1 /* $OpenBSD: ikev2.c,v 1.57 2011/07/05 01:28:06 mikeb Exp $ */ 2 /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ 3 4 /* 5 * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/param.h> 21 #include <sys/types.h> 22 #include <sys/queue.h> 23 #include <sys/socket.h> 24 #include <sys/wait.h> 25 #include <sys/uio.h> 26 27 #include <netinet/in.h> 28 #include <netinet/ip_ipsp.h> 29 #include <arpa/inet.h> 30 31 #include <stdlib.h> 32 #include <stdio.h> 33 #include <unistd.h> 34 #include <string.h> 35 #include <getopt.h> 36 #include <signal.h> 37 #include <errno.h> 38 #include <err.h> 39 #include <pwd.h> 40 #include <event.h> 41 42 #include <openssl/sha.h> 43 #include <openssl/evp.h> 44 45 #include "iked.h" 46 #include "ikev2.h" 47 #include "eap.h" 48 #include "dh.h" 49 50 int ikev2_dispatch_parent(int, struct privsep_proc *, struct imsg *); 51 int ikev2_dispatch_ikev1(int, struct privsep_proc *, struct imsg *); 52 int ikev2_dispatch_cert(int, struct privsep_proc *, struct imsg *); 53 54 struct iked_sa * 55 ikev2_getimsgdata(struct iked *, struct imsg *, struct iked_sahdr *, 56 u_int8_t *, u_int8_t **, size_t *); 57 58 void ikev2_recv(struct iked *, struct iked_message *); 59 int ikev2_ike_auth(struct iked *, struct iked_sa *, 60 struct iked_message *); 61 62 void ikev2_init_recv(struct iked *, struct iked_message *, 63 struct ike_header *); 64 int ikev2_init_ike_sa_peer(struct iked *, struct iked_policy *, 65 struct iked_addr *); 66 int ikev2_init_ike_auth(struct iked *, struct iked_sa *); 67 int ikev2_init_auth(struct iked *, struct iked_message *); 68 int ikev2_init_done(struct iked *, struct iked_sa *); 69 70 void ikev2_resp_recv(struct iked *, struct iked_message *, 71 struct ike_header *); 72 int ikev2_resp_ike_sa_init(struct iked *, struct iked_message *); 73 int ikev2_resp_ike_auth(struct iked *, struct iked_sa *); 74 int ikev2_resp_ike_eap(struct iked *, struct iked_sa *, struct ibuf *); 75 76 int ikev2_send_create_child_sa(struct iked *, struct iked_sa *, 77 struct iked_spi *, u_int8_t); 78 int ikev2_init_create_child_sa(struct iked *, struct iked_message *); 79 int ikev2_resp_create_child_sa(struct iked *, struct iked_message *); 80 81 int ikev2_sa_initiator(struct iked *, struct iked_sa *, 82 struct iked_message *); 83 int ikev2_sa_responder(struct iked *, struct iked_sa *, 84 struct iked_message *); 85 int ikev2_sa_keys(struct iked *, struct iked_sa *); 86 int ikev2_sa_tag(struct iked_sa *, struct iked_id *); 87 88 int ikev2_childsa_negotiate(struct iked *, struct iked_sa *, int); 89 int ikev2_valid_proposal(struct iked_proposal *, 90 struct iked_transform **, struct iked_transform **); 91 92 ssize_t ikev2_add_proposals(struct iked *, struct iked_sa *, struct ibuf *, 93 struct iked_proposals *, u_int8_t, int, int); 94 ssize_t ikev2_add_cp(struct iked *, struct iked_sa *, struct ibuf *); 95 ssize_t ikev2_add_transform(struct ibuf *, 96 u_int8_t, u_int8_t, u_int16_t, u_int16_t); 97 ssize_t ikev2_add_ts(struct ibuf *, struct ikev2_payload **, ssize_t, 98 struct iked_sa *, int); 99 ssize_t ikev2_add_ts_payload(struct ibuf *, u_int, struct iked_sa *); 100 int ikev2_add_data(struct ibuf *, void *, size_t); 101 int ikev2_add_buf(struct ibuf *buf, struct ibuf *); 102 103 static struct privsep_proc procs[] = { 104 { "parent", PROC_PARENT, ikev2_dispatch_parent }, 105 { "ikev1", PROC_IKEV1, ikev2_dispatch_ikev1 }, 106 { "certstore", PROC_CERT, ikev2_dispatch_cert } 107 }; 108 109 pid_t 110 ikev2(struct privsep *ps, struct privsep_proc *p) 111 { 112 return (proc_run(ps, p, procs, nitems(procs), NULL, NULL)); 113 } 114 115 int 116 ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 117 { 118 struct iked *env = p->p_env; 119 120 switch (imsg->hdr.type) { 121 case IMSG_CTL_RESET: 122 return (config_getreset(env, imsg)); 123 case IMSG_CTL_COUPLE: 124 case IMSG_CTL_DECOUPLE: 125 return (config_getcoupled(env, imsg->hdr.type)); 126 case IMSG_CTL_ACTIVE: 127 case IMSG_CTL_PASSIVE: 128 if (config_getmode(env, imsg->hdr.type) == -1) 129 return (0); /* ignore error */ 130 timer_register_initiator(env, ikev2_init_ike_sa); 131 return (0); 132 case IMSG_UDP_SOCKET: 133 return (config_getsocket(env, imsg, ikev2_msg_cb)); 134 case IMSG_PFKEY_SOCKET: 135 return (config_getpfkey(env, imsg)); 136 case IMSG_CFG_POLICY: 137 return (config_getpolicy(env, imsg)); 138 case IMSG_CFG_USER: 139 return (config_getuser(env, imsg)); 140 case IMSG_COMPILE: 141 return (config_getcompile(env, imsg)); 142 default: 143 break; 144 } 145 146 return (-1); 147 } 148 149 int 150 ikev2_dispatch_ikev1(int fd, struct privsep_proc *p, struct imsg *imsg) 151 { 152 struct iked *env = p->p_env; 153 struct iked_message msg; 154 u_int8_t *buf; 155 ssize_t len; 156 157 switch (imsg->hdr.type) { 158 case IMSG_IKE_MESSAGE: 159 log_debug("%s: message", __func__); 160 IMSG_SIZE_CHECK(imsg, &msg); 161 memcpy(&msg, imsg->data, sizeof(msg)); 162 163 len = IMSG_DATA_SIZE(imsg) - sizeof(msg); 164 buf = (u_int8_t *)imsg->data + sizeof(msg); 165 if (len <= 0 || (msg.msg_data = ibuf_new(buf, len)) == NULL) { 166 log_debug("%s: short message", __func__); 167 return (0); 168 } 169 170 log_debug("%s: message length %d", __func__, len); 171 172 ikev2_recv(env, &msg); 173 ikev2_msg_cleanup(env, &msg); 174 return (0); 175 default: 176 break; 177 } 178 179 return (-1); 180 } 181 182 int 183 ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) 184 { 185 struct iked *env = p->p_env; 186 struct iked_sahdr sh; 187 struct iked_sa *sa; 188 u_int8_t type; 189 u_int8_t *ptr; 190 size_t len; 191 struct iked_id *id = NULL; 192 193 switch (imsg->hdr.type) { 194 case IMSG_CERTREQ: 195 IMSG_SIZE_CHECK(imsg, &type); 196 197 ptr = imsg->data; 198 memcpy(&type, ptr, sizeof(type)); 199 ptr += sizeof(type); 200 201 ibuf_release(env->sc_certreq); 202 env->sc_certreqtype = type; 203 env->sc_certreq = ibuf_new(ptr, 204 IMSG_DATA_SIZE(imsg) - sizeof(type)); 205 206 log_debug("%s: updated local CERTREQ signatures length %d", 207 __func__, ibuf_length(env->sc_certreq)); 208 209 break; 210 case IMSG_CERTVALID: 211 case IMSG_CERTINVALID: 212 memcpy(&sh, imsg->data, sizeof(sh)); 213 memcpy(&type, (u_int8_t *)imsg->data + sizeof(sh), 214 sizeof(type)); 215 216 /* Ignore invalid or unauthenticated SAs */ 217 if ((sa = sa_lookup(env, 218 sh.sh_ispi, sh.sh_rspi, sh.sh_initiator)) == NULL || 219 sa->sa_state < IKEV2_STATE_EAP) 220 break; 221 222 if (imsg->hdr.type == IMSG_CERTVALID) { 223 log_debug("%s: peer certificate is valid", __func__); 224 sa_stateflags(sa, IKED_REQ_VALID); 225 sa_state(env, sa, IKEV2_STATE_VALID); 226 } else { 227 log_warnx("%s: peer certificate is invalid", __func__); 228 } 229 230 if (ikev2_ike_auth(env, sa, NULL) != 0) 231 log_debug("%s: failed to send ike auth", __func__); 232 break; 233 case IMSG_CERT: 234 if ((sa = ikev2_getimsgdata(env, imsg, 235 &sh, &type, &ptr, &len)) == NULL) { 236 log_debug("%s: invalid cert reply", __func__); 237 break; 238 } 239 240 if (sh.sh_initiator) 241 id = &sa->sa_icert; 242 else 243 id = &sa->sa_rcert; 244 245 id->id_type = type; 246 id->id_offset = 0; 247 ibuf_release(id->id_buf); 248 id->id_buf = NULL; 249 250 if (type != IKEV2_CERT_NONE) { 251 if (len <= 0 || 252 (id->id_buf = ibuf_new(ptr, len)) == NULL) { 253 log_debug("%s: failed to get cert payload", 254 __func__); 255 break; 256 } 257 } 258 259 log_debug("%s: cert type %d length %d", __func__, 260 id->id_type, ibuf_length(id->id_buf)); 261 262 sa_stateflags(sa, IKED_REQ_CERT); 263 264 if (ikev2_ike_auth(env, sa, NULL) != 0) 265 log_debug("%s: failed to send ike auth", __func__); 266 break; 267 case IMSG_AUTH: 268 if ((sa = ikev2_getimsgdata(env, imsg, 269 &sh, &type, &ptr, &len)) == NULL) { 270 log_debug("%s: invalid auth reply", __func__); 271 break; 272 } 273 274 log_debug("%s: AUTH type %d len %d", __func__, type, len); 275 276 id = &sa->sa_localauth; 277 id->id_type = type; 278 id->id_offset = 0; 279 ibuf_release(id->id_buf); 280 281 if (type != IKEV2_AUTH_NONE) { 282 if (len <= 0 || 283 (id->id_buf = ibuf_new(ptr, len)) == NULL) { 284 log_debug("%s: failed to get auth payload", 285 __func__); 286 break; 287 } 288 } 289 290 sa_stateflags(sa, IKED_REQ_AUTH); 291 292 if (ikev2_ike_auth(env, sa, NULL) != 0) 293 log_debug("%s: failed to send ike auth", __func__); 294 break; 295 default: 296 return (-1); 297 } 298 299 return (0); 300 } 301 302 struct iked_sa * 303 ikev2_getimsgdata(struct iked *env, struct imsg *imsg, struct iked_sahdr *sh, 304 u_int8_t *type, u_int8_t **buf, size_t *size) 305 { 306 u_int8_t *ptr; 307 size_t len; 308 struct iked_sa *sa; 309 310 IMSG_SIZE_CHECK(imsg, sh); 311 312 ptr = imsg->data; 313 len = IMSG_DATA_SIZE(imsg) - sizeof(*sh) - sizeof(*type); 314 memcpy(sh, ptr, sizeof(*sh)); 315 memcpy(type, ptr + sizeof(*sh), sizeof(*type)); 316 317 sa = sa_lookup(env, sh->sh_ispi, sh->sh_rspi, sh->sh_initiator); 318 319 log_debug("%s: imsg %d rspi %s ispi %s initiator %d sa %s" 320 " type %d data length %d", 321 __func__, imsg->hdr.type, 322 print_spi(sh->sh_rspi, 8), 323 print_spi(sh->sh_ispi, 8), 324 sh->sh_initiator, 325 sa == NULL ? "invalid" : "valid", *type, len); 326 327 if (sa == NULL) 328 return (NULL); 329 330 *buf = ptr + sizeof(*sh) + sizeof(*type); 331 *size = len; 332 333 return (sa); 334 } 335 336 void 337 ikev2_recv(struct iked *env, struct iked_message *msg) 338 { 339 struct ike_header *hdr; 340 struct iked_sa *sa; 341 u_int initiator, flag = 0; 342 343 hdr = ibuf_seek(msg->msg_data, msg->msg_offset, sizeof(*hdr)); 344 345 if (hdr == NULL || (ssize_t)ibuf_size(msg->msg_data) < 346 (betoh32(hdr->ike_length) - msg->msg_offset)) 347 return; 348 349 initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? 0 : 1; 350 msg->msg_sa = sa_lookup(env, 351 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 352 initiator); 353 if (policy_lookup(env, msg) != 0) 354 return; 355 356 log_info("%s: %s from %s %s to %s policy '%s', %ld bytes", __func__, 357 print_map(hdr->ike_exchange, ikev2_exchange_map), 358 initiator ? "responder" : "initiator", 359 print_host(&msg->msg_peer, NULL, 0), 360 print_host(&msg->msg_local, NULL, 0), 361 msg->msg_policy->pol_name, 362 ibuf_length(msg->msg_data)); 363 364 if ((sa = msg->msg_sa) == NULL) 365 goto done; 366 367 log_debug("%s: updating msg, natt %d", __func__, msg->msg_natt); 368 369 if (msg->msg_natt) 370 sa->sa_natt = 1; 371 372 switch (hdr->ike_exchange) { 373 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 374 flag = IKED_REQ_CHILDSA; 375 goto xchgcommon; 376 377 case IKEV2_EXCHANGE_INFORMATIONAL: 378 flag = IKED_REQ_INF; 379 xchgcommon: 380 if ((sa->sa_stateflags & flag)) { 381 /* response */ 382 if (betoh32(hdr->ike_msgid) == sa->sa_reqid - 1) 383 /* we initiated the exchange */ 384 initiator = 1; 385 else { 386 if (flag == IKED_REQ_CHILDSA) 387 ikev2_disable_rekeying(env, sa); 388 goto errout; /* unexpected id */ 389 } 390 } else { 391 /* request */ 392 if (betoh32(hdr->ike_msgid) >= sa->sa_msgid) { 393 /* we are responding */ 394 initiator = 0; 395 sa->sa_msgid = betoh32(hdr->ike_msgid); 396 } else 397 goto errout; /* unexpected id */ 398 } 399 break; 400 401 default: 402 if (initiator) { 403 if (betoh32(hdr->ike_msgid) != sa->sa_reqid - 1) 404 goto errout; 405 } else { 406 if (betoh32(hdr->ike_msgid) < sa->sa_msgid) 407 goto errout; 408 else 409 sa->sa_msgid = betoh32(hdr->ike_msgid); 410 } 411 break; 412 errout: 413 sa->sa_stateflags &= ~flag; 414 log_debug("%s: invalid sequence number %d " 415 "(SA msgid %d reqid %d)", __func__, 416 betoh32(hdr->ike_msgid), sa->sa_msgid, 417 sa->sa_reqid); 418 return; 419 } 420 421 if (sa_address(sa, &sa->sa_peer, &msg->msg_peer, initiator) == -1 || 422 sa_address(sa, &sa->sa_local, &msg->msg_local, initiator) == -1) 423 return; 424 425 sa->sa_fd = msg->msg_fd; 426 427 log_debug("%s: updated SA peer %s local %s", __func__, 428 print_host(&sa->sa_peer.addr, NULL, 0), 429 print_host(&sa->sa_local.addr, NULL, 0)); 430 431 done: 432 if (initiator) 433 ikev2_init_recv(env, msg, hdr); 434 else 435 ikev2_resp_recv(env, msg, hdr); 436 437 if (sa != NULL && sa->sa_state == IKEV2_STATE_CLOSED) 438 sa_free(env, sa); 439 } 440 441 int 442 ikev2_ike_auth(struct iked *env, struct iked_sa *sa, 443 struct iked_message *msg) 444 { 445 struct iked_id *id, *certid; 446 struct ibuf *authmsg; 447 struct iked_auth ikeauth; 448 struct iked_policy *policy = sa->sa_policy; 449 int ret = -1; 450 451 if (msg == NULL) 452 goto done; 453 454 if (sa->sa_hdr.sh_initiator) { 455 id = &sa->sa_rid; 456 certid = &sa->sa_rcert; 457 } else { 458 id = &sa->sa_iid; 459 certid = &sa->sa_icert; 460 } 461 462 if (msg->msg_id.id_type) { 463 memcpy(id, &msg->msg_id, sizeof(*id)); 464 bzero(&msg->msg_id, sizeof(msg->msg_id)); 465 466 if ((authmsg = ikev2_msg_auth(env, sa, 467 !sa->sa_hdr.sh_initiator)) == NULL) { 468 log_debug("%s: failed to get response " 469 "auth data", __func__); 470 return (-1); 471 } 472 473 ca_setauth(env, sa, authmsg, PROC_CERT); 474 ibuf_release(authmsg); 475 } 476 477 if (msg->msg_cert.id_type) { 478 memcpy(certid, &msg->msg_cert, sizeof(*certid)); 479 bzero(&msg->msg_cert, sizeof(msg->msg_cert)); 480 481 ca_setcert(env, &sa->sa_hdr, 482 id, certid->id_type, 483 ibuf_data(certid->id_buf), 484 ibuf_length(certid->id_buf), PROC_CERT); 485 } 486 487 if (msg->msg_auth.id_type) { 488 memcpy(&ikeauth, &policy->pol_auth, sizeof(ikeauth)); 489 490 if (policy->pol_auth.auth_eap && sa->sa_eapmsk != NULL) { 491 /* 492 * The initiator EAP auth is a PSK derived 493 * from the EAP-specific MSK 494 */ 495 ikeauth.auth_method = IKEV2_AUTH_SHARED_KEY_MIC; 496 497 /* Copy session key as PSK */ 498 memcpy(ikeauth.auth_data, ibuf_data(sa->sa_eapmsk), 499 ibuf_size(sa->sa_eapmsk)); 500 ikeauth.auth_length = ibuf_size(sa->sa_eapmsk); 501 } 502 503 if (msg->msg_auth.id_type != ikeauth.auth_method) { 504 log_warnx("%s: unexpected auth method %s", __func__, 505 