1 /* $OpenBSD: ipsec.c,v 1.78 2003/07/25 08:31:16 markus Exp $ */ 2 /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ 3 4 /* 5 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. 6 * Copyright (c) 2001 Angelos D. Keromytis. All rights reserved. 7 * Copyright (c) 2001 H�kan Olsson. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* 31 * This code was written under funding by Ericsson Radio Systems. 32 */ 33 34 #include <sys/types.h> 35 #include <sys/socket.h> 36 #include <netdb.h> 37 #include <netinet/in.h> 38 #include <arpa/inet.h> 39 #include <stdlib.h> 40 #include <string.h> 41 42 #include "sysdep.h" 43 44 #include "attribute.h" 45 #include "conf.h" 46 #include "constants.h" 47 #include "crypto.h" 48 #include "dh.h" 49 #include "doi.h" 50 #include "exchange.h" 51 #include "hash.h" 52 #include "ike_aggressive.h" 53 #include "ike_auth.h" 54 #include "ike_main_mode.h" 55 #include "ike_quick_mode.h" 56 #include "ipsec.h" 57 #include "ipsec_doi.h" 58 #include "isakmp.h" 59 #include "isakmp_cfg.h" 60 #include "isakmp_fld.h" 61 #include "isakmp_num.h" 62 #include "log.h" 63 #include "math_group.h" 64 #include "message.h" 65 #include "prf.h" 66 #include "sa.h" 67 #include "timer.h" 68 #include "transport.h" 69 #include "util.h" 70 #include "x509.h" 71 72 /* Backwards compatibility. */ 73 #ifndef NI_MAXHOST 74 #define NI_MAXHOST 1025 75 #endif 76 77 /* The replay window size used for all IPsec protocols if not overridden. */ 78 #define DEFAULT_REPLAY_WINDOW 16 79 80 struct ipsec_decode_arg { 81 struct message *msg; 82 struct sa *sa; 83 struct proto *proto; 84 }; 85 86 /* These variables hold the contacted peers ADT state. */ 87 struct contact { 88 struct sockaddr *addr; 89 socklen_t len; 90 } *contacts = 0; 91 int contact_cnt = 0, contact_limit = 0; 92 93 static int addr_cmp (const void *, const void *); 94 static int ipsec_add_contact (struct message *msg); 95 static int ipsec_contacted (struct message *msg); 96 #ifdef USE_DEBUG 97 static int ipsec_debug_attribute (u_int16_t, u_int8_t *, u_int16_t, void *); 98 #endif 99 static void ipsec_delete_spi (struct sa *, struct proto *, int); 100 static int16_t *ipsec_exchange_script (u_int8_t); 101 static void ipsec_finalize_exchange (struct message *); 102 static void ipsec_free_exchange_data (void *); 103 static void ipsec_free_proto_data (void *); 104 static void ipsec_free_sa_data (void *); 105 static struct keystate *ipsec_get_keystate (struct message *); 106 static u_int8_t *ipsec_get_spi (size_t *, u_int8_t, struct message *); 107 static int ipsec_handle_leftover_payload (struct message *, u_int8_t, 108 struct payload *); 109 static int ipsec_informational_post_hook (struct message *); 110 static int ipsec_informational_pre_hook (struct message *); 111 static int ipsec_initiator (struct message *); 112 static void ipsec_proto_init (struct proto *, char *); 113 static int ipsec_responder (struct message *); 114 static void ipsec_setup_situation (u_int8_t *); 115 static int ipsec_set_network (u_int8_t *, u_int8_t *, struct ipsec_sa *); 116 static size_t ipsec_situation_size (void); 117 static u_int8_t ipsec_spi_size (u_int8_t); 118 static int ipsec_validate_attribute (u_int16_t, u_int8_t *, u_int16_t, void *); 119 static int ipsec_validate_exchange (u_int8_t); 120 static int ipsec_validate_id_information (u_int8_t, u_int8_t *, u_int8_t *, 121 size_t, struct exchange *); 122 static int ipsec_validate_key_information (u_int8_t *, size_t); 123 static int ipsec_validate_notification (u_int16_t); 124 static int ipsec_validate_proto (u_int8_t); 125 static int ipsec_validate_situation (u_int8_t *, size_t *); 126 static int ipsec_validate_transform_id (u_int8_t, u_int8_t); 127 128 static struct doi ipsec_doi = { 129 { 0 }, IPSEC_DOI_IPSEC, 130 sizeof (struct ipsec_exch), sizeof (struct ipsec_sa), 131 sizeof (struct ipsec_proto), 132 #ifdef USE_DEBUG 133 ipsec_debug_attribute, 134 #endif 135 ipsec_delete_spi, 136 ipsec_exchange_script, 137 ipsec_finalize_exchange, 138 ipsec_free_exchange_data, 139 ipsec_free_proto_data, 140 ipsec_free_sa_data, 141 ipsec_get_keystate, 142 ipsec_get_spi, 143 ipsec_handle_leftover_payload, 144 ipsec_informational_post_hook, 145 ipsec_informational_pre_hook, 146 ipsec_is_attribute_incompatible, 147 ipsec_proto_init, 148 ipsec_setup_situation, 149 ipsec_situation_size, 150 ipsec_spi_size, 151 ipsec_validate_attribute, 152 ipsec_validate_exchange, 153 ipsec_validate_id_information, 154 ipsec_validate_key_information, 155 ipsec_validate_notification, 156 ipsec_validate_proto, 157 ipsec_validate_situation, 158 ipsec_validate_transform_id, 159 ipsec_initiator, 160 ipsec_responder, 161 ipsec_decode_ids 162 }; 163 164 int16_t script_quick_mode[] = { 165 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 166 ISAKMP_PAYLOAD_SA, 167 ISAKMP_PAYLOAD_NONCE, 168 EXCHANGE_SCRIPT_SWITCH, 169 ISAKMP_PAYLOAD_HASH, /* Responder -> initiator. */ 170 ISAKMP_PAYLOAD_SA, 171 ISAKMP_PAYLOAD_NONCE, 172 EXCHANGE_SCRIPT_SWITCH, 173 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 174 EXCHANGE_SCRIPT_END 175 }; 176 177 int16_t script_new_group_mode[] = { 178 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 179 ISAKMP_PAYLOAD_SA, 180 EXCHANGE_SCRIPT_SWITCH, 181 ISAKMP_PAYLOAD_HASH, /* Responder -> initiator. */ 182 ISAKMP_PAYLOAD_SA, 183 EXCHANGE_SCRIPT_END 184 }; 185 186 struct dst_spi_proto_arg { 187 struct sockaddr *dst; 188 u_int32_t spi; 189 u_int8_t proto; 190 }; 191 192 /* 193 * Check if SA matches what we are asking for through V_ARG. It has to 194 * be a finished phase 2 SA. 195 * if "proto" arg is 0, match any proto 196 */ 197 static int 198 ipsec_sa_check (struct sa *sa, void *v_arg) 199 { 200 struct dst_spi_proto_arg *arg = v_arg; 201 struct proto *proto; 202 struct sockaddr *dst, *src; 203 int incoming; 204 205 if (sa->phase != 2 || !(sa->flags & SA_FLAG_READY)) 206 return 0; 207 208 sa->transport->vtbl->get_dst (sa->transport, &dst); 209 if (memcmp (sockaddr_addrdata (dst), sockaddr_addrdata (arg->dst), 210 sockaddr_addrlen (dst)) == 0) 211 incoming = 0; 212 else 213 { 214 sa->transport->vtbl->get_src (sa->transport, &src); 215 if (memcmp (sockaddr_addrdata (src), sockaddr_addrdata (arg->dst), 216 sockaddr_addrlen (src)) == 0) 217 incoming = 1; 218 else 219 return 0; 220 } 221 222 for (proto = TAILQ_FIRST (&sa->protos); proto; 223 proto = TAILQ_NEXT (proto, link)) 224 if ((arg->proto == 0 || proto->proto == arg->proto) 225 && memcmp (proto->spi[incoming], &arg->spi, sizeof arg->spi) == 0) 226 return 1; 227 return 0; 228 } 229 230 /* Find an SA with a "name" of DST, SPI & PROTO. */ 231 struct sa * 232 ipsec_sa_lookup (struct sockaddr *dst, u_int32_t spi, u_int8_t proto) 233 { 234 struct dst_spi_proto_arg arg; 235 236 arg.dst = dst; 237 arg.spi = spi; 238 arg.proto = proto; 239 240 return sa_find (ipsec_sa_check, &arg); 241 } 242 243 /* 244 * Check if SA matches the flow of another SA in V_ARG. It has to 245 * be a finished non-replaced phase 2 SA. 246 * XXX At some point other selectors will matter here too. 247 */ 248 static int 249 ipsec_sa_check_flow (struct sa *sa, void *v_arg) 250 { 251 struct sa *sa2 = v_arg; 252 struct ipsec_sa *isa = sa->data, *isa2 = sa2->data; 253 254 if (sa == sa2 || sa->phase != 2 255 || (sa->flags & (SA_FLAG_READY | SA_FLAG_REPLACED)) != SA_FLAG_READY) 256 return 0; 257 258 if (isa->tproto != isa2->tproto || isa->sport != isa2->sport 259 || isa->dport != isa2->dport) 260 return 0; 261 262 return isa->src_net->sa_family == isa2->src_net->sa_family 263 && memcmp (sockaddr_addrdata (isa->src_net), 264 sockaddr_addrdata (isa2->src_net), 265 sockaddr_addrlen (isa->src_net)) == 0 266 && memcmp (sockaddr_addrdata (isa->src_mask), 267 sockaddr_addrdata (isa2->src_mask), 268 sockaddr_addrlen (isa->src_mask)) == 0 269 && memcmp (sockaddr_addrdata (isa->dst_net), 270 sockaddr_addrdata (isa2->dst_net), 271 sockaddr_addrlen (isa->dst_net)) == 0 272 && memcmp (sockaddr_addrdata (isa->dst_mask), 273 sockaddr_addrdata (isa2->dst_mask), 274 sockaddr_addrlen (isa->dst_mask)) == 0; 275 } 276 277 /* 278 * Do IPsec DOI specific finalizations task for the exchange where MSG was 279 * the final message. 