1 /* $OpenBSD: ikev2_pld.c,v 1.136 2024/07/13 12:22:46 yasuoka Exp $ */
2
3 /*
4 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
5 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
6 * Copyright (c) 2014 Hans-Joerg Hoexer
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21 #include <sys/queue.h>
22 #include <sys/socket.h>
23 #include <sys/uio.h>
24
25 #include <netinet/in.h>
26 #include <arpa/inet.h>
27
28 #include <stdlib.h>
29 #include <stdio.h>
30 #include <unistd.h>
31 #include <string.h>
32 #include <signal.h>
33 #include <endian.h>
34 #include <errno.h>
35 #include <err.h>
36 #include <event.h>
37
38 #include <openssl/sha.h>
39 #include <openssl/evp.h>
40
41 #include "iked.h"
42 #include "ikev2.h"
43 #include "eap.h"
44 #include "dh.h"
45
46 int ikev2_validate_pld(struct iked_message *, size_t, size_t,
47 struct ikev2_payload *);
48 int ikev2_pld_payloads(struct iked *, struct iked_message *,
49 size_t, size_t, unsigned int);
50 int ikev2_validate_sa(struct iked_message *, size_t, size_t,
51 struct ikev2_sa_proposal *);
52 int ikev2_pld_sa(struct iked *, struct ikev2_payload *,
53 struct iked_message *, size_t, size_t);
54 int ikev2_validate_xform(struct iked_message *, size_t, size_t,
55 struct ikev2_transform *);
56 int ikev2_pld_xform(struct iked *, struct iked_message *,
57 size_t, size_t);
58 int ikev2_validate_attr(struct iked_message *, size_t, size_t,
59 struct ikev2_attribute *);
60 int ikev2_pld_attr(struct iked *, struct ikev2_transform *,
61 struct iked_message *, size_t, size_t);
62 int ikev2_validate_ke(struct iked_message *, size_t, size_t,
63 struct ikev2_keyexchange *);
64 int ikev2_pld_ke(struct iked *, struct ikev2_payload *,
65 struct iked_message *, size_t, size_t);
66 int ikev2_validate_id(struct iked_message *, size_t, size_t,
67 struct ikev2_id *);
68 int ikev2_pld_id(struct iked *, struct ikev2_payload *,
69 struct iked_message *, size_t, size_t, unsigned int);
70 int ikev2_validate_cert(struct iked_message *, size_t, size_t,
71 struct ikev2_cert *);
72 int ikev2_pld_cert(struct iked *, struct ikev2_payload *,
73 struct iked_message *, size_t, size_t);
74 int ikev2_validate_certreq(struct iked_message *, size_t, size_t,
75 struct ikev2_cert *);
76 int ikev2_pld_certreq(struct iked *, struct ikev2_payload *,
77 struct iked_message *, size_t, size_t);
78 int ikev2_pld_nonce(struct iked *, struct ikev2_payload *,
79 struct iked_message *, size_t, size_t);
80 int ikev2_validate_notify(struct iked_message *, size_t, size_t,
81 struct ikev2_notify *);
82 int ikev2_pld_notify(struct iked *, struct ikev2_payload *,
83 struct iked_message *, size_t, size_t);
84 int ikev2_validate_delete(struct iked_message *, size_t, size_t,
85 struct ikev2_delete *);
86 int ikev2_pld_delete(struct iked *, struct ikev2_payload *,
87 struct iked_message *, size_t, size_t);
88 int ikev2_validate_tss(struct iked_message *, size_t, size_t,
89 struct ikev2_tsp *);
90 int ikev2_pld_tss(struct iked *, struct ikev2_payload *,
91 struct iked_message *, size_t, size_t);
92 int ikev2_validate_ts(struct iked_message *, size_t, size_t,
93 struct ikev2_ts *);
94 int ikev2_pld_ts(struct iked *, struct ikev2_payload *,
95 struct iked_message *, size_t, size_t, unsigned int);
96 int ikev2_validate_auth(struct iked_message *, size_t, size_t,
97 struct ikev2_auth *);
98 int ikev2_pld_auth(struct iked *, struct ikev2_payload *,
99 struct iked_message *, size_t, size_t);
100 int ikev2_pld_e(struct iked *, struct ikev2_payload *,
101 struct iked_message *, size_t, size_t);
102 int ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld,
103 struct iked_message *msg, size_t offset, size_t left);
104 int ikev2_frags_reassemble(struct iked *env,
105 struct ikev2_payload *pld, struct iked_message *msg);
106 int ikev2_validate_cp(struct iked_message *, size_t, size_t,
107 struct ikev2_cp *);
108 int ikev2_pld_cp(struct iked *, struct ikev2_payload *,
109 struct iked_message *, size_t, size_t);
110 int ikev2_validate_eap(struct iked_message *, size_t, size_t,
111 struct eap_header *);
112 int ikev2_pld_eap(struct iked *, struct ikev2_payload *,
113 struct iked_message *, size_t, size_t);
114
115 int
ikev2_pld_parse(struct iked * env,struct ike_header * hdr,struct iked_message * msg,size_t offset)116 ikev2_pld_parse(struct iked *env, struct ike_header *hdr,
117 struct iked_message *msg, size_t offset)
118 {
119 log_debug("%s: header ispi %s rspi %s"
120 " nextpayload %s version 0x%02x exchange %s flags 0x%02x"
121 " msgid %d length %u response %d", __func__,
122 print_spi(betoh64(hdr->ike_ispi), 8),
123 print_spi(betoh64(hdr->ike_rspi), 8),
124 print_map(hdr->ike_nextpayload, ikev2_payload_map),
125 hdr->ike_version,
126 print_map(hdr->ike_exchange, ikev2_exchange_map),
127 hdr->ike_flags,
128 betoh32(hdr->ike_msgid),
129 betoh32(hdr->ike_length),
130 msg->msg_response);
131
132 if (ibuf_size(msg->msg_data) < betoh32(hdr->ike_length)) {
133 log_debug("%s: short message", __func__);
134 return (-1);
135 }
136
137 offset += sizeof(*hdr);
138
139 return (ikev2_pld_payloads(env, msg, offset,
140 betoh32(hdr->ike_length), hdr->ike_nextpayload));
141 }
142
143 int
ikev2_validate_pld(struct iked_message * msg,size_t offset,size_t left,struct ikev2_payload * pld)144 ikev2_validate_pld(struct iked_message *msg, size_t offset, size_t left,
145 struct ikev2_payload *pld)
146 {
147 uint8_t *msgbuf = ibuf_data(msg->msg_data);
148 size_t pld_length;
149
150 /* We need at least the generic header. */
151 if (left < sizeof(*pld)) {
152 log_debug("%s: malformed payload: too short for generic "
153 "header (%zu < %zu)", __func__, left, sizeof(*pld));
154 return (-1);
155 }
156 memcpy(pld, msgbuf + offset, sizeof(*pld));
157
158 /*
159 * We need at least the specified number of bytes.
160 * pld_length is the full size of the payload including
161 * the generic payload header.
162 */
163 pld_length = betoh16(pld->pld_length);
164 if (left < pld_length) {
165 log_debug("%s: malformed payload: shorter than specified "
166 "(%zu < %zu)", __func__, left, pld_length);
167 return (-1);
168 }
169 /*
170 * Sanity check the specified payload size, it must
171 * be at least the size of the generic payload header.
172 */
173 if (pld_length < sizeof(*pld)) {
174 log_debug("%s: malformed payload: shorter than minimum "
175 "header size (%zu < %zu)", __func__, pld_length,
176 sizeof(*pld));
177 return (-1);
178 }
179
180 return (0);
181 }
182
183 int
ikev2_pld_payloads(struct iked * env,struct iked_message * msg,size_t offset,size_t length,unsigned int payload)184 ikev2_pld_payloads(struct iked *env, struct iked_message *msg,
185 size_t offset, size_t length, unsigned int payload)
186 {
187 struct ikev2_payload pld;
188 unsigned int e;
189 int ret;
190 uint8_t *msgbuf = ibuf_data(msg->msg_data);
191 size_t total, left;
192
193 /* Check if message was decrypted in an E payload */
194 e = msg->msg_e ? IKED_E : 0;
195
196 /* Bytes left in datagram. */
197 total = length - offset;
198
199 while (payload != 0 && offset < length) {
200 if (ikev2_validate_pld(msg, offset, total, &pld))
201 return (-1);
202
203 log_debug("%s: %spayload %s"
204 " nextpayload %s critical 0x%02x length %d",
205 __func__, e ? "decrypted " : "",
206 print_map(payload, ikev2_payload_map),
207 print_map(pld.pld_nextpayload, ikev2_payload_map),
208 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD,
209 betoh16(pld.pld_length));
210
211 /* Skip over generic payload header. */
212 offset += sizeof(pld);
213 total -= sizeof(pld);
214 left = betoh16(pld.pld_length) - sizeof(pld);
215 ret = 0;
216
217 switch (payload | e) {
218 case IKEV2_PAYLOAD_SA:
219 case IKEV2_PAYLOAD_SA | IKED_E:
220 ret = ikev2_pld_sa(env, &pld, msg, offset, left);
221 break;
222 case IKEV2_PAYLOAD_KE:
223 case IKEV2_PAYLOAD_KE | IKED_E:
224 ret = ikev2_pld_ke(env, &pld, msg, offset, left);
225 break;
226 case IKEV2_PAYLOAD_IDi | IKED_E:
227 case IKEV2_PAYLOAD_IDr | IKED_E:
228 ret = ikev2_pld_id(env, &pld, msg, offset, left,
229 payload);
230 break;
231 case IKEV2_PAYLOAD_CERT | IKED_E:
232 ret = ikev2_pld_cert(env, &pld, msg, offset, left);
233 break;
234 case IKEV2_PAYLOAD_CERTREQ:
235 case IKEV2_PAYLOAD_CERTREQ | IKED_E:
236 ret = ikev2_pld_certreq(env, &pld, msg, offset, left);
237 break;
238 case IKEV2_PAYLOAD_AUTH | IKED_E:
239 ret = ikev2_pld_auth(env, &pld, msg, offset, left);
240 break;
241 case IKEV2_PAYLOAD_NONCE:
242 case IKEV2_PAYLOAD_NONCE | IKED_E:
243 ret = ikev2_pld_nonce(env, &pld, msg, offset, left);
244 break;
245 case IKEV2_PAYLOAD_NOTIFY:
246 case IKEV2_PAYLOAD_NOTIFY | IKED_E:
247 ret = ikev2_pld_notify(env, &pld, msg, offset, left);
248 break;
249 case IKEV2_PAYLOAD_DELETE | IKED_E:
250 ret = ikev2_pld_delete(env, &pld, msg, offset, left);
251 break;
252 case IKEV2_PAYLOAD_TSi | IKED_E:
253 case IKEV2_PAYLOAD_TSr | IKED_E:
254 ret = ikev2_pld_tss(env, &pld, msg, offset, left);
255 break;
256 case IKEV2_PAYLOAD_SK:
257 ret = ikev2_pld_e(env, &pld, msg, offset, left);
258 break;
259 case IKEV2_PAYLOAD_SKF:
260 ret = ikev2_pld_ef(env, &pld, msg, offset, left);
261 break;
262 case IKEV2_PAYLOAD_CP | IKED_E:
263 ret = ikev2_pld_cp(env, &pld, msg, offset, left);
264 break;
265 case IKEV2_PAYLOAD_EAP | IKED_E:
266 ret = ikev2_pld_eap(env, &pld, msg, offset, left);
267 break;
268 default:
269 print_hex(msgbuf, offset,
270 betoh16(pld.pld_length) - sizeof(pld));
271 break;
272 }
273
274 if (ret != 0 && ikev2_msg_frompeer(msg)) {
275 (void)ikev2_send_informational(env, msg);
276 return (-1);
277 }
278
279 /* Encrypted payloads must appear last */
280 if ((payload == IKEV2_PAYLOAD_SK) ||
281 (payload == IKEV2_PAYLOAD_SKF))
282 return (0);
283
284 payload = pld.pld_nextpayload;
285 offset += left;
286 total -= left;
287 }
288
289 return (0);
290 }
291
292 int
ikev2_validate_sa(struct iked_message * msg,size_t offset,size_t left,struct ikev2_sa_proposal * sap)293 ikev2_validate_sa(struct iked_message *msg, size_t offset, size_t left,
294 struct ikev2_sa_proposal *sap)
295 {
296 uint8_t *msgbuf = ibuf_data(msg->msg_data);
297 size_t sap_length;
298
299 if (left < sizeof(*sap)) {
300 log_debug("%s: malformed payload: too short for header "
301 "(%zu < %zu)", __func__, left, sizeof(*sap));
302 return (-1);
303 }
304 memcpy(sap, msgbuf + offset, sizeof(*sap));
305
306 sap_length = betoh16(sap->sap_length);
307 if (sap_length < sizeof(*sap)) {
308 log_debug("%s: malformed payload: shorter than minimum header "
309 "size (%zu < %zu)", __func__, sap_length, sizeof(*sap));
310 return (-1);
311 }
312 if (left < sap_length) {
313 log_debug("%s: malformed payload: too long for actual payload "
314 "size (%zu < %zu)", __func__, left, sap_length);
315 return (-1);
316 }
317 /*
318 * If there is only one proposal, sap_length must be the
319 * total payload size.
