1 /* $OpenBSD: sa.c,v 1.125 2022/01/28 05:24:15 guenther Exp $ */
2 /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
3
4 /*
5 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
6 * Copyright (c) 1999, 2001 Angelos D. Keromytis. All rights reserved.
7 * Copyright (c) 2003, 2004 H�kan Olsson. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 /*
31 * This code was written under funding by Ericsson Radio Systems.
32 */
33
34 #include <sys/types.h>
35 #include <sys/un.h>
36
37 #include <stdlib.h>
38 #include <string.h>
39 #include <netdb.h>
40
41 #include <regex.h>
42 #include <keynote.h>
43
44 #include "attribute.h"
45 #include "conf.h"
46 #include "connection.h"
47 #include "cookie.h"
48 #include "doi.h"
49 #include "dpd.h"
50 #include "exchange.h"
51 #include "isakmp.h"
52 #include "log.h"
53 #include "message.h"
54 #include "monitor.h"
55 #include "sa.h"
56 #include "timer.h"
57 #include "transport.h"
58 #include "util.h"
59 #include "cert.h"
60 #include "policy.h"
61 #include "key.h"
62 #include "ipsec.h"
63 #include "ipsec_num.h"
64
65 /* Initial number of bits from the cookies used as hash. */
66 #define INITIAL_BUCKET_BITS 6
67
68 /*
69 * Don't try to use more bits than this as a hash.
70 * We only XOR 16 bits so going above that means changing the code below
71 * too.
72 */
73 #define MAX_BUCKET_BITS 16
74
75 #if 0
76 static void sa_resize(void);
77 #endif
78 static void sa_soft_expire(void *);
79 static void sa_hard_expire(void *);
80
81 static int _net_addrcmp(struct sockaddr *, struct sockaddr *);
82
LIST_HEAD(sa_list,sa)83 static LIST_HEAD(sa_list, sa) *sa_tab;
84
85 /* Works both as a maximum index and a mask. */
86 static int bucket_mask;
87
88 void
89 sa_init(void)
90 {
91 int i;
92
93 bucket_mask = (1 << INITIAL_BUCKET_BITS) - 1;
94 sa_tab = calloc(bucket_mask + 1, sizeof(struct sa_list));
95 if (!sa_tab)
96 log_fatal("sa_init: malloc (%lu) failed",
97 (bucket_mask + 1) * (unsigned long)sizeof(struct sa_list));
98 for (i = 0; i <= bucket_mask; i++)
99 LIST_INIT(&sa_tab[i]);
100 }
101
102 #if 0
103 /* XXX We don't yet resize. */
104 static void
105 sa_resize(void)
106 {
107 int new_mask = (bucket_mask + 1) * 2 - 1;
108 int i;
109 struct sa_list *new_tab;
110
111 new_tab = reallocarray(sa_tab, new_mask + 1, sizeof(struct sa_list));
112 if (!new_tab)
113 return;
114 sa_tab = new_tab;
115 for (i = bucket_mask + 1; i <= new_mask; i++)
116 LIST_INIT(&sa_tab[i]);
117 bucket_mask = new_mask;
118
119 /* XXX Rehash existing entries. */
120 }
121 #endif
122
123 /* Lookup an SA with the help from a user-supplied checking function. */
124 struct sa *
sa_find(int (* check)(struct sa *,void *),void * arg)125 sa_find(int (*check) (struct sa*, void *), void *arg)
126 {
127 int i;
128 struct sa *sa;
129
130 for (i = 0; i <= bucket_mask; i++)
131 for (sa = LIST_FIRST(&sa_tab[i]); sa; sa = LIST_NEXT(sa, link))
132 if (check(sa, arg)) {
133 LOG_DBG((LOG_SA, 90, "sa_find: return SA %p",
134 sa));
135 return sa;
136 }
137 LOG_DBG((LOG_SA, 90, "sa_find: no SA matched query"));
138 return 0;
139 }
140
141 /* Check if SA is an ISAKMP SA with an initiator cookie equal to ICOOKIE. */
142 static int
sa_check_icookie(struct sa * sa,void * icookie)143 sa_check_icookie(struct sa *sa, void *icookie)
144 {
145 return sa->phase == 1 &&
146 memcmp(sa->cookies, icookie, ISAKMP_HDR_ICOOKIE_LEN) == 0;
147 }
148
149 /* Lookup an ISAKMP SA out of just the initiator cookie. */
150 struct sa *
sa_lookup_from_icookie(u_int8_t * cookie)151 sa_lookup_from_icookie(u_int8_t *cookie)
152 {
153 return sa_find(sa_check_icookie, cookie);
154 }
155
156 struct name_phase_arg {
157 char *name;
158 u_int8_t phase;
159 };
160
161 /* Check if SA has the name and phase given by V_ARG. */
162 static int
sa_check_name_phase(struct sa * sa,void * v_arg)163 sa_check_name_phase(struct sa *sa, void *v_arg)
164 {
165 struct name_phase_arg *arg = v_arg;
166
167 return sa->name && strcasecmp(sa->name, arg->name) == 0 &&
168 sa->phase == arg->phase && !(sa->flags & SA_FLAG_REPLACED);
169 }
170
171 /* Lookup an SA by name, case-independent, and phase. */
172 struct sa *
sa_lookup_by_name(char * name,int phase)173 sa_lookup_by_name(char *name, int phase)
174 {
175 struct name_phase_arg arg;
176
177 arg.name = name;
178 arg.phase = phase;
179 return sa_find(sa_check_name_phase, &arg);
180 }
181
182 struct addr_arg {
183 struct sockaddr *addr;
184 socklen_t len;
185 int phase;
186 int flags;
187 };
188
189 /*
190 * This function has been removed from libc and put here as this
191 * file is the only user for it.
