 tmpInFilterId = 0, tmpOutFilterId = 0, tmpSaId = 0;
- FWPM_FILTER0 filter;
- IPSEC_TRAFFIC0 outTraffic;
- IPSEC_GETSPI0 getSpi;
- int ret = -1;
- FWPM_FILTER_CONDITION0 conds[4];
- conds[0].fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS;
- conds[0].matchType = FWP_MATCH_EQUAL;
-
- *spi = 0;
- *saId = 0;
-
- if(TIPSEC_CONTEXT(context)->use_ipv6){
- conds[0].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
- conds[0].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)TIPSEC_CONTEXT(context)->addr_local;
- }
- else{
- conds[0].conditionValue.type = FWP_UINT32;
- conds[0].conditionValue.uint32 = *((UINT32*)TIPSEC_CONTEXT(context)->addr_local);
- }
- conds[1].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
- conds[1].matchType = FWP_MATCH_EQUAL;
- if(TIPSEC_CONTEXT(context)->use_ipv6){
- conds[1].conditionValue.type = FWP_BYTE_ARRAY16_TYPE;
- conds[1].conditionValue.byteArray16 = (FWP_BYTE_ARRAY16*)TIPSEC_CONTEXT(context)->addr_remote;
- }
- else{
- conds[1].conditionValue.type = FWP_UINT32;
- conds[1].conditionValue.uint32 = *((UINT32*)TIPSEC_CONTEXT(context)->addr_remote);
- }
-
- conds[2].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
- conds[2].matchType = FWP_MATCH_EQUAL;
- conds[2].conditionValue.type = FWP_UINT16;
- conds[2].conditionValue.uint16 = local_port;
-
- conds[3].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
- conds[3].matchType = FWP_MATCH_EQUAL;
- conds[3].conditionValue.type = FWP_UINT8;
- conds[3].conditionValue.uint16 = TINYIPSEC_VISTA_GET_IPPROTO(TIPSEC_CONTEXT(context)->ipproto);
-
- // Fill in the common fields shared by both filters.
- memset(&filter, 0, sizeof(filter));
- // For MUI compatibility, object names should be indirect strings. See
- // SHLoadIndirectString for details.
- filter.displayData.name = (PWSTR)TINYIPSEC_FILTER_NAME;
- // Link all objects to our provider. When multiple providers are installed
- // on a computer, this makes it easy to determine who added what.
- filter.providerKey = (GUID*)TINYIPSEC_PROVIDER_KEY;
- filter.numFilterConditions = 4;
- filter.filterCondition = conds;
- filter.action.type = FWP_ACTION_CALLOUT_TERMINATING;
- filter.flags = FWPM_FILTER_FLAG_NONE;
- //filter.weight.type = FWP_EMPTY;
-
- // Add the inbound filter.
- filter.layerKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_LAYER_INBOUND_TRANSPORT_V6 : FWPM_LAYER_INBOUND_TRANSPORT_V4;
- if(TIPSEC_CONTEXT(context)->mode == mode_tun){
- filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4;
- }
- else{
- filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4;
- }
- if((result = FwpmFilterAdd0(context->engine, &filter, NULL, &tmpInFilterId)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("FwpmFilterAdd0 (inbound) failed with error code [%x]", result);
- goto CLEANUP;
- }
-
- // Add the outbound filter.
- filter.layerKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_LAYER_OUTBOUND_TRANSPORT_V6 : FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
- if(TIPSEC_CONTEXT(context)->mode == mode_tun){
- filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4;
- }
- else{
- filter.action.calloutKey = (TIPSEC_CONTEXT(context)->use_ipv6) ? FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6 : FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4;
- }
- if((result = FwpmFilterAdd0(context->engine, &filter, NULL, &tmpOutFilterId)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("FwpmFilterAdd0(outbound) failed with error code [%x]", result);
- goto CLEANUP;
- }
-
- // Create the SA context using the outbound traffic descriptor.
- memset(&outTraffic, 0, sizeof(outTraffic));
- outTraffic.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
- if(TIPSEC_CONTEXT(context)->use_ipv6){
- memcpy(outTraffic.localV6Address, TIPSEC_CONTEXT(context)->addr_local, 16);
- memcpy(outTraffic.remoteV6Address, TIPSEC_CONTEXT(context)->addr_remote, 16);
- }
- else{
- outTraffic.localV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_local);
- outTraffic.remoteV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_remote);
- }
- outTraffic.trafficType = TINYIPSEC_VISTA_GET_MODE(TIPSEC_CONTEXT(context)->mode);
- outTraffic.ipsecFilterId = tmpOutFilterId;
- if((result = IPsecSaContextCreate0(context->engine, &outTraffic, NULL, &tmpSaId)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("IPsecSaContextCreate0 failed with error code [%x]", result);
- goto CLEANUP;
- }
-
- // Get the inbound SPI using the inbound traffic descriptor.
