1 /* $OpenBSD: ikev2_pld.c,v 1.103 2020/10/09 08:59:16 tobhe Exp $ */ 2 3 /* 4 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> 5 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 6 * Copyright (c) 2014 Hans-Joerg Hoexer 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #include <sys/queue.h> 22 #include <sys/socket.h> 23 #include <sys/uio.h> 24 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 28 #include <stdlib.h> 29 #include <stdio.h> 30 #include <unistd.h> 31 #include <string.h> 32 #include <signal.h> 33 #include <errno.h> 34 #include <err.h> 35 #include <event.h> 36 37 #include <openssl/sha.h> 38 #include <openssl/evp.h> 39 40 #include "iked.h" 41 #include "ikev2.h" 42 #include "eap.h" 43 #include "dh.h" 44 45 int ikev2_validate_pld(struct iked_message *, size_t, size_t, 46 struct ikev2_payload *); 47 int ikev2_pld_payloads(struct iked *, struct iked_message *, 48 size_t, size_t, unsigned int); 49 int ikev2_validate_sa(struct iked_message *, size_t, size_t, 50 struct ikev2_sa_proposal *); 51 int ikev2_pld_sa(struct iked *, struct ikev2_payload *, 52 struct iked_message *, size_t, size_t); 53 int ikev2_validate_xform(struct iked_message *, size_t, size_t, 54 struct ikev2_transform *); 55 int ikev2_pld_xform(struct iked *, struct iked_message *, 56 size_t, size_t); 57 int ikev2_validate_attr(struct iked_message *, size_t, size_t, 58 struct ikev2_attribute *); 59 int ikev2_pld_attr(struct iked *, struct ikev2_transform *, 60 struct iked_message *, size_t, size_t); 61 int ikev2_validate_ke(struct iked_message *, size_t, size_t, 62 struct ikev2_keyexchange *); 63 int ikev2_pld_ke(struct iked *, struct ikev2_payload *, 64 struct iked_message *, size_t, size_t); 65 int ikev2_validate_id(struct iked_message *, size_t, size_t, 66 struct ikev2_id *); 67 int ikev2_pld_id(struct iked *, struct ikev2_payload *, 68 struct iked_message *, size_t, size_t, unsigned int); 69 int ikev2_validate_cert(struct iked_message *, size_t, size_t, 70 struct ikev2_cert *); 71 int ikev2_pld_cert(struct iked *, struct ikev2_payload *, 72 struct iked_message *, size_t, size_t); 73 int ikev2_validate_certreq(struct iked_message *, size_t, size_t, 74 struct ikev2_cert *); 75 int ikev2_pld_certreq(struct iked *, struct ikev2_payload *, 76 struct iked_message *, size_t, size_t); 77 int ikev2_pld_nonce(struct iked *, struct ikev2_payload *, 78 struct iked_message *, size_t, size_t); 79 int ikev2_validate_notify(struct iked_message *, size_t, size_t, 80 struct ikev2_notify *); 81 int ikev2_pld_notify(struct iked *, struct ikev2_payload *, 82 struct iked_message *, size_t, size_t); 83 int ikev2_validate_delete(struct iked_message *, size_t, size_t, 84 struct ikev2_delete *); 85 int ikev2_pld_delete(struct iked *, struct ikev2_payload *, 86 struct iked_message *, size_t, size_t); 87 int ikev2_validate_tss(struct iked_message *, size_t, size_t, 88 struct ikev2_tsp *); 89 int ikev2_pld_tss(struct iked *, struct ikev2_payload *, 90 struct iked_message *, size_t, size_t); 91 int ikev2_validate_ts(struct iked_message *, size_t, size_t, 92 struct ikev2_ts *); 93 int ikev2_pld_ts(struct iked *, struct ikev2_payload *, 94 struct iked_message *, size_t, size_t, unsigned int); 95 int ikev2_validate_auth(struct iked_message *, size_t, size_t, 96 struct ikev2_auth *); 97 int ikev2_pld_auth(struct iked *, struct ikev2_payload *, 98 struct iked_message *, size_t, size_t); 99 int ikev2_pld_e(struct iked *, struct ikev2_payload *, 100 struct iked_message *, size_t, size_t); 101 int ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld, 102 struct iked_message *msg, size_t offset, size_t left); 103 int ikev2_frags_reassemble(struct iked *env, 104 struct ikev2_payload *pld, struct iked_message *msg); 105 int ikev2_validate_cp(struct iked_message *, size_t, size_t, 106 struct ikev2_cp *); 107 int ikev2_pld_cp(struct iked *, struct ikev2_payload *, 108 struct iked_message *, size_t, size_t); 109 int ikev2_validate_eap(struct iked_message *, size_t, size_t, 110 struct eap_header *); 111 int ikev2_pld_eap(struct iked *, struct ikev2_payload *, 112 struct iked_message *, size_t, size_t); 113 114 int 115 ikev2_pld_parse(struct iked *env, struct ike_header *hdr, 116 struct iked_message *msg, size_t offset) 117 { 118 log_debug("%s: header ispi %s rspi %s" 119 " nextpayload %s version 0x%02x exchange %s flags 0x%02x" 120 " msgid %d length %u response %d", __func__, 121 print_spi(betoh64(hdr->ike_ispi), 8), 122 print_spi(betoh64(hdr->ike_rspi), 8), 123 print_map(hdr->ike_nextpayload, ikev2_payload_map), 124 hdr->ike_version, 125 print_map(hdr->ike_exchange, ikev2_exchange_map), 126 hdr->ike_flags, 127 betoh32(hdr->ike_msgid), 128 betoh32(hdr->ike_length), 129 msg->msg_response); 130 131 if (ibuf_size(msg->msg_data) < betoh32(hdr->ike_length)) { 132 log_debug("%s: short message", __func__); 133 return (-1); 134 } 135 136 offset += sizeof(*hdr); 137 138 return (ikev2_pld_payloads(env, msg, offset, 139 betoh32(hdr->ike_length), hdr->ike_nextpayload)); 140 } 141 142 int 143 ikev2_validate_pld(struct iked_message *msg, size_t offset, size_t left, 144 struct ikev2_payload *pld) 145 { 146 uint8_t *msgbuf = ibuf_data(msg->msg_data); 147 size_t pld_length; 148 149 /* We need at least the generic header. */ 150 if (left < sizeof(*pld)) { 151 log_debug("%s: malformed payload: too short for generic " 152 "header (%zu < %zu)", __func__, left, sizeof(*pld)); 153 return (-1); 154 } 155 memcpy(pld, msgbuf + offset, sizeof(*pld)); 156 157 /* 158 * We need at least the specified number of bytes. 159 * pld_length is the full size of the payload including 160 * the generic payload header. 161 */ 162 pld_length = betoh16(pld->pld_length); 163 if (left < pld_length) { 164 log_debug("%s: malformed payload: shorter than specified " 165 "(%zu < %zu)", __func__, left, pld_length); 166 return (-1); 167 } 168 /* 169 * Sanity check the specified payload size, it must 170 * be at last the size of the generic payload header. 