1 /* $OpenBSD: ipsec.c,v 1.146 2015/12/10 17:27:00 mmcc Exp $ */ 2 /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ 3 4 /* 5 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. 6 * Copyright (c) 2001 Angelos D. Keromytis. All rights reserved. 7 * Copyright (c) 2001 H�kan Olsson. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* 31 * This code was written under funding by Ericsson Radio Systems. 32 */ 33 34 #include <sys/types.h> 35 #include <sys/socket.h> 36 #include <netdb.h> 37 #include <netinet/in.h> 38 #include <arpa/inet.h> 39 #include <stdlib.h> 40 #include <string.h> 41 42 #include <net/if.h> 43 #include <net/pfvar.h> 44 45 #include "attribute.h" 46 #include "conf.h" 47 #include "connection.h" 48 #include "constants.h" 49 #include "crypto.h" 50 #include "dh.h" 51 #include "doi.h" 52 #include "dpd.h" 53 #include "exchange.h" 54 #include "hash.h" 55 #include "ike_aggressive.h" 56 #include "ike_auth.h" 57 #include "ike_main_mode.h" 58 #include "ike_quick_mode.h" 59 #include "ipsec.h" 60 #include "ipsec_doi.h" 61 #include "isakmp.h" 62 #include "isakmp_cfg.h" 63 #include "isakmp_fld.h" 64 #include "isakmp_num.h" 65 #include "log.h" 66 #include "message.h" 67 #include "nat_traversal.h" 68 #include "pf_key_v2.h" 69 #include "prf.h" 70 #include "sa.h" 71 #include "timer.h" 72 #include "transport.h" 73 #include "util.h" 74 #include "x509.h" 75 76 extern int acquire_only; 77 78 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 79 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) 80 81 /* The replay window size used for all IPsec protocols if not overridden. */ 82 #define DEFAULT_REPLAY_WINDOW 16 83 84 struct ipsec_decode_arg { 85 struct message *msg; 86 struct sa *sa; 87 struct proto *proto; 88 }; 89 90 /* These variables hold the contacted peers ADT state. */ 91 struct contact { 92 struct sockaddr *addr; 93 socklen_t len; 94 } *contacts = 0; 95 int contact_cnt = 0, contact_limit = 0; 96 97 static int addr_cmp(const void *, const void *); 98 static int ipsec_add_contact(struct message *); 99 static int ipsec_contacted(struct message *); 100 static int ipsec_debug_attribute(u_int16_t, u_int8_t *, u_int16_t, 101 void *); 102 static void ipsec_delete_spi(struct sa *, struct proto *, int); 103 static int16_t *ipsec_exchange_script(u_int8_t); 104 static void ipsec_finalize_exchange(struct message *); 105 static void ipsec_free_exchange_data(void *); 106 static void ipsec_free_proto_data(void *); 107 static void ipsec_free_sa_data(void *); 108 static struct keystate *ipsec_get_keystate(struct message *); 109 static u_int8_t *ipsec_get_spi(size_t *, u_int8_t, struct message *); 110 static int ipsec_handle_leftover_payload(struct message *, u_int8_t, 111 struct payload *); 112 static int ipsec_informational_post_hook(struct message *); 113 static int ipsec_informational_pre_hook(struct message *); 114 static int ipsec_initiator(struct message *); 115 static void ipsec_proto_init(struct proto *, char *); 116 static int ipsec_responder(struct message *); 117 static void ipsec_setup_situation(u_int8_t *); 118 static int ipsec_set_network(u_int8_t *, u_int8_t *, struct sa *); 119 static size_t ipsec_situation_size(void); 120 static u_int8_t ipsec_spi_size(u_int8_t); 121 static int ipsec_validate_attribute(u_int16_t, u_int8_t *, u_int16_t, 122 void *); 123 static int ipsec_validate_exchange(u_int8_t); 124 static int ipsec_validate_id_information(u_int8_t, u_int8_t *, u_int8_t *, 125 size_t, struct exchange *); 126 static int ipsec_validate_key_information(u_int8_t *, size_t); 127 static int ipsec_validate_notification(u_int16_t); 128 static int ipsec_validate_proto(u_int8_t); 129 static int ipsec_validate_situation(u_int8_t *, size_t *, size_t); 130 static int ipsec_validate_transform_id(u_int8_t, u_int8_t); 131 static int ipsec_sa_check_flow(struct sa *, void *); 132 static int ipsec_sa_check_flow_any(struct sa *, void *); 133 static int ipsec_sa_tag(struct exchange *, struct sa *, struct sa *); 134 135 static struct doi ipsec_doi = { 136 {0}, IPSEC_DOI_IPSEC, 137 sizeof(struct ipsec_exch), sizeof(struct ipsec_sa), 138 sizeof(struct ipsec_proto), 139 ipsec_debug_attribute, 140 ipsec_delete_spi, 141 ipsec_exchange_script, 142 ipsec_finalize_exchange, 143 ipsec_free_exchange_data, 144 ipsec_free_proto_data, 145 ipsec_free_sa_data, 146 ipsec_get_keystate, 147 ipsec_get_spi, 148 ipsec_handle_leftover_payload, 149 ipsec_informational_post_hook, 150 ipsec_informational_pre_hook, 151 ipsec_is_attribute_incompatible, 152 ipsec_proto_init, 153 ipsec_setup_situation, 154 ipsec_situation_size, 155 ipsec_spi_size, 156 ipsec_validate_attribute, 157 ipsec_validate_exchange, 158 ipsec_validate_id_information, 159 ipsec_validate_key_information, 160 ipsec_validate_notification, 161 ipsec_validate_proto, 162 ipsec_validate_situation, 163 ipsec_validate_transform_id, 164 ipsec_initiator, 165 ipsec_responder, 166 ipsec_decode_ids 167 }; 168 169 int16_t script_quick_mode[] = { 170 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 171 ISAKMP_PAYLOAD_SA, 172 ISAKMP_PAYLOAD_NONCE, 173 EXCHANGE_SCRIPT_SWITCH, 174 ISAKMP_PAYLOAD_HASH, /* Responder -> initiator. */ 175 ISAKMP_PAYLOAD_SA, 176 ISAKMP_PAYLOAD_NONCE, 177 EXCHANGE_SCRIPT_SWITCH, 178 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 179 EXCHANGE_SCRIPT_END 180 }; 181 182 int16_t script_new_group_mode[] = { 183 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 184 ISAKMP_PAYLOAD_SA, 185 EXCHANGE_SCRIPT_SWITCH, 186 ISAKMP_PAYLOAD_HASH, /* Responder -> initiator. */ 187 ISAKMP_PAYLOAD_SA, 188 EXCHANGE_SCRIPT_END 189 }; 190 191 struct dst_spi_proto_arg { 192 struct sockaddr *dst; 193 u_int32_t spi; 194 u_int8_t proto; 195 }; 196 197 /* 198 * Check if SA matches what we are asking for through V_ARG. It has to 199 * be a finished phase 2 SA. 200 * if "proto" arg is 0, match any proto 201 */ 202 static int 203 ipsec_sa_check(struct sa *sa, void *v_arg) 204 { 205 struct dst_spi_proto_arg *arg = v_arg; 206 struct proto *proto; 207 struct sockaddr *dst, *src; 208 int incoming; 209 210 if (sa->phase != 2 || !(sa->flags & SA_FLAG_READY)) 211 return 0; 212 213 sa->transport->vtbl->get_dst(sa->transport, &dst); 214 if (memcmp(sockaddr_addrdata(dst), sockaddr_addrdata(arg->dst), 215 sockaddr_addrlen(dst)) == 0) 216 incoming = 0; 217 else { 218 sa->transport->vtbl->get_src(sa->transport, &src); 219 if (memcmp(sockaddr_addrdata(src), sockaddr_addrdata(arg->dst), 220 sockaddr_addrlen(src)) == 0) 221 incoming = 1; 222 else 223 return 0; 224 } 225 226 for (proto = TAILQ_FIRST(&sa->protos); proto; 227 proto = TAILQ_NEXT(proto, link)) 228 if ((arg->proto == 0 || proto->proto == arg->proto) && 229 memcmp(proto->spi[incoming], &arg->spi, sizeof arg->spi) 230 == 0) 231 return 1; 232 return 0; 233 } 234 235 /* Find an SA with a "name" of DST, SPI & PROTO. */ 236 struct sa * 237 ipsec_sa_lookup(struct sockaddr *dst, u_int32_t spi, u_int8_t proto) 238 { 239 struct dst_spi_proto_arg arg; 240 241 arg.dst = dst; 242 arg.spi = spi; 243 arg.proto = proto; 244 return sa_find(ipsec_sa_check, &arg); 245 } 246 247 /* 248 * Check if SA matches the flow of another SA in V_ARG. It has to 249 * be a finished non-replaced phase 2 SA. 250 * XXX At some point other selectors will matter here too. 251 */ 252 static int 253 ipsec_sa_check_flow(struct sa *sa, void *v_arg) 254 { 255 if ((sa->flags & (SA_FLAG_READY | SA_FLAG_REPLACED)) != SA_FLAG_READY) 256 return 0; 257 258 return ipsec_sa_check_flow_any(sa, v_arg); 259 } 260 261 static int 262 ipsec_sa_check_flow_any(struct sa *sa, void *v_arg) 263 { 264 struct sa *sa2 = v_arg; 265 struct ipsec_sa *isa = sa->data, *isa2 = sa2->data; 266 267 if (sa == sa2 || sa->phase != 2 || 268 (sa->flags & SA_FLAG_READY) != SA_FLAG_READY) 269 return 0; 270 271 if (isa->tproto != isa2->tproto || isa->sport != isa2->sport || 272 isa->dport != isa2->dport) 273 return 0; 274 275 return isa->src_net->sa_family == isa2->src_net->sa_family && 276 memcmp(sockaddr_addrdata(isa->src_net), 277 sockaddr_addrdata(isa2->src_net), 278 sockaddr_addrlen(isa->src_net)) == 0 && 279 memcmp(sockaddr_addrdata(isa->src_mask), 280 sockaddr_addrdata(isa2->src_mask), 281 sockaddr_addrlen(isa->src_mask)) == 0 && 282 memcmp(sockaddr_addrdata(isa->dst_net), 283 sockaddr_addrdata(isa2->dst_net), 284 sockaddr_addrlen(isa->dst_net)) == 0 && 285 memcmp(sockaddr_addrdata(isa->dst_mask), 286 sockaddr_addrdata(isa2->dst_mask), 287 sockaddr_addrlen(isa->dst_mask)) == 0; 288 } 289 290 /* 291 * Construct a PF tag if specified in the configuration. 