1 /* $OpenBSD: ikev2_pld.c,v 1.45 2014/05/06 10:24:22 markus Exp $ */ 2 3 /* 4 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2014 Hans-Joerg Hoexer 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/param.h> 21 #include <sys/queue.h> 22 #include <sys/socket.h> 23 #include <sys/wait.h> 24 #include <sys/uio.h> 25 26 #include <netinet/in.h> 27 #include <netinet/ip_ipsp.h> 28 #include <arpa/inet.h> 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 #include <unistd.h> 33 #include <string.h> 34 #include <getopt.h> 35 #include <signal.h> 36 #include <errno.h> 37 #include <err.h> 38 #include <pwd.h> 39 #include <event.h> 40 41 #include <openssl/sha.h> 42 #include <openssl/evp.h> 43 44 #include "iked.h" 45 #include "ikev2.h" 46 #include "eap.h" 47 #include "dh.h" 48 49 int ikev2_validate_pld(struct iked_message *, size_t, size_t, 50 struct ikev2_payload *); 51 int ikev2_pld_payloads(struct iked *, struct iked_message *, 52 size_t, size_t, u_int); 53 int ikev2_validate_sa(struct iked_message *, size_t, size_t, 54 struct ikev2_payload *, struct ikev2_sa_proposal *); 55 int ikev2_pld_sa(struct iked *, struct ikev2_payload *, 56 struct iked_message *, size_t, size_t); 57 int ikev2_validate_xform(struct iked_message *, size_t, size_t, 58 struct ikev2_transform *); 59 int ikev2_pld_xform(struct iked *, struct ikev2_sa_proposal *, 60 struct iked_message *, size_t, size_t); 61 int ikev2_validate_attr(struct iked_message *, size_t, size_t, 62 struct ikev2_attribute *); 63 int ikev2_pld_attr(struct iked *, struct ikev2_transform *, 64 struct iked_message *, size_t, size_t); 65 int ikev2_validate_ke(struct iked_message *, size_t, size_t, 66 struct ikev2_payload *, struct ikev2_keyexchange *); 67 int ikev2_pld_ke(struct iked *, struct ikev2_payload *, 68 struct iked_message *, size_t, size_t); 69 int ikev2_validate_id(struct iked_message *, size_t, size_t, 70 struct ikev2_payload *, struct ikev2_id *); 71 int ikev2_pld_id(struct iked *, struct ikev2_payload *, 72 struct iked_message *, size_t, size_t, u_int); 73 int ikev2_validate_cert(struct iked_message *, size_t, size_t, 74 struct ikev2_payload *, struct ikev2_cert *); 75 int ikev2_pld_cert(struct iked *, struct ikev2_payload *, 76 struct iked_message *, size_t, size_t); 77 int ikev2_validate_certreq(struct iked_message *, size_t, size_t, 78 struct ikev2_payload *, struct ikev2_cert *); 79 int ikev2_pld_certreq(struct iked *, struct ikev2_payload *, 80 struct iked_message *, size_t, size_t); 81 int ikev2_validate_nonce(struct iked_message *, size_t, size_t, 82 struct ikev2_payload *); 83 int ikev2_pld_nonce(struct iked *, struct ikev2_payload *, 84 struct iked_message *, size_t, size_t); 85 int ikev2_validate_notify(struct iked_message *, size_t, size_t, 86 struct ikev2_payload *, struct ikev2_notify *); 87 int ikev2_pld_notify(struct iked *, struct ikev2_payload *, 88 struct iked_message *, size_t, size_t); 89 int ikev2_validate_delete(struct iked_message *, size_t, size_t, 90 struct ikev2_payload *, struct ikev2_delete *); 91 int ikev2_pld_delete(struct iked *, struct ikev2_payload *, 92 struct iked_message *, size_t, size_t); 93 int ikev2_validate_ts(struct iked_message *, size_t, size_t, 94 struct ikev2_payload *, struct ikev2_tsp *); 95 int ikev2_pld_ts(struct iked *, struct ikev2_payload *, 96 struct iked_message *, size_t, size_t, u_int); 97 int ikev2_validate_auth(struct iked_message *, size_t, size_t, 98 struct ikev2_payload *, struct ikev2_auth *); 99 int ikev2_pld_auth(struct iked *, struct ikev2_payload *, 100 struct iked_message *, size_t, size_t); 101 int ikev2_pld_e(struct iked *, struct ikev2_payload *, 102 struct iked_message *, size_t); 103 int ikev2_validate_cp(struct iked_message *, size_t, size_t, 104 struct ikev2_payload *, struct ikev2_cp *); 105 int ikev2_pld_cp(struct iked *, struct ikev2_payload *, 106 struct iked_message *, size_t, size_t); 107 int ikev2_validate_eap(struct iked_message *, size_t, size_t, 108 struct ikev2_payload *, struct eap_header *); 109 int ikev2_pld_eap(struct iked *, struct ikev2_payload *, 110 struct iked_message *, size_t, size_t); 111 112 int 113 ikev2_pld_parse(struct iked *env, struct ike_header *hdr, 114 struct iked_message *msg, size_t offset) 115 { 116 log_debug("%s: header ispi %s rspi %s" 117 " nextpayload %s version 0x%02x exchange %s flags 0x%02x" 118 " msgid %d length %d response %d", __func__, 119 print_spi(betoh64(hdr->ike_ispi), 8), 120 print_spi(betoh64(hdr->ike_rspi), 8), 121 print_map(hdr->ike_nextpayload, ikev2_payload_map), 122 hdr->ike_version, 123 print_map(hdr->ike_exchange, ikev2_exchange_map), 124 hdr->ike_flags, 125 betoh32(hdr->ike_msgid), 126 betoh32(hdr->ike_length), 127 msg->msg_response); 128 129 if (ibuf_size(msg->msg_data) < betoh32(hdr->ike_length)) { 130 log_debug("%s: short message", __func__); 131 return (-1); 132 } 133 134 offset += sizeof(*hdr); 135 136 return (ikev2_pld_payloads(env, msg, offset, 137 betoh32(hdr->ike_length), hdr->ike_nextpayload)); 138 } 139 140 int 141 ikev2_validate_pld(struct iked_message *msg, size_t offset, size_t left, 142 struct ikev2_payload *pld) 143 { 144 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 145 size_t pld_length; 146 147 /* We need at least the generic header. */ 148 if (left < sizeof(*pld)) { 149 log_debug("%s: malformed payload: too short for generic " 150 "header (%zu < %zu)", __func__, left, sizeof(*pld)); 151 return (-1); 152 } 153 memcpy(pld, msgbuf + offset, sizeof(*pld)); 154 155 /* 156 * We need at least the specified number of bytes. 157 * pld_length is the full size of the payload including 158 * the generic payload header. 159 */ 160 pld_length = betoh16(pld->pld_length); 161 if (left < pld_length) { 162 log_debug("%s: malformed payload: shorter than specified " 163 "(%zu < %zu)", __func__, left, pld_length); 164 return (-1); 165 } 166 /* 167 * Sanity check the specified payload size, it must 168 * be at last the size of the generic payload header. 