1 /* $OpenBSD: ikev2.c,v 1.384 2024/02/15 19:11:00 tobhe Exp $ */ 2 3 /* 4 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> 5 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/types.h> 21 #include <sys/queue.h> 22 #include <sys/socket.h> 23 #include <sys/uio.h> 24 25 #include <netinet/in.h> 26 #include <netinet/ip_ipsp.h> 27 #include <arpa/inet.h> 28 29 #include <stdlib.h> 30 #include <stdio.h> 31 #include <syslog.h> 32 #include <unistd.h> 33 #include <string.h> 34 #include <signal.h> 35 #include <endian.h> 36 #include <errno.h> 37 #include <err.h> 38 #include <event.h> 39 40 #include <openssl/sha.h> 41 #include <openssl/evp.h> 42 #include <openssl/x509.h> 43 44 #include "iked.h" 45 #include "ikev2.h" 46 #include "eap.h" 47 #include "dh.h" 48 #include "chap_ms.h" 49 #include "version.h" 50 51 void ikev2_info(struct iked *, struct imsg *, int); 52 void ikev2_info_sa(struct iked *, struct imsg *, int, const char *, 53 struct iked_sa *); 54 void ikev2_info_csa(struct iked *, struct imsg *, int, const char *, 55 struct iked_childsa *); 56 void ikev2_info_flow(struct iked *, struct imsg *, int, const char *, 57 struct iked_flow *); 58 void ikev2_log_established(struct iked_sa *); 59 void ikev2_log_proposal(struct iked_sa *, struct iked_proposals *); 60 void ikev2_log_cert_info(const char *, struct iked_id *); 61 62 void ikev2_run(struct privsep *, struct privsep_proc *, void *); 63 void ikev2_shutdown(void); 64 int ikev2_dispatch_parent(int, struct privsep_proc *, struct imsg *); 65 int ikev2_dispatch_cert(int, struct privsep_proc *, struct imsg *); 66 int ikev2_dispatch_control(int, struct privsep_proc *, struct imsg *); 67 68 struct iked_sa * 69 ikev2_getimsgdata(struct iked *, struct imsg *, struct iked_sahdr *, 70 uint8_t *, uint8_t **, size_t *); 71 72 void ikev2_recv(struct iked *, struct iked_message *); 73 int ikev2_ike_auth_compatible(struct iked_sa *, uint8_t, uint8_t); 74 int ikev2_ike_auth_recv(struct iked *, struct iked_sa *, 75 struct iked_message *); 76 int ikev2_ike_auth(struct iked *, struct iked_sa *); 77 int ikev2_auth_verify(struct iked *, struct iked_sa *); 78 79 void ikev2_init_recv(struct iked *, struct iked_message *, 80 struct ike_header *); 81 void ikev2_init_ike_sa_timeout(struct iked *, void *); 82 int ikev2_init_ike_sa_peer(struct iked *, struct iked_policy *, 83 struct iked_addr *, struct iked_message *); 84 int ikev2_init_ike_auth(struct iked *, struct iked_sa *); 85 int ikev2_init_auth(struct iked *, struct iked_message *); 86 int ikev2_init_done(struct iked *, struct iked_sa *); 87 88 int ikev2_record_dstid(struct iked *, struct iked_sa *); 89 90 void ikev2_enable_timer(struct iked *, struct iked_sa *); 91 void ikev2_disable_timer(struct iked *, struct iked_sa *); 92 93 void ikev2_resp_recv(struct iked *, struct iked_message *, 94 struct ike_header *); 95 int ikev2_resp_ike_sa_init(struct iked *, struct iked_message *); 96 int ikev2_resp_ike_eap(struct iked *, struct iked_sa *, 97 struct iked_message *); 98 int ikev2_resp_ike_eap_mschap(struct iked *, struct iked_sa *, 99 struct iked_message *); 100 int ikev2_resp_ike_auth(struct iked *, struct iked_sa *); 101 int ikev2_send_auth_failed(struct iked *, struct iked_sa *); 102 int ikev2_send_error(struct iked *, struct iked_sa *, 103 struct iked_message *, uint8_t); 104 int ikev2_send_init_error(struct iked *, struct iked_message *); 105 106 int ikev2_handle_certreq(struct iked*, struct iked_message *); 107 ssize_t ikev2_handle_delete(struct iked *, struct iked_message *, 108 struct ibuf *, struct ikev2_payload **, uint8_t *); 109 110 int ikev2_send_create_child_sa(struct iked *, struct iked_sa *, 111 struct iked_spi *, uint8_t, uint16_t); 112 int ikev2_ikesa_enable(struct iked *, struct iked_sa *, struct iked_sa *); 113 void ikev2_ikesa_delete(struct iked *, struct iked_sa *, int); 114 int ikev2_nonce_cmp(struct ibuf *, struct ibuf *); 115 int ikev2_init_create_child_sa(struct iked *, struct iked_message *); 116 int ikev2_resp_create_child_sa(struct iked *, struct iked_message *); 117 void ikev2_ike_sa_rekey(struct iked *, void *); 118 void ikev2_ike_sa_rekey_timeout(struct iked *, void *); 119 void ikev2_ike_sa_rekey_schedule(struct iked *, struct iked_sa *); 120 void ikev2_ike_sa_rekey_schedule_fast(struct iked *, struct iked_sa *); 121 void ikev2_ike_sa_alive(struct iked *, void *); 122 void ikev2_ike_sa_keepalive(struct iked *, void *); 123 124 int ikev2_sa_negotiate_common(struct iked *, struct iked_sa *, 125 struct iked_message *, int); 126 int ikev2_sa_initiator(struct iked *, struct iked_sa *, 127 struct iked_sa *, struct iked_message *); 128 int ikev2_sa_responder(struct iked *, struct iked_sa *, struct iked_sa *, 129 struct iked_message *); 130 int ikev2_sa_initiator_dh(struct iked_sa *, struct iked_message *, 131 unsigned int, struct iked_sa *); 132 int ikev2_sa_responder_dh(struct iked_kex *, struct iked_proposals *, 133 struct iked_message *, unsigned int); 134 void ikev2_sa_cleanup_dh(struct iked_sa *); 135 int ikev2_sa_keys(struct iked *, struct iked_sa *, struct ibuf *); 136 int ikev2_sa_tag(struct iked_sa *, struct iked_id *); 137 int ikev2_set_sa_proposal(struct iked_sa *, struct iked_policy *, 138 unsigned int); 139 140 int ikev2_childsa_negotiate(struct iked *, struct iked_sa *, 141 struct iked_kex *, struct iked_proposals *, int, int); 142 int ikev2_childsa_delete_proposed(struct iked *, struct iked_sa *, 143 struct iked_proposals *); 144 int ikev2_valid_proposal(struct iked_proposal *, 145 struct iked_transform **, struct iked_transform **, int *); 146 147 int ikev2_handle_notifies(struct iked *, struct iked_message *); 148 149 ssize_t ikev2_add_proposals(struct iked *, struct iked_sa *, struct ibuf *, 150 struct iked_proposals *, uint8_t, int, int, int); 151 ssize_t ikev2_add_cp(struct iked *, struct iked_sa *, int, struct ibuf *); 152 ssize_t ikev2_init_add_cp(struct iked *, struct iked_sa *, struct ibuf *); 153 ssize_t ikev2_resp_add_cp(struct iked *, struct iked_sa *, struct ibuf *); 154 ssize_t ikev2_add_transform(struct ibuf *, 155 uint8_t, uint8_t, uint16_t, uint16_t); 156 ssize_t ikev2_add_ts(struct ibuf *, struct ikev2_payload **, ssize_t, 157 struct iked_sa *, int); 158 ssize_t ikev2_add_certreq(struct ibuf *, struct ikev2_payload **, ssize_t, 159 struct ibuf *, uint8_t); 160 ssize_t ikev2_add_ipcompnotify(struct iked *, struct ibuf *, 161 struct ikev2_payload **, ssize_t, struct iked_sa *, int); 162 ssize_t ikev2_add_ts_payload(struct ibuf *, unsigned int, struct iked_sa *); 163 ssize_t ikev2_add_error(struct iked *, struct ibuf *, struct iked_message *); 164 int ikev2_add_data(struct ibuf *, void *, size_t); 165 int ikev2_add_buf(struct ibuf *buf, struct ibuf *); 166 167 int ikev2_cp_setaddr(struct iked *, struct iked_sa *, sa_family_t); 168 int ikev2_cp_setaddr_pool(struct iked *, struct iked_sa *, 169 struct iked_cfg *, const char **, sa_family_t); 170 int ikev2_cp_fixaddr(struct iked_sa *, struct iked_addr *, 171 struct iked_addr *); 172 int ikev2_cp_fixflow(struct iked_sa *, struct iked_flow *, 173 struct iked_flow *); 174 int ikev2_cp_request_configured(struct iked_sa *); 175 176 ssize_t ikev2_add_sighashnotify(struct ibuf *, struct ikev2_payload **, 177 ssize_t); 178 ssize_t ikev2_add_nat_detection(struct iked *, struct ibuf *, 179 struct ikev2_payload **, struct iked_message *, ssize_t); 180 ssize_t ikev2_add_vendor_id(struct ibuf *, struct ikev2_payload **, 181 ssize_t, struct ibuf *); 182 ssize_t ikev2_add_notify(struct ibuf *, struct ikev2_payload **, ssize_t, 183 uint16_t); 184 ssize_t ikev2_add_mobike(struct ibuf *, struct ikev2_payload **, ssize_t); 185 ssize_t ikev2_add_fragmentation(struct ibuf *, struct ikev2_payload **, 186 ssize_t); 187 ssize_t ikev2_add_transport_mode(struct iked *, struct ibuf *, 188 struct ikev2_payload **, ssize_t, struct iked_sa *); 189 int ikev2_update_sa_addresses(struct iked *, struct iked_sa *); 190 int ikev2_resp_informational(struct iked *, struct iked_sa *, 191 struct iked_message *); 192 193 void ikev2_ctl_reset_id(struct iked *, struct imsg *, unsigned int); 194 void ikev2_ctl_show_sa(struct iked *, struct imsg *); 195 void ikev2_ctl_show_stats(struct iked *, struct imsg *); 196 197 static struct privsep_proc procs[] = { 198 { "parent", PROC_PARENT, ikev2_dispatch_parent }, 199 { "certstore", PROC_CERT, ikev2_dispatch_cert }, 200 { "control", PROC_CONTROL, ikev2_dispatch_control } 201 }; 202 203 void 204 ikev2(struct privsep *ps, struct privsep_proc *p) 205 { 206 proc_run(ps, p, procs, nitems(procs), ikev2_run, NULL); 207 } 208 209 void 210 ikev2_run(struct privsep *ps, struct privsep_proc *p, void *arg) 211 { 212 /* 213 * pledge in the ikev2 process: 214 * stdio - for malloc and basic I/O including events. 215 * inet - for sendto with specified peer address. 216 * recvfd - for PFKEYv2 and the listening UDP sockets. 217 * In theory, recvfd could be dropped after getting the fds once. 218 */ 219 p->p_shutdown = ikev2_shutdown; 220 if (pledge("stdio inet recvfd", NULL) == -1) 221 fatal("pledge"); 222 } 223 224 void 225 ikev2_shutdown(void) 226 { 227 struct iked *env = iked_env; 228 229 ibuf_free(env->sc_certreq); 230 env->sc_certreq = NULL; 231 config_doreset(env, RESET_ALL); 232 } 233 234 int 235 ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 236 { 237 struct iked *env = iked_env; 238 struct iked_sa *sa, *satmp; 239 struct iked_policy *pol, *old; 240 241 switch (imsg->hdr.type) { 242 case IMSG_CTL_RESET: 243 return (config_getreset(env, imsg)); 244 case IMSG_CTL_COUPLE: 245 case IMSG_CTL_DECOUPLE: 246 return (config_getcoupled(env, imsg->hdr.type)); 247 case IMSG_CTL_ACTIVE: 248 case IMSG_CTL_PASSIVE: 249 if (config_getmode(env, imsg->hdr.type) == -1) 250 return (0); /* ignore error */ 251 config_enablesocket(env); 252 timer_del(env, &env->sc_inittmr); 253 TAILQ_FOREACH(pol, &env->sc_policies, pol_entry) { 254 if (policy_generate_ts(pol) == -1) 255 fatalx("%s: too many traffic selectors", __func__); 256 } 257 /* Find new policies for dangling SAs */ 258 RB_FOREACH_SAFE(sa, iked_sas, &env->sc_sas, satmp) { 259 if (sa->sa_state != IKEV2_STATE_ESTABLISHED) { 260 sa_state(env, sa, IKEV2_STATE_CLOSING); 261 ikev2_ike_sa_setreason(sa, "reload"); 262 sa_free(env, sa); 263 continue; 264 } 265 266 old = sa->sa_policy; 267 if (policy_lookup_sa(env, sa) == -1) { 268 log_info("%s: No matching Policy found, terminating SA.", 269 SPI_SA(sa, __func__)); 270 ikev2_ike_sa_setreason(sa, "Policy no longer exists"); 271 ikev2_ikesa_delete(env, sa, sa->sa_hdr.sh_initiator); 272 } 273 if (old != sa->sa_policy) { 274 /* Cleanup old policy */ 275 TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); 276 policy_unref(env, old); 277 policy_ref(env, sa->sa_policy); 278 TAILQ_INSERT_TAIL(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry); 279 } 280 } 281 if (!env->sc_passive) { 282 timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa, 283 NULL); 284 timer_add(env, &env->sc_inittmr, 285 IKED_INITIATOR_INITIAL); 286 } 287 return (0); 288 case IMSG_UDP_SOCKET: 289 return (config_getsocket(env, imsg, ikev2_msg_cb)); 290 case IMSG_PFKEY_SOCKET: 291 return (config_getpfkey(env, imsg)); 292 case IMSG_CFG_POLICY: 293 return (config_getpolicy(env, imsg)); 294 case IMSG_CFG_FLOW: 295 return (config_getflow(env, imsg)); 296 case IMSG_CFG_USER: 297 return (config_getuser(env, imsg)); 298 case IMSG_COMPILE: 299 return (config_getcompile(env)); 300 case IMSG_CTL_STATIC: 301 return (config_getstatic(env, imsg)); 302 default: 303 break; 304 } 305 306 return (-1); 307 } 308 309 int 310 ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) 311 { 312 struct iked *env = iked_env; 313 struct iked_sahdr sh; 314 struct iked_sa *sa; 315 uint8_t type; 316 uint8_t *ptr; 317 size_t len; 318 struct iked_id *id = NULL; 319 int ignore = 0; 320 int i; 321 322 switch (imsg->hdr.type) { 323 case IMSG_CERTREQ: 324 IMSG_SIZE_CHECK(imsg, &type); 325 326 ptr = imsg->data; 327 memcpy(&type, ptr, sizeof(type)); 328 ptr += sizeof(type); 329 330 ibuf_free(env->sc_certreq); 331 env->sc_certreqtype = type; 332 env->sc_certreq = ibuf_new(ptr, 333 IMSG_DATA_SIZE(imsg) - sizeof(type)); 334 335 log_debug("%s: updated local CERTREQ type %s length %zu", 336 __func__, print_map(type, ikev2_cert_map), 337 ibuf_length(env->sc_certreq)); 338 339 break; 340 case IMSG_CERTVALID: 341 case IMSG_CERTINVALID: 342 /* Ignore invalid or unauthenticated SAs */ 343 if ((sa = ikev2_getimsgdata(env, imsg, 344 &sh, &type, &ptr, &len)) == NULL || 345 sa->sa_state < IKEV2_STATE_EAP) 346 break; 347 348 if (sh.sh_initiator) 349 id = &sa->sa_rcert; 350 else 351 id = &sa->sa_icert; 352 353 id->id_type = type; 354 id->id_offset = 0; 355 ibuf_free(id->id_buf); 356 id->id_buf = NULL; 357 358 if (len > 0 && (id->id_buf = ibuf_new(ptr, len)) == NULL) { 359 log_debug("%s: failed to get cert payload", 360 __func__); 361 break; 362 } 363 364 if (imsg->hdr.type == IMSG_CERTVALID) { 365 if (sa->sa_peerauth.id_type && ikev2_auth_verify(env, sa)) 366 break; 367 368 log_debug("%s: peer certificate is valid", __func__); 369 sa_stateflags(sa, IKED_REQ_CERTVALID); 370 371 if (ikev2_ike_auth(env, sa) != 0) 372 log_debug("%s: failed to send ike auth", __func__); 373 } else { 374 log_warnx("%s: peer certificate is invalid", 375 SPI_SA(sa, __func__)); 376 ikev2_send_auth_failed(env, sa); 377 } 378 break; 379 case IMSG_CERT: 380 if ((sa = ikev2_getimsgdata(env, imsg, 381 &sh, &type, &ptr, &len)) == NULL) { 382 log_debug("%s: invalid cert reply", __func__); 383 break; 384 } 385 386 /* 387 * Ignore the message if we already got a valid certificate. 388 * This might happen if the peer sent multiple CERTREQs. 389 */ 390 if (sa->sa_stateflags & IKED_REQ_CERT || 391 type == IKEV2_CERT_NONE) 392 ignore = 1; 393 394 log_debug("%s: cert type %s length %zu, %s", __func__, 395 print_map(type, ikev2_cert_map), len, 396 ignore ? "ignored" : "ok"); 397 398 if (ignore) 399 break; 400 401 if (sh.sh_initiator) 402 id = &sa->sa_icert; 403 else 404 id = &sa->sa_rcert; 405 406 id->id_type = type; 407 id->id_offset = 0; 408 ibuf_free(id->id_buf); 409 id->id_buf = NULL; 410 411 if (len <= 0 || (id->id_buf = ibuf_new(ptr, len)) == NULL) { 412 log_debug("%s: failed to get cert payload", 413 __func__); 414 break; 415 } 416 417 sa_stateflags(sa, IKED_REQ_CERT); 418 419 if (ikev2_ike_auth(env, sa) != 0) 420 log_debug("%s: failed to send ike auth", __func__); 421 break; 422 case IMSG_SCERT: 423 if ((sa = ikev2_getimsgdata(env, imsg, 424 &sh, &type, &ptr, &len)) == NULL) { 425 log_debug("%s: invalid supplemental cert reply", 426 __func__); 427 break; 428 } 429 430 if (sa->sa_stateflags & IKED_REQ_CERT || 431 type == IKEV2_CERT_NONE) 432 ignore = 1; 433 434 log_debug("%s: supplemental cert type %s length %zu, %s", 435 __func__, 436 print_map(type, ikev2_cert_map), len, 437 ignore ? "ignored" : "ok"); 438 439 if (ignore) 440 break; 441 442 for (i = 0; i < IKED_SCERT_MAX; i++) { 443 id = &sa->sa_scert[i]; 444 if (id->id_type == IKEV2_CERT_NONE) 445 break; 446 id = NULL; 447 } 448 449 if (id == NULL) { 450 log_debug("%s: too many supplemental cert. ignored", 451 __func__); 452 break; 453 } 454 455 id->id_type = type; 456 id->id_offset = 0; 457 ibuf_free(id->id_buf); 458 id->id_buf = NULL; 459 460 if (len <= 0 || (id->id_buf = ibuf_new(ptr, len)) == NULL) { 461 log_debug("%s: failed to get supplemental cert payload", 462 __func__); 463 break; 464 } 465 466 break; 467 case IMSG_AUTH: 468 if ((sa = ikev2_getimsgdata(env, imsg, 469 &sh, &type, &ptr, &len)) == NULL) { 470 log_debug("%s: invalid auth reply", __func__); 471 break; 472 } 473 if (sa_stateok(sa, IKEV2_STATE_VALID)) { 474 log_warnx("%s: ignoring AUTH in state %s", 475 SPI_SA(sa, __func__), 476 print_map(sa->sa_state, ikev2_state_map)); 477 break; 478 } 479 480 log_debug("%s: AUTH type %d len %zu", __func__, type, len); 481 482 id = &sa->sa_localauth; 483 id->id_type = type; 484 id->id_offset = 0; 485 ibuf_free(id->id_buf); 486 id->id_buf = NULL; 487 488 if (type != IKEV2_AUTH_NONE) { 489 if (len <= 0 || 490 (id->id_buf = ibuf_new(ptr, len)) == NULL) { 491 log_debug("%s: failed to get auth payload", 492 __func__); 493 break; 494 } 495 } 496 497 sa_stateflags(sa, IKED_REQ_AUTH); 498 499 if (ikev2_ike_auth(env, sa) != 0) 500 log_debug("%s: failed to send ike auth", __func__); 501 break; 502 default: 503 return (-1); 504 } 505 506 return (0); 507 } 508 509 int 510 ikev2_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg) 511 { 512 struct iked *env = iked_env; 513 514 switch (imsg->hdr.type) { 515 case IMSG_CTL_RESET_ID: 516 ikev2_ctl_reset_id(env, imsg, imsg->hdr.type); 517 break; 518 case IMSG_CTL_SHOW_SA: 519 ikev2_ctl_show_sa(env, imsg); 520 break; 521 case IMSG_CTL_SHOW_STATS: 522 ikev2_ctl_show_stats(env, imsg); 523 break; 524 default: 525 return (-1); 526 } 527 528 return (0); 529 } 530 531 /* try to delete established SA if no other exchange is active */ 532 int 533 ikev2_ike_sa_delete(struct iked *env, struct iked_sa *sa) 534 { 535 if (sa->sa_state != IKEV2_STATE_ESTABLISHED) 536 return (-1); 537 if (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) 538 return (-1); 539 ikev2_disable_timer(env, sa); 540 ikev2_ike_sa_setreason(sa, "reset sa control message"); 541 ikev2_ikesa_delete(env, sa, 1); 542 timer_add(env, &sa->sa_timer, 0); 543 return (0); 544 } 545 546 void 547 ikev2_ctl_reset_id(struct iked *env, struct imsg *imsg, unsigned int type) 548 { 549 struct iked_sa *sa; 550 char *reset_id = NULL; 551 char sa_id[IKED_ID_SIZE]; 552 553 if ((reset_id = get_string(imsg->data, IMSG_DATA_SIZE(imsg))) == NULL) 554 return; 555 556 log_debug("%s: %s %d", __func__, reset_id, type); 557 RB_FOREACH(sa, iked_sas, &env->sc_sas) { 558 if (ikev2_print_id(IKESA_DSTID(sa), sa_id, sizeof(sa_id)) == -1) 559 continue; 560 if (strcmp(reset_id, sa_id) != 0) 561 continue; 562 if (sa->sa_state == IKEV2_STATE_CLOSED) 563 continue; 564 if (sa->sa_state == IKEV2_STATE_ESTABLISHED) 565 ikev2_disable_timer(env, sa); 566 log_info("%s: IKE SA %p id %s ispi %s rspi %s", __func__, 567 sa, sa_id, 568 print_spi(sa->sa_hdr.sh_ispi, 8), 569 print_spi(sa->sa_hdr.sh_rspi, 8)); 570 ikev2_ike_sa_setreason(sa, "reset control message"); 571 ikev2_ikesa_delete(env, sa, 1); 572 /* default IKED_IKE_SA_DELETE_TIMEOUT is 120s, so switch to 6s */ 573 timer_add(env, &sa->sa_timer, 3 * IKED_RETRANSMIT_TIMEOUT); 574 } 575 free(reset_id); 576 } 577 578 void 579 ikev2_ctl_show_sa(struct iked *env, struct imsg *imsg) 580 { 581 ikev2_info(env, imsg, 0); 582 } 583 584 void 585 ikev2_ctl_show_stats(struct iked *env, struct imsg *imsg) 586 { 587 proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1, 588 IMSG_CTL_SHOW_STATS, imsg->hdr.peerid, -1, 589 &env->sc_stats, sizeof(env->sc_stats)); 590 } 591 592 struct iked_sa * 593 ikev2_getimsgdata(struct iked *env, struct imsg *imsg, struct iked_sahdr *sh, 594 uint8_t *type, uint8_t **buf, size_t *size) 595 { 596 uint8_t *ptr; 597 size_t len; 598 struct iked_sa *sa; 599 600 ptr = imsg->data; 601 len = IMSG_DATA_SIZE(imsg); 602 if (len < sizeof(*sh)) 603 fatalx("ikev2_getimsgdata: length too small for sh"); 604 memcpy(sh, ptr, sizeof(*sh)); 605 len -= sizeof(*sh); 606 ptr += sizeof(*sh); 607 if (len < sizeof(*type)) 608 fatalx("ikev2_getimsgdata: length too small for type"); 609 memcpy(type, ptr, sizeof(*type)); 610 len -= sizeof(*type); 611 ptr += sizeof(*type); 612 613 sa = sa_lookup(env, sh->sh_ispi, sh->sh_rspi, sh->sh_initiator); 614 615 log_debug("%s: imsg %d rspi %s ispi %s initiator %d sa %s" 616 " type %d data length %zd", 617 __func__, imsg->hdr.type, 618 print_spi(sh->sh_rspi, 8), 619 print_spi(sh->sh_ispi, 8), 620 sh->sh_initiator, 621 sa == NULL ? "invalid" : "valid", *type, len); 622 623 if (sa == NULL) 624 return (NULL); 625 626 *buf = ptr; 627 *size = len; 628 629 return (sa); 630 } 631 632 static time_t 633 gettime(void) 634 { 635 struct timeval tv; 636 gettimeofday(&tv, NULL); 637 return tv.tv_sec; 638 } 639 640 void 641 ikev2_recv(struct iked *env, struct iked_message *msg) 642 { 643 struct ike_header *hdr; 644 struct iked_sa *sa; 645 struct iked_msg_retransmit *mr; 646 unsigned int initiator, flag = 0; 647 int r; 648 649 hdr = ibuf_seek(msg->msg_data, msg->msg_offset, sizeof(*hdr)); 650 651 if (hdr == NULL || ibuf_size(msg->msg_data) < 652 (betoh32(hdr->ike_length) - msg->msg_offset)) 653 return; 654 655 ikestat_inc(env, ikes_msg_rcvd); 656 657 initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? 0 : 1; 658 msg->msg_response = (hdr->ike_flags & IKEV2_FLAG_RESPONSE) ? 1 : 0; 659 msg->msg_exchange = hdr->ike_exchange; 660 msg->msg_sa = sa_lookup(env, 661 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 662 initiator); 663 msg->msg_msgid = betoh32(hdr->ike_msgid); 664 if (policy_lookup(env, msg, NULL, NULL, 0) != 0) { 665 log_debug("%s: no compatible policy found", __func__); 666 ikestat_inc(env, ikes_msg_rcvd_dropped); 667 return; 668 } 669 670 logit(hdr->ike_exchange == IKEV2_EXCHANGE_INFORMATIONAL ? 671 LOG_DEBUG : LOG_INFO, 672 "%srecv %s %s %u peer %s local %s, %zu bytes, policy '%s'", 673 SPI_IH(hdr), 674 print_map(hdr->ike_exchange, ikev2_exchange_map), 675 msg->msg_response ? "res" : "req", 676 msg->msg_msgid, 677 print_addr(&msg->msg_peer), 678 print_addr(&msg->msg_local), 679 ibuf_size(msg->msg_data), 680 msg->msg_policy->pol_name); 681 log_debug("%s: ispi %s rspi %s", __func__, 682 print_spi(betoh64(hdr->ike_ispi), 8), 683 print_spi(betoh64(hdr->ike_rspi), 8)); 684 685 if ((sa = msg->msg_sa) == NULL) 686 goto done; 687 688 sa->sa_last_recvd = gettime(); 689 690 if (hdr->ike_exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA) 691 flag = IKED_REQ_CHILDSA; 692 if (hdr->ike_exchange == IKEV2_EXCHANGE_INFORMATIONAL) 693 flag = IKED_REQ_INF; 694 695 if (hdr->ike_exchange != IKEV2_EXCHANGE_IKE_SA_INIT && 696 hdr->ike_nextpayload != IKEV2_PAYLOAD_SK && 697 hdr->ike_nextpayload != IKEV2_PAYLOAD_SKF) { 698 ikestat_inc(env, ikes_msg_rcvd_dropped); 699 return; 700 } 701 702 if (msg->msg_response) { 703 if (msg->msg_msgid > sa->sa_reqid) { 704 ikestat_inc(env, ikes_msg_rcvd_dropped); 705 return; 706 } 707 mr = ikev2_msg_lookup(env, &sa->sa_requests, msg, 708 hdr->ike_exchange); 709 if (hdr->ike_exchange != IKEV2_EXCHANGE_INFORMATIONAL && 710 mr == NULL && sa->sa_fragments.frag_count == 0) { 711 ikestat_inc(env, ikes_msg_rcvd_dropped); 712 return; 713 } 714 if (flag) { 715 if ((sa->sa_stateflags & flag) == 0) { 716 ikestat_inc(env, ikes_msg_rcvd_dropped); 717 return; 718 } 719 /* 720 * We have initiated this exchange, even if 721 * we are not the initiator of the IKE SA. 722 */ 723 initiator = 1; 724 } 725 /* 726 * There's no need to keep the request (fragments) around 727 */ 728 if (mr != NULL && hdr->ike_nextpayload != IKEV2_PAYLOAD_SKF) 729 ikev2_msg_dispose(env, &sa->sa_requests, mr); 730 } else { 731 /* 732 * IKE_SA_INIT is special since it always uses the message id 0. 733 * Even when the message was rejected, and the new message has 734 * different proposals, the id will be the same. To discern 735 * retransmits and new messages, the RFC suggests to compare the 736 * the messages. 737 */ 738 if (sa->sa_state == IKEV2_STATE_CLOSED && sa->sa_1stmsg && 739 hdr->ike_exchange == IKEV2_EXCHANGE_IKE_SA_INIT && 740 msg->msg_msgid == 0 && 741 (ibuf_size(msg->msg_data) != ibuf_size(sa->sa_1stmsg) || 742 memcmp(ibuf_data(msg->msg_data), ibuf_data(sa->sa_1stmsg), 743 ibuf_size(sa->sa_1stmsg)) != 0)) { 744 ikev2_ike_sa_setreason(sa, NULL); 745 sa_free(env, sa); 746 msg->msg_sa = sa = NULL; 747 goto done; 748 } 749 if (msg->msg_msgid < sa->sa_msgid) { 750 ikestat_inc(env, ikes_msg_rcvd_dropped); 751 return; 752 } 753 if (flag) 754 initiator = 0; 755 /* 756 * See if we have responded to this request before 757 * For return values 0 and -1 we have. 758 */ 759 if ((r = ikev2_msg_retransmit_response(env, sa, msg, 760 hdr->ike_exchange)) != -2) { 761 if (r == -1) { 762 log_warn("%s: failed to retransmit a " 763 "response", __func__); 764 ikev2_ike_sa_setreason(sa, 765 "retransmitting response failed"); 766 sa_free(env, sa); 767 } 768 return; 769 } else if (sa->sa_msgid_set && msg->msg_msgid == sa->sa_msgid) { 770 /* 771 * Response is being worked on, most likely we're 772 * waiting for the CA process to get back to us 773 */ 774 ikestat_inc(env, ikes_msg_rcvd_busy); 775 return; 776 } 777 sa->sa_msgid_current = msg->msg_msgid; 778 } 779 780 if (sa_address(sa, &sa->sa_peer, (struct sockaddr *)&msg->msg_peer) 781 == -1 || 782 sa_address(sa, &sa->sa_local, (struct sockaddr *)&msg->msg_local) 783 == -1) { 784 ikestat_inc(env, ikes_msg_rcvd_dropped); 785 return; 786 } 787 788 sa->sa_fd = msg->msg_fd; 789 790 log_debug("%s: updated SA to peer %s local %s", __func__, 791 print_addr(&sa->sa_peer.addr), print_addr(&sa->sa_local.addr)); 792 793 done: 794 if (initiator) 795 ikev2_init_recv(env, msg, hdr); 796 else 797 ikev2_resp_recv(env, msg, hdr); 798 799 if (sa != NULL && !msg->msg_response && msg->msg_valid) { 800 /* 801 * If it's a valid request, make sure to update the peer's 802 * message ID and dispose of all previous responses. 803 * We need to set sa_msgid_set in order to distinguish between 804 * "last msgid was 0" and "msgid not set yet". 