1 /* $OpenBSD: ikev2_pld.c,v 1.21 2011/01/26 16:59:24 mikeb Exp $ */ 2 /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ 3 4 /* 5 * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/param.h> 21 #include <sys/types.h> 22 #include <sys/queue.h> 23 #include <sys/socket.h> 24 #include <sys/wait.h> 25 #include <sys/uio.h> 26 27 #include <netinet/in.h> 28 #include <netinet/ip_ipsp.h> 29 #include <arpa/inet.h> 30 31 #include <stdlib.h> 32 #include <stdio.h> 33 #include <unistd.h> 34 #include <string.h> 35 #include <getopt.h> 36 #include <signal.h> 37 #include <errno.h> 38 #include <err.h> 39 #include <pwd.h> 40 #include <event.h> 41 42 #include <openssl/sha.h> 43 #include <openssl/evp.h> 44 45 #include "iked.h" 46 #include "ikev2.h" 47 #include "eap.h" 48 #include "dh.h" 49 50 int ikev2_pld_payloads(struct iked *, struct iked_message *, 51 off_t, size_t, u_int, int); 52 int ikev2_pld_sa(struct iked *, struct ikev2_payload *, 53 struct iked_message *, off_t); 54 int ikev2_pld_xform(struct iked *, struct ikev2_sa_proposal *, 55 struct iked_message *, off_t); 56 int ikev2_pld_attr(struct iked *, struct ikev2_transform *, 57 struct iked_message *, off_t, int); 58 int ikev2_pld_ke(struct iked *, struct ikev2_payload *, 59 struct iked_message *, off_t); 60 int ikev2_pld_id(struct iked *, struct ikev2_payload *, 61 struct iked_message *, off_t, u_int); 62 int ikev2_pld_cert(struct iked *, struct ikev2_payload *, 63 struct iked_message *, off_t); 64 int ikev2_pld_certreq(struct iked *, struct ikev2_payload *, 65 struct iked_message *, off_t); 66 int ikev2_pld_nonce(struct iked *, struct ikev2_payload *, 67 struct iked_message *, off_t); 68 int ikev2_pld_notify(struct iked *, struct ikev2_payload *, 69 struct iked_message *, off_t); 70 int ikev2_pld_delete(struct iked *, struct ikev2_payload *, 71 struct iked_message *, off_t); 72 int ikev2_pld_ts(struct iked *, struct ikev2_payload *, 73 struct iked_message *, off_t, u_int); 74 int ikev2_pld_auth(struct iked *, struct ikev2_payload *, 75 struct iked_message *, off_t); 76 int ikev2_pld_e(struct iked *, struct ikev2_payload *, 77 struct iked_message *, off_t); 78 int ikev2_pld_cp(struct iked *, struct ikev2_payload *, 79 struct iked_message *, off_t); 80 int ikev2_pld_eap(struct iked *, struct ikev2_payload *, 81 struct iked_message *, off_t); 82 83 int 84 ikev2_pld_parse(struct iked *env, struct ike_header *hdr, 85 struct iked_message *msg, off_t offset) 86 { 87 log_debug("%s: header ispi %s rspi %s" 88 " nextpayload %s version 0x%02x exchange %s flags 0x%02x" 89 " msgid %d length %d response %d", __func__, 90 print_spi(betoh64(hdr->ike_ispi), 8), 91 print_spi(betoh64(hdr->ike_rspi), 8), 92 print_map(hdr->ike_nextpayload, ikev2_payload_map), 93 hdr->ike_version, 94 print_map(hdr->ike_exchange, ikev2_exchange_map), 95 hdr->ike_flags, 96 betoh32(hdr->ike_msgid), 97 betoh32(hdr->ike_length), 98 msg->msg_response); 99 100 if (ibuf_size(msg->msg_data) < betoh32(hdr->ike_length)) { 101 log_debug("%s: short message", __func__); 102 return (-1); 103 } 104 105 offset += sizeof(*hdr); 106 107 return (ikev2_pld_payloads(env, msg, offset, 108 betoh32(hdr->ike_length), hdr->ike_nextpayload, 0)); 109 } 110 111 int 112 ikev2_pld_payloads(struct iked *env, struct iked_message *msg, 113 off_t offset, size_t length, u_int payload, int quick) 114 { 115 struct ikev2_payload pld; 116 u_int e; 117 int ret; 118 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 119 120 /* Check if message was decrypted in an E payload */ 121 e = msg->msg_e ? IKED_E : 0; 122 123 if (quick) 124 print_debug("%s: %spayloads", __func__, 125 e ? "decrypted " : ""); 126 else 127 ikev2_pld_payloads(env, msg, offset, length, payload, 1); 128 129 while (payload != 0 && offset < (off_t)length) { 130 memcpy(&pld, msgbuf + offset, sizeof(pld)); 131 132 if (quick) 133 print_debug(" %s", 134 