292 * It is possible to use variables to expand the tag: 293 * $id The string representation of the remote ID 294 * $domain The stripped domain part of the ID (for FQDN and UFQDN) 295 */ 296 static int 297 ipsec_sa_tag(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) 298 { 299 char *format, *section; 300 char *id_string = NULL, *domain = NULL; 301 int error = -1; 302 size_t len; 303 304 sa->tag = NULL; 305 306 if (exchange->name == NULL || 307 (section = exchange->name) == NULL || 308 (format = conf_get_str(section, "PF-Tag")) == NULL) 309 return (0); /* ignore if not present */ 310 311 len = PF_TAG_NAME_SIZE; 312 if ((sa->tag = calloc(1, len)) == NULL) { 313 log_error("ipsec_sa_tag: calloc"); 314 goto fail; 315 } 316 if (strlcpy(sa->tag, format, len) >= len) { 317 log_print("ipsec_sa_tag: tag too long"); 318 goto fail; 319 } 320 if (isakmp_sa->initiator) 321 id_string = ipsec_id_string(isakmp_sa->id_r, 322 isakmp_sa->id_r_len); 323 else 324 id_string = ipsec_id_string(isakmp_sa->id_i, 325 isakmp_sa->id_i_len); 326 327 if (strstr(format, "$id") != NULL) { 328 if (id_string == NULL) { 329 log_print("ipsec_sa_tag: cannot get ID"); 330 goto fail; 331 } 332 if (expand_string(sa->tag, len, "$id", id_string) != 0) { 333 log_print("ipsec_sa_tag: failed to expand tag"); 334 goto fail; 335 } 336 } 337 338 if (strstr(format, "$domain") != NULL) { 339 if (id_string == NULL) { 340 log_print("ipsec_sa_tag: cannot get ID"); 341 goto fail; 342 } 343 if (strncmp(id_string, "fqdn/", strlen("fqdn/")) == 0) 344 domain = strchr(id_string, '.'); 345 else if (strncmp(id_string, "ufqdn/", strlen("ufqdn/")) == 0) 346 domain = strchr(id_string, '@'); 347 if (domain == NULL || strlen(domain) < 2) { 348 log_print("ipsec_sa_tag: no valid domain in ID %s", 349 id_string); 350 goto fail; 351 } 352 domain++; 353 if (expand_string(sa->tag, len, "$domain", domain) != 0) { 354 log_print("ipsec_sa_tag: failed to expand tag"); 355 goto fail; 356 } 357 } 358 359 LOG_DBG((LOG_SA, 10, "ipsec_sa_tag: tag_len %ld tag \"%s\"", 360 strlen(sa->tag), sa->tag)); 361 362 error = 0; 363 fail: 364 free(id_string); 365 if (error != 0) { 366 free(sa->tag); 367 sa->tag = NULL; 368 } 369 370 return (error); 371 } 372 373 /* 374 * Do IPsec DOI specific finalizations task for the exchange where MSG was 375 * the final message. 376 */ 377 static void 378 ipsec_finalize_exchange(struct message *msg) 379 { 380 struct sa *isakmp_sa = msg->isakmp_sa; 381 struct ipsec_sa *isa; 382 struct exchange *exchange = msg->exchange; 383 struct ipsec_exch *ie = exchange->data; 384 struct sa *sa = 0, *old_sa; 385 struct proto *proto, *last_proto = 0; 386 char *addr1, *addr2, *mask1, *mask2; 387 388 switch (exchange->phase) { 389 case 1: 390 switch (exchange->type) { 391 case ISAKMP_EXCH_ID_PROT: 392 case ISAKMP_EXCH_AGGRESSIVE: 393 isa = isakmp_sa->data; 394 isa->hash = ie->hash->type; 395 isa->prf_type = ie->prf_type; 396 isa->skeyid_len = ie->skeyid_len; 397 isa->skeyid_d = ie->skeyid_d; 398 isa->skeyid_a = ie->skeyid_a; 399 /* Prevents early free of SKEYID_*. */ 400 ie->skeyid_a = ie->skeyid_d = 0; 401 402 /* 403 * If a lifetime was negotiated setup the expiration 404 * timers. 405 */ 406 if (isakmp_sa->seconds) 407 sa_setup_expirations(isakmp_sa); 408 409 if (isakmp_sa->flags & SA_FLAG_NAT_T_KEEPALIVE) 410 nat_t_setup_keepalive(isakmp_sa); 411 break; 412 } 413 break; 414 415 case 2: 416 switch (exchange->type) { 417 case IKE_EXCH_QUICK_MODE: 418 /* 419 * Tell the application(s) about the SPIs and key 420 * material. 421 */ 422 for (sa = TAILQ_FIRST(&exchange->sa_list); sa; 423 sa = TAILQ_NEXT(sa, next)) { 424 isa = sa->data; 425 426 if (exchange->initiator) { 427 /* 428 * Initiator is source, responder is 429 * destination. 430 */ 431 if (ipsec_set_network(ie->id_ci, 432 ie->id_cr, sa)) { 433 log_print( 434 "ipsec_finalize_exchange: " 435 "ipsec_set_network " 436 "failed"); 437 return; 438 } 439 } else { 440 /* 441 * Responder is source, initiator is 442 * destination. 443 */ 444 if (ipsec_set_network(ie->id_cr, 445 ie->id_ci, sa)) { 446 log_print( 447 "ipsec_finalize_exchange: " 448 "ipsec_set_network " 449 "failed"); 450 return; 451 } 452 } 453 454 if (ipsec_sa_tag(exchange, sa, isakmp_sa) == -1) 455 return; 456 457 for (proto = TAILQ_FIRST(&sa->protos), 458 last_proto = 0; proto; 459 proto = TAILQ_NEXT(proto, link)) { 460 if (pf_key_v2_set_spi(sa, proto, 461 0, isakmp_sa) || 462 (last_proto && 463 pf_key_v2_group_spis(sa, 464 last_proto, proto, 0)) || 465 pf_key_v2_set_spi(sa, proto, 466 1, isakmp_sa) || 467 (last_proto && 468 pf_key_v2_group_spis(sa, 469 last_proto, proto, 1))) 470 /* 471 * XXX Tear down this 472 * exchange. 473 */ 474 return; 475 last_proto = proto; 476 } 477 478 if (sockaddr2text(isa->src_net, &addr1, 0)) 479 addr1 = 0; 480 if (sockaddr2text(isa->src_mask, &mask1, 0)) 481 mask1 = 0; 482 if (sockaddr2text(isa->dst_net, &addr2, 0)) 483 addr2 = 0; 484 if (sockaddr2text(isa->dst_mask, &mask2, 0)) 485 mask2 = 0; 486 487 LOG_DBG((LOG_EXCHANGE, 50, 488 "ipsec_finalize_exchange: src %s %s " 489 "dst %s %s tproto %u sport %u dport %u", 490 addr1 ? addr1 : "<??\?>", 491 mask1 ? mask1 : "<??\?>", 492 addr2 ? addr2 : "<??\?>", 493 mask2 ? mask2 : "<??\?>", 494 isa->tproto, ntohs(isa->sport), 495 ntohs(isa->dport))); 496 497 free(addr1); 498 free(mask1); 499 free(addr2); 500 free(mask2); 501 502 /* 503 * If this is not an SA acquired by the 504 * kernel, it needs to have a SPD entry 505 * (a.k.a. flow) set up. 506 */ 507 if (!(sa->flags & SA_FLAG_ONDEMAND || 508 conf_get_str("General", "Acquire-Only") || 509 acquire_only) && 510 pf_key_v2_enable_sa(sa, isakmp_sa)) 511 /* XXX Tear down this exchange. */ 512 return; 513 514 /* 515 * Mark elder SAs with the same flow 516 * information as replaced. 517 */ 518 while ((old_sa = sa_find(ipsec_sa_check_flow, 519 sa)) != 0) 520 sa_mark_replaced(old_sa); 521 } 522 break; 523 } 524 } 525 } 526 527 /* Set the client addresses in ISA from SRC_ID and DST_ID. */ 528 static int 529 ipsec_set_network(u_int8_t *src_id, u_int8_t *dst_id, struct sa *sa) 530 { 531 void *src_net, *dst_net; 532 void *src_mask = NULL, *dst_mask = NULL; 533 struct sockaddr *addr; 534 struct proto *proto; 535 struct ipsec_proto *iproto; 536 struct ipsec_sa *isa = sa->data; 537 int src_af, dst_af; 538 int id; 539 char *name, *nat = NULL; 540 u_int8_t *nat_id = NULL; 541 size_t nat_sz; 542 543 if ((name = connection_passive_lookup_by_ids(src_id, dst_id))) 544 nat = conf_get_str(name, "NAT-ID"); 545 546 if (nat) { 547 if ((nat_id = ipsec_build_id(nat, &nat_sz))) { 548 LOG_DBG((LOG_EXCHANGE, 50, "ipsec_set_network: SRC-NAT:" 549 " src: %s -> %s", name, nat)); 550 src_id = nat_id; 551 } else 552 log_print("ipsec_set_network: ipsec_build_id" 553 " failed for NAT-ID: %s", nat); 554 } 555 556 if (((proto = TAILQ_FIRST(&sa->protos)) != NULL) && 557 ((iproto = proto->data) != NULL) && 558 (iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT || 559 iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT)) { 560 /* 561 * For NAT-T with transport mode, we need to use the ISAKMP's 562 * SA addresses for the flow. 563 */ 564 sa->transport->vtbl->get_src(sa->transport, &addr); 565 src_af = addr->sa_family; 566 src_net = sockaddr_addrdata(addr); 567 568 sa->transport->vtbl->get_dst(sa->transport, &addr); 569 dst_af = addr->sa_family; 570 dst_net = sockaddr_addrdata(addr); 571 } else { 572 id = GET_ISAKMP_ID_TYPE(src_id); 573 src_net = src_id + ISAKMP_ID_DATA_OFF; 574 switch (id) { 575 case IPSEC_ID_IPV4_ADDR_SUBNET: 576 src_mask = (u_int8_t *)src_net + sizeof(struct in_addr); 577 /* FALLTHROUGH */ 578 case IPSEC_ID_IPV4_ADDR: 579 src_af = AF_INET; 580 break; 581 582 case IPSEC_ID_IPV6_ADDR_SUBNET: 583 src_mask = (u_int8_t *)src_net + 584 sizeof(struct in6_addr); 585 /* FALLTHROUGH */ 586 case IPSEC_ID_IPV6_ADDR: 587 src_af = AF_INET6; 588 break; 589 590 default: 591 log_print( 592 "ipsec_set_network: ID type %d (%s) not supported", 593 id, constant_name(ipsec_id_cst, id)); 594 return -1; 595 } 596 597 id = GET_ISAKMP_ID_TYPE(dst_id); 598 dst_net = dst_id + ISAKMP_ID_DATA_OFF; 599 switch (id) { 600 case IPSEC_ID_IPV4_ADDR_SUBNET: 601 dst_mask = (u_int8_t *)dst_net + sizeof(struct in_addr); 602 /* FALLTHROUGH */ 603 case IPSEC_ID_IPV4_ADDR: 604 dst_af = AF_INET; 605 break; 606 607 case IPSEC_ID_IPV6_ADDR_SUBNET: 608 dst_mask = (u_int8_t *)dst_net + 609 sizeof(struct in6_addr); 610 /* FALLTHROUGH */ 611 case IPSEC_ID_IPV6_ADDR: 612 dst_af = AF_INET6; 613 break; 614 615 default: 616 log_print( 617 "ipsec_set_network: ID type %d (%s) not supported", 618 id, constant_name(ipsec_id_cst, id)); 619 return -1; 620 } 621 } 622 623 /* Set source address/mask. */ 624 switch (src_af) { 625 case AF_INET: 626 isa->src_net = calloc(1, sizeof(struct sockaddr_in)); 627 if (!isa->src_net) 628 goto memfail; 629 isa->src_net->sa_family = AF_INET; 630 isa->src_net->sa_len = sizeof(struct sockaddr_in); 631 632 isa->src_mask = calloc(1, sizeof(struct sockaddr_in)); 633 if (!isa->src_mask) 634 goto memfail; 635 isa->src_mask->sa_family = AF_INET; 636 isa->src_mask->sa_len = sizeof(struct sockaddr_in); 637 break; 638 639 case AF_INET6: 640 isa->src_net = calloc(1, sizeof(struct sockaddr_in6)); 641 if (!isa->src_net) 642 goto memfail; 643 isa->src_net->sa_family = AF_INET6; 644 isa->src_net->sa_len = sizeof(struct sockaddr_in6); 645 646 isa->src_mask = calloc(1, sizeof(struct sockaddr_in6)); 647 if (!isa->src_mask) 648 goto memfail; 649 isa->src_mask->sa_family = AF_INET6; 650 isa->src_mask->sa_len = sizeof(struct sockaddr_in6); 651 break; 652 } 653 654 /* Net */ 655 memcpy(sockaddr_addrdata(isa->src_net), src_net, 656 sockaddr_addrlen(isa->src_net)); 657 658 /* Mask */ 659 if (src_mask == NULL) 