1 /* $OpenBSD: ikev2.c,v 1.76 2012/07/05 08:37:22 mikeb Exp $ */ 2 /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ 3 4 /* 5 * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/param.h> 21 #include <sys/types.h> 22 #include <sys/queue.h> 23 #include <sys/socket.h> 24 #include <sys/wait.h> 25 #include <sys/uio.h> 26 27 #include <netinet/in.h> 28 #include <netinet/ip_ipsp.h> 29 #include <arpa/inet.h> 30 31 #include <stdlib.h> 32 #include <stdio.h> 33 #include <unistd.h> 34 #include <string.h> 35 #include <getopt.h> 36 #include <signal.h> 37 #include <errno.h> 38 #include <err.h> 39 #include <pwd.h> 40 #include <event.h> 41 42 #include <openssl/sha.h> 43 #include <openssl/evp.h> 44 45 #include "iked.h" 46 #include "ikev2.h" 47 #include "eap.h" 48 #include "dh.h" 49 50 int ikev2_dispatch_parent(int, struct privsep_proc *, struct imsg *); 51 int ikev2_dispatch_ikev1(int, struct privsep_proc *, struct imsg *); 52 int ikev2_dispatch_cert(int, struct privsep_proc *, struct imsg *); 53 54 struct iked_sa * 55 ikev2_getimsgdata(struct iked *, struct imsg *, struct iked_sahdr *, 56 u_int8_t *, u_int8_t **, size_t *); 57 58 void ikev2_recv(struct iked *, struct iked_message *); 59 int ikev2_ike_auth(struct iked *, struct iked_sa *, 60 struct iked_message *); 61 62 void ikev2_init_recv(struct iked *, struct iked_message *, 63 struct ike_header *); 64 int ikev2_init_ike_sa_peer(struct iked *, struct iked_policy *, 65 struct iked_addr *); 66 int ikev2_init_ike_auth(struct iked *, struct iked_sa *); 67 int ikev2_init_auth(struct iked *, struct iked_message *); 68 int ikev2_init_done(struct iked *, struct iked_sa *); 69 70 void ikev2_resp_recv(struct iked *, struct iked_message *, 71 struct ike_header *); 72 int ikev2_resp_ike_sa_init(struct iked *, struct iked_message *); 73 int ikev2_resp_ike_auth(struct iked *, struct iked_sa *); 74 int ikev2_resp_ike_eap(struct iked *, struct iked_sa *, struct ibuf *); 75 76 int ikev2_send_create_child_sa(struct iked *, struct iked_sa *, 77 struct iked_spi *, u_int8_t); 78 int ikev2_init_create_child_sa(struct iked *, struct iked_message *); 79 int ikev2_resp_create_child_sa(struct iked *, struct iked_message *); 80 void ikev2_ike_sa_timeout(struct iked *env, void *); 81 82 int ikev2_sa_initiator(struct iked *, struct iked_sa *, 83 struct iked_message *); 84 int ikev2_sa_responder(struct iked *, struct iked_sa *, struct iked_sa *, 85 struct iked_message *); 86 int ikev2_sa_keys(struct iked *, struct iked_sa *, struct ibuf *); 87 int ikev2_sa_tag(struct iked_sa *, struct iked_id *); 88 89 int ikev2_childsa_negotiate(struct iked *, struct iked_sa *, int); 90 int ikev2_match_proposals(struct iked_proposal *, struct iked_proposal *, 91 struct iked_transform **); 92 int ikev2_valid_proposal(struct iked_proposal *, 93 struct iked_transform **, struct iked_transform **, int *); 94 95 ssize_t ikev2_add_proposals(struct iked *, struct iked_sa *, struct ibuf *, 96 struct iked_proposals *, u_int8_t, int, int); 97 ssize_t ikev2_add_cp(struct iked *, struct iked_sa *, struct ibuf *); 98 ssize_t ikev2_add_transform(struct ibuf *, 99 u_int8_t, u_int8_t, u_int16_t, u_int16_t); 100 ssize_t ikev2_add_ts(struct ibuf *, struct ikev2_payload **, ssize_t, 101 struct iked_sa *, int); 102 ssize_t ikev2_add_ts_payload(struct ibuf *, u_int, struct iked_sa *); 103 int ikev2_add_data(struct ibuf *, void *, size_t); 104 int ikev2_add_buf(struct ibuf *buf, struct ibuf *); 105 106 static struct privsep_proc procs[] = { 107 { "parent", PROC_PARENT, ikev2_dispatch_parent }, 108 { "ikev1", PROC_IKEV1, ikev2_dispatch_ikev1 }, 109 { "certstore", PROC_CERT, ikev2_dispatch_cert } 110 }; 111 112 pid_t 113 ikev2(struct privsep *ps, struct privsep_proc *p) 114 { 115 return (proc_run(ps, p, procs, nitems(procs), NULL, NULL)); 116 } 117 118 int 119 ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 120 { 121 struct iked *env = p->p_env; 122 123 switch (imsg->hdr.type) { 124 case IMSG_CTL_RESET: 125 return (config_getreset(env, imsg)); 126 case IMSG_CTL_COUPLE: 127 case IMSG_CTL_DECOUPLE: 128 return (config_getcoupled(env, imsg->hdr.type)); 129 case IMSG_CTL_ACTIVE: 130 case IMSG_CTL_PASSIVE: 131 if (config_getmode(env, imsg->hdr.type) == -1) 132 return (0); /* ignore error */ 133 timer_initialize(env, &env->sc_inittmr, ikev2_init_ike_sa, 134 NULL); 135 timer_register(env, &env->sc_inittmr, IKED_INITIATOR_INITIAL); 136 return (0); 137 case IMSG_UDP_SOCKET: 138 return (config_getsocket(env, imsg, ikev2_msg_cb)); 139 case IMSG_PFKEY_SOCKET: 140 return (config_getpfkey(env, imsg)); 141 case IMSG_CFG_POLICY: 142 return (config_getpolicy(env, imsg)); 143 case IMSG_CFG_USER: 144 return (config_getuser(env, imsg)); 145 case IMSG_COMPILE: 146 return (config_getcompile(env, imsg)); 147 default: 148 break; 149 } 150 151 return (-1); 152 } 153 154 int 155 ikev2_dispatch_ikev1(int fd, struct privsep_proc *p, struct imsg *imsg) 156 { 157 struct iked *env = p->p_env; 158 struct iked_message msg; 159 u_int8_t *buf; 160 ssize_t len; 161 162 switch (imsg->hdr.type) { 163 case IMSG_IKE_MESSAGE: 164 log_debug("%s: message", __func__); 165 IMSG_SIZE_CHECK(imsg, &msg); 166 memcpy(&msg, imsg->data, sizeof(msg)); 167 168 len = IMSG_DATA_SIZE(imsg) - sizeof(msg); 169 buf = (u_int8_t *)imsg->data + sizeof(msg); 170 if (len <= 0 || (msg.msg_data = ibuf_new(buf, len)) == NULL) { 171 log_debug("%s: short message", __func__); 172 return (0); 173 } 174 175 log_debug("%s: message length %d", __func__, len); 176 177 ikev2_recv(env, &msg); 178 ikev2_msg_cleanup(env, &msg); 179 return (0); 180 default: 181 break; 182 } 183 184 return (-1); 185 } 186 187 int 188 ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) 189 { 190 struct iked *env = p->p_env; 191 struct iked_sahdr sh; 192 struct iked_sa *sa; 193 u_int8_t type; 194 u_int8_t *ptr; 195 size_t len; 196 struct iked_id *id = NULL; 197 198 switch (imsg->hdr.type) { 199 case IMSG_CERTREQ: 200 IMSG_SIZE_CHECK(imsg, &type); 201 202 ptr = imsg->data; 203 memcpy(&type, ptr, sizeof(type)); 204 ptr += sizeof(type); 205 206 ibuf_release(env->sc_certreq); 207 env->sc_certreqtype = type; 208 env->sc_certreq = ibuf_new(ptr, 209 IMSG_DATA_SIZE(imsg) - sizeof(type)); 210 211 log_debug("%s: updated local CERTREQ signatures length %d", 212 __func__, ibuf_length(env->sc_certreq)); 213 214 break; 215 case IMSG_CERTVALID: 216 case IMSG_CERTINVALID: 217 memcpy(&sh, imsg->data, sizeof(sh)); 218 memcpy(&type, (u_int8_t *)imsg->data + sizeof(sh), 219 sizeof(type)); 220 221 /* Ignore invalid or unauthenticated SAs */ 222 if ((sa = sa_lookup(env, 223 sh.sh_ispi, sh.sh_rspi, sh.sh_initiator)) == NULL || 224 sa->sa_state < IKEV2_STATE_EAP) 225 break; 226 227 if (imsg->hdr.type == IMSG_CERTVALID) { 228 log_debug("%s: peer certificate is valid", __func__); 229 sa_stateflags(sa, IKED_REQ_VALID); 230 sa_state(env, sa, IKEV2_STATE_VALID); 231 } else { 232 log_warnx("%s: peer certificate is invalid", __func__); 233 } 234 235 if (ikev2_ike_auth(env, sa, NULL) != 0) 236 log_debug("%s: failed to send ike auth", __func__); 237 break; 238 case IMSG_CERT: 239 if ((sa = ikev2_getimsgdata(env, imsg, 240 &sh, &type, &ptr, &len)) == NULL) { 241 log_debug("%s: invalid cert reply", __func__); 242 break; 243 } 244 245 if (sh.sh_initiator) 246 id = &sa->sa_icert; 247 else 248 id = &sa->sa_rcert; 249 250 id->id_type = type; 251 id->id_offset = 0; 252 ibuf_release(id->id_buf); 253 id->id_buf = NULL; 254 255 if (type != IKEV2_CERT_NONE) { 256 if (len <= 0 || 257 (id->id_buf = ibuf_new(ptr, len)) == NULL) { 258 log_debug("%s: failed to get cert payload", 259 __func__); 260 break; 261 } 262 } 263 264 log_debug("%s: cert type %d length %d", __func__, 265 id->id_type, ibuf_length(id->id_buf)); 266 267 sa_stateflags(sa, IKED_REQ_CERT); 268 269 if (ikev2_ike_auth(env, sa, NULL) != 0) 270 log_debug("%s: failed to send ike auth", __func__); 271 break; 272 case IMSG_AUTH: 273 if ((sa = ikev2_getimsgdata(env, imsg, 274 &sh, &type, &ptr, &len)) == NULL) { 275 log_debug("%s: invalid auth reply", __func__); 276 break; 277 } 278 279 log_debug("%s: AUTH type %d len %d", __func__, type, len); 280 281 id = &sa->sa_localauth; 282 id->id_type = type; 283 id->id_offset = 0; 284 ibuf_release(id->id_buf); 285 286 if (type != IKEV2_AUTH_NONE) { 287 if (len <= 0 || 288 (id->id_buf = ibuf_new(ptr, len)) == NULL) { 289 log_debug("%s: failed to get auth payload", 290 __func__); 291 break; 292 } 293 } 294 295 sa_stateflags(sa, IKED_REQ_AUTH); 296 297 if (ikev2_ike_auth(env, sa, NULL) != 0) 298 log_debug("%s: failed to send ike auth", __func__); 299 break; 300 default: 301 return (-1); 302 } 303 304 return (0); 305 } 306 307 struct iked_sa * 308 ikev2_getimsgdata(struct iked *env, struct imsg *imsg, struct iked_sahdr *sh, 309 u_int8_t *type, u_int8_t **buf, size_t *size) 310 { 311 u_int8_t *ptr; 312 size_t len; 313 struct iked_sa *sa; 314 315 IMSG_SIZE_CHECK(imsg, sh); 316 317 ptr = imsg->data; 318 len = IMSG_DATA_SIZE(imsg) - sizeof(*sh) - sizeof(*type); 319 memcpy(sh, ptr, sizeof(*sh)); 320 memcpy(type, ptr + sizeof(*sh), sizeof(*type)); 321 322 sa = sa_lookup(env, sh->sh_ispi, sh->sh_rspi, sh->sh_initiator); 323 324 log_debug("%s: imsg %d rspi %s ispi %s initiator %d sa %s" 325 " type %d data length %d", 326 __func__, imsg->hdr.type, 327 print_spi(sh->sh_rspi, 8), 328 print_spi(sh->sh_ispi, 8), 329 sh->sh_initiator, 330 sa == NULL ? "invalid" : "valid", *type, len); 331 332 if (sa == NULL) 333 return (NULL); 334 335 *buf = ptr + sizeof(*sh) + sizeof(*type); 336 *size = len; 337 338 return (sa); 339 } 340 341 void 342 ikev2_recv(struct iked *env, struct iked_message *msg) 343 { 344 struct ike_header *hdr; 345 struct iked_message *m; 346 struct iked_sa *sa; 347 u_int initiator, flag = 0; 348 int response; 349 350 hdr = ibuf_seek(msg->msg_data, msg->msg_offset, sizeof(*hdr)); 351 352 if (hdr == NULL || (ssize_t)ibuf_size(msg->msg_data) < 353 (betoh32(hdr->ike_length) - msg->msg_offset)) 354 return; 355 356 initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? 0 : 1; 357 response = (hdr->ike_flags & IKEV2_FLAG_RESPONSE) ? 1 : 0; 358 msg->msg_sa = sa_lookup(env, 359 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 360 initiator); 361 msg->msg_msgid = betoh32(hdr->ike_msgid); 362 if (policy_lookup(env, msg) != 0) 363 return; 364 365 log_info("%s: %s from %s %s to %s policy '%s' id %u, %ld bytes", 366 __func__, print_map(hdr->ike_exchange, ikev2_exchange_map), 367 initiator ? "responder" : "initiator", 368 print_host(&msg->msg_peer, NULL, 0), 369 print_host(&msg->msg_local, NULL, 0), 370 msg->msg_policy->pol_name, msg->msg_msgid, 371 ibuf_length(msg->msg_data)); 372 log_debug("%s: ispi %s rspi %s", __func__, 373 print_spi(betoh64(hdr->ike_ispi), 8), 374 print_spi(betoh64(hdr->ike_rspi), 8)); 375 376 if ((sa = msg->msg_sa) == NULL) 377 goto done; 378 379 log_debug("%s: updating msg, natt %d", __func__, msg->msg_natt); 380 381 if (msg->msg_natt) 382 sa->sa_natt = 1; 383 384 if (hdr->ike_exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA) 385 flag = IKED_REQ_CHILDSA; 386 if (hdr->ike_exchange == IKEV2_EXCHANGE_INFORMATIONAL) 387 flag = IKED_REQ_INF; 388 389 if (response) { 390 if (msg->msg_msgid > sa->sa_reqid) 391 return; 392 if (hdr->ike_exchange != IKEV2_EXCHANGE_INFORMATIONAL && 393 !ikev2_msg_lookup(env, &sa->sa_requests, msg, hdr)) 394 return; 395 if (flag) { 396 if ((sa->sa_stateflags & flag) == 0) 397 return; 398 initiator = 1; 399 } 400 /* 401 * There's no need to keep the request around anymore 402 */ 403 if ((m = ikev2_msg_lookup(env, &sa->sa_requests, msg, hdr))) 404 ikev2_msg_dispose(env, &sa->sa_requests, m); 405 } else { 406 if (msg->msg_msgid < sa->sa_msgid) 407 return; 408 if (flag) 409 initiator = 0; 410 /* 411 * See if we have responded to this request before 412 */ 413 if ((m = ikev2_msg_lookup(env, &sa->sa_responses, msg, hdr))) { 414 if (ikev2_msg_retransmit_response(env, sa, m)) { 415 log_warn("%s: failed to retransmit a " 416 "response", __func__); 417 sa_free(env, sa); 418 } 419 return; 420 } 421 /* 422 * If it's a new request, make sure to update the peer's 423 * message ID and dispose of all previous responses 424 */ 425 sa->sa_msgid = msg->msg_msgid; 426 ikev2_msg_prevail(env, &sa->sa_responses, msg); 427 } 428 429 if (sa_address(sa, &sa->sa_peer, &msg->msg_peer, initiator) == -1 || 430 sa_address(sa, &sa->sa_local, &msg->msg_local, initiator) == -1) 431 return; 432 433 sa->sa_fd = msg->msg_fd; 434 435 log_debug("%s: updated SA peer %s local %s", __func__, 436 print_host(&sa->sa_peer.addr, NULL, 0), 437 print_host(&sa->sa_local.addr, NULL, 0)); 438 439 done: 440 if (initiator) 441 ikev2_init_recv(env, msg, hdr); 442 else 443 ikev2_resp_recv(env, msg, hdr); 444 445 if (sa != NULL && sa->sa_state == IKEV2_STATE_CLOSED) { 446 log_debug("%s: closing SA", __func__); 447 sa_free(env, sa); 448 } 449 } 450 451 int 452 ikev2_ike_auth(struct iked *env, struct iked_sa *sa, 453 struct iked_message *msg) 454 { 455 struct iked_id *id, *certid; 456 struct ibuf *authmsg; 457 struct iked_auth ikeauth; 458 struct iked_policy *policy = sa->sa_policy; 459 int ret = -1; 460 461 if (msg == NULL) 462 goto done; 463 464 if (sa->sa_hdr.sh_initiator) { 465 id = &sa->sa_rid; 466 certid = &sa->sa_rcert; 467 } else { 468 id = &sa->sa_iid; 469 certid = &sa->sa_icert; 470 } 471 472 if (msg->msg_id.id_type) { 473 memcpy(id, &msg->msg_id, sizeof(*id)); 474 bzero(&msg->msg_id, sizeof(msg->msg_id)); 475 476 if ((authmsg = ikev2_msg_auth(env, sa, 477 !sa->sa_hdr.sh_initiator)) == NULL) { 478 log_debug("%s: failed to get response " 479 "auth data", __func__); 480 return (-1); 481 } 482 483 ca_setauth(env, sa, authmsg, PROC_CERT); 484 ibuf_release(authmsg); 485 } 486 487 if (msg->msg_cert.id_type) { 488 memcpy(certid, &msg->msg_cert, sizeof(*certid)); 489 bzero(&msg->msg_cert, sizeof(msg->msg_cert)); 490 491 ca_setcert(env, &sa->sa_hdr, 492 id, certid->id_type, 493 ibuf_data(certid->id_buf), 494 ibuf_length(certid->id_buf), PROC_CERT); 495 } 496 497 if (msg->msg_auth.id_type) { 498 memcpy(&ikeauth, &policy->pol_auth, sizeof(ikeauth)); 499 500 if (policy->pol_auth.auth_eap && sa->sa_eapmsk != NULL) { 501 /* 502 * The initiator EAP auth is a PSK derived 503 * from the EAP-specific MSK 504 */ 505 ikeauth.auth_method = IKEV2_AUTH_SHARED_KEY_MIC; 506 507 /* Copy session key as PSK */ 508 memcpy(ikeauth.auth_data, ibuf_data(sa->sa_eapmsk), 