print_map(payload, ikev2_payload_map)); 135 else 136 log_debug("%s: %spayload %s" 137 " nextpayload %s critical 0x%02x length %d", 138 __func__, e ? "decrypted " : "", 139 print_map(payload, ikev2_payload_map), 140 print_map(pld.pld_nextpayload, ikev2_payload_map), 141 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD, 142 betoh16(pld.pld_length)); 143 144 offset += sizeof(pld); 145 ret = 0; 146 147 if (quick) 148 goto next; 149 150 switch (payload | e) { 151 case IKEV2_PAYLOAD_SA: 152 case IKEV2_PAYLOAD_SA | IKED_E: 153 ret = ikev2_pld_sa(env, &pld, msg, offset); 154 break; 155 case IKEV2_PAYLOAD_KE: 156 case IKEV2_PAYLOAD_KE | IKED_E: 157 ret = ikev2_pld_ke(env, &pld, msg, offset); 158 break; 159 case IKEV2_PAYLOAD_IDi | IKED_E: 160 case IKEV2_PAYLOAD_IDr | IKED_E: 161 ret = ikev2_pld_id(env, &pld, msg, offset, payload); 162 break; 163 case IKEV2_PAYLOAD_CERT | IKED_E: 164 ret = ikev2_pld_cert(env, &pld, msg, offset); 165 break; 166 case IKEV2_PAYLOAD_CERTREQ: 167 case IKEV2_PAYLOAD_CERTREQ | IKED_E: 168 ret = ikev2_pld_certreq(env, &pld, msg, offset); 169 break; 170 case IKEV2_PAYLOAD_AUTH | IKED_E: 171 ret = ikev2_pld_auth(env, &pld, msg, offset); 172 break; 173 case IKEV2_PAYLOAD_NONCE: 174 case IKEV2_PAYLOAD_NONCE | IKED_E: 175 ret = ikev2_pld_nonce(env, &pld, msg, offset); 176 break; 177 case IKEV2_PAYLOAD_NOTIFY: 178 case IKEV2_PAYLOAD_NOTIFY | IKED_E: 179 ret = ikev2_pld_notify(env, &pld, msg, offset); 180 break; 181 case IKEV2_PAYLOAD_DELETE | IKED_E: 182 ret = ikev2_pld_delete(env, &pld, msg, offset); 183 break; 184 case IKEV2_PAYLOAD_TSi | IKED_E: 185 case IKEV2_PAYLOAD_TSr | IKED_E: 186 ret = ikev2_pld_ts(env, &pld, msg, offset, payload); 187 break; 188 case IKEV2_PAYLOAD_E: 189 ret = ikev2_pld_e(env, &pld, msg, offset); 190 break; 191 case IKEV2_PAYLOAD_CP | IKED_E: 192 ret = ikev2_pld_cp(env, &pld, msg, offset); 193 break; 194 case IKEV2_PAYLOAD_EAP | IKED_E: 195 ret = ikev2_pld_eap(env, &pld, msg, offset); 196 break; 197 default: 198 print_hex(msgbuf, offset, 199 betoh16(pld.pld_length) - sizeof(pld)); 200 break; 201 } 202 203 if (ret != 0 && ikev2_msg_frompeer(msg)) { 204 (void)ikev2_send_informational(env, msg); 205 return (-1); 206 } 207 208 /* Encrypted payload must appear last */ 209 if (payload == IKEV2_PAYLOAD_E) 210 return (0); 211 212 next: 213 payload = pld.pld_nextpayload; 214 offset += betoh16(pld.pld_length) - sizeof(pld); 215 } 216 217 if (quick) 218 print_debug("\n"); 219 220 return (0); 221 } 222 223 int 224 ikev2_pld_sa(struct iked *env, struct ikev2_payload *pld, 225 struct iked_message *msg, off_t offset) 226 { 227 struct ikev2_sa_proposal sap; 228 struct iked_proposal *prop = NULL; 229 u_int32_t spi32; 230 u_int64_t spi = 0, spi64; 231 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 232 struct iked_proposals *props; 233 234 props = &msg->msg_parent->msg_proposals; 235 236 memcpy(&sap, msgbuf + offset, sizeof(sap)); 237 offset += sizeof(sap); 238 239 if (sap.sap_spisize) { 240 switch (sap.sap_spisize) { 241 case 4: 242 memcpy(&spi32, msgbuf + offset, 4); 243 spi = betoh32(spi32); 244 break; 245 case 8: 246 memcpy(&spi64, msgbuf + offset, 8); 247 spi = betoh64(spi64); 248 break; 249 default: 250 log_debug("%s: unsupported SPI size %d", 251 __func__, sap.sap_spisize); 252 return (-1); 253 } 254 255 offset += sap.sap_spisize; 256 } 257 258 log_debug("%s: more %d reserved %d length %d" 259 " proposal #%d protoid %s spisize %d xforms %d spi %s", 260 __func__, sap.sap_more, sap.sap_reserved, 261 betoh16(sap.sap_length), sap.sap_proposalnr, 262 print_map(sap.sap_protoid, ikev2_saproto_map), sap.sap_spisize, 263 sap.sap_transforms, print_spi(spi, sap.sap_spisize)); 264 265 if (ikev2_msg_frompeer(msg)) { 266 if ((msg->msg_parent->msg_prop = config_add_proposal(props, 267 sap.sap_proposalnr, sap.sap_protoid)) == NULL) { 268 log_debug("%s: invalid