280 */ 281 static void 282 ipsec_finalize_exchange (struct message *msg) 283 { 284 struct sa *isakmp_sa = msg->isakmp_sa; 285 struct ipsec_sa *isa; 286 struct exchange *exchange = msg->exchange; 287 struct ipsec_exch *ie = exchange->data; 288 struct sa *sa = 0, *old_sa; 289 struct proto *proto, *last_proto = 0; 290 #ifdef USE_DEBUG 291 char *addr1, *addr2, *mask1, *mask2; 292 #endif 293 294 switch (exchange->phase) 295 { 296 case 1: 297 switch (exchange->type) 298 { 299 case ISAKMP_EXCH_ID_PROT: 300 case ISAKMP_EXCH_AGGRESSIVE: 301 isa = isakmp_sa->data; 302 isa->hash = ie->hash->type; 303 isa->prf_type = ie->prf_type; 304 isa->skeyid_len = ie->skeyid_len; 305 isa->skeyid_d = ie->skeyid_d; 306 isa->skeyid_a = ie->skeyid_a; 307 /* Prevents early free of SKEYID_*. */ 308 ie->skeyid_a = ie->skeyid_d = 0; 309 310 /* If a lifetime was negotiated setup the expiration timers. */ 311 if (isakmp_sa->seconds) 312 sa_setup_expirations (isakmp_sa); 313 break; 314 } 315 break; 316 317 case 2: 318 switch (exchange->type) 319 { 320 case IKE_EXCH_QUICK_MODE: 321 /* 322 * Tell the application(s) about the SPIs and key material. 323 */ 324 for (sa = TAILQ_FIRST (&exchange->sa_list); sa; 325 sa = TAILQ_NEXT (sa, next)) 326 { 327 isa = sa->data; 328 329 if (exchange->initiator) 330 { 331 /* Initiator is source, responder is destination. */ 332 if (ipsec_set_network (ie->id_ci, ie->id_cr, isa)) 333 { 334 log_print ("ipsec_finalize_exchange: " 335 "ipsec_set_network failed"); 336 return; 337 } 338 } 339 else 340 { 341 /* Responder is source, initiator is destination. */ 342 if (ipsec_set_network (ie->id_cr, ie->id_ci, isa)) 343 { 344 log_print ("ipsec_finalize_exchange: " 345 "ipsec_set_network failed"); 346 return; 347 } 348 } 349 350 for (proto = TAILQ_FIRST (&sa->protos), last_proto = 0; proto; 351 proto = TAILQ_NEXT (proto, link)) 352 { 353 if (sysdep_ipsec_set_spi (sa, proto, 0, isakmp_sa) 354 || (last_proto 355 && sysdep_ipsec_group_spis (sa, last_proto, proto, 356 0)) 357 || sysdep_ipsec_set_spi (sa, proto, 1, isakmp_sa) 358 || (last_proto 359 && sysdep_ipsec_group_spis (sa, last_proto, proto, 360 1))) 361 /* XXX Tear down this exchange. */ 362 return; 363 last_proto = proto; 364 } 365 366 #ifdef USE_DEBUG 367 if (sockaddr2text (isa->src_net, &addr1, 0)) 368 addr1 = 0; 369 if (sockaddr2text (isa->src_mask, &mask1, 0)) 370 mask1 = 0; 371 if (sockaddr2text (isa->dst_net, &addr2, 0)) 372 addr2 = 0; 373 if (sockaddr2text (isa->dst_mask, &mask2, 0)) 374 mask2 = 0; 375 376 LOG_DBG ((LOG_EXCHANGE, 50, 377 "ipsec_finalize_exchange: " 378 "src %s %s dst %s %s tproto %u sport %u dport %u", 379 addr1 ? addr1 : "<??\?>" , mask1 ? mask1 : "<??\?>", 380 addr2 ? addr2 : "<??\?>" , mask2 ? mask2 : "<??\?>", 381 isa->tproto, ntohs (isa->sport), ntohs (isa->dport))); 382 383 if (addr1) 384 free (addr1); 385 if (mask1) 386 free (mask1); 387 if (addr2) 388 free (addr2); 389 if (mask2) 390 free (mask2); 391 392 #endif /* USE_DEBUG */ 393 394 /* 395 * If this is not an SA acquired by the kernel, it needs 396 * to have a SPD entry (a.k.a. flow) set up. 397 */ 398 if (!(sa->flags & SA_FLAG_ONDEMAND) 399 && sysdep_ipsec_enable_sa (sa, isakmp_sa)) 400 /* XXX Tear down this exchange. */ 401 return; 402 403 /* Mark elder SAs with the same flow information as replaced. */ 404 while ((old_sa = sa_find (ipsec_sa_check_flow, sa)) != 0) 405 sa_mark_replaced (old_sa); 406 } 407 break; 408 } 409 } 410 } 411 412 /* Set the client addresses in ISA from SRC_ID and DST_ID. */ 413 static int 414 ipsec_set_network (u_int8_t *src_id, u_int8_t *dst_id, struct ipsec_sa *isa) 415 { 416 int id; 417 char *v; 418 419 /* Set source address/mask. */ 420 id = GET_ISAKMP_ID_TYPE (src_id); 421 switch (id) 422 { 423 case IPSEC_ID_IPV4_ADDR: 424 case IPSEC_ID_IPV4_ADDR_SUBNET: 425 isa->src_net = 426 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in)); 427 if (!isa->src_net) 428 goto memfail; 429 isa->src_net->sa_family = AF_INET; 430 #ifndef USE_OLD_SOCKADDR 431 isa->src_net->sa_len = sizeof (struct sockaddr_in); 432 #endif 433 434 isa->src_mask = 435 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in)); 436 if (!isa->src_mask) 437 goto memfail; 438 isa->src_mask->sa_family = AF_INET; 439 #ifndef USE_OLD_SOCKADDR 440 isa->src_mask->sa_len = sizeof (struct sockaddr_in); 441 #endif 442 break; 443 444 case IPSEC_ID_IPV6_ADDR: 445 case IPSEC_ID_IPV6_ADDR_SUBNET: 446 isa->src_net = 447 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in6)); 448 if (!isa->src_net) 449 goto memfail; 450 isa->src_net->sa_family = AF_INET6; 451 #ifndef USE_OLD_SOCKADDR 452 isa->src_net->sa_len = sizeof (struct sockaddr_in6); 453 #endif 454 455 isa->src_mask = 456 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in6)); 457 if (!isa->src_mask) 458 goto memfail; 459 isa->src_mask->sa_family = AF_INET6; 460 #ifndef USE_OLD_SOCKADDR 461 isa->src_mask->sa_len = sizeof (struct sockaddr_in6); 462 #endif 463 break; 464 465 case IPSEC_ID_IPV4_RANGE: 466 case IPSEC_ID_IPV6_RANGE: 467 case IPSEC_ID_DER_ASN1_DN: 468 case IPSEC_ID_DER_ASN1_GN: 469 case IPSEC_ID_KEY_ID: 470 default: 471 v = constant_lookup (ipsec_id_cst, id); 472 log_print ("ipsec_set_network: ID type %d (%s) not supported", 473 id, v ? v : "<unknown>"); 474 return -1; 475 } 476 477 /* Net */ 478 memcpy (sockaddr_addrdata (isa->src_net), src_id + ISAKMP_ID_DATA_OFF, 479 sockaddr_addrlen (isa->src_net)); 480 481 /* Mask */ 482 switch (id) 483 { 484 case IPSEC_ID_IPV4_ADDR: 485 case IPSEC_ID_IPV6_ADDR: 486 memset (sockaddr_addrdata (isa->src_mask), 0xff, 487 sockaddr_addrlen (isa->src_mask)); 488 break; 489 case IPSEC_ID_IPV4_ADDR_SUBNET: 490 case IPSEC_ID_IPV6_ADDR_SUBNET: 491 memcpy (sockaddr_addrdata (isa->src_mask), src_id + ISAKMP_ID_DATA_OFF + 492 sockaddr_addrlen (isa->src_net), 493 sockaddr_addrlen (isa->src_mask)); 494 break; 495 } 496 497 memcpy (&isa->sport, src_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF, 498 IPSEC_ID_PORT_LEN); 499 500 /* Set destination address. */ 501 id = GET_ISAKMP_ID_TYPE (dst_id); 502 switch (id) 503 { 504 case IPSEC_ID_IPV4_ADDR: 505 case IPSEC_ID_IPV4_ADDR_SUBNET: 506 isa->dst_net = 507 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in)); 508 if (!isa->dst_net) 509 goto memfail; 510 isa->dst_net->sa_family = AF_INET; 511 #ifndef USE_OLD_SOCKADDR 512 isa->dst_net->sa_len = sizeof (struct sockaddr_in); 513 #endif 514 515 isa->dst_mask = 516 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in)); 517 if (!isa->dst_mask) 518 goto memfail; 519 isa->dst_mask->sa_family = AF_INET; 520 #ifndef USE_OLD_SOCKADDR 521 isa->dst_mask->sa_len = sizeof (struct sockaddr_in); 522 #endif 523 break; 524 525 case IPSEC_ID_IPV6_ADDR: 526 case IPSEC_ID_IPV6_ADDR_SUBNET: 527 isa->dst_net = 528 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in6)); 529 if (!isa->dst_net) 530 goto memfail; 531 isa->dst_net->sa_family = AF_INET6; 532 #ifndef USE_OLD_SOCKADDR 533 isa->dst_net->sa_len = sizeof (struct sockaddr_in6); 534 #endif 535 536 isa->dst_mask = 537 (struct sockaddr *)calloc (1, sizeof (struct sockaddr_in6)); 538 if (!isa->dst_mask) 539 goto memfail; 540 isa->dst_mask->sa_family = AF_INET6; 541 #ifndef USE_OLD_SOCKADDR 542 isa->dst_mask->sa_len = sizeof (struct sockaddr_in6); 543 #endif 544 break; 545 } 546 547 /* Net */ 548 memcpy (sockaddr_addrdata (isa->dst_net), dst_id + ISAKMP_ID_DATA_OFF, 549 sockaddr_addrlen (isa->dst_net)); 550 551 /* Mask */ 552 switch (id) 553 { 554 case IPSEC_ID_IPV4_ADDR: 555 case IPSEC_ID_IPV6_ADDR: 556 memset (sockaddr_addrdata (isa->dst_mask), 0xff, 557 sockaddr_addrlen (isa->dst_mask)); 558 break; 559 case IPSEC_ID_IPV4_ADDR_SUBNET: 560 case IPSEC_ID_IPV6_ADDR_SUBNET: 561 memcpy (sockaddr_addrdata (isa->dst_mask), dst_id + ISAKMP_ID_DATA_OFF + 562 sockaddr_addrlen (isa->dst_net), 563 sockaddr_addrlen (isa->dst_mask)); 564 break; 565 } 566 567 memcpy (&isa->tproto, dst_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PROTO_OFF, 568 IPSEC_ID_PROTO_LEN); 569 memcpy (&isa->dport, dst_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF, 570 IPSEC_ID_PORT_LEN); 571 return 0; 572 573 memfail: 574 log_error ("ipsec_set_network: calloc () failed"); 575 return -1; 576 } 577 578 /* Free the DOI-specific exchange data pointed to by VIE. */ 579 static void 580 ipsec_free_exchange_data (void *vie) 581 { 582 struct ipsec_exch *ie = vie; 583 #ifdef USE_ISAKMP_CFG 584 struct isakmp_cfg_attr *attr; 585 #endif 586 587 if (ie->sa_i_b) 588 free (ie->sa_i_b); 589 if (ie->id_ci) 590 free (ie->id_ci); 591 if (ie->id_cr) 592 free (ie->id_cr); 593 if (ie->g_xi) 594 free (ie->g_xi); 595 if (ie->g_xr) 596 free (ie->g_xr); 597 if (ie->g_xy) 598 free (ie->g_xy); 599 if (ie->skeyid) 600 free (ie->skeyid); 601 if (ie->skeyid_d) 602 free (ie->skeyid_d); 603 if (ie->skeyid_a) 604 free (ie->skeyid_a); 605 if (ie->skeyid_e) 606 free (ie->skeyid_e); 607 if (ie->hash_i) 608 free (ie->hash_i); 609 if (ie->hash_r) 610 free (ie->hash_r); 611 if (ie->group) 612 group_free (ie->group); 613 #ifdef USE_ISAKMP_CFG 614 for (attr = LIST_FIRST (&ie->attrs); attr; attr = LIST_FIRST (&ie->attrs)) 615 { 616 LIST_REMOVE (attr, link); 617 if (attr->length) 618 free (attr->value); 619 free (attr); 620 } 621 #endif 622 } 623 624 /* Free the DOI-specific SA data pointed to by VISA. */ 625 static void 626 ipsec_free_sa_data (void *visa) 627 { 628 struct ipsec_sa *isa = visa; 629 630 if (isa->src_net) 631 free (isa->src_net); 632 if (isa->src_mask) 633 free (isa->src_mask); 634 if (isa->dst_net) 635 free (isa->dst_net); 636 if (isa->dst_mask) 637 free (isa->dst_mask); 638 if (isa->skeyid_a) 639 free (isa->skeyid_a); 640 if (isa->skeyid_d) 641 free (isa->skeyid_d); 642 } 643 644 /* Free the DOI-specific protocol data of an SA pointed to by VIPROTO. */ 645 static void 646 ipsec_free_proto_data (void *viproto) 647 { 648 struct ipsec_proto *iproto = viproto; 649 int i; 650 651 for (i = 0; i < 2; i++) 652 if (iproto->keymat[i]) 653 free (iproto->keymat[i]); 654 } 655 656 /* Return exchange script based on TYPE. */ 657 static int16_t * 658 ipsec_exchange_script (u_int8_t type) 659 { 660 switch (type) 661 { 662 #ifdef USE_ISAKMP_CFG 663 case ISAKMP_EXCH_TRANSACTION: 664 return script_transaction; 665 #endif 666 case IKE_EXCH_QUICK_MODE: 667 return script_quick_mode; 668 case IKE_EXCH_NEW_GROUP_MODE: 669 return script_new_group_mode; 670 } 671 return 0; 672 } 673 674 /* Initialize this DOI, requires doi_init to already have been called. */ 675 void 676 ipsec_init (void) 677 { 678 doi_register (&ipsec_doi); 679 } 680 681 /* Given a message MSG, return a suitable IV (or rather keystate). */ 682 static struct keystate * 683 ipsec_get_keystate (struct message *msg) 684 { 685 struct keystate *ks; 686 struct hash *hash; 687 688 /* If we have already have an IV, use it. */ 689 if (msg->exchange && msg->exchange->keystate) 690 { 691 ks = malloc (sizeof *ks); 692 if (!ks) 693 { 694 log_error ("ipsec_get_keystate: malloc (%lu) failed", 695 (unsigned long)sizeof *ks); 696 return 0; 697 } 698 memcpy (ks, msg->exchange->keystate, sizeof *ks); 699 return ks; 700 } 701 702 /* 703 * For phase 2 when no SA yet is setup we need to hash the IV used by 704 * the ISAKMP SA concatenated with the message ID, and use that as an 705 * IV for further cryptographic operations. 706 */ 707 if (!msg->isakmp_sa->keystate) 708 { 709 log_print ("ipsec_get_keystate: no keystate in ISAKMP SA %p", 710 msg->isakmp_sa); 711 return 0; 712 } 713 ks = crypto_clone_keystate (msg->isakmp_sa->keystate); 714 if (!ks) 715 return 0; 716 717 hash = hash_get (((struct ipsec_sa *)msg->isakmp_sa->data)->hash); 718 hash->Init (hash->ctx); 719 LOG_DBG_BUF ((LOG_CRYPTO, 80, "ipsec_get_keystate: final phase 1 IV", 720 ks->riv, ks->xf->blocksize)); 721 hash->Update (hash->ctx, ks->riv, ks->xf->blocksize); 722 LOG_DBG_BUF ((LOG_CRYPTO, 80, "ipsec_get_keystate: message ID", 723 ((u_int8_t *)msg->iov[0].iov_base) 724 + ISAKMP_HDR_MESSAGE_ID_OFF, 725 ISAKMP_HDR_MESSAGE_ID_LEN)); 726 hash->Update (hash->ctx, 727 ((u_int8_t *)msg->iov[0].iov_base) + ISAKMP_HDR_MESSAGE_ID_OFF, 728 ISAKMP_HDR_MESSAGE_ID_LEN); 729 hash->Final (hash->digest, hash->ctx); 730 crypto_init_iv (ks, hash->digest, ks->xf->blocksize); 731 LOG_DBG_BUF ((LOG_CRYPTO, 80, "ipsec_get_keystate: phase 2 IV", 732 hash->digest, ks->xf->blocksize)); 733 return ks; 734 } 735 736 static void 737 ipsec_setup_situation (u_int8_t *buf) 738 { 739 SET_IPSEC_SIT_SIT (buf + ISAKMP_SA_SIT_OFF, IPSEC_SIT_IDENTITY_ONLY); 740 } 741 742 static size_t 743 ipsec_situation_size (void) 744 { 745 return IPSEC_SIT_SIT_LEN; 746 } 747 748 static u_int8_t 749 ipsec_spi_size (u_int8_t proto) 750 { 751 return IPSEC_SPI_SIZE; 752 } 753 754 static int 755 ipsec_validate_attribute (u_int16_t type, u_int8_t *value, u_int16_t len, 756 void *vmsg) 757 { 758 struct message *msg = vmsg; 759 760 if ((msg->exchange->phase == 1 761 && (type < IKE_ATTR_ENCRYPTION_ALGORITHM 762 || type > IKE_ATTR_GROUP_ORDER)) 763 || (msg->exchange->phase == 2 764 && (type < IPSEC_ATTR_SA_LIFE_TYPE 765 || type > IPSEC_ATTR_ECN_TUNNEL))) 766 return -1; 767 return 0; 768 } 769 770 static int 771 ipsec_validate_exchange (u_int8_t exch) 772 { 773 return exch != IKE_EXCH_QUICK_MODE && exch != IKE_EXCH_NEW_GROUP_MODE; 774 } 775 776 static int 777 ipsec_validate_id_information (u_int8_t type, u_int8_t *extra, u_int8_t *buf, 778 size_t sz, struct exchange *exchange) 779 { 780 u_int8_t proto = GET_IPSEC_ID_PROTO (extra); 781 u_int16_t port = GET_IPSEC_ID_PORT (extra); 782 783 LOG_DBG ((LOG_MESSAGE, 0, 784 "ipsec_validate_id_information: proto %d port %d type %d", 785 proto, port, type)); 786 if (type < IPSEC_ID_IPV4_ADDR || type > IPSEC_ID_KEY_ID) 787 return -1; 788 789 switch (type) 790 { 791 case IPSEC_ID_IPV4_ADDR: 792 LOG_DBG_BUF ((LOG_MESSAGE, 40, "ipsec_validate_id_information: IPv4", 793 buf, sizeof (struct in_addr))); 794 break; 795 796 case IPSEC_ID_IPV6_ADDR: 797 LOG_DBG_BUF ((LOG_MESSAGE, 40, "ipsec_validate_id_information: IPv6", 798 buf, sizeof (struct in6_addr))); 799 break; 800 801 case IPSEC_ID_IPV4_ADDR_SUBNET: 802 LOG_DBG_BUF ((LOG_MESSAGE, 40, 803 "ipsec_validate_id_information: IPv4 network/netmask", 804 buf, 2 * sizeof (struct in_addr))); 805 break; 806 807 case IPSEC_ID_IPV6_ADDR_SUBNET: 808 LOG_DBG_BUF ((LOG_MESSAGE, 40, 809 "ipsec_validate_id_information: IPv6 network/netmask", 810 buf, 2 * sizeof (struct in6_addr))); 811 break; 812 813 default: 814 break; 815 } 816 817 if (exchange->phase == 1 818 && (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT) 819 && (proto != 0 || port != 0)) 820 { 821 /* XXX SSH's ISAKMP tester fails this test (proto 17 - port 0). */ 822 #ifdef notyet 823 return -1; 824 #else 825 log_print ("ipsec_validate_id_information: " 826 "dubious ID information accepted"); 827 #endif 828 } 829 830 /* XXX More checks? */ 831 832 return 0; 833 } 834 835 static int 836 ipsec_validate_key_information (u_int8_t *buf, size_t sz) 837 { 838 /* XXX Not implemented yet. */ 839 return 0; 840 } 841 842 static int 843 ipsec_validate_notification (u_int16_t type) 844 { 845 return type < IPSEC_NOTIFY_RESPONDER_LIFETIME 846 || type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0; 847 } 848 849 static int 850 ipsec_validate_proto (u_int8_t proto) 851 { 852 return proto < IPSEC_PROTO_IPSEC_AH || proto > IPSEC_PROTO_IPCOMP ? -1 : 0; 853 } 854 855 static int 856 ipsec_validate_situation (u_int8_t *buf, size_t *sz) 857 { 858 int sit = GET_IPSEC_SIT_SIT (buf); 859 int off; 860 861 if (sit & (IPSEC_SIT_SECRECY | IPSEC_SIT_INTEGRITY)) 862 { 863 /* 864 * XXX All the roundups below, round up to 32 bit boundaries given 865 * that the situation field is aligned. This is not necessarily so, 866 * but I interpret the drafts as this is like this they want it. 867 */ 868 off = ROUNDUP_32 (GET_IPSEC_SIT_SECRECY_LENGTH (buf)); 869 off += ROUNDUP_32 (GET_IPSEC_SIT_SECRECY_CAT_LENGTH (buf + off)); 870 off += ROUNDUP_32 (GET_IPSEC_SIT_INTEGRITY_LENGTH (buf + off)); 871 off += ROUNDUP_32 (GET_IPSEC_SIT_INTEGRITY_CAT_LENGTH (buf + off)); 872 *sz = off + IPSEC_SIT_SZ; 873 } 874 else 875 *sz = IPSEC_SIT_SIT_LEN; 876 877 /* Currently only "identity only" situations are supported. */ 878 #ifdef notdef 879 return 880 sit & ~(IPSEC_SIT_IDENTITY_ONLY | IPSEC_SIT_SECRECY | IPSEC_SIT_INTEGRITY); 881 #else 882 return sit & ~IPSEC_SIT_IDENTITY_ONLY; 883 #endif 884 return 1; 885 return 0; 886 } 887 888 static int 889 ipsec_validate_transform_id (u_int8_t proto, u_int8_t transform_id) 890 { 891 switch (proto) 892 { 893 /* 894 * As no unexpected protocols can occur, we just tie the default case 895 * to the first case, in orer to silence a GCC warning. 