805 */ 806 sa->sa_msgid = sa->sa_msgid_current; 807 sa->sa_msgid_set = 1; 808 ikev2_msg_prevail(env, &sa->sa_responses, msg); 809 } 810 811 if (sa != NULL && sa->sa_state == IKEV2_STATE_CLOSED) { 812 log_debug("%s: closing SA", __func__); 813 ikev2_ike_sa_setreason(sa, "closed"); 814 sa_free(env, sa); 815 } 816 } 817 818 int 819 ikev2_ike_auth_compatible(struct iked_sa *sa, uint8_t policy, uint8_t wire) 820 { 821 if (wire == IKEV2_AUTH_SIG_ANY) /* internal, not on wire */ 822 return (-1); 823 if (policy == wire || policy == IKEV2_AUTH_NONE) 824 return (0); 825 switch (policy) { 826 case IKEV2_AUTH_SIG_ANY: 827 switch (wire) { 828 case IKEV2_AUTH_SIG: 829 case IKEV2_AUTH_RSA_SIG: 830 case IKEV2_AUTH_ECDSA_256: 831 case IKEV2_AUTH_ECDSA_384: 832 case IKEV2_AUTH_ECDSA_521: 833 return (0); 834 } 835 break; 836 case IKEV2_AUTH_SIG: 837 case IKEV2_AUTH_RSA_SIG: 838 case IKEV2_AUTH_ECDSA_256: 839 case IKEV2_AUTH_ECDSA_384: 840 case IKEV2_AUTH_ECDSA_521: 841 switch (wire) { 842 /* 843 * XXX Maybe we need an indication saying: 844 * XXX Accept AUTH_SIG as long as its DSA? 845 */ 846 case IKEV2_AUTH_SIG: 847 if (sa->sa_sigsha2) 848 return (0); 849 } 850 break; 851 } 852 return (-1); 853 } 854 855 int 856 ikev2_auth_verify(struct iked *env, struct iked_sa *sa) 857 { 858 struct iked_auth ikeauth; 859 struct ibuf *authmsg; 860 int ret; 861 862 memcpy(&ikeauth, &sa->sa_policy->pol_auth, 863 sizeof(ikeauth)); 864 865 if (sa->sa_policy->pol_auth.auth_eap && 866 sa->sa_eapmsk != NULL) { 867 /* 868 * The initiator EAP auth is a PSK derived 869 * from the EAP-specific MSK 870 */ 871 ikeauth.auth_method = IKEV2_AUTH_SHARED_KEY_MIC; 872 873 /* Copy session key as PSK */ 874 memcpy(ikeauth.auth_data, 875 ibuf_data(sa->sa_eapmsk), 876 ibuf_size(sa->sa_eapmsk)); 877 ikeauth.auth_length = ibuf_size(sa->sa_eapmsk); 878 } 879 880 if (ikev2_ike_auth_compatible(sa, 881 ikeauth.auth_method, sa->sa_peerauth.id_type) < 0) { 882 log_warnx("%s: unexpected auth method %s, was " 883 "expecting %s", SPI_SA(sa, __func__), 884 print_map(sa->sa_peerauth.id_type, 885 ikev2_auth_map), 886 print_map(ikeauth.auth_method, 887 ikev2_auth_map)); 888 ikev2_send_auth_failed(env, sa); 889 explicit_bzero(&ikeauth, sizeof(ikeauth)); 890 return (-1); 891 } 892 ikeauth.auth_method = sa->sa_peerauth.id_type; 893 894 if ((authmsg = ikev2_msg_auth(env, sa, 895 sa->sa_hdr.sh_initiator)) == NULL) { 896 log_debug("%s: failed to get auth data", 897 __func__); 898 ikev2_send_auth_failed(env, sa); 899 explicit_bzero(&ikeauth, sizeof(ikeauth)); 900 return (-1); 901 } 902 903 ret = ikev2_msg_authverify(env, sa, &ikeauth, 904 ibuf_data(sa->sa_peerauth.id_buf), 905 ibuf_size(sa->sa_peerauth.id_buf), 906 authmsg); 907 ibuf_free(authmsg); 908 if (ret != 0) { 909 log_info("%s: ikev2_msg_authverify failed", 910 SPI_SA(sa, __func__)); 911 ikev2_send_auth_failed(env, sa); 912 explicit_bzero(&ikeauth, sizeof(ikeauth)); 913 return (-1); 914 } 915 if (sa->sa_eapmsk != NULL) { 916 if ((authmsg = ikev2_msg_auth(env, sa, 917 !sa->sa_hdr.sh_initiator)) == NULL) { 918 log_debug("%s: failed to get auth data", 919 __func__); 920 explicit_bzero(&ikeauth, sizeof(ikeauth)); 921 return (-1); 922 } 923 924 /* XXX 2nd AUTH for EAP messages */ 925 ret = ikev2_msg_authsign(env, sa, &ikeauth, authmsg); 926 ibuf_free(authmsg); 927 if (ret != 0) { 928 ikev2_send_auth_failed(env, sa); 929 explicit_bzero(&ikeauth, sizeof(ikeauth)); 930 return (-1); 931 } 932 933 /* ikev2_msg_authverify verified AUTH */ 934 sa_stateflags(sa, IKED_REQ_AUTHVALID); 935 sa_stateflags(sa, IKED_REQ_EAPVALID); 936 sa_state(env, sa, IKEV2_STATE_EAP_SUCCESS); 937 } 938 939 explicit_bzero(&ikeauth, sizeof(ikeauth)); 940 return (0); 941 } 942 943 int 944 ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, 945 struct iked_message *msg) 946 { 947 struct iked_id *id; 948 struct ibuf *authmsg, *buf; 949 struct iked_policy *old; 950 uint8_t *cert = NULL; 951 size_t certlen = 0; 952 int certtype = IKEV2_CERT_NONE; 953 int i; 954 955 /* The AUTH payload indicates if the responder wants EAP or not */ 956 if (msg->msg_auth.id_type != IKEV2_AUTH_NONE && 957 !sa_stateok(sa, IKEV2_STATE_EAP)) 958 sa_state(env, sa, IKEV2_STATE_AUTH_REQUEST); 959 960 if (!sa->sa_hdr.sh_initiator && 961 !sa_stateok(sa, IKEV2_STATE_AUTH_REQUEST) && 962 sa->sa_policy->pol_auth.auth_eap) 963 sa_state(env, sa, IKEV2_STATE_EAP); 964 965 if (sa->sa_hdr.sh_initiator) 966 id = &sa->sa_rid; 967 else 968 id = &sa->sa_iid; 969 970 /* try to relookup the policy based on the peerid */ 971 if (msg->msg_peerid.id_type && !sa->sa_hdr.sh_initiator) { 972 old = sa->sa_policy; 973 974 sa->sa_policy = NULL; 975 if (policy_lookup(env, msg, &sa->sa_proposals, NULL, 0) != 0 || 976 msg->msg_policy == NULL) { 977 log_info("%s: no compatible policy found", 978 SPI_SA(sa, __func__)); 979 ikev2_send_auth_failed(env, sa); 980 TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); 981 policy_unref(env, old); 982 return (-1); 983 } 984 if (msg->msg_policy != old) { 985 /* Clean up old policy */ 986 TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); 987 policy_unref(env, old); 988 989 /* Update SA with new policy*/ 990 if (sa_new(env, sa->sa_hdr.sh_ispi, 991 sa->sa_hdr.sh_rspi, 0, msg->msg_policy) != sa) { 992 log_warnx("%s: failed to update SA", 993 SPI_SA(sa, __func__)); 994 ikev2_send_auth_failed(env, sa); 995 return (-1); 996 } 997 } else { 998 /* restore */ 999 msg->msg_policy = sa->sa_policy = old; 1000 } 1001 if (ikev2_handle_certreq(env, msg) != 0) 1002 return (-1); 1003 } else if (sa->sa_hdr.sh_initiator) { 1004 old = sa->sa_policy; 1005 1006 /* verify policy on initiator */ 1007 sa->sa_policy = NULL; 1008 if (policy_lookup(env, msg, &sa->sa_proposals, &old->pol_flows, 1009 old->pol_nflows) != 0 || msg->msg_policy != old) { 1010 1011 /* get dstid */ 1012 if (msg->msg_peerid.id_type) { 1013 memcpy(id, &msg->msg_peerid, sizeof(*id)); 1014 bzero(&msg->msg_peerid, sizeof(msg->msg_peerid)); 1015 } 1016 log_warnx("%s: policy mismatch", SPI_SA(sa, __func__)); 1017 ikev2_send_auth_failed(env, sa); 1018 TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); 1019 policy_unref(env, old); 1020 return (-1); 1021 } 1022 /* restore */ 1023 msg->msg_policy = sa->sa_policy = old; 1024 } 1025 1026 /* AUTH payload is required for non-EAP */ 1027 if (!msg->msg_auth.id_type && 1028 !sa->sa_policy->pol_auth.auth_eap) { 1029 /* get dstid */ 1030 if (msg->msg_peerid.id_type) { 1031 memcpy(id, &msg->msg_peerid, sizeof(*id)); 1032 bzero(&msg->msg_peerid, sizeof(msg->msg_peerid)); 1033 } 1034 log_debug("%s: missing auth payload", SPI_SA(sa, __func__)); 1035 ikev2_send_auth_failed(env, sa); 1036 return (-1); 1037 } 1038 1039 if (msg->msg_peerid.id_type) { 1040 memcpy(id, &msg->msg_peerid, sizeof(*id)); 1041 bzero(&msg->msg_peerid, sizeof(msg->msg_peerid)); 1042 1043 if (!sa->sa_hdr.sh_initiator) { 1044 if ((authmsg = ikev2_msg_auth(env, sa, 1045 !sa->sa_hdr.sh_initiator)) == NULL) { 1046 log_debug("%s: failed to get response " 1047 "auth data", __func__); 1048 return (-1); 1049 } 1050 1051 ca_setauth(env, sa, authmsg, PROC_CERT); 1052 ibuf_free(authmsg); 1053 } 1054 } 1055 1056 /* Encode all received certs as single blob */ 1057 if (msg->msg_cert.id_type != IKEV2_CERT_BUNDLE && 1058 msg->msg_scert[0].id_type != IKEV2_CERT_NONE) { 1059 if ((buf = ibuf_new(NULL, 0)) == NULL) 1060 return (-1); 1061 /* begin with certificate */ 1062 if (ca_certbundle_add(buf, &msg->msg_cert) != 0) { 1063 ibuf_free(buf); 1064 return (-1); 1065 } 1066 /* add intermediate CAs */ 1067 for (i = 0; i < IKED_SCERT_MAX; i++) { 1068 if (msg->msg_scert[i].id_type == IKEV2_CERT_NONE) 1069 break; 1070 if (ca_certbundle_add(buf, &msg->msg_scert[i]) != 0) { 1071 ibuf_free(buf); 1072 return (-1); 1073 } 1074 } 1075 ibuf_free(msg->msg_cert.id_buf); 1076 msg->msg_cert.id_buf = buf; 1077 msg->msg_cert.id_type = IKEV2_CERT_BUNDLE; 1078 } 1079 1080 if (!TAILQ_EMPTY(&msg->msg_proposals)) { 1081 if (proposals_negotiate(&sa->sa_proposals, 1082 &sa->sa_policy->pol_proposals, &msg->msg_proposals, 1083 0, -1) != 0) { 1084 log_info("%s: no proposal chosen", __func__); 1085 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 1086 ikestat_inc(env, ikes_sa_proposals_negotiate_failures); 1087 return (-1); 1088 } else 1089 sa_stateflags(sa, IKED_REQ_SA); 1090 } 1091 1092 if (msg->msg_auth.id_type) { 1093 memcpy(&sa->sa_peerauth, &msg->msg_auth, sizeof(sa->sa_peerauth)); 1094 bzero(&msg->msg_auth, sizeof(msg->msg_auth)); 1095 } 1096 1097 if (msg->msg_cp) { 1098 if (msg->msg_cp_addr) { 1099 sa->sa_cp_addr = msg->msg_cp_addr; 1100 msg->msg_cp_addr = NULL; 1101 } 1102 if (msg->msg_cp_addr6) { 1103 sa->sa_cp_addr6 = msg->msg_cp_addr6; 1104 msg->msg_cp_addr6 = NULL; 1105 } 1106 if (msg->msg_cp_dns) { 1107 sa->sa_cp_dns = msg->msg_cp_dns; 1108 msg->msg_cp_dns = NULL; 1109 } 1110 sa->sa_cp = msg->msg_cp; 1111 } 1112 1113 /* For EAP and PSK AUTH can be verified without the CA process*/ 1114 if ((sa->sa_policy->pol_auth.auth_eap && 1115 sa->sa_eapmsk != NULL) || 1116 sa->sa_policy->pol_auth.auth_method == IKEV2_AUTH_SHARED_KEY_MIC) 1117 ikev2_auth_verify(env, sa); 1118 /* For CERT and Pubkey AUTH the CA process must find a matching key */ 1119 else if (sa->sa_peerauth.id_type) { 1120 if (msg->msg_cert.id_type) { 1121 certtype = msg->msg_cert.id_type; 1122 cert = ibuf_data(msg->msg_cert.id_buf); 1123 certlen = ibuf_size(msg->msg_cert.id_buf); 1124 } 1125 sa->sa_stateflags &= ~IKED_REQ_CERTVALID; 1126 if (ca_setcert(env, &sa->sa_hdr, id, certtype, cert, certlen, PROC_CERT) == -1) 1127 return (-1); 1128 } 1129 1130 if (sa->sa_cp == IKEV2_CP_REPLY) { 1131 if (sa->sa_cp_addr) 1132 log_info("%s: obtained lease: %s", SPI_SA(sa, __func__), 1133 print_addr(&sa->sa_cp_addr->addr)); 1134 if (sa->sa_cp_addr6) 1135 log_info("%s: obtained lease: %s", SPI_SA(sa, __func__), 1136 print_addr(&sa->sa_cp_addr6->addr)); 1137 if (sa->sa_cp_dns) 1138 log_info("%s: obtained DNS: %s", SPI_SA(sa, __func__), 1139 print_addr(&sa->sa_cp_dns->addr)); 1140 } 1141 1142 return ikev2_ike_auth(env, sa); 1143 } 1144 1145 int 1146 ikev2_ike_auth(struct iked *env, struct iked_sa *sa) 1147 { 1148 /* Attempt state transition */ 1149 if (sa->sa_state == IKEV2_STATE_EAP_SUCCESS) 1150 sa_state(env, sa, IKEV2_STATE_EAP_VALID); 1151 else if (sa->sa_state == IKEV2_STATE_AUTH_SUCCESS) 1152 sa_state(env, sa, IKEV2_STATE_VALID); 1153 1154 if (sa->sa_hdr.sh_initiator) { 1155 if (sa_stateok(sa, IKEV2_STATE_AUTH_SUCCESS)) 1156 return (ikev2_init_done(env, sa)); 1157 /* AUTH exchange is awaiting response from CA process, ignore */ 1158 else if (sa_stateok(sa, IKEV2_STATE_AUTH_REQUEST)) 1159 return (0); 1160 else 1161 return (ikev2_init_ike_auth(env, sa)); 1162 } 1163 return (ikev2_resp_ike_auth(env, sa)); 1164 } 1165 1166 void 1167 ikev2_init_recv(struct iked *env, struct iked_message *msg, 1168 struct ike_header *hdr) 1169 { 1170 struct iked_sa *sa; 1171 struct iked_policy *pol; 1172 1173 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) { 1174 log_debug("%s: unknown SA", __func__); 1175 return; 1176 } 1177 sa = msg->msg_sa; 1178 1179 switch (hdr->ike_exchange) { 1180 case IKEV2_EXCHANGE_IKE_SA_INIT: 1181 /* Update the SPIs */ 1182 if ((sa = sa_new(env, 1183 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 1, 1184 NULL)) == NULL || sa != msg->msg_sa) { 1185 log_debug("%s: invalid new SA", __func__); 1186 if (sa) { 1187 ikev2_ike_sa_setreason(sa, "invalid new SA"); 1188 sa_free(env, sa); 1189 } 1190 return; 1191 } 1192 break; 1193 case IKEV2_EXCHANGE_IKE_AUTH: 1194 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 1195 case IKEV2_EXCHANGE_INFORMATIONAL: 1196 break; 1197 default: 1198 log_debug("%s: unsupported exchange: %s", __func__, 1199 print_map(hdr->ike_exchange, ikev2_exchange_map)); 1200 return; 1201 } 1202 1203 if (ikev2_pld_parse(env, hdr, msg, msg->msg_offset) != 0) { 1204 log_debug("%s: failed to parse message", __func__); 1205 return; 1206 } 1207 1208 if (sa->sa_fragments.frag_count != 0) 1209 return; 1210 1211 if (!ikev2_msg_frompeer(msg)) 1212 return; 1213 1214 if (ikev2_handle_notifies(env, msg) != 0) 1215 return; 1216 1217 if (msg->msg_nat_detected && sa->sa_natt == 0) 1218 ikev2_enable_natt(env, sa, msg, 1); 1219 1220 switch (hdr->ike_exchange) { 1221 case IKEV2_EXCHANGE_IKE_SA_INIT: 1222 if (ibuf_length(msg->msg_cookie)) { 1223 pol = sa->sa_policy; 1224 if (ikev2_init_ike_sa_peer(env, pol, 1225 &pol->pol_peer, msg) != 0) 1226 log_warnx("%s: failed to initiate a " 1227 "IKE_SA_INIT exchange", SPI_SA(sa, 1228 __func__)); 1229 break; 1230 } 1231 if (msg->msg_flags & IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN) { 1232 log_info("%s: failed to negotiate IKE SA", 1233 SPI_SA(sa, __func__)); 1234 ikev2_ike_sa_setreason(sa, "no proposal chosen"); 1235 sa_state(env, sa, IKEV2_STATE_CLOSED); 1236 msg->msg_sa = NULL; 1237 return; 1238 } 1239 if (ikev2_handle_certreq(env, msg) != 0) 1240 return; 1241 1242 if (ikev2_init_auth(env, msg) != 0) { 1243 ikev2_ike_sa_setreason(sa, 1244 "failed to initiate IKE_AUTH exchange"); 1245 sa_state(env, sa, IKEV2_STATE_CLOSED); 1246 msg->msg_sa = NULL; 1247 return; 1248 } 1249 break; 1250 case IKEV2_EXCHANGE_IKE_AUTH: 1251 if (msg->msg_flags & IKED_MSG_FLAGS_AUTHENTICATION_FAILED) { 1252 log_debug("%s: AUTHENTICATION_FAILED, closing SA", 1253 __func__); 1254 ikev2_log_cert_info(SPI_SA(sa, __func__), 1255 sa->sa_hdr.sh_initiator ? &sa->sa_rcert 1256 : &sa->sa_icert); 1257 ikev2_ike_sa_setreason(sa, 1258 "authentication failed notification from peer"); 1259 sa_state(env, sa, IKEV2_STATE_CLOSED); 1260 msg->msg_sa = NULL; 1261 return; 1262 } 1263 if (msg->msg_flags & IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN) { 1264 log_info("%s: failed to negotiate IKE SA", 1265 SPI_SA(sa, __func__)); 1266 ikev2_ike_sa_setreason(sa, "no proposal chosen (IKE SA)"); 1267 sa_state(env, sa, IKEV2_STATE_CLOSED); 1268 msg->msg_sa = NULL; 1269 return; 1270 } 1271 1272 (void)ikev2_ike_auth_recv(env, sa, msg); 1273 break; 1274 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 1275 if (msg->msg_flags & IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN) { 1276 log_info("%s: CREATE_CHILD_SA failed", 1277 SPI_SA(sa, __func__)); 1278 ikev2_ike_sa_setreason(sa, "no proposal chosen (CHILD SA)"); 1279 sa_state(env, sa, IKEV2_STATE_CLOSED); 1280 msg->msg_sa = NULL; 1281 return; 1282 } 1283 (void)ikev2_init_create_child_sa(env, msg); 1284 break; 1285 case IKEV2_EXCHANGE_INFORMATIONAL: 1286 sa->sa_stateflags &= ~IKED_REQ_INF; 1287 break; 1288 default: 1289 log_debug("%s: exchange %s not implemented", __func__, 1290 print_map(hdr->ike_exchange, ikev2_exchange_map)); 1291 break; 1292 } 1293 } 1294 1295 void 1296 ikev2_enable_natt(struct iked *env, struct iked_sa *sa, 1297 struct iked_message *msg, int udpencap) 1298 { 1299 struct iked_socket *sock; 1300 in_port_t port; 1301 1302 sock = ikev2_msg_getsocket(env, sa->sa_local.addr_af, 1); 1303 if (sock == NULL) 1304 return; 1305 1306 /* 1307 * Update address information and use the NAT-T 1308 * port and socket, if available. 1309 */ 1310 port = htons(socket_getport( 1311 (struct sockaddr *)&sock->sock_addr)); 1312 sa->sa_local.addr_port = port; 1313 sa->sa_peer.addr_port = port; 1314 (void)socket_af((struct sockaddr *)&sa->sa_local.addr, port); 1315 (void)socket_af((struct sockaddr *)&sa->sa_peer.addr, port); 1316 1317 msg->msg_fd = sa->sa_fd = sock->sock_fd; 1318 msg->msg_sock = sock; 1319 sa->sa_natt = 1; 1320 if (udpencap) 1321 sa->sa_udpencap = 1; 1322 1323 log_debug("%s: detected NAT, enabling UDP encapsulation," 1324 " updated SA to peer %s local %s", __func__, 1325 print_addr(&sa->sa_peer.addr), print_addr(&sa->sa_local.addr)); 1326 } 1327 1328 void 1329 ikev2_init_ike_sa(struct iked *env, void *arg) 1330 { 1331 struct iked_policy *pol; 1332 1333 TAILQ_FOREACH(pol, &env->sc_policies, pol_entry) { 1334 if ((pol->pol_flags & IKED_POLICY_ACTIVE) == 0) 1335 continue; 1336 if (!TAILQ_EMPTY(&pol->pol_sapeers)) { 1337 log_debug("%s: \"%s\" is already active", 1338 __func__, pol->pol_name); 1339 continue; 1340 } 1341 1342 log_info("%s: initiating \"%s\"", __func__, pol->pol_name); 1343 1344 if (ikev2_init_ike_sa_peer(env, pol, &pol->pol_peer, NULL)) 1345 log_debug("%s: failed to initiate with peer %s", 1346 __func__, print_addr(&pol->pol_peer.addr)); 1347 } 1348 1349 timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa, NULL); 1350 timer_add(env, &env->sc_inittmr, IKED_INITIATOR_INTERVAL); 1351 } 1352 1353 void 1354 ikev2_init_ike_sa_timeout(struct iked *env, void *arg) 1355 { 1356 struct iked_sa *sa = arg; 1357 1358 log_debug("%s: ispi %s rspi %s", __func__, 1359 print_spi(sa->sa_hdr.sh_ispi, 8), 1360 print_spi(sa->sa_hdr.sh_rspi, 8)); 1361 1362 ikev2_ike_sa_setreason(sa, "SA_INIT timeout"); 1363 sa_free(env, sa); 1364 } 1365 1366 int 1367 ikev2_init_ike_sa_peer(struct iked *env, struct iked_policy *pol, 1368 struct iked_addr *peer, struct iked_message *retry) 1369 { 1370 struct sockaddr_storage ss; 1371 struct iked_message req; 1372 struct ike_header *hdr; 1373 struct ikev2_payload *pld; 1374 struct ikev2_keyexchange *ke; 1375 struct ikev2_notify *n; 1376 struct iked_sa *sa = NULL; 1377 struct ibuf *buf, *cookie = NULL, *vendor_id = NULL; 1378 struct dh_group *group; 1379 ssize_t len; 1380 int ret = -1; 1381 struct iked_socket *sock; 1382 in_port_t port; 1383 1384 if ((sock = ikev2_msg_getsocket(env, peer->addr_af, 0)) == NULL) 1385 return (-1); 1386 1387 if (retry != NULL) { 1388 sa = retry->msg_sa; 1389 cookie = retry->msg_cookie; 1390 sa_state(env, sa, IKEV2_STATE_INIT); 1391 } 1392 1393 /* Create a new initiator SA */ 1394 if (sa == NULL && 1395 (sa = sa_new(env, 0, 0, 1, pol)) == NULL) 1396 return (-1); 1397 1398 /* Pick peer's DH group if asked */ 1399 if (pol->pol_peerdh > 0 && sa->sa_dhgroup == NULL && 1400 (sa->sa_dhgroup = group_get(pol->pol_peerdh)) == NULL) { 1401 log_warnx("%s: invalid peer DH group %u", SPI_SA(sa, __func__), 1402 pol->pol_peerdh); 1403 goto closeonly; 1404 } 1405 sa->sa_reqid = 0; 1406 1407 if (ikev2_sa_initiator(env, sa, NULL, NULL) == -1) 1408 goto closeonly; 1409 1410 if (pol->pol_local.addr.ss_family == AF_UNSPEC) { 1411 if (socket_getaddr(sock->sock_fd, &ss) == -1) 1412 goto closeonly; 1413 } else 1414 memcpy(&ss, &pol->pol_local.addr, pol->pol_local.addr.ss_len); 1415 1416 if ((buf = ikev2_msg_init(env, &req, &peer->addr, peer->addr.ss_len, 1417 &ss, ss.ss_len, 0)) == NULL) 1418 goto done; 1419 1420 /* Inherit the port from the 1st send socket */ 1421 port = htons(socket_getport((struct sockaddr *)&sock->sock_addr)); 1422 (void)socket_af((struct sockaddr *)&req.msg_local, port); 1423 (void)socket_af((struct sockaddr *)&req.msg_peer, port); 1424 1425 req.msg_fd = sock->sock_fd; 1426 req.msg_sa = sa; 1427 req.msg_sock = sock; 1428 req.msg_msgid = ikev2_msg_id(env, sa); 1429 1430 /* IKE header */ 1431 if ((hdr = ikev2_add_header(buf, sa, req.msg_msgid, 1432 cookie == NULL ? IKEV2_PAYLOAD_SA : IKEV2_PAYLOAD_NOTIFY, 1433 IKEV2_EXCHANGE_IKE_SA_INIT, 0)) == NULL) 1434 goto done; 1435 1436 /* Reflect COOKIE */ 1437 if (cookie) { 1438 if ((pld = ikev2_add_payload(buf)) == NULL) 1439 goto done; 1440 if ((n = ibuf_reserve(buf, sizeof(*n))) == NULL) 1441 goto done; 1442 n->n_protoid = IKEV2_SAPROTO_NONE; 1443 n->n_spisize = 0; 1444 n->n_type = htobe16(IKEV2_N_COOKIE); 1445 if (ikev2_add_buf(buf, cookie) == -1) 1446 goto done; 1447 len = sizeof(*n) + ibuf_size(cookie); 1448 1449 log_debug("%s: added cookie, len %zu", __func__, 1450 ibuf_size(cookie)); 1451 print_hexbuf(cookie); 1452 1453 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 1454 goto done; 1455 } 1456 1457 /* SA payload */ 1458 if ((pld = ikev2_add_payload(buf)) == NULL) 1459 goto done; 1460 if ((len = ikev2_add_proposals(env, sa, buf, &pol->pol_proposals, 1461 IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0, 0)) == -1) 1462 goto done; 1463 1464 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 1465 goto done; 1466 1467 /* KE payload */ 1468 if ((pld = ikev2_add_payload(buf)) == NULL) 1469 goto done; 1470 if ((ke = ibuf_reserve(buf, sizeof(*ke))) == NULL) 1471 goto done; 1472 if ((group = sa->sa_dhgroup) == NULL) { 1473 log_debug("%s: invalid dh", __func__); 1474 goto done; 1475 } 1476 ke->kex_dhgroup = htobe16(group->id); 1477 if (ikev2_add_buf(buf, sa->sa_dhiexchange) == -1) 1478 goto done; 1479 len = sizeof(*ke) + ibuf_size(sa->sa_dhiexchange); 1480 1481 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 1482 goto done; 1483 1484 /* NONCE payload */ 1485 if ((pld = ikev2_add_payload(buf)) == NULL) 1486 goto done; 1487 if (ikev2_add_buf(buf, sa->sa_inonce) == -1) 1488 goto done; 1489 len = ibuf_size(sa->sa_inonce); 1490 1491 if (env->sc_vendorid != 0) { 1492 vendor_id = ibuf_new(IKED_VENDOR_ID, strlen(IKED_VENDOR_ID)); 1493 ibuf_add(vendor_id, IKED_VERSION, strlen(IKED_VERSION)); 1494 if ((len = ikev2_add_vendor_id(buf, &pld, len, vendor_id)) 1495 == -1) 1496 goto done; 1497 } 1498 1499 /* Fragmentation Notify */ 1500 if (env->sc_frag) { 1501 if ((len = ikev2_add_fragmentation(buf, &pld, len)) 1502 == -1) 1503 goto done; 1504 } 1505 1506 if (env->sc_nattmode != NATT_DISABLE) { 1507 if (ntohs(port) == env->sc_nattport) { 1508 /* Enforce NAT-T on the initiator side */ 1509 log_debug("%s: enforcing NAT-T", __func__); 1510 req.msg_natt = sa->sa_natt = sa->sa_udpencap = 1; 1511 } 1512 if ((len = ikev2_add_nat_detection(env, buf, &pld, &req, len)) 1513 == -1) 1514 goto done; 1515 } 1516 1517 if ((len = ikev2_add_sighashnotify(buf, &pld, len)) == -1) 1518 goto done; 1519 1520 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1521 goto done; 1522 1523 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 1524 goto done; 1525 1526 (void)ikev2_pld_parse(env, hdr, &req, 0); 1527 1528 ibuf_free(sa->sa_1stmsg); 1529 if ((sa->sa_1stmsg = ibuf_dup(buf)) == NULL) { 1530 log_debug("%s: failed to copy 1st message", __func__); 1531 goto done; 1532 } 1533 1534 if ((ret = ikev2_msg_send(env, &req)) == 0) 1535 sa_state(env, sa, IKEV2_STATE_SA_INIT); 1536 1537 /* Setup exchange timeout. */ 1538 timer_set(env, &sa->sa_timer, ikev2_init_ike_sa_timeout, sa); 1539 timer_add(env, &sa->sa_timer, IKED_IKE_SA_EXCHANGE_TIMEOUT); 1540 1541 done: 1542 ikev2_msg_cleanup(env, &req); 1543 closeonly: 1544 if (ret == -1) { 1545 log_debug("%s: closing SA", __func__); 1546 ikev2_ike_sa_setreason(sa, "failed to send SA_INIT"); 1547 sa_free(env, sa); 1548 } 1549 ibuf_free(vendor_id); 1550 1551 return (ret); 1552 } 1553 1554 int 1555 ikev2_init_auth(struct iked *env, struct iked_message *msg) 1556 { 1557 struct iked_sa *sa = msg->msg_sa; 1558 struct ibuf *authmsg; 1559 1560 if (sa == NULL) 1561 return (-1); 1562 1563 if (ikev2_sa_initiator(env, sa, NULL, msg) == -1) { 1564 log_info("%s: failed to get IKE keys", SPI_SA(sa, __func__)); 1565 return (-1); 1566 } 1567 1568 if ((authmsg = ikev2_msg_auth(env, sa, 1569 !sa->sa_hdr.sh_initiator)) == NULL) { 1570 log_info("%s: failed to get auth data", SPI_SA(sa, __func__)); 1571 return (-1); 1572 } 1573 1574 if (ca_setauth(env, sa, authmsg, PROC_CERT) == -1) { 1575 log_info("%s: failed to get cert", SPI_SA(sa, __func__)); 1576 ibuf_free(authmsg); 1577 return (-1); 1578 } 1579 ibuf_free(authmsg); 1580 1581 return (ikev2_init_ike_auth(env, sa)); 1582 } 1583 1584 int 1585 ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa) 1586 { 1587 struct iked_policy *pol = sa->sa_policy; 1588 struct ikev2_payload *pld; 1589 struct ikev2_cert *cert; 1590 struct ikev2_auth *auth; 1591 struct iked_id *id, *certid, peerid; 1592 struct ibuf *e = NULL; 1593 uint8_t firstpayload; 1594 int ret = -1; 1595 ssize_t len; 1596 int i; 1597 1598 if (!sa_stateok(sa, IKEV2_STATE_SA_INIT)) 1599 return (0); 1600 1601 if (!sa->sa_localauth.id_type) { 1602 log_debug("%s: no local auth", __func__); 1603 return (0); 1604 } 1605 1606 /* New encrypted message buffer */ 1607 if ((e = ibuf_static()) == NULL) 1608 goto done; 1609 1610 id = &sa->sa_iid; 1611 certid = &sa->sa_icert; 1612 1613 /* ID payloads */ 1614 if ((pld = ikev2_add_payload(e)) == NULL) 1615 goto done; 1616 firstpayload = IKEV2_PAYLOAD_IDi; 1617 if (ibuf_add_buf(e, id->id_buf) != 0) 1618 goto done; 1619 len = ibuf_size(id->id_buf); 1620 1621 if (pol->pol_peerid.id_type) { 1622 bzero(&peerid, sizeof(peerid)); 1623 if (ikev2_policy2id(&pol->pol_peerid, &peerid, 0) != 0) { 1624 log_debug("%s: failed to get remote id", __func__); 1625 goto done; 1626 } 1627 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_IDr) == -1) 1628 goto done; 1629 if ((pld = ikev2_add_payload(e)) == NULL) 1630 goto done; 1631 if (ibuf_add_buf(e, peerid.id_buf) != 0) 1632 goto done; 1633 len = ibuf_size(peerid.id_buf); 1634 } 1635 1636 /* CERT payload */ 1637 if ((sa->sa_stateinit & IKED_REQ_CERT) && 1638 (certid->id_type != IKEV2_CERT_NONE)) { 1639 if (ikev2_next_payload(pld, len, 1640 IKEV2_PAYLOAD_CERT) == -1) 1641 goto done; 1642 if ((pld = ikev2_add_payload(e)) == NULL) 1643 goto done; 1644 if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL) 1645 goto done; 1646 cert->cert_type = certid->id_type; 1647 if (ibuf_add_buf(e, certid->id_buf) != 0) 1648 goto done; 1649 len = ibuf_size(certid->id_buf) + sizeof(*cert); 1650 1651 for (i = 0; i < IKED_SCERT_MAX; i++) { 1652 if (sa->sa_scert[i].id_type == IKEV2_CERT_NONE) 1653 break; 1654 if (ikev2_next_payload(pld, len, 1655 IKEV2_PAYLOAD_CERT) == -1) 1656 goto done; 1657 if ((pld = ikev2_add_payload(e)) == NULL) 1658 goto done; 1659 if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL) 1660 goto done; 1661 cert->cert_type = sa->sa_scert[i].id_type; 1662 if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) != 0) 1663 goto done; 1664 len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert); 1665 } 1666 1667 /* CERTREQ payload(s) */ 1668 if ((len = ikev2_add_certreq(e, &pld, 1669 len, env->sc_certreq, env->sc_certreqtype)) == -1) 1670 goto done; 1671 1672 if (env->sc_certreqtype != pol->pol_certreqtype && 1673 (len = ikev2_add_certreq(e, &pld, 1674 len, NULL, pol->pol_certreqtype)) == -1) 1675 goto done; 1676 } 1677 1678 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 1679 goto done; 1680 1681 /* AUTH payload */ 1682 if ((pld = ikev2_add_payload(e)) == NULL) 1683 goto done; 1684 if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL) 1685 goto done; 1686 auth->auth_method = sa->sa_localauth.id_type; 1687 if (ibuf_add_buf(e, sa->sa_localauth.id_buf) != 0) 1688 goto done; 1689 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 1690 1691 /* CP payload */ 1692 if (ikev2_cp_request_configured(sa)) { 1693 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CP) == -1) 1694 goto done; 1695 if ((pld = ikev2_add_payload(e)) == NULL) 1696 goto done; 1697 if ((len = ikev2_init_add_cp(env, sa, e)) == -1) 1698 goto done; 1699 } 1700 1701 if ((pol->pol_flags & IKED_POLICY_IPCOMP) && 1702 (len = ikev2_add_ipcompnotify(env, e, &pld, len, sa, 1)) == -1) 1703 goto done; 1704 if ((pol->pol_flags & IKED_POLICY_TRANSPORT) && 1705 (len = ikev2_add_transport_mode(env, e, &pld, len, sa)) == -1) 1706 goto done; 1707 1708 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 1709 goto done; 1710 1711 /* SA payload */ 1712 if ((pld = ikev2_add_payload(e)) == NULL) 1713 goto done; 1714 if ((len = ikev2_add_proposals(env, sa, e, &pol->pol_proposals, 0, 1715 sa->sa_hdr.sh_initiator, 0, 1)) == -1) 1716 goto done; 1717 1718 if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) 1719 goto done; 1720 1721 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 1722 goto done; 1723 1724 ret = ikev2_msg_send_encrypt(env, sa, &e, 1725 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 0); 1726 1727 done: 1728 ibuf_free(e); 1729 1730 return (ret); 1731 } 1732 1733 void 1734 ikev2_enable_timer(struct iked *env, struct iked_sa *sa) 1735 { 1736 sa->sa_last_recvd = gettime(); 1737 timer_set(env, &sa->sa_timer, ikev2_ike_sa_alive, sa); 1738 if (env->sc_alive_timeout > 0) 1739 timer_add(env, &sa->sa_timer, env->sc_alive_timeout); 1740 timer_set(env, &sa->sa_keepalive, ikev2_ike_sa_keepalive, sa); 1741 if (sa->sa_usekeepalive) 1742 timer_add(env, &sa->sa_keepalive, 1743 IKED_IKE_SA_KEEPALIVE_TIMEOUT); 1744 timer_set(env, &sa->sa_rekey, ikev2_ike_sa_rekey, sa); 1745 if (sa->sa_policy->pol_rekey) 1746 ikev2_ike_sa_rekey_schedule(env, sa); 1747 } 1748 1749 void 1750 ikev2_reset_alive_timer(struct iked *env) 1751 { 1752 struct iked_sa *sa; 1753 1754 RB_FOREACH(sa, iked_sas, &env->sc_sas) { 1755 if (sa->sa_state != IKEV2_STATE_ESTABLISHED) 1756 continue; 1757 timer_del(env, &sa->sa_timer); 1758 if (env->sc_alive_timeout > 0) 1759 timer_add(env, &sa->sa_timer, env->sc_alive_timeout); 1760 } 1761 } 1762 1763 void 1764 ikev2_disable_timer(struct iked *env, struct iked_sa *sa) 1765 { 1766 timer_del(env, &sa->sa_timer); 1767 timer_del(env, &sa->sa_keepalive); 1768 timer_del(env, &sa->sa_rekey); 1769 } 1770 1771 int 1772 ikev2_init_done(struct iked *env, struct iked_sa *sa) 1773 { 1774 int ret; 1775 1776 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 1777 return (0); /* ignored */ 1778 1779 ret = ikev2_childsa_negotiate(env, sa, &sa->sa_kex, &sa->sa_proposals, 1780 sa->sa_hdr.sh_initiator, 0); 1781 if (ret == 0) 1782 ret = ikev2_childsa_enable(env, sa); 1783 if (ret == 0) { 1784 sa_state(env, sa, IKEV2_STATE_ESTABLISHED); 1785 /* Delete exchange timeout. */ 1786 timer_del(env, &sa->sa_timer); 1787 ikev2_enable_timer(env, sa); 1788 ikev2_log_established(sa); 1789 ikev2_record_dstid(env, sa); 1790 sa_configure_iface(env, sa, 1); 1791 } 1792 1793 if (ret) 1794 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 1795 return (ret); 1796 } 1797 1798 int 1799 ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) 1800 { 1801 struct ikev2_id hdr; 1802 struct iked_static_id localpid; 1803 char idstr[IKED_ID_SIZE]; 1804 struct in_addr in4; 1805 struct in6_addr in6; 1806 X509_NAME *name = NULL; 1807 uint8_t *p; 1808 int len; 1809 1810 /* Fixup the local Id if not specified */ 1811 if (srcid && polid->id_type == 0) { 1812 polid = &localpid; 1813 bzero(polid, sizeof(*polid)); 1814 1815 /* Create a default local ID based on our FQDN */ 1816 polid->id_type = IKEV2_ID_FQDN; 1817 if (gethostname((char *)polid->id_data, 1818 sizeof(polid->id_data)) != 0) 1819 return (-1); 1820 polid->id_offset = 0; 1821 polid->id_length = 1822 strlen((char *)polid->id_data); /* excluding NUL */ 1823 } 1824 1825 if (!polid->id_length) 1826 return (-1); 1827 1828 /* Create an IKEv2 ID payload */ 1829 bzero(&hdr, sizeof(hdr)); 1830 hdr.id_type = id->id_type = polid->id_type; 1831 id->id_offset = sizeof(hdr); 1832 1833 ibuf_free(id->id_buf); 1834 if ((id->id_buf = ibuf_new(&hdr, sizeof(hdr))) == NULL) 1835 return (-1); 1836 1837 switch (id->id_type) { 1838 case IKEV2_ID_IPV4: 1839 if (inet_pton(AF_INET, (char *)polid->id_data, &in4) != 1 || 1840 ibuf_add(id->id_buf, &in4, sizeof(in4)) != 0) { 1841 ibuf_free(id->id_buf); 1842 id->id_buf = NULL; 1843 return (-1); 1844 } 1845 break; 1846 case IKEV2_ID_IPV6: 1847 if (inet_pton(AF_INET6, (char *)polid->id_data, &in6) != 1 || 1848 ibuf_add(id->id_buf, &in6, sizeof(in6)) != 0) { 1849 ibuf_free(id->id_buf); 1850 id->id_buf = NULL; 1851 return (-1); 1852 } 1853 break; 1854 case IKEV2_ID_ASN1_DN: 1855 /* policy has ID in string-format, convert to ASN1 */ 1856 if ((name = ca_x509_name_parse(polid->id_data)) == NULL || 1857 (len = i2d_X509_NAME(name, NULL)) < 0 || 1858 (p = ibuf_reserve(id->id_buf, len)) == NULL || 1859 (i2d_X509_NAME(name, &p)) < 0) { 1860 if (name) 1861 X509_NAME_free(name); 1862 ibuf_free(id->id_buf); 1863 id->id_buf = NULL; 1864 return (-1); 1865 } 1866 X509_NAME_free(name); 1867 break; 1868 default: 1869 if (ibuf_add(id->id_buf, 1870 polid->id_data, polid->id_length) != 0) { 1871 ibuf_free(id->id_buf); 1872 id->id_buf = NULL; 1873 return (-1); 1874 } 1875 break; 1876 } 1877 1878 if (ikev2_print_id(id, idstr, sizeof(idstr)) == -1) 1879 return (-1); 1880 1881 log_debug("%s: %s %s length %zu", __func__, 1882 srcid ? "srcid" : "dstid", 1883 idstr, ibuf_size(id->id_buf)); 1884 1885 return (0); 1886 } 1887 1888 struct ike_header * 1889 ikev2_add_header(struct ibuf *buf, struct iked_sa *sa, 1890 uint32_t msgid, uint8_t nextpayload, 1891 uint8_t exchange, uint8_t flags) 1892 { 1893 struct ike_header *hdr; 1894 1895 if ((hdr = ibuf_reserve(buf, sizeof(*hdr))) == NULL) { 1896 log_debug("%s: failed to add header", __func__); 1897 return (NULL); 