Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Dump ESP parameters
While we're still debugging, print these so we can analyse packets in
wireshark.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jan 26, 2015
1 parent 22021bc commit d70f11e
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 0 deletions.
51 changes: 51 additions & 0 deletions esp.c
Expand Up @@ -107,6 +107,54 @@ int verify_packet_seqno(struct openconnect_info *vpninfo,
}
}

int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct esp *esp)
{
int i;
const char *enctype, *mactype;
char enckey[256], mackey[256];
int enclen, maclen;

switch(vpninfo->esp_enc) {
case 0x02:
enctype = "AES-128-CBC (RFC3602)";
enclen = 16;
break;
case 0x05:
enctype = "AES-256-CBC (RFC3602)";
enclen = 32;
break;
default:
return -EINVAL;
}
switch(vpninfo->esp_hmac) {
case 0x01:
mactype = "HMAC-MD5-96 (RFC2403)";
maclen = 16;
break;
case 0x02:
mactype = "HMAC-SHA-1-96 (RFC2404)";
maclen = 20;
break;
default:
return -EINVAL;
}

for (i = 0; i < enclen; i++)
sprintf(enckey + (2 * i), "%02x", esp->secrets[i]);
for (i = 0; i < maclen; i++)
sprintf(mackey + (2 * i), "%02x", esp->secrets[enclen + i]);

vpn_progress(vpninfo, PRG_TRACE,
_("Parameters for %s ESP: SPI 0x%08x\n"),
name, ntohl(esp->spi));
vpn_progress(vpninfo, PRG_TRACE,
_("ESP encryption type %s key 0x%s\n"),
enctype, enckey);
vpn_progress(vpninfo, PRG_TRACE,
_("ESP authentication type %s key 0x%s\n"),
mactype, mackey);
return 0;
}

int esp_setup(struct openconnect_info *vpninfo, int dtls_attempt_period)
{
Expand All @@ -128,6 +176,9 @@ int esp_setup(struct openconnect_info *vpninfo, int dtls_attempt_period)
return -ENOMEM;
}

print_esp_keys(vpninfo, _("incoming"), &vpninfo->esp_in);
print_esp_keys(vpninfo, _("outgoing"), &vpninfo->esp_out);

/* We are not connected until we get an ESP packet back */
vpninfo->dtls_state = DTLS_CONNECTING;
vpninfo->dtls_fd = fd;
Expand Down
1 change: 1 addition & 0 deletions openconnect-internal.h
Expand Up @@ -769,6 +769,7 @@ int esp_setup(struct openconnect_info *vpninfo, int dtls_attempt_period);
int esp_mainloop(struct openconnect_info *vpninfo, int *timeout);
void esp_close(struct openconnect_info *vpninfo);
void esp_shutdown(struct openconnect_info *vpninfo);
int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct esp *esp);

/* gnutls-esp.c */
int setup_esp_keys(struct openconnect_info *vpninfo);
Expand Down

0 comments on commit d70f11e

Please sign in to comment.