| blob | 81ce5ca28a4a40055353559ccf5e214488580631 |
1 /*----------------------------------------------------------------------
2 key.c: Main routines for the key(8) tool for manually managing
3 cryptographic keys and security associations inside the
4 Key Engine of the operating system.
6 Future Enhancements should support:
7 multiple sensitivity levels
8 OSPFv2 keys
9 RIPv2 keys
10 Triple DES for ESP
11 DES+MD5 for ESP
13 Copyright 1995 by Bao Phan, Randall Atkinson, & Dan McDonald,
14 All Rights Reserved. All Rights have been assigned to the
15 US Naval Research Laboratory. The NRL Copyright Notice and
16 License govern distribution and use of this software.
17 ----------------------------------------------------------------------*/
18 /*----------------------------------------------------------------------
19 # @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
21 COPYRIGHT NOTICE
23 All of the documentation and software included in this software
24 distribution from the US Naval Research Laboratory (NRL) are
25 copyrighted by their respective developers.
27 This software and documentation were developed at NRL by various
28 people. Those developers have each copyrighted the portions that they
29 developed at NRL and have assigned All Rights for those portions to
30 NRL. Outside the USA, NRL also has copyright on the software
31 developed at NRL. The affected files all contain specific copyright
32 notices and those notices must be retained in any derived work.
34 NRL LICENSE
36 NRL grants permission for redistribution and use in source and binary
37 forms, with or without modification, of the software and documentation
38 created at NRL provided that the following conditions are met:
40 1. Redistributions of source code must retain the above copyright
41 notice, this list of conditions and the following disclaimer.
42 2. Redistributions in binary form must reproduce the above copyright
43 notice, this list of conditions and the following disclaimer in the
44 documentation and/or other materials provided with the distribution.
45 3. All advertising materials mentioning features or use of this software
46 must display the following acknowledgement:
48 This product includes software developed at the Information
49 Technology Division, US Naval Research Laboratory.
51 4. Neither the name of the NRL nor the names of its contributors
52 may be used to endorse or promote products derived from this software
53 without specific prior written permission.
55 THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
56 IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
57 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
58 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
59 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
60 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
61 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
62 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
63 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
64 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
65 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
67 The views and conclusions contained in the software and documentation
68 are those of the authors and should not be interpreted as representing
69 official policies, either expressed or implied, of the US Naval
70 Research Laboratory (NRL).
72 ----------------------------------------------------------------------*/
74 /*
75 * $ANA: keyadmin.c,v 1.2 1996/06/13 19:42:40 wollman Exp $
76 * $DragonFly: src/usr.sbin/keyadmin/keyadmin.c,v 1.4 2005/12/05 01:04:01 swildner Exp $
77 */
79 #include <sys/types.h>
80 #include <sys/stat.h>
81 #include <sys/socket.h>
82 #include <sys/socketvar.h>
84 #include <err.h>
85 #include <errno.h>
86 #include <fcntl.h>
87 #include <netdb.h>
88 #include <stdio.h>
89 #include <stdlib.h>
90 #include <string.h>
91 #include <unistd.h>
93 #include <netinet/in.h>
95 #ifdef INET6
96 #include <netinet6/in6.h>
98 #if 0
99 #include <netinet6/in6_types.h>
100 #endif
103 #ifdef IPSEC
104 #include <netsec/ipsec.h>
105 #endif
106 #include <netkey/key.h>
108 #ifdef INET6
109 #include <netinet6/support.h>
110 #endif
113 #define hostname2addr(a, b, c) gethostbyname(a)
114 #define addr2hostname(a, b, c, d) gethostbyaddr((a), (b), (c))
115 #endif
117 #include <arpa/inet.h>
123 #define KEYCMD_ARG_MAX 10
125 #define KEYCMD_LOAD 1
126 #define KEYCMD_SAVE 2
127 #define KEYCMD_ADD 3
128 #define KEYCMD_DEL 4
129 #define KEYCMD_FLUSH 5
130 #define KEYCMD_GET 6
131 #define KEYCMD_DUMP 7
132 #define KEYCMD_HELP 8
133 #define KEYCMD_EXIT 9
134 #define KEYCMD_SHELL 10
140 };
175 };
177 /* flags: index into algorithmtabs */
180 #ifdef IPSEC
183 #endif
188 };
191 #define IPSEC_ALGTYPE_AUTH_MD5 1
192 #endif
194 /* flags: true = iv req. */
197 #ifdef DEBUG
198 /* These provide no security but are useful for debugging the
199 kernel's ESP and Key Engine and PF_KEY routines */
202 #endif
204 };
207 #define IPSEC_ALGTYPE_ESP_DES_CBC 1
208 #endif
210 /* flags: true = iv req. */
213 #ifdef DEBUG
214 /* These provide no security but are useful for debugging the
215 kernel's ESP and Key Engine and PF_KEY routines */
217 #endif
219 };
221 /*
222 * These numbers should be defined in a header file somewhere
223 * and shared with the consuming programs, once someone has
224 * actually written the support in those programs (rspvd,
225 * gated, and routed). Probably <protocols/*>...?
226 */
231 };
237 };
243 };
245 /* NB: It is the ordering here that determines the values for the
246 flags specified above that are used to index into algorithmtabs[] */
248 authalgorithms,
249 encralgorithms,
250 rsvpalgorithms,
251 ospfalgorithms,
252 ripalgorithms,
253 NULL
254 };
258 #define MAXRCVBUFSIZE 8 * 1024
268 pid_t mypid;
270 \f
271 /*----------------------------------------------------------------------
272 help: Print appropriate help message on stdout.
