1 /* $OpenBSD: ikev2_msg.c,v 1.90 2022/12/06 09:07:33 tobhe Exp $ */ 2 3 /* 4 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> 5 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/types.h> 21 #include <sys/queue.h> 22 #include <sys/socket.h> 23 #include <sys/uio.h> 24 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 28 #include <stdlib.h> 29 #include <stdio.h> 30 #include <syslog.h> 31 #include <unistd.h> 32 #include <string.h> 33 #include <signal.h> 34 #include <endian.h> 35 #include <errno.h> 36 #include <err.h> 37 #include <event.h> 38 39 #include <openssl/sha.h> 40 #include <openssl/evp.h> 41 42 #include "iked.h" 43 #include "ikev2.h" 44 #include "eap.h" 45 #include "dh.h" 46 47 void ikev1_recv(struct iked *, struct iked_message *); 48 void ikev2_msg_response_timeout(struct iked *, void *); 49 void ikev2_msg_retransmit_timeout(struct iked *, void *); 50 int ikev2_check_frag_oversize(struct iked_sa *, struct ibuf *); 51 int ikev2_send_encrypted_fragments(struct iked *, struct iked_sa *, 52 struct ibuf *, uint8_t, uint8_t, int); 53 int ikev2_msg_encrypt_prepare(struct iked_sa *, struct ikev2_payload *, 54 struct ibuf*, struct ibuf *, struct ike_header *, uint8_t, int); 55 56 void 57 ikev2_msg_cb(int fd, short event, void *arg) 58 { 59 struct iked_socket *sock = arg; 60 struct iked *env = sock->sock_env; 61 struct iked_message msg; 62 struct ike_header hdr; 63 uint32_t natt = 0x00000000; 64 uint8_t buf[IKED_MSGBUF_MAX]; 65 ssize_t len; 66 off_t off; 67 68 bzero(&msg, sizeof(msg)); 69 bzero(buf, sizeof(buf)); 70 71 msg.msg_peerlen = sizeof(msg.msg_peer); 72 msg.msg_locallen = sizeof(msg.msg_local); 73 msg.msg_parent = &msg; 74 memcpy(&msg.msg_local, &sock->sock_addr, sizeof(sock->sock_addr)); 75 76 if ((len = recvfromto(fd, buf, sizeof(buf), 0, 77 (struct sockaddr *)&msg.msg_peer, &msg.msg_peerlen, 78 (struct sockaddr *)&msg.msg_local, &msg.msg_locallen)) < 79 (ssize_t)sizeof(natt)) 80 return; 81 82 if (socket_getport((struct sockaddr *)&msg.msg_local) == 83 env->sc_nattport) { 84 if (memcmp(&natt, buf, sizeof(natt)) != 0) 85 return; 86 msg.msg_natt = 1; 87 off = sizeof(natt); 88 } else 89 off = 0; 90 91 if ((size_t)(len - off) <= sizeof(hdr)) 92 return; 93 memcpy(&hdr, buf + off, sizeof(hdr)); 94 95 if ((msg.msg_data = ibuf_new(buf + off, len - off)) == NULL) 96 return; 97 98 TAILQ_INIT(&msg.msg_proposals); 99 SIMPLEQ_INIT(&msg.msg_certreqs); 100 msg.msg_fd = fd; 101 102 if (hdr.ike_version == IKEV1_VERSION) 103 ikev1_recv(env, &msg); 104 else 105 ikev2_recv(env, &msg); 106 107 ikev2_msg_cleanup(env, &msg); 108 } 109 110 void 111 ikev1_recv(struct iked *env, struct iked_message *msg) 112 { 113 struct ike_header *hdr; 114 115 if (ibuf_size(msg->msg_data) <= sizeof(*hdr)) { 116 log_debug("%s: short message", __func__); 117 return; 118 } 119 120 hdr = (struct ike_header *)ibuf_data(msg->msg_data); 121 122 log_debug("%s: header ispi %s rspi %s" 123 " nextpayload %u version 0x%02x exchange %u flags 0x%02x" 124 " msgid %u length %u", __func__, 125 print_spi(betoh64(hdr->ike_ispi), 8), 126 print_spi(betoh64(hdr->ike_rspi), 8), 127 hdr->ike_nextpayload, 128 hdr->ike_version, 129 hdr->ike_exchange, 130 hdr->ike_flags, 131 betoh32(hdr->ike_msgid), 132 betoh32(hdr->ike_length)); 133 134 log_debug("%s: IKEv1 not supported", __func__); 135 } 136 137 struct ibuf * 138 ikev2_msg_init(struct iked *env, struct iked_message *msg, 139 struct sockaddr_storage *peer, socklen_t peerlen, 140 struct sockaddr_storage *local, socklen_t locallen, int response) 141 { 142 bzero(msg, sizeof(*msg)); 143 memcpy(&msg->msg_peer, peer, peerlen); 144 msg->msg_peerlen = peerlen; 145 memcpy(&msg->msg_local, local, locallen); 146 msg->msg_locallen = locallen; 147 msg->msg_response = response ? 1 : 0; 148 msg->msg_fd = -1; 149 msg->msg_data = ibuf_static(); 150 msg->msg_e = 0; 151 msg->msg_parent = msg; /* has to be set */ 152 TAILQ_INIT(&msg->msg_proposals); 153 154 return (msg->msg_data); 155 } 156 157 struct iked_message * 158 ikev2_msg_copy(struct iked *env, struct iked_message *msg) 159 { 160 struct iked_message *m = NULL; 161 struct ibuf *buf; 162 size_t len; 163 void *ptr; 164 165 if (ibuf_size(msg->msg_data) < msg->msg_offset) 166 return (NULL); 167 len = ibuf_size(msg->msg_data) - msg->msg_offset; 168 169 if ((m = malloc(sizeof(*m))) == NULL) 170 return (NULL); 171 172 if ((ptr = ibuf_seek(msg->msg_data, msg->msg_offset, len)) == NULL || 173 (buf = ikev2_msg_init(env, m, &msg->msg_peer, msg->msg_peerlen, 174 &msg->msg_local, msg->msg_locallen, msg->msg_response)) == NULL || 175 ibuf_add(buf, ptr, len)) { 176 free(m); 177 return (NULL); 178 } 179 180 m->msg_fd = msg->msg_fd; 181 