print_map(ikeauth.auth_method, ikev2_auth_map)); 506 return (-1); 507 } 508 509 if ((authmsg = ikev2_msg_auth(env, sa, 510 sa->sa_hdr.sh_initiator)) == NULL) { 511 log_debug("%s: failed to get auth data", __func__); 512 return (-1); 513 } 514 515 ret = ikev2_msg_authverify(env, sa, &ikeauth, 516 ibuf_data(msg->msg_auth.id_buf), 517 ibuf_length(msg->msg_auth.id_buf), 518 authmsg); 519 ibuf_release(authmsg); 520 521 if (ret != 0) 522 goto done; 523 524 if (sa->sa_eapmsk != NULL) { 525 if ((authmsg = ikev2_msg_auth(env, sa, 526 !sa->sa_hdr.sh_initiator)) == NULL) { 527 log_debug("%s: failed to get auth data", 528 __func__); 529 return (-1); 530 } 531 532 /* XXX 2nd AUTH for EAP messages */ 533 ret = ikev2_msg_authsign(env, sa, &ikeauth, authmsg); 534 ibuf_release(authmsg); 535 536 if (ret != 0) { 537 /* XXX */ 538 return (-1); 539 } 540 541 sa_state(env, sa, IKEV2_STATE_EAP_VALID); 542 } 543 } 544 545 if (!TAILQ_EMPTY(&msg->msg_proposals)) { 546 if (ikev2_sa_negotiate(sa, 547 &sa->sa_policy->pol_proposals, 548 &msg->msg_proposals, IKEV2_SAPROTO_ESP) != 0) { 549 log_debug("%s: no proposal chosen", __func__); 550 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 551 return (-1); 552 } else 553 sa_stateflags(sa, IKED_REQ_SA); 554 } 555 556 done: 557 if (sa->sa_hdr.sh_initiator) { 558 if (sa_stateok(sa, IKEV2_STATE_AUTH_SUCCESS)) 559 return (ikev2_init_done(env, sa)); 560 else 561 return (ikev2_init_ike_auth(env, sa)); 562 } 563 return (ikev2_resp_ike_auth(env, sa)); 564 } 565 566 void 567 ikev2_init_recv(struct iked *env, struct iked_message *msg, 568 struct ike_header *hdr) 569 { 570 struct iked_sa *sa; 571 572 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) { 573 log_debug("%s: unknown SA", __func__); 574 return; 575 } 576 sa = msg->msg_sa; 577 578 switch (hdr->ike_exchange) { 579 case IKEV2_EXCHANGE_IKE_SA_INIT: 580 /* Update the SPIs */ 581 if ((sa = sa_new(env, 582 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 1, 583 NULL)) == NULL || sa != msg->msg_sa) { 584 log_debug("%s: invalid new SA %p", __func__, sa); 585 sa_free(env, sa); 586 } 587 break; 588 case IKEV2_EXCHANGE_IKE_AUTH: 589 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 590 case IKEV2_EXCHANGE_INFORMATIONAL: 591 break; 592 default: 593 log_debug("%s: unsupported exchange: %s", __func__, 594 print_map(hdr->ike_exchange, ikev2_exchange_map)); 595 return; 596 } 597 598 if (ikev2_pld_parse(env, hdr, msg, msg->msg_offset) != 0) { 599 log_debug("%s: failed to parse message", __func__); 600 return; 601 } 602 603 if (!ikev2_msg_frompeer(msg)) 604 return; 605 606 switch (hdr->ike_exchange) { 607 case IKEV2_EXCHANGE_IKE_SA_INIT: 608 (void)ikev2_init_auth(env, msg); 609 break; 610 case IKEV2_EXCHANGE_IKE_AUTH: 611 (void)ikev2_ike_auth(env, sa, msg); 612 break; 613 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 614 (void)ikev2_init_create_child_sa(env, msg); 615 break; 616 case IKEV2_EXCHANGE_INFORMATIONAL: 617 break; 618 default: 619 log_debug("%s: exchange %s not implemented", __func__, 620 print_map(hdr->ike_exchange, ikev2_exchange_map)); 621 break; 622 } 623 } 624 625 int 626 ikev2_init_ike_sa(struct iked *env, struct iked_policy *pol) 627 { 628 return (ikev2_init_ike_sa_peer(env, pol, &pol->pol_peer)); 629 } 630 631 int 632 ikev2_init_ike_sa_peer(struct iked *env, struct iked_policy *pol, 633 struct iked_addr *peer) 634 { 635 struct iked_message req; 636 struct ike_header *hdr; 637 struct ikev2_payload *pld; 638 struct ikev2_keyexchange *ke; 639 struct ikev2_notify *n; 640 struct iked_sa *sa; 641 struct ibuf *buf; 642 struct group *group; 643 u_int8_t *ptr; 644 ssize_t len; 645 int ret = -1; 646 struct iked_socket *sock; 647 in_port_t port; 648 649 if ((sock = ikev2_msg_getsocket(env, 650 peer->addr_af)) == NULL) 651 return (-1); 652 653 /* Create a new initiator SA */ 654 if ((sa = sa_new(env, 0, 0, 1, pol)) == NULL) 655 return (-1); 656 657 /* Pick peer's DH group if asked */ 658 sa->sa_dhgroup = pol->pol_peerdh; 659 660 if (ikev2_sa_initiator(env, sa, NULL) == -1) 661 goto done; 662 663 if ((buf = ikev2_msg_init(env, &req, 664 &peer->addr, peer->addr.ss_len, 665 &pol->pol_local.addr, pol->pol_local.addr.ss_len, 0)) == NULL) 666 goto done; 667 668 /* Inherit the port from the 1st send socket */ 669 port = htons(socket_getport(&sock->sock_addr)); 670 (void)socket_af((struct sockaddr *)&req.msg_local, port); 671 (void)socket_af((struct sockaddr *)&req.msg_peer, port); 672 673 req.msg_fd = sock->sock_fd; 674 req.msg_sa = sa; 675 req.msg_sock = sock; 676 677 /* IKE header */ 678 if ((hdr = ikev2_add_header(buf, sa, ikev2_msg_id(env, sa, 0), 679 IKEV2_PAYLOAD_SA, IKEV2_EXCHANGE_IKE_SA_INIT, 0)) == NULL) 680 goto done; 681 682 /* SA payload */ 683 if ((pld = ikev2_add_payload(buf)) == NULL) 684 goto done; 685 if ((len = ikev2_add_proposals(env, sa, buf, &pol->pol_proposals, 686 IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0)) == -1) 687 goto done; 688 689 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 690 goto done; 691 692 /* KE payload */ 693 if ((pld = ikev2_add_payload(buf)) == NULL) 694 goto done; 695 if ((ke = ibuf_advance(buf, sizeof(*ke))) == NULL) 696 goto done; 697 if ((group = sa->sa_dhgroup) == NULL) { 698 log_debug("%s: invalid dh", __func__); 699 goto done; 700 } 701 ke->kex_dhgroup = htobe16(group->id); 702 if (ikev2_add_buf(buf, sa->sa_dhiexchange) == -1) 703 goto done; 704 len = sizeof(*ke) + dh_getlen(group); 705 706 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 707 goto done; 708 709 /* NONCE payload */ 710 if ((pld = ikev2_add_payload(buf)) == NULL) 711 goto done; 712 if (ikev2_add_buf(buf, sa->sa_inonce) == -1) 713 goto done; 714 len = ibuf_size(sa->sa_inonce); 715 716 if ((env->sc_opts & IKED_OPT_NONATT) == 0) { 717 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 718 goto done; 719 720 /* NAT-T notify payloads */ 721 if ((pld = ikev2_add_payload(buf)) == NULL) 722 goto done; 723 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 724 goto done; 725 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_SOURCE_IP); 726 len = ikev2_nat_detection(&req, NULL, 0, 0); 727 if ((ptr = ibuf_advance(buf, len)) == NULL) 728 goto done; 729 if ((len = ikev2_nat_detection(&req, ptr, len, 730 betoh16(n->n_type))) == -1) 731 goto done; 732 len += sizeof(*n); 733 734 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 735 goto done; 736 737 if ((pld = ikev2_add_payload(buf)) == NULL) 738 goto done; 739 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 740 goto done; 741 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_DESTINATION_IP); 742 len = ikev2_nat_detection(&req, NULL, 0, 0); 743 if ((ptr = ibuf_advance(buf, len)) == NULL) 744 goto done; 745 if ((len = ikev2_nat_detection(&req, ptr, len, 746 betoh16(n->n_type))) == -1) 747 goto done; 748 len += sizeof(*n); 749 } 750 751 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 752 goto done; 753 754 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 755 goto done; 756 757 (void)ikev2_pld_parse(env, hdr, &req, 0); 758 759 ibuf_release(sa->sa_1stmsg); 760 if ((sa->sa_1stmsg = ibuf_dup(buf)) == NULL) { 761 log_debug("%s: failed to copy 1st message", __func__); 762 goto done; 763 } 764 765 if ((ret = ikev2_msg_send(env, req.msg_fd, &req)) == 0) 766 sa_state(env, sa, IKEV2_STATE_SA_INIT); 767 768 done: 769 if (ret == -1) 770 sa_free(env, sa); 771 ikev2_msg_cleanup(env, &req); 772 773 return (ret); 774 } 775 776 int 777 ikev2_init_auth(struct iked *env, struct iked_message *msg) 778 { 779 struct iked_sa *sa = msg->msg_sa; 780 struct ibuf *authmsg; 781 782 if (sa == NULL) 783 return (-1); 784 785 if (ikev2_sa_initiator(env, sa, msg) == -1) { 786 log_debug("%s: failed to get IKE keys", __func__); 787 return (-1); 788 } 789 790 if ((authmsg = ikev2_msg_auth(env, sa, 791 !sa->sa_hdr.sh_initiator)) == NULL) { 792 log_debug("%s: failed to get auth data", __func__); 793 return (-1); 794 } 795 796 if (ca_setauth(env, sa, authmsg, PROC_CERT) == -1) { 797 log_debug("%s: failed to get cert", __func__); 798 return (-1); 799 } 800 801 return (ikev2_init_ike_auth(env, sa)); 802 } 803 804 int 805 ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa) 806 { 807 struct iked_policy *pol = sa->sa_policy; 808 struct ikev2_payload *pld; 809 struct ikev2_cert *cert; 810 struct ikev2_auth *auth; 811 struct iked_id *id, *certid; 812 struct ibuf *e = NULL; 813 u_int8_t firstpayload; 814 int ret = -1; 815 ssize_t len; 816 817 if (!sa_stateok(sa, IKEV2_STATE_SA_INIT)) 818 return (0); 819 820 if (!sa->sa_localauth.id_type) { 821 log_debug("%s: no local auth", __func__); 822 return (-1); 823 } 824 825 /* New encrypted message buffer */ 826 if ((e = ibuf_static()) == NULL) 827 goto done; 828 829 id = &sa->sa_iid; 830 certid = &sa->sa_icert; 831 832 /* ID payload */ 833 if ((pld = ikev2_add_payload(e)) == NULL) 834 goto done; 835 firstpayload = IKEV2_PAYLOAD_IDi; 836 if (ibuf_cat(e, id->id_buf) != 0) 837 goto done; 838 len = ibuf_size(id->id_buf); 839 840 /* CERT payload */ 841 if ((sa->sa_stateinit & IKED_REQ_CERT) && 842 (certid->id_type != IKEV2_CERT_NONE)) { 843 if (ikev2_next_payload(pld, len, 844 IKEV2_PAYLOAD_CERT) == -1) 845 goto done; 846 if ((pld = ikev2_add_payload(e)) == NULL) 847 goto done; 848 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 849 goto done; 850 cert->cert_type = certid->id_type; 851 if (ibuf_cat(e, certid->id_buf) != 0) 852 goto done; 853 len = ibuf_size(certid->id_buf) + sizeof(*cert); 854 855 if (env->sc_certreqtype) { 856 if (ikev2_next_payload(pld, len, 857 IKEV2_PAYLOAD_CERTREQ) == -1) 858 goto done; 859 860 /* CERTREQ payload */ 861 if ((pld = ikev2_add_payload(e)) == NULL) 862 goto done; 863 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 864 goto done; 865 cert->cert_type = env->sc_certreqtype; 866 if (ikev2_add_buf(e, env->sc_certreq) == -1) 867 goto done; 868 len = ibuf_size(env->sc_certreq) + sizeof(*cert); 869 } 870 } 871 872 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 873 goto done; 874 875 /* AUTH payload */ 876 if ((pld = ikev2_add_payload(e)) == NULL) 877 goto done; 878 if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL) 879 goto done; 880 auth->auth_method = sa->sa_localauth.id_type; 881 if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0) 882 goto done; 883 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 884 885 /* CP payload */ 886 if (sa->sa_cp) { 887 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CP) == -1) 888 goto done; 889 890 if ((pld = ikev2_add_payload(e)) == NULL) 891 goto done; 892 if ((len = ikev2_add_cp(env, sa, e)) == -1) 893 goto done; 894 } 895 896 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 897 goto done; 898 899 /* SA payload */ 900 if ((pld = ikev2_add_payload(e)) == NULL) 901 goto done; 902 if ((len = ikev2_add_proposals(env, sa, e, &pol->pol_proposals, 903 IKEV2_SAPROTO_ESP, sa->sa_hdr.sh_initiator, 0)) == -1) 904 goto done; 905 906 if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) 907 goto done; 908 909 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 910 goto done; 911 912 ret = ikev2_msg_send_encrypt(env, sa, &e, 913 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 0); 914 915 done: 916 ibuf_release(e); 917 918 return (ret); 919 } 920 921 int 922 ikev2_init_done(struct iked *env, struct iked_sa *sa) 923 { 924 int ret; 925 926 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 927 return (0); /* ignored */ 928 929 ret = ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator); 930 if (ret == 0) 931 ret = ikev2_childsa_enable(env, sa); 932 if (ret == 0) 933 sa_state(env, sa, IKEV2_STATE_ESTABLISHED); 934 935 if (ret) 936 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 937 return (ret); 938 } 939 940 int 941 ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) 942 { 943 struct ikev2_id hdr; 944 struct iked_static_id localpid; 945 char idstr[IKED_ID_SIZE]; 946 struct in_addr in4; 947 struct in6_addr in6; 948 949 /* Fixup the local Id if not specified */ 950 if (srcid && polid->id_type == 0) { 951 polid = &localpid; 952 bzero(polid, sizeof(*polid)); 953 954 /* Create a default local ID based on our FQDN */ 955 polid->id_type = IKEV2_ID_FQDN; 956 if (gethostname((char *)polid->id_data, 957 sizeof(polid->id_data)) != 0) 958 return (-1); 959 polid->id_offset = 0; 960 polid->id_length = 961 strlen((char *)polid->id_data); /* excluding NUL */ 962 } 963 964 if (!polid->id_length) 965 return (-1); 966 967 /* Create an IKEv2 ID payload */ 968 bzero(&hdr, sizeof(hdr)); 969 hdr.id_type = id->id_type = polid->id_type; 970 id->id_offset = sizeof(hdr); 971 972 if ((id->id_buf = ibuf_new(&hdr, sizeof(hdr))) == NULL) 973 return (-1); 974 975 switch (id->id_type) { 976 case IKEV2_ID_IPV4: 977 if (inet_pton(AF_INET, polid->id_data, &in4) != 1 || 978 ibuf_add(id->id_buf, &in4, sizeof(in4)) != 0) { 979 ibuf_release(id->id_buf); 980 return (-1); 981 } 982 break; 983 case IKEV2_ID_IPV6: 984 if (inet_pton(AF_INET6, polid->id_data, &in6) != 1 || 985 ibuf_add(id->id_buf, &in6, sizeof(in6)) != 0) { 986 ibuf_release(id->id_buf); 987 return (-1); 988 } 989 break; 990 default: 991 if (ibuf_add(id->id_buf, 992 polid->id_data, polid->id_length) != 0) { 993 ibuf_release(id->id_buf); 994 return (-1); 995 } 996 break; 997 } 998 999 if (ikev2_print_id(id, idstr, sizeof(idstr)) == -1) 1000 return (-1); 1001 1002 log_debug("%s: %s %s length %d", __func__, 1003 srcid ? "srcid" : "dstid", 1004 idstr, ibuf_size(id->id_buf)); 1005 1006 return (0); 1007 } 1008 1009 struct ike_header * 1010 ikev2_add_header(struct ibuf *buf, struct iked_sa *sa, 1011 u_int32_t msgid, u_int8_t nextpayload, 1012 u_int8_t exchange, u_int8_t flags) 1013 { 1014 struct ike_header *hdr; 1015 1016 if ((hdr = ibuf_advance(buf, sizeof(*hdr))) == NULL) { 1017 log_debug("%s: failed to add header", __func__); 1018 return (NULL); 1019 } 1020 1021 hdr->ike_ispi = htobe64(sa->sa_hdr.sh_ispi); 1022 hdr->ike_rspi = htobe64(sa->sa_hdr.sh_rspi); 1023 hdr->ike_nextpayload = nextpayload; 1024 hdr->ike_version = IKEV2_VERSION; 1025 hdr->ike_exchange = exchange; 1026 hdr->ike_msgid = htobe32(msgid); 1027 hdr->ike_length = htobe32(sizeof(*hdr)); 1028 hdr->ike_flags = flags; 1029 1030 if (sa->sa_hdr.sh_initiator) 1031 hdr->ike_flags |= IKEV2_FLAG_INITIATOR; 1032 1033 return (hdr); 1034 } 1035 1036 int 1037 ikev2_set_header(struct ike_header *hdr, size_t length) 1038 { 1039 u_int32_t hdrlength = sizeof(*hdr) + length; 1040 1041 if (hdrlength > UINT32_MAX) { 1042 log_debug("%s: message too long", __func__); 1043 return (-1); 1044 } 1045 1046 hdr->ike_length = htobe32(sizeof(*hdr) + length); 1047 1048 return (0); 1049 } 1050 1051 struct ikev2_payload * 1052 ikev2_add_payload(struct ibuf *buf) 1053 { 1054 struct ikev2_payload *pld; 1055 1056 if ((pld = ibuf_advance(buf, sizeof(*pld))) == NULL) { 1057 log_debug("%s: failed to add payload", __func__); 1058 return (NULL); 1059 } 1060 1061 pld->pld_nextpayload = IKEV2_PAYLOAD_NONE; 1062 pld->pld_length = sizeof(*pld); 1063 1064 return (pld); 1065 } 1066 1067 ssize_t 1068 ikev2_add_ts_payload(struct ibuf *buf, u_int type, struct iked_sa *sa) 1069 { 1070 struct iked_policy *pol = sa->sa_policy; 1071 struct ikev2_tsp *tsp; 1072 struct ikev2_ts *ts; 1073 struct iked_flow *flow; 1074 struct iked_addr *addr; 1075 u_int8_t *ptr; 1076 size_t len = 0; 1077 u_int32_t av[4], bv[4], mv[4]; 1078 struct sockaddr_in *in4; 1079 struct sockaddr_in6 *in6; 1080 1081 if ((tsp = ibuf_advance(buf, sizeof(*tsp))) == NULL) 1082 return (-1); 1083 tsp->tsp_count = pol->pol_nflows; 1084 len = sizeof(*tsp); 1085 1086 RB_FOREACH(flow, iked_flows, &pol->pol_flows) { 1087 if ((ts = ibuf_advance(buf, sizeof(*ts))) == NULL) 1088 return (-1); 1089 1090 if (type == IKEV2_PAYLOAD_TSi) { 1091 if (sa->sa_hdr.sh_initiator) 1092 addr = &flow->flow_src; 1093 else 1094 addr = &flow->flow_dst; 1095 } else if (type == IKEV2_PAYLOAD_TSr) { 1096 if (sa->sa_hdr.sh_initiator) 1097 addr = &flow->flow_dst; 1098 else 1099 addr = &flow->flow_src; 1100 } else 1101 return (-1); 1102 1103 ts->ts_protoid = flow->flow_ipproto; 1104 1105 if (addr->addr_port) { 1106 ts->ts_startport = addr->addr_port; 1107 ts->ts_endport = addr->addr_port; 1108 } else { 1109 ts->ts_startport = 0; 1110 ts->ts_endport = 0xffff; 1111 } 1112 1113 switch (addr->addr_af) { 1114 case AF_INET: 1115 ts->ts_type = IKEV2_TS_IPV4_ADDR_RANGE; 1116 ts->ts_length = htobe16(sizeof(*ts) + 8); 1117 1118 if ((ptr = ibuf_advance(buf, 8)) == NULL) 1119 return (-1); 1120 1121 in4 = (struct sockaddr_in *)&addr->addr; 1122 if (addr->addr_net) { 1123 /* Convert IPv4 network to address range */ 1124 mv[0] = prefixlen2mask(addr->addr_mask); 1125 av[0] = in4->sin_addr.s_addr & mv[0]; 1126 bv[0] = in4->sin_addr.s_addr | ~mv[0]; 1127 } else 1128 av[0] = bv[0] = in4->sin_addr.s_addr; 1129 1130 memcpy(ptr, &av[0], 4); 1131 memcpy(ptr + 4, &bv[0], 4); 1132 break; 1133 case AF_INET6: 1134 ts->ts_type = IKEV2_TS_IPV6_ADDR_RANGE; 1135 ts->ts_length = htobe16(sizeof(*ts) + 32); 1136 1137 if ((ptr = ibuf_advance(buf, 32)) == NULL) 1138 return (-1); 1139 1140 in6 = (struct sockaddr_in6 *)&addr->addr; 1141 1142 memcpy(&av, &in6->sin6_addr.s6_addr, 16); 1143 memcpy(&bv, &in6->sin6_addr.s6_addr, 16); 1144 if (addr->addr_net) { 1145 /* Convert IPv6 network to address range */ 1146 prefixlen2mask6(addr->addr_mask, mv); 1147 av[0] &= mv[0]; 1148 av[1] &= mv[1]; 1149 av[2] &= mv[2]; 1150 av[3] &= mv[3]; 1151 bv[0] |= ~mv[0]; 1152 bv[1] |= ~mv[1]; 1153 bv[2] |= ~mv[2]; 1154 bv[3] |= ~mv[3]; 1155 } 1156 1157 memcpy(ptr, &av, 16); 1158 memcpy(ptr + 16, &bv, 16); 1159 break; 1160 } 1161 1162 len += betoh16(ts->ts_length); 1163 } 1164 1165 return (len); 1166 } 1167 1168 ssize_t 1169 ikev2_add_ts(struct ibuf *e, struct ikev2_payload **pld, ssize_t len, 1170 struct iked_sa *sa, int reverse) 1171 { 1172 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSi) == -1) 1173 return (-1); 1174 1175 /* TSi payload */ 1176 if ((*pld = ikev2_add_payload(e)) == NULL) 1177 return (-1); 1178 if ((len = ikev2_add_ts_payload(e, reverse ? IKEV2_PAYLOAD_TSr : 1179 IKEV2_PAYLOAD_TSi, sa)) == -1) 1180 return (-1); 1181 1182 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSr) == -1) 1183 return (-1); 1184 1185 /* TSr payload */ 1186 if ((*pld = ikev2_add_payload(e)) == NULL) 1187 return (-1); 1188 if ((len = ikev2_add_ts_payload(e, reverse ? IKEV2_PAYLOAD_TSi : 1189 IKEV2_PAYLOAD_TSr, sa)) == -1) 1190 return (-1); 1191 1192 return (len); 1193 } 1194 1195 int 1196 ikev2_next_payload(struct ikev2_payload *pld, size_t length, 1197 u_int8_t nextpayload) 1198 { 1199 size_t pldlength = sizeof(*pld) + length; 1200 1201 if (pldlength > UINT16_MAX) { 1202 log_debug("%s: payload too long", __func__); 1203 return (-1); 1204 } 1205 1206 log_debug("%s: length %d nextpayload %s", 1207 __func__, pldlength, print_map(nextpayload, ikev2_payload_map)); 1208 1209 pld->pld_length = htobe16(pldlength); 1210 pld->pld_nextpayload = nextpayload; 1211 1212 return (0); 1213 } 1214 1215 ssize_t 1216 ikev2_nat_detection(struct iked_message *msg, void *ptr, size_t len, 1217 u_int type) 1218 { 1219 EVP_MD_CTX ctx; 1220 struct ike_header *hdr; 1221 u_int8_t md[SHA_DIGEST_LENGTH]; 1222 u_int mdlen = sizeof(md); 1223 struct iked_sa *sa = msg->msg_sa; 1224 struct sockaddr_in *in4; 1225 struct sockaddr_in6 *in6; 1226 ssize_t ret = -1; 1227 struct sockaddr_storage *src, *dst, *ss; 1228 u_int64_t rspi, ispi; 1229 struct ibuf *buf; 1230 int frompeer = 0; 1231 1232 if (ptr == NULL) 1233 return (mdlen); 1234 1235 if (ikev2_msg_frompeer(msg)) { 1236 buf = msg->msg_parent->msg_data; 1237 if ((hdr = ibuf_seek(buf, 0, sizeof(*hdr))) == NULL) 1238 return (-1); 1239 ispi = hdr->ike_ispi; 1240 rspi = hdr->ike_rspi; 1241 frompeer = 1; 1242 src = &msg->msg_peer; 1243 dst = &msg->msg_local; 1244 } else { 1245 ispi = htobe64(sa->sa_hdr.sh_ispi); 1246 rspi = htobe64(sa->sa_hdr.sh_rspi); 1247 frompeer = 0; 1248 src = &msg->msg_local; 1249 dst = &msg->msg_peer; 1250 } 1251 1252 EVP_MD_CTX_init(&ctx); 1253 EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL); 1254 1255 switch (type) { 1256 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 1257 log_debug("%s: %s source %s %s %s", __func__, 1258 frompeer ? "peer" : "local", 1259 print_spi(betoh64(ispi), 8), 1260 print_spi(betoh64(rspi), 8), 1261 print_host(src, NULL, 0)); 1262 ss = src; 1263 break; 1264 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 1265 log_debug("%s: %s destination %s %s %s", __func__, 1266 frompeer ? "peer" : "local", 1267 print_spi(betoh64(ispi), 8), 1268 print_spi(betoh64(rspi), 8), 1269 print_host(dst, NULL, 0)); 1270 ss = dst; 1271 break; 1272 default: 1273 goto done; 1274 } 1275 1276 EVP_DigestUpdate(&ctx, &ispi, sizeof(ispi)); 1277 EVP_DigestUpdate(&ctx, &rspi, sizeof(rspi)); 1278 1279 switch (ss->ss_family) { 1280 case AF_INET: 1281 in4 = (struct sockaddr_in *)ss; 1282 EVP_DigestUpdate(&ctx, &in4->sin_addr.s_addr, 1283 sizeof(in4->sin_addr.s_addr)); 1284 EVP_DigestUpdate(&ctx, &in4->sin_port, 1285 sizeof(in4->sin_port)); 1286 break; 1287 case AF_INET6: 1288 in6 = (struct sockaddr_in6 *)ss; 1289 EVP_DigestUpdate(&ctx, &in6->sin6_addr.s6_addr, 1290 sizeof(in6->sin6_addr.s6_addr)); 1291 EVP_DigestUpdate(&ctx, &in6->sin6_port, 1292 sizeof(in6->sin6_port)); 1293 break; 1294 default: 1295 goto done; 1296 } 1297 1298 EVP_DigestFinal_ex(&ctx, md, &mdlen); 1299 1300 if (len < mdlen) 1301 goto done; 1302 1303 memcpy(ptr, md, mdlen); 1304 ret = mdlen; 1305 done: 1306 EVP_MD_CTX_cleanup(&ctx); 1307 1308 return (ret); 1309 } 1310 1311 ssize_t 1312 ikev2_add_cp(struct iked *env, struct iked_sa *sa, struct ibuf *buf) 1313 { 1314 struct iked_policy *pol = sa->sa_policy; 1315 struct ikev2_cp *cp; 1316 struct ikev2_cfg *cfg; 1317 struct iked_cfg *ikecfg; 1318 u_int i; 1319 size_t len; 1320 struct sockaddr_in *in4; 1321 struct sockaddr_in6 *in6; 1322 u_int8_t prefixlen; 1323 1324 if ((cp = ibuf_advance(buf, sizeof(*cp))) == NULL) 1325 return (-1); 1326 len = sizeof(*cp); 1327 1328 switch (sa->sa_cp) { 1329 case IKEV2_CP_REQUEST: 1330 cp->cp_type = IKEV2_CP_REPLY; 1331 break; 1332 case IKEV2_CP_REPLY: 1333 case IKEV2_CP_SET: 1334 case IKEV2_CP_ACK: 1335 /* Not yet supported */ 1336 return (-1); 1337 } 1338 1339 for (i = 0; i < pol->pol_ncfg; i++) { 1340 ikecfg = &pol->pol_cfg[i]; 1341 if (ikecfg->cfg_action != cp->cp_type) 1342 continue; 1343 1344 if ((cfg = ibuf_advance(buf, sizeof(*cfg))) == NULL) 1345 return (-1); 1346 1347 cfg->cfg_type = htobe16(ikecfg->cfg_type); 1348 len += sizeof(*cfg); 1349 1350 switch (ikecfg->cfg_type) { 1351 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 1352 case IKEV2_CFG_INTERNAL_IP4_NETMASK: 1353 case IKEV2_CFG_INTERNAL_IP4_DNS: 1354 case IKEV2_CFG_INTERNAL_IP4_NBNS: 1355 case IKEV2_CFG_INTERNAL_IP4_DHCP: 1356 case IKEV2_CFG_INTERNAL_IP4_SERVER: 1357 /* 4 bytes IPv4 address */ 1358 in4 = (struct sockaddr_in *)&ikecfg->cfg.address.addr; 1359 cfg->cfg_length = htobe16(4); 1360 if (ibuf_add(buf, &in4->sin_addr.s_addr, 4) == -1) 1361 return (-1); 1362 len += 4; 1363 break; 1364 case IKEV2_CFG_INTERNAL_IP6_DNS: 1365 case IKEV2_CFG_INTERNAL_IP6_NBNS: 1366 case IKEV2_CFG_INTERNAL_IP6_DHCP: 1367 case IKEV2_CFG_INTERNAL_IP6_SERVER: 1368 /* 16 bytes IPv6 address */ 1369 in6 = (struct sockaddr_in6 *)&ikecfg->cfg.address; 1370 cfg->cfg_length = htobe16(16); 1371 if (ibuf_add(buf, &in6->sin6_addr.s6_addr, 16) == -1) 1372 return (-1); 1373 len += 16; 1374 break; 1375 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 1376 /* 16 bytes IPv6 address + 1 byte prefix length */ 1377 in6 = (struct sockaddr_in6 *)&ikecfg->cfg.address.addr; 1378 cfg->cfg_length = htobe16(17); 1379 if (ibuf_add(buf, &in6->sin6_addr.s6_addr, 16) == -1) 1380 return (-1); 1381 if (ikecfg->cfg.address.addr_net) 1382 prefixlen = ikecfg->cfg.address.addr_mask; 1383 else 1384 prefixlen = 128; 1385 if (ibuf_add(buf, &prefixlen, 1) == -1) 1386 return (-1); 1387 len += 16 + 1; 1388 break; 1389 case IKEV2_CFG_APPLICATION_VERSION: 1390 /* Reply with an empty string (non-NUL terminated) */ 1391 cfg->cfg_length = 0; 1392 break; 1393 } 1394 } 1395 1396 return (len); 1397 } 1398 1399 ssize_t 1400 ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, 1401 struct iked_proposals *proposals, u_int8_t protoid, int initiator, 1402 int sendikespi) 1403 { 1404 struct ikev2_sa_proposal *sap; 1405 struct iked_transform *xform; 1406 struct iked_proposal *prop; 1407 struct iked_childsa csa; 1408 ssize_t length = 0, saplength, xflen; 1409 u_int64_t spi64; 1410 u_int32_t spi32, spi; 1411 u_int i; 1412 1413 TAILQ_FOREACH(prop, proposals, prop_entry) { 1414 if (prop->prop_protoid != protoid) 1415 continue; 1416 1417 if (protoid != IKEV2_SAPROTO_IKE && initiator) { 1418 bzero(&csa, sizeof(csa)); 1419 csa.csa_ikesa = sa; 1420 csa.csa_saproto = protoid; 1421 csa.csa_local = &sa->sa_peer; 1422 csa.csa_peer = &sa->sa_local; 1423 1424 if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1) 1425 return (-1); 1426 1427 prop->prop_localspi.spi = spi; 1428 prop->prop_localspi.spi_size = 4; 1429 prop->prop_localspi.spi_protoid = protoid; 1430 } 1431 1432 if ((sap = ibuf_advance(buf, sizeof(*sap))) == NULL) { 1433 log_debug("%s: failed to add proposal", __func__); 1434 return (-1); 1435 } 1436 1437 if (sendikespi) { 1438 /* Special case for IKE SA rekeying */ 1439 prop->prop_localspi.spi = initiator ? 1440 sa->sa_hdr.sh_ispi : sa->sa_hdr.sh_rspi; 1441 prop->prop_localspi.spi_size = 8; 1442 } 1443 1444 sap->sap_proposalnr = prop->prop_id; 1445 sap->sap_protoid = prop->prop_protoid; 1446 sap->sap_spisize = prop->prop_localspi.spi_size; 1447 sap->sap_transforms = prop->prop_nxforms; 1448 saplength = sizeof(*sap); 1449 1450 switch (prop->prop_localspi.spi_size) { 1451 case 4: 1452 spi32 = htobe32(prop->prop_localspi.spi); 1453 if (ibuf_add(buf, &spi32, sizeof(spi32)) != 0) 1454 return (-1); 1455 saplength += 4; 1456 break; 1457 case 8: 1458 spi64 = htobe64(prop->prop_localspi.spi); 1459 if (ibuf_add(buf, &spi64, sizeof(spi64)) != 0) 1460 return (-1); 1461 saplength += 8; 1462 break; 1463 default: 1464 break; 1465 } 1466 1467 for (i = 0; i < prop->prop_nxforms; i++) { 1468 xform = prop->prop_xforms + i; 1469 1470 if ((xflen = ikev2_add_transform(buf, 1471 i == prop->prop_nxforms - 1 ? 