1 /* $OpenBSD: ipsec.c,v 1.121 2005/06/25 23:20:43 hshoexer Exp $	 */
2 /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $	 */
3 
4 /*
5  * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist.  All rights reserved.
6  * Copyright (c) 2001 Angelos D. Keromytis.  All rights reserved.
7  * Copyright (c) 2001 H�kan Olsson.  All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 /*
31  * This code was written under funding by Ericsson Radio Systems.
32  */
33 
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <netdb.h>
37 #include <netinet/in.h>
38 #include <arpa/inet.h>
39 #include <stdlib.h>
40 #include <string.h>
41 
42 #include "sysdep.h"
43 
44 #include "attribute.h"
45 #include "conf.h"
46 #include "constants.h"
47 #include "crypto.h"
48 #include "dh.h"
49 #include "doi.h"
50 #include "dpd.h"
51 #include "exchange.h"
52 #include "hash.h"
53 #include "ike_aggressive.h"
54 #include "ike_auth.h"
55 #include "ike_main_mode.h"
56 #include "ike_quick_mode.h"
57 #include "ipsec.h"
58 #include "ipsec_doi.h"
59 #include "isakmp.h"
60 #include "isakmp_cfg.h"
61 #include "isakmp_fld.h"
62 #include "isakmp_num.h"
63 #include "log.h"
64 #include "math_group.h"
65 #include "message.h"
66 #include "nat_traversal.h"
67 #include "pf_key_v2.h"
68 #include "prf.h"
69 #include "sa.h"
70 #include "timer.h"
71 #include "transport.h"
72 #include "util.h"
73 #include "x509.h"
74 
75 extern int acquire_only;
76 
77 /* Backwards compatibility.  */
78 #ifndef NI_MAXHOST
79 #define NI_MAXHOST 1025
80 #endif
81 
82 /* The replay window size used for all IPsec protocols if not overridden.  */
83 #define DEFAULT_REPLAY_WINDOW 16
84 
85 struct ipsec_decode_arg {
86 	struct message *msg;
87 	struct sa      *sa;
88 	struct proto   *proto;
89 };
90 
91 /* These variables hold the contacted peers ADT state.  */
92 struct contact {
93 	struct sockaddr *addr;
94 	socklen_t       len;
95 }              *contacts = 0;
96 int             contact_cnt = 0, contact_limit = 0;
97 
98 static int      addr_cmp(const void *, const void *);
99 static int      ipsec_add_contact(struct message *);
100 static int      ipsec_contacted(struct message *);
101 static int      ipsec_debug_attribute(u_int16_t, u_int8_t *, u_int16_t,
102     void *);
103 static void     ipsec_delete_spi(struct sa *, struct proto *, int);
104 static int16_t *ipsec_exchange_script(u_int8_t);
105 static void     ipsec_finalize_exchange(struct message *);
106 static void     ipsec_free_exchange_data(void *);
107 static void     ipsec_free_proto_data(void *);
108 static void     ipsec_free_sa_data(void *);
109 static struct keystate *ipsec_get_keystate(struct message *);
110 static u_int8_t *ipsec_get_spi(size_t *, u_int8_t, struct message *);
111 static int	ipsec_handle_leftover_payload(struct message *, u_int8_t,
112     struct payload *);
113 static int      ipsec_informational_post_hook(struct message *);
114 static int      ipsec_informational_pre_hook(struct message *);
115 static int      ipsec_initiator(struct message *);
116 static void     ipsec_proto_init(struct proto *, char *);
117 static int      ipsec_responder(struct message *);
118 static void     ipsec_setup_situation(u_int8_t *);
119 static int      ipsec_set_network(u_int8_t *, u_int8_t *, struct ipsec_sa *);
120 static size_t   ipsec_situation_size(void);
121 static u_int8_t ipsec_spi_size(u_int8_t);
122 static int      ipsec_validate_attribute(u_int16_t, u_int8_t *, u_int16_t,
123     void *);
124 static int      ipsec_validate_exchange(u_int8_t);
125 static int	ipsec_validate_id_information(u_int8_t, u_int8_t *, u_int8_t *,
126     size_t, struct exchange *);
127 static int      ipsec_validate_key_information(u_int8_t *, size_t);
128 static int      ipsec_validate_notification(u_int16_t);
129 static int      ipsec_validate_proto(u_int8_t);
130 static int      ipsec_validate_situation(u_int8_t *, size_t *, size_t);
131 static int      ipsec_validate_transform_id(u_int8_t, u_int8_t);
132 
133 static struct doi ipsec_doi = {
134 	{0}, IPSEC_DOI_IPSEC,
135 	sizeof(struct ipsec_exch), sizeof(struct ipsec_sa),
136 	sizeof(struct ipsec_proto),
137 	ipsec_debug_attribute,
138 	ipsec_delete_spi,
139 	ipsec_exchange_script,
140 	ipsec_finalize_exchange,
141 	ipsec_free_exchange_data,
142 	ipsec_free_proto_data,
143 	ipsec_free_sa_data,
144 	ipsec_get_keystate,
145 	ipsec_get_spi,
146 	ipsec_handle_leftover_payload,
147 	ipsec_informational_post_hook,
148 	ipsec_informational_pre_hook,
149 	ipsec_is_attribute_incompatible,
150 	ipsec_proto_init,
151 	ipsec_setup_situation,
152 	ipsec_situation_size,
153 	ipsec_spi_size,
154 	ipsec_validate_attribute,
155 	ipsec_validate_exchange,
156 	ipsec_validate_id_information,
157 	ipsec_validate_key_information,
158 	ipsec_validate_notification,
159 	ipsec_validate_proto,
160 	ipsec_validate_situation,
161 	ipsec_validate_transform_id,
162 	ipsec_initiator,
163 	ipsec_responder,
164 	ipsec_decode_ids
165 };
166 
167 int16_t script_quick_mode[] = {
168 	ISAKMP_PAYLOAD_HASH,	/* Initiator -> responder.  */
169 	ISAKMP_PAYLOAD_SA,
170 	ISAKMP_PAYLOAD_NONCE,
171 	EXCHANGE_SCRIPT_SWITCH,
172 	ISAKMP_PAYLOAD_HASH,	/* Responder -> initiator.  */
173 	ISAKMP_PAYLOAD_SA,
174 	ISAKMP_PAYLOAD_NONCE,
175 	EXCHANGE_SCRIPT_SWITCH,
176 	ISAKMP_PAYLOAD_HASH,	/* Initiator -> responder.  */
177 	EXCHANGE_SCRIPT_END
178 };
179 
180 int16_t script_new_group_mode[] = {
181 	ISAKMP_PAYLOAD_HASH,	/* Initiator -> responder.  */
182 	ISAKMP_PAYLOAD_SA,
183 	EXCHANGE_SCRIPT_SWITCH,
184 	ISAKMP_PAYLOAD_HASH,	/* Responder -> initiator.  */
185 	ISAKMP_PAYLOAD_SA,
186 	EXCHANGE_SCRIPT_END
187 };
188 
189 struct dst_spi_proto_arg {
190 	struct sockaddr *dst;
191 	u_int32_t       spi;
192 	u_int8_t        proto;
193 };
194 
195 /*
196  * Check if SA matches what we are asking for through V_ARG.  It has to
197  * be a finished phase 2 SA.
198  * if "proto" arg is 0, match any proto
199  */
200 static int
ipsec_sa_check(struct sa * sa,void * v_arg)201 ipsec_sa_check(struct sa *sa, void *v_arg)
202 {
203 	struct dst_spi_proto_arg *arg = v_arg;
204 	struct proto   *proto;
205 	struct sockaddr *dst, *src;
206 	int             incoming;
207 
208 	if (sa->phase != 2 || !(sa->flags & SA_FLAG_READY))
209 		return 0;
210 
211 	sa->transport->vtbl->get_dst(sa->transport, &dst);
212 	if (memcmp(sockaddr_addrdata(dst), sockaddr_addrdata(arg->dst),
213 	    sockaddr_addrlen(dst)) == 0)
214 		incoming = 0;
215 	else {
216 		sa->transport->vtbl->get_src(sa->transport, &src);
217 		if (memcmp(sockaddr_addrdata(src), sockaddr_addrdata(arg->dst),
218 		    sockaddr_addrlen(src)) == 0)
219 			incoming = 1;
220 		else
221 			return 0;
222 	}
223 
224 	for (proto = TAILQ_FIRST(&sa->protos); proto;
225 	    proto = TAILQ_NEXT(proto, link))
226 		if ((arg->proto == 0 || proto->proto == arg->proto) &&
227 		    memcmp(proto->spi[incoming], &arg->spi, sizeof arg->spi)
228 		    == 0)
229 			return 1;
230 	return 0;
231 }
232 
233 /* Find an SA with a "name" of DST, SPI & PROTO.  */
234 struct sa *
ipsec_sa_lookup(struct sockaddr * dst,u_int32_t spi,u_int8_t proto)235 ipsec_sa_lookup(struct sockaddr *dst, u_int32_t spi, u_int8_t proto)
236 {
237 	struct dst_spi_proto_arg arg;
238 
239 	arg.dst = dst;
240 	arg.spi = spi;
241 	arg.proto = proto;
242 	return sa_find(ipsec_sa_check, &arg);
243 }
244 
245 /*
246  * Check if SA matches the flow of another SA in V_ARG.  It has to
247  * be a finished non-replaced phase 2 SA.
248  * XXX At some point other selectors will matter here too.
249  */
250 static int
ipsec_sa_check_flow(struct sa * sa,void * v_arg)251 ipsec_sa_check_flow(struct sa *sa, void *v_arg)
252 {
253 	struct sa      *sa2 = v_arg;
254 	struct ipsec_sa *isa = sa->data, *isa2 = sa2->data;
255 
256 	if (sa == sa2 || sa->phase != 2 ||
257 	    (sa->flags & (SA_FLAG_READY | SA_FLAG_REPLACED)) != SA_FLAG_READY)
258 		return 0;
259 
260 	if (isa->tproto != isa2->tproto || isa->sport != isa2->sport ||
261 	    isa->dport != isa2->dport)
262 		return 0;
263 
264 	return isa->src_net->sa_family == isa2->src_net->sa_family &&
265 	    memcmp(sockaddr_addrdata(isa->src_net),
266 	    sockaddr_addrdata(isa2->src_net),
267 	    sockaddr_addrlen(isa->src_net)) == 0 &&
268 	    memcmp(sockaddr_addrdata(isa->src_mask),
269 	    sockaddr_addrdata(isa2->src_mask),
270 	    sockaddr_addrlen(isa->src_mask)) == 0 &&
271 	    memcmp(sockaddr_addrdata(isa->dst_net),
272 	    sockaddr_addrdata(isa2->dst_net),
273 	    sockaddr_addrlen(isa->dst_net)) == 0 &&
274 	    memcmp(sockaddr_addrdata(isa->dst_mask),
275 	    sockaddr_addrdata(isa2->dst_mask),
276 	    sockaddr_addrlen(isa->dst_mask)) == 0;
277 }
278 
279 /*
280  * Do IPsec DOI specific finalizations task for the exchange where MSG was
281  * the final message.
