-/* $OpenBSD: ca.c,v 1.95 2023/06/28 14:10:24 tobhe Exp $ */
+/* $OpenBSD: ca.c,v 1.96 2023/08/04 19:06:25 claudio Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
ca_certbundle_add(struct ibuf *buf, struct iked_id *id)
{
uint8_t type = id->id_type;
- size_t len = ibuf_length(id->id_buf);
+ size_t len = ibuf_size(id->id_buf);
void *val = ibuf_data(id->id_buf);
if (id == NULL ||
/* Must send the cert and a valid Id to the ca process */
if (procid == PROC_CERT) {
if (id == NULL || id->id_type == IKEV2_ID_NONE ||
- ibuf_length(id->id_buf) > IKED_ID_SIZE)
+ ibuf_size(id->id_buf) > IKED_ID_SIZE)
return (-1);
bzero(&idb, sizeof(idb));
/* Convert to a static Id */
idb.id_type = id->id_type;
idb.id_offset = id->id_offset;
- idb.id_length = ibuf_length(id->id_buf);
+ idb.id_length = ibuf_size(id->id_buf);
memcpy(&idb.id_data, ibuf_data(id->id_buf),
- ibuf_length(id->id_buf));
+ ibuf_size(id->id_buf));
iov[iovcnt].iov_base = &idb;
iov[iovcnt].iov_len = sizeof(idb);
if (ikev2_policy2id(localid, &id, 1) != 0)
return (-1);
- if (ibuf_length(id.id_buf) > IKED_ID_SIZE)
+ if (ibuf_size(id.id_buf) > IKED_ID_SIZE)
return (-1);
bzero(&idb, sizeof(idb));
idb.id_type = id.id_type;
idb.id_offset = id.id_offset;
- idb.id_length = ibuf_length(id.id_buf);
- memcpy(&idb.id_data, ibuf_data(id.id_buf), ibuf_length(id.id_buf));
+ idb.id_length = ibuf_size(id.id_buf);
+ memcpy(&idb.id_data, ibuf_data(id.id_buf), ibuf_size(id.id_buf));
iov[iovcnt].iov_base = &idb;
iov[iovcnt].iov_len = sizeof(idb);
iovcnt++;
ret = ca_pubkey_serialize(certkey, &key);
if (ret == 0) {
ptr = ibuf_data(key.id_buf);
- len = ibuf_length(key.id_buf);
+ len = ibuf_size(key.id_buf);
type = key.id_type;
break;
}
ret = ca_validate_pubkey(env, &id, NULL, 0, &key);
if (ret == 0) {
ptr = ibuf_data(key.id_buf);
- len = ibuf_length(key.id_buf);
+ len = ibuf_size(key.id_buf);
type = key.id_type;
}
break;
}
}
- if (ibuf_length(env->sc_certreq)) {
+ if (ibuf_size(env->sc_certreq)) {
env->sc_certreqtype = IKEV2_CERT_X509_CERT;
iov[0].iov_base = &env->sc_certreqtype;
iov[0].iov_len = sizeof(env->sc_certreqtype);
iovcnt++;
iov[1].iov_base = ibuf_data(env->sc_certreq);
- iov[1].iov_len = ibuf_length(env->sc_certreq);
+ iov[1].iov_len = ibuf_size(env->sc_certreq);
iovcnt++;
log_debug("%s: loaded %zu ca certificate%s", __func__,
- ibuf_length(env->sc_certreq) / SHA_DIGEST_LENGTH,
- ibuf_length(env->sc_certreq) == SHA_DIGEST_LENGTH ?
+ ibuf_size(env->sc_certreq) / SHA_DIGEST_LENGTH,
+ ibuf_size(env->sc_certreq) == SHA_DIGEST_LENGTH ?