192 */
193 static int
_net_addrcmp(struct sockaddr * sa1,struct sockaddr * sa2)194 _net_addrcmp(struct sockaddr *sa1, struct sockaddr *sa2)
195 {
196
197 if (sa1->sa_len != sa2->sa_len)
198 return (sa1->sa_len < sa2->sa_len) ? -1 : 1;
199 if (sa1->sa_family != sa2->sa_family)
200 return (sa1->sa_family < sa2->sa_family) ? -1 : 1;
201
202 switch(sa1->sa_family) {
203 case AF_INET:
204 return (memcmp(&((struct sockaddr_in *)sa1)->sin_addr,
205 &((struct sockaddr_in *)sa2)->sin_addr,
206 sizeof(struct in_addr)));
207 case AF_INET6:
208 if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
209 ((struct sockaddr_in6 *)sa2)->sin6_scope_id)
210 return (((struct sockaddr_in6 *)sa1)->sin6_scope_id <
211 ((struct sockaddr_in6 *)sa2)->sin6_scope_id)
212 ? -1 : 1;
213 return memcmp(&((struct sockaddr_in6 *)sa1)->sin6_addr,
214 &((struct sockaddr_in6 *)sa2)->sin6_addr,
215 sizeof(struct in6_addr));
216 case AF_LOCAL:
217 return (strcmp(((struct sockaddr_un *)sa1)->sun_path,
218 ((struct sockaddr_un *)sa2)->sun_path));
219 default:
220 return -1;
221 }
222 }
223
224 /*
225 * Check if SA is ready and has a peer with an address equal the one given
226 * by V_ADDR. Furthermore if we are searching for a specific phase, check
227 * that too.
228 */
229 static int
sa_check_peer(struct sa * sa,void * v_addr)230 sa_check_peer(struct sa *sa, void *v_addr)
231 {
232 struct addr_arg *addr = v_addr;
233 struct sockaddr *dst;
234
235 if (!sa->transport || (sa->flags & SA_FLAG_READY) == 0 ||
236 (addr->phase && addr->phase != sa->phase))
237 return 0;
238
239 sa->transport->vtbl->get_dst(sa->transport, &dst);
240 if (_net_addrcmp(dst, addr->addr) != 0)
241 return 0;
242
243 /* same family, length and address, check port if inet/inet6 */
244 switch (dst->sa_family) {
245 case AF_INET:
246 return ((struct sockaddr_in *)dst)->sin_port == ((struct sockaddr_in *)addr->addr)->sin_port;
247 case AF_INET6:
248 return ((struct sockaddr_in6 *)dst)->sin6_port == ((struct sockaddr_in6 *)addr->addr)->sin6_port;
249 }
250
251 return 1;
252 }
253
254 struct dst_isakmpspi_arg {
255 struct sockaddr *dst;
256 u_int8_t *spi; /* must be ISAKMP_SPI_SIZE octets */
257 };
258
259 /*
260 * Check if SA matches what we are asking for through V_ARG. It has to
261 * be a finished phase 1 (ISAKMP) SA.
262 */
263 static int
isakmp_sa_check(struct sa * sa,void * v_arg)264 isakmp_sa_check(struct sa *sa, void *v_arg)
265 {
266 struct dst_isakmpspi_arg *arg = v_arg;
267 struct sockaddr *dst, *src;
268
269 if (sa->phase != 1 || !(sa->flags & SA_FLAG_READY))
270 return 0;
271
272 /* verify address is either src or dst for this sa */
273 sa->transport->vtbl->get_dst(sa->transport, &dst);
274 sa->transport->vtbl->get_src(sa->transport, &src);
275 if (memcmp(src, arg->dst, SA_LEN(src)) &&
276 memcmp(dst, arg->dst, SA_LEN(dst)))
277 return 0;
278
279 /* match icookie+rcookie against spi */
280 if (memcmp(sa->cookies, arg->spi, ISAKMP_HDR_COOKIES_LEN) == 0)
281 return 1;
282
283 return 0;
284 }
285
286 /*
287 * Find an ISAKMP SA with a "name" of DST & SPI.
288 */
289 struct sa *
sa_lookup_isakmp_sa(struct sockaddr * dst,u_int8_t * spi)290 sa_lookup_isakmp_sa(struct sockaddr *dst, u_int8_t *spi)
291 {
292 struct dst_isakmpspi_arg arg;
293
294 arg.dst = dst;
295 arg.spi = spi;
296
297 return sa_find(isakmp_sa_check, &arg);
298 }
299
300 /* Lookup a ready SA by the peer's address. */
301 struct sa *
sa_lookup_by_peer(struct sockaddr * dst,socklen_t dstlen,int phase)302 sa_lookup_by_peer(struct sockaddr *dst, socklen_t dstlen, int phase)
303 {
304 struct addr_arg arg;
305
306 arg.addr = dst;
307 arg.len = dstlen;
308 arg.phase = phase;
309
310 return sa_find(sa_check_peer, &arg);
311 }
312
313 /* Lookup a ready ISAKMP SA given its peer address. */
314 struct sa *
sa_isakmp_lookup_by_peer(struct sockaddr * dst,socklen_t dstlen)315 sa_isakmp_lookup_by_peer(struct sockaddr *dst, socklen_t dstlen)
316 {
317 struct addr_arg arg;
318
319 arg.addr = dst;
320 arg.len = dstlen;
321 arg.phase = 1;
322
323 return sa_find(sa_check_peer, &arg);
324 }
325
326 int
sa_enter(struct sa * sa)327 sa_enter(struct sa *sa)
328 {
329 u_int16_t bucket = 0;
330 int i;
331 u_int8_t *cp;
332
333 /* XXX We might resize if we are crossing a certain threshold */
334
335 for (i = 0; i < ISAKMP_HDR_COOKIES_LEN; i += 2) {
336 cp = sa->cookies + i;
337 /* Doing it this way avoids alignment problems. */
338 bucket ^= cp[0] | cp[1] << 8;
339 }
340 for (i = 0; i < ISAKMP_HDR_MESSAGE_ID_LEN; i += 2) {
341 cp = sa->message_id + i;
342 /* Doing it this way avoids alignment problems. */
343 bucket ^= cp[0] | cp[1] << 8;
344 }
345 bucket &= bucket_mask;
346 LIST_INSERT_HEAD(&sa_tab[bucket], sa, link);
347 sa_reference(sa);
348 LOG_DBG((LOG_SA, 70, "sa_enter: SA %p added to SA list", sa));
349 return 1;
350 }
351
352 /*
353 * Lookup the SA given by the header fields MSG. PHASE2 is false when
354 * looking for phase 1 SAa and true otherwise.
355 */
356 struct sa *
sa_lookup_by_header(u_int8_t * msg,int phase2)357 sa_lookup_by_header(u_int8_t *msg, int phase2)
358 {
359 return sa_lookup(msg + ISAKMP_HDR_COOKIES_OFF,
360 phase2 ? msg + ISAKMP_HDR_MESSAGE_ID_OFF : 0);
361 }
362
363 /*
364 * Lookup the SA given by the COOKIES and possibly the MESSAGE_ID unless
365 * a null pointer, meaning we are looking for phase 1 SAs.