proposal", __func__); 269 return (-1); 270 } 271 prop = msg->msg_parent->msg_prop; 272 prop->prop_peerspi.spi = spi; 273 prop->prop_peerspi.spi_protoid = sap.sap_protoid; 274 prop->prop_peerspi.spi_size = sap.sap_spisize; 275 276 prop->prop_localspi.spi_protoid = sap.sap_protoid; 277 prop->prop_localspi.spi_size = sap.sap_spisize; 278 } 279 280 /* 281 * Parse the attached transforms 282 */ 283 if (sap.sap_transforms && 284 ikev2_pld_xform(env, &sap, msg, offset) != 0) { 285 log_debug("%s: invalid proposal transforms", __func__); 286 return (-1); 287 } 288 289 return (0); 290 } 291 292 int 293 ikev2_pld_xform(struct iked *env, struct ikev2_sa_proposal *sap, 294 struct iked_message *msg, off_t offset) 295 { 296 struct ikev2_transform xfrm; 297 char id[BUFSIZ]; 298 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 299 300 memcpy(&xfrm, msgbuf + offset, sizeof(xfrm)); 301 302 switch (xfrm.xfrm_type) { 303 case IKEV2_XFORMTYPE_ENCR: 304 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 305 ikev2_xformencr_map), sizeof(id)); 306 break; 307 case IKEV2_XFORMTYPE_PRF: 308 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 309 ikev2_xformprf_map), sizeof(id)); 310 break; 311 case IKEV2_XFORMTYPE_INTEGR: 312 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 313 ikev2_xformauth_map), sizeof(id)); 314 break; 315 case IKEV2_XFORMTYPE_DH: 316 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 317 ikev2_xformdh_map), sizeof(id)); 318 break; 319 case IKEV2_XFORMTYPE_ESN: 320 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 321 ikev2_xformesn_map), sizeof(id)); 322 break; 323 default: 324 snprintf(id, sizeof(id), "<%d>", betoh16(xfrm.xfrm_id)); 325 break; 326 } 327 328 log_debug("%s: more %d reserved %d length %d" 329 " type %s id %s", 330 __func__, xfrm.xfrm_more, xfrm.xfrm_reserved, 331 betoh16(xfrm.xfrm_length), 332 print_map(xfrm.xfrm_type, ikev2_xformtype_map), id); 333 334 /* 335 * Parse transform attributes, if available 336 */ 337 msg->msg_attrlength = 0; 338 if ((u_int)betoh16(xfrm.xfrm_length) > sizeof(xfrm)) 339 ikev2_pld_attr(env, &xfrm, msg, offset + sizeof(xfrm), 340 betoh16(xfrm.xfrm_length) - sizeof(xfrm)); 341 342 if (ikev2_msg_frompeer(msg)) { 343 if (config_add_transform(msg->msg_parent->msg_prop, 344 xfrm.xfrm_type, betoh16(xfrm.xfrm_id), 345 msg->msg_attrlength, msg->msg_attrlength) == NULL) { 346 log_debug("%s: failed to add transform", __func__); 347 return (-1); 348 } 349 } 350 351 /* Next transform */ 352 offset += betoh16(xfrm.xfrm_length); 353 if (xfrm.xfrm_more == IKEV2_XFORM_MORE) 354 ikev2_pld_xform(env, sap, msg, offset); 355 356 return (0); 357 } 358 359 int 360 ikev2_pld_attr(struct iked *env, struct ikev2_transform *xfrm, 361 struct iked_message *msg, off_t offset, int total) 362 { 363 struct ikev2_attribute attr; 364 u_int type; 365 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 366 367 memcpy(&attr, msgbuf + offset, sizeof(attr)); 368 369 type = betoh16(attr.attr_type) & ~IKEV2_ATTRAF_TV; 370 371 log_debug("%s: attribute type %s length %d total %d", 372 __func__, print_map(type, ikev2_attrtype_map), 373 betoh16(attr.attr_length), total); 374 375 if (betoh16(attr.attr_type) & IKEV2_ATTRAF_TV) { 376 /* Type-Value attribute */ 377 offset += sizeof(attr); 378 total -= sizeof(attr); 379 380 if (type == IKEV2_ATTRTYPE_KEY_LENGTH) 381 msg->msg_attrlength = betoh16(attr.attr_length); 382 } else { 383 /* Type-Length-Value attribute */ 384 print_hex(msgbuf, offset + sizeof(attr), 385 betoh16(attr.attr_length) - sizeof(attr)); 386 offset += betoh16(attr.attr_length); 387 total -= betoh16(attr.attr_length); 388 } 389 390 if (total > 0) { 391 /* Next attribute */ 392 ikev2_pld_attr(env, xfrm, msg, offset, total); 393 } 394 395 return (0); 396 } 397 398 int 399 ikev2_pld_ke(struct iked *env, struct ikev2_payload *pld, 400 struct iked_message *msg, off_t offset) 