1898 } 1899 1900 hdr->ike_ispi = htobe64(sa->sa_hdr.sh_ispi); 1901 hdr->ike_rspi = htobe64(sa->sa_hdr.sh_rspi); 1902 hdr->ike_nextpayload = nextpayload; 1903 hdr->ike_version = IKEV2_VERSION; 1904 hdr->ike_exchange = exchange; 1905 hdr->ike_msgid = htobe32(msgid); 1906 hdr->ike_length = htobe32(sizeof(*hdr)); 1907 hdr->ike_flags = flags; 1908 1909 if (sa->sa_hdr.sh_initiator) 1910 hdr->ike_flags |= IKEV2_FLAG_INITIATOR; 1911 1912 return (hdr); 1913 } 1914 1915 int 1916 ikev2_set_header(struct ike_header *hdr, size_t length) 1917 { 1918 uint32_t hdrlength = sizeof(*hdr) + length; 1919 1920 if (hdrlength > UINT32_MAX) { 1921 log_debug("%s: message too long", __func__); 1922 return (-1); 1923 } 1924 1925 hdr->ike_length = htobe32(sizeof(*hdr) + length); 1926 1927 return (0); 1928 } 1929 1930 struct ikev2_payload * 1931 ikev2_add_payload(struct ibuf *buf) 1932 { 1933 struct ikev2_payload *pld; 1934 1935 if ((pld = ibuf_reserve(buf, sizeof(*pld))) == NULL) { 1936 log_debug("%s: failed to add payload", __func__); 1937 return (NULL); 1938 } 1939 1940 pld->pld_nextpayload = IKEV2_PAYLOAD_NONE; 1941 pld->pld_length = sizeof(*pld); 1942 1943 return (pld); 1944 } 1945 1946 ssize_t 1947 ikev2_add_ts_payload(struct ibuf *buf, unsigned int type, struct iked_sa *sa) 1948 { 1949 struct iked_policy *pol = sa->sa_policy; 1950 struct ikev2_tsp *tsp; 1951 struct ikev2_ts *ts; 1952 struct iked_addr *addr; 1953 struct iked_addr pooladdr; 1954 uint8_t *ptr; 1955 size_t len = 0; 1956 uint32_t av[4], bv[4], mv[4]; 1957 struct sockaddr_in *in4; 1958 struct sockaddr_in6 *in6; 1959 struct iked_tss *tss; 1960 struct iked_ts *tsi; 1961 1962 bzero(&pooladdr, sizeof(pooladdr)); 1963 1964 if ((tsp = ibuf_reserve(buf, sizeof(*tsp))) == NULL) 1965 return (-1); 1966 len = sizeof(*tsp); 1967 1968 if (type == IKEV2_PAYLOAD_TSi) { 1969 if (sa->sa_hdr.sh_initiator) { 1970 tss = &pol->pol_tssrc; 1971 tsp->tsp_count = pol->pol_tssrc_count; 1972 } else { 1973 tss = &pol->pol_tsdst; 1974 tsp->tsp_count = pol->pol_tsdst_count; 1975 } 1976 } else if (type == IKEV2_PAYLOAD_TSr) { 1977 if (sa->sa_hdr.sh_initiator) { 1978 tss = &pol->pol_tsdst; 1979 tsp->tsp_count = pol->pol_tsdst_count; 1980 } else { 1981 tss = &pol->pol_tssrc; 1982 tsp->tsp_count = pol->pol_tssrc_count; 1983 } 1984 } else 1985 return (-1); 1986 1987 TAILQ_FOREACH(tsi, tss, ts_entry) { 1988 if ((ts = ibuf_reserve(buf, sizeof(*ts))) == NULL) 1989 return (-1); 1990 1991 addr = &tsi->ts_addr; 1992 1993 /* patch remote address (if configured to 0.0.0.0) */ 1994 if ((type == IKEV2_PAYLOAD_TSi && !sa->sa_hdr.sh_initiator) || 1995 (type == IKEV2_PAYLOAD_TSr && sa->sa_hdr.sh_initiator)) { 1996 if (ikev2_cp_fixaddr(sa, addr, &pooladdr) == 0) 1997 addr = &pooladdr; 1998 } 1999 2000 ts->ts_protoid = tsi->ts_ipproto; 2001 2002 if (addr->addr_port) { 2003 ts->ts_startport = addr->addr_port; 2004 ts->ts_endport = addr->addr_port; 2005 } else { 2006 ts->ts_startport = 0; 2007 ts->ts_endport = 0xffff; 2008 } 2009 2010 switch (addr->addr_af) { 2011 case AF_INET: 2012 ts->ts_type = IKEV2_TS_IPV4_ADDR_RANGE; 2013 ts->ts_length = htobe16(sizeof(*ts) + 8); 2014 2015 if ((ptr = ibuf_reserve(buf, 8)) == NULL) 2016 return (-1); 2017 2018 in4 = (struct sockaddr_in *)&addr->addr; 2019 if (addr->addr_net) { 2020 /* Convert IPv4 network to address range */ 2021 mv[0] = prefixlen2mask(addr->addr_mask); 2022 av[0] = in4->sin_addr.s_addr & mv[0]; 2023 bv[0] = in4->sin_addr.s_addr | ~mv[0]; 2024 } else 2025 av[0] = bv[0] = in4->sin_addr.s_addr; 2026 2027 memcpy(ptr, &av[0], 4); 2028 memcpy(ptr + 4, &bv[0], 4); 2029 break; 2030 case AF_INET6: 2031 ts->ts_type = IKEV2_TS_IPV6_ADDR_RANGE; 2032 ts->ts_length = htobe16(sizeof(*ts) + 32); 2033 2034 if ((ptr = ibuf_reserve(buf, 32)) == NULL) 2035 return (-1); 2036 2037 in6 = (struct sockaddr_in6 *)&addr->addr; 2038 2039 memcpy(&av, &in6->sin6_addr.s6_addr, 16); 2040 memcpy(&bv, &in6->sin6_addr.s6_addr, 16); 2041 if (addr->addr_net) { 2042 /* Convert IPv6 network to address range */ 2043 prefixlen2mask6(addr->addr_mask, mv); 2044 av[0] &= mv[0]; 2045 av[1] &= mv[1]; 2046 av[2] &= mv[2]; 2047 av[3] &= mv[3]; 2048 bv[0] |= ~mv[0]; 2049 bv[1] |= ~mv[1]; 2050 bv[2] |= ~mv[2]; 2051 bv[3] |= ~mv[3]; 2052 } 2053 2054 memcpy(ptr, &av, 16); 2055 memcpy(ptr + 16, &bv, 16); 2056 break; 2057 } 2058 2059 len += betoh16(ts->ts_length); 2060 } 2061 2062 return (len); 2063 } 2064 2065 ssize_t 2066 ikev2_add_ts(struct ibuf *e, struct ikev2_payload **pld, ssize_t len, 2067 struct iked_sa *sa, int reverse) 2068 { 2069 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSi) == -1) 2070 return (-1); 2071 2072 /* TSi payload */ 2073 if ((*pld = ikev2_add_payload(e)) == NULL) 2074 return (-1); 2075 if ((len = ikev2_add_ts_payload(e, reverse ? IKEV2_PAYLOAD_TSr : 2076 IKEV2_PAYLOAD_TSi, sa)) == -1) 2077 return (-1); 2078 2079 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSr) == -1) 2080 return (-1); 2081 2082 /* TSr payload */ 2083 if ((*pld = ikev2_add_payload(e)) == NULL) 2084 return (-1); 2085 if ((len = ikev2_add_ts_payload(e, reverse ? IKEV2_PAYLOAD_TSi : 2086 IKEV2_PAYLOAD_TSr, sa)) == -1) 2087 return (-1); 2088 2089 return (len); 2090 } 2091 2092 2093 ssize_t 2094 ikev2_add_certreq(struct ibuf *e, struct ikev2_payload **pld, ssize_t len, 2095 struct ibuf *certreq, uint8_t type) 2096 { 2097 struct ikev2_cert *cert; 2098 2099 if (type == IKEV2_CERT_NONE) 2100 return (len); 2101 2102 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_CERTREQ) == -1) 2103 return (-1); 2104 2105 /* CERTREQ payload */ 2106 if ((*pld = ikev2_add_payload(e)) == NULL) 2107 return (-1); 2108 2109 if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL) 2110 return (-1); 2111 2112 cert->cert_type = type; 2113 len = sizeof(*cert); 2114 2115 if (certreq != NULL && cert->cert_type == IKEV2_CERT_X509_CERT) { 2116 if (ikev2_add_buf(e, certreq) == -1) 2117 return (-1); 2118 len += ibuf_size(certreq); 2119 } 2120 2121 log_debug("%s: type %s length %zd", __func__, 2122 print_map(type, ikev2_cert_map), len); 2123 2124 return (len); 2125 } 2126 2127 ssize_t 2128 ikev2_add_ipcompnotify(struct iked *env, struct ibuf *e, 2129 struct ikev2_payload **pld, ssize_t len, struct iked_sa *sa, 2130 int initiator) 2131 { 2132 struct iked_childsa csa; 2133 struct iked_ipcomp *ic; 2134 struct ikev2_notify *n; 2135 uint8_t *ptr; 2136 uint16_t cpi; 2137 uint32_t spi; 2138 uint8_t transform; 2139 2140 /* we only support deflate */ 2141 transform = IKEV2_IPCOMP_DEFLATE; 2142 ic = initiator ? &sa->sa_ipcompi : &sa->sa_ipcompr; 2143 2144 if (initiator) { 2145 bzero(&csa, sizeof(csa)); 2146 csa.csa_saproto = IKEV2_SAPROTO_IPCOMP; 2147 csa.csa_ikesa = sa; 2148 csa.csa_local = &sa->sa_peer; 2149 csa.csa_peer = &sa->sa_local; 2150 if (pfkey_sa_init(env, &csa, &spi) == -1) 2151 return (-1); 2152 ic->ic_cpi_in = spi; 2153 } else { 2154 spi = ic->ic_cpi_in; 2155 /* make sure IPCOMP CPIs are not reused */ 2156 ic->ic_transform = 0; 2157 ic->ic_cpi_in = 0; 2158 ic->ic_cpi_out = 0; 2159 } 2160 log_debug("%s: ic_cpi_in 0x%04x", __func__, spi); 2161 2162 /* 2163 * We get spi == 0 if the kernel does not support IPcomp, 2164 * so just return the length of the current payload. 2165 */ 2166 if (spi == 0) 2167 return (len); 2168 cpi = htobe16((uint16_t)spi); 2169 if (*pld) 2170 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2171 return (-1); 2172 if ((*pld = ikev2_add_payload(e)) == NULL) 2173 return (-1); 2174 len = sizeof(*n) + sizeof(cpi) + sizeof(transform); 2175 if ((ptr = ibuf_reserve(e, len)) == NULL) 2176 return (-1); 2177 n = (struct ikev2_notify *)ptr; 2178 n->n_protoid = 0; 2179 n->n_spisize = 0; 2180 n->n_type = htobe16(IKEV2_N_IPCOMP_SUPPORTED); 2181 ptr += sizeof(*n); 2182 memcpy(ptr, &cpi, sizeof(cpi)); 2183 ptr += sizeof(cpi); 2184 memcpy(ptr, &transform, sizeof(transform)); 2185 2186 return (len); 2187 } 2188 2189 ssize_t 2190 ikev2_add_notify(struct ibuf *e, struct ikev2_payload **pld, ssize_t len, 2191 uint16_t notify) 2192 { 2193 struct ikev2_notify *n; 2194 2195 if (*pld) 2196 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2197 return (-1); 2198 if ((*pld = ikev2_add_payload(e)) == NULL) 2199 return (-1); 2200 len = sizeof(*n); 2201 if ((n = ibuf_reserve(e, len)) == NULL) 2202 return (-1); 2203 n->n_protoid = 0; 2204 n->n_spisize = 0; 2205 n->n_type = htobe16(notify); 2206 log_debug("%s: done", __func__); 2207 2208 return (len); 2209 } 2210 2211 ssize_t 2212 ikev2_add_vendor_id(struct ibuf *e, struct ikev2_payload **pld, 2213 ssize_t len, struct ibuf *id) 2214 { 2215 if (*pld) 2216 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_VENDOR) == -1) 2217 return (-1); 2218 if ((*pld = ikev2_add_payload(e)) == NULL) 2219 return (-1); 2220 if (ibuf_add_buf(e, id) == -1) 2221 return (-1); 2222 2223 return (ibuf_size(id)); 2224 } 2225 2226 ssize_t 2227 ikev2_add_mobike(struct ibuf *e, struct ikev2_payload **pld, ssize_t len) 2228 { 2229 return ikev2_add_notify(e, pld, len, IKEV2_N_MOBIKE_SUPPORTED); 2230 } 2231 2232 ssize_t 2233 ikev2_add_fragmentation(struct ibuf *buf, struct ikev2_payload **pld, 2234 ssize_t len) 2235 { 2236 return ikev2_add_notify(buf, pld, len, IKEV2_N_FRAGMENTATION_SUPPORTED); 2237 } 2238 2239 ssize_t 2240 ikev2_add_sighashnotify(struct ibuf *e, struct ikev2_payload **pld, 2241 ssize_t len) 2242 { 2243 struct ikev2_notify *n; 2244 uint8_t *ptr; 2245 size_t i; 2246 uint16_t hash, signature_hashes[] = { 2247 IKEV2_SIGHASH_SHA2_256, 2248 IKEV2_SIGHASH_SHA2_384, 2249 IKEV2_SIGHASH_SHA2_512 2250 }; 2251 2252 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2253 return (-1); 2254 2255 /* XXX signature_hashes are hardcoded for now */ 2256 len = sizeof(*n) + nitems(signature_hashes) * sizeof(hash); 2257 2258 /* NOTIFY payload */ 2259 if ((*pld = ikev2_add_payload(e)) == NULL) 2260 return (-1); 2261 if ((ptr = ibuf_reserve(e, len)) == NULL) 2262 return (-1); 2263 2264 n = (struct ikev2_notify *)ptr; 2265 n->n_protoid = 0; 2266 n->n_spisize = 0; 2267 n->n_type = htobe16(IKEV2_N_SIGNATURE_HASH_ALGORITHMS); 2268 ptr += sizeof(*n); 2269 2270 for (i = 0; i < nitems(signature_hashes); i++) { 2271 hash = htobe16(signature_hashes[i]); 2272 memcpy(ptr, &hash, sizeof(hash)); 2273 ptr += sizeof(hash); 2274 } 2275 2276 return (len); 2277 } 2278 2279 ssize_t 2280 ikev2_add_transport_mode(struct iked *env, struct ibuf *e, 2281 struct ikev2_payload **pld, ssize_t len, struct iked_sa *sa) 2282 { 2283 return ikev2_add_notify(e, pld, len, IKEV2_N_USE_TRANSPORT_MODE); 2284 } 2285 2286 int 2287 ikev2_next_payload(struct ikev2_payload *pld, size_t length, 2288 uint8_t nextpayload) 2289 { 2290 size_t pldlength = sizeof(*pld) + length; 2291 2292 if (pldlength > UINT16_MAX) { 2293 log_debug("%s: payload too long", __func__); 2294 return (-1); 2295 } 2296 2297 log_debug("%s: length %zu nextpayload %s", 2298 __func__, pldlength, print_map(nextpayload, ikev2_payload_map)); 2299 2300 pld->pld_length = htobe16(pldlength); 2301 pld->pld_nextpayload = nextpayload; 2302 2303 return (0); 2304 } 2305 2306 ssize_t 2307 ikev2_nat_detection(struct iked *env, struct iked_message *msg, 2308 void *ptr, size_t len, unsigned int type, int frompeer) 2309 { 2310 EVP_MD_CTX *ctx; 2311 struct ike_header *hdr; 2312 uint8_t md[SHA_DIGEST_LENGTH]; 2313 unsigned int mdlen = sizeof(md); 2314 struct iked_sa *sa = msg->msg_sa; 2315 struct sockaddr_in *in4; 2316 struct sockaddr_in6 *in6; 2317 ssize_t ret = -1; 2318 struct sockaddr_storage *src, *dst, *ss; 2319 uint64_t rspi, ispi; 2320 struct ibuf *buf; 2321 uint32_t rnd; 2322 2323 if (ptr == NULL) 2324 return (mdlen); 2325 2326 if (frompeer) { 2327 buf = msg->msg_parent->msg_data; 2328 if ((hdr = ibuf_seek(buf, 0, sizeof(*hdr))) == NULL) 2329 return (-1); 2330 ispi = hdr->ike_ispi; 2331 rspi = hdr->ike_rspi; 2332 src = &msg->msg_peer; 2333 dst = &msg->msg_local; 2334 } else { 2335 ispi = htobe64(sa->sa_hdr.sh_ispi); 2336 rspi = htobe64(sa->sa_hdr.sh_rspi); 2337 src = &msg->msg_local; 2338 dst = &msg->msg_peer; 2339 } 2340 2341 ctx = EVP_MD_CTX_new(); 2342 if (ctx == NULL) 2343 return (-1); 2344 EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); 2345 2346 switch (type) { 2347 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 2348 log_debug("%s: %s source %s %s %s", __func__, 2349 frompeer ? "peer" : "local", 2350 print_spi(betoh64(ispi), 8), 2351 print_spi(betoh64(rspi), 8), 2352 print_addr(src)); 2353 ss = src; 2354 break; 2355 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 2356 log_debug("%s: %s destination %s %s %s", __func__, 2357 frompeer ? "peer" : "local", 2358 print_spi(betoh64(ispi), 8), 2359 print_spi(betoh64(rspi), 8), 2360 print_addr(dst)); 2361 ss = dst; 2362 break; 2363 default: 2364 goto done; 2365 } 2366 2367 EVP_DigestUpdate(ctx, &ispi, sizeof(ispi)); 2368 EVP_DigestUpdate(ctx, &rspi, sizeof(rspi)); 2369 2370 switch (ss->ss_family) { 2371 case AF_INET: 2372 in4 = (struct sockaddr_in *)ss; 2373 EVP_DigestUpdate(ctx, &in4->sin_addr.s_addr, 2374 sizeof(in4->sin_addr.s_addr)); 2375 EVP_DigestUpdate(ctx, &in4->sin_port, 2376 sizeof(in4->sin_port)); 2377 break; 2378 case AF_INET6: 2379 in6 = (struct sockaddr_in6 *)ss; 2380 EVP_DigestUpdate(ctx, &in6->sin6_addr.s6_addr, 2381 sizeof(in6->sin6_addr.s6_addr)); 2382 EVP_DigestUpdate(ctx, &in6->sin6_port, 2383 sizeof(in6->sin6_port)); 2384 break; 2385 default: 2386 goto done; 2387 } 2388 2389 if (env->sc_nattmode == NATT_FORCE) { 2390 /* Enforce NAT-T/UDP-encapsulation by distorting the digest */ 2391 rnd = arc4random(); 2392 EVP_DigestUpdate(ctx, &rnd, sizeof(rnd)); 2393 } 2394 2395 EVP_DigestFinal_ex(ctx, md, &mdlen); 2396 2397 if (len < mdlen) 2398 goto done; 2399 2400 memcpy(ptr, md, mdlen); 2401 ret = mdlen; 2402 done: 2403 EVP_MD_CTX_free(ctx); 2404 2405 return (ret); 2406 } 2407 2408 ssize_t 2409 ikev2_add_nat_detection(struct iked *env, struct ibuf *buf, 2410 struct ikev2_payload **pld, struct iked_message *msg, ssize_t len) 2411 { 2412 struct ikev2_notify *n; 2413 uint8_t *ptr; 2414 2415 /* *pld is NULL if there is no previous payload */ 2416 if (*pld != NULL) { 2417 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2418 return (-1); 2419 } 2420 /* NAT-T notify payloads */ 2421 if ((*pld = ikev2_add_payload(buf)) == NULL) 2422 return (-1); 2423 if ((n = ibuf_reserve(buf, sizeof(*n))) == NULL) 2424 return (-1); 2425 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_SOURCE_IP); 2426 len = ikev2_nat_detection(env, msg, NULL, 0, 0, 0); 2427 if ((ptr = ibuf_reserve(buf, len)) == NULL) 2428 return (-1); 2429 if ((len = ikev2_nat_detection(env, msg, ptr, len, 2430 betoh16(n->n_type), 0)) == -1) 2431 return (-1); 2432 len += sizeof(*n); 2433 2434 if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2435 return (-1); 2436 2437 if ((*pld = ikev2_add_payload(buf)) == NULL) 2438 return (-1); 2439 if ((n = ibuf_reserve(buf, sizeof(*n))) == NULL) 2440 return (-1); 2441 n->n_type = htobe16(IKEV2_N_NAT_DETECTION_DESTINATION_IP); 2442 len = ikev2_nat_detection(env, msg, NULL, 0, 0, 0); 2443 if ((ptr = ibuf_reserve(buf, len)) == NULL) 2444 return (-1); 2445 if ((len = ikev2_nat_detection(env, msg, ptr, len, 2446 betoh16(n->n_type), 0)) == -1) 2447 return (-1); 2448 len += sizeof(*n); 2449 return (len); 2450 } 2451 2452 ssize_t 2453 ikev2_add_cp(struct iked *env, struct iked_sa *sa, int type, struct ibuf *buf) 2454 { 2455 struct iked_policy *pol = sa->sa_policy; 2456 struct ikev2_cp *cp; 2457 struct ikev2_cfg *cfg; 2458 struct iked_cfg *ikecfg; 2459 unsigned int i; 2460 uint32_t mask4; 2461 size_t len; 2462 struct sockaddr_in *in4; 2463 struct sockaddr_in6 *in6; 2464 uint8_t prefixlen; 2465 int sent_addr4 = 0, sent_addr6 = 0; 2466 int have_mask4 = 0, sent_mask4 = 0; 2467 2468 if ((cp = ibuf_reserve(buf, sizeof(*cp))) == NULL) 2469 return (-1); 2470 len = sizeof(*cp); 2471 2472 switch (type) { 2473 case IKEV2_CP_REQUEST: 2474 case IKEV2_CP_REPLY: 2475 cp->cp_type = type; 2476 break; 2477 default: 2478 /* Not yet supported */ 2479 return (-1); 2480 } 2481 2482 for (i = 0; i < pol->pol_ncfg; i++) { 2483 ikecfg = &pol->pol_cfg[i]; 2484 if (ikecfg->cfg_action != cp->cp_type) 2485 continue; 2486 /* only return one address in case of multiple pools */ 2487 if (type == IKEV2_CP_REPLY) { 2488 switch (ikecfg->cfg_type) { 2489 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 2490 if (sent_addr4) 2491 continue; 2492 break; 2493 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 2494 if (sent_addr6) 2495 continue; 2496 break; 2497 } 2498 } 2499 2500 if ((cfg = ibuf_reserve(buf, sizeof(*cfg))) == NULL) 2501 return (-1); 2502 2503 cfg->cfg_type = htobe16(ikecfg->cfg_type); 2504 len += sizeof(*cfg); 2505 2506 switch (ikecfg->cfg_type) { 2507 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 2508 case IKEV2_CFG_INTERNAL_IP4_NETMASK: 2509 case IKEV2_CFG_INTERNAL_IP4_DNS: 2510 case IKEV2_CFG_INTERNAL_IP4_NBNS: 2511 case IKEV2_CFG_INTERNAL_IP4_DHCP: 2512 case IKEV2_CFG_INTERNAL_IP4_SERVER: 2513 /* 4 bytes IPv4 address */ 2514 in4 = ((ikecfg->cfg_type == 2515 IKEV2_CFG_INTERNAL_IP4_ADDRESS) && 2516 sa->sa_addrpool && 2517 sa->sa_addrpool->addr_af == AF_INET) ? 2518 (struct sockaddr_in *)&sa->sa_addrpool->addr : 2519 (struct sockaddr_in *)&ikecfg->cfg.address.addr; 2520 /* don't include unspecified address in request */ 2521 if (type == IKEV2_CP_REQUEST && 2522 !in4->sin_addr.s_addr) 2523 break; 2524 cfg->cfg_length = htobe16(4); 2525 if (ibuf_add(buf, &in4->sin_addr.s_addr, 4) == -1) 2526 return (-1); 2527 len += 4; 2528 if (ikecfg->cfg_type == IKEV2_CFG_INTERNAL_IP4_ADDRESS) { 2529 sent_addr4 = 1; 2530 if (sa->sa_addrpool && 2531 sa->sa_addrpool->addr_af == AF_INET && 2532 sa->sa_addrpool->addr_mask != 0) 2533 have_mask4 = 1; 2534 } 2535 if (ikecfg->cfg_type == IKEV2_CFG_INTERNAL_IP4_NETMASK) 2536 sent_mask4 = 1; 2537 break; 2538 case IKEV2_CFG_INTERNAL_IP4_SUBNET: 2539 /* 4 bytes IPv4 address + 4 bytes IPv4 mask + */ 2540 in4 = (struct sockaddr_in *)&ikecfg->cfg.address.addr; 2541 mask4 = prefixlen2mask(ikecfg->cfg.address.addr_mask); 2542 cfg->cfg_length = htobe16(8); 2543 if (ibuf_add(buf, &in4->sin_addr.s_addr, 4) == -1) 2544 return (-1); 2545 if (ibuf_add(buf, &mask4, 4) == -1) 2546 return (-1); 2547 len += 8; 2548 break; 2549 case IKEV2_CFG_INTERNAL_IP6_DNS: 2550 case IKEV2_CFG_INTERNAL_IP6_NBNS: 2551 case IKEV2_CFG_INTERNAL_IP6_DHCP: 2552 case IKEV2_CFG_INTERNAL_IP6_SERVER: 2553 /* 16 bytes IPv6 address */ 2554 in6 = (struct sockaddr_in6 *)&ikecfg->cfg.address.addr; 2555 cfg->cfg_length = htobe16(16); 2556 if (ibuf_add(buf, &in6->sin6_addr.s6_addr, 16) == -1) 2557 return (-1); 2558 len += 16; 2559 break; 2560 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 2561 case IKEV2_CFG_INTERNAL_IP6_SUBNET: 2562 /* 16 bytes IPv6 address + 1 byte prefix length */ 2563 in6 = ((ikecfg->cfg_type == 2564 IKEV2_CFG_INTERNAL_IP6_ADDRESS) && 2565 sa->sa_addrpool6 && 2566 sa->sa_addrpool6->addr_af == AF_INET6) ? 2567 (struct sockaddr_in6 *)&sa->sa_addrpool6->addr : 2568 (struct sockaddr_in6 *)&ikecfg->cfg.address.addr; 2569 /* don't include unspecified address in request */ 2570 if (type == IKEV2_CP_REQUEST && 2571 IN6_IS_ADDR_UNSPECIFIED(&in6->sin6_addr)) 2572 break; 2573 cfg->cfg_length = htobe16(17); 2574 if (ibuf_add(buf, &in6->sin6_addr.s6_addr, 16) == -1) 2575 return (-1); 2576 if (ikecfg->cfg.address.addr_net) 2577 prefixlen = ikecfg->cfg.address.addr_mask; 2578 else 2579 prefixlen = 128; 2580 if (ibuf_add(buf, &prefixlen, 1) == -1) 2581 return (-1); 2582 len += 16 + 1; 2583 if (ikecfg->cfg_type == IKEV2_CFG_INTERNAL_IP6_ADDRESS) 2584 sent_addr6 = 1; 2585 break; 2586 case IKEV2_CFG_APPLICATION_VERSION: 2587 /* Reply with an empty string (non-NUL terminated) */ 2588 cfg->cfg_length = 0; 2589 break; 2590 } 2591 } 2592 2593 /* derive netmask from pool */ 2594 if (type == IKEV2_CP_REPLY && have_mask4 && !sent_mask4) { 2595 if ((cfg = ibuf_reserve(buf, sizeof(*cfg))) == NULL) 2596 return (-1); 2597 cfg->cfg_type = htobe16(IKEV2_CFG_INTERNAL_IP4_NETMASK); 2598 len += sizeof(*cfg); 2599 mask4 = prefixlen2mask(sa->sa_addrpool->addr_mask); 2600 cfg->cfg_length = htobe16(4); 2601 if (ibuf_add(buf, &mask4, 4) == -1) 2602 return (-1); 2603 len += 4; 2604 } 2605 2606 return (len); 2607 } 2608 2609 ssize_t 2610 ikev2_init_add_cp(struct iked *env, struct iked_sa *sa, struct ibuf *buf) 2611 { 2612 return (ikev2_add_cp(env, sa, IKEV2_CP_REQUEST, buf)); 2613 } 2614 2615 ssize_t 2616 ikev2_resp_add_cp(struct iked *env, struct iked_sa *sa, struct ibuf *buf) 2617 { 2618 int ret; 2619 2620 switch (sa->sa_cp) { 2621 case IKEV2_CP_REQUEST: 2622 ret = ikev2_add_cp(env, sa, IKEV2_CP_REPLY, buf); 2623 break; 2624 case IKEV2_CP_REPLY: 2625 case IKEV2_CP_SET: 2626 case IKEV2_CP_ACK: 2627 default: 2628 /* Not yet supported */ 2629 ret = -1; 2630 } 2631 return (ret); 2632 } 2633 2634 ssize_t 2635 ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, 2636 struct iked_proposals *proposals, uint8_t protoid, int initiator, 2637 int sendikespi, int skipdh) 2638 { 2639 struct ikev2_sa_proposal *sap = NULL; 2640 struct iked_transform *xform; 2641 struct iked_proposal *prop; 2642 struct iked_childsa csa; 2643 ssize_t length = 0, saplength, xflen; 2644 uint64_t spi64; 2645 uint32_t spi32, spi = 0; 2646 unsigned int i, xfi, nxforms; 2647 int prop_skipdh; 2648 2649 TAILQ_FOREACH(prop, proposals, prop_entry) { 2650 if ((protoid && prop->prop_protoid != protoid) || 2651 (!protoid && prop->prop_protoid == IKEV2_SAPROTO_IKE)) 2652 continue; 2653 2654 prop_skipdh = skipdh; 2655 2656 if (protoid != IKEV2_SAPROTO_IKE && initiator) { 2657 if (spi == 0) { 2658 bzero(&csa, sizeof(csa)); 2659 csa.csa_ikesa = sa; 2660 csa.csa_saproto = prop->prop_protoid; 2661 csa.csa_local = &sa->sa_peer; 2662 csa.csa_peer = &sa->sa_local; 2663 2664 if (pfkey_sa_init(env, &csa, &spi) == -1) 2665 return (-1); 2666 } 2667 2668 prop->prop_localspi.spi = spi; 2669 prop->prop_localspi.spi_size = 4; 2670 prop->prop_localspi.spi_protoid = prop->prop_protoid; 2671 } 2672 2673 if ((sap = ibuf_reserve(buf, sizeof(*sap))) == NULL) { 2674 log_debug("%s: failed to add proposal", __func__); 2675 return (-1); 2676 } 2677 2678 if (sendikespi) { 2679 /* Special case for IKE SA rekeying */ 2680 prop->prop_localspi.spi = initiator ? 2681 sa->sa_hdr.sh_ispi : sa->sa_hdr.sh_rspi; 2682 prop->prop_localspi.spi_size = 8; 2683 prop->prop_localspi.spi_protoid = IKEV2_SAPROTO_IKE; 2684 } 2685 2686 /* 2687 * A single DH transform of type NONE is equivalent with 2688 * not sending a DH transform at all. 2689 * Prefer the latter for downwards compatibility. 2690 */ 2691 if (protoid != IKEV2_SAPROTO_IKE) { 2692 for (i = 0; i < prop->prop_nxforms; i++) { 2693 xform = prop->prop_xforms + i; 2694 if (xform->xform_type == IKEV2_XFORMTYPE_DH && 2695 xform->xform_id != IKEV2_XFORMDH_NONE) 2696 break; 2697 } 2698 if (i == prop->prop_nxforms) 2699 prop_skipdh = 1; 2700 } 2701 2702 /* 2703 * RFC 7296: 1.2. The Initial Exchanges 2704 * IKE_AUTH messages do not contain KE/N payloads, thus 2705 * SA payloads cannot contain groups. 2706 */ 2707 if (prop_skipdh) { 2708 nxforms = 0; 2709 for (i = 0; i < prop->prop_nxforms; i++) { 2710 xform = prop->prop_xforms + i; 2711 if (xform->xform_type == IKEV2_XFORMTYPE_DH) 2712 continue; 2713 nxforms++; 2714 } 2715 } else 2716 nxforms = prop->prop_nxforms; 2717 2718 sap->sap_more = IKEV1_PAYLOAD_PROPOSAL; 2719 sap->sap_proposalnr = prop->prop_id; 2720 sap->sap_protoid = prop->prop_protoid; 2721 sap->sap_spisize = prop->prop_localspi.spi_size; 2722 sap->sap_transforms = nxforms; 2723 saplength = sizeof(*sap); 2724 2725 switch (prop->prop_localspi.spi_size) { 2726 case 4: 2727 spi32 = htobe32(prop->prop_localspi.spi); 2728 if (ibuf_add(buf, &spi32, sizeof(spi32)) != 0) 2729 return (-1); 2730 saplength += 4; 2731 break; 2732 case 8: 2733 spi64 = htobe64(prop->prop_localspi.spi); 2734 if (ibuf_add(buf, &spi64, sizeof(spi64)) != 0) 2735 return (-1); 2736 saplength += 8; 2737 break; 2738 default: 2739 break; 2740 } 2741 2742 for (i = 0, xfi = 0; i < prop->prop_nxforms; i++) { 2743 xform = prop->prop_xforms + i; 2744 2745 if (prop_skipdh && xform->xform_type == IKEV2_XFORMTYPE_DH) 2746 continue; 2747 2748 if ((xflen = ikev2_add_transform(buf, 2749 xfi == nxforms - 1 ? 2750 IKEV2_XFORM_LAST : IKEV2_XFORM_MORE, 2751 xform->xform_type, xform->xform_id, 2752 xform->xform_length)) == -1) 2753 return (-1); 2754 2755 xfi++; 2756 saplength += xflen; 2757 } 2758 2759 sap->sap_length = htobe16(saplength); 2760 length += saplength; 2761 } 2762 if (sap != NULL) 2763 sap->sap_more = IKEV1_PAYLOAD_NONE; 2764 2765 log_debug("%s: length %zd", __func__, length); 2766 2767 return (length); 2768 } 2769 2770 ssize_t 2771 ikev2_add_transform(struct ibuf *buf, 2772 uint8_t more, uint8_t type, uint16_t id, uint16_t length) 2773 { 2774 struct ikev2_transform *xfrm; 2775 struct ikev2_attribute *attr; 2776 2777 if ((xfrm = ibuf_reserve(buf, sizeof(*xfrm))) == NULL) { 2778 log_debug("%s: failed to add transform", __func__); 2779 return (-1); 2780 } 2781 xfrm->xfrm_more = more; 2782 xfrm->xfrm_type = type; 2783 xfrm->xfrm_id = htobe16(id); 2784 2785 if (length) { 2786 xfrm->xfrm_length = htobe16(sizeof(*xfrm) + sizeof(*attr)); 2787 2788 if ((attr = ibuf_reserve(buf, sizeof(*attr))) == NULL) { 2789 log_debug("%s: failed to add attribute", __func__); 2790 return (-1); 2791 } 2792 attr->attr_type = htobe16(IKEV2_ATTRAF_TV | 2793 IKEV2_ATTRTYPE_KEY_LENGTH); 2794 attr->attr_length = htobe16(length); 2795 } else 2796 xfrm->xfrm_length = htobe16(sizeof(*xfrm)); 2797 2798 return (betoh16(xfrm->xfrm_length)); 2799 } 2800 2801 int 2802 ikev2_add_data(struct ibuf *buf, void *data, size_t length) 2803 { 2804 void *msgbuf; 2805 2806 if ((msgbuf = ibuf_reserve(buf, length)) == NULL) { 2807 log_debug("%s: failed", __func__); 2808 return (-1); 2809 } 2810 memcpy(msgbuf, data, length); 2811 2812 return (0); 2813 } 2814 2815 int 2816 ikev2_add_buf(struct ibuf *buf, struct ibuf *data) 2817 { 2818 void *msgbuf; 2819 2820 if ((msgbuf = ibuf_reserve(buf, ibuf_size(data))) == NULL) { 2821 log_debug("%s: failed", __func__); 2822 return (-1); 2823 } 2824 memcpy(msgbuf, ibuf_data(data), ibuf_size(data)); 2825 2826 return (0); 2827 } 2828 2829 int 2830 ikev2_resp_informational(struct iked *env, struct iked_sa *sa, 2831 struct iked_message *msg) 2832 { 2833 struct ikev2_notify *n; 2834 struct ikev2_payload *pld = NULL; 2835 struct ibuf *buf = NULL; 2836 ssize_t len = 0; 2837 int ret = -1; 2838 uint8_t firstpayload = IKEV2_PAYLOAD_NONE; 2839 2840 if (!sa_stateok(sa, IKEV2_STATE_AUTH_REQUEST) || 2841 msg->msg_responded || msg->msg_error) 2842 goto done; 2843 2844 if ((buf = ibuf_static()) == NULL) 2845 goto done; 2846 2847 if ((len = ikev2_handle_delete(env, msg, buf, &pld, 2848 &firstpayload)) == -1) 2849 goto done; 2850 2851 /* 2852 * Include NAT_DETECTION notification on UPDATE_SA_ADDRESSES or if 2853 * the peer did include them, too (RFC 4555, 3.8). 