"" : "s");
(void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ,
int ret = 0;
if ((localpub = ca_bytes_to_pkey(ibuf_data(store->ca_pubkey.id_buf),
- ibuf_length(store->ca_pubkey.id_buf))) == NULL)
+ ibuf_size(store->ca_pubkey.id_buf))) == NULL)
goto done;
if ((certkey = X509_get0_pubkey(cert)) == NULL) {
break;
case IKEV2_CERT_ECDSA:
if ((rawcert = BIO_new_mem_buf(ibuf_data(privkey->id_buf),
- ibuf_length(privkey->id_buf))) == NULL)
+ ibuf_size(privkey->id_buf))) == NULL)
goto out;
if ((ec = d2i_ECPrivateKey_bio(rawcert, NULL)) == NULL)
goto out;
-/* $OpenBSD: config.c,v 1.92 2023/05/23 13:12:19 claudio Exp $ */
+/* $OpenBSD: config.c,v 1.93 2023/08/04 19:06:25 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
iov[0].iov_base = &privkey;
iov[0].iov_len = sizeof(privkey);
iov[1].iov_base = ibuf_data(privkey.id_buf);
- iov[1].iov_len = ibuf_length(privkey.id_buf);
+ iov[1].iov_len = ibuf_size(privkey.id_buf);
if (proc_composev(&env->sc_ps, PROC_CERT, IMSG_PRIVKEY, iov, 2) == -1) {
log_warnx("%s: failed to send private key", __func__);
iov[0].iov_base = &pubkey;
iov[0].iov_len = sizeof(pubkey);
iov[1].iov_base = ibuf_data(pubkey.id_buf);
- iov[1].iov_len = ibuf_length(pubkey.id_buf);
+ iov[1].iov_len = ibuf_size(pubkey.id_buf);
if (proc_composev(&env->sc_ps, PROC_CERT, IMSG_PUBKEY, iov, 2) == -1) {
log_warnx("%s: failed to send public key", __func__);
-/* $OpenBSD: crypto.c,v 1.45 2023/07/28 07:31:38 claudio Exp $ */
+/* $OpenBSD: crypto.c,v 1.46 2023/08/04 19:06:25 claudio Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
hash_init(struct iked_hash *hash)
{
HMAC_Init_ex(hash->hash_ctx, ibuf_data(hash->hash_key),
- ibuf_length(hash->hash_key), hash->hash_priv, NULL);
+ ibuf_size(hash->hash_key), hash->hash_priv, NULL);
}
void
if (dsa->dsa_hmac) {
if (!HMAC_Init_ex(dsa->dsa_ctx, ibuf_data(dsa->dsa_keydata),
- ibuf_length(dsa->dsa_keydata), dsa->dsa_priv, NULL))
+ ibuf_size(dsa->dsa_keydata), dsa->dsa_priv, NULL))
return (-1);
return (0);
}
-/* $OpenBSD: ikev2.c,v 1.376 2023/07/28 11:23:03 claudio Exp $ */
+/* $OpenBSD: ikev2.c,v 1.377 2023/08/04 19:06:25 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
msg->msg_msgid,
print_addr(&msg->msg_peer),
print_addr(&msg->msg_local),
- ibuf_length(msg->msg_data),
+ ibuf_size(msg->msg_data),
msg->msg_policy->pol_name);
log_debug("%s: ispi %s rspi %s", __func__,
print_spi(betoh64(hdr->ike_ispi), 8),
if (sa->sa_state == IKEV2_STATE_CLOSED && sa->sa_1stmsg &&
hdr->ike_exchange == IKEV2_EXCHANGE_IKE_SA_INIT &&
msg->msg_msgid == 0 &&
- (ibuf_length(msg->msg_data) != ibuf_length(sa->sa_1stmsg) ||
+ (ibuf_size(msg->msg_data) != ibuf_size(sa->sa_1stmsg) ||
memcmp(ibuf_data(msg->msg_data), ibuf_data(sa->sa_1stmsg),
- ibuf_length(sa->sa_1stmsg)) != 0)) {
+ ibuf_size(sa->sa_1stmsg)) != 0)) {
ikev2_ike_sa_setreason(sa, NULL);
sa_free(env, sa);
msg->msg_sa = sa = NULL;