282  */
283 static void
ipsec_finalize_exchange(struct message * msg)284 ipsec_finalize_exchange(struct message *msg)
285 {
286 	struct sa      *isakmp_sa = msg->isakmp_sa;
287 	struct ipsec_sa *isa;
288 	struct exchange *exchange = msg->exchange;
289 	struct ipsec_exch *ie = exchange->data;
290 	struct sa      *sa = 0, *old_sa;
291 	struct proto   *proto, *last_proto = 0;
292 	char           *addr1, *addr2, *mask1, *mask2;
293 
294 	switch (exchange->phase) {
295 	case 1:
296 		switch (exchange->type) {
297 		case ISAKMP_EXCH_ID_PROT:
298 		case ISAKMP_EXCH_AGGRESSIVE:
299 			isa = isakmp_sa->data;
300 			isa->hash = ie->hash->type;
301 			isa->prf_type = ie->prf_type;
302 			isa->skeyid_len = ie->skeyid_len;
303 			isa->skeyid_d = ie->skeyid_d;
304 			isa->skeyid_a = ie->skeyid_a;
305 			/* Prevents early free of SKEYID_*.  */
306 			ie->skeyid_a = ie->skeyid_d = 0;
307 
308 			/*
309 			 * If a lifetime was negotiated setup the expiration
310 			 * timers.
311 			 */
312 			if (isakmp_sa->seconds)
313 				sa_setup_expirations(isakmp_sa);
314 
315 			if (isakmp_sa->flags & SA_FLAG_NAT_T_KEEPALIVE)
316 				nat_t_setup_keepalive(isakmp_sa);
317 			break;
318 		}
319 		break;
320 
321 	case 2:
322 		switch (exchange->type) {
323 		case IKE_EXCH_QUICK_MODE:
324 			/*
325 			 * Tell the application(s) about the SPIs and key
326 			 * material.
327 			 */
328 			for (sa = TAILQ_FIRST(&exchange->sa_list); sa;
329 			    sa = TAILQ_NEXT(sa, next)) {
330 				isa = sa->data;
331 
332 				if (exchange->initiator) {
333 					/*
334 					 * Initiator is source, responder is
335 					 * destination.
336 					 */
337 					if (ipsec_set_network(ie->id_ci,
338 					    ie->id_cr, isa)) {
339 						log_print(
340 						    "ipsec_finalize_exchange: "
341 						    "ipsec_set_network "
342 						    "failed");
343 						return;
344 					}
345 				} else {
346 					/*
347 					 * Responder is source, initiator is
348 					 * destination.
349 					 */
350 					if (ipsec_set_network(ie->id_cr,
351 					    ie->id_ci, isa)) {
352 						log_print(
353 						    "ipsec_finalize_exchange: "
354 						    "ipsec_set_network "
355 						    "failed");
356 						return;
357 					}
358 				}
359 
360 				for (proto = TAILQ_FIRST(&sa->protos),
361 				    last_proto = 0; proto;
362 				    proto = TAILQ_NEXT(proto, link)) {
363 					if (pf_key_v2_set_spi(sa, proto,
364 					    0, isakmp_sa) ||
365 					    (last_proto &&
366 					    pf_key_v2_group_spis(sa,
367 						last_proto, proto, 0)) ||
368 					    pf_key_v2_set_spi(sa, proto,
369 						1, isakmp_sa) ||
370 					    (last_proto &&
371 						pf_key_v2_group_spis(sa,
372 						last_proto, proto, 1)))
373 						/*
374 						 * XXX Tear down this
375 						 * exchange.
376 						 */
377 						return;
378 					last_proto = proto;
379 				}
380 
381 				if (sockaddr2text(isa->src_net, &addr1, 0))
382 					addr1 = 0;
383 				if (sockaddr2text(isa->src_mask, &mask1, 0))
384 					mask1 = 0;
385 				if (sockaddr2text(isa->dst_net, &addr2, 0))
386 					addr2 = 0;
387 				if (sockaddr2text(isa->dst_mask, &mask2, 0))
388 					mask2 = 0;
389 
390 				LOG_DBG((LOG_EXCHANGE, 50,
391 				    "ipsec_finalize_exchange: src %s %s "
392 				    "dst %s %s tproto %u sport %u dport %u",
393 				    addr1 ? addr1 : "<??\?>",
394 				    mask1 ?  mask1 : "<??\?>",
395 				    addr2 ? addr2 : "<??\?>",
396 				    mask2 ? mask2 : "<??\?>",
397 				    isa->tproto, ntohs(isa->sport),
398 				    ntohs(isa->dport)));
399 
400 				if (addr1)
401 					free(addr1);
402 				if (mask1)
403 					free(mask1);
404 				if (addr2)
405 					free(addr2);
406 				if (mask2)
407 					free(mask2);
408 
409 				/*
410 				 * If this is not an SA acquired by the
411 				 * kernel, it needs to have a SPD entry
412 				 * (a.k.a. flow) set up.
413 				 */
414 				if (!(sa->flags & SA_FLAG_ONDEMAND ||
415 				    conf_get_str("General", "Acquire-Only") ||
416 				    acquire_only) &&
417 				    pf_key_v2_enable_sa(sa, isakmp_sa))
418 					/* XXX Tear down this exchange.  */
419 					return;
420 
421 				/*
422 				 * Mark elder SAs with the same flow
423 				 * information as replaced.
424 				 */
425 				while ((old_sa = sa_find(ipsec_sa_check_flow,
426 				    sa)) != 0)
427 					sa_mark_replaced(old_sa);
428 			}
429 			break;
430 		}
431 	}
432 }
433 
434 /* Set the client addresses in ISA from SRC_ID and DST_ID.  */
435 static int
ipsec_set_network(u_int8_t * src_id,u_int8_t * dst_id,struct ipsec_sa * isa)436 ipsec_set_network(u_int8_t *src_id, u_int8_t *dst_id, struct ipsec_sa *isa)
437 {
438 	int	id;
439 
440 	/* Set source address/mask.  */
441 	id = GET_ISAKMP_ID_TYPE(src_id);
442 	switch (id) {
443 	case IPSEC_ID_IPV4_ADDR:
444 	case IPSEC_ID_IPV4_ADDR_SUBNET:
445 		isa->src_net = (struct sockaddr *)calloc(1,
446 		    sizeof(struct sockaddr_in));
447 		if (!isa->src_net)
448 			goto memfail;
449 		isa->src_net->sa_family = AF_INET;
450 		isa->src_net->sa_len = sizeof(struct sockaddr_in);
451 
452 		isa->src_mask = (struct sockaddr *)calloc(1,
453 		    sizeof(struct sockaddr_in));
454 		if (!isa->src_mask)
455 			goto memfail;
456 		isa->src_mask->sa_family = AF_INET;
457 		isa->src_mask->sa_len = sizeof(struct sockaddr_in);
458 		break;
459 
460 	case IPSEC_ID_IPV6_ADDR:
461 	case IPSEC_ID_IPV6_ADDR_SUBNET:
462 		isa->src_net = (struct sockaddr *)calloc(1,
463 		    sizeof(struct sockaddr_in6));
464 		if (!isa->src_net)
465 			goto memfail;
466 		isa->src_net->sa_family = AF_INET6;
467 		isa->src_net->sa_len = sizeof(struct sockaddr_in6);
468 
469 		isa->src_mask = (struct sockaddr *)calloc(1,
470 		    sizeof(struct sockaddr_in6));
471 		if (!isa->src_mask)
472 			goto memfail;
473 		isa->src_mask->sa_family = AF_INET6;
474 		isa->src_mask->sa_len = sizeof(struct sockaddr_in6);
475 		break;
476 
477 	case IPSEC_ID_IPV4_RANGE:
478 	case IPSEC_ID_IPV6_RANGE:
479 	case IPSEC_ID_DER_ASN1_DN:
480 	case IPSEC_ID_DER_ASN1_GN:
481 	case IPSEC_ID_KEY_ID:
482 	default:
483 		log_print("ipsec_set_network: ID type %d (%s) not supported",
484 		    id, constant_name(ipsec_id_cst, id));
485 		return -1;
486 	}
487 
488 	/* Net */
489 	memcpy(sockaddr_addrdata(isa->src_net), src_id + ISAKMP_ID_DATA_OFF,
490 	    sockaddr_addrlen(isa->src_net));
491 
492 	/* Mask */
493 	switch (id) {
494 	case IPSEC_ID_IPV4_ADDR:
495 	case IPSEC_ID_IPV6_ADDR:
496 		memset(sockaddr_addrdata(isa->src_mask), 0xff,
497 		    sockaddr_addrlen(isa->src_mask));
498 		break;
499 	case IPSEC_ID_IPV4_ADDR_SUBNET:
500 	case IPSEC_ID_IPV6_ADDR_SUBNET:
501 		memcpy(sockaddr_addrdata(isa->src_mask), src_id +
502 		    ISAKMP_ID_DATA_OFF + sockaddr_addrlen(isa->src_net),
503 		    sockaddr_addrlen(isa->src_mask));
504 		break;
505 	}
506 
507 	memcpy(&isa->sport,
508 	    src_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF,
509 	    IPSEC_ID_PORT_LEN);
510 
511 	/* Set destination address.  */
512 	id = GET_ISAKMP_ID_TYPE(dst_id);
513 	switch (id) {
514 	case IPSEC_ID_IPV4_ADDR:
515 	case IPSEC_ID_IPV4_ADDR_SUBNET:
516 		isa->dst_net = (struct sockaddr *)calloc(1,
517 		    sizeof(struct sockaddr_in));
518 		if (!isa->dst_net)
519 			goto memfail;
520 		isa->dst_net->sa_family = AF_INET;
521 		isa->dst_net->sa_len = sizeof(struct sockaddr_in);
522 
523 		isa->dst_mask = (struct sockaddr *)calloc(1,
524 		    sizeof(struct sockaddr_in));
525 		if (!isa->dst_mask)
526 			goto memfail;
527 		isa->dst_mask->sa_family = AF_INET;
528 		isa->dst_mask->sa_len = sizeof(struct sockaddr_in);
529 		break;
530 
531 	case IPSEC_ID_IPV6_ADDR:
532 	case IPSEC_ID_IPV6_ADDR_SUBNET:
533 		isa->dst_net = (struct sockaddr *)calloc(1,
534 		    sizeof(struct sockaddr_in6));
535 		if (!isa->dst_net)
536 			goto memfail;
537 		isa->dst_net->sa_family = AF_INET6;
538 		isa->dst_net->sa_len = sizeof(struct sockaddr_in6);
539 
540 		isa->dst_mask = (struct sockaddr *)calloc(1,
541 		    sizeof(struct sockaddr_in6));
542 		if (!isa->dst_mask)
543 			goto memfail;
544 		isa->dst_mask->sa_family = AF_INET6;
545 		isa->dst_mask->sa_len = sizeof(struct sockaddr_in6);
546 		break;
547 	}
548 
549 	/* Net */