m->msg_msgid = msg->msg_msgid; 182 m->msg_offset = msg->msg_offset; 183 m->msg_sa = msg->msg_sa; 184 185 return (m); 186 } 187 188 void 189 ikev2_msg_cleanup(struct iked *env, struct iked_message *msg) 190 { 191 struct iked_certreq *cr; 192 193 if (msg == msg->msg_parent) { 194 ibuf_release(msg->msg_nonce); 195 ibuf_release(msg->msg_ke); 196 ibuf_release(msg->msg_auth.id_buf); 197 ibuf_release(msg->msg_peerid.id_buf); 198 ibuf_release(msg->msg_localid.id_buf); 199 ibuf_release(msg->msg_cert.id_buf); 200 ibuf_release(msg->msg_cookie); 201 ibuf_release(msg->msg_cookie2); 202 ibuf_release(msg->msg_del_buf); 203 free(msg->msg_eap.eam_user); 204 free(msg->msg_cp_addr); 205 free(msg->msg_cp_addr6); 206 free(msg->msg_cp_dns); 207 208 msg->msg_nonce = NULL; 209 msg->msg_ke = NULL; 210 msg->msg_auth.id_buf = NULL; 211 msg->msg_peerid.id_buf = NULL; 212 msg->msg_localid.id_buf = NULL; 213 msg->msg_cert.id_buf = NULL; 214 msg->msg_cookie = NULL; 215 msg->msg_cookie2 = NULL; 216 msg->msg_del_buf = NULL; 217 msg->msg_eap.eam_user = NULL; 218 msg->msg_cp_addr = NULL; 219 msg->msg_cp_addr6 = NULL; 220 msg->msg_cp_dns = NULL; 221 222 config_free_proposals(&msg->msg_proposals, 0); 223 while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) { 224 ibuf_release(cr->cr_data); 225 SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); 226 free(cr); 227 } 228 } 229 230 if (msg->msg_data != NULL) { 231 ibuf_release(msg->msg_data); 232 msg->msg_data = NULL; 233 } 234 } 235 236 int 237 ikev2_msg_valid_ike_sa(struct iked *env, struct ike_header *oldhdr, 238 struct iked_message *msg) 239 { 240 if (msg->msg_sa != NULL && msg->msg_policy != NULL) { 241 if (msg->msg_sa->sa_state == IKEV2_STATE_CLOSED) 242 return (-1); 243 /* 244 * Only permit informational requests from initiator 245 * on closing SAs (for DELETE). 246 */ 247 if (msg->msg_sa->sa_state == IKEV2_STATE_CLOSING) { 248 if (((oldhdr->ike_flags & 249 (IKEV2_FLAG_INITIATOR|IKEV2_FLAG_RESPONSE)) == 250 IKEV2_FLAG_INITIATOR) && 251 (oldhdr->ike_exchange == 252 IKEV2_EXCHANGE_INFORMATIONAL)) 253 return (0); 254 return (-1); 255 } 256 return (0); 257 } 258 259 /* Always fail */ 260 return (-1); 261 } 262 263 int 264 ikev2_msg_send(struct iked *env, struct iked_message *msg) 265 { 266 struct iked_sa *sa = msg->msg_sa; 267 struct ibuf *buf = msg->msg_data; 268 uint32_t natt = 0x00000000; 269 int isnatt = 0; 270 uint8_t exchange, flags; 271 struct ike_header *hdr; 272 struct iked_message *m; 273 274 if (buf == NULL || (hdr = ibuf_seek(msg->msg_data, 275 msg->msg_offset, sizeof(*hdr))) == NULL) 276 return (-1); 277 278 isnatt = (msg->msg_natt || (sa && sa->sa_natt)); 279 280 exchange = hdr->ike_exchange; 281 flags = hdr->ike_flags; 282 logit(exchange == IKEV2_EXCHANGE_INFORMATIONAL ? LOG_DEBUG : LOG_INFO, 283 "%ssend %s %s %u peer %s local %s, %zu bytes%s", 284 SPI_IH(hdr), 285 print_map(exchange, ikev2_exchange_map), 286 (flags & IKEV2_FLAG_RESPONSE) ? "res" : "req", 287 betoh32(hdr->ike_msgid), 288 print_host((struct sockaddr *)&msg->msg_peer, NULL, 0), 289 print_host((struct sockaddr *)&msg->msg_local, NULL, 0), 290 ibuf_length(buf), isnatt ? ", NAT-T" : ""); 291 292 if (isnatt) { 293 if (ibuf_prepend(buf, &natt, sizeof(natt)) == -1) { 294 log_debug("%s: failed to set NAT-T", __func__); 295 return (-1); 296 } 297 } 298 299 if (sendtofrom(msg->msg_fd, ibuf_data(buf), ibuf_size(buf), 0, 300 (struct sockaddr *)&msg->msg_peer, msg->msg_peerlen, 301 (struct sockaddr *)&msg->msg_local, msg->msg_locallen) == -1) { 302 log_warn("%s: sendtofrom", __func__); 303 if (sa != NULL && errno == EADDRNOTAVAIL) { 304 sa_state(env, sa, IKEV2_STATE_CLOSING); 305 timer_del(env, &sa->sa_timer); 306 timer_set(env, &sa->sa_timer, 307 ikev2_ike_sa_timeout, sa); 308 timer_add(env, &sa->sa_timer, 309 IKED_IKE_SA_DELETE_TIMEOUT); 310 } 311 ikestat_inc(env, ikes_msg_send_failures); 312 } else 313 ikestat_inc(env, ikes_msg_sent); 314 315 if (sa == NULL) 316 return (0); 317 318 if ((m = ikev2_msg_copy(env, msg)) == NULL) { 319 log_debug("%s: failed to copy a message", __func__); 320 return (-1); 321 } 322 m->msg_exchange = exchange; 323 324 if (flags & IKEV2_FLAG_RESPONSE) { 325 if (ikev2_msg_enqueue(env, &sa->sa_responses, m, 326 IKED_RESPONSE_TIMEOUT) != 0) { 327 ikev2_msg_cleanup(env, m); 328 free(m); 329 return (-1); 330 } 331 } else { 332 if (ikev2_msg_enqueue(env, &sa->sa_requests, m, 333 IKED_RETRANSMIT_TIMEOUT) != 0) { 334 ikev2_msg_cleanup(env, m); 335 free(m); 336 return (-1); 337 } 338 } 339 340 return (0); 341 } 342 343 uint32_t 344 ikev2_msg_id(struct iked *env, struct iked_sa *sa) 345 { 346 uint32_t id = sa->sa_reqid; 347 348 if (++sa->sa_reqid == UINT32_MAX) { 349 /* XXX we should close and renegotiate the connection now */ 350 log_debug("%s: IKEv2 message sequence overflow", __func__); 351 } 352 return (id); 353 } 354 355 /* 356 * Calculate the final sizes of the IKEv2 header and the encrypted payload 357 * header. This must be done before encryption to make sure the correct 358 * headers are authenticated. 