169 */ 170 if (pld_length < sizeof(*pld)) { 171 log_debug("%s: malformed payload: shorter than minimum " 172 "header size (%zu < %zu)", __func__, pld_length, 173 sizeof(*pld)); 174 return (-1); 175 } 176 177 return (0); 178 } 179 180 int 181 ikev2_pld_payloads(struct iked *env, struct iked_message *msg, 182 size_t offset, size_t length, u_int payload) 183 { 184 struct ikev2_payload pld; 185 u_int e; 186 int ret; 187 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 188 size_t left; 189 190 /* Check if message was decrypted in an E payload */ 191 e = msg->msg_e ? IKED_E : 0; 192 193 while (payload != 0 && offset < length) { 194 /* Bytes left in datagram. */ 195 left = length - offset; 196 197 if (ikev2_validate_pld(msg, offset, left, &pld)) 198 return (-1); 199 200 log_debug("%s: %spayload %s" 201 " nextpayload %s critical 0x%02x length %d", 202 __func__, e ? "decrypted " : "", 203 print_map(payload, ikev2_payload_map), 204 print_map(pld.pld_nextpayload, ikev2_payload_map), 205 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD, 206 betoh16(pld.pld_length)); 207 208 /* Skip over generic payload header. */ 209 offset += sizeof(pld); 210 left -= sizeof(pld); 211 ret = 0; 212 213 switch (payload | e) { 214 case IKEV2_PAYLOAD_SA: 215 case IKEV2_PAYLOAD_SA | IKED_E: 216 ret = ikev2_pld_sa(env, &pld, msg, offset, left); 217 break; 218 case IKEV2_PAYLOAD_KE: 219 case IKEV2_PAYLOAD_KE | IKED_E: 220 ret = ikev2_pld_ke(env, &pld, msg, offset, left); 221 break; 222 case IKEV2_PAYLOAD_IDi | IKED_E: 223 case IKEV2_PAYLOAD_IDr | IKED_E: 224 ret = ikev2_pld_id(env, &pld, msg, offset, left, 225 payload); 226 break; 227 case IKEV2_PAYLOAD_CERT | IKED_E: 228 ret = ikev2_pld_cert(env, &pld, msg, offset, left); 229 break; 230 case IKEV2_PAYLOAD_CERTREQ: 231 case IKEV2_PAYLOAD_CERTREQ | IKED_E: 232 ret = ikev2_pld_certreq(env, &pld, msg, offset, left); 233 break; 234 case IKEV2_PAYLOAD_AUTH | IKED_E: 235 ret = ikev2_pld_auth(env, &pld, msg, offset, left); 236 break; 237 case IKEV2_PAYLOAD_NONCE: 238 case IKEV2_PAYLOAD_NONCE | IKED_E: 239 ret = ikev2_pld_nonce(env, &pld, msg, offset, left); 240 break; 241 case IKEV2_PAYLOAD_NOTIFY: 242 case IKEV2_PAYLOAD_NOTIFY | IKED_E: 243 ret = ikev2_pld_notify(env, &pld, msg, offset, left); 244 break; 245 case IKEV2_PAYLOAD_DELETE | IKED_E: 246 ret = ikev2_pld_delete(env, &pld, msg, offset, left); 247 break; 248 case IKEV2_PAYLOAD_TSi | IKED_E: 249 case IKEV2_PAYLOAD_TSr | IKED_E: 250 ret = ikev2_pld_ts(env, &pld, msg, offset, left, 251 payload); 252 break; 253 case IKEV2_PAYLOAD_SK: 254 ret = ikev2_pld_e(env, &pld, msg, offset); 255 break; 256 case IKEV2_PAYLOAD_CP | IKED_E: 257 ret = ikev2_pld_cp(env, &pld, msg, offset, left); 258 break; 259 case IKEV2_PAYLOAD_EAP | IKED_E: 260 ret = ikev2_pld_eap(env, &pld, msg, offset, left); 261 break; 262 default: 263 print_hex(msgbuf, offset, 264 betoh16(pld.pld_length) - sizeof(pld)); 265 break; 266 } 267 268 if (ret != 0 && ikev2_msg_frompeer(msg)) { 269 (void)ikev2_send_informational(env, msg); 270 return (-1); 271 } 272 273 /* Encrypted payload must appear last */ 274 if (payload == IKEV2_PAYLOAD_SK) 275 return (0); 276 277 payload = pld.pld_nextpayload; 278 offset += betoh16(pld.pld_length) - sizeof(pld); 279 } 280 281 return (0); 282 } 283 284 int 285 ikev2_validate_sa(struct iked_message *msg, size_t offset, size_t left, 286 struct ikev2_payload *pld, struct ikev2_sa_proposal *sap) 287 { 288 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 289 size_t pld_length, sap_length; 290 291 pld_length = betoh16(pld->pld_length); 292 if (pld_length < sizeof(*pld) + sizeof(*sap)) { 293 log_debug("%s: malformed payload: specified length smaller " 294 "than minimum size (%zu < %zu)", __func__, pld_length, 295 sizeof(*pld) + sizeof(*sap)); 296 return (-1); 297 } 298 299 /* This will actually be caught by earlier checks. */ 300 if (left < sizeof(*sap)) { 301 log_debug("%s: malformed payload: too short for header " 302 "(%zu < %zu)", __func__, left, sizeof(*sap)); 303 return (-1); 304 } 305 memcpy(sap, msgbuf + offset, sizeof(*sap)); 306 307 sap_length = betoh16(sap->sap_length); 308 if (sap_length < sizeof(*sap)) { 309 log_debug("%s: malformed payload: shorter than minimum header " 310 "size (%zu < %zu)", __func__, sap_length, sizeof(*sap)); 311 return (-1); 312 } 313 if (left < sap_length) { 314 log_debug("%s: malformed payload: too long for actual payload " 315 "size (%zu < %zu)", __func__, left, sap_length); 316 return (-1); 317 } 318 /* 319 * NB: There might be more proposals, we parse only the first one. 320 * This condition must never be true. 321 */ 322 if (pld_length - sizeof(*pld) < sap_length) { 323 log_debug("%s: payload malformed: SA payload length mismatches " 324 "proposal substructure length (%lu < %zu)", __func__, 325 pld_length - sizeof(*pld), sap_length); 326 return (-1); 327 } 328 /* 329 * If there is only one proposal, sap_length must be the 330 * total payload size. 331 */ 332 if (!sap->sap_more && ((pld_length - sizeof(*pld)) != sap_length)) { 333 log_debug("%s: payload malformed: SA payload length mismatches " 334 "single proposal substructure length (%lu != %zu)", 335 __func__, pld_length - sizeof(*pld), sap_length); 336 return (-1); 337 } 338 /* 339 * If there are more than one proposal, there must be bytes 340 * left in the payload. 341 */ 342 if (sap->sap_more && ((pld_length - sizeof(*pld)) <= sap_length)) { 343 log_debug("%s: payload malformed: SA payload too small for " 344 "further proposals (%zu <= %zu)", __func__, 345 pld_length - sizeof(*pld), sap_length); 346 return (-1); 347 } 348 return (0); 349 } 350 351 /* 352 * NB: This function parses both the SA header and the first proposal. 353 * Additional proposals are ignored. 354 */ 355 int 356 ikev2_pld_sa(struct iked *env, struct ikev2_payload *pld, 357 struct iked_message *msg, size_t offset, size_t left) 358 { 359 struct ikev2_sa_proposal sap; 360 struct iked_proposal *prop = NULL; 361 u_int32_t spi32; 362 u_int64_t spi = 0, spi64; 363 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 364 struct iked_proposals *props; 365 size_t total; 366 367 if (ikev2_validate_sa(msg, offset, left, pld, &sap)) 368 return (-1); 369 370 if (sap.sap_more) 371 log_debug("%s: more than one proposal specified", __func__); 372 373 /* Assumed size of the first proposals, including SPI if present. */ 374 total = (betoh16(sap.sap_length) - sizeof(sap)); 375 376 props = &msg->msg_parent->msg_proposals; 377 378 offset += sizeof(sap); 379 left -= sizeof(sap); 380 381 if (sap.sap_spisize) { 382 if (left < sap.sap_spisize) { 383 log_debug("%s: malformed payload: SPI larger than " 384 "actual payload (%zu < %d)", __func__, left, 385 sap.sap_spisize); 386 return (-1); 387 } 388 if (total < sap.sap_spisize) { 389 log_debug("%s: malformed payload: SPI larger than " 390 "proposal (%zu < %d)", __func__, total, 391 sap.sap_spisize); 392 return (-1); 393 } 394 if (total < sap.sap_spisize) { 395 log_debug("%s: malformed payload: SPI too large " 396 "(%zu < %d)", __func__, total, sap.sap_spisize); 397 return (-1); 398 } 399 switch (sap.sap_spisize) { 400 case 4: 401 memcpy(&spi32, msgbuf + offset, 4); 402 spi = betoh32(spi32); 403 break; 404 case 8: 405 memcpy(&spi64, msgbuf + offset, 8); 406 spi = betoh64(spi64); 407 break; 408 default: 409 log_debug("%s: unsupported SPI size %d", 410 __func__, sap.sap_spisize); 411 return (-1); 412 } 413 414 offset += sap.sap_spisize; 415 left -= sap.sap_spisize; 416 417 /* Assumed size of the proposal, now without SPI. */ 418 total -= sap.sap_spisize; 419 } 420 421 /* 422 * As we verified sanity of packet headers, this check will 423 * be always false, but just to be sure we keep it. 424 */ 425 if (left < total) { 426 log_debug("%s: payload malformed: too long for payload " 427 "(%zu < %zu)", __func__, left, total); 428 return (-1); 429 } 430 431 log_debug("%s: more %d reserved %d length %d" 432 " proposal #%d protoid %s spisize %d xforms %d spi %s", 433 __func__, sap.sap_more, sap.sap_reserved, 434 betoh16(sap.sap_length), sap.sap_proposalnr, 435 print_map(sap.sap_protoid, ikev2_saproto_map), sap.sap_spisize, 436 sap.sap_transforms, print_spi(spi, sap.sap_spisize)); 437 438 if (ikev2_msg_frompeer(msg)) { 439 if ((msg->msg_parent->msg_prop = config_add_proposal(props, 440 sap.sap_proposalnr, sap.sap_protoid)) == NULL) { 441 log_debug("%s: invalid proposal", __func__); 442 return (-1); 443 } 444 prop = msg->msg_parent->msg_prop; 445 prop->prop_peerspi.spi = spi; 446 prop->prop_peerspi.spi_protoid = sap.sap_protoid; 447 prop->prop_peerspi.spi_size = sap.sap_spisize; 448 449 prop->prop_localspi.spi_protoid = sap.sap_protoid; 450 prop->prop_localspi.spi_size = sap.sap_spisize; 451 } 452 453 /* 454 * Parse the attached transforms 455 */ 456 if (sap.sap_transforms && 457 ikev2_pld_xform(env, &sap, msg, offset, total) != 0) { 458 log_debug("%s: invalid proposal transforms", __func__); 459 return (-1); 460 } 461 462 return (0); 463 } 464 465 int 466 ikev2_validate_xform(struct iked_message *msg, size_t offset, size_t total, 467 struct ikev2_transform *xfrm) 468 { 469 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 470 size_t xfrm_length; 471 472 if (total < sizeof(*xfrm)) { 473 log_debug("%s: payload malformed: too short for header " 474 "(%zu < %zu)", __func__, total, sizeof(*xfrm)); 475 return (-1); 476 } 477 memcpy(xfrm, msgbuf + offset, sizeof(*xfrm)); 478 479 xfrm_length = betoh16(xfrm->xfrm_length); 480 if (xfrm_length < sizeof(*xfrm)) { 481 log_debug("%s: payload malformed: shorter than minimal header " 482 "(%zu < %zu)", __func__, xfrm_length, sizeof(*xfrm)); 483 return (-1); 484 } 485 if (total < xfrm_length) { 486 log_debug("%s: malformed payload: too long for payload size " 487 "(%zu < %zu)", __func__, total, xfrm_length); 488 return (-1); 489 } 490 491 return (0); 492 } 493 494 int 495 ikev2_pld_xform(struct iked *env, struct ikev2_sa_proposal *sap, 496 struct iked_message *msg, size_t offset, size_t total) 497 { 498 struct ikev2_transform xfrm; 499 char id[BUFSIZ]; 500 int ret = 0; 501 size_t xfrm_length; 502 503 if (ikev2_validate_xform(msg, offset, total, &xfrm)) 504 return (-1); 505 506 xfrm_length = betoh16(xfrm.xfrm_length); 507 508 switch (xfrm.xfrm_type) { 509 case IKEV2_XFORMTYPE_ENCR: 510 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 511 ikev2_xformencr_map), sizeof(id)); 512 break; 513 case IKEV2_XFORMTYPE_PRF: 514 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 515 ikev2_xformprf_map), sizeof(id)); 516 break; 517 case IKEV2_XFORMTYPE_INTEGR: 518 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 519 ikev2_xformauth_map), sizeof(id)); 520 break; 521 case IKEV2_XFORMTYPE_DH: 522 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 523 ikev2_xformdh_map), sizeof(id)); 524 break; 525 case IKEV2_XFORMTYPE_ESN: 526 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 527 ikev2_xformesn_map), sizeof(id)); 528 break; 529 default: 530 snprintf(id, sizeof(id), "<%d>", betoh16(xfrm.xfrm_id)); 531 break; 532 } 533 534 log_debug("%s: more %d reserved %d length %zu" 535 " type %s id %s", 536 __func__, xfrm.xfrm_more, xfrm.xfrm_reserved, xfrm_length, 537 print_map(xfrm.xfrm_type, ikev2_xformtype_map), id); 538 539 /* 540 * Parse transform attributes, if available 541 */ 542 msg->msg_attrlength = 0; 543 if (xfrm_length > sizeof(xfrm)) { 544 if (ikev2_pld_attr(env, &xfrm, msg, offset + sizeof(xfrm), 545 xfrm_length - sizeof(xfrm)) != 0) { 546 return (-1); 547 } 548 } 549 550 if (ikev2_msg_frompeer(msg)) { 551 if (config_add_transform(msg->msg_parent->msg_prop, 552 xfrm.xfrm_type, betoh16(xfrm.xfrm_id), 553 msg->msg_attrlength, msg->msg_attrlength) == NULL) { 554 log_debug("%s: failed to add transform", __func__); 555 return (-1); 556 } 557 } 558 559 /* Next transform */ 560 offset += xfrm_length; 561 total -= xfrm_length; 562 if (xfrm.xfrm_more == IKEV2_XFORM_MORE) 563 ret = ikev2_pld_xform(env, sap, msg, offset, total); 564 else if (total != 0) { 565 /* No more transforms but still some data left. */ 566 log_debug("%s: less data than specified, %zu bytes left", 567 __func__, total); 568 ret = -1; 569 } 570 571 return (ret); 572 } 573 574 int 575 ikev2_validate_attr(struct iked_message *msg, size_t offset, size_t total, 576 struct ikev2_attribute *attr) 577 { 578 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 579 580 if (total < sizeof(*attr)) { 581 log_debug("%s: payload malformed: too short for header " 582 "(%zu < %zu)", __func__, total, sizeof(*attr)); 583 return (-1); 584 } 585 memcpy(attr, msgbuf + offset, sizeof(*attr)); 586 587 return (0); 588 } 589 590 int 591 ikev2_pld_attr(struct iked *env, struct ikev2_transform *xfrm, 592 struct iked_message *msg, size_t offset, size_t total) 593 { 594 struct ikev2_attribute attr; 595 u_int type; 596 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 597 int ret = 0; 598 size_t attr_length; 599 600 if (ikev2_validate_attr(msg, offset, total, &attr)) 601 return (-1); 602 603 type = betoh16(attr.attr_type) & ~IKEV2_ATTRAF_TV; 604 605 log_debug("%s: attribute type %s length %d total %zu", 606 __func__, print_map(type, ikev2_attrtype_map), 607 betoh16(attr.attr_length), total); 608 609 if (betoh16(attr.attr_type) & IKEV2_ATTRAF_TV) { 610 /* Type-Value attribute */ 611 offset += sizeof(attr); 612 total -= sizeof(attr); 613 614 if (type == IKEV2_ATTRTYPE_KEY_LENGTH) 