- memset(&getSpi, 0, sizeof(getSpi));
- getSpi.inboundIpsecTraffic.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
- if(TIPSEC_CONTEXT(context)->use_ipv6){
- memcpy(getSpi.inboundIpsecTraffic.localV6Address, TIPSEC_CONTEXT(context)->addr_local, 16);
- memcpy(getSpi.inboundIpsecTraffic.remoteV6Address, TIPSEC_CONTEXT(context)->addr_remote, 16);
- }
- else{
- getSpi.inboundIpsecTraffic.localV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_local);
- getSpi.inboundIpsecTraffic.remoteV4Address = *((ULONG*)TIPSEC_CONTEXT(context)->addr_remote);
- }
- getSpi.inboundIpsecTraffic.trafficType = TINYIPSEC_VISTA_GET_MODE(TIPSEC_CONTEXT(context)->mode);
- getSpi.inboundIpsecTraffic.ipsecFilterId = tmpInFilterId;
- getSpi.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
- if((result = IPsecSaContextGetSpi0(context->engine, tmpSaId, &getSpi, spi))){
- TSK_DEBUG_ERROR("IPsecSaContextGetSpi0 failed with error code [%x]", result);
- goto CLEANUP;
- }
-
- //// Return the various LUIDs to the caller, so he can clean up.
- //*inFilterId = tmpInFilterId;
- //*outFilterId = tmpOutFilterId;
- *saId = tmpSaId;
-
-CLEANUP:
- if (result != NO_ERROR){
- DeleteSaContextAndFilters(context->engine, tmpInFilterId, tmpOutFilterId, tmpSaId);
- }else ret = 0;
-
- return ret;
-}
-
-int tipsec_boundSA(__in const tipsec_context_vista_t* context, __in UINT64 local_saId, __in tipsec_spi_t remote_spi, __in BOOLEAN toInbound)
-{
- UINT32 i=0, j=0;
- DWORD result = NO_ERROR;
- IPSEC_SA0 sa;
- IPSEC_SA_BUNDLE0 bundle;
- IPSEC_SA_AUTH_INFORMATION0 authInfo;
- PFWP_BYTE_BLOB ik = (PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ik;
- PFWP_BYTE_BLOB ck = (PFWP_BYTE_BLOB)TIPSEC_CONTEXT(context)->ck;
-
- memset(&sa, 0, sizeof(sa));
- sa.spi = remote_spi;
- sa.saTransformType = TINYIPSEC_VISTA_GET_PROTO(TIPSEC_CONTEXT(context)->protocol);
-
-
- //
- // Keys padding
- //
- if(TIPSEC_CONTEXT(context)->alg == algo_hmac_sha_1_96){
- if(ik->size < TIPSEC_IK_LEN){
- for(i = ik->size; i<TIPSEC_KEY_LEN; i++){
- ik->data[i] = 0x00; /* Already done by "tsk_calloc" but ... */
- }
- ik->size = TIPSEC_IK_LEN;
- }
- }
- if(TIPSEC_CONTEXT(context)->ealg == ealg_des_ede3_cbc){
- if(ck->size < TIPSEC_CK_LEN){
- for(i = ck->size; i<TIPSEC_CK_LEN; i++){
- ck->data[i] = ck->data[j++];
- }
- ck->size = TIPSEC_CK_LEN;
- }
- }
-
- //
- // In all case create Authentication info
- //
- memset(&authInfo, 0, sizeof(authInfo));
- authInfo.authTransform.authTransformId = TINYIPSEC_VISTA_GET_ALGO(TIPSEC_CONTEXT(context)->alg);
- authInfo.authKey = *ik;
-
- if( sa.saTransformType == IPSEC_TRANSFORM_AH ){
- sa.ahInformation = &authInfo;
- }
- else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH ){
- sa.espAuthInformation = &authInfo;
- }
- else if( sa.saTransformType == IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER ){
- IPSEC_SA_CIPHER_INFORMATION0 cipherInfo;
- IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0 cipherAuthInfo;
-
- memset(&cipherInfo, 0, sizeof(cipherInfo));
- cipherInfo.cipherTransform.cipherTransformId = TINYIPSEC_VISTA_GET_EALGO(TIPSEC_CONTEXT(context)->ealg);
- cipherInfo.cipherKey = *ck;
-
- memset(&cipherAuthInfo, 0, sizeof(cipherAuthInfo));
- cipherAuthInfo.saAuthInformation = authInfo;
- cipherAuthInfo.saCipherInformation = cipherInfo;
-
- sa.espAuthAndCipherInformation = &cipherAuthInfo;
- }
-
- memset(&bundle, 0, sizeof(bundle));
- bundle.numSAs = 1;
- bundle.saList = &sa;
- bundle.ipVersion = TINYIPSEC_VISTA_GET_IPVER(TIPSEC_CONTEXT(context)->use_ipv6);
- bundle.lifetime.lifetimeSeconds = (UINT32)((TIPSEC_CONTEXT(context)->lifetime > TINYIPSEC_SA_MAX_LIFETIME) ? TINYIPSEC_SA_MAX_LIFETIME : TIPSEC_CONTEXT(context)->lifetime);
-
- /* From remote to local (inbound) ? */
- if(toInbound){
- if((result = IPsecSaContextAddInbound0(context->engine, local_saId, &bundle)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("IPsecSaContextAddInbound0 failed with error code [%x]", result);
- goto CLEANUP;
- }
- }
- else{
- if((result = IPsecSaContextAddOutbound0(context->engine, local_saId, &bundle)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("IPsecSaContextAddOutbound0 failed with error code [%x]", result);
- goto CLEANUP;
- }
- }
-
-CLEANUP:
- return (result == ERROR_SUCCESS) ? 0 : -1;
-}
-
-
-void DeleteSaContextAndFilters(__in HANDLE engine, __in UINT64 inFilterId, __in UINT64 outFilterId, __in UINT64 saId)
-{
- DWORD result;
-
- // Allow the LUIDs to be zero, so we can use this function to cleanup
- // partial results.