359 */ 360 int 361 ikev2_msg_encrypt_prepare(struct iked_sa *sa, struct ikev2_payload *pld, 362 struct ibuf *buf, struct ibuf *e, struct ike_header *hdr, 363 uint8_t firstpayload, int fragmentation) 364 { 365 size_t len, ivlen, encrlen, integrlen, blocklen, pldlen, outlen; 366 367 if (sa == NULL || 368 sa->sa_encr == NULL || 369 sa->sa_integr == NULL) { 370 log_debug("%s: invalid SA", __func__); 371 return (-1); 372 } 373 374 len = ibuf_size(e); 375 blocklen = cipher_length(sa->sa_encr); 376 integrlen = hash_length(sa->sa_integr); 377 ivlen = cipher_ivlength(sa->sa_encr); 378 encrlen = roundup(len + 1, blocklen); 379 outlen = cipher_outlength(sa->sa_encr, encrlen); 380 pldlen = ivlen + outlen + integrlen; 381 382 if (ikev2_next_payload(pld, 383 pldlen + (fragmentation ? sizeof(struct ikev2_frag_payload) : 0), 384 firstpayload) == -1) 385 return (-1); 386 if (ikev2_set_header(hdr, ibuf_size(buf) + pldlen - sizeof(*hdr)) == -1) 387 return (-1); 388 389 return (0); 390 } 391 392 struct ibuf * 393 ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src, 394 struct ibuf *aad) 395 { 396 size_t len, encrlen, integrlen, blocklen, 397 outlen; 398 uint8_t *buf, pad = 0, *ptr; 399 struct ibuf *encr, *dst = NULL, *out = NULL; 400 401 buf = ibuf_data(src); 402 len = ibuf_size(src); 403 404 log_debug("%s: decrypted length %zu", __func__, len); 405 print_hex(buf, 0, len); 406 407 if (sa == NULL || 408 sa->sa_encr == NULL || 409 sa->sa_integr == NULL) { 410 log_debug("%s: invalid SA", __func__); 411 goto done; 412 } 413 414 if (sa->sa_hdr.sh_initiator) 415 encr = sa->sa_key_iencr; 416 else 417 encr = sa->sa_key_rencr; 418 419 blocklen = cipher_length(sa->sa_encr); 420 integrlen = hash_length(sa->sa_integr); 421 encrlen = roundup(len + sizeof(pad), blocklen); 422 pad = encrlen - (len + sizeof(pad)); 423 424 /* 425 * Pad the payload and encrypt it 426 */ 427 if (pad) { 428 if ((ptr = ibuf_advance(src, pad)) == NULL) 429 goto done; 430 arc4random_buf(ptr, pad); 431 } 432 if (ibuf_add(src, &pad, sizeof(pad)) != 0) 433 goto done; 434 435 log_debug("%s: padded length %zu", __func__, ibuf_size(src)); 436 print_hex(ibuf_data(src), 0, ibuf_size(src)); 437 438 cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr)); 439 cipher_setiv(sa->sa_encr, NULL, 0); /* XXX ivlen */ 440 if (cipher_init_encrypt(sa->sa_encr) == -1) { 441 log_info("%s: error initiating cipher.", __func__); 442 goto done; 443 } 444 445 if ((dst = ibuf_dup(sa->sa_encr->encr_iv)) == NULL) 446 goto done; 447 448 if ((out = ibuf_new(NULL, 449 cipher_outlength(sa->sa_encr, encrlen))) == NULL) 450 goto done; 451 452 outlen = ibuf_size(out); 453 454 /* Add AAD for AEAD ciphers */ 455 if (sa->sa_integr->hash_isaead) 456 cipher_aad(sa->sa_encr, ibuf_data(aad), 457 ibuf_length(aad), &outlen); 458 459 if (cipher_update(sa->sa_encr, ibuf_data(src), encrlen, 460 ibuf_data(out), &outlen) == -1) { 461 log_info("%s: error updating cipher.", __func__); 462 goto done; 463 } 464 465 if (cipher_final(sa->sa_encr) == -1) { 466 log_info("%s: encryption failed.", __func__); 467 goto done; 468 } 469 470 if (outlen && ibuf_add(dst, ibuf_data(out), outlen) != 0) 471 goto done; 472 473 if ((ptr = ibuf_advance(dst, integrlen)) == NULL) 474 goto done; 475 explicit_bzero(ptr, integrlen); 476 477 log_debug("%s: length %zu, padding %d, output length %zu", 478 __func__, len + sizeof(pad), pad, ibuf_size(dst)); 479 print_hex(ibuf_data(dst), 0, ibuf_size(dst)); 480 481 ibuf_release(src); 482 ibuf_release(out); 483 return (dst); 484 done: 485 ibuf_release(src); 486 ibuf_release(out); 487 ibuf_release(dst); 488 return (NULL); 489 } 490 491 int 492 ikev2_msg_integr(struct iked *env, struct iked_sa *sa, struct ibuf *src) 493 { 494 int ret = -1; 495 size_t integrlen, tmplen; 496 struct ibuf *integr, *tmp = NULL; 497 uint8_t *ptr; 498 499 log_debug("%s: message length %zu", __func__, ibuf_size(src)); 500 print_hex(ibuf_data(src), 0, ibuf_size(src)); 501 502 if (sa == NULL || 503 sa->sa_encr == NULL || 504 sa->sa_integr == NULL) { 505 log_debug("%s: invalid SA", __func__); 506 return (-1); 507 } 508 509 integrlen = hash_length(sa->sa_integr); 510 log_debug("%s: integrity checksum length %zu", __func__, 511 integrlen); 512 513 /* 514 * Validate packet checksum 515 */ 516 if ((tmp = ibuf_new(NULL, hash_keylength(sa->sa_integr))) == NULL) 