509 ibuf_size(sa->sa_eapmsk)); 510 ikeauth.auth_length = ibuf_size(sa->sa_eapmsk); 511 } 512 513 if (msg->msg_auth.id_type != ikeauth.auth_method) { 514 log_warnx("%s: unexpected auth method %s", __func__, 515 print_map(ikeauth.auth_method, ikev2_auth_map)); 516 return (-1); 517 } 518 519 if ((authmsg = ikev2_msg_auth(env, sa, 520 sa->sa_hdr.sh_initiator)) == NULL) { 521 log_debug("%s: failed to get auth data", __func__); 522 return (-1); 523 } 524 525 ret = ikev2_msg_authverify(env, sa, &ikeauth, 526 ibuf_data(msg->msg_auth.id_buf), 527 ibuf_length(msg->msg_auth.id_buf), 528 authmsg); 529 ibuf_release(authmsg); 530 531 if (ret != 0) 532 goto done; 533 534 if (sa->sa_eapmsk != NULL) { 535 if ((authmsg = ikev2_msg_auth(env, sa, 536 !sa->sa_hdr.sh_initiator)) == NULL) { 537 log_debug("%s: failed to get auth data", 538 __func__); 539 return (-1); 540 } 541 542 /* XXX 2nd AUTH for EAP messages */ 543 ret = ikev2_msg_authsign(env, sa, &ikeauth, authmsg); 544 ibuf_release(authmsg); 545 546 if (ret != 0) { 547 /* XXX */ 548 return (-1); 549 } 550 551 sa_state(env, sa, IKEV2_STATE_EAP_VALID); 552 } 553 } 554 555 if (!TAILQ_EMPTY(&msg->msg_proposals)) { 556 if (ikev2_sa_negotiate(sa, &sa->sa_policy->pol_proposals, 557 &msg->msg_proposals) != 0) { 558 log_debug("%s: no proposal chosen", __func__); 559 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 560 return (-1); 561 } else 562 sa_stateflags(sa, IKED_REQ_SA); 563 } 564 565 done: 566 if (sa->sa_hdr.sh_initiator) { 567 if (sa_stateok(sa, IKEV2_STATE_AUTH_SUCCESS)) 568 return (ikev2_init_done(env, sa)); 569 else 570 return (ikev2_init_ike_auth(env, sa)); 571 } 572 return (ikev2_resp_ike_auth(env, sa)); 573 } 574 575 void 576 ikev2_init_recv(struct iked *env, struct iked_message *msg, 577 struct ike_header *hdr) 578 { 579 struct iked_sa *sa; 580 581 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) { 582 log_debug("%s: unknown SA", __func__); 583 return; 584 } 585 sa = msg->msg_sa; 586 587 switch (hdr->ike_exchange) { 588 case IKEV2_EXCHANGE_IKE_SA_INIT: 589 /* Update the SPIs */ 590 if ((sa = sa_new(env, 591 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 1, 592 NULL)) == NULL || sa != msg->msg_sa) { 593 log_debug("%s: invalid new SA", __func__); 594 sa_free(env, sa); 595 } 596 break; 597 case IKEV2_EXCHANGE_IKE_AUTH: 598 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 599 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 600 return; 601 break; 602 case IKEV2_EXCHANGE_INFORMATIONAL: 603 break; 604 default: 605 log_debug("%s: unsupported exchange: %s", __func__, 606 print_map(hdr->ike_exchange, ikev2_exchange_map)); 607 return; 608 } 609 610 if (ikev2_pld_parse(env, hdr, msg, msg->msg_offset) != 0) { 611 log_debug("%s: failed to parse message", __func__); 612 return; 613 } 614 615 if (!ikev2_msg_frompeer(msg)) 616 return; 617 618 switch (hdr->ike_exchange) { 619 case IKEV2_EXCHANGE_IKE_SA_INIT: 620 (void)ikev2_init_auth(env, msg); 621 break; 622 case IKEV2_EXCHANGE_IKE_AUTH: 623 (void)ikev2_ike_auth(env, sa, msg); 624 break; 625 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 626 (void)ikev2_init_create_child_sa(env, msg); 627 break; 628 case IKEV2_EXCHANGE_INFORMATIONAL: 629 break; 630 default: 631 log_debug("%s: exchange %s not implemented", __func__, 632 print_map(hdr->ike_exchange, ikev2_exchange_map)); 633 break; 634 } 635 } 636 637 void 638 ikev2_init_ike_sa(struct iked *env, void *arg) 639 { 640 struct iked_policy *pol; 641 642 TAILQ_FOREACH(pol, &env->sc_policies, pol_entry) { 643 if ((pol->pol_flags & IKED_POLICY_ACTIVE) == 0) 644 continue; 645 if (sa_peer_lookup(pol, &pol->pol_peer.addr) != NULL) { 646 log_debug("%s: \"%s\" is already active", 647 __func__, pol->pol_name); 648 continue; 649 } 650 651 log_debug("%s: initiating \"%s\"", __func__, pol->pol_name); 652 653 if (ikev2_init_ike_sa_peer(env, pol, &pol->pol_peer)) 654 log_debug("%s: failed to initiate with peer %s", 655 __func__, print_host(&pol->pol_peer.addr, NULL, 0)); 656 } 657 658 timer_initialize(env, &env->sc_inittmr, ikev2_init_ike_sa, NULL); 659 timer_register(env, &env->sc_inittmr, IKED_INITIATOR_INTERVAL); 660 } 661 662 int 663 ikev2_init_ike_sa_peer(struct iked *env, struct iked_policy *pol, 664 struct iked_addr *peer) 665 { 666 struct sockaddr_storage ss; 667 struct iked_message req; 668 struct ike_header *hdr; 669 struct ikev2_payload *pld; 670 struct ikev2_keyexchange *ke; 671 struct ikev2_notify *n; 672 struct iked_sa *sa; 673 struct ibuf *buf; 674 struct group *group; 675 u_int8_t *ptr; 676 ssize_t len; 677 int ret = -1; 678 struct iked_socket *sock; 679 in_port_t port; 680 681 if ((sock = ikev2_msg_getsocket(env, peer->addr_af)) == NULL) 682 return (-1); 683 684 /* Create a new initiator SA */ 685 if ((sa = sa_new(env, 0, 0, 1, pol)) == NULL) 686 return (-1); 687 688 /* Pick peer's DH group if asked */ 689 sa->sa_dhgroup = pol->pol_peerdh; 690 691 if (ikev2_sa_initiator(env, sa, NULL) == -1) 692 goto done; 693 694 if (pol->pol_local.addr.ss_family == AF_UNSPEC) { 695 if (socket_getaddr(sock->sock_fd, &ss) == -1) 696 goto done; 697 } else 698 memcpy(&ss, &pol->pol_local.addr, pol->pol_local.addr.ss_len); 699 700 if ((buf = ikev2_msg_init(env, &req, &peer->addr, peer->addr.ss_len, 701 &ss, ss.ss_len, 0)) == NULL) 702 goto done; 703 704 /* Inherit the port from the 1st send socket */ 705 port = htons(socket_getport(&sock->sock_addr)); 706 (void)socket_af((struct sockaddr *)&req.msg_local, port); 707 (void)socket_af((struct sockaddr *)&req.msg_peer, port); 708 709 req.msg_fd = sock->sock_fd; 710 req.msg_sa = sa; 711 req.msg_sock = sock; 712 req.msg_msgid = ikev2_msg_id(env, sa); 713 714 /* IKE header */ 715 if ((hdr = ikev2_add_header(buf, sa, req.msg_msgid, 716 IKEV2_PAYLOAD_SA, IKEV2_EXCHANGE_IKE_SA_INIT, 0)) == NULL) 717 goto done; 718 719 /* SA payload */ 720 if ((pld = ikev2_add_payload(buf)) == NULL) 721 goto done; 722 if ((len = ikev2_add_proposals(env, sa, buf, &pol->pol_proposals, 723 IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0)) == -1) 724 goto done; 725 726 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 727 goto done; 728 729 /* KE payload */ 730 if ((pld = ikev2_add_payload(buf)) == NULL) 731 goto done; 732 if ((ke = ibuf_advance(buf, sizeof(*ke))) == NULL) 733 goto done; 734 if ((group = sa->sa_dhgroup) == NULL) { 735 log_debug("%s: invalid dh", __func__); 736 goto done; 737 } 738 ke->kex_dhgroup = htobe16(group->id); 739 if (ikev2_add_buf(buf, sa->sa_dhiexchange) == -1) 740 goto done; 741 len = sizeof(*ke) + dh_getlen(group); 742 743 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 744 goto done; 745 746 /* NONCE payload */ 747 if ((pld = ikev2_add_payload(buf)) == NULL) 748 goto done; 749 if (ikev2_add_buf(buf, sa->sa_inonce) == -1) 750 goto done; 751 len = ibuf_size(sa->sa_inonce); 752 753 if ((env->sc_opts & IKED_OPT_NONATT) == 0) { 754 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 755 goto done; 756 757 /* NAT-T notify payloads */ 758 if ((pld = ikev2_add_payload(buf)) == NULL) 759 goto done; 760 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 761 goto done; 762 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_SOURCE_IP); 763 len = ikev2_nat_detection(&req, NULL, 0, 0); 764 if ((ptr = ibuf_advance(buf, len)) == NULL) 765 goto done; 766 if ((len = ikev2_nat_detection(&req, ptr, len, 767 betoh16(n->n_type))) == -1) 768 goto done; 769 len += sizeof(*n); 770 771 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 772 goto done; 773 774 if ((pld = ikev2_add_payload(buf)) == NULL) 775 goto done; 776 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 777 goto done; 778 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_DESTINATION_IP); 779 len = ikev2_nat_detection(&req, NULL, 0, 0); 780 if ((ptr = ibuf_advance(buf, len)) == NULL) 781 goto done; 782 if ((len = ikev2_nat_detection(&req, ptr, len, 783 betoh16(n->n_type))) == -1) 784 goto done; 785 len += sizeof(*n); 786 } 787 788 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 789 goto done; 790 791 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 792 goto done; 793 794 (void)ikev2_pld_parse(env, hdr, &req, 0); 795 796 ibuf_release(sa->sa_1stmsg); 797 if ((sa->sa_1stmsg = ibuf_dup(buf)) == NULL) { 798 log_debug("%s: failed to copy 1st message", __func__); 799 goto done; 800 } 801 802 memcpy(&sa->sa_polpeer, &pol->pol_peer, sizeof(sa->sa_polpeer)); 803 if (RB_INSERT(iked_sapeers, &pol->pol_sapeers, sa)) { 804 log_debug("%s: conflicting sa", __func__); 805 goto done; 806 } 807 808 if ((ret = ikev2_msg_send(env, &req)) == 0) 809 sa_state(env, sa, IKEV2_STATE_SA_INIT); 810 811 done: 812 if (ret == -1) { 813 log_debug("%s: closing SA", __func__); 814 sa_free(env, sa); 815 } 816 ikev2_msg_cleanup(env, &req); 817 818 return (ret); 819 } 820 821 int 822 ikev2_init_auth(struct iked *env, struct iked_message *msg) 823 { 824 struct iked_sa *sa = msg->msg_sa; 825 struct ibuf *authmsg; 826 827 if (sa == NULL) 828 return (-1); 829 830 if (ikev2_sa_initiator(env, sa, msg) == -1) { 831 log_debug("%s: failed to get IKE keys", __func__); 832 return (-1); 833 } 834 835 if ((authmsg = ikev2_msg_auth(env, sa, 836 !sa->sa_hdr.sh_initiator)) == NULL) { 837 log_debug("%s: failed to get auth data", __func__); 838 return (-1); 839 } 840 841 if (ca_setauth(env, sa, authmsg, PROC_CERT) == -1) { 842 log_debug("%s: failed to get cert", __func__); 843 return (-1); 844 } 845 846 return (ikev2_init_ike_auth(env, sa)); 847 } 848 849 int 850 ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa) 851 { 852 struct iked_policy *pol = sa->sa_policy; 853 struct ikev2_payload *pld; 854 struct ikev2_cert *cert; 855 struct ikev2_auth *auth; 856 struct iked_id *id, *certid; 857 struct ibuf *e = NULL; 858 u_int8_t firstpayload; 859 int ret = -1; 860 ssize_t len; 861 862 if (!sa_stateok(sa, IKEV2_STATE_SA_INIT)) 863 return (0); 864 865 if (!sa->sa_localauth.id_type) { 866 log_debug("%s: no local auth", __func__); 867 return (-1); 868 } 869 870 /* New encrypted message buffer */ 871 if ((e = ibuf_static()) == NULL) 872 goto done; 873 874 id = &sa->sa_iid; 875 certid = &sa->sa_icert; 876 877 /* ID payload */ 878 if ((pld = ikev2_add_payload(e)) == NULL) 879 goto done; 880 firstpayload = IKEV2_PAYLOAD_IDi; 881 if (ibuf_cat(e, id->id_buf) != 0) 882 goto done; 883 len = ibuf_size(id->id_buf); 884 885 /* CERT payload */ 886 if ((sa->sa_stateinit & IKED_REQ_CERT) && 887 (certid->id_type != IKEV2_CERT_NONE)) { 888 if (ikev2_next_payload(pld, len, 889 IKEV2_PAYLOAD_CERT) == -1) 890 goto done; 891 if ((pld = ikev2_add_payload(e)) == NULL) 892 goto done; 893 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 894 goto done; 895 cert->cert_type = certid->id_type; 896 if (ibuf_cat(e, certid->id_buf) != 0) 897 goto done; 898 len = ibuf_size(certid->id_buf) + sizeof(*cert); 899 900 if (env->sc_certreqtype) { 901 if (ikev2_next_payload(pld, len, 902 IKEV2_PAYLOAD_CERTREQ) == -1) 903 goto done; 904 905 /* CERTREQ payload */ 906 if ((pld = ikev2_add_payload(e)) == NULL) 907 goto done; 908 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 909 goto done; 910 cert->cert_type = env->sc_certreqtype; 911 if (ikev2_add_buf(e, env->sc_certreq) == -1) 912 goto done; 913 len = ibuf_size(env->sc_certreq) + sizeof(*cert); 914 } 915 } 916 917 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 918 goto done; 919 920 /* AUTH payload */ 921 if ((pld = ikev2_add_payload(e)) == NULL) 922 goto done; 923 if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL) 924 goto done; 925 auth->auth_method = sa->sa_localauth.id_type; 926 if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0) 927 goto done; 928 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 929 930 /* CP payload */ 931 if (sa->sa_cp) { 932 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CP) == -1) 933 goto done; 934 935 if ((pld = ikev2_add_payload(e)) == NULL) 936 goto done; 937 if ((len = ikev2_add_cp(env, sa, e)) == -1) 938 goto done; 939 } 940 941 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 942 goto done; 943 944 /* SA payload */ 945 if ((pld = ikev2_add_payload(e)) == NULL) 946 goto done; 947 if ((len = ikev2_add_proposals(env, sa, e, &pol->pol_proposals, 0, 948 sa->sa_hdr.sh_initiator, 0)) == -1) 949 goto done; 950 951 if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) 952 goto done; 953 954 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 955 goto done; 956 957 ret = ikev2_msg_send_encrypt(env, sa, &e, 958 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 0); 959 960 done: 961 ibuf_release(e); 962 963 return (ret); 964 } 965 966 int 967 ikev2_init_done(struct iked *env, struct iked_sa *sa) 968 { 969 int ret; 970 971 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 972 return (0); /* ignored */ 973 974 ret = ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator); 975 if (ret == 0) 976 ret = ikev2_childsa_enable(env, sa); 977 if (ret == 0) 978 sa_state(env, sa, IKEV2_STATE_ESTABLISHED); 979 980 if (ret) 981 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 982 return (ret); 983 } 984 985 int 986 ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) 987 { 988 struct ikev2_id hdr; 989 struct iked_static_id localpid; 990 char idstr[IKED_ID_SIZE]; 991 struct in_addr in4; 992 struct in6_addr in6; 993 994 /* Fixup the local Id if not specified */ 995 if (srcid && polid->id_type == 0) { 996 polid = &localpid; 997 bzero(polid, sizeof(*polid)); 998 999 /* Create a default local ID based on our FQDN */ 1000 polid->id_type = IKEV2_ID_FQDN; 1001 if (gethostname((char *)polid->id_data, 1002 sizeof(polid->id_data)) != 0) 1003 return (-1); 1004 polid->id_offset = 0; 1005 polid->id_length = 1006 strlen((char *)polid->id_data); /* excluding NUL */ 1007 } 1008 1009 if (!polid->id_length) 1010 return (-1); 1011 1012 /* Create an IKEv2 ID payload */ 1013 bzero(&hdr, sizeof(hdr)); 1014 hdr.id_type = id->id_type = polid->id_type; 1015 id->id_offset = sizeof(hdr); 1016 1017 if ((id->id_buf = ibuf_new(&hdr, sizeof(hdr))) == NULL) 1018 return (-1); 1019 1020 switch (id->id_type) { 1021 case IKEV2_ID_IPV4: 1022 if (inet_pton(AF_INET, polid->id_data, &in4) != 1 || 1023 ibuf_add(id->id_buf, &in4, sizeof(in4)) != 0) { 1024 ibuf_release(id->id_buf); 1025 return (-1); 1026 } 1027 break; 1028 case IKEV2_ID_IPV6: 1029 if (inet_pton(AF_INET6, polid->id_data, &in6) != 1 || 1030 