615 msg->msg_attrlength = betoh16(attr.attr_length); 616 } else { 617 /* Type-Length-Value attribute */ 618 attr_length = betoh16(attr.attr_length); 619 if (attr_length < sizeof(attr)) { 620 log_debug("%s: payload malformed: shorter than " 621 "minimal header (%zu < %zu)", __func__, 622 attr_length, sizeof(attr)); 623 return (-1); 624 } 625 if (total < attr_length) { 626 log_debug("%s: payload malformed: attribute larger " 627 "than actual payload (%zu < %zu)", __func__, 628 total, attr_length); 629 return (-1); 630 } 631 print_hex(msgbuf, offset + sizeof(attr), 632 attr_length - sizeof(attr)); 633 offset += attr_length; 634 total -= attr_length; 635 } 636 637 if (total > 0) { 638 /* Next attribute */ 639 ret = ikev2_pld_attr(env, xfrm, msg, offset, total); 640 } 641 642 return (ret); 643 } 644 645 int 646 ikev2_validate_ke(struct iked_message *msg, size_t offset, size_t left, 647 struct ikev2_payload *pld, struct ikev2_keyexchange *kex) 648 { 649 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 650 size_t pld_length; 651 652 pld_length = betoh16(pld->pld_length); 653 if (pld_length < sizeof(*pld) + sizeof(*kex)) { 654 log_debug("%s: malformed payload: specified length smaller " 655 "than minimum size (%zu < %zu)", __func__, pld_length, 656 sizeof(*pld) + sizeof(*kex)); 657 return (-1); 658 } 659 660 /* This will actually be caught by earlier checks. */ 661 if (left < sizeof(*kex)) { 662 log_debug("%s: malformed payload: too short for header " 663 "(%zu < %zu)", __func__, left, sizeof(*kex)); 664 return (-1); 665 } 666 memcpy(kex, msgbuf + offset, sizeof(*kex)); 667 668 return (0); 669 } 670 671 int 672 ikev2_pld_ke(struct iked *env, struct ikev2_payload *pld, 673 struct iked_message *msg, size_t offset, size_t left) 674 { 675 struct ikev2_keyexchange kex; 676 u_int8_t *buf; 677 size_t len; 678 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 679 680 if (ikev2_validate_ke(msg, offset, left, pld, &kex)) 681 return (-1); 682 683 log_debug("%s: dh group %s reserved %d", __func__, 684 print_map(betoh16(kex.kex_dhgroup), ikev2_xformdh_map), 685 betoh16(kex.kex_reserved)); 686 687 buf = msgbuf + offset + sizeof(kex); 688 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(kex); 689 690 if (len == 0) { 691 log_debug("%s: malformed payload: no KE data given", __func__); 692 return (-1); 693 } 694 /* This will actually be caught by earlier checks. */ 695 if (left < len) { 696 log_debug("%s: malformed payload: smaller than specified " 697 "(%zu < %zu)", __func__, left, len); 698 return (-1); 699 } 700 701 print_hex(buf, 0, len); 702 703 if (ikev2_msg_frompeer(msg)) { 704 ibuf_release(msg->msg_parent->msg_ke); 705 if ((msg->msg_parent->msg_ke = ibuf_new(buf, len)) == NULL) { 706 log_debug("%s: failed to get exchange", __func__); 707 return (-1); 708 } 709 } 710 711 return (0); 712 } 713 714 int 715 ikev2_validate_id(struct iked_message *msg, size_t offset, size_t left, 716 struct ikev2_payload *pld, struct ikev2_id *id) 717 { 718 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 719 size_t pld_length; 720 721 pld_length = betoh16(pld->pld_length); 722 if (pld_length < sizeof(*pld) + sizeof(*id)) { 723 log_debug("%s: malformed payload: specified length smaller " 724 "than minimum size (%zu < %zu)", __func__, pld_length, 725 sizeof(*pld) + sizeof(*id)); 726 return (-1); 727 } 728 729 /* This will actually be caught by earlier checks. */ 730 if (left < sizeof(*id)) { 731 log_debug("%s: malformed payload: too short for header " 732 "(%zu < %zu)", __func__, left, sizeof(*id)); 733 return (-1); 734 } 735 memcpy(id, msgbuf + offset, sizeof(*id)); 736 737 return (0); 738 } 739 740 int 741 ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, 742 struct iked_message *msg, size_t offset, size_t left, u_int payload) 743 { 744 u_int8_t *ptr; 745 struct ikev2_id id; 746 size_t len; 747 struct iked_id *idp, idb; 748 struct iked_sa *sa = msg->msg_sa; 749 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 750 char idstr[IKED_ID_SIZE]; 751 752 if (ikev2_validate_id(msg, offset, left, pld, &id)) 753 return (-1); 754 755 bzero(&idb, sizeof(idb)); 756 757 /* Don't strip the Id payload header */ 758 ptr = msgbuf + offset; 759 len = betoh16(pld->pld_length) - sizeof(*pld); 760 761 idb.id_type = id.id_type; 762 idb.id_offset = sizeof(id); 763 if ((idb.id_buf = ibuf_new(ptr, len)) == NULL) 764 return (-1); 765 766 if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) { 767 log_debug("%s: malformed id", __func__); 768 return (-1); 769 } 770 771 log_debug("%s: id %s length %zu", __func__, idstr, len); 772 773 if (!ikev2_msg_frompeer(msg)) { 774 ibuf_release(idb.id_buf); 775 return (0); 776 } 777 778 if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) || 779 (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) { 780 log_debug("%s: unexpected id payload", __func__); 781 return (0); 782 } 783 784 idp = &msg->msg_parent->msg_id; 785 if (idp->id_type) { 786 log_debug("%s: duplicate id payload", __func__); 787 return (-1); 788 } 789 790 idp->id_buf = idb.id_buf; 791 idp->id_offset = idb.id_offset; 792 idp->id_type = idb.id_type; 793 794 return (0); 795 } 796 797 int 798 ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left, 799 struct ikev2_payload *pld, struct ikev2_cert *cert) 800 { 801 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 802 size_t pld_length; 803 804 pld_length = betoh16(pld->pld_length); 805 if (pld_length < sizeof(*pld) + sizeof(*cert)) { 806 log_debug("%s: malformed payload: specified length smaller " 807 "than minimum size (%zu < %zu)", __func__, pld_length, 808 sizeof(*pld) + sizeof(*cert)); 809 return (-1); 810 } 811 812 /* This will actually be caught by earlier checks. */ 813 if (left < sizeof(*cert)) { 814 log_debug("%s: malformed payload: too short for header " 815 "(%zu < %zu)", __func__, left, sizeof(*cert)); 816 return (-1); 817 } 818 memcpy(cert, msgbuf + offset, sizeof(*cert)); 819 820 return (0); 821 } 822 823 int 824 ikev2_pld_cert(struct iked *env, struct ikev2_payload *pld, 825 struct iked_message *msg, size_t offset, size_t left) 826 { 827 struct ikev2_cert cert; 828 u_int8_t *buf; 829 size_t len; 830 struct iked_id *certid; 831 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 832 833 if (ikev2_validate_cert(msg, offset, left, pld, &cert)) 834 return (-1); 835 offset += sizeof(cert); 836 837 buf = msgbuf + offset; 838 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(cert); 