GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: sbin/isakmpd/ipsec.c Lines: 0 943 0.0 %
Date: 2016-12-06 Branches: 0 628 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: ipsec.c,v 1.146 2015/12/10 17:27:00 mmcc Exp $	 */
2
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $	 */
3
4
/*
5
 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist.  All rights reserved.
6
 * Copyright (c) 2001 Angelos D. Keromytis.  All rights reserved.
7
 * Copyright (c) 2001 Håkan Olsson.  All rights reserved.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
 */
29
30
/*
31
 * This code was written under funding by Ericsson Radio Systems.
32
 */
33
34
#include <sys/types.h>
35
#include <sys/socket.h>
36
#include <netdb.h>
37
#include <netinet/in.h>
38
#include <arpa/inet.h>
39
#include <stdlib.h>
40
#include <string.h>
41
42
#include <net/if.h>
43
#include <net/pfvar.h>
44
45
#include "attribute.h"
46
#include "conf.h"
47
#include "connection.h"
48
#include "constants.h"
49
#include "crypto.h"
50
#include "dh.h"
51
#include "doi.h"
52
#include "dpd.h"
53
#include "exchange.h"
54
#include "hash.h"
55
#include "ike_aggressive.h"
56
#include "ike_auth.h"
57
#include "ike_main_mode.h"
58
#include "ike_quick_mode.h"
59
#include "ipsec.h"
60
#include "ipsec_doi.h"
61
#include "isakmp.h"
62
#include "isakmp_cfg.h"
63
#include "isakmp_fld.h"
64
#include "isakmp_num.h"
65
#include "log.h"
66
#include "message.h"
67
#include "nat_traversal.h"
68
#include "pf_key_v2.h"
69
#include "prf.h"
70
#include "sa.h"
71
#include "timer.h"
72
#include "transport.h"
73
#include "util.h"
74
#include "x509.h"
75
76
extern int acquire_only;
77
78
#define MINIMUM(a, b)	(((a) < (b)) ? (a) : (b))
79
#define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))
80
81
/* The replay window size used for all IPsec protocols if not overridden.  */
82
#define DEFAULT_REPLAY_WINDOW 16
83
84
struct ipsec_decode_arg {
85
	struct message *msg;
86
	struct sa      *sa;
87
	struct proto   *proto;
88
};
89
90
/* These variables hold the contacted peers ADT state.  */
91
struct contact {
92
	struct sockaddr *addr;
93
	socklen_t       len;
94
}              *contacts = 0;
95
int             contact_cnt = 0, contact_limit = 0;
96
97
static int      addr_cmp(const void *, const void *);
98
static int      ipsec_add_contact(struct message *);
99
static int      ipsec_contacted(struct message *);
100
static int      ipsec_debug_attribute(u_int16_t, u_int8_t *, u_int16_t,
101
    void *);
102
static void     ipsec_delete_spi(struct sa *, struct proto *, int);
103
static int16_t *ipsec_exchange_script(u_int8_t);
104
static void     ipsec_finalize_exchange(struct message *);
105
static void     ipsec_free_exchange_data(void *);
106
static void     ipsec_free_proto_data(void *);
107
static void     ipsec_free_sa_data(void *);
108
static struct keystate *ipsec_get_keystate(struct message *);
109
static u_int8_t *ipsec_get_spi(size_t *, u_int8_t, struct message *);
110
static int	ipsec_handle_leftover_payload(struct message *, u_int8_t,
111
    struct payload *);
112
static int      ipsec_informational_post_hook(struct message *);
113
static int      ipsec_informational_pre_hook(struct message *);
114
static int      ipsec_initiator(struct message *);
115
static void     ipsec_proto_init(struct proto *, char *);
116
static int      ipsec_responder(struct message *);
117
static void     ipsec_setup_situation(u_int8_t *);
118
static int      ipsec_set_network(u_int8_t *, u_int8_t *, struct sa *);
119
static size_t   ipsec_situation_size(void);
120
static u_int8_t ipsec_spi_size(u_int8_t);
121
static int      ipsec_validate_attribute(u_int16_t, u_int8_t *, u_int16_t,
122
    void *);
123
static int      ipsec_validate_exchange(u_int8_t);
124
static int	ipsec_validate_id_information(u_int8_t, u_int8_t *, u_int8_t *,
125
    size_t, struct exchange *);
126
static int      ipsec_validate_key_information(u_int8_t *, size_t);
127
static int      ipsec_validate_notification(u_int16_t);
128
static int      ipsec_validate_proto(u_int8_t);
129
static int      ipsec_validate_situation(u_int8_t *, size_t *, size_t);
130
static int      ipsec_validate_transform_id(u_int8_t, u_int8_t);
131
static int      ipsec_sa_check_flow(struct sa *, void *);
132
static int      ipsec_sa_check_flow_any(struct sa *, void *);
133
static int      ipsec_sa_tag(struct exchange *, struct sa *, struct sa *);
134
135
static struct doi ipsec_doi = {
136
	{0}, IPSEC_DOI_IPSEC,
137
	sizeof(struct ipsec_exch), sizeof(struct ipsec_sa),
138
	sizeof(struct ipsec_proto),
139
	ipsec_debug_attribute,
140
	ipsec_delete_spi,
141
	ipsec_exchange_script,
142
	ipsec_finalize_exchange,
143
	ipsec_free_exchange_data,
144
	ipsec_free_proto_data,
145
	ipsec_free_sa_data,
146
	ipsec_get_keystate,
147
	ipsec_get_spi,
148
	ipsec_handle_leftover_payload,
149
	ipsec_informational_post_hook,
150
	ipsec_informational_pre_hook,
151
	ipsec_is_attribute_incompatible,
152
	ipsec_proto_init,
153
	ipsec_setup_situation,
154
	ipsec_situation_size,
155
	ipsec_spi_size,
156
	ipsec_validate_attribute,
157
	ipsec_validate_exchange,
158
	ipsec_validate_id_information,
159
	ipsec_validate_key_information,
160
	ipsec_validate_notification,
161
	ipsec_validate_proto,
162
	ipsec_validate_situation,
163
	ipsec_validate_transform_id,
164
	ipsec_initiator,
165
	ipsec_responder,
166
	ipsec_decode_ids
167
};
168
169
int16_t script_quick_mode[] = {
170
	ISAKMP_PAYLOAD_HASH,	/* Initiator -> responder.  */
171
	ISAKMP_PAYLOAD_SA,
172
	ISAKMP_PAYLOAD_NONCE,
173
	EXCHANGE_SCRIPT_SWITCH,
174
	ISAKMP_PAYLOAD_HASH,	/* Responder -> initiator.  */
175
	ISAKMP_PAYLOAD_SA,
176
	ISAKMP_PAYLOAD_NONCE,
177
	EXCHANGE_SCRIPT_SWITCH,
178
	ISAKMP_PAYLOAD_HASH,	/* Initiator -> responder.  */
179
	EXCHANGE_SCRIPT_END
180
};
181
182
int16_t script_new_group_mode[] = {
183
	ISAKMP_PAYLOAD_HASH,	/* Initiator -> responder.  */
184
	ISAKMP_PAYLOAD_SA,
185
	EXCHANGE_SCRIPT_SWITCH,
186
	ISAKMP_PAYLOAD_HASH,	/* Responder -> initiator.  */
187
	ISAKMP_PAYLOAD_SA,
188
	EXCHANGE_SCRIPT_END
189
};
190
191
struct dst_spi_proto_arg {
192
	struct sockaddr *dst;
193
	u_int32_t       spi;
194
	u_int8_t        proto;
195
};
196
197
/*
198
 * Check if SA matches what we are asking for through V_ARG.  It has to
199
 * be a finished phase 2 SA.
200
 * if "proto" arg is 0, match any proto
201
 */
202
static int
203
ipsec_sa_check(struct sa *sa, void *v_arg)
204
{
205
	struct dst_spi_proto_arg *arg = v_arg;
206
	struct proto   *proto;
207
	struct sockaddr *dst, *src;
208
	int             incoming;
209
210
	if (sa->phase != 2 || !(sa->flags & SA_FLAG_READY))
211
		return 0;
212
213
	sa->transport->vtbl->get_dst(sa->transport, &dst);
214
	if (memcmp(sockaddr_addrdata(dst), sockaddr_addrdata(arg->dst),
215
	    sockaddr_addrlen(dst)) == 0)
216
		incoming = 0;
217
	else {
218
		sa->transport->vtbl->get_src(sa->transport, &src);
219
		if (memcmp(sockaddr_addrdata(src), sockaddr_addrdata(arg->dst),
220
		    sockaddr_addrlen(src)) == 0)
221
			incoming = 1;
222
		else
223
			return 0;
224
	}
225
226
	for (proto = TAILQ_FIRST(&sa->protos); proto;
227
	    proto = TAILQ_NEXT(proto, link))
228
		if ((arg->proto == 0 || proto->proto == arg->proto) &&
229
		    memcmp(proto->spi[incoming], &arg->spi, sizeof arg->spi)
230
		    == 0)
231
			return 1;
232
	return 0;
233
}
234
235
/* Find an SA with a "name" of DST, SPI & PROTO.  */
236
struct sa *
237
ipsec_sa_lookup(struct sockaddr *dst, u_int32_t spi, u_int8_t proto)
238
{
239
	struct dst_spi_proto_arg arg;
240
241
	arg.dst = dst;
242
	arg.spi = spi;
243
	arg.proto = proto;
244
	return sa_find(ipsec_sa_check, &arg);
245
}
246
247
/*
248
 * Check if SA matches the flow of another SA in V_ARG.  It has to
249
 * be a finished non-replaced phase 2 SA.
250
 * XXX At some point other selectors will matter here too.
251
 */
252
static int
253
ipsec_sa_check_flow(struct sa *sa, void *v_arg)
254
{
255
	if ((sa->flags & (SA_FLAG_READY | SA_FLAG_REPLACED)) != SA_FLAG_READY)
256
		return 0;
257
258
	return ipsec_sa_check_flow_any(sa, v_arg);
259
}
260
261
static int
262
ipsec_sa_check_flow_any(struct sa *sa, void *v_arg)
263
{
264
	struct sa      *sa2 = v_arg;
265
	struct ipsec_sa *isa = sa->data, *isa2 = sa2->data;
266
267
	if (sa == sa2 || sa->phase != 2 ||
268
	    (sa->flags & SA_FLAG_READY) != SA_FLAG_READY)
269
		return 0;
270
271
	if (isa->tproto != isa2->tproto || isa->sport != isa2->sport ||
272
	    isa->dport != isa2->dport)
273
		return 0;
274
275
	return isa->src_net->sa_family == isa2->src_net->sa_family &&
276
	    memcmp(sockaddr_addrdata(isa->src_net),
277
	    sockaddr_addrdata(isa2->src_net),
278
	    sockaddr_addrlen(isa->src_net)) == 0 &&
279
	    memcmp(sockaddr_addrdata(isa->src_mask),
280
	    sockaddr_addrdata(isa2->src_mask),
281
	    sockaddr_addrlen(isa->src_mask)) == 0 &&
282
	    memcmp(sockaddr_addrdata(isa->dst_net),
283
	    sockaddr_addrdata(isa2->dst_net),
284
	    sockaddr_addrlen(isa->dst_net)) == 0 &&
285
	    memcmp(sockaddr_addrdata(isa->dst_mask),
286
	    sockaddr_addrdata(isa2->dst_mask),
287
	    sockaddr_addrlen(isa->dst_mask)) == 0;
288
}
289
290
/*
291
 * Construct a PF tag if specified in the configuration.