550 	memcpy(sockaddr_addrdata(isa->dst_net), dst_id + ISAKMP_ID_DATA_OFF,
551 	    sockaddr_addrlen(isa->dst_net));
552 
553 	/* Mask */
554 	switch (id) {
555 	case IPSEC_ID_IPV4_ADDR:
556 	case IPSEC_ID_IPV6_ADDR:
557 		memset(sockaddr_addrdata(isa->dst_mask), 0xff,
558 		    sockaddr_addrlen(isa->dst_mask));
559 		break;
560 	case IPSEC_ID_IPV4_ADDR_SUBNET:
561 	case IPSEC_ID_IPV6_ADDR_SUBNET:
562 		memcpy(sockaddr_addrdata(isa->dst_mask), dst_id +
563 		    ISAKMP_ID_DATA_OFF + sockaddr_addrlen(isa->dst_net),
564 		    sockaddr_addrlen(isa->dst_mask));
565 		break;
566 	}
567 
568 	memcpy(&isa->tproto, dst_id + ISAKMP_ID_DOI_DATA_OFF +
569 	    IPSEC_ID_PROTO_OFF, IPSEC_ID_PROTO_LEN);
570 	memcpy(&isa->dport,
571 	    dst_id + ISAKMP_ID_DOI_DATA_OFF + IPSEC_ID_PORT_OFF,
572 	    IPSEC_ID_PORT_LEN);
573 	return 0;
574 
575 memfail:
576 	log_error("ipsec_set_network: calloc () failed");
577 	return -1;
578 }
579 
580 /* Free the DOI-specific exchange data pointed to by VIE.  */
581 static void
ipsec_free_exchange_data(void * vie)582 ipsec_free_exchange_data(void *vie)
583 {
584 	struct ipsec_exch *ie = vie;
585 	struct isakmp_cfg_attr *attr;
586 
587 	if (ie->sa_i_b)
588 		free(ie->sa_i_b);
589 	if (ie->id_ci)
590 		free(ie->id_ci);
591 	if (ie->id_cr)
592 		free(ie->id_cr);
593 	if (ie->g_xi)
594 		free(ie->g_xi);
595 	if (ie->g_xr)
596 		free(ie->g_xr);
597 	if (ie->g_xy)
598 		free(ie->g_xy);
599 	if (ie->skeyid)
600 		free(ie->skeyid);
601 	if (ie->skeyid_d)
602 		free(ie->skeyid_d);
603 	if (ie->skeyid_a)
604 		free(ie->skeyid_a);
605 	if (ie->skeyid_e)
606 		free(ie->skeyid_e);
607 	if (ie->hash_i)
608 		free(ie->hash_i);
609 	if (ie->hash_r)
610 		free(ie->hash_r);
611 	if (ie->group)
612 		group_free(ie->group);
613 	for (attr = LIST_FIRST(&ie->attrs); attr;
614 	    attr = LIST_FIRST(&ie->attrs)) {
615 		LIST_REMOVE(attr, link);
616 		if (attr->length)
617 			free(attr->value);
618 		free(attr);
619 	}
620 }
621 
622 /* Free the DOI-specific SA data pointed to by VISA.  */
623 static void
ipsec_free_sa_data(void * visa)624 ipsec_free_sa_data(void *visa)
625 {
626 	struct ipsec_sa *isa = visa;
627 
628 	if (isa->src_net)
629 		free(isa->src_net);
630 	if (isa->src_mask)
631 		free(isa->src_mask);
632 	if (isa->dst_net)
633 		free(isa->dst_net);
634 	if (isa->dst_mask)
635 		free(isa->dst_mask);
636 	if (isa->skeyid_a)
637 		free(isa->skeyid_a);
638 	if (isa->skeyid_d)
639 		free(isa->skeyid_d);
640 }
641 
642 /* Free the DOI-specific protocol data of an SA pointed to by VIPROTO.  */
643 static void
ipsec_free_proto_data(void * viproto)644 ipsec_free_proto_data(void *viproto)
645 {
646 	struct ipsec_proto *iproto = viproto;
647 	int             i;
648 
649 	for (i = 0; i < 2; i++)
650 		if (iproto->keymat[i])
651 			free(iproto->keymat[i]);
652 }
653 
654 /* Return exchange script based on TYPE.  */
655 static int16_t *
ipsec_exchange_script(u_int8_t type)656 ipsec_exchange_script(u_int8_t type)
657 {
658 	switch (type) {
659 	case ISAKMP_EXCH_TRANSACTION:
660 		return script_transaction;
661 	case IKE_EXCH_QUICK_MODE:
662 		return script_quick_mode;
663 	case IKE_EXCH_NEW_GROUP_MODE:
664 		return script_new_group_mode;
665 	}
666 	return 0;
667 }
668 
669 /* Initialize this DOI, requires doi_init to already have been called.  */
670 void
ipsec_init(void)671 ipsec_init(void)
672 {
673 	doi_register(&ipsec_doi);
674 }
675 
676 /* Given a message MSG, return a suitable IV (or rather keystate).  */
677 static struct keystate *
ipsec_get_keystate(struct message * msg)678 ipsec_get_keystate(struct message *msg)
679 {
680 	struct keystate *ks;
681 	struct hash    *hash;
682 
683 	/* If we have already have an IV, use it.  */
684 	if (msg->exchange && msg->exchange->keystate) {
685 		ks = malloc(sizeof *ks);
686 		if (!ks) {
687 			log_error("ipsec_get_keystate: malloc (%lu) failed",
688 			    (unsigned long) sizeof *ks);
689 			return 0;
690 		}
691 		memcpy(ks, msg->exchange->keystate, sizeof *ks);
692 		return ks;
693 	}
694 	/*
695 	 * For phase 2 when no SA yet is setup we need to hash the IV used by
696 	 * the ISAKMP SA concatenated with the message ID, and use that as an
697 	 * IV for further cryptographic operations.
698          */
699 	if (!msg->isakmp_sa->keystate) {
700 		log_print("ipsec_get_keystate: no keystate in ISAKMP SA %p",
701 		    msg->isakmp_sa);
702 		return 0;
703 	}
704 	ks = crypto_clone_keystate(msg->isakmp_sa->keystate);
705 	if (!ks)
706 		return 0;
707 
708 	hash = hash_get(((struct ipsec_sa *)msg->isakmp_sa->data)->hash);
709 	hash->Init(hash->ctx);
710 	LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: final phase 1 IV",
711 	    ks->riv, ks->xf->blocksize));
712 	hash->Update(hash->ctx, ks->riv, ks->xf->blocksize);
713 	LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: message ID",
714 	    ((u_int8_t *) msg->iov[0].iov_base) + ISAKMP_HDR_MESSAGE_ID_OFF,
715 	    ISAKMP_HDR_MESSAGE_ID_LEN));
716 	hash->Update(hash->ctx, ((u_int8_t *) msg->iov[0].iov_base) +
717 	    ISAKMP_HDR_MESSAGE_ID_OFF, ISAKMP_HDR_MESSAGE_ID_LEN);
718 	hash->Final(hash->digest, hash->ctx);
719 	crypto_init_iv(ks, hash->digest, ks->xf->blocksize);
720 	LOG_DBG_BUF((LOG_CRYPTO, 80, "ipsec_get_keystate: phase 2 IV",
721 	    hash->digest, ks->xf->blocksize));
722 	return ks;
723 }
724 
725 static void
ipsec_setup_situation(u_int8_t * buf)726 ipsec_setup_situation(u_int8_t *buf)
727 {
728 	SET_IPSEC_SIT_SIT(buf + ISAKMP_SA_SIT_OFF, IPSEC_SIT_IDENTITY_ONLY);
729 }
730 
731 static size_t
ipsec_situation_size(void)732 ipsec_situation_size(void)
733 {
734 	return IPSEC_SIT_SIT_LEN;
735 }
736 
737 static u_int8_t
ipsec_spi_size(u_int8_t proto)738 ipsec_spi_size(u_int8_t proto)
739 {
740 	return IPSEC_SPI_SIZE;
741 }
742 
743 static int
ipsec_validate_attribute(u_int16_t type,u_int8_t * value,u_int16_t len,void * vmsg)744 ipsec_validate_attribute(u_int16_t type, u_int8_t * value, u_int16_t len,
745     void *vmsg)
746 {
747 	struct message *msg = vmsg;
748 
749 	if (msg->exchange->phase == 1 &&
750 	    (type < IKE_ATTR_ENCRYPTION_ALGORITHM || type > IKE_ATTR_GROUP_ORDER))
751 		return -1;
752 	if (msg->exchange->phase == 2 &&
753 	    (type < IPSEC_ATTR_SA_LIFE_TYPE || type > IPSEC_ATTR_ECN_TUNNEL))
754 		return -1;
755 	return 0;
756 }
757 
758 static int
ipsec_validate_exchange(u_int8_t exch)759 ipsec_validate_exchange(u_int8_t exch)
760 {
761 	return exch != IKE_EXCH_QUICK_MODE && exch != IKE_EXCH_NEW_GROUP_MODE;
762 }
763 
764 static int
ipsec_validate_id_information(u_int8_t type,u_int8_t * extra,u_int8_t * buf,size_t sz,struct exchange * exchange)765 ipsec_validate_id_information(u_int8_t type, u_int8_t *extra, u_int8_t *buf,
766     size_t sz, struct exchange *exchange)
767 {
768 	u_int8_t        proto = GET_IPSEC_ID_PROTO(extra);
769 	u_int16_t       port = GET_IPSEC_ID_PORT(extra);
770 
771 	LOG_DBG((LOG_MESSAGE, 40,
772 	    "ipsec_validate_id_information: proto %d port %d type %d",
773 	    proto, port, type));
774 	if (type < IPSEC_ID_IPV4_ADDR || type > IPSEC_ID_KEY_ID)
775 		return -1;
776 
777 	switch (type) {
778 	case IPSEC_ID_IPV4_ADDR:
779 		LOG_DBG_BUF((LOG_MESSAGE, 40,
780 		    "ipsec_validate_id_information: IPv4", buf,
781 		    sizeof(struct in_addr)));
782 		break;
783 
784 	case IPSEC_ID_IPV6_ADDR:
785 		LOG_DBG_BUF((LOG_MESSAGE, 40,
786 		    "ipsec_validate_id_information: IPv6", buf,
787 		    sizeof(struct in6_addr)));
788 		break;
789 
790 	case IPSEC_ID_IPV4_ADDR_SUBNET:
791 		LOG_DBG_BUF((LOG_MESSAGE, 40,
792 		    "ipsec_validate_id_information: IPv4 network/netmask",
793 		    buf, 2 * sizeof(struct in_addr)));
794 		break;
795 
796 	case IPSEC_ID_IPV6_ADDR_SUBNET:
797 		LOG_DBG_BUF((LOG_MESSAGE, 40,
798 		    "ipsec_validate_id_information: IPv6 network/netmask",
799 		    buf, 2 * sizeof(struct in6_addr)));
800 		break;
801 
802 	default:
803 		break;
804 	}
805 
806 	if (exchange->phase == 1 &&
807 	    (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT) &&
808 	    (proto != 0 || port != 0)) {
809 		/*
810 		 * XXX SSH's ISAKMP tester fails this test (proto 17 - port
811 		 * 0).
