1 /* $OpenBSD: ike_aggressive.c,v 1.3 1999/08/26 22:28:54 niklas Exp $ */ 2 /* $EOM: ike_aggressive.c,v 1.3 1999/08/19 01:14:04 angelos Exp $ */ 3 4 /* 5 * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Ericsson Radio Systems. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * This code was written under funding by Ericsson Radio Systems. 35 */ 36 37 #include <sys/types.h> 38 #include <netinet/in.h> 39 #include <stdlib.h> 40 #include <string.h> 41 42 #include "sysdep.h" 43 44 #include "attribute.h" 45 #include "conf.h" 46 #include "constants.h" 47 #include "crypto.h" 48 #include "dh.h" 49 #include "doi.h" 50 #include "exchange.h" 51 #include "hash.h" 52 #include "ike_auth.h" 53 #include "ike_aggressive.h" 54 #include "ike_phase_1.h" 55 #include "ipsec.h" 56 #include "ipsec_doi.h" 57 #include "isakmp.h" 58 #include "log.h" 59 #include "math_group.h" 60 #include "message.h" 61 #include "prf.h" 62 #include "sa.h" 63 #include "transport.h" 64 #include "util.h" 65 66 static int initiator_recv_SA_KE_NONCE_ID_AUTH (struct message *); 67 static int initiator_send_SA_KE_NONCE_ID (struct message *); 68 static int initiator_send_AUTH (struct message *); 69 static int responder_recv_SA_KE_NONCE_ID (struct message *); 70 static int responder_send_SA_KE_NONCE_ID_AUTH (struct message *); 71 72 int (*ike_aggressive_initiator[]) (struct message *) = { 73 initiator_send_SA_KE_NONCE_ID, 74 initiator_recv_SA_KE_NONCE_ID_AUTH, 75 initiator_send_AUTH 76 }; 77 78 int (*ike_aggressive_responder[]) (struct message *) = { 79 responder_recv_SA_KE_NONCE_ID, 80 responder_send_SA_KE_NONCE_ID_AUTH, 81 ike_phase_1_recv_AUTH 82 }; 83 84 /* Offer a set of transforms to the responder in the MSG message. */ 85 static int 86 initiator_send_SA_KE_NONCE_ID (struct message *msg) 87 { 88 if (ike_phase_1_initiator_send_SA (msg)) 89 return -1; 90 91 if (ike_phase_1_initiator_send_KE_NONCE (msg)) 92 return -1; 93 94 return ike_phase_1_send_ID (msg); 95 } 96 97 /* Figure out what transform the responder chose. */ 98 static int 99 initiator_recv_SA_KE_NONCE_ID_AUTH (struct message *msg) 100 { 101 if (ike_phase_1_initiator_recv_SA (msg)) 102 return -1; 103 104 if (ike_phase_1_initiator_recv_KE_NONCE (msg)) 105 return -1; 106 107 return ike_phase_1_recv_ID_AUTH (msg); 108 } 109 110 static int 111 initiator_send_AUTH (struct message *msg) 112 { 113 msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT; 114 115 if (ike_phase_1_send_AUTH (msg)) 116 return -1; 117 118 /* 119 * RFC 2407 4.6.3 says that, among others, INITIAL-CONTACT MUST NOT 120 * be sent in Aggressive Mode. This leaves us with the choice of 121 * doing it in an informational exchange of its own with no delivery 122 * guarantee or in the first Quick Mode, or not at all. 123 * draft-jenkins-ipsec-rekeying-01.txt has some text that requires 124 * INITIAL-CONTACT in phase 1, thus contradicting what we learned 125 * above. I will bring this up in the IPsec list. For now we don't 126 * do INITIAL-CONTACT at all when using aggressive mode. 127 */ 128 return 0; 129 } 130 131 /* 132 * Accept a set of transforms offered by the initiator and chose one we can 133 * handle. Also accept initiator's public DH value, nonce and ID. 134 */ 135 static int 136 responder_recv_SA_KE_NONCE_ID (struct message *msg) 137 { 138 if (ike_phase_1_responder_recv_SA (msg)) 139 return -1; 140 141 if (ike_phase_1_recv_ID (msg)) 142 return -1; 143 144 return ike_phase_1_recv_KE_NONCE (msg); 145 } 146 147 /* 148 * Reply with the transform we chose. Send our public DH value and a nonce 149 * to the initiator. 150 */ 151 static int 152 responder_send_SA_KE_NONCE_ID_AUTH (struct message *msg) 153 { 154 /* Add the SA payload with the transform that was chosen. */ 155 if (ike_phase_1_responder_send_SA (msg)) 156 return -1; 157 158 /* XXX Should we really just use the initiator's nonce size? */ 159 if (ike_phase_1_send_KE_NONCE (msg, msg->exchange->nonce_i_len)) 160 return -1; 161 162 if (ike_phase_1_post_exchange_KE_NONCE (msg)) 163 return -1; 164 165 return ike_phase_1_responder_send_ID_AUTH (msg); 166 return -1; 167 } 168