292
 * It is possible to use variables to expand the tag:
293
 * $id		The string representation of the remote ID
294
 * $domain	The stripped domain part of the ID (for FQDN and UFQDN)
295
 */
296
static int
297
ipsec_sa_tag(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
298
{
299
	char *format, *section;
300
	char *id_string = NULL, *domain = NULL;
301
	int error = -1;
302
	size_t len;
303
304
	sa->tag = NULL;
305
306
	if (exchange->name == NULL ||
307
	    (section = exchange->name) == NULL ||
308
	    (format = conf_get_str(section, "PF-Tag")) == NULL)
309
		return (0);	/* ignore if not present */
310
311
	len = PF_TAG_NAME_SIZE;
312
	if ((sa->tag = calloc(1, len)) == NULL) {
313
		log_error("ipsec_sa_tag: calloc");
314
		goto fail;
315
	}
316
	if (strlcpy(sa->tag, format, len) >= len) {
317
		log_print("ipsec_sa_tag: tag too long");
318
		goto fail;
319
	}
320
	if (isakmp_sa->initiator)
321
		id_string = ipsec_id_string(isakmp_sa->id_r,
322
		    isakmp_sa->id_r_len);
323
	else
324
		id_string = ipsec_id_string(isakmp_sa->id_i,
325
		    isakmp_sa->id_i_len);
326
327
	if (strstr(format, "$id") != NULL) {
328
		if (id_string == NULL) {
329
			log_print("ipsec_sa_tag: cannot get ID");
330
			goto fail;
331
		}
332
		if (expand_string(sa->tag, len, "$id", id_string) != 0) {
333
			log_print("ipsec_sa_tag: failed to expand tag");
334
			goto fail;
335
		}
336
	}
337
338
	if (strstr(format, "$domain") != NULL) {
339
		if (id_string == NULL) {
340
			log_print("ipsec_sa_tag: cannot get ID");
341
			goto fail;
342
		}
343
		if (strncmp(id_string, "fqdn/", strlen("fqdn/")) == 0)
344
			domain = strchr(id_string, '.');
345
		else if (strncmp(id_string, "ufqdn/", strlen("ufqdn/")) == 0)
346
			domain = strchr(id_string, '@');
347
		if (domain == NULL || strlen(domain) < 2) {
348
			log_print("ipsec_sa_tag: no valid domain in ID %s",
349
			    id_string);
350
			goto fail;
351
		}
352
		domain++;
353
		if (expand_string(sa->tag, len, "$domain", domain) != 0) {
354
			log_print("ipsec_sa_tag: failed to expand tag");
355
			goto fail;
356
		}
357
	}
358
359
	LOG_DBG((LOG_SA, 10, "ipsec_sa_tag: tag_len %ld tag \"%s\"",
360
	    strlen(sa->tag), sa->tag));
361
362
	error = 0;
363
 fail:
364
	free(id_string);
365
	if (error != 0) {
366
		free(sa->tag);
367
		sa->tag = NULL;
368
	}
369
370
	return (error);
371
}
372
373
/*
374
 * Do IPsec DOI specific finalizations task for the exchange where MSG was
375
 * the final message.
376
 */
377
static void
378
ipsec_finalize_exchange(struct message *msg)
379
{
380
	struct sa      *isakmp_sa = msg->isakmp_sa;
381
	struct ipsec_sa *isa;
382
	struct exchange *exchange = msg->exchange;
383
	struct ipsec_exch *ie = exchange->data;
384
	struct sa      *sa = 0, *old_sa;
385
	struct proto   *proto, *last_proto = 0;
386
	char           *addr1, *addr2, *mask1, *mask2;
387
388
	switch (exchange->phase) {
389
	case 1:
390
		switch (exchange->type) {
391
		case ISAKMP_EXCH_ID_PROT:
392
		case ISAKMP_EXCH_AGGRESSIVE:
393
			isa = isakmp_sa->data;
394
			isa->hash = ie->hash->type;
395
			isa->prf_type = ie->prf_type;
396
			isa->skeyid_len = ie->skeyid_len;
397
			isa->skeyid_d = ie->skeyid_d;
398
			isa->skeyid_a = ie->skeyid_a;
399
			/* Prevents early free of SKEYID_*.  */
400
			ie->skeyid_a = ie->skeyid_d = 0;
401
402
			/*
403
			 * If a lifetime was negotiated setup the expiration
404
			 * timers.
405
			 */
406
			if (isakmp_sa->seconds)
407
				sa_setup_expirations(isakmp_sa);
408
409
			if (isakmp_sa->flags & SA_FLAG_NAT_T_KEEPALIVE)
410
				nat_t_setup_keepalive(isakmp_sa);
411
			break;
412
		}
413
		break;
414
415
	case 2:
416
		switch (exchange->type) {
417
		case IKE_EXCH_QUICK_MODE:
418
			/*
419
			 * Tell the application(s) about the SPIs and key
420
			 * material.
421
			 */
422
			for (sa = TAILQ_FIRST(&exchange->sa_list); sa;
423
			    sa = TAILQ_NEXT(sa, next)) {
424
				isa = sa->data;
425
426
				if (exchange->initiator) {
427
					/*
428
					 * Initiator is source, responder is
429
					 * destination.
430
					 */
431
					if (ipsec_set_network(ie->id_ci,
432
					    ie->id_cr, sa)) {
433
						log_print(
434
						    "ipsec_finalize_exchange: "
435
						    "ipsec_set_network "
436
						    "failed");
437
						return;
438
					}
439
				} else {
440
					/*
441
					 * Responder is source, initiator is
442
					 * destination.
443
					 */
444
					if (ipsec_set_network(ie->id_cr,
445
					    ie->id_ci, sa)) {
446
						log_print(
447
						    "ipsec_finalize_exchange: "
448
						    "ipsec_set_network "
449
						    "failed");
450
						return;
451
					}
452
				}
453
454
				if (ipsec_sa_tag(exchange, sa, isakmp_sa) == -1)
455
					return;
456
457
				for (proto = TAILQ_FIRST(&sa->protos),
458
				    last_proto = 0; proto;
459
				    proto = TAILQ_NEXT(proto, link)) {
460
					if (pf_key_v2_set_spi(sa, proto,
461
					    0, isakmp_sa) ||
462
					    (last_proto &&
463
					    pf_key_v2_group_spis(sa,
464
						last_proto, proto, 0)) ||
465
					    pf_key_v2_set_spi(sa, proto,
466
						1, isakmp_sa) ||
467
					    (last_proto &&
468
						pf_key_v2_group_spis(sa,
469
						last_proto, proto, 1)))
470
						/*
471
						 * XXX Tear down this
472
						 * exchange.
473
						 */
474
						return;
475
					last_proto = proto;
476
				}
477
478
				if (sockaddr2text(isa->src_net, &addr1, 0))
479
					addr1 = 0;
480
				if (sockaddr2text(isa->src_mask, &mask1, 0))
481
					mask1 = 0;
482
				if (sockaddr2text(isa->dst_net, &addr2, 0))
483
					addr2 = 0;
484
				if (sockaddr2text(isa->dst_mask, &mask2, 0))
485
					mask2 = 0;
486
487
				LOG_DBG((LOG_EXCHANGE, 50,
488
				    "ipsec_finalize_exchange: src %s %s "
489
				    "dst %s %s tproto %u sport %u dport %u",
490
				    addr1 ? addr1 : "<??\?>",
491
				    mask1 ?  mask1 : "<??\?>",
492
				    addr2 ? addr2 : "<??\?>",
493
				    mask2 ? mask2 : "<??\?>",
494
				    isa->tproto, ntohs(isa->sport),
495
				    ntohs(isa->dport)));
496
497
				free(addr1);
498
				free(mask1);
499
				free(addr2);
500
				free(mask2);
501
502
				/*
503
				 * If this is not an SA acquired by the
504
				 * kernel, it needs to have a SPD entry
505
				 * (a.k.a. flow) set up.
506
				 */
507
				if (!(sa->flags & SA_FLAG_ONDEMAND ||
508
				    conf_get_str("General", "Acquire-Only") ||
509
				    acquire_only) &&
510
				    pf_key_v2_enable_sa(sa, isakmp_sa))
511
					/* XXX Tear down this exchange.  */
512
					return;
513
514
				/*
515
				 * Mark elder SAs with the same flow
516
				 * information as replaced.
517
				 */
518
				while ((old_sa = sa_find(ipsec_sa_check_flow,
519
				    sa)) != 0)
520
					sa_mark_replaced(old_sa);
521
			}
522
			break;
523
		}
524
	}
525
}
526
527
/* Set the client addresses in ISA from SRC_ID and DST_ID.  */
528
static int
529
ipsec_set_network(u_int8_t *src_id, u_int8_t *dst_id, struct sa *sa)
530
{
531
	void               *src_net, *dst_net;
532
	void               *src_mask = NULL, *dst_mask = NULL;
533
	struct sockaddr    *addr;
534
	struct proto       *proto;
535
	struct ipsec_proto *iproto;
536
	struct ipsec_sa    *isa = sa->data;
537
	int                 src_af, dst_af;
538
	int                 id;
539
	char               *name, *nat = NULL;
540
	u_int8_t           *nat_id = NULL;
541
	size_t              nat_sz;
542
543
	if ((name = connection_passive_lookup_by_ids(src_id, dst_id)))
544
		nat = conf_get_str(name, "NAT-ID");
545
546
	if (nat) {
547
		if ((nat_id = ipsec_build_id(nat, &nat_sz))) {
548
			LOG_DBG((LOG_EXCHANGE, 50, "ipsec_set_network: SRC-NAT:"
549
			    " src: %s -> %s", name, nat));
550
			src_id = nat_id;
551
		} else
552
			log_print("ipsec_set_network: ipsec_build_id"
553
			    " failed for NAT-ID: %s", nat);
554
	}
555
556
	if (((proto = TAILQ_FIRST(&sa->protos)) != NULL) &&
557
	    ((iproto = proto->data) != NULL) &&
558
	    (iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT ||
559
	    iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT)) {
560
		/*
561
		 * For NAT-T with transport mode, we need to use the ISAKMP's
562
		 * SA addresses for the flow.
