xref: /freebsd/sbin/setkey/test-pfkey.c (revision 911f0260390e18cf85f3dbf2c719b593efdc1e3c)
1 /*	$FreeBSD$	*/
2 /*	$KAME: test-pfkey.c,v 1.4 2000/06/07 00:29:14 itojun Exp $	*/
3 
4 /*-
5  * SPDX-License-Identifier: BSD-3-Clause
6  *
7  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the project nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <net/route.h>
39 #include <net/pfkeyv2.h>
40 #include <netinet/in.h>
41 #include <netipsec/keydb.h>
42 #include <netipsec/key_var.h>
43 #include <netipsec/key_debug.h>
44 
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <limits.h>
48 #include <string.h>
49 #include <ctype.h>
50 #include <unistd.h>
51 #include <errno.h>
52 #include <netdb.h>
53 
54 u_char m_buf[BUFSIZ];
55 u_int m_len;
56 char *pname;
57 
58 void Usage(void);
59 int sendkeymsg(void);
60 void key_setsadbmsg(u_int);
61 void key_setsadbsens(void);
62 void key_setsadbprop(void);
63 void key_setsadbid(u_int, caddr_t);
64 void key_setsadblft(u_int, u_int);
65 void key_setspirange(void);
66 void key_setsadbkey(u_int, caddr_t);
67 void key_setsadbsa(void);
68 void key_setsadbaddr(u_int, u_int, caddr_t);
69 void key_setsadbextbuf(caddr_t, int, caddr_t, int, caddr_t, int);
70 
71 void
72 Usage()
73 {
74 	printf("Usage:\t%s number\n", pname);
75 	exit(0);
76 }
77 
78 int
79 main(ac, av)
80 	int ac;
81 	char **av;
82 {
83 	pname = *av;
84 
85 	if (ac == 1) Usage();
86 
87 	key_setsadbmsg(atoi(*(av+1)));
88 	sendkeymsg();
89 
90 	exit(0);
91 }
92 
93 /* %%% */
94 int
95 sendkeymsg()
96 {
97 	u_char rbuf[1024 * 32];	/* XXX: Enough ? Should I do MSG_PEEK ? */
98 	int so, len;
99 
100 	if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
101 		perror("socket(PF_KEY)");
102 		goto end;
103 	}
104 #if 0
105     {
106 #include <sys/time.h>
107 	struct timeval tv;
108 	tv.tv_sec = 1;
109 	tv.tv_usec = 0;
110 	if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) {
111 		perror("setsockopt");
112 		goto end;
113 	}
114     }
115 #endif
116 
117 	pfkey_sadump((struct sadb_msg *)m_buf);
118 
119 	if ((len = send(so, m_buf, m_len, 0)) < 0) {
120 		perror("send");
121 		goto end;
122 	}
123 
124 	if ((len = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
125 		perror("recv");
126 		goto end;
127 	}
128 
129 	pfkey_sadump((struct sadb_msg *)rbuf);
130 
131 end:
132 	(void)close(so);
133 	return(0);
134 }
135 
136 void
137 key_setsadbmsg(type)
138 	u_int type;
139 {
140 	struct sadb_msg m_msg;
141 
142 	memset(&m_msg, 0, sizeof(m_msg));
143 	m_msg.sadb_msg_version = PF_KEY_V2;
144 	m_msg.sadb_msg_type = type;
145 	m_msg.sadb_msg_errno = 0;
146 	m_msg.sadb_msg_satype = SADB_SATYPE_ESP;
147 #if 0
148 	m_msg.sadb_msg_reserved = 0;
149 #endif
150 	m_msg.sadb_msg_seq = 0;
151 	m_msg.sadb_msg_pid = getpid();
152 
153 	m_len = sizeof(struct sadb_msg);
154 	memcpy(m_buf, &m_msg, m_len);
155 