401 { 402 struct ikev2_keyexchange kex; 403 u_int8_t *buf; 404 size_t len; 405 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 406 407 memcpy(&kex, msgbuf + offset, sizeof(kex)); 408 409 log_debug("%s: dh group %s reserved %d", __func__, 410 print_map(betoh16(kex.kex_dhgroup), ikev2_xformdh_map), 411 betoh16(kex.kex_reserved)); 412 413 buf = msgbuf + offset + sizeof(kex); 414 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(kex); 415 416 print_hex(buf, 0, len); 417 418 if (ikev2_msg_frompeer(msg)) { 419 ibuf_release(msg->msg_parent->msg_ke); 420 if ((msg->msg_parent->msg_ke = ibuf_new(buf, len)) == NULL) { 421 log_debug("%s: failed to get exchange", __func__); 422 return (-1); 423 } 424 } 425 426 return (0); 427 } 428 429 int 430 ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, 431 struct iked_message *msg, off_t offset, u_int payload) 432 { 433 u_int8_t *ptr; 434 struct ikev2_id id; 435 size_t len; 436 struct iked_id *idp, idb; 437 struct iked_sa *sa = msg->msg_sa; 438 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 439 char idstr[IKED_ID_SIZE]; 440 441 memcpy(&id, msgbuf + offset, sizeof(id)); 442 bzero(&idb, sizeof(idb)); 443 444 /* Don't strip the Id payload header */ 445 ptr = msgbuf + offset; 446 len = betoh16(pld->pld_length) - sizeof(*pld); 447 448 idb.id_type = id.id_type; 449 idb.id_offset = sizeof(id); 450 if ((idb.id_buf = ibuf_new(ptr, len)) == NULL) 451 return (-1); 452 453 if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) { 454 log_debug("%s: malformed id", __func__); 455 return (-1); 456 } 457 458 log_debug("%s: id %s length %d", __func__, idstr, len); 459 460 if (!ikev2_msg_frompeer(msg)) { 461 ibuf_release(idb.id_buf); 462 return (0); 463 } 464 465 if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) || 466 (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) { 467 log_debug("%s: unexpected id payload", __func__); 468 return (0); 469 } 470 471 idp = &msg->msg_parent->msg_id; 472 if (idp->id_type) { 473 log_debug("%s: duplicate id payload", __func__); 474 return (-1); 475 } 476 477 idp->id_buf = idb.id_buf; 478 idp->id_offset = idb.id_offset; 479 idp->id_type = idb.id_type; 480 481 return (0); 482 } 483 484 int 485 ikev2_pld_cert(struct iked *env, struct ikev2_payload *pld, 486 struct iked_message *msg, off_t offset) 487 { 488 struct ikev2_cert cert; 489 u_int8_t *buf; 490 size_t len; 491 struct iked_id *certid; 492 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 493 494 memcpy(&cert, msgbuf + offset, sizeof(cert)); 495 offset += sizeof(cert); 496 497 buf = msgbuf + offset; 498 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(cert); 499 500 log_debug("%s: type %s length %d", 501 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 502 503 print_hex(buf, 0, len); 504 505 if (!ikev2_msg_frompeer(msg)) 506 return (0); 507 508 certid = &msg->msg_parent->msg_cert; 509 if (certid->id_type) { 510 log_debug("%s: duplicate cert payload", __func__); 511 return (-1); 512 } 513 514 if ((certid->id_buf = ibuf_new(buf, len)) == NULL) { 515 log_debug("%s: failed to save cert", __func__); 516 return (-1); 517 } 518 certid->id_type = cert.cert_type; 519 certid->id_offset = 0; 520 521 return (0); 522 } 523 524 int 525 ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld, 526 struct iked_message *msg, off_t offset) 527 { 528 struct iked_sa *sa = msg->msg_sa; 529 struct ikev2_cert cert; 530 u_int8_t *buf; 531 size_t len; 532 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 533 534 memcpy(&cert, msgbuf + offset, sizeof(cert)); 535 offset += sizeof(cert); 536 537 buf = msgbuf + offset; 538 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(cert); 539 540 log_debug("%s: type %s signatures length %d", 541 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 542 print_hex(buf, 0, len); 543 544 if (!ikev2_msg_frompeer(msg)) 545 return (0); 