171 */ 172 if (pld_length < sizeof(*pld)) { 173 log_debug("%s: malformed payload: shorter than minimum " 174 "header size (%zu < %zu)", __func__, pld_length, 175 sizeof(*pld)); 176 return (-1); 177 } 178 179 return (0); 180 } 181 182 int 183 ikev2_pld_payloads(struct iked *env, struct iked_message *msg, 184 size_t offset, size_t length, unsigned int payload) 185 { 186 struct ikev2_payload pld; 187 unsigned int e; 188 int ret; 189 uint8_t *msgbuf = ibuf_data(msg->msg_data); 190 size_t total, left; 191 192 /* Check if message was decrypted in an E payload */ 193 e = msg->msg_e ? IKED_E : 0; 194 195 /* Bytes left in datagram. */ 196 total = length - offset; 197 198 while (payload != 0 && offset < length) { 199 if (ikev2_validate_pld(msg, offset, total, &pld)) 200 return (-1); 201 202 log_debug("%s: %spayload %s" 203 " nextpayload %s critical 0x%02x length %d", 204 __func__, e ? "decrypted " : "", 205 print_map(payload, ikev2_payload_map), 206 print_map(pld.pld_nextpayload, ikev2_payload_map), 207 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD, 208 betoh16(pld.pld_length)); 209 210 /* Skip over generic payload header. */ 211 offset += sizeof(pld); 212 total -= sizeof(pld); 213 left = betoh16(pld.pld_length) - sizeof(pld); 214 ret = 0; 215 216 switch (payload | e) { 217 case IKEV2_PAYLOAD_SA: 218 case IKEV2_PAYLOAD_SA | IKED_E: 219 ret = ikev2_pld_sa(env, &pld, msg, offset, left); 220 break; 221 case IKEV2_PAYLOAD_KE: 222 case IKEV2_PAYLOAD_KE | IKED_E: 223 ret = ikev2_pld_ke(env, &pld, msg, offset, left); 224 break; 225 case IKEV2_PAYLOAD_IDi | IKED_E: 226 case IKEV2_PAYLOAD_IDr | IKED_E: 227 ret = ikev2_pld_id(env, &pld, msg, offset, left, 228 payload); 229 break; 230 case IKEV2_PAYLOAD_CERT | IKED_E: 231 ret = ikev2_pld_cert(env, &pld, msg, offset, left); 232 break; 233 case IKEV2_PAYLOAD_CERTREQ: 234 case IKEV2_PAYLOAD_CERTREQ | IKED_E: 235 ret = ikev2_pld_certreq(env, &pld, msg, offset, left); 236 break; 237 case IKEV2_PAYLOAD_AUTH | IKED_E: 238 ret = ikev2_pld_auth(env, &pld, msg, offset, left); 239 break; 240 case IKEV2_PAYLOAD_NONCE: 241 case IKEV2_PAYLOAD_NONCE | IKED_E: 242 ret = ikev2_pld_nonce(env, &pld, msg, offset, left); 243 break; 244 case IKEV2_PAYLOAD_NOTIFY: 245 case IKEV2_PAYLOAD_NOTIFY | IKED_E: 246 ret = ikev2_pld_notify(env, &pld, msg, offset, left); 247 break; 248 case IKEV2_PAYLOAD_DELETE | IKED_E: 249 ret = ikev2_pld_delete(env, &pld, msg, offset, left); 250 break; 251 case IKEV2_PAYLOAD_TSi | IKED_E: 252 case IKEV2_PAYLOAD_TSr | IKED_E: 253 ret = ikev2_pld_tss(env, &pld, msg, offset, left); 254 break; 255 case IKEV2_PAYLOAD_SK: 256 ret = ikev2_pld_e(env, &pld, msg, offset, left); 257 break; 258 case IKEV2_PAYLOAD_SKF: 259 ret = ikev2_pld_ef(env, &pld, msg, offset, left); 260 break; 261 case IKEV2_PAYLOAD_CP | IKED_E: 262 ret = ikev2_pld_cp(env, &pld, msg, offset, left); 263 break; 264 case IKEV2_PAYLOAD_EAP | IKED_E: 265 ret = ikev2_pld_eap(env, &pld, msg, offset, left); 266 break; 267 default: 268 print_hex(msgbuf, offset, 269 betoh16(pld.pld_length) - sizeof(pld)); 270 break; 271 } 272 273 if (ret != 0 && ikev2_msg_frompeer(msg)) { 274 (void)ikev2_send_informational(env, msg); 275 return (-1); 276 } 277 278 /* Encrypted payloads must appear last */ 279 if ((payload == IKEV2_PAYLOAD_SK) || 280 (payload == IKEV2_PAYLOAD_SKF)) 281 return (0); 282 283 payload = pld.pld_nextpayload; 284 offset += left; 285 total -= left; 286 } 287 288 return (0); 289 } 290 291 int 292 ikev2_validate_sa(struct iked_message *msg, size_t offset, size_t left, 293 struct ikev2_sa_proposal *sap) 294 { 295 uint8_t *msgbuf = ibuf_data(msg->msg_data); 296 size_t sap_length; 297 298 if (left < sizeof(*sap)) { 299 log_debug("%s: malformed payload: too short for header " 300 "(%zu < %zu)", __func__, left, sizeof(*sap)); 301 return (-1); 302 } 303 memcpy(sap, msgbuf + offset, sizeof(*sap)); 304 305 sap_length = betoh16(sap->sap_length); 306 if (sap_length < sizeof(*sap)) { 307 log_debug("%s: malformed payload: shorter than minimum header " 308 "size (%zu < %zu)", __func__, sap_length, sizeof(*sap)); 309 return (-1); 310 } 311 if (left < sap_length) { 312 log_debug("%s: malformed payload: too long for actual payload " 313 "size (%zu < %zu)", __func__, left, sap_length); 314 return (-1); 315 } 316 /* 317 * If there is only one proposal, sap_length must be the 318 * total payload size. 319 */ 320 if (!sap->sap_more && left != sap_length) { 321 log_debug("%s: malformed payload: SA payload length mismatches " 322 "single proposal substructure length (%lu != %zu)", 323 __func__, left, sap_length); 324 return (-1); 325 } 326 /* 327 * If there are more than one proposal, there must be bytes 328 * left in the payload. 329 */ 330 if (sap->sap_more && left <= sap_length) { 331 log_debug("%s: malformed payload: SA payload too small for " 332 "further proposals (%zu <= %zu)", __func__, 333 left, sap_length); 334 return (-1); 335 } 336 return (0); 337 } 338 339 int 340 ikev2_pld_sa(struct iked *env, struct ikev2_payload *pld, 341 struct iked_message *msg, size_t offset, size_t left) 342 { 343 struct ikev2_sa_proposal sap; 344 struct iked_proposal *prop = NULL; 345 uint32_t spi32; 346 uint64_t spi = 0, spi64; 347 uint8_t *msgbuf = ibuf_data(msg->msg_data); 348 struct iked_proposals *props; 349 size_t total; 350 351 do { 352 if (ikev2_validate_sa(msg, offset, left, &sap)) 353 return (-1); 354 355 /* Assumed size of the first proposals, including SPI if present. */ 356 total = (betoh16(sap.sap_length) - sizeof(sap)); 357 358 props = &msg->msg_parent->msg_proposals; 359 360 offset += sizeof(sap); 361 left -= sizeof(sap); 362 363 if (sap.sap_spisize) { 364 if (left < sap.sap_spisize) { 365 log_debug("%s: malformed payload: SPI larger than " 366 "actual payload (%zu < %d)", __func__, left, 367 sap.sap_spisize); 368 return (-1); 369 } 370 if (total < sap.sap_spisize) { 371 log_debug("%s: malformed payload: SPI larger than " 372 "proposal (%zu < %d)", __func__, total, 373 sap.sap_spisize); 374 return (-1); 375 } 376 switch (sap.sap_spisize) { 377 case 4: 378 memcpy(&spi32, msgbuf + offset, 4); 379 spi = betoh32(spi32); 380 break; 381 case 8: 382 memcpy(&spi64, msgbuf + offset, 8); 383 spi = betoh64(spi64); 384 break; 385 default: 386 log_debug("%s: unsupported SPI size %d", 387 __func__, sap.sap_spisize); 388 return (-1); 389 } 390 391 offset += sap.sap_spisize; 392 left -= sap.sap_spisize; 393 394 /* Assumed size of the proposal, now without SPI. */ 395 total -= sap.sap_spisize; 396 } 397 398 /* 399 * As we verified sanity of packet headers, this check will 400 * be always false, but just to be sure we keep it. 401 */ 402 if (left < total) { 403 log_debug("%s: malformed payload: too long for payload " 404 "(%zu < %zu)", __func__, left, total); 405 return (-1); 406 } 407 408 log_debug("%s: more %d reserved %d length %d" 409 " proposal #%d protoid %s spisize %d xforms %d spi %s", 410 __func__, sap.sap_more, sap.sap_reserved, 411 betoh16(sap.sap_length), sap.sap_proposalnr, 412 print_map(sap.sap_protoid, ikev2_saproto_map), sap.sap_spisize, 413 sap.sap_transforms, print_spi(spi, sap.sap_spisize)); 414 415 if (ikev2_msg_frompeer(msg)) { 416 if ((msg->msg_parent->msg_prop = config_add_proposal(props, 417 sap.sap_proposalnr, sap.sap_protoid)) == NULL) { 418 log_debug("%s: invalid proposal", __func__); 419 return (-1); 420 } 421 prop = msg->msg_parent->msg_prop; 422 prop->prop_peerspi.spi = spi; 423 prop->prop_peerspi.spi_protoid = sap.sap_protoid; 424 prop->prop_peerspi.spi_size = sap.sap_spisize; 425 426 prop->prop_localspi.spi_protoid = sap.sap_protoid; 427 prop->prop_localspi.spi_size = sap.sap_spisize; 428 } 429 430 /* 431 * Parse the attached transforms 432 */ 433 if (sap.sap_transforms && 434 ikev2_pld_xform(env, msg, offset, total) != 