1 /*
2 * fiked - a fake IKE PSK+XAUTH daemon based on vpnc
3 * Copyright (C) 2005, Daniel Roethlisberger <daniel@roe.ch>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see http://www.gnu.org/copyleft/
17 *
18 * $Id: ike.c 114 2005-12-24 12:00:33Z roe $
19 */
20
21 #include "ike.h"
22 #include "datagram.h"
23 #include "send_dgm.h"
24 #include "log.h"
25 #include "peer_ctx.h"
26 #include "config.h"
27 #include "mem.h"
28 #include "vpnc/math_group.h"
29 #include "vpnc/dh.h"
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <netinet/in.h>
34 #include <arpa/inet.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38
39 #include <gcrypt.h>
40
41 /*
42 * W A R N I N G / D I S C L A I M E R
43 *
44 * This code is unsuitable for building a genuine IKE responder!
45 * It's very likely to be any or all of: insecure, incompatible,
46 * inefficient, unstable, unportable, or outright broken.
47 * There's hardly enough sanity checking and failure resistance.
48 * If you want genuine IKE source code, look for a proper
49 * implementation instead. This is a quick hack to snarf XAUTH
50 * credentials from clients, not a full implementation of IKE.
51 * You've been warned.
52 */
53
54
55
56 /* forward declarations */
57 void ike_process_new(peer_ctx *ctx, struct isakmp_packet *ikp);
58
59 /* minimum */
min(int a,int b)60 static inline int min(int a, int b)
61 {
62 return (a < b) ? a : b;
63 }
64
65 /* vendor ids */
66 static const uint8_t xauth_vid[] = XAUTH_VENDOR_ID;
67 static const uint8_t unity_vid[] = UNITY_VENDOR_ID;
68
69
70
71 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
72 * IKE encryption and decryption routines *
73 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
74
75 /*
76 * Encrypts or decrypts the buffer buf.
77 * Buf must already be padded to blocksize of the encryption algorithm in use.
78 */
ike_crypt_crypt(int algo,int enc,uint8_t * buf,size_t buflen,uint8_t * key,size_t keylen,uint8_t * iv,size_t ivlen)79 void ike_crypt_crypt(int algo, int enc, uint8_t *buf, size_t buflen,
80 uint8_t *key, size_t keylen, uint8_t *iv, size_t ivlen)
81 {
82 gcry_cipher_hd_t crypt_ctx;
83 gcry_cipher_open(&crypt_ctx, algo, GCRY_CIPHER_MODE_CBC, 0);
84 gcry_cipher_setkey(crypt_ctx, key, keylen);
85 gcry_cipher_setiv(crypt_ctx, iv, ivlen);
86 if(!enc)
87 gcry_cipher_decrypt(crypt_ctx, buf, buflen, NULL, 0);
88 else
89 gcry_cipher_encrypt(crypt_ctx, buf, buflen, NULL, 0);
90 gcry_cipher_close(crypt_ctx);
91 }
92
93 /*
94 * Generic encryption/decryption routine.
95 * If payload of ikp is encrypted, decrypt it, if not, encrypt it.
96 * Handles phase 1 and phase 2 enc/dec, and IV generation.
97 */
ike_crypt(peer_ctx * ctx,struct isakmp_packet * ikp)98 int ike_crypt(peer_ctx *ctx, struct isakmp_packet *ikp)
99 {
100 /*
101 * phase 1, first: iv = hash(i_dh_public r_dh_public)
102 * phase 1, rest: iv = last_block_phase1
103 * phase 2, first: iv = hash(last_block_phase1 message_id)
104 * phase 2, rest: iv = last_block_phase2
105 */
106
107 uint8_t *iv = NULL;
108 int update_iv = 1;
109 uint8_t *fp = NULL;
110 size_t fp_len;
111 uint8_t fp_type;
112 gcry_md_hd_t md_ctx;
113 int reject = 0;
114 message_iv *msg_iv = NULL;
115
116 int enc = !(ikp->flags & ISAKMP_FLAG_E);
117
118 switch(ctx->state) {
119 case STATE_PHASE1:
120 /* iv0 not set means no phase 1 encrypted packets yet */
121 if(!ctx->iv0) {
122 /* generate initial phase 1 iv */
123 gcry_md_open(&md_ctx, ctx->md_algo, 0);
124 gcry_md_write(md_ctx, ctx->dh_i_public,
125 dh_getlen(ctx->dh_group));
126 gcry_md_write(md_ctx, ctx->dh_r_public,
127 dh_getlen(ctx->dh_group));
128 gcry_md_final(md_ctx);
129 mem_allocate(&ctx->iv0, ctx->blk_len);
130 memcpy(ctx->iv0, gcry_md_read(md_ctx, 0), ctx->blk_len);
131 gcry_md_close(md_ctx);
132 }
133 iv = ctx->iv0;
134 break;
135
136 case STATE_PHASE2:
137 /* fetch message_iv for this exchange */
138 msg_iv = message_iv_get(ikp->message_id, &ctx->msg_iv);
139 if(!msg_iv->iv) {
