1 /* $OpenBSD: ipsec.c,v 1.151 2021/10/22 12:30:53 bluhm Exp $ */ 2 /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ 3 4 /* 5 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. 6 * Copyright (c) 2001 Angelos D. Keromytis. All rights reserved. 7 * Copyright (c) 2001 H�kan Olsson. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* 31 * This code was written under funding by Ericsson Radio Systems. 32 */ 33 34 #include <sys/types.h> 35 #include <sys/socket.h> 36 #include <netdb.h> 37 #include <netinet/in.h> 38 #include <arpa/inet.h> 39 #include <stdlib.h> 40 #include <string.h> 41 42 #include <net/if.h> 43 #include <net/pfvar.h> 44 45 #include "attribute.h" 46 #include "conf.h" 47 #include "connection.h" 48 #include "constants.h" 49 #include "crypto.h" 50 #include "dh.h" 51 #include "doi.h" 52 #include "dpd.h" 53 #include "exchange.h" 54 #include "hash.h" 55 #include "ike_aggressive.h" 56 #include "ike_auth.h" 57 #include "ike_main_mode.h" 58 #include "ike_quick_mode.h" 59 #include "ipsec.h" 60 #include "ipsec_doi.h" 61 #include "isakmp.h" 62 #include "isakmp_cfg.h" 63 #include "isakmp_fld.h" 64 #include "isakmp_num.h" 65 #include "log.h" 66 #include "message.h" 67 #include "nat_traversal.h" 68 #include "pf_key_v2.h" 69 #include "prf.h" 70 #include "sa.h" 71 #include "timer.h" 72 #include "transport.h" 73 #include "util.h" 74 #include "x509.h" 75 76 extern int acquire_only; 77 78 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 79 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) 80 81 /* The replay window size used for all IPsec protocols if not overridden. */ 82 #define DEFAULT_REPLAY_WINDOW 16 83 84 struct ipsec_decode_arg { 85 struct message *msg; 86 struct sa *sa; 87 struct proto *proto; 88 }; 89 90 /* These variables hold the contacted peers ADT state. */ 91 struct contact { 92 struct sockaddr *addr; 93 socklen_t len; 94 } *contacts = 0; 95 int contact_cnt = 0, contact_limit = 0; 96 97 static int addr_cmp(const void *, const void *); 98 static int ipsec_add_contact(struct message *); 99 static int ipsec_contacted(struct message *); 100 static int ipsec_debug_attribute(u_int16_t, u_int8_t *, u_int16_t, 101 void *); 102 static void ipsec_delete_spi(struct sa *, struct proto *, int); 103 static int16_t *ipsec_exchange_script(u_int8_t); 104 static void ipsec_finalize_exchange(struct message *); 105 static void ipsec_free_exchange_data(void *); 106 static void ipsec_free_proto_data(void *); 107 static void ipsec_free_sa_data(void *); 108 static struct keystate *ipsec_get_keystate(struct message *); 109 static u_int8_t *ipsec_get_spi(size_t *, u_int8_t, struct message *); 110 static int ipsec_handle_leftover_payload(struct message *, u_int8_t, 111 struct payload *); 112 static int ipsec_informational_post_hook(struct message *); 113 static int ipsec_informational_pre_hook(struct message *); 114 static int ipsec_initiator(struct message *); 115 static void ipsec_proto_init(struct proto *, char *); 116 static int ipsec_responder(struct message *); 117 static void ipsec_setup_situation(u_int8_t *); 118 static int ipsec_set_network(u_int8_t *, u_int8_t *, struct sa *); 119 static size_t ipsec_situation_size(void); 120 static u_int8_t ipsec_spi_size(u_int8_t); 121 static int ipsec_validate_attribute(u_int16_t, u_int8_t *, u_int16_t, 122 void *); 123 static int ipsec_validate_exchange(u_int8_t); 124 static int ipsec_validate_id_information(u_int8_t, u_int8_t *, u_int8_t *, 125 size_t, struct exchange *); 126 static int ipsec_validate_key_information(u_int8_t *, size_t); 127 static int ipsec_validate_notification(u_int16_t); 128 static int ipsec_validate_proto(u_int8_t); 129 static int ipsec_validate_situation(u_int8_t *, size_t *, size_t); 130 static int ipsec_validate_transform_id(u_int8_t, u_int8_t); 131 static int ipsec_sa_check_flow(struct sa *, void *); 132 static int ipsec_sa_check_flow_any(struct sa *, void *); 133 static int ipsec_sa_tag(struct exchange *, struct sa *, struct sa *); 134 135 static struct doi ipsec_doi = { 136 {0}, IPSEC_DOI_IPSEC, 137 sizeof(struct ipsec_exch), sizeof(struct ipsec_sa), 138 sizeof(struct ipsec_proto), 139 ipsec_debug_attribute, 140 ipsec_delete_spi, 141 ipsec_exchange_script, 142 ipsec_finalize_exchange, 143 ipsec_free_exchange_data, 144 ipsec_free_proto_data, 145 ipsec_free_sa_data, 146 ipsec_get_keystate, 147 ipsec_get_spi, 148 ipsec_handle_leftover_payload, 149 ipsec_informational_post_hook, 150 ipsec_informational_pre_hook, 151 ipsec_is_attribute_incompatible, 152 ipsec_proto_init, 153 ipsec_setup_situation, 154 ipsec_situation_size, 155 ipsec_spi_size, 156 ipsec_validate_attribute, 157 ipsec_validate_exchange, 158 ipsec_validate_id_information, 159 ipsec_validate_key_information, 160 ipsec_validate_notification, 161 ipsec_validate_proto, 162 ipsec_validate_situation, 163 ipsec_validate_transform_id, 164 ipsec_initiator, 165 ipsec_responder, 166 ipsec_decode_ids 167 }; 168 169 int16_t script_quick_mode[] = { 170 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 171 ISAKMP_PAYLOAD_SA, 172 ISAKMP_PAYLOAD_NONCE, 173 EXCHANGE_SCRIPT_SWITCH, 174 ISAKMP_PAYLOAD_HASH, /* Responder -> initiator. */ 175 ISAKMP_PAYLOAD_SA, 176 ISAKMP_PAYLOAD_NONCE, 177 EXCHANGE_SCRIPT_SWITCH, 178 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 179 EXCHANGE_SCRIPT_END 180 }; 181 182 int16_t script_new_group_mode[] = { 183 ISAKMP_PAYLOAD_HASH, /* Initiator -> responder. */ 184 ISAKMP_PAYLOAD_SA, 185 EXCHANGE_SCRIPT_SWITCH, 186 ISAKMP_PAYLOAD_HASH, /* Responder -> initiator. */ 187 ISAKMP_PAYLOAD_SA, 188 EXCHANGE_SCRIPT_END 189 }; 190 191 struct dst_spi_proto_arg { 192 struct sockaddr *dst; 193 u_int32_t spi; 194 u_int8_t proto; 195 }; 196 197 /* 198 * Check if SA matches what we are asking for through V_ARG. It has to 199 * be a finished phase 2 SA. 200 * if "proto" arg is 0, match any proto 201 */ 202 static int 203 ipsec_sa_check(struct sa *sa, void *v_arg) 204 { 205 struct dst_spi_proto_arg *arg = v_arg; 206 struct proto *proto; 207 struct sockaddr *dst, *src; 208 int incoming; 209 210 if (sa->phase != 2 || !(sa->flags & SA_FLAG_READY)) 211 return 0; 212 213 sa->transport->vtbl->get_dst(sa->transport, &dst); 214 if (memcmp(sockaddr_addrdata(dst), sockaddr_addrdata(arg->dst), 215 sockaddr_addrlen(dst)) == 0) 216 incoming = 0; 217 else { 218 sa->transport->vtbl->get_src(sa->transport, &src); 219 if (memcmp(sockaddr_addrdata(src), sockaddr_addrdata(arg->dst), 220 sockaddr_addrlen(src)) == 0) 221 incoming = 1; 222 else 223 return 0; 224 } 225 226 for (proto = TAILQ_FIRST(&sa->protos); proto; 227 proto = TAILQ_NEXT(proto, link)) 228 if ((arg->proto == 0 || proto->proto == arg->proto) && 229 memcmp(proto->spi[incoming], &arg->spi, sizeof arg->spi) 230 == 0) 231 return 1; 232 return 0; 233 } 234 235 /* Find an SA with a "name" of DST, SPI & PROTO. */ 236 struct sa * 237 ipsec_sa_lookup(struct sockaddr *dst, u_int32_t spi, u_int8_t proto) 238 { 239 struct dst_spi_proto_arg arg; 240 241 arg.dst = dst; 242 arg.spi = spi; 243 arg.proto = proto; 244 return sa_find(ipsec_sa_check, &arg); 245 } 246 247 /* 248 * Check if SA matches the flow of another SA in V_ARG. It has to 249 * be a finished non-replaced phase 2 SA. 250 * XXX At some point other selectors will matter here too. 251 */ 252 static int 253 ipsec_sa_check_flow(struct sa *sa, void *v_arg) 254 { 255 if ((sa->flags & (SA_FLAG_READY | SA_FLAG_REPLACED)) != SA_FLAG_READY) 256 return 0; 257 258 return ipsec_sa_check_flow_any(sa, v_arg); 259 } 260 261 static int 262 ipsec_sa_check_flow_any(struct sa *sa, void *v_arg) 263 { 264 struct sa *sa2 = v_arg; 265 struct ipsec_sa *isa = sa->data, *isa2 = sa2->data; 266 267 if (sa == sa2 || sa->phase != 2 || 268 (sa->flags & SA_FLAG_READY) != SA_FLAG_READY) 269 return 0; 270 271 if (isa->tproto != isa2->tproto || isa->sport != isa2->sport || 272 isa->dport != isa2->dport) 273 return 0; 274 275 /* 276 * If at least one of the IPsec SAs is incomplete, we're done. 277 */ 278 if (isa->src_net == NULL || isa2->src_net == NULL || 279 isa->dst_net == NULL || isa2->dst_net == NULL || 280 isa->src_mask == NULL || isa2->src_mask == NULL || 281 isa->dst_mask == NULL || isa2->dst_mask == NULL) 282 return 0; 283 284 return isa->src_net->sa_family == isa2->src_net->sa_family && 285 memcmp(sockaddr_addrdata(isa->src_net), 286 sockaddr_addrdata(isa2->src_net), 287 sockaddr_addrlen(isa->src_net)) == 0 && 288 memcmp(sockaddr_addrdata(isa->src_mask), 289 sockaddr_addrdata(isa2->src_mask), 290 sockaddr_addrlen(isa->src_mask)) == 0 && 291 memcmp(sockaddr_addrdata(isa->dst_net), 292 sockaddr_addrdata(isa2->dst_net), 293 sockaddr_addrlen(isa->dst_net)) == 0 && 294 memcmp(sockaddr_addrdata(isa->dst_mask), 295 sockaddr_addrdata(isa2->dst_mask), 296 sockaddr_addrlen(isa->dst_mask)) == 0; 297 } 298 299 /* 300 * Construct a PF tag if specified in the configuration. 