517 goto done; 518 519 if (!sa->sa_integr->hash_isaead) { 520 if (sa->sa_hdr.sh_initiator) 521 integr = sa->sa_key_iauth; 522 else 523 integr = sa->sa_key_rauth; 524 525 hash_setkey(sa->sa_integr, ibuf_data(integr), 526 ibuf_size(integr)); 527 hash_init(sa->sa_integr); 528 hash_update(sa->sa_integr, ibuf_data(src), 529 ibuf_size(src) - integrlen); 530 hash_final(sa->sa_integr, ibuf_data(tmp), &tmplen); 531 532 if (tmplen != integrlen) { 533 log_debug("%s: hash failure", __func__); 534 goto done; 535 } 536 } else { 537 /* Append AEAD tag */ 538 if (cipher_gettag(sa->sa_encr, ibuf_data(tmp), ibuf_size(tmp))) 539 goto done; 540 } 541 542 if ((ptr = ibuf_seek(src, 543 ibuf_size(src) - integrlen, integrlen)) == NULL) 544 goto done; 545 memcpy(ptr, ibuf_data(tmp), integrlen); 546 547 print_hex(ibuf_data(tmp), 0, ibuf_size(tmp)); 548 549 ret = 0; 550 done: 551 ibuf_release(tmp); 552 553 return (ret); 554 } 555 556 struct ibuf * 557 ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa, 558 struct ibuf *msg, struct ibuf *src) 559 { 560 ssize_t ivlen, encrlen, integrlen, blocklen, 561 outlen, tmplen; 562 uint8_t pad = 0, *ptr, *integrdata; 563 struct ibuf *integr, *encr, *tmp = NULL, *out = NULL; 564 off_t ivoff, encroff, integroff; 565 566 if (sa == NULL || 567 sa->sa_encr == NULL || 568 sa->sa_integr == NULL) { 569 log_debug("%s: invalid SA", __func__); 570 print_hex(ibuf_data(src), 0, ibuf_size(src)); 571 goto done; 572 } 573 574 if (!sa->sa_hdr.sh_initiator) { 575 encr = sa->sa_key_iencr; 576 integr = sa->sa_key_iauth; 577 } else { 578 encr = sa->sa_key_rencr; 579 integr = sa->sa_key_rauth; 580 } 581 582 blocklen = cipher_length(sa->sa_encr); 583 ivlen = cipher_ivlength(sa->sa_encr); 584 ivoff = 0; 585 integrlen = hash_length(sa->sa_integr); 586 integroff = ibuf_size(src) - integrlen; 587 encroff = ivlen; 588 encrlen = ibuf_size(src) - integrlen - ivlen; 589 590 if (encrlen < 0 || integroff < 0) { 591 log_debug("%s: invalid integrity value", __func__); 592 goto done; 593 } 594 595 log_debug("%s: IV length %zd", __func__, ivlen); 596 print_hex(ibuf_data(src), 0, ivlen); 597 log_debug("%s: encrypted payload length %zd", __func__, encrlen); 598 print_hex(ibuf_data(src), encroff, encrlen); 599 log_debug("%s: integrity checksum length %zd", __func__, integrlen); 600 print_hex(ibuf_data(src), integroff, integrlen); 601 602 /* 603 * Validate packet checksum 604 */ 605 if (!sa->sa_integr->hash_isaead) { 606 if ((tmp = ibuf_new(NULL, hash_keylength(sa->sa_integr))) == NULL) 607 goto done; 608 609 hash_setkey(sa->sa_integr, integr->buf, ibuf_length(integr)); 610 hash_init(sa->sa_integr); 611 hash_update(sa->sa_integr, ibuf_data(msg), 612 ibuf_size(msg) - integrlen); 613 hash_final(sa->sa_integr, tmp->buf, &tmplen); 614 615 integrdata = ibuf_seek(src, integroff, integrlen); 616 if (integrdata == NULL) 617 goto done; 618 if (memcmp(tmp->buf, integrdata, integrlen) != 0) { 619 log_debug("%s: integrity check failed", __func__); 620 goto done; 621 } 622 623 log_debug("%s: integrity check succeeded", __func__); 624 print_hex(tmp->buf, 0, tmplen); 625 626 ibuf_release(tmp); 627 tmp = NULL; 628 } 629 630 /* 631 * Decrypt the payload and strip any padding 632 */ 633 if ((encrlen % blocklen) != 0) { 634 log_debug("%s: unaligned encrypted payload", __func__); 635 goto done; 636 } 637 638 cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr)); 639 cipher_setiv(sa->sa_encr, ibuf_data(src) + ivoff, ivlen); 640 if (cipher_init_decrypt(sa->sa_encr) == -1) { 641 log_info("%s: error initiating cipher.", __func__); 642 goto done; 643 } 644 645 /* Set AEAD tag */ 646 if (sa->sa_integr->hash_isaead) { 647 integrdata = ibuf_seek(src, integroff, integrlen); 648 if (integrdata == NULL) 649 goto done; 650 if (cipher_settag(sa->sa_encr, integrdata, integrlen)) { 651 log_info("%s: failed to set tag.", __func__); 652 goto done; 653 } 654 } 655 656 if ((out = ibuf_new(NULL, cipher_outlength(sa->sa_encr, 657 encrlen))) == NULL) 658 goto done; 659 660 /* 661 * Add additional authenticated data for AEAD ciphers 662 */ 663 if (sa->sa_integr->hash_isaead) { 664 log_debug("%s: AAD length %zu", __func__, ibuf_length(msg) - ibuf_length(src)); 665 print_hex(ibuf_data(msg), 0, ibuf_length(msg) - ibuf_length(src)); 666 cipher_aad(sa->sa_encr, ibuf_data(msg), 667 ibuf_length(msg) - ibuf_length(src), &outlen); 668 } 669 670 if ((outlen = ibuf_length(out)) != 0) { 671 if (cipher_update(sa->sa_encr, ibuf_data(src) + encroff, 672 encrlen, ibuf_data(out), &outlen) == -1) { 673 log_info("%s: error updating cipher.", __func__); 674 goto done; 675 } 676 677 ptr = ibuf_seek(out, outlen - 1, 1); 