812 		 */
813 #ifdef notyet
814 		return -1;
815 #else
816 		log_print("ipsec_validate_id_information: dubious ID "
817 		    "information accepted");
818 #endif
819 	}
820 	/* XXX More checks?  */
821 
822 	return 0;
823 }
824 
825 static int
ipsec_validate_key_information(u_int8_t * buf,size_t sz)826 ipsec_validate_key_information(u_int8_t *buf, size_t sz)
827 {
828 	/* XXX Not implemented yet.  */
829 	return 0;
830 }
831 
832 static int
ipsec_validate_notification(u_int16_t type)833 ipsec_validate_notification(u_int16_t type)
834 {
835 	return type < IPSEC_NOTIFY_RESPONDER_LIFETIME ||
836 	    type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0;
837 }
838 
839 static int
ipsec_validate_proto(u_int8_t proto)840 ipsec_validate_proto(u_int8_t proto)
841 {
842 	return proto < IPSEC_PROTO_IPSEC_AH ||
843 	    proto > IPSEC_PROTO_IPCOMP ? -1 : 0;
844 }
845 
846 static int
ipsec_validate_situation(u_int8_t * buf,size_t * sz,size_t len)847 ipsec_validate_situation(u_int8_t *buf, size_t *sz, size_t len)
848 {
849 	if (len < IPSEC_SIT_SIT_OFF + IPSEC_SIT_SIT_LEN) {
850 		log_print("ipsec_validate_situation: payload too short: %u",
851 		    (unsigned int) len);
852 		return -1;
853 	}
854 	/* Currently only "identity only" situations are supported.  */
855 	if (GET_IPSEC_SIT_SIT(buf) != IPSEC_SIT_IDENTITY_ONLY)
856 		return 1;
857 
858 	*sz = IPSEC_SIT_SIT_LEN;
859 
860 	return 0;
861 }
862 
863 static int
ipsec_validate_transform_id(u_int8_t proto,u_int8_t transform_id)864 ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id)
865 {
866 	switch (proto) {
867 		/*
868 		 * As no unexpected protocols can occur, we just tie the
869 		 * default case to the first case, in orer to silence a GCC
870 		 * warning.
871 		 */
872 		default:
873 		case ISAKMP_PROTO_ISAKMP:
874 			return transform_id != IPSEC_TRANSFORM_KEY_IKE;
875 		case IPSEC_PROTO_IPSEC_AH:
876 			return transform_id < IPSEC_AH_MD5 ||
877 			    transform_id > IPSEC_AH_DES ? -1 : 0;
878 	case IPSEC_PROTO_IPSEC_ESP:
879 		return transform_id < IPSEC_ESP_DES_IV64 ||
880 		    (transform_id > IPSEC_ESP_AES_128_CTR &&
881 		    transform_id < IPSEC_ESP_AES_MARS) ||
882 		    transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
883 	case IPSEC_PROTO_IPCOMP:
884 		return transform_id < IPSEC_IPCOMP_OUI ||
885 		    transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0;
886 	}
887 }
888 
889 static int
ipsec_initiator(struct message * msg)890 ipsec_initiator(struct message *msg)
891 {
892 	struct exchange *exchange = msg->exchange;
893 	int             (**script)(struct message *) = 0;
894 
895 	/* Check that the SA is coherent with the IKE rules.  */
896 	if (exchange->type != ISAKMP_EXCH_TRANSACTION &&
897 	    ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT &&
898 	    exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
899 	    exchange->type != ISAKMP_EXCH_INFO) ||
900 	    (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE &&
901 	    exchange->type != ISAKMP_EXCH_INFO))) {
902 		log_print("ipsec_initiator: unsupported exchange type %d "
903 		    "in phase %d", exchange->type, exchange->phase);
904 		return -1;
905 	}
906 	switch (exchange->type) {
907 	case ISAKMP_EXCH_ID_PROT:
908 		script = ike_main_mode_initiator;
909 		break;
910 	case ISAKMP_EXCH_AGGRESSIVE:
911 		script = ike_aggressive_initiator;
912 		break;
913 	case ISAKMP_EXCH_TRANSACTION:
914 		script = isakmp_cfg_initiator;
915 		break;
916 	case ISAKMP_EXCH_INFO:
917 		return message_send_info(msg);
918 	case IKE_EXCH_QUICK_MODE:
919 		script = ike_quick_mode_initiator;
920 		break;
921 	default:
922 		log_print("ipsec_initiator: unsupported exchange type %d",
923 			  exchange->type);
924 		return -1;
925 	}
926 
927 	/* Run the script code for this step.  */
928 	if (script)
929 		return script[exchange->step] (msg);
930 
931 	return 0;
932 }
933 
934 /*
935  * delete all SA's from addr with the associated proto and SPI's
936  *
937  * spis[] is an array of SPIs of size 16-octet for proto ISAKMP
938  * or 4-octet otherwise.
939  */
940 static void
ipsec_delete_spi_list(struct sockaddr * addr,u_int8_t proto,u_int8_t * spis,int nspis,char * type)941 ipsec_delete_spi_list(struct sockaddr *addr, u_int8_t proto, u_int8_t *spis,
942     int nspis, char *type)
943 {
944 	struct sa      *sa;
945 	int             i;
946 
947 	for (i = 0; i < nspis; i++) {
948 		if (proto == ISAKMP_PROTO_ISAKMP) {
949 			u_int8_t *spi = spis + i * ISAKMP_HDR_COOKIES_LEN;
950 
951 			/*
952 			 * This really shouldn't happen in IPSEC DOI
953 			 * code, but Cisco VPN 3000 sends ISAKMP DELETE's
954 			 * this way.
955 			 */
956 			sa = sa_lookup_isakmp_sa(addr, spi);
957 		} else {
958 			u_int32_t spi = ((u_int32_t *)spis)[i];
959 
960 			sa = ipsec_sa_lookup(addr, spi, proto);
961 		}
962 
963 		if (sa == NULL) {
964 			LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: could "
965 			    "not locate SA (SPI %08x, proto %u)",
966 			    ((u_int32_t *)spis)[i], proto));
967 			continue;
968 		}
969 		/* Delete the SA and search for the next */
970 		LOG_DBG((LOG_SA, 30, "ipsec_delete_spi_list: "
971 		    "%s made us delete SA %p (%d references) for proto %d",
972 		    type, sa, sa->refcnt, proto));
973 
974 		sa_free(sa);
975 	}
976 }
977 
978 static int
ipsec_responder(struct message * msg)979 ipsec_responder(struct message *msg)
980 {
981 	struct exchange *exchange = msg->exchange;
982 	int             (**script)(struct message *) = 0;
983 	struct payload *p;
984 	u_int16_t       type;
985 
986 	/* Check that a new exchange is coherent with the IKE rules.  */
987 	if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION &&
988 	    ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT &&
989 	    exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
990 	    exchange->type != ISAKMP_EXCH_INFO) ||
991 	    (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE &&
992 	    exchange->type != ISAKMP_EXCH_INFO))) {
993 		message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE,
994 		    0, 1, 0);
995 		return -1;
996 	}
997 	LOG_DBG((LOG_MISC, 30, "ipsec_responder: phase %d exchange %d step %d",
998 	    exchange->phase, exchange->type, exchange->step));
999 	switch (exchange->type) {
1000 	case ISAKMP_EXCH_ID_PROT:
1001 		script = ike_main_mode_responder;
1002 		break;
1003 	case ISAKMP_EXCH_AGGRESSIVE:
1004 		script = ike_aggressive_responder;
1005 		break;
1006 	case ISAKMP_EXCH_TRANSACTION:
1007 		script = isakmp_cfg_responder;
1008 		break;
1009 	case ISAKMP_EXCH_INFO:
1010 		TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_NOTIFY], link) {
1011 			type = GET_ISAKMP_NOTIFY_MSG_TYPE(p->p);
1012 			LOG_DBG((LOG_EXCHANGE, 10,
1013 			    "ipsec_responder: got NOTIFY of type %s",
1014 			    constant_name(isakmp_notify_cst, type)));
1015 
1016 			switch (type) {
1017 			case IPSEC_NOTIFY_INITIAL_CONTACT:
1018 				/* Handled by leftover logic. */
1019 				break;
1020 
1021 			case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE:
1022 			case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE_ACK:
1023 				dpd_handle_notify(msg, p);
1024 				break;
1025 
1026 			default:
1027 				p->flags |= PL_MARK;
1028 				break;
1029 			}
1030 		}
1031 
1032 		/*
1033 		 * If any DELETEs are in here, let the logic of leftover
1034 		 * payloads deal with them.
1035 		 */
1036 		return 0;
1037 
1038 	case IKE_EXCH_QUICK_MODE:
1039 		script = ike_quick_mode_responder;
1040 		break;
1041 
1042 	default:
1043 		message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE,
1044 		    0, 1, 0);
1045 		return -1;
1046 	}
1047 
1048 	/* Run the script code for this step.  */
1049 	if (script)
1050 		return script[exchange->step] (msg);
1051 
1052 	/*
1053 	 * XXX So far we don't accept any proposals for exchanges we don't
1054 	 * support.
1055          */
1056 	if (payload_first(msg, ISAKMP_PAYLOAD_SA)) {
1057 		message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0);
1058 		return -1;
1059 	}
1060 	return 0;
1061 }
1062 
1063 static enum hashes
from_ike_hash(u_int16_t hash)1064 from_ike_hash(u_int16_t hash)
1065 {
1066 	switch (hash) {
1067 		case IKE_HASH_MD5:
1068 		return HASH_MD5;
1069 	case IKE_HASH_SHA:
1070 		return HASH_SHA1;
1071 	}
1072 	return -1;
1073 }
1074 
1075 static enum transform
from_ike_crypto(u_int16_t crypto)1076 from_ike_crypto(u_int16_t crypto)
1077 {
1078 	/* Coincidentally this is the null operation :-)  */
1079 	return crypto;
1080 }
1081 
1082 /*
1083  * Find out whether the attribute of type TYPE with a LEN length value
1084  * pointed to by VALUE is incompatible with what we can handle.
1085  * VMSG is a pointer to the current message.
1086  */
1087 int
ipsec_is_attribute_incompatible(u_int16_t type,u_int8_t * value,u_int16_t len,void * vmsg)1088 ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
1089     void *vmsg)
1090 {
1091 	struct message *msg = vmsg;
1092 	u_int16_t dv = decode_16(value);
1093 
1094 	if (msg->exchange->phase == 1) {
1095 		switch (type) {
1096 		case IKE_ATTR_ENCRYPTION_ALGORITHM:
1097 			return !crypto_get(from_ike_crypto(dv));
1098 		case IKE_ATTR_HASH_ALGORITHM:
1099 			return !hash_get(from_ike_hash(dv));
1100 		case IKE_ATTR_AUTHENTICATION_METHOD:
1101 			return !ike_auth_get(dv);
1102 		case IKE_ATTR_GROUP_DESCRIPTION:
1103 			return (dv < IKE_GROUP_DESC_MODP_768 ||
1104 			    dv > IKE_GROUP_DESC_MODP_1536) &&
1105 			    (dv < IKE_GROUP_DESC_MODP_2048 ||
1106 			    dv > IKE_GROUP_DESC_MODP_8192);
1107 		case IKE_ATTR_GROUP_TYPE:
1108 			return 1;
1109 		case IKE_ATTR_GROUP_PRIME:
1110 			return 1;
1111 		case IKE_ATTR_GROUP_GENERATOR_1:
1112 			return 1;
1113 		case IKE_ATTR_GROUP_GENERATOR_2:
1114 			return 1;
1115 		case IKE_ATTR_GROUP_CURVE_A:
1116 			return 1;
1117 		case IKE_ATTR_GROUP_CURVE_B:
1118 			return 1;
1119 		case IKE_ATTR_LIFE_TYPE:
1120 			return dv < IKE_DURATION_SECONDS ||
1121 			    dv > IKE_DURATION_KILOBYTES;
1122 		case IKE_ATTR_LIFE_DURATION:
1123 			return len != 2 && len != 4;
1124 		case IKE_ATTR_PRF:
1125 			return 1;
1126 		case IKE_ATTR_KEY_LENGTH:
1127 			/*
1128 			 * Our crypto routines only allows key-lengths which
1129 			 * are multiples of an octet.