896 */ 897 default: 898 case ISAKMP_PROTO_ISAKMP: 899 return transform_id != IPSEC_TRANSFORM_KEY_IKE; 900 case IPSEC_PROTO_IPSEC_AH: 901 return 902 transform_id < IPSEC_AH_MD5 || transform_id > IPSEC_AH_DES ? -1 : 0; 903 case IPSEC_PROTO_IPSEC_ESP: 904 return transform_id < IPSEC_ESP_DES_IV64 905 || (transform_id > IPSEC_ESP_AES_128_CTR 906 && transform_id < IPSEC_ESP_AES_MARS) 907 || transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; 908 case IPSEC_PROTO_IPCOMP: 909 return transform_id < IPSEC_IPCOMP_OUI 910 || transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0; 911 } 912 } 913 914 static int 915 ipsec_initiator (struct message *msg) 916 { 917 struct exchange *exchange = msg->exchange; 918 int (**script) (struct message *) = 0; 919 920 /* Check that the SA is coherent with the IKE rules. */ 921 if (exchange->type != ISAKMP_EXCH_TRANSACTION 922 && ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT 923 && exchange->type != ISAKMP_EXCH_AGGRESSIVE 924 && exchange->type != ISAKMP_EXCH_INFO) 925 || (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE 926 && exchange->type != ISAKMP_EXCH_INFO))) 927 { 928 log_print ("ipsec_initiator: unsupported exchange type %d in phase %d", 929 exchange->type, exchange->phase); 930 return -1; 931 } 932 933 switch (exchange->type) 934 { 935 case ISAKMP_EXCH_ID_PROT: 936 script = ike_main_mode_initiator; 937 break; 938 #ifdef USE_AGGRESSIVE 939 case ISAKMP_EXCH_AGGRESSIVE: 940 script = ike_aggressive_initiator; 941 break; 942 #endif 943 #ifdef USE_ISAKMP_CFG 944 case ISAKMP_EXCH_TRANSACTION: 945 script = isakmp_cfg_initiator; 946 break; 947 #endif 948 case ISAKMP_EXCH_INFO: 949 return message_send_info (msg); 950 case IKE_EXCH_QUICK_MODE: 951 script = ike_quick_mode_initiator; 952 break; 953 default: 954 log_print ("ipsec_initiator: unsupported exchange type %d", 955 exchange->type); 956 return -1; 957 } 958 959 /* Run the script code for this step. */ 960 if (script) 961 return script[exchange->step] (msg); 962 963 return 0; 964 } 965 966 /* 967 * delete all SA's from addr with the associated proto and SPI's 968 * 969 * spis[] is an array of SPIs of size 16-octet for proto ISAKMP 970 * or 4-octet otherwise. 971 */ 972 static void 973 ipsec_delete_spi_list (struct sockaddr *addr, u_int8_t proto, 974 u_int8_t *spis, int nspis, char *type) 975 { 976 struct sa *sa; 977 int i; 978 979 for (i = 0; i < nspis; i++) 980 { 981 if (proto == ISAKMP_PROTO_ISAKMP) 982 { 983 u_int8_t *spi = spis + i * ISAKMP_HDR_COOKIES_LEN; 984 985 /* 986 * This really shouldn't happen in IPSEC DOI 987 * code, but Cisco VPN 3000 sends ISAKMP DELETE's 988 * this way. 989 */ 990 sa = sa_lookup_isakmp_sa (addr, spi); 991 } 992 else 993 { 994 u_int32_t spi = ((u_int32_t *)spis)[i]; 995 996 sa = ipsec_sa_lookup (addr, spi, proto); 997 } 998 999 if (sa == NULL) 1000 { 1001 LOG_DBG ((LOG_SA, 30, "ipsec_delete_spi_list: " 1002 "could not locate SA (SPI %08x, proto %u)", 1003 spis[i], proto)); 1004 continue; 1005 } 1006 1007 /* Delete the SA and search for the next */ 1008 LOG_DBG ((LOG_SA, 30, "ipsec_delete_spi_list: " 1009 "%s made us delete SA %p (%d references) for proto %d", 1010 type, sa, sa->refcnt, proto)); 1011 1012 sa_free (sa); 1013 } 1014 } 1015 1016 /* 1017 * deal with a NOTIFY of INVALID_SPI 1018 */ 1019 static void 1020 ipsec_invalid_spi (struct message *msg, struct payload *p) 1021 { 1022 struct sockaddr *dst; 1023 int invspisz, off; 1024 u_int32_t spi; 1025 u_int16_t totsiz; 1026 u_int8_t spisz; 1027 1028 /* 1029 * get the invalid spi out of the variable sized notification data 1030 * field, which is after the variable sized SPI field [which specifies 1031 * the receiving entity's phase-1 SPI, not the invalid spi] 1032 */ 1033 totsiz = GET_ISAKMP_GEN_LENGTH (p->p); 1034 spisz = GET_ISAKMP_NOTIFY_SPI_SZ (p->p); 1035 off = ISAKMP_NOTIFY_SPI_OFF + spisz; 1036 invspisz = totsiz - off; 1037 1038 if (invspisz != sizeof spi) 1039 { 1040 LOG_DBG ((LOG_SA, 40, 1041 "ipsec_invalid_spi: SPI size %d in INVALID_SPI " 1042 "payload unsupported", spisz)); 1043 return; 1044 } 1045 memcpy (&spi, p->p + off, sizeof spi); 1046 1047 msg->transport->vtbl->get_dst (msg->transport, &dst); 1048 1049 /* delete matching SPI's from this peer */ 1050 ipsec_delete_spi_list (dst, 0, (u_int8_t *)&spi, 1, "INVALID_SPI"); 1051 } 1052 1053 static int 1054 ipsec_responder (struct message *msg) 1055 { 1056 struct exchange *exchange = msg->exchange; 1057 int (**script) (struct message *) = 0; 1058 struct payload *p; 1059 u_int16_t type; 1060 1061 /* Check that a new exchange is coherent with the IKE rules. */ 1062 if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION 1063 && ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT 1064 && exchange->type != ISAKMP_EXCH_AGGRESSIVE 1065 && exchange->type != ISAKMP_EXCH_INFO) 1066 || (exchange->phase == 2 && exchange->type == ISAKMP_EXCH_ID_PROT))) 1067 { 1068 message_drop (msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE, 0, 1, 0); 1069 return -1; 1070 } 1071 1072 LOG_DBG ((LOG_MISC, 30, 1073 "ipsec_responder: phase %d exchange %d step %d", exchange->phase, 1074 exchange->type, exchange->step)); 1075 switch (exchange->type) 1076 { 1077 case ISAKMP_EXCH_ID_PROT: 1078 script = ike_main_mode_responder; 1079 break; 1080 1081 #ifdef USE_AGGRESSIVE 1082 case ISAKMP_EXCH_AGGRESSIVE: 1083 script = ike_aggressive_responder; 1084 break; 1085 #endif 1086 1087 #ifdef USE_ISAKMP_CFG 1088 case ISAKMP_EXCH_TRANSACTION: 1089 script = isakmp_cfg_responder; 1090 break; 1091 #endif 1092 1093 case ISAKMP_EXCH_INFO: 1094 for (p = TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_NOTIFY]); p; 1095 p = TAILQ_NEXT (p, link)) 1096 { 1097 type = GET_ISAKMP_NOTIFY_MSG_TYPE (p->p); 1098 LOG_DBG ((LOG_EXCHANGE, 10, 1099 "ipsec_responder: got NOTIFY of type %s", 1100 constant_lookup (isakmp_notify_cst, type))); 1101 1102 if (type == ISAKMP_NOTIFY_INVALID_SPI) 1103 ipsec_invalid_spi (msg, p); 1104 1105 p->flags |= PL_MARK; 1106 } 1107 1108 /* 1109 * If any DELETEs are in here, let the logic of leftover payloads deal 1110 * with them. 1111 */ 1112 1113 return 0; 1114 1115 case IKE_EXCH_QUICK_MODE: 1116 script = ike_quick_mode_responder; 1117 break; 1118 1119 default: 1120 message_drop (msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE, 0, 1, 0); 1121 return -1; 1122 } 1123 1124 /* Run the script code for this step. */ 1125 if (script) 1126 return script[exchange->step] (msg); 1127 1128 /* 1129 * XXX So far we don't accept any proposals for exchanges we don't support. 1130 */ 1131 if (TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_SA])) 1132 { 1133 message_drop (msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); 1134 return -1; 1135 } 1136 return 0; 1137 } 1138 1139 static enum hashes from_ike_hash (u_int16_t hash) 1140 { 1141 switch (hash) 1142 { 1143 case IKE_HASH_MD5: 1144 return HASH_MD5; 1145 case IKE_HASH_SHA: 1146 return HASH_SHA1; 1147 } 1148 return -1; 1149 } 1150 1151 static enum transform from_ike_crypto (u_int16_t crypto) 1152 { 1153 /* Coincidentally this is the null operation :-) */ 1154 return crypto; 1155 } 1156 1157 /* 1158 * Find out whether the attribute of type TYPE with a LEN length value 1159 * pointed to by VALUE is incompatible with what we can handle. 1160 * VMSG is a pointer to the current message. 1161 */ 1162 int 1163 ipsec_is_attribute_incompatible (u_int16_t type, u_int8_t *value, 1164 u_int16_t len, void *vmsg) 1165 { 1166 struct message *msg = vmsg; 1167 1168 if (msg->exchange->phase == 1) 1169 { 1170 switch (type) 1171 { 1172 case IKE_ATTR_ENCRYPTION_ALGORITHM: 1173 return !crypto_get (from_ike_crypto (decode_16 (value))); 1174 case IKE_ATTR_HASH_ALGORITHM: 1175 return !hash_get (from_ike_hash (decode_16 (value))); 1176 case IKE_ATTR_AUTHENTICATION_METHOD: 1177 return !ike_auth_get (decode_16 (value)); 1178 case IKE_ATTR_GROUP_DESCRIPTION: 1179 return decode_16 (value) < IKE_GROUP_DESC_MODP_768 1180 || decode_16 (value) > IKE_GROUP_DESC_MODP_1536; 1181 case IKE_ATTR_GROUP_TYPE: 1182 return 1; 1183 case IKE_ATTR_GROUP_PRIME: 1184 return 1; 1185 case IKE_ATTR_GROUP_GENERATOR_1: 1186 return 1; 1187 case IKE_ATTR_GROUP_GENERATOR_2: 1188 return 1; 1189 case IKE_ATTR_GROUP_CURVE_A: 1190 return 1; 1191 case IKE_ATTR_GROUP_CURVE_B: 1192 return 1; 1193 case IKE_ATTR_LIFE_TYPE: 1194 return decode_16 (value) < IKE_DURATION_SECONDS 1195 || decode_16 (value) > IKE_DURATION_KILOBYTES; 1196 case IKE_ATTR_LIFE_DURATION: 1197 return len != 2 && len != 4; 1198 case IKE_ATTR_PRF: 1199 return 1; 1200 case IKE_ATTR_KEY_LENGTH: 1201 /* 1202 * Our crypto routines only allows key-lengths which are multiples 1203 * of an octet. 