320 */
321 if (!sap->sap_more && left != sap_length) {
322 log_debug("%s: malformed payload: SA payload length mismatches "
323 "single proposal substructure length (%zu != %zu)",
324 __func__, left, sap_length);
325 return (-1);
326 }
327 /*
328 * If there are more than one proposal, there must be bytes
329 * left in the payload.
330 */
331 if (sap->sap_more && left <= sap_length) {
332 log_debug("%s: malformed payload: SA payload too small for "
333 "further proposals (%zu <= %zu)", __func__,
334 left, sap_length);
335 return (-1);
336 }
337 return (0);
338 }
339
340 int
ikev2_pld_sa(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)341 ikev2_pld_sa(struct iked *env, struct ikev2_payload *pld,
342 struct iked_message *msg, size_t offset, size_t left)
343 {
344 struct ikev2_sa_proposal sap;
345 struct iked_proposal *prop = NULL;
346 uint32_t spi32;
347 uint64_t spi = 0, spi64;
348 uint8_t *msgbuf = ibuf_data(msg->msg_data);
349 int r;
350 struct iked_proposals *props;
351 size_t total;
352
353 do {
354 if (ikev2_validate_sa(msg, offset, left, &sap))
355 return (-1);
356
357 /* Assumed size of the first proposals, including SPI if present. */
358 total = (betoh16(sap.sap_length) - sizeof(sap));
359
360 props = &msg->msg_parent->msg_proposals;
361
362 offset += sizeof(sap);
363 left -= sizeof(sap);
364
365 if (sap.sap_spisize) {
366 if (left < sap.sap_spisize) {
367 log_debug("%s: malformed payload: SPI larger than "
368 "actual payload (%zu < %d)", __func__, left,
369 sap.sap_spisize);
370 return (-1);
371 }
372 if (total < sap.sap_spisize) {
373 log_debug("%s: malformed payload: SPI larger than "
374 "proposal (%zu < %d)", __func__, total,
375 sap.sap_spisize);
376 return (-1);
377 }
378 switch (sap.sap_spisize) {
379 case 4:
380 memcpy(&spi32, msgbuf + offset, 4);
381 spi = betoh32(spi32);
382 break;
383 case 8:
384 memcpy(&spi64, msgbuf + offset, 8);
385 spi = betoh64(spi64);
386 break;
387 default:
388 log_debug("%s: unsupported SPI size %d",
389 __func__, sap.sap_spisize);
390 return (-1);
391 }
392
393 offset += sap.sap_spisize;
394 left -= sap.sap_spisize;
395
396 /* Assumed size of the proposal, now without SPI. */
397 total -= sap.sap_spisize;
398 }
399
400 /*
401 * As we verified sanity of packet headers, this check will
402 * be always false, but just to be sure we keep it.
403 */
404 if (left < total) {
405 log_debug("%s: malformed payload: too long for payload "
406 "(%zu < %zu)", __func__, left, total);
407 return (-1);
408 }
409
410 log_debug("%s: more %d reserved %d length %d"
411 " proposal #%d protoid %s spisize %d xforms %d spi %s",
412 __func__, sap.sap_more, sap.sap_reserved,
413 betoh16(sap.sap_length), sap.sap_proposalnr,
414 print_map(sap.sap_protoid, ikev2_saproto_map), sap.sap_spisize,
415 sap.sap_transforms, print_spi(spi, sap.sap_spisize));
416
417 if (ikev2_msg_frompeer(msg)) {
418 if ((msg->msg_parent->msg_prop = config_add_proposal(props,
419 sap.sap_proposalnr, sap.sap_protoid)) == NULL) {
420 log_debug("%s: invalid proposal", __func__);
421 return (-1);
422 }
423 prop = msg->msg_parent->msg_prop;
424 prop->prop_peerspi.spi = spi;
425 prop->prop_peerspi.spi_protoid = sap.sap_protoid;
426 prop->prop_peerspi.spi_size = sap.sap_spisize;
427
428 prop->prop_localspi.spi_protoid = sap.sap_protoid;
429 prop->prop_localspi.spi_size = sap.sap_spisize;
430 }
431
432 /*
433 * Parse the attached transforms
434 */
435 if (sap.sap_transforms) {
436 r = ikev2_pld_xform(env, msg, offset, total);
437 if ((r == -2) && ikev2_msg_frompeer(msg)) {
438 log_debug("%s: invalid proposal transform",
439 __func__);
440
441 /* cleanup and ignore proposal */
442 config_free_proposal(props, prop);
443 prop = msg->msg_parent->msg_prop = NULL;
444 } else if (r != 0) {
445 log_debug("%s: invalid proposal transforms",
446 __func__);
447 return (-1);
448 }
449 }
450
451 offset += total;
452 left -= total;
453 } while (sap.sap_more);
454
455 return (0);
456 }
457
458 int
ikev2_validate_xform(struct iked_message * msg,size_t offset,size_t total,struct ikev2_transform * xfrm)459 ikev2_validate_xform(struct iked_message *msg, size_t offset, size_t total,
460 struct ikev2_transform *xfrm)
461 {
462 uint8_t *msgbuf = ibuf_data(msg->msg_data);
463 size_t xfrm_length;
464
465 if (total < sizeof(*xfrm)) {
466 log_debug("%s: malformed payload: too short for header "
467 "(%zu < %zu)", __func__, total, sizeof(*xfrm));
468 return (-1);
469 }
470 memcpy(xfrm, msgbuf + offset, sizeof(*xfrm));
471
472 xfrm_length = betoh16(xfrm->xfrm_length);
473 if (xfrm_length < sizeof(*xfrm)) {
474 log_debug("%s: malformed payload: shorter than minimum header "
475 "size (%zu < %zu)", __func__, xfrm_length, sizeof(*xfrm));
476 return (-1);
477 }
478 if (total < xfrm_length) {
479 log_debug("%s: malformed payload: too long for payload size "
480 "(%zu < %zu)", __func__, total, xfrm_length);
481 return (-1);
482 }
483
484 return (0);
485 }
486
487 int
ikev2_pld_xform(struct iked * env,struct iked_message * msg,size_t offset,size_t total)488 ikev2_pld_xform(struct iked *env, struct iked_message *msg,
489 size_t offset, size_t total)
490 {
491 struct ikev2_transform xfrm;
492 char id[BUFSIZ];
493 int ret = 0;
494 int r;
495 size_t xfrm_length;
496
497 if (ikev2_validate_xform(msg, offset, total, &xfrm))
498 return (-1);
499
500 xfrm_length = betoh16(xfrm.xfrm_length);
501
502 switch (xfrm.xfrm_type) {
503 case IKEV2_XFORMTYPE_ENCR:
504 strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
505 ikev2_xformencr_map), sizeof(id));
506 break;
507 case IKEV2_XFORMTYPE_PRF:
508 strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
509 ikev2_xformprf_map), sizeof(id));
510 break;
511 case IKEV2_XFORMTYPE_INTEGR:
512 strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
513 ikev2_xformauth_map), sizeof(id));
514 break;
515 case IKEV2_XFORMTYPE_DH:
516 strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
517 ikev2_xformdh_map), sizeof(id));
518 break;
519 case IKEV2_XFORMTYPE_ESN:
520 strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
521 ikev2_xformesn_map), sizeof(id));
522 break;
523 default:
524 snprintf(id, sizeof(id), "<%d>", betoh16(xfrm.xfrm_id));
525 break;
526 }
527
528 log_debug("%s: more %d reserved %d length %zu"
529 " type %s id %s",
530 __func__, xfrm.xfrm_more, xfrm.xfrm_reserved, xfrm_length,
531 print_map(xfrm.xfrm_type, ikev2_xformtype_map), id);
532
533 /*
534 * Parse transform attributes, if available
535 */
536 msg->msg_attrlength = 0;
537 if (xfrm_length > sizeof(xfrm)) {
538 if (ikev2_pld_attr(env, &xfrm, msg, offset + sizeof(xfrm),
539 xfrm_length - sizeof(xfrm)) != 0) {
540 return (-1);
541 }
542 }
543
544 if (ikev2_msg_frompeer(msg)) {
545 r = config_add_transform(msg->msg_parent->msg_prop,
546 xfrm.xfrm_type, betoh16(xfrm.xfrm_id),
547 msg->msg_attrlength, msg->msg_attrlength);
548 if (r == -1) {
549 log_debug("%s: failed to add transform: alloc error",
550 __func__);
551 return (r);
552 } else if (r == -2) {
553 log_debug("%s: failed to add transform: unknown type",
554 __func__);
555 return (r);
556 }
557 }
558
559 /* Next transform */
560 offset += xfrm_length;
561 total -= xfrm_length;
562 if (xfrm.xfrm_more == IKEV2_XFORM_MORE)
563 ret = ikev2_pld_xform(env, msg, offset, total);
564 else if (total != 0) {
565 /* No more transforms but still some data left. */
566 log_debug("%s: less data than specified, %zu bytes left",
567 __func__, total);
568 ret = -1;
569 }
570
571 return (ret);
572 }
573
574 int
ikev2_validate_attr(struct iked_message * msg,size_t offset,size_t total,struct ikev2_attribute * attr)575 ikev2_validate_attr(struct iked_message *msg, size_t offset, size_t total,
576 struct ikev2_attribute *attr)
577 {
578 uint8_t *msgbuf = ibuf_data(msg->msg_data);