1130 			 */
1131 			return dv % 8 != 0;
1132 		case IKE_ATTR_FIELD_SIZE:
1133 			return 1;
1134 		case IKE_ATTR_GROUP_ORDER:
1135 			return 1;
1136 		}
1137 	} else {
1138 		switch (type) {
1139 		case IPSEC_ATTR_SA_LIFE_TYPE:
1140 			return dv < IPSEC_DURATION_SECONDS ||
1141 			    dv > IPSEC_DURATION_KILOBYTES;
1142 		case IPSEC_ATTR_SA_LIFE_DURATION:
1143 			return len != 2 && len != 4;
1144 		case IPSEC_ATTR_GROUP_DESCRIPTION:
1145 			return (dv < IKE_GROUP_DESC_MODP_768 ||
1146 			    dv > IKE_GROUP_DESC_MODP_1536) &&
1147 			    (dv < IKE_GROUP_DESC_MODP_2048 ||
1148 			    IKE_GROUP_DESC_MODP_8192 < dv);
1149 		case IPSEC_ATTR_ENCAPSULATION_MODE:
1150 			return dv != IPSEC_ENCAP_TUNNEL &&
1151 			    dv != IPSEC_ENCAP_TRANSPORT &&
1152 			    dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL &&
1153 			    dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT &&
1154 			    dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT &&
1155 			    dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT;
1156 		case IPSEC_ATTR_AUTHENTICATION_ALGORITHM:
1157 			return dv < IPSEC_AUTH_HMAC_MD5 ||
1158 			    dv > IPSEC_AUTH_HMAC_RIPEMD;
1159 		case IPSEC_ATTR_KEY_LENGTH:
1160 			/*
1161 			 * XXX Blowfish needs '0'. Others appear to disregard
1162 			 * this attr?
1163 			 */
1164 			return 0;
1165 		case IPSEC_ATTR_KEY_ROUNDS:
1166 			return 1;
1167 		case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE:
1168 			return 1;
1169 		case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM:
1170 			return 1;
1171 		case IPSEC_ATTR_ECN_TUNNEL:
1172 			return 1;
1173 		}
1174 	}
1175 	/* XXX Silence gcc.  */
1176 	return 1;
1177 }
1178 
1179 /*
1180  * Log the attribute of TYPE with a LEN length value pointed to by VALUE
1181  * in human-readable form.  VMSG is a pointer to the current message.
1182  */
1183 int
ipsec_debug_attribute(u_int16_t type,u_int8_t * value,u_int16_t len,void * vmsg)1184 ipsec_debug_attribute(u_int16_t type, u_int8_t *value, u_int16_t len,
1185     void *vmsg)
1186 {
1187 	struct message *msg = vmsg;
1188 	char            val[20];
1189 
1190 	/* XXX Transient solution.  */
1191 	if (len == 2)
1192 		snprintf(val, sizeof val, "%d", decode_16(value));
1193 	else if (len == 4)
1194 		snprintf(val, sizeof val, "%d", decode_32(value));
1195 	else
1196 		snprintf(val, sizeof val, "unrepresentable");
1197 
1198 	LOG_DBG((LOG_MESSAGE, 50, "Attribute %s value %s",
1199 	    constant_name(msg->exchange->phase == 1 ? ike_attr_cst :
1200 	    ipsec_attr_cst, type), val));
1201 	return 0;
1202 }
1203 
1204 /*
1205  * Decode the attribute of type TYPE with a LEN length value pointed to by
1206  * VALUE.  VIDA is a pointer to a context structure where we can find the
1207  * current message, SA and protocol.
1208  */
1209 int
ipsec_decode_attribute(u_int16_t type,u_int8_t * value,u_int16_t len,void * vida)1210 ipsec_decode_attribute(u_int16_t type, u_int8_t *value, u_int16_t len,
1211     void *vida)
1212 {
1213 	struct ipsec_decode_arg *ida = vida;
1214 	struct message *msg = ida->msg;
1215 	struct sa      *sa = ida->sa;
1216 	struct ipsec_sa *isa = sa->data;
1217 	struct proto   *proto = ida->proto;
1218 	struct ipsec_proto *iproto = proto->data;
1219 	struct exchange *exchange = msg->exchange;
1220 	struct ipsec_exch *ie = exchange->data;
1221 	static int      lifetype = 0;
1222 
1223 	if (exchange->phase == 1) {
1224 		switch (type) {
1225 		case IKE_ATTR_ENCRYPTION_ALGORITHM:
1226 			/* XXX Errors possible?  */
1227 			exchange->crypto = crypto_get(from_ike_crypto(
1228 			    decode_16(value)));
1229 			break;
1230 		case IKE_ATTR_HASH_ALGORITHM:
1231 			/* XXX Errors possible?  */
1232 			ie->hash = hash_get(from_ike_hash(decode_16(value)));
1233 			break;
1234 		case IKE_ATTR_AUTHENTICATION_METHOD:
1235 			/* XXX Errors possible?  */
1236 			ie->ike_auth = ike_auth_get(decode_16(value));
1237 			break;
1238 		case IKE_ATTR_GROUP_DESCRIPTION:
1239 			isa->group_desc = decode_16(value);
1240 			break;
1241 		case IKE_ATTR_GROUP_TYPE:
1242 			break;
1243 		case IKE_ATTR_GROUP_PRIME:
1244 			break;
1245 		case IKE_ATTR_GROUP_GENERATOR_1:
1246 			break;
1247 		case IKE_ATTR_GROUP_GENERATOR_2:
1248 			break;
1249 		case IKE_ATTR_GROUP_CURVE_A:
1250 			break;
1251 		case IKE_ATTR_GROUP_CURVE_B:
1252 			break;
1253 		case IKE_ATTR_LIFE_TYPE:
1254 			lifetype = decode_16(value);
1255 			return 0;
1256 		case IKE_ATTR_LIFE_DURATION:
1257 			switch (lifetype) {
1258 			case IKE_DURATION_SECONDS:
1259 				switch (len) {
1260 				case 2:
1261 					sa->seconds = decode_16(value);
1262 					break;
1263 				case 4:
1264 					sa->seconds = decode_32(value);
1265 					break;
1266 				default:
1267 					log_print("ipsec_decode_attribute: "
1268 					    "unreasonable lifetime");
1269 				}
1270 				break;
1271 			case IKE_DURATION_KILOBYTES:
1272 				switch (len) {
1273 				case 2:
1274 					sa->kilobytes = decode_16(value);
1275 					break;
1276 				case 4:
1277 					sa->kilobytes = decode_32(value);
1278 					break;
1279 				default:
1280 					log_print("ipsec_decode_attribute: "
1281 					    "unreasonable lifetime");
1282 				}
1283 				break;
1284 			default:
1285 				log_print("ipsec_decode_attribute: unknown "
1286 				    "lifetime type");
1287 			}
1288 			break;
1289 		case IKE_ATTR_PRF:
1290 			break;
1291 		case IKE_ATTR_KEY_LENGTH:
1292 			exchange->key_length = decode_16(value) / 8;
1293 			break;
1294 		case IKE_ATTR_FIELD_SIZE:
1295 			break;
1296 		case IKE_ATTR_GROUP_ORDER:
1297 			break;
1298 		}
1299 	} else {
1300 		switch (type) {
1301 		case IPSEC_ATTR_SA_LIFE_TYPE:
1302 			lifetype = decode_16(value);
1303 			return 0;
1304 		case IPSEC_ATTR_SA_LIFE_DURATION:
1305 			switch (lifetype) {
1306 			case IPSEC_DURATION_SECONDS:
1307 				switch (len) {
1308 				case 2:
1309 					sa->seconds = decode_16(value);
1310 					break;
1311 				case 4:
1312 					sa->seconds = decode_32(value);
1313 					break;
1314 				default:
1315 					log_print("ipsec_decode_attribute: "
1316 					    "unreasonable lifetime");
1317 				}
1318 				break;
1319 			case IPSEC_DURATION_KILOBYTES:
1320 				switch (len) {
1321 				case 2:
1322 					sa->kilobytes = decode_16(value);
1323 					break;
1324 				case 4:
1325 					sa->kilobytes = decode_32(value);
1326 					break;
1327 				default:
1328 					log_print("ipsec_decode_attribute: "
1329 					    "unreasonable lifetime");
1330 				}
1331 				break;
1332 			default:
1333 				log_print("ipsec_decode_attribute: unknown "
1334 				    "lifetime type");
1335 			}
1336 			break;
1337 		case IPSEC_ATTR_GROUP_DESCRIPTION:
1338 			isa->group_desc = decode_16(value);
1339 			break;
1340 		case IPSEC_ATTR_ENCAPSULATION_MODE:
1341 			/*
1342 			 * XXX Multiple protocols must have same
1343 			 * encapsulation mode, no?
1344 			 */
1345 			iproto->encap_mode = decode_16(value);
1346 			break;
1347 		case IPSEC_ATTR_AUTHENTICATION_ALGORITHM:
1348 			iproto->auth = decode_16(value);
1349 			break;
1350 		case IPSEC_ATTR_KEY_LENGTH:
1351 			iproto->keylen = decode_16(value);
1352 			break;
1353 		case IPSEC_ATTR_KEY_ROUNDS:
1354 			iproto->keyrounds = decode_16(value);
1355 			break;
1356 		case IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE:
1357 			break;
1358 		case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM:
1359 			break;
1360 		case IPSEC_ATTR_ECN_TUNNEL:
1361 			break;
1362 		}
1363 	}
1364 	lifetype = 0;
1365 	return 0;
1366 }
1367 
1368 /*
1369  * Walk over the attributes of the transform payload found in BUF, and
1370  * fill out the fields of the SA attached to MSG.  Also mark the SA as
1371  * processed.
1372  */
1373 void
ipsec_decode_transform(struct message * msg,struct sa * sa,struct proto * proto,u_int8_t * buf)1374 ipsec_decode_transform(struct message *msg, struct sa *sa, struct proto *proto,
1375     u_int8_t *buf)
1376 {
1377 	struct ipsec_exch *ie = msg->exchange->data;
1378 	struct ipsec_decode_arg ida;
1379 
1380 	LOG_DBG((LOG_MISC, 20, "ipsec_decode_transform: transform %d chosen",
1381 	    GET_ISAKMP_TRANSFORM_NO(buf)));
1382 
1383 	ida.msg = msg;
1384 	ida.sa = sa;
1385 	ida.proto = proto;
1386 
1387 	/* The default IKE lifetime is 8 hours.  */
1388 	if (sa->phase == 1)
1389 		sa->seconds = 28800;
1390 
1391 	/* Extract the attributes and stuff them into the SA.  */
1392 	attribute_map(buf + ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1393 	    GET_ISAKMP_GEN_LENGTH(buf) - ISAKMP_TRANSFORM_SA_ATTRS_OFF,
1394 	    ipsec_decode_attribute, &ida);
1395 
1396 	/*
1397 	 * If no pseudo-random function was negotiated, it's HMAC.
1398 	 * XXX As PRF_HMAC currently is zero, this is a no-op.