2854 */ 2855 if (sa->sa_mobike && 2856 (msg->msg_update_sa_addresses || msg->msg_natt_rcvd)) { 2857 /* NAT-T notify payloads */ 2858 len = ikev2_add_nat_detection(env, buf, &pld, msg, len); 2859 if (len == -1) 2860 goto done; 2861 firstpayload = IKEV2_PAYLOAD_NOTIFY; 2862 } 2863 /* Reflect COOKIE2 */ 2864 if (msg->msg_cookie2) { 2865 /* *pld is NULL if there is no previous payload */ 2866 if (pld != NULL) { 2867 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 2868 goto done; 2869 } 2870 if ((pld = ikev2_add_payload(buf)) == NULL) 2871 goto done; 2872 if ((n = ibuf_reserve(buf, sizeof(*n))) == NULL) 2873 goto done; 2874 n->n_protoid = IKEV2_SAPROTO_IKE; 2875 n->n_spisize = 0; 2876 n->n_type = htobe16(IKEV2_N_COOKIE2); 2877 if (ikev2_add_buf(buf, msg->msg_cookie2) == -1) 2878 goto done; 2879 len = sizeof(*n) + ibuf_size(msg->msg_cookie2); 2880 log_debug("%s: added cookie2", __func__); 2881 if (firstpayload == IKEV2_PAYLOAD_NONE) 2882 firstpayload = IKEV2_PAYLOAD_NOTIFY; 2883 } 2884 /* add terminator, if there is already a payload */ 2885 if (firstpayload != IKEV2_PAYLOAD_NONE) 2886 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 2887 goto done; 2888 ret = ikev2_msg_send_encrypt(env, sa, &buf, 2889 IKEV2_EXCHANGE_INFORMATIONAL, firstpayload, 1); 2890 if (ret != -1) 2891 msg->msg_responded = 1; 2892 if (msg->msg_flags & IKED_MSG_FLAGS_AUTHENTICATION_FAILED) { 2893 log_debug("%s: AUTHENTICATION_FAILED, closing SA", 2894 __func__); 2895 ikev2_log_cert_info(SPI_SA(sa, __func__), 2896 sa->sa_hdr.sh_initiator ? &sa->sa_rcert : &sa->sa_icert); 2897 ikev2_ike_sa_setreason(sa, 2898 "authentication failed notification from peer"); 2899 sa_state(env, sa, IKEV2_STATE_CLOSED); 2900 } 2901 done: 2902 ibuf_free(buf); 2903 return (ret); 2904 } 2905 2906 void 2907 ikev2_resp_recv(struct iked *env, struct iked_message *msg, 2908 struct ike_header *hdr) 2909 { 2910 struct iked_sa *sa; 2911 2912 switch (hdr->ike_exchange) { 2913 case IKEV2_EXCHANGE_IKE_SA_INIT: 2914 if (msg->msg_sa != NULL) { 2915 log_debug("%s: SA already exists", __func__); 2916 return; 2917 } 2918 if ((msg->msg_sa = sa_new(env, 2919 betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), 2920 0, msg->msg_policy)) == NULL) { 2921 log_debug("%s: failed to get new SA", __func__); 2922 return; 2923 } 2924 /* Setup exchange timeout. */ 2925 timer_set(env, &msg->msg_sa->sa_timer, 2926 ikev2_init_ike_sa_timeout, msg->msg_sa); 2927 timer_add(env, &msg->msg_sa->sa_timer, 2928 IKED_IKE_SA_EXCHANGE_TIMEOUT); 2929 break; 2930 case IKEV2_EXCHANGE_IKE_AUTH: 2931 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 2932 return; 2933 if (sa_stateok(msg->msg_sa, IKEV2_STATE_VALID)) { 2934 log_debug("%s: already authenticated", __func__); 2935 return; 2936 } 2937 break; 2938 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 2939 case IKEV2_EXCHANGE_INFORMATIONAL: 2940 if (ikev2_msg_valid_ike_sa(env, hdr, msg) == -1) 2941 return; 2942 break; 2943 default: 2944 log_debug("%s: unsupported exchange: %s", __func__, 2945 print_map(hdr->ike_exchange, ikev2_exchange_map)); 2946 return; 2947 } 2948 2949 if (ikev2_pld_parse(env, hdr, msg, msg->msg_offset) != 0) { 2950 log_info("%s: failed to parse message", 2951 SPI_SA(msg->msg_sa, __func__)); 2952 return; 2953 } 2954 2955 if (!ikev2_msg_frompeer(msg)) 2956 return; 2957 2958 if (ikev2_handle_notifies(env, msg) != 0) 2959 return; 2960 2961 if ((sa = msg->msg_sa) == NULL) 2962 return; 2963 2964 if (sa->sa_fragments.frag_count != 0) 2965 return; 2966 2967 msg->msg_valid = 1; 2968 2969 if (msg->msg_natt && sa->sa_natt == 0) { 2970 log_debug("%s: NAT-T message received, updated SA", __func__); 2971 sa->sa_natt = 1; 2972 } 2973 2974 switch (hdr->ike_exchange) { 2975 case IKEV2_EXCHANGE_IKE_SA_INIT: 2976 if (ikev2_sa_responder(env, sa, NULL, msg) != 0) { 2977 log_info("%s: failed to negotiate IKE SA", 2978 SPI_SA(sa, __func__)); 2979 if (msg->msg_error == 0) 2980 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 2981 ikev2_send_init_error(env, msg); 2982 ikev2_ike_sa_setreason(sa, "no proposal chosen"); 2983 sa_state(env, sa, IKEV2_STATE_CLOSED); 2984 return; 2985 } 2986 if (ikev2_resp_ike_sa_init(env, msg) != 0) { 2987 log_debug("%s: failed to send init response", __func__); 2988 ikev2_ike_sa_setreason(sa, "SA_INIT response failed"); 2989 sa_state(env, sa, IKEV2_STATE_CLOSED); 2990 return; 2991 } 2992 break; 2993 case IKEV2_EXCHANGE_IKE_AUTH: 2994 if (!sa_stateok(sa, IKEV2_STATE_SA_INIT)) { 2995 log_debug("%s: state mismatch", __func__); 2996 ikev2_ike_sa_setreason(sa, "state mismatch IKE_AUTH"); 2997 sa_state(env, sa, IKEV2_STATE_CLOSED); 2998 return; 2999 } 3000 3001 /* Handle EAP authentication */ 3002 if (msg->msg_eap.eam_found) { 3003 if (ikev2_resp_ike_eap(env, sa, msg)) { 3004 log_info("%s: failed eap response", 3005 SPI_SA(sa, __func__)); 3006 ikev2_ike_sa_setreason(sa, "EAP failed"); 3007 sa_state(env, sa, IKEV2_STATE_CLOSED); 3008 return; 3009 } 3010 return; 3011 } 3012 3013 if (ikev2_ike_auth_recv(env, sa, msg) != 0) { 3014 log_debug("%s: failed to send auth response", __func__); 3015 ikev2_send_error(env, sa, msg, hdr->ike_exchange); 3016 ikev2_ike_sa_setreason(sa, "IKE_AUTH failed"); 3017 sa_state(env, sa, IKEV2_STATE_CLOSED); 3018 return; 3019 } 3020 break; 3021 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 3022 if (ikev2_resp_create_child_sa(env, msg) != 0) { 3023 if (msg->msg_error == 0) 3024 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 3025 ikev2_send_error(env, sa, msg, hdr->ike_exchange); 3026 } 3027 break; 3028 case IKEV2_EXCHANGE_INFORMATIONAL: 3029 if (msg->msg_update_sa_addresses) 3030 ikev2_update_sa_addresses(env, sa); 3031 (void)ikev2_resp_informational(env, sa, msg); 3032 break; 3033 default: 3034 break; 3035 } 3036 } 3037 3038 ssize_t 3039 ikev2_handle_delete(struct iked *env, struct iked_message *msg, 3040 struct ibuf *resp, struct ikev2_payload **pld, uint8_t *firstpayload) 3041 { 3042 struct iked_childsa **peersas = NULL; 3043 struct iked_sa *sa = msg->msg_sa; 3044 struct ikev2_delete *localdel; 3045 FILE *spif; 3046 char *spibuf = NULL; 3047 uint64_t *localspi = NULL; 3048 uint64_t spi64, spi = 0; 3049 uint32_t spi32; 3050 uint8_t *buf; 3051 size_t found = 0; 3052 int ret = -1; 3053 size_t i, sz, cnt, len, dummy; 3054 3055 if (!msg->msg_del_protoid) 3056 return (0); 3057 3058 if ((spif = open_memstream(&spibuf, &dummy)) == NULL) { 3059 log_warn("%s", __func__); 3060 return (0); 3061 } 3062 3063 sz = msg->msg_del_spisize; 3064 3065 switch (sz) { 3066 case 4: 3067 case 8: 3068 break; 3069 case 0: 3070 if (msg->msg_del_protoid != IKEV2_SAPROTO_IKE) { 3071 log_debug("%s: invalid SPI size", __func__); 3072 goto done; 3073 } 3074 ikev2_ikesa_recv_delete(env, sa); 3075 return (0); 3076 default: 3077 log_info("%s: error: invalid SPI size", __func__); 3078 goto done; 3079 } 3080 3081 cnt = msg->msg_del_cnt; 3082 len = ibuf_length(msg->msg_del_buf); 3083 3084 if ((len / sz) != cnt) { 3085 log_debug("%s: invalid payload length %zu/%zu != %zu", 3086 __func__, len, sz, cnt); 3087 return (-1); 3088 } 3089 3090 if (((peersas = calloc(cnt, sizeof(struct iked_childsa *))) == NULL || 3091 (localspi = calloc(cnt, sizeof(uint64_t))) == NULL)) { 3092 log_warn("%s", __func__); 3093 goto done; 3094 } 3095 3096 buf = ibuf_data(msg->msg_del_buf); 3097 for (i = 0; i < cnt; i++) { 3098 switch (sz) { 3099 case 4: 3100 memcpy(&spi32, buf + (i * sz), sizeof(spi32)); 3101 spi = betoh32(spi32); 3102 break; 3103 case 8: 3104 memcpy(&spi64, buf + (i * sz), sizeof(spi64)); 3105 spi = betoh64(spi64); 3106 break; 3107 } 3108 3109 log_debug("%s: spi %s", __func__, print_spi(spi, sz)); 3110 3111 if (peersas == NULL || sa == NULL) 3112 continue; 3113 3114 if ((peersas[i] = childsa_lookup(sa, spi, 3115 msg->msg_del_protoid)) == NULL) { 3116 log_warnx("%s: CHILD SA doesn't exist for spi %s", 3117 SPI_SA(sa, __func__), 3118 print_spi(spi, sz)); 3119 continue; 3120 } 3121 3122 if (ikev2_childsa_delete(env, sa, msg->msg_del_protoid, spi, 3123 &localspi[i], 0) != -1) { 3124 found++; 3125 /* append SPI to log buffer */ 3126 if (ftello(spif) > 0) 3127 fputs(", ", spif); 3128 fputs(print_spi(spi, sz), spif); 3129 } 3130 3131 /* 3132 * Flows are left in the require mode so that it would be 3133 * possible to quickly negotiate a new Child SA 3134 */ 3135 } 3136 3137 if (resp == NULL) { 3138 ret = 0; 3139 goto done; 3140 } 3141 3142 /* Response to the INFORMATIONAL with Delete payload */ 3143 if (found) { 3144 if ((*pld = ikev2_add_payload(resp)) == NULL) 3145 goto done; 3146 *firstpayload = IKEV2_PAYLOAD_DELETE; 3147 3148 if ((localdel = ibuf_reserve(resp, sizeof(*localdel))) == NULL) 3149 goto done; 3150 3151 localdel->del_protoid = msg->msg_del_protoid; 3152 localdel->del_spisize = sz; 3153 localdel->del_nspi = htobe16(found); 3154 ret = sizeof(*localdel); 3155 3156 for (i = 0; i < cnt; i++) { 3157 if (localspi[i] == 0) /* happens if found < cnt */ 3158 continue; 3159 switch (sz) { 3160 case 4: 3161 spi32 = htobe32(localspi[i]); 3162 if (ibuf_add(resp, &spi32, sizeof(spi32)) != 0) 3163 goto done; 3164 ret += sizeof(spi32); 3165 break; 3166 case 8: 3167 spi64 = htobe64(localspi[i]); 3168 if (ibuf_add(resp, &spi64, sizeof(spi64)) != 0) 3169 goto done; 3170 ret += sizeof(spi64); 3171 break; 3172 } 3173 } 3174 fflush(spif); 3175 if (!ferror(spif)) { 3176 log_info("%sdeleted %zu SPI%s: %s", 3177 SPI_SA(sa, NULL), found, found == 1 ? "" : "s", 3178 spibuf); 3179 } 3180 } else { 3181 /* XXX should we send an INVALID_SPI notification? */ 3182 ret = 0; 3183 } 3184 3185 done: 3186 free(localspi); 3187 free(peersas); 3188 fclose(spif); 3189 free(spibuf); 3190 3191 return (ret); 3192 } 3193 3194 int 3195 ikev2_handle_notifies(struct iked *env, struct iked_message *msg) 3196 { 3197 struct iked_ipcomp *ic; 3198 struct iked_sa *sa; 3199 struct iked_spi rekey; 3200 struct dh_group *group; 3201 uint16_t groupid; 3202 unsigned int protoid; 3203 3204 if ((sa = msg->msg_sa) == NULL) 3205 return (-1); 3206 3207 if (msg->msg_flags & IKED_MSG_FLAGS_CHILD_SA_NOT_FOUND) 3208 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 3209 3210 if ((msg->msg_flags & IKED_MSG_FLAGS_FRAGMENTATION) && env->sc_frag) { 3211 log_debug("%s: fragmentation enabled", __func__); 3212 sa->sa_frag = 1; 3213 } 3214 3215 if ((msg->msg_flags & IKED_MSG_FLAGS_MOBIKE) && env->sc_mobike) { 3216 log_debug("%s: mobike enabled", __func__); 3217 sa->sa_mobike = 1; 3218 /* enforce natt */ 3219 if (sa->sa_natt == 0 && sa->sa_udpencap == 0) 3220 ikev2_enable_natt(env, sa, msg, 0); 3221 } 3222 3223 if ((msg->msg_flags & IKED_MSG_FLAGS_NO_ADDITIONAL_SAS) 3224 && sa->sa_stateflags & IKED_REQ_CHILDSA) { 3225 /* This makes sense for Child SAs only atm */ 3226 ikev2_disable_rekeying(env, sa); 3227 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 3228 } 3229 3230 if (msg->msg_flags & IKED_MSG_FLAGS_INVALID_KE) { 3231 groupid = betoh16(msg->msg_group); 3232 if (group_getid(groupid) == NULL) { 3233 log_debug("%s: unable to select DH group %u", 3234 __func__, groupid); 3235 ikev2_ike_sa_setreason(sa, 3236 "unable to select DH group"); 3237 sa_state(env, sa, IKEV2_STATE_CLOSED); 3238 msg->msg_sa = NULL; 3239 return (-1); 3240 } 3241 log_debug("%s: responder selected DH group %u", __func__, 3242 groupid); 3243 switch (msg->msg_exchange) { 3244 case IKEV2_EXCHANGE_IKE_SA_INIT: 3245 protoid = IKEV2_SAPROTO_IKE; 3246 if (!sa->sa_hdr.sh_initiator) { 3247 log_debug("%s: not an initiator", __func__); 3248 ikev2_ike_sa_setreason(sa, 3249 "received invalid KE as responder"); 3250 sa_state(env, sa, IKEV2_STATE_CLOSED); 3251 msg->msg_sa = NULL; 3252 return (-1); 3253 } 3254 if (config_findtransform_ext(&msg->msg_policy->pol_proposals, 3255 IKEV2_XFORMTYPE_DH, groupid, protoid) == NULL) { 3256 log_debug("%s: DH group %u denied by policy", 3257 __func__, groupid); 3258 ikev2_ike_sa_setreason(sa, 3259 "unsupported group in INVALID_KE message"); 3260 sa_state(env, sa, IKEV2_STATE_CLOSED); 3261 msg->msg_sa = NULL; 3262 return (-1); 3263 } 3264 ikev2_ike_sa_setreason(sa, 3265 "reinitiating with new DH group"); 3266 sa_state(env, sa, IKEV2_STATE_CLOSED); 3267 msg->msg_sa = NULL; 3268 msg->msg_policy->pol_peerdh = groupid; 3269 timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa, NULL); 3270 timer_add(env, &env->sc_inittmr, IKED_INITIATOR_INITIAL); 3271 return (-1); 3272 case IKEV2_EXCHANGE_CREATE_CHILD_SA: 3273 if (!(sa->sa_stateflags & IKED_REQ_CHILDSA)) { 3274 log_debug("%s: IKED_REQ_CHILDSA missing", 3275 __func__); 3276 return (-1); 3277 } 3278 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 3279 protoid = sa->sa_rekeyspi ? 3280 IKEV2_SAPROTO_ESP : IKEV2_SAPROTO_IKE; 3281 if (config_findtransform_ext(&msg->msg_policy->pol_proposals, 3282 IKEV2_XFORMTYPE_DH, groupid, protoid) == NULL) { 3283 log_debug("%s: DH group %u denied by policy", 3284 __func__, groupid); 3285 ikev2_ike_sa_setreason(sa, 3286 "unsupported group in INVALID_KE message"); 3287 sa_state(env, sa, IKEV2_STATE_CLOSED); 3288 msg->msg_sa = NULL; 3289 return (-1); 3290 } 3291 if (protoid == IKEV2_SAPROTO_ESP) { 3292 /* CHILDSA */ 3293 rekey.spi = sa->sa_rekeyspi; 3294 rekey.spi_size = 4; 3295 rekey.spi_protoid = protoid; 3296 (void)ikev2_send_create_child_sa(env, sa, 3297 &rekey, rekey.spi_protoid, groupid); 3298 } else { 3299 /* IKESA */ 3300 if ((group = group_get(groupid)) == NULL) 3301 return -1; 3302 group_free(sa->sa_dhgroup); 3303 sa->sa_dhgroup = group; 3304 timer_set(env, &sa->sa_rekey, 3305 ikev2_ike_sa_rekey, sa); 3306 timer_add(env, &sa->sa_rekey, 0); 3307 } 3308 return (-1); 3309 } 3310 } 3311 3312 if (msg->msg_flags & IKED_MSG_FLAGS_IPCOMP_SUPPORTED) { 3313 /* we only support deflate */ 3314 if ((msg->msg_policy->pol_flags & IKED_POLICY_IPCOMP) && 3315 (msg->msg_transform == IKEV2_IPCOMP_DEFLATE)) { 3316 ic = msg->msg_response ? 3317 &sa->sa_ipcompi : 3318 &sa->sa_ipcompr; 3319 ic->ic_transform = msg->msg_transform; 3320 ic->ic_cpi_out = betoh16(msg->msg_cpi); 3321 } 3322 } 3323 3324 if (msg->msg_nat_detected & IKED_MSG_NAT_DST_IP) { 3325 /* Send keepalive, since we are behind a NAT-gw */ 3326 sa->sa_usekeepalive = 1; 3327 } 3328 3329 /* Signature hash algorithm */ 3330 if (msg->msg_flags & IKED_MSG_FLAGS_SIGSHA2) 3331 sa->sa_sigsha2 = 1; 3332 3333 if (msg->msg_flags & IKED_MSG_FLAGS_USE_TRANSPORT) 3334 sa->sa_use_transport_mode = 1; 3335 3336 if ((msg->msg_flags & IKED_MSG_FLAGS_TEMPORARY_FAILURE) 3337 && sa->sa_nexti != NULL) 3338 sa->sa_tmpfail = 1; 3339 3340 return (0); 3341 } 3342 3343 int 3344 ikev2_resp_ike_sa_init(struct iked *env, struct iked_message *msg) 3345 { 3346 struct iked_message resp; 3347 struct ike_header *hdr; 3348 struct ikev2_payload *pld; 3349 struct ikev2_keyexchange *ke; 3350 struct iked_sa *sa = msg->msg_sa; 3351 struct ibuf *buf; 3352 struct ibuf *vendor_id = NULL; 3353 struct dh_group *group; 3354 ssize_t len; 3355 int ret = -1; 3356 3357 if (sa->sa_hdr.sh_initiator) { 3358 log_debug("%s: called by initiator", __func__); 3359 return (-1); 3360 } 3361 if (msg->msg_nat_detected && sa->sa_udpencap == 0) { 3362 log_debug("%s: detected NAT, enabling UDP encapsulation", 3363 __func__); 3364 sa->sa_udpencap = 1; 3365 } 3366 3367 if ((buf = ikev2_msg_init(env, &resp, 3368 &msg->msg_peer, msg->msg_peerlen, 3369 &msg->msg_local, msg->msg_locallen, 1)) == NULL) 3370 goto done; 3371 3372 resp.msg_sa = sa; 3373 resp.msg_fd = msg->msg_fd; 3374 resp.msg_natt = msg->msg_natt; 3375 resp.msg_msgid = 0; 3376 3377 /* IKE header */ 3378 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, 3379 IKEV2_PAYLOAD_SA, IKEV2_EXCHANGE_IKE_SA_INIT, 3380 IKEV2_FLAG_RESPONSE)) == NULL) 3381 goto done; 3382 3383 /* SA payload */ 3384 if ((pld = ikev2_add_payload(buf)) == NULL) 3385 goto done; 3386 if ((len = ikev2_add_proposals(env, sa, buf, &sa->sa_proposals, 3387 IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0, 0)) == -1) 3388 goto done; 3389 3390 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 3391 goto done; 3392 3393 /* KE payload */ 3394 if ((pld = ikev2_add_payload(buf)) == NULL) 3395 goto done; 3396 if ((ke = ibuf_reserve(buf, sizeof(*ke))) == NULL) 3397 goto done; 3398 if ((group = sa->sa_dhgroup) == NULL) { 3399 log_debug("%s: invalid dh", __func__); 3400 goto done; 3401 } 3402 ke->kex_dhgroup = htobe16(group->id); 3403 if (ikev2_add_buf(buf, sa->sa_dhrexchange) == -1) 3404 goto done; 3405 len = sizeof(*ke) + ibuf_size(sa->sa_dhrexchange); 3406 3407 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 3408 goto done; 3409 3410 /* NONCE payload */ 3411 if ((pld = ikev2_add_payload(buf)) == NULL) 3412 goto done; 3413 if (ikev2_add_buf(buf, sa->sa_rnonce) == -1) 3414 goto done; 3415 len = ibuf_size(sa->sa_rnonce); 3416 3417 if (env->sc_vendorid != 0) { 3418 vendor_id = ibuf_new(IKED_VENDOR_ID, strlen(IKED_VENDOR_ID)); 3419 ibuf_add(vendor_id, IKED_VERSION, strlen(IKED_VERSION)); 3420 if ((len = ikev2_add_vendor_id(buf, &pld, len, vendor_id)) 3421 == -1) 3422 goto done; 3423 } 3424 3425 /* Fragmentation Notify*/ 3426 if (sa->sa_frag) { 3427 if ((len = ikev2_add_fragmentation(buf, &pld, len)) 3428 == -1) 3429 goto done; 3430 } 3431 3432 if ((env->sc_nattmode != NATT_DISABLE) && 3433 msg->msg_local.ss_family != AF_UNSPEC) { 3434 if ((len = ikev2_add_nat_detection(env, buf, &pld, &resp, len)) 3435 == -1) 3436 goto done; 3437 } 3438 if (sa->sa_statevalid & IKED_REQ_CERT) { 3439 /* CERTREQ payload(s) */ 3440 if ((len = ikev2_add_certreq(buf, &pld, 3441 len, env->sc_certreq, env->sc_certreqtype)) == -1) 3442 goto done; 3443 3444 if (env->sc_certreqtype != sa->sa_policy->pol_certreqtype && 3445 (len = ikev2_add_certreq(buf, &pld, 3446 len, NULL, sa->sa_policy->pol_certreqtype)) == -1) 3447 goto done; 3448 } 3449 3450 if (sa->sa_sigsha2 && 3451 (len = ikev2_add_sighashnotify(buf, &pld, len)) == -1) 3452 goto done; 3453 3454 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 3455 goto done; 3456 3457 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 3458 goto done; 3459 3460 (void)ikev2_pld_parse(env, hdr, &resp, 0); 3461 3462 ibuf_free(sa->sa_2ndmsg); 3463 if ((sa->sa_2ndmsg = ibuf_dup(buf)) == NULL) { 3464 log_debug("%s: failed to copy 2nd message", __func__); 3465 goto done; 3466 } 3467 3468 ret = ikev2_msg_send(env, &resp); 3469 3470 done: 3471 ibuf_free(vendor_id); 3472 ikev2_msg_cleanup(env, &resp); 3473 3474 return (ret); 3475 } 3476 3477 int 3478 ikev2_send_auth_failed(struct iked *env, struct iked_sa *sa) 3479 { 3480 char dstid[IKED_ID_SIZE]; 3481 struct ikev2_notify *n; 3482 struct ibuf *buf = NULL; 3483 int ret = -1, exchange, response; 3484 3485 if (ikev2_print_id(IKESA_DSTID(sa), dstid, sizeof(dstid)) == -1) 3486 bzero(dstid, sizeof(dstid)); 3487 log_info("%s: authentication failed for %s", 3488 SPI_SA(sa, __func__), dstid); 3489 3490 /* Log certificate information */ 3491 ikev2_log_cert_info(SPI_SA(sa, __func__), 3492 sa->sa_hdr.sh_initiator ? &sa->sa_rcert : &sa->sa_icert); 3493 3494 /* Notify payload */ 3495 if ((buf = ibuf_static()) == NULL) 3496 goto done; 3497 if ((n = ibuf_reserve(buf, sizeof(*n))) == NULL) 3498 goto done; 3499 n->n_protoid = IKEV2_SAPROTO_IKE; 3500 n->n_spisize = 0; 3501 n->n_type = htobe16(IKEV2_N_AUTHENTICATION_FAILED); 3502 if (sa->sa_hdr.sh_initiator) { 3503 exchange = IKEV2_EXCHANGE_INFORMATIONAL; 3504 response = 0; 3505 } else { 3506 exchange = IKEV2_EXCHANGE_IKE_AUTH; 3507 response = 1; 3508 } 3509 ret = ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_NOTIFY, 3510 exchange, response); 3511 if (exchange == IKEV2_EXCHANGE_INFORMATIONAL) 3512 sa->sa_stateflags |= IKED_REQ_INF; 3513 done: 3514 ibuf_free(buf); 3515 3516 /* cleanup SA after timeout */ 3517 sa_state(env, sa, IKEV2_STATE_CLOSING); 3518 timer_del(env, &sa->sa_timer); 3519 timer_set(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa); 3520 timer_add(env, &sa->sa_timer, IKED_IKE_SA_DELETE_TIMEOUT); 3521 config_free_fragments(&sa->sa_fragments); 3522 ikev2_ike_sa_setreason(sa, "authentication failed"); 3523 3524 return (ret); 3525 } 3526 3527 ssize_t 3528 ikev2_add_error(struct iked *env, struct ibuf *buf, struct iked_message *msg) 3529 { 3530 struct ikev2_notify *n; 3531 struct iked_spi *rekey; 3532 uint16_t group; 3533 uint32_t spi32; 3534 uint64_t spi64; 3535 size_t len; 3536 uint8_t *ptr; 3537 3538 switch (msg->msg_error) { 3539 case IKEV2_N_CHILD_SA_NOT_FOUND: 3540 break; 3541 case IKEV2_N_NO_PROPOSAL_CHOSEN: 3542 ikev2_log_proposal(msg->msg_sa, &msg->msg_proposals); 3543 break; 3544 case IKEV2_N_INVALID_KE_PAYLOAD: 3545 break; 3546 default: 3547 return (-1); 3548 } 3549 log_info("%s: %s", SPI_SA(msg->msg_sa, __func__), 3550 print_map(msg->msg_error, ikev2_n_map)); 3551 len = sizeof(*n); 3552 if ((ptr = ibuf_reserve(buf, len)) == NULL) 3553 return (-1); 3554 n = (struct ikev2_notify *)ptr; 3555 n->n_type = htobe16(msg->msg_error); 3556 switch (msg->msg_error) { 3557 case IKEV2_N_CHILD_SA_NOT_FOUND: 3558 rekey = &msg->msg_rekey; 3559 switch (rekey->spi_size) { 3560 case 4: 3561 spi32 = htobe32(rekey->spi); 3562 if (ibuf_add(buf, &spi32, sizeof(spi32)) != 0) 3563 return (-1); 3564 len += sizeof(spi32); 3565 break; 3566 case 8: 3567 spi64 = htobe64(rekey->spi); 3568 if (ibuf_add(buf, &spi64, sizeof(spi64)) != 0) 3569 return (-1); 3570 len += sizeof(spi64); 3571 break; 3572 default: 3573 log_debug("%s: invalid SPI size %d", __func__, 3574 rekey->spi_size); 3575 return (-1); 3576 } 3577 n->n_protoid = rekey->spi_protoid; 3578 n->n_spisize = rekey->spi_size; 3579 break; 3580 case IKEV2_N_INVALID_KE_PAYLOAD: 3581 group = htobe16(msg->msg_dhgroup); 3582 if (ibuf_add(buf, &group, sizeof(group)) != 0) 3583 return (-1); 3584 len += sizeof(group); 3585 n->n_protoid = 0; 3586 n->n_spisize = 0; 3587 break; 3588 default: 3589 n->n_protoid = 0; 3590 n->n_spisize = 0; 3591 break; 3592 } 3593 log_debug("%s: done", __func__); 3594 3595 return (len); 3596 } 3597 3598 int 3599 ikev2_record_dstid(struct iked *env, struct iked_sa *sa) 3600 { 3601 struct iked_sa *osa; 3602 3603 osa = sa_dstid_lookup(env, sa); 3604 if (osa == sa) 3605 return (0); 3606 if (osa != NULL) { 3607 sa_dstid_remove(env, osa); 3608 if (env->sc_enforcesingleikesa && 3609 osa->sa_state < IKEV2_STATE_CLOSING) { 3610 log_info("%sreplaced by IKESA %s (identical DSTID)", 3611 SPI_SA(osa, NULL), 3612 print_spi(sa->sa_hdr.sh_ispi, 8)); 3613 if (osa->sa_state == IKEV2_STATE_ESTABLISHED) 3614 ikev2_disable_timer(env, osa); 3615 ikev2_ike_sa_setreason(osa, "sa replaced"); 3616 ikev2_ikesa_delete(env, osa, 0); 3617 timer_add(env, &osa->sa_timer, 3618 3 * IKED_RETRANSMIT_TIMEOUT); 3619 } 3620 } 3621 osa = sa_dstid_insert(env, sa); 3622 if (osa != NULL) { 3623 /* XXX how can this fail */ 3624 log_info("%s: could not replace old IKESA %s", 3625 SPI_SA(sa, __func__), 3626 print_spi(osa->sa_hdr.sh_ispi, 8)); 3627 return (-1); 3628 } 3629 return (0); 3630 } 3631 3632 int 3633 ikev2_send_error(struct iked *env, struct iked_sa *sa, 3634 struct iked_message *msg, uint8_t exchange) 3635 { 3636 struct ibuf *buf = NULL; 3637 int ret = -1; 3638 3639 if (msg->msg_error == 0) 3640 return (0); 3641 if ((buf = ibuf_static()) == NULL) 3642 goto done; 3643 if (ikev2_add_error(env, buf, msg) == 0) 3644 goto done; 3645 ret = ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_NOTIFY, 3646 exchange, 1); 3647 done: 3648 ibuf_free(buf); 3649 return (ret); 3650 } 3651 3652 /* 3653 * Variant of ikev2_send_error() that can be used before encryption 3654 * is enabled. Based on ikev2_resp_ike_sa_init() code. 3655 */ 3656 int 3657 ikev2_send_init_error(struct iked *env, struct iked_message *msg) 3658 { 3659 struct iked_message resp; 3660 struct ike_header *hdr; 3661 struct ikev2_payload *pld; 3662 struct iked_sa *sa = msg->msg_sa; 3663 struct ibuf *buf; 3664 ssize_t len = 0; 3665 int ret = -1; 3666 3667 if (sa->sa_hdr.sh_initiator) { 3668 log_debug("%s: called by initiator", __func__); 3669 return (-1); 3670 } 3671 if (msg->msg_error == 0) 3672 return (0); 3673 3674 if ((buf = ikev2_msg_init(env, &resp, 3675 &msg->msg_peer, msg->msg_peerlen, 3676 &msg->msg_local, msg->msg_locallen, 1)) == NULL) 3677 goto done; 3678 3679 resp.msg_sa = sa; 3680 resp.msg_fd = msg->msg_fd; 3681 resp.msg_natt = msg->msg_natt; 3682 resp.msg_msgid = 0; 3683 3684 /* IKE header */ 3685 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, 3686 IKEV2_PAYLOAD_NOTIFY, IKEV2_EXCHANGE_IKE_SA_INIT, 3687 IKEV2_FLAG_RESPONSE)) == NULL) 3688 goto done; 3689 3690 /* NOTIFY payload */ 3691 if ((pld = ikev2_add_payload(buf)) == NULL) 3692 goto done; 3693 if ((len = ikev2_add_error(env, buf, msg)) == 0) 3694 goto done; 3695 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 3696 goto done; 3697 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 3698 goto done; 3699 3700 (void)ikev2_pld_parse(env, hdr, &resp, 0); 3701 ret = ikev2_msg_send(env, &resp); 3702 3703 done: 3704 ikev2_msg_cleanup(env, &resp); 3705 3706 return (ret); 3707 } 3708 3709 int 3710 ikev2_handle_certreq(struct iked* env, struct iked_message *msg) 3711 { 3712 struct iked_certreq *cr; 3713 struct iked_sa *sa; 3714 uint8_t crtype; 3715 uint8_t more; 3716 3717 if ((sa = msg->msg_sa) == NULL) 3718 return (-1); 3719 3720 /* Ignore CERTREQ when policy uses PSK authentication */ 3721 if (sa->sa_policy->pol_auth.auth_method == IKEV2_AUTH_SHARED_KEY_MIC) 3722 return (0); 3723 3724 if (sa->sa_hdr.sh_initiator) 3725 sa->sa_stateinit |= IKED_REQ_CERT; 3726 else 3727 sa->sa_statevalid |= IKED_REQ_CERT; 3728 3729 /* 3730 * If we have to send a local certificate but did not receive an 3731 * optional CERTREQ, use our own certreq to find a local certificate. 3732 * We could alternatively extract the CA from the peer certificate 3733 * to find a matching local one. 3734 */ 3735 if (SIMPLEQ_EMPTY(&msg->msg_certreqs)) { 3736 if (sa->sa_policy->pol_certreqtype) 3737 crtype = sa->sa_policy->pol_certreqtype; 3738 else 3739 crtype = env->sc_certreqtype; 3740 ca_setreq(env, sa, &sa->sa_policy->pol_localid, 3741 crtype, 0, ibuf_data(env->sc_certreq), 3742 ibuf_size(env->sc_certreq), PROC_CERT); 3743 } else { 3744 while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) { 3745 if (SIMPLEQ_NEXT(cr, cr_entry) != NULL) 3746 more = 1; 3747 else 3748 more = 0; 3749 3750 ca_setreq(env, sa, &sa->sa_policy->pol_localid, 3751 cr->cr_type, more, ibuf_data(cr->cr_data), 3752 ibuf_size(cr->cr_data), 3753 PROC_CERT); 3754 3755 ibuf_free(cr->cr_data); 3756 SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); 3757 free(cr); 3758 } 3759 } 3760 3761 return (0); 3762 } 3763 3764 int 3765 ikev2_resp_ike_eap_mschap(struct iked *env, struct iked_sa *sa, 3766 struct iked_message *msg) 3767 { 3768 uint8_t successmsg[EAP_MSCHAP_SUCCESS_SZ]; 3769 uint8_t ntresponse[EAP_MSCHAP_NTRESPONSE_SZ]; 3770 struct eap_msg *eap = &msg->msg_eap; 3771 struct iked_user *usr; 3772 uint8_t *pass; 3773 char *name = NULL; 3774 size_t passlen; 3775 int ret; 3776 3777 switch (eap->eam_state) { 3778 case EAP_STATE_IDENTITY: 3779 sa->sa_eapid = eap->eam_identity; 3780 return (eap_challenge_request(env, sa, eap->eam_id)); 3781 case EAP_STATE_MSCHAPV2_CHALLENGE: 3782 if (eap->eam_user) { 3783 name = eap->eam_user; 3784 } else if (sa->sa_eapid) { 3785 name = sa->sa_eapid; 3786 } 3787 if (name == NULL) { 3788 log_info("%s: invalid response name", 3789 SPI_SA(sa, __func__)); 3790 return (-1); 3791 } 3792 if ((usr = user_lookup(env, name)) == NULL) { 3793 log_info("%s: unknown user '%s'", SPI_SA(sa, __func__), 3794 name); 3795 return (-1); 3796 } 3797 3798 if ((pass = string2unicode(usr->usr_pass, &passlen)) == NULL) 3799 return (-1); 3800 3801 mschap_nt_response(ibuf_data(sa->sa_eap.id_buf), 3802 eap->eam_challenge, usr->usr_name, strlen(usr->usr_name), 3803 pass, passlen, ntresponse); 3804 3805 if (memcmp(ntresponse, eap->eam_ntresponse, 3806 sizeof(ntresponse)) != 0) { 3807 log_info("%s: '%s' authentication failed", 3808 SPI_SA(sa, __func__), usr->usr_name); 3809 freezero(pass, passlen); 3810 3811 /* XXX should we send an EAP failure packet? */ 3812 return (-1); 3813 } 3814 3815 bzero(&successmsg, sizeof(successmsg)); 3816 3817 mschap_auth_response(pass, passlen, 3818 ntresponse, ibuf_data(sa->sa_eap.id_buf), 3819 eap->eam_challenge, usr->usr_name, strlen(usr->usr_name), 3820 successmsg); 3821 if ((sa->sa_eapmsk = ibuf_new(NULL, MSCHAP_MSK_SZ)) == NULL) { 3822 log_info("%s: failed to get MSK", SPI_SA(sa, __func__)); 3823 freezero(pass, passlen); 3824 return (-1); 3825 } 3826 mschap_msk(pass, passlen, ntresponse, 3827 ibuf_data(sa->sa_eapmsk)); 3828 freezero(pass, passlen); 3829 3830 log_info("%s: '%s' authenticated", __func__, usr->usr_name); 3831 3832 ret = eap_mschap_challenge(env, sa, eap->eam_id, eap->eam_msrid, 3833 successmsg, EAP_MSCHAP_SUCCESS_SZ); 3834 if (ret == 0) 3835 sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); 3836 break; 3837 case EAP_STATE_MSCHAPV2_SUCCESS: 3838 return (eap_mschap_success(env, sa, eap->eam_id)); 3839 case EAP_STATE_SUCCESS: 3840 if (!sa_stateok(sa, IKEV2_STATE_AUTH_SUCCESS)) 3841 return (-1); 3842 return (eap_success(env, sa, msg->msg_eap.eam_id)); 3843 default: 3844 log_info("%s: eap ignored.", __func__); 3845 break; 3846 } 3847 return 0; 3848 } 3849 3850 int 3851 ikev2_resp_ike_eap(struct iked *env, struct iked_sa *sa, 3852 struct iked_message *msg) 3853 { 3854 if (!sa_stateok(sa, IKEV2_STATE_EAP)) 3855 return (-1); 3856 3857 switch (sa->sa_policy->pol_auth.auth_eap) { 3858 case EAP_TYPE_MSCHAP_V2: 3859 return ikev2_resp_ike_eap_mschap(env, sa, msg); 3860 } 3861 return -1; 3862 } 3863 3864 int 3865 ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa) 3866 { 3867 struct ikev2_payload *pld; 3868 struct ikev2_cert *cert; 3869 struct ikev2_auth *auth; 3870 struct iked_id *id, *certid; 3871 struct ibuf *e = NULL; 3872 uint8_t firstpayload; 3873 int ret = -1; 3874 ssize_t len; 3875 int i; 3876 3877 if (sa == NULL) 3878 return (-1); 3879 3880 if (sa->sa_state == IKEV2_STATE_EAP) 3881 return (eap_identity_request(env, sa)); 3882 3883 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 3884 return (0); /* ignore */ 3885 3886 if (ikev2_cp_setaddr(env, sa, AF_INET) < 0 || 3887 ikev2_cp_setaddr(env, sa, AF_INET6) < 0) 3888 return (-1); 3889 3890 if (ikev2_childsa_negotiate(env, sa, &sa->sa_kex, &sa->sa_proposals, 3891 sa->sa_hdr.sh_initiator, 0) < 0) 3892 return (-1); 3893 3894 /* New encrypted message buffer */ 3895 if ((e = ibuf_static()) == NULL) 3896 goto done; 3897 3898 if (!sa->sa_localauth.id_type) { 3899 /* Downgrade the state */ 3900 sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); 3901 } 3902 3903 if (sa->sa_hdr.sh_initiator) { 3904 id = &sa->sa_iid; 3905 certid = &sa->sa_icert; 3906 } else { 3907 id = &sa->sa_rid; 3908 certid = &sa->sa_rcert; 3909 } 3910 3911 if (sa->sa_state != IKEV2_STATE_EAP_VALID) { 