1472 IKEV2_XFORM_LAST : IKEV2_XFORM_MORE, 1473 xform->xform_type, xform->xform_id, 1474 xform->xform_length)) == -1) 1475 return (-1); 1476 1477 saplength += xflen; 1478 } 1479 1480 sap->sap_length = htobe16(saplength); 1481 length += saplength; 1482 } 1483 1484 log_debug("%s: length %d", __func__, length); 1485 1486 return (length); 1487 } 1488 1489 ssize_t 1490 ikev2_add_transform(struct ibuf *buf, 1491 u_int8_t more, u_int8_t type, u_int16_t id, u_int16_t length) 1492 { 1493 struct ikev2_transform *xfrm; 1494 struct ikev2_attribute *attr; 1495 1496 if ((xfrm = ibuf_advance(buf, sizeof(*xfrm))) == NULL) { 1497 log_debug("%s: failed to add transform", __func__); 1498 return (-1); 1499 } 1500 xfrm->xfrm_more = more; 1501 xfrm->xfrm_type = type; 1502 xfrm->xfrm_id = htobe16(id); 1503 1504 if (length) { 1505 xfrm->xfrm_length = htobe16(sizeof(*xfrm) + sizeof(*attr)); 1506 1507 if ((attr = ibuf_advance(buf, sizeof(*attr))) == NULL) { 1508 log_debug("%s: failed to add attribute", __func__); 1509 return (-1); 1510 } 1511 attr->attr_type = htobe16(IKEV2_ATTRAF_TV | 1512 IKEV2_ATTRTYPE_KEY_LENGTH); 1513 attr->attr_length = htobe16(length); 1514 } else 1515 xfrm->xfrm_length = htobe16(sizeof(*xfrm)); 1516 1517 return (betoh16(xfrm->xfrm_length)); 1518 } 1519 1520 int 1521 ikev2_add_data(struct ibuf *buf, void *data, size_t length) 1522 { 1523 void *msgbuf; 1524 1525 if ((msgbuf = ibuf_advance(buf, length)) == NULL) { 1526 log_debug("%s: failed", __func__); 1527 return (-1); 1528 } 1529 memcpy(msgbuf, data, length); 1530 1531 return (0); 1532 } 1533 1534 int 1535 ikev2_add_buf(struct ibuf *buf, struct ibuf *data) 1536 { 1537 void *msgbuf; 1538 1539 if ((msgbuf = ibuf_advance(buf, ibuf_size(data))) == NULL) { 1540 log_debug("%s: failed", __func__); 1541 return (-1); 1542 } 1543 memcpy(msgbuf, ibuf_data(data), ibuf_size(data)); 1544 1545 return (0); 1546 } 1547 1548 void 1549 ikev2_resp_recv(struct iked *env, struct iked_message *msg, 1550 struct ike_header *hdr) 1551 { 1552 struct iked_sa *sa; 1553 1554 switch (hdr->ike_exchange) { 1555 case IKEV2_EXCHANGE_IKE_SA_INIT: 1556 if (msg->msg_sa != NULL) { 1557 log_debug("%s: SA already exists", __func__); 1558 return; 1559 } 1560 if ((msg->msg_sa = sa_new(env, 1561 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 1562 0, msg->msg_policy)) == NULL) { 1563 log_debug("%s: failed to get new SA", __func__); 1564 return; 1565 } 1566 break; 1567 case IKEV2_EXCHANGE_IKE_AUTH: 1568 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 1569 return; 1570 if (sa_stateok(msg->msg_sa, IKEV2_STATE_VALID)) { 1571 log_debug("%s: already authenticated", __func__); 1572 return; 1573 } 1574 break; 1575 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 1576 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 1577 return; 1578 break; 1579 case IKEV2_EXCHANGE_INFORMATIONAL: 1580 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 1581 return; 1582 break; 1583 default: 1584 log_debug("%s: unsupported exchange: %s", __func__, 1585 print_map(hdr->ike_exchange, ikev2_exchange_map)); 1586 return; 1587 } 1588 1589 if (ikev2_pld_parse(env, hdr, msg, msg->msg_offset) != 0) { 1590 log_debug("%s: failed to parse message", __func__); 1591 return; 1592 } 1593 1594 if (!ikev2_msg_frompeer(msg)) 1595 return; 1596 1597 if ((sa = msg->msg_sa) == NULL) 1598 return; 1599 1600 switch (hdr->ike_exchange) { 1601 case IKEV2_EXCHANGE_IKE_SA_INIT: 1602 if (ikev2_sa_responder(env, sa, msg) != 0) { 1603 log_debug("%s: failed to get IKE SA keys", __func__); 1604 sa_state(env, sa, IKEV2_STATE_CLOSED); 1605 return; 1606 } 1607 if (ikev2_resp_ike_sa_init(env, msg) != 0) { 1608 log_debug("%s: failed to send init response", __func__); 1609 return; 1610 } 1611 break; 1612 case IKEV2_EXCHANGE_IKE_AUTH: 1613 if (!sa_stateok(sa, IKEV2_STATE_SA_INIT)) { 1614 log_debug("%s: state mismatch", __func__); 1615 sa_state(env, sa, IKEV2_STATE_CLOSED); 1616 return; 1617 } 1618 1619 if (!sa_stateok(sa, IKEV2_STATE_AUTH_REQUEST) && 1620 sa->sa_policy->pol_auth.auth_eap) 1621 sa_state(env, sa, IKEV2_STATE_EAP); 1622 1623 if (ikev2_ike_auth(env, sa, msg) != 0) { 1624 log_debug("%s: failed to send auth response", __func__); 1625 return; 1626 } 1627 break; 1628 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 1629 (void)ikev2_resp_create_child_sa(env, msg); 1630 break; 1631 default: 1632 break; 1633 } 1634 } 1635 1636 int 1637 ikev2_resp_ike_sa_init(struct iked *env, struct iked_message *msg) 1638 { 1639 struct iked_message resp; 1640 struct ike_header *hdr; 1641 struct ikev2_payload *pld; 1642 struct ikev2_cert *cert; 1643 struct ikev2_keyexchange *ke; 1644 struct ikev2_notify *n; 1645 struct iked_sa *sa = msg->msg_sa; 1646 struct ibuf *buf; 1647 struct group *group; 1648 u_int8_t *ptr; 1649 ssize_t len; 1650 int ret = -1; 1651 1652 if (sa->sa_hdr.sh_initiator) { 1653 log_debug("%s: called by initiator", __func__); 1654 return (-1); 1655 } 1656 1657 if ((buf = ikev2_msg_init(env, &resp, 1658 &msg->msg_peer, msg->msg_peerlen, 1659 &msg->msg_local, msg->msg_locallen, 1)) == NULL) 1660 goto done; 1661 1662 resp.msg_sa = sa; 1663 1664 /* IKE header */ 1665 if ((hdr = ikev2_add_header(buf, sa, 0, 1666 IKEV2_PAYLOAD_SA, IKEV2_EXCHANGE_IKE_SA_INIT, 1667 IKEV2_FLAG_RESPONSE)) == NULL) 1668 goto done; 1669 1670 /* SA payload */ 1671 if ((pld = ikev2_add_payload(buf)) == NULL) 1672 goto done; 1673 if ((len = ikev2_add_proposals(env, sa, buf, &sa->sa_proposals, 1674 IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0)) == -1) 1675 goto done; 1676 1677 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 1678 goto done; 1679 1680 /* KE payload */ 1681 if ((pld = ikev2_add_payload(buf)) == NULL) 1682 goto done; 1683 if ((ke = ibuf_advance(buf, sizeof(*ke))) == NULL) 1684 goto done; 1685 if ((group = sa->sa_dhgroup) == NULL) { 1686 log_debug("%s: invalid dh", __func__); 1687 goto done; 1688 } 1689 ke->kex_dhgroup = htobe16(group->id); 1690 if (ikev2_add_buf(buf, sa->sa_dhrexchange) == -1) 1691 goto done; 1692 len = sizeof(*ke) + dh_getlen(group); 1693 1694 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 1695 goto done; 1696 1697 /* NONCE payload */ 1698 if ((pld = ikev2_add_payload(buf)) == NULL) 1699 goto done; 1700 if (ikev2_add_buf(buf, sa->sa_rnonce) == -1) 1701 goto done; 1702 len = ibuf_size(sa->sa_rnonce); 1703 1704 if ((env->sc_opts & IKED_OPT_NONATT) == 0 && 1705 msg->msg_local.ss_family != AF_UNSPEC) { 1706 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 1707 goto done; 1708 1709 /* NAT-T notify payloads */ 1710 if ((pld = ikev2_add_payload(buf)) == NULL) 1711 goto done; 1712 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 1713 goto done; 1714 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_SOURCE_IP); 1715 len = ikev2_nat_detection(&resp, NULL, 0, 0); 1716 if ((ptr = ibuf_advance(buf, len)) == NULL) 1717 goto done; 1718 if ((len = ikev2_nat_detection(&resp, ptr, len, 1719 betoh16(n->n_type))) == -1) 1720 goto done; 1721 len += sizeof(*n); 1722 1723 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 1724 goto done; 1725 1726 if ((pld = ikev2_add_payload(buf)) == NULL) 1727 goto done; 1728 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) 1729 goto done; 1730 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_DESTINATION_IP); 1731 len = ikev2_nat_detection(&resp, NULL, 0, 0); 1732 if ((ptr = ibuf_advance(buf, len)) == NULL) 1733 goto done; 1734 if ((len = ikev2_nat_detection(&resp, ptr, len, 1735 betoh16(n->n_type))) == -1) 1736 goto done; 1737 len += sizeof(*n); 1738 } 1739 1740 if (env->sc_certreqtype && (sa->sa_statevalid & IKED_REQ_CERT)) { 1741 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CERTREQ) == -1) 1742 goto done; 1743 1744 /* CERTREQ payload */ 1745 if ((pld = ikev2_add_payload(buf)) == NULL) 1746 goto done; 1747 if ((cert = ibuf_advance(buf, sizeof(*cert))) == NULL) 1748 goto done; 1749 cert->cert_type = env->sc_certreqtype; 1750 if (ikev2_add_buf(buf, env->sc_certreq) == -1) 1751 goto done; 1752 len = ibuf_size(env->sc_certreq) + sizeof(*cert); 1753 } 1754 1755 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1756 goto done; 1757 1758 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 1759 goto done; 1760 1761 (void)ikev2_pld_parse(env, hdr, &resp, 0); 1762 1763 ibuf_release(sa->sa_2ndmsg); 1764 if ((sa->sa_2ndmsg = ibuf_dup(buf)) == NULL) { 1765 log_debug("%s: failed to copy 2nd message", __func__); 1766 goto done; 1767 } 1768 1769 ret = ikev2_msg_send(env, msg->msg_fd, &resp); 1770 1771 done: 1772 ikev2_msg_cleanup(env, &resp); 1773 1774 return (ret); 1775 } 1776 1777 int 1778 ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa) 1779 { 1780 struct ikev2_payload *pld; 1781 struct ikev2_notify *n; 1782 struct ikev2_cert *cert; 1783 struct ikev2_auth *auth; 1784 struct iked_id *id, *certid; 1785 struct ibuf *e = NULL; 1786 u_int8_t firstpayload; 1787 int ret = -1; 1788 ssize_t len; 1789 1790 if (sa == NULL) 1791 return (-1); 1792 1793 if (sa->sa_state == IKEV2_STATE_EAP) 1794 return (ikev2_resp_ike_eap(env, sa, NULL)); 1795 else if (!sa_stateok(sa, IKEV2_STATE_VALID)) 1796 return (0); /* ignore */ 1797 1798 if (ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator) == -1) 1799 return (-1); 1800 1801 /* New encrypted message buffer */ 1802 if ((e = ibuf_static()) == NULL) 1803 goto done; 1804 1805 if (!sa->sa_localauth.id_type) { 1806 /* Downgrade the state */ 1807 sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); 1808 } 1809 1810 if (!sa_stateok(sa, IKEV2_STATE_VALID)) { 1811 /* Notify payload */ 1812 if ((pld = ikev2_add_payload(e)) == NULL) 1813 goto done; 1814 firstpayload = IKEV2_PAYLOAD_NOTIFY; 1815 1816 if ((n = ibuf_advance(e, sizeof(*n))) == NULL) 1817 goto done; 1818 n->n_protoid = IKEV2_SAPROTO_IKE; /* XXX ESP etc. */ 1819 n->n_spisize = 0; 1820 n->n_type = htobe16(IKEV2_N_AUTHENTICATION_FAILED); 1821 len = sizeof(*n); 1822 1823 goto send; 1824 } 1825 1826 if (sa->sa_hdr.sh_initiator) { 1827 id = &sa->sa_iid; 1828 certid = &sa->sa_icert; 1829 } else { 1830 id = &sa->sa_rid; 1831 certid = &sa->sa_rcert; 1832 } 1833 1834 if (sa->sa_state != IKEV2_STATE_EAP_VALID) { 1835 /* ID payload */ 1836 if ((pld = ikev2_add_payload(e)) == NULL) 1837 goto done; 1838 firstpayload = IKEV2_PAYLOAD_IDr; 1839 if (ibuf_cat(e, id->id_buf) != 0) 1840 goto done; 1841 len = ibuf_size(id->id_buf); 1842 1843 /* CERT payload */ 1844 if ((sa->sa_statevalid & IKED_REQ_CERT) && 1845 (certid->id_type != IKEV2_CERT_NONE)) { 1846 if (ikev2_next_payload(pld, len, 1847 IKEV2_PAYLOAD_CERT) == -1) 1848 goto done; 1849 1850 if ((pld = ikev2_add_payload(e)) == NULL) 1851 goto done; 1852 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 1853 goto done; 1854 cert->cert_type = certid->id_type; 1855 if (ibuf_cat(e, certid->id_buf) != 0) 1856 goto done; 1857 len = ibuf_size(certid->id_buf) + sizeof(*cert); 1858 } 1859 1860 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 1861 goto done; 1862 } else 1863 firstpayload = IKEV2_PAYLOAD_AUTH; 1864 1865 /* AUTH payload */ 1866 if ((pld = ikev2_add_payload(e)) == NULL) 1867 goto done; 1868 if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL) 1869 goto done; 1870 auth->auth_method = sa->sa_localauth.id_type; 1871 if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0) 1872 goto done; 1873 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 1874 1875 /* CP payload */ 1876 if (sa->sa_cp) { 1877 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CP) == -1) 1878 goto done; 1879 1880 if ((pld = ikev2_add_payload(e)) == NULL) 1881 goto done; 1882 if ((len = ikev2_add_cp(env, sa, e)) == -1) 1883 goto done; 1884 } 1885 1886 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 1887 goto done; 1888 1889 /* SA payload */ 1890 if ((pld = ikev2_add_payload(e)) == NULL) 1891 goto done; 1892 if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 1893 IKEV2_SAPROTO_ESP, sa->sa_hdr.sh_initiator, 0)) == -1) 1894 goto done; 1895 1896 if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) 1897 goto done; 1898 1899 send: 1900 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1901 goto done; 1902 1903 ret = ikev2_msg_send_encrypt(env, sa, &e, 1904 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 1); 1905 if (ret == 0) 1906 ret = ikev2_childsa_enable(env, sa); 1907 if (ret == 0) 1908 sa_state(env, sa, IKEV2_STATE_ESTABLISHED); 1909 1910 done: 1911 if (ret) 1912 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 1913 ibuf_release(e); 1914 return (ret); 1915 } 1916 1917 int 1918 ikev2_resp_ike_eap(struct iked *env, struct iked_sa *sa, struct ibuf *eapmsg) 1919 { 1920 struct ikev2_payload *pld; 1921 struct ikev2_cert *cert; 1922 struct ikev2_auth *auth; 1923 struct iked_id *id, *certid; 1924 struct ibuf *e = NULL; 1925 u_int8_t firstpayload; 1926 int ret = -1; 1927 ssize_t len = 0; 1928 1929 if (!sa_stateok(sa, IKEV2_STATE_EAP)) 1930 return (0); 1931 1932 /* Responder only */ 1933 if (sa->sa_hdr.sh_initiator) 1934 return (-1); 1935 1936 /* New encrypted message buffer */ 1937 if ((e = ibuf_static()) == NULL) 1938 goto done; 1939 1940 id = &sa->sa_rid; 1941 certid = &sa->sa_rcert; 1942 1943 /* ID payload */ 1944 if ((pld = ikev2_add_payload(e)) == NULL) 1945 goto done; 1946 firstpayload = IKEV2_PAYLOAD_IDr; 1947 if (ibuf_cat(e, id->id_buf) != 0) 1948 goto done; 1949 len = ibuf_size(id->id_buf); 1950 1951 if ((sa->sa_statevalid & IKED_REQ_CERT) && 1952 (certid->id_type != IKEV2_CERT_NONE)) { 1953 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CERT) == -1) 1954 goto done; 1955 1956 /* CERT payload */ 1957 if ((pld = ikev2_add_payload(e)) == NULL) 1958 goto done; 1959 if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL) 1960 goto done; 1961 cert->cert_type = certid->id_type; 1962 if (ibuf_cat(e, certid->id_buf) != 0) 1963 goto done; 1964 len = ibuf_size(certid->id_buf) + sizeof(*cert); 1965 } 1966 1967 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 1968 goto done; 1969 1970 /* AUTH payload */ 1971 if ((pld = ikev2_add_payload(e)) == NULL) 1972 goto done; 1973 if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL) 1974 goto done; 1975 auth->auth_method = sa->sa_localauth.id_type; 1976 if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0) 1977 goto done; 1978 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 1979 1980 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_EAP) == -1) 1981 goto done; 1982 1983 /* EAP payload */ 1984 if ((pld = ikev2_add_payload(e)) == NULL) 1985 goto done; 1986 if ((len = eap_identity_request(e)) == -1) 1987 goto done; 1988 1989 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1990 goto done; 1991 1992 ret = ikev2_msg_send_encrypt(env, sa, &e, 1993 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 1); 1994 1995 done: 1996 ibuf_release(e); 1997 1998 return (ret); 1999 } 2000 2001 int 2002 ikev2_send_ike_e(struct iked *env, struct iked_sa *sa, struct ibuf *buf, 2003 u_int8_t firstpayload, u_int8_t exchange, int response) 2004 { 2005 struct ikev2_payload *pld; 2006 struct ibuf *e = NULL; 2007 int ret = -1; 2008 2009 /* New encrypted message buffer */ 2010 if ((e = ibuf_static()) == NULL) 2011 goto done; 2012 2013 if ((pld = ikev2_add_payload(e)) == NULL) 2014 goto done; 2015 if (ibuf_cat(e, buf) != 0) 2016 goto done; 2017 2018 if (ikev2_next_payload(pld, ibuf_size(buf), IKEV2_PAYLOAD_NONE) == -1) 2019 goto done; 2020 2021 ret = ikev2_msg_send_encrypt(env, sa, &e, 2022 exchange, firstpayload, response); 2023 2024 done: 2025 ibuf_release(e); 2026 2027 return (ret); 2028 } 2029 2030 int 2031 ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, 2032 struct iked_spi *rekey, u_int8_t protoid) 2033 { 2034 struct iked_childsa *csa = NULL, *csb = NULL; 2035 struct ikev2_notify *n; 2036 struct ikev2_payload *pld; 2037 struct ibuf *e, *nonce = NULL; 2038 u_int8_t *ptr; 2039 u_int32_t spi; 2040 ssize_t len = 0; 2041 int initiator, ret = -1; 2042 2043 if (rekey) 2044 log_debug("%s: rekeying %s spi %s", __func__, 2045 print_map(rekey->spi_protoid, ikev2_saproto_map), 2046 print_spi(rekey->spi, rekey->spi_size)); 2047 else 2048 log_debug("%s: creating new CHILD SAs", __func__); 2049 2050 initiator = sa->sa_hdr.sh_initiator ? 