546 547 if (!len || (len % SHA_DIGEST_LENGTH) != 0) { 548 log_debug("%s: invalid certificate request", __func__); 549 return (-1); 550 } 551 552 if (msg->msg_sa == NULL) 553 return (-1); 554 555 /* Optional certreq for PSK */ 556 if (sa->sa_hdr.sh_initiator) 557 sa->sa_stateinit |= IKED_REQ_CERT; 558 else 559 sa->sa_statevalid |= IKED_REQ_CERT; 560 561 ca_setreq(env, &sa->sa_hdr, &sa->sa_policy->pol_localid, 562 cert.cert_type, buf, len, PROC_CERT); 563 564 return (0); 565 } 566 567 int 568 ikev2_pld_auth(struct iked *env, struct ikev2_payload *pld, 569 struct iked_message *msg, off_t offset) 570 { 571 struct ikev2_auth auth; 572 struct iked_id *idp; 573 u_int8_t *buf; 574 size_t len; 575 struct iked_sa *sa = msg->msg_sa; 576 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 577 578 memcpy(&auth, msgbuf + offset, sizeof(auth)); 579 offset += sizeof(auth); 580 581 buf = msgbuf + offset; 582 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(auth); 583 584 log_debug("%s: method %s length %d", 585 __func__, print_map(auth.auth_method, ikev2_auth_map), len); 586 587 print_hex(buf, 0, len); 588 589 if (!ikev2_msg_frompeer(msg)) 590 return (0); 591 592 /* The AUTH payload indicates if the responder wants EAP or not */ 593 if (!sa_stateok(sa, IKEV2_STATE_EAP)) 594 sa_state(env, sa, IKEV2_STATE_AUTH_REQUEST); 595 596 idp = &msg->msg_parent->msg_auth; 597 if (idp->id_type) { 598 log_debug("%s: duplicate auth payload", __func__); 599 return (-1); 600 } 601 602 ibuf_release(idp->id_buf); 603 idp->id_type = auth.auth_method; 604 idp->id_offset = 0; 605 if ((idp->id_buf = ibuf_new(buf, len)) == NULL) 606 return (-1); 607 608 return (0); 609 } 610 611 int 612 ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld, 613 struct iked_message *msg, off_t offset) 614 { 615 size_t len; 616 u_int8_t *buf; 617 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 618 619 buf = msgbuf + offset; 620 len = betoh16(pld->pld_length) - sizeof(*pld); 621 print_hex(buf, 0, len); 622 623 if (ikev2_msg_frompeer(msg)) { 624 ibuf_release(msg->msg_nonce); 625 if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) { 626 log_debug("%s: failed to get peer nonce", __func__); 627 return (-1); 628 } 629 msg->msg_parent->msg_nonce = msg->msg_nonce; 630 } 631 632 return (0); 633 } 634 635 int 636 ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, 637 struct iked_message *msg, off_t offset) 638 { 639 struct ikev2_notify *n; 640 u_int8_t *buf, md[SHA_DIGEST_LENGTH]; 641 size_t len; 642 u_int32_t spi32; 643 u_int64_t spi64; 644 struct iked_spi *rekey; 645 u_int16_t type; 646 u_int16_t group; 647 648 if ((n = ibuf_seek(msg->msg_data, offset, sizeof(*n))) == NULL) 649 return (-1); 650 type = betoh16(n->n_type); 651 652 log_debug("%s: protoid %s spisize %d type %s", 653 __func__, 654 print_map(n->n_protoid, ikev2_saproto_map), n->n_spisize, 655 print_map(type, ikev2_n_map)); 656 657 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(*n); 658 if ((buf = ibuf_seek(msg->msg_data, offset + sizeof(*n), len)) == NULL) 659 return (-1); 660 661 print_hex(buf, 0, len); 662 663 if (!ikev2_msg_frompeer(msg)) 664 return (0); 665 666 switch (type) { 667 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 668 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 669 if (ikev2_nat_detection(msg, md, sizeof(md), type) == -1) 670 return (-1); 671 if (len != sizeof(md) || memcmp(buf, md, len) != 0) { 672 log_debug("%s: %s detected NAT, enabling " 673 "UDP encapsulation", __func__, 674 print_map(type, ikev2_n_map)); 675 676 /* 677 * Enable UDP encapsulation of ESP packages if 678 * the check detected NAT. 679 */ 680 if (msg->msg_sa != NULL) 681 msg->msg_sa->sa_udpencap = 1; 682 } 683 print_hex(md, 0, sizeof(md)); 684 break; 685 case IKEV2_N_INVALID_KE_PAYLOAD: 686 if (len != sizeof(group)) { 687 log_debug("%s: malformed notification", __func__); 