- if (saId != 0)
- {
- result = IPsecSaContextDeleteById0(engine, saId);
- if (result != ERROR_SUCCESS)
- {
- // There's not much we can do if delete fails, so continue trying to
- // clean up the remaining objects.
- TSK_DEBUG_ERROR("IPsecSaContextDeleteById0 = 0x%08X\n", result);
- }
- }
- if (outFilterId != 0)
- {
- result = FwpmFilterDeleteById0(engine, outFilterId);
- if (result != ERROR_SUCCESS)
- {
- TSK_DEBUG_ERROR("FwpmFilterDeleteById0 = 0x%08X\n", result);
- }
- }
- if (inFilterId != 0)
- {
- result = FwpmFilterDeleteById0(engine, inFilterId);
- if (result != ERROR_SUCCESS)
- {
- TSK_DEBUG_ERROR("FwpmFilterDeleteById0 = 0x%08X\n", result);
- }
- }
-}
-
-int tipsec_flush_all(const tipsec_context_vista_t* context)
-{
- UINT32 i;
- int ret = -1;
-
- if(context)
- {
- HANDLE enumHandle = NULL;
- IPSEC_SA_DETAILS0** entries = NULL;
- UINT32 numEntriesReturned = 0;
- DWORD result;
-
- if((result = IPsecSaCreateEnumHandle0(context->engine, NULL, &enumHandle)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("IPsecSaCreateEnumHandle0 failed with error code [%x].", result);
- goto CLEANUP;
- }
-
- if((result = IPsecSaEnum0(context->engine, enumHandle, TINYIPSEC_SA_NUM_ENTRIES_TO_REQUEST, &entries, &numEntriesReturned)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("IPsecSaEnum0 failed with error code [%x].", result);
- goto CLEANUP;
- }
-
- for(i = 0; i<numEntriesReturned; i++)
- {
- IPSEC_SA_DETAILS0* entry = (entries)[i];
- if( !wcscmp(entry->transportFilter->displayData.name, TINYIPSEC_FILTER_NAME))
- {
- if((result = FwpmFilterDeleteById0(context->engine, entry->transportFilter->filterId)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("FwpmFilterDeleteById0 failed with error code [%x].", result);
- goto CLEANUP;
- }
- }
- }
-
- if((result = IPsecSaDestroyEnumHandle0(context->engine, enumHandle)) != ERROR_SUCCESS){
- TSK_DEBUG_ERROR("IPsecSaDestroyEnumHandle0 failed with error code [%x].", result);
- goto CLEANUP;
- }
-
- TSK_DEBUG_INFO("All SAs have been flushed.");
- ret = 0;
-
- CLEANUP:
- FwpmFreeMemory0((void**)entries);
- }
-
- return ret;
-}
-
-//=================================================================================================
-// IPSec context object definition
-//
-static tsk_object_t* tipsec_context_ctor(tsk_object_t * self, va_list * app)
-{
- tipsec_context_vista_t *context = self;
- if(context){
- DWORD code;
-
- TIPSEC_CONTEXT(context)->ipproto = va_arg(*app, tipsec_ipproto_t);
- TIPSEC_CONTEXT(context)->use_ipv6 = va_arg(*app, int);
- TIPSEC_CONTEXT(context)->mode = va_arg(*app, tipsec_mode_t);
- TIPSEC_CONTEXT(context)->ealg = va_arg(*app, tipsec_ealgorithm_t);
- TIPSEC_CONTEXT(context)->alg = va_arg(*app, tipsec_algorithm_t);
- TIPSEC_CONTEXT(context)->protocol = va_arg(*app, tipsec_protocol_t);
-
- /* Open engine */
- if((code = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, &context->engine))){
- TIPSEC_CONTEXT(context)->initialized = tsk_false;
- TSK_DEBUG_ERROR("FwpmEngineOpen0 failed with error code [%x].", code);
- }
- else{
- TIPSEC_CONTEXT(context)->initialized = tsk_true;
- }
-
- TIPSEC_CONTEXT(context)->state = state_initial;
- }
- return self;
-}
-
-static tsk_object_t* tipsec_context_dtor(tsk_object_t * self)
-{
- tipsec_context_vista_t *context = self;
- if(context)
- {
- DWORD code;
-
- if(TIPSEC_CONTEXT(context)->started){
- tipsec_stop(TIPSEC_CONTEXT(context));
- }
-
- /* Close engine */
- if((code = FwpmEngineClose0(context->engine))){
- TSK_DEBUG_ERROR("FwpmEngineClose0 failed with error code [%x].", code);
- }
-
- TSK_FREE(TIPSEC_CONTEXT(context)->addr_local);
- TSK_FREE(TIPSEC_CONTEXT(context)->addr_remote);
-
- TSK_FREE(TIPSEC_CONTEXT(context)->ik);
- TSK_FREE(TIPSEC_CONTEXT(context)->ck);
- }
-
- return self;
-}
-
-static int tipsec_context_cmp(const tsk_object_t *obj1, const tsk_object_t *obj2)
-{
- return-1;
-}
-
-static const tsk_object_def_t tipsec_context_def_s =
-{
- sizeof(tipsec_context_vista_t),
- tipsec_context_ctor,
- tipsec_context_dtor,
- tipsec_context_cmp,
-};
-const void *tipsec_context_def_t = &tipsec_context_def_s;
-
-
-#endif /* HAVE_IPSEC_VISTA */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_vista.h b/branches/1.0/tinyIPSec/src/tipsec_vista.h
deleted file mode 100644
index 2359196..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_vista.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_vista.h
- * @brief Windows Vista/7 IPsec implementation using WFP.