ibuf_add(id->id_buf, &in6, sizeof(in6)) != 0) { 1031 ibuf_release(id->id_buf); 1032 return (-1); 1033 } 1034 break; 1035 default: 1036 if (ibuf_add(id->id_buf, 1037 polid->id_data, polid->id_length) != 0) { 1038 ibuf_release(id->id_buf); 1039 return (-1); 1040 } 1041 break; 1042 } 1043 1044 if (ikev2_print_id(id, idstr, sizeof(idstr)) == -1) 1045 return (-1); 1046 1047 log_debug("%s: %s %s length %d", __func__, 1048 srcid ? "srcid" : "dstid", 1049 idstr, ibuf_size(id->id_buf)); 1050 1051 return (0); 1052 } 1053 1054 struct ike_header * 1055 ikev2_add_header(struct ibuf *buf, struct iked_sa *sa, 1056 u_int32_t msgid, u_int8_t nextpayload, 1057 u_int8_t exchange, u_int8_t flags) 1058 { 1059 struct ike_header *hdr; 1060 1061 if ((hdr = ibuf_advance(buf, sizeof(*hdr))) == NULL) { 1062 log_debug("%s: failed to add header", __func__); 1063 return (NULL); 1064 } 1065 1066 hdr->ike_ispi = htobe64(sa->sa_hdr.sh_ispi); 1067 hdr->ike_rspi = htobe64(sa->sa_hdr.sh_rspi); 1068 hdr->ike_nextpayload = nextpayload; 1069 hdr->ike_version = IKEV2_VERSION; 1070 hdr->ike_exchange = exchange; 1071 hdr->ike_msgid = htobe32(msgid); 1072 hdr->ike_length = htobe32(sizeof(*hdr)); 1073 hdr->ike_flags = flags; 1074 1075 if (sa->sa_hdr.sh_initiator) 1076 hdr->ike_flags |= IKEV2_FLAG_INITIATOR; 1077 1078 return (hdr); 1079 } 1080 1081 int 1082 ikev2_set_header(struct ike_header *hdr, size_t length) 1083 { 1084 u_int32_t hdrlength = sizeof(*hdr) + length; 1085 1086 if (hdrlength > UINT32_MAX) { 1087 log_debug("%s: message too long", __func__); 1088 return (-1); 1089 } 1090 1091 hdr->ike_length = htobe32(sizeof(*hdr) + length); 1092 1093 return (0); 1094 } 1095 1096 struct ikev2_payload * 1097 ikev2_add_payload(struct ibuf *buf) 1098 { 1099 struct ikev2_payload *pld; 1100 1101 if ((pld = ibuf_advance(buf, sizeof(*pld))) == NULL) { 1102 log_debug("%s: failed to add payload", __func__); 1103 return (NULL); 1104 } 1105 1106 pld->pld_nextpayload = IKEV2_PAYLOAD_NONE; 1107 pld->pld_length = sizeof(*pld); 1108 1109 return (pld); 1110 } 1111 1112 ssize_t 1113 ikev2_add_ts_payload(struct ibuf *buf, u_int type, struct iked_sa *sa) 1114 { 1115 struct iked_policy *pol = sa->sa_policy; 1116 struct ikev2_tsp *tsp; 1117 struct ikev2_ts *ts; 1118 struct iked_flow *flow; 1119 struct iked_addr *addr; 1120 u_int8_t *ptr; 1121 size_t len = 0; 1122 u_int32_t av[4], bv[4], mv[4]; 1123 struct sockaddr_in *in4; 1124 struct sockaddr_in6 *in6; 1125 1126 if ((tsp = ibuf_advance(buf, sizeof(*tsp))) == NULL) 1127 return (-1); 1128 tsp->tsp_count = pol->pol_nflows; 1129 len = sizeof(*tsp); 1130 1131 RB_FOREACH(flow, iked_flows, &pol->pol_flows) { 1132 if ((ts = ibuf_advance(buf, sizeof(*ts))) == NULL) 1133 return (-1); 1134 1135 if (type == IKEV2_PAYLOAD_TSi) { 1136 if (sa->sa_hdr.sh_initiator) 1137 addr = &flow->flow_src; 1138 else 1139 addr = &flow->flow_dst; 1140 } else if (type == IKEV2_PAYLOAD_TSr) { 1141 if (sa->sa_hdr.sh_initiator) 1142 addr = &flow->flow_dst; 1143 else 1144 addr = &flow->flow_src; 1145 } else 1146 return (-1); 1147 1148 ts->ts_protoid = flow->flow_ipproto; 1149 1150 if (addr->addr_port) { 1151 ts->ts_startport = addr->addr_port; 1152 ts->ts_endport = addr->addr_port; 1153 } else { 1154 ts->ts_startport = 0; 1155 ts->ts_endport = 0xffff; 1156 } 1157 1158 switch (addr->addr_af) { 1159 case AF_INET: 1160 ts->ts_type = IKEV2_TS_IPV4_ADDR_RANGE; 1161 ts->ts_length = htobe16(sizeof(*ts) + 8); 1162 1163 if ((ptr = ibuf_advance(buf, 8)) == NULL) 1164 return (-1); 1165 1166 in4 = (struct sockaddr_in *)&addr->addr; 1167 if (addr->addr_net) { 1168 /* Convert IPv4 network to address range */ 1169 mv[0] = prefixlen2mask(addr->addr_mask); 1170 av[0] = in4->sin_addr.s_addr & mv[0]; 1171 bv[0] = in4->sin_addr.s_addr | ~mv[0]; 1172 } else 1173 av[0] = bv[0] = in4->sin_addr.s_addr; 1174 1175 memcpy(ptr, &av[0], 4); 1176 memcpy(ptr + 4, &bv[0], 4); 1177 break; 1178 case AF_INET6: 1179 ts->ts_type = IKEV2_TS_IPV6_ADDR_RANGE; 1180 ts->ts_length = htobe16(sizeof(*ts) + 32); 1181 1182 if ((ptr = ibuf_advance(buf, 32)) == NULL) 1183 return (-1); 1184 1185 in6 = (struct sockaddr_in6 *)&addr->addr; 1186 1187 memcpy(&av, &in6->sin6_addr.s6_addr, 16); 1188 memcpy(&bv, &in6->sin6_addr.s6_addr, 16); 1189 if (addr->addr_net) { 1190 /* Convert IPv6 network to address range */ 1191 prefixlen2mask6(addr->addr_mask, mv); 1192 av[0] &= mv[0]; 1193 av[1] &= mv[1]; 1194 av[2] &= mv[2]; 1195 av[3] &= mv[3]; 1196 bv[0] |= ~mv[0]; 1197 bv[1] |= ~mv[1]; 1198 bv[2] |= ~mv[2]; 1199 bv[3] |= ~mv[3]; 1200 } 1201 1202 memcpy(ptr, &av, 16); 1203 memcpy(ptr + 16, &bv, 16); 1204 break; 1205 } 1206 1207 len += betoh16(ts->ts_length); 1208 } 1209 1210 return (len); 1211 } 1212 1213 ssize_t 1214 ikev2_add_ts(struct ibuf *e, struct ikev2_payload **pld, ssize_t len, 1215 struct iked_sa *sa, int reverse) 1216 { 1217 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSi) == -1) 1218 return (-1); 1219 1220 /* TSi payload */ 1221 if ((*pld = ikev2_add_payload(e)) == NULL) 1222 return (-1); 1223 if ((len = ikev2_add_ts_payload(e, reverse ? IKEV2_PAYLOAD_TSr : 1224 IKEV2_PAYLOAD_TSi, sa)) == -1) 1225 return (-1); 1226 1227 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSr) == -1) 1228 return (-1); 1229 1230 /* TSr payload */ 1231 if ((*pld = ikev2_add_payload(e)) == NULL) 1232 return (-1); 1233 if ((len = ikev2_add_ts_payload(e, reverse ? IKEV2_PAYLOAD_TSi : 1234 IKEV2_PAYLOAD_TSr, sa)) == -1) 1235 return (-1); 1236 1237 return (len); 1238 } 1239 1240 int 1241 ikev2_next_payload(struct ikev2_payload *pld, size_t length, 1242 u_int8_t nextpayload) 1243 { 1244 size_t pldlength = sizeof(*pld) + length; 1245 1246 if (pldlength > UINT16_MAX) { 1247 log_debug("%s: payload too long", __func__); 1248 return (-1); 1249 } 1250 1251 log_debug("%s: length %d nextpayload %s", 1252 __func__, pldlength, print_map(nextpayload, ikev2_payload_map)); 1253 1254 pld->pld_length = htobe16(pldlength); 1255 pld->pld_nextpayload = nextpayload; 1256 1257 return (0); 1258 } 1259 1260 ssize_t 1261 ikev2_nat_detection(struct iked_message *msg, void *ptr, size_t len, 1262 u_int type) 1263 { 1264 EVP_MD_CTX ctx; 1265 struct ike_header *hdr; 1266 u_int8_t md[SHA_DIGEST_LENGTH]; 1267 u_int mdlen = sizeof(md); 1268 struct iked_sa *sa = msg->msg_sa; 1269 struct sockaddr_in *in4; 1270 struct sockaddr_in6 *in6; 1271 ssize_t ret = -1; 1272 struct sockaddr_storage *src, *dst, *ss; 1273 u_int64_t rspi, ispi; 1274 struct ibuf *buf; 1275 int frompeer = 0; 1276 1277 if (ptr == NULL) 1278 return (mdlen); 1279 1280 if (ikev2_msg_frompeer(msg)) { 1281 buf = msg->msg_parent->msg_data; 1282 if ((hdr = ibuf_seek(buf, 0, sizeof(*hdr))) == NULL) 1283 return (-1); 1284 ispi = hdr->ike_ispi; 1285 rspi = hdr->ike_rspi; 1286 frompeer = 1; 1287 src = &msg->msg_peer; 1288 dst = &msg->msg_local; 1289 } else { 1290 ispi = htobe64(sa->sa_hdr.sh_ispi); 1291 rspi = htobe64(sa->sa_hdr.sh_rspi); 1292 frompeer = 0; 1293 src = &msg->msg_local; 1294 dst = &msg->msg_peer; 1295 } 1296 1297 EVP_MD_CTX_init(&ctx); 1298 EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL); 1299 1300 switch (type) { 1301 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 1302 log_debug("%s: %s source %s %s %s", __func__, 1303 frompeer ? "peer" : "local", 1304 print_spi(betoh64(ispi), 8), 1305 print_spi(betoh64(rspi), 8), 1306 print_host(src, NULL, 0)); 1307 ss = src; 1308 break; 1309 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 1310 log_debug("%s: %s destination %s %s %s", __func__, 1311 frompeer ? "peer" : "local", 1312 print_spi(betoh64(ispi), 8), 1313 print_spi(betoh64(rspi), 8), 1314 print_host(dst, NULL, 0)); 1315 ss = dst; 1316 break; 1317 default: 1318 goto done; 1319 } 1320 1321 EVP_DigestUpdate(&ctx, &ispi, sizeof(ispi)); 1322 EVP_DigestUpdate(&ctx, &rspi, sizeof(rspi)); 1323 1324 switch (ss->ss_family) { 1325 case AF_INET: 1326 in4 = (struct sockaddr_in *)ss; 1327 EVP_DigestUpdate(&ctx, &in4->sin_addr.s_addr, 1328 sizeof(in4->sin_addr.s_addr)); 1329 EVP_DigestUpdate(&ctx, &in4->sin_port, 1330 sizeof(in4->sin_port)); 1331 break; 1332 case AF_INET6: 1333 in6 = (struct sockaddr_in6 *)ss; 1334 EVP_DigestUpdate(&ctx, &in6->sin6_addr.s6_addr, 1335 sizeof(in6->sin6_addr.s6_addr)); 1336 EVP_DigestUpdate(&ctx, &in6->sin6_port, 1337 sizeof(in6->sin6_port)); 1338 break; 1339 default: 1340 goto done; 1341 } 1342 1343 EVP_DigestFinal_ex(&ctx, md, &mdlen); 1344 1345 if (len < mdlen) 1346 goto done; 1347 1348 memcpy(ptr, md, mdlen); 1349 ret = mdlen; 1350 done: 1351 EVP_MD_CTX_cleanup(&ctx); 1352 1353 return (ret); 1354 } 1355 1356 ssize_t 1357 ikev2_add_cp(struct iked *env, struct iked_sa *sa, struct ibuf *buf) 1358 { 1359 struct iked_policy *pol = sa->sa_policy; 1360 struct ikev2_cp *cp; 1361 struct ikev2_cfg *cfg; 1362 struct iked_cfg *ikecfg; 1363 u_int i; 1364 size_t len; 1365 struct sockaddr_in *in4; 1366 struct sockaddr_in6 *in6; 1367 u_int8_t prefixlen; 1368 1369 if ((cp = ibuf_advance(buf, sizeof(*cp))) == NULL) 1370 return (-1); 1371 len = sizeof(*cp); 1372 1373 switch (sa->sa_cp) { 1374 case IKEV2_CP_REQUEST: 1375 cp->cp_type = IKEV2_CP_REPLY; 1376 break; 1377 case IKEV2_CP_REPLY: 1378 case IKEV2_CP_SET: 1379 case IKEV2_CP_ACK: 1380 /* Not yet supported */ 1381 return (-1); 1382 } 1383 1384 for (i = 0; i < pol->pol_ncfg; i++) { 1385 ikecfg = &pol->pol_cfg[i]; 1386 if (ikecfg->cfg_action != cp->cp_type) 1387 continue; 1388 1389 if ((cfg = ibuf_advance(buf, sizeof(*cfg))) == NULL) 1390 return (-1); 1391 1392 cfg->cfg_type = htobe16(ikecfg->cfg_type); 1393 len += sizeof(*cfg); 1394 1395 switch (ikecfg->cfg_type) { 1396 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 1397 case IKEV2_CFG_INTERNAL_IP4_NETMASK: 1398 case IKEV2_CFG_INTERNAL_IP4_DNS: 1399 case IKEV2_CFG_INTERNAL_IP4_NBNS: 1400 case IKEV2_CFG_INTERNAL_IP4_DHCP: 1401 case IKEV2_CFG_INTERNAL_IP4_SERVER: 1402 /* 4 bytes IPv4 address */ 1403 in4 = (struct sockaddr_in *)&ikecfg->cfg.address.addr; 1404 cfg->cfg_length = htobe16(4); 1405 if (ibuf_add(buf, &in4->sin_addr.s_addr, 4) == -1) 1406 return (-1); 1407 len += 4; 1408 break; 1409 case IKEV2_CFG_INTERNAL_IP6_DNS: 1410 case IKEV2_CFG_INTERNAL_IP6_NBNS: 1411 case IKEV2_CFG_INTERNAL_IP6_DHCP: 1412 case IKEV2_CFG_INTERNAL_IP6_SERVER: 1413 /* 16 bytes IPv6 address */ 1414 in6 = (struct sockaddr_in6 *)&ikecfg->cfg.address; 1415 cfg->cfg_length = htobe16(16); 1416 if (ibuf_add(buf, &in6->sin6_addr.s6_addr, 16) == -1) 1417 return (-1); 1418 len += 16; 1419 break; 1420 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 1421 /* 16 bytes IPv6 address + 1 byte prefix length */ 1422 in6 = (struct sockaddr_in6 *)&ikecfg->cfg.address.addr; 1423 cfg->cfg_length = htobe16(17); 1424 if (ibuf_add(buf, &in6->sin6_addr.s6_addr, 16) == -1) 1425 return (-1); 1426 if (ikecfg->cfg.address.addr_net) 1427 prefixlen = ikecfg->cfg.address.addr_mask; 1428 else 1429 prefixlen = 128; 1430 if (ibuf_add(buf, &prefixlen, 1) == -1) 1431 return (-1); 1432 len += 16 + 1; 1433 break; 1434 case IKEV2_CFG_APPLICATION_VERSION: 1435 /* Reply with an empty string (non-NUL terminated) */ 1436 cfg->cfg_length = 0; 1437 break; 1438 } 1439 } 1440 1441 return (len); 1442 } 1443 1444 ssize_t 1445 ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, 1446 struct iked_proposals *proposals, u_int8_t protoid, int initiator, 1447 int sendikespi) 1448 { 1449 struct ikev2_sa_proposal *sap; 1450 struct iked_transform *xform; 1451 struct iked_proposal *prop; 1452 struct iked_childsa csa; 1453 ssize_t length = 0, saplength, xflen; 1454 u_int64_t spi64; 1455 u_int32_t spi32, spi; 1456 u_int i; 1457 1458 TAILQ_FOREACH(prop, proposals, prop_entry) { 1459 if ((protoid && prop->prop_protoid != protoid) || 1460 (!protoid && prop->prop_protoid == IKEV2_SAPROTO_IKE)) 1461 continue; 1462 1463 if (protoid != IKEV2_SAPROTO_IKE && initiator) { 1464 bzero(&csa, sizeof(csa)); 1465 csa.csa_ikesa = sa; 1466 csa.csa_saproto = prop->prop_protoid; 1467 csa.csa_local = &sa->sa_peer; 1468 csa.csa_peer = &sa->sa_local; 1469 1470 if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1) 1471 return (-1); 1472 1473 prop->prop_localspi.spi = spi; 1474 prop->prop_localspi.spi_size = 4; 1475 prop->prop_localspi.spi_protoid = prop->prop_protoid; 1476 } 1477 1478 if ((sap = ibuf_advance(buf, sizeof(*sap))) == NULL) { 1479 log_debug("%s: failed to add proposal", __func__); 1480 return (-1); 1481 } 1482 1483 if (sendikespi) { 1484 /* Special case for IKE SA rekeying */ 1485 prop->prop_localspi.spi = initiator ? 1486 sa->sa_hdr.sh_ispi : sa->sa_hdr.sh_rspi; 1487 prop->prop_localspi.spi_size = 8; 1488 prop->prop_localspi.spi_protoid = IKEV2_SAPROTO_IKE; 1489 } 1490 1491 sap->sap_proposalnr = prop->prop_id; 1492 sap->sap_protoid = prop->prop_protoid; 1493 sap->sap_spisize = prop->prop_localspi.spi_size; 1494 sap->sap_transforms = prop->prop_nxforms; 1495 saplength = sizeof(*sap); 1496 1497 switch (prop->prop_localspi.spi_size) { 1498 case 4: 1499 spi32 = htobe32(prop->prop_localspi.spi); 1500 if (ibuf_add(buf, &spi32, sizeof(spi32)) != 0) 1501 return (-1); 1502 saplength += 4; 1503 break; 1504 case 8: 1505 spi64 = htobe64(prop->prop_localspi.spi); 1506 if (ibuf_add(buf, &spi64, sizeof(spi64)) != 0) 1507 return (-1); 1508 saplength += 8; 1509 break; 1510 default: 1511 break; 1512 } 1513 1514 for (i = 0; i < prop->prop_nxforms; i++) { 1515 xform = prop->prop_xforms + i; 1516 1517 if ((xflen = ikev2_add_transform(buf, 1518 i == prop->prop_nxforms - 1 ? 