579
580 if (total < sizeof(*attr)) {
581 log_debug("%s: malformed payload: too short for header "
582 "(%zu < %zu)", __func__, total, sizeof(*attr));
583 return (-1);
584 }
585 memcpy(attr, msgbuf + offset, sizeof(*attr));
586
587 return (0);
588 }
589
590 int
ikev2_pld_attr(struct iked * env,struct ikev2_transform * xfrm,struct iked_message * msg,size_t offset,size_t total)591 ikev2_pld_attr(struct iked *env, struct ikev2_transform *xfrm,
592 struct iked_message *msg, size_t offset, size_t total)
593 {
594 struct ikev2_attribute attr;
595 unsigned int type;
596 uint8_t *msgbuf = ibuf_data(msg->msg_data);
597 int ret = 0;
598 size_t attr_length;
599
600 if (ikev2_validate_attr(msg, offset, total, &attr))
601 return (-1);
602
603 type = betoh16(attr.attr_type) & ~IKEV2_ATTRAF_TV;
604
605 log_debug("%s: attribute type %s length %d total %zu",
606 __func__, print_map(type, ikev2_attrtype_map),
607 betoh16(attr.attr_length), total);
608
609 if (betoh16(attr.attr_type) & IKEV2_ATTRAF_TV) {
610 /* Type-Value attribute */
611 offset += sizeof(attr);
612 total -= sizeof(attr);
613
614 if (type == IKEV2_ATTRTYPE_KEY_LENGTH)
615 msg->msg_attrlength = betoh16(attr.attr_length);
616 } else {
617 /* Type-Length-Value attribute */
618 attr_length = betoh16(attr.attr_length);
619 if (attr_length < sizeof(attr)) {
620 log_debug("%s: malformed payload: shorter than "
621 "minimum header size (%zu < %zu)", __func__,
622 attr_length, sizeof(attr));
623 return (-1);
624 }
625 if (total < attr_length) {
626 log_debug("%s: malformed payload: attribute larger "
627 "than actual payload (%zu < %zu)", __func__,
628 total, attr_length);
629 return (-1);
630 }
631 print_hex(msgbuf, offset + sizeof(attr),
632 attr_length - sizeof(attr));
633 offset += attr_length;
634 total -= attr_length;
635 }
636
637 if (total > 0) {
638 /* Next attribute */
639 ret = ikev2_pld_attr(env, xfrm, msg, offset, total);
640 }
641
642 return (ret);
643 }
644
645 int
ikev2_validate_ke(struct iked_message * msg,size_t offset,size_t left,struct ikev2_keyexchange * kex)646 ikev2_validate_ke(struct iked_message *msg, size_t offset, size_t left,
647 struct ikev2_keyexchange *kex)
648 {
649 uint8_t *msgbuf = ibuf_data(msg->msg_data);
650
651 if (left < sizeof(*kex)) {
652 log_debug("%s: malformed payload: too short for header "
653 "(%zu < %zu)", __func__, left, sizeof(*kex));
654 return (-1);
655 }
656 memcpy(kex, msgbuf + offset, sizeof(*kex));
657
658 return (0);
659 }
660
661 int
ikev2_pld_ke(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)662 ikev2_pld_ke(struct iked *env, struct ikev2_payload *pld,
663 struct iked_message *msg, size_t offset, size_t left)
664 {
665 struct ikev2_keyexchange kex;
666 uint8_t *buf;
667 size_t len;
668 uint8_t *msgbuf = ibuf_data(msg->msg_data);
669
670 if (ikev2_validate_ke(msg, offset, left, &kex))
671 return (-1);
672
673 log_debug("%s: dh group %s reserved %d", __func__,
674 print_map(betoh16(kex.kex_dhgroup), ikev2_xformdh_map),
675 betoh16(kex.kex_reserved));
676
677 buf = msgbuf + offset + sizeof(kex);
678 len = left - sizeof(kex);
679
680 if (len == 0) {
681 log_debug("%s: malformed payload: no KE data given", __func__);
682 return (-1);
683 }
684
685 print_hex(buf, 0, len);
686
687 if (ikev2_msg_frompeer(msg)) {
688 if (msg->msg_parent->msg_ke != NULL) {
689 log_info("%s: duplicate KE payload", __func__);
690 return (-1);
691 }
692 if ((msg->msg_parent->msg_ke = ibuf_new(buf, len)) == NULL) {
693 log_debug("%s: failed to get exchange", __func__);
694 return (-1);
695 }
696 msg->msg_parent->msg_dhgroup = betoh16(kex.kex_dhgroup);
697 }
698
699 return (0);
700 }
701
702 int
ikev2_validate_id(struct iked_message * msg,size_t offset,size_t left,struct ikev2_id * id)703 ikev2_validate_id(struct iked_message *msg, size_t offset, size_t left,
704 struct ikev2_id *id)
705 {
706 uint8_t *msgbuf = ibuf_data(msg->msg_data);
707
708 if (left < sizeof(*id)) {
709 log_debug("%s: malformed payload: too short for header "
710 "(%zu < %zu)", __func__, left, sizeof(*id));
711 return (-1);
712 }
713 memcpy(id, msgbuf + offset, sizeof(*id));
714
715 if (id->id_type == IKEV2_ID_NONE) {
716 log_debug("%s: malformed payload: invalid ID type.",
717 __func__);
718 return (-1);
719 }
720
721 return (0);
722 }
723
724 int
ikev2_pld_id(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left,unsigned int payload)725 ikev2_pld_id(struct iked *env, struct ikev2_payload *pld,
726 struct iked_message *msg, size_t offset, size_t left, unsigned int payload)
727 {
728 uint8_t *ptr;
729 struct ikev2_id id;
730 size_t len;
731 struct iked_id *idp, idb;
732 const struct iked_sa *sa = msg->msg_sa;
733 uint8_t *msgbuf = ibuf_data(msg->msg_data);
734 char idstr[IKED_ID_SIZE];
735
736 if (ikev2_validate_id(msg, offset, left, &id))
737 return (-1);
738
739 bzero(&idb, sizeof(idb));
740
741 /* Don't strip the Id payload header */
742 ptr = msgbuf + offset;
743 len = left;
744
745 idb.id_type = id.id_type;
746 idb.id_offset = sizeof(id);
747 if ((idb.id_buf = ibuf_new(ptr, len)) == NULL)
748 return (-1);
749
750 if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) {
751 ibuf_free(idb.id_buf);
752 log_debug("%s: malformed id", __func__);
753 return (-1);
754 }
755
756 log_debug("%s: id %s length %zu", __func__, idstr, len);
757
758 if (!ikev2_msg_frompeer(msg)) {
759 ibuf_free(idb.id_buf);
760 return (0);
761 }
762
763 if (((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) ||
764 (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi)))
765 idp = &msg->msg_parent->msg_peerid;
766 else if (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr)
767 idp = &msg->msg_parent->msg_localid;
768 else {
769 ibuf_free(idb.id_buf);
770 log_debug("%s: unexpected id payload", __func__);
771 return (0);
772 }
773
774 if (idp->id_type) {
775 ibuf_free(idb.id_buf);
776 log_debug("%s: duplicate id payload", __func__);
777 return (-1);
778 }
779
780 idp->id_buf = idb.id_buf;
781 idp->id_offset = idb.id_offset;
782 idp->id_type = idb.id_type;
783
784 return (0);
785 }
786
787 int
ikev2_validate_cert(struct iked_message * msg,size_t offset,size_t left,struct ikev2_cert * cert)788 ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left,
789 struct ikev2_cert *cert)
790 {
791 uint8_t *msgbuf = ibuf_data(msg->msg_data);
792
793 if (left < sizeof(*cert)) {
794 log_debug("%s: malformed payload: too short for header "
795 "(%zu < %zu)", __func__, left, sizeof(*cert));
796 return (-1);
797 }
798 memcpy(cert, msgbuf + offset, sizeof(*cert));
799 if (cert->cert_type == IKEV2_CERT_NONE) {
800 log_debug("%s: malformed payload: invalid cert type", __func__);
801 return (-1);
802 }
803
804 return (0);
805 }
806
807 int
ikev2_pld_cert(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)808 ikev2_pld_cert(struct iked *env, struct ikev2_payload *pld,
809 struct iked_message *msg, size_t offset, size_t left)
810 {
811 struct ikev2_cert cert;
812 uint8_t *buf;
813 size_t len;
814 struct iked_id *certid;
815 uint8_t *msgbuf = ibuf_data(msg->msg_data);
816 const struct iked_sa *sa = msg->msg_sa;
817 int i;
818
819 if (ikev2_validate_cert(msg, offset, left, &cert))
820 return (-1);
821 offset += sizeof(cert);
822
823 buf = msgbuf + offset;
824 len = left - sizeof(cert);
825
826 log_debug("%s: type %s length %zu",
827 __func__, print_map(cert.cert_type, ikev2_cert_map), len);
828
829 print_hex(buf, 0, len);
830
831 if (!ikev2_msg_frompeer(msg))
832 return (0);
833
834 /* do not accept internal encoding in the wire */
835 if (cert.cert_type == IKEV2_CERT_BUNDLE) {
836 log_debug("%s: ignoring IKEV2_CERT_BUNDLE",
837 SPI_SA(sa, __func__));
838 return (0);
839 }
840
841 certid = &msg->msg_parent->msg_cert;
842 if (certid->id_type) {