1 : 0; 2051 2052 if (rekey && 2053 ((csa = childsa_lookup(sa, rekey->spi, 2054 rekey->spi_protoid)) == NULL || 2055 (csb = csa->csa_peersa) == NULL)) { 2056 log_debug("%s: CHILD SA %s wasn't found", __func__, 2057 print_spi(rekey->spi, rekey->spi_size)); 2058 } 2059 2060 /* Generate new nonce */ 2061 if ((nonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) 2062 goto done; 2063 2064 /* Update initiator nonce */ 2065 ibuf_release(sa->sa_inonce); 2066 sa->sa_inonce = nonce; 2067 2068 if ((e = ibuf_static()) == NULL) 2069 goto done; 2070 2071 /* SA payload */ 2072 if ((pld = ikev2_add_payload(e)) == NULL) 2073 goto done; 2074 if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 2075 protoid, 1, 0)) == -1) 2076 goto done; 2077 2078 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 2079 goto done; 2080 2081 /* NONCE payload */ 2082 if ((pld = ikev2_add_payload(e)) == NULL) 2083 goto done; 2084 if (ikev2_add_buf(e, nonce) == -1) 2085 goto done; 2086 len = ibuf_size(nonce); 2087 2088 if ((len = ikev2_add_ts(e, &pld, len, sa, !initiator)) == -1) 2089 goto done; 2090 2091 if (rekey) { 2092 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2093 goto done; 2094 2095 /* REKEY_SA notification */ 2096 if ((pld = ikev2_add_payload(e)) == NULL) 2097 goto done; 2098 if ((n = ibuf_advance(e, sizeof(*n))) == NULL) 2099 goto done; 2100 n->n_type = htobe16(IKEV2_N_REKEY_SA); 2101 n->n_protoid = rekey->spi_protoid; 2102 n->n_spisize = rekey->spi_size; 2103 if ((ptr = ibuf_advance(e, rekey->spi_size)) == NULL) 2104 goto done; 2105 len = rekey->spi_size; 2106 spi = htobe32((u_int32_t)csa->csa_peerspi); 2107 memcpy(ptr, &spi, rekey->spi_size); 2108 len += sizeof(*n); 2109 } 2110 2111 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 2112 goto done; 2113 2114 ret = ikev2_msg_send_encrypt(env, sa, &e, 2115 IKEV2_EXCHANGE_CREATE_CHILD_SA, IKEV2_PAYLOAD_SA, 0); 2116 if (ret == 0) { 2117 if (rekey) { 2118 csa->csa_rekey = 1; 2119 csb->csa_rekey = 1; 2120 } 2121 sa->sa_stateflags |= IKED_REQ_CHILDSA; 2122 } 2123 2124 done: 2125 ibuf_release(e); 2126 return (ret); 2127 } 2128 2129 int 2130 ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) 2131 { 2132 struct iked_childsa *csa; 2133 struct iked_proposal *prop; 2134 struct iked_sa *sa = msg->msg_sa; 2135 struct ikev2_delete *del; 2136 struct ibuf *buf = NULL; 2137 u_int64_t peerspi; 2138 u_int32_t spi32; 2139 int rekeying = 0, ret = -1; 2140 2141 if (!ikev2_msg_frompeer(msg) || 2142 (sa->sa_stateflags & IKED_REQ_CHILDSA) == 0) 2143 return (0); 2144 2145 if (msg->msg_prop == NULL) { 2146 log_debug("%s: no proposal specified", __func__); 2147 return (-1); 2148 } 2149 2150 /* Update peer SPI */ 2151 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 2152 if (prop->prop_protoid == msg->msg_prop->prop_protoid) 2153 break; 2154 } 2155 if (prop == NULL) { 2156 log_debug("%s: failed to find %s proposals", __func__, 2157 print_map(msg->msg_prop->prop_protoid, ikev2_saproto_map)); 2158 return (-1); 2159 } 2160 2161 peerspi = prop->prop_peerspi.spi; 2162 prop->prop_peerspi.spi = msg->msg_prop->prop_peerspi.spi; 2163 2164 if ((csa = childsa_lookup(sa, peerspi, prop->prop_protoid)) != NULL) { 2165 rekeying = 1; 2166 log_debug("%s: rekeying CHILD SA %s", __func__, 2167 print_spi(peerspi, prop->prop_peerspi.spi_size)); 2168 } 2169 2170 /* Update responder's nonce */ 2171 if (!ibuf_length(msg->msg_nonce)) { 2172 log_debug("%s: responder didn't send nonce", __func__); 2173 return (-1); 2174 } 2175 ibuf_release(sa->sa_rnonce); 2176 sa->sa_rnonce = ibuf_dup(msg->msg_nonce); 2177 2178 if (ikev2_childsa_negotiate(env, sa, 1)) { 2179 log_debug("%s: failed to get CHILD SAs", __func__); 2180 return (-1); 2181 } 2182 2183 if (rekeying) { 2184 /* Child SA rekeying */ 2185 2186 if ((buf = ibuf_static()) == NULL) 2187 goto done; 2188 2189 if ((del = ibuf_advance(buf, sizeof(*del))) == NULL) 2190 goto done; 2191 2192 del->del_protoid = prop->prop_protoid; 2193 del->del_spisize = sizeof(spi32); 2194 del->del_nspi = htobe16(1); 2195 2196 spi32 = htobe32(csa->csa_peerspi); 2197 if (ibuf_add(buf, &spi32, sizeof(spi32))) 2198 goto done; 2199 2200 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 2201 IKEV2_EXCHANGE_INFORMATIONAL, 0)) 2202 goto done; 2203 2204 sa->sa_stateflags |= IKED_REQ_INF | IKED_REQ_DELETE; 2205 } 2206 2207 ret = ikev2_childsa_enable(env, sa); 2208 2209 done: 2210 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 2211 2212 if (ret) 2213 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 2214 ibuf_release(buf); 2215 return (ret); 2216 } 2217 2218 int 2219 ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) 2220 { 2221 struct iked_childsa *csa, *nextcsa; 2222 struct iked_flow *flow, *nextflow; 2223 struct iked_proposal *prop; 2224 struct iked_sa *nsa = NULL, *sa = msg->msg_sa; 2225 struct iked_spi *spi, *rekey = &msg->msg_rekey; 2226 struct ikev2_keyexchange *ke; 2227 struct ikev2_notify *n; 2228 struct ikev2_payload *pld; 2229 struct ibuf *buf = NULL, *e = NULL, *nonce = NULL; 2230 struct group *group; 2231 u_int64_t spi64; 2232 u_int32_t spi32; 2233 ssize_t len = 0; 2234 int initiator, protoid, rekeying = 1; 2235 int ret = -1; 2236 2237 initiator = sa->sa_hdr.sh_initiator ? 1 : 0; 2238 2239 if (!ikev2_msg_frompeer(msg) || msg->msg_prop == NULL) 2240 return (0); 2241 2242 if ((protoid = rekey->spi_protoid) == 0) { 2243 /* 2244 * If REKEY_SA notification is not present, then it's either 2245 * IKE SA rekeying or the client wants to create additional 2246 * CHILD SAs 2247 */ 2248 if (msg->msg_prop->prop_protoid == IKEV2_SAPROTO_IKE) { 2249 protoid = rekey->spi_protoid = IKEV2_SAPROTO_IKE; 2250 if (sa->sa_hdr.sh_initiator) 2251 rekey->spi = sa->sa_hdr.sh_rspi; 2252 else 2253 rekey->spi = sa->sa_hdr.sh_ispi; 2254 rekey->spi_size = 8; 2255 } else { 2256 protoid = msg->msg_prop->prop_protoid; 2257 rekeying = 0; 2258 } 2259 } 2260 2261 if (rekeying) 2262 log_debug("%s: rekey %s spi %s", __func__, 2263 print_map(rekey->spi_protoid, ikev2_saproto_map), 2264 print_spi(rekey->spi, rekey->spi_size)); 2265 else 2266 log_debug("%s: creating new %s SA", __func__, 2267 print_map(protoid, ikev2_saproto_map)); 2268 2269 if (protoid == IKEV2_SAPROTO_IKE) { 2270 /* IKE SA rekeying */ 2271 spi = &msg->msg_prop->prop_peerspi; 2272 2273 if ((nsa = sa_new(env, spi->spi, 0, 0, 2274 msg->msg_policy)) == NULL) { 2275 log_debug("%s: failed to get new SA", __func__); 2276 return (ret); 2277 } 2278 2279 if (ikev2_sa_responder(env, nsa, msg)) { 2280 log_debug("%s: failed to get IKE SA keys", __func__); 2281 return (ret); 2282 } 2283 2284 sa_state(env, nsa, IKEV2_STATE_AUTH_SUCCESS); 2285 2286 nonce = nsa->sa_rnonce; 2287 } else { 2288 /* Child SA creating/rekeying */ 2289 2290 if (ibuf_length(msg->msg_parent->msg_ke)) { 2291 /* We do not support KE payload yet */ 2292 if ((buf = ibuf_static()) == NULL) 2293 return (-1); 2294 if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) { 2295 ibuf_release(buf); 2296 return (-1); 2297 } 2298 n->n_protoid = protoid; 2299 n->n_spisize = rekey->spi_size; 2300 n->n_type = htobe16(IKEV2_N_NO_ADDITIONAL_SAS); 2301 switch (rekey->spi_size) { 2302 case 4: 2303 spi32 = htobe32(rekey->spi); 2304 ibuf_add(buf, &spi32, rekey->spi_size); 2305 break; 2306 case 8: 2307 spi64 = htobe64(rekey->spi); 2308 ibuf_add(buf, &spi64, rekey->spi_size); 2309 break; 2310 } 2311 ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_NOTIFY, 2312 IKEV2_EXCHANGE_CREATE_CHILD_SA, 1); 2313 ibuf_release(buf); 2314 return (0); 2315 } 2316 2317 /* Update peer SPI */ 2318 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 2319 if (prop->prop_protoid == protoid) 2320 break; 2321 } 2322 if (prop == NULL) { 2323 log_debug("%s: failed to find %s proposals", __func__, 2324 print_map(protoid, ikev2_saproto_map)); 2325 return (-1); 2326 } else 2327 prop->prop_peerspi = msg->msg_prop->prop_peerspi; 2328 2329 /* Set rekeying flags on Child SAs */ 2330 if (rekeying) { 2331 if ((csa = childsa_lookup(sa, rekey->spi, 2332 rekey->spi_protoid)) == NULL) { 2333 log_debug("%s: CHILD SA %s wasn't found", 2334 __func__, print_spi(rekey->spi, 2335 rekey->spi_size)); 2336 return (-1); 2337 } 2338 if (!csa->csa_loaded || !csa->csa_peersa || 2339 !csa->csa_peersa->csa_loaded) { 2340 log_debug("%s: SA is not loaded or no peer SA", 2341 __func__); 2342 return (-1); 2343 } 2344 csa->csa_rekey = 1; 2345 csa->csa_peersa->csa_rekey = 1; 2346 } 2347 2348 /* Update initiator's nonce */ 2349 if (!ibuf_length(msg->msg_nonce)) { 2350 log_debug("%s: initiator didn't send nonce", __func__); 2351 return (-1); 2352 } 2353 ibuf_release(sa->sa_inonce); 2354 sa->sa_inonce = ibuf_dup(msg->msg_nonce); 2355 2356 /* Generate new responder's nonce */ 2357 if ((nonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) 2358 return (-1); 2359 2360 /* Update responder's nonce */ 2361 ibuf_release(sa->sa_rnonce); 2362 sa->sa_rnonce = nonce; 2363 2364 if (ikev2_childsa_negotiate(env, sa, 0)) { 2365 log_debug("%s: failed to get CHILD SAs", __func__); 2366 return (-1); 2367 } 2368 } 2369 2370 if ((e = ibuf_static()) == NULL) 2371 goto done; 2372 2373 /* SA payload */ 2374 if ((pld = ikev2_add_payload(e)) == NULL) 2375 goto done; 2376 2377 if ((len = ikev2_add_proposals(env, nsa ? nsa : sa, e, 2378 nsa ? &nsa->sa_proposals : &sa->sa_proposals, 2379 protoid, 0, nsa ? 1 : 0)) == -1) 2380 goto done; 2381 2382 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 2383 goto done; 2384 2385 /* NONCE payload */ 2386 if ((pld = ikev2_add_payload(e)) == NULL) 2387 goto done; 2388 if (ikev2_add_buf(e, nonce) == -1) 2389 goto done; 2390 len = ibuf_size(nonce); 2391 2392 if (protoid == IKEV2_SAPROTO_IKE) { 2393 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 2394 goto done; 2395 2396 /* KE payload */ 2397 if ((pld = ikev2_add_payload(e)) == NULL) 2398 goto done; 2399 if ((ke = ibuf_advance(e, sizeof(*ke))) == NULL) 2400 goto done; 2401 if ((group = nsa->sa_dhgroup) == NULL) { 2402 log_debug("%s: invalid dh", __func__); 2403 goto done; 2404 } 2405 ke->kex_dhgroup = htobe16(group->id); 2406 if (ikev2_add_buf(e, nsa->sa_dhrexchange) == -1) 2407 goto done; 2408 len = sizeof(*ke) + dh_getlen(group); 2409 } else { 2410 if ((len = ikev2_add_ts(e, &pld, len, sa, initiator)) == -1) 2411 goto done; 2412 } 2413 2414 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 2415 goto done; 2416 2417 if ((ret = ikev2_msg_send_encrypt(env, sa, &e, 2418 IKEV2_EXCHANGE_CREATE_CHILD_SA, IKEV2_PAYLOAD_SA, 1)) == -1) 2419 goto done; 2420 2421 if (protoid == IKEV2_SAPROTO_IKE) { 2422 /* Transfer all Child SAs and flows from the old IKE SA */ 2423 for (flow = TAILQ_FIRST(&sa->sa_flows); flow != NULL; 2424 flow = nextflow) { 2425 nextflow = TAILQ_NEXT(flow, flow_entry); 2426 TAILQ_REMOVE(&sa->sa_flows, flow, flow_entry); 2427 TAILQ_INSERT_TAIL(&nsa->sa_flows, flow, 2428 flow_entry); 2429 flow->flow_ikesa = nsa; 2430 } 2431 for (csa = TAILQ_FIRST(&sa->sa_childsas); csa != NULL; 2432 csa = nextcsa) { 2433 nextcsa = TAILQ_NEXT(csa, csa_entry); 2434 TAILQ_REMOVE(&sa->sa_childsas, csa, csa_entry); 2435 TAILQ_INSERT_TAIL(&nsa->sa_childsas, csa, 2436 csa_entry); 2437 csa->csa_ikesa = nsa; 2438 } 2439 2440 log_debug("%s: activating new IKE SA", __func__); 2441 sa_state(env, sa, IKEV2_STATE_CLOSED); 2442 sa_state(env, nsa, IKEV2_STATE_ESTABLISHED); 2443 } else 2444 ret = ikev2_childsa_enable(env, sa); 2445 2446 done: 2447 if (ret) { 2448 if (protoid == IKEV2_SAPROTO_IKE) 2449 sa_free(env, nsa); 2450 else 2451 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 2452 } 2453 ibuf_release(e); 2454 return (ret); 2455 } 2456 2457 int 2458 ikev2_send_informational(struct iked *env, struct iked_message *msg) 2459 { 2460 struct iked_message resp; 2461 struct ike_header *hdr; 2462 struct ikev2_payload *pld; 2463 struct ikev2_notify *n; 2464 struct iked_sa *sa = msg->msg_sa, sah; 2465 struct ibuf *buf, *e = NULL; 2466 int ret = -1; 2467 2468 if (msg->msg_error == 0) 2469 return (0); 2470 2471 if ((buf = ikev2_msg_init(env, &resp, 2472 &msg->msg_peer, msg->msg_peerlen, 2473 &msg->msg_local, msg->msg_locallen, 0)) == NULL) 2474 goto done; 2475 2476 /* New encrypted message buffer */ 2477 if ((e = ibuf_static()) == NULL) 2478 goto done; 2479 2480 /* NOTIFY payload */ 2481 if ((pld = ikev2_add_payload(e)) == NULL) 2482 goto done; 2483 2484 if ((n = ibuf_advance(e, sizeof(*n))) == NULL) 2485 goto done; 2486 n->n_protoid = IKEV2_SAPROTO_IKE; /* XXX ESP etc. */ 2487 n->n_spisize = 0; 2488 n->n_type = htobe16(msg->msg_error); 2489 2490 switch (msg->msg_error) { 2491 case IKEV2_N_INVALID_IKE_SPI: 2492 case IKEV2_N_NO_PROPOSAL_CHOSEN: 2493 break; 2494 default: 2495 log_debug("%s: unsupported notification %s", __func__, 2496 print_map(msg->msg_error, ikev2_n_map)); 2497 goto done; 2498 } 2499 2500 if (ikev2_next_payload(pld, sizeof(*n), IKEV2_PAYLOAD_NONE) == -1) 2501 goto done; 2502 2503 if (sa != NULL && msg->msg_e) { 2504 /* IKE header */ 2505 if ((hdr = ikev2_add_header(buf, sa, 2506 ikev2_msg_id(env, sa, 0), 2507 IKEV2_PAYLOAD_E, IKEV2_EXCHANGE_INFORMATIONAL, 2508 0)) == NULL) 2509 goto done; 2510 2511 if ((pld = ikev2_add_payload(buf)) == NULL) 2512 goto done; 2513 2514 /* Encrypt message and add as an E payload */ 2515 if ((e = ikev2_msg_encrypt(env, sa, e)) == NULL) { 2516 log_debug("%s: encryption failed", __func__); 2517 goto done; 2518 } 2519 if (ibuf_cat(buf, e) != 0) 2520 goto done; 2521 if (ikev2_next_payload(pld, ibuf_size(e), 2522 IKEV2_PAYLOAD_NOTIFY) == -1) 2523 goto done; 2524 2525 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 2526 goto done; 2527 2528 /* Add integrity checksum (HMAC) */ 2529 if (ikev2_msg_integr(env, sa, buf) != 0) { 2530 log_debug("%s: integrity checksum failed", __func__); 2531 goto done; 2532 } 2533 } else { 2534 if ((hdr = ibuf_seek(msg->msg_data, 0, sizeof(*hdr))) == NULL) 2535 goto done; 2536 2537 bzero(&sah, sizeof(sah)); 2538 sah.sa_hdr.sh_rspi = betoh64(hdr->ike_rspi); 2539 sah.sa_hdr.sh_ispi = betoh64(hdr->ike_ispi); 2540 sah.sa_hdr.sh_initiator = 2541 hdr->ike_flags & IKEV2_FLAG_INITIATOR ? 