366 */
367 struct sa *
sa_lookup(u_int8_t * cookies,u_int8_t * message_id)368 sa_lookup(u_int8_t *cookies, u_int8_t *message_id)
369 {
370 u_int16_t bucket = 0;
371 int i;
372 struct sa *sa;
373 u_int8_t *cp;
374
375 /*
376 * We use the cookies to get bits to use as an index into sa_tab, as at
377 * least one (our cookie) is a good hash, xoring all the bits, 16 at a
378 * time, and then masking, should do. Doing it this way means we can
379 * validate cookies very fast thus delimiting the effects of "Denial of
380 * service"-attacks using packet flooding.
381 */
382 for (i = 0; i < ISAKMP_HDR_COOKIES_LEN; i += 2) {
383 cp = cookies + i;
384 /* Doing it this way avoids alignment problems. */
385 bucket ^= cp[0] | cp[1] << 8;
386 }
387 if (message_id)
388 for (i = 0; i < ISAKMP_HDR_MESSAGE_ID_LEN; i += 2) {
389 cp = message_id + i;
390 /* Doing it this way avoids alignment problems. */
391 bucket ^= cp[0] | cp[1] << 8;
392 }
393 bucket &= bucket_mask;
394 for (sa = LIST_FIRST(&sa_tab[bucket]);
395 sa && (memcmp(cookies, sa->cookies, ISAKMP_HDR_COOKIES_LEN) != 0 ||
396 (message_id && memcmp(message_id, sa->message_id,
397 ISAKMP_HDR_MESSAGE_ID_LEN) != 0) ||
398 (!message_id && !zero_test(sa->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)));
399 sa = LIST_NEXT(sa, link))
400 ;
401
402 return sa;
403 }
404
405 /* Create an SA. */
406 int
sa_create(struct exchange * exchange,struct transport * t)407 sa_create(struct exchange *exchange, struct transport *t)
408 {
409 struct sa *sa;
410
411 /*
412 * We want the SA zeroed for sa_free to be able to find out what fields
413 * have been filled-in.
414 */
415 sa = calloc(1, sizeof *sa);
416 if (!sa) {
417 log_error("sa_create: calloc (1, %lu) failed",
418 (unsigned long)sizeof *sa);
419 return -1;
420 }
421 sa->transport = t;
422 if (t)
423 transport_reference(t);
424 sa->phase = exchange->phase;
425 memcpy(sa->cookies, exchange->cookies, ISAKMP_HDR_COOKIES_LEN);
426 memcpy(sa->message_id, exchange->message_id,
427 ISAKMP_HDR_MESSAGE_ID_LEN);
428 sa->doi = exchange->doi;
429 sa->policy_id = -1;
430
431 if (sa->doi->sa_size) {
432 /*
433 * Allocate the DOI-specific structure and initialize it to
434 * zeroes.
435 */
436 sa->data = calloc(1, sa->doi->sa_size);
437 if (!sa->data) {
438 log_error("sa_create: calloc (1, %lu) failed",
439 (unsigned long)sa->doi->sa_size);
440 free(sa);
441 return -1;
442 }
443 }
444 TAILQ_INIT(&sa->protos);
445
446 sa_enter(sa);
447 TAILQ_INSERT_TAIL(&exchange->sa_list, sa, next);
448 sa_reference(sa);
449
450 LOG_DBG((LOG_SA, 60,
451 "sa_create: sa %p phase %d added to exchange %p (%s)", sa,
452 sa->phase, exchange,
453 exchange->name ? exchange->name : "<unnamed>"));
454 return 0;
455 }
456
457 /*
458 * Dump the internal state of SA to the report channel, with HEADER
459 * prepended to each line.
460 */
461 void
sa_dump(int cls,int level,char * header,struct sa * sa)462 sa_dump(int cls, int level, char *header, struct sa *sa)
463 {
464 struct proto *proto;
465 char spi_header[80];
466 int i;
467
468 LOG_DBG((cls, level, "%s: %p %s phase %d doi %d flags 0x%x", header,
469 sa, sa->name ? sa->name : "<unnamed>", sa->phase, sa->doi->id,
470 sa->flags));
471 LOG_DBG((cls, level, "%s: icookie %08x%08x rcookie %08x%08x", header,
472 decode_32(sa->cookies), decode_32(sa->cookies + 4),
473 decode_32(sa->cookies + 8), decode_32(sa->cookies + 12)));
474 LOG_DBG((cls, level, "%s: msgid %08x refcnt %d", header,
475 decode_32(sa->message_id), sa->refcnt));
476 LOG_DBG((cls, level, "%s: life secs %llu kb %llu", header, sa->seconds,
477 sa->kilobytes));
478 for (proto = TAILQ_FIRST(&sa->protos); proto;
479 proto = TAILQ_NEXT(proto, link)) {
480 LOG_DBG((cls, level, "%s: suite %d proto %d", header,
481 proto->no, proto->proto));
482 LOG_DBG((cls, level,
483 "%s: spi_sz[0] %d spi[0] %p spi_sz[1] %d spi[1] %p",
484 header, proto->spi_sz[0], proto->spi[0], proto->spi_sz[1],
485 proto->spi[1]));
486 LOG_DBG((cls, level, "%s: %s, %s", header,
487 !sa->doi ? "<nodoi>" :
488 sa->doi->decode_ids("initiator id: %s, responder id: %s",
489 sa->id_i, sa->id_i_len,
490 sa->id_r, sa->id_r_len, 0),
491 !sa->transport ? "<no transport>" :
492 sa->transport->vtbl->decode_ids(sa->transport)));
493 for (i = 0; i < 2; i++)
494 if (proto->spi[i]) {
495 snprintf(spi_header, sizeof spi_header,
496 "%s: spi[%d]", header, i);
497 LOG_DBG_BUF((cls, level, spi_header,
498 proto->spi[i], proto->spi_sz[i]));
499 }
500 }
501 }
502
503 /*
504 * Display the SA's two SPI values.
505 */
506 static void
report_spi(FILE * fd,const u_int8_t * buf,size_t sz,int spi)507 report_spi(FILE *fd, const u_int8_t *buf, size_t sz, int spi)
508 {
509 #define SBUFSZ (2 * 32 + 9)
510 char s[SBUFSZ];
511 size_t i, j;
512
513 for (i = j = 0; i < sz;) {
514 snprintf(s + j, sizeof s - j, "%02x", buf[i++]);
515 j += strlen(s + j);
516 if (i % 4 == 0) {
517 if (i % 32 == 0) {
518 s[j] = '\0';
519 fprintf(fd, "%s", s);
520 j = 0;
521 } else
522 s[j++] = ' ';
523 }
524 }
525
526 if (j) {
527 s[j] = '\0';
528 fprintf(fd, "SPI %d: %s\n", spi, s);
529 }
530 }
531
532 /*
533 * Display the transform names to file.
