PageRenderTime 59ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/openswan/testing/attacks/espiv/utils.c

https://bitbucket.org/thelearninglabs/uclinux-distro-tll-public
C | 302 lines | 236 code | 61 blank | 5 comment | 100 complexity | f1b272dd0f0d4652b9e9e40619cba15c MD5 | raw file
Possible License(s): LGPL-2.1, BSD-3-Clause, MPL-2.0-no-copyleft-exception, LGPL-3.0, Unlicense, GPL-2.0, GPL-3.0, CC-BY-SA-3.0, AGPL-1.0, ISC, MIT, 0BSD, LGPL-2.0
  1. #include "ipsec_hack.h"
  2. int read_hex_int(char *c) {
  3. unsigned int result = 0;
  4. while (*c != '\0') {
  5. if (*c >= '0' && *c <= '9')
  6. result = (result<<4)|(*c - '0');
  7. if (*c >= 'a' && *c <= 'f')
  8. result = (result<<4)|(*c - 'a' + 10);
  9. c++;
  10. }
  11. return result;
  12. }
  13. u8 read_nyble(FILE *fp, int *err) {
  14. u8 result;
  15. int temp;
  16. u8 flag = 0;
  17. while ((temp = fgetc(fp)) != EOF) {
  18. if ((temp == ' ' || temp == '\n') && flag == 0)
  19. continue;
  20. else if ((temp == ' ' || temp == '\n') && flag != 0)
  21. break;
  22. else
  23. flag++;
  24. if (temp >= '0' && temp <= '9')
  25. result = (result<<4)|(temp - '0');
  26. else if (temp >= 'a' && temp <= 'f')
  27. result = (result<<4)|(temp - 'a' + 10);
  28. else if (temp >= 'F' && temp <= 'F')
  29. result = (result<<4)|(temp - 'a' + 10);
  30. if (flag > 1)
  31. break;
  32. }
  33. if (temp == EOF)
  34. *err = EOF;
  35. return result;
  36. }
  37. u8 read_byte(u8 *c, u8 endmark) {
  38. u8 result = 0;
  39. while (*c != endmark && *c != '\0') {
  40. if (*c >= '0' && *c <= '9')
  41. result = (result<<4)|(*c - '0');
  42. if (*c >= 'a' && *c <= 'f')
  43. result = (result<<4)|(*c - 'a' + 10);
  44. c++;
  45. }
  46. return result;
  47. }
  48. void read_mac(u8 *c, u8 *mac) {
  49. /* This function assumes that mac is format xx:xx:xx:xx:xx:xx */
  50. int i;
  51. for (i = 0; i < 6; i++) {
  52. mac[i] = read_byte(c + (i * 3), ':');
  53. }
  54. }
  55. void read_block(u8 *c, u8 *block) {
  56. /* This function assumes that block is format xx:xx:xx:xx:xx:xx:xx:xx */
  57. int i;
  58. for (i = 0; i < 8; i++) {
  59. block[i] = read_byte(c + (i * 3), ':');
  60. }
  61. }
  62. u32 read_dotted_ipv4_address(u8 *str) {
  63. u32 result = 0;
  64. u8 temp = 0;
  65. while (*str != '\0') {
  66. if (*str >= '0' && *str <= '9') {
  67. temp *= 10;
  68. temp += *str - '0';
  69. } else if (*str == '.') {
  70. result = (result<<8)|temp;
  71. temp = 0;
  72. }
  73. str++;
  74. }
  75. result = (result<<8)|temp;
  76. return result;
  77. }
  78. u16 ipheader_checksum(u16 *buffer, u16 len) {
  79. u32 check=0;
  80. while(len-->0)
  81. check+=(u32)(*buffer++);
  82. while(check>>16)
  83. check=(check&0x0000ffff)+(check>>16);
  84. return((u16)(check==0?0:~check));
  85. }
  86. /*
  87. * Not limited to even length as in ipheader_checksum()..
  88. */
  89. u16 compute_checksum(u8 *b, u32 len)
  90. {
  91. u32 csum = 0;
  92. u32 overf;
  93. while (len > 1) {
  94. csum += (u32)*((u16 *)b)++;
  95. len -= 2;
  96. }
  97. if (len)
  98. csum += (u32)htons((u16)(*b << 8));
  99. while (overf = csum >> 16)
  100. csum = (csum & 0xFFFF) + overf;
  101. return (u16)~csum;
  102. }
  103. u16 compute_tcpudp_checksum(u32 sourceip,
  104. u32 destip,
  105. u8 protocol,
  106. u16 datalen,
  107. u8 *data)
  108. {
  109. u32 pseudohdr[3];
  110. u32 csum;
  111. pseudohdr[0] = htonl(sourceip);
  112. pseudohdr[1] = htonl(destip);
  113. ((u8 *)&pseudohdr[2])[0] = 0;
  114. ((u8 *)&pseudohdr[2])[1] = protocol;
  115. ((u16 *)&pseudohdr[2])[1] = htons(datalen);
  116. csum = (~compute_checksum((u8 *)pseudohdr, 12) & 0xFFFF) +
  117. (~compute_checksum(data, datalen) & 0xFFFF);
  118. if (csum & 0xFFFF0000)
  119. csum = (csum + 1) & 0xFFFF;
  120. return (u16)~csum;
  121. }
  122. void ipv4_print_address(u32 address)
  123. {
  124. printf("%ld.%ld.%ld.%ld",
  125. ((address & 0x000000ff) >> 0),
  126. ((address & 0x0000ff00) >> 8),
  127. ((address & 0x00ff0000) >> 16),
  128. ((address & 0xff000000) >> 24));
  129. }
  130. void parse_option(char *arg, option_data *opt) {
  131. if (strncmp("file=", arg, 5) == 0) {