0 : 1; 2542 sa = &sah; 2543 2544 /* IKE header */ 2545 if ((hdr = ikev2_add_header(buf, &sah, 2546 ikev2_msg_id(env, &sah, 0), 2547 IKEV2_PAYLOAD_NOTIFY, IKEV2_EXCHANGE_INFORMATIONAL, 2548 0)) == NULL) 2549 goto done; 2550 if (ibuf_cat(buf, e) != 0) 2551 goto done; 2552 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 2553 goto done; 2554 } 2555 2556 resp.msg_data = buf; 2557 resp.msg_sa = sa; 2558 TAILQ_INIT(&resp.msg_proposals); 2559 2560 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 2561 (void)ikev2_pld_parse(env, hdr, &resp, 0); 2562 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 2563 2564 ret = ikev2_msg_send(env, msg->msg_fd, &resp); 2565 2566 done: 2567 ibuf_release(e); 2568 ikev2_msg_cleanup(env, &resp); 2569 2570 return (ret); 2571 } 2572 2573 ssize_t 2574 ikev2_psk(struct iked_sa *sa, u_int8_t *data, size_t length, 2575 u_int8_t **pskptr) 2576 { 2577 u_int8_t *psk; 2578 size_t psklen = -1; 2579 2580 if (hash_setkey(sa->sa_prf, data, length) == NULL) 2581 return (-1); 2582 2583 if ((psk = calloc(1, hash_keylength(sa->sa_prf))) == NULL) 2584 return (-1); 2585 2586 hash_init(sa->sa_prf); 2587 hash_update(sa->sa_prf, IKEV2_KEYPAD, strlen(IKEV2_KEYPAD)); 2588 hash_final(sa->sa_prf, psk, &psklen); 2589 2590 *pskptr = psk; 2591 return (psklen); 2592 } 2593 2594 int 2595 ikev2_sa_negotiate(struct iked_sa *sa, struct iked_proposals *local, 2596 struct iked_proposals *peer, u_int8_t protoid) 2597 { 2598 struct iked_proposal *ppeer = NULL, *plocal, *prop, vpeer, vlocal; 2599 struct iked_transform *tpeer, *tlocal; 2600 struct iked_transform *match[IKEV2_XFORMTYPE_MAX]; 2601 struct iked_transform *chosen[IKEV2_XFORMTYPE_MAX]; 2602 u_int type, i, j, match_score, chosen_score = 0; 2603 2604 bzero(chosen, sizeof(chosen)); 2605 bzero(&vlocal, sizeof(vlocal)); 2606 bzero(&vpeer, sizeof(vpeer)); 2607 2608 if (TAILQ_EMPTY(peer)) { 2609 log_debug("%s: peer did not send %s proposals", __func__, 2610 print_map(protoid, ikev2_saproto_map)); 2611 return (-1); 2612 } 2613 2614 TAILQ_FOREACH(plocal, local, prop_entry) { 2615 if (plocal->prop_protoid != protoid) 2616 continue; 2617 2618 TAILQ_FOREACH(ppeer, peer, prop_entry) { 2619 bzero(match, sizeof(match)); 2620 match_score = 0; 2621 2622 if (ppeer->prop_protoid != plocal->prop_protoid) 2623 continue; 2624 2625 for (i = 0; i < ppeer->prop_nxforms; i++) { 2626 tpeer = ppeer->prop_xforms + i; 2627 for (j = 0; j < plocal->prop_nxforms; j++) { 2628 tlocal = plocal->prop_xforms + j; 2629 if (!(tpeer->xform_type == 2630 tlocal->xform_type && 2631 tpeer->xform_id == 2632 tlocal->xform_id && 2633 tpeer->xform_length == 2634 tlocal->xform_length)) 2635 continue; 2636 if (tpeer->xform_type > 2637 IKEV2_XFORMTYPE_MAX) 2638 continue; 2639 type = tpeer->xform_type; 2640 2641 if (match[type] == NULL || 2642 tlocal->xform_score < 2643 match[type]->xform_score) { 2644 match[type] = tlocal; 2645 } else 2646 continue; 2647 2648 print_debug("%s: xform %d " 2649 "<-> %d (%d): %s %s " 2650 "(keylength %d <-> %d)", __func__, 2651 ppeer->prop_id, plocal->prop_id, 2652 tlocal->xform_score, 2653 print_map(type, 2654 ikev2_xformtype_map), 2655 print_map(tpeer->xform_id, 2656 tpeer->xform_map), 2657 tpeer->xform_keylength, 2658 tlocal->xform_keylength); 2659 if (tpeer->xform_length) 2660 print_debug(" %d", 2661 tpeer->xform_length); 2662 print_debug("\n"); 2663 } 2664 } 2665 2666 for (i = match_score = 0; 2667 i < IKEV2_XFORMTYPE_MAX; i++) { 2668 if (protoid == IKEV2_SAPROTO_IKE && 2669 (match[i] == NULL) && ( 2670 (i == IKEV2_XFORMTYPE_ENCR) || 2671 (i == IKEV2_XFORMTYPE_PRF) || 2672 (i == IKEV2_XFORMTYPE_INTEGR) || 2673 (i == IKEV2_XFORMTYPE_DH))) { 2674 match_score = 0; 2675 break; 2676 } else if (protoid == IKEV2_SAPROTO_AH && 2677 (match[i] == NULL) && ( 2678 (i == IKEV2_XFORMTYPE_INTEGR) || 2679 (i == IKEV2_XFORMTYPE_ESN))) { 2680 match_score = 0; 2681 break; 2682 } else if (protoid == IKEV2_SAPROTO_ESP && 2683 (match[i] == NULL) && ( 2684 (i == IKEV2_XFORMTYPE_ENCR) || 2685 (i == IKEV2_XFORMTYPE_ESN))) { 2686 match_score = 0; 2687 break; 2688 } else if (match[i] == NULL) 2689 continue; 2690 2691 match_score += match[i]->xform_score; 2692 } 2693 2694 log_debug("%s: score %d", __func__, match_score); 2695 if (match_score != 0 && 2696 (chosen_score == 0 || match_score < chosen_score)) { 2697 chosen_score = match_score; 2698 for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) 2699 chosen[i] = match[i]; 2700 memcpy(&vpeer, ppeer, sizeof(vpeer)); 2701 memcpy(&vlocal, plocal, sizeof(vlocal)); 2702 } 2703 } 2704 if (chosen_score != 0) 2705 break; 2706 } 2707 2708 if (chosen_score == 0) 2709 return (-1); 2710 else if (sa == NULL) 2711 return (0); 2712 2713 (void)config_free_proposals(&sa->sa_proposals, protoid); 2714 prop = config_add_proposal(&sa->sa_proposals, vpeer.prop_id, protoid); 2715 2716 if (vpeer.prop_localspi.spi_size) { 2717 prop->prop_localspi.spi_size = vpeer.prop_localspi.spi_size; 2718 prop->prop_peerspi = vpeer.prop_peerspi; 2719 } 2720 if (vlocal.prop_localspi.spi_size) { 2721 prop->prop_localspi.spi_size = vlocal.prop_localspi.spi_size; 2722 prop->prop_localspi.spi = vlocal.prop_localspi.spi; 2723 } 2724 2725 for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) { 2726 if (chosen[i] == NULL) 2727 continue; 2728 print_debug("%s: score %d: %s %s", 2729 __func__, chosen[i]->xform_score, 2730 print_map(i, ikev2_xformtype_map), 2731 print_map(chosen[i]->xform_id, chosen[i]->xform_map)); 2732 if (chosen[i]->xform_length) 2733 print_debug(" %d", chosen[i]->xform_length); 2734 print_debug("\n"); 2735 2736 if (config_add_transform(prop, chosen[i]->xform_type, 2737 chosen[i]->xform_id, chosen[i]->xform_length, 2738 chosen[i]->xform_keylength) == NULL) 2739 break; 2740 } 2741 2742 return (0); 2743 } 2744 2745 int 2746 ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, 2747 struct iked_message *msg) 2748 { 2749 struct iked_policy *pol = sa->sa_policy; 2750 struct iked_transform *xform; 2751 2752 if (sa->sa_dhgroup == NULL) { 2753 if ((xform = config_findtransform(&pol->pol_proposals, 2754 IKEV2_XFORMTYPE_DH)) == NULL) { 2755 log_debug("%s: did not find dh transform", __func__); 2756 return (-1); 2757 } 2758 if ((sa->sa_dhgroup = 2759 group_get(xform->xform_id)) == NULL) { 2760 log_debug("%s: invalid dh %d", __func__, 2761 xform->xform_id); 2762 return (-1); 2763 } 2764 } 2765 2766 if (!ibuf_length(sa->sa_dhiexchange)) { 2767 if ((sa->sa_dhiexchange = ibuf_new(NULL, 2768 dh_getlen(sa->sa_dhgroup))) == NULL) { 2769 log_debug("%s: failed to alloc dh exchange", __func__); 2770 return (-1); 2771 } 2772 if (dh_create_exchange(sa->sa_dhgroup, 2773 sa->sa_dhiexchange->buf) == -1) { 2774 log_debug("%s: failed to get dh exchange", __func__); 2775 return (-1); 2776 } 2777 } 2778 2779 if (!ibuf_length(sa->sa_inonce)) { 2780 if ((sa->sa_inonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { 2781 log_debug("%s: failed to get local nonce", __func__); 2782 return (-1); 2783 } 2784 } 2785 2786 /* Initial message */ 2787 if (msg == NULL) 2788 return (0); 2789 2790 if (!ibuf_length(sa->sa_rnonce)) { 2791 if (!ibuf_length(msg->msg_nonce)) { 2792 log_debug("%s: invalid peer nonce", __func__); 2793 return (-1); 2794 } 2795 if ((sa->sa_rnonce = ibuf_dup(msg->msg_nonce)) == NULL) { 2796 log_debug("%s: failed to get peer nonce", __func__); 2797 return (-1); 2798 } 2799 } 2800 2801 if (!ibuf_length(sa->sa_dhrexchange)) { 2802 if (!ibuf_length(msg->msg_ke)) { 2803 log_debug("%s: invalid peer dh exchange", __func__); 2804 return (-1); 2805 } 2806 if ((ssize_t)ibuf_length(msg->msg_ke) != 2807 dh_getlen(sa->sa_dhgroup)) { 2808 log_debug("%s: invalid dh length, size %d", __func__, 2809 dh_getlen(sa->sa_dhgroup) * 8); 2810 return (-1); 2811 } 2812 if ((sa->sa_dhrexchange = ibuf_dup(msg->msg_ke)) == NULL) { 2813 log_debug("%s: failed to copy dh exchange", __func__); 2814 return (-1); 2815 } 2816 } 2817 2818 /* Set a pointer to the peer exchange */ 2819 sa->sa_dhpeer = sa->sa_dhrexchange; 2820 2821 /* XXX we need a better way to get this */ 2822 if (ikev2_sa_negotiate(sa, 2823 &msg->msg_policy->pol_proposals, 2824 &msg->msg_proposals, IKEV2_SAPROTO_IKE) != 0) { 2825 log_debug("%s: no proposal chosen", __func__); 2826 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 2827 return (-1); 2828 } else if (sa_stateok(sa, IKEV2_STATE_SA_INIT)) 2829 sa_stateflags(sa, IKED_REQ_SA); 2830 2831 if (sa->sa_encr == NULL) { 2832 if ((xform = config_findtransform(&sa->sa_proposals, 2833 IKEV2_XFORMTYPE_ENCR)) == NULL) { 2834 log_debug("%s: did not find encr transform", __func__); 2835 return (-1); 2836 } 2837 if ((sa->sa_encr = cipher_new(xform->xform_type, 2838 xform->xform_id, xform->xform_length)) == NULL) { 2839 log_debug("%s: failed to get encr", __func__); 2840 return (-1); 2841 } 2842 } 2843 2844 if (sa->sa_prf == NULL) { 2845 if ((xform = config_findtransform(&sa->sa_proposals, 2846 IKEV2_XFORMTYPE_PRF)) == NULL) { 2847 log_debug("%s: did not find prf transform", __func__); 2848 return (-1); 2849 } 2850 if ((sa->sa_prf = 2851 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2852 log_debug("%s: failed to get prf", __func__); 2853 return (-1); 2854 } 2855 } 2856 2857 if (sa->sa_integr == NULL) { 2858 if ((xform = config_findtransform(&sa->sa_proposals, 2859 IKEV2_XFORMTYPE_INTEGR)) == NULL) { 2860 log_debug("%s: did not find integr transform", 2861 __func__); 2862 return (-1); 2863 } 2864 if ((sa->sa_integr = 2865 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2866 log_debug("%s: failed to get integr", __func__); 2867 return (-1); 2868 } 2869 } 2870 2871 ibuf_release(sa->sa_2ndmsg); 2872 if ((sa->sa_2ndmsg = ibuf_dup(msg->msg_data)) == NULL) { 2873 log_debug("%s: failed to copy 2nd message", __func__); 2874 return (-1); 2875 } 2876 2877 return (ikev2_sa_keys(env, sa)); 2878 } 2879 2880 int 2881 ikev2_sa_responder(struct iked *env, struct iked_sa *sa, 2882 struct iked_message *msg) 2883 { 2884 struct iked_transform *xform; 2885 2886 sa_state(env, sa, IKEV2_STATE_SA_INIT); 2887 2888 ibuf_release(sa->sa_1stmsg); 2889 if ((sa->sa_1stmsg = ibuf_dup(msg->msg_data)) == NULL) { 2890 log_debug("%s: failed to copy 1st message", __func__); 2891 return (-1); 2892 } 2893 2894 if (!ibuf_length(sa->sa_rnonce) && 2895 (sa->sa_rnonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { 2896 log_debug("%s: failed to get local nonce", __func__); 2897 return (-1); 2898 } 2899 2900 if (!ibuf_length(sa->sa_inonce) && 2901 ((ibuf_length(msg->msg_nonce) < IKED_NONCE_MIN) || 2902 (sa->sa_inonce = ibuf_dup(msg->msg_nonce)) == NULL)) { 2903 log_debug("%s: failed to get peer nonce", __func__); 2904 return (-1); 2905 } 2906 2907 /* XXX we need a better way to get this */ 2908 if (ikev2_sa_negotiate(sa, 2909 &msg->msg_policy->pol_proposals, 2910 &msg->msg_proposals, IKEV2_SAPROTO_IKE) != 0) { 2911 log_debug("%s: no proposal chosen", __func__); 2912 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 2913 return (-1); 2914 } else if (sa_stateok(sa, IKEV2_STATE_SA_INIT)) 2915 sa_stateflags(sa, IKED_REQ_SA); 2916 2917 if (sa->sa_encr == NULL) { 2918 if ((xform = config_findtransform(&sa->sa_proposals, 2919 IKEV2_XFORMTYPE_ENCR)) == NULL) { 2920 log_debug("%s: did not find encr transform", __func__); 2921 return (-1); 2922 } 2923 if ((sa->sa_encr = cipher_new(xform->xform_type, 2924 xform->xform_id, xform->xform_length)) == NULL) { 2925 log_debug("%s: failed to get encr", __func__); 2926 return (-1); 2927 } 2928 } 2929 2930 if (sa->sa_prf == NULL) { 2931 if ((xform = config_findtransform(&sa->sa_proposals, 2932 IKEV2_XFORMTYPE_PRF)) == NULL) { 2933 log_debug("%s: did not find prf transform", __func__); 2934 return (-1); 2935 } 2936 if ((sa->sa_prf = 2937 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2938 log_debug("%s: failed to get prf", __func__); 2939 return (-1); 2940 } 2941 } 2942 2943 if (sa->sa_integr == NULL) { 2944 if ((xform = config_findtransform(&sa->sa_proposals, 2945 IKEV2_XFORMTYPE_INTEGR)) == NULL) { 2946 log_debug("%s: did not find integr transform", 2947 __func__); 2948 return (-1); 2949 } 2950 if ((sa->sa_integr = 2951 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 2952 log_debug("%s: failed to get integr", __func__); 2953 return (-1); 2954 } 2955 } 2956 2957 if (sa->sa_dhgroup == NULL) { 2958 if ((xform = config_findtransform(&sa->sa_proposals, 2959 IKEV2_XFORMTYPE_DH)) == NULL) { 2960 log_debug("%s: did not find dh transform", __func__); 2961 return (-1); 2962 } 2963 if ((sa->sa_dhgroup = 2964 group_get(xform->xform_id)) == NULL) { 2965 log_debug("%s: invalid dh", __func__); 2966 return (-1); 2967 } 2968 } 2969 2970 if (!ibuf_length(sa->sa_dhrexchange)) { 2971 if ((sa->sa_dhrexchange = ibuf_new(NULL, 2972 dh_getlen(sa->sa_dhgroup))) == NULL) { 2973 log_debug("%s: failed to alloc dh exchange", __func__); 