1204 */ 1205 return decode_16 (value) % 8 != 0; 1206 case IKE_ATTR_FIELD_SIZE: 1207 return 1; 1208 case IKE_ATTR_GROUP_ORDER: 1209 return 1; 1210 } 1211 } 1212 else 1213 { 1214 switch (type) 1215 { 1216 case IPSEC_ATTR_SA_LIFE_TYPE: 1217 return decode_16 (value) < IPSEC_DURATION_SECONDS 1218 || decode_16 (value) > IPSEC_DURATION_KILOBYTES; 1219 case IPSEC_ATTR_SA_LIFE_DURATION: 1220 return len != 2 && len != 4; 1221 case IPSEC_ATTR_GROUP_DESCRIPTION: 1222 return decode_16 (value) < IKE_GROUP_DESC_MODP_768 1223 || decode_16 (value) > IKE_GROUP_DESC_MODP_1536; 1224 case IPSEC_ATTR_ENCAPSULATION_MODE: 1225 return decode_16 (value) < IPSEC_ENCAP_TUNNEL 1226 || decode_16 (value) > IPSEC_ENCAP_TRANSPORT; 1227 case IPSEC_ATTR_AUTHENTICATION_ALGORITHM: 1228 return decode_16 (value) < IPSEC_AUTH_HMAC_MD5 1229 || decode_16 (value) > IPSEC_AUTH_HMAC_RIPEMD; 1230 case IPSEC_ATTR_KEY_LENGTH: 1231 /* XXX Blowfish needs '0'. Others appear to disregard this attr? */ 1232 return 0; 1233 case IPSEC_ATTR_KEY_ROUNDS: 1234 return 1; 1235 case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE: 1236 return 1; 1237 case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: 1238 return 1; 1239 case IPSEC_ATTR_ECN_TUNNEL: 1240 return 1; 1241 } 1242 } 1243 /* XXX Silence gcc. */ 1244 return 1; 1245 } 1246 1247 #ifdef USE_DEBUG 1248 /* 1249 * Log the attribute of TYPE with a LEN length value pointed to by VALUE 1250 * in human-readable form. VMSG is a pointer to the current message. 1251 */ 1252 int 1253 ipsec_debug_attribute (u_int16_t type, u_int8_t *value, u_int16_t len, 1254 void *vmsg) 1255 { 1256 struct message *msg = vmsg; 1257 char val[20]; 1258 1259 /* XXX Transient solution. */ 1260 if (len == 2) 1261 snprintf (val, sizeof val, "%d", decode_16 (value)); 1262 else if (len == 4) 1263 snprintf (val, sizeof val, "%d", decode_32 (value)); 1264 else 1265 snprintf (val, sizeof val, "unrepresentable"); 1266 1267 LOG_DBG ((LOG_MESSAGE, 50, "Attribute %s value %s", 1268 constant_name (msg->exchange->phase == 1 1269 ? ike_attr_cst : ipsec_attr_cst, type), 1270 val)); 1271 return 0; 1272 } 1273 #endif 1274 1275 /* 1276 * Decode the attribute of type TYPE with a LEN length value pointed to by 1277 * VALUE. VIDA is a pointer to a context structure where we can find the 1278 * current message, SA and protocol. 1279 */ 1280 int 1281 ipsec_decode_attribute (u_int16_t type, u_int8_t *value, u_int16_t len, 1282 void *vida) 1283 { 1284 struct ipsec_decode_arg *ida = vida; 1285 struct message *msg = ida->msg; 1286 struct sa *sa = ida->sa; 1287 struct ipsec_sa *isa = sa->data; 1288 struct proto *proto = ida->proto; 1289 struct ipsec_proto *iproto = proto->data; 1290 struct exchange *exchange = msg->exchange; 1291 struct ipsec_exch *ie = exchange->data; 1292 static int lifetype = 0; 1293 1294 if (exchange->phase == 1) 1295 { 1296 switch (type) 1297 { 1298 case IKE_ATTR_ENCRYPTION_ALGORITHM: 1299 /* XXX Errors possible? */ 1300 exchange->crypto = crypto_get (from_ike_crypto (decode_16 (value))); 1301 break; 1302 case IKE_ATTR_HASH_ALGORITHM: 1303 /* XXX Errors possible? */ 1304 ie->hash = hash_get (from_ike_hash (decode_16 (value))); 1305 break; 1306 case IKE_ATTR_AUTHENTICATION_METHOD: 1307 /* XXX Errors possible? */ 1308 ie->ike_auth = ike_auth_get (decode_16 (value)); 1309 break; 1310 case IKE_ATTR_GROUP_DESCRIPTION: 1311 isa->group_desc = decode_16 (value); 1312 break; 1313 case IKE_ATTR_GROUP_TYPE: 1314 break; 1315 case IKE_ATTR_GROUP_PRIME: 1316 break; 1317 case IKE_ATTR_GROUP_GENERATOR_1: 1318 break; 1319 case IKE_ATTR_GROUP_GENERATOR_2: 1320 break; 1321 case IKE_ATTR_GROUP_CURVE_A: 1322 break; 1323 case IKE_ATTR_GROUP_CURVE_B: 1324 break; 1325 case IKE_ATTR_LIFE_TYPE: 1326 lifetype = decode_16 (value); 1327 return 0; 1328 case IKE_ATTR_LIFE_DURATION: 1329 switch (lifetype) 1330 { 1331 case IKE_DURATION_SECONDS: 1332 switch (len) 1333 { 1334 case 2: 1335 sa->seconds = decode_16 (value); 1336 break; 1337 case 4: 1338 sa->seconds = decode_32 (value); 1339 break; 1340 default: 1341 log_print ("ipsec_decode_attribute: unreasonable lifetime"); 1342 } 1343 break; 1344 case IKE_DURATION_KILOBYTES: 1345 switch (len) 1346 { 1347 case 2: 1348 sa->kilobytes = decode_16 (value); 1349 break; 1350 case 4: 1351 sa->kilobytes = decode_32 (value); 1352 break; 1353 default: 1354 log_print ("ipsec_decode_attribute: unreasonable lifetime"); 1355 } 1356 break; 1357 default: 1358 log_print ("ipsec_decode_attribute: unknown lifetime type"); 1359 } 1360 break; 1361 case IKE_ATTR_PRF: 1362 break; 1363 case IKE_ATTR_KEY_LENGTH: 1364 exchange->key_length = decode_16 (value) / 8; 1365 break; 1366 case IKE_ATTR_FIELD_SIZE: 1367 break; 1368 case IKE_ATTR_GROUP_ORDER: 1369 break; 1370 } 1371 } 1372 else 1373 { 1374 switch (type) 1375 { 1376 case IPSEC_ATTR_SA_LIFE_TYPE: 1377 lifetype = decode_16 (value); 1378 return 0; 1379 case IPSEC_ATTR_SA_LIFE_DURATION: 1380 switch (lifetype) 1381 { 1382 case IPSEC_DURATION_SECONDS: 1383 switch (len) 1384 { 1385 case 2: 1386 sa->seconds = decode_16 (value); 1387 break; 1388 case 4: 1389 sa->seconds = decode_32 (value); 1390 break; 1391 default: 1392 log_print ("ipsec_decode_attribute: unreasonable lifetime"); 1393 } 1394 break; 1395 case IPSEC_DURATION_KILOBYTES: 1396 switch (len) 1397 { 1398 case 2: 1399 sa->kilobytes = decode_16 (value); 1400 break; 1401 case 4: 1402 sa->kilobytes = decode_32 (value); 1403 break; 1404 default: 1405 log_print ("ipsec_decode_attribute: unreasonable lifetime"); 1406 } 1407 break; 1408 default: 1409 log_print ("ipsec_decode_attribute: unknown lifetime type"); 1410 } 1411 break; 1412 case IPSEC_ATTR_GROUP_DESCRIPTION: 1413 isa->group_desc = decode_16 (value); 1414 break; 1415 case IPSEC_ATTR_ENCAPSULATION_MODE: 1416 /* XXX Multiple protocols must have same encapsulation mode, no? */ 1417 iproto->encap_mode = decode_16 (value); 1418 break; 1419 case IPSEC_ATTR_AUTHENTICATION_ALGORITHM: 1420 iproto->auth = decode_16 (value); 1421 break; 1422 case IPSEC_ATTR_KEY_LENGTH: 1423 iproto->keylen = decode_16 (value); 1424 break; 1425 case IPSEC_ATTR_KEY_ROUNDS: 1426 iproto->keyrounds = decode_16 (value); 1427 break; 1428 case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE: 1429 break; 1430 case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: 1431 break; 1432 case IPSEC_ATTR_ECN_TUNNEL: 1433 break; 1434 } 1435 } 1436 lifetype = 0; 1437 return 0; 1438 } 1439 1440 /* 1441 * Walk over the attributes of the transform payload found in BUF, and 1442 * fill out the fields of the SA attached to MSG. Also mark the SA as 1443 * processed. 1444 */ 1445 void 1446 ipsec_decode_transform (struct message *msg, struct sa *sa, 1447 struct proto *proto, u_int8_t *buf) 1448 { 1449 struct ipsec_exch *ie = msg->exchange->data; 1450 struct ipsec_decode_arg ida; 1451 1452 LOG_DBG ((LOG_MISC, 20, "ipsec_decode_transform: transform %d chosen", 1453 GET_ISAKMP_TRANSFORM_NO (buf))); 1454 1455 ida.msg = msg; 1456 ida.sa = sa; 1457 ida.proto = proto; 1458 1459 /* The default IKE lifetime is 8 hours. */ 1460 if (sa->phase == 1) 1461 sa->seconds = 28800; 1462 1463 /* Extract the attributes and stuff them into the SA. */ 1464 attribute_map (buf + ISAKMP_TRANSFORM_SA_ATTRS_OFF, 1465 GET_ISAKMP_GEN_LENGTH (buf) - ISAKMP_TRANSFORM_SA_ATTRS_OFF, 1466 ipsec_decode_attribute, &ida); 1467 1468 /* 1469 * If no pseudo-random function was negotiated, it's HMAC. 1470 * XXX As PRF_HMAC currently is zero, this is a no-op. 1471 */ 1472 if (!ie->prf_type) 1473 ie->prf_type = PRF_HMAC; 1474 } 1475 1476 /* 1477 * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO 1478 * of the IKE security association SA. 1479 */ 1480 static void 1481 ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming) 1482 { 1483 if (sa->phase == 1) 1484 return; 1485 /* XXX Error handling? Is it interesting? */ 1486 sysdep_ipsec_delete_spi (sa, proto, incoming); 1487 } 1488 1489 /* 1490 * Store BUF into the g^x entry of the exchange that message MSG belongs to. 1491 * PEER is non-zero when the value is our peer's, and zero when it is ours. 1492 */ 1493 static int 1494 ipsec_g_x (struct message *msg, int peer, u_int8_t *buf) 1495 { 1496 struct exchange *exchange = msg->exchange; 1497 struct ipsec_exch *ie = exchange->data; 1498 u_int8_t **g_x; 1499 int initiator = exchange->initiator ^ peer; 1500 char header[32]; 1501 1502 g_x = initiator ? &ie->g_xi : &ie->g_xr; 1503 *g_x = malloc (ie->g_x_len); 1504 if (!*g_x) 1505 { 1506 log_error ("ipsec_g_x: malloc (%lu) failed", (unsigned long)ie->g_x_len); 1507 return -1; 1508 } 1509 memcpy (*g_x, buf, ie->g_x_len); 1510 snprintf (header, sizeof header, "ipsec_g_x: g^x%c", initiator ? 