ret = ikev2_msg_authverify(env, sa, &ikeauth,
ibuf_data(sa->sa_peerauth.id_buf),
- ibuf_length(sa->sa_peerauth.id_buf),
+ ibuf_size(sa->sa_peerauth.id_buf),
authmsg);
ibuf_free(authmsg);
if (ret != 0) {
if (msg->msg_cert.id_type) {
certtype = msg->msg_cert.id_type;
cert = ibuf_data(msg->msg_cert.id_buf);
- certlen = ibuf_length(msg->msg_cert.id_buf);
+ certlen = ibuf_size(msg->msg_cert.id_buf);
}
sa->sa_stateflags &= ~IKED_REQ_CERTVALID;
if (ca_setcert(env, &sa->sa_hdr, id, certtype, cert, certlen, PROC_CERT) == -1)
ke->kex_dhgroup = htobe16(group->id);
if (ikev2_add_buf(buf, sa->sa_dhiexchange) == -1)
goto done;
- len = sizeof(*ke) + ibuf_length(sa->sa_dhiexchange);
+ len = sizeof(*ke) + ibuf_size(sa->sa_dhiexchange);
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1)
goto done;
if (ibuf_add_buf(e, id) == -1)
return (-1);
- return (ibuf_length(id));
+ return (ibuf_size(id));
}
ssize_t
ca_setreq(env, sa, &sa->sa_policy->pol_localid,
cr->cr_type, more, ibuf_data(cr->cr_data),
- ibuf_length(cr->cr_data),
+ ibuf_size(cr->cr_data),
PROC_CERT);
ibuf_free(cr->cr_data);
ke->kex_dhgroup = htobe16(group->id);
if (ikev2_add_buf(e, sa->sa_dhiexchange) == -1)
goto done;
- len = sizeof(*ke) + ibuf_length(sa->sa_dhiexchange);
+ len = sizeof(*ke) + ibuf_size(sa->sa_dhiexchange);
}
if ((len = ikev2_add_ts(e, &pld, len, sa, !initiator)) == -1)
ke->kex_dhgroup = htobe16(group->id);
if (ikev2_add_buf(e, nsa->sa_dhiexchange) == -1)
goto done;
- len = sizeof(*ke) + ibuf_length(nsa->sa_dhiexchange);
+ len = sizeof(*ke) + ibuf_size(nsa->sa_dhiexchange);
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1)
goto done;
size_t alen, blen, len;
int ret;
- alen = ibuf_length(a);
- blen = ibuf_length(b);
+ alen = ibuf_size(a);
+ blen = ibuf_size(b);
len = MINIMUM(alen, blen);
ret = memcmp(ibuf_data(a), ibuf_data(b), len);
if (ret == 0)
ke->kex_dhgroup = htobe16(kex->kex_dhgroup->id);
if (ikev2_add_buf(e, kex->kex_dhrexchange) == -1)
goto done;
- len = sizeof(*ke) + ibuf_length(kex->kex_dhrexchange);
+ len = sizeof(*ke) + ibuf_size(kex->kex_dhrexchange);
}
if (protoid != IKEV2_SAPROTO_IKE)
return (-1);
}
- if (!ibuf_length(sa->sa_rnonce) &&
+ if (sa->sa_rnonce == NULL &&
(sa->sa_rnonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) {
log_debug("%s: failed to get local nonce", __func__);
return (-1);
}
log_debug("%s: DHSECRET with %zu bytes", SPI_SA(sa, __func__),
- ibuf_length(dhsecret));
+ ibuf_size(dhsecret));
print_hexbuf(dhsecret);
if (!key) {
}
}
- if ((hash_setkey(prf, ibuf_data(key), ibuf_length(key))) == NULL) {
+ if ((hash_setkey(prf, ibuf_data(key), ibuf_size(key))) == NULL) {
log_info("%s: failed to set prf key", SPI_SA(sa, __func__));
goto done;
}
tmplen = 0;
hash_init(prf);
- hash_update(prf, ibuf_data(dhsecret), ibuf_length(dhsecret));
+ hash_update(prf, ibuf_data(dhsecret), ibuf_size(dhsecret));