843 /* try to set supplemental certs */
844 for (i = 0; i < IKED_SCERT_MAX; i++) {
845 certid = &msg->msg_parent->msg_scert[i];
846 if (!certid->id_type)
847 break;
848 }
849 if (certid->id_type) {
850 log_debug("%s: too many cert payloads, ignoring",
851 SPI_SA(sa, __func__));
852 return (0);
853 }
854 }
855
856 if ((certid->id_buf = ibuf_new(buf, len)) == NULL) {
857 log_debug("%s: failed to save cert", __func__);
858 return (-1);
859 }
860 certid->id_type = cert.cert_type;
861 certid->id_offset = 0;
862
863 return (0);
864 }
865
866 int
ikev2_validate_certreq(struct iked_message * msg,size_t offset,size_t left,struct ikev2_cert * cert)867 ikev2_validate_certreq(struct iked_message *msg, size_t offset, size_t left,
868 struct ikev2_cert *cert)
869 {
870 uint8_t *msgbuf = ibuf_data(msg->msg_data);
871
872 if (left < sizeof(*cert)) {
873 log_debug("%s: malformed payload: too short for header "
874 "(%zu < %zu)", __func__, left, sizeof(*cert));
875 return (-1);
876 }
877 memcpy(cert, msgbuf + offset, sizeof(*cert));
878
879 return (0);
880 }
881
882 int
ikev2_pld_certreq(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)883 ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld,
884 struct iked_message *msg, size_t offset, size_t left)
885 {
886 struct ikev2_cert cert;
887 struct iked_certreq *cr;
888 uint8_t *buf;
889 ssize_t len;
890 uint8_t *msgbuf = ibuf_data(msg->msg_data);
891
892 if (ikev2_validate_certreq(msg, offset, left, &cert))
893 return (-1);
894 offset += sizeof(cert);
895
896 buf = msgbuf + offset;
897 len = left - sizeof(cert);
898
899 log_debug("%s: type %s length %zd",
900 __func__, print_map(cert.cert_type, ikev2_cert_map), len);
901
902 print_hex(buf, 0, len);
903
904 if (!ikev2_msg_frompeer(msg))
905 return (0);
906
907 if (cert.cert_type == IKEV2_CERT_X509_CERT) {
908 if (len == 0) {
909 log_info("%s: invalid length 0", __func__);
910 return (0);
911 }
912 if ((len % SHA_DIGEST_LENGTH) != 0) {
913 log_info("%s: invalid certificate request",
914 __func__);
915 return (-1);
916 }
917 }
918
919 if ((cr = calloc(1, sizeof(struct iked_certreq))) == NULL) {
920 log_info("%s: failed to allocate certreq.", __func__);
921 return (-1);
922 }
923 if ((cr->cr_data = ibuf_new(buf, len)) == NULL) {
924 log_info("%s: failed to allocate buffer.", __func__);
925 free(cr);
926 return (-1);
927 }
928 cr->cr_type = cert.cert_type;
929 SIMPLEQ_INSERT_TAIL(&msg->msg_parent->msg_certreqs, cr, cr_entry);
930
931 return (0);
932 }
933
934 int
ikev2_validate_auth(struct iked_message * msg,size_t offset,size_t left,struct ikev2_auth * auth)935 ikev2_validate_auth(struct iked_message *msg, size_t offset, size_t left,
936 struct ikev2_auth *auth)
937 {
938 uint8_t *msgbuf = ibuf_data(msg->msg_data);
939
940 if (left < sizeof(*auth)) {
941 log_debug("%s: malformed payload: too short for header "
942 "(%zu < %zu)", __func__, left, sizeof(*auth));
943 return (-1);
944 }
945 memcpy(auth, msgbuf + offset, sizeof(*auth));
946
947 if (auth->auth_method == 0) {
948 log_info("%s: malformed payload: invalid auth method",
949 __func__);
950 return (-1);
951 }
952
953 return (0);
954 }
955
956 int
ikev2_pld_auth(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)957 ikev2_pld_auth(struct iked *env, struct ikev2_payload *pld,
958 struct iked_message *msg, size_t offset, size_t left)
959 {
960 struct ikev2_auth auth;
961 struct iked_id *idp;
962 uint8_t *buf;
963 size_t len;
964 uint8_t *msgbuf = ibuf_data(msg->msg_data);
965
966 if (ikev2_validate_auth(msg, offset, left, &auth))
967 return (-1);
968 offset += sizeof(auth);
969
970 buf = msgbuf + offset;
971 len = left - sizeof(auth);
972
973 log_debug("%s: method %s length %zu",
974 __func__, print_map(auth.auth_method, ikev2_auth_map), len);
975
976 print_hex(buf, 0, len);
977
978 if (!ikev2_msg_frompeer(msg))
979 return (0);
980
981 idp = &msg->msg_parent->msg_auth;
982 if (idp->id_type) {
983 log_debug("%s: duplicate auth payload", __func__);
984 return (-1);
985 }
986
987 ibuf_free(idp->id_buf);
988 idp->id_type = auth.auth_method;
989 idp->id_offset = 0;
990 if ((idp->id_buf = ibuf_new(buf, len)) == NULL)
991 return (-1);
992
993 return (0);
994 }
995
996 int
ikev2_pld_nonce(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)997 ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld,
998 struct iked_message *msg, size_t offset, size_t left)
999 {
1000 size_t len;
1001 uint8_t *buf;
1002 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1003
1004 buf = msgbuf + offset;
1005 len = left;
1006
1007 if (len == 0) {
1008 log_debug("%s: malformed payload: no NONCE given", __func__);
1009 return (-1);
1010 }
1011
1012 print_hex(buf, 0, len);
1013
1014 if (ikev2_msg_frompeer(msg)) {
1015 if (msg->msg_parent->msg_nonce != NULL) {
1016 log_info("%s: duplicate NONCE payload", __func__);
1017 return (-1);
1018 }
1019 if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) {
1020 log_debug("%s: failed to get peer nonce", __func__);
1021 return (-1);
1022 }
1023 msg->msg_parent->msg_nonce = msg->msg_nonce;
1024 }
1025
1026 return (0);
1027 }
1028
1029 int
ikev2_validate_notify(struct iked_message * msg,size_t offset,size_t left,struct ikev2_notify * n)1030 ikev2_validate_notify(struct iked_message *msg, size_t offset, size_t left,
1031 struct ikev2_notify *n)
1032 {
1033 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1034
1035 if (left < sizeof(*n)) {
1036 log_debug("%s: malformed payload: too short for header "
1037 "(%zu < %zu)", __func__, left, sizeof(*n));
1038 return (-1);
1039 }
1040 memcpy(n, msgbuf + offset, sizeof(*n));
1041
1042 return (0);
1043 }
1044
1045 int
ikev2_pld_notify(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)1046 ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld,
1047 struct iked_message *msg, size_t offset, size_t left)
1048 {
1049 struct ikev2_notify n;
1050 const struct iked_sa *sa = msg->msg_sa;
1051 uint8_t *buf, md[SHA_DIGEST_LENGTH];
1052 uint32_t spi32;
1053 uint64_t spi64;
1054 struct iked_spi *rekey;
1055 uint16_t type;
1056 uint16_t signature_hash;
1057
1058 if (ikev2_validate_notify(msg, offset, left, &n))
1059 return (-1);
1060 type = betoh16(n.n_type);
1061
1062 log_debug("%s: protoid %s spisize %d type %s",
1063 __func__,
1064 print_map(n.n_protoid, ikev2_saproto_map), n.n_spisize,
1065 print_map(type, ikev2_n_map));
1066
1067 left -= sizeof(n);
1068 if ((buf = ibuf_seek(msg->msg_data, offset + sizeof(n), left)) == NULL)
1069 return (-1);
1070
1071 print_hex(buf, 0, left);
1072
1073 if (!ikev2_msg_frompeer(msg))
1074 return (0);
1075
1076 switch (type) {
1077 case IKEV2_N_NAT_DETECTION_SOURCE_IP:
1078 case IKEV2_N_NAT_DETECTION_DESTINATION_IP:
1079 if (left != sizeof(md)) {
1080 log_debug("%s: malformed payload: hash size mismatch"
1081 " (%zu != %zu)", __func__, left, sizeof(md));
1082 return (-1);
1083 }
1084 if (ikev2_nat_detection(env, msg, md, sizeof(md), type,
1085 ikev2_msg_frompeer(msg)) == -1)
1086 return (-1);
1087 if (memcmp(buf, md, left) != 0) {
1088 log_debug("%s: %s detected NAT", __func__,
1089 print_map(type, ikev2_n_map));
1090 if (type == IKEV2_N_NAT_DETECTION_SOURCE_IP)
1091 msg->msg_parent->msg_nat_detected
1092 |= IKED_MSG_NAT_SRC_IP;
1093 else
1094 msg->msg_parent->msg_nat_detected
1095 |= IKED_MSG_NAT_DST_IP;
1096 }
1097 print_hex(md, 0, sizeof(md));
1098 /* remember for MOBIKE */
1099 msg->msg_parent->msg_natt_rcvd = 1;
1100 break;
1101 case IKEV2_N_AUTHENTICATION_FAILED:
1102 if (!msg->msg_e) {
1103 log_debug("%s: AUTHENTICATION_FAILED not encrypted",
1104 __func__);
1105 return (-1);
1106 }
1107 /*
1108 * If we are the responder, then we only accept
1109 * AUTHENTICATION_FAILED from authenticated peers.
1110 * If we are the initiator, the peer cannot be authenticated.