'i' : 'r'); 1511 LOG_DBG_BUF ((LOG_MISC, 80, header, *g_x, ie->g_x_len)); 1512 return 0; 1513 } 1514 1515 /* Generate our DH value. */ 1516 int 1517 ipsec_gen_g_x (struct message *msg) 1518 { 1519 struct exchange *exchange = msg->exchange; 1520 struct ipsec_exch *ie = exchange->data; 1521 u_int8_t *buf; 1522 1523 buf = malloc (ISAKMP_KE_SZ + ie->g_x_len); 1524 if (!buf) 1525 { 1526 log_error ("ipsec_gen_g_x: malloc (%lu) failed", 1527 ISAKMP_KE_SZ + (unsigned long)ie->g_x_len); 1528 return -1; 1529 } 1530 1531 if (message_add_payload (msg, ISAKMP_PAYLOAD_KEY_EXCH, buf, 1532 ISAKMP_KE_SZ + ie->g_x_len, 1)) 1533 { 1534 free (buf); 1535 return -1; 1536 } 1537 1538 if (dh_create_exchange (ie->group, buf + ISAKMP_KE_DATA_OFF)) 1539 { 1540 log_print ("ipsec_gen_g_x: dh_create_exchange failed"); 1541 free (buf); 1542 return -1; 1543 } 1544 return ipsec_g_x (msg, 0, buf + ISAKMP_KE_DATA_OFF); 1545 } 1546 1547 /* Save the peer's DH value. */ 1548 int 1549 ipsec_save_g_x (struct message *msg) 1550 { 1551 struct exchange *exchange = msg->exchange; 1552 struct ipsec_exch *ie = exchange->data; 1553 struct payload *kep; 1554 1555 kep = TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_KEY_EXCH]); 1556 kep->flags |= PL_MARK; 1557 ie->g_x_len = GET_ISAKMP_GEN_LENGTH (kep->p) - ISAKMP_KE_DATA_OFF; 1558 1559 /* Check that the given length matches the group's expectancy. */ 1560 if (ie->g_x_len != dh_getlen (ie->group)) 1561 { 1562 /* XXX Is this a good notify type? */ 1563 message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 0); 1564 return -1; 1565 } 1566 1567 return ipsec_g_x (msg, 1, kep->p + ISAKMP_KE_DATA_OFF); 1568 } 1569 1570 /* 1571 * Get a SPI for PROTO and the transport MSG passed over. Store the 1572 * size where SZ points. NB! A zero return is OK if *SZ is zero. 1573 */ 1574 static u_int8_t * 1575 ipsec_get_spi (size_t *sz, u_int8_t proto, struct message *msg) 1576 { 1577 struct sockaddr *dst, *src; 1578 struct transport *transport = msg->transport; 1579 1580 if (msg->exchange->phase == 1) 1581 { 1582 *sz = 0; 1583 return 0; 1584 } 1585 else 1586 { 1587 /* We are the destination in the SA we want a SPI for. */ 1588 transport->vtbl->get_src (transport, &dst); 1589 /* The peer is the source. */ 1590 transport->vtbl->get_dst (transport, &src); 1591 return sysdep_ipsec_get_spi (sz, proto, src, dst, msg->exchange->seq); 1592 } 1593 } 1594 1595 /* 1596 * We have gotten a payload PAYLOAD of type TYPE, which did not get handled 1597 * by the logic of the exchange MSG takes part in. Now is the time to deal 1598 * with such a payload if we know how to, if we don't, return -1, otherwise 1599 * 0. 1600 */ 1601 int 1602 ipsec_handle_leftover_payload (struct message *msg, u_int8_t type, 1603 struct payload *payload) 1604 { 1605 u_int32_t spisz, nspis; 1606 struct sockaddr *dst; 1607 int reenter = 0; 1608 u_int8_t *spis, proto; 1609 struct sa *sa; 1610 1611 switch (type) 1612 { 1613 case ISAKMP_PAYLOAD_DELETE: 1614 proto = GET_ISAKMP_DELETE_PROTO (payload->p); 1615 nspis = GET_ISAKMP_DELETE_NSPIS (payload->p); 1616 spisz = GET_ISAKMP_DELETE_SPI_SZ (payload->p); 1617 1618 if (nspis == 0) 1619 { 1620 LOG_DBG ((LOG_SA, 60, "ipsec_handle_leftover_payload: message " 1621 "specified zero SPIs, ignoring")); 1622 return -1; 1623 } 1624 1625 /* verify proper SPI size */ 1626 if ((proto == ISAKMP_PROTO_ISAKMP && spisz != ISAKMP_HDR_COOKIES_LEN) 1627 || (proto != ISAKMP_PROTO_ISAKMP && spisz != sizeof (u_int32_t))) 1628 { 1629 log_print ("ipsec_handle_leftover_payload: " 1630 "invalid SPI size %d for proto %d in DELETE payload", 1631 spisz, proto); 1632 return -1; 1633 } 1634 1635 spis = (u_int8_t *)malloc (nspis * spisz); 1636 if (!spis) 1637 { 1638 log_error ("ipsec_handle_leftover_payload: malloc (%d) failed", 1639 nspis * spisz); 1640 return -1; 1641 } 1642 1643 /* extract SPI and get dst address */ 1644 memcpy (spis, payload->p + ISAKMP_DELETE_SPI_OFF, nspis * spisz); 1645 msg->transport->vtbl->get_dst (msg->transport, &dst); 1646 1647 ipsec_delete_spi_list (dst, proto, spis, nspis, "DELETE"); 1648 1649 free (spis); 1650 payload->flags |= PL_MARK; 1651 return 0; 1652 1653 case ISAKMP_PAYLOAD_NOTIFY: 1654 switch (GET_ISAKMP_NOTIFY_MSG_TYPE (payload->p)) 1655 { 1656 case IPSEC_NOTIFY_INITIAL_CONTACT: 1657 /* 1658 * Find out who is sending this and then delete every SA that is 1659 * ready. Exchanges will timeout themselves and then the 1660 * non-ready SAs will disappear too. 1661 */ 1662 msg->transport->vtbl->get_dst (msg->transport, &dst); 1663 while ((sa = sa_lookup_by_peer (dst, sysdep_sa_len (dst))) != 0) 1664 { 1665 /* 1666 * Don't delete the current SA -- we received the notification 1667 * over it, so it's obviously still active. We temporarily need 1668 * to remove the SA from the list to avoid an endless loop, 1669 * but keep a reference so it won't disappear meanwhile. 1670 */ 1671 if (sa == msg->isakmp_sa) 1672 { 1673 sa_reference (sa); 1674 sa_remove (sa); 1675 reenter = 1; 1676 continue; 1677 } 1678 1679 LOG_DBG ((LOG_SA, 30, 1680 "ipsec_handle_leftover_payload: " 1681 "INITIAL-CONTACT made us delete SA %p", 1682 sa)); 1683 sa_delete (sa, 0); 1684 } 1685 1686 if (reenter) 1687 { 1688 sa_enter (msg->isakmp_sa); 1689 sa_release (msg->isakmp_sa); 1690 } 1691 payload->flags |= PL_MARK; 1692 return 0; 1693 } 1694 } 1695 return -1; 1696 } 1697 1698 /* Return the encryption keylength in octets of the ESP protocol PROTO. */ 1699 int 1700 ipsec_esp_enckeylength (struct proto *proto) 1701 { 1702 struct ipsec_proto *iproto = proto->data; 1703 1704 /* Compute the keylength to use. */ 1705 switch (proto->id) 1706 { 1707 case IPSEC_ESP_DES: 1708 case IPSEC_ESP_DES_IV32: 1709 case IPSEC_ESP_DES_IV64: 1710 return 8; 1711 case IPSEC_ESP_3DES: 1712 return 24; 1713 case IPSEC_ESP_CAST: 1714 if (!iproto->keylen) 1715 return 16; 1716 return iproto->keylen / 8; 1717 case IPSEC_ESP_AES: 1718 case IPSEC_ESP_AES_128_CTR: 1719 if (!iproto->keylen) 1720 return 16; 1721 /* Fallthrough */ 1722 default: 1723 return iproto->keylen / 8; 1724 } 1725 } 1726 1727 /* Return the authentication keylength in octets of the ESP protocol PROTO. */ 1728 int 1729 ipsec_esp_authkeylength (struct proto *proto) 1730 { 1731 struct ipsec_proto *iproto = proto->data; 1732 1733 switch (iproto->auth) 1734 { 1735 case IPSEC_AUTH_HMAC_MD5: 1736 return 16; 1737 case IPSEC_AUTH_HMAC_SHA: 1738 case IPSEC_AUTH_HMAC_RIPEMD: 1739 return 20; 1740 case IPSEC_AUTH_HMAC_SHA2_256: 1741 return 32; 1742 case IPSEC_AUTH_HMAC_SHA2_384: 1743 return 48; 1744 case IPSEC_AUTH_HMAC_SHA2_512: 1745 return 64; 1746 default: 1747 return 0; 1748 } 1749 } 1750 1751 /* Return the authentication keylength in octets of the AH protocol PROTO. */ 1752 int 1753 ipsec_ah_keylength (struct proto *proto) 1754 { 1755 switch (proto->id) 1756 { 1757 case IPSEC_AH_MD5: 1758 return 16; 1759 case IPSEC_AH_SHA: 1760 case IPSEC_AH_RIPEMD: 1761 return 20; 1762 case IPSEC_AH_SHA2_256: 1763 return 32; 1764 case IPSEC_AH_SHA2_384: 1765 return 48; 1766 case IPSEC_AH_SHA2_512: 1767 return 64; 1768 default: 1769 return -1; 1770 } 1771 } 1772 1773 /* Return the total keymaterial length of the protocol PROTO. */ 1774 int 1775 ipsec_keymat_length (struct proto *proto) 1776 { 1777 switch (proto->proto) 1778 { 1779 case IPSEC_PROTO_IPSEC_ESP: 1780 return ipsec_esp_enckeylength (proto) + ipsec_esp_authkeylength (proto); 1781 case IPSEC_PROTO_IPSEC_AH: 1782 return ipsec_ah_keylength (proto); 1783 default: 1784 return -1; 1785 } 1786 } 1787 1788 /* 1789 * Out of a named section SECTION in the configuration file find out 1790 * the network address and mask as well as the ID type. Put the info 1791 * in the areas pointed to by ADDR, MASK, TPROTO, PORT, and ID respectively. 1792 * Return 0 on success and -1 on failure. 