140 /* generate initial phase 2 iv */
141 gcry_md_open(&md_ctx, ctx->md_algo, 0);
142 gcry_md_write(md_ctx, ctx->iv0, ctx->blk_len);
143 gcry_md_putc(md_ctx, (ikp->message_id >> 24) & 0xFF);
144 gcry_md_putc(md_ctx, (ikp->message_id >> 16) & 0xFF);
145 gcry_md_putc(md_ctx, (ikp->message_id >> 8) & 0xFF);
146 gcry_md_putc(md_ctx, (ikp->message_id) & 0xFF);
147 gcry_md_final(md_ctx);
148 mem_allocate(&msg_iv->iv, ctx->md_len);
149 memcpy(msg_iv->iv, gcry_md_read(md_ctx, 0), ctx->blk_len);
150 gcry_md_close(md_ctx);
151 }
152 iv = msg_iv->iv;
153 break;
154
155 default:
156 log_printf(ctx, "ike_crypt in illegal state %d, packet ignored",
157 ctx->state);
158 return -1;
159 break;
160 }
161
162 if(enc) {
163 /* flatten and encrypt payload */
164 fp_type = ikp->u.payload->type;
165 flatten_isakmp_payload(ikp->u.payload, &fp, &fp_len,
166 ctx->blk_len);
167 ike_crypt_crypt(ctx->algo, enc, fp, fp_len,
168 ctx->key, ctx->key_len, iv, ctx->blk_len);
169 /* swap payload for encrypted buffer */
170 free_isakmp_payload(ikp->u.payload);
171 ikp->u.enc.length = fp_len;
172 ikp->u.enc.data = NULL; /* don't free */
173 mem_allocate(&ikp->u.enc.data, ikp->u.enc.length);
174 memcpy(ikp->u.enc.data, fp, ikp->u.enc.length);
175 ikp->u.enc.type = fp_type;
176 /* update IV with last cipher block */
177 if(update_iv) {
178 memcpy(iv, fp + fp_len - ctx->blk_len, ctx->blk_len);
179 }
180 } else { /* dec */
181 uint8_t *newiv = NULL;
182 /* copy encrypted buffer */
183 fp_len = ikp->u.enc.length;
184 mem_allocate(&fp, fp_len);
185 memcpy(fp, ikp->u.enc.data, fp_len);
186 /* store last cipher block */
187 if(update_iv) {
188 mem_allocate(&newiv, ctx->blk_len);
189 memcpy(newiv, fp + fp_len - ctx->blk_len, ctx->blk_len);
190 }
191 /* decrypt encrypted buffer */
192 ike_crypt_crypt(ctx->algo, enc, fp, fp_len,
193 ctx->key, ctx->key_len, iv, ctx->blk_len);
194 /* copy stored last cipher block to iv */
195 if(update_iv) {
196 memcpy(iv, newiv, ctx->blk_len);
197 mem_free(&newiv);
198 }
199 /* swap encrypted buffer for decoded payload */
200 const uint8_t *cfp = fp;
201 struct isakmp_payload *pl = parse_isakmp_payload(
202 ikp->u.enc.type,
203 &cfp, &fp_len, &reject);
204 if(reject) {
205 log_printf(ctx,
206 "illegal decrypted payload (%d), packet ignored",
207 reject);
208 mem_free(&fp);
209 return reject;
210 }
211 free(ikp->u.enc.data);
212 ikp->u.payload = pl;
213 }
214
215 mem_free(&fp);
216
217 /* flip the "encrypted" flag */
218 ikp->flags ^= ISAKMP_FLAG_E;
219
220 return 0;
221 }
222
223 /*
224 * Return phase 2 authentication hash for payload pl.
225 * Returned hash must be freed.
226 */
phase2_hash(peer_ctx * ctx,uint32_t message_id,struct isakmp_payload * pl)227 uint8_t * phase2_hash(peer_ctx *ctx, uint32_t message_id, struct isakmp_payload *pl)
228 {
229 gcry_md_hd_t md_ctx;
230 uint8_t *pl_flat;
231 size_t pl_size;
232 uint8_t *hash = NULL;
233 mem_allocate(&hash, ctx->md_len);
234
235 gcry_md_open(&md_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
236 gcry_md_setkey(md_ctx, ctx->skeyid_a, ctx->md_len);
237
238 gcry_md_putc(md_ctx, (message_id >> 24) & 0xFF);
239 gcry_md_putc(md_ctx, (message_id >> 16) & 0xFF);
240 gcry_md_putc(md_ctx, (message_id >> 8) & 0xFF);
241 gcry_md_putc(md_ctx, (message_id) & 0xFF);
242
243 /* XXX: nonce? */
244
245 if(pl) {
246 flatten_isakmp_payload(pl, &pl_flat, &pl_size, 1);
247 gcry_md_write(md_ctx, pl_flat, pl_size);
248 free(pl_flat);
249 } else {
250 gcry_md_putc(md_ctx, 0);
251 }
252
253 gcry_md_final(md_ctx);
254 memcpy(hash, gcry_md_read(md_ctx, 0), ctx->md_len);
255 gcry_md_close(md_ctx);
256
257 return hash;
258 }
259
260
261
262 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
263 * Security Association payload helpers *
264 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
265
266 /*
267 * Is this a supported SA transform? Return 1 if yes, 0 if not.
268 * We do not prioritize, instead we just select the very first supported
269 * transform.