156 	switch (type) {
157 	case SADB_GETSPI:
158 		/*<base, address(SD), SPI range>*/
159 		key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "10.0.3.4");
160 		key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "127.0.0.1");
161 		key_setspirange();
162 		/*<base, SA(*), address(SD)>*/
163 		break;
164 
165 	case SADB_ADD:
166 		/* <base, SA, (lifetime(HSC),) address(SD), (address(P),)
167 		   key(AE), (identity(SD),) (sensitivity)> */
168 		key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
169 	case SADB_UPDATE:
170 		key_setsadbsa();
171 		key_setsadblft(SADB_EXT_LIFETIME_HARD, 10);
172 		key_setsadblft(SADB_EXT_LIFETIME_SOFT, 5);
173 		key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
174 		key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
175 		/* XXX key_setsadbkey(SADB_EXT_KEY_AUTH, "abcde"); */
176 		key_setsadbkey(SADB_EXT_KEY_AUTH, "1234567812345678");
177 		key_setsadbkey(SADB_EXT_KEY_ENCRYPT, "12345678");
178 		key_setsadbid(SADB_EXT_IDENTITY_SRC, "hoge1234@hoge.com");
179 		key_setsadbid(SADB_EXT_IDENTITY_DST, "hage5678@hage.net");
180 		key_setsadbsens();
181 		/* <base, SA, (lifetime(HSC),) address(SD), (address(P),)
182 		  (identity(SD),) (sensitivity)> */
183 		break;
184 
185 	case SADB_DELETE:
186 		/* <base, SA(*), address(SDP)> */
187 		key_setsadbsa();
188 		key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
189 		key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
190 		key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
191 		/* <base, SA(*), address(SDP)> */
192 		break;
193 
194 	case SADB_GET:
195 		/* <base, SA(*), address(SDP)> */
196 		key_setsadbsa();
197 		key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
198 		key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
199 		key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
200 		/* <base, SA, (lifetime(HSC),) address(SD), (address(P),)
201 		   key(AE), (identity(SD),) (sensitivity)> */
202 		break;
203 
204 	case SADB_ACQUIRE:
205 		/* <base, address(SD), (address(P),) (identity(SD),)
206 		   (sensitivity,) proposal> */
207 		key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
208 		key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
209 		key_setsadbaddr(SADB_EXT_ADDRESS_PROXY, AF_INET6, "3ffe::1");
210 		key_setsadbid(SADB_EXT_IDENTITY_SRC, "hoge1234@hoge.com");
211 		key_setsadbid(SADB_EXT_IDENTITY_DST, "hage5678@hage.net");
212 		key_setsadbsens();
213 		key_setsadbprop();
214 		/* <base, address(SD), (address(P),) (identity(SD),)
215 		   (sensitivity,) proposal> */
216 		break;
217 
218 	case SADB_REGISTER:
219 		/* <base> */
220 		/* <base, supported> */
221 		break;
222 
223 	case SADB_EXPIRE:
224 	case SADB_FLUSH:
225 		break;
226 
227 	case SADB_DUMP:
228 		break;
229 
230 	case SADB_X_PROMISC:
231 		/* <base> */
232 		/* <base, base(, others)> */