678 pad = *ptr; 679 } 680 681 if (cipher_final(sa->sa_encr) == -1) { 682 log_info("%s: decryption failed.", __func__); 683 goto done; 684 } 685 686 log_debug("%s: decrypted payload length %zd/%zd padding %d", 687 __func__, outlen, encrlen, pad); 688 print_hex(ibuf_data(out), 0, ibuf_size(out)); 689 690 /* Strip padding and padding length */ 691 if (ibuf_setsize(out, outlen - pad - 1) != 0) 692 goto done; 693 694 ibuf_release(src); 695 return (out); 696 done: 697 ibuf_release(tmp); 698 ibuf_release(out); 699 ibuf_release(src); 700 return (NULL); 701 } 702 703 int 704 ikev2_check_frag_oversize(struct iked_sa *sa, struct ibuf *buf) { 705 size_t len = ibuf_length(buf); 706 sa_family_t sa_fam; 707 size_t max; 708 size_t ivlen, integrlen, blocklen; 709 710 if (sa == NULL || 711 sa->sa_encr == NULL || 712 sa->sa_integr == NULL) { 713 log_debug("%s: invalid SA", __func__); 714 return (-1); 715 } 716 717 sa_fam = ((struct sockaddr *)&sa->sa_local.addr)->sa_family; 718 719 max = sa_fam == AF_INET ? IKEV2_MAXLEN_IPV4_FRAG 720 : IKEV2_MAXLEN_IPV6_FRAG; 721 722 blocklen = cipher_length(sa->sa_encr); 723 ivlen = cipher_ivlength(sa->sa_encr); 724 integrlen = hash_length(sa->sa_integr); 725 726 /* Estimated maximum packet size (with 0 < padding < blocklen) */ 727 return ((len + ivlen + blocklen + integrlen) >= max) && sa->sa_frag; 728 } 729 730 int 731 ikev2_msg_send_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf **ep, 732 uint8_t exchange, uint8_t firstpayload, int response) 733 { 734 struct iked_message resp; 735 struct ike_header *hdr; 736 struct ikev2_payload *pld; 737 struct ibuf *buf, *e = *ep; 738 int ret = -1; 739 740 /* Check if msg needs to be fragmented */ 741 if (ikev2_check_frag_oversize(sa, e)) { 742 return ikev2_send_encrypted_fragments(env, sa, e, exchange, 743 firstpayload, response); 744 } 745 746 if ((buf = ikev2_msg_init(env, &resp, &sa->sa_peer.addr, 747 sa->sa_peer.addr.ss_len, &sa->sa_local.addr, 748 sa->sa_local.addr.ss_len, response)) == NULL) 749 goto done; 750 751 resp.msg_msgid = response ? sa->sa_msgid_current : ikev2_msg_id(env, sa); 752 753 /* IKE header */ 754 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, IKEV2_PAYLOAD_SK, 755 exchange, response ? IKEV2_FLAG_RESPONSE : 0)) == NULL) 756 goto done; 757 758 if ((pld = ikev2_add_payload(buf)) == NULL) 759 goto done; 760 761 if (ikev2_msg_encrypt_prepare(sa, pld, buf, e, hdr, firstpayload, 0) == -1) 762 goto done; 763 764 /* Encrypt message and add as an E payload */ 765 if ((e = ikev2_msg_encrypt(env, sa, e, buf)) == NULL) { 766 log_debug("%s: encryption failed", __func__); 767 goto done; 768 } 769 if (ibuf_cat(buf, e) != 0) 770 goto done; 771 772 /* Add integrity checksum (HMAC) */ 773 if (ikev2_msg_integr(env, sa, buf) != 0) { 774 log_debug("%s: integrity checksum failed", __func__); 775 goto done; 776 } 777 778 resp.msg_data = buf; 779 resp.msg_sa = sa; 780 resp.msg_fd = sa->sa_fd; 781 TAILQ_INIT(&resp.msg_proposals); 782 783 (void)ikev2_pld_parse(env, hdr, &resp, 0); 784 785 ret = ikev2_msg_send(env, &resp); 786 787 done: 788 /* e is cleaned up by the calling function */ 789 *ep = e; 790 ikev2_msg_cleanup(env, &resp); 791 792 return (ret); 793 } 794 795 int 796 ikev2_send_encrypted_fragments(struct iked *env, struct iked_sa *sa, 797 struct ibuf *in, uint8_t exchange, uint8_t firstpayload, int response) { 798 struct iked_message resp; 799 struct ibuf *buf, *e = NULL; 800 struct ike_header *hdr; 801 struct ikev2_payload *pld; 802 struct ikev2_frag_payload *frag; 803 sa_family_t sa_fam; 804 size_t ivlen, integrlen, blocklen; 805 size_t max_len, left, offset=0; 806 size_t frag_num = 1, frag_total; 807 uint8_t *data; 808 uint32_t msgid; 809 int ret = -1; 810 811 if (sa == NULL || 812 sa->sa_encr == NULL || 813 sa->sa_integr == NULL) { 814 log_debug("%s: invalid SA", __func__); 815 ikestat_inc(env, ikes_frag_send_failures); 816 return ret; 817 } 818 819 sa_fam = ((struct sockaddr *)&sa->sa_local.addr)->sa_family; 820 821 left = ibuf_length(in); 822 823 /* Calculate max allowed size of a fragments payload */ 824 blocklen = cipher_length(sa->sa_encr); 825 ivlen = cipher_ivlength(sa->sa_encr); 826 integrlen = hash_length(sa->sa_integr); 827 max_len = (sa_fam == AF_INET ? IKEV2_MAXLEN_IPV4_FRAG 828 : IKEV2_MAXLEN_IPV6_FRAG) 829 - ivlen - blocklen - integrlen; 830 831 /* Total number of fragments to send */ 832 frag_total = (left / max_len) + 1; 833 834 msgid = response ? sa->sa_msgid_current : ikev2_msg_id(env, sa); 835 836 while (frag_num <= frag_total) { 837 if ((buf = ikev2_msg_init(env, &resp, &sa->sa_peer.addr, 838 sa->sa_peer.addr.ss_len, &sa->sa_local.addr, 839 sa->sa_local.addr.ss_len, response)) == NULL) 