1111 */
1112 if (!sa->sa_hdr.sh_initiator) {
1113 if (!sa_stateok(sa, IKEV2_STATE_VALID)) {
1114 log_debug("%s: ignoring AUTHENTICATION_FAILED"
1115 " from unauthenticated initiator",
1116 __func__);
1117 return (-1);
1118 }
1119 } else {
1120 if (sa_stateok(sa, IKEV2_STATE_VALID)) {
1121 log_debug("%s: ignoring AUTHENTICATION_FAILED"
1122 " from authenticated responder",
1123 __func__);
1124 return (-1);
1125 }
1126 }
1127 msg->msg_parent->msg_flags
1128 |= IKED_MSG_FLAGS_AUTHENTICATION_FAILED;
1129 break;
1130 case IKEV2_N_INVALID_KE_PAYLOAD:
1131 if (sa_stateok(sa, IKEV2_STATE_VALID) &&
1132 !msg->msg_e) {
1133 log_debug("%s: INVALID_KE_PAYLOAD not encrypted",
1134 __func__);
1135 return (-1);
1136 }
1137 if (left != sizeof(msg->msg_parent->msg_group)) {
1138 log_debug("%s: malformed payload: group size mismatch"
1139 " (%zu != %zu)", __func__, left,
1140 sizeof(msg->msg_parent->msg_group));
1141 return (-1);
1142 }
1143 memcpy(&msg->msg_parent->msg_group, buf, left);
1144 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_INVALID_KE;
1145 break;
1146 case IKEV2_N_NO_ADDITIONAL_SAS:
1147 if (!msg->msg_e) {
1148 log_debug("%s: NO_ADDITIONAL_SAS not encrypted",
1149 __func__);
1150 return (-1);
1151 }
1152 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_ADDITIONAL_SAS;
1153 break;
1154 case IKEV2_N_REKEY_SA:
1155 if (!msg->msg_e) {
1156 log_debug("%s: N_REKEY_SA not encrypted", __func__);
1157 return (-1);
1158 }
1159 if (left != n.n_spisize) {
1160 log_debug("%s: malformed notification", __func__);
1161 return (-1);
1162 }
1163 rekey = &msg->msg_parent->msg_rekey;
1164 if (rekey->spi != 0) {
1165 log_debug("%s: rekeying of multiple SAs not supported",
1166 __func__);
1167 return (-1);
1168 }
1169 switch (n.n_spisize) {
1170 case 4:
1171 memcpy(&spi32, buf, left);
1172 rekey->spi = betoh32(spi32);
1173 break;
1174 case 8:
1175 memcpy(&spi64, buf, left);
1176 rekey->spi = betoh64(spi64);
1177 break;
1178 default:
1179 log_debug("%s: invalid spi size %d", __func__,
1180 n.n_spisize);
1181 return (-1);
1182 }
1183 rekey->spi_size = n.n_spisize;
1184 rekey->spi_protoid = n.n_protoid;
1185
1186 log_debug("%s: rekey %s spi %s", __func__,
1187 print_map(n.n_protoid, ikev2_saproto_map),
1188 print_spi(rekey->spi, n.n_spisize));
1189 break;
1190 case IKEV2_N_TEMPORARY_FAILURE:
1191 if (!msg->msg_e) {
1192 log_debug("%s: IKEV2_N_TEMPORARY_FAILURE not encrypted",
1193 __func__);
1194 return (-1);
1195 }
1196 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_TEMPORARY_FAILURE;
1197 break;
1198 case IKEV2_N_IPCOMP_SUPPORTED:
1199 if (!msg->msg_e) {
1200 log_debug("%s: N_IPCOMP_SUPPORTED not encrypted",
1201 __func__);
1202 return (-1);
1203 }
1204 if (left < sizeof(msg->msg_parent->msg_cpi) +
1205 sizeof(msg->msg_parent->msg_transform)) {
1206 log_debug("%s: ignoring malformed ipcomp notification",
1207 __func__);
1208 return (0);
1209 }
1210 memcpy(&msg->msg_parent->msg_cpi, buf,
1211 sizeof(msg->msg_parent->msg_cpi));
1212 memcpy(&msg->msg_parent->msg_transform,
1213 buf + sizeof(msg->msg_parent->msg_cpi),
1214 sizeof(msg->msg_parent->msg_transform));
1215
1216 log_debug("%s: %s cpi 0x%x, transform %s, length %zu", __func__,
1217 msg->msg_parent->msg_response ? "res" : "req",
1218 betoh16(msg->msg_parent->msg_cpi),
1219 print_map(msg->msg_parent->msg_transform,
1220 ikev2_ipcomp_map), left);
1221
1222 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_IPCOMP_SUPPORTED;
1223 break;
1224 case IKEV2_N_CHILD_SA_NOT_FOUND:
1225 if (!msg->msg_e) {
1226 log_debug("%s: N_CHILD_SA_NOT_FOUND not encrypted",
1227 __func__);
1228 return (-1);
1229 }
1230 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_CHILD_SA_NOT_FOUND;
1231 break;
1232 case IKEV2_N_NO_PROPOSAL_CHOSEN:
1233 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN;
1234 break;
1235 case IKEV2_N_MOBIKE_SUPPORTED:
1236 if (!msg->msg_e) {
1237 log_debug("%s: N_MOBIKE_SUPPORTED not encrypted",
1238 __func__);
1239 return (-1);
1240 }
1241 if (left != 0) {
1242 log_debug("%s: ignoring malformed mobike"
1243 " notification: %zu", __func__, left);
1244 return (0);
1245 }
1246 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_MOBIKE;
1247 break;
1248 case IKEV2_N_USE_TRANSPORT_MODE:
1249 if (!msg->msg_e) {
1250 log_debug("%s: N_USE_TRANSPORT_MODE not encrypted",
1251 __func__);
1252 return (-1);
1253 }
1254 if (left != 0) {
1255 log_debug("%s: ignoring malformed transport mode"
1256 " notification: %zu", __func__, left);
1257 return (0);
1258 }
1259 if (msg->msg_parent->msg_response) {
1260 if (!(msg->msg_policy->pol_flags & IKED_POLICY_TRANSPORT)) {
1261 log_debug("%s: ignoring transport mode"
1262 " notification (policy)", __func__);
1263 return (0);
1264 }
1265 }
1266 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_USE_TRANSPORT;
1267 break;
1268 case IKEV2_N_UPDATE_SA_ADDRESSES:
1269 if (!msg->msg_e) {
1270 log_debug("%s: N_UPDATE_SA_ADDRESSES not encrypted",
1271 __func__);
1272 return (-1);
1273 }
1274 if (!sa->sa_mobike) {
1275 log_debug("%s: ignoring update sa addresses"
1276 " notification w/o mobike: %zu", __func__, left);
1277 return (0);
1278 }
1279 if (left != 0) {
1280 log_debug("%s: ignoring malformed update sa addresses"
1281 " notification: %zu", __func__, left);
1282 return (0);
1283 }
1284 msg->msg_parent->msg_update_sa_addresses = 1;
1285 break;
1286 case IKEV2_N_COOKIE2:
1287 if (!msg->msg_e) {
1288 log_debug("%s: N_COOKIE2 not encrypted",
1289 __func__);
1290 return (-1);
1291 }
1292 if (!sa->sa_mobike) {
1293 log_debug("%s: ignoring cookie2 notification"
1294 " w/o mobike: %zu", __func__, left);
1295 return (0);
1296 }
1297 if (left < IKED_COOKIE2_MIN || left > IKED_COOKIE2_MAX) {
1298 log_debug("%s: ignoring malformed cookie2"
1299 " notification: %zu", __func__, left);
1300 return (0);
1301 }
1302 ibuf_free(msg->msg_cookie2); /* should not happen */
1303 if ((msg->msg_cookie2 = ibuf_new(buf, left)) == NULL) {
1304 log_debug("%s: failed to get peer cookie2", __func__);
1305 return (-1);
1306 }
1307 msg->msg_parent->msg_cookie2 = msg->msg_cookie2;
1308 break;
1309 case IKEV2_N_COOKIE:
1310 if (msg->msg_e) {
1311 log_debug("%s: N_COOKIE encrypted",
1312 __func__);
1313 return (-1);
1314 }
1315 if (left < IKED_COOKIE_MIN || left > IKED_COOKIE_MAX) {
1316 log_debug("%s: ignoring malformed cookie"
1317 " notification: %zu", __func__, left);
1318 return (0);
1319 }
1320 log_debug("%s: received cookie, len %zu", __func__, left);
1321 print_hex(buf, 0, left);
1322
1323 ibuf_free(msg->msg_cookie);
1324 if ((msg->msg_cookie = ibuf_new(buf, left)) == NULL) {
1325 log_debug("%s: failed to get peer cookie", __func__);
1326 return (-1);
1327 }
1328 msg->msg_parent->msg_cookie = msg->msg_cookie;
1329 break;
1330 case IKEV2_N_FRAGMENTATION_SUPPORTED:
1331 if (msg->msg_e) {
1332 log_debug("%s: N_FRAGMENTATION_SUPPORTED encrypted",
1333 __func__);
1334 return (-1);
1335 }
1336 if (left != 0) {
1337 log_debug("%s: ignoring malformed fragmentation"
1338 " notification: %zu", __func__, left);
1339 return (0);
1340 }
1341 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_FRAGMENTATION;
1342 break;
1343 case IKEV2_N_SIGNATURE_HASH_ALGORITHMS:
1344 if (msg->msg_e) {
1345 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: encrypted",
1346 __func__);
1347 return (-1);
1348 }
1349 if (sa == NULL) {
1350 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: no SA",
1351 __func__);
1352 return (-1);
1353 }
1354 if (sa->sa_sigsha2) {
1355 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: "
1356 "duplicate notify", __func__);
1357 return (0);
1358 }
1359 if (left < sizeof(signature_hash) ||
1360 left % sizeof(signature_hash)) {
1361 log_debug("%s: malformed signature hash notification"
1362 "(%zu bytes)", __func__, left);
1363 return (0);
1364 }
1365 while (left >= sizeof(signature_hash)) {
1366 memcpy(&signature_hash, buf, sizeof(signature_hash));
1367 signature_hash = betoh16(signature_hash);
1368 log_debug("%s: signature hash %s (%x)", __func__,
1369 print_map(signature_hash, ikev2_sighash_map),
1370 signature_hash);
1371 left -= sizeof(signature_hash);
1372 buf += sizeof(signature_hash);
1373 if (signature_hash == IKEV2_SIGHASH_SHA2_256)