301 * It is possible to use variables to expand the tag: 302 * $id The string representation of the remote ID 303 * $domain The stripped domain part of the ID (for FQDN and UFQDN) 304 */ 305 static int 306 ipsec_sa_tag(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) 307 { 308 char *format, *section; 309 char *id_string = NULL, *domain = NULL; 310 int error = -1; 311 size_t len; 312 313 sa->tag = NULL; 314 315 if (exchange->name == NULL || 316 (section = exchange->name) == NULL || 317 (format = conf_get_str(section, "PF-Tag")) == NULL) 318 return (0); /* ignore if not present */ 319 320 len = PF_TAG_NAME_SIZE; 321 if ((sa->tag = calloc(1, len)) == NULL) { 322 log_error("ipsec_sa_tag: calloc"); 323 goto fail; 324 } 325 if (strlcpy(sa->tag, format, len) >= len) { 326 log_print("ipsec_sa_tag: tag too long"); 327 goto fail; 328 } 329 if (isakmp_sa->initiator) 330 id_string = ipsec_id_string(isakmp_sa->id_r, 331 isakmp_sa->id_r_len); 332 else 333 id_string = ipsec_id_string(isakmp_sa->id_i, 334 isakmp_sa->id_i_len); 335 336 if (strstr(format, "$id") != NULL) { 337 if (id_string == NULL) { 338 log_print("ipsec_sa_tag: cannot get ID"); 339 goto fail; 340 } 341 if (expand_string(sa->tag, len, "$id", id_string) != 0) { 342 log_print("ipsec_sa_tag: failed to expand tag"); 343 goto fail; 344 } 345 } 346 347 if (strstr(format, "$domain") != NULL) { 348 if (id_string == NULL) { 349 log_print("ipsec_sa_tag: cannot get ID"); 350 goto fail; 351 } 352 if (strncmp(id_string, "fqdn/", strlen("fqdn/")) == 0) 353 domain = strchr(id_string, '.'); 354 else if (strncmp(id_string, "ufqdn/", strlen("ufqdn/")) == 0) 355 domain = strchr(id_string, '@'); 356 if (domain == NULL || strlen(domain) < 2) { 357 log_print("ipsec_sa_tag: no valid domain in ID %s", 358 id_string); 359 goto fail; 360 } 361 domain++; 362 if (expand_string(sa->tag, len, "$domain", domain) != 0) { 363 log_print("ipsec_sa_tag: failed to expand tag"); 364 goto fail; 365 } 366 } 367 368 LOG_DBG((LOG_SA, 10, "ipsec_sa_tag: tag_len %ld tag \"%s\"", 369 strlen(sa->tag), sa->tag)); 370 371 error = 0; 372 fail: 373 free(id_string); 374 if (error != 0) { 375 free(sa->tag); 376 sa->tag = NULL; 377 } 378 379 return (error); 380 } 381 382 /* 383 * Do IPsec DOI specific finalizations task for the exchange where MSG was 384 * the final message. 385 */ 386 static void 387 ipsec_finalize_exchange(struct message *msg) 388 { 389 struct sa *isakmp_sa = msg->isakmp_sa; 390 struct ipsec_sa *isa; 391 struct exchange *exchange = msg->exchange; 392 struct ipsec_exch *ie = exchange->data; 393 struct sa *sa = 0, *old_sa; 394 struct proto *proto, *last_proto = 0; 395 char *addr1, *addr2, *mask1, *mask2; 396 397 switch (exchange->phase) { 398 case 1: 399 switch (exchange->type) { 400 case ISAKMP_EXCH_ID_PROT: 401 case ISAKMP_EXCH_AGGRESSIVE: 402 isa = isakmp_sa->data; 403 isa->hash = ie->hash->type; 404 isa->prf_type = ie->prf_type; 405 isa->skeyid_len = ie->skeyid_len; 406 isa->skeyid_d = ie->skeyid_d; 407 isa->skeyid_a = ie->skeyid_a; 408 /* Prevents early free of SKEYID_*. */ 409 ie->skeyid_a = ie->skeyid_d = 0; 410 411 /* 412 * If a lifetime was negotiated setup the expiration 413 * timers. 414 */ 415 if (isakmp_sa->seconds) 416 sa_setup_expirations(isakmp_sa); 417 418 if (isakmp_sa->flags & SA_FLAG_NAT_T_KEEPALIVE) 419 nat_t_setup_keepalive(isakmp_sa); 420 break; 421 } 422 break; 423 424 case 2: 425 switch (exchange->type) { 426 case IKE_EXCH_QUICK_MODE: 427 /* 428 * Tell the application(s) about the SPIs and key 429 * material. 430 */ 431 for (sa = TAILQ_FIRST(&exchange->sa_list); sa; 432 sa = TAILQ_NEXT(sa, next)) { 433 isa = sa->data; 434 435 if (exchange->initiator) { 436 /* 437 * Initiator is source, responder is 438 * destination. 439 */ 440 if (ipsec_set_network(ie->id_ci, 441 ie->id_cr, sa)) { 442 log_print( 443 "ipsec_finalize_exchange: " 444 "ipsec_set_network " 445 "failed"); 446 return; 447 } 448 } else { 449 /* 450 * Responder is source, initiator is 451 * destination. 452 */ 453 if (ipsec_set_network(ie->id_cr, 454 ie->id_ci, sa)) { 455 log_print( 456 "ipsec_finalize_exchange: " 457 "ipsec_set_network " 458 "failed"); 459 return; 460 } 461 } 462 463 if (ipsec_sa_tag(exchange, sa, isakmp_sa) == -1) 464 return; 465 466 for (proto = TAILQ_FIRST(&sa->protos), 467 last_proto = 0; proto; 468 proto = TAILQ_NEXT(proto, link)) { 469 if (pf_key_v2_set_spi(sa, proto, 470 0, isakmp_sa) || 471 (last_proto && 472 pf_key_v2_group_spis(sa, 473 last_proto, proto, 0)) || 474 pf_key_v2_set_spi(sa, proto, 475 1, isakmp_sa) || 476 (last_proto && 477 pf_key_v2_group_spis(sa, 478 last_proto, proto, 1))) 479 /* 480 * XXX Tear down this 481 * exchange. 482 */ 483 return; 484 last_proto = proto; 485 } 486 487 if (sockaddr2text(isa->src_net, &addr1, 0)) 488 addr1 = 0; 489 if (sockaddr2text(isa->src_mask, &mask1, 0)) 490 mask1 = 0; 491 if (sockaddr2text(isa->dst_net, &addr2, 0)) 492 addr2 = 0; 493 if (sockaddr2text(isa->dst_mask, &mask2, 0)) 494 mask2 = 0; 495 496 LOG_DBG((LOG_EXCHANGE, 50, 497 "ipsec_finalize_exchange: src %s %s " 498 "dst %s %s tproto %u sport %u dport %u", 499 addr1 ? addr1 : "<??\?>", 500 mask1 ? mask1 : "<??\?>", 501 addr2 ? addr2 : "<??\?>", 502 mask2 ? mask2 : "<??\?>", 503 isa->tproto, ntohs(isa->sport), 504 ntohs(isa->dport))); 505 506 free(addr1); 507 free(mask1); 508 free(addr2); 509 free(mask2); 510 511 /* 512 * If this is not an SA acquired by the 513 * kernel, it needs to have a SPD entry 514 * (a.k.a. flow) set up. 515 */ 516 if (!(sa->flags & SA_FLAG_ONDEMAND || 517 conf_get_str("General", "Acquire-Only") || 518 acquire_only) && 519 pf_key_v2_enable_sa(sa, isakmp_sa)) 520 /* XXX Tear down this exchange. */ 521 return; 522 523 /* 524 * Mark elder SAs with the same flow 525 * information as replaced. 526 */ 527 while ((old_sa = sa_find(ipsec_sa_check_flow, 528 sa)) != 0) 529 sa_mark_replaced(old_sa); 530 } 531 break; 532 } 533 } 534 } 535 536 /* Set the client addresses in ISA from SRC_ID and DST_ID. */ 537 static int 538 ipsec_set_network(u_int8_t *src_id, u_int8_t *dst_id, struct sa *sa) 539 { 540 void *src_net, *dst_net; 541 void *src_mask = NULL, *dst_mask = NULL; 542 struct sockaddr *addr; 543 struct proto *proto; 544 struct ipsec_proto *iproto; 545 struct ipsec_sa *isa = sa->data; 546 int src_af, dst_af; 547 int id; 548 char *name, *nat = NULL; 549 u_int8_t *nat_id = NULL; 550 size_t nat_sz; 551 552 if ((name = connection_passive_lookup_by_ids(src_id, dst_id))) 553 nat = conf_get_str(name, "NAT-ID"); 554 555 if (nat) { 556 if ((nat_id = ipsec_build_id(nat, &nat_sz))) { 557 LOG_DBG((LOG_EXCHANGE, 50, "ipsec_set_network: SRC-NAT:" 558 " src: %s -> %s", name, nat)); 559 src_id = nat_id; 560 } else 561 log_print("ipsec_set_network: ipsec_build_id" 562 " failed for NAT-ID: %s", nat); 563 } 564 565 if (((proto = TAILQ_FIRST(&sa->protos)) != NULL) && 566 ((iproto = proto->data) != NULL) && 567 (iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT || 568 iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT)) { 569 /* 570 * For NAT-T with transport mode, we need to use the ISAKMP's 571 * SA addresses for the flow. 572 */ 573 sa->transport->vtbl->get_src(sa->transport, &addr); 574 src_af = addr->sa_family; 575 src_net = sockaddr_addrdata(addr); 576 577 sa->transport->vtbl->get_dst(sa->transport, &addr); 578 dst_af = addr->sa_family; 579 dst_net = sockaddr_addrdata(addr); 580 } else { 581 id = GET_ISAKMP_ID_TYPE(src_id); 582 src_net = src_id + ISAKMP_ID_DATA_OFF; 583 switch (id) { 584 case IPSEC_ID_IPV4_ADDR_SUBNET: 585 src_mask = (u_int8_t *)src_net + sizeof(struct in_addr); 586 /* FALLTHROUGH */ 587 case IPSEC_ID_IPV4_ADDR: 588 src_af = AF_INET; 589 break; 590 591 case IPSEC_ID_IPV6_ADDR_SUBNET: 592 src_mask = (u_int8_t *)src_net + 593 sizeof(struct in6_addr); 594 /* FALLTHROUGH */ 595 case IPSEC_ID_IPV6_ADDR: 596 src_af = AF_INET6; 597 break; 598 599 default: 600 log_print( 601 "ipsec_set_network: ID type %d (%s) not supported", 602 id, constant_name(ipsec_id_cst, id)); 603 return -1; 604 } 605 606 id = GET_ISAKMP_ID_TYPE(dst_id); 607 dst_net = dst_id + ISAKMP_ID_DATA_OFF; 608 switch (id) { 609 case IPSEC_ID_IPV4_ADDR_SUBNET: 610 dst_mask = (u_int8_t *)dst_net + sizeof(struct in_addr); 611 /* FALLTHROUGH */ 612 case IPSEC_ID_IPV4_ADDR: 613 dst_af = AF_INET; 614 break; 615 616 case IPSEC_ID_IPV6_ADDR_SUBNET: 617 dst_mask = (u_int8_t *)dst_net + 618 sizeof(struct in6_addr); 619 /* FALLTHROUGH */ 620 case IPSEC_ID_IPV6_ADDR: 621 dst_af = AF_INET6; 622 break; 623 624 default: 625 log_print( 626 "ipsec_set_network: ID type %d (%s) not supported", 627 id, constant_name(ipsec_id_cst, id)); 628 return -1; 629 } 630 } 631 632 /* Set source address/mask. */ 633 switch (src_af) { 634 case AF_INET: 635 isa->src_net = calloc(1, sizeof(struct sockaddr_in)); 636 if (!isa->src_net) 637 goto memfail; 638 isa->src_net->sa_family = AF_INET; 639 isa->src_net->sa_len = sizeof(struct sockaddr_in); 640 641 isa->src_mask = calloc(1, sizeof(struct sockaddr_in)); 642 if (!isa->src_mask) 643 goto memfail; 644 isa->src_mask->sa_family = AF_INET; 645 isa->src_mask->sa_len = sizeof(struct sockaddr_in); 646 break; 647 648 case AF_INET6: 649 isa->src_net = calloc(1, sizeof(struct sockaddr_in6)); 650 if (!isa->src_net) 651 goto memfail; 652 isa->src_net->sa_family = AF_INET6; 653 isa->src_net->sa_len = sizeof(struct sockaddr_in6); 654 655 isa->src_mask = calloc(1, sizeof(struct sockaddr_in6)); 656 if (!isa->src_mask) 657 goto memfail; 658 isa->src_mask->sa_family = AF_INET6; 659 