840 goto done; 841 842 resp.msg_msgid = msgid; 843 844 /* IKE header */ 845 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, 846 IKEV2_PAYLOAD_SKF, exchange, response ? IKEV2_FLAG_RESPONSE 847 : 0)) == NULL) 848 goto done; 849 850 /* Payload header */ 851 if ((pld = ikev2_add_payload(buf)) == NULL) 852 goto done; 853 854 /* Fragment header */ 855 if ((frag = ibuf_advance(buf, sizeof(*frag))) == NULL) { 856 log_debug("%s: failed to add SKF fragment header", 857 __func__); 858 goto done; 859 } 860 frag->frag_num = htobe16(frag_num); 861 frag->frag_total = htobe16(frag_total); 862 863 /* Encrypt message and add as an E payload */ 864 data = ibuf_seek(in, offset, 0); 865 if ((e = ibuf_new(data, MINIMUM(left, max_len))) == NULL) { 866 goto done; 867 } 868 869 if (ikev2_msg_encrypt_prepare(sa, pld, buf, e, hdr, 870 firstpayload, 1) == -1) 871 goto done; 872 873 if ((e = ikev2_msg_encrypt(env, sa, e, buf)) == NULL) { 874 log_debug("%s: encryption failed", __func__); 875 goto done; 876 } 877 if (ibuf_cat(buf, e) != 0) 878 goto done; 879 880 /* Add integrity checksum (HMAC) */ 881 if (ikev2_msg_integr(env, sa, buf) != 0) { 882 log_debug("%s: integrity checksum failed", __func__); 883 goto done; 884 } 885 886 log_debug("%s: Fragment %zu of %zu has size of %zu bytes.", 887 __func__, frag_num, frag_total, 888 ibuf_size(buf) - sizeof(*hdr)); 889 print_hex(ibuf_data(buf), 0, ibuf_size(buf)); 890 891 resp.msg_data = buf; 892 resp.msg_sa = sa; 893 resp.msg_fd = sa->sa_fd; 894 TAILQ_INIT(&resp.msg_proposals); 895 896 if (ikev2_msg_send(env, &resp) == -1) 897 goto done; 898 899 ikestat_inc(env, ikes_frag_sent); 900 901 offset += MINIMUM(left, max_len); 902 left -= MINIMUM(left, max_len); 903 frag_num++; 904 905 /* MUST be zero after first fragment */ 906 firstpayload = 0; 907 908 ikev2_msg_cleanup(env, &resp); 909 ibuf_release(e); 910 e = NULL; 911 } 912 913 return 0; 914 done: 915 ikev2_msg_cleanup(env, &resp); 916 ibuf_release(e); 917 ikestat_inc(env, ikes_frag_send_failures); 918 return ret; 919 } 920 921 struct ibuf * 922 ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response) 923 { 924 struct ibuf *authmsg = NULL, *nonce, *prfkey, *buf; 925 uint8_t *ptr; 926 struct iked_id *id; 927 size_t tmplen; 928 929 /* 930 * Create the payload to be signed/MAC'ed for AUTH 931 */ 932 933 if (!response) { 934 if ((nonce = sa->sa_rnonce) == NULL || 935 (sa->sa_iid.id_type == 0) || 936 (prfkey = sa->sa_key_iprf) == NULL || 937 (buf = sa->sa_1stmsg) == NULL) 938 return (NULL); 939 id = &sa->sa_iid; 940 } else { 941 if ((nonce = sa->sa_inonce) == NULL || 942 (sa->sa_rid.id_type == 0) || 943 (prfkey = sa->sa_key_rprf) == NULL || 944 (buf = sa->sa_2ndmsg) == NULL) 945 return (NULL); 946 id = &sa->sa_rid; 947 } 948 949 if ((authmsg = ibuf_dup(buf)) == NULL) 950 return (NULL); 951 if (ibuf_cat(authmsg, nonce) != 0) 952 goto fail; 953 954 if ((hash_setkey(sa->sa_prf, ibuf_data(prfkey), 955 ibuf_size(prfkey))) == NULL) 956 goto fail; 957 958 /* require non-truncating hash */ 959 if (hash_keylength(sa->sa_prf) != hash_length(sa->sa_prf)) 960 goto fail; 961 962 if ((ptr = ibuf_advance(authmsg, hash_keylength(sa->sa_prf))) == NULL) 963 goto fail; 964 965 hash_init(sa->sa_prf); 966 hash_update(sa->sa_prf, ibuf_data(id->id_buf), ibuf_size(id->id_buf)); 967 hash_final(sa->sa_prf, ptr, &tmplen); 968 969 if (tmplen != hash_length(sa->sa_prf)) 970 goto fail; 971 972 log_debug("%s: %s auth data length %zu", 973 __func__, response ? "responder" : "initiator", 974 ibuf_size(authmsg)); 975 print_hex(ibuf_data(authmsg), 0, ibuf_size(authmsg)); 976 977 return (authmsg); 978 979 fail: 980 ibuf_release(authmsg); 981 return (NULL); 982 } 983 984 int 985 ikev2_msg_authverify(struct iked *env, struct iked_sa *sa, 986 struct iked_auth *auth, uint8_t *buf, size_t len, struct ibuf *authmsg) 987 { 988 uint8_t *key, *psk = NULL; 989 ssize_t keylen; 990 struct iked_id *id; 991 struct iked_dsa *dsa = NULL; 992 int ret = -1; 993 uint8_t keytype; 994 995 if (sa->sa_hdr.sh_initiator) 996 id = &sa->sa_rcert; 997 else 998 id = &sa->sa_icert; 999 1000 if ((dsa = dsa_verify_new(auth->auth_method, sa->sa_prf)) == NULL) { 1001 log_debug("%s: invalid auth method", __func__); 1002 return (-1); 1003 } 1004 1005 switch (auth->auth_method) { 1006 case IKEV2_AUTH_SHARED_KEY_MIC: 1007 if (!auth->auth_length) { 1008 log_debug("%s: no pre-shared key found", __func__); 1009 goto done; 1010 } 1011 if ((keylen = ikev2_psk(sa, auth->auth_data, 1012 auth->auth_length, &psk)) == -1) { 1013 log_debug("%s: failed to get PSK", __func__); 1014 goto done; 1015 } 1016 key = psk; 1017 keytype = 0; 1018 break; 1019 default: 1020 