534 * Structure is taken from pf_key_v2.c, pf_key_v2_set_spi.
535 * Transform names are taken from /usr/src/sys/crypto/xform.c.
536 */
537 static void
report_proto(FILE * fd,struct proto * proto)538 report_proto(FILE *fd, struct proto *proto)
539 {
540 struct ipsec_proto *iproto;
541 int keylen, hashlen;
542
543 switch (proto->proto) {
544 case IPSEC_PROTO_IPSEC_ESP:
545 keylen = ipsec_esp_enckeylength(proto);
546 hashlen = ipsec_esp_authkeylength(proto);
547 fprintf(fd, "Transform: IPsec ESP\n");
548 fprintf(fd, "Encryption key length: %d\n", keylen);
549 fprintf(fd, "Authentication key length: %d\n", hashlen);
550
551 fprintf(fd, "Encryption algorithm: ");
552 switch (proto->id) {
553 case IPSEC_ESP_3DES:
554 fprintf(fd, "3DES\n");
555 break;
556
557 case IPSEC_ESP_AES:
558 fprintf(fd, "AES (CBC)\n");
559 break;
560
561 case IPSEC_ESP_AES_CTR:
562 fprintf(fd, "AES (CTR)\n");
563 break;
564
565 case IPSEC_ESP_AES_GCM_16:
566 fprintf(fd, "AES (GCM)\n");
567 break;
568
569 case IPSEC_ESP_AES_GMAC:
570 fprintf(fd, "AES (GMAC)\n");
571 break;
572
573 case IPSEC_ESP_CAST:
574 fprintf(fd, "Cast-128\n");
575 break;
576
577 case IPSEC_ESP_BLOWFISH:
578 fprintf(fd, "Blowfish\n");
579 break;
580
581 default:
582 fprintf(fd, "unknown (%d)\n", proto->id);
583 }
584
585 fprintf(fd, "Authentication algorithm: ");
586
587 if (!proto->data) {
588 fprintf(fd, "none\n");
589 break;
590 }
591 iproto = proto->data;
592
593 switch (iproto->auth) {
594 case IPSEC_AUTH_HMAC_MD5:
595 fprintf(fd, "HMAC-MD5\n");
596 break;
597
598 case IPSEC_AUTH_HMAC_SHA:
599 fprintf(fd, "HMAC-SHA1\n");
600 break;
601
602 case IPSEC_AUTH_HMAC_RIPEMD:
603 fprintf(fd, "HMAC-RIPEMD-160\n");
604 break;
605
606 case IPSEC_AUTH_HMAC_SHA2_256:
607 fprintf(fd, "HMAC-SHA2-256\n");
608 break;
609
610 case IPSEC_AUTH_HMAC_SHA2_384:
611 fprintf(fd, "HMAC-SHA2-384\n");
612 break;
613
614 case IPSEC_AUTH_HMAC_SHA2_512:
615 fprintf(fd, "HMAC-SHA2-512\n");
616 break;
617
618 case IPSEC_AUTH_DES_MAC:
619 case IPSEC_AUTH_KPDK:
620 /* XXX We should be supporting KPDK */
621 fprintf(fd, "unknown (%d)", iproto->auth);
622 break;
623
624 default:
625 fprintf(fd, "none\n");
626 }
627 break;
628
629 case IPSEC_PROTO_IPSEC_AH:
630 hashlen = ipsec_ah_keylength(proto);
631 fprintf(fd, "Transform: IPsec AH\n");
632 fprintf(fd, "Encryption not used.\n");
633 fprintf(fd, "Authentication key length: %d\n", hashlen);
634
635 fprintf(fd, "Authentication algorithm: ");
636 switch (proto->id) {
637 case IPSEC_AH_MD5:
638 fprintf(fd, "HMAC-MD5\n");
639 break;
640
641 case IPSEC_AH_SHA:
642 fprintf(fd, "HMAC-SHA1\n");
643 break;
644
645 case IPSEC_AH_RIPEMD:
646 fprintf(fd, "HMAC-RIPEMD-160\n");
647 break;
648
649 case IPSEC_AH_SHA2_256:
650 fprintf(fd, "HMAC-SHA2-256\n");
651 break;
652
653 case IPSEC_AH_SHA2_384:
654 fprintf(fd, "HMAC-SHA2-384\n");
655 break;
656
657 case IPSEC_AH_SHA2_512:
658 fprintf(fd, "HMAC-SHA2-512\n");
659 break;
660
661 default:
662 fprintf(fd, "unknown (%d)", proto->id);
663 }
664 break;
665
666 default:
667 fprintf(fd, "report_proto: invalid proto %d\n", proto->proto);
668 }
669 }
670
671 /*
672 * Display SA lifetimes.
673 */
674 static void
report_lifetimes(FILE * fd,struct sa * sa)675 report_lifetimes(FILE *fd, struct sa *sa)
676 {
677 long timeout;
678
679 if (sa->seconds)
680 fprintf(fd, "Lifetime: %llu seconds\n", sa->seconds);
681
682 if (sa->soft_death) {
683 timeout = get_timeout(&sa->soft_death->expiration);
684 if (timeout < 0)
685 fprintf(fd, "<no soft timeout>\n");
686 else
687 fprintf(fd, "Soft timeout in %ld seconds\n", timeout);
688 }
689
690 if (sa->death) {
691 timeout = get_timeout(&sa->death->expiration);
692 if (timeout < 0)
693 fprintf(fd, "No hard timeout>\n");
694 else
695 fprintf(fd, "Hard timeout in %ld seconds\n", timeout);
696 }
697
698 if (sa->kilobytes)
699 fprintf(fd, "Lifetime: %llu kilobytes\n", sa->kilobytes);
700 }
701
702 /*
703 * Print phase 1 specific information.
704 */
705 static void
report_phase1(FILE * fd,struct sa * sa)706 report_phase1(FILE *fd, struct sa *sa)
707 {
708 /* Cookies. */
709 fprintf(fd, "icookie %08x%08x rcookie %08x%08x\n",
710 decode_32(sa->cookies), decode_32(sa->cookies + 4),
711 decode_32(sa->cookies + 8), decode_32(sa->cookies + 12));
712 }
713
714 /*
715 * Print phase 2 specific information.