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#ifndef TINYIPSEC_IPSEC_VISTA_H
-#define TINYIPSEC_IPSEC_VISTA_H
-
-#include "tinyipsec_config.h"
-
-#include "tipsec_common.h"
-
-TIPSEC_BEGIN_DECLS
-
-#if HAVE_IPSEC_VISTA
-
-
-
-#endif /* HAVE_IPSEC_VISTA */
-
-
-TIPSEC_END_DECLS
-
-
-#endif /* TINYIPSEC_IPSEC_VISTA_H */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_xp.c b/branches/1.0/tinyIPSec/src/tipsec_xp.c
deleted file mode 100644
index e3c5df4..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_xp.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_xp.c
- * @brief Windows XP/2003 IPsec implementation using ipsec6 tool.
- * @sa http://technet.microsoft.com/en-us/library/cc787900.aspx
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#include "tipsec_xp.h"
-
-/**@defgroup tipsec_xp_group IPSec XP implementation.
-* Supported algo: <b>hmac-md5-96</b> and <b>hmac-sha-1-96</b>.<br>
-* Supported ealg: <b>null</b> only.<br>
-* Supported mode: <b>tunnel</b> and <b>transport</b>.<br>
-* Supported proto: <b>ah</b> and <b>esp</b>.<br>
-* Supported IP proto: <b>tcp</b> and <b>udp</b>.<br>
-* Supported IP version: <b>IPv6</b> only.
-*/
-
-#if HAVE_IPSEC_XP
-
-#include "tsk_debug.h"
-#include "tsk_memory.h"
-
-
-#define TINYIPSEC_XP_GET_ALGO(algo) ((algo == algo_hmac_md5_96) ? "HMAC-MD5-96" : "HMAC-SHA1")
-#define TINYIPSEC_XP_GET_MODE(mode) ((mode == mode_tun) ? "TUNNEL" : "TRANSPORT")
-#define TINYIPSEC_XP_GET_PROTO(proto) ((proto == proto_ah) ? "AH" : "ESP")
-#define TINYIPSEC_XP_GET_IPPROTO(ipproto) ((ipproto == ipproto_tcp) ? "TCP" : ((ipproto == ipproto_icmp) ? "ICMP" : "UDP"))
-
-/**@ingroup tipsec_xp_group
-* @def TINYIPSEC_IPSEC6_FILE
-*/
-/**@ingroup tipsec_xp_group
-* @def TINYIPSEC_IPSEC6_FILE_KEY
-*/
-/**@ingroup tipsec_xp_group
-* @def TINYIPSEC_IPSEC6_FILE_SAD
-*/
-/**@ingroup tipsec_xp_group
-* @def TINYIPSEC_IPSEC6_FILE_SPD
-*/
-#define TINYIPSEC_IPSEC6_FILE "tinyIPSec"
-#define TINYIPSEC_IPSEC6_FILE_KEY TINYIPSEC_IPSEC6_FILE".key"
-#define TINYIPSEC_IPSEC6_FILE_SAD TINYIPSEC_IPSEC6_FILE".sad"
-#define TINYIPSEC_IPSEC6_FILE_SPD TINYIPSEC_IPSEC6_FILE".spd"
-
-#define TINYIPSEC_IPSEC6_TEMPLATE_POLICY "\n"\
-"Security Policy List\n"\
-"\n"\
-"Policy RemoteIPAddr LocalIPAddr Protocol RemotePort LocalPort IPSecProtocol IPSecMode RemoteGWIPAddr SABundleIndex Direction Action InterfaceIndex \n"\
-"_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________\n"\
-"%s - %s - %s - %s - %u - %u %s %s %s %s %s %s %s ;\n"\
-"%s - %s - %s - %s - %u - %u %s %s %s %s %s %s %s ;\n"\
-"_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________\n"\
-"\n"\
-"- = Take selector from policy.\n"\
-"+ = Take selector from packet.\n"
-#define TINYIPSEC_IPSEC6_TEMPLATE_SA "\n"\
-"Security Association List\n"\
-"\n"\
-"SAEntry SPI SADestIPAddr DestIPAddr SrcIPAddr Protocol DestPort SrcPort AuthAlg KeyFile Direction SecPolicyIndex \n"\
-"___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________\n"\
-"%s %u %s %s %s %s %s %s %s %s %s %s ;\n"\
-"%s %u %s %s %s %s %s %s %s %s %s %s ;\n"\
-"%s %u %s %s %s %s %s %s %s %s %s %s ;\n"\
-"%s %u %s %s %s %s %s %s %s %s %s %s ;\n"\
-"___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________\n"
-
-/**@ingroup tipsec_xp_group
-*/
-#define TINYIPSEC_IPSEC6_UCPS_POLICY "11111983"
-/**@ingroup tipsec_xp_group
-*/
-#define TINYIPSEC_IPSEC6_USPC_POLICY "22221983"
-
-/**@ingroup tipsec_xp_group
-* IPSec context.