1519 IKEV2_XFORM_LAST : IKEV2_XFORM_MORE, 1520 xform->xform_type, xform->xform_id, 1521 xform->xform_length)) == -1) 1522 return (-1); 1523 1524 saplength += xflen; 1525 } 1526 1527 sap->sap_length = htobe16(saplength); 1528 length += saplength; 1529 } 1530 1531 log_debug("%s: length %d", __func__, length); 1532 1533 return (length); 1534 } 1535 1536 ssize_t 1537 ikev2_add_transform(struct ibuf *buf, 1538 u_int8_t more, u_int8_t type, u_int16_t id, u_int16_t length) 1539 { 1540 struct ikev2_transform *xfrm; 1541 struct ikev2_attribute *attr; 1542 1543 if ((xfrm = ibuf_advance(buf, sizeof(*xfrm))) == NULL) { 1544 log_debug("%s: failed to add transform", __func__); 1545 return (-1); 1546 } 1547 xfrm->xfrm_more = more; 1548 xfrm->xfrm_type = type; 1549 xfrm->xfrm_id = htobe16(id); 1550 1551 if (length) { 1552 xfrm->xfrm_length = htobe16(sizeof(*xfrm) + sizeof(*attr)); 1553 1554 if ((attr = ibuf_advance(buf, sizeof(*attr))) == NULL) { 1555 log_debug("%s: failed to add attribute", __func__); 1556 return (-1); 1557 } 1558 attr->attr_type = htobe16(IKEV2_ATTRAF_TV | 1559 IKEV2_ATTRTYPE_KEY_LENGTH); 1560 attr->attr_length = htobe16(length); 1561 } else 1562 xfrm->xfrm_length = htobe16(sizeof(*xfrm)); 1563 1564 return (betoh16(xfrm->xfrm_length)); 1565 } 1566 1567 int 1568 ikev2_add_data(struct ibuf *buf, void *data, size_t length) 1569 { 1570 void *msgbuf; 1571 1572 if ((msgbuf = ibuf_advance(buf, length)) == NULL) { 1573 log_debug("%s: failed", __func__); 1574 return (-1); 1575 } 1576 memcpy(msgbuf, data, length); 1577 1578 return (0); 1579 } 1580 1581 int 1582 ikev2_add_buf(struct ibuf *buf, struct ibuf *data) 1583 { 1584 void *msgbuf; 1585 1586 if ((msgbuf = ibuf_advance(buf, ibuf_size(data))) == NULL) { 1587 log_debug("%s: failed", __func__); 1588 return (-1); 1589 } 1590 memcpy(msgbuf, ibuf_data(data), ibuf_size(data)); 1591 1592 return (0); 1593 } 1594 1595 void 1596 ikev2_resp_recv(struct iked *env, struct iked_message *msg, 1597 struct ike_header *hdr) 1598 { 1599 struct iked_sa *sa; 1600 1601 switch (hdr->ike_exchange) { 1602 case IKEV2_EXCHANGE_IKE_SA_INIT: 1603 if (msg->msg_sa != NULL) { 1604 log_debug("%s: SA already exists", __func__); 1605 return; 1606 } 1607 if ((msg->msg_sa = sa_new(env, 1608 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 1609 0, msg->msg_policy)) == NULL) { 1610 log_debug("%s: failed to get new SA", __func__); 1611 return; 1612 } 1613 break; 1614 case IKEV2_EXCHANGE_IKE_AUTH: 1615 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 1616 return; 1617 if (sa_stateok(msg->msg_sa, IKEV2_STATE_VALID)) { 1618 log_debug("%s: already authenticated", __func__); 1619 return; 1620 } 1621 break; 1622 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 1623 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 1624 return; 1625 break; 1626 case IKEV2_EXCHANGE_INFORMATIONAL: 1627 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 1628 return; 1629 break; 1630 default: 1631 log_debug("%s: unsupported exchange: %s", __func__, 1632 print_map(hdr->ike_exchange, ikev2_exchange_map)); 1633 return; 1634 } 1635 1636 if (ikev2_pld_parse(env, hdr, msg, msg->msg_offset) != 0) { 1637 log_debug("%s: failed to parse message", __func__); 1638 return; 1639 } 1640 1641 if (!ikev2_msg_frompeer(msg)) 1642 return; 1643 1644 if ((sa = msg->msg_sa) == NULL) 1645 return; 1646 1647 switch (hdr->ike_exchange) { 1648 case IKEV2_EXCHANGE_IKE_SA_INIT: 1649 if (ikev2_sa_responder(env, sa, NULL, msg) != 0) { 1650 log_debug("%s: failed to get IKE SA keys", __func__); 1651 sa_state(env, sa, IKEV2_STATE_CLOSED); 1652 return; 1653 } 1654 if (ikev2_resp_ike_sa_init(env, msg) != 0) { 1655 log_debug("%s: failed to send init response", __func__); 1656 sa_state(env, sa, IKEV2_STATE_CLOSED); 1657 return; 1658 } 1659 break; 1660 case IKEV2_EXCHANGE_IKE_AUTH: 1661 if (!sa_stateok(sa, IKEV2_STATE_SA_INIT)) { 1662 log_debug("%s: state mismatch", __func__); 1663 sa_state(env, sa, IKEV2_STATE_CLOSED); 1664 return; 1665 } 1666 1667 if (!sa_stateok(sa, IKEV2_STATE_AUTH_REQUEST) && 1668 sa->sa_policy->pol_auth.auth_eap) 1669 sa_state(env, sa, IKEV2_STATE_EAP); 1670 1671 if (ikev2_ike_auth(env, sa, msg) != 0) { 1672 log_debug("%s: failed to send auth response", __func__); 1673 sa_state(env, sa, IKEV2_STATE_CLOSED); 1674 return; 1675 } 1676 break; 1677 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 1678 (void)ikev2_resp_create_child_sa(env, msg); 1679 break; 1680 default: 1681 break; 1682 } 1683 } 1684 1685 int 1686 ikev2_resp_ike_sa_init(struct iked *env, struct iked_message *msg) 1687 { 1688 struct iked_message resp; 1689 struct ike_header *hdr; 1690 struct ikev2_payload *pld; 1691 struct ikev2_cert *cert; 1692 struct ikev2_keyexchange *ke; 1693 struct ikev2_notify *n; 1694 struct iked_sa *sa = msg->msg_sa; 1695 struct ibuf *buf; 1696 struct group *group; 1697 u_int8_t *ptr; 1698 ssize_t len; 1699 int ret = -1; 1700 1701 if (sa->sa_hdr.sh_initiator) { 1702 log_debug("%s: called by initiator", __func__); 1703 return (-1); 1704 } 1705 1706 if ((buf = ikev2_msg_init(env, &resp, 1707 &msg->msg_peer, msg->msg_peerlen, 1708 &msg->msg_local, msg->msg_locallen, 1)) == NULL) 1709 goto done; 1710 1711 resp.msg_sa = sa; 1712 resp.msg_fd = msg->msg_fd; 1713 resp.msg_msgid = 0; 1714 1715 /* IKE header */ 1716 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, 1717 IKEV2_PAYLOAD_SA, IKEV2_EXCHANGE_IKE_SA_INIT, 1718 IKEV2_FLAG_RESPONSE)) == NULL) 1719 goto done; 1720 1721 /* SA payload */ 1722 if ((pld = ikev2_add_payload(buf)) == NULL) 1723 goto done; 1724 if ((len = ikev2_add_proposals(env, sa, buf, &sa->sa_proposals, 1725 IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0)) == -1) 1726 goto done; 1727 1728 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 1729 goto done; 1730 1731 /* KE payload */ 1732 if ((pld = ikev2_add_payload(buf)) == NULL) 1733 goto done; 1734 if ((ke = ibuf_advance(buf, sizeof(*ke))) == NULL) 1735 goto done; 1736 if ((group = sa->sa_dhgroup) == NULL) { 1737 log_debug("%s: invalid dh", __func__); 1738 goto done; 1739 } 1740 ke->kex_dhgroup = htobe16(group->id); 1741 if (ikev2_add_buf(buf, sa->sa_dhrexchange) == -1) 1742 goto done; 1743 len = sizeof(*ke) + dh_getlen(group); 1744 1745 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 1746 goto done; 1747 1748 /* NONCE payload */ 1749 if ((pld = ikev2_add_payload(buf)) == NULL) 1750 goto done; 1751 if (ikev2_add_buf(buf, sa->sa_rnonce) == -1) 1752 goto done; 1753 len = ibuf_size(sa->sa_rnonce); 1754 1755 if ((env->sc_opts & IKED_OPT_NONATT) == 0 && 1756 msg->msg_local.ss_family != AF_UNSPEC) { 1757 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 1758 goto done; 1759 1760 /* NAT-T notify payloads */ 1761 if ((pld = ikev2_add_payload(buf)) == NULL) 1762 goto done; 1763 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 1764 goto done; 1765 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_SOURCE_IP); 1766 len = ikev2_nat_detection(&resp, NULL, 0, 0); 1767 if ((ptr = ibuf_advance(buf, len)) == NULL) 1768 goto done; 1769 if ((len = ikev2_nat_detection(&resp, ptr, len, 1770 betoh16(n->n_type))) == -1) 1771 goto done; 1772 len += sizeof(*n); 1773 1774 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 1775 goto done; 1776 1777 if ((pld = ikev2_add_payload(buf)) == NULL) 1778 goto done; 1779 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 1780 goto done; 1781 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_DESTINATION_IP); 1782 len = ikev2_nat_detection(&resp, NULL, 0, 0); 1783 if ((ptr = ibuf_advance(buf, len)) == NULL) 1784 goto done; 1785 if ((len = ikev2_nat_detection(&resp, ptr, len, 1786 betoh16(n->n_type))) == -1) 1787 goto done; 1788 len += sizeof(*n); 1789 } 1790 1791 if (env->sc_certreqtype && (sa->sa_statevalid & IKED_REQ_CERT)) { 1792 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CERTREQ) == -1) 1793 goto done; 1794 1795 /* CERTREQ payload */ 1796 if ((pld = ikev2_add_payload(buf)) == NULL) 1797 goto done; 1798 if ((cert = ibuf_advance(buf, sizeof(*cert))) == NULL) 1799 goto done; 1800 cert->cert_type = env->sc_certreqtype; 1801 if (ikev2_add_buf(buf, env->sc_certreq) == -1) 1802 goto done; 1803 len = ibuf_size(env->sc_certreq) + sizeof(*cert); 1804 } 1805 1806 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1807 goto done; 1808 1809 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 1810 goto done; 1811 1812 (void)ikev2_pld_parse(env, hdr, &resp, 0); 1813 1814 ibuf_release(sa->sa_2ndmsg); 1815 if ((sa->sa_2ndmsg = ibuf_dup(buf)) == NULL) { 1816 log_debug("%s: failed to copy 2nd message", __func__); 1817 goto done; 1818 } 1819 1820 resp.msg_sa = NULL; /* Don't save the response */ 1821 ret = ikev2_msg_send(env, &resp); 1822 1823 done: 1824 ikev2_msg_cleanup(env, &resp); 1825 1826 return (ret); 1827 } 1828 1829 int 1830 ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa) 1831 { 1832 struct ikev2_payload *pld; 1833 struct ikev2_notify *n; 1834 struct ikev2_cert *cert; 1835 struct ikev2_auth *auth; 1836 struct iked_id *id, *certid; 1837 struct ibuf *e = NULL; 1838 u_int8_t firstpayload; 1839 int ret = -1; 1840 ssize_t len; 1841 1842 if (sa == NULL) 1843 return (-1); 1844 1845 if (sa->sa_state == IKEV2_STATE_EAP) 1846 return (ikev2_resp_ike_eap(env, sa, NULL)); 1847 else if (!sa_stateok(sa, IKEV2_STATE_VALID)) 1848 return (0); /* ignore */ 1849 1850 if (ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator) == -1) 1851 return (-1); 1852 1853 /* New encrypted message buffer */ 1854 if ((e = ibuf_static()) == NULL) 1855 goto done; 1856 1857 if (!sa->sa_localauth.id_type) { 1858 /* Downgrade the state */ 1859 sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); 1860 } 1861 1862 if (!sa_stateok(sa, IKEV2_STATE_VALID)) { 1863 /* Notify payload */ 1864 if ((pld = ikev2_add_payload(e)) == NULL) 1865 goto done; 1866 firstpayload = IKEV2_PAYLOAD_NOTIFY; 1867 1868 if ((n = ibuf_advance(e, sizeof(*n))) == NULL) 1869 goto done; 1870 n->n_protoid = IKEV2_SAPROTO_IKE; /* XXX ESP etc. */ 1871 n->n_spisize = 0; 1872 n->n_type = htobe16(IKEV2_N_AUTHENTICATION_FAILED); 1873 len = sizeof(*n); 1874 1875 goto send; 1876 } 1877 1878 if (sa->sa_hdr.sh_initiator) { 1879 id = &sa->sa_iid; 1880 certid = &sa->sa_icert; 1881 } else { 1882 id = &sa->sa_rid; 1883 certid = &sa->sa_rcert; 1884 } 1885 1886 if (sa->sa_state != IKEV2_STATE_EAP_VALID) { 1887 /* ID payload */ 1888 if ((pld = ikev2_add_payload(e)) == NULL) 1889 goto done; 1890 firstpayload = IKEV2_PAYLOAD_IDr; 1891 if (ibuf_cat(e, id->id_buf) != 0) 1892 goto done; 1893 len = ibuf_size(id->id_buf); 1894 1895 /* CERT payload */ 1896 if ((sa->sa_statevalid & IKED_REQ_CERT) && 1897 (certid->id_type != IKEV2_CERT_NONE)) { 1898 if (ikev2_next_payload(pld, len, 1899 IKEV2_PAYLOAD_CERT) == -1) 1900 goto done; 1901 1902 if ((pld = ikev2_add_payload(e)) == NULL) 1903 goto done; 1904 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 1905 goto done; 1906 cert->cert_type = certid->id_type; 1907 if (ibuf_cat(e, certid->id_buf) != 0) 1908 goto done; 1909 len = ibuf_size(certid->id_buf) + sizeof(*cert); 1910 } 1911 1912 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 1913 goto done; 1914 } else 1915 firstpayload = IKEV2_PAYLOAD_AUTH; 1916 1917 /* AUTH payload */ 1918 if ((pld = ikev2_add_payload(e)) == NULL) 1919 goto done; 1920 if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL) 1921 goto done; 1922 auth->auth_method = sa->sa_localauth.id_type; 1923 if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0) 1924 goto done; 1925 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 1926 1927 /* CP payload */ 1928 if (sa->sa_cp) { 1929 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CP) == -1) 1930 goto done; 1931 1932 if ((pld = ikev2_add_payload(e)) == NULL) 1933 goto done; 1934 if ((len = ikev2_add_cp(env, sa, e)) == -1) 1935 goto done; 1936 } 1937 1938 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 1939 goto done; 1940 1941 /* SA payload */ 1942 if ((pld = ikev2_add_payload(e)) == NULL) 1943 goto done; 1944 if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 0, 1945 sa->sa_hdr.sh_initiator, 0)) == -1) 1946 goto done; 1947 1948 if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) 1949 goto done; 1950 1951 send: 1952 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1953 goto done; 1954 1955 ret = ikev2_msg_send_encrypt(env, sa, &e, 1956 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 1); 1957 if (ret == 0) 1958 ret = ikev2_childsa_enable(env, sa); 1959 if (ret == 0) 1960 sa_state(env, sa, IKEV2_STATE_ESTABLISHED); 1961 1962 done: 1963 if (ret) 1964 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 1965 ibuf_release(e); 1966 return (ret); 1967 } 1968 1969 int 1970 ikev2_resp_ike_eap(struct iked *env, struct iked_sa *sa, struct ibuf *eapmsg) 1971 { 1972 struct ikev2_payload *pld; 1973 struct ikev2_cert *cert; 1974 struct ikev2_auth *auth; 1975 struct iked_id *id, *certid; 1976 struct ibuf *e = NULL; 1977 u_int8_t firstpayload; 1978 int ret = -1; 1979 ssize_t len = 0; 1980 1981 if (!sa_stateok(sa, IKEV2_STATE_EAP)) 1982 return (0); 1983 1984 /* Responder only */ 1985 if (sa->sa_hdr.sh_initiator) 1986 return (-1); 1987 1988 /* New encrypted message buffer */ 1989 if ((e = ibuf_static()) == NULL) 1990 goto done; 1991 1992 id = &sa->sa_rid; 1993 certid = &sa->sa_rcert; 1994 1995 /* ID payload */ 1996 if ((pld = ikev2_add_payload(e)) == NULL) 1997 goto done; 1998 firstpayload = IKEV2_PAYLOAD_IDr; 1999 if (ibuf_cat(e, id->id_buf) != 0) 2000 goto done; 2001 len = ibuf_size(id->id_buf); 2002 2003 if ((sa->sa_statevalid & IKED_REQ_CERT) && 2004 (certid->id_type != IKEV2_CERT_NONE)) { 2005 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CERT) == -1) 2006 goto done; 2007 2008 /* CERT payload */ 2009 if ((pld = ikev2_add_payload(e)) == NULL) 2010 goto done; 2011 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 2012 goto done; 2013 cert->cert_type = certid->id_type; 2014 if (ibuf_cat(e, certid->id_buf) != 0) 2015 goto done; 2016 len = ibuf_size(certid->id_buf) + sizeof(*cert); 2017 } 2018 2019 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 2020 goto done; 2021 2022 /* AUTH payload */ 2023 if ((pld = ikev2_add_payload(e)) == NULL) 2024 goto done; 2025 if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL) 2026 goto done; 2027 auth->auth_method = sa->sa_localauth.id_type; 2028 if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0) 2029 goto done; 2030 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 2031 2032 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_EAP) == -1) 2033 goto done; 2034 2035 /* EAP payload */ 2036 if ((pld = ikev2_add_payload(e)) == NULL) 2037 goto done; 2038 if ((len = eap_identity_request(e)) == -1) 2039 goto done; 2040 2041 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 2042 goto done; 2043 2044 ret = ikev2_msg_send_encrypt(env, sa, &e, 2045 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 1); 2046 2047 done: 2048 ibuf_release(e); 2049 2050 return (ret); 2051 } 2052 2053 int 2054 ikev2_send_ike_e(struct iked *env, struct iked_sa *sa, struct ibuf *buf, 2055 u_int8_t firstpayload, u_int8_t exchange, int response) 2056 { 2057 struct ikev2_payload *pld; 2058 struct ibuf *e = NULL; 2059 int ret = -1; 2060 2061 /* New encrypted message buffer */ 2062 if ((e = ibuf_static()) == NULL) 2063 goto done; 2064 2065 if ((pld = ikev2_add_payload(e)) == NULL) 2066 goto done; 2067 if (ibuf_cat(e, buf) != 0) 2068 goto done; 2069 2070 if (ikev2_next_payload(pld, ibuf_size(buf), IKEV2_PAYLOAD_NONE) == -1) 2071 goto done; 2072 2073 ret = ikev2_msg_send_encrypt(env, sa, &e, exchange, firstpayload, 2074 response); 2075 2076 done: 2077 ibuf_release(e); 2078 2079 return (ret); 2080 } 2081 2082 int 2083 ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, 2084 struct iked_spi *rekey, u_int8_t protoid) 2085 { 2086 struct iked_childsa *csa = NULL, *csb = NULL; 2087 struct ikev2_notify *n; 2088 struct ikev2_payload *pld; 2089 struct ibuf *e, *nonce = NULL; 2090 u_int8_t *ptr; 2091 u_int32_t spi; 2092 ssize_t len = 0; 2093 int initiator, ret = -1; 2094 2095 if (rekey) 2096 log_debug("%s: rekeying %s spi %s", __func__, 2097 print_map(rekey->spi_protoid, ikev2_saproto_map), 2098 print_spi(rekey->spi, rekey->spi_size)); 2099 else 2100 log_debug("%s: creating new CHILD SAs", __func__); 2101 2102 initiator = sa->sa_hdr.sh_initiator ? 