270 */
sa_transform_matches(peer_ctx * ctx,struct isakmp_payload * t)271 int sa_transform_matches(peer_ctx* ctx, struct isakmp_payload *t)
272 {
273 struct isakmp_attribute *enc = NULL;
274 struct isakmp_attribute *keylen = NULL;
275 struct isakmp_attribute *hash = NULL;
276 struct isakmp_attribute *auth_method = NULL;
277 struct isakmp_attribute *group_desc = NULL;
278 for(struct isakmp_attribute *a = t->u.t.attributes; a; a = a->next) {
279 switch(a->type) {
280 case IKE_ATTRIB_ENC:
281 enc = a;
282 break;
283 case IKE_ATTRIB_KEY_LENGTH:
284 keylen = a;
285 break;
286 case IKE_ATTRIB_HASH:
287 hash = a;
288 break;
289 case IKE_ATTRIB_AUTH_METHOD:
290 auth_method = a;
291 break;
292 case IKE_ATTRIB_GROUP_DESC:
293 group_desc = a;
294 break;
295 default:
296 /* silently ignore */
297 break;
298 }
299 }
300
301 /* do we have all required attributes? */
302 if(!(enc && hash && auth_method && group_desc)) {
303 log_printf(ctx,
304 "missing attribute(s): enc=%p hash=%p am=%p gd=%p",
305 (void*)enc, (void*)hash, (void*)auth_method,
306 (void*)group_desc);
307 return 0;
308 }
309
310 /* we don't support anything other than PSK+XAUTH */
311 if(auth_method->u.attr_16 != IKE_AUTH_XAUTHInitPreShared)
312 return 0;
313
314 /* choose algorithms we support */
315 char *enc_txt = NULL;
316 char *md_txt = NULL;
317 char *dh_txt = NULL;
318 switch(enc->u.attr_16) {
319 case IKE_ENC_DES_CBC:
320 ctx->algo = GCRY_CIPHER_DES;
321 enc_txt = "DES";
322 break;
323 case IKE_ENC_3DES_CBC:
324 ctx->algo = GCRY_CIPHER_3DES;
325 enc_txt = "3DES";
326 break;
327 case IKE_ENC_AES_CBC:
328 if(!keylen)
329 return 0;
330 switch(keylen->u.attr_16) {
331 case 128:
332 ctx->algo = GCRY_CIPHER_AES128;
333 enc_txt = "AES128";
334 break;
335 case 192:
336 ctx->algo = GCRY_CIPHER_AES192;
337 enc_txt = "AES192";
338 break;
339 case 256:
340 ctx->algo = GCRY_CIPHER_AES256;
341 enc_txt = "AES256";
342 break;
343 default:
344 return 0;
345 }
346 break;
347 default:
348 return 0;
349 }
350 switch(hash->u.attr_16) {
351 case IKE_HASH_MD5:
352 ctx->md_algo = GCRY_MD_MD5;
353 md_txt = "MD5";
354 break;
355 case IKE_HASH_SHA:
356 ctx->md_algo = GCRY_MD_SHA1;
357 md_txt = "SHA1";
358 break;
359 default:
360 return 0;
361 }
362 switch(group_desc->u.attr_16) {
363 case IKE_GROUP_MODP_768:
364 if(ctx->dh_group)
365 group_free(ctx->dh_group);
366 ctx->dh_group = group_get(OAKLEY_GRP_1);
367 dh_txt = "DH1";
368 break;
369 case IKE_GROUP_MODP_1024:
370 if(ctx->dh_group)
371 group_free(ctx->dh_group);
372 ctx->dh_group = group_get(OAKLEY_GRP_2);
373 dh_txt = "DH2";
374 break;
375 case IKE_GROUP_MODP_1536:
376 if(ctx->dh_group)
377 group_free(ctx->dh_group);
378 ctx->dh_group = group_get(OAKLEY_GRP_5);
379 dh_txt = "DH5";
380 break;
381 default:
382 return 0;
383 }
384
385 log_printf(ctx, "using %s %s %s", enc_txt, md_txt, dh_txt);
386
387 /* set up lengths according to chosen algorithms */
388 ctx->md_len = gcry_md_get_algo_dlen(ctx->md_algo);
389 gcry_cipher_algo_info(ctx->algo, GCRYCTL_GET_BLKLEN, NULL, &(ctx->blk_len));
390 gcry_cipher_algo_info(ctx->algo, GCRYCTL_GET_KEYLEN, NULL, &(ctx->key_len));
391
392 return 1;
393 }
394
395 /*
396 * Walk proposal SA, choose a transform, copy relevant stuff to response SA.
397 */
sa_transform_choose(peer_ctx * ctx,struct isakmp_payload * response,struct isakmp_payload * proposal)398 void sa_transform_choose(peer_ctx* ctx, struct isakmp_payload *response, struct isakmp_payload *proposal)
399 {
400 /* copy SA payload */
401 *response = *proposal;
402 response->u.sa.proposals = new_isakmp_payload(ISAKMP_PAYLOAD_P);
403
404 /* copy proposals payload */
405 *response->u.sa.proposals = *proposal->u.sa.proposals;
406 response->u.sa.proposals->u.p.spi = NULL;
407 mem_allocate(&response->u.sa.proposals->u.p.spi, response->u.sa.proposals->u.p.spi_size);
408 memcpy(response->u.sa.proposals->u.p.spi,
409 proposal->u.sa.proposals->u.p.spi,
410 response->u.sa.proposals->u.p.spi_size);
411 response->u.sa.proposals->u.p.transforms =
412 new_isakmp_payload(ISAKMP_PAYLOAD_T);
413
414 /* find matching transform */
415 struct isakmp_payload *p;
416 for(p = proposal->u.sa.proposals->u.p.transforms; p; p = p->next) {
417 if(sa_transform_matches(ctx, p))
418 break;
419 }
420 if(!p) {
421 log_printf(ctx, "no matching algo proposal, ignoring request");
422 return;
423 }
424
425 /* copy chosen transform payload */
426 *response->u.sa.proposals->u.p.transforms = *p;
427 response->u.sa.proposals->u.p.transforms->next = NULL;
428
429 struct isakmp_attribute *ra = NULL;
430 for(struct isakmp_attribute *pa = p->u.t.attributes; pa; pa = pa->next) {
431 if(!ra) {
432 /* first attribute */
433 ra = response->u.sa.proposals->u.p.transforms->u.t.attributes =
434 new_isakmp_attribute(pa->type, NULL);
435 } else {
436 /* subsequent attributes */
437 ra->next = new_isakmp_attribute(pa->type, NULL);
438 ra = ra->next;
439 }
440 *ra = *pa;
441 ra->next = NULL;
442 switch(ra->af) {
443 case isakmp_attr_lots:
444 ra->u.lots.data = NULL; /* don't free */
445 mem_allocate(&ra->u.lots.data, ra->u.lots.length);
446 memcpy(ra->u.lots.data, pa->u.lots.data, ra->u.lots.length);
447 break;
448 case isakmp_attr_acl:
449 ra->u.acl.acl_ent = NULL; /* don't free */
450 mem_allocate(&ra->u.acl.acl_ent, ra->u.acl.count * sizeof(*ra->u.acl.acl_ent));
451 memcpy(ra->u.acl.acl_ent, pa->u.acl.acl_ent, ra->u.acl.count * sizeof(*ra->u.acl.acl_ent));
452 break;
453 default:
454 /* ignore */
455 break;
456 }
457 }
458 }
459
460
461
462 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
463 * Informational packet handler *
464 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
465
466 /*
467 * Process an IKE Informational packet.