1374 msg->msg_parent->msg_flags
1375 |= IKED_MSG_FLAGS_SIGSHA2;
1376 }
1377 break;
1378 }
1379
1380 return (0);
1381 }
1382
1383 int
ikev2_validate_delete(struct iked_message * msg,size_t offset,size_t left,struct ikev2_delete * del)1384 ikev2_validate_delete(struct iked_message *msg, size_t offset, size_t left,
1385 struct ikev2_delete *del)
1386 {
1387 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1388
1389 if (left < sizeof(*del)) {
1390 log_debug("%s: malformed payload: too short for header "
1391 "(%zu < %zu)", __func__, left, sizeof(*del));
1392 return (-1);
1393 }
1394 memcpy(del, msgbuf + offset, sizeof(*del));
1395
1396 if (del->del_protoid == 0) {
1397 log_info("%s: malformed payload: invalid protoid", __func__);
1398 return (-1);
1399 }
1400
1401 return (0);
1402 }
1403
1404 int
ikev2_pld_delete(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)1405 ikev2_pld_delete(struct iked *env, struct ikev2_payload *pld,
1406 struct iked_message *msg, size_t offset, size_t left)
1407 {
1408 struct ikev2_delete del;
1409 uint8_t *buf, *msgbuf = ibuf_data(msg->msg_data);
1410 size_t cnt, sz, len;
1411
1412 if (ikev2_validate_delete(msg, offset, left, &del))
1413 return (-1);
1414
1415 /* Skip if it's a response, then we don't have to deal with it */
1416 if (ikev2_msg_frompeer(msg) &&
1417 msg->msg_parent->msg_response)
1418 return (0);
1419
1420 cnt = betoh16(del.del_nspi);
1421 sz = del.del_spisize;
1422
1423 log_debug("%s: proto %s spisize %zu nspi %zu",
1424 __func__, print_map(del.del_protoid, ikev2_saproto_map),
1425 sz, cnt);
1426
1427 if (msg->msg_parent->msg_del_protoid) {
1428 log_debug("%s: duplicate delete payload", __func__);
1429 return (0);
1430 }
1431
1432 msg->msg_parent->msg_del_protoid = del.del_protoid;
1433 msg->msg_parent->msg_del_cnt = cnt;
1434 msg->msg_parent->msg_del_spisize = sz;
1435
1436 buf = msgbuf + offset + sizeof(del);
1437 len = left - sizeof(del);
1438 if (len == 0 || sz == 0 || cnt == 0)
1439 return (0);
1440
1441 if ((len / sz) != cnt) {
1442 log_debug("%s: invalid payload length %zu/%zu != %zu",
1443 __func__, len, sz, cnt);
1444 return (-1);
1445 }
1446
1447 print_hex(buf, 0, len);
1448
1449 msg->msg_parent->msg_del_buf = ibuf_new(buf, len);
1450
1451 return (0);
1452 }
1453
1454 int
ikev2_validate_tss(struct iked_message * msg,size_t offset,size_t left,struct ikev2_tsp * tsp)1455 ikev2_validate_tss(struct iked_message *msg, size_t offset, size_t left,
1456 struct ikev2_tsp *tsp)
1457 {
1458 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1459
1460 if (left < sizeof(*tsp)) {
1461 log_debug("%s: malformed payload: too short for header "
1462 "(%zu < %zu)", __func__, left, sizeof(*tsp));
1463 return (-1);
1464 }
1465 memcpy(tsp, msgbuf + offset, sizeof(*tsp));
1466
1467 return (0);
1468 }
1469
1470 int
ikev2_pld_tss(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)1471 ikev2_pld_tss(struct iked *env, struct ikev2_payload *pld,
1472 struct iked_message *msg, size_t offset, size_t left)
1473 {
1474 struct ikev2_tsp tsp;
1475 struct ikev2_ts ts;
1476 size_t ts_len, i;
1477
1478 if (ikev2_validate_tss(msg, offset, left, &tsp))
1479 return (-1);
1480
1481 offset += sizeof(tsp);
1482 left -= sizeof(tsp);
1483
1484 log_debug("%s: count %d length %zu", __func__,
1485 tsp.tsp_count, left);
1486
1487 for (i = 0; i < tsp.tsp_count; i++) {
1488 if (ikev2_validate_ts(msg, offset, left, &ts))
1489 return (-1);
1490
1491 log_debug("%s: type %s protoid %u length %d "
1492 "startport %u endport %u", __func__,
1493 print_map(ts.ts_type, ikev2_ts_map),
1494 ts.ts_protoid, betoh16(ts.ts_length),
1495 betoh16(ts.ts_startport),
1496 betoh16(ts.ts_endport));
1497
1498 offset += sizeof(ts);
1499 left -= sizeof(ts);
1500
1501 ts_len = betoh16(ts.ts_length) - sizeof(ts);
1502 if (ikev2_pld_ts(env, pld, msg, offset, ts_len, ts.ts_type))
1503 return (-1);
1504
1505 offset += ts_len;
1506 left -= ts_len;
1507 }
1508
1509 return (0);
1510 }
1511
1512 int
ikev2_validate_ts(struct iked_message * msg,size_t offset,size_t left,struct ikev2_ts * ts)1513 ikev2_validate_ts(struct iked_message *msg, size_t offset, size_t left,
1514 struct ikev2_ts *ts)
1515 {
1516 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1517 size_t ts_length;
1518
1519 if (left < sizeof(*ts)) {
1520 log_debug("%s: malformed payload: too short for header "
1521 "(%zu < %zu)", __func__, left, sizeof(*ts));
1522 return (-1);
1523 }
1524 memcpy(ts, msgbuf + offset, sizeof(*ts));
1525
1526 ts_length = betoh16(ts->ts_length);
1527 if (ts_length < sizeof(*ts)) {
1528 log_debug("%s: malformed payload: shorter than minimum header "
1529 "size (%zu < %zu)", __func__, ts_length, sizeof(*ts));
1530 return (-1);
1531 }
1532 if (left < ts_length) {
1533 log_debug("%s: malformed payload: too long for payload size "
1534 "(%zu < %zu)", __func__, left, ts_length);
1535 return (-1);
1536 }
1537
1538 return (0);
1539 }
1540
1541 int
ikev2_pld_ts(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left,unsigned int type)1542 ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
1543 struct iked_message *msg, size_t offset, size_t left, unsigned int type)
1544 {
1545 struct sockaddr_in start4, end4;
1546 struct sockaddr_in6 start6, end6;
1547 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1548 uint8_t *ptr;
1549
1550 ptr = msgbuf + offset;
1551
1552 switch (type) {
1553 case IKEV2_TS_IPV4_ADDR_RANGE:
1554 if (left < 2 * 4) {
1555 log_debug("%s: malformed payload: too short "
1556 "for ipv4 addr range (%zu < %u)",
1557 __func__, left, 2 * 4);
1558 return (-1);
1559 }
1560
1561 bzero(&start4, sizeof(start4));
1562 start4.sin_family = AF_INET;
1563 start4.sin_len = sizeof(start4);
1564 memcpy(&start4.sin_addr.s_addr, ptr, 4);
1565 ptr += 4;
1566 left -= 4;
1567
1568 bzero(&end4, sizeof(end4));
1569 end4.sin_family = AF_INET;
1570 end4.sin_len = sizeof(end4);
1571 memcpy(&end4.sin_addr.s_addr, ptr, 4);
1572 left -= 4;
1573
1574 log_debug("%s: start %s end %s", __func__,
1575 print_addr(&start4), print_addr(&end4));
1576 break;
1577 case IKEV2_TS_IPV6_ADDR_RANGE:
1578 if (left < 2 * 16) {
1579 log_debug("%s: malformed payload: too short "
1580 "for ipv6 addr range (%zu < %u)",
1581 __func__, left, 2 * 16);
1582 return (-1);
1583 }
1584 bzero(&start6, sizeof(start6));
1585 start6.sin6_family = AF_INET6;
1586 start6.sin6_len = sizeof(start6);
1587 memcpy(&start6.sin6_addr, ptr, 16);
1588 ptr += 16;
1589 left -= 16;
1590
1591 bzero(&end6, sizeof(end6));
1592 end6.sin6_family = AF_INET6;
1593 end6.sin6_len = sizeof(end6);
1594 memcpy(&end6.sin6_addr, ptr, 16);
1595 left -= 16;
1596
1597 log_debug("%s: start %s end %s", __func__,
1598 print_addr(&start6), print_addr(&end6));
1599 break;
1600 default:
1601 log_debug("%s: ignoring unknown TS type %u", __func__, type);
1602 return (0);
1603 }
1604
1605 if (left > 0) {
1606 log_debug("%s: malformed payload: left (%zu) > 0",
1607 __func__, left);
1608 return (-1);
1609 }
1610
1611 return (0);
1612 }
1613
1614 int
ikev2_pld_ef(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)1615 ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld,
1616 struct iked_message *msg, size_t offset, size_t left)
1617 {
1618 struct iked_sa *sa = msg->msg_sa;
1619 struct iked_frag *sa_frag = &sa->sa_fragments;
1620 struct iked_frag_entry *el;
1621 struct ikev2_frag_payload frag;
1622 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1623 uint8_t *buf;
1624 struct ibuf *e = NULL;
1625 size_t frag_num, frag_total;
1626 size_t len;
1627 int ret = -1;
1628 int processed = 0;
1629 ssize_t elen;
1630
1631 buf = msgbuf + offset;
1632 memcpy(&frag, buf, sizeof(frag));
1633 frag_num = betoh16(frag.frag_num);
1634 frag_total = betoh16(frag.frag_total);
1635
1636 offset += sizeof(frag);
1637 buf = msgbuf + offset;
1638 len = left - sizeof(frag);
1639
1640 ikestat_inc(env, ikes_frag_rcvd);
1641
1642 /* Limit number of total fragments to avoid DOS */
1643 if (frag_total > IKED_FRAG_TOTAL_MAX ) {
1644 log_debug("%s: Total Fragments too big %zu",
1645 __func__, frag_total);
1646 goto dropall;
1647 }
1648
1649 /* Check sanity of fragment header */
1650 if (frag_num == 0 || frag_total == 0) {
1651 log_debug("%s: Malformed fragment received: %zu of %zu",