1793 */ 1794 int 1795 ipsec_get_id (char *section, int *id, struct sockaddr **addr, 1796 struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port) 1797 { 1798 char *type, *address, *netmask; 1799 1800 type = conf_get_str (section, "ID-type"); 1801 if (!type) 1802 { 1803 log_print ("ipsec_get_id: section %s has no \"ID-type\" tag", section); 1804 return -1; 1805 } 1806 1807 *id = constant_value (ipsec_id_cst, type); 1808 switch (*id) 1809 { 1810 case IPSEC_ID_IPV4_ADDR: 1811 case IPSEC_ID_IPV6_ADDR: 1812 address = conf_get_str (section, "Address"); 1813 if (!address) 1814 { 1815 log_print ("ipsec_get_id: section %s has no \"Address\" tag", 1816 section); 1817 return -1; 1818 } 1819 1820 if (text2sockaddr (address, NULL, addr)) 1821 { 1822 log_print ("ipsec_get_id: invalid address %s in section %s", address, 1823 section); 1824 return -1; 1825 } 1826 1827 *tproto = conf_get_num (section, "Protocol", 0); 1828 if (*tproto) 1829 *port = conf_get_num (section, "Port", 0); 1830 break; 1831 1832 #ifdef notyet 1833 case IPSEC_ID_FQDN: 1834 return -1; 1835 1836 case IPSEC_ID_USER_FQDN: 1837 return -1; 1838 #endif 1839 1840 case IPSEC_ID_IPV4_ADDR_SUBNET: 1841 case IPSEC_ID_IPV6_ADDR_SUBNET: 1842 address = conf_get_str (section, "Network"); 1843 if (!address) 1844 { 1845 log_print ("ipsec_get_id: section %s has no \"Network\" tag", 1846 section); 1847 return -1; 1848 } 1849 1850 if (text2sockaddr (address, NULL, addr)) 1851 { 1852 log_print ("ipsec_get_id: invalid section %s network %s", section, 1853 address); 1854 return -1; 1855 } 1856 1857 netmask = conf_get_str (section, "Netmask"); 1858 if (!netmask) 1859 { 1860 log_print ("ipsec_get_id: section %s has no \"Netmask\" tag", 1861 section); 1862 return -1; 1863 } 1864 1865 if (text2sockaddr (netmask, NULL, mask)) 1866 { 1867 log_print ("ipsec_id_build: invalid section %s network %s", section, 1868 netmask); 1869 return -1; 1870 } 1871 1872 *tproto = conf_get_num (section, "Protocol", 0); 1873 if (*tproto) 1874 *port = conf_get_num (section, "Port", 0); 1875 break; 1876 1877 #ifdef notyet 1878 case IPSEC_ID_IPV4_RANGE: 1879 return -1; 1880 1881 case IPSEC_ID_IPV6_RANGE: 1882 return -1; 1883 1884 case IPSEC_ID_DER_ASN1_DN: 1885 return -1; 1886 1887 case IPSEC_ID_DER_ASN1_GN: 1888 return -1; 1889 1890 case IPSEC_ID_KEY_ID: 1891 return -1; 1892 #endif 1893 1894 default: 1895 log_print ("ipsec_get_id: unknown ID type \"%s\" in section %s", type, 1896 section); 1897 return -1; 1898 } 1899 1900 return 0; 1901 } 1902 1903 /* 1904 * XXX I rather want this function to return a status code, and fail if 1905 * we cannot fit the information in the supplied buffer. 1906 */ 1907 static void 1908 ipsec_decode_id (char *buf, int size, u_int8_t *id, size_t id_len, 1909 int isakmpform) 1910 { 1911 int id_type; 1912 char *addr = 0, *mask = 0; 1913 u_int32_t *idp; 1914 1915 if (id) 1916 { 1917 if (!isakmpform) 1918 { 1919 /* Exchanges and SAs dont carry the IDs in ISAKMP form. */ 1920 id -= ISAKMP_GEN_SZ; 1921 id_len += ISAKMP_GEN_SZ; 1922 } 1923 1924 id_type = GET_ISAKMP_ID_TYPE (id); 1925 idp = (u_int32_t *)(id + ISAKMP_ID_DATA_OFF); 1926 switch (id_type) 1927 { 1928 case IPSEC_ID_IPV4_ADDR: 1929 util_ntoa (&addr, AF_INET, id + ISAKMP_ID_DATA_OFF); 1930 snprintf (buf, size, "%08x: %s", 1931 decode_32 (id + ISAKMP_ID_DATA_OFF), addr); 1932 break; 1933 1934 case IPSEC_ID_IPV4_ADDR_SUBNET: 1935 util_ntoa (&addr, AF_INET, id + ISAKMP_ID_DATA_OFF); 1936 util_ntoa (&mask, AF_INET, id + ISAKMP_ID_DATA_OFF + 4); 1937 snprintf (buf, size, "%08x/%08x: %s/%s", 1938 decode_32 (id + ISAKMP_ID_DATA_OFF), 1939 decode_32 (id + ISAKMP_ID_DATA_OFF + 4), addr, mask); 1940 break; 1941 1942 case IPSEC_ID_IPV6_ADDR: 1943 util_ntoa (&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 1944 snprintf (buf, size, "%08x%08x%08x%08x: %s", *idp, *(idp + 1), 1945 *(idp + 2), *(idp + 3), addr); 1946 break; 1947 1948 case IPSEC_ID_IPV6_ADDR_SUBNET: 1949 util_ntoa (&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 1950 util_ntoa (&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF + 1951 sizeof (struct in6_addr)); 1952 snprintf (buf, size, "%08x%08x%08x%08x/%08x%08x%08x%08x: %s/%s", 1953 *idp, *(idp + 1), *(idp + 2), *(idp + 3), *(idp + 4), 1954 *(idp + 5), *(idp + 6), *(idp + 7), addr, mask); 1955 break; 1956 1957 case IPSEC_ID_FQDN: 1958 case IPSEC_ID_USER_FQDN: 1959 /* String is not NUL terminated, be careful */ 1960 id_len -= ISAKMP_ID_DATA_OFF; 1961 id_len = MIN(id_len, size - 1); 1962 memcpy (buf, id + ISAKMP_ID_DATA_OFF, id_len); 1963 buf[id_len] = '\0'; 1964 break; 1965 1966 #ifdef USE_X509 1967 case IPSEC_ID_DER_ASN1_DN: 1968 addr = x509_DN_string (id + ISAKMP_ID_DATA_OFF, 1969 id_len - ISAKMP_ID_DATA_OFF); 1970 if (!addr) 1971 { 1972 snprintf(buf, size, "unparsable ASN1 DN ID"); 1973 return; 1974 } 1975 strlcpy (buf, addr, size); 1976 break; 1977 #endif 1978 1979 default: 1980 snprintf (buf, size, "<id type unknown: %x>", id_type); 1981 break; 1982 } 1983 } 1984 else 1985 snprintf (buf, size, "<no ipsec id>"); 1986 if (addr) 1987 free (addr); 1988 if (mask) 1989 free (mask); 1990 } 1991 1992 char * 1993 ipsec_decode_ids (char *fmt, u_int8_t *id1, size_t id1_len, 1994 u_int8_t *id2, size_t id2_len, int isakmpform) 1995 { 1996 static char result[1024]; 1997 char s_id1[256], s_id2[256]; 1998 1999 ipsec_decode_id (s_id1, sizeof s_id1, id1, id1_len, isakmpform); 2000 ipsec_decode_id (s_id2, sizeof s_id2, id2, id2_len, isakmpform); 2001 2002 snprintf (result, sizeof result, fmt, s_id1, s_id2); 2003 return result; 2004 } 2005 2006 /* 2007 * Out of a named section SECTION in the configuration file build an 2008 * ISAKMP ID payload. Ths payload size should be stashed in SZ. 2009 * The caller is responsible for freeing the payload. 2010 */ 2011 u_int8_t * 2012 ipsec_build_id (char *section, size_t *sz) 2013 { 2014 struct sockaddr *addr, *mask; 2015 u_int8_t *p; 2016 int id, subnet = 0; 2017 u_int8_t tproto = 0; 2018 u_int16_t port = 0; 2019 2020 if (ipsec_get_id (section, &id, &addr, &mask, &tproto, &port)) 2021 return 0; 2022 2023 if (id == IPSEC_ID_IPV4_ADDR_SUBNET || id == IPSEC_ID_IPV6_ADDR_SUBNET) 2024 subnet = 1; 2025 2026 *sz = ISAKMP_ID_SZ + sockaddr_addrlen (addr); 2027 if (subnet) 2028 *sz += sockaddr_addrlen (mask); 2029 2030 p = malloc (*sz); 2031 if (!p) 2032 { 2033 log_print ("ipsec_build_id: malloc(%lu) failed", (unsigned long)*sz); 2034 return 0; 2035 } 2036 2037 SET_ISAKMP_ID_TYPE (p, id); 2038 SET_ISAKMP_ID_DOI_DATA (p, (unsigned char *)"\000\000\000"); 2039 2040 memcpy (p + ISAKMP_ID_DATA_OFF, sockaddr_addrdata (addr), 2041 sockaddr_addrlen (addr)); 2042 if (subnet) 2043 memcpy (p + ISAKMP_ID_DATA_OFF + sockaddr_addrlen (addr), 2044 sockaddr_addrdata (mask), sockaddr_addrlen (mask)); 2045 2046 SET_IPSEC_ID_PROTO (p + ISAKMP_ID_DOI_DATA_OFF, tproto); 2047 SET_IPSEC_ID_PORT (p + ISAKMP_ID_DOI_DATA_OFF, port); 2048 2049 return p; 2050 } 2051 2052 /* 2053 * copy an ISAKMPD id 2054 */ 2055 int 2056 ipsec_clone_id (u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len) 2057 { 2058 if (*did) 2059 free (*did); 2060 2061 if (!id_len || !id) 2062 { 2063 *did = 0; 2064 *did_len = 0; 2065 return 0; 2066 } 2067 2068 *did = malloc (id_len); 2069 if (!*did) 2070 { 2071 *did_len = 0; 2072 log_error ("ipsec_clone_id: malloc(%lu) failed", (unsigned long)id_len); 2073 return -1; 2074 } 2075 2076 *did_len = id_len; 2077 memcpy (*did, id, id_len); 2078 2079 return 0; 2080 } 2081 2082 /* 2083 * IPsec-specific PROTO initializations. SECTION is only set if we are the 2084 * initiator thus only usable there. 2085 * XXX I want to fix this later. 2086 */ 2087 void 2088 ipsec_proto_init (struct proto *proto, char *section) 2089 { 2090 struct ipsec_proto *iproto = proto->data; 2091 2092 if (proto->sa->phase == 2 && section) 2093 iproto->replay_window 2094 = conf_get_num (section, "ReplayWindow", DEFAULT_REPLAY_WINDOW); 2095 } 2096 2097 /* 2098 * Add a notification payload of type INITIAL CONTACT to MSG if this is 2099 * the first contact we have made to our peer. 2100 */ 2101 int 2102 ipsec_initial_contact (struct message *msg) 2103 { 2104 u_int8_t *buf; 2105 2106 if (ipsec_contacted (msg)) 2107 return 0; 2108 2109 buf = malloc (ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN); 2110 if (!buf) 2111 { 2112 log_error ("ike_phase_1_initial_contact: malloc (%d) failed", 2113 ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN); 2114 return -1; 2115 } 2116 SET_ISAKMP_NOTIFY_DOI (buf, IPSEC_DOI_IPSEC); 2117 SET_ISAKMP_NOTIFY_PROTO (buf, ISAKMP_PROTO_ISAKMP); 2118 SET_ISAKMP_NOTIFY_SPI_SZ (buf, ISAKMP_HDR_COOKIES_LEN); 2119 SET_ISAKMP_NOTIFY_MSG_TYPE (buf, IPSEC_NOTIFY_INITIAL_CONTACT); 2120 memcpy (buf + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies, 2121 ISAKMP_HDR_COOKIES_LEN); 2122 if (message_add_payload (msg, ISAKMP_PAYLOAD_NOTIFY, buf, 2123 ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN, 1)) 2124 { 2125 free (buf); 2126 return -1; 2127 } 2128 2129 return ipsec_add_contact (msg); 2130 } 2131 2132 /* 2133 * Compare the two contacts pointed to by A and B. Return negative if 2134 * *A < *B, 0 if they are equal, and positive if *A is the largest of them. 2135 */ 2136 static int 2137 addr_cmp (const void *a, const void *b) 2138 { 2139 const struct contact *x = a, *y = b; 2140 int minlen = MIN (x->len, y->len); 2141 int rv = memcmp (x->addr, y->addr, minlen); 2142 2143 return rv ? rv : (x->len - y->len); 2144 } 2145 2146 /* 2147 * Add the peer that MSG is bound to as an address we don't want to send 2148 * INITIAL CONTACT too from now on. Do not call this function with a 2149 * specific address duplicate times. We want fast lookup, speed of insertion 2150 * is unimportant, if this is to scale. 