isa->src_mask->sa_len = sizeof(struct sockaddr_in6); 660 break; 661 } 662 663 /* Net */ 664 memcpy(sockaddr_addrdata(isa->src_net), src_net, 665 sockaddr_addrlen(isa->src_net)); 666 667 /* Mask */ 668 if (src_mask == NULL) 669 memset(sockaddr_addrdata(isa->src_mask), 0xff, 670 sockaddr_addrlen(isa->src_mask)); 671 else 672 memcpy(sockaddr_addrdata(isa->src_mask), src_mask, 673 sockaddr_addrlen(isa->src_mask)); 674 675 memcpy(&isa->sport, 676 src_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF, 677 IPSEC_ID_PORT_LEN); 678 679 free(nat_id); 680 681 /* Set destination address. */ 682 switch (dst_af) { 683 case AF_INET: 684 isa->dst_net = calloc(1, sizeof(struct sockaddr_in)); 685 if (!isa->dst_net) 686 goto memfail; 687 isa->dst_net->sa_family = AF_INET; 688 isa->dst_net->sa_len = sizeof(struct sockaddr_in); 689 690 isa->dst_mask = calloc(1, sizeof(struct sockaddr_in)); 691 if (!isa->dst_mask) 692 goto memfail; 693 isa->dst_mask->sa_family = AF_INET; 694 isa->dst_mask->sa_len = sizeof(struct sockaddr_in); 695 break; 696 697 case AF_INET6: 698 isa->dst_net = calloc(1, sizeof(struct sockaddr_in6)); 699 if (!isa->dst_net) 700 goto memfail; 701 isa->dst_net->sa_family = AF_INET6; 702 isa->dst_net->sa_len = sizeof(struct sockaddr_in6); 703 704 isa->dst_mask = calloc(1, sizeof(struct sockaddr_in6)); 705 if (!isa->dst_mask) 706 goto memfail; 707 isa->dst_mask->sa_family = AF_INET6; 708 isa->dst_mask->sa_len = sizeof(struct sockaddr_in6); 709 break; 710 } 711 712 /* Net */ 713 memcpy(sockaddr_addrdata(isa->dst_net), dst_net, 714 sockaddr_addrlen(isa->dst_net)); 715 716 /* Mask */ 717 if (dst_mask == NULL) 718 memset(sockaddr_addrdata(isa->dst_mask), 0xff, 719 sockaddr_addrlen(isa->dst_mask)); 720 else 721 memcpy(sockaddr_addrdata(isa->dst_mask), dst_mask, 722 sockaddr_addrlen(isa->dst_mask)); 723 724 memcpy(&isa->tproto, dst_id + ISAKMP_ID_DOI_DATA_OFF + 725 IPSEC_ID_PROTO_OFF, IPSEC_ID_PROTO_LEN); 726 memcpy(&isa->dport, 727 dst_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF, 728 IPSEC_ID_PORT_LEN); 729 return 0; 730 731 memfail: 732 log_error("ipsec_set_network: calloc () failed"); 733 return -1; 734 } 735 736 /* Free the DOI-specific exchange data pointed to by VIE. */ 737 static void 738 ipsec_free_exchange_data(void *vie) 739 { 740 struct ipsec_exch *ie = vie; 741 struct isakmp_cfg_attr *attr; 742 743 free(ie->sa_i_b); 744 free(ie->id_ci); 745 free(ie->id_cr); 746 free(ie->g_xi); 747 free(ie->g_xr); 748 free(ie->g_xy); 749 free(ie->skeyid); 750 free(ie->skeyid_d); 751 free(ie->skeyid_a); 752 free(ie->skeyid_e); 753 free(ie->hash_i); 754 free(ie->hash_r); 755 if (ie->group) 756 group_free(ie->group); 757 for (attr = LIST_FIRST(&ie->attrs); attr; 758 attr = LIST_FIRST(&ie->attrs)) { 759 LIST_REMOVE(attr, link); 760 if (attr->length) 761 free(attr->value); 762 free(attr); 763 } 764 } 765 766 /* Free the DOI-specific SA data pointed to by VISA. */ 767 static void 768 ipsec_free_sa_data(void *visa) 769 { 770 struct ipsec_sa *isa = visa; 771 772 free(isa->src_net); 773 free(isa->src_mask); 774 free(isa->dst_net); 775 free(isa->dst_mask); 776 free(isa->skeyid_a); 777 free(isa->skeyid_d); 778 } 779 780 /* Free the DOI-specific protocol data of an SA pointed to by VIPROTO. */ 781 static void 782 ipsec_free_proto_data(void *viproto) 783 { 784 struct ipsec_proto *iproto = viproto; 785 int i; 786 787 for (i = 0; i < 2; i++) 788 free(iproto->keymat[i]); 789 } 790 791 /* Return exchange script based on TYPE. */ 792 static int16_t * 793 ipsec_exchange_script(u_int8_t type) 794 { 795 switch (type) { 796 case ISAKMP_EXCH_TRANSACTION: 797 return script_transaction; 798 case IKE_EXCH_QUICK_MODE: 799 return script_quick_mode; 800 case IKE_EXCH_NEW_GROUP_MODE: 801 return script_new_group_mode; 802 } 803 return 0; 804 } 805 806 /* Initialize this DOI, requires doi_init to already have been called. */ 807 void 808 ipsec_init(void) 809 { 810 doi_register(&ipsec_doi); 811 } 812 813 /* Given a message MSG, return a suitable IV (or rather keystate). */ 814 static struct keystate * 815 ipsec_get_keystate(struct message *msg) 816 { 817 struct keystate *ks; 818 struct hash *hash; 819 820 /* If we have already have an IV, use it. */ 821 if (msg->exchange && msg->exchange->keystate) { 822 ks = malloc(sizeof *ks); 823 if (!ks) { 824 log_error("ipsec_get_keystate: malloc (%lu) failed", 825 (unsigned long) sizeof *ks); 826 return 0; 827 } 828 memcpy(ks, msg->exchange->keystate, sizeof *ks); 829 return ks; 830 } 831 /* 832 * For phase 2 when no SA yet is setup we need to hash the IV used by 833 * the ISAKMP SA concatenated with the message ID, and use that as an 834 * IV for further cryptographic operations. 835 */ 836 if (!msg->isakmp_sa->keystate) { 837 log_print("ipsec_get_keystate: no keystate in ISAKMP SA %p", 838 msg->isakmp_sa); 839 return 0; 840 } 841 ks = crypto_clone_keystate(msg->isakmp_sa->keystate); 842 if (!ks) 843 return 0; 844 845 hash = hash_get(((struct ipsec_sa *)msg->isakmp_sa->data)->hash); 846 hash->Init(hash->ctx); 847 LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: final phase 1 IV", 848 ks->riv, ks->xf->blocksize)); 849 hash->Update(hash->ctx, ks->riv, ks->xf->blocksize); 850 LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: message ID", 851 ((u_int8_t *) msg->iov[0].iov_base) + ISAKMP_HDR_MESSAGE_ID_OFF, 852 ISAKMP_HDR_MESSAGE_ID_LEN)); 853 hash->Update(hash->ctx, ((u_int8_t *) msg->iov[0].iov_base) + 854 ISAKMP_HDR_MESSAGE_ID_OFF, ISAKMP_HDR_MESSAGE_ID_LEN); 855 hash->Final(hash->digest, hash->ctx); 856 crypto_init_iv(ks, hash->digest, ks->xf->blocksize); 857 LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: phase 2 IV", 858 hash->digest, ks->xf->blocksize)); 859 return ks; 860 } 861 862 static void 863 ipsec_setup_situation(u_int8_t *buf) 864 { 865 SET_IPSEC_SIT_SIT(buf + ISAKMP_SA_SIT_OFF, IPSEC_SIT_IDENTITY_ONLY); 866 } 867 868 static size_t 869 ipsec_situation_size(void) 870 { 871 return IPSEC_SIT_SIT_LEN; 872 } 873 874 static u_int8_t 875 ipsec_spi_size(u_int8_t proto) 876 { 877 return IPSEC_SPI_SIZE; 878 } 879 880 static int 881 ipsec_validate_attribute(u_int16_t type, u_int8_t * value, u_int16_t len, 882 void *vmsg) 883 { 884 struct message *msg = vmsg; 885 886 if (msg->exchange->phase == 1 && 887 (type < IKE_ATTR_ENCRYPTION_ALGORITHM || type > IKE_ATTR_GROUP_ORDER)) 888 return -1; 889 if (msg->exchange->phase == 2 && 890 (type < IPSEC_ATTR_SA_LIFE_TYPE || type > IPSEC_ATTR_ECN_TUNNEL)) 891 return -1; 892 return 0; 893 } 894 895 static int 896 ipsec_validate_exchange(u_int8_t exch) 897 { 898 return exch != IKE_EXCH_QUICK_MODE && exch != IKE_EXCH_NEW_GROUP_MODE; 899 } 900 901 static int 902 ipsec_validate_id_information(u_int8_t type, u_int8_t *extra, u_int8_t *buf, 903 size_t sz, struct exchange *exchange) 904 { 905 u_int8_t proto = GET_IPSEC_ID_PROTO(extra); 906 u_int16_t port = GET_IPSEC_ID_PORT(extra); 907 908 LOG_DBG((LOG_MESSAGE, 40, 909 "ipsec_validate_id_information: proto %d port %d type %d", 910 proto, port, type)); 911 if (type < IPSEC_ID_IPV4_ADDR || type > IPSEC_ID_KEY_ID) 912 return -1; 913 914 switch (type) { 915 case IPSEC_ID_IPV4_ADDR: 916 LOG_DBG_BUF((LOG_MESSAGE, 40, 917 "ipsec_validate_id_information: IPv4", buf, 918 sizeof(struct in_addr))); 919 break; 920 921 case IPSEC_ID_IPV6_ADDR: 922 LOG_DBG_BUF((LOG_MESSAGE, 40, 923 "ipsec_validate_id_information: IPv6", buf, 924 sizeof(struct in6_addr))); 925 break; 926 927 case IPSEC_ID_IPV4_ADDR_SUBNET: 928 LOG_DBG_BUF((LOG_MESSAGE, 40, 929 "ipsec_validate_id_information: IPv4 network/netmask", 930 buf, 2 * sizeof(struct in_addr))); 931 break; 932 933 case IPSEC_ID_IPV6_ADDR_SUBNET: 934 LOG_DBG_BUF((LOG_MESSAGE, 40, 935 "ipsec_validate_id_information: IPv6 network/netmask", 936 buf, 2 * sizeof(struct in6_addr))); 937 break; 938 939 default: 940 break; 941 } 942 943 if (exchange->phase == 1 && 944 (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT) && 945 (proto != 0 || port != 0)) { 946 /* 947 * XXX SSH's ISAKMP tester fails this test (proto 17 - port 948 * 0). 949 */ 950 #ifdef notyet 951 return -1; 952 #else 953 log_print("ipsec_validate_id_information: dubious ID " 954 "information accepted"); 955 #endif 956 } 957 /* XXX More checks? */ 958 959 return 0; 960 } 961 962 static int 963 ipsec_validate_key_information(u_int8_t *buf, size_t sz) 964 { 965 /* XXX Not implemented yet. */ 966 return 0; 967 } 968 969 static int 970 ipsec_validate_notification(u_int16_t type) 971 { 972 return type < IPSEC_NOTIFY_RESPONDER_LIFETIME || 973 type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0; 974 } 975 976 static int 977 ipsec_validate_proto(u_int8_t proto) 978 { 979 return proto < IPSEC_PROTO_IPSEC_AH || 980 proto > IPSEC_PROTO_IPCOMP ? -1 : 0; 981 } 982 983 static int 984 ipsec_validate_situation(u_int8_t *buf, size_t *sz, size_t len) 985 { 986 if (len < IPSEC_SIT_SIT_OFF + IPSEC_SIT_SIT_LEN) { 987 log_print("ipsec_validate_situation: payload too short: %u", 988 (unsigned int) len); 989 return -1; 990 } 991 /* Currently only "identity only" situations are supported. */ 992 if (GET_IPSEC_SIT_SIT(buf) != IPSEC_SIT_IDENTITY_ONLY) 993 return 1; 994 995 *sz = IPSEC_SIT_SIT_LEN; 996 997 return 0; 998 } 999 1000 static int 1001 ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id) 1002 { 1003 switch (proto) { 1004 /* 1005 * As no unexpected protocols can occur, we just tie the 1006 * default case to the first case, in order to silence a GCC 1007 * warning. 