0) { 435 log_debug("%s: invalid proposal transforms", __func__); 436 return (-1); 437 } 438 439 offset += total; 440 left -= total; 441 } while (sap.sap_more); 442 443 return (0); 444 } 445 446 int 447 ikev2_validate_xform(struct iked_message *msg, size_t offset, size_t total, 448 struct ikev2_transform *xfrm) 449 { 450 uint8_t *msgbuf = ibuf_data(msg->msg_data); 451 size_t xfrm_length; 452 453 if (total < sizeof(*xfrm)) { 454 log_debug("%s: malformed payload: too short for header " 455 "(%zu < %zu)", __func__, total, sizeof(*xfrm)); 456 return (-1); 457 } 458 memcpy(xfrm, msgbuf + offset, sizeof(*xfrm)); 459 460 xfrm_length = betoh16(xfrm->xfrm_length); 461 if (xfrm_length < sizeof(*xfrm)) { 462 log_debug("%s: malformed payload: shorter than minimum header " 463 "size (%zu < %zu)", __func__, xfrm_length, sizeof(*xfrm)); 464 return (-1); 465 } 466 if (total < xfrm_length) { 467 log_debug("%s: malformed payload: too long for payload size " 468 "(%zu < %zu)", __func__, total, xfrm_length); 469 return (-1); 470 } 471 472 return (0); 473 } 474 475 int 476 ikev2_pld_xform(struct iked *env, struct iked_message *msg, 477 size_t offset, size_t total) 478 { 479 struct ikev2_transform xfrm; 480 char id[BUFSIZ]; 481 int ret = 0; 482 size_t xfrm_length; 483 484 if (ikev2_validate_xform(msg, offset, total, &xfrm)) 485 return (-1); 486 487 xfrm_length = betoh16(xfrm.xfrm_length); 488 489 switch (xfrm.xfrm_type) { 490 case IKEV2_XFORMTYPE_ENCR: 491 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 492 ikev2_xformencr_map), sizeof(id)); 493 break; 494 case IKEV2_XFORMTYPE_PRF: 495 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 496 ikev2_xformprf_map), sizeof(id)); 497 break; 498 case IKEV2_XFORMTYPE_INTEGR: 499 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 500 ikev2_xformauth_map), sizeof(id)); 501 break; 502 case IKEV2_XFORMTYPE_DH: 503 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 504 ikev2_xformdh_map), sizeof(id)); 505 break; 506 case IKEV2_XFORMTYPE_ESN: 507 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 508 ikev2_xformesn_map), sizeof(id)); 509 break; 510 default: 511 snprintf(id, sizeof(id), "<%d>", betoh16(xfrm.xfrm_id)); 512 break; 513 } 514 515 log_debug("%s: more %d reserved %d length %zu" 516 " type %s id %s", 517 __func__, xfrm.xfrm_more, xfrm.xfrm_reserved, xfrm_length, 518 print_map(xfrm.xfrm_type, ikev2_xformtype_map), id); 519 520 /* 521 * Parse transform attributes, if available 522 */ 523 msg->msg_attrlength = 0; 524 if (xfrm_length > sizeof(xfrm)) { 525 if (ikev2_pld_attr(env, &xfrm, msg, offset + sizeof(xfrm), 526 xfrm_length - sizeof(xfrm)) != 0) { 527 return (-1); 528 } 529 } 530 531 if (ikev2_msg_frompeer(msg)) { 532 if (config_add_transform(msg->msg_parent->msg_prop, 533 xfrm.xfrm_type, betoh16(xfrm.xfrm_id), 534 msg->msg_attrlength, msg->msg_attrlength) == NULL) { 535 log_debug("%s: failed to add transform", __func__); 536 return (-1); 537 } 538 } 539 540 /* Next transform */ 541 offset += xfrm_length; 542 total -= xfrm_length; 543 if (xfrm.xfrm_more == IKEV2_XFORM_MORE) 544 ret = ikev2_pld_xform(env, msg, offset, total); 545 else if (total != 0) { 546 /* No more transforms but still some data left. */ 547 log_debug("%s: less data than specified, %zu bytes left", 548 __func__, total); 549 ret = -1; 550 } 551 552 return (ret); 553 } 554 555 int 556 ikev2_validate_attr(struct iked_message *msg, size_t offset, size_t total, 557 struct ikev2_attribute *attr) 558 { 559 uint8_t *msgbuf = ibuf_data(msg->msg_data); 560 561 if (total < sizeof(*attr)) { 562 log_debug("%s: malformed payload: too short for header " 563 "(%zu < %zu)", __func__, total, sizeof(*attr)); 564 return (-1); 565 } 566 memcpy(attr, msgbuf + offset, sizeof(*attr)); 567 568 return (0); 569 } 570 571 int 572 ikev2_pld_attr(struct iked *env, struct ikev2_transform *xfrm, 573 struct iked_message *msg, size_t offset, size_t total) 574 { 575 struct ikev2_attribute attr; 576 unsigned int type; 577 uint8_t *msgbuf = ibuf_data(msg->msg_data); 578 int ret = 0; 579 size_t attr_length; 580 581 if (ikev2_validate_attr(msg, offset, total, &attr)) 582 return (-1); 583 584 type = betoh16(attr.attr_type) & ~IKEV2_ATTRAF_TV; 585 586 log_debug("%s: attribute type %s length %d total %zu", 587 __func__, print_map(type, ikev2_attrtype_map), 588 betoh16(attr.attr_length), total); 589 590 if (betoh16(attr.attr_type) & IKEV2_ATTRAF_TV) { 591 /* Type-Value attribute */ 592 offset += sizeof(attr); 593 total -= sizeof(attr); 594 595 if (type == IKEV2_ATTRTYPE_KEY_LENGTH) 596 msg->msg_attrlength = betoh16(attr.attr_length); 597 } else { 598 /* Type-Length-Value attribute */ 599 attr_length = betoh16(attr.attr_length); 600 if (attr_length < sizeof(attr)) { 601 log_debug("%s: malformed payload: shorter than " 602 "minimum header size (%zu < %zu)", __func__, 603 attr_length, sizeof(attr)); 604 return (-1); 605 } 606 if (total < attr_length) { 607 log_debug("%s: malformed payload: attribute larger " 608 "than actual payload (%zu < %zu)", __func__, 609 total, attr_length); 610 return (-1); 611 } 612 print_hex(msgbuf, offset + sizeof(attr), 613 attr_length - sizeof(attr)); 614 offset += attr_length; 615 total -= attr_length; 616 } 617 618 if (total > 0) { 619 /* Next attribute */ 620 ret = ikev2_pld_attr(env, xfrm, msg, offset, total); 621 } 622 623 return (ret); 624 } 625 626 int 627 ikev2_validate_ke(struct iked_message *msg, size_t offset, size_t left, 628 struct ikev2_keyexchange *kex) 629 { 630 uint8_t *msgbuf = ibuf_data(msg->msg_data); 631 632 if (left < sizeof(*kex)) { 633 log_debug("%s: malformed payload: too short for header " 634 "(%zu < %zu)", __func__, left, sizeof(*kex)); 635 return (-1); 636 } 637 memcpy(kex, msgbuf + offset, sizeof(*kex)); 638 639 return (0); 640 } 641 642 int 643 ikev2_pld_ke(struct iked *env, struct ikev2_payload *pld, 644 struct iked_message *msg, size_t offset, size_t left) 645 { 646 struct ikev2_keyexchange kex; 647 uint8_t *buf; 648 size_t len; 649 uint8_t *msgbuf = ibuf_data(msg->msg_data); 650 651 if (ikev2_validate_ke(msg, offset, left, &kex)) 652 return (-1); 653 654 log_debug("%s: dh group %s reserved %d", __func__, 655 print_map(betoh16(kex.kex_dhgroup), ikev2_xformdh_map), 656 betoh16(kex.kex_reserved)); 657 658 buf = msgbuf + offset + sizeof(kex); 659 len = left - sizeof(kex); 660 661 if (len == 0) { 662 log_debug("%s: malformed payload: no KE data given", __func__); 663 return (-1); 664 } 665 666 print_hex(buf, 0, len); 667 668 if (ikev2_msg_frompeer(msg)) { 669 ibuf_release(msg->msg_parent->msg_ke); 670 if ((msg->msg_parent->msg_ke = ibuf_new(buf, len)) == NULL) { 671 log_debug("%s: failed to get exchange", __func__); 672 return (-1); 673 } 674 msg->msg_parent->msg_dhgroup = betoh16(kex.kex_dhgroup); 675 } 676 677 return (0); 678 } 679 680 int 681 ikev2_validate_id(struct iked_message *msg, size_t offset, size_t left, 