hash_final(prf, ibuf_data(skeyseed), &tmplen);
log_debug("%s: SKEYSEED with %zu bytes", __func__, tmplen);
goto done;
}
- log_debug("%s: S with %zu bytes", SPI_SA(sa, __func__), ibuf_length(s));
+ log_debug("%s: S with %zu bytes", SPI_SA(sa, __func__), ibuf_size(s));
print_hexbuf(s);
/*
goto done;
}
- log_debug("%s: SK_d with %zu bytes", __func__,
- ibuf_length(sa->sa_key_d));
+ log_debug("%s: SK_d with %zu bytes", __func__, ibuf_size(sa->sa_key_d));
print_hexbuf(sa->sa_key_d);
if (!isaead) {
log_debug("%s: SK_ai with %zu bytes", __func__,
- ibuf_length(sa->sa_key_iauth));
+ ibuf_size(sa->sa_key_iauth));
print_hexbuf(sa->sa_key_iauth);
log_debug("%s: SK_ar with %zu bytes", __func__,
- ibuf_length(sa->sa_key_rauth));
+ ibuf_size(sa->sa_key_rauth));
print_hexbuf(sa->sa_key_rauth);
}
log_debug("%s: SK_ei with %zu bytes", __func__,
- ibuf_length(sa->sa_key_iencr));
+ ibuf_size(sa->sa_key_iencr));
print_hexbuf(sa->sa_key_iencr);
log_debug("%s: SK_er with %zu bytes", __func__,
- ibuf_length(sa->sa_key_rencr));
+ ibuf_size(sa->sa_key_rencr));
print_hexbuf(sa->sa_key_rencr);
log_debug("%s: SK_pi with %zu bytes", __func__,
- ibuf_length(sa->sa_key_iprf));
+ ibuf_size(sa->sa_key_iprf));
print_hexbuf(sa->sa_key_iprf);
log_debug("%s: SK_pr with %zu bytes", __func__,
- ibuf_length(sa->sa_key_rprf));
+ ibuf_size(sa->sa_key_rprf));
print_hexbuf(sa->sa_key_rprf);
ret = 0;
for (i = 0; i < rlen; i++) {
if (t1 != NULL) {
- t2 = ibuf_new(ibuf_data(t1), ibuf_length(t1));
+ t2 = ibuf_new(ibuf_data(t1), ibuf_size(t1));
ibuf_free(t1);
} else
t2 = ibuf_new(NULL, 0);
ibuf_add(t2, &pad, 1);
hash_init(prf);
- hash_update(prf, ibuf_data(t2), ibuf_length(t2));
+ hash_update(prf, ibuf_data(t2), ibuf_size(t2));
hash_final(prf, ibuf_data(t1), &hashlen);
if (hashlen != hash_length(prf))
ibuf_add_buf(t, t1);
log_debug("%s: T%d with %zu bytes", __func__,
- pad, ibuf_length(t1));
+ pad, ibuf_size(t1));
print_hexbuf(t1);
}
- log_debug("%s: Tn with %zu bytes", __func__, ibuf_length(t));
+ log_debug("%s: Tn with %zu bytes", __func__, ibuf_size(t));
print_hexbuf(t);
ibuf_free(t1);
if (pfs) {
log_debug("%s: using PFS", __func__);
if (kex->kex_dhpeer == NULL ||
- ibuf_length(kex->kex_dhpeer) == 0 ||
+ ibuf_size(kex->kex_dhpeer) == 0 ||
(group = kex->kex_dhgroup) == NULL) {
log_debug("%s: no dh group for pfs", __func__);
goto done;
certid->id_buf == NULL)
return;
if ((rawcert = BIO_new_mem_buf(ibuf_data(certid->id_buf),
- ibuf_length(certid->id_buf))) == NULL ||
+ ibuf_size(certid->id_buf))) == NULL ||
(cert = d2i_X509_bio(rawcert, NULL)) == NULL)
goto out;
ca_cert_info(msg, cert);
-/* $OpenBSD: ikev2_msg.c,v 1.99 2023/07/28 11:23:03 claudio Exp $ */
+/* $OpenBSD: ikev2_msg.c,v 1.100 2023/08/04 19:06:25 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
betoh32(hdr->ike_msgid),
print_addr(&msg->msg_peer),
print_addr(&msg->msg_local),