if (!id->id_type || !ibuf_length(id->id_buf)) { 1021 log_debug("%s: no cert found", __func__); 1022 goto done; 1023 } 1024 key = ibuf_data(id->id_buf); 1025 keylen = ibuf_size(id->id_buf); 1026 keytype = id->id_type; 1027 break; 1028 } 1029 1030 log_debug("%s: method %s keylen %zd type %s", __func__, 1031 print_map(auth->auth_method, ikev2_auth_map), keylen, 1032 print_map(id->id_type, ikev2_cert_map)); 1033 1034 if (dsa_setkey(dsa, key, keylen, keytype) == NULL || 1035 dsa_init(dsa, buf, len) != 0 || 1036 dsa_update(dsa, ibuf_data(authmsg), ibuf_size(authmsg))) { 1037 log_debug("%s: failed to compute digital signature", __func__); 1038 goto done; 1039 } 1040 1041 if ((ret = dsa_verify_final(dsa, buf, len)) == 0) { 1042 log_debug("%s: authentication successful", __func__); 1043 sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); 1044 sa_stateflags(sa, IKED_REQ_AUTHVALID); 1045 } else { 1046 log_debug("%s: authentication failed", __func__); 1047 sa_state(env, sa, IKEV2_STATE_AUTH_REQUEST); 1048 } 1049 1050 done: 1051 free(psk); 1052 dsa_free(dsa); 1053 1054 return (ret); 1055 } 1056 1057 int 1058 ikev2_msg_authsign(struct iked *env, struct iked_sa *sa, 1059 struct iked_auth *auth, struct ibuf *authmsg) 1060 { 1061 uint8_t *key, *psk = NULL; 1062 ssize_t keylen, siglen; 1063 struct iked_hash *prf = sa->sa_prf; 1064 struct iked_id *id; 1065 struct iked_dsa *dsa = NULL; 1066 struct ibuf *buf; 1067 int ret = -1; 1068 uint8_t keytype; 1069 1070 if (sa->sa_hdr.sh_initiator) 1071 id = &sa->sa_icert; 1072 else 1073 id = &sa->sa_rcert; 1074 1075 if ((dsa = dsa_sign_new(auth->auth_method, prf)) == NULL) { 1076 log_debug("%s: invalid auth method", __func__); 1077 return (-1); 1078 } 1079 1080 switch (auth->auth_method) { 1081 case IKEV2_AUTH_SHARED_KEY_MIC: 1082 if (!auth->auth_length) { 1083 log_debug("%s: no pre-shared key found", __func__); 1084 goto done; 1085 } 1086 if ((keylen = ikev2_psk(sa, auth->auth_data, 1087 auth->auth_length, &psk)) == -1) { 1088 log_debug("%s: failed to get PSK", __func__); 1089 goto done; 1090 } 1091 key = psk; 1092 keytype = 0; 1093 break; 1094 default: 1095 if (id == NULL) { 1096 log_debug("%s: no cert found", __func__); 1097 goto done; 1098 } 1099 key = ibuf_data(id->id_buf); 1100 keylen = ibuf_size(id->id_buf); 1101 keytype = id->id_type; 1102 break; 1103 } 1104 1105 if (dsa_setkey(dsa, key, keylen, keytype) == NULL || 1106 dsa_init(dsa, NULL, 0) != 0 || 1107 dsa_update(dsa, ibuf_data(authmsg), ibuf_size(authmsg))) { 1108 log_debug("%s: failed to compute digital signature", __func__); 1109 goto done; 1110 } 1111 1112 ibuf_release(sa->sa_localauth.id_buf); 1113 sa->sa_localauth.id_buf = NULL; 1114 1115 if ((buf = ibuf_new(NULL, dsa_length(dsa))) == NULL) { 1116 log_debug("%s: failed to get auth buffer", __func__); 1117 goto done; 1118 } 1119 1120 if ((siglen = dsa_sign_final(dsa, 1121 ibuf_data(buf), ibuf_size(buf))) < 0) { 1122 log_debug("%s: failed to create auth signature", __func__); 1123 ibuf_release(buf); 1124 goto done; 1125 } 1126 1127 if (ibuf_setsize(buf, siglen) < 0) { 1128 log_debug("%s: failed to set auth signature size to %zd", 1129 __func__, siglen); 1130 ibuf_release(buf); 1131 goto done; 1132 } 1133 1134 sa->sa_localauth.id_type = auth->auth_method; 1135 sa->sa_localauth.id_buf = buf; 1136 1137 ret = 0; 1138 done: 1139 free(psk); 1140 dsa_free(dsa); 1141 1142 return (ret); 1143 } 1144 1145 int 1146 ikev2_msg_frompeer(struct iked_message *msg) 1147 { 1148 struct iked_sa *sa = msg->msg_sa; 1149 struct ike_header *hdr; 1150 1151 msg = msg->msg_parent; 1152 1153 if (sa == NULL || 1154 (hdr = ibuf_seek(msg->msg_data, 0, sizeof(*hdr))) == NULL) 1155 return (0); 1156 1157 if (!sa->sa_hdr.sh_initiator && 1158 (hdr->ike_flags & IKEV2_FLAG_INITIATOR)) 1159 return (1); 1160 else if (sa->sa_hdr.sh_initiator && 1161 (hdr->ike_flags & IKEV2_FLAG_INITIATOR) == 0) 1162 return (1); 1163 1164 return (0); 1165 } 1166 1167 struct iked_socket * 1168 ikev2_msg_getsocket(struct iked *env, int af, int natt) 1169 { 1170 switch (af) { 1171 case AF_INET: 1172 return (env->sc_sock4[natt ? 1 : 0]); 1173 case AF_INET6: 1174 return (env->sc_sock6[natt ? 1 : 0]); 1175 } 1176 1177 log_debug("%s: af socket %d not available", __func__, af); 1178 return (NULL); 1179 } 1180 1181 int 1182 ikev2_msg_enqueue(struct iked *env, struct iked_msgqueue *queue, 1183 struct iked_message *msg, int timeout) 1184 { 1185 struct iked_msg_retransmit *mr; 1186 1187 if ((mr = ikev2_msg_lookup(env, queue, msg, msg->msg_exchange)) == 1188 NULL) { 1189 if ((mr = calloc(1, sizeof(*mr))) == NULL) 1190 return (-1); 1191 TAILQ_INIT(&mr->mrt_frags); 1192 mr->mrt_tries = 0; 1193 1194 timer_set(env, &mr->mrt_timer, msg->msg_response ? 