660 memset(sockaddr_addrdata(isa->src_mask), 0xff, 661 sockaddr_addrlen(isa->src_mask)); 662 else 663 memcpy(sockaddr_addrdata(isa->src_mask), src_mask, 664 sockaddr_addrlen(isa->src_mask)); 665 666 memcpy(&isa->sport, 667 src_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF, 668 IPSEC_ID_PORT_LEN); 669 670 free(nat_id); 671 672 /* Set destination address. */ 673 switch (dst_af) { 674 case AF_INET: 675 isa->dst_net = calloc(1, sizeof(struct sockaddr_in)); 676 if (!isa->dst_net) 677 goto memfail; 678 isa->dst_net->sa_family = AF_INET; 679 isa->dst_net->sa_len = sizeof(struct sockaddr_in); 680 681 isa->dst_mask = calloc(1, sizeof(struct sockaddr_in)); 682 if (!isa->dst_mask) 683 goto memfail; 684 isa->dst_mask->sa_family = AF_INET; 685 isa->dst_mask->sa_len = sizeof(struct sockaddr_in); 686 break; 687 688 case AF_INET6: 689 isa->dst_net = calloc(1, sizeof(struct sockaddr_in6)); 690 if (!isa->dst_net) 691 goto memfail; 692 isa->dst_net->sa_family = AF_INET6; 693 isa->dst_net->sa_len = sizeof(struct sockaddr_in6); 694 695 isa->dst_mask = calloc(1, sizeof(struct sockaddr_in6)); 696 if (!isa->dst_mask) 697 goto memfail; 698 isa->dst_mask->sa_family = AF_INET6; 699 isa->dst_mask->sa_len = sizeof(struct sockaddr_in6); 700 break; 701 } 702 703 /* Net */ 704 memcpy(sockaddr_addrdata(isa->dst_net), dst_net, 705 sockaddr_addrlen(isa->dst_net)); 706 707 /* Mask */ 708 if (dst_mask == NULL) 709 memset(sockaddr_addrdata(isa->dst_mask), 0xff, 710 sockaddr_addrlen(isa->dst_mask)); 711 else 712 memcpy(sockaddr_addrdata(isa->dst_mask), dst_mask, 713 sockaddr_addrlen(isa->dst_mask)); 714 715 memcpy(&isa->tproto, dst_id + ISAKMP_ID_DOI_DATA_OFF + 716 IPSEC_ID_PROTO_OFF, IPSEC_ID_PROTO_LEN); 717 memcpy(&isa->dport, 718 dst_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF, 719 IPSEC_ID_PORT_LEN); 720 return 0; 721 722 memfail: 723 log_error("ipsec_set_network: calloc () failed"); 724 return -1; 725 } 726 727 /* Free the DOI-specific exchange data pointed to by VIE. */ 728 static void 729 ipsec_free_exchange_data(void *vie) 730 { 731 struct ipsec_exch *ie = vie; 732 struct isakmp_cfg_attr *attr; 733 734 free(ie->sa_i_b); 735 free(ie->id_ci); 736 free(ie->id_cr); 737 free(ie->g_xi); 738 free(ie->g_xr); 739 free(ie->g_xy); 740 free(ie->skeyid); 741 free(ie->skeyid_d); 742 free(ie->skeyid_a); 743 free(ie->skeyid_e); 744 free(ie->hash_i); 745 free(ie->hash_r); 746 if (ie->group) 747 group_free(ie->group); 748 for (attr = LIST_FIRST(&ie->attrs); attr; 749 attr = LIST_FIRST(&ie->attrs)) { 750 LIST_REMOVE(attr, link); 751 if (attr->length) 752 free(attr->value); 753 free(attr); 754 } 755 } 756 757 /* Free the DOI-specific SA data pointed to by VISA. */ 758 static void 759 ipsec_free_sa_data(void *visa) 760 { 761 struct ipsec_sa *isa = visa; 762 763 free(isa->src_net); 764 free(isa->src_mask); 765 free(isa->dst_net); 766 free(isa->dst_mask); 767 free(isa->skeyid_a); 768 free(isa->skeyid_d); 769 } 770 771 /* Free the DOI-specific protocol data of an SA pointed to by VIPROTO. */ 772 static void 773 ipsec_free_proto_data(void *viproto) 774 { 775 struct ipsec_proto *iproto = viproto; 776 int i; 777 778 for (i = 0; i < 2; i++) 779 free(iproto->keymat[i]); 780 } 781 782 /* Return exchange script based on TYPE. */ 783 static int16_t * 784 ipsec_exchange_script(u_int8_t type) 785 { 786 switch (type) { 787 case ISAKMP_EXCH_TRANSACTION: 788 return script_transaction; 789 case IKE_EXCH_QUICK_MODE: 790 return script_quick_mode; 791 case IKE_EXCH_NEW_GROUP_MODE: 792 return script_new_group_mode; 793 } 794 return 0; 795 } 796 797 /* Initialize this DOI, requires doi_init to already have been called. */ 798 void 799 ipsec_init(void) 800 { 801 doi_register(&ipsec_doi); 802 } 803 804 /* Given a message MSG, return a suitable IV (or rather keystate). */ 805 static struct keystate * 806 ipsec_get_keystate(struct message *msg) 807 { 808 struct keystate *ks; 809 struct hash *hash; 810 811 /* If we have already have an IV, use it. */ 812 if (msg->exchange && msg->exchange->keystate) { 813 ks = malloc(sizeof *ks); 814 if (!ks) { 815 log_error("ipsec_get_keystate: malloc (%lu) failed", 816 (unsigned long) sizeof *ks); 817 return 0; 818 } 819 memcpy(ks, msg->exchange->keystate, sizeof *ks); 820 return ks; 821 } 822 /* 823 * For phase 2 when no SA yet is setup we need to hash the IV used by 824 * the ISAKMP SA concatenated with the message ID, and use that as an 825 * IV for further cryptographic operations. 826 */ 827 if (!msg->isakmp_sa->keystate) { 828 log_print("ipsec_get_keystate: no keystate in ISAKMP SA %p", 829 msg->isakmp_sa); 830 return 0; 831 } 832 ks = crypto_clone_keystate(msg->isakmp_sa->keystate); 833 if (!ks) 834 return 0; 835 836 hash = hash_get(((struct ipsec_sa *)msg->isakmp_sa->data)->hash); 837 hash->Init(hash->ctx); 838 LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: final phase 1 IV", 839 ks->riv, ks->xf->blocksize)); 840 hash->Update(hash->ctx, ks->riv, ks->xf->blocksize); 841 LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: message ID", 842 ((u_int8_t *) msg->iov[0].iov_base) + ISAKMP_HDR_MESSAGE_ID_OFF, 843 ISAKMP_HDR_MESSAGE_ID_LEN)); 844 hash->Update(hash->ctx, ((u_int8_t *) msg->iov[0].iov_base) + 845 ISAKMP_HDR_MESSAGE_ID_OFF, ISAKMP_HDR_MESSAGE_ID_LEN); 846 hash->Final(hash->digest, hash->ctx); 847 crypto_init_iv(ks, hash->digest, ks->xf->blocksize); 848 LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: phase 2 IV", 849 hash->digest, ks->xf->blocksize)); 850 return ks; 851 } 852 853 static void 854 ipsec_setup_situation(u_int8_t *buf) 855 { 856 SET_IPSEC_SIT_SIT(buf + ISAKMP_SA_SIT_OFF, IPSEC_SIT_IDENTITY_ONLY); 857 } 858 859 static size_t 860 ipsec_situation_size(void) 861 { 862 return IPSEC_SIT_SIT_LEN; 863 } 864 865 static u_int8_t 866 ipsec_spi_size(u_int8_t proto) 867 { 868 return IPSEC_SPI_SIZE; 869 } 870 871 static int 872 ipsec_validate_attribute(u_int16_t type, u_int8_t * value, u_int16_t len, 873 void *vmsg) 874 { 875 struct message *msg = vmsg; 876 877 if (msg->exchange->phase == 1 && 878 (type < IKE_ATTR_ENCRYPTION_ALGORITHM || type > IKE_ATTR_GROUP_ORDER)) 879 return -1; 880 if (msg->exchange->phase == 2 && 881 (type < IPSEC_ATTR_SA_LIFE_TYPE || type > IPSEC_ATTR_ECN_TUNNEL)) 882 return -1; 883 return 0; 884 } 885 886 static int 887 ipsec_validate_exchange(u_int8_t exch) 888 { 889 return exch != IKE_EXCH_QUICK_MODE && exch != IKE_EXCH_NEW_GROUP_MODE; 890 } 891 892 static int 893 ipsec_validate_id_information(u_int8_t type, u_int8_t *extra, u_int8_t *buf, 894 size_t sz, struct exchange *exchange) 895 { 896 u_int8_t proto = GET_IPSEC_ID_PROTO(extra); 897 u_int16_t port = GET_IPSEC_ID_PORT(extra); 898 899 LOG_DBG((LOG_MESSAGE, 40, 900 "ipsec_validate_id_information: proto %d port %d type %d", 901 proto, port, type)); 902 if (type < IPSEC_ID_IPV4_ADDR || type > IPSEC_ID_KEY_ID) 903 return -1; 904 905 switch (type) { 906 case IPSEC_ID_IPV4_ADDR: 907 LOG_DBG_BUF((LOG_MESSAGE, 40, 908 "ipsec_validate_id_information: IPv4", buf, 909 sizeof(struct in_addr))); 910 break; 911 912 case IPSEC_ID_IPV6_ADDR: 913 LOG_DBG_BUF((LOG_MESSAGE, 40, 914 "ipsec_validate_id_information: IPv6", buf, 915 sizeof(struct in6_addr))); 916 break; 917 918 case IPSEC_ID_IPV4_ADDR_SUBNET: 919 LOG_DBG_BUF((LOG_MESSAGE, 40, 920 "ipsec_validate_id_information: IPv4 network/netmask", 921 buf, 2 * sizeof(struct in_addr))); 922 break; 923 924 case IPSEC_ID_IPV6_ADDR_SUBNET: 925 LOG_DBG_BUF((LOG_MESSAGE, 40, 926 "ipsec_validate_id_information: IPv6 network/netmask", 927 buf, 2 * sizeof(struct in6_addr))); 928 break; 929 930 default: 931 break; 932 } 933 934 if (exchange->phase == 1 && 935 (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT) && 936 (proto != 0 || port != 0)) { 937 /* 938 * XXX SSH's ISAKMP tester fails this test (proto 17 - port 939 * 0). 940 */ 941 #ifdef notyet 942 return -1; 943 #else 944 log_print("ipsec_validate_id_information: dubious ID " 945 "information accepted"); 946 #endif 947 } 948 /* XXX More checks? */ 949 950 return 0; 951 } 952 953 static int 954 ipsec_validate_key_information(u_int8_t *buf, size_t sz) 955 { 956 /* XXX Not implemented yet. */ 957 return 0; 958 } 959 960 static int 961 ipsec_validate_notification(u_int16_t type) 962 { 963 return type < IPSEC_NOTIFY_RESPONDER_LIFETIME || 964 type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0; 965 } 966 967 static int 968 ipsec_validate_proto(u_int8_t proto) 969 { 970 return proto < IPSEC_PROTO_IPSEC_AH || 971 proto > IPSEC_PROTO_IPCOMP ? -1 : 0; 972 } 973 974 static int 975 ipsec_validate_situation(u_int8_t *buf, size_t *sz, size_t len) 976 { 977 if (len < IPSEC_SIT_SIT_OFF + IPSEC_SIT_SIT_LEN) { 978 log_print("ipsec_validate_situation: payload too short: %u", 979 (unsigned int) len); 980 return -1; 981 } 982 /* Currently only "identity only" situations are supported. */ 983 if (GET_IPSEC_SIT_SIT(buf) != IPSEC_SIT_IDENTITY_ONLY) 984 return 1; 985 986 *sz = IPSEC_SIT_SIT_LEN; 987 988 return 0; 989 } 990 991 static int 992 ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id) 993 { 994 switch (proto) { 995 /* 996 * As no unexpected protocols can occur, we just tie the 997 * default case to the first case, in order to silence a GCC 998 * warning. 