716 */
717 static void
report_phase2(FILE * fd,struct sa * sa)718 report_phase2(FILE *fd, struct sa *sa)
719 {
720 struct proto *proto;
721 int i;
722
723 /* Transform information. */
724 for (proto = TAILQ_FIRST(&sa->protos); proto;
725 proto = TAILQ_NEXT(proto, link)) {
726
727 /* SPI values. */
728 for (i = 0; i < 2; i++)
729 if (proto->spi[i])
730 report_spi(fd, proto->spi[i],
731 proto->spi_sz[i], i);
732 else
733 fprintf(fd, "SPI %d not defined.\n", i);
734
735 /* Proto values. */
736 report_proto(fd, proto);
737 }
738 }
739
740 /* Report all the SAs to the report channel. */
741 void
sa_report(void)742 sa_report(void)
743 {
744 struct sa *sa;
745 int i;
746
747 for (i = 0; i <= bucket_mask; i++)
748 for (sa = LIST_FIRST(&sa_tab[i]); sa; sa = LIST_NEXT(sa, link))
749 sa_dump(LOG_REPORT, 0, "sa_report", sa);
750 }
751
752 /*
753 * Print an SA's connection details to file SA_FILE.
754 */
755 static void
sa_dump_all(FILE * fd,struct sa * sa)756 sa_dump_all(FILE *fd, struct sa *sa)
757 {
758 /* SA name and phase. */
759 fprintf(fd, "SA name: %s", sa->name ? sa->name : "<unnamed>");
760 fprintf(fd, " (Phase %d%s)\n", sa->phase, sa->phase == 1 ?
761 (sa->initiator ? "/Initiator" : "/Responder") : "");
762
763 /* Source and destination IPs. */
764 fprintf(fd, "%s", sa->transport == NULL ? "<no transport>" :
765 sa->transport->vtbl->decode_ids(sa->transport));
766 fprintf(fd, "\n");
767
768 /* Lifetimes */
769 report_lifetimes(fd, sa);
770
771 fprintf(fd, "Flags 0x%08x\n", sa->flags);
772
773 if (sa->phase == 1)
774 report_phase1(fd, sa);
775 else if (sa->phase == 2)
776 report_phase2(fd, sa);
777 else {
778 /* Should not happen, but... */
779 fprintf(fd, "<unknown phase>\n");
780 }
781
782 /* SA separator. */
783 fprintf(fd, "\n");
784 }
785
786 /* Report info of all SAs to file 'fd'. */
787 void
sa_report_all(FILE * fd)788 sa_report_all(FILE *fd)
789 {
790 struct sa *sa;
791 int i;
792
793 for (i = 0; i <= bucket_mask; i++)
794 for (sa = LIST_FIRST(&sa_tab[i]); sa; sa = LIST_NEXT(sa, link))
795 sa_dump_all(fd, sa);
796 }
797
798 /* Free the protocol structure pointed to by PROTO. */
799 void
proto_free(struct proto * proto)800 proto_free(struct proto *proto)
801 {
802 struct proto_attr *pa;
803 struct sa *sa = proto->sa;
804 int i;
805
806 for (i = 0; i < 2; i++)
807 if (proto->spi[i]) {
808 if (sa->doi->delete_spi)
809 sa->doi->delete_spi(sa, proto, i);
810 free(proto->spi[i]);
811 }
812 TAILQ_REMOVE(&sa->protos, proto, link);
813 if (proto->data) {
814 if (sa->doi && sa->doi->free_proto_data)
815 sa->doi->free_proto_data(proto->data);
816 free(proto->data);
817 }
818 if (proto->xf_cnt)
819 while ((pa = TAILQ_FIRST(&proto->xfs)) != NULL) {
820 free(pa->attrs);
821 TAILQ_REMOVE(&proto->xfs, pa, next);
822 free(pa);
823 }
824
825 LOG_DBG((LOG_SA, 90, "proto_free: freeing %p", proto));
826 free(proto);
827 }
828
829 /* Release all resources this SA is using. */
830 void
sa_free(struct sa * sa)831 sa_free(struct sa *sa)
832 {
833 if (sa->death) {
834 timer_remove_event(sa->death);
835 sa->death = 0;
836 sa->refcnt--;
837 }
838 if (sa->soft_death) {
839 timer_remove_event(sa->soft_death);
840 sa->soft_death = 0;
841 sa->refcnt--;
842 }
843 if (sa->dpd_event) {
844 timer_remove_event(sa->dpd_event);
845 sa->dpd_event = 0;
846 }
847 sa_remove(sa);
848 }
849
850 /* Remove the SA from the hash table of live SAs. */
851 void
sa_remove(struct sa * sa)852 sa_remove(struct sa *sa)
853 {
854 LIST_REMOVE(sa, link);
855 LOG_DBG((LOG_SA, 70, "sa_remove: SA %p removed from SA list", sa));
856 sa_release(sa);
857 }
858
859 /* Raise the reference count of SA. */
860 void
sa_reference(struct sa * sa)861 sa_reference(struct sa *sa)
862 {
863 sa->refcnt++;
864 LOG_DBG((LOG_SA, 80, "sa_reference: SA %p now has %d references",
865 sa, sa->refcnt));
866 }
867
868 /* Release a reference to SA. */
869 void
sa_release(struct sa * sa)870 sa_release(struct sa *sa)
871 {
872 struct cert_handler *handler;
873 struct proto *proto;
874
875 LOG_DBG((LOG_SA, 80, "sa_release: SA %p had %d references",
876 sa, sa->refcnt));
877
878 if (--sa->refcnt)
879 return;
880
881 LOG_DBG((LOG_SA, 60, "sa_release: freeing SA %p", sa));
882
883 while ((proto = TAILQ_FIRST(&sa->protos)) != 0)
884 proto_free(proto);
885 if (sa->data) {
886 if (sa->doi && sa->doi->free_sa_data)
887 sa->doi->free_sa_data(sa->data);
888 free(sa->data);
889 }
890 free(sa->id_i);
891 free(sa->id_r);
892 if (sa->recv_cert) {
893 handler = cert_get(sa->recv_certtype);
894 if (handler)
895 handler->cert_free(sa->recv_cert);
896 }
897 if (sa->sent_cert) {
898 handler = cert_get(sa->sent_certtype);
899 if (handler)
900 handler->cert_free(sa->sent_cert);
901 }
902 if (sa->recv_key)
903 key_free(sa->recv_keytype, ISAKMP_KEYTYPE_PUBLIC,
904 sa->recv_key);
905 free(sa->keynote_key); /* This is just a string */
906 if (sa->policy_id != -1)
907 kn_close(sa->policy_id);
908 free(sa->name);
909 free(sa->keystate);
910 if (sa->nat_t_keepalive)
911 timer_remove_event(sa->nat_t_keepalive);
912 if (sa->dpd_event)
913 timer_remove_event(sa->dpd_event);
914 if (sa->transport)
915 transport_release(sa->transport);
916 free(sa->tag);
917 free(sa);
918 }
919
920 /*
921 * Rehash the ISAKMP SA this MSG is negotiating with the responder cookie
922 * filled in.