839 840 log_debug("%s: type %s length %zu", 841 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 842 843 print_hex(buf, 0, len); 844 845 if (!ikev2_msg_frompeer(msg)) 846 return (0); 847 848 certid = &msg->msg_parent->msg_cert; 849 if (certid->id_type) { 850 log_debug("%s: duplicate cert payload", __func__); 851 return (-1); 852 } 853 854 if ((certid->id_buf = ibuf_new(buf, len)) == NULL) { 855 log_debug("%s: failed to save cert", __func__); 856 return (-1); 857 } 858 certid->id_type = cert.cert_type; 859 certid->id_offset = 0; 860 861 return (0); 862 } 863 864 int 865 ikev2_validate_certreq(struct iked_message *msg, size_t offset, size_t left, 866 struct ikev2_payload *pld, struct ikev2_cert *cert) 867 { 868 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 869 size_t pld_length; 870 871 pld_length = betoh16(pld->pld_length); 872 if (pld_length < sizeof(*pld) + sizeof(*cert)) { 873 log_debug("%s: malformed payload: specified length smaller " 874 "than minimum size (%zu < %zu)", __func__, pld_length, 875 sizeof(*pld) + sizeof(*cert)); 876 return (-1); 877 } 878 879 /* This will actually be caught by earlier checks. */ 880 if (left < sizeof(*cert)) { 881 log_debug("%s: malformed payload: too short for header " 882 "(%zu < %zu)", __func__, left, sizeof(*cert)); 883 return (-1); 884 } 885 memcpy(cert, msgbuf + offset, sizeof(*cert)); 886 887 return (0); 888 } 889 890 int 891 ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld, 892 struct iked_message *msg, size_t offset, size_t left) 893 { 894 struct iked_sa *sa = msg->msg_sa; 895 struct ikev2_cert cert; 896 u_int8_t *buf; 897 ssize_t len; 898 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 899 900 if (ikev2_validate_certreq(msg, offset, left, pld, &cert)) 901 return (-1); 902 offset += sizeof(cert); 903 904 buf = msgbuf + offset; 905 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(cert); 906 907 log_debug("%s: type %s length %zd", 908 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 909 910 /* This will actually be caught by earlier checks. */ 911 if (len < 0) { 912 log_debug("%s: invalid certificate request length", __func__); 913 return (-1); 914 } 915 916 print_hex(buf, 0, len); 917 918 if (!ikev2_msg_frompeer(msg)) 919 return (0); 920 921 if (cert.cert_type == IKEV2_CERT_X509_CERT) { 922 if (!len || (len % SHA_DIGEST_LENGTH) != 0) { 923 log_debug("%s: invalid certificate request", __func__); 924 return (-1); 925 } 926 } 927 928 if (msg->msg_sa == NULL) 929 return (-1); 930 931 /* Optional certreq for PSK */ 932 if (sa->sa_hdr.sh_initiator) 933 sa->sa_stateinit |= IKED_REQ_CERT; 934 else 935 sa->sa_statevalid |= IKED_REQ_CERT; 936 937 ca_setreq(env, &sa->sa_hdr, &sa->sa_policy->pol_localid, 938 cert.cert_type, buf, len, PROC_CERT); 939 940 return (0); 941 } 942 943 int 944 ikev2_validate_auth(struct iked_message *msg, size_t offset, size_t left, 945 struct ikev2_payload *pld, struct ikev2_auth *auth) 946 { 947 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 948 size_t pld_length; 949 950 pld_length = betoh16(pld->pld_length); 951 if (pld_length < sizeof(*pld) + sizeof(*auth)) { 952 log_debug("%s: malformed payload: specified length smaller " 953 "than minimum size (%zu < %zu)", __func__, pld_length, 954 sizeof(*pld) + sizeof(*auth)); 955 return (-1); 956 } 957 958 /* This will actually be caught by earlier checks. */ 959 if (left < sizeof(*auth)) { 960 log_debug("%s: malformed payload: too short for header " 961 "(%zu < %zu)", __func__, left, sizeof(*auth)); 962 return (-1); 963 } 964 memcpy(auth, msgbuf + offset, sizeof(*auth)); 965 966 return (0); 967 } 968 969 int 970 ikev2_pld_auth(struct iked *env, struct ikev2_payload *pld, 971 struct iked_message *msg, size_t offset, size_t left) 972 { 973 struct ikev2_auth auth; 974 struct iked_id *idp; 975 u_int8_t *buf; 976 size_t len; 977 struct iked_sa *sa = msg->msg_sa; 978 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 979 980 if (ikev2_validate_auth(msg, offset, left, pld, &auth)) 981 return (-1); 982 offset += sizeof(auth); 983 984 buf = msgbuf + offset; 985 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(auth); 986 987 log_debug("%s: method %s length %zu", 988 __func__, print_map(auth.auth_method, ikev2_auth_map), len); 989 990 print_hex(buf, 0, len); 991 992 if (!ikev2_msg_frompeer(msg)) 993 return (0); 994 995 /* The AUTH payload indicates if the responder wants EAP or not */ 996 if (!sa_stateok(sa, IKEV2_STATE_EAP)) 997 sa_state(env, sa, IKEV2_STATE_AUTH_REQUEST); 998 999 idp = &msg->msg_parent->msg_auth; 1000 if (idp->id_type) { 1001 log_debug("%s: duplicate auth payload", __func__); 1002 return (-1); 1003 } 1004 1005 ibuf_release(idp->id_buf); 1006 idp->id_type = auth.auth_method; 1007 idp->id_offset = 0; 1008 if ((idp->id_buf = ibuf_new(buf, len)) == NULL) 1009 return (-1); 1010 1011 return (0); 1012 } 1013 1014 int 1015 ikev2_validate_nonce(struct iked_message *msg, size_t offset, size_t left, 1016 struct ikev2_payload *pld) 1017 { 1018 size_t pld_length; 1019 1020 /* This will actually be caught by earlier checks. */ 1021 pld_length = betoh16(pld->pld_length); 1022 if (pld_length < sizeof(*pld)) { 1023 log_debug("%s: malformed payload: specified length smaller " 1024 "than minimum size (%zu < %zu)", __func__, pld_length, 1025 sizeof(*pld)); 1026 return (-1); 1027 } 1028 1029 return (0); 1030 } 1031 1032 int 1033 ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld, 1034 struct iked_message *msg, size_t offset, size_t left) 1035 { 1036 size_t len; 1037 u_int8_t *buf; 1038 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1039 1040 if (ikev2_validate_nonce(msg, offset, left, pld)) 1041 return (-1); 1042 1043 buf = msgbuf + offset; 1044 len = betoh16(pld->pld_length) - sizeof(*pld); 1045 1046 if (len == 0) { 1047 log_debug("%s: malformed payload: no NONCE given", __func__); 1048 return (-1); 1049 } 1050 /* This will actually be caught by earlier checks. */ 1051 if (left < len) { 1052 log_debug("%s: malformed payload: smaller than specified " 1053 "(%zu < %zu)", __func__, left, len); 1054 return (-1); 1055 } 1056 1057 print_hex(buf, 0, len); 1058 1059 if (ikev2_msg_frompeer(msg)) { 1060 ibuf_release(msg->msg_nonce); 1061 if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) { 1062 log_debug("%s: failed to get peer nonce", __func__); 1063 return (-1); 1064 } 1065 msg->msg_parent->msg_nonce = msg->msg_nonce; 1066 } 1067 1068 return (0); 1069 } 1070 1071 int 1072 ikev2_validate_notify(struct iked_message *msg, size_t offset, size_t left, 1073 struct ikev2_payload *pld, struct ikev2_notify *n) 1074 { 1075 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1076 size_t pld_length; 1077 1078 pld_length = betoh16(pld->pld_length); 1079 if (pld_length < sizeof(*pld) + sizeof(*n)) { 1080 log_debug("%s: malformed payload: specified length smaller " 1081 "than minimum size (%zu < %zu)", __func__, pld_length, 1082 sizeof(*pld) + sizeof(*n)); 1083 return (-1); 1084 } 1085 1086 /* This will actually be caught by earlier checks. */ 1087 if (left < sizeof(*n)) { 1088 log_debug("%s: malformed payload: too short for header " 1089 "(%zu < %zu)", __func__, left, sizeof(*n)); 1090 return (-1); 1091 } 1092 memcpy(n, msgbuf + offset, sizeof(*n)); 1093 1094 return (0); 1095 } 1096 1097 int 1098 ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, 1099 struct iked_message *msg, size_t offset, size_t left) 1100 { 1101 struct ikev2_notify n; 1102 u_int8_t *buf, md[SHA_DIGEST_LENGTH]; 1103 size_t len; 1104 u_int32_t spi32; 1105 u_int64_t spi64; 1106 struct iked_spi *rekey; 1107 u_int16_t type; 1108 u_int16_t group; 1109 u_int16_t cpi; 1110 u_int8_t transform; 1111 1112 if (ikev2_validate_notify(msg, offset, left, pld, &n)) 1113 return (-1); 1114 type = betoh16(n.n_type); 1115 1116 log_debug("%s: protoid %s spisize %d type %s", 1117 __func__, 1118 print_map(n.n_protoid, ikev2_saproto_map), n.n_spisize, 1119 print_map(type, ikev2_n_map)); 1120 1121 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(n); 1122 if ((buf = ibuf_seek(msg->msg_data, offset + sizeof(n), len)) == NULL) 1123 return (-1); 1124 1125 print_hex(buf, 0, len); 1126 1127 if (!ikev2_msg_frompeer(msg)) 1128 return (0); 1129 1130 switch (type) { 1131 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 1132 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 1133 if (len != sizeof(md)) { 1134 log_debug("%s: malformed payload: hash size mismatch" 1135 " (%zu != %zu)", __func__, len, sizeof(md)); 1136 return (-1); 1137 } 1138 if (ikev2_nat_detection(env, msg, md, sizeof(md), type) == -1) 1139 return (-1); 1140 if (memcmp(buf, md, len) != 0) { 1141 log_debug("%s: %s detected NAT, enabling " 1142 "UDP encapsulation", __func__, 1143 print_map(type, ikev2_n_map)); 1144 1145 /* 1146 * Enable UDP encapsulation of ESP packages if 1147 * the check detected NAT. 1148 */ 1149 if (msg->msg_sa != NULL) 1150 msg->msg_sa->sa_udpencap = 1; 1151 } 1152 print_hex(md, 0, sizeof(md)); 1153 break; 1154 case IKEV2_N_INVALID_KE_PAYLOAD: 1155 if (sa_stateok(msg->msg_sa, IKEV2_STATE_VALID) && 1156 !msg->msg_e) { 1157 log_debug("%s: INVALID_KE_PAYLOAD not encrypted", 1158 __func__); 1159 return (-1); 1160 } 1161 if (len != sizeof(group)) { 1162 log_debug("%s: malformed payload: group size mismatch" 1163 " (%zu != %zu)", __func__, len, sizeof(group)); 1164 return (-1); 1165 } 1166 /* XXX chould also happen for PFS */ 1167 if (!msg->msg_sa->sa_hdr.sh_initiator) { 1168 log_debug("%s: not an initiator", __func__); 1169 sa_state(env, msg->msg_sa, IKEV2_STATE_CLOSED); 1170 msg->msg_sa = NULL; 1171 return (-1); 1172 } 1173 memcpy(&group, buf, len); 1174 group = betoh16(group); 1175 if ((msg->msg_policy->pol_peerdh = group_get(group)) 1176 == NULL) { 1177 log_debug("%s: unable to select DH group %d", __func__, 1178 group); 1179 return (-1); 1180 } 1181 log_debug("%s: responder selected DH group %d", __func__, 1182 group); 1183 sa_state(env, msg->msg_sa, IKEV2_STATE_CLOSED); 1184 msg->msg_sa = NULL; 1185 /* XXX chould also happen for PFS so we have to check state XXX*/ 1186 timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa, NULL); 1187 timer_add(env, &env->sc_inittmr, IKED_INITIATOR_INITIAL); 1188 break; 1189 case IKEV2_N_NO_ADDITIONAL_SAS: 1190 if (!msg->msg_e) { 1191 log_debug("%s: NO_ADDITIONAL_SAS not encrypted", 1192 __func__); 1193 return (-1); 1194 } 1195 /* This makes sense for Child SAs only atm */ 1196 if (msg->msg_sa->sa_stateflags & IKED_REQ_CHILDSA) { 1197 ikev2_disable_rekeying(env, msg->msg_sa); 1198 msg->msg_sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 1199 } 1200 break; 1201 case IKEV2_N_REKEY_SA: 1202 if (!msg->msg_e) { 1203 log_debug("%s: N_REKEY_SA not encrypted", __func__); 1204 return (-1); 1205 } 1206 if (len != n.n_spisize) { 1207 log_debug("%s: malformed notification", __func__); 1208 return (-1); 1209 } 1210 rekey = &msg->msg_parent->msg_rekey; 1211 if (rekey->spi != 0) { 1212 log_debug("%s: rekeying of multiple SAs not supported", 1213 __func__); 1214 return (-1); 1215 } 1216 switch (n.n_spisize) { 1217 case 4: 1218 memcpy(&spi32, buf, len); 1219 rekey->spi = betoh32(spi32); 1220 break; 1221 case 8: 1222 memcpy(&spi64, buf, len); 1223 rekey->spi = betoh64(spi64); 1224 break; 1225 default: 1226 log_debug("%s: invalid spi size %d", __func__, 1227 n.n_spisize); 1228 return (-1); 1229 } 1230 rekey->spi_size = n.n_spisize; 1231 rekey->spi_protoid = n.n_protoid; 1232 1233 log_debug("%s: rekey %s spi %s", __func__, 1234 print_map(n.n_protoid, ikev2_saproto_map), 1235 print_spi(rekey->spi, n.n_spisize)); 1236 break; 1237 case IKEV2_N_IPCOMP_SUPPORTED: 1238 if (!msg->msg_e) { 1239 log_debug("%s: N_IPCOMP_SUPPORTED not encrypted", 1240 __func__); 1241 return (-1); 1242 } 1243 if (len < sizeof(cpi) + sizeof(transform)) { 1244 log_debug("%s: ignoring malformed ipcomp notification", 1245 __func__); 1246 return (0); 1247 } 1248 memcpy(&cpi, buf, sizeof(cpi)); 1249 memcpy(&transform, buf + sizeof(cpi), sizeof(transform)); 1250 log_debug("%s: cpi 0x%x, transform %s, len %zu", __func__, 1251 betoh16(cpi), print_map(transform, ikev2_ipcomp_map), len); 1252 /* we only support deflate */ 1253 if ((msg->msg_policy->pol_flags & IKED_POLICY_IPCOMP) && 1254 (transform == IKEV2_IPCOMP_DEFLATE)) { 1255 msg->msg_sa->sa_ipcomp = transform; 1256 msg->msg_sa->sa_cpi_out = betoh16(cpi); 1257 } 1258 break; 1259 } 1260 1261 return (0); 1262 } 1263 1264 int 1265 ikev2_validate_delete(struct iked_message *msg, size_t offset, size_t left, 1266 struct ikev2_payload *pld, struct ikev2_delete *del) 1267 { 1268 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1269 size_t pld_length; 1270 1271 pld_length = betoh16(pld->pld_length); 1272 if (pld_length < sizeof(*pld) + sizeof(*del)) { 1273 log_debug("%s: malformed payload: specified length smaller " 1274 "than minimum size (%zu < %zu)", __func__, pld_length, 1275 