682 struct ikev2_id *id) 683 { 684 uint8_t *msgbuf = ibuf_data(msg->msg_data); 685 686 if (left < sizeof(*id)) { 687 log_debug("%s: malformed payload: too short for header " 688 "(%zu < %zu)", __func__, left, sizeof(*id)); 689 return (-1); 690 } 691 memcpy(id, msgbuf + offset, sizeof(*id)); 692 693 if (id->id_type == IKEV2_ID_NONE) { 694 log_debug("%s: malformed payload: invalid ID type.", 695 __func__); 696 return (-1); 697 } 698 699 return (0); 700 } 701 702 int 703 ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, 704 struct iked_message *msg, size_t offset, size_t left, unsigned int payload) 705 { 706 uint8_t *ptr; 707 struct ikev2_id id; 708 size_t len; 709 struct iked_id *idp, idb; 710 struct iked_sa *sa = msg->msg_sa; 711 uint8_t *msgbuf = ibuf_data(msg->msg_data); 712 char idstr[IKED_ID_SIZE]; 713 714 if (ikev2_validate_id(msg, offset, left, &id)) 715 return (-1); 716 717 bzero(&idb, sizeof(idb)); 718 719 /* Don't strip the Id payload header */ 720 ptr = msgbuf + offset; 721 len = left; 722 723 idb.id_type = id.id_type; 724 idb.id_offset = sizeof(id); 725 if ((idb.id_buf = ibuf_new(ptr, len)) == NULL) 726 return (-1); 727 728 if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) { 729 ibuf_release(idb.id_buf); 730 log_debug("%s: malformed id", __func__); 731 return (-1); 732 } 733 734 log_debug("%s: id %s length %zu", __func__, idstr, len); 735 736 if (!ikev2_msg_frompeer(msg)) { 737 ibuf_release(idb.id_buf); 738 return (0); 739 } 740 741 if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) || 742 (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) { 743 ibuf_release(idb.id_buf); 744 log_debug("%s: unexpected id payload", __func__); 745 return (0); 746 } 747 748 idp = &msg->msg_parent->msg_id; 749 if (idp->id_type) { 750 ibuf_release(idb.id_buf); 751 log_debug("%s: duplicate id payload", __func__); 752 return (-1); 753 } 754 755 idp->id_buf = idb.id_buf; 756 idp->id_offset = idb.id_offset; 757 idp->id_type = idb.id_type; 758 759 return (0); 760 } 761 762 int 763 ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left, 764 struct ikev2_cert *cert) 765 { 766 uint8_t *msgbuf = ibuf_data(msg->msg_data); 767 768 if (left < sizeof(*cert)) { 769 log_debug("%s: malformed payload: too short for header " 770 "(%zu < %zu)", __func__, left, sizeof(*cert)); 771 return (-1); 772 } 773 memcpy(cert, msgbuf + offset, sizeof(*cert)); 774 775 return (0); 776 } 777 778 int 779 ikev2_pld_cert(struct iked *env, struct ikev2_payload *pld, 780 struct iked_message *msg, size_t offset, size_t left) 781 { 782 struct ikev2_cert cert; 783 uint8_t *buf; 784 size_t len; 785 struct iked_id *certid; 786 uint8_t *msgbuf = ibuf_data(msg->msg_data); 787 788 if (ikev2_validate_cert(msg, offset, left, &cert)) 789 return (-1); 790 offset += sizeof(cert); 791 792 buf = msgbuf + offset; 793 len = left - sizeof(cert); 794 795 log_debug("%s: type %s length %zu", 796 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 797 798 print_hex(buf, 0, len); 799 800 if (!ikev2_msg_frompeer(msg)) 801 return (0); 802 803 certid = &msg->msg_parent->msg_cert; 804 if (certid->id_type) { 805 log_info("%s: multiple cert payloads not supported", 806 SPI_SA(msg->msg_sa, __func__)); 807 return (-1); 808 } 809 810 if ((certid->id_buf = ibuf_new(buf, len)) == NULL) { 811 log_debug("%s: failed to save cert", __func__); 812 return (-1); 813 } 814 certid->id_type = cert.cert_type; 815 certid->id_offset = 0; 816 817 return (0); 818 } 819 820 int 821 ikev2_validate_certreq(struct iked_message *msg, size_t offset, size_t left, 822 struct ikev2_cert *cert) 823 { 824 uint8_t *msgbuf = ibuf_data(msg->msg_data); 825 826 if (left < sizeof(*cert)) { 827 log_debug("%s: malformed payload: too short for header " 828 "(%zu < %zu)", __func__, left, sizeof(*cert)); 829 return (-1); 830 } 831 memcpy(cert, msgbuf + offset, sizeof(*cert)); 832 833 return (0); 834 } 835 836 int 837 ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld, 838 struct iked_message *msg, size_t offset, size_t left) 839 { 840 struct ikev2_cert cert; 841 struct iked_certreq *cr; 842 uint8_t *buf; 843 ssize_t len; 844 uint8_t *msgbuf = ibuf_data(msg->msg_data); 845 846 if (ikev2_validate_certreq(msg, offset, left, &cert)) 847 return (-1); 848 offset += sizeof(cert); 849 850 buf = msgbuf + offset; 851 len = left - sizeof(cert); 852 853 log_debug("%s: type %s length %zd", 854 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 855 856 print_hex(buf, 0, len); 857 858 if (!ikev2_msg_frompeer(msg)) 859 return (0); 860 861 if (cert.cert_type == IKEV2_CERT_X509_CERT) { 862 if (len == 0) { 863 log_info("%s: invalid length 0", __func__); 864 return (0); 865 } 866 if ((len % SHA_DIGEST_LENGTH) != 0) { 867 log_info("%s: invalid certificate request", 868 __func__); 869 return (-1); 870 } 871 } 872 873 if ((cr = calloc(1, sizeof(struct iked_certreq))) == NULL) { 874 log_info("%s: failed to allocate certreq.", __func__); 875 return (-1); 876 } 877 if ((cr->cr_data = ibuf_new(buf, len)) == NULL) { 878 log_info("%s: failed to allocate buffer.", __func__); 879 free(cr); 880 return (-1); 881 } 882 cr->cr_type = cert.cert_type; 883 SIMPLEQ_INSERT_TAIL(&msg->msg_parent->msg_certreqs, cr, cr_entry); 884 885 return (0); 886 } 887 888 int 889 ikev2_validate_auth(struct iked_message *msg, size_t offset, size_t left, 890 struct ikev2_auth *auth) 891 { 892 uint8_t *msgbuf = ibuf_data(msg->msg_data); 893 894 if (left < sizeof(*auth)) { 895 log_debug("%s: malformed payload: too short for header " 896 "(%zu < %zu)", __func__, left, sizeof(*auth)); 897 return (-1); 898 } 899 memcpy(auth, msgbuf + offset, sizeof(*auth)); 900 901 if (auth->auth_method == 0) { 902 log_info("%s: malformed payload: invalid auth method", 903 __func__); 904 return (-1); 905 } 906 907 return (0); 908 } 909 910 int 911 ikev2_pld_auth(struct iked *env, struct ikev2_payload *pld, 912 struct iked_message *msg, size_t offset, size_t left) 913 { 914 struct ikev2_auth auth; 915 struct iked_id *idp; 916 uint8_t *buf; 917 size_t len; 918 uint8_t *msgbuf = ibuf_data(msg->msg_data); 919 920 if (ikev2_validate_auth(msg, offset, left, &auth)) 921 return (-1); 922 offset += sizeof(auth); 923 924 buf = msgbuf + offset; 925 len = left - sizeof(auth); 926 927 log_debug("%s: method %s length %zu", 928 __func__, print_map(auth.auth_method, ikev2_auth_map), len); 929 930 print_hex(buf, 0, len); 931 932 if (!ikev2_msg_frompeer(msg)) 933 return (0); 934 935 idp = &msg->msg_parent->msg_auth; 936 if (idp->id_type) { 937 log_debug("%s: duplicate auth payload", __func__); 938 return (-1); 939 } 940 941 ibuf_release(idp->id_buf); 942 idp->id_type = auth.auth_method; 943 idp->id_offset = 0; 944 if ((idp->id_buf = ibuf_new(buf, len)) == NULL) 945 return (-1); 946 947 return (0); 948 } 949 950 int 951 ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld, 952 struct iked_message *msg, size_t