563
		 */
564
		sa->transport->vtbl->get_src(sa->transport, &addr);
565
		src_af = addr->sa_family;
566
		src_net = sockaddr_addrdata(addr);
567
568
		sa->transport->vtbl->get_dst(sa->transport, &addr);
569
		dst_af = addr->sa_family;
570
		dst_net = sockaddr_addrdata(addr);
571
	} else {
572
		id = GET_ISAKMP_ID_TYPE(src_id);
573
		src_net = src_id + ISAKMP_ID_DATA_OFF;
574
		switch (id) {
575
		case IPSEC_ID_IPV4_ADDR_SUBNET:
576
			src_mask = (u_int8_t *)src_net + sizeof(struct in_addr);
577
			/* FALLTHROUGH */
578
		case IPSEC_ID_IPV4_ADDR:
579
			src_af = AF_INET;
580
			break;
581
582
		case IPSEC_ID_IPV6_ADDR_SUBNET:
583
			src_mask = (u_int8_t *)src_net +
584
			    sizeof(struct in6_addr);
585
			/* FALLTHROUGH */
586
		case IPSEC_ID_IPV6_ADDR:
587
			src_af = AF_INET6;
588
			break;
589
590
		default:
591
			log_print(
592
			    "ipsec_set_network: ID type %d (%s) not supported",
593
			    id, constant_name(ipsec_id_cst, id));
594
			return -1;
595
		}
596
597
		id = GET_ISAKMP_ID_TYPE(dst_id);
598
		dst_net = dst_id + ISAKMP_ID_DATA_OFF;
599
		switch (id) {
600
		case IPSEC_ID_IPV4_ADDR_SUBNET:
601
			dst_mask = (u_int8_t *)dst_net + sizeof(struct in_addr);
602
			/* FALLTHROUGH */
603
		case IPSEC_ID_IPV4_ADDR:
604
			dst_af = AF_INET;
605
			break;
606
607
		case IPSEC_ID_IPV6_ADDR_SUBNET:
608
			dst_mask = (u_int8_t *)dst_net +
609
			    sizeof(struct in6_addr);
610
			/* FALLTHROUGH */
611
		case IPSEC_ID_IPV6_ADDR:
612
			dst_af = AF_INET6;
613
			break;
614
615
		default:
616
			log_print(
617
			    "ipsec_set_network: ID type %d (%s) not supported",
618
			    id, constant_name(ipsec_id_cst, id));
619
			return -1;
620
		}
621
	}
622
623
	/* Set source address/mask.  */
624
	switch (src_af) {
625
	case AF_INET:
626
		isa->src_net = calloc(1, sizeof(struct sockaddr_in));
627
		if (!isa->src_net)
628
			goto memfail;
629
		isa->src_net->sa_family = AF_INET;
630
		isa->src_net->sa_len = sizeof(struct sockaddr_in);
631
632
		isa->src_mask = calloc(1, sizeof(struct sockaddr_in));
633
		if (!isa->src_mask)
634
			goto memfail;
635
		isa->src_mask->sa_family = AF_INET;
636
		isa->src_mask->sa_len = sizeof(struct sockaddr_in);
637
		break;
638
639
	case AF_INET6:
640
		isa->src_net = calloc(1, sizeof(struct sockaddr_in6));
641
		if (!isa->src_net)
642
			goto memfail;
643
		isa->src_net->sa_family = AF_INET6;
644
		isa->src_net->sa_len = sizeof(struct sockaddr_in6);
645
646
		isa->src_mask = calloc(1, sizeof(struct sockaddr_in6));
647
		if (!isa->src_mask)
648
			goto memfail;
649
		isa->src_mask->sa_family = AF_INET6;
650
		isa->src_mask->sa_len = sizeof(struct sockaddr_in6);
651
		break;
652
	}
653
654
	/* Net */
655
	memcpy(sockaddr_addrdata(isa->src_net), src_net,
656
	    sockaddr_addrlen(isa->src_net));
657
658
	/* Mask */
659
	if (src_mask == NULL)
660
		memset(sockaddr_addrdata(isa->src_mask), 0xff,
661
		    sockaddr_addrlen(isa->src_mask));
662
	else
663
		memcpy(sockaddr_addrdata(isa->src_mask), src_mask,
664
		    sockaddr_addrlen(isa->src_mask));
665
666
	memcpy(&isa->sport,
667
	    src_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF,
668
	    IPSEC_ID_PORT_LEN);
669
670
	free(nat_id);
671
672
	/* Set destination address.  */
673
	switch (dst_af) {
674
	case AF_INET:
675
		isa->dst_net = calloc(1, sizeof(struct sockaddr_in));
676
		if (!isa->dst_net)
677
			goto memfail;
678
		isa->dst_net->sa_family = AF_INET;
679
		isa->dst_net->sa_len = sizeof(struct sockaddr_in);
680
681
		isa->dst_mask = calloc(1, sizeof(struct sockaddr_in));
682
		if (!isa->dst_mask)
683
			goto memfail;
684
		isa->dst_mask->sa_family = AF_INET;
685
		isa->dst_mask->sa_len = sizeof(struct sockaddr_in);
686
		break;
687
688
	case AF_INET6:
689
		isa->dst_net = calloc(1, sizeof(struct sockaddr_in6));
690
		if (!isa->dst_net)
691
			goto memfail;
692
		isa->dst_net->sa_family = AF_INET6;
693
		isa->dst_net->sa_len = sizeof(struct sockaddr_in6);
694
695
		isa->dst_mask = calloc(1, sizeof(struct sockaddr_in6));
696
		if (!isa->dst_mask)
697
			goto memfail;
698
		isa->dst_mask->sa_family = AF_INET6;
699
		isa->dst_mask->sa_len = sizeof(struct sockaddr_in6);
700
		break;
701
	}
702
703
	/* Net */
704
	memcpy(sockaddr_addrdata(isa->dst_net), dst_net,
705
	    sockaddr_addrlen(isa->dst_net));
706
707
	/* Mask */
708
	if (dst_mask == NULL)
709
		memset(sockaddr_addrdata(isa->dst_mask), 0xff,
710
		    sockaddr_addrlen(isa->dst_mask));
711
	else
712
		memcpy(sockaddr_addrdata(isa->dst_mask), dst_mask,
713
		    sockaddr_addrlen(isa->dst_mask));
714
715
	memcpy(&isa->tproto, dst_id + ISAKMP_ID_DOI_DATA_OFF +
716
	    IPSEC_ID_PROTO_OFF, IPSEC_ID_PROTO_LEN);
717
	memcpy(&isa->dport,
718
	    dst_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF,
719
	    IPSEC_ID_PORT_LEN);
720
	return 0;
721
722
memfail:
723
	log_error("ipsec_set_network: calloc () failed");
724
	return -1;
725
}
726
727
/* Free the DOI-specific exchange data pointed to by VIE.  */
728
static void
729
ipsec_free_exchange_data(void *vie)
730
{
731
	struct ipsec_exch *ie = vie;
732
	struct isakmp_cfg_attr *attr;
733
734
	free(ie->sa_i_b);
735
	free(ie->id_ci);
736
	free(ie->id_cr);
737
	free(ie->g_xi);
738
	free(ie->g_xr);
739
	free(ie->g_xy);
740
	free(ie->skeyid);
741
	free(ie->skeyid_d);
742
	free(ie->skeyid_a);
743
	free(ie->skeyid_e);
744
	free(ie->hash_i);
745
	free(ie->hash_r);
746
	if (ie->group)
747
		group_free(ie->group);
748
	for (attr = LIST_FIRST(&ie->attrs); attr;
749
	    attr = LIST_FIRST(&ie->attrs)) {
750
		LIST_REMOVE(attr, link);
751
		if (attr->length)
752
			free(attr->value);
753
		free(attr);
754
	}
755
}
756
757
/* Free the DOI-specific SA data pointed to by VISA.  */
758
static void
759
ipsec_free_sa_data(void *visa)
760
{
761
	struct ipsec_sa *isa = visa;
762
763
	free(isa->src_net);
764
	free(isa->src_mask);
765
	free(isa->dst_net);
766
	free(isa->dst_mask);
767
	free(isa->skeyid_a);
768
	free(isa->skeyid_d);
769
}
770
771
/* Free the DOI-specific protocol data of an SA pointed to by VIPROTO.  */
772
static void
773
ipsec_free_proto_data(void *viproto)
774
{
775
	struct ipsec_proto *iproto = viproto;
776
	int             i;
777
778
	for (i = 0; i < 2; i++)
779
		free(iproto->keymat[i]);
780
}
781
782
/* Return exchange script based on TYPE.  */
783
static int16_t *
784
ipsec_exchange_script(u_int8_t type)
785
{
786
	switch (type) {
787
	case ISAKMP_EXCH_TRANSACTION:
788
		return script_transaction;
789
	case IKE_EXCH_QUICK_MODE:
790
		return script_quick_mode;
791
	case IKE_EXCH_NEW_GROUP_MODE:
792
		return script_new_group_mode;
793
	}
794
	return 0;
795
}
796
797
/* Initialize this DOI, requires doi_init to already have been called.  */
798
void
799
ipsec_init(void)
800
{
801
	doi_register(&ipsec_doi);
802
}
803
804
/* Given a message MSG, return a suitable IV (or rather keystate).  */
805
static struct keystate *
806
ipsec_get_keystate(struct message *msg)
807
{
808
	struct keystate *ks;
809
	struct hash    *hash;
810
811
	/* If we have already have an IV, use it.  */
812
	if (msg->exchange && msg->exchange->keystate) {
813
		ks = malloc(sizeof *ks);
814
		if (!ks) {
815
			log_error("ipsec_get_keystate: malloc (%lu) failed",
816
			    (unsigned long) sizeof *ks);
817
			return 0;
818
		}
819
		memcpy(ks, msg->exchange->keystate, sizeof *ks);
820
		return ks;
821
	}
822
	/*
823
	 * For phase 2 when no SA yet is setup we need to hash the IV used by
824
	 * the ISAKMP SA concatenated with the message ID, and use that as an
825
	 * IV for further cryptographic operations.
826
         */
827
	if (!msg->isakmp_sa->keystate) {
828
		log_print("ipsec_get_keystate: no keystate in ISAKMP SA %p",
829
		    msg->isakmp_sa);
830
		return 0;
831
	}
832
	ks = crypto_clone_keystate(msg->isakmp_sa->keystate);
833
	if (!ks)
834
		return 0;
835
836
	hash = hash_get(((struct ipsec_sa *)msg->isakmp_sa->data)->hash);
837
	hash->Init(hash->ctx);
838
	LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: final phase 1 IV",
839
	    ks->riv, ks->xf->blocksize));
840
	hash->Update(hash->ctx, ks->riv, ks->xf->blocksize);
841
	LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: message ID",
842
	    ((u_int8_t *) msg->iov[0].iov_base) + ISAKMP_HDR_MESSAGE_ID_OFF,
843
	    ISAKMP_HDR_MESSAGE_ID_LEN));
844
	hash->Update(hash->ctx, ((u_int8_t *) msg->iov[0].iov_base) +
845
	    ISAKMP_HDR_MESSAGE_ID_OFF, ISAKMP_HDR_MESSAGE_ID_LEN);
846
	hash->Final(hash->digest, hash->ctx);
847
	crypto_init_iv(ks, hash->digest, ks->xf->blocksize);
848
	LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: phase 2 IV",
849
	    hash->digest, ks->xf->blocksize));
850
	return ks;
851
}
852
853
static void
854
ipsec_setup_situation(u_int8_t *buf)
855
{
856
	SET_IPSEC_SIT_SIT(buf + ISAKMP_SA_SIT_OFF, IPSEC_SIT_IDENTITY_ONLY);
857
}
858
859
static size_t
860
ipsec_situation_size(void)
861
{
862
	return IPSEC_SIT_SIT_LEN;
863
}
864
865
static u_int8_t
866
ipsec_spi_size(u_int8_t proto)
867
{
868
	return IPSEC_SPI_SIZE;
869
}
870
871
static int
872
ipsec_validate_attribute(u_int16_t type, u_int8_t * value, u_int16_t len,
873
    void *vmsg)
874
{
875
	struct message *msg = vmsg;
876
877
	if (msg->exchange->phase == 1 &&
878
	    (type < IKE_ATTR_ENCRYPTION_ALGORITHM || type > IKE_ATTR_GROUP_ORDER))
879
		return -1;
880
	if (msg->exchange->phase == 2 &&
881
	    (type < IPSEC_ATTR_SA_LIFE_TYPE || type > IPSEC_ATTR_ECN_TUNNEL))
882
		return -1;
883
	return 0;
884
}
885
886
static int
887
ipsec_validate_exchange(u_int8_t exch)
888
{
889
	return exch != IKE_EXCH_QUICK_MODE && exch != IKE_EXCH_NEW_GROUP_MODE;
890
}
891
892
static int
893
ipsec_validate_id_information(u_int8_t type, u_int8_t *extra, u_int8_t *buf,
894
    size_t sz, struct exchange *exchange)
895
{
896
	u_int8_t        proto = GET_IPSEC_ID_PROTO(extra);
897
	u_int16_t       port = GET_IPSEC_ID_PORT(extra);
898
899
	LOG_DBG((LOG_MESSAGE, 40,
900
	    "ipsec_validate_id_information: proto %d port %d type %d",
901
	    proto, port, type));
902
	if (type < IPSEC_ID_IPV4_ADDR || type > IPSEC_ID_KEY_ID)
903
		return -1;
904
905
	switch (type) {
906
	case IPSEC_ID_IPV4_ADDR:
907
		LOG_DBG_BUF((LOG_MESSAGE, 40,
908
		    "ipsec_validate_id_information: IPv4", buf,
909
		    sizeof(struct in_addr)));
910
		break;
911
912
	case IPSEC_ID_IPV6_ADDR:
913
		LOG_DBG_BUF((LOG_MESSAGE, 40,
914
		    "ipsec_validate_id_information: IPv6", buf,
915
		    sizeof(struct in6_addr)));
916
		break;
917
918
	case IPSEC_ID_IPV4_ADDR_SUBNET:
919
		LOG_DBG_BUF((LOG_MESSAGE, 40,
920
		    "ipsec_validate_id_information: IPv4 network/netmask",
921
		    buf, 2 * sizeof(struct in_addr)));
922
		break;
923
924
	case IPSEC_ID_IPV6_ADDR_SUBNET:
925
		LOG_DBG_BUF((LOG_MESSAGE, 40,
926
		    "ipsec_validate_id_information: IPv6 network/netmask",
927
		    buf, 2 * sizeof(struct in6_addr)));
928
		break;
929
930
	default:
931
		break;
932
	}
933
934
	if (exchange->phase == 1 &&
935
	    (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT) &&
936
	    (proto != 0 || port != 0)) {
937
		/*
938
		 * XXX SSH's ISAKMP tester fails this test (proto 17 - port
939
		 * 0).
940
		 */
941
#ifdef notyet
942
		return -1;
943
#else
944
		log_print("ipsec_validate_id_information: dubious ID "
945
		    "information accepted");
946
#endif
947
	}
948
	/* XXX More checks?  */
949
950
	return 0;
951
}
952
953
static int
954
ipsec_validate_key_information(u_int8_t *buf, size_t sz)
955
{
956
	/* XXX Not implemented yet.  */
957
	return 0;
958
}
959
960
static int
961
ipsec_validate_notification(u_int16_t type)
962
{
963
	return type < IPSEC_NOTIFY_RESPONDER_LIFETIME ||
964
	    type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0;
965
}
966
967
static int
968
ipsec_validate_proto(u_int8_t proto)
969
{
970
	return proto < IPSEC_PROTO_IPSEC_AH ||
971
	    proto > IPSEC_PROTO_IPCOMP ? -1 : 0;
972
}
973
974
static int
975
ipsec_validate_situation(u_int8_t *buf, size_t *sz, size_t len)
976
{
977
	if (len < IPSEC_SIT_SIT_OFF + IPSEC_SIT_SIT_LEN) {
978
		log_print("ipsec_validate_situation: payload too short: %u",
979
		    (unsigned int) len);
980
		return -1;
981
	}
982
	/* Currently only "identity only" situations are supported.  */
983
	if (GET_IPSEC_SIT_SIT(buf) != IPSEC_SIT_IDENTITY_ONLY)
984
		return 1;
985
986
	*sz = IPSEC_SIT_SIT_LEN;
987
988
	return 0;
989
}
990
991
static int
992
ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id)
993
{
994
	switch (proto) {
995
	/*
996
	 * As no unexpected protocols can occur, we just tie the
997
	 * default case to the first case, in order to silence a GCC
998
	 * warning.