1008 */ 1009 default: 1010 case ISAKMP_PROTO_ISAKMP: 1011 return transform_id != IPSEC_TRANSFORM_KEY_IKE; 1012 case IPSEC_PROTO_IPSEC_AH: 1013 return transform_id < IPSEC_AH_MD5 || 1014 transform_id > IPSEC_AH_RIPEMD ? -1 : 0; 1015 case IPSEC_PROTO_IPSEC_ESP: 1016 return transform_id < IPSEC_ESP_DES_IV64 || 1017 (transform_id > IPSEC_ESP_AES_GMAC && 1018 transform_id < IPSEC_ESP_AES_MARS) || 1019 transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; 1020 case IPSEC_PROTO_IPCOMP: 1021 return transform_id < IPSEC_IPCOMP_OUI || 1022 transform_id > IPSEC_IPCOMP_DEFLATE ? -1 : 0; 1023 } 1024 } 1025 1026 static int 1027 ipsec_initiator(struct message *msg) 1028 { 1029 struct exchange *exchange = msg->exchange; 1030 int (**script)(struct message *) = 0; 1031 1032 /* Check that the SA is coherent with the IKE rules. */ 1033 if (exchange->type != ISAKMP_EXCH_TRANSACTION && 1034 ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT && 1035 exchange->type != ISAKMP_EXCH_AGGRESSIVE && 1036 exchange->type != ISAKMP_EXCH_INFO) || 1037 (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE && 1038 exchange->type != ISAKMP_EXCH_INFO))) { 1039 log_print("ipsec_initiator: unsupported exchange type %d " 1040 "in phase %d", exchange->type, exchange->phase); 1041 return -1; 1042 } 1043 switch (exchange->type) { 1044 case ISAKMP_EXCH_ID_PROT: 1045 script = ike_main_mode_initiator; 1046 break; 1047 case ISAKMP_EXCH_AGGRESSIVE: 1048 script = ike_aggressive_initiator; 1049 break; 1050 case ISAKMP_EXCH_TRANSACTION: 1051 script = isakmp_cfg_initiator; 1052 break; 1053 case ISAKMP_EXCH_INFO: 1054 return message_send_info(msg); 1055 case IKE_EXCH_QUICK_MODE: 1056 script = ike_quick_mode_initiator; 1057 break; 1058 default: 1059 log_print("ipsec_initiator: unsupported exchange type %d", 1060 exchange->type); 1061 return -1; 1062 } 1063 1064 /* Run the script code for this step. */ 1065 if (script) 1066 return script[exchange->step] (msg); 1067 1068 return 0; 1069 } 1070 1071 /* 1072 * delete all SA's from addr with the associated proto and SPI's 1073 * 1074 * spis[] is an array of SPIs of size 16-octet for proto ISAKMP 1075 * or 4-octet otherwise. 1076 */ 1077 static void 1078 ipsec_delete_spi_list(struct sockaddr *addr, u_int8_t proto, u_int8_t *spis, 1079 int nspis, char *type) 1080 { 1081 struct sa *sa; 1082 char *peer; 1083 char ids[1024]; 1084 int i; 1085 1086 for (i = 0; i < nspis; i++) { 1087 if (proto == ISAKMP_PROTO_ISAKMP) { 1088 u_int8_t *spi = spis + i * ISAKMP_HDR_COOKIES_LEN; 1089 1090 /* 1091 * This really shouldn't happen in IPSEC DOI 1092 * code, but Cisco VPN 3000 sends ISAKMP DELETE's 1093 * this way. 1094 */ 1095 sa = sa_lookup_isakmp_sa(addr, spi); 1096 } else { 1097 u_int32_t spi = ((u_int32_t *)spis)[i]; 1098 1099 sa = ipsec_sa_lookup(addr, spi, proto); 1100 } 1101 1102 if (sa == NULL) { 1103 LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: could " 1104 "not locate SA (SPI %08x, proto %u)", 1105 ((u_int32_t *)spis)[i], proto)); 1106 continue; 1107 } 1108 1109 strlcpy(ids, 1110 sa->doi->decode_ids("initiator id: %s, responder id: %s", 1111 sa->id_i, sa->id_i_len, sa->id_r, sa->id_r_len, 0), 1112 sizeof ids); 1113 if (sockaddr2text(addr, &peer, 0)) 1114 peer = NULL; 1115 1116 /* only log deletion of SAs which are not soft expired yet */ 1117 if (sa->soft_death != NULL) 1118 log_verbose("isakmpd: Peer %s made us delete live SA " 1119 "%s for proto %d, %s", peer ? peer : "<unknown>", 1120 sa->name ? sa->name : "<unnamed>", proto, ids); 1121 1122 LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: " 1123 "%s made us delete SA %p (%d references) for proto %d (%s)", 1124 type, sa, sa->refcnt, proto, ids)); 1125 free(peer); 1126 1127 /* Delete the SA and search for the next */ 1128 sa_free(sa); 1129 } 1130 } 1131 1132 static int 1133 ipsec_responder(struct message *msg) 1134 { 1135 struct exchange *exchange = msg->exchange; 1136 int (**script)(struct message *) = 0; 1137 struct payload *p; 1138 u_int16_t type; 1139 1140 /* Check that a new exchange is coherent with the IKE rules. */ 1141 if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION && 1142 ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT && 1143 exchange->type != ISAKMP_EXCH_AGGRESSIVE && 1144 exchange->type != ISAKMP_EXCH_INFO) || 1145 (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE && 1146 exchange->type != ISAKMP_EXCH_INFO))) { 1147 message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE, 1148 0, 1, 0); 1149 return -1; 1150 } 1151 LOG_DBG((LOG_MISC, 30, "ipsec_responder: phase %d exchange %d step %d", 1152 exchange->phase, exchange->type, exchange->step)); 1153 switch (exchange->type) { 1154 case ISAKMP_EXCH_ID_PROT: 1155 script = ike_main_mode_responder; 1156 break; 1157 case ISAKMP_EXCH_AGGRESSIVE: 1158 script = ike_aggressive_responder; 1159 break; 1160 case ISAKMP_EXCH_TRANSACTION: 1161 script = isakmp_cfg_responder; 1162 break; 1163 case ISAKMP_EXCH_INFO: 1164 TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_NOTIFY], link) { 1165 type = GET_ISAKMP_NOTIFY_MSG_TYPE(p->p); 1166 LOG_DBG((LOG_EXCHANGE, 10, 1167 "ipsec_responder: got NOTIFY of type %s", 1168 constant_name(isakmp_notify_cst, type))); 1169 1170 switch (type) { 1171 case IPSEC_NOTIFY_INITIAL_CONTACT: 1172 /* Handled by leftover logic. */ 1173 break; 1174 1175 case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE: 1176 case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE_ACK: 1177 dpd_handle_notify(msg, p); 1178 break; 1179 1180 default: 1181 p->flags |= PL_MARK; 1182 break; 1183 } 1184 } 1185 1186 /* 1187 * If any DELETEs are in here, let the logic of leftover 1188 * payloads deal with them. 1189 */ 1190 return 0; 1191 1192 case IKE_EXCH_QUICK_MODE: 1193 script = ike_quick_mode_responder; 1194 break; 1195 1196 default: 1197 message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE, 1198 0, 1, 0); 1199 return -1; 1200 } 1201 1202 /* Run the script code for this step. */ 1203 if (script) 1204 return script[exchange->step] (msg); 1205 1206 /* 1207 * XXX So far we don't accept any proposals for exchanges we don't 1208 * support. 1209 */ 1210 if (payload_first(msg, ISAKMP_PAYLOAD_SA)) { 1211 message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); 1212 return -1; 1213 } 1214 return 0; 1215 } 1216 1217 static enum hashes 1218 from_ike_hash(u_int16_t hash) 1219 { 1220 switch (hash) { 1221 case IKE_HASH_MD5: 1222 return HASH_MD5; 1223 case IKE_HASH_SHA: 1224 return HASH_SHA1; 1225 case IKE_HASH_SHA2_256: 1226 return HASH_SHA2_256; 1227 case IKE_HASH_SHA2_384: 1228 return HASH_SHA2_384; 1229 case IKE_HASH_SHA2_512: 1230 return HASH_SHA2_512; 1231 } 1232 return -1; 1233 } 1234 1235 static enum transform 1236 from_ike_crypto(u_int16_t crypto) 1237 { 1238 /* Coincidentally this is the null operation :-) */ 1239 return crypto; 1240 } 1241 1242 /* 1243 * Find out whether the attribute of type TYPE with a LEN length value 1244 * pointed to by VALUE is incompatible with what we can handle. 1245 * VMSG is a pointer to the current message. 1246 */ 1247 int 1248 ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len, 1249 void *vmsg) 1250 { 1251 struct message *msg = vmsg; 1252 u_int16_t dv = decode_16(value); 1253 1254 if (msg->exchange->phase == 1) { 1255 switch (type) { 1256 case IKE_ATTR_ENCRYPTION_ALGORITHM: 1257 return !crypto_get(from_ike_crypto(dv)); 1258 case IKE_ATTR_HASH_ALGORITHM: 1259 return !hash_get(from_ike_hash(dv)); 1260 case IKE_ATTR_AUTHENTICATION_METHOD: 1261 return !ike_auth_get(dv); 1262 case IKE_ATTR_GROUP_DESCRIPTION: 1263 return (dv < IKE_GROUP_DESC_MODP_768 || 1264 dv > IKE_GROUP_DESC_MODP_1536) && 1265 (dv < IKE_GROUP_DESC_MODP_2048 || 1266 dv > IKE_GROUP_DESC_ECP_521) && 1267 (dv < IKE_GROUP_DESC_ECP_192 || 1268 dv > IKE_GROUP_DESC_BP_512); 1269 case IKE_ATTR_GROUP_TYPE: 1270 return 1; 1271 case IKE_ATTR_GROUP_PRIME: 1272 return 1; 1273 case IKE_ATTR_GROUP_GENERATOR_1: 1274 return 1; 1275 case IKE_ATTR_GROUP_GENERATOR_2: 1276 return 1; 1277 case IKE_ATTR_GROUP_CURVE_A: 1278 return 1; 1279 case IKE_ATTR_GROUP_CURVE_B: 1280 return 1; 1281 case IKE_ATTR_LIFE_TYPE: 1282 return dv < IKE_DURATION_SECONDS || 1283 dv > IKE_DURATION_KILOBYTES; 1284 case IKE_ATTR_LIFE_DURATION: 1285 return len != 2 && len != 4; 1286 case IKE_ATTR_PRF: 1287 return 1; 1288 case IKE_ATTR_KEY_LENGTH: 1289 /* 1290 * Our crypto routines only allows key-lengths which 1291 * are multiples of an octet. 