-*/
-typedef struct tipsec_context_xp_s
-{
- TINYIPSEC_DECLARE_CONTEXT;
-
-}
-tipsec_context_xp_t;
-
-/**@ingroup tipsec_xp_group
-*/
-#define TIPSEC_CONTEXT_XP(ctx) ((tipsec_context_xp_t*)(ctx))
-
-int tipsec_set_IKey(tipsec_context_xp_t* ctx_xp);
-int tipsec_set_SPDs(tipsec_context_xp_t* ctx_xp);
-int tipsec_set_SAs(tipsec_context_xp_t* ctx_xp);
-
-struct handleInfo{
- HANDLE process;
- HANDLE pipe;
-};
-
-int tipsec_run_command(TCHAR *args);
-DWORD WINAPI tipsec_waitForExit(void *arg);
-
-/**@ingroup tipsec_xp_group
-*/
-int tipsec_start(tipsec_context_t* ctx)
-{
- tipsec_context_xp_t* ctx_xp = TIPSEC_CONTEXT_XP(ctx);
- int ret = -1;
-
- if(!ctx_xp){
- ret = -1;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->started){
- TSK_DEBUG_WARN("The IPSec context already started.");
- ret = -2;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->state != state_full){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- if((ret = tipsec_set_IKey(ctx_xp))){
- TSK_DEBUG_ERROR("Failed to set IKey.");
- goto bail;
- }
-
- if((ret = tipsec_set_SPDs(ctx_xp))){
- TSK_DEBUG_ERROR("Failed to set SPDs.");
- goto bail;
- }
-
- if((ret = tipsec_set_SAs(ctx_xp))){
- TSK_DEBUG_ERROR("Failed to set SAs.");
- goto bail;
- }
-
- /* delete previous Policies */
- tipsec_run_command(TEXT("d sp "TEXT(TINYIPSEC_IPSEC6_UCPS_POLICY)));
- tipsec_run_command(TEXT("d sp "TEXT(TINYIPSEC_IPSEC6_USPC_POLICY)));
-
- /* Load new policies */
- if(!(ret = tipsec_run_command(TEXT("l "TEXT(TINYIPSEC_IPSEC6_FILE))))){
- TIPSEC_CONTEXT(ctx_xp)->started = 1;
- }
-
-bail:
- /* Remove files */
- remove(TINYIPSEC_IPSEC6_FILE_SPD);
- remove(TINYIPSEC_IPSEC6_FILE_SAD);
- remove(TINYIPSEC_IPSEC6_FILE_KEY);
-
- return ret;
-}
-
-/**@ingroup tipsec_xp_group
-*/
-int tipsec_set_local(tipsec_context_t* ctx, const char* addr_local, const char* addr_remote, tipsec_port_t port_uc, tipsec_port_t port_us)
-{
- tipsec_context_xp_t* ctx_xp = TIPSEC_CONTEXT_XP(ctx);
- int ret = -1;
-
- if(!ctx_xp){
- ret = -1;
- goto bail;
- }
-
- if(!addr_local || !port_uc || !port_us){
- ret = -2;
- goto bail;
- }
-
- if(!TIPSEC_CONTEXT(ctx_xp)->initialized){
- TSK_DEBUG_ERROR("IPSec engine not initialized.");
- ret = -3;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->state != state_initial){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -4;
- goto bail;
- }
-
- /* Set local/remote IPv6 addresses*/
- tsk_strupdate((char**)&TIPSEC_CONTEXT(ctx_xp)->addr_local, addr_local);
- tsk_strupdate((char**)&TIPSEC_CONTEXT(ctx_xp)->addr_remote, addr_remote);
-
- /* Set ports */
- TIPSEC_CONTEXT(ctx_xp)->port_uc = port_uc;
- TIPSEC_CONTEXT(ctx_xp)->port_us = port_us;
-
- /* Set SPIs */
- TIPSEC_CONTEXT(ctx_xp)->spi_uc = (rand() ^ rand());
- TIPSEC_CONTEXT(ctx_xp)->spi_us = (rand() ^ rand());
-
- TIPSEC_CONTEXT(ctx_xp)->state = state_inbound;
-
- ret = 0;
-
-bail:
- return ret;
-}
-
-/**@ingroup tipsec_xp_group
-*/
-int tipsec_set_keys(tipsec_context_t* ctx, const tipsec_key_t* ik, const tipsec_key_t* ck)
-{
- if(!ctx || !ik || !ck){
- return -1;
- }
-
- TSK_FREE(ctx->ik);
- TSK_FREE(ctx->ck);
-
- ctx->ik = tsk_strndup(ik, TIPSEC_KEY_LEN);
- ctx->ck = tsk_strndup(ck, TIPSEC_KEY_LEN); /* XP version of IPSec do not support encryption key but we copy ck (Who know?). */
-
- return 0;
-}
-
-/**@ingroup tipsec_xp_group
-*/
-int tipsec_set_remote(tipsec_context_t* ctx, tipsec_spi_t spi_pc, tipsec_spi_t spi_ps, tipsec_port_t port_pc, tipsec_port_t port_ps, tipsec_lifetime_t lifetime)
-{
- tipsec_context_xp_t* ctx_xp = TIPSEC_CONTEXT_XP(ctx);