999
	 */
1000
	default:
1001
	case ISAKMP_PROTO_ISAKMP:
1002
		return transform_id != IPSEC_TRANSFORM_KEY_IKE;
1003
	case IPSEC_PROTO_IPSEC_AH:
1004
		return transform_id < IPSEC_AH_MD5 ||
1005
		    transform_id > IPSEC_AH_RIPEMD ? -1 : 0;
1006
	case IPSEC_PROTO_IPSEC_ESP:
1007
		return transform_id < IPSEC_ESP_DES_IV64 ||
1008
		    (transform_id > IPSEC_ESP_AES_GMAC &&
1009
		    transform_id < IPSEC_ESP_AES_MARS) ||
1010
		    transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
1011
	case IPSEC_PROTO_IPCOMP:
1012
		return transform_id < IPSEC_IPCOMP_OUI ||
1013
		    transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0;
1014
	}
1015
}
1016
1017
static int
1018
ipsec_initiator(struct message *msg)
1019
{
1020
	struct exchange *exchange = msg->exchange;
1021
	int             (**script)(struct message *) = 0;
1022
1023
	/* Check that the SA is coherent with the IKE rules.  */
1024
	if (exchange->type != ISAKMP_EXCH_TRANSACTION &&
1025
	    ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT &&
1026
	    exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
1027
	    exchange->type != ISAKMP_EXCH_INFO) ||
1028
	    (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE &&
1029
	    exchange->type != ISAKMP_EXCH_INFO))) {
1030
		log_print("ipsec_initiator: unsupported exchange type %d "
1031
		    "in phase %d", exchange->type, exchange->phase);
1032
		return -1;
1033
	}
1034
	switch (exchange->type) {
1035
	case ISAKMP_EXCH_ID_PROT:
1036
		script = ike_main_mode_initiator;
1037
		break;
1038
	case ISAKMP_EXCH_AGGRESSIVE:
1039
		script = ike_aggressive_initiator;
1040
		break;
1041
	case ISAKMP_EXCH_TRANSACTION:
1042
		script = isakmp_cfg_initiator;
1043
		break;
1044
	case ISAKMP_EXCH_INFO:
1045
		return message_send_info(msg);
1046
	case IKE_EXCH_QUICK_MODE:
1047
		script = ike_quick_mode_initiator;
1048
		break;
1049
	default:
1050
		log_print("ipsec_initiator: unsupported exchange type %d",
1051
			  exchange->type);
1052
		return -1;
1053
	}
1054
1055
	/* Run the script code for this step.  */
1056
	if (script)
1057
		return script[exchange->step] (msg);
1058
1059
	return 0;
1060
}
1061
1062
/*
1063
 * delete all SA's from addr with the associated proto and SPI's
1064
 *
1065
 * spis[] is an array of SPIs of size 16-octet for proto ISAKMP
1066
 * or 4-octet otherwise.
1067
 */
1068
static void
1069
ipsec_delete_spi_list(struct sockaddr *addr, u_int8_t proto, u_int8_t *spis,
1070
    int nspis, char *type)
1071
{
1072
	struct sa	*sa;
1073
	char		*peer;
1074
	char		 ids[1024];
1075
	int		 i;
1076
1077
	for (i = 0; i < nspis; i++) {
1078
		if (proto == ISAKMP_PROTO_ISAKMP) {
1079
			u_int8_t *spi = spis + i * ISAKMP_HDR_COOKIES_LEN;
1080
1081
			/*
1082
			 * This really shouldn't happen in IPSEC DOI
1083
			 * code, but Cisco VPN 3000 sends ISAKMP DELETE's
1084
			 * this way.
1085
			 */
1086
			sa = sa_lookup_isakmp_sa(addr, spi);
1087
		} else {
1088
			u_int32_t spi = ((u_int32_t *)spis)[i];
1089
1090
			sa = ipsec_sa_lookup(addr, spi, proto);
1091
		}
1092
1093
		if (sa == NULL) {
1094
			LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: could "
1095
			    "not locate SA (SPI %08x, proto %u)",
1096
			    ((u_int32_t *)spis)[i], proto));
1097
			continue;
1098
		}
1099
1100
		strlcpy(ids,
1101
		    sa->doi->decode_ids("initiator id: %s, responder id: %s",
1102
		    sa->id_i, sa->id_i_len, sa->id_r, sa->id_r_len, 0),
1103
		    sizeof ids);
1104
		if (sockaddr2text(addr, &peer, 0))
1105
			peer = NULL;
1106
1107
		/* only log deletion of SAs which are not soft expired yet */
1108
		if (sa->soft_death != NULL)
1109
			log_verbose("isakmpd: Peer %s made us delete live SA "
1110
			    "%s for proto %d, %s", peer ? peer : "<unknown>",
1111
			    sa->name ? sa->name : "<unnamed>", proto, ids);
1112
1113
		LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: "
1114
		    "%s made us delete SA %p (%d references) for proto %d (%s)",
1115
		    type, sa, sa->refcnt, proto, ids));
1116
		free(peer);
1117
1118
		/* Delete the SA and search for the next */
1119
		sa_free(sa);
1120
	}
1121
}
1122
1123
static int
1124
ipsec_responder(struct message *msg)
1125
{
1126
	struct exchange *exchange = msg->exchange;
1127
	int             (**script)(struct message *) = 0;
1128
	struct payload *p;
1129
	u_int16_t       type;
1130
1131
	/* Check that a new exchange is coherent with the IKE rules.  */
1132
	if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION &&
1133
	    ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT &&
1134
	    exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
1135
	    exchange->type != ISAKMP_EXCH_INFO) ||
1136
	    (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE &&
1137
	    exchange->type != ISAKMP_EXCH_INFO))) {
1138
		message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE,
1139
		    0, 1, 0);
1140
		return -1;
1141
	}
1142
	LOG_DBG((LOG_MISC, 30, "ipsec_responder: phase %d exchange %d step %d",
1143
	    exchange->phase, exchange->type, exchange->step));
1144
	switch (exchange->type) {
1145
	case ISAKMP_EXCH_ID_PROT:
1146
		script = ike_main_mode_responder;
1147
		break;
1148
	case ISAKMP_EXCH_AGGRESSIVE:
1149
		script = ike_aggressive_responder;
1150
		break;
1151
	case ISAKMP_EXCH_TRANSACTION:
1152
		script = isakmp_cfg_responder;
1153
		break;
1154
	case ISAKMP_EXCH_INFO:
1155
		TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_NOTIFY], link) {
1156
			type = GET_ISAKMP_NOTIFY_MSG_TYPE(p->p);
1157
			LOG_DBG((LOG_EXCHANGE, 10,
1158
			    "ipsec_responder: got NOTIFY of type %s",
1159
			    constant_name(isakmp_notify_cst, type)));
1160
1161
			switch (type) {
1162
			case IPSEC_NOTIFY_INITIAL_CONTACT:
1163
				/* Handled by leftover logic. */
1164
				break;
1165
1166
			case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE:
1167
			case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE_ACK:
1168
				dpd_handle_notify(msg, p);
1169
				break;
1170
1171
			default:
1172
				p->flags |= PL_MARK;
1173
				break;
1174
			}
1175
		}
1176
1177
		/*
1178
		 * If any DELETEs are in here, let the logic of leftover
1179
		 * payloads deal with them.
1180
		 */
1181
		return 0;
1182
1183
	case IKE_EXCH_QUICK_MODE:
1184
		script = ike_quick_mode_responder;
1185
		break;
1186
1187
	default:
1188
		message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE,
1189
		    0, 1, 0);
1190
		return -1;
1191
	}
1192
1193
	/* Run the script code for this step.  */
1194
	if (script)
1195
		return script[exchange->step] (msg);
1196
1197
	/*
1198
	 * XXX So far we don't accept any proposals for exchanges we don't
1199
	 * support.
1200
         */
1201
	if (payload_first(msg, ISAKMP_PAYLOAD_SA)) {
1202
		message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0);
1203
		return -1;
1204
	}
1205
	return 0;
1206
}
1207
1208
static enum hashes
1209
from_ike_hash(u_int16_t hash)
1210
{
1211
	switch (hash) {
1212
		case IKE_HASH_MD5:
1213
		return HASH_MD5;
1214
	case IKE_HASH_SHA:
1215
		return HASH_SHA1;
1216
	case IKE_HASH_SHA2_256:
1217
		return HASH_SHA2_256;
1218
	case IKE_HASH_SHA2_384:
1219
		return HASH_SHA2_384;
1220
	case IKE_HASH_SHA2_512:
1221
		return HASH_SHA2_512;
1222
	}
1223
	return -1;
1224
}
1225
1226
static enum transform
1227
from_ike_crypto(u_int16_t crypto)
1228
{
1229
	/* Coincidentally this is the null operation :-)  */
1230
	return crypto;
1231
}
1232
1233
/*
1234
 * Find out whether the attribute of type TYPE with a LEN length value
1235
 * pointed to by VALUE is incompatible with what we can handle.
1236
 * VMSG is a pointer to the current message.
1237
 */
1238
int
1239
ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
1240
    void *vmsg)
1241
{
1242
	struct message *msg = vmsg;
1243
	u_int16_t dv = decode_16(value);
1244
1245
	if (msg->exchange->phase == 1) {
1246
		switch (type) {
1247
		case IKE_ATTR_ENCRYPTION_ALGORITHM:
1248
			return !crypto_get(from_ike_crypto(dv));
1249
		case IKE_ATTR_HASH_ALGORITHM:
1250
			return !hash_get(from_ike_hash(dv));
1251
		case IKE_ATTR_AUTHENTICATION_METHOD:
1252
			return !ike_auth_get(dv);
1253
		case IKE_ATTR_GROUP_DESCRIPTION:
1254
			return (dv < IKE_GROUP_DESC_MODP_768 ||
1255
			    dv > IKE_GROUP_DESC_MODP_1536) &&
1256
			    (dv < IKE_GROUP_DESC_MODP_2048 ||
1257
			    dv > IKE_GROUP_DESC_MODP_8192);
1258
		case IKE_ATTR_GROUP_TYPE:
1259
			return 1;
1260
		case IKE_ATTR_GROUP_PRIME:
1261
			return 1;
1262
		case IKE_ATTR_GROUP_GENERATOR_1:
1263
			return 1;
1264
		case IKE_ATTR_GROUP_GENERATOR_2:
1265
			return 1;
1266
		case IKE_ATTR_GROUP_CURVE_A:
1267
			return 1;
1268
		case IKE_ATTR_GROUP_CURVE_B:
1269
			return 1;
1270
		case IKE_ATTR_LIFE_TYPE:
1271
			return dv < IKE_DURATION_SECONDS ||
1272
			    dv > IKE_DURATION_KILOBYTES;
1273
		case IKE_ATTR_LIFE_DURATION:
1274
			return len != 2 && len != 4;
1275
		case IKE_ATTR_PRF:
1276
			return 1;
1277
		case IKE_ATTR_KEY_LENGTH:
1278
			/*
1279
			 * Our crypto routines only allows key-lengths which
1280
			 * are multiples of an octet.
1281
			 */
1282
			return dv % 8 != 0;
1283
		case IKE_ATTR_FIELD_SIZE:
1284
			return 1;
1285
		case IKE_ATTR_GROUP_ORDER:
1286
			return 1;
1287
		}
1288
	} else {
1289
		switch (type) {
1290
		case IPSEC_ATTR_SA_LIFE_TYPE:
1291
			return dv < IPSEC_DURATION_SECONDS ||
1292
			    dv > IPSEC_DURATION_KILOBYTES;
1293
		case IPSEC_ATTR_SA_LIFE_DURATION:
1294
			return len != 2 && len != 4;
1295
		case IPSEC_ATTR_GROUP_DESCRIPTION:
1296
			return (dv < IKE_GROUP_DESC_MODP_768 ||
1297
			    dv > IKE_GROUP_DESC_MODP_1536) &&
1298
			    (dv < IKE_GROUP_DESC_MODP_2048 ||
1299
			    IKE_GROUP_DESC_MODP_8192 < dv);
1300
		case IPSEC_ATTR_ENCAPSULATION_MODE:
1301
			return dv != IPSEC_ENCAP_TUNNEL &&
1302
			    dv != IPSEC_ENCAP_TRANSPORT &&
1303
			    dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL &&
1304
			    dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT &&
1305
			    dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT &&
1306
			    dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT;
1307
		case IPSEC_ATTR_AUTHENTICATION_ALGORITHM:
1308
			return dv < IPSEC_AUTH_HMAC_MD5 ||
1309
			    dv > IPSEC_AUTH_HMAC_RIPEMD;
1310
		case IPSEC_ATTR_KEY_LENGTH:
1311
			/*
1312
			 * XXX Blowfish needs '0'. Others appear to disregard
1313
			 * this attr?