- ibuf_length(buf), isnatt ? ", NAT-T" : "");
+ ibuf_size(buf), isnatt ? ", NAT-T" : "");
if (isnatt) {
struct ibuf *new;
log_debug("%s: padded length %zu", __func__, ibuf_size(src));
print_hexbuf(src);
- cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_length(encr));
+ cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_size(encr));
cipher_setiv(sa->sa_encr, NULL, 0); /* XXX ivlen */
if (cipher_init_encrypt(sa->sa_encr) == -1) {
log_info("%s: error initiating cipher.", __func__);
/* Add AAD for AEAD ciphers */
if (sa->sa_integr->hash_isaead)
- cipher_aad(sa->sa_encr, ibuf_data(aad),
- ibuf_length(aad), &outlen);
+ cipher_aad(sa->sa_encr, ibuf_data(aad), ibuf_size(aad),
+ &outlen);
if (cipher_update(sa->sa_encr, ibuf_data(src), encrlen,
ibuf_data(out), &outlen) == -1) {
goto done;
hash_setkey(sa->sa_integr, ibuf_data(integr),
- ibuf_length(integr));
+ ibuf_size(integr));
hash_init(sa->sa_integr);
hash_update(sa->sa_integr, ibuf_data(msg),
ibuf_size(msg) - integrlen);
goto done;
}
- cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_length(encr));
+ cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_size(encr));
cipher_setiv(sa->sa_encr, ibuf_seek(src, ivoff, ivlen), ivlen);
if (cipher_init_decrypt(sa->sa_encr) == -1) {
log_info("%s: error initiating cipher.", __func__);
* Add additional authenticated data for AEAD ciphers
*/
if (sa->sa_integr->hash_isaead) {
- log_debug("%s: AAD length %zu", __func__, ibuf_length(msg) - ibuf_length(src));
- print_hex(ibuf_data(msg), 0, ibuf_length(msg) - ibuf_length(src));
+ log_debug("%s: AAD length %zu", __func__,
+ ibuf_size(msg) - ibuf_size(src));
+ print_hex(ibuf_data(msg), 0, ibuf_size(msg) - ibuf_size(src));
cipher_aad(sa->sa_encr, ibuf_data(msg),
- ibuf_length(msg) - ibuf_length(src), &outlen);
+ ibuf_size(msg) - ibuf_size(src), &outlen);
}
- if ((outlen = ibuf_length(out)) != 0) {
+ if ((outlen = ibuf_size(out)) != 0) {
if (cipher_update(sa->sa_encr, ibuf_seek(src, encroff, encrlen),
encrlen, ibuf_data(out), &outlen) == -1) {
log_info("%s: error updating cipher.", __func__);
-/* $OpenBSD: ikev2_pld.c,v 1.131 2023/06/28 14:10:24 tobhe Exp $ */
+/* $OpenBSD: ikev2_pld.c,v 1.132 2023/08/04 19:06:25 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
print_hex(buf, 0, len);
if (ikev2_msg_frompeer(msg)) {
- if (ibuf_length(msg->msg_parent->msg_ke)) {
+ if (msg->msg_parent->msg_ke != NULL) {
log_info("%s: duplicate KE payload", __func__);
return (-1);
}
print_hex(buf, 0, len);
if (ikev2_msg_frompeer(msg)) {
- if (ibuf_length(msg->msg_parent->msg_nonce)) {
+ if (msg->msg_parent->msg_nonce != NULL) {
log_info("%s: duplicate NONCE payload", __func__);
return (-1);
}
__func__, frag_num, frag_total);
goto done;
}
- elen = ibuf_length(e);
+ elen = ibuf_size(e);
/* Check new fragmented message */
if (sa_frag->frag_arr == NULL) {
projects / openbsd / commitdiff