3912 /* ID payload */ 3913 if ((pld = ikev2_add_payload(e)) == NULL) 3914 goto done; 3915 firstpayload = IKEV2_PAYLOAD_IDr; 3916 if (ibuf_add_buf(e, id->id_buf) != 0) 3917 goto done; 3918 len = ibuf_size(id->id_buf); 3919 3920 /* CERT payload */ 3921 if ((sa->sa_statevalid & IKED_REQ_CERT) && 3922 (certid->id_type != IKEV2_CERT_NONE)) { 3923 if (ikev2_next_payload(pld, len, 3924 IKEV2_PAYLOAD_CERT) == -1) 3925 goto done; 3926 3927 if ((pld = ikev2_add_payload(e)) == NULL) 3928 goto done; 3929 if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL) 3930 goto done; 3931 cert->cert_type = certid->id_type; 3932 if (ibuf_add_buf(e, certid->id_buf) != 0) 3933 goto done; 3934 len = ibuf_size(certid->id_buf) + sizeof(*cert); 3935 3936 for (i = 0; i < IKED_SCERT_MAX; i++) { 3937 if (sa->sa_scert[i].id_type == IKEV2_CERT_NONE) 3938 break; 3939 if (ikev2_next_payload(pld, len, 3940 IKEV2_PAYLOAD_CERT) == -1) 3941 goto done; 3942 if ((pld = ikev2_add_payload(e)) == NULL) 3943 goto done; 3944 if ((cert = ibuf_reserve(e, 3945 sizeof(*cert))) == NULL) 3946 goto done; 3947 cert->cert_type = sa->sa_scert[i].id_type; 3948 if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) != 3949 0) 3950 goto done; 3951 len = ibuf_size(sa->sa_scert[i].id_buf) 3952 + sizeof(*cert); 3953 } 3954 } 3955 3956 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_AUTH) == -1) 3957 goto done; 3958 } else 3959 firstpayload = IKEV2_PAYLOAD_AUTH; 3960 3961 /* AUTH payload */ 3962 if ((pld = ikev2_add_payload(e)) == NULL) 3963 goto done; 3964 if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL) 3965 goto done; 3966 auth->auth_method = sa->sa_localauth.id_type; 3967 if (ibuf_add_buf(e, sa->sa_localauth.id_buf) != 0) 3968 goto done; 3969 len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth); 3970 3971 /* CP payload */ 3972 if (sa->sa_cp) { 3973 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_CP) == -1) 3974 goto done; 3975 if ((pld = ikev2_add_payload(e)) == NULL) 3976 goto done; 3977 if ((len = ikev2_resp_add_cp(env, sa, e)) == -1) 3978 goto done; 3979 } 3980 3981 if (sa->sa_ipcompr.ic_transform && 3982 (len = ikev2_add_ipcompnotify(env, e, &pld, len, sa, 0)) == -1) 3983 goto done; 3984 if (sa->sa_used_transport_mode && 3985 (len = ikev2_add_transport_mode(env, e, &pld, len, sa)) == -1) 3986 goto done; 3987 3988 /* MOBIKE */ 3989 if (sa->sa_mobike && 3990 (len = ikev2_add_mobike(e, &pld, len)) == -1) 3991 goto done; 3992 3993 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 3994 goto done; 3995 3996 /* SA payload */ 3997 if ((pld = ikev2_add_payload(e)) == NULL) 3998 goto done; 3999 if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 0, 4000 sa->sa_hdr.sh_initiator, 0, 1)) == -1) 4001 goto done; 4002 4003 if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) 4004 goto done; 4005 4006 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 4007 goto done; 4008 4009 ret = ikev2_msg_send_encrypt(env, sa, &e, 4010 IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 1); 4011 if (ret == 0) 4012 ret = ikev2_childsa_enable(env, sa); 4013 if (ret == 0) { 4014 sa_state(env, sa, IKEV2_STATE_ESTABLISHED); 4015 /* Delete exchange timeout. */ 4016 timer_del(env, &sa->sa_timer); 4017 ikev2_enable_timer(env, sa); 4018 ikev2_log_established(sa); 4019 ikev2_record_dstid(env, sa); 4020 } 4021 4022 done: 4023 if (ret) 4024 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 4025 ibuf_free(e); 4026 return (ret); 4027 } 4028 4029 int 4030 ikev2_send_ike_e(struct iked *env, struct iked_sa *sa, struct ibuf *buf, 4031 uint8_t firstpayload, uint8_t exchange, int response) 4032 { 4033 struct ikev2_payload *pld; 4034 struct ibuf *e = NULL; 4035 int ret = -1; 4036 4037 /* New encrypted message buffer */ 4038 if ((e = ibuf_static()) == NULL) 4039 goto done; 4040 4041 if (buf) { 4042 if ((pld = ikev2_add_payload(e)) == NULL) 4043 goto done; 4044 4045 if (ibuf_add_buf(e, buf) != 0) 4046 goto done; 4047 4048 if (ikev2_next_payload(pld, ibuf_size(buf), 4049 IKEV2_PAYLOAD_NONE) == -1) 4050 goto done; 4051 } 4052 4053 ret = ikev2_msg_send_encrypt(env, sa, &e, exchange, firstpayload, 4054 response); 4055 4056 done: 4057 ibuf_free(e); 4058 4059 return (ret); 4060 } 4061 4062 int 4063 ikev2_set_sa_proposal(struct iked_sa *sa, struct iked_policy *pol, 4064 unsigned int proto) 4065 { 4066 struct iked_proposal *prop, *copy; 4067 struct iked_transform *xform; 4068 unsigned int i; 4069 4070 /* create copy of the policy proposals */ 4071 config_free_proposals(&sa->sa_proposals, proto); 4072 TAILQ_FOREACH(prop, &pol->pol_proposals, prop_entry) { 4073 if (proto != 0 && prop->prop_protoid != proto) 4074 continue; 4075 if ((copy = config_add_proposal(&sa->sa_proposals, 4076 prop->prop_id, prop->prop_protoid)) == NULL) 4077 return (-1); 4078 for (i = 0; i < prop->prop_nxforms; i++) { 4079 xform = &prop->prop_xforms[i]; 4080 if (config_add_transform(copy, xform->xform_type, 4081 xform->xform_id, xform->xform_length, 4082 xform->xform_keylength) != 0) 4083 return (-1); 4084 } 4085 } 4086 return (0); 4087 } 4088 4089 int 4090 ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, 4091 struct iked_spi *rekey, uint8_t protoid, uint16_t proposed_group) 4092 { 4093 struct iked_policy *pol = sa->sa_policy; 4094 struct iked_childsa *csa = NULL, *csb = NULL; 4095 struct iked_transform *xform; 4096 struct ikev2_notify *n; 4097 struct ikev2_payload *pld = NULL; 4098 struct ikev2_keyexchange *ke; 4099 struct dh_group *group; 4100 struct ibuf *e = NULL, *nonce = NULL; 4101 uint8_t *ptr; 4102 uint8_t firstpayload; 4103 uint32_t spi; 4104 ssize_t len = 0; 4105 int initiator, ret = -1; 4106 4107 if (rekey) 4108 log_debug("%s: rekeying %s spi %s", __func__, 4109 print_map(rekey->spi_protoid, ikev2_saproto_map), 4110 print_spi(rekey->spi, rekey->spi_size)); 4111 else 4112 log_debug("%s: creating new CHILD SAs", __func__); 4113 4114 /* XXX cannot initiate multiple concurrent CREATE_CHILD_SA exchanges */ 4115 if (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) { 4116 log_debug("%s: another exchange already active", 4117 __func__); 4118 return (-1); 4119 } 4120 4121 ibuf_free(sa->sa_simult); 4122 sa->sa_simult = NULL; 4123 sa->sa_rekeyspi = 0; /* clear rekey spi */ 4124 initiator = sa->sa_hdr.sh_initiator ? 1 : 0; 4125 4126 if (rekey && 4127 ((csa = childsa_lookup(sa, rekey->spi, 4128 rekey->spi_protoid)) == NULL || 4129 (csb = csa->csa_peersa) == NULL)) { 4130 log_debug("%s: CHILD SA %s wasn't found", __func__, 4131 print_spi(rekey->spi, rekey->spi_size)); 4132 goto done; 4133 } 4134 4135 /* Generate new nonce */ 4136 if ((nonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) 4137 goto done; 4138 4139 /* Update initiator nonce */ 4140 ibuf_free(sa->sa_inonce); 4141 sa->sa_inonce = nonce; 4142 4143 if ((e = ibuf_static()) == NULL) 4144 goto done; 4145 4146 if ((pol->pol_flags & IKED_POLICY_IPCOMP) && 4147 (len = ikev2_add_ipcompnotify(env, e, &pld, 0, sa, 1)) == -1) 4148 goto done; 4149 if ((pol->pol_flags & IKED_POLICY_TRANSPORT) && 4150 (len = ikev2_add_transport_mode(env, e, &pld, len, sa)) == -1) 4151 goto done; 4152 4153 if (pld) { 4154 firstpayload = IKEV2_PAYLOAD_NOTIFY; 4155 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 4156 goto done; 4157 } else 4158 firstpayload = IKEV2_PAYLOAD_SA; 4159 4160 /* SA payload */ 4161 if ((pld = ikev2_add_payload(e)) == NULL) 4162 goto done; 4163 4164 /* 4165 * We need to reset the sa_proposal. Otherwise it would be 4166 * left over from the IKE_AUTH exchange and would not contain 4167 * any DH groups (e.g. for ESP child SAs). 4168 */ 4169 if (ikev2_set_sa_proposal(sa, pol, protoid) < 0) { 4170 log_debug("%s: ikev2_set_sa_proposal failed", __func__); 4171 goto done; 4172 } 4173 4174 if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 4175 protoid, 1, 0, 0)) == -1) 4176 goto done; 4177 4178 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 4179 goto done; 4180 4181 /* NONCE payload */ 4182 if ((pld = ikev2_add_payload(e)) == NULL) 4183 goto done; 4184 if (ikev2_add_buf(e, nonce) == -1) 4185 goto done; 4186 len = ibuf_size(nonce); 4187 4188 if ((xform = config_findtransform(&pol->pol_proposals, IKEV2_XFORMTYPE_DH, 4189 protoid)) && xform->xform_id != IKEV2_XFORMDH_NONE) { 4190 log_debug("%s: enable PFS", __func__); 4191 ikev2_sa_cleanup_dh(sa); 4192 if (proposed_group) { 4193 if ((sa->sa_dhgroup = 4194 group_get(proposed_group)) == NULL) { 4195 log_debug("%s: failed to get group", __func__); 4196 goto done; 4197 } 4198 } 4199 if (ikev2_sa_initiator_dh(sa, NULL, protoid, NULL) < 0) { 4200 log_debug("%s: failed to setup DH", __func__); 4201 goto done; 4202 } 4203 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 4204 goto done; 4205 4206 /* KE payload */ 4207 if ((pld = ikev2_add_payload(e)) == NULL) 4208 goto done; 4209 if ((ke = ibuf_reserve(e, sizeof(*ke))) == NULL) 4210 goto done; 4211 if ((group = sa->sa_dhgroup) == NULL) { 4212 log_debug("%s: invalid dh", __func__); 4213 goto done; 4214 } 4215 ke->kex_dhgroup = htobe16(group->id); 4216 if (ikev2_add_buf(e, sa->sa_dhiexchange) == -1) 4217 goto done; 4218 len = sizeof(*ke) + ibuf_size(sa->sa_dhiexchange); 4219 } 4220 4221 if ((len = ikev2_add_ts(e, &pld, len, sa, !initiator)) == -1) 4222 goto done; 4223 4224 if (rekey) { 4225 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NOTIFY) == -1) 4226 goto done; 4227 4228 /* REKEY_SA notification */ 4229 if ((pld = ikev2_add_payload(e)) == NULL) 4230 goto done; 4231 if ((n = ibuf_reserve(e, sizeof(*n))) == NULL) 4232 goto done; 4233 n->n_type = htobe16(IKEV2_N_REKEY_SA); 4234 n->n_protoid = rekey->spi_protoid; 4235 n->n_spisize = rekey->spi_size; 4236 if ((ptr = ibuf_reserve(e, rekey->spi_size)) == NULL) 4237 goto done; 4238 len = rekey->spi_size; 4239 spi = htobe32((uint32_t)csa->csa_peerspi); 4240 memcpy(ptr, &spi, rekey->spi_size); 4241 len += sizeof(*n); 4242 } 4243 4244 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 4245 goto done; 4246 4247 ret = ikev2_msg_send_encrypt(env, sa, &e, 4248 IKEV2_EXCHANGE_CREATE_CHILD_SA, firstpayload, 0); 4249 if (ret == 0) { 4250 if (rekey) { 4251 csa->csa_rekey = 1; 4252 csb->csa_rekey = 1; 4253 /* 4254 * Remember the peer spi of the rekeyed 4255 * SA for ikev2_init_create_child_sa(). 4256 */ 4257 sa->sa_rekeyspi = csa->csa_peerspi; 4258 } 4259 sa->sa_stateflags |= IKED_REQ_CHILDSA; 4260 } 4261 4262 done: 4263 ibuf_free(e); 4264 return (ret); 4265 } 4266 4267 void 4268 ikev2_ike_sa_rekey(struct iked *env, void *arg) 4269 { 4270 struct iked_sa *sa = arg; 4271 struct iked_sa *nsa = NULL; 4272 struct ikev2_payload *pld = NULL; 4273 struct ikev2_keyexchange *ke; 4274 struct dh_group *group; 4275 struct ibuf *e = NULL, *nonce = NULL; 4276 ssize_t len = 0; 4277 int ret = -1; 4278 4279 log_debug("%s: IKE SA %p ispi %s rspi %s", __func__, sa, 4280 print_spi(sa->sa_hdr.sh_ispi, 8), 4281 print_spi(sa->sa_hdr.sh_rspi, 8)); 4282 4283 if (sa->sa_nexti) { 4284 log_debug("%s: already rekeying", __func__); 4285 goto done; 4286 } 4287 4288 if (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) { 4289 /* 4290 * We cannot initiate multiple concurrent CREATE_CHILD_SA 4291 * exchanges, so retry again fast. 4292 */ 4293 log_info("%s: busy, delaying rekey", SPI_SA(sa, __func__)); 4294 ikev2_ike_sa_rekey_schedule_fast(env, sa); 4295 return; 4296 } 4297 4298 /* We need to make sure the rekeying finishes in time */ 4299 timer_set(env, &sa->sa_rekey, ikev2_ike_sa_rekey_timeout, sa); 4300 timer_add(env, &sa->sa_rekey, IKED_IKE_SA_REKEY_TIMEOUT); 4301 4302 if ((nsa = sa_new(env, 0, 0, 1, sa->sa_policy)) == NULL) { 4303 log_debug("%s: failed to get new SA", __func__); 4304 goto done; 4305 } 4306 4307 if (ikev2_sa_initiator(env, nsa, sa, NULL)) { 4308 log_debug("%s: failed to setup DH", __func__); 4309 goto done; 4310 } 4311 sa_state(env, nsa, IKEV2_STATE_AUTH_SUCCESS); 4312 nonce = nsa->sa_inonce; 4313 4314 if ((e = ibuf_static()) == NULL) 4315 goto done; 4316 4317 /* SA payload */ 4318 if ((pld = ikev2_add_payload(e)) == NULL) 4319 goto done; 4320 4321 /* just reuse the old IKE SA proposals */ 4322 if ((len = ikev2_add_proposals(env, nsa, e, &sa->sa_proposals, 4323 IKEV2_SAPROTO_IKE, 1, 1, 0)) == -1) 4324 goto done; 4325 4326 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 4327 goto done; 4328 4329 /* NONCE payload */ 4330 if ((pld = ikev2_add_payload(e)) == NULL) 4331 goto done; 4332 if (ikev2_add_buf(e, nonce) == -1) 4333 goto done; 4334 len = ibuf_size(nonce); 4335 4336 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 4337 goto done; 4338 4339 /* KE payload */ 4340 if ((pld = ikev2_add_payload(e)) == NULL) 4341 goto done; 4342 if ((ke = ibuf_reserve(e, sizeof(*ke))) == NULL) 4343 goto done; 4344 if ((group = nsa->sa_dhgroup) == NULL) { 4345 log_debug("%s: invalid dh", __func__); 4346 goto done; 4347 } 4348 ke->kex_dhgroup = htobe16(group->id); 4349 if (ikev2_add_buf(e, nsa->sa_dhiexchange) == -1) 4350 goto done; 4351 len = sizeof(*ke) + ibuf_size(nsa->sa_dhiexchange); 4352 4353 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 4354 goto done; 4355 4356 ret = ikev2_msg_send_encrypt(env, sa, &e, 4357 IKEV2_EXCHANGE_CREATE_CHILD_SA, IKEV2_PAYLOAD_SA, 0); 4358 if (ret == 0) { 4359 sa->sa_stateflags |= IKED_REQ_CHILDSA; 4360 sa->sa_nexti = nsa; 4361 nsa->sa_previ = sa; 4362 sa->sa_tmpfail = 0; 4363 nsa = NULL; 4364 } 4365 done: 4366 if (nsa) { 4367 ikev2_ike_sa_setreason(nsa, "failed to send CREATE_CHILD_SA"); 4368 sa_free(env, nsa); 4369 } 4370 ibuf_free(e); 4371 4372 if (ret == 0) 4373 log_debug("%s: create child SA sent", __func__); 4374 else 4375 log_debug("%s: could not send create child SA", __func__); 4376 /* XXX should we try again in case of ret != 0 ? */ 4377 } 4378 4379 int 4380 ikev2_nonce_cmp(struct ibuf *a, struct ibuf *b) 4381 { 4382 size_t alen, blen, len; 4383 int ret; 4384 4385 alen = ibuf_size(a); 4386 blen = ibuf_size(b); 4387 len = MINIMUM(alen, blen); 4388 ret = memcmp(ibuf_data(a), ibuf_data(b), len); 4389 if (ret == 0) 4390 ret = (alen < blen ? -1 : 1); 4391 return (ret); 4392 } 4393 4394 int 4395 ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) 4396 { 4397 struct iked_childsa *csa = NULL; 4398 struct iked_proposal *prop; 4399 struct iked_sa *sa = msg->msg_sa; 4400 struct iked_sa *nsa, *dsa; 4401 struct iked_spi *spi; 4402 struct ikev2_delete *del; 4403 struct ibuf *buf = NULL; 4404 struct ibuf *ni, *nr; 4405 uint32_t spi32; 4406 int pfs = 0, ret = -1; 4407 4408 if (!ikev2_msg_frompeer(msg) || 4409 (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) == 0) 4410 return (0); 4411 4412 if (sa->sa_nexti != NULL && sa->sa_tmpfail) { 4413 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 4414 ikev2_ike_sa_setreason(sa->sa_nexti, "tmpfail"); 4415 sa_free(env, sa->sa_nexti); 4416 sa->sa_nexti = NULL; 4417 timer_set(env, &sa->sa_rekey, ikev2_ike_sa_rekey, sa); 4418 ikev2_ike_sa_rekey_schedule_fast(env, sa); 4419 log_info("%s: IKESA rekey delayed", SPI_SA(sa, __func__)); 4420 return (0); 4421 } 4422 4423 if (msg->msg_prop == NULL || 4424 TAILQ_EMPTY(&msg->msg_proposals)) { 4425 log_info("%s: no proposal specified", SPI_SA(sa, __func__)); 4426 return (-1); 4427 } 4428 4429 if (proposals_negotiate(&sa->sa_proposals, &sa->sa_proposals, 4430 &msg->msg_proposals, 1, -1) != 0) { 4431 log_info("%s: no proposal chosen", SPI_SA(sa, __func__)); 4432 ikestat_inc(env, ikes_sa_proposals_negotiate_failures); 4433 return (-1); 4434 } 4435 4436 TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { 4437 if (prop->prop_protoid == msg->msg_prop->prop_protoid) 4438 break; 4439 } 4440 if (prop == NULL) { 4441 log_info("%s: failed to find %s proposals", SPI_SA(sa, __func__), 4442 print_map(msg->msg_prop->prop_protoid, ikev2_saproto_map)); 4443 return (-1); 4444 } 4445 4446 /* IKE SA rekeying */ 4447 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) { 4448 if (sa->sa_nexti == NULL) { 4449 log_info("%s: missing IKE SA for rekeying", 4450 SPI_SA(sa, __func__)); 4451 return (-1); 4452 } 4453 /* Update the responder SPI */ 4454 /* XXX sa_new() is just a lookup, so nsa == sa->sa_nexti */ 4455 spi = &msg->msg_prop->prop_peerspi; 4456 if ((nsa = sa_new(env, sa->sa_nexti->sa_hdr.sh_ispi, 4457 spi->spi, 1, NULL)) == NULL || nsa != sa->sa_nexti) { 4458 log_info("%s: invalid rekey SA", SPI_SA(sa, __func__)); 4459 if (nsa) { 4460 ikev2_ike_sa_setreason(nsa, 4461 "invalid SA for rekey"); 4462 sa_free(env, nsa); 4463 } 4464 ikev2_ike_sa_setreason(sa->sa_nexti, "invalid SA nexti"); 4465 sa_free(env, sa->sa_nexti); 4466 sa->sa_nexti = NULL; /* reset by sa_free */ 4467 return (-1); 4468 } 4469 if (ikev2_sa_initiator(env, nsa, sa, msg) == -1) { 4470 log_info("%s: failed to get IKE keys", 4471 SPI_SA(sa, __func__)); 4472 return (-1); 4473 } 4474 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 4475 if (sa->sa_nextr) { 4476 /* 4477 * Resolve simultaneous IKE SA rekeying by 4478 * deleting the SA with the lowest NONCE. 4479 */ 4480 log_info("%s: resolving simultaneous IKE SA rekeying", 4481 SPI_SA(sa, __func__)); 4482 /* ni: minimum nonce of sa_nexti */ 4483 if (ikev2_nonce_cmp(sa->sa_nexti->sa_inonce, 4484 sa->sa_nexti->sa_rnonce) < 0) 4485 ni = sa->sa_nexti->sa_inonce; 4486 else 4487 ni = sa->sa_nexti->sa_rnonce; 4488 /* nr: minimum nonce of sa_nextr */ 4489 if (ikev2_nonce_cmp(sa->sa_nextr->sa_inonce, 4490 sa->sa_nextr->sa_rnonce) < 0) 4491 nr = sa->sa_nextr->sa_inonce; 4492 else 4493 nr = sa->sa_nextr->sa_rnonce; 4494 /* delete SA with minumum nonce */ 4495 if (ikev2_nonce_cmp(ni, nr) < 0) { 4496 dsa = sa->sa_nexti; 4497 nsa = sa->sa_nextr; 4498 } else { 4499 dsa = sa->sa_nextr; 4500 nsa = sa->sa_nexti; 4501 } 4502 /* unlink sa_nextr */ 4503 sa->sa_nextr->sa_prevr = NULL; 4504 sa->sa_nextr = NULL; 4505 /* Setup address, socket and NAT information */ 4506 sa_address(dsa, &dsa->sa_peer, 4507 (struct sockaddr *)&sa->sa_peer.addr); 4508 sa_address(dsa, &dsa->sa_local, 4509 (struct sockaddr *)&sa->sa_local.addr); 4510 dsa->sa_fd = sa->sa_fd; 4511 dsa->sa_natt = sa->sa_natt; 4512 dsa->sa_udpencap = sa->sa_udpencap; 4513 ikev2_ike_sa_setreason(dsa, 4514 "resolving simultaneous rekeying"); 4515 ikev2_ikesa_delete(env, dsa, dsa->sa_hdr.sh_initiator); 4516 } 4517 /* unlink sa_nexti */ 4518 sa->sa_nexti->sa_previ = NULL; 4519 sa->sa_nexti = NULL; 4520 return (ikev2_ikesa_enable(env, sa, nsa)); 4521 } 4522 4523 /* Child SA rekeying */ 4524 if (sa->sa_rekeyspi && 4525 (csa = childsa_lookup(sa, sa->sa_rekeyspi, prop->prop_protoid)) 4526 != NULL) { 4527 log_info("%s: rekeying CHILD SA old %s spi %s", 4528 SPI_SA(sa, __func__), 4529 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size), 4530 print_spi(prop->prop_peerspi.spi, 4531 prop->prop_peerspi.spi_size)); 4532 } 4533 4534 /* check KE payload for PFS */ 4535 if (ibuf_length(msg->msg_ke)) { 4536 log_debug("%s: using PFS", __func__); 4537 if (ikev2_sa_initiator_dh(sa, msg, prop->prop_protoid, NULL) < 0) { 4538 log_info("%s: failed to setup DH", 4539 SPI_SA(sa, __func__)); 4540 return (ret); 4541 } 4542 if (sa->sa_dhpeer == NULL) { 4543 log_info("%s: no peer DH", SPI_SA(sa, __func__)); 4544 return (ret); 4545 } 4546 pfs = 1; 4547 /* XXX check group against policy ? */ 4548 /* XXX should proposals_negotiate do this? */ 4549 } 4550 4551 /* Update responder's nonce */ 4552 if (!ibuf_length(msg->msg_nonce)) { 4553 log_info("%s: responder didn't send nonce", 4554 SPI_SA(sa, __func__)); 4555 return (-1); 4556 } 4557 ibuf_free(sa->sa_rnonce); 4558 sa->sa_rnonce = msg->msg_nonce; 4559 msg->msg_nonce = NULL; 4560 4561 if (csa && (nr = sa->sa_simult) != NULL) { 4562 log_info("%s: resolving simultaneous CHILD SA rekeying", 4563 SPI_SA(sa, __func__)); 4564 /* set ni to minimum nonce for exchange initiated by us */ 4565 if (ikev2_nonce_cmp(sa->sa_inonce, sa->sa_rnonce) < 0) 4566 ni = sa->sa_inonce; 4567 else 4568 ni = sa->sa_rnonce; 4569 /* 4570 * If the exchange initated by us has smaller nonce, 4571 * then we have to delete our SAs. 4572 */ 4573 if (ikev2_nonce_cmp(ni, nr) < 0) { 4574 ret = ikev2_childsa_delete_proposed(env, sa, 4575 &sa->sa_proposals); 4576 goto done; 4577 } 4578 } 4579 4580 if (ikev2_childsa_negotiate(env, sa, &sa->sa_kex, &sa->sa_proposals, 1, 4581 pfs)) { 4582 log_info("%s: failed to get CHILD SAs", SPI_SA(sa, __func__)); 4583 return (-1); 4584 } 4585 4586 if (csa) { 4587 /* Child SA rekeying */ 4588 4589 if ((buf = ibuf_static()) == NULL) 4590 goto done; 4591 4592 if ((del = ibuf_reserve(buf, sizeof(*del))) == NULL) 4593 goto done; 4594 4595 del->del_protoid = prop->prop_protoid; 4596 del->del_spisize = sizeof(spi32); 4597 del->del_nspi = htobe16(1); 4598 4599 spi32 = htobe32(csa->csa_spi.spi); 4600 if (ibuf_add(buf, &spi32, sizeof(spi32))) 4601 goto done; 4602 4603 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 4604 IKEV2_EXCHANGE_INFORMATIONAL, 0)) 4605 goto done; 4606 4607 sa->sa_stateflags |= IKED_REQ_INF; 4608 } 4609 4610 ret = ikev2_childsa_enable(env, sa); 4611 4612 done: 4613 sa->sa_stateflags &= ~IKED_REQ_CHILDSA; 4614 4615 if (ret) 4616 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 4617 else if (csa) { 4618 /* delete the rekeyed SA pair */ 4619 ikev2_childsa_delete(env, sa, csa->csa_saproto, 4620 csa->csa_peerspi, NULL, 0); 4621 } 4622 ibuf_free(buf); 4623 return (ret); 4624 } 4625 4626 int 4627 ikev2_ikesa_enable(struct iked *env, struct iked_sa *sa, struct iked_sa *nsa) 4628 { 4629 struct iked_childsa *csa, *csatmp, *ipcomp; 4630 struct iked_flow *flow, *flowtmp; 4631 struct iked_proposal *prop, *proptmp; 4632 int i; 4633 4634 log_debug("%s: IKE SA %p ispi %s rspi %s replaced" 4635 " by SA %p ispi %s rspi %s ", 4636 __func__, sa, 4637 print_spi(sa->sa_hdr.sh_ispi, 8), 4638 print_spi(sa->sa_hdr.sh_rspi, 8), 4639 nsa, 4640 print_spi(nsa->sa_hdr.sh_ispi, 8), 4641 print_spi(nsa->sa_hdr.sh_rspi, 8)); 4642 4643 /* Transfer socket and NAT information */ 4644 nsa->sa_fd = sa->sa_fd; 4645 nsa->sa_natt = sa->sa_natt; 4646 nsa->sa_udpencap = sa->sa_udpencap; 4647 nsa->sa_usekeepalive = sa->sa_usekeepalive; 4648 nsa->sa_mobike = sa->sa_mobike; 4649 nsa->sa_frag = sa->sa_frag; 4650 4651 /* Transfer old addresses */ 4652 memcpy(&nsa->sa_local, &sa->sa_local, sizeof(nsa->sa_local)); 4653 memcpy(&nsa->sa_peer, &sa->sa_peer, sizeof(nsa->sa_peer)); 4654 memcpy(&nsa->sa_peer_loaded, &sa->sa_peer_loaded, 4655 sizeof(nsa->sa_peer_loaded)); 4656 4657 /* Transfer all Child SAs and flows from the old IKE SA */ 4658 TAILQ_FOREACH_SAFE(flow, &sa->sa_flows, flow_entry, flowtmp) { 4659 TAILQ_REMOVE(&sa->sa_flows, flow, flow_entry); 4660 TAILQ_INSERT_TAIL(&nsa->sa_flows, flow, 4661 flow_entry); 4662 flow->flow_ikesa = nsa; 4663 flow->flow_local = &nsa->sa_local; 4664 flow->flow_peer = &nsa->sa_peer; 4665 } 4666 TAILQ_FOREACH_SAFE(csa, &sa->sa_childsas, csa_entry, csatmp) { 4667 TAILQ_REMOVE(&sa->sa_childsas, csa, csa_entry); 4668 TAILQ_INSERT_TAIL(&nsa->sa_childsas, csa, 4669 csa_entry); 4670 csa->csa_ikesa = nsa; 4671 if (csa->csa_dir == IPSP_DIRECTION_IN) { 4672 csa->csa_local = &nsa->sa_peer; 4673 csa->csa_peer = &nsa->sa_local; 4674 } else { 4675 csa->csa_local = &nsa->sa_local; 4676 csa->csa_peer = &nsa->sa_peer; 4677 } 4678 if ((ipcomp = csa->csa_bundled) != NULL) { 4679 ipcomp->csa_ikesa = nsa; 4680 ipcomp->csa_local = csa->csa_local; 4681 ipcomp->csa_peer = csa->csa_peer; 4682 } 4683 } 4684 /* Transfer all non-IKE proposals */ 4685 TAILQ_FOREACH_SAFE(prop, &sa->sa_proposals, prop_entry, proptmp) { 4686 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) 4687 continue; 4688 TAILQ_REMOVE(&sa->sa_proposals, prop, prop_entry); 4689 TAILQ_INSERT_TAIL(&nsa->sa_proposals, prop, 4690 prop_entry); 4691 } 4692 4693 /* Preserve ID information */ 4694 ibuf_free(nsa->sa_iid.id_buf); 4695 ibuf_free(nsa->sa_rid.id_buf); 4696 ibuf_free(nsa->sa_icert.id_buf); 4697 ibuf_free(nsa->sa_rcert.id_buf); 4698 if (sa->sa_hdr.sh_initiator == nsa->sa_hdr.sh_initiator) { 4699 nsa->sa_iid = sa->sa_iid; 4700 nsa->sa_rid = sa->sa_rid; 4701 nsa->sa_icert = sa->sa_icert; 4702 nsa->sa_rcert = sa->sa_rcert; 4703 } else { 4704 /* initiator and responder role swapped */ 4705 nsa->sa_iid = sa->sa_rid; 4706 nsa->sa_rid = sa->sa_iid; 4707 nsa->sa_icert = sa->sa_rcert; 4708 nsa->sa_rcert = sa->sa_icert; 4709 } 4710 for (i = 0; i < IKED_SCERT_MAX; i++) 4711 nsa->sa_scert[i] = sa->sa_scert[i]; 4712 /* duplicate the actual buffer */ 4713 nsa->sa_iid.id_buf = ibuf_dup(nsa->sa_iid.id_buf); 4714 nsa->sa_rid.id_buf = ibuf_dup(nsa->sa_rid.id_buf); 4715 nsa->sa_icert.id_buf = ibuf_dup(nsa->sa_icert.id_buf); 4716 nsa->sa_rcert.id_buf = ibuf_dup(nsa->sa_rcert.id_buf); 4717 for (i = 0; i < IKED_SCERT_MAX; i++) 4718 nsa->sa_scert[i].id_buf = ibuf_dup(nsa->sa_scert[i].id_buf); 4719 4720 /* Transfer sa_addrpool address */ 4721 if (sa->sa_addrpool) { 4722 RB_REMOVE(iked_addrpool, &env->sc_addrpool, sa); 4723 nsa->sa_addrpool = sa->sa_addrpool; 4724 sa->sa_addrpool = NULL; 4725 RB_INSERT(iked_addrpool, &env->sc_addrpool, nsa); 4726 } 4727 if (sa->sa_addrpool6) { 4728 RB_REMOVE(iked_addrpool6, &env->sc_addrpool6, sa); 4729 nsa->sa_addrpool6 = sa->sa_addrpool6; 4730 sa->sa_addrpool6 = NULL; 4731 RB_INSERT(iked_addrpool6, &env->sc_addrpool6, nsa); 4732 } 4733 nsa->sa_cp = sa->sa_cp; 4734 nsa->sa_cp_addr = sa->sa_cp_addr; 4735 sa->sa_cp_addr = NULL; 4736 nsa->sa_cp_addr6 = sa->sa_cp_addr6; 4737 sa->sa_cp_addr6 = NULL; 4738 nsa->sa_cp_dns = sa->sa_cp_dns; 4739 sa->sa_cp_dns = NULL; 4740 /* Transfer other attributes */ 4741 if (sa->sa_dstid_entry_valid) { 4742 sa_dstid_remove(env, sa); 4743 sa_dstid_insert(env, nsa); 4744 } 4745 if (sa->sa_tag) { 4746 nsa->sa_tag = sa->sa_tag; 4747 sa->sa_tag = NULL; 4748 } 4749 if (sa->sa_eapid) { 4750 nsa->sa_eapid = sa->sa_eapid; 4751 sa->sa_eapid = NULL; 4752 } 4753 log_info("%srekeyed as new IKESA %s (enc %s%s%s group %s prf %s)", 4754 SPI_SA(sa, NULL), print_spi(nsa->sa_hdr.sh_ispi, 8), 4755 print_xf(nsa->sa_encr->encr_id, cipher_keylength(nsa->sa_encr) - 4756 nsa->sa_encr->encr_saltlength, ikeencxfs), 4757 nsa->sa_encr->encr_authid ? "" : " auth ", 4758 nsa->sa_encr->encr_authid ? "" : print_xf(nsa->sa_integr->hash_id, 4759 hash_keylength(nsa->sa_integr), authxfs), 4760 print_xf(nsa->sa_dhgroup->id, 0, groupxfs), 4761 print_xf(nsa->sa_prf->hash_id, hash_keylength(sa->sa_prf), prfxfs)); 4762 sa_state(env, nsa, IKEV2_STATE_ESTABLISHED); 4763 ikev2_enable_timer(env, nsa); 4764 4765 ikestat_inc(env, ikes_sa_rekeyed); 4766 4767 nsa->sa_stateflags = nsa->sa_statevalid; /* XXX */ 4768 4769 /* unregister DPD keep alive timer & rekey first */ 4770 if (sa->sa_state == IKEV2_STATE_ESTABLISHED) 4771 ikev2_disable_timer(env, sa); 4772 4773 ikev2_ike_sa_setreason(sa, "SA rekeyed"); 4774 ikev2_ikesa_delete(env, sa, nsa->sa_hdr.sh_initiator); 4775 return (0); 4776 } 4777 4778 void 4779 ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, int initiator) 4780 { 4781 struct ibuf *buf = NULL; 4782 struct ikev2_delete *del; 4783 4784 if (initiator) { 4785 /* XXX: Can not have simultaneous INFORMATIONAL exchanges */ 4786 if (sa->sa_stateflags & IKED_REQ_INF) 4787 goto done; 4788 /* Send PAYLOAD_DELETE */ 4789 if ((buf = ibuf_static()) == NULL) 4790 goto done; 4791 if ((del = ibuf_reserve(buf, sizeof(*del))) == NULL) 4792 goto done; 4793 del->del_protoid = IKEV2_SAPROTO_IKE; 4794 del->del_spisize = 0; 4795 del->del_nspi = 0; 4796 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 4797 IKEV2_EXCHANGE_INFORMATIONAL, 0) == -1) 4798 goto done; 4799 sa->sa_stateflags |= IKED_REQ_INF; 4800 log_info("%s: sent delete, closing SA", SPI_SA(sa, __func__)); 4801 done: 4802 ibuf_free(buf); 4803 sa_state(env, sa, IKEV2_STATE_CLOSED); 4804 } else { 4805 sa_state(env, sa, IKEV2_STATE_CLOSING); 4806 } 4807 4808 /* Remove IKE-SA after timeout, e.g. if we don't get a delete */ 4809 timer_set(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa); 4810 timer_add(env, &sa->sa_timer, IKED_IKE_SA_DELETE_TIMEOUT); 4811 ikev2_ike_sa_setreason(sa, "deleting SA"); 4812 } 4813 4814 void 4815 ikev2_ikesa_recv_delete(struct iked *env, struct iked_sa *sa) 4816 { 4817 log_info("%s: received delete", SPI_SA(sa, __func__)); 4818 if (sa->sa_nexti) { 4819 /* 4820 * We initiated rekeying, but since sa_nexti is still set 4821 * we have to assume that the the peer did not receive our 4822 * rekey message. So remove the initiated SA and -- if 4823 * sa_nextr is set -- keep the responder SA instead. 