- int ret = -1;
-
- if(!ctx_xp){
- ret = -1;
- goto bail;
- }
-
- if(!lifetime || !port_pc || !port_ps){
- ret = -2;
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->state != state_inbound){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- /* Set Lifetime */
- TIPSEC_CONTEXT(ctx_xp)->lifetime = lifetime;
-
- /* Set ports */
- TIPSEC_CONTEXT(ctx_xp)->port_ps = port_ps;
- TIPSEC_CONTEXT(ctx_xp)->port_pc = port_pc;
-
- /* Set spis */
- TIPSEC_CONTEXT(ctx_xp)->spi_ps = spi_ps;
- TIPSEC_CONTEXT(ctx_xp)->spi_pc = spi_pc;
-
- TIPSEC_CONTEXT(ctx_xp)->state = state_full;
-
- ret = 0;
-
-bail:
- return ret;
-}
-
-/**@ingroup tipsec_xp_group
-*/
-int tipsec_stop(tipsec_context_t* ctx)
-{
- tipsec_context_xp_t* ctx_xp = TIPSEC_CONTEXT_XP(ctx);
- int ret = -1;
-
- /* Load previous Policies */
- ret = tipsec_run_command(TEXT("d sp "TEXT(TINYIPSEC_IPSEC6_UCPS_POLICY)));
- ret = tipsec_run_command(TEXT("d sp "TEXT(TINYIPSEC_IPSEC6_USPC_POLICY)));
-
- return ret;
-}
-
-
-int tipsec_set_IKey(tipsec_context_xp_t* ctx_xp)
-{
- int ret = -1;
- FILE* file = NULL;
-
- if(!ctx_xp){
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->state != state_full){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- if(!(file = fopen(TINYIPSEC_IPSEC6_FILE_KEY, "wb+"))){
- TSK_DEBUG_ERROR("Failed to open file [%s].", TINYIPSEC_IPSEC6_FILE_KEY);
- ret = -4;
- goto bail;
- }
-
- fwrite(TIPSEC_CONTEXT(ctx_xp)->ik, TIPSEC_KEY_LEN, sizeof(uint8_t), file);
-
- if(TIPSEC_CONTEXT(ctx_xp)->alg == algo_hmac_md5_96){ /* Pad if HMAC-MD5-96 */
- uint8_t zeros[4];
- memset(zeros, 0, 4);
- fwrite(zeros, 4, sizeof(uint8_t), file);
- }
-
- ret = 0;
-
-bail:
- if(file){
- fclose(file);
- }
-
- return ret;
-}
-
-int tipsec_set_SPDs(tipsec_context_xp_t* ctx_xp)
-{
- int ret = -1;
- FILE* file = NULL;
- char* str = NULL;
-
- if(!ctx_xp){
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->state != state_full){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- if(!(file = fopen(TINYIPSEC_IPSEC6_FILE_SPD, "wb+"))){
- TSK_DEBUG_ERROR("Failed to open file [%s].", TINYIPSEC_IPSEC6_FILE_SPD);
- ret = -4;
- goto bail;
- }
-
- tsk_sprintf(&str, TINYIPSEC_IPSEC6_TEMPLATE_POLICY,
- /* UC -> PS */
- TINYIPSEC_IPSEC6_UCPS_POLICY,
- TIPSEC_CONTEXT(ctx_xp)->addr_remote,
- TIPSEC_CONTEXT(ctx_xp)->addr_local,
- TINYIPSEC_XP_GET_IPPROTO(TIPSEC_CONTEXT(ctx_xp)->ipproto),
- TIPSEC_CONTEXT(ctx_xp)->port_ps,
- TIPSEC_CONTEXT(ctx_xp)->port_uc,
- TINYIPSEC_XP_GET_PROTO(TIPSEC_CONTEXT(ctx_xp)->protocol),
- TINYIPSEC_XP_GET_MODE(TIPSEC_CONTEXT(ctx_xp)->mode),
- "*", /* RemoteGWIPAddr */
- "NONE", /* SABundleIndex */
- "BIDIRECT", /* Direction */
- "APPLY", /* Action */
- "0", /* InterfaceIndex */
-
- /* US -> PC */
- TINYIPSEC_IPSEC6_USPC_POLICY,
- TIPSEC_CONTEXT(ctx_xp)->addr_remote,
- TIPSEC_CONTEXT(ctx_xp)->addr_local,
- TINYIPSEC_XP_GET_IPPROTO(TIPSEC_CONTEXT(ctx_xp)->ipproto),
- TIPSEC_CONTEXT(ctx_xp)->port_pc,
- TIPSEC_CONTEXT(ctx_xp)->port_us,
- TINYIPSEC_XP_GET_PROTO(TIPSEC_CONTEXT(ctx_xp)->protocol),
- TINYIPSEC_XP_GET_MODE(TIPSEC_CONTEXT(ctx_xp)->mode),
- "*", /* RemoteGWIPAddr */
- "NONE", /* SABundleIndex */
- "BIDIRECT", /* Direction */
- "APPLY", /* Action */
- "0" /* InterfaceIndex */
- );
-
- fwrite(str, tsk_strlen(str), sizeof(uint8_t), file);
- ret = 0;
-
-bail:
- if(file){
- fclose(file);
- }
- if(str){
- TSK_FREE(str);
- }
- return ret;
-}
-
-int tipsec_set_SAs(tipsec_context_xp_t* ctx_xp)
-{
-
- int ret = -1;
- FILE* file = NULL;
- char* str = NULL;