688 return (-1); 689 } 690 if (!msg->msg_sa->sa_hdr.sh_initiator) { 691 log_debug("%s: not an initiator", __func__); 692 sa_free(env, msg->msg_sa); 693 msg->msg_sa = NULL; 694 return (-1); 695 } 696 memcpy(&group, buf, len); 697 group = betoh16(group); 698 if ((msg->msg_policy->pol_peerdh = group_get(group)) 699 == NULL) { 700 log_debug("%s: unable to select DH group %d", __func__, 701 group); 702 return (-1); 703 } 704 log_debug("%s: responder selected DH group %d", __func__, 705 group); 706 sa_free(env, msg->msg_sa); 707 msg->msg_sa = NULL; 708 timer_register_initiator(env, ikev2_init_ike_sa); 709 break; 710 case IKEV2_N_NO_ADDITIONAL_SAS: 711 /* This makes sense for Child SAs only atm */ 712 if (msg->msg_sa->sa_stateflags & IKED_REQ_CHILDSA) { 713 ikev2_disable_rekeying(env, msg->msg_sa); 714 msg->msg_sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 715 } 716 break; 717 case IKEV2_N_REKEY_SA: 718 if (len != n->n_spisize) { 719 log_debug("%s: malformed notification", __func__); 720 return (-1); 721 } 722 rekey = &msg->msg_parent->msg_rekey; 723 if (rekey->spi != 0) { 724 log_debug("%s: rekeying of multiple SAs not supported", 725 __func__); 726 return (-1); 727 } 728 switch (n->n_spisize) { 729 case 4: 730 memcpy(&spi32, buf, len); 731 rekey->spi = betoh32(spi32); 732 break; 733 case 8: 734 memcpy(&spi64, buf, len); 735 rekey->spi = betoh64(spi64); 736 break; 737 default: 738 log_debug("%s: invalid spi size %d", __func__, 739 n->n_spisize); 740 return (-1); 741 } 742 rekey->spi_size = n->n_spisize; 743 rekey->spi_protoid = n->n_protoid; 744 745 log_debug("%s: rekey %s spi %s", __func__, 746 print_map(n->n_protoid, ikev2_saproto_map), 747 print_spi(rekey->spi, n->n_spisize)); 748 break; 749 } 750 751 return (0); 752 } 753 754 int 755 ikev2_pld_delete(struct iked *env, struct ikev2_payload *pld, 756 struct iked_message *msg, off_t offset) 757 { 758 struct iked_childsa **peersas = NULL; 759 struct iked_sa *sa = msg->msg_sa; 760 struct ikev2_delete *del, *localdel; 761 struct ibuf *resp = NULL; 762 u_int64_t *localspi = NULL; 763 u_int64_t spi64, spi = 0; 764 u_int32_t spi32; 765 u_int8_t *buf, *msgbuf = ibuf_data(msg->msg_data); 766 size_t found = 0, failed = 0; 767 int cnt, i, len, sz, ret = -1; 768 769 /* Skip if it's a reply and we don't have to deal with it */ 770 if (ikev2_msg_frompeer(msg) && sa && 771 (sa->sa_stateflags & IKED_REQ_INF)) { 772 sa->sa_stateflags &= ~IKED_REQ_INF; 773 if ((sa->sa_stateflags & IKED_REQ_DELETE) == 0) 774 return (0); 775 } 776 777 if ((del = ibuf_seek(msg->msg_data, offset, sizeof(*del))) == NULL) 778 return (-1); 779 cnt = betoh16(del->del_nspi); 780 sz = del->del_spisize; 781 782 log_debug("%s: proto %s spisize %d nspi %d", 783 __func__, print_map(del->del_protoid, ikev2_saproto_map), 784 sz, cnt); 785 786 buf = msgbuf + offset + sizeof(*del); 787 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(*del); 788 789 print_hex(buf, 0, len); 790 791 switch (sz) { 792 case 4: 793 case 8: 794 break; 795 default: 796 if (ikev2_msg_frompeer(msg) && 797 del->del_protoid == IKEV2_SAPROTO_IKE) { 798 /* Send an empty informational response */ 799 if ((resp = ibuf_static()) == NULL) 800 goto done; 801 ret = ikev2_send_ike_e(env, sa, resp, 802 IKEV2_PAYLOAD_NONE, 803 IKEV2_EXCHANGE_INFORMATIONAL, 1); 804 ibuf_release(resp); 805 sa_state(env, sa, IKEV2_STATE_CLOSED); 806 return (ret); 807 } 808 log_debug("%s: invalid SPI size", __func__); 809 return (-1); 810 } 811 812 if ((len / sz) != cnt) { 813 log_debug("%s: invalid payload length %d/%d != %d", 814 __func__, len, sz, cnt); 815 return (-1); 816 } 817 818 if (ikev2_msg_frompeer(msg) && 819 ((peersas = calloc(cnt, sizeof(struct iked_childsa *))) == NULL || 820 (localspi = calloc(cnt, sizeof(u_int64_t))) == NULL)) { 821 log_warn("%s", __func__); 822 goto done; 823 } 824 825 for (i = 0; i < cnt; i++) { 