1314
			 */
1315
			return 0;
1316
		case IPSEC_ATTR_KEY_ROUNDS:
1317
			return 1;
1318
		case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE:
1319
			return 1;
1320
		case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM:
1321
			return 1;
1322
		case IPSEC_ATTR_ECN_TUNNEL:
1323
			return 1;
1324
		}
1325
	}
1326
	/* XXX Silence gcc.  */
1327
	return 1;
1328
}
1329
1330
/*
1331
 * Log the attribute of TYPE with a LEN length value pointed to by VALUE
1332
 * in human-readable form.  VMSG is a pointer to the current message.
1333
 */
1334
int
1335
ipsec_debug_attribute(u_int16_t type, u_int8_t *value, u_int16_t len,
1336
    void *vmsg)
1337
{
1338
	struct message *msg = vmsg;
1339
	char            val[20];
1340
1341
	/* XXX Transient solution.  */
1342
	if (len == 2)
1343
		snprintf(val, sizeof val, "%d", decode_16(value));
1344
	else if (len == 4)
1345
		snprintf(val, sizeof val, "%d", decode_32(value));
1346
	else
1347
		snprintf(val, sizeof val, "unrepresentable");
1348
1349
	LOG_DBG((LOG_MESSAGE, 50, "Attribute %s value %s",
1350
	    constant_name(msg->exchange->phase == 1 ? ike_attr_cst :
1351
	    ipsec_attr_cst, type), val));
1352
	return 0;
1353
}
1354
1355
/*
1356
 * Decode the attribute of type TYPE with a LEN length value pointed to by
1357
 * VALUE.  VIDA is a pointer to a context structure where we can find the
1358
 * current message, SA and protocol.
1359
 */
1360
int
1361
ipsec_decode_attribute(u_int16_t type, u_int8_t *value, u_int16_t len,
1362
    void *vida)
1363
{
1364
	struct ipsec_decode_arg *ida = vida;
1365
	struct message *msg = ida->msg;
1366
	struct sa      *sa = ida->sa;
1367
	struct ipsec_sa *isa = sa->data;
1368
	struct proto   *proto = ida->proto;
1369
	struct ipsec_proto *iproto = proto->data;
1370
	struct exchange *exchange = msg->exchange;
1371
	struct ipsec_exch *ie = exchange->data;
1372
	static int      lifetype = 0;
1373
1374
	if (exchange->phase == 1) {
1375
		switch (type) {
1376
		case IKE_ATTR_ENCRYPTION_ALGORITHM:
1377
			/* XXX Errors possible?  */
1378
			exchange->crypto = crypto_get(from_ike_crypto(
1379
			    decode_16(value)));
1380
			break;
1381
		case IKE_ATTR_HASH_ALGORITHM:
1382
			/* XXX Errors possible?  */
1383
			ie->hash = hash_get(from_ike_hash(decode_16(value)));
1384
			break;
1385
		case IKE_ATTR_AUTHENTICATION_METHOD:
1386
			/* XXX Errors possible?  */
1387
			ie->ike_auth = ike_auth_get(decode_16(value));
1388
			break;
1389
		case IKE_ATTR_GROUP_DESCRIPTION:
1390
			isa->group_desc = decode_16(value);
1391
			break;
1392
		case IKE_ATTR_GROUP_TYPE:
1393
			break;
1394
		case IKE_ATTR_GROUP_PRIME:
1395
			break;
1396
		case IKE_ATTR_GROUP_GENERATOR_1:
1397
			break;
1398
		case IKE_ATTR_GROUP_GENERATOR_2:
1399
			break;
1400
		case IKE_ATTR_GROUP_CURVE_A:
1401
			break;
1402
		case IKE_ATTR_GROUP_CURVE_B:
1403
			break;
1404
		case IKE_ATTR_LIFE_TYPE:
1405
			lifetype = decode_16(value);
1406
			return 0;
1407
		case IKE_ATTR_LIFE_DURATION:
1408
			switch (lifetype) {
1409
			case IKE_DURATION_SECONDS:
1410
				switch (len) {
1411
				case 2:
1412
					sa->seconds = decode_16(value);
1413
					break;
1414
				case 4:
1415
					sa->seconds = decode_32(value);
1416
					break;
1417
				default:
1418
					log_print("ipsec_decode_attribute: "
1419
					    "unreasonable lifetime");
1420
				}
1421
				break;
1422
			case IKE_DURATION_KILOBYTES:
1423
				switch (len) {
1424
				case 2:
1425
					sa->kilobytes = decode_16(value);
1426
					break;
1427
				case 4:
1428
					sa->kilobytes = decode_32(value);
1429
					break;
1430
				default:
1431
					log_print("ipsec_decode_attribute: "
1432
					    "unreasonable lifetime");
1433
				}
1434
				break;
1435
			default:
1436
				log_print("ipsec_decode_attribute: unknown "
1437
				    "lifetime type");
1438
			}
1439
			break;
1440
		case IKE_ATTR_PRF:
1441
			break;
1442
		case IKE_ATTR_KEY_LENGTH:
1443
			exchange->key_length = decode_16(value) / 8;
1444
			break;
1445
		case IKE_ATTR_FIELD_SIZE:
1446
			break;
1447
		case IKE_ATTR_GROUP_ORDER:
1448
			break;
1449
		}
1450
	} else {
1451
		switch (type) {
1452
		case IPSEC_ATTR_SA_LIFE_TYPE:
1453
			lifetype = decode_16(value);
1454
			return 0;
1455
		case IPSEC_ATTR_SA_LIFE_DURATION:
1456
			switch (lifetype) {
1457
			case IPSEC_DURATION_SECONDS:
1458
				switch (len) {
1459
				case 2:
1460
					sa->seconds = decode_16(value);
1461
					break;
1462
				case 4:
1463
					sa->seconds = decode_32(value);
1464
					break;
1465
				default:
1466
					log_print("ipsec_decode_attribute: "
1467
					    "unreasonable lifetime");
1468
				}
1469
				break;
1470
			case IPSEC_DURATION_KILOBYTES:
1471
				switch (len) {
1472
				case 2:
1473
					sa->kilobytes = decode_16(value);
1474
					break;
1475
				case 4:
1476
					sa->kilobytes = decode_32(value);
1477
					break;
1478
				default:
1479
					log_print("ipsec_decode_attribute: "
1480
					    "unreasonable lifetime");
1481
				}
1482
				break;
1483
			default:
1484
				log_print("ipsec_decode_attribute: unknown "
1485
				    "lifetime type");
1486
			}
1487
			break;
1488
		case IPSEC_ATTR_GROUP_DESCRIPTION:
1489
			isa->group_desc = decode_16(value);
1490
			break;
1491
		case IPSEC_ATTR_ENCAPSULATION_MODE:
1492
			/*
1493
			 * XXX Multiple protocols must have same
1494
			 * encapsulation mode, no?
1495
			 */
1496
			iproto->encap_mode = decode_16(value);
1497
			break;
1498
		case IPSEC_ATTR_AUTHENTICATION_ALGORITHM:
1499
			iproto->auth = decode_16(value);
1500
			break;
1501
		case IPSEC_ATTR_KEY_LENGTH:
1502
			iproto->keylen = decode_16(value);
1503
			break;
1504
		case IPSEC_ATTR_KEY_ROUNDS:
1505
			iproto->keyrounds = decode_16(value);
1506
			break;
1507
		case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE:
1508
			break;
1509
		case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM:
1510
			break;
1511
		case IPSEC_ATTR_ECN_TUNNEL:
1512
			break;
1513
		}
1514
	}
1515
	lifetype = 0;
1516
	return 0;
1517
}
1518
1519
/*
1520
 * Walk over the attributes of the transform payload found in BUF, and
1521
 * fill out the fields of the SA attached to MSG.  Also mark the SA as
1522
 * processed.
1523
 */
1524
void
1525
ipsec_decode_transform(struct message *msg, struct sa *sa, struct proto *proto,
1526
    u_int8_t *buf)
1527
{
1528
	struct ipsec_exch *ie = msg->exchange->data;
1529
	struct ipsec_decode_arg ida;
1530
1531
	LOG_DBG((LOG_MISC, 20, "ipsec_decode_transform: transform %d chosen",
1532
	    GET_ISAKMP_TRANSFORM_NO(buf)));
1533
1534
	ida.msg = msg;
1535
	ida.sa = sa;
1536
	ida.proto = proto;
1537
1538
	/* The default IKE lifetime is 8 hours.  */
1539
	if (sa->phase == 1)
1540
		sa->seconds = 28800;
1541
1542
	/* Extract the attributes and stuff them into the SA.  */
1543
	attribute_map(buf + ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1544
	    GET_ISAKMP_GEN_LENGTH(buf) - ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1545
	    ipsec_decode_attribute, &ida);
1546
1547
	/*
1548
	 * If no pseudo-random function was negotiated, it's HMAC.
1549
	 * XXX As PRF_HMAC currently is zero, this is a no-op.
1550
         */
1551
	if (!ie->prf_type)
1552
		ie->prf_type = PRF_HMAC;
1553
}
1554
1555
/*
1556
 * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO
1557
 * of the IKE security association SA.
1558
 */
1559
static void
1560
ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming)
1561
{
1562
	struct sa *new_sa;
1563
	struct ipsec_proto *iproto;
1564
1565
	if (sa->phase == 1)
1566
		return;
1567
1568
	iproto = proto->data;
1569
	/*
1570
	 * If the SA is using UDP encap and it replaced other SA,
1571
	 * enable the other SA to keep the flow for the other SAs.
1572
	 */
1573
	if ((iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT ||
1574
	    iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT) &&
1575
	    (sa->flags & SA_FLAG_REPLACED) == 0 &&
1576
	    (new_sa = sa_find(ipsec_sa_check_flow_any, sa)) != NULL &&
1577
	    new_sa->flags & SA_FLAG_REPLACED)
1578
		sa_replace(sa, new_sa);
1579
1580
	/*
1581
	 * If the SA was not replaced and was not one acquired through the
1582
	 * kernel (ACQUIRE message), remove the flow associated with it.
1583
	 * We ignore any errors from the disabling of the flow.
1584
	 */
1585
	if (sa->flags & SA_FLAG_READY && !(sa->flags & SA_FLAG_ONDEMAND ||
1586
	    sa->flags & SA_FLAG_REPLACED || acquire_only ||
1587
	    conf_get_str("General", "Acquire-Only")))
1588
		pf_key_v2_disable_sa(sa, incoming);
1589
1590
	/* XXX Error handling?  Is it interesting?  */
1591
	pf_key_v2_delete_spi(sa, proto, incoming);
1592
}
1593
1594
/*
1595
 * Store BUF into the g^x entry of the exchange that message MSG belongs to.
1596
 * PEER is non-zero when the value is our peer's, and zero when it is ours.