1652 __func__, frag_num, frag_total);
1653 goto done;
1654 }
1655 log_debug("%s: Received fragment: %zu of %zu",
1656 __func__, frag_num, frag_total);
1657
1658 /* Drop fragment if frag_num and frag_total don't match */
1659 if (frag_num > frag_total)
1660 goto done;
1661
1662 /* Decrypt fragment */
1663 if ((e = ibuf_new(buf, len)) == NULL)
1664 goto done;
1665
1666 if ((e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e))
1667 == NULL ) {
1668 log_debug("%s: Failed to decrypt fragment: %zu of %zu",
1669 __func__, frag_num, frag_total);
1670 goto done;
1671 }
1672 elen = ibuf_size(e);
1673
1674 /* Check new fragmented message */
1675 if (sa_frag->frag_arr == NULL) {
1676 sa_frag->frag_arr = recallocarray(NULL, 0, frag_total,
1677 sizeof(struct iked_frag_entry*));
1678 if (sa_frag->frag_arr == NULL) {
1679 log_info("%s: recallocarray sa_frag->frag_arr.", __func__);
1680 goto done;
1681 }
1682 sa_frag->frag_total = frag_total;
1683 } else {
1684 /* Drop all fragments if frag_total doesn't match previous */
1685 if (frag_total != sa_frag->frag_total)
1686 goto dropall;
1687
1688 /* Silent drop if fragment already stored */
1689 if (sa_frag->frag_arr[frag_num-1] != NULL)
1690 goto done;
1691 }
1692
1693 /* The first fragments IKE header determines pld_nextpayload */
1694 if (frag_num == 1)
1695 sa_frag->frag_nextpayload = pld->pld_nextpayload;
1696
1697 /* Insert new list element */
1698 el = calloc(1, sizeof(struct iked_frag_entry));
1699 if (el == NULL) {
1700 log_info("%s: Failed allocating new fragment: %zu of %zu",
1701 __func__, frag_num, frag_total);
1702 goto done;
1703 }
1704
1705 sa_frag->frag_arr[frag_num-1] = el;
1706 el->frag_size = elen;
1707 el->frag_data = calloc(1, elen);
1708 if (el->frag_data == NULL) {
1709 log_debug("%s: Failed allocating new fragment data: %zu of %zu",
1710 __func__, frag_num, frag_total);
1711 goto done;
1712 }
1713
1714 /* Copy plaintext to fragment */
1715 memcpy(el->frag_data, ibuf_seek(e, 0, 0), elen);
1716 sa_frag->frag_total_size += elen;
1717 sa_frag->frag_count++;
1718
1719 /* If all frags are received start reassembly */
1720 if (sa_frag->frag_count == sa_frag->frag_total) {
1721 log_debug("%s: All fragments received: %zu of %zu",
1722 __func__, frag_num, frag_total);
1723 ret = ikev2_frags_reassemble(env, pld, msg);
1724 } else {
1725 ret = 0;
1726 }
1727 processed = 1;
1728
1729 done:
1730 if (!processed)
1731 ikestat_inc(env, ikes_frag_rcvd_drop);
1732 ibuf_free(e);
1733 return (ret);
1734 dropall:
1735 ikestat_add(env, ikes_frag_rcvd_drop, sa_frag->frag_count + 1);
1736 config_free_fragments(sa_frag);
1737 ibuf_free(e);
1738 return -1;
1739 }
1740
1741 int
ikev2_frags_reassemble(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg)1742 ikev2_frags_reassemble(struct iked *env, struct ikev2_payload *pld,
1743 struct iked_message *msg)
1744 {
1745 struct iked_frag *sa_frag = &msg->msg_sa->sa_fragments;
1746 struct ibuf *e = NULL;
1747 struct iked_frag_entry *el;
1748 uint8_t *ptr;
1749 size_t offset;
1750 size_t i;
1751 struct iked_message emsg;
1752 int ret = -1;
1753 int processed = 0;
1754
1755 /* Reassemble fragments to single buffer */
1756 if ((e = ibuf_new(NULL, sa_frag->frag_total_size)) == NULL) {
1757 log_debug("%s: Failed allocating SK buffer.", __func__);
1758 goto done;
1759 }
1760
1761 /* Empty queue to new buffer */
1762 offset = 0;
1763 for (i = 0; i < sa_frag->frag_total; i++) {
1764 if ((el = sa_frag->frag_arr[i]) == NULL)
1765 fatalx("Tried to reassemble shallow frag_arr");
1766 ptr = ibuf_seek(e, offset, el->frag_size);
1767 if (ptr == NULL) {
1768 log_info("%s: failed to reassemble fragments", __func__);
1769 goto done;
1770 }
1771 memcpy(ptr, el->frag_data, el->frag_size);
1772 offset += el->frag_size;
1773 }
1774
1775 log_debug("%s: Defragmented length %zd", __func__,
1776 sa_frag->frag_total_size);
1777 print_hex(ibuf_data(e), 0, sa_frag->frag_total_size);
1778
1779 /* Drop the original request's packets from the retransmit queue */
1780 if (msg->msg_response)
1781 ikev2_msg_dispose(env, &msg->msg_sa->sa_requests,
1782 ikev2_msg_lookup(env, &msg->msg_sa->sa_requests, msg,
1783 msg->msg_exchange));
1784
1785 /*
1786 * Parse decrypted payload
1787 */
1788 bzero(&emsg, sizeof(emsg));
1789 memcpy(&emsg, msg, sizeof(*msg));
1790 emsg.msg_data = e;
1791 emsg.msg_e = 1;
1792 emsg.msg_parent = msg;
1793 TAILQ_INIT(&emsg.msg_proposals);
1794
1795 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e),
1796 sa_frag->frag_nextpayload);
1797 processed = 1;
1798 done:
1799 if (processed)
1800 ikestat_add(env, ikes_frag_reass_ok, sa_frag->frag_total);
1801 else
1802 ikestat_add(env, ikes_frag_reass_drop, sa_frag->frag_total);
1803 config_free_fragments(sa_frag);
1804 ibuf_free(e);
1805
1806 return (ret);
1807 }
1808
1809 int
ikev2_pld_e(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)1810 ikev2_pld_e(struct iked *env, struct ikev2_payload *pld,
1811 struct iked_message *msg, size_t offset, size_t left)
1812 {
1813 struct iked_sa *sa = msg->msg_sa;
1814 struct ibuf *e = NULL;
1815 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1816 struct iked_message emsg;
1817 uint8_t *buf;
1818 size_t len;
1819 int ret = -1;
1820
1821 if (sa->sa_fragments.frag_arr != NULL) {
1822 log_warn("%s: Received SK payload when SKFs are in queue.",
1823 __func__);
1824 config_free_fragments(&sa->sa_fragments);
1825 return (ret);
1826 }
1827
1828 buf = msgbuf + offset;
1829 len = left;
1830
1831 if ((e = ibuf_new(buf, len)) == NULL)
1832 goto done;
1833
1834 if (ikev2_msg_frompeer(msg)) {
1835 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e);
1836 } else {
1837 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1;
1838 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e);
1839 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1;
1840 }
1841
1842 if (e == NULL)
1843 goto done;
1844
1845 /*
1846 * Parse decrypted payload
1847 */
1848 bzero(&emsg, sizeof(emsg));
1849 memcpy(&emsg, msg, sizeof(*msg));
1850 emsg.msg_data = e;
1851 emsg.msg_e = 1;
1852 emsg.msg_parent = msg;
1853 TAILQ_INIT(&emsg.msg_proposals);
1854
1855 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e),
1856 pld->pld_nextpayload);
1857
1858 done:
1859 ibuf_free(e);
1860
1861 return (ret);
1862 }
1863
1864 int
ikev2_validate_cp(struct iked_message * msg,size_t offset,size_t left,struct ikev2_cp * cp)1865 ikev2_validate_cp(struct iked_message *msg, size_t offset, size_t left,
1866 struct ikev2_cp *cp)
1867 {
1868 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1869
1870 if (left < sizeof(*cp)) {
1871 log_debug("%s: malformed payload: too short for header "
1872 "(%zu < %zu)", __func__, left, sizeof(*cp));
1873 return (-1);
1874 }
1875 memcpy(cp, msgbuf + offset, sizeof(*cp));
1876
1877 return (0);
1878 }
1879
1880 int
ikev2_pld_cp(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)1881 ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
1882 struct iked_message *msg, size_t offset, size_t left)
1883 {
1884 struct ikev2_cp cp;
1885 struct ikev2_cfg *cfg;
1886 struct iked_addr *addr;
1887 struct sockaddr_in *in4;
1888 struct sockaddr_in6 *in6;
1889 uint8_t *msgbuf = ibuf_data(msg->msg_data);
1890 uint8_t *ptr;
1891 size_t len;
1892 int cfg_type;
1893
1894 if (ikev2_validate_cp(msg, offset, left, &cp))
1895 return (-1);
1896
1897 ptr = msgbuf + offset + sizeof(cp);
1898 len = left - sizeof(cp);
1899
1900 log_debug("%s: type %s length %zu",
1901 __func__, print_map(cp.cp_type, ikev2_cp_map), len);
1902 print_hex(ptr, 0, len);
1903
1904 while (len > 0) {
1905 if (len < sizeof(*cfg)) {
1906 log_debug("%s: malformed payload: too short for cfg "
1907 "(%zu < %zu)", __func__, len, sizeof(*cfg));
1908 return (-1);
1909 }
1910 cfg = (struct ikev2_cfg *)ptr;
1911
1912 log_debug("%s: %s 0x%04x length %d", __func__,
1913 print_map(betoh16(cfg->cfg_type), ikev2_cfg_map),
1914 betoh16(cfg->cfg_type),
1915 betoh16(cfg->cfg_length));
1916
1917 ptr += sizeof(*cfg);
1918 len -= sizeof(*cfg);
1919
1920 if (len < betoh16(cfg->cfg_length)) {
1921 log_debug("%s: malformed payload: too short for "
1922 "cfg_length (%zu < %u)", __func__, len,
1923 betoh16(cfg->cfg_length));
1924 return (-1);