233 		break;
234 
235 	case SADB_X_PCHANGE:
236 		break;
237 
238 	/* for SPD management */
239 	case SADB_X_SPDFLUSH:
240 	case SADB_X_SPDDUMP:
241 		break;
242 
243 	case SADB_X_SPDADD:
244 #if 0
245 	    {
246 		struct sadb_x_policy m_policy;
247 
248 		m_policy.sadb_x_policy_len = PFKEY_UNIT64(sizeof(m_policy));
249 		m_policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
250 		m_policy.sadb_x_policy_type = SADB_X_PL_IPSEC;
251 		m_policy.sadb_x_policy_esp_trans = 1;
252 		m_policy.sadb_x_policy_ah_trans = 2;
253 		m_policy.sadb_x_policy_esp_network = 3;
254 		m_policy.sadb_x_policy_ah_network = 4;
255 		m_policy.sadb_x_policy_reserved = 0;
256 
257 		memcpy(m_buf + m_len, &m_policy, sizeof(struct sadb_x_policy));
258 		m_len += sizeof(struct sadb_x_policy);
259 	    }
260 #endif
261 
262 	case SADB_X_SPDDELETE:
263 		key_setsadbaddr(SADB_EXT_ADDRESS_SRC, AF_INET, "192.168.1.1");
264 		key_setsadbaddr(SADB_EXT_ADDRESS_DST, AF_INET, "10.0.3.4");
265 		break;
266 	}
267 
268 	((struct sadb_msg *)m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len);
269 
270 	return;
271 }
272 
273 void
274 key_setsadbsens()
275 {
276 	struct sadb_sens m_sens;
277 	u_char buf[64];
278 	u_int s, i, slen, ilen, len;
279 
280 	/* make sens & integ */
281 	s = htonl(0x01234567);
282 	i = htonl(0x89abcdef);
283 	slen = sizeof(s);
284 	ilen = sizeof(i);
285 	memcpy(buf, &s, slen);
286 	memcpy(buf + slen, &i, ilen);
287 
288 	len = sizeof(m_sens) + PFKEY_ALIGN8(slen) + PFKEY_ALIGN8(ilen);
289 	m_sens.sadb_sens_len = PFKEY_UNIT64(len);
290 	m_sens.sadb_sens_exttype = SADB_EXT_SENSITIVITY;
291 	m_sens.sadb_sens_dpd = 1;
292 	m_sens.sadb_sens_sens_level = 2;
293 	m_sens.sadb_sens_sens_len = PFKEY_ALIGN8(slen);
294 	m_sens.sadb_sens_integ_level = 3;
295 	m_sens.sadb_sens_integ_len = PFKEY_ALIGN8(ilen);
296 	m_sens.sadb_sens_reserved = 0;
297 
298 	key_setsadbextbuf(m_buf, m_len,
299 			(caddr_t)&m_sens, sizeof(struct sadb_sens),
300 			buf, slen + ilen);
301 	m_len += len;
302 
303 	return;
304 }
305 
306 void
307 key_setsadbprop()
308 {
309 	struct sadb_prop m_prop;
310 	struct sadb_comb *m_comb;
311 	u_char buf[256];
312 	u_int len = sizeof(m_prop) + sizeof(m_comb) * 2;
313 
314 	/* make prop & comb */
315 	m_prop.sadb_prop_len = PFKEY_UNIT64(len);
316 	m_prop.sadb_prop_exttype = SADB_EXT_PROPOSAL;
317 	m_prop.sadb_prop_replay = 0;
318 	m_prop.sadb_prop_reserved[0] = 0;
319 	m_prop.sadb_prop_reserved[1] = 0;
320 	m_prop.sadb_prop_reserved[2] = 0;
321 
322 	/* the 1st is ESP AES-GCM-16 */
323 	m_comb = (struct sadb_comb *)buf;
324 	m_comb->sadb_comb_auth = SADB_AALG_NONE;
325 	m_comb->sadb_comb_encrypt = SADB_X_EALG_AESGCM16;
326 	m_comb->sadb_comb_flags = 0;
327 	m_comb->sadb_comb_auth_minbits = 0;
328 	m_comb->sadb_comb_auth_maxbits = 0;
329 	m_comb->sadb_comb_encrypt_minbits = 128;