1597
 */
1598
static int
1599
ipsec_g_x(struct message *msg, int peer, u_int8_t *buf)
1600
{
1601
	struct exchange *exchange = msg->exchange;
1602
	struct ipsec_exch *ie = exchange->data;
1603
	u_int8_t      **g_x;
1604
	int             initiator = exchange->initiator ^ peer;
1605
	char            header[32];
1606
1607
	g_x = initiator ? &ie->g_xi : &ie->g_xr;
1608
	*g_x = malloc(ie->g_x_len);
1609
	if (!*g_x) {
1610
		log_error("ipsec_g_x: malloc (%lu) failed",
1611
		    (unsigned long)ie->g_x_len);
1612
		return -1;
1613
	}
1614
	memcpy(*g_x, buf, ie->g_x_len);
1615
	snprintf(header, sizeof header, "ipsec_g_x: g^x%c",
1616
	    initiator ? 'i' : 'r');
1617
	LOG_DBG_BUF((LOG_MISC, 80, header, *g_x, ie->g_x_len));
1618
	return 0;
1619
}
1620
1621
/* Generate our DH value.  */
1622
int
1623
ipsec_gen_g_x(struct message *msg)
1624
{
1625
	struct exchange *exchange = msg->exchange;
1626
	struct ipsec_exch *ie = exchange->data;
1627
	u_int8_t       *buf;
1628
1629
	buf = malloc(ISAKMP_KE_SZ + ie->g_x_len);
1630
	if (!buf) {
1631
		log_error("ipsec_gen_g_x: malloc (%lu) failed",
1632
		    ISAKMP_KE_SZ + (unsigned long)ie->g_x_len);
1633
		return -1;
1634
	}
1635
	if (message_add_payload(msg, ISAKMP_PAYLOAD_KEY_EXCH, buf,
1636
	    ISAKMP_KE_SZ + ie->g_x_len, 1)) {
1637
		free(buf);
1638
		return -1;
1639
	}
1640
	if (dh_create_exchange(ie->group, buf + ISAKMP_KE_DATA_OFF)) {
1641
		log_print("ipsec_gen_g_x: dh_create_exchange failed");
1642
		free(buf);
1643
		return -1;
1644
	}
1645
	return ipsec_g_x(msg, 0, buf + ISAKMP_KE_DATA_OFF);
1646
}
1647
1648
/* Save the peer's DH value.  */
1649
int
1650
ipsec_save_g_x(struct message *msg)
1651
{
1652
	struct exchange *exchange = msg->exchange;
1653
	struct ipsec_exch *ie = exchange->data;
1654
	struct payload *kep;
1655
1656
	kep = payload_first(msg, ISAKMP_PAYLOAD_KEY_EXCH);
1657
	kep->flags |= PL_MARK;
1658
	ie->g_x_len = GET_ISAKMP_GEN_LENGTH(kep->p) - ISAKMP_KE_DATA_OFF;
1659
1660
	/* Check that the given length matches the group's expectancy.  */
1661
	if (ie->g_x_len != (size_t) dh_getlen(ie->group)) {
1662
		/* XXX Is this a good notify type?  */
1663
		message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 0);
1664
		return -1;
1665
	}
1666
	return ipsec_g_x(msg, 1, kep->p + ISAKMP_KE_DATA_OFF);
1667
}
1668
1669
/*
1670
 * Get a SPI for PROTO and the transport MSG passed over.  Store the
1671
 * size where SZ points.  NB!  A zero return is OK if *SZ is zero.
1672
 */
1673
static u_int8_t *
1674
ipsec_get_spi(size_t *sz, u_int8_t proto, struct message *msg)
1675
{
1676
	struct sockaddr *dst, *src;
1677
	struct transport *transport = msg->transport;
1678
1679
	if (msg->exchange->phase == 1) {
1680
		*sz = 0;
1681
		return 0;
1682
	} else {
1683
		/* We are the destination in the SA we want a SPI for.  */
1684
		transport->vtbl->get_src(transport, &dst);
1685
		/* The peer is the source.  */
1686
		transport->vtbl->get_dst(transport, &src);
1687
		return pf_key_v2_get_spi(sz, proto, src, dst,
1688
		    msg->exchange->seq);
1689
	}
1690
}
1691
1692
/*
1693
 * We have gotten a payload PAYLOAD of type TYPE, which did not get handled
1694
 * by the logic of the exchange MSG takes part in.  Now is the time to deal
1695
 * with such a payload if we know how to, if we don't, return -1, otherwise
1696
 * 0.
1697
 */
1698
int
1699
ipsec_handle_leftover_payload(struct message *msg, u_int8_t type,
1700
    struct payload *payload)
1701
{
1702
	u_int32_t       spisz, nspis;
1703
	struct sockaddr *dst;
1704
	int             reenter = 0;
1705
	u_int8_t       *spis, proto;
1706
	struct sa      *sa;
1707
1708
	switch (type) {
1709
	case ISAKMP_PAYLOAD_DELETE:
1710
		proto = GET_ISAKMP_DELETE_PROTO(payload->p);
1711
		nspis = GET_ISAKMP_DELETE_NSPIS(payload->p);
1712
		spisz = GET_ISAKMP_DELETE_SPI_SZ(payload->p);
1713
1714
		if (nspis == 0) {
1715
			LOG_DBG((LOG_SA, 60, "ipsec_handle_leftover_payload: "
1716
			    "message specified zero SPIs, ignoring"));
1717
			return -1;
1718
		}
1719
		/* verify proper SPI size */
1720
		if ((proto == ISAKMP_PROTO_ISAKMP &&
1721
		    spisz != ISAKMP_HDR_COOKIES_LEN) ||
1722
		    (proto != ISAKMP_PROTO_ISAKMP && spisz != sizeof(u_int32_t))) {
1723
			log_print("ipsec_handle_leftover_payload: invalid SPI "
1724
			    "size %d for proto %d in DELETE payload",
1725
			    spisz, proto);
1726
			return -1;
1727
		}
1728
		spis = calloc(nspis, spisz);
1729
		if (!spis) {
1730
			log_error("ipsec_handle_leftover_payload: malloc "
1731
			    "(%d) failed", nspis * spisz);
1732
			return -1;
1733
		}
1734
		/* extract SPI and get dst address */
1735
		memcpy(spis, payload->p + ISAKMP_DELETE_SPI_OFF, nspis * spisz);
1736
		msg->transport->vtbl->get_dst(msg->transport, &dst);
1737
1738
		ipsec_delete_spi_list(dst, proto, spis, nspis, "DELETE");
1739
1740
		free(spis);
1741
		payload->flags |= PL_MARK;
1742
		return 0;
1743
1744
	case ISAKMP_PAYLOAD_NOTIFY:
1745
		switch (GET_ISAKMP_NOTIFY_MSG_TYPE(payload->p)) {
1746
		case IPSEC_NOTIFY_INITIAL_CONTACT:
1747
			/*
1748
			 * Permit INITIAL-CONTACT if
1749
			 *   - this is not an AGGRESSIVE mode exchange
1750
			 *   - it is protected by an ISAKMP SA
1751
			 *
1752
			 * XXX Instead of the first condition above, we could
1753
			 * XXX permit this only for phase 2. In the last
1754
			 * XXX packet of main-mode, this payload, while
1755
			 * XXX encrypted, is not part of the hash digest.  As
1756
			 * XXX we currently send our own INITIAL-CONTACTs at
1757
			 * XXX this point, this too would need to be changed.
1758
			 */
1759
			if (msg->exchange->type == ISAKMP_EXCH_AGGRESSIVE) {
1760
				log_print("ipsec_handle_leftover_payload: got "
1761
				    "INITIAL-CONTACT in AGGRESSIVE mode");
1762
				return -1;
1763
			}
1764
			if ((msg->exchange->flags & EXCHANGE_FLAG_ENCRYPT)
1765
			    == 0) {
1766
				log_print("ipsec_handle_leftover_payload: got "
1767
				    "INITIAL-CONTACT without ISAKMP SA");
1768
				return -1;
1769
			}
1770
1771
			if ((msg->flags & MSG_AUTHENTICATED) == 0) {
1772
				log_print("ipsec_handle_leftover_payload: "
1773
				    "got unauthenticated INITIAL-CONTACT");
1774
				return -1;
1775
			}
1776
			/*
1777
			 * Find out who is sending this and then delete every
1778
			 * SA that is ready.  Exchanges will timeout
1779
			 * themselves and then the non-ready SAs will
1780
			 * disappear too.
1781
			 */
1782
			msg->transport->vtbl->get_dst(msg->transport, &dst);
1783
			while ((sa = sa_lookup_by_peer(dst, SA_LEN(dst), 0)) != 0) {
1784
				/*
1785
				 * Don't delete the current SA -- we received
1786
				 * the notification over it, so it's obviously
1787
				 * still active. We temporarily need to remove
1788
				 * the SA from the list to avoid an endless
1789
				 * loop, but keep a reference so it won't
1790
				 * disappear meanwhile.
1791
				 */
1792
				if (sa == msg->isakmp_sa) {
1793
					sa_reference(sa);
1794
					sa_remove(sa);
1795
					reenter = 1;
1796
					continue;
1797
				}
1798
				LOG_DBG((LOG_SA, 30,
1799
				    "ipsec_handle_leftover_payload: "
1800
				    "INITIAL-CONTACT made us delete SA %p",
1801
				    sa));
1802
				sa_delete(sa, 0);
1803
			}
1804
1805
			if (reenter) {
1806
				sa_enter(msg->isakmp_sa);
1807
				sa_release(msg->isakmp_sa);
1808
			}
1809
			payload->flags |= PL_MARK;
1810
			return 0;
1811
		}
1812
	}
1813
	return -1;
1814
}
1815
1816
/* Return the encryption keylength in octets of the ESP protocol PROTO.  */
1817
int
1818
ipsec_esp_enckeylength(struct proto *proto)
1819
{
1820
	struct ipsec_proto *iproto = proto->data;
1821
1822
	/* Compute the keylength to use.  */
1823
	switch (proto->id) {
1824
	case IPSEC_ESP_3DES:
1825
		return 24;
1826
	case IPSEC_ESP_CAST:
1827
		if (!iproto->keylen)
1828
			return 16;
1829
		return iproto->keylen / 8;
1830
	case IPSEC_ESP_AES_CTR:
1831
	case IPSEC_ESP_AES_GCM_16:
1832
	case IPSEC_ESP_AES_GMAC:
1833
		if (!iproto->keylen)
1834
			return 20;
1835
		return iproto->keylen / 8 + 4;
1836
	case IPSEC_ESP_AES:
1837
		if (!iproto->keylen)
1838
			return 16;
1839
		/* FALLTHROUGH */
1840
	default:
1841
		return iproto->keylen / 8;
1842
	}
1843
}
1844
1845
/* Return the authentication keylength in octets of the ESP protocol PROTO.  */
1846
int
1847
ipsec_esp_authkeylength(struct proto *proto)
1848
{
1849
	struct ipsec_proto *iproto = proto->data;
1850
1851
	switch (iproto->auth) {
1852
	case IPSEC_AUTH_HMAC_MD5:
1853
		return 16;
1854
	case IPSEC_AUTH_HMAC_SHA:
1855
	case IPSEC_AUTH_HMAC_RIPEMD:
1856
		return 20;
1857
	case IPSEC_AUTH_HMAC_SHA2_256:
1858
		return 32;
1859
	case IPSEC_AUTH_HMAC_SHA2_384:
1860
		return 48;
1861
	case IPSEC_AUTH_HMAC_SHA2_512:
1862
		return 64;
1863
	default:
1864
		return 0;
1865
	}
1866
}
1867
1868
/* Return the authentication keylength in octets of the AH protocol PROTO.  */
1869
int
1870
ipsec_ah_keylength(struct proto *proto)
1871
{
1872
	switch (proto->id) {
1873
		case IPSEC_AH_MD5:
1874
		return 16;
1875
	case IPSEC_AH_SHA:
1876
	case IPSEC_AH_RIPEMD:
1877
		return 20;
1878
	case IPSEC_AH_SHA2_256:
1879
		return 32;
1880
	case IPSEC_AH_SHA2_384:
1881
		return 48;
1882
	case IPSEC_AH_SHA2_512:
1883
		return 64;
1884
	default:
1885
		return -1;
1886
	}
1887
}
1888
1889
/* Return the total keymaterial length of the protocol PROTO.  */
1890
int
1891
ipsec_keymat_length(struct proto *proto)
1892
{
1893
	switch (proto->proto) {
1894
		case IPSEC_PROTO_IPSEC_ESP:
1895
		return ipsec_esp_enckeylength(proto)
1896
		    + ipsec_esp_authkeylength(proto);
1897
	case IPSEC_PROTO_IPSEC_AH:
1898
		return ipsec_ah_keylength(proto);
1899
	default:
1900
		return -1;
1901
	}
1902
}
1903
1904
/* Helper function for ipsec_get_id().  */
1905
static int
1906
ipsec_get_proto_port(char *section, u_int8_t *tproto, u_int16_t *port)
1907
{
1908
	struct protoent	*pe = NULL;
1909
	struct servent	*se;
1910
	char	*pstr;
1911
1912
	pstr = conf_get_str(section, "Protocol");
1913
	if (!pstr) {
1914
		*tproto = 0;
1915
		return 0;
1916
	}
1917
	*tproto = (u_int8_t)atoi(pstr);
1918
	if (!*tproto) {
1919
		pe = getprotobyname(pstr);
1920
		if (pe)
1921
			*tproto = pe->p_proto;
1922
	}
1923
	if (!*tproto) {
1924
		log_print("ipsec_get_proto_port: protocol \"%s\" unknown",
1925
		    pstr);
1926
		return -1;
1927
	}
1928
1929
	pstr = conf_get_str(section, "Port");
1930
	if (!pstr)
1931
		return 0;
1932
	*port = (u_int16_t)atoi(pstr);
1933
	if (!*port) {
1934
		se = getservbyname(pstr,
1935
		    pe ? pe->p_name : (pstr ? pstr : NULL));
1936
		if (se)
1937
			*port = ntohs(se->s_port);
1938
	}
1939
	if (!*port) {
1940
		log_print("ipsec_get_proto_port: port \"%s\" unknown",
1941
		    pstr);
1942
		return -1;
1943
	}
1944
	return 0;
1945
}
1946
1947
/*
1948
 * Out of a named section SECTION in the configuration file find out
1949
 * the network address and mask as well as the ID type.  Put the info
1950
 * in the areas pointed to by ADDR, MASK, TPROTO, PORT, and ID respectively.