1399          */
1400 	if (!ie->prf_type)
1401 		ie->prf_type = PRF_HMAC;
1402 }
1403 
1404 /*
1405  * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO
1406  * of the IKE security association SA.
1407  */
1408 static void
ipsec_delete_spi(struct sa * sa,struct proto * proto,int incoming)1409 ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming)
1410 {
1411 	if (sa->phase == 1)
1412 		return;
1413 	/* XXX Error handling?  Is it interesting?  */
1414 	pf_key_v2_delete_spi(sa, proto, incoming);
1415 }
1416 
1417 /*
1418  * Store BUF into the g^x entry of the exchange that message MSG belongs to.
1419  * PEER is non-zero when the value is our peer's, and zero when it is ours.
1420  */
1421 static int
ipsec_g_x(struct message * msg,int peer,u_int8_t * buf)1422 ipsec_g_x(struct message *msg, int peer, u_int8_t *buf)
1423 {
1424 	struct exchange *exchange = msg->exchange;
1425 	struct ipsec_exch *ie = exchange->data;
1426 	u_int8_t      **g_x;
1427 	int             initiator = exchange->initiator ^ peer;
1428 	char            header[32];
1429 
1430 	g_x = initiator ? &ie->g_xi : &ie->g_xr;
1431 	*g_x = malloc(ie->g_x_len);
1432 	if (!*g_x) {
1433 		log_error("ipsec_g_x: malloc (%lu) failed",
1434 		    (unsigned long)ie->g_x_len);
1435 		return -1;
1436 	}
1437 	memcpy(*g_x, buf, ie->g_x_len);
1438 	snprintf(header, sizeof header, "ipsec_g_x: g^x%c",
1439 	    initiator ? 'i' : 'r');
1440 	LOG_DBG_BUF((LOG_MISC, 80, header, *g_x, ie->g_x_len));
1441 	return 0;
1442 }
1443 
1444 /* Generate our DH value.  */
1445 int
ipsec_gen_g_x(struct message * msg)1446 ipsec_gen_g_x(struct message *msg)
1447 {
1448 	struct exchange *exchange = msg->exchange;
1449 	struct ipsec_exch *ie = exchange->data;
1450 	u_int8_t       *buf;
1451 
1452 	buf = malloc(ISAKMP_KE_SZ + ie->g_x_len);
1453 	if (!buf) {
1454 		log_error("ipsec_gen_g_x: malloc (%lu) failed",
1455 		    ISAKMP_KE_SZ + (unsigned long)ie->g_x_len);
1456 		return -1;
1457 	}
1458 	if (message_add_payload(msg, ISAKMP_PAYLOAD_KEY_EXCH, buf,
1459 	    ISAKMP_KE_SZ + ie->g_x_len, 1)) {
1460 		free(buf);
1461 		return -1;
1462 	}
1463 	if (dh_create_exchange(ie->group, buf + ISAKMP_KE_DATA_OFF)) {
1464 		log_print("ipsec_gen_g_x: dh_create_exchange failed");
1465 		free(buf);
1466 		return -1;
1467 	}
1468 	return ipsec_g_x(msg, 0, buf + ISAKMP_KE_DATA_OFF);
1469 }
1470 
1471 /* Save the peer's DH value.  */
1472 int
ipsec_save_g_x(struct message * msg)1473 ipsec_save_g_x(struct message *msg)
1474 {
1475 	struct exchange *exchange = msg->exchange;
1476 	struct ipsec_exch *ie = exchange->data;
1477 	struct payload *kep;
1478 
1479 	kep = payload_first(msg, ISAKMP_PAYLOAD_KEY_EXCH);
1480 	kep->flags |= PL_MARK;
1481 	ie->g_x_len = GET_ISAKMP_GEN_LENGTH(kep->p) - ISAKMP_KE_DATA_OFF;
1482 
1483 	/* Check that the given length matches the group's expectancy.  */
1484 	if (ie->g_x_len != (size_t) dh_getlen(ie->group)) {
1485 		/* XXX Is this a good notify type?  */
1486 		message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 0);
1487 		return -1;
1488 	}
1489 	return ipsec_g_x(msg, 1, kep->p + ISAKMP_KE_DATA_OFF);
1490 }
1491 
1492 /*
1493  * Get a SPI for PROTO and the transport MSG passed over.  Store the
1494  * size where SZ points.  NB!  A zero return is OK if *SZ is zero.
1495  */
1496 static u_int8_t *
ipsec_get_spi(size_t * sz,u_int8_t proto,struct message * msg)1497 ipsec_get_spi(size_t *sz, u_int8_t proto, struct message *msg)
1498 {
1499 	struct sockaddr *dst, *src;
1500 	struct transport *transport = msg->transport;
1501 
1502 	if (msg->exchange->phase == 1) {
1503 		*sz = 0;
1504 		return 0;
1505 	} else {
1506 		/* We are the destination in the SA we want a SPI for.  */
1507 		transport->vtbl->get_src(transport, &dst);
1508 		/* The peer is the source.  */
1509 		transport->vtbl->get_dst(transport, &src);
1510 		return pf_key_v2_get_spi(sz, proto, src, dst,
1511 		    msg->exchange->seq);
1512 	}
1513 }
1514 
1515 /*
1516  * We have gotten a payload PAYLOAD of type TYPE, which did not get handled
1517  * by the logic of the exchange MSG takes part in.  Now is the time to deal
1518  * with such a payload if we know how to, if we don't, return -1, otherwise
1519  * 0.
1520  */
1521 int
ipsec_handle_leftover_payload(struct message * msg,u_int8_t type,struct payload * payload)1522 ipsec_handle_leftover_payload(struct message *msg, u_int8_t type,
1523     struct payload *payload)
1524 {
1525 	u_int32_t       spisz, nspis;
1526 	struct sockaddr *dst;
1527 	int             reenter = 0;
1528 	u_int8_t       *spis, proto;
1529 	struct sa      *sa;
1530 
1531 	switch (type) {
1532 	case ISAKMP_PAYLOAD_DELETE:
1533 		proto = GET_ISAKMP_DELETE_PROTO(payload->p);
1534 		nspis = GET_ISAKMP_DELETE_NSPIS(payload->p);
1535 		spisz = GET_ISAKMP_DELETE_SPI_SZ(payload->p);
1536 
1537 		if (nspis == 0) {
1538 			LOG_DBG((LOG_SA, 60, "ipsec_handle_leftover_payload: "
1539 			    "message specified zero SPIs, ignoring"));
1540 			return -1;
1541 		}
1542 		/* verify proper SPI size */
1543 		if ((proto == ISAKMP_PROTO_ISAKMP &&
1544 		    spisz != ISAKMP_HDR_COOKIES_LEN) ||
1545 		    (proto != ISAKMP_PROTO_ISAKMP && spisz != sizeof(u_int32_t))) {
1546 			log_print("ipsec_handle_leftover_payload: invalid SPI "
1547 			    "size %d for proto %d in DELETE payload",
1548 			    spisz, proto);
1549 			return -1;
1550 		}
1551 		spis = (u_int8_t *) malloc(nspis * spisz);
1552 		if (!spis) {
1553 			log_error("ipsec_handle_leftover_payload: malloc "
1554 			    "(%d) failed", nspis * spisz);
1555 			return -1;
1556 		}
1557 		/* extract SPI and get dst address */
1558 		memcpy(spis, payload->p + ISAKMP_DELETE_SPI_OFF, nspis * spisz);
1559 		msg->transport->vtbl->get_dst(msg->transport, &dst);
1560 
1561 		ipsec_delete_spi_list(dst, proto, spis, nspis, "DELETE");
1562 
1563 		free(spis);
1564 		payload->flags |= PL_MARK;
1565 		return 0;
1566 
1567 	case ISAKMP_PAYLOAD_NOTIFY:
1568 		switch (GET_ISAKMP_NOTIFY_MSG_TYPE(payload->p)) {
1569 		case IPSEC_NOTIFY_INITIAL_CONTACT:
1570 			/*
1571 			 * Permit INITIAL-CONTACT if
1572 			 *   - this is not an AGGRESSIVE mode exchange
1573 			 *   - it is protected by an ISAKMP SA
1574 			 *
1575 			 * XXX Instead of the first condition above, we could
1576 			 * XXX permit this only for phase 2. In the last
1577 			 * XXX packet of main-mode, this payload, while
1578 			 * XXX encrypted, is not part of the hash digest.  As
1579 			 * XXX we currently send our own INITIAL-CONTACTs at
1580 			 * XXX this point, this too would need to be changed.
1581 			 */
1582 			if (msg->exchange->type == ISAKMP_EXCH_AGGRESSIVE) {
1583 				log_print("ipsec_handle_leftover_payload: got "
1584 				    "INITIAL-CONTACT in AGGRESSIVE mode");
1585 				return -1;
1586 			}
1587 			if ((msg->exchange->flags & EXCHANGE_FLAG_ENCRYPT)
1588 			    == 0) {
1589 				log_print("ipsec_handle_leftover_payload: got "
1590 				    "INITIAL-CONTACT without ISAKMP SA");
1591 				return -1;
1592 			}
1593 
1594 			if ((msg->flags & MSG_AUTHENTICATED) == 0) {
1595 				log_print("ipsec_handle_leftover_payload: "
1596 				    "got unauthenticated INITIAL-CONTACT");
1597 				return -1;
1598 			}
1599 			/*
1600 			 * Find out who is sending this and then delete every
1601 			 * SA that is ready.  Exchanges will timeout
1602 			 * themselves and then the non-ready SAs will
1603 			 * disappear too.
1604 			 */
1605 			msg->transport->vtbl->get_dst(msg->transport, &dst);
1606 			while ((sa = sa_lookup_by_peer(dst, SA_LEN(dst))) != 0) {
1607 				/*
1608 				 * Don't delete the current SA -- we received
1609 				 * the notification over it, so it's obviously
1610 				 * still active. We temporarily need to remove
1611 				 * the SA from the list to avoid an endless
1612 				 * loop, but keep a reference so it won't
1613 				 * disappear meanwhile.