  132. read_arguments_from_file((arg+5), opt);
  133. }
  134. if (strncmp("src=", arg, 4) == 0) {
  135. opt->src_address = read_dotted_ipv4_address(arg+4);
  136. }
  137. if (strncmp("dst=", arg, 4) == 0) {
  138. opt->dst_address = read_dotted_ipv4_address(arg+4);
  139. }
  140. if (strncmp("fake_src=", arg, 9) == 0) {
  141. opt->fake_src_address = read_dotted_ipv4_address(arg+9);
  142. }
  143. if (strncmp("gw=", arg, 3) == 0) {
  144. opt->gw = read_dotted_ipv4_address(arg+3);
  145. }
  146. if (strncmp("fake_dst=", arg, 9) == 0) {
  147. opt->fake_dst_address = read_dotted_ipv4_address(arg+9);
  148. }
  149. if (strncmp("spi=", arg, 4) == 0) {
  150. opt->spi = read_hex_int(arg+4);
  151. }
  152. if (strncmp("lif=", arg, 4) == 0) {
  153. strcpy(opt->listen_if, (arg+4));
  154. }
  155. if (strncmp("sif=", arg, 4) == 0) {
  156. strcpy(opt->send_if, (arg+4));
  157. }
  158. if (strncmp("guess=", arg, 6) == 0) {
  159. read_block((arg+6), opt->guess);
  160. }
  161. if (strncmp("block=", arg, 6) == 0) {
  162. read_block((arg+6), opt->block_to_crack);
  163. }
  164. if (strncmp("oiv=", arg, 4) == 0) {
  165. read_block((arg+4), opt->original_iv);
  166. }
  167. if (strncmp("dmac=", arg, 5) == 0) {
  168. read_mac((arg+5), opt->dmac);
  169. }
  170. if (strncmp("-h", arg, 2) == 0) {
  171. printf("Usage: ipsec_hack [options]\n");
  172. printf("Options:\n");
  173. printf("\tfile={filename}\t\t\t read options from file\n");
  174. printf("\tsrc={dotted IPv4 address}\t source address of the IPsec connection\n");
  175. printf("\tdst={dotted IPv4 address}\t destination address of the IPsec connection\n");
  176. printf("\tfake_src={dotted IPv4 address}\t source address of the attack packet\n");
  177. printf("\tfake_dst={dotted IPv4 address}\t destination address of the attack packet\n");
  178. printf("\tspi={hex int}\t\t\t SPI of the IPsec connection\n");
  179. printf("\tlif={interface name}\t\t name of the listening interface\n");
  180. printf("\tsif={interface name}\t\t name of the interface where the attack packets are sent\n");
  181. printf("\tguess={xx:xx:xx:xx:xx:xx:xx:xx}\t first guess of the plaintext block\n");
  182. printf("\tblock={xx:xx:xx:xx:xx:xx:xx:xx}\t block to crack\n");
  183. printf("\toiv={xx:xx:xx:xx:xx:xx:xx:xx}\t IV used to enrypt the block\n");
  184. printf("\tdmac={xx:xx:xx:xx:xx:xx}\t MAC address of the gateway\n");
  185. printf("\t\t\t\t\t used to send attack packets\n");
  186. printf("\t-v\t\t\t\t verbose mode\n");
  187. printf("\t-vv\t\t\t\t more verbose mode\n");
  188. printf("\t-s\t\t\t\t exit if SPI between src and dst not seen for n seconds\n");
  189. printf("\t-i{int}\t\t\t\t packet counter reporting interval (default is 1000)\n");
  190. printf("\t-w{int}\t\t\t\t seconds to wait before existing if SPI not seen\n");
  191. printf("\t-cd\t\t\t\t allow random reserved bit in IP header (default is NO)\n");
  192. exit(1);
  193. }
  194. if (strncmp("-v", arg, 2) == 0) {
  195. opt->verbose = 1;
  196. }
  197. if (strncmp("-vv", arg, 3) == 0) {
  198. opt->verbose = 2;
  199. }
  200. if (strncmp("-s", arg, 2) == 0) {
  201. opt->spi_change_detection = 1;
  202. }
  203. if (strncmp("-i", arg, 2) == 0) {
  204. opt->packet_print_intervall = atoi(arg+2);
  205. }
  206. if (strncmp("-w", arg, 2) == 0) {
  207. opt->spi_wait_time = atoi(arg+2);
  208. }
  209. if (strncmp("-ch", arg, 3) == 0) {
  210. opt->rsv_bit = 0;
  211. }
  212. }
  213. int read_arguments_from_file(char *fname, option_data *opt) {
  214. char line_buf[100];
  215. char *bp;
  216. char c;
  217. FILE *fp;
  218. fp = fopen(fname,"r");
  219. if (fp == NULL) {
  220. printf("Error opening file %s\n",fname);
  221. return -1;
  222. }
  223. bp = line_buf;
  224. while ((c = fgetc(fp)) != EOF) {
  225. if (c == '\n') {
  226. *bp = '\0';
  227. parse_option(line_buf, opt);
  228. bp = line_buf;
  229. continue;
  230. }
  231. *bp = c;
  232. bp++;
  233. }
  234. fclose(fp);
  235. return 1;
  236. }
  237. int read_arguments(int argc, char *argv[], option_data *opt) {
  238. for (; argc > 1; argc--) {
  239. parse_option(argv[argc-1], opt);
  240. }
  241. }