999 */ 1000 default: 1001 case ISAKMP_PROTO_ISAKMP: 1002 return transform_id != IPSEC_TRANSFORM_KEY_IKE; 1003 case IPSEC_PROTO_IPSEC_AH: 1004 return transform_id < IPSEC_AH_MD5 || 1005 transform_id > IPSEC_AH_RIPEMD ? -1 : 0; 1006 case IPSEC_PROTO_IPSEC_ESP: 1007 return transform_id < IPSEC_ESP_DES_IV64 || 1008 (transform_id > IPSEC_ESP_AES_GMAC && 1009 transform_id < IPSEC_ESP_AES_MARS) || 1010 transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; 1011 case IPSEC_PROTO_IPCOMP: 1012 return transform_id < IPSEC_IPCOMP_OUI || 1013 transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0; 1014 } 1015 } 1016 1017 static int 1018 ipsec_initiator(struct message *msg) 1019 { 1020 struct exchange *exchange = msg->exchange; 1021 int (**script)(struct message *) = 0; 1022 1023 /* Check that the SA is coherent with the IKE rules. */ 1024 if (exchange->type != ISAKMP_EXCH_TRANSACTION && 1025 ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT && 1026 exchange->type != ISAKMP_EXCH_AGGRESSIVE && 1027 exchange->type != ISAKMP_EXCH_INFO) || 1028 (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE && 1029 exchange->type != ISAKMP_EXCH_INFO))) { 1030 log_print("ipsec_initiator: unsupported exchange type %d " 1031 "in phase %d", exchange->type, exchange->phase); 1032 return -1; 1033 } 1034 switch (exchange->type) { 1035 case ISAKMP_EXCH_ID_PROT: 1036 script = ike_main_mode_initiator; 1037 break; 1038 case ISAKMP_EXCH_AGGRESSIVE: 1039 script = ike_aggressive_initiator; 1040 break; 1041 case ISAKMP_EXCH_TRANSACTION: 1042 script = isakmp_cfg_initiator; 1043 break; 1044 case ISAKMP_EXCH_INFO: 1045 return message_send_info(msg); 1046 case IKE_EXCH_QUICK_MODE: 1047 script = ike_quick_mode_initiator; 1048 break; 1049 default: 1050 log_print("ipsec_initiator: unsupported exchange type %d", 1051 exchange->type); 1052 return -1; 1053 } 1054 1055 /* Run the script code for this step. */ 1056 if (script) 1057 return script[exchange->step] (msg); 1058 1059 return 0; 1060 } 1061 1062 /* 1063 * delete all SA's from addr with the associated proto and SPI's 1064 * 1065 * spis[] is an array of SPIs of size 16-octet for proto ISAKMP 1066 * or 4-octet otherwise. 1067 */ 1068 static void 1069 ipsec_delete_spi_list(struct sockaddr *addr, u_int8_t proto, u_int8_t *spis, 1070 int nspis, char *type) 1071 { 1072 struct sa *sa; 1073 char *peer; 1074 char ids[1024]; 1075 int i; 1076 1077 for (i = 0; i < nspis; i++) { 1078 if (proto == ISAKMP_PROTO_ISAKMP) { 1079 u_int8_t *spi = spis + i * ISAKMP_HDR_COOKIES_LEN; 1080 1081 /* 1082 * This really shouldn't happen in IPSEC DOI 1083 * code, but Cisco VPN 3000 sends ISAKMP DELETE's 1084 * this way. 1085 */ 1086 sa = sa_lookup_isakmp_sa(addr, spi); 1087 } else { 1088 u_int32_t spi = ((u_int32_t *)spis)[i]; 1089 1090 sa = ipsec_sa_lookup(addr, spi, proto); 1091 } 1092 1093 if (sa == NULL) { 1094 LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: could " 1095 "not locate SA (SPI %08x, proto %u)", 1096 ((u_int32_t *)spis)[i], proto)); 1097 continue; 1098 } 1099 1100 strlcpy(ids, 1101 sa->doi->decode_ids("initiator id: %s, responder id: %s", 1102 sa->id_i, sa->id_i_len, sa->id_r, sa->id_r_len, 0), 1103 sizeof ids); 1104 if (sockaddr2text(addr, &peer, 0)) 1105 peer = NULL; 1106 1107 /* only log deletion of SAs which are not soft expired yet */ 1108 if (sa->soft_death != NULL) 1109 log_verbose("isakmpd: Peer %s made us delete live SA " 1110 "%s for proto %d, %s", peer ? peer : "<unknown>", 1111 sa->name ? sa->name : "<unnamed>", proto, ids); 1112 1113 LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: " 1114 "%s made us delete SA %p (%d references) for proto %d (%s)", 1115 type, sa, sa->refcnt, proto, ids)); 1116 free(peer); 1117 1118 /* Delete the SA and search for the next */ 1119 sa_free(sa); 1120 } 1121 } 1122 1123 static int 1124 ipsec_responder(struct message *msg) 1125 { 1126 struct exchange *exchange = msg->exchange; 1127 int (**script)(struct message *) = 0; 1128 struct payload *p; 1129 u_int16_t type; 1130 1131 /* Check that a new exchange is coherent with the IKE rules. */ 1132 if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION && 1133 ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT && 1134 exchange->type != ISAKMP_EXCH_AGGRESSIVE && 1135 exchange->type != ISAKMP_EXCH_INFO) || 1136 (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE && 1137 exchange->type != ISAKMP_EXCH_INFO))) { 1138 message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE, 1139 0, 1, 0); 1140 return -1; 1141 } 1142 LOG_DBG((LOG_MISC, 30, "ipsec_responder: phase %d exchange %d step %d", 1143 exchange->phase, exchange->type, exchange->step)); 1144 switch (exchange->type) { 1145 case ISAKMP_EXCH_ID_PROT: 1146 script = ike_main_mode_responder; 1147 break; 1148 case ISAKMP_EXCH_AGGRESSIVE: 1149 script = ike_aggressive_responder; 1150 break; 1151 case ISAKMP_EXCH_TRANSACTION: 1152 script = isakmp_cfg_responder; 1153 break; 1154 case ISAKMP_EXCH_INFO: 1155 TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_NOTIFY], link) { 1156 type = GET_ISAKMP_NOTIFY_MSG_TYPE(p->p); 1157 LOG_DBG((LOG_EXCHANGE, 10, 1158 "ipsec_responder: got NOTIFY of type %s", 1159 constant_name(isakmp_notify_cst, type))); 1160 1161 switch (type) { 1162 case IPSEC_NOTIFY_INITIAL_CONTACT: 1163 /* Handled by leftover logic. */ 1164 break; 1165 1166 case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE: 1167 case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE_ACK: 1168 dpd_handle_notify(msg, p); 1169 break; 1170 1171 default: 1172 p->flags |= PL_MARK; 1173 break; 1174 } 1175 } 1176 1177 /* 1178 * If any DELETEs are in here, let the logic of leftover 1179 * payloads deal with them. 1180 */ 1181 return 0; 1182 1183 case IKE_EXCH_QUICK_MODE: 1184 script = ike_quick_mode_responder; 1185 break; 1186 1187 default: 1188 message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE, 1189 0, 1, 0); 1190 return -1; 1191 } 1192 1193 /* Run the script code for this step. */ 1194 if (script) 1195 return script[exchange->step] (msg); 1196 1197 /* 1198 * XXX So far we don't accept any proposals for exchanges we don't 1199 * support. 1200 */ 1201 if (payload_first(msg, ISAKMP_PAYLOAD_SA)) { 1202 message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); 1203 return -1; 1204 } 1205 return 0; 1206 } 1207 1208 static enum hashes 1209 from_ike_hash(u_int16_t hash) 1210 { 1211 switch (hash) { 1212 case IKE_HASH_MD5: 1213 return HASH_MD5; 1214 case IKE_HASH_SHA: 1215 return HASH_SHA1; 1216 case IKE_HASH_SHA2_256: 1217 return HASH_SHA2_256; 1218 case IKE_HASH_SHA2_384: 1219 return HASH_SHA2_384; 1220 case IKE_HASH_SHA2_512: 1221 return HASH_SHA2_512; 1222 } 1223 return -1; 1224 } 1225 1226 static enum transform 1227 from_ike_crypto(u_int16_t crypto) 1228 { 1229 /* Coincidentally this is the null operation :-) */ 1230 return crypto; 1231 } 1232 1233 /* 1234 * Find out whether the attribute of type TYPE with a LEN length value 1235 * pointed to by VALUE is incompatible with what we can handle. 1236 * VMSG is a pointer to the current message. 1237 */ 1238 int 1239 ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len, 1240 void *vmsg) 1241 { 1242 struct message *msg = vmsg; 1243 u_int16_t dv = decode_16(value); 1244 1245 if (msg->exchange->phase == 1) { 1246 switch (type) { 1247 case IKE_ATTR_ENCRYPTION_ALGORITHM: 1248 return !crypto_get(from_ike_crypto(dv)); 1249 case IKE_ATTR_HASH_ALGORITHM: 1250 return !hash_get(from_ike_hash(dv)); 1251 case IKE_ATTR_AUTHENTICATION_METHOD: 1252 return !ike_auth_get(dv); 1253 case IKE_ATTR_GROUP_DESCRIPTION: 1254 return (dv < IKE_GROUP_DESC_MODP_768 || 1255 dv > IKE_GROUP_DESC_MODP_1536) && 1256 (dv < IKE_GROUP_DESC_MODP_2048 || 1257 dv > IKE_GROUP_DESC_MODP_8192); 1258 case IKE_ATTR_GROUP_TYPE: 1259 return 1; 1260 case IKE_ATTR_GROUP_PRIME: 1261 return 1; 1262 case IKE_ATTR_GROUP_GENERATOR_1: 1263 return 1; 1264 case IKE_ATTR_GROUP_GENERATOR_2: 1265 return 1; 1266 case IKE_ATTR_GROUP_CURVE_A: 1267 return 1; 1268 case IKE_ATTR_GROUP_CURVE_B: 1269 return 1; 1270 case IKE_ATTR_LIFE_TYPE: 1271 return dv < IKE_DURATION_SECONDS || 1272 dv > IKE_DURATION_KILOBYTES; 1273 case IKE_ATTR_LIFE_DURATION: 1274 return len != 2 && len != 4; 1275 case IKE_ATTR_PRF: 1276 return 1; 1277 case IKE_ATTR_KEY_LENGTH: 1278 /* 1279 * Our crypto routines only allows key-lengths which 1280 * are multiples of an octet. 