1614 				 */
1615 				if (sa == msg->isakmp_sa) {
1616 					sa_reference(sa);
1617 					sa_remove(sa);
1618 					reenter = 1;
1619 					continue;
1620 				}
1621 				LOG_DBG((LOG_SA, 30,
1622 				    "ipsec_handle_leftover_payload: "
1623 				    "INITIAL-CONTACT made us delete SA %p",
1624 				    sa));
1625 				sa_delete(sa, 0);
1626 			}
1627 
1628 			if (reenter) {
1629 				sa_enter(msg->isakmp_sa);
1630 				sa_release(msg->isakmp_sa);
1631 			}
1632 			payload->flags |= PL_MARK;
1633 			return 0;
1634 		}
1635 	}
1636 	return -1;
1637 }
1638 
1639 /* Return the encryption keylength in octets of the ESP protocol PROTO.  */
1640 int
ipsec_esp_enckeylength(struct proto * proto)1641 ipsec_esp_enckeylength(struct proto *proto)
1642 {
1643 	struct ipsec_proto *iproto = proto->data;
1644 
1645 	/* Compute the keylength to use.  */
1646 	switch (proto->id) {
1647 	case IPSEC_ESP_DES:
1648 	case IPSEC_ESP_DES_IV32:
1649 	case IPSEC_ESP_DES_IV64:
1650 		return 8;
1651 	case IPSEC_ESP_3DES:
1652 		return 24;
1653 	case IPSEC_ESP_CAST:
1654 		if (!iproto->keylen)
1655 			return 16;
1656 		return iproto->keylen / 8;
1657 	case IPSEC_ESP_AES:
1658 	case IPSEC_ESP_AES_128_CTR:
1659 		if (!iproto->keylen)
1660 			return 16;
1661 		/* FALLTHROUGH */
1662 	default:
1663 		return iproto->keylen / 8;
1664 	}
1665 }
1666 
1667 /* Return the authentication keylength in octets of the ESP protocol PROTO.  */
1668 int
ipsec_esp_authkeylength(struct proto * proto)1669 ipsec_esp_authkeylength(struct proto *proto)
1670 {
1671 	struct ipsec_proto *iproto = proto->data;
1672 
1673 	switch (iproto->auth) {
1674 	case IPSEC_AUTH_HMAC_MD5:
1675 		return 16;
1676 	case IPSEC_AUTH_HMAC_SHA:
1677 	case IPSEC_AUTH_HMAC_RIPEMD:
1678 		return 20;
1679 	case IPSEC_AUTH_HMAC_SHA2_256:
1680 		return 32;
1681 	case IPSEC_AUTH_HMAC_SHA2_384:
1682 		return 48;
1683 	case IPSEC_AUTH_HMAC_SHA2_512:
1684 		return 64;
1685 	default:
1686 		return 0;
1687 	}
1688 }
1689 
1690 /* Return the authentication keylength in octets of the AH protocol PROTO.  */
1691 int
ipsec_ah_keylength(struct proto * proto)1692 ipsec_ah_keylength(struct proto *proto)
1693 {
1694 	switch (proto->id) {
1695 		case IPSEC_AH_MD5:
1696 		return 16;
1697 	case IPSEC_AH_SHA:
1698 	case IPSEC_AH_RIPEMD:
1699 		return 20;
1700 	case IPSEC_AH_SHA2_256:
1701 		return 32;
1702 	case IPSEC_AH_SHA2_384:
1703 		return 48;
1704 	case IPSEC_AH_SHA2_512:
1705 		return 64;
1706 	default:
1707 		return -1;
1708 	}
1709 }
1710 
1711 /* Return the total keymaterial length of the protocol PROTO.  */
1712 int
ipsec_keymat_length(struct proto * proto)1713 ipsec_keymat_length(struct proto *proto)
1714 {
1715 	switch (proto->proto) {
1716 		case IPSEC_PROTO_IPSEC_ESP:
1717 		return ipsec_esp_enckeylength(proto)
1718 		    + ipsec_esp_authkeylength(proto);
1719 	case IPSEC_PROTO_IPSEC_AH:
1720 		return ipsec_ah_keylength(proto);
1721 	default:
1722 		return -1;
1723 	}
1724 }
1725 
1726 /* Helper function for ipsec_get_id().  */
1727 static int
ipsec_get_proto_port(char * section,u_int8_t * tproto,u_int16_t * port)1728 ipsec_get_proto_port(char *section, u_int8_t *tproto, u_int16_t *port)
1729 {
1730 	struct protoent	*pe = NULL;
1731 	struct servent	*se;
1732 	char	*pstr;
1733 
1734 	pstr = conf_get_str(section, "Protocol");
1735 	if (!pstr) {
1736 		*tproto = 0;
1737 		return 0;
1738 	}
1739 	*tproto = (u_int8_t)atoi(pstr);
1740 	if (!*tproto) {
1741 		pe = getprotobyname(pstr);
1742 		if (pe)
1743 			*tproto = pe->p_proto;
1744 	}
1745 	if (!*tproto) {
1746 		log_print("ipsec_get_proto_port: protocol \"%s\" unknown",
1747 		    pstr);
1748 		return -1;
1749 	}
1750 
1751 	pstr = conf_get_str(section, "Port");
1752 	if (!pstr)
1753 		return 0;
1754 	*port = (u_int16_t)atoi(pstr);
1755 	if (!*port) {
1756 		se = getservbyname(pstr,
1757 		    pe ? pe->p_name : (pstr ? pstr : NULL));
1758 		if (se)
1759 			*port = ntohs(se->s_port);
1760 	}
1761 	if (!*port) {
1762 		log_print("ipsec_get_proto_port: port \"%s\" unknown",
1763 		    pstr);
1764 		return -1;
1765 	}
1766 	return 0;
1767 }
1768 
1769 /*
1770  * Out of a named section SECTION in the configuration file find out
1771  * the network address and mask as well as the ID type.  Put the info
1772  * in the areas pointed to by ADDR, MASK, TPROTO, PORT, and ID respectively.
1773  * Return 0 on success and -1 on failure.
1774  */
1775 int
ipsec_get_id(char * section,int * id,struct sockaddr ** addr,struct sockaddr ** mask,u_int8_t * tproto,u_int16_t * port)1776 ipsec_get_id(char *section, int *id, struct sockaddr **addr,
1777     struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port)
1778 {
1779 	char	*type, *address, *netmask;
1780 	sa_family_t	af = 0;
1781 
1782 	type = conf_get_str(section, "ID-type");
1783 	if (!type) {
1784 		log_print("ipsec_get_id: section %s has no \"ID-type\" tag",
1785 		    section);
1786 		return -1;
1787 	}
1788 	*id = constant_value(ipsec_id_cst, type);
1789 	switch (*id) {
1790 	case IPSEC_ID_IPV4_ADDR:
1791 	case IPSEC_ID_IPV4_ADDR_SUBNET:
1792 		af = AF_INET;
1793 		break;
1794 	case IPSEC_ID_IPV6_ADDR:
1795 	case IPSEC_ID_IPV6_ADDR_SUBNET:
1796 		af = AF_INET6;
1797 		break;
1798 	}
1799 	switch (*id) {
1800 	case IPSEC_ID_IPV4_ADDR:
1801 	case IPSEC_ID_IPV6_ADDR: {
1802 		int ret;
1803 
1804 		address = conf_get_str(section, "Address");
1805 		if (!address) {
1806 			log_print("ipsec_get_id: section %s has no "
1807 			    "\"Address\" tag", section);
1808 			return -1;
1809 		}
1810 		if (text2sockaddr(address, NULL, addr, af, 0)) {
1811 			log_print("ipsec_get_id: invalid address %s in "
1812 			    "section %s", address, section);
1813 			return -1;
1814 		}
1815 		ret = ipsec_get_proto_port(section, tproto, port);
1816 		if (ret < 0)
1817 			free(*addr);
1818 
1819 		return ret;
1820 	}
1821 
1822 #ifdef notyet
1823 	case IPSEC_ID_FQDN:
1824 		return -1;
1825 
1826 	case IPSEC_ID_USER_FQDN:
1827 		return -1;
1828 #endif
1829 
1830 	case IPSEC_ID_IPV4_ADDR_SUBNET:
1831 	case IPSEC_ID_IPV6_ADDR_SUBNET: {
1832 		int ret;
1833 
1834 		address = conf_get_str(section, "Network");
1835 		if (!address) {
1836 			log_print("ipsec_get_id: section %s has no "
1837 			    "\"Network\" tag", section);
1838 			return -1;
1839 		}
1840 		if (text2sockaddr(address, NULL, addr, af, 0)) {
1841 			log_print("ipsec_get_id: invalid section %s "
1842 			    "network %s", section, address);
1843 			return -1;
1844 		}
1845 		netmask = conf_get_str(section, "Netmask");
1846 		if (!netmask) {
1847 			log_print("ipsec_get_id: section %s has no "
1848 			    "\"Netmask\" tag", section);
1849 			free(*addr);
1850 			return -1;
1851 		}
1852 		if (text2sockaddr(netmask, NULL, mask, af, 1)) {
1853 			log_print("ipsec_id_build: invalid section %s "
1854 			    "network %s", section, netmask);
1855 			free(*addr);
1856 			return -1;
1857 		}
1858 		ret = ipsec_get_proto_port(section, tproto, port);
1859 		if (ret < 0) {
1860 			free(*mask);
1861 			free(*addr);
1862 		}
1863 		return ret;
1864 	}
1865 
1866 #ifdef notyet
1867 	case IPSEC_ID_IPV4_RANGE:
1868 		return -1;
1869 
1870 	case IPSEC_ID_IPV6_RANGE:
1871 		return -1;
1872 
1873 	case IPSEC_ID_DER_ASN1_DN:
1874 		return -1;
1875 
1876 	case IPSEC_ID_DER_ASN1_GN:
1877 		return -1;
1878 
1879 	case IPSEC_ID_KEY_ID:
1880 		return -1;
1881 #endif
1882 
1883 	default:
1884 		log_print("ipsec_get_id: unknown ID type \"%s\" in "
1885 		    "section %s", type, section);
1886 		return -1;
1887 	}
1888 
1889 	return 0;
1890 }
1891 
1892 /*
1893  * XXX I rather want this function to return a status code, and fail if
1894  * we cannot fit the information in the supplied buffer.
1895  */
1896 static void
ipsec_decode_id(char * buf,size_t size,u_int8_t * id,size_t id_len,int isakmpform)1897 ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len,
1898     int isakmpform)
1899 {
1900 	int             id_type;
1901 	char           *addr = 0, *mask = 0;
1902 	u_int32_t      *idp;
1903 
1904 	if (id) {
1905 		if (!isakmpform) {
1906 			/*
1907 			 * Exchanges and SAs dont carry the IDs in ISAKMP
1908 			 * form.