1951
 * Return 0 on success and -1 on failure.
1952
 */
1953
int
1954
ipsec_get_id(char *section, int *id, struct sockaddr **addr,
1955
    struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port)
1956
{
1957
	char	*type, *address, *netmask;
1958
	sa_family_t	af = 0;
1959
1960
	type = conf_get_str(section, "ID-type");
1961
	if (!type) {
1962
		log_print("ipsec_get_id: section %s has no \"ID-type\" tag",
1963
		    section);
1964
		return -1;
1965
	}
1966
	*id = constant_value(ipsec_id_cst, type);
1967
	switch (*id) {
1968
	case IPSEC_ID_IPV4_ADDR:
1969
	case IPSEC_ID_IPV4_ADDR_SUBNET:
1970
		af = AF_INET;
1971
		break;
1972
	case IPSEC_ID_IPV6_ADDR:
1973
	case IPSEC_ID_IPV6_ADDR_SUBNET:
1974
		af = AF_INET6;
1975
		break;
1976
	}
1977
	switch (*id) {
1978
	case IPSEC_ID_IPV4_ADDR:
1979
	case IPSEC_ID_IPV6_ADDR: {
1980
		int ret;
1981
1982
		address = conf_get_str(section, "Address");
1983
		if (!address) {
1984
			log_print("ipsec_get_id: section %s has no "
1985
			    "\"Address\" tag", section);
1986
			return -1;
1987
		}
1988
		if (text2sockaddr(address, NULL, addr, af, 0)) {
1989
			log_print("ipsec_get_id: invalid address %s in "
1990
			    "section %s", address, section);
1991
			return -1;
1992
		}
1993
		ret = ipsec_get_proto_port(section, tproto, port);
1994
		if (ret < 0)
1995
			free(*addr);
1996
1997
		return ret;
1998
	}
1999
2000
#ifdef notyet
2001
	case IPSEC_ID_FQDN:
2002
		return -1;
2003
2004
	case IPSEC_ID_USER_FQDN:
2005
		return -1;
2006
#endif
2007
2008
	case IPSEC_ID_IPV4_ADDR_SUBNET:
2009
	case IPSEC_ID_IPV6_ADDR_SUBNET: {
2010
		int ret;
2011
2012
		address = conf_get_str(section, "Network");
2013
		if (!address) {
2014
			log_print("ipsec_get_id: section %s has no "
2015
			    "\"Network\" tag", section);
2016
			return -1;
2017
		}
2018
		if (text2sockaddr(address, NULL, addr, af, 0)) {
2019
			log_print("ipsec_get_id: invalid section %s "
2020
			    "network %s", section, address);
2021
			return -1;
2022
		}
2023
		netmask = conf_get_str(section, "Netmask");
2024
		if (!netmask) {
2025
			log_print("ipsec_get_id: section %s has no "
2026
			    "\"Netmask\" tag", section);
2027
			free(*addr);
2028
			return -1;
2029
		}
2030
		if (text2sockaddr(netmask, NULL, mask, af, 1)) {
2031
			log_print("ipsec_get_id: invalid section %s "
2032
			    "network %s", section, netmask);
2033
			free(*addr);
2034
			return -1;
2035
		}
2036
		ret = ipsec_get_proto_port(section, tproto, port);
2037
		if (ret < 0) {
2038
			free(*mask);
2039
			free(*addr);
2040
		}
2041
		return ret;
2042
	}
2043
2044
#ifdef notyet
2045
	case IPSEC_ID_IPV4_RANGE:
2046
		return -1;
2047
2048
	case IPSEC_ID_IPV6_RANGE:
2049
		return -1;
2050
2051
	case IPSEC_ID_DER_ASN1_DN:
2052
		return -1;
2053
2054
	case IPSEC_ID_DER_ASN1_GN:
2055
		return -1;
2056
2057
	case IPSEC_ID_KEY_ID:
2058
		return -1;
2059
#endif
2060
2061
	default:
2062
		log_print("ipsec_get_id: unknown ID type \"%s\" in "
2063
		    "section %s", type, section);
2064
		return -1;
2065
	}
2066
2067
	return 0;
2068
}
2069
2070
/*
2071
 * XXX I rather want this function to return a status code, and fail if
2072
 * we cannot fit the information in the supplied buffer.
2073
 */
2074
static void
2075
ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len,
2076
    int isakmpform)
2077
{
2078
	int             id_type;
2079
	char           *addr = 0, *mask = 0;
2080
	u_int32_t      *idp;
2081
2082
	if (id) {
2083
		if (!isakmpform) {
2084
			/*
2085
			 * Exchanges and SAs dont carry the IDs in ISAKMP
2086
			 * form.
2087
			 */
2088
			id -= ISAKMP_GEN_SZ;
2089
			id_len += ISAKMP_GEN_SZ;
2090
		}
2091
		id_type = GET_ISAKMP_ID_TYPE(id);
2092
		idp = (u_int32_t *) (id + ISAKMP_ID_DATA_OFF);
2093
		switch (id_type) {
2094
		case IPSEC_ID_IPV4_ADDR:
2095
			util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF);
2096
			snprintf(buf, size, "%s", addr);
2097
			break;
2098
2099
		case IPSEC_ID_IPV4_ADDR_SUBNET:
2100
			util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF);
2101
			util_ntoa(&mask, AF_INET, id + ISAKMP_ID_DATA_OFF + 4);
2102
			snprintf(buf, size, "%s/%s", addr, mask);
2103
			break;
2104
2105
		case IPSEC_ID_IPV6_ADDR:
2106
			util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF);
2107
			snprintf(buf, size, "%s", addr);
2108
			break;
2109
2110
		case IPSEC_ID_IPV6_ADDR_SUBNET:
2111
			util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF);
2112
			util_ntoa(&mask, AF_INET6, id + ISAKMP_ID_DATA_OFF +
2113
			    sizeof(struct in6_addr));
2114
			snprintf(buf, size, "%s/%s", addr, mask);
2115
			break;
2116
2117
		case IPSEC_ID_FQDN:
2118
		case IPSEC_ID_USER_FQDN:
2119
			/* String is not NUL terminated, be careful */
2120
			id_len -= ISAKMP_ID_DATA_OFF;
2121
			id_len = MINIMUM(id_len, size - 1);
2122
			memcpy(buf, id + ISAKMP_ID_DATA_OFF, id_len);
2123
			buf[id_len] = '\0';
2124
			break;
2125
2126
		case IPSEC_ID_DER_ASN1_DN:
2127
			addr = x509_DN_string(id + ISAKMP_ID_DATA_OFF,
2128
			    id_len - ISAKMP_ID_DATA_OFF);
2129
			if (!addr) {
2130
				snprintf(buf, size, "unparsable ASN1 DN ID");
2131
				return;
2132
			}
2133
			strlcpy(buf, addr, size);
2134
			break;
2135
2136
		default:
2137
			snprintf(buf, size, "<id type unknown: %x>", id_type);
2138
			break;
2139
		}
2140
	} else
2141
		snprintf(buf, size, "<no ipsec id>");
2142
	free(addr);
2143
	free(mask);
2144
}
2145
2146
char *
2147
ipsec_decode_ids(char *fmt, u_int8_t *id1, size_t id1_len, u_int8_t *id2,
2148
    size_t id2_len, int isakmpform)
2149
{
2150
	static char     result[1024];
2151
	char            s_id1[256], s_id2[256];
2152
2153
	ipsec_decode_id(s_id1, sizeof s_id1, id1, id1_len, isakmpform);
2154
	ipsec_decode_id(s_id2, sizeof s_id2, id2, id2_len, isakmpform);
2155
2156
	snprintf(result, sizeof result, fmt, s_id1, s_id2);
2157
	return result;
2158
}
2159
2160
/*
2161
 * Out of a named section SECTION in the configuration file build an
2162
 * ISAKMP ID payload.  Ths payload size should be stashed in SZ.
2163
 * The caller is responsible for freeing the payload.
2164
 */
2165
u_int8_t *
2166
ipsec_build_id(char *section, size_t *sz)
2167
{
2168
	struct sockaddr *addr, *mask;
2169
	u_int8_t       *p;
2170
	int             id, subnet = 0;
2171
	u_int8_t        tproto = 0;
2172
	u_int16_t       port = 0;
2173
2174
	if (ipsec_get_id(section, &id, &addr, &mask, &tproto, &port))
2175
		return 0;
2176
2177
	if (id == IPSEC_ID_IPV4_ADDR_SUBNET || id == IPSEC_ID_IPV6_ADDR_SUBNET)
2178
		subnet = 1;
2179
2180
	*sz = ISAKMP_ID_SZ + sockaddr_addrlen(addr);
2181
	if (subnet)
2182
		*sz += sockaddr_addrlen(mask);
2183
2184
	p = malloc(*sz);
2185
	if (!p) {
2186
		log_print("ipsec_build_id: malloc(%lu) failed",
2187
		    (unsigned long)*sz);
2188
		if (subnet)
2189
			free(mask);
2190
		free(addr);
2191
		return 0;
2192
	}
2193
	SET_ISAKMP_ID_TYPE(p, id);
2194
	SET_ISAKMP_ID_DOI_DATA(p, (unsigned char *)"\000\000\000");
2195
2196
	memcpy(p + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(addr),
2197
	    sockaddr_addrlen(addr));
2198
	if (subnet)
2199
		memcpy(p + ISAKMP_ID_DATA_OFF + sockaddr_addrlen(addr),
2200
		    sockaddr_addrdata(mask), sockaddr_addrlen(mask));
2201
2202
	SET_IPSEC_ID_PROTO(p + ISAKMP_ID_DOI_DATA_OFF, tproto);
2203
	SET_IPSEC_ID_PORT(p + ISAKMP_ID_DOI_DATA_OFF, port);
2204
2205
	if (subnet)
2206
		free(mask);
2207
	free(addr);
2208
	return p;
2209
}
2210
2211
/*
2212
 * copy an ISAKMPD id
2213
 */
2214
int
2215
ipsec_clone_id(u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len)
2216
{
2217
	free(*did);
2218
2219
	if (!id_len || !id) {
2220
		*did = 0;
2221
		*did_len = 0;
2222
		return 0;
2223
	}
2224
	*did = malloc(id_len);
2225
	if (!*did) {
2226
		*did_len = 0;
2227
		log_error("ipsec_clone_id: malloc(%lu) failed",
2228
		    (unsigned long)id_len);
2229
		return -1;
2230
	}
2231
	*did_len = id_len;
2232
	memcpy(*did, id, id_len);
2233
2234
	return 0;
2235
}
2236
2237
/*
2238
 * IPsec-specific PROTO initializations.  SECTION is only set if we are the
2239
 * initiator thus only usable there.
2240
 * XXX I want to fix this later.
2241
 */
2242
void
2243
ipsec_proto_init(struct proto *proto, char *section)
2244
{
2245
	struct ipsec_proto *iproto = proto->data;
2246
2247
	if (proto->sa->phase == 2)
2248
		iproto->replay_window = section ? conf_get_num(section,
2249
		    "ReplayWindow", DEFAULT_REPLAY_WINDOW) :
2250
		    DEFAULT_REPLAY_WINDOW;
2251
}
2252
2253
/*
2254
 * Add a notification payload of type INITIAL CONTACT to MSG if this is
2255
 * the first contact we have made to our peer.
2256
 */
2257
int
2258
ipsec_initial_contact(struct message *msg)
2259
{
2260
	u_int8_t *buf;
2261
2262
	if (ipsec_contacted(msg))
2263
		return 0;
2264
2265
	buf = malloc(ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN);
2266
	if (!buf) {
2267
		log_error("ike_phase_1_initial_contact: malloc (%d) failed",
2268
		    ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN);
2269
		return -1;
2270
	}
2271
	SET_ISAKMP_NOTIFY_DOI(buf, IPSEC_DOI_IPSEC);
2272
	SET_ISAKMP_NOTIFY_PROTO(buf, ISAKMP_PROTO_ISAKMP);
2273
	SET_ISAKMP_NOTIFY_SPI_SZ(buf, ISAKMP_HDR_COOKIES_LEN);
2274
	SET_ISAKMP_NOTIFY_MSG_TYPE(buf, IPSEC_NOTIFY_INITIAL_CONTACT);
2275
	memcpy(buf + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies,
2276
	    ISAKMP_HDR_COOKIES_LEN);
2277
	if (message_add_payload(msg, ISAKMP_PAYLOAD_NOTIFY, buf,
2278
	    ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN, 1)) {
2279
		free(buf);
2280
		return -1;
2281
	}
2282
	return ipsec_add_contact(msg);
2283
}
2284
2285
/*
2286
 * Compare the two contacts pointed to by A and B.  Return negative if
2287
 * *A < *B, 0 if they are equal, and positive if *A is the largest of them.