sizeof(*pld) + sizeof(*del)); 1276 return (-1); 1277 } 1278 1279 /* This will actually be caught by earlier checks. */ 1280 if (left < sizeof(*del)) { 1281 log_debug("%s: malformed payload: too short for header " 1282 "(%zu < %zu)", __func__, left, sizeof(*del)); 1283 return (-1); 1284 } 1285 memcpy(del, msgbuf + offset, sizeof(*del)); 1286 1287 return (0); 1288 } 1289 1290 int 1291 ikev2_pld_delete(struct iked *env, struct ikev2_payload *pld, 1292 struct iked_message *msg, size_t offset, size_t left) 1293 { 1294 struct iked_childsa **peersas = NULL; 1295 struct iked_sa *sa = msg->msg_sa; 1296 struct ikev2_delete del, *localdel; 1297 struct ibuf *resp = NULL; 1298 u_int64_t *localspi = NULL; 1299 u_int64_t spi64, spi = 0; 1300 u_int32_t spi32; 1301 u_int8_t *buf, *msgbuf = ibuf_data(msg->msg_data); 1302 size_t found = 0, failed = 0; 1303 int cnt, i, len, sz, ret = -1; 1304 1305 /* Skip if it's a response, then we don't have to deal with it */ 1306 if (ikev2_msg_frompeer(msg) && 1307 msg->msg_parent->msg_response) 1308 return (0); 1309 1310 if (ikev2_validate_delete(msg, offset, left, pld, &del)) 1311 return (-1); 1312 cnt = betoh16(del.del_nspi); 1313 sz = del.del_spisize; 1314 1315 log_debug("%s: proto %s spisize %d nspi %d", 1316 __func__, print_map(del.del_protoid, ikev2_saproto_map), 1317 sz, cnt); 1318 1319 buf = msgbuf + offset + sizeof(del); 1320 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(del); 1321 1322 print_hex(buf, 0, len); 1323 1324 switch (sz) { 1325 case 4: 1326 case 8: 1327 break; 1328 default: 1329 if (del.del_protoid != IKEV2_SAPROTO_IKE) { 1330 log_debug("%s: invalid SPI size", __func__); 1331 return (-1); 1332 } 1333 if (ikev2_msg_frompeer(msg)) { 1334 /* Send an empty informational response */ 1335 if ((resp = ibuf_static()) == NULL) 1336 goto done; 1337 ret = ikev2_send_ike_e(env, sa, resp, 1338 IKEV2_PAYLOAD_NONE, 1339 IKEV2_EXCHANGE_INFORMATIONAL, 1); 1340 msg->msg_parent->msg_responded = 1; 1341 ibuf_release(resp); 1342 sa_state(env, sa, IKEV2_STATE_CLOSED); 1343 } else { 1344 /* 1345 * We're sending a delete message. Upper layer 1346 * must deal with deletion of the IKE SA. 1347 */ 1348 ret = 0; 1349 } 1350 return (ret); 1351 } 1352 1353 if ((len / sz) != cnt) { 1354 log_debug("%s: invalid payload length %d/%d != %d", 1355 __func__, len, sz, cnt); 1356 return (-1); 1357 } 1358 1359 if (ikev2_msg_frompeer(msg) && 1360 ((peersas = calloc(cnt, sizeof(struct iked_childsa *))) == NULL || 1361 (localspi = calloc(cnt, sizeof(u_int64_t))) == NULL)) { 1362 log_warn("%s", __func__); 1363 goto done; 1364 } 1365 1366 for (i = 0; i < cnt; i++) { 1367 switch (sz) { 1368 case 4: 1369 memcpy(&spi32, buf + (i * sz), sizeof(spi32)); 1370 spi = betoh32(spi32); 1371 break; 1372 case 8: 1373 memcpy(&spi64, buf + (i * sz), sizeof(spi64)); 1374 spi = betoh64(spi64); 1375 break; 1376 } 1377 1378 log_debug("%s: spi %s", __func__, print_spi(spi, sz)); 1379 1380 if (peersas == NULL || sa == NULL) 1381 continue; 1382 1383 if ((peersas[i] = childsa_lookup(sa, spi, 1384 del.del_protoid)) == NULL) { 1385 log_warnx("%s: CHILD SA doesn't exist for spi %s", 1386 __func__, print_spi(spi, del.del_spisize)); 1387 continue; 1388 } 1389 1390 if (ikev2_childsa_delete(env, sa, del.del_protoid, spi, 1391 &localspi[i], 0) == -1) 1392 failed++; 1393 else 1394 found++; 1395 1396 /* 1397 * Flows are left in the require mode so that it would be 1398 * possible to quickly negotiate a new Child SA 1399 */ 1400 } 1401 1402 /* Parsed outgoing message? */ 1403 if (!ikev2_msg_frompeer(msg)) 1404 goto done; 1405 1406 if (msg->msg_parent->msg_response) { 1407 ret = 0; 1408 goto done; 1409 } 1410 1411 /* Response to the INFORMATIONAL with Delete payload */ 1412 1413 if ((resp = ibuf_static()) == NULL) 1414 goto done; 1415 1416 if (found) { 1417 if ((localdel = ibuf_advance(resp, sizeof(*localdel))) == NULL) 1418 goto done; 1419 1420 localdel->del_protoid = del.del_protoid; 1421 localdel->del_spisize = del.del_spisize; 1422 localdel->del_nspi = htobe16(found); 1423 1424 for (i = 0; i < cnt; i++) { 1425 switch (sz) { 1426 case 4: 1427 spi32 = htobe32(localspi[i]); 1428 if (ibuf_add(resp, &spi32, sizeof(spi32)) != 0) 1429 goto done; 1430 break; 1431 case 8: 1432 spi64 = htobe64(localspi[i]); 1433 if (ibuf_add(resp, &spi64, sizeof(spi64)) != 0) 1434 goto done; 1435 break; 1436 } 1437 } 1438 1439 log_warnx("%s: deleted %zu spis", __func__, found); 1440 } 1441 1442 if (found) { 1443 ret = ikev2_send_ike_e(env, sa, resp, IKEV2_PAYLOAD_DELETE, 1444 IKEV2_EXCHANGE_INFORMATIONAL, 1); 1445 msg->msg_parent->msg_responded = 1; 1446 } else { 1447 /* XXX should we send an INVALID_SPI notification? */ 1448 ret = 0; 1449 } 1450 1451 done: 1452 if (localspi) 1453 free(localspi); 1454 if (peersas) 1455 free(peersas); 1456 ibuf_release(resp); 1457 return (ret); 1458 } 1459 1460 int 1461 ikev2_validate_ts(struct iked_message *msg, size_t offset, size_t left, 1462 struct ikev2_payload *pld, struct ikev2_tsp *tsp) 1463 { 1464 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1465 size_t pld_length; 1466 1467 pld_length = betoh16(pld->pld_length); 1468 if (pld_length < sizeof(*pld) + sizeof(*tsp)) { 1469 log_debug("%s: malformed payload: specified length smaller " 1470 "than minimum size (%zu < %zu)", __func__, pld_length, 1471 sizeof(*pld) + sizeof(*tsp)); 1472 return (-1); 1473 } 1474 1475 /* This will actually be caught by earlier checks. */ 1476 if (left < sizeof(*tsp)) { 1477 log_debug("%s: malformed payload: too short for header " 1478 "(%zu < %zu)", __func__, left, sizeof(*tsp)); 1479 return (-1); 1480 } 1481 memcpy(tsp, msgbuf + offset, sizeof(*tsp)); 1482 1483 return (0); 1484 } 1485 1486 int 1487 ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld, 1488 struct iked_message *msg, size_t offset, size_t left, u_int payload) 1489 { 1490 struct ikev2_tsp tsp; 1491 struct ikev2_ts ts; 1492 size_t len, i; 1493 struct sockaddr_in s4; 1494 struct sockaddr_in6 s6; 1495 u_int8_t buf[2][128]; 1496 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1497 1498 if (ikev2_validate_ts(msg, offset, left, pld, &tsp)) 1499 return (-1); 1500 offset += sizeof(tsp); 1501 1502 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(tsp); 1503 1504 log_debug("%s: count %d length %zu", __func__, 1505 tsp.tsp_count, len); 1506 1507 for (i = 0; i < tsp.tsp_count; i++) { 1508 memcpy(&ts, msgbuf + offset, sizeof(ts)); 1509 1510 log_debug("%s: type %s protoid %u length %d " 1511 "startport %u endport %u", __func__, 1512 print_map(ts.ts_type, ikev2_ts_map), 1513 ts.ts_protoid, betoh16(ts.ts_length), 1514 betoh16(ts.ts_startport), 1515 betoh16(ts.ts_endport)); 1516 1517 switch (ts.ts_type) { 1518 case IKEV2_TS_IPV4_ADDR_RANGE: 1519 bzero(&s4, sizeof(s4)); 1520 s4.sin_family = AF_INET; 1521 s4.sin_len = sizeof(s4); 1522 memcpy(&s4.sin_addr.s_addr, 1523 msgbuf + offset + sizeof(ts), 4); 1524 print_host((struct sockaddr *)&s4, 1525 (char *)buf[0], sizeof(buf[0])); 1526 memcpy(&s4.sin_addr.s_addr, 1527 msgbuf + offset + sizeof(ts) + 4, 4); 1528 print_host((struct sockaddr *)&s4, 1529 (char *)buf[1], sizeof(buf[1])); 1530 log_debug("%s: start %s end %s", __func__, 1531 buf[0], buf[1]); 1532 break; 1533 case IKEV2_TS_IPV6_ADDR_RANGE: 1534 bzero(&s6, sizeof(s6)); 1535 s6.sin6_family = AF_INET6; 1536 s6.sin6_len = sizeof(s6); 1537 memcpy(&s6.sin6_addr, 1538 msgbuf + offset + sizeof(ts), 16); 1539 print_host((struct sockaddr *)&s6, 1540 (char *)buf[0], sizeof(buf[0])); 1541 memcpy(&s6.sin6_addr, 1542 msgbuf + offset + sizeof(ts) + 16, 16); 1543 print_host((struct sockaddr *)&s6, 1544 (char *)buf[1], sizeof(buf[1])); 1545 log_debug("%s: start %s end %s", __func__, 1546 buf[0], buf[1]); 1547 break; 1548 default: 1549 break; 1550 } 1551 1552 offset += betoh16(ts.ts_length); 1553 } 1554 1555 return (0); 1556 } 1557 1558 int 1559 ikev2_pld_e(struct iked *env, struct ikev2_payload *pld, 1560 struct iked_message *msg, size_t offset) 1561 { 1562 struct iked_sa *sa = msg->msg_sa; 1563 struct ibuf *e = NULL; 1564 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1565 struct iked_message emsg; 1566 u_int8_t *buf; 1567 size_t len; 1568 int ret = -1; 1569 1570 buf = msgbuf + offset; 1571 len = betoh16(pld->pld_length) - sizeof(*pld); 1572 1573 if ((e = ibuf_new(buf, len)) == NULL) 1574 goto done; 1575 1576 if (ikev2_msg_frompeer(msg)) { 1577 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1578 } else { 1579 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1580 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1581 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1582 } 1583 1584 if (e == NULL) 1585 goto done; 1586 1587 /* 1588 * Parse decrypted payload 1589 */ 1590 bzero(&emsg, sizeof(emsg)); 1591 memcpy(&emsg, msg, sizeof(*msg)); 1592 emsg.msg_data = e; 1593 emsg.msg_e = 1; 1594 emsg.msg_parent = msg; 1595 TAILQ_INIT(&emsg.msg_proposals); 1596 1597 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e), 1598 pld->pld_nextpayload); 1599 1600 done: 1601 ibuf_release(e); 1602 1603 return (ret); 1604 } 1605 1606 int 1607 ikev2_validate_cp(struct iked_message *msg, size_t offset, size_t left, 1608 struct ikev2_payload *pld, struct ikev2_cp *cp) 1609 { 1610 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1611 size_t pld_length; 1612 1613 pld_length = betoh16(pld->pld_length); 1614 if (pld_length < sizeof(*pld) + sizeof(*cp)) { 1615 log_debug("%s: malformed payload: specified length smaller " 1616 "than minimum size (%zu < %zu)", __func__, pld_length, 1617 sizeof(*pld) + sizeof(*cp)); 1618 return (-1); 1619 } 1620 1621 /* This will actually be caught by earlier checks. */ 1622 if (left < sizeof(*cp)) { 1623 log_debug("%s: malformed payload: too short for header " 1624 "(%zu < %zu)", __func__, left, sizeof(*cp)); 1625 return (-1); 1626 } 1627 memcpy(cp, msgbuf + offset, sizeof(*cp)); 1628 1629 return (0); 1630 } 1631 1632 int 1633 ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld, 1634 struct iked_message *msg, size_t offset, size_t left) 1635 { 1636 struct ikev2_cp cp; 1637 struct ikev2_cfg *cfg; 1638 u_int8_t *buf; 1639 size_t len, i; 1640 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1641 struct iked_sa *sa = msg->msg_sa; 1642 1643 if (ikev2_validate_cp(msg, offset, left, pld, &cp)) 1644 return (-1); 1645 offset += sizeof(cp); 1646 1647 buf = msgbuf + offset; 1648 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(cp); 1649 1650 log_debug("%s: type %s length %zu", 1651 __func__, print_map(cp.cp_type, ikev2_cp_map), len); 1652 print_hex(buf, 0, len); 1653 1654 for (i = 0; i < len;) { 1655 cfg = (struct ikev2_cfg *)(buf + i); 1656 1657 log_debug("%s: %s 0x%04x length %d", __func__, 1658 print_map(betoh16(cfg->cfg_type), ikev2_cfg_map), 1659 betoh16(cfg->cfg_type), 1660 betoh16(cfg->cfg_length)); 1661 1662 i += betoh16(cfg->cfg_length) + sizeof(*cfg); 1663 } 1664 1665 if (!ikev2_msg_frompeer(msg)) 1666 return (0); 1667 1668 if (sa) 1669 sa->sa_cp = cp.cp_type; 1670 1671 return (0); 1672 } 1673 1674 int 1675 ikev2_validate_eap(struct iked_message *msg, size_t offset, size_t left, 1676 struct ikev2_payload *pld, struct eap_header *hdr) 1677 { 1678 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1679 size_t pld_length; 1680 1681 pld_length = betoh16(pld->pld_length); 1682 if (pld_length < sizeof(*pld) + sizeof(*hdr)) { 1683 log_debug("%s: malformed payload: specified length smaller " 1684 "than minimum size (%zu < %zu)", __func__, pld_length, 1685 sizeof(*pld) + sizeof(*hdr)); 1686 return (-1); 1687 } 1688 1689 /* This will actually be caught by earlier checks. */ 1690 if (left < sizeof(*hdr)) { 1691 log_debug("%s: malformed payload: too short for header " 1692 "(%zu < %zu)", __func__, left, sizeof(*hdr)); 1693 return (-1); 1694 } 1695 memcpy(hdr, msgbuf + offset, sizeof(*hdr)); 1696 1697 return (0); 1698 } 1699 1700 int 1701 ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld, 1702 struct iked_message *msg, size_t offset, size_t left) 1703 { 1704 struct eap_header hdr; 1705 struct eap_message *eap = NULL; 1706 struct iked_sa *sa = msg->msg_sa; 1707 size_t len; 1708 1709 if (ikev2_validate_eap(msg, offset, left, pld, &hdr)) 1710 return (-1); 1711 len = betoh16(hdr.eap_length); 1712 1713 if (len < sizeof(*eap)) { 1714 log_info("%s: %s id %d length %d", __func__, 1715 print_map(hdr.eap_code, eap_code_map), 1716 hdr.eap_id, betoh16(hdr.eap_length)); 1717 } else { 1718 /* Now try to get the indicated length */ 1719 if ((eap = ibuf_seek(msg->msg_data, offset, len)) == NULL) { 1720 log_debug("%s: invalid EAP length", __func__); 1721 return (-1); 1722 } 1723 1724 log_info("%s: %s id %d length %d EAP-%s", __func__, 1725 print_map(eap->eap_code, eap_code_map), 1726 eap->eap_id, betoh16(eap->eap_length), 1727 print_map(eap->eap_type, eap_type_map)); 1728 } 1729 1730 if (eap_parse(env, sa, &hdr, msg->msg_response) == -1) 1731 return (-1); 1732 1733 return (0); 1734 } 1735