1292 */ 1293 return dv % 8 != 0; 1294 case IKE_ATTR_FIELD_SIZE: 1295 return 1; 1296 case IKE_ATTR_GROUP_ORDER: 1297 return 1; 1298 } 1299 } else { 1300 switch (type) { 1301 case IPSEC_ATTR_SA_LIFE_TYPE: 1302 return dv < IPSEC_DURATION_SECONDS || 1303 dv > IPSEC_DURATION_KILOBYTES; 1304 case IPSEC_ATTR_SA_LIFE_DURATION: 1305 return len != 2 && len != 4; 1306 case IPSEC_ATTR_GROUP_DESCRIPTION: 1307 return (dv < IKE_GROUP_DESC_MODP_768 || 1308 dv > IKE_GROUP_DESC_MODP_1536) && 1309 (dv < IKE_GROUP_DESC_MODP_2048 || 1310 dv > IKE_GROUP_DESC_ECP_521) && 1311 (dv < IKE_GROUP_DESC_ECP_192 || 1312 dv > IKE_GROUP_DESC_BP_512); 1313 case IPSEC_ATTR_ENCAPSULATION_MODE: 1314 return dv != IPSEC_ENCAP_TUNNEL && 1315 dv != IPSEC_ENCAP_TRANSPORT && 1316 dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL && 1317 dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT && 1318 dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT && 1319 dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT; 1320 case IPSEC_ATTR_AUTHENTICATION_ALGORITHM: 1321 return dv < IPSEC_AUTH_HMAC_MD5 || 1322 dv > IPSEC_AUTH_HMAC_RIPEMD; 1323 case IPSEC_ATTR_KEY_LENGTH: 1324 /* 1325 * XXX Blowfish needs '0'. Others appear to disregard 1326 * this attr? 1327 */ 1328 return 0; 1329 case IPSEC_ATTR_KEY_ROUNDS: 1330 return 1; 1331 case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE: 1332 return 1; 1333 case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: 1334 return 1; 1335 case IPSEC_ATTR_ECN_TUNNEL: 1336 return 1; 1337 } 1338 } 1339 /* XXX Silence gcc. */ 1340 return 1; 1341 } 1342 1343 /* 1344 * Log the attribute of TYPE with a LEN length value pointed to by VALUE 1345 * in human-readable form. VMSG is a pointer to the current message. 1346 */ 1347 int 1348 ipsec_debug_attribute(u_int16_t type, u_int8_t *value, u_int16_t len, 1349 void *vmsg) 1350 { 1351 struct message *msg = vmsg; 1352 char val[20]; 1353 1354 /* XXX Transient solution. */ 1355 if (len == 2) 1356 snprintf(val, sizeof val, "%d", decode_16(value)); 1357 else if (len == 4) 1358 snprintf(val, sizeof val, "%d", decode_32(value)); 1359 else 1360 snprintf(val, sizeof val, "unrepresentable"); 1361 1362 LOG_DBG((LOG_MESSAGE, 50, "Attribute %s value %s", 1363 constant_name(msg->exchange->phase == 1 ? ike_attr_cst : 1364 ipsec_attr_cst, type), val)); 1365 return 0; 1366 } 1367 1368 /* 1369 * Decode the attribute of type TYPE with a LEN length value pointed to by 1370 * VALUE. VIDA is a pointer to a context structure where we can find the 1371 * current message, SA and protocol. 1372 */ 1373 int 1374 ipsec_decode_attribute(u_int16_t type, u_int8_t *value, u_int16_t len, 1375 void *vida) 1376 { 1377 struct ipsec_decode_arg *ida = vida; 1378 struct message *msg = ida->msg; 1379 struct sa *sa = ida->sa; 1380 struct ipsec_sa *isa = sa->data; 1381 struct proto *proto = ida->proto; 1382 struct ipsec_proto *iproto = proto->data; 1383 struct exchange *exchange = msg->exchange; 1384 struct ipsec_exch *ie = exchange->data; 1385 static int lifetype = 0; 1386 1387 if (exchange->phase == 1) { 1388 switch (type) { 1389 case IKE_ATTR_ENCRYPTION_ALGORITHM: 1390 /* XXX Errors possible? */ 1391 exchange->crypto = crypto_get(from_ike_crypto( 1392 decode_16(value))); 1393 break; 1394 case IKE_ATTR_HASH_ALGORITHM: 1395 /* XXX Errors possible? */ 1396 ie->hash = hash_get(from_ike_hash(decode_16(value))); 1397 break; 1398 case IKE_ATTR_AUTHENTICATION_METHOD: 1399 /* XXX Errors possible? */ 1400 ie->ike_auth = ike_auth_get(decode_16(value)); 1401 break; 1402 case IKE_ATTR_GROUP_DESCRIPTION: 1403 isa->group_desc = decode_16(value); 1404 break; 1405 case IKE_ATTR_GROUP_TYPE: 1406 break; 1407 case IKE_ATTR_GROUP_PRIME: 1408 break; 1409 case IKE_ATTR_GROUP_GENERATOR_1: 1410 break; 1411 case IKE_ATTR_GROUP_GENERATOR_2: 1412 break; 1413 case IKE_ATTR_GROUP_CURVE_A: 1414 break; 1415 case IKE_ATTR_GROUP_CURVE_B: 1416 break; 1417 case IKE_ATTR_LIFE_TYPE: 1418 lifetype = decode_16(value); 1419 return 0; 1420 case IKE_ATTR_LIFE_DURATION: 1421 switch (lifetype) { 1422 case IKE_DURATION_SECONDS: 1423 switch (len) { 1424 case 2: 1425 sa->seconds = decode_16(value); 1426 break; 1427 case 4: 1428 sa->seconds = decode_32(value); 1429 break; 1430 default: 1431 log_print("ipsec_decode_attribute: " 1432 "unreasonable lifetime"); 1433 } 1434 break; 1435 case IKE_DURATION_KILOBYTES: 1436 switch (len) { 1437 case 2: 1438 sa->kilobytes = decode_16(value); 1439 break; 1440 case 4: 1441 sa->kilobytes = decode_32(value); 1442 break; 1443 default: 1444 log_print("ipsec_decode_attribute: " 1445 "unreasonable lifetime"); 1446 } 1447 break; 1448 default: 1449 log_print("ipsec_decode_attribute: unknown " 1450 "lifetime type"); 1451 } 1452 break; 1453 case IKE_ATTR_PRF: 1454 break; 1455 case IKE_ATTR_KEY_LENGTH: 1456 exchange->key_length = decode_16(value) / 8; 1457 break; 1458 case IKE_ATTR_FIELD_SIZE: 1459 break; 1460 case IKE_ATTR_GROUP_ORDER: 1461 break; 1462 } 1463 } else { 1464 switch (type) { 1465 case IPSEC_ATTR_SA_LIFE_TYPE: 1466 lifetype = decode_16(value); 1467 return 0; 1468 case IPSEC_ATTR_SA_LIFE_DURATION: 1469 switch (lifetype) { 1470 case IPSEC_DURATION_SECONDS: 1471 switch (len) { 1472 case 2: 1473 sa->seconds = decode_16(value); 1474 break; 1475 case 4: 1476 sa->seconds = decode_32(value); 1477 break; 1478 default: 1479 log_print("ipsec_decode_attribute: " 1480 "unreasonable lifetime"); 1481 } 1482 break; 1483 case IPSEC_DURATION_KILOBYTES: 1484 switch (len) { 1485 case 2: 1486 sa->kilobytes = decode_16(value); 1487 break; 1488 case 4: 1489 sa->kilobytes = decode_32(value); 1490 break; 1491 default: 1492 log_print("ipsec_decode_attribute: " 1493 "unreasonable lifetime"); 1494 } 1495 break; 1496 default: 1497 log_print("ipsec_decode_attribute: unknown " 1498 "lifetime type"); 1499 } 1500 break; 1501 case IPSEC_ATTR_GROUP_DESCRIPTION: 1502 isa->group_desc = decode_16(value); 1503 break; 1504 case IPSEC_ATTR_ENCAPSULATION_MODE: 1505 /* 1506 * XXX Multiple protocols must have same 1507 * encapsulation mode, no? 1508 */ 1509 iproto->encap_mode = decode_16(value); 1510 break; 1511 case IPSEC_ATTR_AUTHENTICATION_ALGORITHM: 1512 iproto->auth = decode_16(value); 1513 break; 1514 case IPSEC_ATTR_KEY_LENGTH: 1515 iproto->keylen = decode_16(value); 1516 break; 1517 case IPSEC_ATTR_KEY_ROUNDS: 1518 iproto->keyrounds = decode_16(value); 1519 break; 1520 case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE: 1521 break; 1522 case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: 1523 break; 1524 case IPSEC_ATTR_ECN_TUNNEL: 1525 break; 1526 } 1527 } 1528 lifetype = 0; 1529 return 0; 1530 } 1531 1532 /* 1533 * Walk over the attributes of the transform payload found in BUF, and 1534 * fill out the fields of the SA attached to MSG. Also mark the SA as 1535 * processed. 1536 */ 1537 void 1538 ipsec_decode_transform(struct message *msg, struct sa *sa, struct proto *proto, 1539 u_int8_t *buf) 1540 { 1541 struct ipsec_exch *ie = msg->exchange->data; 1542 struct ipsec_decode_arg ida; 1543 1544 LOG_DBG((LOG_MISC, 20, "ipsec_decode_transform: transform %d chosen", 1545 GET_ISAKMP_TRANSFORM_NO(buf))); 1546 1547 ida.msg = msg; 1548 ida.sa = sa; 1549 ida.proto = proto; 1550 1551 /* The default IKE lifetime is 8 hours. */ 1552 if (sa->phase == 1) 1553 sa->seconds = 28800; 1554 1555 /* Extract the attributes and stuff them into the SA. */ 1556 attribute_map(buf + ISAKMP_TRANSFORM_SA_ATTRS_OFF, 1557 GET_ISAKMP_GEN_LENGTH(buf) - ISAKMP_TRANSFORM_SA_ATTRS_OFF, 1558 ipsec_decode_attribute, &ida); 1559 1560 /* 1561 * If no pseudo-random function was negotiated, it's HMAC. 1562 * XXX As PRF_HMAC currently is zero, this is a no-op. 1563 */ 1564 if (!ie->prf_type) 1565 ie->prf_type = PRF_HMAC; 1566 } 1567 1568 /* 1569 * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO 1570 * of the IKE security association SA. 1571 */ 1572 static void 1573 ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming) 1574 { 1575 struct sa *new_sa; 1576 struct ipsec_proto *iproto; 1577 1578 if (sa->phase == 1) 1579 return; 1580 1581 iproto = proto->data; 1582 /* 1583 * If the SA is using UDP encap and it replaced other SA, 1584 * enable the other SA to keep the flow for the other SAs. 1585 */ 1586 if ((iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT || 1587 iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT) && 1588 (sa->flags & SA_FLAG_REPLACED) == 0 && 1589 (new_sa = sa_find(ipsec_sa_check_flow_any, sa)) != NULL && 1590 new_sa->flags & SA_FLAG_REPLACED) 1591 sa_replace(sa, new_sa); 1592 1593 /* 1594 * If the SA was not replaced and was not one acquired through the 1595 * kernel (ACQUIRE message), remove the flow associated with it. 1596 * We ignore any errors from the disabling of the flow. 1597 */ 1598 if (sa->flags & SA_FLAG_READY && !(sa->flags & SA_FLAG_ONDEMAND || 1599 sa->flags & SA_FLAG_REPLACED || acquire_only || 1600 conf_get_str("General", "Acquire-Only"))) 1601 pf_key_v2_disable_sa(sa, incoming); 1602 1603 /* XXX Error handling? Is it interesting? */ 1604 pf_key_v2_delete_spi(sa, proto, incoming); 1605 } 1606 1607 /* 1608 * Store BUF into the g^x entry of the exchange that message MSG belongs to. 1609 * PEER is non-zero when the value is our peer's, and zero when it is ours. 1610 */ 1611 static int 1612 ipsec_g_x(struct message *msg, int peer, u_int8_t *buf) 1613 { 1614 struct exchange *exchange = msg->exchange; 1615 struct ipsec_exch *ie = exchange->data; 1616 u_int8_t **g_x; 1617 int initiator = exchange->initiator ^ peer; 1618 char header[32]; 1619 1620 g_x = initiator ? &ie->g_xi : &ie->g_xr; 1621 *g_x = malloc(ie->g_x_len); 1622 if (!