2288
 */
2289
static int
2290
addr_cmp(const void *a, const void *b)
2291
{
2292
	const struct contact *x = a, *y = b;
2293
	int             minlen = MINIMUM(x->len, y->len);
2294
	int             rv = memcmp(x->addr, y->addr, minlen);
2295
2296
	return rv ? rv : (x->len - y->len);
2297
}
2298
2299
/*
2300
 * Add the peer that MSG is bound to as an address we don't want to send
2301
 * INITIAL CONTACT too from now on.  Do not call this function with a
2302
 * specific address duplicate times. We want fast lookup, speed of insertion
2303
 * is unimportant, if this is to scale.
2304
 */
2305
static int
2306
ipsec_add_contact(struct message *msg)
2307
{
2308
	struct contact *new_contacts;
2309
	struct sockaddr *dst, *addr;
2310
	int             cnt;
2311
2312
	if (contact_cnt == contact_limit) {
2313
		cnt = contact_limit ? 2 * contact_limit : 64;
2314
		new_contacts = reallocarray(contacts, cnt, sizeof contacts[0]);
2315
		if (!new_contacts) {
2316
			log_error("ipsec_add_contact: "
2317
			    "realloc (%p, %lu) failed", contacts,
2318
			    cnt * (unsigned long) sizeof contacts[0]);
2319
			return -1;
2320
		}
2321
		contact_limit = cnt;
2322
		contacts = new_contacts;
2323
	}
2324
	msg->transport->vtbl->get_dst(msg->transport, &dst);
2325
	addr = malloc(SA_LEN(dst));
2326
	if (!addr) {
2327
		log_error("ipsec_add_contact: malloc (%lu) failed",
2328
		    (unsigned long)SA_LEN(dst));
2329
		return -1;
2330
	}
2331
	memcpy(addr, dst, SA_LEN(dst));
2332
	contacts[contact_cnt].addr = addr;
2333
	contacts[contact_cnt++].len = SA_LEN(dst);
2334
2335
	/*
2336
	 * XXX There are better algorithms for already mostly-sorted data like
2337
	 * this, but only qsort is standard.  I will someday do this inline.
2338
         */
2339
	qsort(contacts, contact_cnt, sizeof *contacts, addr_cmp);
2340
	return 0;
2341
}
2342
2343
/* Return true if the recipient of MSG has already been contacted.  */
2344
static int
2345
ipsec_contacted(struct message *msg)
2346
{
2347
	struct contact  contact;
2348
2349
	msg->transport->vtbl->get_dst(msg->transport, &contact.addr);
2350
	contact.len = SA_LEN(contact.addr);
2351
	return contacts ? (bsearch(&contact, contacts, contact_cnt,
2352
	    sizeof *contacts, addr_cmp) != 0) : 0;
2353
}
2354
2355
/* Add a HASH for to MSG.  */
2356
u_int8_t *
2357
ipsec_add_hash_payload(struct message *msg, size_t hashsize)
2358
{
2359
	u_int8_t *buf;
2360
2361
	buf = malloc(ISAKMP_HASH_SZ + hashsize);
2362
	if (!buf) {
2363
		log_error("ipsec_add_hash_payload: malloc (%lu) failed",
2364
		    ISAKMP_HASH_SZ + (unsigned long) hashsize);
2365
		return 0;
2366
	}
2367
	if (message_add_payload(msg, ISAKMP_PAYLOAD_HASH, buf,
2368
	    ISAKMP_HASH_SZ + hashsize, 1)) {
2369
		free(buf);
2370
		return 0;
2371
	}
2372
	return buf;
2373
}
2374
2375
/* Fill in the HASH payload of MSG.  */
2376
int
2377
ipsec_fill_in_hash(struct message *msg)
2378
{
2379
	struct exchange *exchange = msg->exchange;
2380
	struct sa      *isakmp_sa = msg->isakmp_sa;
2381
	struct ipsec_sa *isa = isakmp_sa->data;
2382
	struct hash    *hash = hash_get(isa->hash);
2383
	struct prf     *prf;
2384
	struct payload *payload;
2385
	u_int8_t       *buf;
2386
	u_int32_t       i;
2387
	char            header[80];
2388
2389
	/* If no SKEYID_a, we need not do anything.  */
2390
	if (!isa->skeyid_a)
2391
		return 0;
2392
2393
	payload = payload_first(msg, ISAKMP_PAYLOAD_HASH);
2394
	if (!payload) {
2395
		log_print("ipsec_fill_in_hash: no HASH payload found");
2396
		return -1;
2397
	}
2398
	buf = payload->p;
2399
2400
	/* Allocate the prf and start calculating our HASH(1).  */
2401
	LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: SKEYID_a",
2402
	    isa->skeyid_a, isa->skeyid_len));
2403
	prf = prf_alloc(isa->prf_type, hash->type, isa->skeyid_a,
2404
	    isa->skeyid_len);
2405
	if (!prf)
2406
		return -1;
2407
2408
	prf->Init(prf->prfctx);
2409
	LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: message_id",
2410
	    exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
2411
	prf->Update(prf->prfctx, exchange->message_id,
2412
	    ISAKMP_HDR_MESSAGE_ID_LEN);
2413
2414
	/* Loop over all payloads after HASH(1).  */
2415
	for (i = 2; i < msg->iovlen; i++) {
2416
		/* XXX Misleading payload type printouts.  */
2417
		snprintf(header, sizeof header,
2418
		    "ipsec_fill_in_hash: payload %d after HASH(1)", i - 1);
2419
		LOG_DBG_BUF((LOG_MISC, 90, header, msg->iov[i].iov_base,
2420
		    msg->iov[i].iov_len));
2421
		prf->Update(prf->prfctx, msg->iov[i].iov_base,
2422
		    msg->iov[i].iov_len);
2423
	}
2424
	prf->Final(buf + ISAKMP_HASH_DATA_OFF, prf->prfctx);
2425
	prf_free(prf);
2426
	LOG_DBG_BUF((LOG_MISC, 80, "ipsec_fill_in_hash: HASH(1)", buf +
2427
	    ISAKMP_HASH_DATA_OFF, hash->hashsize));
2428
2429
	return 0;
2430
}
2431
2432
/* Add a HASH payload to MSG, if we have an ISAKMP SA we're protected by.  */
2433
static int
2434
ipsec_informational_pre_hook(struct message *msg)
2435
{
2436
	struct sa      *isakmp_sa = msg->isakmp_sa;
2437
	struct ipsec_sa *isa;
2438
	struct hash    *hash;
2439
2440
	if (!isakmp_sa)
2441
		return 0;
2442
	isa = isakmp_sa->data;
2443
	hash = hash_get(isa->hash);
2444
	return ipsec_add_hash_payload(msg, hash->hashsize) == 0;
2445
}
2446
2447
/*
2448
 * Fill in the HASH payload in MSG, if we have an ISAKMP SA we're protected by.
2449
 */
2450
static int
2451
ipsec_informational_post_hook(struct message *msg)
2452
{
2453
	if (!msg->isakmp_sa)
2454
		return 0;
2455
	return ipsec_fill_in_hash(msg);
2456
}
2457
2458
ssize_t
2459
ipsec_id_size(char *section, u_int8_t *id)
2460
{
2461
	char *type, *data;
2462
2463
	type = conf_get_str(section, "ID-type");
2464
	if (!type) {
2465
		log_print("ipsec_id_size: section %s has no \"ID-type\" tag",
2466
		    section);
2467
		return -1;
2468
	}
2469
	*id = constant_value(ipsec_id_cst, type);
2470
	switch (*id) {
2471
	case IPSEC_ID_IPV4_ADDR:
2472
		return sizeof(struct in_addr);
2473
	case IPSEC_ID_IPV4_ADDR_SUBNET:
2474
		return 2 * sizeof(struct in_addr);
2475
	case IPSEC_ID_IPV6_ADDR:
2476
		return sizeof(struct in6_addr);
2477
	case IPSEC_ID_IPV6_ADDR_SUBNET:
2478
		return 2 * sizeof(struct in6_addr);
2479
	case IPSEC_ID_FQDN:
2480
	case IPSEC_ID_USER_FQDN:
2481
	case IPSEC_ID_KEY_ID:
2482
	case IPSEC_ID_DER_ASN1_DN:
2483
	case IPSEC_ID_DER_ASN1_GN:
2484
		data = conf_get_str(section, "Name");
2485
		if (!data) {
2486
			log_print("ipsec_id_size: "
2487
			    "section %s has no \"Name\" tag", section);
2488
			return -1;
2489
		}
2490
		return strlen(data);
2491
	}
2492
	log_print("ipsec_id_size: unrecognized/unsupported ID-type %d (%s)",
2493
	    *id, type);
2494
	return -1;
2495
}
2496
2497
/*
2498
 * Generate a string version of the ID.
2499
 */
2500
char *
2501
ipsec_id_string(u_int8_t *id, size_t id_len)
2502
{
2503
	char           *buf = 0;
2504
	char           *addrstr = 0;
2505
	size_t          len, size;
2506
2507
	/*
2508
	 * XXX Real ugly way of making the offsets correct.  Be aware that id
2509
	 * now will point before the actual buffer and cannot be dereferenced
2510
	 * without an offset larger than or equal to ISAKM_GEN_SZ.
2511
         */
2512
	id -= ISAKMP_GEN_SZ;
2513
2514
	/* This is the actual length of the ID data field.  */
2515
	id_len += ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF;
2516
2517
	/*
2518
	 * Conservative allocation.
2519
	 * XXX I think the ASN1 DN case can be thought through to give a better
2520
	 * estimate.
2521
         */
2522
	size = MAXIMUM(sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
2523
	    sizeof "asn1_dn/" + id_len);
2524
	buf = malloc(size);
2525
	if (!buf)
2526
		/* XXX Log?  */
2527
		goto fail;
2528
2529
	switch (GET_ISAKMP_ID_TYPE(id)) {
2530
	case IPSEC_ID_IPV4_ADDR:
2531
		if (id_len < sizeof(struct in_addr))
2532
			goto fail;
2533
		util_ntoa(&addrstr, AF_INET, id + ISAKMP_ID_DATA_OFF);
2534
		if (!addrstr)
2535
			goto fail;
2536
		snprintf(buf, size, "ipv4/%s", addrstr);
2537
		break;
2538
2539
	case IPSEC_ID_IPV6_ADDR:
2540
		if (id_len < sizeof(struct in6_addr))
2541
			goto fail;
2542
		util_ntoa(&addrstr, AF_INET6, id + ISAKMP_ID_DATA_OFF);
2543
		if (!addrstr)
2544
			goto fail;
2545
		snprintf(buf, size, "ipv6/%s", addrstr);
2546
		break;
2547
2548
	case IPSEC_ID_FQDN:
2549
	case IPSEC_ID_USER_FQDN:
2550
		strlcpy(buf, GET_ISAKMP_ID_TYPE(id) == IPSEC_ID_FQDN ?
2551
		    "fqdn/" : "ufqdn/", size);
2552
		len = strlen(buf);
2553
2554
		memcpy(buf + len, id + ISAKMP_ID_DATA_OFF, id_len);
2555
		*(buf + len + id_len) = '\0';
2556
		break;
2557
2558
	case IPSEC_ID_DER_ASN1_DN:
2559
		strlcpy(buf, "asn1_dn/", size);
2560
		len = strlen(buf);
2561
		addrstr = x509_DN_string(id + ISAKMP_ID_DATA_OFF, id_len);
2562
		if (!addrstr)
2563
			goto fail;
2564
		if (size < len + strlen(addrstr) + 1)
2565
			goto fail;
2566
		strlcpy(buf + len, addrstr, size - len);
2567
		break;
2568
2569
	default:
2570
		/* Unknown type.  */
2571
		LOG_DBG((LOG_MISC, 10,
2572
		    "ipsec_id_string: unknown identity type %d\n",
2573
		    GET_ISAKMP_ID_TYPE(id)));
2574
		goto fail;
2575
	}
2576
2577
	free(addrstr);
2578
	return buf;
2579
2580
fail:
2581
	free(buf);
2582
	free(addrstr);
2583
	return 0;
2584
}