923 */
924 void
sa_isakmp_upgrade(struct message * msg)925 sa_isakmp_upgrade(struct message *msg)
926 {
927 struct sa *sa = TAILQ_FIRST(&msg->exchange->sa_list);
928
929 sa_remove(sa);
930 GET_ISAKMP_HDR_RCOOKIE(msg->iov[0].iov_base,
931 sa->cookies + ISAKMP_HDR_ICOOKIE_LEN);
932
933 /*
934 * We don't install a transport in the initiator case as we don't know
935 * what local address will be chosen. Do it now instead.
936 */
937 sa->transport = msg->transport;
938 transport_reference(sa->transport);
939 sa_enter(sa);
940 }
941
942 #define ATTRS_SIZE (IKE_ATTR_BLOCK_SIZE + 1) /* XXX Should be dynamic. */
943
944 struct attr_validation_state {
945 u_int8_t *attrp[ATTRS_SIZE];
946 u_int8_t checked[ATTRS_SIZE];
947 u_int16_t len[ATTRS_SIZE];
948 int phase; /* IKE (1) or IPSEC (2) attrs? */
949 int mode; /* 0 = 'load', 1 = check */
950 };
951
952 /* Validate an attribute. Return 0 on match. */
953 static int
sa_validate_xf_attrs(u_int16_t type,u_int8_t * value,u_int16_t len,void * arg)954 sa_validate_xf_attrs(u_int16_t type, u_int8_t *value, u_int16_t len,
955 void *arg)
956 {
957 int val0, val1;
958
959 struct attr_validation_state *avs =
960 (struct attr_validation_state *)arg;
961
962 LOG_DBG((LOG_SA, 95, "sa_validate_xf_attrs: phase %d mode %d type %d "
963 "len %d", avs->phase, avs->mode, type, len));
964
965 /* Make sure the phase and type are valid. */
966 if (avs->phase == 1) {
967 if (type < IKE_ATTR_ENCRYPTION_ALGORITHM ||
968 type > IKE_ATTR_BLOCK_SIZE)
969 return 1;
970 } else if (avs->phase == 2) {
971 if (type < IPSEC_ATTR_SA_LIFE_TYPE ||
972 type > IPSEC_ATTR_ECN_TUNNEL)
973 return 1;
974 } else
975 return 1;
976
977 if (avs->mode == 0) { /* Load attrs. */
978 avs->attrp[type] = value;
979 avs->len[type] = len;
980 return 0;
981 }
982 /* Checking for a missing attribute is an immediate failure. */
983 if (!avs->attrp[type])
984 return 1;
985
986 /* Match the loaded attribute against this one, mark it as checked. */
987 avs->checked[type]++;
988 switch (len) {
989 case 2:
990 val0 = (int)decode_16(value);
991 break;
992 case 4:
993 val0 = (int)decode_32(value);
994 break;
995 default:
996 return 1;
997 }
998 switch (avs->len[type]) {
999 case 2:
1000 val1 = (int)decode_16(avs->attrp[type]);
1001 break;
1002 case 4:
1003 val1 = (int)decode_32(avs->attrp[type]);
1004 break;
1005 default:
1006 return 1;
1007 }
1008 /* Return 0 when the values are equal. */
1009 return (val0 != val1);
1010 }
1011
1012 /*
1013 * This function is used to validate the returned proposal (protection suite)
1014 * we get from the responder against a proposal we sent. Only run as initiator.
1015 * We return 0 if a match is found (in any transform of this proposal), 1
1016 * otherwise. Also see note in sa_add_transform() below.
1017 */
1018 static int
sa_validate_proto_xf(struct proto * match,struct payload * xf,int phase)1019 sa_validate_proto_xf(struct proto *match, struct payload *xf, int phase)
1020 {
1021 struct attr_validation_state *avs;
1022 struct proto_attr *pa;
1023 int found = 0;
1024 size_t i;
1025 u_int8_t xf_id;
1026
1027 if (!match->xf_cnt)
1028 return 0;
1029
1030 if (match->proto != GET_ISAKMP_PROP_PROTO(xf->context->p)) {
1031 LOG_DBG((LOG_SA, 70, "sa_validate_proto_xf: proto %p (#%d) "
1032 "protocol mismatch", match, match->no));
1033 return 1;
1034 }
1035 avs = calloc(1, sizeof *avs);
1036 if (!avs) {
1037 log_error("sa_validate_proto_xf: calloc (1, %lu)",
1038 (unsigned long)sizeof *avs);
1039 return 1;
1040 }
1041 avs->phase = phase;
1042
1043 /* Load the "proposal candidate" attribute set. */
1044 (void)attribute_map(xf->p + ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1045 GET_ISAKMP_GEN_LENGTH(xf->p) - ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1046 sa_validate_xf_attrs, avs);
1047 xf_id = GET_ISAKMP_TRANSFORM_ID(xf->p);
1048
1049 /* Check against the transforms we suggested. */
1050 avs->mode++;
1051 for (pa = TAILQ_FIRST(&match->xfs); pa && !found;
1052 pa = TAILQ_NEXT(pa, next)) {
1053 if (xf_id != GET_ISAKMP_TRANSFORM_ID(pa->attrs))
1054 continue;
1055
1056 bzero(avs->checked, sizeof avs->checked);
1057 if (attribute_map(pa->attrs + ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1058 pa->len - ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1059 sa_validate_xf_attrs, avs) == 0)
1060 found++;
1061
1062 LOG_DBG((LOG_SA, 80, "sa_validate_proto_xf: attr_map "
1063 "xf %p proto %p pa %p found %d", xf, match, pa, found));
1064
1065 if (!found)
1066 continue;
1067
1068 /*
1069 * Require all attributes present and checked. XXX perhaps
1070 * not?