1195 ikev2_msg_response_timeout : ikev2_msg_retransmit_timeout, 1196 mr); 1197 timer_add(env, &mr->mrt_timer, timeout); 1198 1199 TAILQ_INSERT_TAIL(queue, mr, mrt_entry); 1200 } 1201 1202 TAILQ_INSERT_TAIL(&mr->mrt_frags, msg, msg_entry); 1203 1204 return 0; 1205 } 1206 1207 void 1208 ikev2_msg_prevail(struct iked *env, struct iked_msgqueue *queue, 1209 struct iked_message *msg) 1210 { 1211 struct iked_msg_retransmit *mr, *mrtmp; 1212 1213 TAILQ_FOREACH_SAFE(mr, queue, mrt_entry, mrtmp) { 1214 if (TAILQ_FIRST(&mr->mrt_frags)->msg_msgid < msg->msg_msgid) 1215 ikev2_msg_dispose(env, queue, mr); 1216 } 1217 } 1218 1219 void 1220 ikev2_msg_dispose(struct iked *env, struct iked_msgqueue *queue, 1221 struct iked_msg_retransmit *mr) 1222 { 1223 struct iked_message *m; 1224 1225 while ((m = TAILQ_FIRST(&mr->mrt_frags)) != NULL) { 1226 TAILQ_REMOVE(&mr->mrt_frags, m, msg_entry); 1227 ikev2_msg_cleanup(env, m); 1228 free(m); 1229 } 1230 1231 timer_del(env, &mr->mrt_timer); 1232 TAILQ_REMOVE(queue, mr, mrt_entry); 1233 free(mr); 1234 } 1235 1236 void 1237 ikev2_msg_flushqueue(struct iked *env, struct iked_msgqueue *queue) 1238 { 1239 struct iked_msg_retransmit *mr = NULL; 1240 1241 while ((mr = TAILQ_FIRST(queue)) != NULL) 1242 ikev2_msg_dispose(env, queue, mr); 1243 } 1244 1245 struct iked_msg_retransmit * 1246 ikev2_msg_lookup(struct iked *env, struct iked_msgqueue *queue, 1247 struct iked_message *msg, uint8_t exchange) 1248 { 1249 struct iked_msg_retransmit *mr = NULL; 1250 1251 TAILQ_FOREACH(mr, queue, mrt_entry) { 1252 if (TAILQ_FIRST(&mr->mrt_frags)->msg_msgid == 1253 msg->msg_msgid && 1254 TAILQ_FIRST(&mr->mrt_frags)->msg_exchange == exchange) 1255 break; 1256 } 1257 1258 return (mr); 1259 } 1260 1261 int 1262 ikev2_msg_retransmit_response(struct iked *env, struct iked_sa *sa, 1263 struct iked_message *msg, uint8_t exchange) 1264 { 1265 struct iked_msg_retransmit *mr = NULL; 1266 struct iked_message *m = NULL; 1267 1268 if ((mr = ikev2_msg_lookup(env, &sa->sa_responses, msg, exchange)) 1269 == NULL) 1270 return (-2); /* not found */ 1271 1272 TAILQ_FOREACH(m, &mr->mrt_frags, msg_entry) { 1273 if (sendtofrom(m->msg_fd, ibuf_data(m->msg_data), 1274 ibuf_size(m->msg_data), 0, 1275 (struct sockaddr *)&m->msg_peer, m->msg_peerlen, 1276 (struct sockaddr *)&m->msg_local, m->msg_locallen) == -1) { 1277 log_warn("%s: sendtofrom", __func__); 1278 ikestat_inc(env, ikes_msg_send_failures); 1279 return (-1); 1280 } 1281 log_info("%sretransmit %s res %u local %s peer %s", 1282 SPI_SA(sa, NULL), 1283 print_map(exchange, ikev2_exchange_map), 1284 m->msg_msgid, 1285 print_host((struct sockaddr *)&m->msg_local, NULL, 0), 1286 print_host((struct sockaddr *)&m->msg_peer, NULL, 0)); 1287 } 1288 1289 timer_add(env, &mr->mrt_timer, IKED_RESPONSE_TIMEOUT); 1290 ikestat_inc(env, ikes_retransmit_response); 1291 return (0); 1292 } 1293 1294 void 1295 ikev2_msg_response_timeout(struct iked *env, void *arg) 1296 { 1297 struct iked_msg_retransmit *mr = arg; 1298 struct iked_sa *sa; 1299 1300 sa = TAILQ_FIRST(&mr->mrt_frags)->msg_sa; 1301 ikev2_msg_dispose(env, &sa->sa_responses, mr); 1302 } 1303 1304 void 1305 ikev2_msg_retransmit_timeout(struct iked *env, void *arg) 1306 { 1307 struct iked_msg_retransmit *mr = arg; 1308 struct iked_message *msg = TAILQ_FIRST(&mr->mrt_frags); 1309 struct iked_sa *sa = msg->msg_sa; 1310 1311 if (mr->mrt_tries < IKED_RETRANSMIT_TRIES) { 1312 TAILQ_FOREACH(msg, &mr->mrt_frags, msg_entry) { 1313 if (sendtofrom(msg->msg_fd, ibuf_data(msg->msg_data), 1314 ibuf_size(msg->msg_data), 0, 1315 (struct sockaddr *)&msg->msg_peer, msg->msg_peerlen, 1316 (struct sockaddr *)&msg->msg_local, 1317 msg->msg_locallen) == -1) { 1318 log_warn("%s: sendtofrom", __func__); 1319 ikev2_ike_sa_setreason(sa, "retransmit failed"); 1320 sa_free(env, sa); 1321 ikestat_inc(env, ikes_msg_send_failures); 1322 return; 1323 } 1324 log_info("%sretransmit %d %s req %u peer %s " 1325 "local %s", SPI_SA(sa, NULL), mr->mrt_tries + 1, 1326 print_map(msg->msg_exchange, ikev2_exchange_map), 1327 msg->msg_msgid, 1328 print_host((struct sockaddr *)&msg->msg_peer, NULL, 0), 1329 print_host((struct sockaddr *)&msg->msg_local, NULL, 0)); 1330 } 1331 /* Exponential timeout */ 1332 timer_add(env, &mr->mrt_timer, 1333 IKED_RETRANSMIT_TIMEOUT * (2 << (mr->mrt_tries++))); 1334 ikestat_inc(env, ikes_retransmit_request); 1335 } else { 1336 log_debug("%s: retransmit limit reached for req %u", 1337 __func__, msg->msg_msgid); 1338 ikev2_ike_sa_setreason(sa, "retransmit limit reached"); 1339 ikestat_inc(env, ikes_retransmit_limit); 1340 sa_free(env, sa); 1341 } 1342 } 1343