diff --git a/src/Cedar/Proto_IkePacket.c b/src/Cedar/Proto_IkePacket.c index 4554ae91..f9c37095 100644 --- a/src/Cedar/Proto_IkePacket.c +++ b/src/Cedar/Proto_IkePacket.c @@ -138,86 +138,6 @@ BUF *IkeStrToPassword(char *str) return b; } -// Phase 1: Convert the encryption algorithm name to key size -UINT IkePhase1CryptIdToKeySize(UCHAR id) -{ - switch (id) - { - case IKE_P1_CRYPTO_3DES_CBC: - return DES3_KEY_SIZE; - - case IKE_P1_CRYPTO_DES_CBC: - return DES_KEY_SIZE; - } - - return 0; -} - -// Phase 2: Convert the encryption algorithm name to key size -UINT IkePhase2CryptIdToKeySize(UCHAR id) -{ - switch (id) - { - case IKE_TRANSFORM_ID_P2_ESP_3DES: - return DES3_KEY_SIZE; - - case IKE_TRANSFORM_ID_P2_ESP_DES: - return DES_KEY_SIZE; - } - - return 0; -} - -// Convert a string to an algorithm name -UCHAR IkeStrToPhase1CryptId(char *name) -{ - if (StartWith(name, "3DES") || StartWith("3DES", name)) - { - return IKE_P1_CRYPTO_3DES_CBC; - } - else if (StartWith(name, "DES") || StartWith("DES", name)) - { - return IKE_P1_CRYPTO_DES_CBC; - } - else - { - return 0; - } -} -UCHAR IkeStrToPhase1HashId(char *name) -{ - if (StartWith(name, "SHA-1") || StartWith("SHA-1", name)) - { - return IKE_P1_HASH_SHA1; - } - - return 0; -} -UCHAR IkeStrToPhase2CryptId(char *name) -{ - if (StartWith(name, "3DES") || StartWith("3DES", name)) - { - return IKE_TRANSFORM_ID_P2_ESP_3DES; - } - else if (StartWith(name, "DES") || StartWith("DES", name)) - { - return IKE_TRANSFORM_ID_P2_ESP_DES; - } - else - { - return 0; - } -} -UCHAR IkeStrToPhase2HashId(char *name) -{ - if (StartWith(name, "SHA-1") || StartWith("SHA-1", name)) - { - return IKE_P2_HMAC_SHA1_96; - } - - return 0; -} - // Build a data payload BUF *IkeBuildDataPayload(IKE_PACKET_DATA_PAYLOAD *t) { @@ -871,23 +791,6 @@ IKE_PACKET_PAYLOAD *IkeNewNoticeErrorInvalidCookiePayload(UINT64 init_cookie, UI return ret; } -// Create an Invalid Exchange Type Payload -IKE_PACKET_PAYLOAD *IkeNewNoticeErrorInvalidExchangeTypePayload(UINT64 init_cookie, UINT64 resp_cookie, UCHAR exchange_type) -{ - IKE_PACKET_PAYLOAD *ret; - BUF *b = NewBuf(); - - WriteBufInt64(b, init_cookie); - WriteBufInt64(b, resp_cookie); - - ret = IkeNewNoticePayload(IKE_PROTOCOL_ID_IKE, IKE_NOTICE_ERROR_INVALID_EXCHANGE_TYPE, b->Buf, b->Size, - &exchange_type, 1); - - FreeBuf(b); - - return ret; -} - // Create an Invalid SPI payload IKE_PACKET_PAYLOAD *IkeNewNoticeErrorInvalidSpiPayload(UINT spi) { @@ -938,38 +841,6 @@ IKE_PACKET_PAYLOAD *IkeNewNoticeDpdPayload(bool ack, UINT64 init_cookie, UINT64 return ret; } -// Create a Certificate Request Payload -IKE_PACKET_PAYLOAD *IkeNewCertRequestPayload(UCHAR cert_type, void *data, UINT size) -{ - IKE_PACKET_PAYLOAD *p; - if (data == NULL && size != 0) - { - return NULL; - } - - p = IkeNewPayload(IKE_PAYLOAD_CERT_REQUEST); - p->Payload.CertRequest.CertType = cert_type; - p->Payload.CertRequest.Data = MemToBuf(data, size); - - return p; -} - -// Create a Certificate payload -IKE_PACKET_PAYLOAD *IkeNewCertPayload(UCHAR cert_type, void *cert_data, UINT cert_size) -{ - IKE_PACKET_PAYLOAD *p; - if (cert_data == NULL && cert_size != 0) - { - return NULL; - } - - p = IkeNewPayload(IKE_PAYLOAD_CERT); - p->Payload.Cert.CertType = cert_type; - p->Payload.Cert.CertData = MemToBuf(cert_data, cert_size); - - return p; -} - // Create an ID payload IKE_PACKET_PAYLOAD *IkeNewIdPayload(UCHAR id_type, UCHAR protocol_id, USHORT port, void *id_data, UINT id_size) { @@ -2292,12 +2163,7 @@ void IkeDebugUdpSendRawPacket(IKE_PACKET *p) p->FlagEncrypted = false; - b = NULL; - - if (b == NULL) - { - b = IkeBuildEx(p, NULL, true); - } + b = IkeBuildEx(p, NULL, true); if (b == NULL) { @@ -2538,21 +2404,6 @@ IKE_PACKET *IkeNew(UINT64 init_cookie, UINT64 resp_cookie, UCHAR exchange_type, return p; } -// Create a new SPI value -UINT IkeNewSpi() -{ - while (true) - { - UINT i = Rand32(); - - if (i >= 4096) - { - return i; - } - } -} - - // Create an encryption engine for IKE IKE_ENGINE *NewIkeEngine() { diff --git a/src/Cedar/Proto_IkePacket.h b/src/Cedar/Proto_IkePacket.h index 4292e535..51847206 100644 --- a/src/Cedar/Proto_IkePacket.h +++ b/src/Cedar/Proto_IkePacket.h @@ -698,15 +698,12 @@ IKE_PACKET_PAYLOAD *IkeNewProposalPayload(UCHAR number, UCHAR protocol_id, void IKE_PACKET_PAYLOAD *IkeNewTransformPayload(UCHAR number, UCHAR transform_id, LIST *value_list); IKE_PACKET_TRANSFORM_VALUE *IkeNewTransformValue(UCHAR type, UINT value); IKE_PACKET_PAYLOAD *IkeNewIdPayload(UCHAR id_type, UCHAR protocol_id, USHORT port, void *id_data, UINT id_size); -IKE_PACKET_PAYLOAD *IkeNewCertPayload(UCHAR cert_type, void *cert_data, UINT cert_size); -IKE_PACKET_PAYLOAD *IkeNewCertRequestPayload(UCHAR cert_type, void *data, UINT size); IKE_PACKET_PAYLOAD *IkeNewNoticePayload(UCHAR protocol_id, USHORT message_type, void *spi, UINT spi_size, void *message, UINT message_size); IKE_PACKET_PAYLOAD *IkeNewDeletePayload(UCHAR protocol_id, LIST *spi_list); IKE_PACKET_PAYLOAD *IkeNewNoticeErrorInvalidCookiePayload(UINT64 init_cookie, UINT64 resp_cookie); -IKE_PACKET_PAYLOAD *IkeNewNoticeErrorInvalidExchangeTypePayload(UINT64 init_cookie, UINT64 resp_cookie, UCHAR exchange_type); IKE_PACKET_PAYLOAD *IkeNewNoticeErrorInvalidSpiPayload(UINT spi); IKE_PACKET_PAYLOAD *IkeNewNoticeErrorNoProposalChosenPayload(bool quick_mode, UINT64 init_cookie, UINT64 resp_cookie); IKE_PACKET_PAYLOAD *IkeNewNoticeDpdPayload(bool ack, UINT64 init_cookie, UINT64 resp_cookie, UINT seq_no); @@ -732,15 +729,7 @@ BUF *IkeBuildTransformPayload(IKE_PACKET_TRANSFORM_PAYLOAD *t); UINT IkeGetTransformValue(IKE_PACKET_TRANSFORM_PAYLOAD *t, UINT type, UINT index); UINT IkeGetTransformValueNum(IKE_PACKET_TRANSFORM_PAYLOAD *t, UINT type); -UCHAR IkeStrToPhase1CryptId(char *name); -UCHAR IkeStrToPhase1HashId(char *name); -UCHAR IkeStrToPhase2CryptId(char *name); -UCHAR IkeStrToPhase2HashId(char *name); BUF *IkeStrToPassword(char *str); -UINT IkePhase1CryptIdToKeySize(UCHAR id); -UINT IkePhase2CryptIdToKeySize(UCHAR id); - -UINT IkeNewSpi(); IKE_ENGINE *NewIkeEngine(); IKE_CRYPTO *NewIkeCrypto(IKE_ENGINE *e, UINT crypto_id, char *name, UINT *key_sizes, UINT num_key_sizes, UINT block_size);