1071 */
1072 for (i = 0; i < sizeof avs->checked; i++)
1073 if (avs->attrp[i] && !avs->checked[i])
1074 found = 0;
1075
1076 LOG_DBG((LOG_SA, 80, "sa_validate_proto_xf: req_attr "
1077 "xf %p proto %p pa %p found %d", xf, match, pa, found));
1078 }
1079 free(avs);
1080 return found ? 0 : 1;
1081 }
1082
1083 /*
1084 * Register the chosen transform XF into SA. As a side effect set PROTOP
1085 * to point at the corresponding proto structure. INITIATOR is true if we
1086 * are the initiator.
1087 */
1088 int
sa_add_transform(struct sa * sa,struct payload * xf,int initiator,struct proto ** protop)1089 sa_add_transform(struct sa *sa, struct payload *xf, int initiator,
1090 struct proto **protop)
1091 {
1092 struct proto *proto;
1093 struct payload *prop = xf->context;
1094
1095 *protop = 0;
1096 if (!initiator) {
1097 proto = calloc(1, sizeof *proto);
1098 if (!proto)
1099 log_error("sa_add_transform: calloc (1, %lu) failed",
1100 (unsigned long)sizeof *proto);
1101 } else {
1102 /*
1103 * RFC 2408, section 4.2 states the responder SHOULD use the
1104 * proposal number from the initiator (i.e us), in its
1105 * selected proposal to make this lookup easier. Most vendors
1106 * follow this. One noted exception is the CiscoPIX (and
1107 * perhaps other Cisco products).
1108 *
1109 * We start by matching on the proposal number, as before.
1110 */
1111 for (proto = TAILQ_FIRST(&sa->protos);
1112 proto && proto->no != GET_ISAKMP_PROP_NO(prop->p);
1113 proto = TAILQ_NEXT(proto, link))
1114 ;
1115 /*
1116 * If we did not find a match, search through all proposals
1117 * and xforms.
1118 */
1119 if (!proto || sa_validate_proto_xf(proto, xf, sa->phase) != 0)
1120 for (proto = TAILQ_FIRST(&sa->protos);
1121 proto && sa_validate_proto_xf(proto, xf, sa->phase) != 0;
1122 proto = TAILQ_NEXT(proto, link))
1123 ;
1124 }
1125 if (!proto)
1126 return -1;
1127 *protop = proto;
1128
1129 /* Allocate DOI-specific part. */
1130 if (!initiator) {
1131 proto->data = calloc(1, sa->doi->proto_size);
1132 if (!proto->data) {
1133 log_error("sa_add_transform: calloc (1, %lu) failed",
1134 (unsigned long)sa->doi->proto_size);
1135 goto cleanup;
1136 }
1137 }
1138 proto->no = GET_ISAKMP_PROP_NO(prop->p);
1139 proto->proto = GET_ISAKMP_PROP_PROTO(prop->p);
1140 proto->spi_sz[0] = GET_ISAKMP_PROP_SPI_SZ(prop->p);
1141 if (proto->spi_sz[0]) {
1142 proto->spi[0] = malloc(proto->spi_sz[0]);
1143 if (!proto->spi[0])
1144 goto cleanup;
1145 memcpy(proto->spi[0], prop->p + ISAKMP_PROP_SPI_OFF,
1146 proto->spi_sz[0]);
1147 }
1148 proto->chosen = xf;
1149 proto->sa = sa;
1150 proto->id = GET_ISAKMP_TRANSFORM_ID(xf->p);
1151 if (!initiator)
1152 TAILQ_INSERT_TAIL(&sa->protos, proto, link);
1153
1154 /* Let the DOI get at proto for initializing its own data. */
1155 if (sa->doi->proto_init)
1156 sa->doi->proto_init(proto, 0);
1157
1158 LOG_DBG((LOG_SA, 80,
1159 "sa_add_transform: "
1160 "proto %p no %d proto %d chosen %p sa %p id %d",
1161 proto, proto->no, proto->proto, proto->chosen, proto->sa,
1162 proto->id));
1163
1164 return 0;
1165
1166 cleanup:
1167 if (!initiator) {
1168 free(proto->data);
1169 free(proto);
1170 }
1171 *protop = 0;
1172 return -1;
1173 }
1174
1175 /* Delete an SA. Tell the peer if NOTIFY is set. */
1176 void
sa_delete(struct sa * sa,int notify)1177 sa_delete(struct sa *sa, int notify)
1178 {
1179 if (notify)
1180 message_send_delete(sa);
1181 sa_free(sa);
1182 }
1183
1184
1185 /* Teardown all SAs. */
1186 void
sa_teardown_all(void)1187 sa_teardown_all(void)
1188 {
1189 int i;
1190 struct sa *sa, *next = 0;
1191
1192 LOG_DBG((LOG_SA, 70, "sa_teardown_all:"));
1193 /* Get Phase 2 SAs. */
1194 for (i = 0; i <= bucket_mask; i++)
1195 for (sa = LIST_FIRST(&sa_tab[i]); sa; sa = next) {
1196 next = LIST_NEXT(sa, link);
1197 if (sa->phase == 2) {
1198 /*
1199 * Teardown the phase 2 SAs by name, similar
1200 * to ui_teardown.
1201 */
1202 LOG_DBG((LOG_SA, 70,
1203 "sa_teardown_all: tearing down SA %s",
1204 sa->name ? sa->name : "<unnamed>"));
1205 if (sa->name)
1206 connection_teardown(sa->name);
1207 sa_delete(sa, 1);
1208 }
1209 }
1210 }
1211
1212 /*
1213 * This function will get called when we are closing in on the death time of SA
1214 */
1215 static void
sa_soft_expire(void * v_sa)1216 sa_soft_expire(void *v_sa)
1217 {
1218 struct sa *sa = v_sa;
1219
1220 sa->soft_death = 0;
1221 sa_release(sa);
1222
1223 if ((sa->flags & (SA_FLAG_STAYALIVE | SA_FLAG_REPLACED)) ==
1224 SA_FLAG_STAYALIVE)
1225 exchange_establish(sa->name, 0, 0, 1);
1226 else
1227 /*
1228 * Start to watch the use of this SA, so a renegotiation can
1229 * happen as soon as it is shown to be alive.