4824 */ 4825 if (sa->sa_nextr) { 4826 log_debug("%s: resolving simultaneous IKE SA rekeying", 4827 SPI_SA(sa, __func__)); 4828 ikev2_ikesa_enable(env, sa, sa->sa_nextr); 4829 /* unlink sa_nextr */ 4830 sa->sa_nextr->sa_prevr = NULL; 4831 sa->sa_nextr = NULL; 4832 } 4833 ikev2_ike_sa_setreason(sa->sa_nexti, 4834 "received delete (simultaneous rekeying)"); 4835 sa_free(env, sa->sa_nexti); 4836 sa->sa_nexti = NULL; /* reset by sa_free */ 4837 } 4838 ikev2_ike_sa_setreason(sa, "received delete"); 4839 if (env->sc_stickyaddress) { 4840 /* delay deletion if client reconnects soon */ 4841 sa_state(env, sa, IKEV2_STATE_CLOSING); 4842 timer_del(env, &sa->sa_timer); 4843 timer_set(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa); 4844 timer_add(env, &sa->sa_timer, 3 * IKED_RETRANSMIT_TIMEOUT); 4845 } else { 4846 sa_state(env, sa, IKEV2_STATE_CLOSED); 4847 } 4848 } 4849 4850 int 4851 ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) 4852 { 4853 struct iked_childsa *csa = NULL; 4854 struct iked_proposal *prop; 4855 struct iked_proposals proposals; 4856 struct iked_kex *kex, *kextmp = NULL; 4857 struct iked_sa *nsa = NULL, *sa = msg->msg_sa; 4858 struct iked_spi *spi, *rekey = &msg->msg_rekey; 4859 struct iked_transform *xform; 4860 struct ikev2_keyexchange *ke; 4861 struct ikev2_payload *pld = NULL; 4862 struct ibuf *e = NULL, *nonce = NULL; 4863 uint8_t firstpayload; 4864 ssize_t len = 0; 4865 int initiator, protoid, rekeying = 1; 4866 int ret = -1; 4867 int pfs = 0; 4868 4869 initiator = sa->sa_hdr.sh_initiator ? 1 : 0; 4870 4871 if (!ikev2_msg_frompeer(msg) || msg->msg_prop == NULL) 4872 return (0); 4873 4874 TAILQ_INIT(&proposals); 4875 4876 if ((protoid = rekey->spi_protoid) == 0) { 4877 /* 4878 * If REKEY_SA notification is not present, then it's either 4879 * IKE SA rekeying or the client wants to create additional 4880 * CHILD SAs 4881 */ 4882 if (msg->msg_prop->prop_protoid == IKEV2_SAPROTO_IKE) { 4883 protoid = rekey->spi_protoid = IKEV2_SAPROTO_IKE; 4884 if (sa->sa_hdr.sh_initiator) 4885 rekey->spi = sa->sa_hdr.sh_rspi; 4886 else 4887 rekey->spi = sa->sa_hdr.sh_ispi; 4888 rekey->spi_size = 8; 4889 } else { 4890 protoid = msg->msg_prop->prop_protoid; 4891 rekeying = 0; 4892 } 4893 } 4894 4895 if (rekeying) 4896 log_debug("%s: rekey %s spi %s", __func__, 4897 print_map(rekey->spi_protoid, ikev2_saproto_map), 4898 print_spi(rekey->spi, rekey->spi_size)); 4899 else 4900 log_debug("%s: creating new %s SA", __func__, 4901 print_map(protoid, ikev2_saproto_map)); 4902 4903 if (protoid == IKEV2_SAPROTO_IKE) { 4904 if ((sa->sa_stateflags & IKED_REQ_CHILDSA) 4905 && !(sa->sa_nexti)) { 4906 log_debug("%s: Ignore IKE SA rekey: waiting for Child " 4907 "SA response.", __func__); 4908 /* Ignore, don't send error */ 4909 msg->msg_valid = 0; 4910 return (0); 4911 } 4912 4913 /* IKE SA rekeying */ 4914 spi = &msg->msg_prop->prop_peerspi; 4915 4916 if ((nsa = sa_new(env, spi->spi, 0, 0, 4917 msg->msg_policy)) == NULL) { 4918 log_debug("%s: failed to get new SA", __func__); 4919 return (ret); 4920 } 4921 4922 if (ikev2_sa_responder(env, nsa, sa, msg)) { 4923 log_debug("%s: failed to get IKE SA keys", __func__); 4924 return (ret); 4925 } 4926 4927 sa_state(env, nsa, IKEV2_STATE_AUTH_SUCCESS); 4928 4929 nonce = nsa->sa_rnonce; 4930 kex = &nsa->sa_kex; 4931 } else { 4932 /* Child SA creating/rekeying */ 4933 4934 if ((kex = kextmp = calloc(1, sizeof(*kextmp))) == NULL) { 4935 log_debug("%s: calloc kex", __func__); 4936 goto fail; 4937 } 4938 4939 if (proposals_negotiate(&proposals, 4940 &sa->sa_policy->pol_proposals, &msg->msg_proposals, 4941 1, msg->msg_dhgroup) != 0) { 4942 log_info("%s: no proposal chosen", __func__); 4943 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 4944 ikestat_inc(env, ikes_sa_proposals_negotiate_failures); 4945 goto fail; 4946 } 4947 4948 /* Check KE payload for PFS, ignore if DH transform is NONE */ 4949 if (((xform = config_findtransform(&proposals, 4950 IKEV2_XFORMTYPE_DH, protoid)) != NULL) && 4951 xform->xform_id != IKEV2_XFORMDH_NONE && 4952 ibuf_length(msg->msg_ke)) { 4953 log_debug("%s: using PFS", __func__); 4954 if (ikev2_sa_responder_dh(kex, &proposals, 4955 msg, protoid) < 0) { 4956 log_debug("%s: failed to setup DH", __func__); 4957 goto fail; 4958 } 4959 pfs = 1; 4960 /* XXX check group against policy ? */ 4961 } 4962 4963 /* Update peer SPI */ 4964 TAILQ_FOREACH(prop, &proposals, prop_entry) { 4965 if (prop->prop_protoid == protoid) 4966 break; 4967 } 4968 if (prop == NULL) { 4969 log_debug("%s: failed to find %s proposals", __func__, 4970 print_map(protoid, ikev2_saproto_map)); 4971 goto fail; 4972 } else 4973 prop->prop_peerspi = msg->msg_prop->prop_peerspi; 4974 4975 /* Set rekeying flags on Child SAs */ 4976 if (rekeying) { 4977 if ((csa = childsa_lookup(sa, rekey->spi, 4978 rekey->spi_protoid)) == NULL) { 4979 log_info("%s: CHILD SA %s wasn't found", 4980 SPI_SA(sa, __func__), 4981 print_spi(rekey->spi, rekey->spi_size)); 4982 msg->msg_error = IKEV2_N_CHILD_SA_NOT_FOUND; 4983 goto fail; 4984 } 4985 if (!csa->csa_loaded || !csa->csa_peersa || 4986 !csa->csa_peersa->csa_loaded) { 4987 log_info("%s: CHILD SA %s is not loaded" 4988 " or no peer SA", SPI_SA(sa, __func__), 4989 print_spi(rekey->spi, rekey->spi_size)); 4990 msg->msg_error = IKEV2_N_CHILD_SA_NOT_FOUND; 4991 goto fail; 4992 } 4993 csa->csa_rekey = 1; 4994 csa->csa_peersa->csa_rekey = 1; 4995 } 4996 4997 /* Update initiator's nonce */ 4998 if (!ibuf_length(msg->msg_nonce)) { 4999 log_debug("%s: initiator didn't send nonce", __func__); 5000 goto fail; 5001 } 5002 ibuf_free(kex->kex_inonce); 5003 kex->kex_inonce = msg->msg_nonce; 5004 msg->msg_nonce = NULL; 5005 5006 /* Generate new responder's nonce */ 5007 if ((nonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) 5008 goto fail; 5009 5010 /* Update responder's nonce */ 5011 ibuf_free(kex->kex_rnonce); 5012 kex->kex_rnonce = nonce; 5013 5014 if (ikev2_childsa_negotiate(env, sa, kex, &proposals, 0, pfs)) { 5015 log_debug("%s: failed to get CHILD SAs", __func__); 5016 goto fail; 5017 } 5018 5019 if (rekeying && (sa->sa_stateflags & IKED_REQ_CHILDSA) && 5020 csa && (sa->sa_rekeyspi == csa->csa_peerspi)) { 5021 log_info("%s: simultaneous rekeying for CHILD SA %s/%s", 5022 SPI_SA(sa, __func__), 5023 print_spi(rekey->spi, rekey->spi_size), 5024 print_spi(sa->sa_rekeyspi, rekey->spi_size)); 5025 ibuf_free(sa->sa_simult); 5026 if (ikev2_nonce_cmp(kex->kex_inonce, nonce) < 0) 5027 sa->sa_simult = ibuf_dup(kex->kex_inonce); 5028 else 5029 sa->sa_simult = ibuf_dup(nonce); 5030 } 5031 } 5032 5033 if ((e = ibuf_static()) == NULL) 5034 goto done; 5035 5036 if (!nsa && sa->sa_ipcompr.ic_transform && 5037 (len = ikev2_add_ipcompnotify(env, e, &pld, 0, sa, 0)) == -1) 5038 goto done; 5039 if (!nsa && sa->sa_used_transport_mode && 5040 (len = ikev2_add_transport_mode(env, e, &pld, len, sa)) == -1) 5041 goto done; 5042 5043 if (pld) { 5044 firstpayload = IKEV2_PAYLOAD_NOTIFY; 5045 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1) 5046 goto done; 5047 } else 5048 firstpayload = IKEV2_PAYLOAD_SA; 5049 5050 /* SA payload */ 5051 if ((pld = ikev2_add_payload(e)) == NULL) 5052 goto done; 5053 5054 if ((len = ikev2_add_proposals(env, nsa ? nsa : sa, e, 5055 nsa ? &nsa->sa_proposals : &proposals, 5056 protoid, 0, nsa ? 1 : 0, 0)) == -1) 5057 goto done; 5058 5059 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) 5060 goto done; 5061 5062 /* NONCE payload */ 5063 if ((pld = ikev2_add_payload(e)) == NULL) 5064 goto done; 5065 if (ikev2_add_buf(e, nonce) == -1) 5066 goto done; 5067 len = ibuf_size(nonce); 5068 5069 if (protoid == IKEV2_SAPROTO_IKE || pfs) { 5070 5071 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) 5072 goto done; 5073 5074 /* KE payload */ 5075 if ((pld = ikev2_add_payload(e)) == NULL) 5076 goto done; 5077 if ((ke = ibuf_reserve(e, sizeof(*ke))) == NULL) 5078 goto done; 5079 if (kex->kex_dhgroup == NULL) { 5080 log_debug("%s: invalid dh", __func__); 5081 goto done; 5082 } 5083 ke->kex_dhgroup = htobe16(kex->kex_dhgroup->id); 5084 if (ikev2_add_buf(e, kex->kex_dhrexchange) == -1) 5085 goto done; 5086 len = sizeof(*ke) + ibuf_size(kex->kex_dhrexchange); 5087 } 5088 5089 if (protoid != IKEV2_SAPROTO_IKE) 5090 if ((len = ikev2_add_ts(e, &pld, len, sa, initiator)) == -1) 5091 goto done; 5092 5093 if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) 5094 goto done; 5095 5096 if ((ret = ikev2_msg_send_encrypt(env, sa, &e, 5097 IKEV2_EXCHANGE_CREATE_CHILD_SA, firstpayload, 1)) == -1) 5098 goto done; 5099 5100 if (protoid == IKEV2_SAPROTO_IKE) { 5101 /* 5102 * If we also have initiated rekeying for this IKE SA, then 5103 * sa_nexti is already set. In this case don't enable the new SA 5104 * immediately, but record it in sa_nextr, until the exchange 5105 * for sa_nexti completes in ikev2_init_create_child_sa() and 5106 * the 'winner' can be selected by comparing nonces. 5107 */ 5108 if (sa->sa_nexti) { 5109 log_info("%s: simultaneous IKE SA rekeying", 5110 SPI_SA(sa, __func__)); 5111 sa->sa_nextr = nsa; 5112 nsa->sa_prevr = sa; /* backpointer */ 5113 ret = 0; 5114 } else 5115 ret = ikev2_ikesa_enable(env, sa, nsa); 5116 } else 5117 ret = ikev2_childsa_enable(env, sa); 5118 5119 done: 5120 if (ret && protoid != IKEV2_SAPROTO_IKE) 5121 ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 5122 ibuf_free(e); 5123 config_free_proposals(&proposals, 0); 5124 config_free_kex(kextmp); 5125 return (ret); 5126 5127 fail: 5128 config_free_proposals(&proposals, 0); 5129 config_free_kex(kextmp); 5130 return (-1); 5131 } 5132 5133 void 5134 ikev2_ike_sa_setreason(struct iked_sa *sa, char *reason) 5135 { 5136 /* allow update only if reason is reset to NULL */ 5137 if (reason == NULL || sa->sa_reason == NULL) 5138 sa->sa_reason = reason; 5139 } 5140 5141 void 5142 ikev2_ike_sa_timeout(struct iked *env, void *arg) 5143 { 5144 struct iked_sa *sa = arg; 5145 5146 log_debug("%s: closing SA", __func__); 5147 ikev2_ike_sa_setreason(sa, "timeout"); 5148 sa_free(env, sa); 5149 } 5150 5151 void 5152 ikev2_ike_sa_rekey_timeout(struct iked *env, void *arg) 5153 { 5154 struct iked_sa *sa = arg; 5155 5156 log_debug("%s: closing SA", __func__); 5157 ikev2_ike_sa_setreason(sa, "rekey timeout"); 5158 sa_free(env, sa); 5159 } 5160 5161 void 5162 ikev2_ike_sa_rekey_schedule(struct iked *env, struct iked_sa *sa) 5163 { 5164 timer_add(env, &sa->sa_rekey, (sa->sa_policy->pol_rekey * 850 + 5165 arc4random_uniform(100)) / 1000); 5166 } 5167 5168 /* rekey delayed, so re-try after short delay (1% of configured) */ 5169 void 5170 ikev2_ike_sa_rekey_schedule_fast(struct iked *env, struct iked_sa *sa) 5171 { 5172 int timeout = sa->sa_policy->pol_rekey / 100; /* 1% */ 5173 5174 if (timeout > 60) 5175 timeout = 60; /* max */ 5176 else if (timeout < 4) 5177 timeout = 4; /* min */ 5178 timer_add(env, &sa->sa_rekey, timeout); 5179 } 5180 5181 void 5182 ikev2_ike_sa_alive(struct iked *env, void *arg) 5183 { 5184 struct iked_sa *sa = arg; 5185 struct iked_childsa *csa = NULL; 5186 uint64_t last_used, diff; 5187 int foundin = 0, foundout = 0; 5188 int ikeidle = 0; 5189 5190 if (env->sc_alive_timeout == 0) 5191 return; 5192 5193 /* check for incoming traffic on any child SA */ 5194 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 5195 if (!csa->csa_loaded) 5196 continue; 5197 if (pfkey_sa_last_used(env, csa, &last_used) != 0) 5198 continue; 5199 diff = (uint32_t)(gettime() - last_used); 5200 log_debug("%s: %s CHILD SA spi %s last used %llu second(s) ago", 5201 __func__, 5202 csa->csa_dir == IPSP_DIRECTION_IN ? "incoming" : "outgoing", 5203 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size), diff); 5204 if (diff < env->sc_alive_timeout) { 5205 if (csa->csa_dir == IPSP_DIRECTION_IN) { 5206 foundin = 1; 5207 break; 5208 } else { 5209 foundout = 1; 5210 } 5211 } 5212 } 5213 5214 diff = (uint32_t)(gettime() - sa->sa_last_recvd); 5215 if (diff >= IKED_IKE_SA_LAST_RECVD_TIMEOUT) { 5216 ikeidle = 1; 5217 log_debug("%s: IKE SA %p ispi %s rspi %s last received %llu" 5218 " second(s) ago", __func__, sa, 5219 print_spi(sa->sa_hdr.sh_ispi, 8), 5220 print_spi(sa->sa_hdr.sh_rspi, 8), diff); 5221 } 5222 5223 /* 5224 * send probe if any outgoing SA has been used, but no incoming 5225 * SA, or if we haven't received an IKE message. but only if we 5226 * are not already waiting for an answer. 5227 */ 5228 if (((!foundin && foundout) || ikeidle) && 5229 (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) == 0) { 5230 log_debug("%s: sending alive check", __func__); 5231 ikev2_send_ike_e(env, sa, NULL, IKEV2_PAYLOAD_NONE, 5232 IKEV2_EXCHANGE_INFORMATIONAL, 0); 5233 sa->sa_stateflags |= IKED_REQ_INF; 5234 ikestat_inc(env, ikes_dpd_sent); 5235 } 5236 5237 /* re-register */ 5238 timer_add(env, &sa->sa_timer, env->sc_alive_timeout); 5239 } 5240 5241 void 5242 ikev2_ike_sa_keepalive(struct iked *env, void *arg) 5243 { 5244 struct iked_sa *sa = arg; 5245 uint8_t marker = 0xff; 5246 5247 if (sendtofrom(sa->sa_fd, &marker, sizeof(marker), 0, 5248 (struct sockaddr *)&sa->sa_peer.addr, sa->sa_peer.addr.ss_len, 5249 (struct sockaddr *)&sa->sa_local.addr, sa->sa_local.addr.ss_len) 5250 == -1) 5251 log_warn("%s: sendtofrom: peer %s local %s", __func__, 5252 print_addr(&sa->sa_peer.addr), 5253 print_addr(&sa->sa_local.addr)); 5254 else 5255 log_debug("%s: peer %s local %s", __func__, 5256 print_addr(&sa->sa_peer.addr), 5257 print_addr(&sa->sa_local.addr)); 5258 ikestat_inc(env, ikes_keepalive_sent); 5259 timer_add(env, &sa->sa_keepalive, IKED_IKE_SA_KEEPALIVE_TIMEOUT); 5260 } 5261 5262 int 5263 ikev2_send_informational(struct iked *env, struct iked_message *msg) 5264 { 5265 struct iked_message resp; 5266 struct ike_header *hdr; 5267 struct ikev2_payload *pld; 5268 struct ikev2_notify *n; 5269 struct iked_sa *sa = msg->msg_sa, sah; 5270 struct ibuf *buf, *e = NULL; 5271 int ret = -1; 5272 5273 if (msg->msg_error == 0) 5274 return (0); 5275 5276 if ((buf = ikev2_msg_init(env, &resp, 5277 &msg->msg_peer, msg->msg_peerlen, 5278 &msg->msg_local, msg->msg_locallen, 0)) == NULL) 5279 goto done; 5280 5281 /* New encrypted message buffer */ 5282 if ((e = ibuf_static()) == NULL) 5283 goto done; 5284 5285 /* NOTIFY payload */ 5286 if ((pld = ikev2_add_payload(e)) == NULL) 5287 goto done; 5288 5289 if ((n = ibuf_reserve(e, sizeof(*n))) == NULL) 5290 goto done; 5291 n->n_protoid = IKEV2_SAPROTO_IKE; /* XXX ESP etc. */ 5292 n->n_spisize = 0; 5293 n->n_type = htobe16(msg->msg_error); 5294 5295 switch (msg->msg_error) { 5296 case IKEV2_N_INVALID_IKE_SPI: 5297 break; 5298 case IKEV2_N_NO_PROPOSAL_CHOSEN: 5299 ikev2_log_proposal(msg->msg_sa, &msg->msg_proposals); 5300 break; 5301 default: 5302 log_warnx("%s: unsupported notification %s", SPI_SA(sa, 5303 __func__), print_map(msg->msg_error, ikev2_n_map)); 5304 goto done; 5305 } 5306 log_info("%s: %s", SPI_SA(sa, __func__), 5307 print_map(msg->msg_error, ikev2_n_map)); 5308 5309 if (ikev2_next_payload(pld, sizeof(*n), IKEV2_PAYLOAD_NONE) == -1) 5310 goto done; 5311 5312 if (sa != NULL && msg->msg_e) { 5313 resp.msg_msgid = ikev2_msg_id(env, sa); 5314 5315 /* IKE header */ 5316 if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, 5317 IKEV2_PAYLOAD_SK, IKEV2_EXCHANGE_INFORMATIONAL, 5318 0)) == NULL) 5319 goto done; 5320 5321 if ((pld = ikev2_add_payload(buf)) == NULL) 5322 goto done; 5323 5324 /* Encrypt message and add as an E payload */ 5325 if ((e = ikev2_msg_encrypt(env, sa, e, buf)) == NULL) { 5326 log_debug("%s: encryption failed", __func__); 5327 goto done; 5328 } 5329 if (ibuf_add_buf(buf, e) != 0) 5330 goto done; 5331 if (ikev2_next_payload(pld, ibuf_size(e), 5332 IKEV2_PAYLOAD_NOTIFY) == -1) 5333 goto done; 5334 5335 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 5336 goto done; 5337 5338 /* Add integrity checksum (HMAC) */ 5339 if (ikev2_msg_integr(env, sa, buf) != 0) { 5340 log_debug("%s: integrity checksum failed", __func__); 5341 goto done; 5342 } 5343 } else { 5344 if ((hdr = ibuf_seek(msg->msg_data, 0, sizeof(*hdr))) == NULL) 5345 goto done; 5346 5347 bzero(&sah, sizeof(sah)); 5348 sah.sa_hdr.sh_rspi = betoh64(hdr->ike_rspi); 5349 sah.sa_hdr.sh_ispi = betoh64(hdr->ike_ispi); 5350 sah.sa_hdr.sh_initiator = 5351 hdr->ike_flags & IKEV2_FLAG_INITIATOR ? 0 : 1; 5352 5353 resp.msg_msgid = ikev2_msg_id(env, &sah); 5354 5355 /* IKE header */ 5356 if ((hdr = ikev2_add_header(buf, &sah, resp.msg_msgid, 5357 IKEV2_PAYLOAD_NOTIFY, IKEV2_EXCHANGE_INFORMATIONAL, 5358 0)) == NULL) 5359 goto done; 5360 if (ibuf_add_buf(buf, e) != 0) 5361 goto done; 5362 if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1) 5363 goto done; 5364 } 5365 5366 resp.msg_data = buf; 5367 resp.msg_fd = msg->msg_fd; 5368 TAILQ_INIT(&resp.msg_proposals); 5369 5370 ret = ikev2_msg_send(env, &resp); 5371 5372 done: 5373 ibuf_free(e); 5374 ikev2_msg_cleanup(env, &resp); 5375 5376 return (ret); 5377 } 5378 5379 ssize_t 5380 ikev2_psk(struct iked_sa *sa, uint8_t *data, size_t length, 5381 uint8_t **pskptr) 5382 { 5383 uint8_t *psk; 5384 size_t psklen = -1; 5385 5386 if (hash_setkey(sa->sa_prf, data, length) == NULL) 5387 return (-1); 5388 5389 if ((psk = calloc(1, hash_keylength(sa->sa_prf))) == NULL) 5390 return (-1); 5391 5392 hash_init(sa->sa_prf); 5393 hash_update(sa->sa_prf, IKEV2_KEYPAD, strlen(IKEV2_KEYPAD)); 5394 hash_final(sa->sa_prf, psk, &psklen); 5395 5396 *pskptr = psk; 5397 return (psklen); 5398 } 5399 5400 int 5401 ikev2_sa_initiator_dh(struct iked_sa *sa, struct iked_message *msg, 5402 unsigned int proto, struct iked_sa *osa) 5403 { 5404 struct iked_policy *pol = sa->sa_policy; 5405 struct iked_transform *xform; 5406 struct iked_proposals *proposals; 5407 5408 proposals = osa ? &osa->sa_proposals : &pol->pol_proposals; 5409 5410 if (sa->sa_dhgroup == NULL) { 5411 if ((xform = config_findtransform(proposals, 5412 IKEV2_XFORMTYPE_DH, proto)) == NULL) { 5413 log_debug("%s: did not find dh transform", __func__); 5414 return (-1); 5415 } 5416 if ((sa->sa_dhgroup = 5417 group_get(xform->xform_id)) == NULL) { 5418 log_debug("%s: invalid dh %d", __func__, 5419 xform->xform_id); 5420 return (-1); 5421 } 5422 } 5423 5424 if (!ibuf_length(sa->sa_dhiexchange)) { 5425 if (dh_create_exchange(sa->sa_dhgroup, 5426 &sa->sa_dhiexchange, NULL) == -1) { 5427 log_debug("%s: failed to get dh exchange", __func__); 5428 return (-1); 5429 } 5430 } 5431 5432 /* Initial message */ 5433 if (msg == NULL) 5434 return (0); 5435 5436 if (!ibuf_length(sa->sa_dhrexchange)) { 5437 if (!ibuf_length(msg->msg_ke)) { 5438 log_debug("%s: invalid peer dh exchange", __func__); 5439 return (-1); 5440 } 5441 sa->sa_dhrexchange = msg->msg_ke; 5442 msg->msg_ke = NULL; 5443 } 5444 5445 /* Set a pointer to the peer exchange */ 5446 sa->sa_dhpeer = sa->sa_dhrexchange; 5447 return (0); 5448 } 5449 5450 int 5451 ikev2_sa_negotiate_common(struct iked *env, struct iked_sa *sa, 5452 struct iked_message *msg, int groupid) 5453 { 5454 struct iked_transform *xform; 5455 5456 /* XXX we need a better way to get this */ 5457 if (proposals_negotiate(&sa->sa_proposals, 5458 &msg->msg_policy->pol_proposals, &msg->msg_proposals, 0, groupid) != 0) { 5459 log_info("%s: proposals_negotiate", __func__); 5460 ikestat_inc(env, ikes_sa_proposals_negotiate_failures); 5461 return (-1); 5462 } 5463 if (sa_stateok(sa, IKEV2_STATE_SA_INIT)) 5464 sa_stateflags(sa, IKED_REQ_SA); 5465 5466 if (sa->sa_encr == NULL) { 5467 if ((xform = config_findtransform(&sa->sa_proposals, 5468 IKEV2_XFORMTYPE_ENCR, 0)) == NULL) { 5469 log_info("%s: did not find encr transform", 5470 SPI_SA(sa, __func__)); 5471 return (-1); 5472 } 5473 if ((sa->sa_encr = cipher_new(xform->xform_type, 5474 xform->xform_id, xform->xform_length)) == NULL) { 5475 log_info("%s: failed to get encr", 5476 SPI_SA(sa, __func__)); 5477 return (-1); 5478 } 5479 } 5480 5481 /* For AEAD ciphers integrity is implicit */ 5482 if (sa->sa_encr->encr_authid && sa->sa_integr == NULL) { 5483 if ((sa->sa_integr = hash_new(IKEV2_XFORMTYPE_INTEGR, 5484 sa->sa_encr->encr_authid)) == NULL) { 5485 log_info("%s: failed to get AEAD integr", 5486 SPI_SA(sa, __func__)); 5487 return (-1); 5488 } 5489 } 5490 5491 if (sa->sa_prf == NULL) { 5492 if ((xform = config_findtransform(&sa->sa_proposals, 5493 IKEV2_XFORMTYPE_PRF, 0)) == NULL) { 5494 log_info("%s: did not find prf transform", 5495 SPI_SA(sa, __func__)); 5496 return (-1); 5497 } 5498 if ((sa->sa_prf = 5499 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 5500 log_info("%s: failed to get prf", SPI_SA(sa, __func__)); 5501 return (-1); 5502 } 5503 } 5504 5505 if (sa->sa_integr == NULL) { 5506 if ((xform = config_findtransform(&sa->sa_proposals, 5507 IKEV2_XFORMTYPE_INTEGR, 0)) == NULL) { 5508 log_info("%s: did not find integr transform", 5509 SPI_SA(sa, __func__)); 5510 return (-1); 5511 } 5512 if ((sa->sa_integr = 5513 hash_new(xform->xform_type, xform->xform_id)) == NULL) { 5514 log_info("%s: failed to get integr", 5515 SPI_SA(sa, __func__)); 5516 return (-1); 5517 } 5518 } 5519 5520 return (0); 5521 } 5522 5523 int 5524 ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, 5525 struct iked_sa *osa, struct iked_message *msg) 5526 { 5527 if (ikev2_sa_initiator_dh(sa, msg, 0, osa) < 0) 5528 return (-1); 5529 5530 if (!ibuf_length(sa->sa_inonce)) { 5531 if ((sa->sa_inonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { 5532 log_info("%s: failed to get local nonce", 5533 SPI_SA(sa, __func__)); 5534 return (-1); 5535 } 5536 } 5537 5538 /* Initial message */ 5539 if (msg == NULL) 5540 return (0); 5541 5542 if (!ibuf_length(sa->sa_rnonce)) { 5543 if (!ibuf_length(msg->msg_nonce)) { 5544 log_info("%s: invalid peer nonce", 5545 SPI_SA(sa, __func__)); 5546 return (-1); 5547 } 5548 sa->sa_rnonce = msg->msg_nonce; 5549 msg->msg_nonce = NULL; 5550 } 5551 5552 if (ikev2_sa_negotiate_common(env, sa, msg, -1) != 0) 5553 return (-1); 5554 5555 ibuf_free(sa->sa_2ndmsg); 5556 if ((sa->sa_2ndmsg = ibuf_dup(msg->msg_data)) == NULL) { 5557 log_info("%s: failed to copy 2nd message", 5558 SPI_SA(sa, __func__)); 5559 return (-1); 5560 } 5561 5562 return (ikev2_sa_keys(env, sa, osa ? osa->sa_key_d : NULL)); 5563 } 5564 5565 int 5566 ikev2_sa_responder_dh(struct iked_kex *kex, struct iked_proposals *proposals, 5567 struct iked_message *msg, unsigned int proto) 5568 { 5569 struct iked_transform *xform; 5570 5571 if (kex->kex_dhgroup == NULL) { 5572 if ((xform = config_findtransform(proposals, 5573 IKEV2_XFORMTYPE_DH, proto)) == NULL) { 5574 log_info("%s: did not find dh transform", 5575 SPI_SA(msg->msg_sa, __func__)); 5576 return (-1); 5577 } 5578 if ((kex->kex_dhgroup = 5579 group_get(xform->xform_id)) == NULL) { 5580 log_debug("%s: invalid dh %d", 5581 SPI_SA(msg->msg_sa, __func__), xform->xform_id); 5582 return (-1); 5583 } 5584 } 5585 5586 /* Look for dhgroup mismatch during an IKE SA negotiation */ 5587 if (msg->msg_dhgroup != kex->kex_dhgroup->id) { 5588 log_info("%s: want dh %s, KE has %s", 5589 SPI_SA(msg->msg_sa, __func__), 5590 print_map(kex->kex_dhgroup->id, ikev2_xformdh_map), 5591 print_map(msg->msg_dhgroup, ikev2_xformdh_map)); 5592 msg->msg_error = IKEV2_N_INVALID_KE_PAYLOAD; 5593 msg->msg_dhgroup = kex->kex_dhgroup->id; 5594 return (-1); 5595 } 5596 5597 if (!ibuf_length(kex->kex_dhiexchange)) { 5598 kex->kex_dhiexchange = msg->msg_ke; 5599 msg->msg_ke = NULL; 5600 } 5601 5602 if (!ibuf_length(kex->kex_dhrexchange)) { 5603 if (dh_create_exchange(kex->kex_dhgroup, 5604 &kex->kex_dhrexchange, kex->kex_dhiexchange) == -1) { 5605 log_info("%s: failed to get dh exchange", 5606 SPI_SA(msg->msg_sa, __func__)); 5607 return (-1); 5608 } 5609 } 5610 5611 /* Set a pointer to the peer exchange */ 5612 kex->kex_dhpeer = kex->kex_dhiexchange; 5613 return (0); 5614 } 5615 5616 int 5617 ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, 5618 struct iked_message *msg) 5619 { 5620 struct iked_policy *old; 5621 5622 /* re-lookup policy based on 'msg' (unless IKESA is rekeyed) */ 5623 if (osa == NULL) { 5624 old = sa->sa_policy; 5625 sa->sa_policy = NULL; 5626 if (policy_lookup(env, msg, &msg->msg_proposals, 5627 NULL, 0) != 0 || msg->msg_policy == NULL) { 5628 sa->sa_policy = old; 5629 log_info("%s: no proposal chosen", __func__); 5630 msg->msg_error = IKEV2_N_NO_PROPOSAL_CHOSEN; 5631 return (-1); 5632 } 5633 /* move sa to new policy */ 5634 sa->sa_policy = msg->msg_policy; 5635 TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); 5636 TAILQ_INSERT_TAIL(&sa->sa_policy->pol_sapeers, 5637 sa, sa_peer_entry); 5638 policy_unref(env, old); 5639 policy_ref(env, sa->sa_policy); 5640 } 5641 5642 sa_state(env, sa, IKEV2_STATE_SA_INIT); 5643 5644 ibuf_free(sa->sa_1stmsg); 5645 if ((sa->sa_1stmsg = ibuf_dup(msg->msg_data)) == NULL) { 5646 log_debug("%s: failed to copy 1st message", __func__); 5647 return (-1); 5648 } 5649 5650 if (sa->sa_rnonce == NULL && 5651 (sa->sa_rnonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { 5652 log_debug("%s: failed to get local nonce", __func__); 5653 return (-1); 5654 } 5655 5656 if (!ibuf_length(sa->sa_inonce) && 5657 (ibuf_length(msg->msg_nonce) < IKED_NONCE_MIN)) { 5658 log_debug("%s: failed to get peer nonce", __func__); 5659 return (-1); 5660 } 5661 sa->sa_inonce = msg->msg_nonce; 5662 msg->msg_nonce = NULL; 5663 5664 if (ikev2_sa_negotiate_common(env, sa, msg, msg->msg_dhgroup) != 0) 5665 return (-1); 5666 5667 if (ikev2_sa_responder_dh(&sa->sa_kex, &sa->sa_proposals, msg, 0) < 0) 5668 return (-1); 5669 5670 return (ikev2_sa_keys(env, sa, osa ? osa->sa_key_d : NULL)); 5671 } 5672 5673 int 5674 ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key) 5675 { 5676 struct iked_hash *prf, *integr; 5677 struct iked_cipher *encr; 5678 struct dh_group *group; 5679 struct ibuf *ninr, *dhsecret, *skeyseed, *s, *t; 5680 size_t nonceminlen, ilen, rlen, tmplen; 5681 uint64_t ispi, rspi; 5682 int ret = -1; 5683 int isaead = 0; 5684 5685 ninr = dhsecret = skeyseed = s = t = NULL; 5686 5687 if ((encr = sa->sa_encr) == NULL || 5688 (prf = sa->sa_prf) == NULL || 5689 (integr = sa->sa_integr) == NULL || 5690 (group = sa->sa_dhgroup) == NULL) { 5691 log_info("%s: failed to get key input data", 5692 SPI_SA(sa, __func__)); 5693 return (-1); 5694 } 5695 5696 /* For AEADs no auth keys are required (see RFC 5282) */ 5697 isaead = !!integr->hash_isaead; 5698 5699 if (prf->hash_fixedkey) 5700 nonceminlen = prf->hash_fixedkey; 5701 else 5702 nonceminlen = IKED_NONCE_MIN; 5703 5704 /* Nonces need a minimal size and should have an even length */ 5705 if (ibuf_length(sa->sa_inonce) < nonceminlen || 5706 (ibuf_length(sa->sa_inonce) % 2) != 0 || 5707 ibuf_length(sa->sa_rnonce) < nonceminlen || 5708 (ibuf_length(sa->sa_rnonce) % 2) != 0) { 5709 log_info("%s: invalid nonces", SPI_SA(sa, __func__)); 5710 return (-1); 5711 } 5712 5713 if (prf->hash_fixedkey) { 5714 /* Half of the key bits must come from Ni, and half from Nr */ 5715 ilen = prf->hash_fixedkey / 2; 5716 rlen = prf->hash_fixedkey / 2; 5717 } else { 5718 /* Most PRF functions accept a variable-length key */ 5719 ilen = ibuf_length(sa->sa_inonce); 5720 rlen = ibuf_length(sa->sa_rnonce); 5721 } 5722 5723 /* 5724 * Depending on whether we're generating new keying material 5725 * or rekeying existing SA the algorithm is different. If the 5726 * "key" argument is not specified a concatenation of nonces 5727 * (Ni | Nr) is used as a PRF key, otherwise a "key" buffer 5728 * is used and PRF is performed on the concatenation of DH 5729 * exchange result and nonces (g^ir | Ni | Nr). See sections 5730 * 2.14 and 2.18 of RFC7296 for more information. 5731 */ 5732 5733 /* 5734 * Generate g^ir 5735 */ 5736 if (dh_create_shared(group, &dhsecret, sa->sa_dhpeer) == -1) { 5737 log_info("%s: failed to get dh secret" 5738 " group %d secret %zu exchange %zu", 5739 SPI_SA(sa, __func__), 5740 group->id, ibuf_length(dhsecret), 5741 ibuf_length(sa->sa_dhpeer)); 5742 goto done; 5743 } 5744 5745 log_debug("%s: DHSECRET with %zu bytes", SPI_SA(sa, __func__), 5746 ibuf_size(dhsecret)); 5747 print_hexbuf(dhsecret); 5748 5749 if (!key) { 5750 /* 5751 * Set PRF key to generate SKEYSEED = prf(Ni | Nr, g^ir) 5752 */ 5753 if ((ninr = ibuf_new(ibuf_data(sa->sa_inonce), ilen)) == NULL || 5754 ibuf_add(ninr, ibuf_data(sa->sa_rnonce), rlen) != 0) { 5755 log_info("%s: failed to get nonce key buffer", 5756 SPI_SA(sa, __func__)); 5757 goto done; 5758 } 5759 key = ninr; 5760 } else { 5761 /* 5762 * Set PRF key to generate SKEYSEED = prf(key, g^ir | Ni | Nr) 5763 */ 5764 if (ibuf_add(dhsecret, ibuf_data(sa->sa_inonce), ilen) != 0 || 5765 ibuf_add(dhsecret, ibuf_data(sa->sa_rnonce), rlen) != 0) { 5766 log_info("%s: failed to get nonce key buffer", 5767 SPI_SA(sa, __func__)); 5768 goto done; 5769 } 5770 } 5771 5772 if ((hash_setkey(prf, ibuf_data(key), ibuf_size(key))) == NULL) { 5773 log_info("%s: failed to set prf key", SPI_SA(sa, __func__)); 5774 goto done; 5775 } 5776 5777 if ((skeyseed = ibuf_new(NULL, hash_keylength(prf))) == NULL) { 5778 log_info("%s: failed to get SKEYSEED buffer", 5779 SPI_SA(sa, __func__)); 5780 goto done; 5781 } 5782 5783 tmplen = 0; 5784 hash_init(prf); 5785 hash_update(prf, ibuf_data(dhsecret), ibuf_size(dhsecret)); 5786 hash_final(prf, ibuf_data(skeyseed), &tmplen); 5787 5788 log_debug("%s: SKEYSEED with %zu bytes", __func__, tmplen); 5789 print_hex(ibuf_data(skeyseed), 0, tmplen); 5790 5791 if (ibuf_setsize(skeyseed, tmplen) == -1) { 5792 log_info("%s: failed to set keymaterial length", 5793 SPI_SA(sa, __func__)); 5794 goto done; 5795 } 5796 5797 /* 5798 * Now generate the key material 5799 * 5800 * S = Ni | Nr | SPIi | SPIr 5801 */ 5802 5803 /* S = Ni | Nr | SPIi | SPIr */ 5804 ilen = ibuf_length(sa->sa_inonce); 5805 rlen = ibuf_length(sa->sa_rnonce); 5806 ispi = htobe64(sa->sa_hdr.sh_ispi); 5807 rspi = htobe64(sa->sa_hdr.sh_rspi); 5808 5809 if ((s = ibuf_new(ibuf_data(sa->sa_inonce), ilen)) == NULL || 5810 ibuf_add(s, ibuf_data(sa->sa_rnonce), rlen) != 0 || 5811 ibuf_add(s, &ispi, sizeof(ispi)) != 0 || 5812 ibuf_add(s, &rspi, sizeof(rspi)) != 0) { 5813 log_info("%s: failed to set S buffer", 5814 SPI_SA(sa, __func__)); 5815 goto done; 5816 } 5817 5818 log_debug("%s: S with %zu bytes", SPI_SA(sa, __func__), ibuf_size(s)); 5819 print_hexbuf(s); 5820 5821 /* 5822 * Get the size of the key material we need and the number 5823 * of rounds we need to run the prf+ function. 