468 * Packet must already be decrypted.
469 */
ike_process_informational(peer_ctx * ctx,struct isakmp_packet * ikp)470 void ike_process_informational(peer_ctx *ctx, struct isakmp_packet *ikp)
471 {
472 if(ikp->flags & ISAKMP_FLAG_E) {
473 log_printf(ctx, "encrypted informational packet, reset state");
474 peer_ctx_reset(ctx);
475 return;
476 }
477
478 for(struct isakmp_payload *p = ikp->u.payload; p; p = p->next) {
479 switch(p->type) {
480 case ISAKMP_PAYLOAD_N:
481 switch(p->u.n.type) {
482 case ISAKMP_N_INVALID_PAYLOAD_TYPE:
483 log_printf(ctx,
484 "error from peer: invalid payload type, reset state");
485 peer_ctx_reset(ctx);
486 break;
487 case ISAKMP_N_CISCO_HEARTBEAT:
488 /* ignore */
489 break;
490 default:
491 log_printf(ctx,
492 "unhandled informational notification type 0x%02x, ignored",
493 p->u.n.type);
494 break;
495 }
496 break;
497
498 case ISAKMP_PAYLOAD_D:
499 case ISAKMP_PAYLOAD_HASH:
500 /* a real IKE responder would check the hash and drop
501 * the packet if invalid -- we just ignore it
502 */
503 break;
504
505 default:
506 log_printf(ctx,
507 "unhandled informational payload type 0x%02x, ignored",
508 p->type);
509 break;
510 }}
511 }
512
513
514
515 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
516 * Phase 2 handlers *
517 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
518
519 /*
520 IKE Initiator IKE Responder
521 -------------- -----------------
522 <-- REQUEST(NAME="" PASSWORD="")
523 REPLY(NAME="joe" PASSWORD="foobar") -->
524 <-- SET(STATUS=OK)
525 ACK(STATUS) -->
526 */
527
528 /*
529 * Begin XAUTH login.
530 * REQUEST(NAME="" PASSWORD="")
531 */
ike_do_phase2_xauth_begin(peer_ctx * ctx)532 void ike_do_phase2_xauth_begin(peer_ctx *ctx)
533 {
534 struct isakmp_packet *r = new_isakmp_packet();
535 memcpy(r->i_cookie, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
536 memcpy(r->r_cookie, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
537 r->isakmp_version = ctx->isakmp_version;
538 r->exchange_type = ISAKMP_EXCHANGE_MODECFG_TRANSACTION;
539 r->flags = 0;
540 gcry_create_nonce((uint8_t*)&r->message_id, sizeof(r->message_id));
541
542 r->u.payload = new_isakmp_payload(ISAKMP_PAYLOAD_HASH);
543
544 r->u.payload->next = new_isakmp_payload(ISAKMP_PAYLOAD_MODECFG_ATTR);
545 r->u.payload->next->u.modecfg.type = ISAKMP_MODECFG_CFG_REQUEST;
546 r->u.payload->next->u.modecfg.attributes =
547 new_isakmp_attribute(ISAKMP_XAUTH_ATTRIB_USER_NAME,
548 new_isakmp_attribute(ISAKMP_XAUTH_ATTRIB_USER_PASSWORD, 0)
549 );
550 struct isakmp_attribute *a = r->u.payload->next->u.modecfg.attributes;
551 a->af = isakmp_attr_lots;
552 a->u.lots.length = 0;
553 a->u.lots.data = NULL;
554 a = a->next;
555 a->af = isakmp_attr_lots;
556 a->u.lots.length = 0;
557 a->u.lots.data = NULL;
558
559 /* send response */
560 datagram *dgm = datagram_new(0);
561 r->u.payload->u.hash.length = ctx->md_len;
562 r->u.payload->u.hash.data =
563 phase2_hash(ctx, r->message_id, r->u.payload->next);
564 ike_crypt(ctx, r);
565 mem_free(&dgm->data);
566 flatten_isakmp_packet(r, &dgm->data, &dgm->len, ctx->blk_len);
567 dgm->peer_addr = ctx->peer_addr;
568 send_datagram(ctx, dgm);
569 free_isakmp_packet(r);
570 datagram_free(dgm);
571 }
572
573 /*
574 * Handle XAUTH replies.