1281 */ 1282 return dv % 8 != 0; 1283 case IKE_ATTR_FIELD_SIZE: 1284 return 1; 1285 case IKE_ATTR_GROUP_ORDER: 1286 return 1; 1287 } 1288 } else { 1289 switch (type) { 1290 case IPSEC_ATTR_SA_LIFE_TYPE: 1291 return dv < IPSEC_DURATION_SECONDS || 1292 dv > IPSEC_DURATION_KILOBYTES; 1293 case IPSEC_ATTR_SA_LIFE_DURATION: 1294 return len != 2 && len != 4; 1295 case IPSEC_ATTR_GROUP_DESCRIPTION: 1296 return (dv < IKE_GROUP_DESC_MODP_768 || 1297 dv > IKE_GROUP_DESC_MODP_1536) && 1298 (dv < IKE_GROUP_DESC_MODP_2048 || 1299 IKE_GROUP_DESC_MODP_8192 < dv); 1300 case IPSEC_ATTR_ENCAPSULATION_MODE: 1301 return dv != IPSEC_ENCAP_TUNNEL && 1302 dv != IPSEC_ENCAP_TRANSPORT && 1303 dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL && 1304 dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT && 1305 dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT && 1306 dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT; 1307 case IPSEC_ATTR_AUTHENTICATION_ALGORITHM: 1308 return dv < IPSEC_AUTH_HMAC_MD5 || 1309 dv > IPSEC_AUTH_HMAC_RIPEMD; 1310 case IPSEC_ATTR_KEY_LENGTH: 1311 /* 1312 * XXX Blowfish needs '0'. Others appear to disregard 1313 * this attr? 1314 */ 1315 return 0; 1316 case IPSEC_ATTR_KEY_ROUNDS: 1317 return 1; 1318 case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE: 1319 return 1; 1320 case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: 1321 return 1; 1322 case IPSEC_ATTR_ECN_TUNNEL: 1323 return 1; 1324 } 1325 } 1326 /* XXX Silence gcc. */ 1327 return 1; 1328 } 1329 1330 /* 1331 * Log the attribute of TYPE with a LEN length value pointed to by VALUE 1332 * in human-readable form. VMSG is a pointer to the current message. 1333 */ 1334 int 1335 ipsec_debug_attribute(u_int16_t type, u_int8_t *value, u_int16_t len, 1336 void *vmsg) 1337 { 1338 struct message *msg = vmsg; 1339 char val[20]; 1340 1341 /* XXX Transient solution. */ 1342 if (len == 2) 1343 snprintf(val, sizeof val, "%d", decode_16(value)); 1344 else if (len == 4) 1345 snprintf(val, sizeof val, "%d", decode_32(value)); 1346 else 1347 snprintf(val, sizeof val, "unrepresentable"); 1348 1349 LOG_DBG((LOG_MESSAGE, 50, "Attribute %s value %s", 1350 constant_name(msg->exchange->phase == 1 ? ike_attr_cst : 1351 ipsec_attr_cst, type), val)); 1352 return 0; 1353 } 1354 1355 /* 1356 * Decode the attribute of type TYPE with a LEN length value pointed to by 1357 * VALUE. VIDA is a pointer to a context structure where we can find the 1358 * current message, SA and protocol. 1359 */ 1360 int 1361 ipsec_decode_attribute(u_int16_t type, u_int8_t *value, u_int16_t len, 1362 void *vida) 1363 { 1364 struct ipsec_decode_arg *ida = vida; 1365 struct message *msg = ida->msg; 1366 struct sa *sa = ida->sa; 1367 struct ipsec_sa *isa = sa->data; 1368 struct proto *proto = ida->proto; 1369 struct ipsec_proto *iproto = proto->data; 1370 struct exchange *exchange = msg->exchange; 1371 struct ipsec_exch *ie = exchange->data; 1372 static int lifetype = 0; 1373 1374 if (exchange->phase == 1) { 1375 switch (type) { 1376 case IKE_ATTR_ENCRYPTION_ALGORITHM: 1377 /* XXX Errors possible? */ 1378 exchange->crypto = crypto_get(from_ike_crypto( 1379 decode_16(value))); 1380 break; 1381 case IKE_ATTR_HASH_ALGORITHM: 1382 /* XXX Errors possible? */ 1383 ie->hash = hash_get(from_ike_hash(decode_16(value))); 1384 break; 1385 case IKE_ATTR_AUTHENTICATION_METHOD: 1386 /* XXX Errors possible? */ 1387 ie->ike_auth = ike_auth_get(decode_16(value)); 1388 break; 1389 case IKE_ATTR_GROUP_DESCRIPTION: 1390 isa->group_desc = decode_16(value); 1391 break; 1392 case IKE_ATTR_GROUP_TYPE: 1393 break; 1394 case IKE_ATTR_GROUP_PRIME: 1395 break; 1396 case IKE_ATTR_GROUP_GENERATOR_1: 1397 break; 1398 case IKE_ATTR_GROUP_GENERATOR_2: 1399 break; 1400 case IKE_ATTR_GROUP_CURVE_A: 1401 break; 1402 case IKE_ATTR_GROUP_CURVE_B: 1403 break; 1404 case IKE_ATTR_LIFE_TYPE: 1405 lifetype = decode_16(value); 1406 return 0; 1407 case IKE_ATTR_LIFE_DURATION: 1408 switch (lifetype) { 1409 case IKE_DURATION_SECONDS: 1410 switch (len) { 1411 case 2: 1412 sa->seconds = decode_16(value); 1413 break; 1414 case 4: 1415 sa->seconds = decode_32(value); 1416 break; 1417 default: 1418 log_print("ipsec_decode_attribute: " 1419 "unreasonable lifetime"); 1420 } 1421 break; 1422 case IKE_DURATION_KILOBYTES: 1423 switch (len) { 1424 case 2: 1425 sa->kilobytes = decode_16(value); 1426 break; 1427 case 4: 1428 sa->kilobytes = decode_32(value); 1429 break; 1430 default: 1431 log_print("ipsec_decode_attribute: " 1432 "unreasonable lifetime"); 1433 } 1434 break; 1435 default: 1436 log_print("ipsec_decode_attribute: unknown " 1437 "lifetime type"); 1438 } 1439 break; 1440 case IKE_ATTR_PRF: 1441 break; 1442 case IKE_ATTR_KEY_LENGTH: 1443 exchange->key_length = decode_16(value) / 8; 1444 break; 1445 case IKE_ATTR_FIELD_SIZE: 1446 break; 1447 case IKE_ATTR_GROUP_ORDER: 1448 break; 1449 } 1450 } else { 1451 switch (type) { 1452 case IPSEC_ATTR_SA_LIFE_TYPE: 1453 lifetype = decode_16(value); 1454 return 0; 1455 case IPSEC_ATTR_SA_LIFE_DURATION: 1456 switch (lifetype) { 1457 case IPSEC_DURATION_SECONDS: 1458 switch (len) { 1459 case 2: 1460 sa->seconds = decode_16(value); 1461 break; 1462 case 4: 1463 sa->seconds = decode_32(value); 1464 break; 1465 default: 1466 log_print("ipsec_decode_attribute: " 1467 "unreasonable lifetime"); 1468 } 1469 break; 1470 case IPSEC_DURATION_KILOBYTES: 1471 switch (len) { 1472 case 2: 1473 sa->kilobytes = decode_16(value); 1474 break; 1475 case 4: 1476 sa->kilobytes = decode_32(value); 1477 break; 1478 default: 1479 log_print("ipsec_decode_attribute: " 1480 "unreasonable lifetime"); 1481 } 1482 break; 1483 default: 1484 log_print("ipsec_decode_attribute: unknown " 1485 "lifetime type"); 1486 } 1487 break; 1488 case IPSEC_ATTR_GROUP_DESCRIPTION: 1489 isa->group_desc = decode_16(value); 1490 break; 1491 case IPSEC_ATTR_ENCAPSULATION_MODE: 1492 /* 1493 * XXX Multiple protocols must have same 1494 * encapsulation mode, no? 1495 */ 1496 iproto->encap_mode = decode_16(value); 1497 break; 1498 case IPSEC_ATTR_AUTHENTICATION_ALGORITHM: 1499 iproto->auth = decode_16(value); 1500 break; 1501 case IPSEC_ATTR_KEY_LENGTH: 1502 iproto->keylen = decode_16(value); 1503 break; 1504 case IPSEC_ATTR_KEY_ROUNDS: 1505 iproto->keyrounds = decode_16(value); 1506 break; 1507 case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE: 1508 break; 1509 case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: 1510 break; 1511 case IPSEC_ATTR_ECN_TUNNEL: 1512 break; 1513 } 1514 } 1515 lifetype = 0; 1516 return 0; 1517 } 1518 1519 /* 1520 * Walk over the attributes of the transform payload found in BUF, and 1521 * fill out the fields of the SA attached to MSG. Also mark the SA as 1522 * processed. 1523 */ 1524 void 1525 ipsec_decode_transform(struct message *msg, struct sa *sa, struct proto *proto, 1526 u_int8_t *buf) 1527 { 1528 struct ipsec_exch *ie = msg->exchange->data; 1529 struct ipsec_decode_arg ida; 1530 1531 LOG_DBG((LOG_MISC, 20, "ipsec_decode_transform: transform %d chosen", 1532 GET_ISAKMP_TRANSFORM_NO(buf))); 1533 1534 ida.msg = msg; 1535 ida.sa = sa; 1536 ida.proto = proto; 1537 1538 /* The default IKE lifetime is 8 hours. */ 1539 if (sa->phase == 1) 1540 sa->seconds = 28800; 1541 1542 /* Extract the attributes and stuff them into the SA. */ 1543 attribute_map(buf + ISAKMP_TRANSFORM_SA_ATTRS_OFF, 1544 GET_ISAKMP_GEN_LENGTH(buf) - ISAKMP_TRANSFORM_SA_ATTRS_OFF, 1545 ipsec_decode_attribute, &ida); 1546 1547 /* 1548 * If no pseudo-random function was negotiated, it's HMAC. 1549 * XXX As PRF_HMAC currently is zero, this is a no-op. 1550 */ 1551 if (!ie->prf_type) 1552 ie->prf_type = PRF_HMAC; 1553 } 1554 1555 /* 1556 * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO 1557 * of the IKE security association SA. 1558 */ 1559 static void 1560 ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming) 1561 { 1562 struct sa *new_sa; 1563 struct ipsec_proto *iproto; 1564 1565 if (sa->phase == 1) 1566 return; 1567 1568 iproto = proto->data; 1569 /* 1570 * If the SA is using UDP encap and it replaced other SA, 1571 * enable the other SA to keep the flow for the other SAs. 1572 */ 1573 if ((iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT || 1574 iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT) && 1575 (sa->flags & SA_FLAG_REPLACED) == 0 && 1576 (new_sa = sa_find(ipsec_sa_check_flow_any, sa)) != NULL && 1577 new_sa->flags & SA_FLAG_REPLACED) 1578 sa_replace(sa, new_sa); 1579 1580 /* 1581 * If the SA was not replaced and was not one acquired through the 1582 * kernel (ACQUIRE message), remove the flow associated with it. 1583 * We ignore any errors from the disabling of the flow. 1584 */ 1585 if (sa->flags & SA_FLAG_READY && !(sa->flags & SA_FLAG_ONDEMAND || 1586 sa->flags & SA_FLAG_REPLACED || acquire_only || 1587 conf_get_str("General", "Acquire-Only"))) 1588 pf_key_v2_disable_sa(sa, incoming); 1589 1590 /* XXX Error handling? Is it interesting? */ 1591 pf_key_v2_delete_spi(sa, proto, incoming); 1592 } 1593 1594 /* 1595 * Store BUF into the g^x entry of the exchange that message MSG belongs to. 1596 * PEER is non-zero when the value is our peer's, and zero when it is ours. 1597 */ 1598 static int 1599 ipsec_g_x(struct message *msg, int peer, u_int8_t *buf) 1600 { 1601 struct exchange *exchange = msg->exchange; 1602 struct ipsec_exch *ie = exchange->data; 1603 u_int8_t **g_x; 1604 int initiator = exchange->initiator ^ peer; 1605 char header[32]; 1606 1607 g_x = initiator ? &ie->g_xi : &ie->g_xr; 1608 *g_x = malloc(ie->g_x_len); 1609 if (!*g_x) { 1610 log_error("ipsec_g_x: malloc (%lu) failed", 1611 (unsigned long)ie->g_x_len); 1612 return -1; 1613 } 1614 memcpy(*g_x, buf, ie->g_x_len); 1615 snprintf(header, sizeof header, "ipsec_g_x: g^x%c", 1616 initiator ? 