826 switch (sz) { 827 case 4: 828 memcpy(&spi32, buf + (i * sz), sizeof(spi32)); 829 spi = betoh32(spi32); 830 break; 831 case 8: 832 memcpy(&spi64, buf + (i * sz), sizeof(spi64)); 833 spi = betoh64(spi64); 834 break; 835 } 836 837 log_debug("%s: spi %s", __func__, print_spi(spi, sz)); 838 839 if (!ikev2_msg_frompeer(msg)) 840 continue; 841 842 if ((peersas[i] = childsa_lookup(sa, spi, 843 del->del_protoid)) == NULL) { 844 log_warnx("%s: CHILD SA doesn't exist for spi %s", 845 __func__, print_spi(spi, del->del_spisize)); 846 goto done; 847 } 848 849 if (ikev2_childsa_delete(env, sa, del->del_protoid, spi, 850 &localspi[i], 0) == -1) 851 failed++; 852 else 853 found++; 854 855 /* 856 * Flows are left in the require mode so that it would be 857 * possible to quickly negotiate a new Child SA 858 */ 859 } 860 861 /* Parsed outgoing message? */ 862 if (!ikev2_msg_frompeer(msg)) 863 return (0); 864 865 if (ikev2_msg_frompeer(msg) && (sa->sa_stateflags & IKED_REQ_DELETE)) { 866 /* Finish rekeying */ 867 sa->sa_stateflags &= ~IKED_REQ_DELETE; 868 ret = 0; 869 goto done; 870 } 871 872 /* Response to the INFORMATIONAL with Delete payload */ 873 874 if ((resp = ibuf_static()) == NULL) 875 goto done; 876 877 if (found) { 878 if ((localdel = ibuf_advance(resp, sizeof(*localdel))) == NULL) 879 goto done; 880 881 localdel->del_protoid = del->del_protoid; 882 localdel->del_spisize = del->del_spisize; 883 localdel->del_nspi = htobe16(found); 884 885 for (i = 0; i < cnt; i++) { 886 switch (sz) { 887 case 4: 888 spi32 = htobe32(localspi[i]); 889 if (ibuf_add(resp, &spi32, sizeof(spi32)) != 0) 890 goto done; 891 break; 892 case 8: 893 spi64 = htobe64(localspi[i]); 894 if (ibuf_add(resp, &spi64, sizeof(spi64)) != 0) 895 goto done; 896 break; 897 } 898 } 899 900 log_warnx("%s: deleted %d spis", __func__, found); 901 } 902 903 if (found) { 904 ret = ikev2_send_ike_e(env, sa, resp, IKEV2_PAYLOAD_DELETE, 905 IKEV2_EXCHANGE_INFORMATIONAL, 1); 906 } else { 907 /* XXX should we send an INVALID_SPI notification? */ 908 ret = 0; 909 } 910 911 done: 912 if (localspi) 913 free(localspi); 914 if (peersas) 915 free(peersas); 916 ibuf_release(resp); 917 return (ret); 918 } 919 920 int 921 ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld, 922 struct iked_message *msg, off_t offset, u_int payload) 923 { 924 u_int8_t *ptr; 925 struct ikev2_tsp tsp; 926 struct ikev2_ts ts; 927 size_t len, i; 928 struct sockaddr_in s4; 929 struct sockaddr_in6 s6; 930 u_int8_t buf[2][128]; 931 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 932 933 memcpy(&tsp, msgbuf + offset, sizeof(tsp)); 934 offset += sizeof(tsp); 935 936 ptr = msgbuf + offset; 937 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(tsp); 938 939 log_debug("%s: count %d length %d", __func__, 940 tsp.tsp_count, len); 941 942 for (i = 0; i < tsp.tsp_count; i++) { 943 memcpy(&ts, msgbuf + offset, sizeof(ts)); 944 945 log_debug("%s: type %s protoid %u length %d " 946 "startport %u endport %u", __func__, 947 print_map(ts.ts_type, ikev2_ts_map), 948 ts.ts_protoid, betoh16(ts.ts_length), 949 betoh16(ts.ts_startport), 950 betoh16(ts.ts_endport)); 951 952 switch (ts.ts_type) { 953 case IKEV2_TS_IPV4_ADDR_RANGE: 954 bzero(&s4, sizeof(s4)); 955 s4.sin_family = AF_INET; 956 s4.sin_len = sizeof(s4); 957 memcpy(&s4.sin_addr.s_addr, 958 msgbuf + offset + sizeof(ts), 4); 959 print_host((struct sockaddr_storage *)&s4, 960 (char *)buf[0], sizeof(buf[0])); 961 memcpy(&s4.sin_addr.s_addr, 962 msgbuf + offset + sizeof(ts) + 4, 4); 963 print_host((struct sockaddr_storage *)&s4, 964 (char *)buf[1], sizeof(buf[1])); 965 log_debug("%s: start %s end %s", __func__, 966 buf[0], buf[1]); 967 break; 968 case IKEV2_TS_IPV6_ADDR_RANGE: 969 bzero(&s6, sizeof(s6)); 970 s6.sin6_family = AF_INET6; 971 s6.sin6_len = sizeof(s6); 972 memcpy(&s6.sin6_addr, 973 msgbuf + offset + sizeof(ts), 16); 