5824 */ 5825 ilen = hash_length(prf) + /* SK_d */ 5826 (isaead ? 0 : hash_keylength(integr)) + /* SK_ai */ 5827 (isaead ? 0 : hash_keylength(integr)) + /* SK_ar */ 5828 cipher_keylength(encr) + /* SK_ei */ 5829 cipher_keylength(encr) + /* SK_er */ 5830 hash_keylength(prf) + /* SK_pi */ 5831 hash_keylength(prf); /* SK_pr */ 5832 5833 if ((t = ikev2_prfplus(prf, skeyseed, s, ilen)) == NULL) { 5834 log_info("%s: failed to get IKE SA key material", 5835 SPI_SA(sa, __func__)); 5836 goto done; 5837 } 5838 5839 /* ibuf_getdata() returns a new buffer from the next read offset */ 5840 if ((sa->sa_key_d = ibuf_getdata(t, hash_length(prf))) == NULL || 5841 (!isaead && 5842 (sa->sa_key_iauth = ibuf_getdata(t, hash_keylength(integr))) == 5843 NULL) || 5844 (!isaead && 5845 (sa->sa_key_rauth = ibuf_getdata(t, hash_keylength(integr))) == 5846 NULL) || 5847 (sa->sa_key_iencr = ibuf_getdata(t, cipher_keylength(encr))) == 5848 NULL || 5849 (sa->sa_key_rencr = ibuf_getdata(t, cipher_keylength(encr))) == 5850 NULL || 5851 (sa->sa_key_iprf = ibuf_getdata(t, hash_length(prf))) == NULL || 5852 (sa->sa_key_rprf = ibuf_getdata(t, hash_length(prf))) == NULL) { 5853 log_debug("%s: failed to get SA keys", SPI_SA(sa, __func__)); 5854 goto done; 5855 } 5856 5857 log_debug("%s: SK_d with %zu bytes", __func__, ibuf_size(sa->sa_key_d)); 5858 print_hexbuf(sa->sa_key_d); 5859 if (!isaead) { 5860 log_debug("%s: SK_ai with %zu bytes", __func__, 5861 ibuf_size(sa->sa_key_iauth)); 5862 print_hexbuf(sa->sa_key_iauth); 5863 log_debug("%s: SK_ar with %zu bytes", __func__, 5864 ibuf_size(sa->sa_key_rauth)); 5865 print_hexbuf(sa->sa_key_rauth); 5866 } 5867 log_debug("%s: SK_ei with %zu bytes", __func__, 5868 ibuf_size(sa->sa_key_iencr)); 5869 print_hexbuf(sa->sa_key_iencr); 5870 log_debug("%s: SK_er with %zu bytes", __func__, 5871 ibuf_size(sa->sa_key_rencr)); 5872 print_hexbuf(sa->sa_key_rencr); 5873 log_debug("%s: SK_pi with %zu bytes", __func__, 5874 ibuf_size(sa->sa_key_iprf)); 5875 print_hexbuf(sa->sa_key_iprf); 5876 log_debug("%s: SK_pr with %zu bytes", __func__, 5877 ibuf_size(sa->sa_key_rprf)); 5878 print_hexbuf(sa->sa_key_rprf); 5879 5880 ret = 0; 5881 5882 done: 5883 ibuf_free(ninr); 5884 ibuf_free(dhsecret); 5885 ibuf_free(skeyseed); 5886 ibuf_free(s); 5887 ibuf_free(t); 5888 5889 return (ret); 5890 } 5891 5892 void 5893 ikev2_sa_cleanup_dh(struct iked_sa *sa) 5894 { 5895 ibuf_free(sa->sa_dhiexchange); 5896 ibuf_free(sa->sa_dhrexchange); 5897 group_free(sa->sa_dhgroup); 5898 sa->sa_dhiexchange = NULL; 5899 sa->sa_dhrexchange = NULL; 5900 sa->sa_dhgroup = NULL; 5901 } 5902 5903 struct ibuf * 5904 ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, 5905 size_t keymatlen) 5906 { 5907 struct ibuf *t = NULL, *t1 = NULL, *t2 = NULL; 5908 size_t rlen, i, hashlen = 0; 5909 uint8_t pad = 0; 5910 5911 /* 5912 * prf+ (K, S) = T1 | T2 | T3 | T4 | ... 5913 * 5914 * T1 = prf (K, S | 0x01) 5915 * T2 = prf (K, T1 | S | 0x02) 5916 * T3 = prf (K, T2 | S | 0x03) 5917 * T4 = prf (K, T3 | S | 0x04) 5918 */ 5919 5920 if ((hash_setkey(prf, ibuf_data(key), ibuf_size(key))) == NULL) { 5921 log_debug("%s: failed to set prf+ key", __func__); 5922 goto fail; 5923 } 5924 5925 if ((t = ibuf_new(NULL, 0)) == NULL) { 5926 log_debug("%s: failed to get T buffer", __func__); 5927 goto fail; 5928 } 5929 5930 rlen = roundup(keymatlen, hash_length(prf)) / hash_length(prf); 5931 if (rlen > 255) 5932 fatalx("ikev2_prfplus: key material too large"); 5933 5934 for (i = 0; i < rlen; i++) { 5935 if (t1 != NULL) { 5936 t2 = ibuf_new(ibuf_data(t1), ibuf_size(t1)); 5937 ibuf_free(t1); 5938 } else 5939 t2 = ibuf_new(NULL, 0); 5940 t1 = ibuf_new(NULL, hash_keylength(prf)); 5941 5942 ibuf_add_buf(t2, seed); 5943 pad = i + 1; 5944 ibuf_add(t2, &pad, 1); 5945 5946 hash_init(prf); 5947 hash_update(prf, ibuf_data(t2), ibuf_size(t2)); 5948 hash_final(prf, ibuf_data(t1), &hashlen); 5949 5950 if (hashlen != hash_length(prf)) 5951 fatalx("ikev2_prfplus: hash length mismatch"); 5952 5953 ibuf_free(t2); 5954 ibuf_add_buf(t, t1); 5955 5956 log_debug("%s: T%d with %zu bytes", __func__, 5957 pad, ibuf_size(t1)); 5958 print_hexbuf(t1); 5959 } 5960 5961 log_debug("%s: Tn with %zu bytes", __func__, ibuf_size(t)); 5962 print_hexbuf(t); 5963 5964 ibuf_free(t1); 5965 5966 return (t); 5967 5968 fail: 5969 ibuf_free(t1); 5970 ibuf_free(t); 5971 5972 return (NULL); 5973 } 5974 5975 int 5976 ikev2_sa_tag(struct iked_sa *sa, struct iked_id *id) 5977 { 5978 char *format, *domain = NULL, *idrepl = NULL; 5979 char idstr[IKED_ID_SIZE]; 5980 int ret = -1; 5981 size_t len; 5982 5983 free(sa->sa_tag); 5984 sa->sa_tag = NULL; 5985 format = sa->sa_policy->pol_tag; 5986 5987 len = IKED_TAG_SIZE; 5988 if ((sa->sa_tag = calloc(1, len)) == NULL) { 5989 log_debug("%s: calloc", __func__); 5990 goto fail; 5991 } 5992 if (strlcpy(sa->sa_tag, format, len) >= len) { 5993 log_debug("%s: tag too long", __func__); 5994 goto fail; 5995 } 5996 5997 if (ikev2_print_id(id, idstr, sizeof(idstr)) == -1) { 5998 log_debug("%s: invalid id", __func__); 5999 goto fail; 6000 } 6001 6002 /* ASN.1 DER IDs are too long, use the CN part instead */ 6003 if ((id->id_type == IKEV2_ID_ASN1_DN) && 6004 (idrepl = strstr(idstr, "CN=")) != NULL) { 6005 domain = strstr(idrepl, "emailAddress="); 6006 idrepl[strcspn(idrepl, "/")] = '\0'; 6007 } else 6008 idrepl = idstr; 6009 6010 if (strstr(format, "$id") != NULL) { 6011 if (expand_string(sa->sa_tag, len, "$id", idrepl) != 0) { 6012 log_debug("%s: failed to expand tag", __func__); 6013 goto fail; 6014 } 6015 } 6016 6017 if (strstr(format, "$eapid") != NULL && sa->sa_eapid != NULL) { 6018 if (expand_string(sa->sa_tag, len, "$eapid", 6019 sa->sa_eapid) != 0) { 6020 log_debug("%s: failed to expand tag", __func__); 6021 goto fail; 6022 } 6023 } 6024 6025 if (strstr(format, "$name") != NULL) { 6026 if (expand_string(sa->sa_tag, len, "$name", 6027 sa->sa_policy->pol_name) != 0) { 6028 log_debug("%s: failed to expand tag", __func__); 6029 goto fail; 6030 } 6031 } 6032 6033 if (strstr(format, "$domain") != NULL) { 6034 if (id->id_type == IKEV2_ID_FQDN) 6035 domain = strchr(idrepl, '.'); 6036 else if (id->id_type == IKEV2_ID_UFQDN) 6037 domain = strchr(idrepl, '@'); 6038 else if (*idstr == '/' && domain != NULL) 6039 domain = strchr(domain, '@'); 6040 else 6041 domain = NULL; 6042 if (domain == NULL || strlen(domain) < 2) { 6043 log_debug("%s: no valid domain in ID %s", 6044 __func__, idstr); 6045 goto fail; 6046 } 6047 domain++; 6048 if (expand_string(sa->sa_tag, len, "$domain", domain) != 0) { 6049 log_debug("%s: failed to expand tag", __func__); 6050 goto fail; 6051 } 6052 } 6053 6054 log_debug("%s: %s (%zu)", __func__, sa->sa_tag, strlen(sa->sa_tag)); 6055 6056 ret = 0; 6057 fail: 6058 if (ret != 0) { 6059 free(sa->sa_tag); 6060 sa->sa_tag = NULL; 6061 } 6062 6063 return (ret); 6064 } 6065 6066 int 6067 ikev2_childsa_delete_proposed(struct iked *env, struct iked_sa *sa, 6068 struct iked_proposals *proposals) 6069 { 6070 struct ibuf *buf = NULL; 6071 struct iked_proposal *prop; 6072 struct ikev2_delete *del; 6073 uint32_t spi32; 6074 uint8_t protoid = 0; 6075 int ret = -1, count; 6076 6077 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 6078 return (-1); 6079 6080 count = 0; 6081 TAILQ_FOREACH(prop, proposals, prop_entry) { 6082 if (ikev2_valid_proposal(prop, NULL, NULL, NULL) != 0) 6083 continue; 6084 protoid = prop->prop_protoid; 6085 count++; 6086 } 6087 if (count == 0) 6088 return (0); 6089 if ((buf = ibuf_static()) == NULL) 6090 return (-1); 6091 if ((del = ibuf_reserve(buf, sizeof(*del))) == NULL) 6092 goto done; 6093 /* XXX we assume all have the same protoid */ 6094 del->del_protoid = protoid; 6095 del->del_spisize = 4; 6096 del->del_nspi = htobe16(count); 6097 6098 TAILQ_FOREACH(prop, proposals, prop_entry) { 6099 if (ikev2_valid_proposal(prop, NULL, NULL, NULL) != 0) 6100 continue; 6101 spi32 = htobe32(prop->prop_localspi.spi); 6102 if (ibuf_add(buf, &spi32, sizeof(spi32))) 6103 goto done; 6104 } 6105 6106 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 6107 IKEV2_EXCHANGE_INFORMATIONAL, 0) == -1) 6108 goto done; 6109 sa->sa_stateflags |= IKED_REQ_INF; 6110 ret = 0; 6111 done: 6112 ibuf_free(buf); 6113 6114 return (ret); 6115 } 6116 6117 int 6118 ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, 6119 struct iked_kex *kex, struct iked_proposals *proposals, int initiator, 6120 int pfs) 6121 { 6122 struct iked_proposal *prop; 6123 struct iked_transform *xform, *encrxf = NULL, *integrxf = NULL; 6124 struct iked_childsa *csa = NULL, *csb = NULL; 6125 struct iked_childsa *csa2 = NULL, *csb2 = NULL; 6126 struct iked_flow *flow, *saflow, *flowa, *flowb; 6127 struct iked_ipcomp *ic; 6128 struct ibuf *keymat = NULL, *seed = NULL, *dhsecret = NULL; 6129 struct dh_group *group = NULL; 6130 uint32_t spi = 0; 6131 unsigned int i; 6132 size_t ilen = 0; 6133 int esn, skip, ret = -1; 6134 6135 if (!sa_stateok(sa, IKEV2_STATE_VALID)) 6136 return (-1); 6137 6138 if (ikev2_sa_tag(sa, IKESA_DSTID(sa)) == -1) 6139 return (-1); 6140 6141 ic = initiator ? &sa->sa_ipcompi : &sa->sa_ipcompr; 6142 if (ic->ic_transform == 0 || ic->ic_cpi_out == 0 || 6143 (initiator && ic->ic_cpi_in == 0)) 6144 ic = NULL; 6145 6146 /* reset state */ 6147 sa->sa_used_transport_mode = 0; 6148 6149 /* We need to determine the key material length first */ 6150 TAILQ_FOREACH(prop, proposals, prop_entry) { 6151 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) 6152 continue; 6153 log_debug("%s: proposal %d", __func__, prop->prop_id); 6154 for (i = 0; i < prop->prop_nxforms; i++) { 6155 xform = prop->prop_xforms + i; 6156 xform->xform_keylength = 6157 keylength_xf(prop->prop_protoid, 6158 xform->xform_type, xform->xform_id); 6159 6160 switch (xform->xform_type) { 6161 case IKEV2_XFORMTYPE_ENCR: 6162 case IKEV2_XFORMTYPE_INTEGR: 6163 if (xform->xform_length) 6164 xform->xform_keylength = 6165 xform->xform_length; 6166 xform->xform_keylength += 6167 noncelength_xf(xform->xform_type, 6168 xform->xform_id); 6169 ilen += xform->xform_keylength / 8; 6170 break; 6171 } 6172 } 6173 } 6174 6175 /* double key material length for inbound/outbound */ 6176 ilen *= 2; 6177 6178 log_debug("%s: key material length %zu", __func__, ilen); 6179 6180 if ((seed = ibuf_new(NULL, 0)) == NULL) { 6181 log_debug("%s: failed to setup IKE SA key material", __func__); 6182 goto done; 6183 } 6184 if (pfs) { 6185 log_debug("%s: using PFS", __func__); 6186 if (kex->kex_dhpeer == NULL || 6187 ibuf_size(kex->kex_dhpeer) == 0 || 6188 (group = kex->kex_dhgroup) == NULL) { 6189 log_debug("%s: no dh group for pfs", __func__); 6190 goto done; 6191 } 6192 if (dh_create_shared(group, &dhsecret, kex->kex_dhpeer) == -1) { 6193 log_debug("%s: failed to get dh secret" 6194 " group %d secret %zu exchange %zu", 6195 __func__, group->id, ibuf_length(dhsecret), 6196 ibuf_length(kex->kex_dhpeer)); 6197 goto done; 6198 } 6199 if (ibuf_add_buf(seed, dhsecret) != 0) { 6200 log_debug("%s: failed to set dh secret", __func__); 6201 goto done; 6202 } 6203 } 6204 if (ibuf_add_buf(seed, kex->kex_inonce) != 0 || 6205 ibuf_add_buf(seed, kex->kex_rnonce) != 0 || 6206 (keymat = ikev2_prfplus(sa->sa_prf, 6207 sa->sa_key_d, seed, ilen)) == NULL) { 6208 log_debug("%s: failed to get IKE SA key material", __func__); 6209 goto done; 6210 } 6211 6212 /* Create the new flows */ 6213 TAILQ_FOREACH(prop, proposals, prop_entry) { 6214 if (ikev2_valid_proposal(prop, NULL, NULL, NULL) != 0) 6215 continue; 6216 6217 RB_FOREACH(flow, iked_flows, &sa->sa_policy->pol_flows) { 6218 6219 if ((flowa = calloc(1, sizeof(*flowa))) == NULL) { 6220 log_debug("%s: failed to get flow", __func__); 6221 goto done; 6222 } 6223 6224 memcpy(flowa, flow, sizeof(*flow)); 6225 flowa->flow_dir = IPSP_DIRECTION_OUT; 6226 flowa->flow_saproto = ic ? IKEV2_SAPROTO_IPCOMP : 6227 prop->prop_protoid; 6228 flowa->flow_rdomain = sa->sa_policy->pol_rdomain; 6229 flowa->flow_local = &sa->sa_local; 6230 flowa->flow_peer = &sa->sa_peer; 6231 flowa->flow_ikesa = sa; 6232 if (ikev2_cp_fixflow(sa, flow, flowa) == -1) { 6233 flow_free(flowa); 6234 continue; 6235 } 6236 6237 skip = 0; 6238 TAILQ_FOREACH(saflow, &sa->sa_flows, flow_entry) { 6239 if (flow_equal(saflow, flowa)) { 6240 skip = 1; 6241 break; 6242 } 6243 } 6244 if (skip) { 6245 flow_free(flowa); 6246 continue; 6247 } 6248 6249 if ((flowb = calloc(1, sizeof(*flowb))) == NULL) { 6250 log_debug("%s: failed to get flow", __func__); 6251 flow_free(flowa); 6252 goto done; 6253 } 6254 6255 memcpy(flowb, flowa, sizeof(*flow)); 6256 6257 flowb->flow_dir = IPSP_DIRECTION_IN; 6258 memcpy(&flowb->flow_src, &flow->flow_dst, 6259 sizeof(flow->flow_dst)); 6260 memcpy(&flowb->flow_dst, &flow->flow_src, 6261 sizeof(flow->flow_src)); 6262 if (ikev2_cp_fixflow(sa, flow, flowb) == -1) { 6263 flow_free(flowa); 6264 flow_free(flowb); 6265 continue; 6266 } 6267 6268 TAILQ_INSERT_TAIL(&sa->sa_flows, flowa, flow_entry); 6269 TAILQ_INSERT_TAIL(&sa->sa_flows, flowb, flow_entry); 6270 } 6271 } 6272 6273 /* create the CHILD SAs using the key material */ 6274 TAILQ_FOREACH(prop, proposals, prop_entry) { 6275 if (ikev2_valid_proposal(prop, &encrxf, &integrxf, &esn) != 0) 6276 continue; 6277 6278 spi = 0; 6279 6280 if ((csa = calloc(1, sizeof(*csa))) == NULL) { 6281 log_debug("%s: failed to get CHILD SA", __func__); 6282 goto done; 6283 } 6284 6285 csa->csa_saproto = prop->prop_protoid; 6286 csa->csa_ikesa = sa; 6287 csa->csa_spi.spi_protoid = prop->prop_protoid; 6288 csa->csa_esn = esn; 6289 csa->csa_transport = sa->sa_use_transport_mode; 6290 sa->sa_used_transport_mode = sa->sa_use_transport_mode; 6291 6292 if (pfs && group) 6293 csa->csa_pfsgrpid = group->id; 6294 6295 /* Set up responder's SPIs */ 6296 if (initiator) { 6297 csa->csa_dir = IPSP_DIRECTION_OUT; 6298 csa->csa_local = &sa->sa_local; 6299 csa->csa_peer = &sa->sa_peer; 6300 csa->csa_peerspi = prop->prop_localspi.spi; 6301 csa->csa_spi.spi = prop->prop_peerspi.spi; 6302 csa->csa_spi.spi_size = prop->prop_peerspi.spi_size; 6303 } else { 6304 csa->csa_dir = IPSP_DIRECTION_IN; 6305 csa->csa_local = &sa->sa_peer; 6306 csa->csa_peer = &sa->sa_local; 6307 6308 if ((ret = pfkey_sa_init(env, csa, 6309 &spi)) != 0) 6310 goto done; 6311 csa->csa_allocated = 1; 6312 6313 csa->csa_peerspi = prop->prop_peerspi.spi; 6314 csa->csa_spi.spi = prop->prop_localspi.spi = spi; 6315 csa->csa_spi.spi_size = 4; 6316 } 6317 6318 if (encrxf && (csa->csa_encrkey = ibuf_getdata(keymat, 6319 encrxf->xform_keylength / 8)) == NULL) { 6320 log_debug("%s: failed to get CHILD SA encryption key", 6321 __func__); 6322 goto done; 6323 } 6324 if (integrxf && (csa->csa_integrkey = ibuf_getdata(keymat, 6325 integrxf->xform_keylength / 8)) == NULL) { 6326 log_debug("%s: failed to get CHILD SA integrity key", 6327 __func__); 6328 goto done; 6329 } 6330 if (encrxf) 6331 csa->csa_encrid = encrxf->xform_id; 6332 if (integrxf) 6333 csa->csa_integrid = integrxf->xform_id; 6334 6335 if ((csb = calloc(1, sizeof(*csb))) == NULL) { 6336 log_debug("%s: failed to get CHILD SA", __func__); 6337 goto done; 6338 } 6339 6340 memcpy(csb, csa, sizeof(*csb)); 6341 6342 /* Set up initiator's SPIs */ 6343 csb->csa_spi.spi = csa->csa_peerspi; 6344 csb->csa_peerspi = csa->csa_spi.spi; 6345 csb->csa_allocated = csa->csa_allocated ? 0 : 1; 6346 csb->csa_dir = csa->csa_dir == IPSP_DIRECTION_IN ? 6347 IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN; 6348 csb->csa_local = csa->csa_peer; 6349 csb->csa_peer = csa->csa_local; 6350 6351 if (encrxf && (csb->csa_encrkey = ibuf_getdata(keymat, 6352 encrxf->xform_keylength / 8)) == NULL) { 6353 log_debug("%s: failed to get CHILD SA encryption key", 6354 __func__); 6355 goto done; 6356 } 6357 if (integrxf && (csb->csa_integrkey = ibuf_getdata(keymat, 6358 integrxf->xform_keylength / 8)) == NULL) { 6359 log_debug("%s: failed to get CHILD SA integrity key", 6360 __func__); 6361 goto done; 6362 } 6363 6364 if (ic && prop->prop_protoid == IKEV2_SAPROTO_ESP) { 6365 /* add IPCOMP SAs */ 6366 if ((csa2 = calloc(1, sizeof(*csa2))) == NULL) { 6367 log_debug("%s: failed to get CHILD SA", __func__); 6368 goto done; 6369 } 6370 if ((csb2 = calloc(1, sizeof(*csb2))) == NULL) { 6371 log_debug("%s: failed to get CHILD SA", __func__); 6372 goto done; 6373 } 6374 6375 csa2->csa_saproto = IKEV2_SAPROTO_IPCOMP; 6376 csa2->csa_ikesa = csa->csa_ikesa; 6377 csa2->csa_dir = csa->csa_dir; 6378 csa2->csa_local = csa->csa_local; 6379 csa2->csa_peer = csa->csa_peer; 6380 if (initiator) { 6381 csa2->csa_spi.spi = ic->ic_cpi_out; 6382 csa2->csa_peerspi = ic->ic_cpi_in; 6383 csa2->csa_allocated = 0; 6384 /* make sure IPCOMP CPIs are not reused */ 6385 ic->ic_transform = 0; 6386 ic->ic_cpi_in = ic->ic_cpi_out = 0; 6387 } else { 6388 if ((ret = pfkey_sa_init(env, csa2, 6389 &spi)) != 0) 6390 goto done; 6391 ic->ic_cpi_in = spi; 6392 csa2->csa_spi.spi = ic->ic_cpi_in; 6393 csa2->csa_peerspi = ic->ic_cpi_out; 6394 csa2->csa_allocated = 1; 6395 } 6396 csa2->csa_spi.spi_size = 2; 6397 6398 memcpy(csb2, csa2, sizeof(*csb2)); 6399 csb2->csa_spi.spi = csa2->csa_peerspi; 6400 csb2->csa_peerspi = csa2->csa_spi.spi; 6401 csb2->csa_allocated = csa2->csa_allocated ? 0 : 1; 6402 csb2->csa_dir = csa2->csa_dir == IPSP_DIRECTION_IN ? 6403 IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN; 6404 csb2->csa_local = csa2->csa_peer; 6405 csb2->csa_peer = csa2->csa_local; 6406 6407 /* link IPComp and ESP SAs, switch ESP to transport */ 6408 csa->csa_transport = 1; 6409 csa->csa_bundled = csa2; 6410 csa2->csa_bundled = csa; 6411 csb->csa_transport = 1; 6412 csb->csa_bundled = csb2; 6413 csb2->csa_bundled = csb; 6414 csa2 = NULL; 6415 csb2 = NULL; 6416 6417 ic = NULL; 6418 } 6419 6420 TAILQ_INSERT_TAIL(&sa->sa_childsas, csa, csa_entry); 6421 TAILQ_INSERT_TAIL(&sa->sa_childsas, csb, csa_entry); 6422 ikestat_add(env, ikes_csa_created, 2); 6423 6424 csa->csa_peersa = csb; 6425 csb->csa_peersa = csa; 6426 csa = NULL; 6427 csb = NULL; 6428 } 6429 6430 ret = 0; 6431 done: 6432 sa->sa_use_transport_mode = 0; /* reset state after use */ 6433 ibuf_free(dhsecret); 6434 ibuf_free(keymat); 6435 ibuf_free(seed); 6436 childsa_free(csa); 6437 childsa_free(csb); 6438 childsa_free(csa2); 6439 childsa_free(csb2); 6440 6441 return (ret); 6442 } 6443 6444 int 6445 ikev2_childsa_enable(struct iked *env, struct iked_sa *sa) 6446 { 6447 struct iked_childsa *csa, *ocsa, *ipcomp; 6448 struct iked_flow *flow, *oflow; 6449 int peer_changed, reload; 6450 FILE *spif, *flowf; 6451 char *spibuf = NULL, *flowbuf = NULL; 6452 char prenat_mask[10]; 6453 uint16_t encrid = 0, integrid = 0, groupid = 0; 6454 size_t encrlen = 0, integrlen = 0, spisz, flowsz; 6455 int esn = 0; 6456 int ret = -1; 6457 6458 spif = open_memstream(&spibuf, &spisz); 6459 if (spif == NULL) { 6460 log_warn("%s", __func__); 6461 return (ret); 6462 } 6463 flowf = open_memstream(&flowbuf, &flowsz); 6464 if (flowf == NULL) { 6465 log_warn("%s", __func__); 6466 fclose(spif); 6467 return (ret); 6468 } 6469 6470 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 6471 if (csa->csa_rekey || csa->csa_loaded) 6472 continue; 6473 6474 ipcomp = csa->csa_bundled; 6475 if (ipcomp && ipcomp->csa_loaded) { 6476 log_info("%s: IPCOMP SA for CHILD SA spi %s" 6477 " already loaded", __func__, 6478 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size)); 6479 continue; 6480 } 6481 6482 if (pfkey_sa_add(env, csa, NULL) != 0) { 6483 log_debug("%s: failed to load CHILD SA spi %s", 6484 __func__, print_spi(csa->csa_spi.spi, 6485 csa->csa_spi.spi_size)); 6486 goto done; 6487 } 6488 if (ipcomp) { 6489 if (pfkey_sa_add(env, ipcomp, csa) != 0) { 6490 log_debug("%s: failed to load IPCOMP spi %s", 6491 __func__, print_spi(ipcomp->csa_spi.spi, 6492 ipcomp->csa_spi.spi_size)); 6493 ipcomp = NULL; 6494 } 6495 } 6496 6497 if ((ocsa = RB_FIND(iked_activesas, &env->sc_activesas, csa)) 6498 != NULL) { 6499 log_debug("%s: replaced CHILD SA %p with %p spi %s", 6500 __func__, ocsa, csa, print_spi(ocsa->csa_spi.spi, 6501 ocsa->csa_spi.spi_size)); 6502 ocsa->csa_loaded = 0; 6503 ocsa->csa_rekey = 1; /* prevent re-loading */ 6504 RB_REMOVE(iked_activesas, &env->sc_activesas, ocsa); 6505 } 6506 6507 RB_INSERT(iked_activesas, &env->sc_activesas, csa); 6508 6509 log_debug("%s: loaded CHILD SA spi %s", __func__, 6510 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size)); 6511 6512 /* append SPI to log buffer */ 6513 if (ftello(spif) > 0) 6514 fputs(", ", spif); 6515 fputs(print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size), spif); 6516 if (ipcomp) 6517 fprintf(spif, "(%s)", print_spi(ipcomp->csa_spi.spi, 6518 ipcomp->csa_spi.spi_size)); 6519 if (!encrid) { 6520 encrid = csa->csa_encrid; 6521 encrlen = ibuf_length(csa->csa_encrkey); 6522 switch (encrid) { 6523 case IKEV2_XFORMENCR_AES_GCM_16: 6524 case IKEV2_XFORMENCR_AES_GCM_12: 6525 encrlen -= 4; 6526 break; 6527 default: 6528 if (!csa->csa_integrid) 6529 break; 6530 integrid = csa->csa_integrid; 6531 integrlen = ibuf_length(csa->csa_integrkey); 6532 } 6533 groupid = csa->csa_pfsgrpid; 6534 esn = csa->csa_esn; 6535 } 6536 } 6537 6538 peer_changed = (memcmp(&sa->sa_peer_loaded, &sa->sa_peer, 6539 sizeof(sa->sa_peer_loaded)) != 0); 6540 6541 if (!(sa->sa_policy->pol_flags & IKED_POLICY_ROUTING)) { 6542 TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) { 6543 /* re-load the flow if the peer for the flow has changed */ 6544 reload = 0; 6545 if (flow->flow_loaded) { 6546 if (!peer_changed) { 6547 log_debug("%s: flow already loaded %p", 6548 __func__, flow); 6549 continue; 6550 } 6551 RB_REMOVE(iked_flows, &env->sc_activeflows, flow); 6552 (void)pfkey_flow_delete(env, flow); 6553 flow->flow_loaded = 0; /* we did RB_REMOVE */ 6554 reload = 1; 6555 } 6556 6557 if (pfkey_flow_add(env, flow) != 0) { 6558 log_debug("%s: failed to load flow", __func__); 6559 goto done; 6560 } 6561 6562 if ((oflow = RB_FIND(iked_flows, &env->sc_activeflows, flow)) 6563 != NULL) { 6564 log_debug("%s: replaced old flow %p with %p", 6565 __func__, oflow, flow); 6566 oflow->flow_loaded = 0; 6567 RB_REMOVE(iked_flows, &env->sc_activeflows, oflow); 6568 } 6569 6570 RB_INSERT(iked_flows, &env->sc_activeflows, flow); 6571 6572 log_debug("%s: %sloaded flow %p", __func__, 6573 reload ? "re" : "", flow); 6574 6575 /* append flow to log buffer */ 6576 if (flow->flow_dir == IPSP_DIRECTION_OUT && 6577 flow->flow_prenat.addr_af != 0) 6578 snprintf(prenat_mask, sizeof(prenat_mask), "%d", 6579 flow->flow_prenat.addr_mask); 6580 else 6581 prenat_mask[0] = '\0'; 6582 if (flow->flow_dir == IPSP_DIRECTION_OUT) { 6583 if (ftello(flowf) > 0) 6584 fputs(", ", flowf); 6585 fprintf(flowf, "%s-%s/%d%s%s%s%s%s=%s/%d(%u)%s", 6586 print_map(flow->flow_saproto, ikev2_saproto_map), 6587 print_addr(&flow->flow_src.addr), 6588 flow->flow_src.addr_mask, 6589 flow->flow_prenat.addr_af != 0 ? "[": "", 6590 flow->flow_prenat.addr_af != 0 ? 6591 print_addr(&flow->flow_prenat.addr) : "", 6592 flow->flow_prenat.addr_af != 0 ? "/" : "", 6593 flow->flow_prenat.addr_af != 0 ? prenat_mask : "", 6594 flow->flow_prenat.addr_af != 0 ? "]": "", 6595 print_addr(&flow->flow_dst.addr), 6596 flow->flow_dst.addr_mask, 6597 flow->flow_ipproto, 6598 reload ? "-R" : ""); 6599 } 6600 } 6601 } 6602 6603 /* remember the current address for ikev2_update_sa_addresses() */ 6604 if (peer_changed) { 6605 memcpy(&sa->sa_peer_loaded, &sa->sa_peer, 6606 sizeof(sa->sa_peer_loaded)); 6607 log_debug("%s: remember SA peer %s", __func__, 6608 print_addr(&sa->sa_peer_loaded.addr)); 6609 } 6610 6611 fflush(spif); 6612 if (ftello(spif) > 0 && !ferror(spif)) { 6613 log_info("%s: loaded SPIs: %s (enc %s%s%s%s%s%s)", 6614 SPI_SA(sa, __func__), spibuf, 6615 print_xf(encrid, encrlen, ipsecencxfs), 6616 integrid ? " auth " : "", 6617 integrid ? print_xf(integrid, integrlen, authxfs) : "", 6618 groupid ? " group " : "", 6619 groupid ? print_xf(groupid, 0, groupxfs) : "", 6620 esn ? " esn" : ""); 6621 } 6622 fflush(flowf); 6623 if (ftello(flowf) > 0 && !ferror(flowf)) { 6624 log_info("%s: loaded flows: %s", SPI_SA(sa, __func__), flowbuf); 6625 } 6626 6627 ret = 0; 6628 done: 6629 fclose(spif); 6630 fclose(flowf); 6631 free(spibuf); 6632 free(flowbuf); 6633 return (ret); 6634 } 6635 6636 int 6637 ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, uint8_t saproto, 6638 uint64_t spi, uint64_t *spiptr, int cleanup) 6639 { 6640 struct iked_childsa *csa, *csatmp = NULL, *ipcomp; 6641 uint64_t peerspi = 0; 6642 int found = 0; 6643 6644 TAILQ_FOREACH_SAFE(csa, &sa->sa_childsas, csa_entry, csatmp) { 6645 if ((saproto && csa->csa_saproto != saproto) || 6646 (spi && (csa->csa_spi.spi != spi && 6647 csa->csa_peerspi != spi)) || 6648 (cleanup && csa->csa_loaded)) 6649 continue; 6650 6651 if (csa->csa_loaded) 6652 RB_REMOVE(iked_activesas, &env->sc_activesas, csa); 6653 6654 if (pfkey_sa_delete(env, csa) != 0) 6655 log_info("%s: failed to delete CHILD SA spi %s", 6656 SPI_SA(sa, __func__), print_spi(csa->csa_spi.spi, 6657 csa->csa_spi.spi_size)); 6658 else 6659 log_debug("%s: deleted CHILD SA spi %s", 6660 SPI_SA(sa, __func__), print_spi(csa->csa_spi.spi, 6661 csa->csa_spi.spi_size)); 6662 found++; 6663 6664 if (spi && csa->csa_spi.spi == spi) 6665 peerspi = csa->csa_peerspi; 6666 6667 ipcomp = csa->csa_bundled; 6668 if (ipcomp) { 6669 if (ipcomp->csa_loaded) { 6670 if (pfkey_sa_delete(env, ipcomp) != 0) 6671 log_info("%s: failed to delete IPCOMP" 6672 " SA spi %s", SPI_SA(sa, __func__), 6673 print_spi(ipcomp->csa_spi.spi, 6674 ipcomp->csa_spi.spi_size)); 6675 else 6676 log_debug("%s: deleted IPCOMP SA spi %s", 6677 SPI_SA(sa, __func__), 6678 print_spi(ipcomp->csa_spi.spi, 6679 ipcomp->csa_spi.spi_size)); 6680 } 6681 childsa_free(ipcomp); 6682 } 6683 TAILQ_REMOVE(&sa->sa_childsas, csa, csa_entry); 6684 ikestat_inc(env, ikes_csa_removed); 6685 childsa_free(csa); 6686 } 6687 6688 if (spiptr) 6689 *spiptr = peerspi; 6690 6691 return (found ? 