1925 }
1926
1927 print_hex(ptr, sizeof(*cfg), betoh16(cfg->cfg_length));
1928
1929 cfg_type = betoh16(cfg->cfg_type);
1930 switch (cfg_type) {
1931 case IKEV2_CFG_INTERNAL_IP4_ADDRESS:
1932 case IKEV2_CFG_INTERNAL_IP4_DNS:
1933 if (!ikev2_msg_frompeer(msg))
1934 break;
1935 if (betoh16(cfg->cfg_length) == 0)
1936 break;
1937 /* XXX multiple-valued */
1938 if (betoh16(cfg->cfg_length) < 4) {
1939 log_debug("%s: malformed payload: too short "
1940 "for ipv4 addr (%u < %u)",
1941 __func__, betoh16(cfg->cfg_length), 4);
1942 return (-1);
1943 }
1944 switch(cfg_type) {
1945 case IKEV2_CFG_INTERNAL_IP4_ADDRESS:
1946 if (msg->msg_parent->msg_cp_addr != NULL) {
1947 log_debug("%s: address already set", __func__);
1948 goto skip;
1949 }
1950 break;
1951 case IKEV2_CFG_INTERNAL_IP4_DNS:
1952 if (msg->msg_parent->msg_cp_dns != NULL) {
1953 log_debug("%s: dns already set", __func__);
1954 goto skip;
1955 }
1956 break;
1957 default:
1958 break;
1959 }
1960 if ((addr = calloc(1, sizeof(*addr))) == NULL) {
1961 log_debug("%s: malloc failed", __func__);
1962 break;
1963 }
1964 addr->addr_af = AF_INET;
1965 in4 = (struct sockaddr_in *)&addr->addr;
1966 in4->sin_family = AF_INET;
1967 in4->sin_len = sizeof(*in4);
1968 memcpy(&in4->sin_addr.s_addr, ptr, 4);
1969 switch(cfg_type) {
1970 case IKEV2_CFG_INTERNAL_IP4_ADDRESS:
1971 msg->msg_parent->msg_cp_addr = addr;
1972 log_debug("%s: IP4_ADDRESS %s", __func__,
1973 print_addr(&addr->addr));
1974 break;
1975 case IKEV2_CFG_INTERNAL_IP4_DNS:
1976 msg->msg_parent->msg_cp_dns = addr;
1977 log_debug("%s: IP4_DNS %s", __func__,
1978 print_addr(&addr->addr));
1979 break;
1980 default:
1981 log_debug("%s: cfg %s", __func__,
1982 print_addr(&addr->addr));
1983 break;
1984 }
1985 break;
1986 case IKEV2_CFG_INTERNAL_IP6_ADDRESS:
1987 case IKEV2_CFG_INTERNAL_IP6_DNS:
1988 if (!ikev2_msg_frompeer(msg))
1989 break;
1990 if (betoh16(cfg->cfg_length) == 0)
1991 break;
1992 /* XXX multiple-valued */
1993 if (betoh16(cfg->cfg_length) < 16) {
1994 log_debug("%s: malformed payload: too short "
1995 "for ipv6 addr w/prefixlen (%u < %u)",
1996 __func__, betoh16(cfg->cfg_length), 16);
1997 return (-1);
1998 }
1999 switch(cfg_type) {
2000 case IKEV2_CFG_INTERNAL_IP6_ADDRESS:
2001 if (msg->msg_parent->msg_cp_addr6 != NULL) {
2002 log_debug("%s: address6 already set", __func__);
2003 goto skip;
2004 }
2005 break;
2006 case IKEV2_CFG_INTERNAL_IP6_DNS:
2007 if (msg->msg_parent->msg_cp_dns != NULL) {
2008 log_debug("%s: dns already set", __func__);
2009 goto skip;
2010 }
2011 break;
2012 }
2013 if ((addr = calloc(1, sizeof(*addr))) == NULL) {
2014 log_debug("%s: malloc failed", __func__);
2015 break;
2016 }
2017 addr->addr_af = AF_INET6;
2018 in6 = (struct sockaddr_in6 *)&addr->addr;
2019 in6->sin6_family = AF_INET6;
2020 in6->sin6_len = sizeof(*in6);
2021 memcpy(&in6->sin6_addr, ptr, 16);
2022 switch(cfg_type) {
2023 case IKEV2_CFG_INTERNAL_IP6_ADDRESS:
2024 msg->msg_parent->msg_cp_addr6 = addr;
2025 log_debug("%s: IP6_ADDRESS %s", __func__,
2026 print_addr(&addr->addr));
2027 break;
2028 case IKEV2_CFG_INTERNAL_IP6_DNS:
2029 msg->msg_parent->msg_cp_dns = addr;
2030 log_debug("%s: IP6_DNS %s", __func__,
2031 print_addr(&addr->addr));
2032 break;
2033 default:
2034 log_debug("%s: cfg %s/%d", __func__,
2035 print_addr(&addr->addr), ptr[16]);
2036 break;
2037 }
2038 break;
2039 }
2040
2041 skip:
2042 ptr += betoh16(cfg->cfg_length);
2043 len -= betoh16(cfg->cfg_length);
2044 }
2045
2046 if (!ikev2_msg_frompeer(msg))
2047 return (0);
2048
2049 msg->msg_parent->msg_cp = cp.cp_type;
2050
2051 return (0);
2052 }
2053
2054 int
ikev2_validate_eap(struct iked_message * msg,size_t offset,size_t left,struct eap_header * hdr)2055 ikev2_validate_eap(struct iked_message *msg, size_t offset, size_t left,
2056 struct eap_header *hdr)
2057 {
2058 uint8_t *msgbuf = ibuf_data(msg->msg_data);
2059
2060 if (left < sizeof(*hdr)) {
2061 log_debug("%s: malformed payload: too short for header "
2062 "(%zu < %zu)", __func__, left, sizeof(*hdr));
2063 return (-1);
2064 }
2065 memcpy(hdr, msgbuf + offset, sizeof(*hdr));
2066
2067 return (0);
2068 }
2069
2070 int
ikev2_pld_eap(struct iked * env,struct ikev2_payload * pld,struct iked_message * msg,size_t offset,size_t left)2071 ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld,
2072 struct iked_message *msg, size_t offset, size_t left)
2073 {
2074 struct eap_header hdr;
2075 struct eap_message *eap = NULL;
2076 const struct iked_sa *sa = msg->msg_sa;
2077 size_t eap_len;
2078
2079 if (ikev2_validate_eap(msg, offset, left, &hdr))
2080 return (-1);
2081
2082 eap_len = betoh16(hdr.eap_length);
2083 if (left != eap_len) {
2084 log_info("%s: malformed payload: EAP length does not match"
2085 " payload length (%zu != %zu)", __func__, left, eap_len);
2086 return (-1);
2087 }
2088
2089 if (eap_len < sizeof(*eap)) {
2090 log_info("%s: %s id %d length %d", SPI_SA(sa, __func__),
2091 print_map(hdr.eap_code, eap_code_map),
2092 hdr.eap_id, betoh16(hdr.eap_length));
2093 } else {
2094 /* Now try to get the indicated length */
2095 if ((eap = ibuf_seek(msg->msg_data, offset, eap_len)) == NULL) {
2096 log_debug("%s: invalid EAP length", __func__);
2097 return (-1);
2098 }
2099
2100 log_info("%s: %s id %d length %d EAP-%s", SPI_SA(sa, __func__),
2101 print_map(eap->eap_code, eap_code_map),
2102 eap->eap_id, betoh16(eap->eap_length),
2103 print_map(eap->eap_type, eap_type_map));
2104
2105 if (eap_parse(env, sa, msg, eap, msg->msg_response) == -1)
2106 return (-1);
2107 if (msg->msg_parent->msg_eapmsg != NULL) {
2108 log_info("%s: duplicate EAP in payload", __func__);
2109 return (-1);
2110 }
2111 if ((msg->msg_parent->msg_eapmsg = ibuf_new(eap, eap_len))
2112 == NULL) {
2113 log_debug("%s: failed to save eap", __func__);
2114 return (-1);
2115 }
2116 msg->msg_parent->msg_eap.eam_found = 1;
2117 }
2118
2119 return (0);
2120 }
2121
2122 /* parser for the initial IKE_AUTH payload, does not require msg_sa */
2123 int
ikev2_pld_parse_quick(struct iked * env,struct ike_header * hdr,struct iked_message * msg,size_t offset)2124 ikev2_pld_parse_quick(struct iked *env, struct ike_header *hdr,
2125 struct iked_message *msg, size_t offset)
2126 {
2127 struct ikev2_payload pld;
2128 struct ikev2_frag_payload frag;
2129 uint8_t *msgbuf = ibuf_data(msg->msg_data);
2130 uint8_t *buf;
2131 size_t len, total, left;
2132 size_t length;
2133 unsigned int payload;
2134
2135 log_debug("%s: header ispi %s rspi %s"
2136 " nextpayload %s version 0x%02x exchange %s flags 0x%02x"
2137 " msgid %d length %u response %d", __func__,
2138 print_spi(betoh64(hdr->ike_ispi), 8),
2139 print_spi(betoh64(hdr->ike_rspi), 8),
2140 print_map(hdr->ike_nextpayload, ikev2_payload_map),
2141 hdr->ike_version,
2142 print_map(hdr->ike_exchange, ikev2_exchange_map),
2143 hdr->ike_flags,
2144 betoh32(hdr->ike_msgid),
2145 betoh32(hdr->ike_length),
2146 msg->msg_response);
2147
2148 length = betoh32(hdr->ike_length);
2149
2150 if (ibuf_size(msg->msg_data) < length) {
2151 log_debug("%s: short message", __func__);
2152 return (-1);
2153 }
2154
2155 offset += sizeof(*hdr);
2156
2157 /* Bytes left in datagram. */
2158 total = length - offset;
2159
2160 payload = hdr->ike_nextpayload;
2161
2162 while (payload != 0 && offset < length) {
2163 if (ikev2_validate_pld(msg, offset, total, &pld))
2164 return (-1);
2165
2166 log_debug("%s: %spayload %s"
2167 " nextpayload %s critical 0x%02x length %d",
2168 __func__, msg->msg_e ? "decrypted " : "",
2169 print_map(payload, ikev2_payload_map),
2170 print_map(pld.pld_nextpayload, ikev2_payload_map),
2171 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD,
2172 betoh16(pld.pld_length));
2173
2174 /* Skip over generic payload header. */
2175 offset += sizeof(pld);
2176 total -= sizeof(pld);
2177 left = betoh16(pld.pld_length) - sizeof(pld);
2178
2179 switch (payload) {
2180 case IKEV2_PAYLOAD_SKF:
2181 len = left;
2182 buf = msgbuf + offset;
2183 if (len < sizeof(frag))
2184 return (-1);
2185 memcpy(&frag, buf, sizeof(frag));
2186 msg->msg_frag_num = betoh16(frag.frag_num);
2187 break;
2188 }
2189
2190 payload = pld.pld_nextpayload;
2191 offset += left;
2192 total -= left;
2193 }
2194
2195 return (0);
2196 }
2197