1 : 0; 2103 2104 if (rekey && 2105 ((csa = childsa_lookup(sa, rekey->spi, 2106 rekey->spi_protoid)) == NULL || 2107 (csb = csa->csa_peersa) == NULL)) { 2108 log_debug("%s: CHILD SA %s wasn't found", __func__, 2109 print_spi(rekey->spi, rekey->spi_size)); 2110 } 2111 2112 /* Generate new nonce */ 2113 if ((nonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) 2114 goto done; 2115 2116 /* Update initiator nonce */ 2117 ibuf_release(sa->sa_inonce); 2118 sa->sa_inonce = nonce; 2119 2120 if ((e = ibuf_static()) == NULL) 2121 goto done; 2122 2123 /* SA payload */ 2124 if ((pld = ikev2_add_payload(e)) == NULL) 2125 goto done; 2126 if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 2127 protoid, 1, 0)) == -1) 2128 goto done; 2129 2130 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 2131 goto done; 2132 2133 /* NONCE payload */ 2134 if ((pld = ikev2_add_payload(e)) == NULL) 2135 goto done; 2136 if (ikev2_add_buf(e, nonce) == -1) 2137 goto done; 2138 len = ibuf_size(nonce); 2139 2140 if ((len = ikev2_add_ts(e, &pld, len, sa, !initiator)) == -1) 2141 goto done; 2142 2143 if (rekey) { 2144 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2145 goto done; 2146 2147 /* REKEY_SA notification */ 2148 if ((pld = ikev2_add_payload(e)) == NULL) 2149 goto done; 2150 if ((n = ibuf_advance(e, sizeof(*n))) == NULL) 2151 goto done; 2152 n->n_type = htobe16(IKEV2_N_REKEY_SA); 2153 n->n_protoid = rekey->spi_protoid; 2154 n->n_spisize = rekey->spi_size; 2155 if ((ptr = ibuf_advance(e, rekey->spi_size)) == NULL) 2156 goto done; 2157 len = rekey->spi_size; 2158 spi = htobe32((u_int32_t)csa->csa_peerspi); 2159 memcpy(ptr, &spi, rekey->spi_size); 2160 len += sizeof(*n); 2161 } 2162 2163 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 2164 goto done; 2165 2166 ret = ikev2_msg_send_encrypt(env, sa, &e, 2167 IKEV2_EXCHANGE_CREATE_CHILD_SA, IKEV2_PAYLOAD_SA, 0); 2168 if (ret == 0) { 2169 if (rekey) { 2170 csa->csa_rekey = 1; 2171 csb->csa_rekey = 1; 2172 } 2173 sa->sa_stateflags |= IKED_REQ_CHILDSA; 2174 } 2175 2176 done: 2177 ibuf_release(e); 2178 return (ret); 2179 } 2180 2181 int 2182 ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) 2183 { 2184 struct iked_childsa *csa; 2185 struct iked_proposal *prop; 2186 struct iked_sa *sa = msg->msg_sa; 2187 struct ikev2_delete *del; 2188 struct ibuf *buf = NULL; 2189 u_int64_t peerspi; 2190 u_int32_t spi32; 2191 int rekeying = 0, ret = -1; 2192 2193 if (!ikev2_msg_frompeer(msg) || 2194 (sa->sa_stateflags & IKED_REQ_CHILDSA) == 0) 2195 return (0); 2196 2197 if (msg->msg_prop == NULL) { 2198 log_debug("%s: no proposal specified", __func__); 2199 return (-1); 2200 } 2201 2202 /* Update peer SPI */ 2203 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 2204 if (prop->prop_protoid == msg->msg_prop->prop_protoid) 2205 break; 2206 } 2207 if (prop == NULL) { 2208 log_debug("%s: failed to find %s proposals", __func__, 2209 print_map(msg->msg_prop->prop_protoid, ikev2_saproto_map)); 2210 return (-1); 2211 } 2212 2213 peerspi = prop->prop_peerspi.spi; 2214 prop->prop_peerspi.spi = msg->msg_prop->prop_peerspi.spi; 2215 2216 if ((csa = childsa_lookup(sa, peerspi, prop->prop_protoid)) != NULL) { 2217 rekeying = 1; 2218 log_debug("%s: rekeying CHILD SA %s", __func__, 2219 print_spi(peerspi, prop->prop_peerspi.spi_size)); 2220 } 2221 2222 /* Update responder's nonce */ 2223 if (!ibuf_length(msg->msg_nonce)) { 2224 log_debug("%s: responder didn't send nonce", __func__); 2225 return (-1); 2226 } 2227 ibuf_release(sa->sa_rnonce); 2228 sa->sa_rnonce = ibuf_dup(msg->msg_nonce); 2229 2230 if (ikev2_childsa_negotiate(env, sa, 1)) { 2231 log_debug("%s: failed to get CHILD SAs", __func__); 2232 return (-1); 2233 } 2234 2235 if (rekeying) { 2236 /* Child SA rekeying */ 2237 2238 if ((buf = ibuf_static()) == NULL) 2239 goto done; 2240 2241 if ((del = ibuf_advance(buf, sizeof(*del))) == NULL) 2242 goto done; 2243 2244 del->del_protoid = prop->prop_protoid; 2245 del->del_spisize = sizeof(spi32); 2246 del->del_nspi = htobe16(1); 2247 2248 spi32 = htobe32(csa->csa_peerspi); 2249 if (ibuf_add(buf, &spi32, sizeof(spi32))) 2250 goto done; 2251 2252 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 2253 IKEV2_EXCHANGE_INFORMATIONAL, 0)) 2254 goto done; 2255 2256 sa->sa_stateflags |= IKED_REQ_INF | IKED_REQ_DELETE; 2257 } 2258 2259 ret = ikev2_childsa_enable(env, sa); 2260 2261 done: 2262 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 2263 2264 if (ret) 2265 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 2266 ibuf_release(buf); 2267 return (ret); 2268 } 2269 2270 int 2271 ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) 2272 { 2273 struct iked_childsa *csa, *nextcsa; 2274 struct iked_flow *flow, *nextflow; 2275 struct iked_proposal *prop, *nextprop; 2276 struct iked_sa *nsa = NULL, *sa = msg->msg_sa; 2277 struct iked_spi *spi, *rekey = &msg->msg_rekey; 2278 struct ikev2_keyexchange *ke; 2279 struct ikev2_notify *n; 2280 struct ikev2_payload *pld; 2281 struct ibuf *buf = NULL, *e = NULL, *nonce = NULL; 2282 struct group *group; 2283 u_int64_t spi64; 2284 u_int32_t spi32; 2285 ssize_t len = 0; 2286 int initiator, protoid, rekeying = 1; 2287 int ret = -1; 2288 2289 initiator = sa->sa_hdr.sh_initiator ? 1 : 0; 2290 2291 if (!ikev2_msg_frompeer(msg) || msg->msg_prop == NULL) 2292 return (0); 2293 2294 if ((protoid = rekey->spi_protoid) == 0) { 2295 /* 2296 * If REKEY_SA notification is not present, then it's either 2297 * IKE SA rekeying or the client wants to create additional 2298 * CHILD SAs 2299 */ 2300 if (msg->msg_prop->prop_protoid == IKEV2_SAPROTO_IKE) { 2301 protoid = rekey->spi_protoid = IKEV2_SAPROTO_IKE; 2302 if (sa->sa_hdr.sh_initiator) 2303 rekey->spi = sa->sa_hdr.sh_rspi; 2304 else 2305 rekey->spi = sa->sa_hdr.sh_ispi; 2306 rekey->spi_size = 8; 2307 } else { 2308 protoid = msg->msg_prop->prop_protoid; 2309 rekeying = 0; 2310 } 2311 } 2312 2313 if (rekeying) 2314 log_debug("%s: rekey %s spi %s", __func__, 2315 print_map(rekey->spi_protoid, ikev2_saproto_map), 2316 print_spi(rekey->spi, rekey->spi_size)); 2317 else 2318 log_debug("%s: creating new %s SA", __func__, 2319 print_map(protoid, ikev2_saproto_map)); 2320 2321 if (protoid == IKEV2_SAPROTO_IKE) { 2322 /* IKE SA rekeying */ 2323 spi = &msg->msg_prop->prop_peerspi; 2324 2325 if ((nsa = sa_new(env, spi->spi, 0, 0, 2326 msg->msg_policy)) == NULL) { 2327 log_debug("%s: failed to get new SA", __func__); 2328 return (ret); 2329 } 2330 2331 if (ikev2_sa_responder(env, nsa, sa, msg)) { 2332 log_debug("%s: failed to get IKE SA keys", __func__); 2333 return (ret); 2334 } 2335 2336 sa_state(env, nsa, IKEV2_STATE_AUTH_SUCCESS); 2337 2338 nonce = nsa->sa_rnonce; 2339 } else { 2340 /* Child SA creating/rekeying */ 2341 2342 if (ibuf_length(msg->msg_parent->msg_ke)) { 2343 /* We do not support KE payload yet */ 2344 if ((buf = ibuf_static()) == NULL) 2345 return (-1); 2346 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) { 2347 ibuf_release(buf); 2348 return (-1); 2349 } 2350 n->n_protoid = protoid; 2351 n->n_spisize = rekey->spi_size; 2352 n->n_type = htobe16(IKEV2_N_NO_ADDITIONAL_SAS); 2353 switch (rekey->spi_size) { 2354 case 4: 2355 spi32 = htobe32(rekey->spi); 2356 ibuf_add(buf, &spi32, rekey->spi_size); 2357 break; 2358 case 8: 2359 spi64 = htobe64(rekey->spi); 2360 ibuf_add(buf, &spi64, rekey->spi_size); 2361 break; 2362 } 2363 ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_NOTIFY, 2364 IKEV2_EXCHANGE_CREATE_CHILD_SA, 1); 2365 ibuf_release(buf); 2366 return (0); 2367 } 2368 2369 /* Update peer SPI */ 2370 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 2371 if (prop->prop_protoid == protoid) 2372 break; 2373 } 2374 if (prop == NULL) { 2375 log_debug("%s: failed to find %s proposals", __func__, 2376 print_map(protoid, ikev2_saproto_map)); 2377 return (-1); 2378 } else 2379 prop->prop_peerspi = msg->msg_prop->prop_peerspi; 2380 2381 /* Set rekeying flags on Child SAs */ 2382 if (rekeying) { 2383 if ((csa = childsa_lookup(sa, rekey->spi, 2384 rekey->spi_protoid)) == NULL) { 2385 log_debug("%s: CHILD SA %s wasn't found", 2386 __func__, print_spi(rekey->spi, 2387 rekey->spi_size)); 2388 return (-1); 2389 } 2390 if (!csa->csa_loaded || !csa->csa_peersa || 2391 !csa->csa_peersa->csa_loaded) { 2392 log_debug("%s: SA is not loaded or no peer SA", 2393 __func__); 2394 return (-1); 2395 } 2396 csa->csa_rekey = 1; 2397 csa->csa_peersa->csa_rekey = 1; 2398 } 2399 2400 /* Update initiator's nonce */ 2401 if (!ibuf_length(msg->msg_nonce)) { 2402 log_debug("%s: initiator didn't send nonce", __func__); 2403 return (-1); 2404 } 2405 ibuf_release(sa->sa_inonce); 2406 sa->sa_inonce = ibuf_dup(msg->msg_nonce); 2407 2408 /* Generate new responder's nonce */ 2409 if ((nonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) 2410 return (-1); 2411 2412 /* Update responder's nonce */ 2413 ibuf_release(sa->sa_rnonce); 2414 sa->sa_rnonce = nonce; 2415 2416 if (ikev2_childsa_negotiate(env, sa, 0)) { 2417 log_debug("%s: failed to get CHILD SAs", __func__); 2418 return (-1); 2419 } 2420 } 2421 2422 if ((e = ibuf_static()) == NULL) 2423 goto done; 2424 2425 /* SA payload */ 2426 if ((pld = ikev2_add_payload(e)) == NULL) 2427 goto done; 2428 2429 if ((len = ikev2_add_proposals(env, nsa ? nsa : sa, e, 2430 nsa ? &nsa->sa_proposals : &sa->sa_proposals, 2431 protoid, 0, nsa ? 1 : 0)) == -1) 2432 goto done; 2433 2434 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 2435 goto done; 2436 2437 /* NONCE payload */ 2438 if ((pld = ikev2_add_payload(e)) == NULL) 2439 goto done; 2440 if (ikev2_add_buf(e, nonce) == -1) 2441 goto done; 2442 len = ibuf_size(nonce); 2443 2444 if (protoid == IKEV2_SAPROTO_IKE) { 2445 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 2446 goto done; 2447 2448 /* KE payload */ 2449 if ((pld = ikev2_add_payload(e)) == NULL) 2450 goto done; 2451 if ((ke = ibuf_advance(e, sizeof(*ke))) == NULL) 2452 goto done; 2453 if ((group = nsa->sa_dhgroup) == NULL) { 2454 log_debug("%s: invalid dh", __func__); 2455 goto done; 2456 } 2457 ke->kex_dhgroup = htobe16(group->id); 2458 if (ikev2_add_buf(e, nsa->sa_dhrexchange) == -1) 2459 goto done; 2460 len = sizeof(*ke) + dh_getlen(group); 2461 } else { 2462 if ((len = ikev2_add_ts(e, &pld, len, sa, initiator)) == -1) 2463 goto done; 2464 } 2465 2466 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 2467 goto done; 2468 2469 if ((ret = ikev2_msg_send_encrypt(env, sa, &e, 2470 IKEV2_EXCHANGE_CREATE_CHILD_SA, IKEV2_PAYLOAD_SA, 1)) == -1) 2471 goto done; 2472 2473 if (protoid == IKEV2_SAPROTO_IKE) { 2474 /* Transfer all Child SAs and flows from the old IKE SA */ 2475 for (flow = TAILQ_FIRST(&sa->sa_flows); flow != NULL; 2476 flow = nextflow) { 2477 nextflow = TAILQ_NEXT(flow, flow_entry); 2478 TAILQ_REMOVE(&sa->sa_flows, flow, flow_entry); 2479 TAILQ_INSERT_TAIL(&nsa->sa_flows, flow, 2480 flow_entry); 2481 flow->flow_ikesa = nsa; 2482 } 2483 for (csa = TAILQ_FIRST(&sa->sa_childsas); csa != NULL; 2484 csa = nextcsa) { 2485 nextcsa = TAILQ_NEXT(csa, csa_entry); 2486 TAILQ_REMOVE(&sa->sa_childsas, csa, csa_entry); 2487 TAILQ_INSERT_TAIL(&nsa->sa_childsas, csa, 2488 csa_entry); 2489 csa->csa_ikesa = nsa; 2490 } 2491 /* Transfer all non-IKE proposals */ 2492 for (prop = TAILQ_FIRST(&sa->sa_proposals); prop != NULL; 2493 prop = nextprop) { 2494 nextprop = TAILQ_NEXT(prop, prop_entry); 2495 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) 2496 continue; 2497 TAILQ_REMOVE(&sa->sa_proposals, prop, prop_entry); 2498 TAILQ_INSERT_TAIL(&nsa->sa_proposals, prop, 2499 prop_entry); 2500 } 2501 /* Preserve ID information */ 2502 nsa->sa_iid = sa->sa_iid; 2503 nsa->sa_iid.id_buf = ibuf_dup(sa->sa_iid.id_buf); 2504 nsa->sa_rid = sa->sa_rid; 2505 nsa->sa_rid.id_buf = ibuf_dup(sa->sa_rid.id_buf); 2506 2507 log_debug("%s: activating new IKE SA", __func__); 2508 sa_state(env, nsa, IKEV2_STATE_ESTABLISHED); 2509 nsa->sa_stateflags = sa->sa_statevalid; /* XXX */ 2510 2511 timer_initialize(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa); 2512 timer_register(env, &sa->sa_timer, IKED_IKE_SA_REKEY_TIMEOUT); 2513 } else 2514 ret = ikev2_childsa_enable(env, sa); 2515 2516 done: 2517 if (ret && protoid != IKEV2_SAPROTO_IKE) 2518 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 2519 ibuf_release(e); 2520 return (ret); 2521 } 2522 2523 void 2524 ikev2_ike_sa_timeout(struct iked *env, void *arg) 2525 { 2526 struct iked_sa *sa = arg; 2527 2528 log_debug("%s: closing SA", __func__); 2529 sa_free(env, sa); 2530 } 2531 2532 int 2533 ikev2_send_informational(struct iked *env, struct iked_message *msg) 2534 { 2535 struct iked_message resp; 2536 struct ike_header *hdr; 2537 struct ikev2_payload *pld; 2538 struct ikev2_notify *n; 2539 struct iked_sa *sa = msg->msg_sa, sah; 2540 struct ibuf *buf, *e = NULL; 2541 int ret = -1; 2542 2543 if (msg->msg_error == 0) 2544 return (0); 2545 2546 if ((buf = ikev2_msg_init(env, &resp, 2547 &msg->msg_peer, msg->msg_peerlen, 2548 &msg->msg_local, msg->msg_locallen, 0)) == NULL) 2549 goto done; 2550 2551 /* New encrypted message buffer */ 2552 if ((e = ibuf_static()) == NULL) 2553 goto done; 2554 2555 /* NOTIFY payload */ 2556 if ((pld = ikev2_add_payload(e)) == NULL) 2557 goto done; 2558 2559 if ((n = ibuf_advance(e, sizeof(*n))) == NULL) 2560 goto done; 2561 n->n_protoid = IKEV2_SAPROTO_IKE; /* XXX ESP etc. */ 2562 n->n_spisize = 0; 2563 n->n_type = htobe16(msg->msg_error); 2564 2565 switch (msg->msg_error) { 2566 case IKEV2_N_INVALID_IKE_SPI: 2567 case IKEV2_N_NO_PROPOSAL_CHOSEN: 2568 break; 2569 default: 2570 log_debug("%s: unsupported notification %s", __func__, 2571 print_map(msg->msg_error, ikev2_n_map)); 2572 goto done; 2573 } 2574 2575 if (ikev2_next_payload(pld, sizeof(*n), IKEV2_PAYLOAD_NONE) == -1) 2576 goto done; 2577 2578 if (sa != NULL && msg->msg_e) { 2579 resp.msg_msgid = ikev2_msg_id(env, sa); 2580 2581 /* IKE header */ 2582 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, 2583 IKEV2_PAYLOAD_SK, IKEV2_EXCHANGE_INFORMATIONAL, 2584 0)) == NULL) 2585 goto done; 2586 2587 if ((pld = ikev2_add_payload(buf)) == NULL) 2588 goto done; 2589 2590 /* Encrypt message and add as an E payload */ 2591 if ((e = ikev2_msg_encrypt(env, sa, e)) == NULL) { 2592 log_debug("%s: encryption failed", __func__); 2593 goto done; 2594 } 2595 if (ibuf_cat(buf, e) != 0) 2596 goto done; 2597 if (ikev2_next_payload(pld, ibuf_size(e), 2598 IKEV2_PAYLOAD_NOTIFY) == -1) 2599 goto done; 2600 2601 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 2602 goto done; 2603 2604 /* Add integrity checksum (HMAC) */ 2605 if (ikev2_msg_integr(env, sa, buf) != 0) { 2606 log_debug("%s: integrity checksum failed", __func__); 2607 goto done; 2608 } 2609 } else { 2610 if ((hdr = ibuf_seek(msg->msg_data, 0, sizeof(*hdr))) == NULL) 2611 goto done; 2612 2613 bzero(&sah, sizeof(sah)); 2614 sah.sa_hdr.sh_rspi = betoh64(hdr->ike_rspi); 2615 sah.sa_hdr.sh_ispi = betoh64(hdr->ike_ispi); 2616 sah.sa_hdr.sh_initiator = 2617 hdr->ike_flags & IKEV2_FLAG_INITIATOR ? 