'i' : 'r'); 1617 LOG_DBG_BUF((LOG_MISC, 80, header, *g_x, ie->g_x_len)); 1618 return 0; 1619 } 1620 1621 /* Generate our DH value. */ 1622 int 1623 ipsec_gen_g_x(struct message *msg) 1624 { 1625 struct exchange *exchange = msg->exchange; 1626 struct ipsec_exch *ie = exchange->data; 1627 u_int8_t *buf; 1628 1629 buf = malloc(ISAKMP_KE_SZ + ie->g_x_len); 1630 if (!buf) { 1631 log_error("ipsec_gen_g_x: malloc (%lu) failed", 1632 ISAKMP_KE_SZ + (unsigned long)ie->g_x_len); 1633 return -1; 1634 } 1635 if (message_add_payload(msg, ISAKMP_PAYLOAD_KEY_EXCH, buf, 1636 ISAKMP_KE_SZ + ie->g_x_len, 1)) { 1637 free(buf); 1638 return -1; 1639 } 1640 if (dh_create_exchange(ie->group, buf + ISAKMP_KE_DATA_OFF)) { 1641 log_print("ipsec_gen_g_x: dh_create_exchange failed"); 1642 free(buf); 1643 return -1; 1644 } 1645 return ipsec_g_x(msg, 0, buf + ISAKMP_KE_DATA_OFF); 1646 } 1647 1648 /* Save the peer's DH value. */ 1649 int 1650 ipsec_save_g_x(struct message *msg) 1651 { 1652 struct exchange *exchange = msg->exchange; 1653 struct ipsec_exch *ie = exchange->data; 1654 struct payload *kep; 1655 1656 kep = payload_first(msg, ISAKMP_PAYLOAD_KEY_EXCH); 1657 kep->flags |= PL_MARK; 1658 ie->g_x_len = GET_ISAKMP_GEN_LENGTH(kep->p) - ISAKMP_KE_DATA_OFF; 1659 1660 /* Check that the given length matches the group's expectancy. */ 1661 if (ie->g_x_len != (size_t) dh_getlen(ie->group)) { 1662 /* XXX Is this a good notify type? */ 1663 message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 0); 1664 return -1; 1665 } 1666 return ipsec_g_x(msg, 1, kep->p + ISAKMP_KE_DATA_OFF); 1667 } 1668 1669 /* 1670 * Get a SPI for PROTO and the transport MSG passed over. Store the 1671 * size where SZ points. NB! A zero return is OK if *SZ is zero. 1672 */ 1673 static u_int8_t * 1674 ipsec_get_spi(size_t *sz, u_int8_t proto, struct message *msg) 1675 { 1676 struct sockaddr *dst, *src; 1677 struct transport *transport = msg->transport; 1678 1679 if (msg->exchange->phase == 1) { 1680 *sz = 0; 1681 return 0; 1682 } else { 1683 /* We are the destination in the SA we want a SPI for. */ 1684 transport->vtbl->get_src(transport, &dst); 1685 /* The peer is the source. */ 1686 transport->vtbl->get_dst(transport, &src); 1687 return pf_key_v2_get_spi(sz, proto, src, dst, 1688 msg->exchange->seq); 1689 } 1690 } 1691 1692 /* 1693 * We have gotten a payload PAYLOAD of type TYPE, which did not get handled 1694 * by the logic of the exchange MSG takes part in. Now is the time to deal 1695 * with such a payload if we know how to, if we don't, return -1, otherwise 1696 * 0. 1697 */ 1698 int 1699 ipsec_handle_leftover_payload(struct message *msg, u_int8_t type, 1700 struct payload *payload) 1701 { 1702 u_int32_t spisz, nspis; 1703 struct sockaddr *dst; 1704 int reenter = 0; 1705 u_int8_t *spis, proto; 1706 struct sa *sa; 1707 1708 switch (type) { 1709 case ISAKMP_PAYLOAD_DELETE: 1710 proto = GET_ISAKMP_DELETE_PROTO(payload->p); 1711 nspis = GET_ISAKMP_DELETE_NSPIS(payload->p); 1712 spisz = GET_ISAKMP_DELETE_SPI_SZ(payload->p); 1713 1714 if (nspis == 0) { 1715 LOG_DBG((LOG_SA, 60, "ipsec_handle_leftover_payload: " 1716 "message specified zero SPIs, ignoring")); 1717 return -1; 1718 } 1719 /* verify proper SPI size */ 1720 if ((proto == ISAKMP_PROTO_ISAKMP && 1721 spisz != ISAKMP_HDR_COOKIES_LEN) || 1722 (proto != ISAKMP_PROTO_ISAKMP && spisz != sizeof(u_int32_t))) { 1723 log_print("ipsec_handle_leftover_payload: invalid SPI " 1724 "size %d for proto %d in DELETE payload", 1725 spisz, proto); 1726 return -1; 1727 } 1728 spis = calloc(nspis, spisz); 1729 if (!spis) { 1730 log_error("ipsec_handle_leftover_payload: malloc " 1731 "(%d) failed", nspis * spisz); 1732 return -1; 1733 } 1734 /* extract SPI and get dst address */ 1735 memcpy(spis, payload->p + ISAKMP_DELETE_SPI_OFF, nspis * spisz); 1736 msg->transport->vtbl->get_dst(msg->transport, &dst); 1737 1738 ipsec_delete_spi_list(dst, proto, spis, nspis, "DELETE"); 1739 1740 free(spis); 1741 payload->flags |= PL_MARK; 1742 return 0; 1743 1744 case ISAKMP_PAYLOAD_NOTIFY: 1745 switch (GET_ISAKMP_NOTIFY_MSG_TYPE(payload->p)) { 1746 case IPSEC_NOTIFY_INITIAL_CONTACT: 1747 /* 1748 * Permit INITIAL-CONTACT if 1749 * - this is not an AGGRESSIVE mode exchange 1750 * - it is protected by an ISAKMP SA 1751 * 1752 * XXX Instead of the first condition above, we could 1753 * XXX permit this only for phase 2. In the last 1754 * XXX packet of main-mode, this payload, while 1755 * XXX encrypted, is not part of the hash digest. As 1756 * XXX we currently send our own INITIAL-CONTACTs at 1757 * XXX this point, this too would need to be changed. 1758 */ 1759 if (msg->exchange->type == ISAKMP_EXCH_AGGRESSIVE) { 1760 log_print("ipsec_handle_leftover_payload: got " 1761 "INITIAL-CONTACT in AGGRESSIVE mode"); 1762 return -1; 1763 } 1764 if ((msg->exchange->flags & EXCHANGE_FLAG_ENCRYPT) 1765 == 0) { 1766 log_print("ipsec_handle_leftover_payload: got " 1767 "INITIAL-CONTACT without ISAKMP SA"); 1768 return -1; 1769 } 1770 1771 if ((msg->flags & MSG_AUTHENTICATED) == 0) { 1772 log_print("ipsec_handle_leftover_payload: " 1773 "got unauthenticated INITIAL-CONTACT"); 1774 return -1; 1775 } 1776 /* 1777 * Find out who is sending this and then delete every 1778 * SA that is ready. Exchanges will timeout 1779 * themselves and then the non-ready SAs will 1780 * disappear too. 1781 */ 1782 msg->transport->vtbl->get_dst(msg->transport, &dst); 1783 while ((sa = sa_lookup_by_peer(dst, SA_LEN(dst), 0)) != 0) { 1784 /* 1785 * Don't delete the current SA -- we received 1786 * the notification over it, so it's obviously 1787 * still active. We temporarily need to remove 1788 * the SA from the list to avoid an endless 1789 * loop, but keep a reference so it won't 1790 * disappear meanwhile. 1791 */ 1792 if (sa == msg->isakmp_sa) { 1793 sa_reference(sa); 1794 sa_remove(sa); 1795 reenter = 1; 1796 continue; 1797 } 1798 LOG_DBG((LOG_SA, 30, 1799 "ipsec_handle_leftover_payload: " 1800 "INITIAL-CONTACT made us delete SA %p", 1801 sa)); 1802 sa_delete(sa, 0); 1803 } 1804 1805 if (reenter) { 1806 sa_enter(msg->isakmp_sa); 1807 sa_release(msg->isakmp_sa); 1808 } 1809 payload->flags |= PL_MARK; 1810 return 0; 1811 } 1812 } 1813 return -1; 1814 } 1815 1816 /* Return the encryption keylength in octets of the ESP protocol PROTO. */ 1817 int 1818 ipsec_esp_enckeylength(struct proto *proto) 1819 { 1820 struct ipsec_proto *iproto = proto->data; 1821 1822 /* Compute the keylength to use. */ 1823 switch (proto->id) { 1824 case IPSEC_ESP_3DES: 1825 return 24; 1826 case IPSEC_ESP_CAST: 1827 if (!iproto->keylen) 1828 return 16; 1829 return iproto->keylen / 8; 1830 case IPSEC_ESP_AES_CTR: 1831 case IPSEC_ESP_AES_GCM_16: 1832 case IPSEC_ESP_AES_GMAC: 1833 if (!iproto->keylen) 1834 return 20; 1835 return iproto->keylen / 8 + 4; 1836 case IPSEC_ESP_AES: 1837 if (!iproto->keylen) 1838 return 16; 1839 /* FALLTHROUGH */ 1840 default: 1841 return iproto->keylen / 8; 1842 } 1843 } 1844 1845 /* Return the authentication keylength in octets of the ESP protocol PROTO. */ 1846 int 1847 ipsec_esp_authkeylength(struct proto *proto) 1848 { 1849 struct ipsec_proto *iproto = proto->data; 1850 1851 switch (iproto->auth) { 1852 case IPSEC_AUTH_HMAC_MD5: 1853 return 16; 1854 case IPSEC_AUTH_HMAC_SHA: 1855 case IPSEC_AUTH_HMAC_RIPEMD: 1856 return 20; 1857 case IPSEC_AUTH_HMAC_SHA2_256: 1858 return 32; 1859 case IPSEC_AUTH_HMAC_SHA2_384: 1860 return 48; 1861 case IPSEC_AUTH_HMAC_SHA2_512: 1862 return 64; 1863 default: 1864 return 0; 1865 } 1866 } 1867 1868 /* Return the authentication keylength in octets of the AH protocol PROTO. */ 1869 int 1870 ipsec_ah_keylength(struct proto *proto) 1871 { 1872 switch (proto->id) { 1873 case IPSEC_AH_MD5: 1874 return 16; 1875 case IPSEC_AH_SHA: 1876 case IPSEC_AH_RIPEMD: 1877 return 20; 1878 case IPSEC_AH_SHA2_256: 1879 return 32; 1880 case IPSEC_AH_SHA2_384: 1881 return 48; 1882 case IPSEC_AH_SHA2_512: 1883 return 64; 1884 default: 1885 return -1; 1886 } 1887 } 1888 1889 /* Return the total keymaterial length of the protocol PROTO. */ 1890 int 1891 ipsec_keymat_length(struct proto *proto) 1892 { 1893 switch (proto->proto) { 1894 case IPSEC_PROTO_IPSEC_ESP: 1895 return ipsec_esp_enckeylength(proto) 1896 + ipsec_esp_authkeylength(proto); 1897 case IPSEC_PROTO_IPSEC_AH: 1898 return ipsec_ah_keylength(proto); 1899 default: 1900 return -1; 1901 } 1902 } 1903 1904 /* Helper function for ipsec_get_id(). */ 1905 static int 1906 ipsec_get_proto_port(char *section, u_int8_t *tproto, u_int16_t *port) 1907 { 1908 struct protoent *pe = NULL; 1909 struct servent *se; 1910 char *pstr; 1911 1912 pstr = conf_get_str(section, "Protocol"); 1913 if (!pstr) { 1914 *tproto = 0; 1915 return 0; 1916 } 1917 *tproto = (u_int8_t)atoi(pstr); 1918 if (!*tproto) { 1919 pe = getprotobyname(pstr); 1920 if (pe) 1921 *tproto = pe->p_proto; 1922 } 1923 if (!*tproto) { 1924 log_print("ipsec_get_proto_port: protocol \"%s\" unknown", 1925 pstr); 1926 return -1; 1927 } 1928 1929 pstr = conf_get_str(section, "Port"); 1930 if (!pstr) 1931 return 0; 1932 *port = (u_int16_t)atoi(pstr); 1933 if (!