2974 return (-1); 2975 } 2976 if (dh_create_exchange(sa->sa_dhgroup, 2977 sa->sa_dhrexchange->buf) == -1) { 2978 log_debug("%s: failed to get dh exchange", __func__); 2979 return (-1); 2980 } 2981 } 2982 2983 if (!ibuf_length(sa->sa_dhiexchange)) { 2984 if ((sa->sa_dhiexchange = ibuf_dup(msg->msg_ke)) == NULL || 2985 ((ssize_t)ibuf_length(sa->sa_dhiexchange) != 2986 dh_getlen(sa->sa_dhgroup))) { 2987 /* XXX send notification to peer */ 2988 log_debug("%s: invalid dh, size %d", __func__, 2989 dh_getlen(sa->sa_dhgroup) * 8); 2990 return (-1); 2991 } 2992 } 2993 2994 /* Set a pointer to the peer exchange */ 2995 sa->sa_dhpeer = sa->sa_dhiexchange; 2996 2997 return (ikev2_sa_keys(env, sa)); 2998 } 2999 3000 int 3001 ikev2_sa_keys(struct iked *env, struct iked_sa *sa) 3002 { 3003 struct iked_hash *prf, *integr; 3004 struct iked_cipher *encr; 3005 struct group *group; 3006 struct ibuf *ninr, *dhsecret, *skeyseed, *s, *t; 3007 size_t nonceminlen, ilen, rlen, tmplen; 3008 u_int64_t ispi, rspi; 3009 int ret = -1; 3010 3011 ninr = dhsecret = skeyseed = s = t = NULL; 3012 3013 if ((encr = sa->sa_encr) == NULL || 3014 (prf = sa->sa_prf) == NULL || 3015 (integr = sa->sa_integr) == NULL || 3016 (group = sa->sa_dhgroup) == NULL) { 3017 log_debug("%s: failed to get key input data", __func__); 3018 return (-1); 3019 } 3020 3021 if (prf->hash_fixedkey) 3022 nonceminlen = prf->hash_fixedkey; 3023 else 3024 nonceminlen = IKED_NONCE_MIN; 3025 3026 /* Nonces need a minimal size and should have an even length */ 3027 if (ibuf_length(sa->sa_inonce) < nonceminlen || 3028 (ibuf_length(sa->sa_inonce) % 2) != 0 || 3029 ibuf_length(sa->sa_rnonce) < nonceminlen || 3030 (ibuf_length(sa->sa_rnonce) % 2) != 0) { 3031 log_debug("%s: invalid nonces", __func__); 3032 return (-1); 3033 } 3034 3035 /* 3036 * First generate SKEEYSEED = prf(Ni | Nr, g^ir) 3037 */ 3038 if (prf->hash_fixedkey) { 3039 /* Half of the key bits must come from Ni, and half from Nr */ 3040 ilen = prf->hash_fixedkey / 2; 3041 rlen = prf->hash_fixedkey / 2; 3042 } else { 3043 /* Most PRF functions accept a variable-length key */ 3044 ilen = ibuf_length(sa->sa_inonce); 3045 rlen = ibuf_length(sa->sa_rnonce); 3046 } 3047 3048 if ((ninr = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL || 3049 ibuf_add(ninr, sa->sa_rnonce->buf, rlen) != 0) { 3050 log_debug("%s: failed to get nonce key buffer", __func__); 3051 goto done; 3052 } 3053 if ((hash_setkey(prf, ninr->buf, ibuf_length(ninr))) == NULL) { 3054 log_debug("%s: failed to set prf key", __func__); 3055 goto done; 3056 } 3057 3058 if ((dhsecret = ibuf_new(NULL, dh_getlen(group))) == NULL) { 3059 log_debug("%s: failed to alloc dh secret", __func__); 3060 goto done; 3061 } 3062 if (dh_create_shared(group, dhsecret->buf, 3063 sa->sa_dhpeer->buf) == -1) { 3064 log_debug("%s: failed to get dh secret" 3065 " group %d len %d secret %d exchange %d", __func__, 3066 group->id, dh_getlen(group), ibuf_length(dhsecret), 3067 ibuf_length(sa->sa_dhpeer)); 3068 goto done; 3069 } 3070 3071 if ((skeyseed = ibuf_new(NULL, hash_length(prf))) == NULL) { 3072 log_debug("%s: failed to get SKEYSEED buffer", __func__); 3073 goto done; 3074 } 3075 3076 tmplen = 0; 3077 hash_init(prf); 3078 hash_update(prf, dhsecret->buf, ibuf_length(dhsecret)); 3079 hash_final(prf, skeyseed->buf, &tmplen); 3080 3081 log_debug("%s: SKEYSEED with %d bytes", __func__, tmplen); 3082 print_hex(skeyseed->buf, 0, tmplen); 3083 3084 if (ibuf_setsize(skeyseed, tmplen) == -1) { 3085 log_debug("%s: failed to set keymaterial length", __func__); 3086 goto done; 3087 } 3088 3089 /* 3090 * Now generate the key material 3091 * 3092 * S = Ni | Nr | SPIi | SPIr 3093 */ 3094 3095 /* S = Ni | Nr | SPIi | SPIr */ 3096 ilen = ibuf_length(sa->sa_inonce); 3097 rlen = ibuf_length(sa->sa_rnonce); 3098 ispi = htobe64(sa->sa_hdr.sh_ispi); 3099 rspi = htobe64(sa->sa_hdr.sh_rspi); 3100 3101 if ((s = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL || 3102 ibuf_add(s, sa->sa_rnonce->buf, rlen) != 0 || 3103 ibuf_add(s, &ispi, sizeof(ispi)) != 0 || 3104 ibuf_add(s, &rspi, sizeof(rspi)) != 0) { 3105 log_debug("%s: failed to set S buffer", __func__); 3106 goto done; 3107 } 3108 3109 log_debug("%s: S with %d bytes", __func__, ibuf_length(s)); 3110 print_hex(s->buf, 0, ibuf_length(s)); 3111 3112 /* 3113 * Get the size of the key material we need and the number 3114 * of rounds we need to run the prf+ function. 3115 */ 3116 ilen = hash_length(prf) + /* SK_d */ 3117 hash_keylength(integr) + /* SK_ai */ 3118 hash_keylength(integr) + /* SK_ar */ 3119 cipher_keylength(encr) + /* SK_ei */ 3120 cipher_keylength(encr) + /* SK_er */ 3121 hash_keylength(prf) + /* SK_pi */ 3122 hash_keylength(prf); /* SK_pr */ 3123 3124 if ((t = ikev2_prfplus(prf, skeyseed, s, ilen)) == NULL) { 3125 log_debug("%s: failed to get IKE SA key material", __func__); 3126 goto done; 3127 } 3128 3129 /* ibuf_get() returns a new buffer from the next read offset */ 3130 if ((sa->sa_key_d = ibuf_get(t, hash_length(prf))) == NULL || 3131 (sa->sa_key_iauth = ibuf_get(t, hash_keylength(integr))) == NULL || 3132 (sa->sa_key_rauth = ibuf_get(t, hash_keylength(integr))) == NULL || 3133 (sa->sa_key_iencr = ibuf_get(t, cipher_keylength(encr))) == NULL || 3134 (sa->sa_key_rencr = ibuf_get(t, cipher_keylength(encr))) == NULL || 3135 (sa->sa_key_iprf = ibuf_get(t, hash_length(prf))) == NULL || 3136 (sa->sa_key_rprf = ibuf_get(t, hash_length(prf))) == NULL) { 3137 log_debug("%s: failed to get SA keys", __func__); 3138 goto done; 3139 } 3140 3141 log_debug("%s: SK_d with %d bytes", __func__, 3142 ibuf_length(sa->sa_key_d)); 3143 print_hex(sa->sa_key_d->buf, 0, ibuf_length(sa->sa_key_d)); 3144 log_debug("%s: SK_ai with %d bytes", __func__, 3145 ibuf_length(sa->sa_key_iauth)); 3146 print_hex(sa->sa_key_iauth->buf, 0, ibuf_length(sa->sa_key_iauth)); 3147 log_debug("%s: SK_ar with %d bytes", __func__, 3148 ibuf_length(sa->sa_key_rauth)); 3149 print_hex(sa->sa_key_rauth->buf, 0, ibuf_length(sa->sa_key_rauth)); 3150 log_debug("%s: SK_ei with %d bytes", __func__, 3151 ibuf_length(sa->sa_key_iencr)); 3152 print_hex(sa->sa_key_iencr->buf, 0, ibuf_length(sa->sa_key_iencr)); 3153 log_debug("%s: SK_er with %d bytes", __func__, 3154 ibuf_length(sa->sa_key_rencr)); 3155 print_hex(sa->sa_key_rencr->buf, 0, ibuf_length(sa->sa_key_rencr)); 3156 log_debug("%s: SK_pi with %d bytes", __func__, 3157 ibuf_length(sa->sa_key_iprf)); 3158 print_hex(sa->sa_key_iprf->buf, 0, ibuf_length(sa->sa_key_iprf)); 3159 log_debug("%s: SK_pr with %d bytes", __func__, 3160 ibuf_length(sa->sa_key_rprf)); 3161 print_hex(sa->sa_key_rprf->buf, 0, ibuf_length(sa->sa_key_rprf)); 3162 3163 ret = 0; 3164 3165 done: 3166 ibuf_release(ninr); 3167 ibuf_release(dhsecret); 3168 ibuf_release(skeyseed); 3169 ibuf_release(s); 3170 ibuf_release(t); 3171 3172 return (ret); 3173 } 3174 3175 struct ibuf * 3176 ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, 3177 size_t keymatlen) 3178 { 3179 struct ibuf *t = NULL, *t1 = NULL, *t2 = NULL; 3180 size_t rlen, i, hashlen = 0; 3181 u_int8_t pad = 0; 3182 3183 /* 3184 * prf+ (K, S) = T1 | T2 | T3 | T4 | ... 3185 * 3186 * T1 = prf (K, S | 0x01) 3187 * T2 = prf (K, T1 | S | 0x02) 3188 * T3 = prf (K, T2 | S | 0x03) 3189 * T4 = prf (K, T3 | S | 0x04) 3190 */ 3191 3192 if ((hash_setkey(prf, ibuf_data(key), ibuf_size(key))) == NULL) { 3193 log_debug("%s: failed to set prf+ key", __func__); 3194 goto fail; 3195 } 3196 3197 if ((t = ibuf_new(NULL, 0)) == NULL) { 3198 log_debug("%s: failed to get T buffer", __func__); 3199 goto fail; 3200 } 3201 3202 rlen = roundup(keymatlen, hash_length(prf)) / hash_length(prf); 3203 if (rlen > 255) 3204 fatalx("ikev2_prfplus: key material too large"); 3205 3206 for (i = 0; i < rlen; i++) { 3207 if (t1 != NULL) { 3208 t2 = ibuf_new(t1->buf, ibuf_length(t1)); 3209 ibuf_release(t1); 3210 } else 3211 t2 = ibuf_new(NULL, 0); 3212 t1 = ibuf_new(NULL, hash_length(prf)); 3213 3214 ibuf_add(t2, seed->buf, ibuf_length(seed)); 3215 pad = i + 1; 3216 ibuf_add(t2, &pad, 1); 3217 3218 hash_init(prf); 3219 hash_update(prf, t2->buf, ibuf_length(t2)); 3220 hash_final(prf, t1->buf, &hashlen); 3221 3222 if (hashlen != hash_length(prf)) 3223 fatalx("ikev2_prfplus: hash length mismatch"); 3224 3225 ibuf_release(t2); 3226 ibuf_add(t, t1->buf, ibuf_length(t1)); 3227 3228 log_debug("%s: T%d with %d bytes", __func__, 3229 pad, ibuf_length(t1)); 3230 print_hex(t1->buf, 0, ibuf_length(t1)); 3231 } 3232 3233 log_debug("%s: Tn with %d bytes", __func__, ibuf_length(t)); 3234 print_hex(t->buf, 0, ibuf_length(t)); 3235 3236 ibuf_release(t1); 3237 3238 return (t); 3239 3240 fail: 3241 ibuf_release(t1); 3242 ibuf_release(t); 3243 3244 return (NULL); 3245 } 3246 3247 int 3248 ikev2_sa_tag(struct iked_sa *sa, struct iked_id *id) 3249 { 3250 char *format, *domain = NULL, *idrepl = NULL; 3251 char idstr[IKED_ID_SIZE]; 3252 int ret = -1; 3253 size_t len; 3254 3255 if (sa->sa_tag != NULL) 3256 free(sa->sa_tag); 3257 sa->sa_tag = NULL; 3258 format = sa->sa_policy->pol_tag; 3259 3260 len = IKED_TAG_SIZE; 3261 if ((sa->sa_tag = calloc(1, len)) == NULL) { 3262 log_debug("%s: calloc", __func__); 3263 goto fail; 3264 } 3265 if (strlcpy(sa->sa_tag, format, len) >= len) { 3266 log_debug("%s: tag too long", __func__); 3267 goto fail; 3268 } 3269 3270 if (ikev2_print_id(id, idstr, sizeof(idstr)) == -1) { 3271 log_debug("%s: invalid id", __func__); 3272 goto fail; 3273 } 3274 3275 /* ASN.1 DER IDs are too long, use the CN part instead */ 3276 if ((id->id_type == IKEV2_ID_ASN1_DN) && 3277 (idrepl = strstr(idstr, "CN=")) != NULL) { 3278 domain = strstr(idrepl, "emailAddress="); 3279 idrepl[strcspn(idrepl, "/")] = '\0'; 3280 } else 3281 idrepl = idstr; 3282 3283 if (strstr(format, "$id") != NULL) { 3284 if (expand_string(sa->sa_tag, len, "$id", idrepl) != 0) { 3285 log_debug("%s: failed to expand tag", __func__); 3286 goto fail; 3287 } 3288 } 3289 3290 if (strstr(format, "$name") != NULL) { 3291 if (expand_string(sa->sa_tag, len, "$name", 3292 sa->sa_policy->pol_name) != 0) { 3293 log_debug("%s: failed to expand tag", __func__); 3294 goto fail; 3295 } 3296 } 3297 3298 if (strstr(format, "$domain") != NULL) { 3299 if (id->id_type == IKEV2_ID_FQDN) 3300 domain = strchr(idrepl, '.'); 3301 else if (id->id_type == IKEV2_ID_UFQDN) 3302 domain = strchr(idrepl, '@'); 3303 else if (*idstr == '/' && domain != NULL) 3304 domain = strchr(domain, '@'); 3305 else 3306 domain = NULL; 3307 if (domain == NULL || strlen(domain) < 2) { 3308 log_debug("%s: no valid domain in ID %s", 3309 __func__, idstr); 3310 goto fail; 3311 } 3312 domain++; 3313 if (expand_string(sa->sa_tag, len, "$domain", domain) != 0) { 3314 log_debug("%s: failed to expand tag", __func__); 3315 goto fail; 3316 } 3317 } 3318 3319 log_debug("%s: %s (%d)", __func__, sa->sa_tag, strlen(sa->sa_tag)); 3320 3321 ret = 0; 3322 fail: 3323 if (ret != 0) { 3324 free(sa->sa_tag); 3325 sa->sa_tag = NULL; 3326 } 3327 3328 return (ret); 3329 } 3330 3331 int 3332 ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, int initiator) 3333 { 3334 struct iked_proposal *prop; 3335 struct iked_transform *xform, *encrxf = NULL, *integrxf = NULL; 3336 struct iked_childsa *csa, *csb; 3337 struct iked_flow *flow, *saflow, *flowa, *flowb; 3338 struct iked_id *peerid, *localid; 3339 struct ibuf *keymat = NULL, *seed = NULL; 3340 u_int32_t spi = 0; 3341 u_int i; 3342 size_t ilen = 0; 3343 int skip, ret = -1; 3344 3345 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 3346 return (-1); 3347 3348 if (sa->sa_hdr.sh_initiator) { 3349 peerid = &sa->sa_rid; 3350 localid = &sa->sa_iid; 3351 } else { 3352 peerid = &sa->sa_iid; 3353 localid = &sa->sa_rid; 3354 } 3355 3356 if (ikev2_sa_tag(sa, peerid) == -1) 3357 return (-1); 3358 3359 /* We need to determine the key material length first */ 3360 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 3361 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) 3362 continue; 3363 log_debug("%s: proposal %d", __func__, prop->prop_id); 3364 for (i = 0; i < prop->prop_nxforms; i++) { 3365 xform = prop->prop_xforms + i; 3366 xform->xform_keylength = 3367 keylength_xf(prop->prop_protoid, 3368 xform->xform_type, xform->xform_id); 3369 3370 switch (xform->xform_type) { 3371 case IKEV2_XFORMTYPE_ENCR: 3372 case IKEV2_XFORMTYPE_INTEGR: 3373 if (xform->xform_length) 3374 xform->xform_keylength = 3375 xform->xform_length; 3376 xform->xform_keylength += 3377 noncelength_xf(xform->xform_type, 3378 xform->xform_id); 3379 ilen += xform->xform_keylength / 8; 3380 break; 3381 } 3382 } 3383 } 3384 3385 /* double key material length for inbound/outbound */ 3386 ilen *= 2; 3387 3388 log_debug("%s: key material length %d", __func__, ilen); 3389 3390 if ((seed = ibuf_dup(sa->sa_inonce)) == NULL || 3391 ibuf_cat(seed, sa->sa_rnonce) != 0 || 3392 (keymat = ikev2_prfplus(sa->sa_prf, 3393 sa->sa_key_d, seed, ilen)) == NULL) { 3394 log_debug("%s: failed to get IKE SA key material", __func__); 3395 goto done; 3396 } 3397 3398 /* Create the new flows */ 3399 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 3400 if (ikev2_valid_proposal(prop, NULL, NULL) != 0) 3401 continue; 3402 3403 RB_FOREACH(flow, iked_flows, &sa->sa_policy->pol_flows) { 3404 skip = 0; 3405 TAILQ_FOREACH(saflow, &sa->sa_flows, flow_entry) { 3406 if (IKED_ADDR_EQ(&saflow->flow_src, 3407 &flow->flow_src) && 3408 IKED_ADDR_EQ(&saflow->flow_dst, 3409 &flow->flow_dst) && 3410 saflow->flow_saproto == prop->prop_protoid) 3411 skip = 1; 3412 } 3413 if (skip) 3414 continue; 3415 3416 if ((flowa = calloc(1, sizeof(*flowa))) == NULL) { 3417 log_debug("%s: failed to get flow", __func__); 3418 goto done; 3419 } 3420 3421 memcpy(flowa, flow, sizeof(*flow)); 3422 flowa->flow_dir = IPSP_DIRECTION_OUT; 3423 flowa->flow_saproto = prop->prop_protoid; 3424 flowa->flow_srcid = localid; 3425 flowa->flow_dstid = peerid; 3426 flowa->flow_local = &sa->sa_local; 3427 flowa->flow_peer = &sa->sa_peer; 3428 flowa->flow_ikesa = sa; 3429 3430 if ((flowb = calloc(1, sizeof(*flowb))) == NULL) { 3431 log_debug("%s: failed to get flow", __func__); 3432 flow_free(flowa); 3433 goto done; 3434 } 3435 3436 memcpy(flowb, flowa, sizeof(*flow)); 3437 3438 flowb->flow_dir = IPSP_DIRECTION_IN; 3439 memcpy(&flowb->flow_src, &flow->flow_dst, 3440 sizeof(flow->flow_dst)); 3441 memcpy(&flowb->flow_dst, &flow->flow_src, 3442 sizeof(flow->flow_src)); 3443 3444 TAILQ_INSERT_TAIL(&sa->sa_flows, flowa, flow_entry); 3445 TAILQ_INSERT_TAIL(&sa->sa_flows, flowb, flow_entry); 3446 } 3447 } 3448 3449 /* create the CHILD SAs using the key material */ 3450 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 3451 if (ikev2_valid_proposal(prop, &encrxf, &integrxf) != 0) 3452 continue; 3453 3454 spi = 0; 3455 3456 if ((csa = calloc(1, sizeof(*csa))) == NULL) { 3457 log_debug("%s: failed to get CHILD SA", __func__); 3458 goto done; 3459 } 3460 3461 csa->csa_saproto = prop->prop_protoid; 3462 csa->csa_ikesa = sa; 3463 csa->csa_srcid = localid; 3464 csa->csa_dstid = peerid; 3465 csa->csa_spi.spi_protoid = prop->prop_protoid; 3466 3467 /* Set up responder's SPIs */ 3468 if (initiator) { 3469 csa->csa_dir = IPSP_DIRECTION_OUT; 3470 csa->csa_local = &sa->sa_local; 3471 csa->csa_peer = &sa->sa_peer; 3472 csa->csa_peerspi = prop->prop_localspi.spi; 3473 csa->csa_spi.spi = prop->prop_peerspi.spi; 3474 csa->csa_spi.spi_size = prop->prop_peerspi.spi_size; 3475 } else { 3476 csa->csa_dir = IPSP_DIRECTION_IN; 3477 csa->csa_local = &sa->sa_peer; 3478 csa->csa_peer = &sa->sa_local; 3479 3480 if ((ret = pfkey_sa_init(env->sc_pfkey, csa, 3481 &spi)) != 0) 3482 goto done; 3483 csa->csa_allocated = 1; 3484 3485 csa->csa_peerspi = prop->prop_peerspi.spi; 3486 csa->csa_spi.spi = prop->prop_localspi.spi = spi; 3487 csa->csa_spi.spi_size = 4; 3488 } 3489 3490 if (encrxf && (csa->csa_encrkey = ibuf_get(keymat, 3491 encrxf->xform_keylength / 8)) == NULL) { 3492 log_debug("%s: failed to get CHILD SA encryption key", 3493 __func__); 3494 childsa_free(csa); 3495 goto done; 3496 } 3497 if (integrxf && (csa->csa_integrkey = ibuf_get(keymat, 3498 integrxf->xform_keylength / 8)) == NULL) { 3499 log_debug("%s: failed to get CHILD SA integrity key", 3500 __func__); 3501 childsa_free(csa); 3502 goto done; 3503 } 3504 csa->csa_encrxf = encrxf; 3505 csa->csa_integrxf = integrxf; 3506 3507 if ((csb = calloc(1, sizeof(*csb))) == NULL) { 3508 log_debug("%s: failed to get CHILD SA", __func__); 3509 childsa_free(csa); 3510 goto done; 3511 } 3512 3513 memcpy(csb, csa, sizeof(*csb)); 3514 3515 /* Set up initiator's SPIs */ 3516 csb->csa_spi.spi = csa->csa_peerspi; 3517 csb->csa_peerspi = csa->csa_spi.spi; 3518 csb->csa_allocated = csa->csa_allocated ? 0 : 1; 3519 csb->csa_dir = csa->csa_dir == IPSP_DIRECTION_IN ? 3520 IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN; 3521 csb->csa_local = csa->csa_peer; 3522 csb->csa_peer = csa->csa_local; 3523 3524 if (encrxf && (csb->csa_encrkey = ibuf_get(keymat, 3525 encrxf->xform_keylength / 8)) == NULL) { 3526 log_debug("%s: failed to get CHILD SA encryption key", 3527 __func__); 3528 childsa_free(csa); 3529 childsa_free(csb); 3530 goto done; 3531 } 3532 if (integrxf && (csb->csa_integrkey = ibuf_get(keymat, 3533 integrxf->xform_keylength / 8)) == NULL) { 3534 log_debug("%s: failed to get CHILD SA integrity key", 3535 __func__); 3536 childsa_free(csa); 3537 childsa_free(csb); 3538 goto done; 3539 } 3540 3541 TAILQ_INSERT_TAIL(&sa->sa_childsas, csa, csa_entry); 3542 TAILQ_INSERT_TAIL(&sa->sa_childsas, csb, csa_entry); 3543 3544 csa->csa_peersa = csb; 3545 csb->csa_peersa = csa; 3546 } 3547 3548 ret = 0; 3549 done: 3550 ibuf_release(keymat); 3551 ibuf_release(seed); 3552 3553 return (ret); 3554 } 3555 3556 int 3557 ikev2_childsa_enable(struct iked *env, struct iked_sa *sa) 3558 { 3559 struct iked_childsa *csa; 3560 struct iked_flow *flow; 3561 3562 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 3563 if (csa->csa_rekey || csa->csa_loaded) 3564 continue; 3565 3566 if (pfkey_sa_add(env->sc_pfkey, csa, NULL) != 0) { 3567 log_debug("%s: failed to load CHILD SA spi %s", 3568 __func__, print_spi(csa->csa_spi.spi, 3569 csa->csa_spi.spi_size)); 3570 return (-1); 3571 } 3572 3573 RB_INSERT(iked_activesas, &env->sc_activesas, csa); 3574 3575 log_debug("%s: loaded CHILD SA spi %s", __func__, 3576 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size)); 3577 } 3578 3579 TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) { 3580 if (flow->flow_loaded) 3581 continue; 3582 3583 if (pfkey_flow_add(env->sc_pfkey, flow) != 0) { 3584 log_debug("%s: failed to load flow", __func__); 3585 return (-1); 3586 } 3587 3588 RB_INSERT(iked_flows, &env->sc_activeflows, flow); 3589 3590 log_debug("%s: loaded flow %p", __func__, flow); 3591 } 3592 3593 return (0); 3594 } 3595 3596 int 3597 ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, u_int8_t saproto, 3598 u_int64_t spi, u_int64_t *spiptr, int cleanup) 3599 { 3600 struct iked_childsa *csa, *nextcsa = NULL; 3601 u_int64_t peerspi = 0; 3602 int found = 0; 3603 3604 for (csa = TAILQ_FIRST(&sa->sa_childsas); csa != NULL; csa = nextcsa) { 3605 nextcsa = TAILQ_NEXT(csa, csa_entry); 3606 3607 if ((saproto && csa->csa_saproto != saproto) || 3608 (spi && (csa->csa_spi.spi != spi && 3609 csa->csa_peerspi != spi)) || 3610 (cleanup && csa->csa_loaded)) 3611 continue; 3612 3613 if (csa->csa_loaded) 3614 RB_REMOVE(iked_activesas, &env->sc_activesas, csa); 3615 3616 if (pfkey_sa_delete(env->sc_pfkey, csa) != 0) 3617 log_debug("%s: failed to delete CHILD SA spi %s", 3618 __func__, print_spi(csa->csa_spi.spi, 3619 csa->csa_spi.spi_size)); 3620 else 3621 log_debug("%s: deleted CHILD SA spi %s", __func__, 3622 print_spi(csa->csa_spi.spi, 3623 csa->csa_spi.spi_size)); 3624 found++; 3625 3626 if (spi && csa->csa_spi.spi == spi) 3627 peerspi = csa->csa_peerspi; 3628 3629 TAILQ_REMOVE(&sa->sa_childsas, csa, csa_entry); 3630 childsa_free(csa); 3631 } 3632 3633 if (spiptr) 3634 *spiptr = peerspi; 3635 3636 return (found ? 0 : -1); 3637 } 3638 3639 int 3640 ikev2_valid_proposal(struct iked_proposal *prop, 3641 struct iked_transform **exf, struct iked_transform **ixf) 3642 { 3643 struct iked_transform *xform, *encrxf, *integrxf; 3644 u_int i; 3645 3646 switch (prop->prop_protoid) { 3647 case IKEV2_SAPROTO_ESP: 3648 case IKEV2_SAPROTO_AH: 3649 break; 3650 default: 3651 return (-1); 3652 } 3653 3654 encrxf = integrxf = NULL; 3655 for (i = 0; i < prop->prop_nxforms; i++) { 3656 xform = prop->prop_xforms + i; 3657 if (xform->xform_type == IKEV2_XFORMTYPE_ENCR) 3658 encrxf = xform; 3659 else if (xform->xform_type == IKEV2_XFORMTYPE_INTEGR) 3660 integrxf = xform; 3661 } 3662 3663 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) { 3664 if (encrxf == NULL || integrxf == NULL) 3665 return (-1); 3666 } else if (prop->prop_protoid == IKEV2_SAPROTO_AH) { 3667 if (integrxf == NULL) 3668 return (-1); 3669 } else if (prop->prop_protoid == IKEV2_SAPROTO_ESP) { 3670 if (encrxf == NULL) 3671 return (-1); 3672 } 3673 3674 if (exf) 3675 *exf = encrxf; 3676 if (ixf) 3677 *ixf = integrxf; 3678 3679 return (0); 3680 } 3681 3682 void 3683 ikev2_acquire_sa(struct iked *env, struct iked_flow *acquire) 3684 { 3685 struct iked_flow *flow; 3686 struct iked_sa *sa; 3687 struct iked_policy pol, *p = NULL; 3688 3689 if (env->sc_passive) 3690 return; 3691 3692 /* First try to find an active flow with IKE SA */ 3693 flow = RB_FIND(iked_flows, &env->sc_activeflows, acquire); 3694 if (!flow) { 3695 /* Otherwise try to find a matching policy */ 3696 bzero(&pol, sizeof(pol)); 3697 pol.pol_af = acquire->flow_peer->addr_af; 3698 memcpy(&pol.pol_peer, acquire->flow_peer, 3699 sizeof(pol.pol_peer)); 3700 3701 RB_INIT(&pol.pol_flows); 3702 RB_INSERT(iked_flows, &pol.pol_flows, acquire); 3703 pol.pol_nflows = 1; 3704 3705 if ((p = policy_test(env, &pol)) == NULL) { 3706 log_warnx("%s: flow wasn't found", __func__); 3707 return; 3708 } 3709 3710 log_debug("%s: found matching policy '%s'", __func__, 3711 p->pol_name); 3712 3713 if (ikev2_init_ike_sa_peer(env, p, acquire->flow_peer) != 0) 3714 log_warnx("%s: failed to initiate a " 3715 "IKE_SA_INIT exchange", __func__); 3716 } else { 3717 log_debug("%s: found active flow", __func__); 3718 3719 if ((sa = flow->flow_ikesa) == NULL) { 3720 log_warnx("%s: flow without SA", __func__); 3721 return; 3722 } 3723 3724 if (ikev2_send_create_child_sa(env, sa, NULL, 3725 flow->flow_saproto) != 0) 3726 log_warnx("%s: failed to initiate a " 3727 "CREATE_CHILD_SA exchange", __func__); 3728 } 3729 } 3730 3731 void 3732 ikev2_disable_rekeying(struct iked *env, struct iked_sa *sa) 3733 { 3734 struct iked_childsa *csa; 3735 3736 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 3737 csa->csa_persistent = 1; 3738 csa->csa_rekey = 0; 3739 } 3740 3741 (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 3742 } 3743 3744 void 3745 ikev2_rekey_sa(struct iked *env, struct iked_spi *rekey) 3746 { 3747 struct iked_childsa *csa, key; 3748 struct iked_sa *sa; 3749 3750 key.csa_spi = *rekey; 3751 csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); 3752 if (!csa) 3753 return; 3754 3755 if (csa->csa_rekey) /* See if it's already taken care of */ 3756 return; 3757 if ((sa = csa->csa_ikesa) == NULL) { 3758 log_warnx("%s: SA %s doesn't have a parent SA", __func__, 3759 print_spi(rekey->spi, rekey->spi_size)); 3760 return; 3761 } 3762 if (!sa_stateok(sa, IKEV2_STATE_ESTABLISHED)) { 3763 log_warnx("%s: SA %s is not established", __func__, 3764 print_spi(rekey->spi, rekey->spi_size)); 3765 return; 3766 } 3767 if (csa->csa_allocated) /* Peer SPI died first, get the local one */ 3768 rekey->spi = csa->csa_peerspi; 3769 if (ikev2_send_create_child_sa(env, sa, rekey, rekey->spi_protoid)) 3770 log_warnx("%s: failed to initiate a CREATE_CHILD_SA exchange", 3771 __func__); 3772 } 3773 3774 void 3775 ikev2_drop_sa(struct iked *env, struct iked_spi *drop) 3776 { 3777 struct ibuf *buf = NULL; 3778 struct iked_childsa *csa, key; 3779 struct iked_sa *sa; 3780 struct ikev2_delete *del; 3781 u_int32_t spi32; 3782 3783 key.csa_spi = *drop; 3784 csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); 3785 if (!csa || csa->csa_rekey) 3786 return; 3787 RB_REMOVE(iked_activesas, &env->sc_activesas, csa); 3788 csa->csa_loaded = 0; 3789 if ((sa = csa->csa_ikesa) == NULL) { 3790 log_debug("%s: failed to find a parent SA", __func__); 3791 return; 3792 } 3793 3794 if ((buf = ibuf_static()) == NULL) 3795 goto done; 3796 if ((del = ibuf_advance(buf, sizeof(*del))) == NULL) 3797 goto done; 3798 3799 if (csa->csa_allocated) 3800 spi32 = htobe32(csa->csa_spi.spi); 3801 else 3802 spi32 = htobe32(csa->csa_peerspi); 3803 3804 if (ikev2_childsa_delete(env, sa, csa->csa_saproto, 3805 csa->csa_peerspi, NULL, 0)) 3806 log_debug("%s: failed to delete CHILD SA %s", __func__, 3807 print_spi(csa->csa_peerspi, drop->spi_size)); 3808 3809 /* Send PAYLOAD_DELETE */ 3810 3811 if ((buf = ibuf_static()) == NULL) 3812 return; 3813 if ((del = ibuf_advance(buf, sizeof(*del))) == NULL) 3814 goto done; 3815 del->del_protoid = drop->spi_protoid; 3816 del->del_spisize = 4; 3817 del->del_nspi = htobe16(1); 3818 if (ibuf_add(buf, &spi32, sizeof(spi32))) 3819 goto done; 3820 3821 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 3822 IKEV2_EXCHANGE_INFORMATIONAL, 0) == -1) 3823 goto done; 3824 3825 sa->sa_stateflags |= IKED_REQ_INF; 3826 3827 /* Initiate Child SA creation */ 3828 if (ikev2_send_create_child_sa(env, sa, NULL, drop->spi_protoid)) 3829 log_warnx("%s: failed to initiate a CREATE_CHILD_SA exchange", 3830 __func__); 3831 3832 done: 3833 ibuf_release(buf); 3834 return; 3835 } 3836 3837 int 3838 ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen) 3839 { 3840 u_int8_t buf[BUFSIZ], *ptr; 3841 struct sockaddr_in *s4; 3842 struct sockaddr_in6 *s6; 3843 char *str; 3844 ssize_t len; 3845 int i; 3846 const char *type; 3847 3848 bzero(buf, sizeof(buf)); 3849 bzero(idstr, idstrlen); 3850 3851 if (id->id_buf == NULL) 3852 return (-1); 3853 3854 len = ibuf_size(id->id_buf); 3855 ptr = ibuf_data(id->id_buf); 3856 3857 if (len <= id->id_offset) 3858 return (-1); 3859 3860 len -= id->id_offset; 3861 ptr += id->id_offset; 3862 3863 type = print_map(id->id_type, ikev2_id_map); 3864 3865 if (strlcpy(idstr, type, idstrlen) >= idstrlen || 3866 strlcat(idstr, "/", idstrlen) >= idstrlen) 3867 return (-1); 3868 3869 idstr += strlen(idstr); 3870 idstrlen -= strlen(idstr); 3871 3872 switch (id->id_type) { 3873 case IKEV2_ID_IPV4: 3874 s4 = (struct sockaddr_in *)buf; 3875 s4->sin_family = AF_INET; 3876 s4->sin_len = sizeof(*s4); 3877 memcpy(&s4->sin_addr.s_addr, ptr, len); 3878 3879 if (print_host((struct sockaddr_storage *)s4, 3880 idstr, idstrlen) == NULL) 3881 return (-1); 3882 break; 3883 case IKEV2_ID_FQDN: 3884 case IKEV2_ID_UFQDN: 3885 if (len >= (ssize_t)sizeof(buf)) 3886 return (-1); 3887 3888 if ((str = get_string(ptr, len)) == NULL) 3889 return (-1); 3890 3891 if (strlcpy(idstr, str, idstrlen) >= idstrlen) { 3892 free(str); 3893 return (-1); 3894 } 3895 free(str); 3896 break; 3897 case IKEV2_ID_IPV6: 3898 s6 = (struct sockaddr_in6 *)buf; 3899 s6->sin6_family = AF_INET6; 3900 s6->sin6_len = sizeof(*s6); 3901 memcpy(&s6->sin6_addr, ptr, len); 3902 3903 if (print_host((struct sockaddr_storage *)s6, 3904 idstr, idstrlen) == NULL) 3905 return (-1); 3906 break; 3907 case IKEV2_ID_ASN1_DN: 3908 if ((str = ca_asn1_name(ptr, len)) == NULL) 3909 return (-1); 3910 if (strlcpy(idstr, str, idstrlen) >= idstrlen) { 3911 free(str); 3912 return (-1); 3913 } 3914 free(str); 3915 break; 3916 default: 3917 /* XXX test */ 3918 for (i = 0; i < ((ssize_t)idstrlen - 1) && i < len; i++) 3919 snprintf(idstr + i, idstrlen - i, 3920 "%02x", ptr[i]); 3921 break; 3922 } 3923 3924 return (0); 3925 } 3926