*g_x) { 1623 log_error("ipsec_g_x: malloc (%lu) failed", 1624 (unsigned long)ie->g_x_len); 1625 return -1; 1626 } 1627 memcpy(*g_x, buf, ie->g_x_len); 1628 snprintf(header, sizeof header, "ipsec_g_x: g^x%c", 1629 initiator ? 'i' : 'r'); 1630 LOG_DBG_BUF((LOG_MISC, 80, header, *g_x, ie->g_x_len)); 1631 return 0; 1632 } 1633 1634 /* Generate our DH value. */ 1635 int 1636 ipsec_gen_g_x(struct message *msg) 1637 { 1638 struct exchange *exchange = msg->exchange; 1639 struct ipsec_exch *ie = exchange->data; 1640 u_int8_t *buf; 1641 1642 buf = malloc(ISAKMP_KE_SZ + ie->g_x_len); 1643 if (!buf) { 1644 log_error("ipsec_gen_g_x: malloc (%lu) failed", 1645 ISAKMP_KE_SZ + (unsigned long)ie->g_x_len); 1646 return -1; 1647 } 1648 if (message_add_payload(msg, ISAKMP_PAYLOAD_KEY_EXCH, buf, 1649 ISAKMP_KE_SZ + ie->g_x_len, 1)) { 1650 free(buf); 1651 return -1; 1652 } 1653 if (dh_create_exchange(ie->group, buf + ISAKMP_KE_DATA_OFF)) { 1654 log_print("ipsec_gen_g_x: dh_create_exchange failed"); 1655 free(buf); 1656 return -1; 1657 } 1658 return ipsec_g_x(msg, 0, buf + ISAKMP_KE_DATA_OFF); 1659 } 1660 1661 /* Save the peer's DH value. */ 1662 int 1663 ipsec_save_g_x(struct message *msg) 1664 { 1665 struct exchange *exchange = msg->exchange; 1666 struct ipsec_exch *ie = exchange->data; 1667 struct payload *kep; 1668 1669 kep = payload_first(msg, ISAKMP_PAYLOAD_KEY_EXCH); 1670 kep->flags |= PL_MARK; 1671 ie->g_x_len = GET_ISAKMP_GEN_LENGTH(kep->p) - ISAKMP_KE_DATA_OFF; 1672 1673 /* Check that the given length matches the group's expectancy. */ 1674 if (ie->g_x_len != (size_t) dh_getlen(ie->group)) { 1675 /* XXX Is this a good notify type? */ 1676 message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 0); 1677 return -1; 1678 } 1679 return ipsec_g_x(msg, 1, kep->p + ISAKMP_KE_DATA_OFF); 1680 } 1681 1682 /* 1683 * Get a SPI for PROTO and the transport MSG passed over. Store the 1684 * size where SZ points. NB! A zero return is OK if *SZ is zero. 1685 */ 1686 static u_int8_t * 1687 ipsec_get_spi(size_t *sz, u_int8_t proto, struct message *msg) 1688 { 1689 struct sockaddr *dst, *src; 1690 struct transport *transport = msg->transport; 1691 1692 if (msg->exchange->phase == 1) { 1693 *sz = 0; 1694 return 0; 1695 } else { 1696 /* We are the destination in the SA we want a SPI for. */ 1697 transport->vtbl->get_src(transport, &dst); 1698 /* The peer is the source. */ 1699 transport->vtbl->get_dst(transport, &src); 1700 return pf_key_v2_get_spi(sz, proto, src, dst, 1701 msg->exchange->seq); 1702 } 1703 } 1704 1705 /* 1706 * We have gotten a payload PAYLOAD of type TYPE, which did not get handled 1707 * by the logic of the exchange MSG takes part in. Now is the time to deal 1708 * with such a payload if we know how to, if we don't, return -1, otherwise 1709 * 0. 1710 */ 1711 int 1712 ipsec_handle_leftover_payload(struct message *msg, u_int8_t type, 1713 struct payload *payload) 1714 { 1715 u_int32_t spisz, nspis; 1716 struct sockaddr *dst; 1717 int reenter = 0; 1718 u_int8_t *spis, proto; 1719 struct sa *sa; 1720 1721 switch (type) { 1722 case ISAKMP_PAYLOAD_DELETE: 1723 proto = GET_ISAKMP_DELETE_PROTO(payload->p); 1724 nspis = GET_ISAKMP_DELETE_NSPIS(payload->p); 1725 spisz = GET_ISAKMP_DELETE_SPI_SZ(payload->p); 1726 1727 if (nspis == 0) { 1728 LOG_DBG((LOG_SA, 60, "ipsec_handle_leftover_payload: " 1729 "message specified zero SPIs, ignoring")); 1730 return -1; 1731 } 1732 /* verify proper SPI size */ 1733 if ((proto == ISAKMP_PROTO_ISAKMP && 1734 spisz != ISAKMP_HDR_COOKIES_LEN) || 1735 (proto != ISAKMP_PROTO_ISAKMP && spisz != sizeof(u_int32_t))) { 1736 log_print("ipsec_handle_leftover_payload: invalid SPI " 1737 "size %d for proto %d in DELETE payload", 1738 spisz, proto); 1739 return -1; 1740 } 1741 spis = calloc(nspis, spisz); 1742 if (!spis) { 1743 log_error("ipsec_handle_leftover_payload: malloc " 1744 "(%d) failed", nspis * spisz); 1745 return -1; 1746 } 1747 /* extract SPI and get dst address */ 1748 memcpy(spis, payload->p + ISAKMP_DELETE_SPI_OFF, nspis * spisz); 1749 msg->transport->vtbl->get_dst(msg->transport, &dst); 1750 1751 ipsec_delete_spi_list(dst, proto, spis, nspis, "DELETE"); 1752 1753 free(spis); 1754 payload->flags |= PL_MARK; 1755 return 0; 1756 1757 case ISAKMP_PAYLOAD_NOTIFY: 1758 switch (GET_ISAKMP_NOTIFY_MSG_TYPE(payload->p)) { 1759 case IPSEC_NOTIFY_INITIAL_CONTACT: 1760 /* 1761 * Permit INITIAL-CONTACT if 1762 * - this is not an AGGRESSIVE mode exchange 1763 * - it is protected by an ISAKMP SA 1764 * 1765 * XXX Instead of the first condition above, we could 1766 * XXX permit this only for phase 2. In the last 1767 * XXX packet of main-mode, this payload, while 1768 * XXX encrypted, is not part of the hash digest. As 1769 * XXX we currently send our own INITIAL-CONTACTs at 1770 * XXX this point, this too would need to be changed. 1771 */ 1772 if (msg->exchange->type == ISAKMP_EXCH_AGGRESSIVE) { 1773 log_print("ipsec_handle_leftover_payload: got " 1774 "INITIAL-CONTACT in AGGRESSIVE mode"); 1775 return -1; 1776 } 1777 if ((msg->exchange->flags & EXCHANGE_FLAG_ENCRYPT) 1778 == 0) { 1779 log_print("ipsec_handle_leftover_payload: got " 1780 "INITIAL-CONTACT without ISAKMP SA"); 1781 return -1; 1782 } 1783 1784 if ((msg->flags & MSG_AUTHENTICATED) == 0) { 1785 log_print("ipsec_handle_leftover_payload: " 1786 "got unauthenticated INITIAL-CONTACT"); 1787 return -1; 1788 } 1789 /* 1790 * Find out who is sending this and then delete every 1791 * SA that is ready. Exchanges will timeout 1792 * themselves and then the non-ready SAs will 1793 * disappear too. 1794 */ 1795 msg->transport->vtbl->get_dst(msg->transport, &dst); 1796 while ((sa = sa_lookup_by_peer(dst, SA_LEN(dst), 0)) != 0) { 1797 /* 1798 * Don't delete the current SA -- we received 1799 * the notification over it, so it's obviously 1800 * still active. We temporarily need to remove 1801 * the SA from the list to avoid an endless 1802 * loop, but keep a reference so it won't 1803 * disappear meanwhile. 1804 */ 1805 if (sa == msg->isakmp_sa) { 1806 sa_reference(sa); 1807 sa_remove(sa); 1808 reenter = 1; 1809 continue; 1810 } 1811 LOG_DBG((LOG_SA, 30, 1812 "ipsec_handle_leftover_payload: " 1813 "INITIAL-CONTACT made us delete SA %p", 1814 sa)); 1815 sa_delete(sa, 0); 1816 } 1817 1818 if (reenter) { 1819 sa_enter(msg->isakmp_sa); 1820 sa_release(msg->isakmp_sa); 1821 } 1822 payload->flags |= PL_MARK; 1823 return 0; 1824 } 1825 } 1826 return -1; 1827 } 1828 1829 /* Return the encryption keylength in octets of the ESP protocol PROTO. */ 1830 int 1831 ipsec_esp_enckeylength(struct proto *proto) 1832 { 1833 struct ipsec_proto *iproto = proto->data; 1834 1835 /* Compute the keylength to use. */ 1836 switch (proto->id) { 1837 case IPSEC_ESP_3DES: 1838 return 24; 1839 case IPSEC_ESP_CAST: 1840 if (!iproto->keylen) 1841 return 16; 1842 return iproto->keylen / 8; 1843 case IPSEC_ESP_AES_CTR: 1844 case IPSEC_ESP_AES_GCM_16: 1845 case IPSEC_ESP_AES_GMAC: 1846 if (!iproto->keylen) 1847 return 20; 1848 return iproto->keylen / 8 + 4; 1849 case IPSEC_ESP_AES: 1850 if (!iproto->keylen) 1851 return 16; 1852 /* FALLTHROUGH */ 1853 default: 1854 return iproto->keylen / 8; 1855 } 1856 } 1857 1858 /* Return the authentication keylength in octets of the ESP protocol PROTO. */ 1859 int 1860 ipsec_esp_authkeylength(struct proto *proto) 1861 { 1862 struct ipsec_proto *iproto = proto->data; 1863 1864 switch (iproto->auth) { 1865 case IPSEC_AUTH_HMAC_MD5: 1866 return 16; 1867 case IPSEC_AUTH_HMAC_SHA: 1868 case IPSEC_AUTH_HMAC_RIPEMD: 1869 return 20; 1870 case IPSEC_AUTH_HMAC_SHA2_256: 1871 return 32; 1872 case IPSEC_AUTH_HMAC_SHA2_384: 1873 return 48; 1874 case IPSEC_AUTH_HMAC_SHA2_512: 1875 return 64; 1876 default: 1877 return 0; 1878 } 1879 } 1880 1881 /* Return the authentication keylength in octets of the AH protocol PROTO. */ 1882 int 1883 ipsec_ah_keylength(struct proto *proto) 1884 { 1885 switch (proto->id) { 1886 case IPSEC_AH_MD5: 1887 return 16; 1888 case IPSEC_AH_SHA: 1889 case IPSEC_AH_RIPEMD: 1890 return 20; 1891 case IPSEC_AH_SHA2_256: 1892 return 32; 1893 case IPSEC_AH_SHA2_384: 1894 return 48; 1895 case IPSEC_AH_SHA2_512: 1896 return 64; 1897 default: 1898 return -1; 1899 } 1900 } 1901 1902 /* Return the total keymaterial length of the protocol PROTO. */ 1903 int 1904 ipsec_keymat_length(struct proto *proto) 1905 { 1906 switch (proto->proto) { 1907 case IPSEC_PROTO_IPSEC_ESP: 1908 return ipsec_esp_enckeylength(proto) 1909 + ipsec_esp_authkeylength(proto); 1910 case IPSEC_PROTO_IPSEC_AH: 1911 return ipsec_ah_keylength(proto); 1912 default: 1913 return -1; 1914 } 1915 } 1916 1917 /* Helper function for ipsec_get_id(). */ 1918 static int 1919 ipsec_get_proto_port(char *section, u_int8_t *tproto, u_int16_t *port) 1920 { 1921 struct protoent *pe = NULL; 1922 struct servent *se; 1923 char *pstr; 1924 1925 pstr = conf_get_str(section, "Protocol"); 1926 if (!pstr) { 1927 *tproto = 0; 1928 return 0; 1929 } 1930 *tproto = (u_int8_t)atoi(pstr); 1931 if (!*tproto) { 1932 pe = getprotobyname(pstr); 1933 if (pe) 1934 *tproto = pe->p_proto; 1935 } 1936 if (!*tproto) { 1937 log_print("ipsec_get_proto_port: protocol \"%s\" unknown", 1938 pstr); 1939 return -1; 1940 } 1941 1942 pstr = conf_get_str(section, "Port"); 1943 if (!pstr) 1944 return 0; 1945 *port = (u_int16_t)atoi(pstr); 1946 if (!