offset, size_t left) 953 { 954 size_t len; 955 uint8_t *buf; 956 uint8_t *msgbuf = ibuf_data(msg->msg_data); 957 958 buf = msgbuf + offset; 959 len = left; 960 961 if (len == 0) { 962 log_debug("%s: malformed payload: no NONCE given", __func__); 963 return (-1); 964 } 965 966 print_hex(buf, 0, len); 967 968 if (ikev2_msg_frompeer(msg)) { 969 ibuf_release(msg->msg_nonce); 970 if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) { 971 log_debug("%s: failed to get peer nonce", __func__); 972 return (-1); 973 } 974 msg->msg_parent->msg_nonce = msg->msg_nonce; 975 } 976 977 return (0); 978 } 979 980 int 981 ikev2_validate_notify(struct iked_message *msg, size_t offset, size_t left, 982 struct ikev2_notify *n) 983 { 984 uint8_t *msgbuf = ibuf_data(msg->msg_data); 985 986 if (left < sizeof(*n)) { 987 log_debug("%s: malformed payload: too short for header " 988 "(%zu < %zu)", __func__, left, sizeof(*n)); 989 return (-1); 990 } 991 memcpy(n, msgbuf + offset, sizeof(*n)); 992 993 return (0); 994 } 995 996 int 997 ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, 998 struct iked_message *msg, size_t offset, size_t left) 999 { 1000 struct ikev2_notify n; 1001 uint8_t *buf, md[SHA_DIGEST_LENGTH]; 1002 uint32_t spi32; 1003 uint64_t spi64; 1004 struct iked_spi *rekey; 1005 uint16_t type; 1006 uint16_t signature_hash; 1007 1008 if (ikev2_validate_notify(msg, offset, left, &n)) 1009 return (-1); 1010 type = betoh16(n.n_type); 1011 1012 log_debug("%s: protoid %s spisize %d type %s", 1013 __func__, 1014 print_map(n.n_protoid, ikev2_saproto_map), n.n_spisize, 1015 print_map(type, ikev2_n_map)); 1016 1017 left -= sizeof(n); 1018 if ((buf = ibuf_seek(msg->msg_data, offset + sizeof(n), left)) == NULL) 1019 return (-1); 1020 1021 print_hex(buf, 0, left); 1022 1023 if (!ikev2_msg_frompeer(msg)) 1024 return (0); 1025 1026 switch (type) { 1027 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 1028 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 1029 if (left != sizeof(md)) { 1030 log_debug("%s: malformed payload: hash size mismatch" 1031 " (%zu != %zu)", __func__, left, sizeof(md)); 1032 return (-1); 1033 } 1034 if (ikev2_nat_detection(env, msg, md, sizeof(md), type) == -1) 1035 return (-1); 1036 if (memcmp(buf, md, left) != 0) { 1037 log_debug("%s: %s detected NAT", __func__, 1038 print_map(type, ikev2_n_map)); 1039 if (type == IKEV2_N_NAT_DETECTION_SOURCE_IP) 1040 msg->msg_parent->msg_nat_detected 1041 |= IKED_MSG_NAT_SRC_IP; 1042 else 1043 msg->msg_parent->msg_nat_detected 1044 |= IKED_MSG_NAT_DST_IP; 1045 } 1046 print_hex(md, 0, sizeof(md)); 1047 /* remember for MOBIKE */ 1048 msg->msg_parent->msg_natt_rcvd = 1; 1049 break; 1050 case IKEV2_N_AUTHENTICATION_FAILED: 1051 if (!msg->msg_e) { 1052 log_debug("%s: AUTHENTICATION_FAILED not encrypted", 1053 __func__); 1054 return (-1); 1055 } 1056 /* 1057 * If we are the responder, then we only accept 1058 * AUTHENTICATION_FAILED from authenticated peers. 1059 * If we are the initiator, the peer cannot be authenticated. 1060 */ 1061 if (!msg->msg_sa->sa_hdr.sh_initiator) { 1062 if (!sa_stateok(msg->msg_sa, IKEV2_STATE_VALID)) { 1063 log_debug("%s: ignoring AUTHENTICATION_FAILED" 1064 " from unauthenticated initiator", 1065 __func__); 1066 return (-1); 1067 } 1068 } else { 1069 if (sa_stateok(msg->msg_sa, IKEV2_STATE_VALID)) { 1070 log_debug("%s: ignoring AUTHENTICATION_FAILED" 1071 " from authenticated responder", 1072 __func__); 1073 return (-1); 1074 } 1075 } 1076 msg->msg_parent->msg_flags 1077 |= IKED_MSG_FLAGS_AUTHENTICATION_FAILED; 1078 break; 1079 case IKEV2_N_INVALID_KE_PAYLOAD: 1080 if (sa_stateok(msg->msg_sa, IKEV2_STATE_VALID) && 1081 !msg->msg_e) { 1082 log_debug("%s: INVALID_KE_PAYLOAD not encrypted", 1083 __func__); 1084 return (-1); 1085 } 1086 if (left != sizeof(msg->msg_parent->msg_group)) { 1087 log_debug("%s: malformed payload: group size mismatch" 1088 " (%zu != %zu)", __func__, left, 1089 sizeof(msg->msg_parent->msg_group)); 1090 return (-1); 1091 } 1092 memcpy(&msg->msg_parent->msg_group, buf, left); 1093 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_INVALID_KE; 1094 break; 1095 case IKEV2_N_NO_ADDITIONAL_SAS: 1096 if (!msg->msg_e) { 1097 log_debug("%s: NO_ADDITIONAL_SAS not encrypted", 1098 __func__); 1099 return (-1); 1100 } 1101 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_ADDITIONAL_SAS; 1102 break; 1103 case IKEV2_N_REKEY_SA: 1104 if (!msg->msg_e) { 1105 log_debug("%s: N_REKEY_SA not encrypted", __func__); 1106 return (-1); 1107 } 1108 if (left != n.n_spisize) { 1109 log_debug("%s: malformed notification", __func__); 1110 return (-1); 1111 } 1112 rekey = &msg->msg_parent->msg_rekey; 1113 if (rekey->spi != 0) { 1114 log_debug("%s: rekeying of multiple SAs not supported", 1115 __func__); 1116 return (-1); 1117 } 1118 switch (n.n_spisize) { 1119 case 4: 1120 memcpy(&spi32, buf, left); 1121 rekey->spi = betoh32(spi32); 1122 break; 1123 case 8: 1124 memcpy(&spi64, buf, left); 1125 rekey->spi = betoh64(spi64); 1126 break; 1127 default: 1128 log_debug("%s: invalid spi size %d", __func__, 1129 n.n_spisize); 1130 return (-1); 1131 } 1132 rekey->spi_size = n.n_spisize; 1133 rekey->spi_protoid = n.n_protoid; 1134 1135 log_debug("%s: rekey %s spi %s", __func__, 1136 print_map(n.n_protoid, ikev2_saproto_map), 1137 print_spi(rekey->spi, n.n_spisize)); 1138 break; 1139 case IKEV2_N_TEMPORARY_FAILURE: 1140 if (!msg->msg_e) { 1141 log_debug("%s: IKEV2_N_TEMPORARY_FAILURE not encrypted", 1142 __func__); 1143 return (-1); 1144 } 1145 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_TEMPORARY_FAILURE; 1146 break; 1147 case IKEV2_N_IPCOMP_SUPPORTED: 1148 if (!msg->msg_e) { 1149 log_debug("%s: N_IPCOMP_SUPPORTED not encrypted", 1150 __func__); 1151 return (-1); 1152 } 1153 if (left < sizeof(msg->msg_parent->msg_cpi) + 1154 sizeof(msg->msg_parent->msg_transform)) { 1155 log_debug("%s: ignoring malformed ipcomp notification", 1156 __func__); 1157 return (0); 1158 } 1159 memcpy(&msg->msg_parent->msg_cpi, buf, 1160 sizeof(msg->msg_parent->msg_cpi)); 1161 memcpy(&msg->msg_parent->msg_transform, 1162 buf + sizeof(msg->msg_parent->msg_cpi), 1163 sizeof(msg->msg_parent->msg_transform)); 1164 1165 log_debug("%s: %s cpi 0x%x, transform %s, length %zu", __func__, 1166 msg->msg_parent->msg_response ? "res" : "req", 1167 betoh16(msg->msg_parent->msg_cpi), 1168 print_map(msg->msg_parent->msg_transform, 1169 ikev2_ipcomp_map), left); 1170 1171 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_IPCOMP_SUPPORTED; 1172 break; 1173 case IKEV2_N_CHILD_SA_NOT_FOUND: 1174 if (!msg->msg_e) { 1175 log_debug("%s: N_CHILD_SA_NOT_FOUND not encrypted", 1176 __func__); 1177 return (-1); 1178 } 1179 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_CHILD_SA_NOT_FOUND; 1180 break; 1181 case IKEV2_N_MOBIKE_SUPPORTED: 1182 if (!msg->msg_e) { 1183 log_debug("%s: N_MOBIKE_SUPPORTED not encrypted", 1184 __func__); 1185 return (-1); 1186 } 1187 if (left != 0) { 1188 log_debug("%s: ignoring malformed mobike" 1189 " notification: %zu", __func__, left); 1190 return (0); 1191 } 1192 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_MOBIKE; 1193 break; 1194 case IKEV2_N_USE_TRANSPORT_MODE: 1195 if (!msg->msg_e) { 1196 log_debug("%s: N_USE_TRANSPORT_MODE not encrypted", 1197 __func__); 1198 return (-1); 1199 } 1200 if (left != 0) { 1201 log_debug("%s: ignoring malformed transport mode" 1202 " notification: %zu", __func__, left); 1203 return (0); 1204 } 1205 if (msg->msg_parent->msg_response) { 1206 if (!