575 * REPLY(NAME="joe" PASSWORD="foobar")
576 */
ike_do_phase2_xauth(peer_ctx * ctx,struct isakmp_packet * ikp)577 void ike_do_phase2_xauth(peer_ctx *ctx, struct isakmp_packet *ikp)
578 {
579 for(struct isakmp_attribute *a =
580 ikp->u.payload->next->u.modecfg.attributes; a; a = a->next) {
581 switch(a->type) {
582 case ISAKMP_XAUTH_ATTRIB_USER_NAME:
583 mem_allocate(&ctx->xauth_username, a->u.lots.length + 1);
584 memcpy(ctx->xauth_username, a->u.lots.data, a->u.lots.length);
585 ctx->xauth_username[a->u.lots.length] = '\0';
586 log_printf(ctx, "Xauth username: %s",
587 ctx->xauth_username);
588 break;
589 case ISAKMP_XAUTH_ATTRIB_USER_PASSWORD:
590 mem_allocate(&ctx->xauth_password, a->u.lots.length + 1);
591 memcpy(ctx->xauth_password, a->u.lots.data, a->u.lots.length);
592 ctx->xauth_password[a->u.lots.length] = '\0';
593 log_printf(ctx, "Xauth password: %s",
594 ctx->xauth_password);
595 break;
596 case ISAKMP_XAUTH_ATTRIB_STATUS:
597 if(a->u.attr_16 == 0) {
598 log_printf(ctx,
599 "IKE session aborted by peer");
600 peer_ctx_reset(ctx);
601 return;
602 }
603 break;
604 default:
605 log_printf(ctx,
606 "unhandled modecfg attr type 0x%02x, ignored",
607 a->type);
608 break;
609 }
610 }
611
612 /* log credentials */
613 ctx->done = 1;
614
615 /* give client feedback in form of an auth failed message */
616 struct isakmp_packet *r = new_isakmp_packet();
617 memcpy(r->i_cookie, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
618 memcpy(r->r_cookie, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
619 r->isakmp_version = ctx->isakmp_version;
620 r->exchange_type = ISAKMP_EXCHANGE_MODECFG_TRANSACTION;
621 r->flags = 0;
622 gcry_create_nonce((uint8_t*)&r->message_id, sizeof(r->message_id));
623
624 r->u.payload = new_isakmp_payload(ISAKMP_PAYLOAD_HASH);
625
626 r->u.payload->next = new_isakmp_payload(ISAKMP_PAYLOAD_MODECFG_ATTR);
627 r->u.payload->next->u.modecfg.type = ISAKMP_MODECFG_CFG_SET;
628 r->u.payload->next->u.modecfg.attributes =
629 new_isakmp_attribute(ISAKMP_XAUTH_ATTRIB_STATUS, 0);
630 struct isakmp_attribute *a = r->u.payload->next->u.modecfg.attributes;
631 a->af = isakmp_attr_16;
632 a->u.attr_16 = 0;
633
634 /* send response */
635 datagram *dgm = datagram_new(0);
636 r->u.payload->u.hash.length = ctx->md_len;
637 r->u.payload->u.hash.data =
638 phase2_hash(ctx, r->message_id, r->u.payload->next);
639 ike_crypt(ctx, r);
640 mem_free(&dgm->data);
641 flatten_isakmp_packet(r, &dgm->data, &dgm->len, ctx->blk_len);
642 dgm->peer_addr = ctx->peer_addr;
643 send_datagram(ctx, dgm);
644 free_isakmp_packet(r);
645 datagram_free(dgm);
646 }
647
648 /*
649 * Process MODECFG packets.
650 */
ike_process_phase2_modecfg(peer_ctx * ctx,struct isakmp_packet * ikp)651 void ike_process_phase2_modecfg(peer_ctx *ctx, struct isakmp_packet *ikp)
652 {
653 switch(ikp->u.payload->next->u.modecfg.type) {
654 case ISAKMP_MODECFG_CFG_REPLY:
655 ike_do_phase2_xauth(ctx, ikp);
656 break;
657
658 case ISAKMP_MODECFG_CFG_ACK:
659 /* final ACK(STATUS) for our SET(STATUS=FAIL) */
660 log_printf(ctx, "IKE session closed");
661 peer_ctx_reset(ctx);
662 break;
663
664 default:
665 log_printf(ctx, "unhandled modecfg type 0x%02x, ignored",
666 ikp->u.payload->next->u.modecfg.type);
667 break;
668 }
669 }
670
671 /*
672 * Process an IKE packet in STATE_PHASE2.
673 * Handles decryption.
674 */
ike_process_phase2(peer_ctx * ctx,struct isakmp_packet * ikp)675 void ike_process_phase2(peer_ctx *ctx, struct isakmp_packet *ikp) {
676 if(!(ikp->flags & ISAKMP_FLAG_E)) {
677 log_printf(ctx,
678 "unencrypted packet in STATE_PHASE2, reset state");
679 peer_ctx_reset(ctx);
680 ike_process_new(ctx, ikp);
681 return;
682 }
683
684 switch(ikp->exchange_type) {
685 case ISAKMP_EXCHANGE_MODECFG_TRANSACTION:
686 if(!ike_crypt(ctx, ikp))
687 ike_process_phase2_modecfg(ctx, ikp);
688 break;
689
690 case ISAKMP_EXCHANGE_INFORMATIONAL:
691 if(!ike_crypt(ctx, ikp))
692 ike_process_informational(ctx, ikp);
693 break;
694
695 default:
696 log_printf(ctx,
697 "unhandled exchange type 0x%02x in STATE_PHASE1, ignored",
698 ikp->exchange_type);
699 break;
700 }
701 }
702
703
704
705 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
706 * Phase 1 handlers *
707 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
708
709 /*
710 * Process an IKE Aggressive Mode packet in STATE_NEW.