1230 */
1231 sa->flags |= SA_FLAG_FADING;
1232 }
1233
1234 /* SA has passed its best before date. */
1235 static void
sa_hard_expire(void * v_sa)1236 sa_hard_expire(void *v_sa)
1237 {
1238 struct sa *sa = v_sa;
1239
1240 sa->death = 0;
1241 sa_release(sa);
1242
1243 if ((sa->flags & (SA_FLAG_STAYALIVE | SA_FLAG_REPLACED)) ==
1244 SA_FLAG_STAYALIVE)
1245 exchange_establish(sa->name, 0, 0, 1);
1246
1247 sa_delete(sa, 1);
1248 }
1249
1250 void
sa_reinit(void)1251 sa_reinit(void)
1252 {
1253 struct sa *sa;
1254 char *tag;
1255 int i;
1256
1257 /* For now; only do this if we have the proper tag configured. */
1258 tag = conf_get_str("General", "Renegotiate-on-HUP");
1259 if (!tag)
1260 return;
1261
1262 LOG_DBG((LOG_SA, 30, "sa_reinit: renegotiating active connections"));
1263
1264 /*
1265 * Get phase 2 SAs. Soft expire those without active exchanges. Do
1266 * not touch a phase 2 SA where the soft expiration is not set, ie.
1267 * the SA is not yet established.
1268 */
1269 for (i = 0; i <= bucket_mask; i++)
1270 for (sa = LIST_FIRST(&sa_tab[i]); sa; sa = LIST_NEXT(sa, link))
1271 if (sa->phase == 2)
1272 if (exchange_lookup_by_name(sa->name,
1273 sa->phase) == 0 && sa->soft_death) {
1274 timer_remove_event(sa->soft_death);
1275 sa_soft_expire(sa);
1276 }
1277 }
1278
1279 /*
1280 * Get an SA attribute's flag value out of textual description.
1281 */
1282 int
sa_flag(char * attr)1283 sa_flag(char *attr)
1284 {
1285 static struct sa_flag_map {
1286 char *name;
1287 int flag;
1288 } sa_flag_map[] = {
1289 {
1290 "active-only", SA_FLAG_ACTIVE_ONLY
1291 },
1292
1293 /*
1294 * Below this point are flags that are internal to the
1295 * implementation.
1296 */
1297 {
1298 "__ondemand", SA_FLAG_ONDEMAND
1299 },
1300 {
1301 "ikecfg", SA_FLAG_IKECFG
1302 },
1303 };
1304 size_t i;
1305
1306 for (i = 0; i < sizeof sa_flag_map / sizeof sa_flag_map[0]; i++)
1307 if (strcasecmp(attr, sa_flag_map[i].name) == 0)
1308 return sa_flag_map[i].flag;
1309 log_print("sa_flag: attribute \"%s\" unknown", attr);
1310 return 0;
1311 }
1312
1313 /* Mark SA as replaced. */
1314 void
sa_mark_replaced(struct sa * sa)1315 sa_mark_replaced(struct sa *sa)
1316 {
1317 LOG_DBG((LOG_SA, 60, "sa_mark_replaced: SA %p (%s) marked as replaced",
1318 sa, sa->name ? sa->name : "unnamed"));
1319 if (sa->dpd_event) {
1320 timer_remove_event(sa->dpd_event);
1321 sa->dpd_event = 0;
1322 }
1323 sa->flags |= SA_FLAG_REPLACED;
1324 }
1325
1326 /* Replace SA */
1327 void
sa_replace(struct sa * sa,struct sa * new_sa)1328 sa_replace(struct sa *sa, struct sa *new_sa)
1329 {
1330 LOG_DBG((LOG_SA, 60, "sa_replace: SA %p (%s) is replaced by SA %p (%s)",
1331 sa, sa->name ? sa->name : "unnamed",
1332 new_sa, new_sa->name ? new_sa->name : "unnamed"));
1333 sa_mark_replaced(sa);
1334 if (new_sa->flags & SA_FLAG_REPLACED) {
1335 /* enable the dpd */
1336 if ((new_sa->flags & SA_FLAG_DPD) == SA_FLAG_DPD)
1337 dpd_start(new_sa);
1338 new_sa->flags &= ~SA_FLAG_REPLACED;
1339 }
1340 }
1341
1342 /*
1343 * Setup expiration timers for SA. This is used for ISAKMP SAs, but also
1344 * possible to use for application SAs if the application does not deal
1345 * with expirations itself. An example is the Linux FreeS/WAN KLIPS IPsec
1346 * stack.
1347 */
1348 int
sa_setup_expirations(struct sa * sa)1349 sa_setup_expirations(struct sa *sa)
1350 {
1351 struct timespec expiration;
1352 u_int64_t seconds = sa->seconds;
1353
1354 /*
1355 * Set the soft timeout to a random percentage between 85 & 95 of
1356 * the negotiated lifetime to break strictly synchronized
1357 * renegotiations. This works better when the randomization is on the
1358 * order of processing plus network-roundtrip times, or larger.
1359 * I.e. it depends on configuration and negotiated lifetimes.
1360 * It is not good to do the decrease on the hard timeout, because then
1361 * we may drop our SA before our peer.
1362 * XXX Better scheme to come?
1363 */
1364 if (!sa->soft_death) {
1365 clock_gettime(CLOCK_MONOTONIC, &expiration);
1366 /*
1367 * XXX This should probably be configuration controlled
1368 * somehow.
1369 */
1370 seconds = sa->seconds * (850 + arc4random_uniform(100)) / 1000;
1371 LOG_DBG((LOG_TIMER, 95,
1372 "sa_setup_expirations: SA %p soft timeout in %llu seconds",
1373 sa, seconds));
1374 expiration.tv_sec += seconds;
1375 sa->soft_death = timer_add_event("sa_soft_expire",
1376 sa_soft_expire, sa, &expiration);
1377 if (!sa->soft_death) {
1378 /* If we don't give up we might start leaking... */
1379 sa_delete(sa, 1);
1380 return -1;
1381 }
1382 sa_reference(sa);
1383 }
1384 if (!sa->death) {
1385 clock_gettime(CLOCK_MONOTONIC, &expiration);
1386 LOG_DBG((LOG_TIMER, 95,
1387 "sa_setup_expirations: SA %p hard timeout in %llu seconds",
1388 sa, sa->seconds));
1389 expiration.tv_sec += sa->seconds;
1390 sa->death = timer_add_event("sa_hard_expire", sa_hard_expire,
1391 sa, &expiration);
1392 if (!sa->death) {
1393 /* If we don't give up we might start leaking... */
1394 sa_delete(sa, 1);
1395 return -1;
1396 }
1397 sa_reference(sa);
1398 }
1399 return 0;
1400 }
1401