-
- if(!ctx_xp){
- goto bail;
- }
-
- if(TIPSEC_CONTEXT(ctx_xp)->state != state_full){
- TSK_DEBUG_ERROR("IPSec context is in the wrong state.");
- ret = -3;
- goto bail;
- }
-
- if(!(file = fopen(TINYIPSEC_IPSEC6_FILE_SAD, "wb+"))){
- TSK_DEBUG_ERROR("Failed to open file [%s].", TINYIPSEC_IPSEC6_FILE_SAD);
- ret = -4;
- goto bail;
- }
-
- tsk_sprintf(&str, TINYIPSEC_IPSEC6_TEMPLATE_SA,
- /* PC -> US */
- "1", // SAEntry
- TIPSEC_CONTEXT(ctx_xp)->spi_us, // SPI
- TIPSEC_CONTEXT(ctx_xp)->addr_local, // SADestIPAddr
- "POLICY", // DestIPAddr
- "POLICY", // SrcIPAddr
- "POLICY", // Protocol
- "POLICY", // DestPort
- "POLICY", // SrcPort
- TINYIPSEC_XP_GET_ALGO(TIPSEC_CONTEXT(ctx_xp)->alg), // AuthAlg
- TINYIPSEC_IPSEC6_FILE_KEY, // KeyFile
- "INBOUND", // Direction
- "0", /* SecPolicyIndex */
-
- /* US -> PC */
- "2", // SAEntry
- TIPSEC_CONTEXT(ctx_xp)->spi_pc, // SPI
- TIPSEC_CONTEXT(ctx_xp)->addr_remote, // SADestIPAddr
- "POLICY", // DestIPAddr
- "POLICY", // SrcIPAddr
- "POLICY", // Protocol
- "POLICY", // DestPort
- "POLICY", // SrcPort
- TINYIPSEC_XP_GET_ALGO(TIPSEC_CONTEXT(ctx_xp)->alg), // AuthAlg
- TINYIPSEC_IPSEC6_FILE_KEY, // KeyFile
- "OUTBOUND", // Direction
- "0", /* SecPolicyIndex */
-
- /* PS -> UC */
- "3", // SAEntry
- TIPSEC_CONTEXT(ctx_xp)->spi_uc, // SPI
- TIPSEC_CONTEXT(ctx_xp)->addr_local, // SADestIPAddr
- "POLICY", // DestIPAddr
- "POLICY", // SrcIPAddr
- "POLICY", // Protocol
- "POLICY", // DestPort
- "POLICY", // SrcPort
- TINYIPSEC_XP_GET_ALGO(TIPSEC_CONTEXT(ctx_xp)->alg), // AuthAlg
- TINYIPSEC_IPSEC6_FILE_KEY, // KeyFile
- "INBOUND", // Direction
- "0", /* SecPolicyIndex */
-
- /* UC -> PS */
- "4", // SAEntry
- TIPSEC_CONTEXT(ctx_xp)->spi_ps, // SPI
- TIPSEC_CONTEXT(ctx_xp)->addr_remote, // SADestIPAddr
- "POLICY", // DestIPAddr
- "POLICY", // SrcIPAddr
- "POLICY", // Protocol
- "POLICY", // DestPort
- "POLICY", // SrcPort
- TINYIPSEC_XP_GET_ALGO(TIPSEC_CONTEXT(ctx_xp)->alg), // AuthAlg
- TINYIPSEC_IPSEC6_FILE_KEY, // KeyFile
- "OUTBOUND", // Direction
- "0" /* SecPolicyIndex */
- );
-
- fwrite(str, tsk_strlen(str), sizeof(uint8_t), file);
- ret = 0;
-
-bail:
- if(file){
- fclose(file);
- }
- if(str){
- TSK_FREE(str);
- }
- return ret;
-}
-
-int tipsec_run_command(TCHAR *args)
-{
-#define TIPSEC_PIPE_BUFFER 1024
-
- DWORD bread=0,tid=0;
- int ret = -1;
- struct handleInfo hInfo;
- TCHAR _args[MAX_PATH];
- HANDLE writePipe, readPipe, hThread;
- SECURITY_ATTRIBUTES secAttr = {sizeof(SECURITY_ATTRIBUTES), NULL, TRUE};
-
- STARTUPINFO si = {0};
- PROCESS_INFORMATION pi = {0};
-
- char buffer[TIPSEC_PIPE_BUFFER];
-
- /* Create pipes */
- if((ret = CreatePipe(&readPipe, &writePipe, &secAttr, 0)) == 0) {
- TSK_DEBUG_ERROR("CreatePipe failed with error code [%d].", GetLastError());
- ret = -5;
- goto bail;
- }
-
- wsprintf(_args, TEXT("\"%s\" %s"), TEXT("ipsec6.exe"), args );
-
- memset(buffer, 0, TIPSEC_PIPE_BUFFER);
-
- si.cb = sizeof(STARTUPINFO);
- si.dwFlags = STARTF_USESTDHANDLES;
- si.hStdInput = NULL;
- si.hStdOutput = writePipe;
- si.hStdError = NULL;
-
-
- /* Create process */
- if (CreateProcess(NULL, _args, NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi) == 0){
- TSK_DEBUG_ERROR("CreateProcess failed with error code [%d].", GetLastError());
- ret = -3;
- goto bail;
- }
-
- hInfo.process = pi.hProcess;
- hInfo.pipe = writePipe;
-
- /* Create thread */
- if((hThread = CreateThread(NULL, 0, tipsec_waitForExit, &hInfo, 0, &tid)) == NULL) {
- TSK_DEBUG_ERROR("CreateThread failed with error code [%d].", GetLastError());