711 */
ike_do_phase1(peer_ctx * ctx,struct isakmp_packet * ikp)712 void ike_do_phase1(peer_ctx *ctx, struct isakmp_packet *ikp)
713 {
714 /* get the payloads */
715 struct isakmp_payload *sa = NULL;
716 struct isakmp_payload *ke = NULL;
717 struct isakmp_payload *nonce = NULL;
718 struct isakmp_payload *id = NULL;
719 for(struct isakmp_payload *p = ikp->u.payload; p; p = p->next) {
720 switch(p->type) {
721 case ISAKMP_PAYLOAD_SA:
722 sa = p;
723 break;
724
725 case ISAKMP_PAYLOAD_KE:
726 ke = p;
727 break;
728
729 case ISAKMP_PAYLOAD_NONCE:
730 nonce = p;
731 break;
732
733 case ISAKMP_PAYLOAD_ID:
734 id = p;
735 break;
736
737 case ISAKMP_PAYLOAD_VID:
738 /* silently ignore for now */
739 break;
740
741 default:
742 log_printf(ctx,
743 "unhandled payload type 0x%02x, ignored",
744 p->type);
745 break;
746 }}
747
748 /* do we have all payloads? */
749 if(!(sa && ke && nonce && id)) {
750 log_printf(ctx,
751 "missing payload(s): sa=%p ke=%p nonce=%p id=%p, ignored",
752 (void*)sa, (void*)ke, (void*)nonce, (void*)id);
753 return;
754 }
755
756 /* heads up: the ipsec id */
757 switch(id->u.id.type) {
758 case ISAKMP_IPSEC_ID_FQDN:
759 case ISAKMP_IPSEC_ID_USER_FQDN:
760 case ISAKMP_IPSEC_ID_KEY_ID:
761 mem_allocate(&ctx->ipsec_id, id->u.id.length + 1);
762 memcpy(ctx->ipsec_id, id->u.id.data, id->u.id.length);
763 ctx->ipsec_id[id->u.id.length] = '\0';
764 ctx->ipsec_secret = (uint8_t*) strdup(psk_get_key(
765 (char*)ctx->ipsec_id,
766 ctx->cfg->keys));
767 log_printf(ctx, "IPSec ID: %s",
768 ctx->ipsec_id);
769 log_printf(ctx, "IPSec Secret: %s",
770 ctx->ipsec_secret);
771 break;
772
773 default:
774 log_printf(ctx,
775 "IPSec ID type %d is binary, processing packet anyway",
776 id->u.id.type);
777 break;
778 }
779
780 /* grab proto version */
781 ctx->isakmp_version = ikp->isakmp_version;
782
783 /* grab i_cookie */
784 memcpy(ctx->i_cookie, ikp->i_cookie, ISAKMP_COOKIE_LENGTH);
785
786 /* grab i_sa */
787 struct isakmp_payload *tmp = sa->next;
788 sa->next = NULL;
789 mem_free(&ctx->i_sa);
790 flatten_isakmp_payload(sa, &ctx->i_sa, &ctx->i_sa_len, 1);
791 sa->next = tmp;
792
793 /* grab dh_i_public */
794 mem_allocate(&ctx->dh_i_public, ke->u.ke.length);
795 memcpy(ctx->dh_i_public, ke->u.ke.data, ke->u.ke.length);
796
797 /* grab i_nonce */
798 mem_allocate(&ctx->i_nonce, nonce->u.nonce.length);
799 ctx->i_nonce_len = nonce->u.nonce.length;
800 memcpy(ctx->i_nonce, nonce->u.nonce.data, nonce->u.nonce.length);
801
802 /* grab i_id */
803 tmp = id->next;
804 id->next = NULL;
805 mem_free(&ctx->i_id);
806 flatten_isakmp_payload(id, &ctx->i_id, &ctx->i_id_len, 1);
807 id->next = tmp;
808
809 /* generate r_cookie */
810 gcry_create_nonce(ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
811
812 /* generate r_nonce */
813 ctx->r_nonce_len = ctx->i_nonce_len;
814 mem_allocate(&ctx->r_nonce, ctx->r_nonce_len);
815 gcry_create_nonce(ctx->r_nonce, ctx->r_nonce_len);
816
817 /* header */
818 struct isakmp_packet *r = new_isakmp_packet();
819 memcpy(r->i_cookie, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
820 memcpy(r->r_cookie, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
821 r->isakmp_version = ikp->isakmp_version;
822 r->exchange_type = ikp->exchange_type;
823 r->flags = 0;
824 r->message_id = ikp->message_id;
825
826 /* payload: sa */
827 r->u.payload = new_isakmp_payload(ISAKMP_PAYLOAD_SA);
828 sa_transform_choose(ctx, r->u.payload, sa);
829 struct isakmp_payload *p = r->u.payload;
830
831 /* complete dh key exchange */
832 mem_allocate(&ctx->dh_r_public, dh_getlen(ctx->dh_group));
833 dh_create_exchange(ctx->dh_group, ctx->dh_r_public);
834 mem_allocate(&ctx->dh_secret, dh_getlen(ctx->dh_group));
835 dh_create_shared(ctx->dh_group, ctx->dh_secret, ctx->dh_i_public);
836
837 /* payload: ke */
838 p = p->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_KE,
839 ctx->dh_r_public, dh_getlen(ctx->dh_group));
840
841 /* payload: nonce_r */
842 p = p->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_NONCE,
843 ctx->r_nonce, ctx->r_nonce_len);
844
845 /* payload: id_r */
846 p = p->next = new_isakmp_payload(ISAKMP_PAYLOAD_ID);
847 p->u.id.type = ISAKMP_IPSEC_ID_IPV4_ADDR;
848 p->u.id.protocol = IPPROTO_UDP;
849 p->u.id.port = IKE_PORT;
850 p->u.id.length = sizeof(in_addr_t);
851 mem_allocate(&p->u.id.data, p->u.id.length);
852 *((in_addr_t*)p->u.id.data) = inet_addr(ctx->cfg->gateway);
853
854 /* grab id_r */
855 mem_free(&ctx->r_id);
856 flatten_isakmp_payload(p, &ctx->r_id, &ctx->r_id_len, 1);
857
858 /*
859 * SKEYID = hmac(pre-shared-key, Nonce_I | Nonce_R)
860 * SKEYID_e = hmac(SKEYID, SKEYID_a | g^xy | Cookie_I | Cookie_R | 2)
861 * SKEYID_a = hmac(SKEYID, SKEYID_d | g^xy | Cookie_I | Cookie_R | 1)
862 * SKEYID_d = hmac(SKEYID, g^xy | Cookie_I | Cookie_R | 0)
863 */
864
865 gcry_md_hd_t md_ctx;
866
867 /* generate skeyid */
868 gcry_md_open(&md_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
869 gcry_md_setkey(md_ctx, ctx->ipsec_secret, strlen((char*)ctx->ipsec_secret));
870 gcry_md_write(md_ctx, ctx->i_nonce, ctx->i_nonce_len);
871 gcry_md_write(md_ctx, ctx->r_nonce, ctx->r_nonce_len);
872 gcry_md_final(md_ctx);
873 mem_allocate(&ctx->skeyid, ctx->md_len);