0 : 1; 2618 2619 resp.msg_msgid = ikev2_msg_id(env, &sah); 2620 2621 /* IKE header */ 2622 if ((hdr = ikev2_add_header(buf, &sah, resp.msg_msgid, 2623 IKEV2_PAYLOAD_NOTIFY, IKEV2_EXCHANGE_INFORMATIONAL, 2624 0)) == NULL) 2625 goto done; 2626 if (ibuf_cat(buf, e) != 0) 2627 goto done; 2628 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 2629 goto done; 2630 } 2631 2632 resp.msg_data = buf; 2633 resp.msg_fd = msg->msg_fd; 2634 TAILQ_INIT(&resp.msg_proposals); 2635 2636 ret = ikev2_msg_send(env, &resp); 2637 2638 done: 2639 ibuf_release(e); 2640 ikev2_msg_cleanup(env, &resp); 2641 2642 return (ret); 2643 } 2644 2645 ssize_t 2646 ikev2_psk(struct iked_sa *sa, u_int8_t *data, size_t length, 2647 u_int8_t **pskptr) 2648 { 2649 u_int8_t *psk; 2650 size_t psklen = -1; 2651 2652 if (hash_setkey(sa->sa_prf, data, length) == NULL) 2653 return (-1); 2654 2655 if ((psk = calloc(1, hash_keylength(sa->sa_prf))) == NULL) 2656 return (-1); 2657 2658 hash_init(sa->sa_prf); 2659 hash_update(sa->sa_prf, IKEV2_KEYPAD, strlen(IKEV2_KEYPAD)); 2660 hash_final(sa->sa_prf, psk, &psklen); 2661 2662 *pskptr = psk; 2663 return (psklen); 2664 } 2665 2666 int 2667 ikev2_match_proposals(struct iked_proposal *local, struct iked_proposal *peer, 2668 struct iked_transform **xforms) 2669 { 2670 struct iked_transform *tpeer, *tlocal; 2671 u_int i, j, type, score; 2672 u_int8_t protoid = peer->prop_protoid; 2673 2674 for (i = 0; i < peer->prop_nxforms; i++) { 2675 tpeer = peer->prop_xforms + i; 2676 for (j = 0; j < local->prop_nxforms; j++) { 2677 tlocal = local->prop_xforms + j; 2678 if (tpeer->xform_type != tlocal->xform_type || 2679 tpeer->xform_id != tlocal->xform_id || 2680 tpeer->xform_length != tlocal->xform_length) 2681 continue; 2682 if (tpeer->xform_type > IKEV2_XFORMTYPE_MAX) 2683 continue; 2684 type = tpeer->xform_type; 2685 2686 if (xforms[type] == NULL || tlocal->xform_score < 2687 xforms[type]->xform_score) { 2688 xforms[type] = tlocal; 2689 } else 2690 continue; 2691 2692 print_debug("%s: xform %d <-> %d (%d): %s %s " 2693 "(keylength %d <-> %d)", __func__, 2694 peer->prop_id, local->prop_id, tlocal->xform_score, 2695 print_map(type, ikev2_xformtype_map), 2696 print_map(tpeer->xform_id, tpeer->xform_map), 2697 tpeer->xform_keylength, tlocal->xform_keylength); 2698 if (tpeer->xform_length) 2699 print_debug(" %d", tpeer->xform_length); 2700 print_debug("\n"); 2701 } 2702 } 2703 2704 for (i = score = 0; i < IKEV2_XFORMTYPE_MAX; i++) { 2705 if (protoid == IKEV2_SAPROTO_IKE && xforms[i] == NULL && 2706 (i == IKEV2_XFORMTYPE_ENCR || i == IKEV2_XFORMTYPE_PRF || 2707 i == IKEV2_XFORMTYPE_INTEGR || i == IKEV2_XFORMTYPE_DH)) { 2708 score = 0; 2709 break; 2710 } else if (protoid == IKEV2_SAPROTO_AH && xforms[i] == NULL && 2711 (i == IKEV2_XFORMTYPE_INTEGR || i == IKEV2_XFORMTYPE_ESN)) { 2712 score = 0; 2713 break; 2714 } else if (protoid == IKEV2_SAPROTO_ESP && xforms[i] == NULL && 2715 (i == IKEV2_XFORMTYPE_ENCR || i == IKEV2_XFORMTYPE_ESN)) { 2716 score = 0; 2717 break; 2718 } else if (xforms[i] == NULL) 2719 continue; 2720 2721 score += xforms[i]->xform_score; 2722 } 2723 2724 return (score); 2725 } 2726 2727 int 2728 ikev2_sa_negotiate(struct iked_sa *sa, struct iked_proposals *local, 2729 struct iked_proposals *peer) 2730 { 2731 struct iked_proposal *ppeer = NULL, *plocal, *prop, vpeer, vlocal; 2732 struct iked_transform *chosen[IKEV2_XFORMTYPE_MAX]; 2733 struct iked_transform *match[IKEV2_XFORMTYPE_MAX]; 2734 u_int i, score, chosen_score = 0; 2735 u_int8_t protoid = 0; 2736 2737 bzero(chosen, sizeof(chosen)); 2738 bzero(&vlocal, sizeof(vlocal)); 2739 bzero(&vpeer, sizeof(vpeer)); 2740 2741 if (TAILQ_EMPTY(peer)) { 2742 log_debug("%s: peer did not send %s proposals", __func__, 2743 print_map(protoid, ikev2_saproto_map)); 2744 return (-1); 2745 } 2746 2747 TAILQ_FOREACH(plocal, local, prop_entry) { 2748 TAILQ_FOREACH(ppeer, peer, prop_entry) { 2749 if (ppeer->prop_protoid != plocal->prop_protoid) 2750 continue; 2751 bzero(match, sizeof(match)); 2752 score = ikev2_match_proposals(plocal, ppeer, match); 2753 log_debug("%s: score %d", __func__, score); 2754 if (score && (!chosen_score || score < chosen_score)) { 2755 chosen_score = score; 2756 for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) 2757 chosen[i] = match[i]; 2758 memcpy(&vpeer, ppeer, sizeof(vpeer)); 2759 memcpy(&vlocal, plocal, sizeof(vlocal)); 2760 } 2761 } 2762 if (chosen_score != 0) 2763 break; 2764 } 2765 2766 if (chosen_score == 0) 2767 return (-1); 2768 else if (sa == NULL) 2769 return (0); 2770 2771 (void)config_free_proposals(&sa->sa_proposals, vpeer.prop_protoid); 2772 prop = config_add_proposal(&sa->sa_proposals, vpeer.prop_id, 2773 vpeer.prop_protoid); 2774 2775 if (vpeer.prop_localspi.spi_size) { 2776 prop->prop_localspi.spi_size = vpeer.prop_localspi.spi_size; 2777 prop->prop_peerspi = vpeer.prop_peerspi; 2778 } 2779 if (vlocal.prop_localspi.spi_size) { 2780 prop->prop_localspi.spi_size = vlocal.prop_localspi.spi_size; 2781 prop->prop_localspi.spi = vlocal.prop_localspi.spi; 2782 } 2783 2784 for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) { 2785 if (chosen[i] == NULL) 2786 continue; 2787 print_debug("%s: score %d: %s %s", __func__, 2788 chosen[i]->xform_score, print_map(i, ikev2_xformtype_map), 2789 print_map(chosen[i]->xform_id, chosen[i]->xform_map)); 2790 if (chosen[i]->xform_length) 2791 print_debug(" %d", chosen[i]->xform_length); 2792 print_debug("\n"); 2793 2794 if (config_add_transform(prop, chosen[i]->xform_type, 2795 chosen[i]->xform_id, chosen[i]->xform_length, 2796 chosen[i]->xform_keylength) == NULL) 2797 break; 2798 } 2799 2800 return (0); 2801 } 2802 2803 int 2804 ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, 2805 struct iked_message *msg) 2806 { 2807 struct iked_policy *pol = sa->sa_policy; 2808 struct iked_transform *xform; 2809 2810 if (sa->sa_dhgroup == NULL) { 2811 if ((xform = config_findtransform(&pol->pol_proposals, 2812 IKEV2_XFORMTYPE_DH)) == NULL) { 2813 log_debug("%s: did not find dh transform", __func__); 2814 return (-1); 2815 } 2816 if ((sa->sa_dhgroup = 2817 group_get(xform->xform_id)) == NULL) { 2818 log_debug("%s: invalid dh %d", __func__, 2819 xform->xform_id); 2820 return (-1); 2821 } 2822 } 2823 2824 if (!ibuf_length(sa->sa_dhiexchange)) { 2825 if ((sa->sa_dhiexchange = ibuf_new(NULL, 2826 dh_getlen(sa->sa_dhgroup))) == NULL) { 2827 log_debug("%s: failed to alloc dh exchange", __func__); 2828 return (-1); 2829 } 2830 if (dh_create_exchange(sa->sa_dhgroup, 2831 sa->sa_dhiexchange->buf) == -1) { 2832 log_debug("%s: failed to get dh exchange", __func__); 2833 return (-1); 2834 } 2835 } 2836 2837 if (!ibuf_length(sa->sa_inonce)) { 2838 if ((sa->sa_inonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { 2839 log_debug("%s: failed to get local nonce", __func__); 2840 return (-1); 2841 } 2842 } 2843 2844 /* Initial message */ 2845 if (msg == NULL) 2846 return (0); 2847 2848 if (!ibuf_length(sa->sa_rnonce)) { 2849 if (!ibuf_length(msg->msg_nonce)) { 2850 log_debug("%s: invalid peer nonce", __func__); 2851 return (-1); 2852 } 2853 if ((sa->sa_rnonce = ibuf_dup(msg->msg_nonce)) == NULL) { 2854 log_debug("%s: failed to get peer nonce", __func__); 2855 return (-1); 2856 } 2857 } 2858 2859 if (!ibuf_length(sa->sa_dhrexchange)) { 2860 if (!ibuf_length(msg->msg_ke)) { 2861 log_debug("%s: invalid peer dh exchange", __func__); 2862 return (-1); 2863 } 2864 if ((ssize_t)ibuf_length(msg->msg_ke) != 2865 dh_getlen(sa->sa_dhgroup)) { 2866 log_debug("%s: invalid dh length, size %d", __func__, 2867 dh_getlen(sa->sa_dhgroup) * 8); 2868 return (-1); 2869 } 2870 if ((sa->sa_dhrexchange = ibuf_dup(msg->msg_ke)) == NULL) { 2871 log_debug("%s: failed to copy dh exchange", __func__); 2872 return (-1); 2873 } 2874 } 2875 2876 /* Set a pointer to the peer exchange */ 2877 sa->sa_dhpeer = sa->sa_dhrexchange; 2878 2879 /* XXX we need a better way to get this */ 2880 if (ikev2_sa_negotiate(sa, &msg->msg_policy->pol_proposals, 2881 &msg->msg_proposals) != 0) { 2882 log_debug("%s: no proposal chosen", __func__); 2883 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 2884 return (-1); 2885 } else if (sa_stateok(sa, IKEV2_STATE_SA_INIT)) 2886 sa_stateflags(sa, IKED_REQ_SA); 2887 2888 if (sa->sa_encr == NULL) { 2889 if ((xform = config_findtransform(&sa->sa_proposals, 2890 IKEV2_XFORMTYPE_ENCR)) == NULL) { 2891 log_debug("%s: did not find encr transform", __func__); 2892 return (-1); 2893 } 2894 if ((sa->sa_encr = cipher_new(xform->xform_type, 2895 xform->xform_id, xform->xform_length)) == NULL) { 2896 log_debug("%s: failed to get encr", __func__); 2897 return (-1); 2898 } 2899 } 2900 2901 if (sa->sa_prf == NULL) { 2902 if ((xform = config_findtransform(&sa->sa_proposals, 2903 IKEV2_XFORMTYPE_PRF)) == NULL) { 2904 log_debug("%s: did not find prf transform", __func__); 2905 return (-1); 2906 } 2907 if ((sa->sa_prf = 2908 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2909 log_debug("%s: failed to get prf", __func__); 2910 return (-1); 2911 } 2912 } 2913 2914 if (sa->sa_integr == NULL) { 2915 if ((xform = config_findtransform(&sa->sa_proposals, 2916 IKEV2_XFORMTYPE_INTEGR)) == NULL) { 2917 log_debug("%s: did not find integr transform", 2918 __func__); 2919 return (-1); 2920 } 2921 if ((sa->sa_integr = 2922 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2923 log_debug("%s: failed to get integr", __func__); 2924 return (-1); 2925 } 2926 } 2927 2928 ibuf_release(sa->sa_2ndmsg); 2929 if ((sa->sa_2ndmsg = ibuf_dup(msg->msg_data)) == NULL) { 2930 log_debug("%s: failed to copy 2nd message", __func__); 2931 return (-1); 2932 } 2933 2934 return (ikev2_sa_keys(env, sa, NULL)); 2935 } 2936 2937 int 2938 ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, 2939 struct iked_message *msg) 2940 { 2941 struct iked_transform *xform; 2942 2943 sa_state(env, sa, IKEV2_STATE_SA_INIT); 2944 2945 ibuf_release(sa->sa_1stmsg); 2946 if ((sa->sa_1stmsg = ibuf_dup(msg->msg_data)) == NULL) { 2947 log_debug("%s: failed to copy 1st message", __func__); 2948 return (-1); 2949 } 2950 2951 if (!ibuf_length(sa->sa_rnonce) && 2952 (sa->sa_rnonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { 2953 log_debug("%s: failed to get local nonce", __func__); 2954 return (-1); 2955 } 2956 2957 if (!ibuf_length(sa->sa_inonce) && 2958 ((ibuf_length(msg->msg_nonce) < IKED_NONCE_MIN) || 2959 (sa->sa_inonce = ibuf_dup(msg->msg_nonce)) == NULL)) { 2960 log_debug("%s: failed to get peer nonce", __func__); 2961 return (-1); 2962 } 2963 2964 /* XXX we need a better way to get this */ 2965 if (ikev2_sa_negotiate(sa, &msg->msg_policy->pol_proposals, 2966 &msg->msg_proposals) != 0) { 2967 log_debug("%s: no proposal chosen", __func__); 2968 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 2969 return (-1); 2970 } else if (sa_stateok(sa, IKEV2_STATE_SA_INIT)) 2971 sa_stateflags(sa, IKED_REQ_SA); 2972 2973 if (sa->sa_encr == NULL) { 2974 if ((xform = config_findtransform(&sa->sa_proposals, 2975 IKEV2_XFORMTYPE_ENCR)) == NULL) { 2976 log_debug("%s: did not find encr transform", __func__); 2977 return (-1); 2978 } 2979 if ((sa->sa_encr = cipher_new(xform->xform_type, 2980 xform->xform_id, xform->xform_length)) == NULL) { 2981 log_debug("%s: failed to get encr", __func__); 2982 return (-1); 2983 } 2984 } 2985 2986 if (sa->sa_prf == NULL) { 2987 if ((xform = config_findtransform(&sa->sa_proposals, 2988 IKEV2_XFORMTYPE_PRF)) == NULL) { 2989 log_debug("%s: did not find prf transform", __func__); 2990 return (-1); 2991 } 2992 if ((sa->sa_prf = 2993 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2994 log_debug("%s: failed to get prf", __func__); 2995 return (-1); 2996 } 2997 } 2998 2999 if (sa->sa_integr == NULL) { 3000 if ((xform = config_findtransform(&sa->sa_proposals, 3001 IKEV2_XFORMTYPE_INTEGR)) == NULL) { 3002 log_debug("%s: did not find integr transform", 3003 __func__); 3004 return (-1); 3005 } 3006 if ((sa->sa_integr = 3007 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 3008 log_debug("%s: failed to get integr", __func__); 3009 return (-1); 3010 } 3011 } 3012 3013 if (sa->sa_dhgroup == NULL) { 3014 if ((xform = config_findtransform(&sa->sa_proposals, 3015 IKEV2_XFORMTYPE_DH)) == NULL) { 3016 log_debug("%s: did not find dh transform", __func__); 3017 return (-1); 3018 } 3019 if ((sa->sa_dhgroup = 3020 group_get(xform->xform_id)) == NULL) { 3021 log_debug("%s: invalid dh", __func__); 3022 return (-1); 3023 } 3024 } 3025 3026 if (!ibuf_length(sa->sa_dhrexchange)) { 3027 if ((sa->sa_dhrexchange = ibuf_new(NULL, 3028 dh_getlen(sa->sa_dhgroup))) == NULL) { 3029 log_debug("%s: failed to alloc dh exchange", __func__); 3030 return (-1); 3031 } 3032 if (dh_create_exchange(sa->sa_dhgroup, 3033 