2151 */ 2152 static int 2153 ipsec_add_contact (struct message *msg) 2154 { 2155 struct contact *new_contacts; 2156 struct sockaddr *dst, *addr; 2157 int cnt; 2158 2159 if (contact_cnt == contact_limit) 2160 { 2161 cnt = contact_limit ? 2 * contact_limit : 64; 2162 new_contacts = realloc (contacts, cnt * sizeof contacts[0]); 2163 if (!new_contacts) 2164 { 2165 log_error ("ipsec_add_contact: realloc (%p, %lu) failed", contacts, 2166 cnt * (unsigned long)sizeof contacts[0]); 2167 return -1; 2168 } 2169 contact_limit = cnt; 2170 contacts = new_contacts; 2171 } 2172 msg->transport->vtbl->get_dst (msg->transport, &dst); 2173 addr = malloc (sysdep_sa_len (dst)); 2174 if (!addr) 2175 { 2176 log_error ("ipsec_add_contact: malloc (%d) failed", sysdep_sa_len (dst)); 2177 return -1; 2178 } 2179 memcpy (addr, dst, sysdep_sa_len (dst)); 2180 contacts[contact_cnt].addr = addr; 2181 contacts[contact_cnt++].len = sysdep_sa_len (dst); 2182 2183 /* 2184 * XXX There are better algorithms for already mostly-sorted data like 2185 * this, but only qsort is standard. I will someday do this inline. 2186 */ 2187 qsort (contacts, contact_cnt, sizeof *contacts, addr_cmp); 2188 return 0; 2189 } 2190 2191 /* Return true if the recipient of MSG has already been contacted. */ 2192 static int 2193 ipsec_contacted (struct message *msg) 2194 { 2195 struct contact contact; 2196 2197 msg->transport->vtbl->get_dst (msg->transport, &contact.addr); 2198 contact.len = sysdep_sa_len (contact.addr); 2199 return contacts 2200 ? (bsearch (&contact, contacts, contact_cnt, sizeof *contacts, addr_cmp) 2201 != 0) 2202 : 0; 2203 } 2204 2205 /* Add a HASH for to MSG. */ 2206 u_int8_t * 2207 ipsec_add_hash_payload (struct message *msg, size_t hashsize) 2208 { 2209 u_int8_t *buf; 2210 2211 buf = malloc (ISAKMP_HASH_SZ + hashsize); 2212 if (!buf) 2213 { 2214 log_error ("ipsec_add_hash_payload: malloc (%lu) failed", 2215 ISAKMP_HASH_SZ + (unsigned long)hashsize); 2216 return 0; 2217 } 2218 2219 if (message_add_payload (msg, ISAKMP_PAYLOAD_HASH, buf, 2220 ISAKMP_HASH_SZ + hashsize, 1)) 2221 { 2222 free (buf); 2223 return 0; 2224 } 2225 2226 return buf; 2227 } 2228 2229 /* Fill in the HASH payload of MSG. */ 2230 int 2231 ipsec_fill_in_hash (struct message *msg) 2232 { 2233 struct exchange *exchange = msg->exchange; 2234 struct sa *isakmp_sa = msg->isakmp_sa; 2235 struct ipsec_sa *isa = isakmp_sa->data; 2236 struct hash *hash = hash_get (isa->hash); 2237 struct prf *prf; 2238 struct payload *payload; 2239 u_int8_t *buf; 2240 int i; 2241 char header[80]; 2242 2243 /* If no SKEYID_a, we need not do anything. */ 2244 if (!isa->skeyid_a) 2245 return 0; 2246 2247 payload = TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_HASH]); 2248 if (!payload) 2249 { 2250 log_print ("ipsec_fill_in_hash: no HASH payload found"); 2251 return -1; 2252 } 2253 buf = payload->p; 2254 2255 /* Allocate the prf and start calculating our HASH(1). */ 2256 LOG_DBG_BUF ((LOG_MISC, 90, "ipsec_fill_in_hash: SKEYID_a", isa->skeyid_a, 2257 isa->skeyid_len)); 2258 prf = prf_alloc (isa->prf_type, hash->type, isa->skeyid_a, isa->skeyid_len); 2259 if (!prf) 2260 return -1; 2261 2262 prf->Init (prf->prfctx); 2263 LOG_DBG_BUF ((LOG_MISC, 90, "ipsec_fill_in_hash: message_id", 2264 exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); 2265 prf->Update (prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); 2266 2267 /* Loop over all payloads after HASH(1). */ 2268 for (i = 2; i < msg->iovlen; i++) 2269 { 2270 /* XXX Misleading payload type printouts. */ 2271 snprintf (header, sizeof header, 2272 "ipsec_fill_in_hash: payload %d after HASH(1)", i - 1); 2273 LOG_DBG_BUF ((LOG_MISC, 90, header, msg->iov[i].iov_base, 2274 msg->iov[i].iov_len)); 2275 prf->Update (prf->prfctx, msg->iov[i].iov_base, msg->iov[i].iov_len); 2276 } 2277 prf->Final (buf + ISAKMP_HASH_DATA_OFF, prf->prfctx); 2278 prf_free (prf); 2279 LOG_DBG_BUF ((LOG_MISC, 80, "ipsec_fill_in_hash: HASH(1)", 2280 buf + ISAKMP_HASH_DATA_OFF, hash->hashsize)); 2281 2282 return 0; 2283 } 2284 2285 /* Add a HASH payload to MSG, if we have an ISAKMP SA we're protected by. */ 2286 static int 2287 ipsec_informational_pre_hook (struct message *msg) 2288 { 2289 struct sa *isakmp_sa = msg->isakmp_sa; 2290 struct ipsec_sa *isa; 2291 struct hash *hash; 2292 2293 if (!isakmp_sa) 2294 return 0; 2295 isa = isakmp_sa->data; 2296 hash = hash_get (isa->hash); 2297 return ipsec_add_hash_payload (msg, hash->hashsize) == 0; 2298 } 2299 2300 /* 2301 * Fill in the HASH payload in MSG, if we have an ISAKMP SA we're protected by. 2302 */ 2303 static int 2304 ipsec_informational_post_hook (struct message *msg) 2305 { 2306 if (!msg->isakmp_sa) 2307 return 0; 2308 return ipsec_fill_in_hash (msg); 2309 } 2310 2311 ssize_t 2312 ipsec_id_size (char *section, u_int8_t *id) 2313 { 2314 char *type, *data; 2315 2316 type = conf_get_str (section, "ID-type"); 2317 if (!type) 2318 { 2319 log_print ("ipsec_id_size: section %s has no \"ID-type\" tag", section); 2320 return -1; 2321 } 2322 2323 *id = constant_value (ipsec_id_cst, type); 2324 switch (*id) 2325 { 2326 case IPSEC_ID_IPV4_ADDR: 2327 return sizeof (struct in_addr); 2328 case IPSEC_ID_IPV4_ADDR_SUBNET: 2329 return 2 * sizeof (struct in_addr); 2330 case IPSEC_ID_IPV6_ADDR: 2331 return sizeof (struct in6_addr); 2332 case IPSEC_ID_IPV6_ADDR_SUBNET: 2333 return 2 * sizeof (struct in6_addr); 2334 case IPSEC_ID_FQDN: 2335 case IPSEC_ID_USER_FQDN: 2336 case IPSEC_ID_KEY_ID: 2337 case IPSEC_ID_DER_ASN1_DN: 2338 case IPSEC_ID_DER_ASN1_GN: 2339 data = conf_get_str (section, "Name"); 2340 if (!data) 2341 { 2342 log_print ("ipsec_id_size: section %s has no \"Name\" tag", section); 2343 return -1; 2344 } 2345 return strlen (data); 2346 } 2347 log_print ("ipsec_id_size: unrecognized/unsupported ID-type %d (%s)", 2348 *id, type); 2349 return -1; 2350 } 2351 2352 /* 2353 * Generate a string version of the ID. 2354 */ 2355 char * 2356 ipsec_id_string (u_int8_t *id, size_t id_len) 2357 { 2358 char *buf = 0; 2359 char *addrstr = 0; 2360 size_t len, size; 2361 2362 /* 2363 * XXX Real ugly way of making the offsets correct. Be aware that id now 2364 * will point before the actual buffer and cannot be dereferenced without 2365 * an offset larger than or equal to ISAKM_GEN_SZ. 2366 */ 2367 id -= ISAKMP_GEN_SZ; 2368 2369 /* This is the actual length of the ID data field. */ 2370 id_len += ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF; 2371 2372 /* 2373 * Conservative allocation. 2374 * XXX I think the ASN1 DN case can be thought through to give a better 2375 * estimate. 2376 */ 2377 size = MAX (sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 2378 sizeof "asn1_dn/" + id_len - ISAKMP_ID_DATA_OFF); 2379 buf = malloc (size); 2380 if (!buf) 2381 /* XXX Log? */ 2382 goto fail; 2383 2384 switch (GET_ISAKMP_ID_TYPE (id)) 2385 { 2386 case IPSEC_ID_IPV4_ADDR: 2387 if (id_len < sizeof (struct in_addr)) 2388 goto fail; 2389 util_ntoa (&addrstr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2390 if (!addrstr) 2391 goto fail; 2392 snprintf (buf, size, "ipv4/%s", addrstr); 2393 break; 2394 2395 case IPSEC_ID_IPV6_ADDR: 2396 if (id_len < sizeof (struct in6_addr)) 2397 goto fail; 2398 util_ntoa (&addrstr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2399 if (!addrstr) 2400 goto fail; 2401 snprintf (buf, size, "ipv6/%s", addrstr); 2402 break; 2403 2404 case IPSEC_ID_FQDN: 2405 case IPSEC_ID_USER_FQDN: 2406 strlcpy (buf, 2407 GET_ISAKMP_ID_TYPE (id) == IPSEC_ID_FQDN ? "fqdn/" : "ufqdn/", 2408 size); 2409 len = strlen(buf); 2410 2411 memcpy (buf + len, id + ISAKMP_ID_DATA_OFF, id_len); 2412 *(buf + len + id_len) = '\0'; 2413 break; 2414 2415 #ifdef USE_X509 2416 case IPSEC_ID_DER_ASN1_DN: 2417 strlcpy (buf, "asn1_dn/", size); 2418 len = strlen(buf); 2419 addrstr = x509_DN_string (id + ISAKMP_ID_DATA_OFF, 2420 id_len - ISAKMP_ID_DATA_OFF); 2421 if (!addrstr) 2422 goto fail; 2423 if (size < len + strlen (addrstr) + 1) 2424 goto fail; 2425 strlcpy (buf + len, addrstr, size - len); 2426 break; 2427 #endif 2428 2429 default: 2430 /* Unknown type. */ 2431 LOG_DBG ((LOG_MISC, 10, "ipsec_id_string: unknown identity type %d\n", 2432 GET_ISAKMP_ID_TYPE (id))); 2433 goto fail; 2434 } 2435 2436 if (addrstr) 2437 free (addrstr); 2438 return buf; 2439 2440 fail: 2441 if (buf) 2442 free (buf); 2443 if (addrstr) 2444 free (addrstr); 2445 return 0; 2446 } 2447