330 	m_comb->sadb_comb_encrypt_maxbits = 256;
331 	m_comb->sadb_comb_reserved = 0;
332 	m_comb->sadb_comb_soft_allocations = 0;
333 	m_comb->sadb_comb_hard_allocations = 0;
334 	m_comb->sadb_comb_soft_bytes = 0;
335 	m_comb->sadb_comb_hard_bytes = 0;
336 	m_comb->sadb_comb_soft_addtime = 0;
337 	m_comb->sadb_comb_hard_addtime = 0;
338 	m_comb->sadb_comb_soft_usetime = 0;
339 	m_comb->sadb_comb_hard_usetime = 0;
340 
341 	/* the 2nd is ESP AES-CBC and AH HMAC-SHA2-256 */
342 	m_comb = (struct sadb_comb *)(buf + sizeof(*m_comb));
343 	m_comb->sadb_comb_auth = SADB_X_AALG_SHA2_256;
344 	m_comb->sadb_comb_encrypt = SADB_X_EALG_RIJNDAELCBC;
345 	m_comb->sadb_comb_flags = 0;
346 	m_comb->sadb_comb_auth_minbits = 256;
347 	m_comb->sadb_comb_auth_maxbits = 256;
348 	m_comb->sadb_comb_encrypt_minbits = 128;
349 	m_comb->sadb_comb_encrypt_maxbits = 256;
350 	m_comb->sadb_comb_reserved = 0;
351 	m_comb->sadb_comb_soft_allocations = 0;
352 	m_comb->sadb_comb_hard_allocations = 0;
353 	m_comb->sadb_comb_soft_bytes = 0;
354 	m_comb->sadb_comb_hard_bytes = 0;
355 	m_comb->sadb_comb_soft_addtime = 0;
356 	m_comb->sadb_comb_hard_addtime = 0;
357 	m_comb->sadb_comb_soft_usetime = 0;
358 	m_comb->sadb_comb_hard_usetime = 0;
359 
360 	key_setsadbextbuf(m_buf, m_len,
361 			(caddr_t)&m_prop, sizeof(struct sadb_prop),
362 			buf, sizeof(*m_comb) * 2);
363 	m_len += len;
364 
365 	return;
366 }
367 
368 void
369 key_setsadbid(ext, str)
370 	u_int ext;
371 	caddr_t str;
372 {
373 	struct sadb_ident m_id;
374 	u_int idlen = strlen(str), len;
375 
376 	len = sizeof(m_id) + PFKEY_ALIGN8(idlen);
377 	m_id.sadb_ident_len = PFKEY_UNIT64(len);
378 	m_id.sadb_ident_exttype = ext;
379 	m_id.sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
380 	m_id.sadb_ident_reserved = 0;
381 	m_id.sadb_ident_id = getpid();
382 
383 	key_setsadbextbuf(m_buf, m_len,
384 			(caddr_t)&m_id, sizeof(struct sadb_ident),
385 			str, idlen);
386 	m_len += len;
387 
388 	return;
389 }
390 
391 void
392 key_setsadblft(ext, time)
393 	u_int ext, time;
394 {
395 	struct sadb_lifetime m_lft;
396 
397 	m_lft.sadb_lifetime_len = PFKEY_UNIT64(sizeof(m_lft));
398 	m_lft.sadb_lifetime_exttype = ext;
399 	m_lft.sadb_lifetime_allocations = 0x2;
400 	m_lft.sadb_lifetime_bytes = 0x1000;
401 	m_lft.sadb_lifetime_addtime = time;
402 	m_lft.sadb_lifetime_usetime = 0x0020;
403 
404 	memcpy(m_buf + m_len, &m_lft, sizeof(struct sadb_lifetime));
405 	m_len += sizeof(struct sadb_lifetime);
406 
407 	return;
408 }
409 
410 void
411 key_setspirange()
412 {
413 	struct sadb_spirange m_spi;
414 
415 	m_spi.sadb_spirange_len = PFKEY_UNIT64(sizeof(m_spi));
416 	m_spi.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
417 	m_spi.sadb_spirange_min = 0x00001000;
418 	m_spi.sadb_spirange_max = 0x00002000;
419 	m_spi.sadb_spirange_reserved = 0;
420 
421 	memcpy(m_buf + m_len, &m_spi, sizeof(struct sadb_spirange));