*port) { 1934 se = getservbyname(pstr, 1935 pe ? pe->p_name : (pstr ? pstr : NULL)); 1936 if (se) 1937 *port = ntohs(se->s_port); 1938 } 1939 if (!*port) { 1940 log_print("ipsec_get_proto_port: port \"%s\" unknown", 1941 pstr); 1942 return -1; 1943 } 1944 return 0; 1945 } 1946 1947 /* 1948 * Out of a named section SECTION in the configuration file find out 1949 * the network address and mask as well as the ID type. Put the info 1950 * in the areas pointed to by ADDR, MASK, TPROTO, PORT, and ID respectively. 1951 * Return 0 on success and -1 on failure. 1952 */ 1953 int 1954 ipsec_get_id(char *section, int *id, struct sockaddr **addr, 1955 struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port) 1956 { 1957 char *type, *address, *netmask; 1958 sa_family_t af = 0; 1959 1960 type = conf_get_str(section, "ID-type"); 1961 if (!type) { 1962 log_print("ipsec_get_id: section %s has no \"ID-type\" tag", 1963 section); 1964 return -1; 1965 } 1966 *id = constant_value(ipsec_id_cst, type); 1967 switch (*id) { 1968 case IPSEC_ID_IPV4_ADDR: 1969 case IPSEC_ID_IPV4_ADDR_SUBNET: 1970 af = AF_INET; 1971 break; 1972 case IPSEC_ID_IPV6_ADDR: 1973 case IPSEC_ID_IPV6_ADDR_SUBNET: 1974 af = AF_INET6; 1975 break; 1976 } 1977 switch (*id) { 1978 case IPSEC_ID_IPV4_ADDR: 1979 case IPSEC_ID_IPV6_ADDR: { 1980 int ret; 1981 1982 address = conf_get_str(section, "Address"); 1983 if (!address) { 1984 log_print("ipsec_get_id: section %s has no " 1985 "\"Address\" tag", section); 1986 return -1; 1987 } 1988 if (text2sockaddr(address, NULL, addr, af, 0)) { 1989 log_print("ipsec_get_id: invalid address %s in " 1990 "section %s", address, section); 1991 return -1; 1992 } 1993 ret = ipsec_get_proto_port(section, tproto, port); 1994 if (ret < 0) 1995 free(*addr); 1996 1997 return ret; 1998 } 1999 2000 #ifdef notyet 2001 case IPSEC_ID_FQDN: 2002 return -1; 2003 2004 case IPSEC_ID_USER_FQDN: 2005 return -1; 2006 #endif 2007 2008 case IPSEC_ID_IPV4_ADDR_SUBNET: 2009 case IPSEC_ID_IPV6_ADDR_SUBNET: { 2010 int ret; 2011 2012 address = conf_get_str(section, "Network"); 2013 if (!address) { 2014 log_print("ipsec_get_id: section %s has no " 2015 "\"Network\" tag", section); 2016 return -1; 2017 } 2018 if (text2sockaddr(address, NULL, addr, af, 0)) { 2019 log_print("ipsec_get_id: invalid section %s " 2020 "network %s", section, address); 2021 return -1; 2022 } 2023 netmask = conf_get_str(section, "Netmask"); 2024 if (!netmask) { 2025 log_print("ipsec_get_id: section %s has no " 2026 "\"Netmask\" tag", section); 2027 free(*addr); 2028 return -1; 2029 } 2030 if (text2sockaddr(netmask, NULL, mask, af, 1)) { 2031 log_print("ipsec_get_id: invalid section %s " 2032 "network %s", section, netmask); 2033 free(*addr); 2034 return -1; 2035 } 2036 ret = ipsec_get_proto_port(section, tproto, port); 2037 if (ret < 0) { 2038 free(*mask); 2039 free(*addr); 2040 } 2041 return ret; 2042 } 2043 2044 #ifdef notyet 2045 case IPSEC_ID_IPV4_RANGE: 2046 return -1; 2047 2048 case IPSEC_ID_IPV6_RANGE: 2049 return -1; 2050 2051 case IPSEC_ID_DER_ASN1_DN: 2052 return -1; 2053 2054 case IPSEC_ID_DER_ASN1_GN: 2055 return -1; 2056 2057 case IPSEC_ID_KEY_ID: 2058 return -1; 2059 #endif 2060 2061 default: 2062 log_print("ipsec_get_id: unknown ID type \"%s\" in " 2063 "section %s", type, section); 2064 return -1; 2065 } 2066 2067 return 0; 2068 } 2069 2070 /* 2071 * XXX I rather want this function to return a status code, and fail if 2072 * we cannot fit the information in the supplied buffer. 2073 */ 2074 static void 2075 ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len, 2076 int isakmpform) 2077 { 2078 int id_type; 2079 char *addr = 0, *mask = 0; 2080 u_int32_t *idp; 2081 2082 if (id) { 2083 if (!isakmpform) { 2084 /* 2085 * Exchanges and SAs dont carry the IDs in ISAKMP 2086 * form. 2087 */ 2088 id -= ISAKMP_GEN_SZ; 2089 id_len += ISAKMP_GEN_SZ; 2090 } 2091 id_type = GET_ISAKMP_ID_TYPE(id); 2092 idp = (u_int32_t *) (id + ISAKMP_ID_DATA_OFF); 2093 switch (id_type) { 2094 case IPSEC_ID_IPV4_ADDR: 2095 util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2096 snprintf(buf, size, "%s", addr); 2097 break; 2098 2099 case IPSEC_ID_IPV4_ADDR_SUBNET: 2100 util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2101 util_ntoa(&mask, AF_INET, id + ISAKMP_ID_DATA_OFF + 4); 2102 snprintf(buf, size, "%s/%s", addr, mask); 2103 break; 2104 2105 case IPSEC_ID_IPV6_ADDR: 2106 util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2107 snprintf(buf, size, "%s", addr); 2108 break; 2109 2110 case IPSEC_ID_IPV6_ADDR_SUBNET: 2111 util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2112 util_ntoa(&mask, AF_INET6, id + ISAKMP_ID_DATA_OFF + 2113 sizeof(struct in6_addr)); 2114 snprintf(buf, size, "%s/%s", addr, mask); 2115 break; 2116 2117 case IPSEC_ID_FQDN: 2118 case IPSEC_ID_USER_FQDN: 2119 /* String is not NUL terminated, be careful */ 2120 id_len -= ISAKMP_ID_DATA_OFF; 2121 id_len = MINIMUM(id_len, size - 1); 2122 memcpy(buf, id + ISAKMP_ID_DATA_OFF, id_len); 2123 buf[id_len] = '\0'; 2124 break; 2125 2126 case IPSEC_ID_DER_ASN1_DN: 2127 addr = x509_DN_string(id + ISAKMP_ID_DATA_OFF, 2128 id_len - ISAKMP_ID_DATA_OFF); 2129 if (!addr) { 2130 snprintf(buf, size, "unparsable ASN1 DN ID"); 2131 return; 2132 } 2133 strlcpy(buf, addr, size); 2134 break; 2135 2136 default: 2137 snprintf(buf, size, "<id type unknown: %x>", id_type); 2138 break; 2139 } 2140 } else 2141 snprintf(buf, size, "<no ipsec id>"); 2142 free(addr); 2143 free(mask); 2144 } 2145 2146 char * 2147 ipsec_decode_ids(char *fmt, u_int8_t *id1, size_t id1_len, u_int8_t *id2, 2148 size_t id2_len, int isakmpform) 2149 { 2150 static char result[1024]; 2151 char s_id1[256], s_id2[256]; 2152 2153 ipsec_decode_id(s_id1, sizeof s_id1, id1, id1_len, isakmpform); 2154 ipsec_decode_id(s_id2, sizeof s_id2, id2, id2_len, isakmpform); 2155 2156 snprintf(result, sizeof result, fmt, s_id1, s_id2); 2157 return result; 2158 } 2159 2160 /* 2161 * Out of a named section SECTION in the configuration file build an 2162 * ISAKMP ID payload. Ths payload size should be stashed in SZ. 2163 * The caller is responsible for freeing the payload. 2164 */ 2165 u_int8_t * 2166 ipsec_build_id(char *section, size_t *sz) 2167 { 2168 struct sockaddr *addr, *mask; 2169 u_int8_t *p; 2170 int id, subnet = 0; 2171 u_int8_t tproto = 0; 2172 u_int16_t port = 0; 2173 2174 if (ipsec_get_id(section, &id, &addr, &mask, &tproto, &port)) 2175 return 0; 2176 2177 if (id == IPSEC_ID_IPV4_ADDR_SUBNET || id == IPSEC_ID_IPV6_ADDR_SUBNET) 2178 subnet = 1; 2179 2180 *sz = ISAKMP_ID_SZ + sockaddr_addrlen(addr); 2181 if (subnet) 2182 *sz += sockaddr_addrlen(mask); 2183 2184 p = malloc(*sz); 2185 if (!p) { 2186 log_print("ipsec_build_id: malloc(%lu) failed", 2187 (unsigned long)*sz); 2188 if (subnet) 2189 free(mask); 2190 free(addr); 2191 return 0; 2192 } 2193 SET_ISAKMP_ID_TYPE(p, id); 2194 SET_ISAKMP_ID_DOI_DATA(p, (unsigned char *)"\000\000\000"); 2195 2196 memcpy(p + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(addr), 2197 sockaddr_addrlen(addr)); 2198 if (subnet) 2199 memcpy(p + ISAKMP_ID_DATA_OFF + sockaddr_addrlen(addr), 2200 sockaddr_addrdata(mask), sockaddr_addrlen(mask)); 2201 2202 SET_IPSEC_ID_PROTO(p + ISAKMP_ID_DOI_DATA_OFF, tproto); 2203 SET_IPSEC_ID_PORT(p + ISAKMP_ID_DOI_DATA_OFF, port); 2204 2205 if (subnet) 2206 free(mask); 2207 free(addr); 2208 return p; 2209 } 2210 2211 /* 2212 * copy an ISAKMPD id 2213 */ 2214 int 2215 ipsec_clone_id(u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len) 2216 { 2217 free(*did); 2218 2219 if (!id_len || !id) { 2220 *did = 0; 2221 *did_len = 0; 2222 return 0; 2223 } 2224 *did = malloc(id_len); 2225 if (!*did) { 2226 *did_len = 0; 2227 log_error("ipsec_clone_id: malloc(%lu) failed", 2228 (unsigned long)id_len); 2229 return -1; 2230 } 2231 *did_len = id_len; 2232 memcpy(*did, id, id_len); 2233 2234 return 0; 2235 } 2236 2237 /* 2238 * IPsec-specific PROTO initializations. SECTION is only set if we are the 2239 * initiator thus only usable there. 2240 * XXX I want to fix this later. 2241 */ 2242 void 2243 ipsec_proto_init(struct proto *proto, char *section) 2244 { 2245 struct ipsec_proto *iproto = proto->data; 2246 2247 if (proto->sa->phase == 2) 2248 iproto->replay_window = section ? conf_get_num(section, 2249 "ReplayWindow", DEFAULT_REPLAY_WINDOW) : 2250 DEFAULT_REPLAY_WINDOW; 2251 } 2252 2253 /* 2254 * Add a notification payload of type INITIAL CONTACT to MSG if this is 2255 * the first contact we have made to our peer. 2256 */ 2257 int 2258 ipsec_initial_contact(struct message *msg) 2259 { 2260 u_int8_t *buf; 2261 2262 if (ipsec_contacted(msg)) 2263 return 0; 2264 2265 buf = malloc(ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN); 2266 if (!buf) { 2267 log_error("ike_phase_1_initial_contact: malloc (%d) failed", 2268 ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN); 2269 return -1; 2270 } 2271 SET_ISAKMP_NOTIFY_DOI(buf, IPSEC_DOI_IPSEC); 2272 SET_ISAKMP_NOTIFY_PROTO(buf, ISAKMP_PROTO_ISAKMP); 2273 SET_ISAKMP_NOTIFY_SPI_SZ(buf, ISAKMP_HDR_COOKIES_LEN); 2274 SET_ISAKMP_NOTIFY_MSG_TYPE(buf, IPSEC_NOTIFY_INITIAL_CONTACT); 2275 memcpy(buf + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies, 2276 ISAKMP_HDR_COOKIES_LEN); 2277 if (message_add_payload(msg, ISAKMP_PAYLOAD_NOTIFY, buf, 2278 ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN, 1)) { 2279 free(buf); 2280 return -1; 2281 } 2282 return ipsec_add_contact(msg); 2283 } 2284 2285 /* 2286 * Compare the two contacts pointed to by A and B. Return negative if 2287 * *A < *B, 0 if they are equal, and positive if *A is the largest of them. 2288 */ 2289 static int 2290 addr_cmp(const void *a, const void *b) 2291 { 2292 const struct contact *x = a, *y = b; 2293 int minlen = MINIMUM(x->len, y->len); 2294 int rv = memcmp(x->addr, y->addr, minlen); 2295 2296 return rv ? rv : (x->len - y->len); 2297 } 2298 2299 /* 2300 * Add the peer that MSG is bound to as an address we don't want to send 2301 * INITIAL CONTACT too from now on. Do not call this function with a 2302 * specific address duplicate times. We want fast lookup, speed of insertion 2303 * is unimportant, if this is to scale. 