974 print_host((struct sockaddr_storage *)&s6, 975 (char *)buf[0], sizeof(buf[0])); 976 memcpy(&s6.sin6_addr, 977 msgbuf + offset + sizeof(ts) + 16, 16); 978 print_host((struct sockaddr_storage *)&s6, 979 (char *)buf[1], sizeof(buf[1])); 980 log_debug("%s: start %s end %s", __func__, 981 buf[0], buf[1]); 982 break; 983 default: 984 break; 985 } 986 987 offset += betoh16(ts.ts_length); 988 } 989 990 return (0); 991 } 992 993 int 994 ikev2_pld_e(struct iked *env, struct ikev2_payload *pld, 995 struct iked_message *msg, off_t offset) 996 { 997 struct iked_sa *sa = msg->msg_sa; 998 struct ibuf *e = NULL; 999 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1000 struct iked_message emsg; 1001 u_int8_t *buf; 1002 size_t len; 1003 int ret = -1; 1004 1005 buf = msgbuf + offset; 1006 len = betoh16(pld->pld_length) - sizeof(*pld); 1007 1008 if ((e = ibuf_new(buf, len)) == NULL) 1009 goto done; 1010 1011 if (ikev2_msg_frompeer(msg)) { 1012 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1013 } else { 1014 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1015 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1016 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1017 } 1018 1019 if (e == NULL) 1020 goto done; 1021 1022 /* 1023 * Parse decrypted payload 1024 */ 1025 bzero(&emsg, sizeof(emsg)); 1026 memcpy(&emsg, msg, sizeof(*msg)); 1027 emsg.msg_data = e; 1028 emsg.msg_e = 1; 1029 emsg.msg_parent = msg; 1030 TAILQ_INIT(&emsg.msg_proposals); 1031 1032 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e), 1033 pld->pld_nextpayload, 0); 1034 1035 done: 1036 ibuf_release(e); 1037 1038 return (ret); 1039 } 1040 1041 int 1042 ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld, 1043 struct iked_message *msg, off_t offset) 1044 { 1045 struct ikev2_cp cp; 1046 struct ikev2_cfg *cfg; 1047 u_int8_t *buf; 1048 size_t len, i; 1049 u_int8_t *msgbuf = ibuf_data(msg->msg_data); 1050 struct iked_sa *sa = msg->msg_sa; 1051 1052 memcpy(&cp, msgbuf + offset, sizeof(cp)); 1053 offset += sizeof(cp); 1054 1055 buf = msgbuf + offset; 1056 len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(cp); 1057 1058 log_debug("%s: type %s length %d", 1059 __func__, print_map(cp.cp_type, ikev2_cp_map), len); 1060 print_hex(buf, 0, len); 1061 1062 for (i = 0; i < len;) { 1063 cfg = (struct ikev2_cfg *)(buf + i); 1064 1065 log_debug("%s: %s 0x%04x length %d", __func__, 1066 print_map(betoh16(cfg->cfg_type), ikev2_cfg_map), 1067 betoh16(cfg->cfg_type), 1068 betoh16(cfg->cfg_length)); 1069 1070 i += betoh16(cfg->cfg_length) + sizeof(*cfg); 1071 } 1072 1073 if (!ikev2_msg_frompeer(msg)) 1074 return (0); 1075 1076 if (sa) 1077 sa->sa_cp = cp.cp_type; 1078 1079 return (0); 1080 } 1081 1082 int 1083 ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld, 1084 struct iked_message *msg, off_t offset) 1085 { 1086 struct eap_header *hdr; 1087 struct eap_message *eap = NULL; 1088 struct iked_sa *sa = msg->msg_sa; 1089 size_t len; 1090 1091 if ((hdr = ibuf_seek(msg->msg_data, offset, sizeof(*hdr))) == NULL) { 1092 log_debug("%s: failed to get EAP header", __func__); 1093 return (-1); 1094 } 1095 1096 len = betoh16(hdr->eap_length); 1097 1098 if (len < sizeof(*eap)) { 1099 log_info("%s: %s id %d length %d", __func__, 1100 print_map(hdr->eap_code, eap_code_map), 1101 hdr->eap_id, betoh16(hdr->eap_length)); 1102 } else { 1103 /* Now try to get the indicated length */ 1104 if ((eap = ibuf_seek(msg->msg_data, offset, len)) == NULL) { 1105 log_debug("%s: invalid EAP length", __func__); 1106 return (-1); 1107 } 1108 1109 log_info("%s: %s id %d length %d EAP-%s", __func__, 1110 print_map(eap->eap_code, eap_code_map), 1111 eap->eap_id, betoh16(eap->eap_length), 1112 print_map(eap->eap_type, eap_type_map)); 1113 } 1114 1115 if (eap_parse(env, sa, hdr, msg->msg_response) == -1) 1116 return (-1); 1117 1118 return (0); 1119 } 1120