422 	m_len += sizeof(struct sadb_spirange);
423 
424 	return;
425 }
426 
427 void
428 key_setsadbkey(ext, str)
429 	u_int ext;
430 	caddr_t str;
431 {
432 	struct sadb_key m_key;
433 	u_int keylen = strlen(str);
434 	u_int len;
435 
436 	len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
437 	m_key.sadb_key_len = PFKEY_UNIT64(len);
438 	m_key.sadb_key_exttype = ext;
439 	m_key.sadb_key_bits = keylen * 8;
440 	m_key.sadb_key_reserved = 0;
441 
442 	key_setsadbextbuf(m_buf, m_len,
443 			(caddr_t)&m_key, sizeof(struct sadb_key),
444 			str, keylen);
445 	m_len += len;
446 
447 	return;
448 }
449 
450 void
451 key_setsadbsa()
452 {
453 	struct sadb_sa m_sa;
454 
455 	m_sa.sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
456 	m_sa.sadb_sa_exttype = SADB_EXT_SA;
457 	m_sa.sadb_sa_spi = htonl(0x12345678);
458 	m_sa.sadb_sa_replay = 4;
459 	m_sa.sadb_sa_state = 0;
460 	m_sa.sadb_sa_auth = SADB_AALG_NONE;
461 	m_sa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16;
462 	m_sa.sadb_sa_flags = 0;
463 
464 	memcpy(m_buf + m_len, &m_sa, sizeof(struct sadb_sa));
465 	m_len += sizeof(struct sadb_sa);
466 
467 	return;
468 }
469 
470 void
471 key_setsadbaddr(ext, af, str)
472 	u_int ext, af;
473 	caddr_t str;
474 {
475 	struct sadb_address m_addr;
476 	u_int len;
477 	struct addrinfo hints, *res;
478 	const char *serv;
479 	int plen;
480 
481 	switch (af) {
482 	case AF_INET:
483 		plen = sizeof(struct in_addr) << 3;
484 		break;
485 	case AF_INET6:
486 		plen = sizeof(struct in6_addr) << 3;
487 		break;
488 	default:
489 		/* XXX bark */
490 		exit(1);
491 	}
492 
493 	/* make sockaddr buffer */
494 	memset(&hints, 0, sizeof(hints));
495 	hints.ai_family = af;
496 	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
497 	hints.ai_flags = AI_NUMERICHOST;
498 	serv = (ext == SADB_EXT_ADDRESS_PROXY ? "0" : "4660");	/*0x1234*/
499 	if (getaddrinfo(str, serv, &hints, &res) != 0 || res->ai_next) {
500 		/* XXX bark */
501 		exit(1);
502 	}
503 
504 	len = sizeof(struct sadb_address) + PFKEY_ALIGN8(res->ai_addrlen);
505 	m_addr.sadb_address_len = PFKEY_UNIT64(len);
506 	m_addr.sadb_address_exttype = ext;
507 	m_addr.sadb_address_proto =
508 		(ext == SADB_EXT_ADDRESS_PROXY ? 0 : IPPROTO_TCP);
509 	m_addr.sadb_address_prefixlen = plen;
510 	m_addr.sadb_address_reserved = 0;
511 
512 	key_setsadbextbuf(m_buf, m_len,
513 			(caddr_t)&m_addr, sizeof(struct sadb_address),
514 			(caddr_t)res->ai_addr, res->ai_addrlen);
515 	m_len += len;
516 
517 	freeaddrinfo(res);
518 
519 	return;
520 }
521 
522 void
523 key_setsadbextbuf(dst, off, ebuf, elen, vbuf, vlen)
524 	caddr_t dst, ebuf, vbuf;
525 	int off, elen, vlen;
526 {
527 	memset(dst + off, 0, elen + vlen);
528 	memcpy(dst + off, (caddr_t)ebuf, elen);
529 	memcpy(dst + off + elen, vbuf, vlen);
530 
531 	return;
532 }
533 
534