2304 */ 2305 static int 2306 ipsec_add_contact(struct message *msg) 2307 { 2308 struct contact *new_contacts; 2309 struct sockaddr *dst, *addr; 2310 int cnt; 2311 2312 if (contact_cnt == contact_limit) { 2313 cnt = contact_limit ? 2 * contact_limit : 64; 2314 new_contacts = reallocarray(contacts, cnt, sizeof contacts[0]); 2315 if (!new_contacts) { 2316 log_error("ipsec_add_contact: " 2317 "realloc (%p, %lu) failed", contacts, 2318 cnt * (unsigned long) sizeof contacts[0]); 2319 return -1; 2320 } 2321 contact_limit = cnt; 2322 contacts = new_contacts; 2323 } 2324 msg->transport->vtbl->get_dst(msg->transport, &dst); 2325 addr = malloc(SA_LEN(dst)); 2326 if (!addr) { 2327 log_error("ipsec_add_contact: malloc (%lu) failed", 2328 (unsigned long)SA_LEN(dst)); 2329 return -1; 2330 } 2331 memcpy(addr, dst, SA_LEN(dst)); 2332 contacts[contact_cnt].addr = addr; 2333 contacts[contact_cnt++].len = SA_LEN(dst); 2334 2335 /* 2336 * XXX There are better algorithms for already mostly-sorted data like 2337 * this, but only qsort is standard. I will someday do this inline. 2338 */ 2339 qsort(contacts, contact_cnt, sizeof *contacts, addr_cmp); 2340 return 0; 2341 } 2342 2343 /* Return true if the recipient of MSG has already been contacted. */ 2344 static int 2345 ipsec_contacted(struct message *msg) 2346 { 2347 struct contact contact; 2348 2349 msg->transport->vtbl->get_dst(msg->transport, &contact.addr); 2350 contact.len = SA_LEN(contact.addr); 2351 return contacts ? (bsearch(&contact, contacts, contact_cnt, 2352 sizeof *contacts, addr_cmp) != 0) : 0; 2353 } 2354 2355 /* Add a HASH for to MSG. */ 2356 u_int8_t * 2357 ipsec_add_hash_payload(struct message *msg, size_t hashsize) 2358 { 2359 u_int8_t *buf; 2360 2361 buf = malloc(ISAKMP_HASH_SZ + hashsize); 2362 if (!buf) { 2363 log_error("ipsec_add_hash_payload: malloc (%lu) failed", 2364 ISAKMP_HASH_SZ + (unsigned long) hashsize); 2365 return 0; 2366 } 2367 if (message_add_payload(msg, ISAKMP_PAYLOAD_HASH, buf, 2368 ISAKMP_HASH_SZ + hashsize, 1)) { 2369 free(buf); 2370 return 0; 2371 } 2372 return buf; 2373 } 2374 2375 /* Fill in the HASH payload of MSG. */ 2376 int 2377 ipsec_fill_in_hash(struct message *msg) 2378 { 2379 struct exchange *exchange = msg->exchange; 2380 struct sa *isakmp_sa = msg->isakmp_sa; 2381 struct ipsec_sa *isa = isakmp_sa->data; 2382 struct hash *hash = hash_get(isa->hash); 2383 struct prf *prf; 2384 struct payload *payload; 2385 u_int8_t *buf; 2386 u_int32_t i; 2387 char header[80]; 2388 2389 /* If no SKEYID_a, we need not do anything. */ 2390 if (!isa->skeyid_a) 2391 return 0; 2392 2393 payload = payload_first(msg, ISAKMP_PAYLOAD_HASH); 2394 if (!payload) { 2395 log_print("ipsec_fill_in_hash: no HASH payload found"); 2396 return -1; 2397 } 2398 buf = payload->p; 2399 2400 /* Allocate the prf and start calculating our HASH(1). */ 2401 LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: SKEYID_a", 2402 isa->skeyid_a, isa->skeyid_len)); 2403 prf = prf_alloc(isa->prf_type, hash->type, isa->skeyid_a, 2404 isa->skeyid_len); 2405 if (!prf) 2406 return -1; 2407 2408 prf->Init(prf->prfctx); 2409 LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: message_id", 2410 exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); 2411 prf->Update(prf->prfctx, exchange->message_id, 2412 ISAKMP_HDR_MESSAGE_ID_LEN); 2413 2414 /* Loop over all payloads after HASH(1). */ 2415 for (i = 2; i < msg->iovlen; i++) { 2416 /* XXX Misleading payload type printouts. */ 2417 snprintf(header, sizeof header, 2418 "ipsec_fill_in_hash: payload %d after HASH(1)", i - 1); 2419 LOG_DBG_BUF((LOG_MISC, 90, header, msg->iov[i].iov_base, 2420 msg->iov[i].iov_len)); 2421 prf->Update(prf->prfctx, msg->iov[i].iov_base, 2422 msg->iov[i].iov_len); 2423 } 2424 prf->Final(buf + ISAKMP_HASH_DATA_OFF, prf->prfctx); 2425 prf_free(prf); 2426 LOG_DBG_BUF((LOG_MISC, 80, "ipsec_fill_in_hash: HASH(1)", buf + 2427 ISAKMP_HASH_DATA_OFF, hash->hashsize)); 2428 2429 return 0; 2430 } 2431 2432 /* Add a HASH payload to MSG, if we have an ISAKMP SA we're protected by. */ 2433 static int 2434 ipsec_informational_pre_hook(struct message *msg) 2435 { 2436 struct sa *isakmp_sa = msg->isakmp_sa; 2437 struct ipsec_sa *isa; 2438 struct hash *hash; 2439 2440 if (!isakmp_sa) 2441 return 0; 2442 isa = isakmp_sa->data; 2443 hash = hash_get(isa->hash); 2444 return ipsec_add_hash_payload(msg, hash->hashsize) == 0; 2445 } 2446 2447 /* 2448 * Fill in the HASH payload in MSG, if we have an ISAKMP SA we're protected by. 2449 */ 2450 static int 2451 ipsec_informational_post_hook(struct message *msg) 2452 { 2453 if (!msg->isakmp_sa) 2454 return 0; 2455 return ipsec_fill_in_hash(msg); 2456 } 2457 2458 ssize_t 2459 ipsec_id_size(char *section, u_int8_t *id) 2460 { 2461 char *type, *data; 2462 2463 type = conf_get_str(section, "ID-type"); 2464 if (!type) { 2465 log_print("ipsec_id_size: section %s has no \"ID-type\" tag", 2466 section); 2467 return -1; 2468 } 2469 *id = constant_value(ipsec_id_cst, type); 2470 switch (*id) { 2471 case IPSEC_ID_IPV4_ADDR: 2472 return sizeof(struct in_addr); 2473 case IPSEC_ID_IPV4_ADDR_SUBNET: 2474 return 2 * sizeof(struct in_addr); 2475 case IPSEC_ID_IPV6_ADDR: 2476 return sizeof(struct in6_addr); 2477 case IPSEC_ID_IPV6_ADDR_SUBNET: 2478 return 2 * sizeof(struct in6_addr); 2479 case IPSEC_ID_FQDN: 2480 case IPSEC_ID_USER_FQDN: 2481 case IPSEC_ID_KEY_ID: 2482 case IPSEC_ID_DER_ASN1_DN: 2483 case IPSEC_ID_DER_ASN1_GN: 2484 data = conf_get_str(section, "Name"); 2485 if (!data) { 2486 log_print("ipsec_id_size: " 2487 "section %s has no \"Name\" tag", section); 2488 return -1; 2489 } 2490 return strlen(data); 2491 } 2492 log_print("ipsec_id_size: unrecognized/unsupported ID-type %d (%s)", 2493 *id, type); 2494 return -1; 2495 } 2496 2497 /* 2498 * Generate a string version of the ID. 2499 */ 2500 char * 2501 ipsec_id_string(u_int8_t *id, size_t id_len) 2502 { 2503 char *buf = 0; 2504 char *addrstr = 0; 2505 size_t len, size; 2506 2507 /* 2508 * XXX Real ugly way of making the offsets correct. Be aware that id 2509 * now will point before the actual buffer and cannot be dereferenced 2510 * without an offset larger than or equal to ISAKM_GEN_SZ. 2511 */ 2512 id -= ISAKMP_GEN_SZ; 2513 2514 /* This is the actual length of the ID data field. */ 2515 id_len += ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF; 2516 2517 /* 2518 * Conservative allocation. 2519 * XXX I think the ASN1 DN case can be thought through to give a better 2520 * estimate. 2521 */ 2522 size = MAXIMUM(sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 2523 sizeof "asn1_dn/" + id_len); 2524 buf = malloc(size); 2525 if (!buf) 2526 /* XXX Log? */ 2527 goto fail; 2528 2529 switch (GET_ISAKMP_ID_TYPE(id)) { 2530 case IPSEC_ID_IPV4_ADDR: 2531 if (id_len < sizeof(struct in_addr)) 2532 goto fail; 2533 util_ntoa(&addrstr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2534 if (!addrstr) 2535 goto fail; 2536 snprintf(buf, size, "ipv4/%s", addrstr); 2537 break; 2538 2539 case IPSEC_ID_IPV6_ADDR: 2540 if (id_len < sizeof(struct in6_addr)) 2541 goto fail; 2542 util_ntoa(&addrstr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2543 if (!addrstr) 2544 goto fail; 2545 snprintf(buf, size, "ipv6/%s", addrstr); 2546 break; 2547 2548 case IPSEC_ID_FQDN: 2549 case IPSEC_ID_USER_FQDN: 2550 strlcpy(buf, GET_ISAKMP_ID_TYPE(id) == IPSEC_ID_FQDN ? 2551 "fqdn/" : "ufqdn/", size); 2552 len = strlen(buf); 2553 2554 memcpy(buf + len, id + ISAKMP_ID_DATA_OFF, id_len); 2555 *(buf + len + id_len) = '\0'; 2556 break; 2557 2558 case IPSEC_ID_DER_ASN1_DN: 2559 strlcpy(buf, "asn1_dn/", size); 2560 len = strlen(buf); 2561 addrstr = x509_DN_string(id + ISAKMP_ID_DATA_OFF, id_len); 2562 if (!addrstr) 2563 goto fail; 2564 if (size < len + strlen(addrstr) + 1) 2565 goto fail; 2566 strlcpy(buf + len, addrstr, size - len); 2567 break; 2568 2569 default: 2570 /* Unknown type. */ 2571 LOG_DBG((LOG_MISC, 10, 2572 "ipsec_id_string: unknown identity type %d\n", 2573 GET_ISAKMP_ID_TYPE(id))); 2574 goto fail; 2575 } 2576 2577 free(addrstr); 2578 return buf; 2579 2580 fail: 2581 free(buf); 2582 free(addrstr); 2583 return 0; 2584 } 2585