(msg->msg_policy->pol_flags & IKED_POLICY_TRANSPORT)) { 1207 log_debug("%s: ignoring transport mode" 1208 " notification (policy)", __func__); 1209 return (0); 1210 } 1211 } 1212 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_USE_TRANSPORT; 1213 break; 1214 case IKEV2_N_UPDATE_SA_ADDRESSES: 1215 if (!msg->msg_e) { 1216 log_debug("%s: N_UPDATE_SA_ADDRESSES not encrypted", 1217 __func__); 1218 return (-1); 1219 } 1220 if (!msg->msg_sa->sa_mobike) { 1221 log_debug("%s: ignoring update sa addresses" 1222 " notification w/o mobike: %zu", __func__, left); 1223 return (0); 1224 } 1225 if (left != 0) { 1226 log_debug("%s: ignoring malformed update sa addresses" 1227 " notification: %zu", __func__, left); 1228 return (0); 1229 } 1230 msg->msg_parent->msg_update_sa_addresses = 1; 1231 break; 1232 case IKEV2_N_COOKIE2: 1233 if (!msg->msg_e) { 1234 log_debug("%s: N_COOKIE2 not encrypted", 1235 __func__); 1236 return (-1); 1237 } 1238 if (!msg->msg_sa->sa_mobike) { 1239 log_debug("%s: ignoring cookie2 notification" 1240 " w/o mobike: %zu", __func__, left); 1241 return (0); 1242 } 1243 if (left < IKED_COOKIE2_MIN || left > IKED_COOKIE2_MAX) { 1244 log_debug("%s: ignoring malformed cookie2" 1245 " notification: %zu", __func__, left); 1246 return (0); 1247 } 1248 ibuf_release(msg->msg_cookie2); /* should not happen */ 1249 if ((msg->msg_cookie2 = ibuf_new(buf, left)) == NULL) { 1250 log_debug("%s: failed to get peer cookie2", __func__); 1251 return (-1); 1252 } 1253 msg->msg_parent->msg_cookie2 = msg->msg_cookie2; 1254 break; 1255 case IKEV2_N_COOKIE: 1256 if (msg->msg_e) { 1257 log_debug("%s: N_COOKIE encrypted", 1258 __func__); 1259 return (-1); 1260 } 1261 if (left < IKED_COOKIE_MIN || left > IKED_COOKIE_MAX) { 1262 log_debug("%s: ignoring malformed cookie" 1263 " notification: %zu", __func__, left); 1264 return (0); 1265 } 1266 log_debug("%s: received cookie, len %zu", __func__, left); 1267 print_hex(buf, 0, left); 1268 1269 ibuf_release(msg->msg_cookie); 1270 if ((msg->msg_cookie = ibuf_new(buf, left)) == NULL) { 1271 log_debug("%s: failed to get peer cookie", __func__); 1272 return (-1); 1273 } 1274 msg->msg_parent->msg_cookie = msg->msg_cookie; 1275 break; 1276 case IKEV2_N_FRAGMENTATION_SUPPORTED: 1277 if (msg->msg_e) { 1278 log_debug("%s: N_FRAGMENTATION_SUPPORTED encrypted", 1279 __func__); 1280 return (-1); 1281 } 1282 if (left != 0) { 1283 log_debug("%s: ignoring malformed fragmentation" 1284 " notification: %zu", __func__, left); 1285 return (0); 1286 } 1287 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_FRAGMENTATION; 1288 break; 1289 case IKEV2_N_SIGNATURE_HASH_ALGORITHMS: 1290 if (msg->msg_e) { 1291 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: encrypted", 1292 __func__); 1293 return (-1); 1294 } 1295 if (msg->msg_sa == NULL || 1296 msg->msg_sa->sa_sigsha2) { 1297 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: no SA or " 1298 "duplicate notify", __func__); 1299 return (-1); 1300 } 1301 if (left < sizeof(signature_hash) || 1302 left % sizeof(signature_hash)) { 1303 log_debug("%s: malformed signature hash notification" 1304 "(%zu bytes)", __func__, left); 1305 return (0); 1306 } 1307 while (left >= sizeof(signature_hash)) { 1308 memcpy(&signature_hash, buf, sizeof(signature_hash)); 1309 signature_hash = betoh16(signature_hash); 1310 log_debug("%s: signature hash %s (%x)", __func__, 1311 print_map(signature_hash, ikev2_sighash_map), 1312 signature_hash); 1313 left -= sizeof(signature_hash); 1314 buf += sizeof(signature_hash); 1315 if (signature_hash == IKEV2_SIGHASH_SHA2_256) 1316 msg->msg_parent->msg_flags 1317 |= IKED_MSG_FLAGS_SIGSHA2; 1318 } 1319 break; 1320 } 1321 1322 return (0); 1323 } 1324 1325 int 1326 ikev2_validate_delete(struct iked_message *msg, size_t offset, size_t left, 1327 struct ikev2_delete *del) 1328 { 1329 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1330 1331 if (left < sizeof(*del)) { 1332 log_debug("%s: malformed payload: too short for header " 1333 "(%zu < %zu)", __func__, left, sizeof(*del)); 1334 return (-1); 1335 } 1336 memcpy(del, msgbuf + offset, sizeof(*del)); 1337 1338 if (del->del_protoid == 0) { 1339 log_info("%s: malformed payload: invalid protoid", __func__); 1340 return (-1); 1341 } 1342 1343 return (0); 1344 } 1345 1346 int 1347 ikev2_pld_delete(struct iked *env, struct ikev2_payload *pld, 1348 struct iked_message *msg, size_t offset, size_t left) 1349 { 1350 struct ikev2_delete del; 1351 uint8_t *buf, *msgbuf = ibuf_data(msg->msg_data); 1352 size_t cnt, sz, len; 1353 1354 if (ikev2_validate_delete(msg, offset, left, &del)) 1355 return (-1); 1356 1357 /* Skip if it's a response, then we don't have to deal with it */ 1358 if (ikev2_msg_frompeer(msg) && 1359 msg->msg_parent->msg_response) 1360 return (0); 1361 1362 cnt = betoh16(del.del_nspi); 1363 sz = del.del_spisize; 1364 1365 log_debug("%s: proto %s spisize %zu nspi %zu", 1366 __func__, print_map(del.del_protoid, ikev2_saproto_map), 1367 sz, cnt); 1368 1369 if (msg->msg_parent->msg_del_protoid) { 1370 log_debug("%s: duplicate delete payload", __func__); 1371 return (0); 1372 } 1373 1374 msg->msg_parent->msg_del_protoid = del.del_protoid; 1375 msg->msg_parent->msg_del_cnt = cnt; 1376 msg->msg_parent->msg_del_spisize = sz; 1377 1378 buf = msgbuf + offset + sizeof(del); 1379 len = left - sizeof(del); 1380 if (len == 0 || sz == 0 || cnt == 0) 1381 return (0); 1382 1383 if ((len / sz) != cnt) { 1384 log_debug("%s: invalid payload length %zu/%zu != %zu", 1385 __func__, len, sz, cnt); 1386 return (-1); 1387 } 1388 1389 print_hex(buf, 0, len); 1390 1391 msg->msg_parent->msg_del_buf = ibuf_new(buf, len); 1392 1393 return (0); 1394 } 1395 1396 int 1397 ikev2_validate_tss(struct iked_message *msg, size_t offset, size_t left, 1398 struct ikev2_tsp *tsp) 1399 { 1400 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1401 1402 if (left < sizeof(*tsp)) { 1403 log_debug("%s: malformed payload: too short for header " 1404 "(%zu < %zu)", __func__, left, sizeof(*tsp)); 1405 return (-1); 1406 } 1407 memcpy(tsp, msgbuf + offset, sizeof(*tsp)); 1408 1409 return (0); 1410 } 1411 1412 int 1413 ikev2_pld_tss(struct iked *env, struct ikev2_payload *pld, 1414 struct iked_message *msg, size_t offset, size_t left) 1415 { 1416 