sa->sa_dhrexchange->buf) == -1) { 3034 log_debug("%s: failed to get dh exchange", __func__); 3035 return (-1); 3036 } 3037 } 3038 3039 if (!ibuf_length(sa->sa_dhiexchange)) { 3040 if ((sa->sa_dhiexchange = ibuf_dup(msg->msg_ke)) == NULL || 3041 ((ssize_t)ibuf_length(sa->sa_dhiexchange) != 3042 dh_getlen(sa->sa_dhgroup))) { 3043 /* XXX send notification to peer */ 3044 log_debug("%s: invalid dh, size %d", __func__, 3045 dh_getlen(sa->sa_dhgroup) * 8); 3046 return (-1); 3047 } 3048 } 3049 3050 /* Set a pointer to the peer exchange */ 3051 sa->sa_dhpeer = sa->sa_dhiexchange; 3052 3053 return (ikev2_sa_keys(env, sa, osa ? osa->sa_key_d : NULL)); 3054 } 3055 3056 int 3057 ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key) 3058 { 3059 struct iked_hash *prf, *integr; 3060 struct iked_cipher *encr; 3061 struct group *group; 3062 struct ibuf *ninr, *dhsecret, *skeyseed, *s, *t; 3063 size_t nonceminlen, ilen, rlen, tmplen; 3064 u_int64_t ispi, rspi; 3065 int ret = -1; 3066 3067 ninr = dhsecret = skeyseed = s = t = NULL; 3068 3069 if ((encr = sa->sa_encr) == NULL || 3070 (prf = sa->sa_prf) == NULL || 3071 (integr = sa->sa_integr) == NULL || 3072 (group = sa->sa_dhgroup) == NULL) { 3073 log_debug("%s: failed to get key input data", __func__); 3074 return (-1); 3075 } 3076 3077 if (prf->hash_fixedkey) 3078 nonceminlen = prf->hash_fixedkey; 3079 else 3080 nonceminlen = IKED_NONCE_MIN; 3081 3082 /* Nonces need a minimal size and should have an even length */ 3083 if (ibuf_length(sa->sa_inonce) < nonceminlen || 3084 (ibuf_length(sa->sa_inonce) % 2) != 0 || 3085 ibuf_length(sa->sa_rnonce) < nonceminlen || 3086 (ibuf_length(sa->sa_rnonce) % 2) != 0) { 3087 log_debug("%s: invalid nonces", __func__); 3088 return (-1); 3089 } 3090 3091 if (prf->hash_fixedkey) { 3092 /* Half of the key bits must come from Ni, and half from Nr */ 3093 ilen = prf->hash_fixedkey / 2; 3094 rlen = prf->hash_fixedkey / 2; 3095 } else { 3096 /* Most PRF functions accept a variable-length key */ 3097 ilen = ibuf_length(sa->sa_inonce); 3098 rlen = ibuf_length(sa->sa_rnonce); 3099 } 3100 3101 /* 3102 * Depending on whether we're generating new keying material 3103 * or rekeying existing SA the algorithm is different. If the 3104 * "key" argument is not specified a concatenation of nonces 3105 * (Ni | Nr) is used as a PRF key, otherwise a "key" buffer 3106 * is used and PRF is performed on the concatenation of DH 3107 * exchange result and nonces (g^ir | Ni | Nr). See sections 3108 * 2.14 and 2.18 of RFC5996 for more information. 3109 */ 3110 3111 /* 3112 * Generate g^ir 3113 */ 3114 if ((dhsecret = ibuf_new(NULL, dh_getlen(group))) == NULL) { 3115 log_debug("%s: failed to alloc dh secret", __func__); 3116 goto done; 3117 } 3118 if (dh_create_shared(group, dhsecret->buf, 3119 sa->sa_dhpeer->buf) == -1) { 3120 log_debug("%s: failed to get dh secret" 3121 " group %d len %d secret %d exchange %d", __func__, 3122 group->id, dh_getlen(group), ibuf_length(dhsecret), 3123 ibuf_length(sa->sa_dhpeer)); 3124 goto done; 3125 } 3126 3127 if (!key) { 3128 /* 3129 * Set PRF key to generate SKEEYSEED = prf(Ni | Nr, g^ir) 3130 */ 3131 if ((ninr = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL || 3132 ibuf_add(ninr, sa->sa_rnonce->buf, rlen) != 0) { 3133 log_debug("%s: failed to get nonce key buffer", 3134 __func__); 3135 goto done; 3136 } 3137 key = ninr; 3138 } else { 3139 /* 3140 * Set PRF key to generate SKEEYSEED = prf(key, g^ir | Ni | Nr) 3141 */ 3142 if (ibuf_add(dhsecret, sa->sa_inonce->buf, ilen) != 0 || 3143 ibuf_add(dhsecret, sa->sa_rnonce->buf, rlen) != 0) { 3144 log_debug("%s: failed to get nonce key buffer", 3145 __func__); 3146 goto done; 3147 } 3148 } 3149 3150 if ((hash_setkey(prf, key->buf, ibuf_length(key))) == NULL) { 3151 log_debug("%s: failed to set prf key", __func__); 3152 goto done; 3153 } 3154 3155 if ((skeyseed = ibuf_new(NULL, hash_length(prf))) == NULL) { 3156 log_debug("%s: failed to get SKEYSEED buffer", __func__); 3157 goto done; 3158 } 3159 3160 tmplen = 0; 3161 hash_init(prf); 3162 hash_update(prf, dhsecret->buf, ibuf_length(dhsecret)); 3163 hash_final(prf, skeyseed->buf, &tmplen); 3164 3165 log_debug("%s: SKEYSEED with %d bytes", __func__, tmplen); 3166 print_hex(skeyseed->buf, 0, tmplen); 3167 3168 if (ibuf_setsize(skeyseed, tmplen) == -1) { 3169 log_debug("%s: failed to set keymaterial length", __func__); 3170 goto done; 3171 } 3172 3173 /* 3174 * Now generate the key material 3175 * 3176 * S = Ni | Nr | SPIi | SPIr 3177 */ 3178 3179 /* S = Ni | Nr | SPIi | SPIr */ 3180 ilen = ibuf_length(sa->sa_inonce); 3181 rlen = ibuf_length(sa->sa_rnonce); 3182 ispi = htobe64(sa->sa_hdr.sh_ispi); 3183 rspi = htobe64(sa->sa_hdr.sh_rspi); 3184 3185 if ((s = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL || 3186 ibuf_add(s, sa->sa_rnonce->buf, rlen) != 0 || 3187 ibuf_add(s, &ispi, sizeof(ispi)) != 0 || 3188 ibuf_add(s, &rspi, sizeof(rspi)) != 0) { 3189 log_debug("%s: failed to set S buffer", __func__); 3190 goto done; 3191 } 3192 3193 log_debug("%s: S with %d bytes", __func__, ibuf_length(s)); 3194 print_hex(s->buf, 0, ibuf_length(s)); 3195 3196 /* 3197 * Get the size of the key material we need and the number 3198 * of rounds we need to run the prf+ function. 3199 */ 3200 ilen = hash_length(prf) + /* SK_d */ 3201 hash_keylength(integr) + /* SK_ai */ 3202 hash_keylength(integr) + /* SK_ar */ 3203 cipher_keylength(encr) + /* SK_ei */ 3204 cipher_keylength(encr) + /* SK_er */ 3205 hash_keylength(prf) + /* SK_pi */ 3206 hash_keylength(prf); /* SK_pr */ 3207 3208 if ((t = ikev2_prfplus(prf, skeyseed, s, ilen)) == NULL) { 3209 log_debug("%s: failed to get IKE SA key material", __func__); 3210 goto done; 3211 } 3212 3213 /* ibuf_get() returns a new buffer from the next read offset */ 3214 if ((sa->sa_key_d = ibuf_get(t, hash_length(prf))) == NULL || 3215 (sa->sa_key_iauth = ibuf_get(t, hash_keylength(integr))) == NULL || 3216 (sa->sa_key_rauth = ibuf_get(t, hash_keylength(integr))) == NULL || 3217 (sa->sa_key_iencr = ibuf_get(t, cipher_keylength(encr))) == NULL || 3218 (sa->sa_key_rencr = ibuf_get(t, cipher_keylength(encr))) == NULL || 3219 (sa->sa_key_iprf = ibuf_get(t, hash_length(prf))) == NULL || 3220 (sa->sa_key_rprf = ibuf_get(t, hash_length(prf))) == NULL) { 3221 log_debug("%s: failed to get SA keys", __func__); 3222 goto done; 3223 } 3224 3225 log_debug("%s: SK_d with %d bytes", __func__, 3226 ibuf_length(sa->sa_key_d)); 3227 print_hex(sa->sa_key_d->buf, 0, ibuf_length(sa->sa_key_d)); 3228 log_debug("%s: SK_ai with %d bytes", __func__, 3229 ibuf_length(sa->sa_key_iauth)); 3230 print_hex(sa->sa_key_iauth->buf, 0, ibuf_length(sa->sa_key_iauth)); 3231 log_debug("%s: SK_ar with %d bytes", __func__, 3232 ibuf_length(sa->sa_key_rauth)); 3233 print_hex(sa->sa_key_rauth->buf, 0, ibuf_length(sa->sa_key_rauth)); 3234 log_debug("%s: SK_ei with %d bytes", __func__, 3235 ibuf_length(sa->sa_key_iencr)); 3236 print_hex(sa->sa_key_iencr->buf, 0, ibuf_length(sa->sa_key_iencr)); 3237 log_debug("%s: SK_er with %d bytes", __func__, 3238 ibuf_length(sa->sa_key_rencr)); 3239 print_hex(sa->sa_key_rencr->buf, 0, ibuf_length(sa->sa_key_rencr)); 3240 log_debug("%s: SK_pi with %d bytes", __func__, 3241 ibuf_length(sa->sa_key_iprf)); 3242 print_hex(sa->sa_key_iprf->buf, 0, ibuf_length(sa->sa_key_iprf)); 3243 log_debug("%s: SK_pr with %d bytes", __func__, 3244 ibuf_length(sa->sa_key_rprf)); 3245 print_hex(sa->sa_key_rprf->buf, 0, ibuf_length(sa->sa_key_rprf)); 3246 3247 ret = 0; 3248 3249 done: 3250 ibuf_release(ninr); 3251 ibuf_release(dhsecret); 3252 ibuf_release(skeyseed); 3253 ibuf_release(s); 3254 ibuf_release(t); 3255 3256 return (ret); 3257 } 3258 3259 struct ibuf * 3260 ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, 3261 size_t keymatlen) 3262 { 3263 struct ibuf *t = NULL, *t1 = NULL, *t2 = NULL; 3264 size_t rlen, i, hashlen = 0; 3265 u_int8_t pad = 0; 3266 3267 /* 3268 * prf+ (K, S) = T1 | T2 | T3 | T4 | ... 3269 * 3270 * T1 = prf (K, S | 0x01) 3271 * T2 = prf (K, T1 | S | 0x02) 3272 * T3 = prf (K, T2 | S | 0x03) 3273 * T4 = prf (K, T3 | S | 0x04) 3274 */ 3275 3276 if ((hash_setkey(prf, ibuf_data(key), ibuf_size(key))) == NULL) { 3277 log_debug("%s: failed to set prf+ key", __func__); 3278 goto fail; 3279 } 3280 3281 if ((t = ibuf_new(NULL, 0)) == NULL) { 3282 log_debug("%s: failed to get T buffer", __func__); 3283 goto fail; 3284 } 3285 3286 rlen = roundup(keymatlen, hash_length(prf)) / hash_length(prf); 3287 if (rlen > 255) 3288 fatalx("ikev2_prfplus: key material too large"); 3289 3290 for (i = 0; i < rlen; i++) { 3291 if (t1 != NULL) { 3292 t2 = ibuf_new(t1->buf, ibuf_length(t1)); 3293 ibuf_release(t1); 3294 } else 3295 t2 = ibuf_new(NULL, 0); 3296 t1 = ibuf_new(NULL, hash_length(prf)); 3297 3298 ibuf_add(t2, seed->buf, ibuf_length(seed)); 3299 pad = i + 1; 3300 ibuf_add(t2, &pad, 1); 3301 3302 hash_init(prf); 3303 hash_update(prf, t2->buf, ibuf_length(t2)); 3304 hash_final(prf, t1->buf, &hashlen); 3305 3306 if (hashlen != hash_length(prf)) 3307 fatalx("ikev2_prfplus: hash length mismatch"); 3308 3309 ibuf_release(t2); 3310 ibuf_add(t, t1->buf, ibuf_length(t1)); 3311 3312 log_debug("%s: T%d with %d bytes", __func__, 3313 pad, ibuf_length(t1)); 3314 print_hex(t1->buf, 0, ibuf_length(t1)); 3315 } 3316 3317 log_debug("%s: Tn with %d bytes", __func__, ibuf_length(t)); 3318 print_hex(t->buf, 0, ibuf_length(t)); 3319 3320 ibuf_release(t1); 3321 3322 return (t); 3323 3324 fail: 3325 ibuf_release(t1); 3326 ibuf_release(t); 3327 3328 return (NULL); 3329 } 3330 3331 int 3332 ikev2_sa_tag(struct iked_sa *sa, struct iked_id *id) 3333 { 3334 char *format, *domain = NULL, *idrepl = NULL; 3335 char idstr[IKED_ID_SIZE]; 3336 int ret = -1; 3337 size_t len; 3338 3339 if (sa->sa_tag != NULL) 3340 free(sa->sa_tag); 3341 sa->sa_tag = NULL; 3342 format = sa->sa_policy->pol_tag; 3343 3344 len = IKED_TAG_SIZE; 3345 if ((sa->sa_tag = calloc(1, len)) == NULL) { 3346 log_debug("%s: calloc", __func__); 3347 goto fail; 3348 } 3349 if (strlcpy(sa->sa_tag, format, len) >= len) { 3350 log_debug("%s: tag too long", __func__); 3351 goto fail; 3352 } 3353 3354 if (ikev2_print_id(id, idstr, sizeof(idstr)) == -1) { 3355 log_debug("%s: invalid id", __func__); 3356 goto fail; 3357 } 3358 3359 /* ASN.1 DER IDs are too long, use the CN part instead */ 3360 if ((id->id_type == IKEV2_ID_ASN1_DN) && 3361 (idrepl = strstr(idstr, "CN=")) != NULL) { 3362 domain = strstr(idrepl, "emailAddress="); 3363 idrepl[strcspn(idrepl, "/")] = '\0'; 3364 } else 3365 idrepl = idstr; 3366 3367 if (strstr(format, "$id") != NULL) { 3368 if (expand_string(sa->sa_tag, len, "$id", idrepl) != 0) { 3369 log_debug("%s: failed to expand tag", __func__); 3370 goto fail; 3371 } 3372 } 3373 3374 if (strstr(format, "$name") != NULL) { 3375 if (expand_string(sa->sa_tag, len, "$name", 3376 sa->sa_policy->pol_name) != 0) { 3377 log_debug("%s: failed to expand tag", __func__); 3378 goto fail; 3379 } 3380 } 3381 3382 if (strstr(format, "$domain") != NULL) { 3383 if (id->id_type == IKEV2_ID_FQDN) 3384 domain = strchr(idrepl, '.'); 3385 else if (id->id_type == IKEV2_ID_UFQDN) 3386 domain = strchr(idrepl, '@'); 3387 else if (*idstr == '/' && domain != NULL) 3388 domain = strchr(domain, '@'); 3389 else 3390 domain = NULL; 3391 if (domain == NULL || strlen(domain) < 2) { 3392 log_debug("%s: no valid domain in ID %s", 3393 __func__, idstr); 3394 goto fail; 3395 } 3396 domain++; 3397 if (expand_string(sa->sa_tag, len, "$domain", domain) != 0) { 3398 log_debug("%s: failed to expand tag", __func__); 3399 goto fail; 3400 } 3401 } 3402 3403 log_debug("%s: %s (%d)", __func__, sa->sa_tag, strlen(sa->sa_tag)); 3404 3405 ret = 0; 3406 fail: 3407 if (ret != 0) { 3408 free(sa->sa_tag); 3409 sa->sa_tag = NULL; 3410 } 3411 3412 return (ret); 3413 } 3414 3415 int 3416 ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, int initiator) 3417 { 3418 struct iked_proposal *prop; 3419 struct iked_transform *xform, *encrxf = NULL, *integrxf = NULL; 3420 struct iked_childsa *csa, *csb; 3421 struct iked_flow *flow, *saflow, *flowa, *flowb; 3422 struct iked_id *peerid, *localid; 3423 struct ibuf *keymat = NULL, *seed = NULL; 3424 u_int32_t spi = 0; 3425 u_int i; 3426 size_t ilen = 0; 3427 int esn, skip, ret = -1; 3428 3429 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 3430 return (-1); 3431 3432 if (sa->sa_hdr.sh_initiator) { 3433 peerid = &sa->sa_rid; 3434 localid = &sa->sa_iid; 3435 } else { 3436 peerid = &sa->sa_iid; 3437 localid = &sa->sa_rid; 3438 } 3439 3440 if (ikev2_sa_tag(sa, peerid) == -1) 3441 return (-1); 3442 3443 /* We need to determine the key material length first */ 3444 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 3445 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) 3446 continue; 3447 log_debug("%s: proposal %d", __func__, prop->prop_id); 3448 for (i = 0; i < prop->prop_nxforms; i++) { 3449 xform = prop->prop_xforms + i; 3450 xform->xform_keylength = 3451 keylength_xf(prop->prop_protoid, 3452 xform->xform_type, xform->xform_id); 3453 3454 switch (xform->xform_type) { 3455 case IKEV2_XFORMTYPE_ENCR: 3456 case IKEV2_XFORMTYPE_INTEGR: 3457 if (xform->xform_length) 3458 xform->xform_keylength = 3459 xform->xform_length; 3460 xform->xform_keylength += 3461 noncelength_xf(xform->xform_type, 3462 xform->xform_id); 3463 ilen += xform->xform_keylength / 8; 3464 break; 3465 } 3466 } 3467 } 3468 3469 /* double key material length for inbound/outbound */ 3470 ilen *= 2; 3471 3472 log_debug("%s: key material length %d", __func__, ilen); 3473 3474 if ((seed = ibuf_dup(sa->sa_inonce)) == NULL || 3475 ibuf_cat(seed, sa->sa_rnonce) != 0 || 3476 (keymat = ikev2_prfplus(sa->sa_prf, 3477 sa->sa_key_d, seed, ilen)) == NULL) { 3478 log_debug("%s: failed to get IKE SA key material", __func__); 3479 goto done; 3480 } 3481 3482 /* Create the new flows */ 3483 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 3484 if (ikev2_valid_proposal(prop, NULL, NULL, NULL) != 0) 3485 continue; 3486 3487 RB_FOREACH(flow, iked_flows, &sa->sa_policy->pol_flows) { 3488 skip = 0; 3489 TAILQ_FOREACH(saflow, &sa->sa_flows, flow_entry) { 3490 if (IKED_ADDR_EQ(&saflow->flow_src, 3491 &flow->flow_src) && 3492 IKED_ADDR_EQ(&saflow->flow_dst, 3493 &flow->flow_dst) && 3494 saflow->flow_saproto == prop->prop_protoid) 3495 skip = 1; 3496 } 3497 if (skip) 3498 continue; 3499 3500 if ((flowa = calloc(1, sizeof(*flowa))) == NULL) { 