874 memcpy(ctx->skeyid, gcry_md_read(md_ctx, 0), ctx->md_len);
875 gcry_md_close(md_ctx);
876
877 /* generate skeyid_e */
878 gcry_md_open(&md_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
879 gcry_md_setkey(md_ctx, ctx->skeyid, ctx->md_len);
880 gcry_md_write(md_ctx, ctx->dh_secret, dh_getlen(ctx->dh_group));
881 gcry_md_write(md_ctx, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
882 gcry_md_write(md_ctx, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
883 gcry_md_putc(md_ctx, 0);
884 gcry_md_final(md_ctx);
885 mem_allocate(&ctx->skeyid_d, ctx->md_len);
886 memcpy(ctx->skeyid_d, gcry_md_read(md_ctx, 0), ctx->md_len);
887 gcry_md_close(md_ctx);
888
889 /* generate skeyid_a */
890 gcry_md_open(&md_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
891 gcry_md_setkey(md_ctx, ctx->skeyid, ctx->md_len);
892 gcry_md_write(md_ctx, ctx->skeyid_d, ctx->md_len);
893 gcry_md_write(md_ctx, ctx->dh_secret, dh_getlen(ctx->dh_group));
894 gcry_md_write(md_ctx, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
895 gcry_md_write(md_ctx, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
896 gcry_md_putc(md_ctx, 1);
897 gcry_md_final(md_ctx);
898 mem_allocate(&ctx->skeyid_a, ctx->md_len);
899 memcpy(ctx->skeyid_a, gcry_md_read(md_ctx, 0), ctx->md_len);
900 gcry_md_close(md_ctx);
901
902 /* generate skeyid_d */
903 gcry_md_open(&md_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
904 gcry_md_setkey(md_ctx, ctx->skeyid, ctx->md_len);
905 gcry_md_write(md_ctx, ctx->skeyid_a, ctx->md_len);
906 gcry_md_write(md_ctx, ctx->dh_secret, dh_getlen(ctx->dh_group));
907 gcry_md_write(md_ctx, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
908 gcry_md_write(md_ctx, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
909 gcry_md_putc(md_ctx, 2);
910 gcry_md_final(md_ctx);
911 mem_allocate(&ctx->skeyid_e, ctx->md_len);
912 memcpy(ctx->skeyid_e, gcry_md_read(md_ctx, 0), ctx->md_len);
913 gcry_md_close(md_ctx);
914
915 /* encryption key */
916 mem_allocate(&ctx->key, ctx->key_len);
917 if(ctx->key_len > ctx->md_len) {
918 for(int i = 0; i * ctx->md_len < ctx->key_len; i++) {
919 gcry_md_open(&md_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
920 gcry_md_setkey(md_ctx, ctx->skeyid_e, ctx->md_len);
921 if(i == 0)
922 gcry_md_putc(md_ctx, 0);
923 else
924 gcry_md_write(md_ctx,
925 ctx->key + (i - 1) * ctx->md_len,
926 ctx->md_len);
927 gcry_md_final(md_ctx);
928 memcpy(ctx->key + i * ctx->md_len,
929 gcry_md_read(md_ctx, 0),
930 min(ctx->md_len, ctx->key_len - i * ctx->md_len));
931 gcry_md_close(md_ctx);
932 }
933 } else {
934 memcpy(ctx->key, ctx->skeyid_e, ctx->key_len);
935 }
936
937 /*
938 * HASH_I = prf(SKEYID, g^x | g^y | Cookie_I | Cookie_R | SA_I | ID_I )
939 * HASH_R = prf(SKEYID, g^y | g^x | Cookie_R | Cookie_I | SA_I | ID_R )
940 */
941
942 /* generate i_hash */
943 gcry_md_hd_t i_hash_ctx;
944 gcry_md_open(&i_hash_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
945 gcry_md_setkey(i_hash_ctx, ctx->skeyid, ctx->md_len);
946 gcry_md_write(i_hash_ctx, ctx->dh_i_public, dh_getlen(ctx->dh_group));
947 gcry_md_write(i_hash_ctx, ctx->dh_r_public, dh_getlen(ctx->dh_group));
948 gcry_md_write(i_hash_ctx, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
949 gcry_md_write(i_hash_ctx, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
950 gcry_md_write(i_hash_ctx, ctx->i_sa + 4, ctx->i_sa_len - 4);
951 gcry_md_write(i_hash_ctx, ctx->i_id + 4, ctx->i_id_len - 4);
952 gcry_md_final(i_hash_ctx);
953 mem_allocate(&ctx->i_hash, ctx->md_len);
954 memcpy(ctx->i_hash, gcry_md_read(i_hash_ctx, 0), ctx->md_len);
955 gcry_md_close(i_hash_ctx);
956
957 /* generate r_hash */
958 gcry_md_hd_t r_hash_ctx;
959 gcry_md_open(&r_hash_ctx, ctx->md_algo, GCRY_MD_FLAG_HMAC);
960 gcry_md_setkey(r_hash_ctx, ctx->skeyid, ctx->md_len);
961 gcry_md_write(r_hash_ctx, ctx->dh_r_public, dh_getlen(ctx->dh_group));
962 gcry_md_write(r_hash_ctx, ctx->dh_i_public, dh_getlen(ctx->dh_group));
963 gcry_md_write(r_hash_ctx, ctx->r_cookie, ISAKMP_COOKIE_LENGTH);
964 gcry_md_write(r_hash_ctx, ctx->i_cookie, ISAKMP_COOKIE_LENGTH);
965 gcry_md_write(r_hash_ctx, ctx->i_sa + 4, ctx->i_sa_len - 4);
966 gcry_md_write(r_hash_ctx, ctx->r_id + 4, ctx->r_id_len - 4);
967 gcry_md_final(r_hash_ctx);
968 mem_allocate(&ctx->r_hash, ctx->md_len);
969 memcpy(ctx->r_hash, gcry_md_read(r_hash_ctx, 0), ctx->md_len);
970 gcry_md_close(r_hash_ctx);
971
972 /* payload: hash_r */
973 p = p->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_HASH,
974 ctx->r_hash, ctx->md_len);
975
976 /* payload: Cisco Unity vendor id */
977 p = p->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
978 unity_vid, sizeof(unity_vid));
979
980 /* payload: XAUTH vendor id */
981 p = p->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
982 xauth_vid, sizeof(xauth_vid));
983
984 /* send response */
985 datagram *dgm = datagram_new(0);
986 mem_free(&dgm->data);
987 flatten_isakmp_packet(r, &dgm->data, &dgm->len, ctx->blk_len);
988 dgm->peer_addr = ctx->peer_addr;
989 send_datagram(ctx, dgm);
990 free_isakmp_packet(r);
991 datagram_free(dgm);
992
993 ctx->state = STATE_PHASE1;
994 }
995
996 /*
997 * Process the last IKE Aggressive Mode packet in phase 1, containing i_hash.