0 : -1); 6692 } 6693 6694 int 6695 ikev2_valid_proposal(struct iked_proposal *prop, 6696 struct iked_transform **exf, struct iked_transform **ixf, int *esn) 6697 { 6698 struct iked_transform *xform, *encrxf, *integrxf; 6699 unsigned int i, doesn = 0; 6700 6701 switch (prop->prop_protoid) { 6702 case IKEV2_SAPROTO_ESP: 6703 case IKEV2_SAPROTO_AH: 6704 break; 6705 default: 6706 return (-1); 6707 } 6708 6709 encrxf = integrxf = NULL; 6710 for (i = 0; i < prop->prop_nxforms; i++) { 6711 xform = prop->prop_xforms + i; 6712 if (xform->xform_type == IKEV2_XFORMTYPE_ENCR) 6713 encrxf = xform; 6714 else if (xform->xform_type == IKEV2_XFORMTYPE_INTEGR) 6715 integrxf = xform; 6716 else if (xform->xform_type == IKEV2_XFORMTYPE_ESN && 6717 xform->xform_id == IKEV2_XFORMESN_ESN) 6718 doesn = 1; 6719 } 6720 6721 if (prop->prop_protoid == IKEV2_SAPROTO_IKE) { 6722 if (encrxf == NULL || integrxf == NULL) 6723 return (-1); 6724 } else if (prop->prop_protoid == IKEV2_SAPROTO_AH) { 6725 if (integrxf == NULL) 6726 return (-1); 6727 } else if (prop->prop_protoid == IKEV2_SAPROTO_ESP) { 6728 if (encrxf == NULL) 6729 return (-1); 6730 } 6731 6732 if (exf) 6733 *exf = encrxf; 6734 if (ixf) 6735 *ixf = integrxf; 6736 if (esn) 6737 *esn = doesn; 6738 6739 return (0); 6740 } 6741 6742 /* return 0 if processed, -1 if busy */ 6743 int 6744 ikev2_child_sa_acquire(struct iked *env, struct iked_flow *acquire) 6745 { 6746 struct iked_flow *flow; 6747 struct iked_sa *sa; 6748 struct iked_policy pol, *p = NULL; 6749 6750 if (env->sc_passive) 6751 return (0); 6752 6753 /* First try to find an active flow with IKE SA */ 6754 flow = RB_FIND(iked_flows, &env->sc_activeflows, acquire); 6755 if (!flow) { 6756 /* Otherwise try to find a matching policy */ 6757 bzero(&pol, sizeof(pol)); 6758 pol.pol_af = acquire->flow_peer->addr_af; 6759 memcpy(&pol.pol_peer, acquire->flow_peer, 6760 sizeof(pol.pol_peer)); 6761 6762 RB_INIT(&pol.pol_flows); 6763 RB_INSERT(iked_flows, &pol.pol_flows, acquire); 6764 pol.pol_nflows = 1; 6765 6766 if ((p = policy_test(env, &pol)) == NULL) { 6767 log_warnx("%s: flow wasn't found", __func__); 6768 return (0); 6769 } 6770 6771 log_debug("%s: found matching policy '%s'", __func__, 6772 p->pol_name); 6773 6774 if (ikev2_init_ike_sa_peer(env, p, 6775 &p->pol_peer, NULL) != 0) 6776 log_warnx("%s: failed to initiate a " 6777 "IKE_SA_INIT exchange for policy '%s'", 6778 __func__, p->pol_name); 6779 } else { 6780 log_debug("%s: found active flow", __func__); 6781 6782 if ((sa = flow->flow_ikesa) == NULL) { 6783 log_warnx("%s: flow without SA", __func__); 6784 return (0); 6785 } 6786 if (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) 6787 return (-1); /* busy, retry later */ 6788 if (ikev2_send_create_child_sa(env, sa, NULL, 6789 flow->flow_saproto, 0) != 0) 6790 log_warnx("%s: failed to initiate a " 6791 "CREATE_CHILD_SA exchange", SPI_SA(sa, __func__)); 6792 } 6793 return (0); 6794 } 6795 6796 void 6797 ikev2_disable_rekeying(struct iked *env, struct iked_sa *sa) 6798 { 6799 struct iked_childsa *csa; 6800 6801 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 6802 csa->csa_persistent = 1; 6803 csa->csa_rekey = 0; 6804 } 6805 6806 (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); 6807 } 6808 6809 /* return 0 if processed, -1 if busy */ 6810 int 6811 ikev2_child_sa_rekey(struct iked *env, struct iked_spi *rekey) 6812 { 6813 struct iked_childsa *csa, key; 6814 struct iked_sa *sa; 6815 6816 key.csa_spi = *rekey; 6817 csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); 6818 if (!csa) 6819 return (0); 6820 6821 if (csa->csa_rekey) /* See if it's already taken care of */ 6822 return (0); 6823 if ((sa = csa->csa_ikesa) == NULL) { 6824 log_warnx("%s: SA %s doesn't have a parent SA", __func__, 6825 print_spi(rekey->spi, rekey->spi_size)); 6826 return (0); 6827 } 6828 if (!sa_stateok(sa, IKEV2_STATE_ESTABLISHED)) { 6829 log_warnx("%s: not established, SPI %s", SPI_SA(sa, __func__), 6830 print_spi(rekey->spi, rekey->spi_size)); 6831 return (0); 6832 } 6833 if (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF)) { 6834 log_info("%s: busy, retrying, SPI %s", SPI_SA(sa, __func__), 6835 print_spi(rekey->spi, rekey->spi_size)); 6836 return (-1); /* busy, retry later */ 6837 } 6838 if (sa->sa_tmpfail) { 6839 log_info("%s: peer busy, retrying, SPI %s", SPI_SA(sa, __func__), 6840 print_spi(rekey->spi, rekey->spi_size)); 6841 return (-1); /* peer is busy, retry later */ 6842 } 6843 if (csa->csa_allocated) /* Peer SPI died first, get the local one */ 6844 rekey->spi = csa->csa_peerspi; 6845 if (ikev2_send_create_child_sa(env, sa, rekey, rekey->spi_protoid, 0)) 6846 log_warnx("%s: failed to initiate a CREATE_CHILD_SA exchange", 6847 SPI_SA(sa, __func__)); 6848 return (0); 6849 } 6850 6851 /* return 0 if processed, -1 if busy */ 6852 int 6853 ikev2_child_sa_drop(struct iked *env, struct iked_spi *drop) 6854 { 6855 struct ibuf *buf = NULL; 6856 struct iked_childsa *csa, key; 6857 struct iked_sa *sa; 6858 struct ikev2_delete *del; 6859 uint32_t spi32; 6860 6861 key.csa_spi = *drop; 6862 csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); 6863 if (!csa || csa->csa_rekey) 6864 return (0); 6865 6866 sa = csa->csa_ikesa; 6867 if (sa && (sa->sa_stateflags & (IKED_REQ_CHILDSA|IKED_REQ_INF))) { 6868 /* XXXX might loop, should we add a counter? */ 6869 log_debug("%s: parent SA busy", __func__); 6870 return (-1); /* busy, retry later */ 6871 } 6872 6873 RB_REMOVE(iked_activesas, &env->sc_activesas, csa); 6874 csa->csa_loaded = 0; 6875 csa->csa_rekey = 1; /* prevent re-loading */ 6876 if (sa == NULL) { 6877 log_debug("%s: failed to find a parent SA", __func__); 6878 return (0); 6879 } 6880 6881 if (csa->csa_allocated) 6882 spi32 = htobe32(csa->csa_spi.spi); 6883 else 6884 spi32 = htobe32(csa->csa_peerspi); 6885 6886 if (ikev2_childsa_delete(env, sa, csa->csa_saproto, 6887 csa->csa_peerspi, NULL, 0)) 6888 log_debug("%s: failed to delete CHILD SA %s", __func__, 6889 print_spi(csa->csa_peerspi, drop->spi_size)); 6890 6891 /* Send PAYLOAD_DELETE */ 6892 6893 if ((buf = ibuf_static()) == NULL) 6894 return (0); 6895 if ((del = ibuf_reserve(buf, sizeof(*del))) == NULL) 6896 goto done; 6897 del->del_protoid = drop->spi_protoid; 6898 del->del_spisize = 4; 6899 del->del_nspi = htobe16(1); 6900 if (ibuf_add(buf, &spi32, sizeof(spi32))) 6901 goto done; 6902 6903 if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE, 6904 IKEV2_EXCHANGE_INFORMATIONAL, 0) == -1) 6905 goto done; 6906 6907 sa->sa_stateflags |= IKED_REQ_INF; 6908 6909 done: 6910 ibuf_free(buf); 6911 return (0); 6912 } 6913 6914 int 6915 ikev2_print_static_id(struct iked_static_id *id, char *idstr, size_t idstrlen) 6916 { 6917 struct iked_id idp; 6918 int ret = -1; 6919 6920 bzero(&idp, sizeof(idp)); 6921 if ((idp.id_buf = ibuf_new(id->id_data, id->id_length)) == NULL) { 6922 bzero(idstr, idstrlen); 6923 return (-1); 6924 } 6925 idp.id_type = id->id_type; 6926 idp.id_offset = id->id_offset; 6927 if (ikev2_print_id(&idp, idstr, idstrlen) == -1) { 6928 bzero(idstr, idstrlen); 6929 goto done; 6930 } 6931 ret = 0; 6932 done: 6933 ibuf_free(idp.id_buf); 6934 return (ret); 6935 } 6936 6937 int 6938 ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen) 6939 { 6940 uint8_t *ptr; 6941 struct sockaddr_in s4 = { 0 }; 6942 struct sockaddr_in6 s6 = { 0 }; 6943 char *str; 6944 ssize_t len; 6945 int i; 6946 const char *type; 6947 6948 bzero(idstr, idstrlen); 6949 6950 if (id->id_buf == NULL) 6951 return (-1); 6952 6953 len = ibuf_size(id->id_buf); 6954 ptr = ibuf_data(id->id_buf); 6955 6956 if (len <= id->id_offset) 6957 return (-1); 6958 6959 len -= id->id_offset; 6960 ptr += id->id_offset; 6961 6962 type = print_map(id->id_type, ikev2_id_map); 6963 6964 if (strlcpy(idstr, type, idstrlen) >= idstrlen || 6965 strlcat(idstr, "/", idstrlen) >= idstrlen) 6966 return (-1); 6967 6968 switch (id->id_type) { 6969 case IKEV2_ID_IPV4: 6970 s4.sin_family = AF_INET; 6971 s4.sin_len = sizeof(s4); 6972 memcpy(&s4.sin_addr.s_addr, ptr, len); 6973 6974 if (strlcat(idstr, print_addr(&s4), idstrlen) >= idstrlen) 6975 return (-1); 6976 break; 6977 case IKEV2_ID_FQDN: 6978 case IKEV2_ID_UFQDN: 6979 if ((str = get_string(ptr, len)) == NULL) 6980 return (-1); 6981 6982 if (strlcat(idstr, str, idstrlen) >= idstrlen) { 6983 free(str); 6984 return (-1); 6985 } 6986 free(str); 6987 break; 6988 case IKEV2_ID_IPV6: 6989 s6.sin6_family = AF_INET6; 6990 s6.sin6_len = sizeof(s6); 6991 memcpy(&s6.sin6_addr, ptr, len); 6992 6993 if (strlcat(idstr, print_addr(&s6), idstrlen) >= idstrlen) 6994 return (-1); 6995 break; 6996 case IKEV2_ID_ASN1_DN: 6997 if ((str = ca_asn1_name(ptr, len)) == NULL) 6998 return (-1); 6999 if (strlcat(idstr, str, idstrlen) >= idstrlen) { 7000 OPENSSL_free(str); 7001 return (-1); 7002 } 7003 OPENSSL_free(str); 7004 break; 7005 default: 7006 /* XXX test */ 7007 for (i = 0; i < len; i++) { 7008 char buf[3]; 7009 snprintf(buf, sizeof(buf), "%02x", ptr[i]); 7010 if (strlcat(idstr, buf, idstrlen) >= idstrlen) 7011 break; 7012 } 7013 break; 7014 } 7015 7016 return (0); 7017 } 7018 7019 /* 7020 * If we have an IKEV2_CP_REQUEST for IKEV2_CFG_INTERNAL_IP4_ADDRESS and 7021 * if a network(pool) is configured, then select an address from that pool 7022 * and remember it in the sa_addrpool attribute. 7023 */ 7024 int 7025 ikev2_cp_setaddr(struct iked *env, struct iked_sa *sa, sa_family_t family) 7026 { 7027 struct iked_policy *pol = sa->sa_policy; 7028 struct iked_cfg *ikecfg = NULL; 7029 const char *errstr = NULL; 7030 int ret, pass, passes; 7031 size_t i; 7032 7033 switch (family) { 7034 case AF_INET: 7035 if (sa->sa_addrpool) 7036 return (0); 7037 break; 7038 case AF_INET6: 7039 if (sa->sa_addrpool6) 7040 return (0); 7041 break; 7042 default: 7043 return (-1); 7044 } 7045 if (pol->pol_ncfg == 0) 7046 return (0); 7047 /* default if no pool configured */ 7048 ret = 0; 7049 /* two passes if client requests from specific pool */ 7050 passes = (sa->sa_cp_addr != NULL || sa->sa_cp_addr6 != NULL) ? 2 : 1; 7051 for (pass = 0; pass < passes; pass++) { 7052 /* loop over all address pool configs (addr_net) */ 7053 for (i = 0; i < pol->pol_ncfg; i++) { 7054 ikecfg = &pol->pol_cfg[i]; 7055 if (!ikecfg->cfg.address.addr_net) 7056 continue; 7057 if ((family == AF_INET && ikecfg->cfg_type == 7058 IKEV2_CFG_INTERNAL_IP4_ADDRESS) || 7059 (family == AF_INET6 && ikecfg->cfg_type == 7060 IKEV2_CFG_INTERNAL_IP6_ADDRESS)) { 7061 if ((ret = ikev2_cp_setaddr_pool(env, sa, 7062 ikecfg, &errstr, family)) == 0) 7063 return (0); 7064 } 7065 } 7066 if (sa->sa_cp_addr != NULL) { 7067 free(sa->sa_cp_addr); 7068 sa->sa_cp_addr = NULL; 7069 } 7070 if (sa->sa_cp_addr6 != NULL) { 7071 free(sa->sa_cp_addr6); 7072 sa->sa_cp_addr6 = NULL; 7073 } 7074 } 7075 7076 if (errstr != NULL) 7077 log_warnx("%s: %s", SPI_SA(sa, __func__), errstr); 7078 return (ret); 7079 } 7080 7081 int 7082 ikev2_cp_setaddr_pool(struct iked *env, struct iked_sa *sa, 7083 struct iked_cfg *ikecfg, const char **errstr, sa_family_t family) 7084 { 7085 struct sockaddr_in *in4 = NULL, *cfg4 = NULL; 7086 struct sockaddr_in6 *in6 = NULL, *cfg6 = NULL; 7087 struct iked_sa key; 7088 struct iked_sa *osa; 7089 char idstr[IKED_ID_SIZE]; 7090 struct iked_addr addr; 7091 uint32_t mask, host, lower, upper, start, nhost; 7092 int requested = 0; 7093 7094 /* 7095 * failure: pool configured, but not requested. 7096 * If we continue, we might end up with flows where 0.0.0.0 is NOT 7097 * replaced with an address from the pool with ikev2_cp_fixaddr(). 7098 */ 7099 if (sa->sa_cp != IKEV2_CP_REQUEST) { 7100 log_debug("%s: pool configured, but IKEV2_CP_REQUEST missing", 7101 __func__); 7102 return (-1); 7103 } 7104 bzero(&addr, sizeof(addr)); 7105 addr.addr_af = family; 7106 7107 /* check if old IKESA for same DSTID already exists and transfer IPs */ 7108 if (env->sc_stickyaddress && 7109 (osa = sa_dstid_lookup(env, sa)) != NULL && 7110 ((family == AF_INET && osa->sa_addrpool) || 7111 (family == AF_INET6 && osa->sa_addrpool6))) { 7112 /* we have to transfer both, even if we just need one */ 7113 if (osa->sa_addrpool) { 7114 if (RB_REMOVE(iked_addrpool, &env->sc_addrpool, osa) 7115 != osa) { 7116 log_info("%s: addrpool error", 7117 SPI_SA(osa, __func__)); 7118 return (-1); 7119 } 7120 } 7121 if (osa->sa_addrpool6) { 7122 if (RB_REMOVE(iked_addrpool6, &env->sc_addrpool6, osa) 7123 != osa) { 7124 log_info("%s: addrpool6 error", 7125 SPI_SA(osa, __func__)); 7126 return (-1); 7127 } 7128 } 7129 sa_dstid_remove(env, osa); 7130 sa->sa_addrpool = osa->sa_addrpool; 7131 osa->sa_addrpool = NULL; 7132 sa->sa_addrpool6 = osa->sa_addrpool6; 7133 osa->sa_addrpool6 = NULL; 7134 if (osa->sa_state < IKEV2_STATE_CLOSING) { 7135 if (osa->sa_state == IKEV2_STATE_ESTABLISHED) 7136 ikev2_disable_timer(env, osa); 7137 ikev2_ike_sa_setreason(osa, 7138 "address re-use (identical dstid)"); 7139 ikev2_ikesa_delete(env, osa, 1); 7140 timer_add(env, &osa->sa_timer, 7141 3 * IKED_RETRANSMIT_TIMEOUT); 7142 } 7143 if (sa->sa_addrpool) { 7144 RB_INSERT(iked_addrpool, &env->sc_addrpool, sa); 7145 log_info( 7146 "%s: giving up assigned address %s to IKESA %s", 7147 SPI_SA(osa, __func__), 7148 print_addr(&sa->sa_addrpool->addr), 7149 print_spi(sa->sa_hdr.sh_ispi, 8)); 7150 } 7151 if (sa->sa_addrpool6) { 7152 RB_INSERT(iked_addrpool6, &env->sc_addrpool6, sa); 7153 log_info( 7154 "%s: giving up assigned v6 address %s to IKESA %s", 7155 SPI_SA(osa, __func__), 7156 print_addr(&sa->sa_addrpool6->addr), 7157 print_spi(sa->sa_hdr.sh_ispi, 8)); 7158 } 7159 if (family == AF_INET && sa->sa_addrpool != NULL) 7160 memcpy(&addr, sa->sa_addrpool, sizeof(addr)); 7161 else if (family == AF_INET6 && sa->sa_addrpool6 != NULL) 7162 memcpy(&addr, sa->sa_addrpool6, sizeof(addr)); 7163 goto done; 7164 } 7165 switch (addr.addr_af) { 7166 case AF_INET: 7167 cfg4 = (struct sockaddr_in *)&ikecfg->cfg.address.addr; 7168 mask = prefixlen2mask(ikecfg->cfg.address.addr_mask); 7169 if (sa->sa_cp_addr != NULL) { 7170 memcpy(&addr, sa->sa_cp_addr, sizeof(addr)); 7171 key.sa_addrpool = &addr; 7172 in4 = (struct sockaddr_in *)&addr.addr; 7173 if ((in4->sin_addr.s_addr & mask) != 7174 (cfg4->sin_addr.s_addr & mask)) { 7175 *errstr = "requested addr out of range"; 7176 return (-1); 7177 } 7178 if (RB_FIND(iked_addrpool, &env->sc_addrpool, 7179 &key)) { 7180 *errstr = "requested addr in use"; 7181 return (-1); 7182 } 7183 sa->sa_addrpool = sa->sa_cp_addr; 7184 sa->sa_cp_addr = NULL; 7185 RB_INSERT(iked_addrpool, &env->sc_addrpool, sa); 7186 requested = 1; 7187 goto done; 7188 } 7189 in4 = (struct sockaddr_in *)&addr.addr; 7190 in4->sin_family = AF_INET; 7191 in4->sin_len = sizeof(*in4); 7192 lower = ntohl(cfg4->sin_addr.s_addr & ~mask); 7193 key.sa_addrpool = &addr; 7194 break; 7195 case AF_INET6: 7196 cfg6 = (struct sockaddr_in6 *)&ikecfg->cfg.address.addr; 7197 in6 = (struct sockaddr_in6 *)&addr.addr; 7198 if (sa->sa_cp_addr6 != NULL) { 7199 /* XXX not yet supported */ 7200 } 7201 in6->sin6_family = AF_INET6; 7202 in6->sin6_len = sizeof(*in6); 7203 /* truncate prefixlen to get a 32-bit space */ 7204 mask = (ikecfg->cfg.address.addr_mask >= 96) 7205 ? prefixlen2mask(ikecfg->cfg.address.addr_mask - 96) 7206 : prefixlen2mask(0); 7207 memcpy(&lower, &cfg6->sin6_addr.s6_addr[12], sizeof(uint32_t)); 7208 lower = ntohl(lower & ~mask); 7209 key.sa_addrpool6 = &addr; 7210 break; 7211 default: 7212 return (-1); 7213 } 7214 7215 /* Note that start, upper and host are in HOST byte order */ 7216 upper = ntohl(~mask); 7217 /* skip .0 address if possible */ 7218 if (lower < upper && lower == 0) 7219 lower = 1; 7220 if (upper < lower) 7221 upper = lower; 7222 /* Randomly select start from [lower, upper-1] */ 7223 start = arc4random_uniform(upper - lower) + lower; 7224 7225 for (host = start;;) { 7226 log_debug("%s: mask %x start %x lower %x host %x upper %x", 7227 __func__, mask, start, lower, host, upper); 7228 switch (addr.addr_af) { 7229 case AF_INET: 7230 in4->sin_addr.s_addr = 7231 (cfg4->sin_addr.s_addr & mask) | htonl(host); 7232 break; 7233 case AF_INET6: 7234 memcpy(in6, cfg6, sizeof(*in6)); 7235 memcpy(&nhost, &cfg6->sin6_addr.s6_addr[12], 7236 sizeof(uint32_t)); 7237 nhost = (nhost & mask) | htonl(host); 7238 memcpy(&in6->sin6_addr.s6_addr[12], &nhost, 7239 sizeof(uint32_t)); 7240 break; 7241 default: 7242 return (-1); 7243 } 7244 if ((addr.addr_af == AF_INET && 7245 !RB_FIND(iked_addrpool, &env->sc_addrpool, &key)) || 7246 (addr.addr_af == AF_INET6 && 7247 !RB_FIND(iked_addrpool6, &env->sc_addrpool6, &key))) 7248 break; 7249 /* try next address */ 7250 host++; 7251 /* but skip broadcast and network address */ 7252 if (host >= upper || host < lower) 7253 host = lower; 7254 if (host == start) { 7255 *errstr = "address pool exhausted"; 7256 return (-1); /* exhausted */ 7257 } 7258 } 7259 7260 addr.addr_mask = ikecfg->cfg.address.addr_mask; 7261 switch (addr.addr_af) { 7262 case AF_INET: 7263 if (!key.sa_addrpool) 7264 return (-1); /* cannot happen? */ 7265 if ((sa->sa_addrpool = calloc(1, sizeof(addr))) == NULL) 7266 return (-1); 7267 memcpy(sa->sa_addrpool, &addr, sizeof(addr)); 7268 RB_INSERT(iked_addrpool, &env->sc_addrpool, sa); 7269 break; 7270 case AF_INET6: 7271 if (!key.sa_addrpool6) 7272 return (-1); /* cannot happen? */ 7273 if ((sa->sa_addrpool6 = calloc(1, sizeof(addr))) == NULL) 7274 return (-1); 7275 memcpy(sa->sa_addrpool6, &addr, sizeof(addr)); 7276 RB_INSERT(iked_addrpool6, &env->sc_addrpool6, sa); 7277 break; 7278 default: 7279 return (-1); 7280 } 7281 done: 7282 if (ikev2_print_id(IKESA_DSTID(sa), idstr, sizeof(idstr)) == -1) 7283 bzero(idstr, sizeof(idstr)); 7284 log_info("%sassigned address %s to %s%s", SPI_SA(sa, NULL), 7285 print_addr(&addr.addr), 7286 idstr, requested ? " (requested by peer)" : ""); 7287 return (0); 7288 } 7289 7290 int 7291 ikev2_cp_request_configured(struct iked_sa *sa) 7292 { 7293 struct iked_policy *pol = sa->sa_policy; 7294 struct iked_cfg *ikecfg; 7295 unsigned int i; 7296 7297 for (i = 0; i < pol->pol_ncfg; i++) { 7298 ikecfg = &pol->pol_cfg[i]; 7299 if (ikecfg->cfg_action == IKEV2_CP_REQUEST) { 7300 log_debug("%s: yes", SPI_SA(sa, __func__)); 7301 return 1; 7302 } 7303 } 7304 log_debug("%s: no", SPI_SA(sa, __func__)); 7305 return 0; 7306 } 7307 7308 /* 7309 * if 'addr' is 'UNSPECIFIED' replace it with sa_addrpool from 7310 * the ip-pool or the sa_cp_addr received from peer and store the 7311 * result in 'patched'. 7312 */ 7313 int 7314 ikev2_cp_fixaddr(struct iked_sa *sa, struct iked_addr *addr, 7315 struct iked_addr *patched) 7316 { 7317 struct sockaddr_in *in4; 7318 struct sockaddr_in6 *in6; 7319 struct iked_addr *naddr; 7320 7321 if (addr->addr_net) 7322 return (-2); 7323 if (sa->sa_cp == 0) 7324 return (-1); 7325 switch (addr->addr_af) { 7326 case AF_INET: 7327 in4 = (struct sockaddr_in *)&addr->addr; 7328 if (in4->sin_addr.s_addr) 7329 return (-2); 7330 naddr = (sa->sa_cp == IKEV2_CP_REQUEST) ? 7331 sa->sa_addrpool : sa->sa_cp_addr; 7332 if (naddr == NULL) 7333 return (-1); 7334 memcpy(patched, naddr, sizeof(*patched)); 7335 patched->addr_net = 0; 7336 patched->addr_mask = 32; 7337 break; 7338 case AF_INET6: 7339 in6 = (struct sockaddr_in6 *)&addr->addr; 7340 if (!IN6_IS_ADDR_UNSPECIFIED(&in6->sin6_addr)) 7341 return (-2); 7342 naddr = (sa->sa_cp == IKEV2_CP_REQUEST) ? 7343 sa->sa_addrpool6 : sa->sa_cp_addr6; 7344 if (naddr == NULL) 7345 return (-1); 7346 memcpy(patched, naddr, sizeof(*patched)); 7347 patched->addr_net = 0; 7348 patched->addr_mask = 128; 7349 break; 7350 } 7351 return (0); 7352 } 7353 7354 /* replace unspecified address in flow with requested address */ 7355 int 7356 ikev2_cp_fixflow(struct iked_sa *sa, struct iked_flow *flow, 7357 struct iked_flow *patched) 7358 { 7359 switch (sa->sa_cp) { 7360 case IKEV2_CP_REQUEST: 7361 if (patched->flow_dir == IPSP_DIRECTION_IN) 7362 return (ikev2_cp_fixaddr(sa, &flow->flow_dst, 7363 &patched->flow_src)); 7364 else 7365 return (ikev2_cp_fixaddr(sa, &flow->flow_dst, 7366 &patched->flow_dst)); 7367 case IKEV2_CP_REPLY: 7368 if (patched->flow_dir == IPSP_DIRECTION_IN) 7369 return (ikev2_cp_fixaddr(sa, &flow->flow_src, 7370 &patched->flow_dst)); 7371 else 7372 return (ikev2_cp_fixaddr(sa, &flow->flow_src, 7373 &patched->flow_src)); 7374 default: 7375 return (0); 7376 } 7377 } 7378 7379 int 7380 ikev2_update_sa_addresses(struct iked *env, struct iked_sa *sa) 7381 { 7382 struct iked_childsa *csa, *ipcomp; 7383 struct iked_flow *flow, *oflow; 7384 struct iked_message *msg; 7385 struct iked_msg_retransmit *mr; 7386 7387 if (!sa_stateok(sa, IKEV2_STATE_ESTABLISHED)) 7388 return -1; 7389 7390 log_info("%s: old %s new %s", SPI_SA(sa, __func__), 7391 print_addr(&sa->sa_peer_loaded.addr), 7392 print_addr(&sa->sa_peer.addr)); 7393 7394 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 7395 if (!csa->csa_loaded) 7396 continue; 7397 if (pfkey_sa_update_addresses(env, csa) != 0) 7398 log_debug("%s: failed to update sa", __func__); 7399 if ((ipcomp = csa->csa_bundled) != NULL && 7400 ipcomp->csa_loaded) 7401 if (pfkey_sa_update_addresses(env, ipcomp) 7402 != 0) 7403 log_debug("%s: failed to update sa", __func__); 7404 } 7405 7406 /* delete and re-add flows */ 7407 TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) { 7408 if (flow->flow_loaded) { 7409 RB_REMOVE(iked_flows, &env->sc_activeflows, flow); 7410 (void)pfkey_flow_delete(env, flow); 7411 flow->flow_loaded = 0; 7412 } 7413 if (pfkey_flow_add(env, flow) != 0) 7414 log_debug("%s: failed to add flow %p", __func__, flow); 7415 if (!flow->flow_loaded) 7416 continue; 7417 if ((oflow = RB_FIND(iked_flows, &env->sc_activeflows, flow)) 7418 != NULL) { 7419 log_debug("%s: replaced old flow %p with %p", 7420 __func__, oflow, flow); 7421 oflow->flow_loaded = 0; 7422 RB_REMOVE(iked_flows, &env->sc_activeflows, oflow); 7423 } 7424 RB_INSERT(iked_flows, &env->sc_activeflows, flow); 7425 } 7426 7427 /* update pending requests and responses */ 7428 TAILQ_FOREACH(mr, &sa->sa_requests, mrt_entry) { 7429 TAILQ_FOREACH(msg, &mr->mrt_frags, msg_entry) { 7430 msg->msg_local = sa->sa_local.addr; 7431 msg->msg_locallen = sa->sa_local.addr.ss_len; 7432 msg->msg_peer = sa->sa_peer.addr; 7433 msg->msg_peerlen = sa->sa_peer.addr.ss_len; 7434 } 7435 } 7436 TAILQ_FOREACH(mr, &sa->sa_responses, mrt_entry) { 7437 TAILQ_FOREACH(msg, &mr->mrt_frags, msg_entry) { 7438 msg->msg_local = sa->sa_local.addr; 7439 msg->msg_locallen = sa->sa_local.addr.ss_len; 7440 msg->msg_peer = sa->sa_peer.addr; 7441 msg->msg_peerlen = sa->sa_peer.addr.ss_len; 7442 } 7443 } 7444 7445 /* Update sa_peer_loaded, to match in-kernel information */ 7446 memcpy(&sa->sa_peer_loaded, &sa->sa_peer, sizeof(sa->sa_peer_loaded)); 7447 7448 return 0; 7449 } 7450 7451 void 7452 ikev2_info_sa(struct iked *env, struct imsg *imsg, int dolog, const char *msg, 7453 struct iked_sa *sa) 7454 { 7455 char idstr[IKED_ID_SIZE]; 7456 char *buf; 7457 int buflen; 7458 7459 if (ikev2_print_id(IKESA_DSTID(sa), idstr, sizeof(idstr)) == -1) 7460 bzero(idstr, sizeof(idstr)); 7461 7462 buflen = asprintf(&buf, 7463 "%s: %p rspi %s ispi %s %s->%s<%s>[%s] %s %c%s%s nexti %p pol %p\n", 7464 msg, sa, 7465 print_spi(sa->sa_hdr.sh_rspi, 8), 7466 print_spi(sa->sa_hdr.sh_ispi, 8), 7467 print_addr(&sa->sa_local.addr), 7468 print_addr(&sa->sa_peer.addr), 7469 idstr, 7470 sa->sa_addrpool ? print_addr(&sa->sa_addrpool->addr) : "", 7471 print_map(sa->sa_state, ikev2_state_map), 7472 sa->sa_hdr.sh_initiator ? 'i' : 'r', 7473 sa->sa_natt ? " natt" : "", 7474 sa->sa_udpencap ? " udpecap" : "", 7475 sa->sa_nexti, sa->sa_policy); 7476 7477 if (buflen == -1 || buf == NULL) 7478 return; 7479 7480 if (dolog) { 7481 if (buflen > 1) 7482 buf[buflen - 1] = '\0'; 7483 log_debug("%s", buf); 7484 } else 7485 proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1, 7486 IMSG_CTL_SHOW_SA, imsg->hdr.peerid, -1, 7487 buf, buflen + 1); 7488 free(buf); 7489 } 7490 7491 void 7492 ikev2_info_csa(struct iked *env, struct imsg *imsg, int dolog, const char *msg, 7493 struct iked_childsa *csa) 7494 { 7495 char *buf; 7496 int buflen; 7497 7498 buflen = asprintf(&buf, 7499 "%s: %p %s %s %s %s -> %s (%s%s%s%s) B=%p P=%p @%p\n", msg, csa, 7500 print_map(csa->csa_saproto, ikev2_saproto_map), 7501 print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size), 7502 csa->csa_dir == IPSP_DIRECTION_IN ? "in" : "out", 7503 print_addr(&csa->csa_local->addr), 7504 print_addr(&csa->csa_peer->addr), 7505 csa->csa_loaded ? "L" : "", 7506 csa->csa_rekey ? "R" : "", 7507 csa->csa_allocated ? "A" : "", 7508 csa->csa_persistent ? "P" : "", 7509 csa->csa_bundled, 7510 csa->csa_peersa, 7511 csa->csa_ikesa); 7512 7513 if (buflen == -1 || buf == NULL) 7514 return; 7515 7516 if (dolog) { 7517 if (buflen > 1) 7518 buf[buflen - 1] = '\0'; 7519 log_debug("%s", buf); 7520 } else 7521 proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1, 7522 IMSG_CTL_SHOW_SA, imsg->hdr.peerid, -1, 7523 buf, buflen + 1); 7524 free(buf); 7525 } 7526 7527 void 7528 ikev2_info_flow(struct iked *env, struct imsg *imsg, int dolog, const char *msg, 7529 struct iked_flow *flow) 7530 { 7531 char prenat_mask[10]; 7532 char *buf; 7533 int buflen; 7534 7535 if (flow->flow_prenat.addr_af != 0) 7536 snprintf(prenat_mask, sizeof(prenat_mask), "%d", 7537 flow->flow_prenat.addr_mask); 7538 else 7539 prenat_mask[0] = '\0'; 7540 7541 buflen = asprintf(&buf, 7542 "%s: %p %s %s %s/%d -> %s/%d %s%s%s%s%s[%u]@%d (%s) @%p\n", msg, flow, 7543 print_map(flow->flow_saproto, ikev2_saproto_map), 7544 flow->flow_dir == IPSP_DIRECTION_IN ? "in" : "out", 7545 print_addr(&flow->flow_src.addr), 7546 flow->flow_src.addr_mask, 7547 print_addr(&flow->flow_dst.addr), 7548 flow->flow_dst.addr_mask, 7549 flow->flow_prenat.addr_af != 0 ? "[": "", 7550 flow->flow_prenat.addr_af != 0 ? 7551 print_addr(&flow->flow_prenat.addr) : "", 7552 flow->flow_prenat.addr_af != 0 ? "/" : "", 7553 flow->flow_prenat.addr_af != 0 ? prenat_mask : "", 7554 flow->flow_prenat.addr_af != 0 ? "] ": "", 7555 flow->flow_ipproto, 7556 flow->flow_rdomain, 7557 flow->flow_loaded ? "L" : "", 7558 flow->flow_ikesa); 7559 7560 if (buflen == -1 || buf == NULL) 7561 return; 7562 7563 if (dolog) { 7564 if (buflen > 1) 7565 buf[buflen - 1] = '\0'; 7566 log_debug("%s", buf); 7567 } else 7568 proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1, 7569 IMSG_CTL_SHOW_SA, imsg->hdr.peerid, -1, 7570 buf, buflen + 1); 7571 free(buf); 7572 } 7573 7574 void 7575 ikev2_info(struct iked *env, struct imsg *imsg, int dolog) 7576 { 7577 struct iked_sa *sa; 7578 struct iked_childsa *csa, *ipcomp; 7579 struct iked_flow *flow; 7580 7581 log_debug("%s: called", __func__); 7582 7583 RB_FOREACH(sa, iked_sas, &env->sc_sas) { 7584 ikev2_info_sa(env, imsg, dolog, "iked_sas", sa); 7585 TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { 7586 ikev2_info_csa(env, imsg, dolog, " sa_childsas", csa); 7587 if ((ipcomp = csa->csa_bundled) != NULL) 7588 ikev2_info_csa(env, imsg, dolog, " ", 7589 ipcomp); 7590 } 7591 TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) { 7592 ikev2_info_flow(env, imsg, dolog, " sa_flows", flow); 7593 } 7594 } 7595 RB_FOREACH(csa, iked_activesas, &env->sc_activesas) { 7596 ikev2_info_csa(env, imsg, dolog, "iked_activesas", csa); 7597 if ((ipcomp = csa->csa_bundled) != NULL) 7598 ikev2_info_csa(env, imsg, dolog, " ", ipcomp); 7599 } 7600 RB_FOREACH(flow, iked_flows, &env->sc_activeflows) { 7601 ikev2_info_flow(env, imsg, dolog, "iked_flows", flow); 7602 } 7603 RB_FOREACH(sa, iked_dstid_sas, &env->sc_dstid_sas) { 7604 ikev2_info_sa(env, imsg, dolog, "iked_dstid_sas", sa); 7605 } 7606 if (dolog) 7607 return; 7608 /* Send empty reply to indicate end of information. */ 7609 proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1, IMSG_CTL_SHOW_SA, 7610 imsg->hdr.peerid, -1, NULL, 0); 7611 } 7612 7613 const char * 7614 ikev2_ikesa_info(uint64_t spi, const char *msg) 7615 { 7616 static char buf[1024]; 7617 const char *spistr; 7618 7619 spistr = print_spi(spi, 8); 7620 if (msg) 7621 snprintf(buf, sizeof(buf), "spi=%s: %s", spistr, msg); 7622 else 7623 snprintf(buf, sizeof(buf), "spi=%s: ", spistr); 7624 return buf; 7625 } 7626 7627 void 7628 ikev2_log_established(struct iked_sa *sa) 7629 { 7630 char dstid[IKED_ID_SIZE], srcid[IKED_ID_SIZE]; 7631 7632 if (ikev2_print_id(IKESA_DSTID(sa), dstid, sizeof(dstid)) == -1) 7633 bzero(dstid, sizeof(dstid)); 7634 if (ikev2_print_id(IKESA_SRCID(sa), srcid, sizeof(srcid)) == -1) 7635 bzero(srcid, sizeof(srcid)); 7636 log_info( 7637 "%sestablished peer %s[%s] local %s[%s]%s%s%s%s policy '%s'%s" 7638 " (enc %s%s%s group %s prf %s)", SPI_SA(sa, NULL), 7639 print_addr(&sa->sa_peer.addr), dstid, 7640 print_addr(&sa->sa_local.addr), srcid, 7641 sa->sa_addrpool ? " assigned " : "", 7642 sa->sa_addrpool ? print_addr(&sa->sa_addrpool->addr) : "", 7643 sa->sa_addrpool6 ? " assigned " : "", 7644 sa->sa_addrpool6 ? print_addr(&sa->sa_addrpool6->addr) : "", 7645 sa->sa_policy ? sa->sa_policy->pol_name : "", 7646 sa->sa_hdr.sh_initiator ? " as initiator" : " as responder", 7647 print_xf(sa->sa_encr->encr_id, cipher_keylength(sa->sa_encr) - 7648 sa->sa_encr->encr_saltlength, ikeencxfs), 7649 sa->sa_encr->encr_authid ? "" : " auth ", 7650 sa->sa_encr->encr_authid ? "" : print_xf(sa->sa_integr->hash_id, 7651 hash_keylength(sa->sa_integr), authxfs), 7652 print_xf(sa->sa_dhgroup->id, 0, groupxfs), 7653 print_xf(sa->sa_prf->hash_id, hash_keylength(sa->sa_prf), prfxfs)); 7654 } 7655 7656 void 7657 ikev2_log_cert_info(const char *msg, struct iked_id *certid) 7658 { 7659 X509 *cert = NULL; 7660 BIO *rawcert = NULL; 7661 7662 if (certid->id_type != IKEV2_CERT_X509_CERT || 7663 certid->id_buf == NULL) 7664 return; 7665 if ((rawcert = BIO_new_mem_buf(ibuf_data(certid->id_buf), 7666 ibuf_size(certid->id_buf))) == NULL || 7667 (cert = d2i_X509_bio(rawcert, NULL)) == NULL) 7668 goto out; 7669 ca_cert_info(msg, cert); 7670 out: 7671 if (cert) 7672 X509_free(cert); 7673 if (rawcert) 7674 BIO_free(rawcert); 7675 } 7676 7677 void 7678 ikev2_log_proposal(struct iked_sa *sa, struct iked_proposals *proposals) 7679 { 7680 struct iked_proposal *prop; 7681 struct iked_transform *xform; 7682 unsigned int i; 7683 char lenstr[20]; 7684 7685 TAILQ_FOREACH(prop, proposals, prop_entry) { 7686 for (i = 0; i < prop->prop_nxforms; i++) { 7687 xform = &prop->prop_xforms[i]; 7688 if (xform->xform_keylength) 7689 snprintf(lenstr, sizeof(lenstr), "-%u", 7690 xform->xform_keylength); 7691 else 7692 lenstr[0] = '\0'; 7693 log_info("%s: %s #%u %s=%s%s", 7694 sa ? SPI_SA(sa, __func__) : __func__, 7695 print_map(prop->prop_protoid, ikev2_saproto_map), 7696 prop->prop_id, 7697 print_map(xform->xform_type, ikev2_xformtype_map), 7698 xform->xform_map ? 7699 print_map(xform->xform_id, xform->xform_map) 7700 : "UNKNOWN", 7701 lenstr); 7702 } 7703 } 7704 } 7705