*port) { 1947 se = getservbyname(pstr, 1948 pe ? pe->p_name : (pstr ? pstr : NULL)); 1949 if (se) 1950 *port = ntohs(se->s_port); 1951 } 1952 if (!*port) { 1953 log_print("ipsec_get_proto_port: port \"%s\" unknown", 1954 pstr); 1955 return -1; 1956 } 1957 return 0; 1958 } 1959 1960 /* 1961 * Out of a named section SECTION in the configuration file find out 1962 * the network address and mask as well as the ID type. Put the info 1963 * in the areas pointed to by ADDR, MASK, TPROTO, PORT, and ID respectively. 1964 * Return 0 on success and -1 on failure. 1965 */ 1966 int 1967 ipsec_get_id(char *section, int *id, struct sockaddr **addr, 1968 struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port) 1969 { 1970 char *type, *address, *netmask; 1971 sa_family_t af = 0; 1972 1973 type = conf_get_str(section, "ID-type"); 1974 if (!type) { 1975 log_print("ipsec_get_id: section %s has no \"ID-type\" tag", 1976 section); 1977 return -1; 1978 } 1979 *id = constant_value(ipsec_id_cst, type); 1980 switch (*id) { 1981 case IPSEC_ID_IPV4_ADDR: 1982 case IPSEC_ID_IPV4_ADDR_SUBNET: 1983 af = AF_INET; 1984 break; 1985 case IPSEC_ID_IPV6_ADDR: 1986 case IPSEC_ID_IPV6_ADDR_SUBNET: 1987 af = AF_INET6; 1988 break; 1989 } 1990 switch (*id) { 1991 case IPSEC_ID_IPV4_ADDR: 1992 case IPSEC_ID_IPV6_ADDR: { 1993 int ret; 1994 1995 address = conf_get_str(section, "Address"); 1996 if (!address) { 1997 log_print("ipsec_get_id: section %s has no " 1998 "\"Address\" tag", section); 1999 return -1; 2000 } 2001 if (text2sockaddr(address, NULL, addr, af, 0)) { 2002 log_print("ipsec_get_id: invalid address %s in " 2003 "section %s", address, section); 2004 return -1; 2005 } 2006 ret = ipsec_get_proto_port(section, tproto, port); 2007 if (ret < 0) 2008 free(*addr); 2009 2010 return ret; 2011 } 2012 2013 #ifdef notyet 2014 case IPSEC_ID_FQDN: 2015 return -1; 2016 2017 case IPSEC_ID_USER_FQDN: 2018 return -1; 2019 #endif 2020 2021 case IPSEC_ID_IPV4_ADDR_SUBNET: 2022 case IPSEC_ID_IPV6_ADDR_SUBNET: { 2023 int ret; 2024 2025 address = conf_get_str(section, "Network"); 2026 if (!address) { 2027 log_print("ipsec_get_id: section %s has no " 2028 "\"Network\" tag", section); 2029 return -1; 2030 } 2031 if (text2sockaddr(address, NULL, addr, af, 0)) { 2032 log_print("ipsec_get_id: invalid section %s " 2033 "network %s", section, address); 2034 return -1; 2035 } 2036 netmask = conf_get_str(section, "Netmask"); 2037 if (!netmask) { 2038 log_print("ipsec_get_id: section %s has no " 2039 "\"Netmask\" tag", section); 2040 free(*addr); 2041 return -1; 2042 } 2043 if (text2sockaddr(netmask, NULL, mask, af, 1)) { 2044 log_print("ipsec_get_id: invalid section %s " 2045 "network %s", section, netmask); 2046 free(*addr); 2047 return -1; 2048 } 2049 ret = ipsec_get_proto_port(section, tproto, port); 2050 if (ret < 0) { 2051 free(*mask); 2052 free(*addr); 2053 } 2054 return ret; 2055 } 2056 2057 #ifdef notyet 2058 case IPSEC_ID_IPV4_RANGE: 2059 return -1; 2060 2061 case IPSEC_ID_IPV6_RANGE: 2062 return -1; 2063 2064 case IPSEC_ID_DER_ASN1_DN: 2065 return -1; 2066 2067 case IPSEC_ID_DER_ASN1_GN: 2068 return -1; 2069 2070 case IPSEC_ID_KEY_ID: 2071 return -1; 2072 #endif 2073 2074 default: 2075 log_print("ipsec_get_id: unknown ID type \"%s\" in " 2076 "section %s", type, section); 2077 return -1; 2078 } 2079 2080 return 0; 2081 } 2082 2083 /* 2084 * XXX I rather want this function to return a status code, and fail if 2085 * we cannot fit the information in the supplied buffer. 2086 */ 2087 static void 2088 ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len, 2089 int isakmpform) 2090 { 2091 int id_type; 2092 char *addr = 0, *mask = 0; 2093 u_int32_t *idp; 2094 2095 if (id) { 2096 if (!isakmpform) { 2097 /* 2098 * Exchanges and SAs dont carry the IDs in ISAKMP 2099 * form. 2100 */ 2101 id -= ISAKMP_GEN_SZ; 2102 id_len += ISAKMP_GEN_SZ; 2103 } 2104 id_type = GET_ISAKMP_ID_TYPE(id); 2105 idp = (u_int32_t *) (id + ISAKMP_ID_DATA_OFF); 2106 switch (id_type) { 2107 case IPSEC_ID_IPV4_ADDR: 2108 util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2109 snprintf(buf, size, "%s", addr); 2110 break; 2111 2112 case IPSEC_ID_IPV4_ADDR_SUBNET: 2113 util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2114 util_ntoa(&mask, AF_INET, id + ISAKMP_ID_DATA_OFF + 4); 2115 snprintf(buf, size, "%s/%s", addr, mask); 2116 break; 2117 2118 case IPSEC_ID_IPV6_ADDR: 2119 util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2120 snprintf(buf, size, "%s", addr); 2121 break; 2122 2123 case IPSEC_ID_IPV6_ADDR_SUBNET: 2124 util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2125 util_ntoa(&mask, AF_INET6, id + ISAKMP_ID_DATA_OFF + 2126 sizeof(struct in6_addr)); 2127 snprintf(buf, size, "%s/%s", addr, mask); 2128 break; 2129 2130 case IPSEC_ID_FQDN: 2131 case IPSEC_ID_USER_FQDN: 2132 /* String is not NUL terminated, be careful */ 2133 id_len -= ISAKMP_ID_DATA_OFF; 2134 id_len = MINIMUM(id_len, size - 1); 2135 memcpy(buf, id + ISAKMP_ID_DATA_OFF, id_len); 2136 buf[id_len] = '\0'; 2137 break; 2138 2139 case IPSEC_ID_DER_ASN1_DN: 2140 addr = x509_DN_string(id + ISAKMP_ID_DATA_OFF, 2141 id_len - ISAKMP_ID_DATA_OFF); 2142 if (!addr) { 2143 snprintf(buf, size, "unparsable ASN1 DN ID"); 2144 return; 2145 } 2146 strlcpy(buf, addr, size); 2147 break; 2148 2149 default: 2150 snprintf(buf, size, "<id type unknown: %x>", id_type); 2151 break; 2152 } 2153 } else 2154 snprintf(buf, size, "<no ipsec id>"); 2155 free(addr); 2156 free(mask); 2157 } 2158 2159 char * 2160 ipsec_decode_ids(char *fmt, u_int8_t *id1, size_t id1_len, u_int8_t *id2, 2161 size_t id2_len, int isakmpform) 2162 { 2163 static char result[1024]; 2164 char s_id1[256], s_id2[256]; 2165 2166 ipsec_decode_id(s_id1, sizeof s_id1, id1, id1_len, isakmpform); 2167 ipsec_decode_id(s_id2, sizeof s_id2, id2, id2_len, isakmpform); 2168 2169 snprintf(result, sizeof result, fmt, s_id1, s_id2); 2170 return result; 2171 } 2172 2173 /* 2174 * Out of a named section SECTION in the configuration file build an 2175 * ISAKMP ID payload. Ths payload size should be stashed in SZ. 2176 * The caller is responsible for freeing the payload. 2177 */ 2178 u_int8_t * 2179 ipsec_build_id(char *section, size_t *sz) 2180 { 2181 struct sockaddr *addr, *mask; 2182 u_int8_t *p; 2183 int id, subnet = 0; 2184 u_int8_t tproto = 0; 2185 u_int16_t port = 0; 2186 2187 if (ipsec_get_id(section, &id, &addr, &mask, &tproto, &port)) 2188 return 0; 2189 2190 if (id == IPSEC_ID_IPV4_ADDR_SUBNET || id == IPSEC_ID_IPV6_ADDR_SUBNET) 2191 subnet = 1; 2192 2193 *sz = ISAKMP_ID_SZ + sockaddr_addrlen(addr); 2194 if (subnet) 2195 *sz += sockaddr_addrlen(mask); 2196 2197 p = malloc(*sz); 2198 if (!p) { 2199 log_print("ipsec_build_id: malloc(%lu) failed", 2200 (unsigned long)*sz); 2201 if (subnet) 2202 free(mask); 2203 free(addr); 2204 return 0; 2205 } 2206 SET_ISAKMP_ID_TYPE(p, id); 2207 SET_ISAKMP_ID_DOI_DATA(p, (unsigned char *)"\000\000\000"); 2208 2209 memcpy(p + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(addr), 2210 sockaddr_addrlen(addr)); 2211 if (subnet) 2212 memcpy(p + ISAKMP_ID_DATA_OFF + sockaddr_addrlen(addr), 2213 sockaddr_addrdata(mask), sockaddr_addrlen(mask)); 2214 2215 SET_IPSEC_ID_PROTO(p + ISAKMP_ID_DOI_DATA_OFF, tproto); 2216 SET_IPSEC_ID_PORT(p + ISAKMP_ID_DOI_DATA_OFF, port); 2217 2218 if (subnet) 2219 free(mask); 2220 free(addr); 2221 return p; 2222 } 2223 2224 /* 2225 * copy an ISAKMPD id 2226 */ 2227 int 2228 ipsec_clone_id(u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len) 2229 { 2230 free(*did); 2231 2232 if (!id_len || !id) { 2233 *did = 0; 2234 *did_len = 0; 2235 return 0; 2236 } 2237 *did = malloc(id_len); 2238 if (!*did) { 2239 *did_len = 0; 2240 log_error("ipsec_clone_id: malloc(%lu) failed", 2241 (unsigned long)id_len); 2242 return -1; 2243 } 2244 *did_len = id_len; 2245 memcpy(*did, id, id_len); 2246 2247 return 0; 2248 } 2249 2250 /* 2251 * IPsec-specific PROTO initializations. SECTION is only set if we are the 2252 * initiator thus only usable there. 2253 * XXX I want to fix this later. 