998 * Brings us to phase 2 (hopefully).
999 */
ike_do_phase1_end(peer_ctx * ctx,struct isakmp_packet * ikp)1000 void ike_do_phase1_end(peer_ctx *ctx, struct isakmp_packet *ikp)
1001 {
1002 /* get the payloads */
1003 struct isakmp_payload *h = NULL;
1004 for(struct isakmp_payload *p = ikp->u.payload; p; p = p->next) {
1005 switch(p->type) {
1006 case ISAKMP_PAYLOAD_HASH:
1007 h = p;
1008 break;
1009
1010 case ISAKMP_PAYLOAD_N:
1011 case ISAKMP_PAYLOAD_VID:
1012 /* silently ignore for now */
1013 break;
1014
1015 default:
1016 log_printf(ctx,
1017 "unhandled payload type 0x%02x, ignored",
1018 p->type);
1019 break;
1020 }}
1021
1022 /* do we have all payloads? */
1023 if(!h) {
1024 log_printf(ctx, "missing payload: h=%p, ignored", (void*)h);
1025 return;
1026 }
1027
1028 /* verify hash */
1029 if(h->u.hash.length != ctx->md_len ||
1030 memcmp(h->u.hash.data, ctx->i_hash, ctx->md_len)) {
1031 log_printf(ctx, "IKE phase 1 auth failed (i_hash mismatch)");
1032 return;
1033 }
1034
1035 log_printf(ctx, "IKE phase 1 complete, entering phase 2");
1036
1037 ctx->state = STATE_PHASE2;
1038 ike_do_phase2_xauth_begin(ctx);
1039 }
1040
1041 /*
1042 * Process an IKE packet in STATE_PHASE1.
1043 */
ike_process_phase1(peer_ctx * ctx,struct isakmp_packet * ikp)1044 void ike_process_phase1(peer_ctx *ctx, struct isakmp_packet *ikp)
1045 {
1046 if(!(ikp->flags & ISAKMP_FLAG_E)) {
1047 log_printf(ctx, "unencrypted packet in STATE_PHASE1, reset state");
1048 peer_ctx_reset(ctx);
1049 ike_process_new(ctx, ikp);
1050 return;
1051 }
1052
1053 switch(ikp->exchange_type) {
1054 case ISAKMP_EXCHANGE_AGGRESSIVE:
1055 if(!ike_crypt(ctx, ikp))
1056 ike_do_phase1_end(ctx, ikp);
1057 break;
1058
1059 case ISAKMP_EXCHANGE_INFORMATIONAL:
1060 ike_process_informational(ctx, ikp);
1061 break;
1062
1063 default:
1064 log_printf(ctx,
1065 "unhandled exchange type 0x%02x in STATE_PHASE1, ignored",
1066 ikp->exchange_type);
1067 break;
1068 }
1069 }
1070
1071
1072
1073 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
1074 * Phase 0 handler *
1075 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1076
1077 /* phase 0 is actually phase 1 before the key exchange is complete */
1078
1079 /*
1080 * Process an IKE packet in STATE_NEW.
1081 */
ike_process_new(peer_ctx * ctx,struct isakmp_packet * ikp)1082 void ike_process_new(peer_ctx *ctx, struct isakmp_packet *ikp)
1083 {
1084 if(ikp->flags & ISAKMP_FLAG_E) {
1085 log_printf(ctx, "encrypted packet in STATE_NEW, ignored");
1086 return;
1087 }
1088
1089 switch(ikp->exchange_type) {
1090 case ISAKMP_EXCHANGE_AGGRESSIVE:
1091 log_printf(ctx, "IKE session initiated");
1092 ike_do_phase1(ctx, ikp);
1093 break;
1094 /*
1095 case ISAKMP_EXCHANGE_MAIN:
1096 log_printf(ctx, "IKE session initiated (main mode)");
1097 ike_do_phase1_main1(ctx, ikp);
1098 break;
1099 */
1100 case ISAKMP_EXCHANGE_INFORMATIONAL:
1101 ike_process_informational(ctx, ikp);
1102 break;
1103
1104 default:
1105 log_printf(ctx,
1106 "unhandled exchange type 0x%02x in STATE_NEW, ignored",
1107 ikp->exchange_type);
1108 break;
1109 }
1110 }
1111
1112
1113
1114 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
1115 * Main packet handler *
1116 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1117
1118 /*
1119 * Process an incoming IKE/ISAKMP packet.
1120 */
ike_process_isakmp(peer_ctx * ctx,struct isakmp_packet * ikp)1121 void ike_process_isakmp(peer_ctx *ctx, struct isakmp_packet *ikp)
1122 {
1123 /*
1124 * need some (simple) mechanism to clean out old states after
1125 * some time, maybe: if r_cookie == 0, reset to STATE_NEW
1126 */
1127
1128 switch(ctx->state) {
1129 case STATE_NEW:
1130 ike_process_new(ctx, ikp);
1131 break;
1132
1133 case STATE_PHASE1:
1134 ike_process_phase1(ctx, ikp);
1135 break;
1136
1137 case STATE_PHASE2:
1138 ike_process_phase2(ctx, ikp);
1139 break;
1140
1141 default:
1142 log_printf(ctx, "unhandled state, reset state");
1143 peer_ctx_reset(ctx);
1144 ike_process_new(ctx, ikp);
1145 break;
1146 }
1147
1148 }
1149
1150