3501 log_debug("%s: failed to get flow", __func__); 3502 goto done; 3503 } 3504 3505 memcpy(flowa, flow, sizeof(*flow)); 3506 flowa->flow_dir = IPSP_DIRECTION_OUT; 3507 flowa->flow_saproto = prop->prop_protoid; 3508 flowa->flow_srcid = localid; 3509 flowa->flow_dstid = peerid; 3510 flowa->flow_local = &sa->sa_local; 3511 flowa->flow_peer = &sa->sa_peer; 3512 flowa->flow_ikesa = sa; 3513 3514 if ((flowb = calloc(1, sizeof(*flowb))) == NULL) { 3515 log_debug("%s: failed to get flow", __func__); 3516 flow_free(flowa); 3517 goto done; 3518 } 3519 3520 memcpy(flowb, flowa, sizeof(*flow)); 3521 3522 flowb->flow_dir = IPSP_DIRECTION_IN; 3523 memcpy(&flowb->flow_src, &flow->flow_dst, 3524 sizeof(flow->flow_dst)); 3525 memcpy(&flowb->flow_dst, &flow->flow_src, 3526 sizeof(flow->flow_src)); 3527 3528 TAILQ_INSERT_TAIL(&sa->sa_flows, flowa, flow_entry); 3529 TAILQ_INSERT_TAIL(&sa->sa_flows, flowb, flow_entry); 3530 } 3531 } 3532 3533 /* create the CHILD SAs using the key material */ 3534 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 3535 if (ikev2_valid_proposal(prop, &encrxf, &integrxf, &esn) != 0) 3536 continue; 3537 3538 spi = 0; 3539 3540 if ((csa = calloc(1, sizeof(*csa))) == NULL) { 3541 log_debug("%s: failed to get CHILD SA", __func__); 3542 goto done; 3543 } 3544 3545 csa->csa_saproto = prop->prop_protoid; 3546 csa->csa_ikesa = sa; 3547 csa->csa_srcid = localid; 3548 csa->csa_dstid = peerid; 3549 csa->csa_spi.spi_protoid = prop->prop_protoid; 3550 csa->csa_esn = esn; 3551 3552 /* Set up responder's SPIs */ 3553 if (initiator) { 3554 csa->csa_dir = IPSP_DIRECTION_OUT; 3555 csa->csa_local = &sa->sa_local; 3556 csa->csa_peer = &sa->sa_peer; 3557 csa->csa_peerspi = prop->prop_localspi.spi; 3558 csa->csa_spi.spi = prop->prop_peerspi.spi; 3559 csa->csa_spi.spi_size = prop->prop_peerspi.spi_size; 3560 } else { 3561 csa->csa_dir = IPSP_DIRECTION_IN; 3562 csa->csa_local = &sa->sa_peer; 3563 csa->csa_peer = &sa->sa_local; 3564 3565 if ((ret = pfkey_sa_init(env->sc_pfkey, csa, 3566 &spi)) != 0) 3567 goto done; 3568 csa->csa_allocated = 1; 3569 3570 csa->csa_peerspi = prop->prop_peerspi.spi; 3571 csa->csa_spi.spi = prop->prop_localspi.spi = spi; 3572 csa->csa_spi.spi_size = 4; 3573 } 3574 3575 if (encrxf && (csa->csa_encrkey = ibuf_get(keymat, 3576 encrxf->xform_keylength / 8)) == NULL) { 3577 log_debug("%s: failed to get CHILD SA encryption key", 3578 __func__); 3579 childsa_free(csa); 3580 goto done; 3581 } 3582 if (integrxf && (csa->csa_integrkey = ibuf_get(keymat, 3583 integrxf->xform_keylength / 8)) == NULL) { 3584 log_debug("%s: failed to get CHILD SA integrity key", 3585 __func__); 3586 childsa_free(csa); 3587 goto done; 3588 } 3589 csa->csa_encrxf = encrxf; 3590 csa->csa_integrxf = integrxf; 3591 3592 if ((csb = calloc(1, sizeof(*csb))) == NULL) { 3593 log_debug("%s: failed to get CHILD SA", __func__); 3594 childsa_free(csa); 3595 goto done; 3596 } 3597 3598 memcpy(csb, csa, sizeof(*csb)); 3599 3600 /* Set up initiator's SPIs */ 3601 csb->csa_spi.spi = csa->csa_peerspi; 3602 csb->csa_peerspi = csa->csa_spi.spi; 3603 csb->csa_allocated = csa->csa_allocated ? 0 : 1; 3604 csb->csa_dir = csa->csa_dir == IPSP_DIRECTION_IN ? 3605 IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN; 3606 csb->csa_local = csa->csa_peer; 3607 csb->csa_peer = csa->csa_local; 3608 3609 if (encrxf && (csb->csa_encrkey = ibuf_get(keymat, 3610 encrxf->xform_keylength / 8)) == NULL) { 3611 log_debug("%s: failed to get CHILD SA encryption key", 3612 __func__); 3613 childsa_free(csa); 3614 childsa_free(csb); 3615 goto done; 3616 } 3617 if (integrxf && (csb->csa_integrkey = ibuf_get(keymat, 3618 integrxf->xform_keylength / 8)) == NULL) { 3619 log_debug("%s: failed to get CHILD SA integrity key", 3620 __func__); 3621 childsa_free(csa); 3622 childsa_free(csb); 3623 goto done; 3624 } 3625 3626 TAILQ_INSERT_TAIL(&sa->sa_childsas, csa, csa_entry); 3627 TAILQ_INSERT_TAIL(&sa->sa_childsas, csb, csa_entry); 3628 3629 csa->csa_peersa = csb; 3630 csb->csa_peersa = csa; 3631 } 3632 3633 ret = 0; 3634 done: 3635 ibuf_release(keymat); 3636 ibuf_release(seed); 3637 3638 return (ret); 3639 } 3640 3641 int 3642 ikev2_childsa_enable(struct iked *env, struct iked_sa *sa) 3643 { 3644 struct iked_childsa *csa; 3645 struct iked_flow *flow; 3646 3647 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 3648 if (csa->csa_rekey || csa->csa_loaded) 3649 continue; 3650 3651 if (pfkey_sa_add(env->sc_pfkey, csa, NULL) != 0) { 3652 log_debug("%s: failed to load CHILD SA spi %s", 3653 __func__, print_spi(csa->csa_spi.spi, 3654 csa->csa_spi.spi_size)); 3655 return (-1); 3656 } 3657 3658 RB_INSERT(iked_activesas, &env->sc_activesas, csa); 3659 3660 log_debug("%s: loaded CHILD SA spi %s", __func__, 3661 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size)); 3662 } 3663 3664 TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) { 3665 if (flow->flow_loaded) 3666 continue; 3667 3668 if (pfkey_flow_add(env->sc_pfkey, flow) != 0) { 3669 log_debug("%s: failed to load flow", __func__); 3670 return (-1); 3671 } 3672 3673 RB_INSERT(iked_flows, &env->sc_activeflows, flow); 3674 3675 log_debug("%s: loaded flow %p", __func__, flow); 3676 } 3677 3678 return (0); 3679 } 3680 3681 int 3682 ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, u_int8_t saproto, 3683 u_int64_t spi, u_int64_t *spiptr, int cleanup) 3684 { 3685 struct iked_childsa *csa, *nextcsa = NULL; 3686 u_int64_t peerspi = 0; 3687 int found = 0; 3688 3689 for (csa = TAILQ_FIRST(&sa->sa_childsas); csa != NULL; csa = nextcsa) { 3690 nextcsa = TAILQ_NEXT(csa, csa_entry); 3691 3692 if ((saproto && csa->csa_saproto != saproto) || 3693 (spi && (csa->csa_spi.spi != spi && 3694 csa->csa_peerspi != spi)) || 3695 (cleanup && csa->csa_loaded)) 3696 continue; 3697 3698 if (csa->csa_loaded) 3699 RB_REMOVE(iked_activesas, &env->sc_activesas, csa); 3700 3701 if (pfkey_sa_delete(env->sc_pfkey, csa) != 0) 3702 log_debug("%s: failed to delete CHILD SA spi %s", 3703 __func__, print_spi(csa->csa_spi.spi, 3704 csa->csa_spi.spi_size)); 3705 else 3706 log_debug("%s: deleted CHILD SA spi %s", __func__, 3707 print_spi(csa->csa_spi.spi, 3708 csa->csa_spi.spi_size)); 3709 found++; 3710 3711 if (spi && csa->csa_spi.spi == spi) 3712 peerspi = csa->csa_peerspi; 3713 3714 TAILQ_REMOVE(&sa->sa_childsas, csa, csa_entry); 3715 childsa_free(csa); 3716 } 3717 3718 if (spiptr) 3719 *spiptr = peerspi; 3720 3721 return (found ? 0 : -1); 3722 } 3723 3724 int 3725 ikev2_valid_proposal(struct iked_proposal *prop, 3726 struct iked_transform **exf, struct iked_transform **ixf, int *esn) 3727 { 3728 struct iked_transform *xform, *encrxf, *integrxf; 3729 u_int i, doesn = 0; 3730 3731 switch (prop->prop_protoid) { 3732 case IKEV2_SAPROTO_ESP: 3733 case IKEV2_SAPROTO_AH: 3734 break; 3735 default: 3736 return (-1); 3737 } 3738 3739 encrxf = integrxf = NULL; 3740 for (i = 0; i < prop->prop_nxforms; i++) { 3741 xform = prop->prop_xforms + i; 3742 if (xform->xform_type == IKEV2_XFORMTYPE_ENCR) 3743 encrxf = xform; 3744 else if (xform->xform_type == IKEV2_XFORMTYPE_INTEGR) 3745 integrxf = xform; 3746 else if (xform->xform_type == IKEV2_XFORMTYPE_ESN && 3747 xform->xform_id == IKEV2_XFORMESN_ESN) 3748 doesn = 1; 3749 } 3750 3751 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) { 3752 if (encrxf == NULL || integrxf == NULL) 3753 return (-1); 3754 } else if (prop->prop_protoid == IKEV2_SAPROTO_AH) { 3755 if (integrxf == NULL) 3756 return (-1); 3757 } else if (prop->prop_protoid == IKEV2_SAPROTO_ESP) { 3758 if (encrxf == NULL) 3759 return (-1); 3760 } 3761 3762 if (exf) 3763 *exf = encrxf; 3764 if (ixf) 3765 *ixf = integrxf; 3766 if (esn) 3767 *esn = doesn; 3768 3769 return (0); 3770 } 3771 3772 void 3773 ikev2_acquire_sa(struct iked *env, struct iked_flow *acquire) 3774 { 3775 struct iked_flow *flow; 3776 struct iked_sa *sa; 3777 struct iked_policy pol, *p = NULL; 3778 3779 if (env->sc_passive) 3780 return; 3781 3782 /* First try to find an active flow with IKE SA */ 3783 flow = RB_FIND(iked_flows, &env->sc_activeflows, acquire); 3784 if (!flow) { 3785 /* Otherwise try to find a matching policy */ 3786 bzero(&pol, sizeof(pol)); 3787 pol.pol_af = acquire->flow_peer->addr_af; 3788 memcpy(&pol.pol_peer, acquire->flow_peer, 3789 sizeof(pol.pol_peer)); 3790 3791 RB_INIT(&pol.pol_flows); 3792 RB_INSERT(iked_flows, &pol.pol_flows, acquire); 3793 pol.pol_nflows = 1; 3794 3795 if ((p = policy_test(env, &pol)) == NULL) { 3796 log_warnx("%s: flow wasn't found", __func__); 3797 return; 3798 } 3799 3800 log_debug("%s: found matching policy '%s'", __func__, 3801 p->pol_name); 3802 3803 if (ikev2_init_ike_sa_peer(env, p, acquire->flow_peer) != 0) 3804 log_warnx("%s: failed to initiate a " 3805 "IKE_SA_INIT exchange", __func__); 3806 } else { 3807 log_debug("%s: found active flow", __func__); 3808 3809 if ((sa = flow->flow_ikesa) == NULL) { 3810 log_warnx("%s: flow without SA", __func__); 3811 return; 3812 } 3813 3814 if (ikev2_send_create_child_sa(env, sa, NULL, 3815 flow->flow_saproto) != 0) 3816 log_warnx("%s: failed to initiate a " 3817 "CREATE_CHILD_SA exchange", __func__); 3818 } 3819 } 3820 3821 void 3822 ikev2_disable_rekeying(struct iked *env, struct iked_sa *sa) 3823 { 3824 struct iked_childsa *csa; 3825 3826 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 3827 csa->csa_persistent = 1; 3828 csa->csa_rekey = 0; 3829 } 3830 3831 (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 3832 } 3833 3834 void 3835 ikev2_rekey_sa(struct iked *env, struct iked_spi *rekey) 3836 { 3837 struct iked_childsa *csa, key; 3838 struct iked_sa *sa; 3839 3840 key.csa_spi = *rekey; 3841 csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); 3842 if (!csa) 3843 return; 3844 3845 if (csa->csa_rekey) /* See if it's already taken care of */ 3846 return; 3847 if ((sa = csa->csa_ikesa) == NULL) { 3848 log_warnx("%s: SA %s doesn't have a parent SA", __func__, 3849 print_spi(rekey->spi, rekey->spi_size)); 3850 return; 3851 } 3852 if (!sa_stateok(sa, IKEV2_STATE_ESTABLISHED)) { 3853 log_warnx("%s: SA %s is not established", __func__, 3854 print_spi(rekey->spi, rekey->spi_size)); 3855 return; 3856 } 3857 if (csa->csa_allocated) /* Peer SPI died first, get the local one */ 3858 rekey->spi = csa->csa_peerspi; 3859 if (ikev2_send_create_child_sa(env, sa, rekey, rekey->spi_protoid)) 3860 log_warnx("%s: failed to initiate a CREATE_CHILD_SA exchange", 3861 __func__); 3862 } 3863 3864 void 3865 ikev2_drop_sa(struct iked *env, struct iked_spi *drop) 3866 { 3867 struct ibuf *buf = NULL; 3868 struct iked_childsa *csa, key; 3869 struct iked_sa *sa; 3870 struct ikev2_delete *del; 3871 u_int32_t spi32; 3872 3873 key.csa_spi = *drop; 3874 csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); 3875 if (!csa || csa->csa_rekey) 3876 return; 3877 RB_REMOVE(iked_activesas, &env->sc_activesas, csa); 3878 csa->csa_loaded = 0; 3879 if ((sa = csa->csa_ikesa) == NULL) { 3880 log_debug("%s: failed to find a parent SA", __func__); 3881 return; 3882 } 3883 3884 if ((buf = ibuf_static()) == NULL) 3885 goto done; 3886 if ((del = ibuf_advance(buf, sizeof(*del))) == NULL) 3887 goto done; 3888 3889 if (csa->csa_allocated) 3890 spi32 = htobe32(csa->csa_spi.spi); 3891 else 3892 spi32 = htobe32(csa->csa_peerspi); 3893 3894 if (ikev2_childsa_delete(env, sa, csa->csa_saproto, 3895 csa->csa_peerspi, NULL, 0)) 3896 log_debug("%s: failed to delete CHILD SA %s", __func__, 3897 print_spi(csa->csa_peerspi, drop->spi_size)); 3898 3899 /* Send PAYLOAD_DELETE */ 3900 3901 if ((buf = ibuf_static()) == NULL) 3902 return; 3903 if ((del = ibuf_advance(buf, sizeof(*del))) == NULL) 3904 goto done; 3905 del->del_protoid = drop->spi_protoid; 3906 del->del_spisize = 4; 3907 del->del_nspi = htobe16(1); 3908 if (ibuf_add(buf, &spi32, sizeof(spi32))) 3909 goto done; 3910 3911 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 3912 IKEV2_EXCHANGE_INFORMATIONAL, 0) == -1) 3913 goto done; 3914 3915 sa->sa_stateflags |= IKED_REQ_INF; 3916 3917 /* Initiate Child SA creation */ 3918 if (ikev2_send_create_child_sa(env, sa, NULL, drop->spi_protoid)) 3919 log_warnx("%s: failed to initiate a CREATE_CHILD_SA exchange", 3920 __func__); 3921 3922 done: 3923 ibuf_release(buf); 3924 return; 3925 } 3926 3927 int 3928 ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen) 3929 { 3930 u_int8_t buf[BUFSIZ], *ptr; 3931 struct sockaddr_in *s4; 3932 struct sockaddr_in6 *s6; 3933 char *str; 3934 ssize_t len; 3935 int i; 3936 const char *type; 3937 3938 bzero(buf, sizeof(buf)); 3939 bzero(idstr, idstrlen); 3940 3941 if (id->id_buf == NULL) 3942 return (-1); 3943 3944 len = ibuf_size(id->id_buf); 3945 ptr = ibuf_data(id->id_buf); 3946 3947 if (len <= id->id_offset) 3948 return (-1); 3949 3950 len -= id->id_offset; 3951 ptr += id->id_offset; 3952 3953 type = print_map(id->id_type, ikev2_id_map); 3954 3955 if (strlcpy(idstr, type, idstrlen) >= idstrlen || 3956 strlcat(idstr, "/", idstrlen) >= idstrlen) 3957 return (-1); 3958 3959 idstr += strlen(idstr); 3960 idstrlen -= strlen(idstr); 3961 3962 switch (id->id_type) { 3963 case IKEV2_ID_IPV4: 3964 s4 = (struct sockaddr_in *)buf; 3965 s4->sin_family = AF_INET; 3966 s4->sin_len = sizeof(*s4); 3967 memcpy(&s4->sin_addr.s_addr, ptr, len); 3968 3969 if (print_host((struct sockaddr_storage *)s4, 3970 idstr, idstrlen) == NULL) 3971 return (-1); 3972 break; 3973 case IKEV2_ID_FQDN: 3974 case IKEV2_ID_UFQDN: 3975 if (len >= (ssize_t)sizeof(buf)) 3976 return (-1); 3977 3978 if ((str = get_string(ptr, len)) == NULL) 3979 return (-1); 3980 3981 if (strlcpy(idstr, str, idstrlen) >= idstrlen) { 3982 free(str); 3983 return (-1); 3984 } 3985 free(str); 3986 break; 3987 case IKEV2_ID_IPV6: 3988 s6 = (struct sockaddr_in6 *)buf; 3989 s6->sin6_family = AF_INET6; 3990 s6->sin6_len = sizeof(*s6); 3991 memcpy(&s6->sin6_addr, ptr, len); 3992 3993 if (print_host((struct sockaddr_storage *)s6, 3994 idstr, idstrlen) == NULL) 3995 return (-1); 3996 break; 3997 case IKEV2_ID_ASN1_DN: 3998 if ((str = ca_asn1_name(ptr, len)) == NULL) 3999 return (-1); 4000 if (strlcpy(idstr, str, idstrlen) >= idstrlen) { 4001 free(str); 4002 return (-1); 4003 } 4004 free(str); 4005 break; 4006 default: 4007 /* XXX test */ 4008 for (i = 0; i < ((ssize_t)idstrlen - 1) && i < len; i++) 4009 snprintf(idstr + i, idstrlen - i, 4010 "%02x", ptr[i]); 4011 break; 4012 } 4013 4014 return (0); 4015 } 4016