struct ikev2_tsp tsp; 1417 struct ikev2_ts ts; 1418 size_t ts_len, i; 1419 1420 if (ikev2_validate_tss(msg, offset, left, &tsp)) 1421 return (-1); 1422 1423 offset += sizeof(tsp); 1424 left -= sizeof(tsp); 1425 1426 log_debug("%s: count %d length %zu", __func__, 1427 tsp.tsp_count, left); 1428 1429 for (i = 0; i < tsp.tsp_count; i++) { 1430 if (ikev2_validate_ts(msg, offset, left, &ts)) 1431 return (-1); 1432 1433 log_debug("%s: type %s protoid %u length %d " 1434 "startport %u endport %u", __func__, 1435 print_map(ts.ts_type, ikev2_ts_map), 1436 ts.ts_protoid, betoh16(ts.ts_length), 1437 betoh16(ts.ts_startport), 1438 betoh16(ts.ts_endport)); 1439 1440 offset += sizeof(ts); 1441 left -= sizeof(ts); 1442 1443 ts_len = betoh16(ts.ts_length) - sizeof(ts); 1444 if (ikev2_pld_ts(env, pld, msg, offset, ts_len, ts.ts_type)) 1445 return (-1); 1446 1447 offset += ts_len; 1448 left -= ts_len; 1449 } 1450 1451 return (0); 1452 } 1453 1454 int 1455 ikev2_validate_ts(struct iked_message *msg, size_t offset, size_t left, 1456 struct ikev2_ts *ts) 1457 { 1458 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1459 size_t ts_length; 1460 1461 if (left < sizeof(*ts)) { 1462 log_debug("%s: malformed payload: too short for header " 1463 "(%zu < %zu)", __func__, left, sizeof(*ts)); 1464 return (-1); 1465 } 1466 memcpy(ts, msgbuf + offset, sizeof(*ts)); 1467 1468 ts_length = betoh16(ts->ts_length); 1469 if (ts_length < sizeof(*ts)) { 1470 log_debug("%s: malformed payload: shorter than minimum header " 1471 "size (%zu < %zu)", __func__, ts_length, sizeof(*ts)); 1472 return (-1); 1473 } 1474 if (left < ts_length) { 1475 log_debug("%s: malformed payload: too long for payload size " 1476 "(%zu < %zu)", __func__, left, ts_length); 1477 return (-1); 1478 } 1479 1480 return (0); 1481 } 1482 1483 int 1484 ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld, 1485 struct iked_message *msg, size_t offset, size_t left, unsigned int type) 1486 { 1487 struct sockaddr_in s4; 1488 struct sockaddr_in6 s6; 1489 uint8_t buf[2][128]; 1490 uint8_t *ptr; 1491 1492 ptr = ibuf_data(msg->msg_data) + offset; 1493 1494 switch (type) { 1495 case IKEV2_TS_IPV4_ADDR_RANGE: 1496 if (left < 2 * 4) { 1497 log_debug("%s: malformed payload: too short " 1498 "for ipv4 addr range (%zu < %u)", 1499 __func__, left, 2 * 4); 1500 return (-1); 1501 } 1502 1503 bzero(&s4, sizeof(s4)); 1504 s4.sin_family = AF_INET; 1505 s4.sin_len = sizeof(s4); 1506 memcpy(&s4.sin_addr.s_addr, ptr, 4); 1507 ptr += 4; 1508 left -= 4; 1509 print_host((struct sockaddr *)&s4, 1510 (char *)buf[0], sizeof(buf[0])); 1511 1512 memcpy(&s4.sin_addr.s_addr, ptr, 4); 1513 left -= 4; 1514 print_host((struct sockaddr *)&s4, 1515 (char *)buf[1], sizeof(buf[1])); 1516 1517 log_debug("%s: start %s end %s", __func__, 1518 buf[0], buf[1]); 1519 break; 1520 case IKEV2_TS_IPV6_ADDR_RANGE: 1521 if (left < 2 * 16) { 1522 log_debug("%s: malformed payload: too short " 1523 "for ipv6 addr range (%zu < %u)", 1524 __func__, left, 2 * 16); 1525 return (-1); 1526 } 1527 bzero(&s6, sizeof(s6)); 1528 s6.sin6_family = AF_INET6; 1529 s6.sin6_len = sizeof(s6); 1530 memcpy(&s6.sin6_addr, ptr, 16); 1531 ptr += 16; 1532 left -= 16; 1533 print_host((struct sockaddr *)&s6, 1534 (char *)buf[0], sizeof(buf[0])); 1535 1536 memcpy(&s6.sin6_addr, ptr, 16); 1537 left -= 16; 1538 print_host((struct sockaddr *)&s6, 1539 (char *)buf[1], sizeof(buf[1])); 1540 log_debug("%s: start %s end %s", __func__, 1541 buf[0], buf[1]); 1542 break; 1543 default: 1544 log_debug("%s: ignoring unknown TS type %u", __func__, type); 1545 return (0); 1546 } 1547 1548 if (left > 0) { 1549 log_debug("%s: malformed payload: left (%zu) > 0", 1550 __func__, left); 1551 return (-1); 1552 } 1553 1554 return (0); 1555 } 1556 1557 int 1558 ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld, 1559 struct iked_message *msg, size_t offset, size_t left) 1560 { 1561 struct iked_sa *sa = msg->msg_sa; 1562 struct iked_frag *sa_frag = &sa->sa_fragments; 1563 struct iked_frag_entry *el; 1564 struct ikev2_frag_payload frag; 1565 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1566 uint8_t *buf; 1567 struct ibuf *e = NULL; 1568 size_t frag_num, frag_total; 1569 size_t len; 1570 int ret = -1; 1571 ssize_t elen; 1572 1573 buf = msgbuf + offset; 1574 memcpy(&frag, buf, sizeof(frag)); 1575 frag_num = betoh16(frag.frag_num); 1576 frag_total = betoh16(frag.frag_total); 1577 1578 offset += sizeof(frag); 1579 buf = msgbuf + offset; 1580 len = left - sizeof(frag); 1581 1582 /* Limit number of total fragments to avoid DOS */ 1583 if (frag_total > IKED_FRAG_TOTAL_MAX ) { 1584 log_debug("%s: Total Fragments too big %zu", 1585 __func__, frag_total); 1586 goto dropall; 1587 } 1588 1589 /* Check sanity of fragment header */ 1590 if (frag_num == 0 || frag_total == 0) { 1591 log_debug("%s: Malformed fragment received: %zu of %zu", 1592 __func__, frag_num, frag_total); 1593 goto done; 1594 } 1595 log_debug("%s: Received fragment: %zu of %zu", 1596 __func__, frag_num, frag_total); 1597 1598 /* Check new fragmented message */ 1599 if (sa_frag->frag_arr == NULL) { 1600 sa_frag->frag_arr = recallocarray(NULL, 0, frag_total, 1601 sizeof(struct iked_frag_entry*)); 1602 if (sa_frag->frag_arr == NULL) { 1603 log_info("%s: recallocarray sa_frag->frag_arr.", __func__); 1604 goto done; 1605 } 1606 sa_frag->frag_total = frag_total; 1607 } 1608 1609 /* Drop all fragments if frag_num or frag_total don't match */ 1610 if (frag_num > sa_frag->frag_total || frag_total != sa_frag->frag_total) 1611 goto dropall; 1612 1613 /* Silent drop if fragment already stored */ 1614 if (sa_frag->frag_arr[frag_num-1] != NULL) 1615 goto done; 1616 1617 /* The first fragments IKE header determines pld_nextpayload */ 1618 if (frag_num == 1) 1619 sa_frag->frag_nextpayload = pld->pld_nextpayload; 1620 1621 /* Decrypt fragment */ 1622 if ((e = ibuf_new(buf, len)) == NULL) 1623 goto done; 1624 1625 if ((e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e)) 1626 == NULL ) { 1627 log_debug("%s: Failed to decrypt fragment: %zu of %zu", 1628 __func__, frag_num, frag_total); 1629 goto done; 1630 } 1631 elen = ibuf_length(e); 1632 1633 /* Insert new list element */ 1634 el = calloc(1, sizeof(struct iked_frag_entry)); 1635 if (el == NULL) { 1636 log_info("%s: Failed allocating new fragment: %zu of %zu", 1637 __func__, frag_num, frag_total); 1638 goto done; 1639 } 1640 1641 sa_frag->frag_arr[frag_num-1] = el; 1642 el->frag_size = elen; 1643 el->frag_data = calloc(1, elen); 1644 if (el->frag_data == NULL) { 1645 log_debug("%s: Failed allocating new fragment data: %zu of %zu", 1646 __func__, frag_num, frag_total); 1647 goto done; 1648 } 1649 1650 /* Copy plaintext to fragment */ 1651 memcpy(el->frag_data, ibuf_seek(e, 0, 0), elen); 1652 sa_frag->frag_total_size += elen; 1653 sa_frag->frag_count++; 1654 1655 /* If all frags are received start reassembly */ 1656 if (sa_frag->frag_count == sa_frag->frag_total) { 1657 log_debug("%s: All fragments received: %zu of %zu", 1658 __func__, frag_num, frag_total); 1659 ret = ikev2_frags_reassemble(env, pld, msg); 1660 } else { 1661 ret = 0; 1662 } 1663 done: 1664 ibuf_release(e); 1665 return (ret); 1666 dropall: 1667 config_free_fragments(sa_frag); 1668 ibuf_release(e); 1669 return -1; 1670 } 1671 1672 int 1673 ikev2_frags_reassemble(struct iked *env, struct ikev2_payload *pld, 1674 struct iked_message *msg) 1675 { 1676 struct iked_frag *sa_frag = &msg->msg_sa->sa_fragments; 1677 struct ibuf *e = NULL; 1678 struct iked_frag_entry *el; 1679 uint8_t *ptr; 1680 size_t offset; 1681 size_t i; 1682 struct iked_message emsg; 1683 int ret = -1; 1684 1685 /* Reassemble fragments to single buffer */ 1686 if ((e = ibuf_new(NULL, sa_frag->frag_total_size)) == NULL) { 1687 log_debug("%s: Failed allocating SK buffer.", __func__); 1688 goto done; 1689 } 1690 1691 /* Empty queue to new buffer */ 1692 offset = 0; 1693 for (i = 0; i < sa_frag->frag_total; i++) { 1694 if ((el = sa_frag->frag_arr[i]) == NULL) 1695 fatalx("Tried to reassemble shallow frag_arr"); 1696 ptr = ibuf_seek(e, offset, el->frag_size); 1697 if (ptr == NULL) { 1698 log_info("%s: failed to reassemble fragments", __func__); 1699 goto done; 1700 } 1701 memcpy(ptr, el->frag_data, el->frag_size); 1702 offset += el->frag_size; 1703 } 1704 1705 log_debug("%s: Defragmented length %zd", __func__, 1706 sa_frag->frag_total_size); 1707 print_hex(ibuf_data(e), 0, sa_frag->frag_total_size); 1708 1709 /* 1710 * Parse decrypted payload 1711 */ 1712 bzero(&emsg, sizeof(emsg)); 1713 memcpy(&emsg, msg, sizeof(*msg)); 1714 emsg.msg_data = e; 1715 emsg.msg_e = 1; 1716 emsg.msg_parent = msg; 1717 TAILQ_INIT(&emsg.msg_proposals); 1718 1719 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e), 1720 sa_frag->frag_nextpayload); 1721 done: 1722 config_free_fragments(sa_frag); 1723 ibuf_release(e); 1724 1725 return (ret); 1726 } 1727 1728 int 1729 ikev2_pld_e(struct iked *env, struct ikev2_payload *pld, 1730 struct iked_message *msg, size_t offset, size_t left) 1731 { 1732 struct iked_sa *sa = msg->msg_sa; 1733 struct ibuf *e = NULL; 1734 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1735 struct iked_message emsg; 1736 uint8_t *buf; 1737 size_t len; 1738 int ret = -1; 1739 1740 if (sa->sa_fragments.frag_arr != NULL) { 1741 log_warn("%s: Received SK payload when SKFs are in queue.", 1742 __func__); 1743 config_free_fragments(&sa->sa_fragments); 1744 return (ret); 1745 } 1746 1747 buf = msgbuf + offset; 1748 len = left; 1749 1750 if ((e = ibuf_new(buf, len)) == NULL) 1751 goto done; 1752 1753 if (ikev2_msg_frompeer(msg)) { 1754 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1755 } else { 1756 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1757 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1758 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1759 } 1760 1761 if (e == NULL) 1762 goto done; 1763 1764 /* 1765 * Parse decrypted payload 1766 */ 1767 bzero(&emsg, sizeof(emsg)); 1768 memcpy(&emsg, msg, sizeof(*msg)); 1769 emsg.msg_data = e; 1770 emsg.msg_e = 1; 1771 emsg.msg_parent = msg; 1772 TAILQ_INIT(&emsg.msg_proposals); 1773 1774 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e), 1775 pld->pld_nextpayload); 1776 1777 done: 1778 ibuf_release(e); 1779 1780 return (ret); 1781 } 1782 1783 int 1784 ikev2_validate_cp(struct iked_message *msg, size_t offset, size_t left, 1785 struct ikev2_cp *cp) 1786 { 1787 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1788 1789 if (left < sizeof(*cp)) { 1790 log_debug("%s: malformed payload: too short for header " 1791 "(%zu < %zu)", __func__, left, sizeof(*cp)); 1792 return (-1); 1793 } 1794 memcpy(cp, msgbuf + offset, sizeof(*cp)); 1795 1796 return (0); 1797 } 1798 1799 int 1800 ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld, 1801 struct iked_message *msg, size_t offset, size_t left) 1802 { 1803 struct ikev2_cp cp; 1804 struct ikev2_cfg *cfg; 1805 uint8_t *ptr; 1806 size_t len; 1807 struct iked_sa *sa = msg->msg_sa; 1808 1809 if (ikev2_validate_cp(msg, offset, left, &cp)) 1810 return (-1); 1811 1812 ptr = ibuf_data(msg->msg_data) + offset + sizeof(cp); 1813 len = left - sizeof(cp); 1814 1815 log_debug("%s: type %s length %zu", 1816 __func__, print_map(cp.cp_type, ikev2_cp_map), len); 1817 print_hex(ptr, 0, len); 1818 1819 while (len > 0) { 1820 if (len < sizeof(*cfg)) { 1821 log_debug("%s: malformed payload: too short for cfg " 1822 "(%zu < %zu)", __func__, len, sizeof(*cfg)); 1823 return (-1); 1824 } 1825 cfg = (struct ikev2_cfg *)ptr; 1826 1827 log_debug("%s: %s 0x%04x length %d", __func__, 1828 print_map(betoh16(cfg->cfg_type), ikev2_cfg_map), 1829 betoh16(cfg->cfg_type), 1830 betoh16(cfg->cfg_length)); 1831 1832 ptr += sizeof(*cfg); 1833 len -= sizeof(*cfg); 1834 1835 if (len < betoh16(cfg->cfg_length)) { 1836 log_debug("%s: malformed payload: too short for " 1837 "cfg_length (%zu < %u)", __func__, len, 1838 betoh16(cfg->cfg_length)); 1839 return (-1); 1840 } 1841 1842 ptr += betoh16(cfg->cfg_length); 1843 len -= betoh16(cfg->cfg_length); 1844 } 1845 1846 if (!ikev2_msg_frompeer(msg)) 1847 return (0); 1848 1849 if (sa) 1850 sa->sa_cp = cp.cp_type; 1851 1852 return (0); 1853 } 1854 1855 int 1856 ikev2_validate_eap(struct iked_message *msg, size_t offset, size_t left, 1857 struct eap_header *hdr) 1858 { 1859 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1860 1861 if (left < sizeof(*hdr)) { 1862 log_debug("%s: malformed payload: too short for header " 1863 "(%zu < %zu)", __func__, left, sizeof(*hdr)); 1864 return (-1); 1865 } 1866 memcpy(hdr, msgbuf + offset, sizeof(*hdr)); 1867 1868 return (0); 1869 } 1870 1871 int 1872 ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld, 1873 struct iked_message *msg, size_t offset, size_t left) 1874 { 1875 struct eap_header hdr; 1876 struct eap_message *eap = NULL; 1877 struct iked_sa *sa = msg->msg_sa; 1878 size_t len; 1879 1880 if (ikev2_validate_eap(msg, offset, left, &hdr)) 1881 return (-1); 1882 len = betoh16(hdr.eap_length); 1883 1884 if (len < sizeof(*eap)) { 1885 log_info("%s: %s id %d length %d", SPI_SA(sa, __func__), 1886 print_map(hdr.eap_code, eap_code_map), 1887 hdr.eap_id, betoh16(hdr.eap_length)); 1888 } else { 1889 /* Now try to get the indicated length */ 1890 if ((eap = ibuf_seek(msg->msg_data, offset, len)) == NULL) { 1891 log_debug("%s: invalid EAP length", __func__); 1892 return (-1); 1893 } 1894 1895 log_info("%s: %s id %d length %d EAP-%s", SPI_SA(sa, __func__), 1896 print_map(eap->eap_code, eap_code_map), 1897 eap->eap_id, betoh16(eap->eap_length), 1898 print_map(eap->eap_type, eap_type_map)); 1899 1900 if (eap_parse(env, sa, msg, eap, msg->msg_response) == -1) 1901 return (-1); 1902 msg->msg_parent->msg_eap.eam_found = 1; 1903 } 1904 1905 return (0); 1906 } 1907