274 ----------------------------------------------------------------------*/
275 int
277 {
288 }
299 }
302 }
304 /*----------------------------------------------------------------------
305 usage: print suitable usage message on stdout.
307 ----------------------------------------------------------------------*/
308 static void
310 {
313 }
315 /*----------------------------------------------------------------------
316 parsekey: parse argument into a binary key and also record
317 the length of the resulting key.
318 ----------------------------------------------------------------------*/
319 int
321 {
323 u_int8_t thisbyte;
330 }
335 }
343 else
346 else
352 }
358 j++;
359 k++;
360 }
365 }
367 /*----------------------------------------------------------------------
368 parsenametonum: converts command-line name into index number.
370 ----------------------------------------------------------------------*/
371 int
373 {
382 }
384 /*----------------------------------------------------------------------
385 parsesockaddr: Convert hostname arg into an appropriate sockaddr.
387 ----------------------------------------------------------------------*/
388 int
390 {
393 #ifdef INET6
402 }
408 }
410 #ifdef INET6
416 }
422 }
428 fillin4:
435 #ifdef INET6
436 fillin6:
443 }
445 /*----------------------------------------------------------------------
446 dummyfromaddr: Creates a zeroed sockaddr of family af.
448 ----------------------------------------------------------------------*/
449 void
451 {
453 #ifdef INET6
461 }
463 /*
464 * Macros to ensure word alignment.
465 */
466 #define ROUNDUP(a) \
467 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
468 #define ADVANCE(x, n) \
469 { x += ROUNDUP(n); }
472 /*----------------------------------------------------------------------
473 parse4: parse keytype, spi, src addr, and dest addr from argv (command line)
474 and stick in structure pointed to by key_messageptr.
475 ----------------------------------------------------------------------*/
476 int
478 {
489 /* Should we zero check? */
502 /*
503 * We need to put a dummy from address since the kernel expects
504 * this to be in the message.
505 */
506 #ifdef INET6
515 }
517 /*----------------------------------------------------------------------
518 parse7: parse keytype, spi, src addr, dest addr, alg type, key, and iv
519 from argv (command line)
520 and stick in structure pointed to by key_messageptr.
521 ----------------------------------------------------------------------*/
522 int
524 {
535 /* Should we zero check? */
548 /*
549 * We need to put a dummy from address since the kernel expects
550 * this to be in the message.
551 */
552 #ifdef INET6
579 }
582 }
584 /*----------------------------------------------------------------------
585 parsecmdline:
587 ----------------------------------------------------------------------*/
588 int
590 {
602 }
609 i++;
610 };
615 }
618 /*----------------------------------------------------------------------
619 load: load keys from file filename into Key Engine.
621 ----------------------------------------------------------------------*/
622 int
624 {
641 line++;
656 }
658 }
659 }
663 }
664 };
667 }
669 /*----------------------------------------------------------------------
670 parsedata:
672 ----------------------------------------------------------------------*/
673 int
675 {
686 #define NEXTDATA(x, n) \
687 { x += ROUNDUP(n); if (cp >= cpmax) { \
690 /* Grab src addr */
697 /* Grab dest addr */
704 /* Grab from addr */
711 /* Grab key */
715 }
717 /* Grab iv */
725 }
728 /*----------------------------------------------------------------------
729 printkeyiv:
731 ----------------------------------------------------------------------*/
732 void
734 {
738 }
740 /*----------------------------------------------------------------------
741 printsockaddr:
743 ----------------------------------------------------------------------*/
744 void
746 {
751 #ifdef INET6
759 #ifdef INET6
760 }
765 else
767 }
769 /*----------------------------------------------------------------------
770 parsenumtoname:
772 ----------------------------------------------------------------------*/
775 {
780 }
782 }
784 /*----------------------------------------------------------------------
785 parsenumtoflag:
787 ----------------------------------------------------------------------*/
788 int
790 {
795 }
797 }
800 /*----------------------------------------------------------------------
801 printkeymsg:
803 ----------------------------------------------------------------------*/
804 void
806 {
830 }
848 /* printf("from:\t");
849 printsockaddr(stdout, (struct sockaddr *)kdp->from); */
851 }
853 /*----------------------------------------------------------------------
854 docmd:
856 ----------------------------------------------------------------------*/
857 int
859 {
891 #ifndef NOSANITYCHK
892 /*
893 * For now, we do sanity check of security association
894 * information here until we find a better place.
895 */
896 {
903 }
907 #ifdef IPSEC_ALGTYPE_ESP_3DES
909 #endif
910 )) {
914 }
918 }
919 }
925 }
926 }
927 #endif
934 else
937 }
952 }
953 }
973 {
980 readmesg:
984 }
991 }
997 }
1002 }
1005 }
1015 }
1032 }
1040 }
1063 }
1072 }
1074 {
1077 readmesg2:
1081 }
1087 /*
1088 * Kernel is done sending secassoc if key_seq == 0
1089 */
1094 }
1099 }
1124 }
1126 }
1128 }
1130 /*----------------------------------------------------------------------
1131 main:
1133 ----------------------------------------------------------------------*/
1134 int
1136 {
1138 u_long rcvsize;
1146 }
1152 }
1158 }
1161 /*
1162 * Attempt to do a single command, based on command line arguments.
1163 */
1177 }
1178 }
1180 }
1182 }
1184 {
1194 /*
1195 * get command line, and parse into an argc/argv form.
1196 */
1202 /*
1203 * given argc/argv, process argument as if it came from the command
1204 * line.
1205 */
1218 }
1222 else
1225 };
1226 };
1227 };
1228 };
1229 }
1231 /* EOF */