- ret = -4;
- goto bail;
- }
-
- /* For debugging */
-#if defined(DEBUG) || defined(_DEBUG)
- while (ReadFile(readPipe, buffer, TIPSEC_PIPE_BUFFER-2, &bread, NULL))
- {
- if(bread > 0){
- TSK_DEBUG_INFO("IPSEC6 ==> %s\n-------------\n", buffer);
- memset(buffer, 0, TIPSEC_PIPE_BUFFER); /* reset the buffer. */
- }
- }
-#endif
-
- ret = 0;
-
-bail:
- return ret;
-}
-
-DWORD WINAPI tipsec_waitForExit(void *arg)
-{
- struct handleInfo *info = (struct handleInfo *)arg;
- WaitForSingleObject(&(info->process),INFINITE);
- CloseHandle(info->pipe);
- return 0;
-}
-
-
-
-
-
-
-
-//=================================================================================================
-// IPSec context object definition
-//
-static tsk_object_t* tipsec_context_ctor(tsk_object_t * self, va_list * app)
-{
- tipsec_context_xp_t *context = self;
- if(context){
- TIPSEC_CONTEXT(context)->ipproto = va_arg(*app, tipsec_ipproto_t);
- TIPSEC_CONTEXT(context)->use_ipv6 = va_arg(*app, int);
- TIPSEC_CONTEXT(context)->mode = va_arg(*app, tipsec_mode_t);
- TIPSEC_CONTEXT(context)->ealg = va_arg(*app, tipsec_ealgorithm_t);
- TIPSEC_CONTEXT(context)->alg = va_arg(*app, tipsec_algorithm_t);
- TIPSEC_CONTEXT(context)->protocol = va_arg(*app, tipsec_protocol_t);
-
- /* Open engine */
- if(!TIPSEC_CONTEXT(context)->use_ipv6){
- TSK_DEBUG_ERROR("IPSec/IPv4 is not supported on Windows XP.");
-
- TIPSEC_CONTEXT(context)->initialized = tsk_false;
- goto bail;
- }
- else{
- TIPSEC_CONTEXT(context)->initialized = tsk_true;
- }
-
- TIPSEC_CONTEXT(context)->state = state_initial;
- }
-bail:
- return self;
-}
-
-static tsk_object_t* tipsec_context_dtor(tsk_object_t * self)
-{
- tipsec_context_xp_t *context = self;
- if(context)
- {
- if(TIPSEC_CONTEXT(context)->started){
- tipsec_stop(TIPSEC_CONTEXT(context));
- }
-
- TSK_FREE(TIPSEC_CONTEXT(context)->addr_local);
- TSK_FREE(TIPSEC_CONTEXT(context)->addr_remote);
-
- TSK_FREE(TIPSEC_CONTEXT(context)->ik);
- TSK_FREE(TIPSEC_CONTEXT(context)->ck);
- }
-
- return self;
-}
-
-static int tipsec_context_cmp(const tsk_object_t *obj1, const tsk_object_t *obj2)
-{
- return-1;
-}
-
-static const tsk_object_def_t tipsec_context_def_s =
-{
- sizeof(tipsec_context_xp_t),
- tipsec_context_ctor,
- tipsec_context_dtor,
- tipsec_context_cmp,
-};
-const void *tipsec_context_def_t = &tipsec_context_def_s;
-
-
-#endif /* HAVE_IPSEC_XP */
diff --git a/branches/1.0/tinyIPSec/src/tipsec_xp.h b/branches/1.0/tinyIPSec/src/tipsec_xp.h
deleted file mode 100644
index a34dcc7..0000000
--- a/branches/1.0/tinyIPSec/src/tipsec_xp.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
-* Copyright (C) 2009-2010 Mamadou Diop.
-*
-* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
-*
-* This file is part of Open Source Doubango Framework.
-*
-* DOUBANGO is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* DOUBANGO is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with DOUBANGO.
-*
-*/
-
-/**@file tipsec_xp.h
- * @brief Windows XP/2003 IPsec implementation using ipsec6 tool.
- * @sa http://technet.microsoft.com/en-us/library/cc787900.aspx
- *
- * @author Mamadou Diop <diopmamadou(at)doubango.org>
- *
- * @date Created: Sat Nov 8 16:54:58 2009 mdiop
- */
-#ifndef TINYIPSEC_IPSEC_XP_H
-#define TINYIPSEC_IPSEC_XP_H
-
-#include "tinyipsec_config.h"
-
-#include "tipsec_common.h"
-
-TIPSEC_BEGIN_DECLS
-
-#if HAVE_IPSEC_XP
-
-
-
-#endif /* HAVE_IPSEC_XP */
-
-
-TIPSEC_END_DECLS
-
-
-#endif /* TINYIPSEC_IPSEC_XP_H */
OpenPOWER on IntegriCloud