2254 */ 2255 void 2256 ipsec_proto_init(struct proto *proto, char *section) 2257 { 2258 struct ipsec_proto *iproto = proto->data; 2259 2260 if (proto->sa->phase == 2) 2261 iproto->replay_window = section ? conf_get_num(section, 2262 "ReplayWindow", DEFAULT_REPLAY_WINDOW) : 2263 DEFAULT_REPLAY_WINDOW; 2264 } 2265 2266 /* 2267 * Add a notification payload of type INITIAL CONTACT to MSG if this is 2268 * the first contact we have made to our peer. 2269 */ 2270 int 2271 ipsec_initial_contact(struct message *msg) 2272 { 2273 u_int8_t *buf; 2274 2275 if (ipsec_contacted(msg)) 2276 return 0; 2277 2278 buf = malloc(ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN); 2279 if (!buf) { 2280 log_error("ike_phase_1_initial_contact: malloc (%d) failed", 2281 ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN); 2282 return -1; 2283 } 2284 SET_ISAKMP_NOTIFY_DOI(buf, IPSEC_DOI_IPSEC); 2285 SET_ISAKMP_NOTIFY_PROTO(buf, ISAKMP_PROTO_ISAKMP); 2286 SET_ISAKMP_NOTIFY_SPI_SZ(buf, ISAKMP_HDR_COOKIES_LEN); 2287 SET_ISAKMP_NOTIFY_MSG_TYPE(buf, IPSEC_NOTIFY_INITIAL_CONTACT); 2288 memcpy(buf + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies, 2289 ISAKMP_HDR_COOKIES_LEN); 2290 if (message_add_payload(msg, ISAKMP_PAYLOAD_NOTIFY, buf, 2291 ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN, 1)) { 2292 free(buf); 2293 return -1; 2294 } 2295 return ipsec_add_contact(msg); 2296 } 2297 2298 /* 2299 * Compare the two contacts pointed to by A and B. Return negative if 2300 * *A < *B, 0 if they are equal, and positive if *A is the largest of them. 2301 */ 2302 static int 2303 addr_cmp(const void *a, const void *b) 2304 { 2305 const struct contact *x = a, *y = b; 2306 int minlen = MINIMUM(x->len, y->len); 2307 int rv = memcmp(x->addr, y->addr, minlen); 2308 2309 return rv ? rv : (x->len - y->len); 2310 } 2311 2312 /* 2313 * Add the peer that MSG is bound to as an address we don't want to send 2314 * INITIAL CONTACT too from now on. Do not call this function with a 2315 * specific address duplicate times. We want fast lookup, speed of insertion 2316 * is unimportant, if this is to scale. 2317 */ 2318 static int 2319 ipsec_add_contact(struct message *msg) 2320 { 2321 struct contact *new_contacts; 2322 struct sockaddr *dst, *addr; 2323 int cnt; 2324 2325 if (contact_cnt == contact_limit) { 2326 cnt = contact_limit ? 2 * contact_limit : 64; 2327 new_contacts = reallocarray(contacts, cnt, sizeof contacts[0]); 2328 if (!new_contacts) { 2329 log_error("ipsec_add_contact: " 2330 "realloc (%p, %lu) failed", contacts, 2331 cnt * (unsigned long) sizeof contacts[0]); 2332 return -1; 2333 } 2334 contact_limit = cnt; 2335 contacts = new_contacts; 2336 } 2337 msg->transport->vtbl->get_dst(msg->transport, &dst); 2338 addr = malloc(SA_LEN(dst)); 2339 if (!addr) { 2340 log_error("ipsec_add_contact: malloc (%lu) failed", 2341 (unsigned long)SA_LEN(dst)); 2342 return -1; 2343 } 2344 memcpy(addr, dst, SA_LEN(dst)); 2345 contacts[contact_cnt].addr = addr; 2346 contacts[contact_cnt++].len = SA_LEN(dst); 2347 2348 /* 2349 * XXX There are better algorithms for already mostly-sorted data like 2350 * this, but only qsort is standard. I will someday do this inline. 2351 */ 2352 qsort(contacts, contact_cnt, sizeof *contacts, addr_cmp); 2353 return 0; 2354 } 2355 2356 /* Return true if the recipient of MSG has already been contacted. */ 2357 static int 2358 ipsec_contacted(struct message *msg) 2359 { 2360 struct contact contact; 2361 2362 msg->transport->vtbl->get_dst(msg->transport, &contact.addr); 2363 contact.len = SA_LEN(contact.addr); 2364 return contacts ? (bsearch(&contact, contacts, contact_cnt, 2365 sizeof *contacts, addr_cmp) != 0) : 0; 2366 } 2367 2368 /* Add a HASH for to MSG. */ 2369 u_int8_t * 2370 ipsec_add_hash_payload(struct message *msg, size_t hashsize) 2371 { 2372 u_int8_t *buf; 2373 2374 buf = malloc(ISAKMP_HASH_SZ + hashsize); 2375 if (!buf) { 2376 log_error("ipsec_add_hash_payload: malloc (%lu) failed", 2377 ISAKMP_HASH_SZ + (unsigned long) hashsize); 2378 return 0; 2379 } 2380 if (message_add_payload(msg, ISAKMP_PAYLOAD_HASH, buf, 2381 ISAKMP_HASH_SZ + hashsize, 1)) { 2382 free(buf); 2383 return 0; 2384 } 2385 return buf; 2386 } 2387 2388 /* Fill in the HASH payload of MSG. */ 2389 int 2390 ipsec_fill_in_hash(struct message *msg) 2391 { 2392 struct exchange *exchange = msg->exchange; 2393 struct sa *isakmp_sa = msg->isakmp_sa; 2394 struct ipsec_sa *isa = isakmp_sa->data; 2395 struct hash *hash = hash_get(isa->hash); 2396 struct prf *prf; 2397 struct payload *payload; 2398 u_int8_t *buf; 2399 u_int32_t i; 2400 char header[80]; 2401 2402 /* If no SKEYID_a, we need not do anything. */ 2403 if (!isa->skeyid_a) 2404 return 0; 2405 2406 payload = payload_first(msg, ISAKMP_PAYLOAD_HASH); 2407 if (!payload) { 2408 log_print("ipsec_fill_in_hash: no HASH payload found"); 2409 return -1; 2410 } 2411 buf = payload->p; 2412 2413 /* Allocate the prf and start calculating our HASH(1). */ 2414 LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: SKEYID_a", 2415 isa->skeyid_a, isa->skeyid_len)); 2416 prf = prf_alloc(isa->prf_type, hash->type, isa->skeyid_a, 2417 isa->skeyid_len); 2418 if (!prf) 2419 return -1; 2420 2421 prf->Init(prf->prfctx); 2422 LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: message_id", 2423 exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); 2424 prf->Update(prf->prfctx, exchange->message_id, 2425 ISAKMP_HDR_MESSAGE_ID_LEN); 2426 2427 /* Loop over all payloads after HASH(1). */ 2428 for (i = 2; i < msg->iovlen; i++) { 2429 /* XXX Misleading payload type printouts. */ 2430 snprintf(header, sizeof header, 2431 "ipsec_fill_in_hash: payload %d after HASH(1)", i - 1); 2432 LOG_DBG_BUF((LOG_MISC, 90, header, msg->iov[i].iov_base, 2433 msg->iov[i].iov_len)); 2434 prf->Update(prf->prfctx, msg->iov[i].iov_base, 2435 msg->iov[i].iov_len); 2436 } 2437 prf->Final(buf + ISAKMP_HASH_DATA_OFF, prf->prfctx); 2438 prf_free(prf); 2439 LOG_DBG_BUF((LOG_MISC, 80, "ipsec_fill_in_hash: HASH(1)", buf + 2440 ISAKMP_HASH_DATA_OFF, hash->hashsize)); 2441 2442 return 0; 2443 } 2444 2445 /* Add a HASH payload to MSG, if we have an ISAKMP SA we're protected by. */ 2446 static int 2447 ipsec_informational_pre_hook(struct message *msg) 2448 { 2449 struct sa *isakmp_sa = msg->isakmp_sa; 2450 struct ipsec_sa *isa; 2451 struct hash *hash; 2452 2453 if (!isakmp_sa) 2454 return 0; 2455 isa = isakmp_sa->data; 2456 hash = hash_get(isa->hash); 2457 return ipsec_add_hash_payload(msg, hash->hashsize) == 0; 2458 } 2459 2460 /* 2461 * Fill in the HASH payload in MSG, if we have an ISAKMP SA we're protected by. 2462 */ 2463 static int 2464 ipsec_informational_post_hook(struct message *msg) 2465 { 2466 if (!msg->isakmp_sa) 2467 return 0; 2468 return ipsec_fill_in_hash(msg); 2469 } 2470 2471 ssize_t 2472 ipsec_id_size(char *section, u_int8_t *id) 2473 { 2474 char *type, *data; 2475 2476 type = conf_get_str(section, "ID-type"); 2477 if (!type) { 2478 log_print("ipsec_id_size: section %s has no \"ID-type\" tag", 2479 section); 2480 return -1; 2481 } 2482 *id = constant_value(ipsec_id_cst, type); 2483 switch (*id) { 2484 case IPSEC_ID_IPV4_ADDR: 2485 return sizeof(struct in_addr); 2486 case IPSEC_ID_IPV4_ADDR_SUBNET: 2487 return 2 * sizeof(struct in_addr); 2488 case IPSEC_ID_IPV6_ADDR: 2489 return sizeof(struct in6_addr); 2490 case IPSEC_ID_IPV6_ADDR_SUBNET: 2491 return 2 * sizeof(struct in6_addr); 2492 case IPSEC_ID_FQDN: 2493 case IPSEC_ID_USER_FQDN: 2494 case IPSEC_ID_KEY_ID: 2495 case IPSEC_ID_DER_ASN1_DN: 2496 case IPSEC_ID_DER_ASN1_GN: 2497 data = conf_get_str(section, "Name"); 2498 if (!data) { 2499 log_print("ipsec_id_size: " 2500 "section %s has no \"Name\" tag", section); 2501 return -1; 2502 } 2503 return strlen(data); 2504 } 2505 log_print("ipsec_id_size: unrecognized/unsupported ID-type %d (%s)", 2506 *id, type); 2507 return -1; 2508 } 2509 2510 /* 2511 * Generate a string version of the ID. 2512 */ 2513 char * 2514 ipsec_id_string(u_int8_t *id, size_t id_len) 2515 { 2516 char *buf = 0; 2517 char *addrstr = 0; 2518 size_t len, size; 2519 2520 /* 2521 * XXX Real ugly way of making the offsets correct. Be aware that id 2522 * now will point before the actual buffer and cannot be dereferenced 2523 * without an offset larger than or equal to ISAKM_GEN_SZ. 2524 */ 2525 id -= ISAKMP_GEN_SZ; 2526 2527 /* This is the actual length of the ID data field. */ 2528 id_len += ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF; 2529 2530 /* 2531 * Conservative allocation. 2532 * XXX I think the ASN1 DN case can be thought through to give a better 2533 * estimate. 2534 */ 2535 size = MAXIMUM(sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 2536 sizeof "asn1_dn/" + id_len); 2537 buf = malloc(size); 2538 if (!buf) 2539 /* XXX Log? */ 2540 goto fail; 2541 2542 switch (GET_ISAKMP_ID_TYPE(id)) { 2543 case IPSEC_ID_IPV4_ADDR: 2544 if (id_len < sizeof(struct in_addr)) 2545 goto fail; 2546 util_ntoa(&addrstr, AF_INET, id + ISAKMP_ID_DATA_OFF); 2547 if (!addrstr) 2548 goto fail; 2549 snprintf(buf, size, "ipv4/%s", addrstr); 2550 break; 2551 2552 case IPSEC_ID_IPV6_ADDR: 2553 if (id_len < sizeof(struct in6_addr)) 2554 goto fail; 2555 util_ntoa(&addrstr, AF_INET6, id + ISAKMP_ID_DATA_OFF); 2556 if (!addrstr) 2557 goto fail; 2558 snprintf(buf, size, "ipv6/%s", addrstr); 2559 break; 2560 2561 case IPSEC_ID_FQDN: 2562 case IPSEC_ID_USER_FQDN: 2563 strlcpy(buf, GET_ISAKMP_ID_TYPE(id) == IPSEC_ID_FQDN ? 2564 "fqdn/" : "ufqdn/", size); 2565 len = strlen(buf); 2566 2567 memcpy(buf + len, id + ISAKMP_ID_DATA_OFF, id_len); 2568 *(buf + len + id_len) = '\0'; 2569 break; 2570 2571 case IPSEC_ID_DER_ASN1_DN: 2572 strlcpy(buf, "asn1_dn/", size); 2573 len = strlen(buf); 2574 addrstr = x509_DN_string(id + ISAKMP_ID_DATA_OFF, id_len); 2575 if (!addrstr) 2576 goto fail; 2577 if (size < len + strlen(addrstr) + 1) 2578 goto fail; 2579 strlcpy(buf + len, addrstr, size - len); 2580 break; 2581 2582 default: 2583 /* Unknown type. */ 2584 LOG_DBG((LOG_MISC, 10, 2585 "ipsec_id_string: unknown identity type %d\n", 2586 GET_ISAKMP_ID_TYPE(id))); 2587 goto fail; 2588 } 2589 2590 free(addrstr); 2591 return buf; 2592 2593 fail: 2594 free(buf); 2595 free(addrstr); 2596 return 0; 2597 } 2598