Migrate from perforce repository.
diff --git a/src/racoon/vendorid.c b/src/racoon/vendorid.c
new file mode 100644
index 0000000..82ddfe4
--- /dev/null
+++ b/src/racoon/vendorid.c
@@ -0,0 +1,272 @@
+/* $NetBSD: vendorid.c,v 1.4 2006/09/09 16:22:10 manu Exp $ */
+
+/* Id: vendorid.c,v 1.10 2006/02/22 16:10:21 vanhu Exp */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "var.h"
+#include "misc.h"
+#include "vmbuf.h"
+#include "plog.h"
+#include "debug.h"
+
+#include "localconf.h"
+#include "isakmp_var.h"
+#include "isakmp.h"
+#include "vendorid.h"
+#include "crypto_openssl.h"
+
+static struct vendor_id all_vendor_ids[] = {
+{ VENDORID_IPSEC_TOOLS, "IPSec-Tools" },
+{ VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
+{ VENDORID_GSSAPI , "GSSAPI" },
+{ VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY" },
+{ VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00" },
+{ VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01" },
+{ VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02" },
+{ VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n" },
+{ VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03" },
+{ VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04" },
+{ VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05" },
+{ VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06" },
+{ VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07" },
+{ VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08" },
+{ VENDORID_NATT_RFC , "RFC 3947" },
+{ VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
+{ VENDORID_UNITY , "CISCO-UNITY" },
+{ VENDORID_FRAG , "FRAGMENTATION" },
+/* Just a readable string for DPD ... */
+{ VENDORID_DPD , "DPD" },
+/* Other known Vendor IDs */
+{ VENDORID_KAME , "KAME/racoon" },
+};
+
+#define NUMVENDORIDS (sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))
+
+#define DPD_MAJOR_VERSION 0x01
+#define DPD_MINOR_VERSION 0x00
+
+const char vendorid_dpd_hash[] = {
+ 0xAF, 0xCA, 0xD7, 0x13,
+ 0x68, 0xA1, 0xF1, 0xC9,
+ 0x6B, 0x86, 0x96, 0xFC,
+ 0x77, 0x57, DPD_MAJOR_VERSION, DPD_MINOR_VERSION
+};
+
+
+static vchar_t *vendorid_fixup(int, vchar_t *t);
+
+static struct vendor_id *
+lookup_vendor_id_by_id (int id)
+{
+ int i;
+
+ for (i = 0; i < NUMVENDORIDS; i++)
+ if (all_vendor_ids[i].id == id)
+ return &all_vendor_ids[i];
+
+ return NULL;
+}
+
+const char *
+vid_string_by_id (int id)
+{
+ struct vendor_id *current;
+
+ if (id == VENDORID_DPD)
+ return vendorid_dpd_hash;
+
+ current = lookup_vendor_id_by_id(id);
+
+ return current ? current->string : NULL;
+}
+
+static struct vendor_id *
+lookup_vendor_id_by_hash (const char *hash)
+{
+ int i;
+ unsigned char *h = (unsigned char *)hash;
+
+ for (i = 0; i < NUMVENDORIDS; i++)
+ if (strncmp(all_vendor_ids[i].hash->v, hash,
+ all_vendor_ids[i].hash->l) == 0)
+ return &all_vendor_ids[i];
+
+ return NULL;
+}
+
+void
+compute_vendorids (void)
+{
+ int i;
+ vchar_t vid;
+
+ for (i = 0; i < NUMVENDORIDS; i++) {
+ /* VENDORID_DPD is not a MD5 sum... */
+ if(all_vendor_ids[i].id == VENDORID_DPD){
+ all_vendor_ids[i].hash = vmalloc(sizeof(vendorid_dpd_hash));
+ if (all_vendor_ids[i].hash == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to get memory for VID hash\n");
+ exit(1); /* this really shouldn't happen */
+ }
+ memcpy(all_vendor_ids[i].hash->v, vendorid_dpd_hash,
+ sizeof(vendorid_dpd_hash));
+ continue;
+ }
+
+ vid.v = (char *) all_vendor_ids[i].string;
+ vid.l = strlen(vid.v);
+
+ all_vendor_ids[i].hash = eay_md5_one(&vid);
+ if (all_vendor_ids[i].hash == NULL)
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to hash vendor ID string\n");
+
+ /* Special cases */
+ all_vendor_ids[i].hash =
+ vendorid_fixup(all_vendor_ids[i].id,
+ all_vendor_ids[i].hash);
+ }
+}
+
+/*
+ * set hashed vendor id.
+ * hash function is always MD5.
+ */
+vchar_t *
+set_vendorid(int vendorid)
+{
+ struct vendor_id *current;
+ vchar_t vid, *new;
+
+ if (vendorid == VENDORID_UNKNOWN) {
+ /*
+ * The default unknown ID gets translated to
+ * KAME/racoon.
+ */
+ vendorid = VENDORID_DEFAULT;
+ }
+
+ current = lookup_vendor_id_by_id(vendorid);
+ if (current == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "invalid vendor ID index: %d\n", vendorid);
+ return (NULL);
+ }
+
+ /* The rest of racoon expects a private copy
+ * of the VID that could be free'd after use.
+ * That's why we don't return the original pointer. */
+ return vdup(current->hash);
+}
+
+/*
+ * Check the vendor ID payload -- return the vendor ID index
+ * if we find a recognized one, or UNKNOWN if we don't.
+ *
+ * gen ... points to Vendor ID payload.
+ */
+int
+check_vendorid(struct isakmp_gen *gen)
+{
+ vchar_t vid, *vidhash;
+ int i, vidlen;
+ struct vendor_id *current;
+
+ if (gen == NULL)
+ return (VENDORID_UNKNOWN);
+
+ vidlen = ntohs(gen->len) - sizeof(*gen);
+
+ current = lookup_vendor_id_by_hash((char *)(gen + 1));
+ if (!current)
+ goto unknown;
+
+ if (current->hash->l < vidlen)
+ plog(LLV_INFO, LOCATION, NULL,
+ "received broken Microsoft ID: %s\n",
+ current->string);
+ else
+ plog(LLV_INFO, LOCATION, NULL,
+ "received Vendor ID: %s\n",
+ current->string);
+
+ return current->id;
+
+unknown:
+ plog(LLV_DEBUG, LOCATION, NULL, "received unknown Vendor ID\n");
+ plogdump(LLV_DEBUG, (char *)(gen + 1), vidlen);
+ return (VENDORID_UNKNOWN);
+}
+
+static vchar_t *
+vendorid_fixup(vendorid, vidhash)
+ int vendorid;
+ vchar_t *vidhash;
+{
+ switch(vendorid) {
+ case VENDORID_XAUTH: { /* The vendor Id is truncated */
+ vchar_t *tmp;
+
+ if ((tmp = vmalloc(8)) == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to hash vendor ID string\n");
+ return NULL;
+ }
+
+ memcpy(tmp->v, vidhash->v, 8);
+ vfree(vidhash);
+ vidhash = tmp;
+
+ break;
+ }
+ case VENDORID_UNITY: /* Two bytes tweak */
+ vidhash->v[14] = 0x01;
+ vidhash->v[15] = 0x00;
+ break;
+
+ default:
+ break;
+ }
+
+ return vidhash;
+}