1909 			 */
1910 			id -= ISAKMP_GEN_SZ;
1911 			id_len += ISAKMP_GEN_SZ;
1912 		}
1913 		id_type = GET_ISAKMP_ID_TYPE(id);
1914 		idp = (u_int32_t *) (id + ISAKMP_ID_DATA_OFF);
1915 		switch (id_type) {
1916 		case IPSEC_ID_IPV4_ADDR:
1917 			util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF);
1918 			snprintf(buf, size, "%08x: %s",
1919 			    decode_32(id + ISAKMP_ID_DATA_OFF), addr);
1920 			break;
1921 
1922 		case IPSEC_ID_IPV4_ADDR_SUBNET:
1923 			util_ntoa(&addr, AF_INET, id + ISAKMP_ID_DATA_OFF);
1924 			util_ntoa(&mask, AF_INET, id + ISAKMP_ID_DATA_OFF + 4);
1925 			snprintf(buf, size, "%08x/%08x: %s/%s",
1926 			    decode_32(id + ISAKMP_ID_DATA_OFF),
1927 			decode_32(id + ISAKMP_ID_DATA_OFF + 4), addr, mask);
1928 			break;
1929 
1930 		case IPSEC_ID_IPV6_ADDR:
1931 			util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF);
1932 			snprintf(buf, size, "%08x%08x%08x%08x: %s", *idp,
1933 			    *(idp + 1), *(idp + 2), *(idp + 3), addr);
1934 			break;
1935 
1936 		case IPSEC_ID_IPV6_ADDR_SUBNET:
1937 			util_ntoa(&addr, AF_INET6, id + ISAKMP_ID_DATA_OFF);
1938 			util_ntoa(&mask, AF_INET6, id + ISAKMP_ID_DATA_OFF +
1939 			    sizeof(struct in6_addr));
1940 			snprintf(buf, size,
1941 			    "%08x%08x%08x%08x/%08x%08x%08x%08x: %s/%s", *idp,
1942 			    *(idp + 1), *(idp + 2), *(idp + 3), *(idp + 4),
1943 			    *(idp + 5), *(idp + 6), *(idp + 7), addr, mask);
1944 			break;
1945 
1946 		case IPSEC_ID_FQDN:
1947 		case IPSEC_ID_USER_FQDN:
1948 			/* String is not NUL terminated, be careful */
1949 			id_len -= ISAKMP_ID_DATA_OFF;
1950 			id_len = MIN(id_len, size - 1);
1951 			memcpy(buf, id + ISAKMP_ID_DATA_OFF, id_len);
1952 			buf[id_len] = '\0';
1953 			break;
1954 
1955 		case IPSEC_ID_DER_ASN1_DN:
1956 			addr = x509_DN_string(id + ISAKMP_ID_DATA_OFF,
1957 			    id_len - ISAKMP_ID_DATA_OFF);
1958 			if (!addr) {
1959 				snprintf(buf, size, "unparsable ASN1 DN ID");
1960 				return;
1961 			}
1962 			strlcpy(buf, addr, size);
1963 			break;
1964 
1965 		default:
1966 			snprintf(buf, size, "<id type unknown: %x>", id_type);
1967 			break;
1968 		}
1969 	} else
1970 		snprintf(buf, size, "<no ipsec id>");
1971 	if (addr)
1972 		free(addr);
1973 	if (mask)
1974 		free(mask);
1975 }
1976 
1977 char *
ipsec_decode_ids(char * fmt,u_int8_t * id1,size_t id1_len,u_int8_t * id2,size_t id2_len,int isakmpform)1978 ipsec_decode_ids(char *fmt, u_int8_t *id1, size_t id1_len, u_int8_t *id2,
1979     size_t id2_len, int isakmpform)
1980 {
1981 	static char     result[1024];
1982 	char            s_id1[256], s_id2[256];
1983 
1984 	ipsec_decode_id(s_id1, sizeof s_id1, id1, id1_len, isakmpform);
1985 	ipsec_decode_id(s_id2, sizeof s_id2, id2, id2_len, isakmpform);
1986 
1987 	snprintf(result, sizeof result, fmt, s_id1, s_id2);
1988 	return result;
1989 }
1990 
1991 /*
1992  * Out of a named section SECTION in the configuration file build an
1993  * ISAKMP ID payload.  Ths payload size should be stashed in SZ.
1994  * The caller is responsible for freeing the payload.
1995  */
1996 u_int8_t *
ipsec_build_id(char * section,size_t * sz)1997 ipsec_build_id(char *section, size_t *sz)
1998 {
1999 	struct sockaddr *addr, *mask;
2000 	u_int8_t       *p;
2001 	int             id, subnet = 0;
2002 	u_int8_t        tproto = 0;
2003 	u_int16_t       port = 0;
2004 
2005 	if (ipsec_get_id(section, &id, &addr, &mask, &tproto, &port))
2006 		return 0;
2007 
2008 	if (id == IPSEC_ID_IPV4_ADDR_SUBNET || id == IPSEC_ID_IPV6_ADDR_SUBNET)
2009 		subnet = 1;
2010 
2011 	*sz = ISAKMP_ID_SZ + sockaddr_addrlen(addr);
2012 	if (subnet)
2013 		*sz += sockaddr_addrlen(mask);
2014 
2015 	p = malloc(*sz);
2016 	if (!p) {
2017 		log_print("ipsec_build_id: malloc(%lu) failed",
2018 		    (unsigned long)*sz);
2019 		if (subnet)
2020 			free(mask);
2021 		free(addr);
2022 		return 0;
2023 	}
2024 	SET_ISAKMP_ID_TYPE(p, id);
2025 	SET_ISAKMP_ID_DOI_DATA(p, (unsigned char *)"\000\000\000");
2026 
2027 	memcpy(p + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(addr),
2028 	    sockaddr_addrlen(addr));
2029 	if (subnet)
2030 		memcpy(p + ISAKMP_ID_DATA_OFF + sockaddr_addrlen(addr),
2031 		    sockaddr_addrdata(mask), sockaddr_addrlen(mask));
2032 
2033 	SET_IPSEC_ID_PROTO(p + ISAKMP_ID_DOI_DATA_OFF, tproto);
2034 	SET_IPSEC_ID_PORT(p + ISAKMP_ID_DOI_DATA_OFF, port);
2035 
2036 	if (subnet)
2037 		free(mask);
2038 	free(addr);
2039 	return p;
2040 }
2041 
2042 /*
2043  * copy an ISAKMPD id
2044  */
2045 int
ipsec_clone_id(u_int8_t ** did,size_t * did_len,u_int8_t * id,size_t id_len)2046 ipsec_clone_id(u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len)
2047 {
2048 	if (*did)
2049 		free(*did);
2050 
2051 	if (!id_len || !id) {
2052 		*did = 0;
2053 		*did_len = 0;
2054 		return 0;
2055 	}
2056 	*did = malloc(id_len);
2057 	if (!*did) {
2058 		*did_len = 0;
2059 		log_error("ipsec_clone_id: malloc(%lu) failed",
2060 		    (unsigned long)id_len);
2061 		return -1;
2062 	}
2063 	*did_len = id_len;
2064 	memcpy(*did, id, id_len);
2065 
2066 	return 0;
2067 }
2068 
2069 /*
2070  * IPsec-specific PROTO initializations.  SECTION is only set if we are the
2071  * initiator thus only usable there.
2072  * XXX I want to fix this later.
2073  */
2074 void
ipsec_proto_init(struct proto * proto,char * section)2075 ipsec_proto_init(struct proto *proto, char *section)
2076 {
2077 	struct ipsec_proto *iproto = proto->data;
2078 
2079 	if (proto->sa->phase == 2 && section)
2080 		iproto->replay_window = conf_get_num(section, "ReplayWindow",
2081 		    DEFAULT_REPLAY_WINDOW);
2082 }
2083 
2084 /*
2085  * Add a notification payload of type INITIAL CONTACT to MSG if this is
2086  * the first contact we have made to our peer.
2087  */
2088 int
ipsec_initial_contact(struct message * msg)2089 ipsec_initial_contact(struct message *msg)
2090 {
2091 	u_int8_t *buf;
2092 
2093 	if (ipsec_contacted(msg))
2094 		return 0;
2095 
2096 	buf = malloc(ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN);
2097 	if (!buf) {
2098 		log_error("ike_phase_1_initial_contact: malloc (%d) failed",
2099 		    ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN);
2100 		return -1;
2101 	}
2102 	SET_ISAKMP_NOTIFY_DOI(buf, IPSEC_DOI_IPSEC);
2103 	SET_ISAKMP_NOTIFY_PROTO(buf, ISAKMP_PROTO_ISAKMP);
2104 	SET_ISAKMP_NOTIFY_SPI_SZ(buf, ISAKMP_HDR_COOKIES_LEN);
2105 	SET_ISAKMP_NOTIFY_MSG_TYPE(buf, IPSEC_NOTIFY_INITIAL_CONTACT);
2106 	memcpy(buf + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies,
2107 	    ISAKMP_HDR_COOKIES_LEN);
2108 	if (message_add_payload(msg, ISAKMP_PAYLOAD_NOTIFY, buf,
2109 	    ISAKMP_NOTIFY_SZ + ISAKMP_HDR_COOKIES_LEN, 1)) {
2110 		free(buf);
2111 		return -1;
2112 	}
2113 	return ipsec_add_contact(msg);
2114 }
2115 
2116 /*
2117  * Compare the two contacts pointed to by A and B.  Return negative if
2118  * *A < *B, 0 if they are equal, and positive if *A is the largest of them.
2119  */
2120 static int
addr_cmp(const void * a,const void * b)2121 addr_cmp(const void *a, const void *b)
2122 {
2123 	const struct contact *x = a, *y = b;
2124 	int             minlen = MIN(x->len, y->len);
2125 	int             rv = memcmp(x->addr, y->addr, minlen);
2126 
2127 	return rv ? rv : (x->len - y->len);
2128 }
2129 
2130 /*
2131  * Add the peer that MSG is bound to as an address we don't want to send
2132  * INITIAL CONTACT too from now on.  Do not call this function with a
2133  * specific address duplicate times. We want fast lookup, speed of insertion
2134  * is unimportant, if this is to scale.
2135  */
2136 static int
ipsec_add_contact(struct message * msg)2137 ipsec_add_contact(struct message *msg)
2138 {
2139 	struct contact *new_contacts;
2140 	struct sockaddr *dst, *addr;
2141 	int             cnt;
2142 
2143 	if (contact_cnt == contact_limit) {
2144 		cnt = contact_limit ? 2 * contact_limit : 64;
2145 		new_contacts = realloc(contacts, cnt * sizeof contacts[0]);
2146 		if (!new_contacts) {
2147 			log_error("ipsec_add_contact: "
2148 			    "realloc (%p, %lu) failed", contacts,
2149 			    cnt * (unsigned long) sizeof contacts[0]);
2150 			return -1;
2151 		}
2152 		contact_limit = cnt;
2153 		contacts = new_contacts;
2154 	}
2155 	msg->transport->vtbl->get_dst(msg->transport, &dst);
2156 	addr = malloc(SA_LEN(dst));
2157 	if (!addr) {
2158 		log_error("ipsec_add_contact: malloc (%lu) failed",
2159 		    (unsigned long)SA_LEN(dst));
2160 		return -1;
2161 	}
2162 	memcpy(addr, dst, SA_LEN(dst));
2163 	contacts[contact_cnt].addr = addr;
2164 	contacts[contact_cnt++].len = SA_LEN(dst);
2165 
2166 	/*
2167 	 * XXX There are better algorithms for already mostly-sorted data like
2168 	 * this, but only qsort is standard.  I will someday do this inline.
2169          */
2170 	qsort(contacts, contact_cnt, sizeof *contacts, addr_cmp);
2171 	return 0;
2172 }
2173 
2174 /* Return true if the recipient of MSG has already been contacted.  */
2175 static int
ipsec_contacted(struct message * msg)2176 ipsec_contacted(struct message *msg)
2177 {
2178 	struct contact  contact;
2179 
2180 	msg->transport->vtbl->get_dst(msg->transport, &contact.addr);
2181 	contact.len = SA_LEN(contact.addr);
2182 	return contacts ? (bsearch(&contact, contacts, contact_cnt,
2183 	    sizeof *contacts, addr_cmp) != 0) : 0;
2184 }
2185 
2186 /* Add a HASH for to MSG.  */
2187 u_int8_t *
ipsec_add_hash_payload(struct message * msg,size_t hashsize)2188 ipsec_add_hash_payload(struct message *msg, size_t hashsize)
2189 {
2190 	u_int8_t *buf;
2191 
2192 	buf = malloc(ISAKMP_HASH_SZ + hashsize);
2193 	if (!buf) {
2194 		log_error("ipsec_add_hash_payload: malloc (%lu) failed",
2195 		    ISAKMP_HASH_SZ + (unsigned long) hashsize);
2196 		return 0;
2197 	}
2198 	if (message_add_payload(msg, ISAKMP_PAYLOAD_HASH, buf,
2199 	    ISAKMP_HASH_SZ + hashsize, 1)) {
2200 		free(buf);
2201 		return 0;
2202 	}
2203 	return buf;
2204 }
2205 
2206 /* Fill in the HASH payload of MSG.  */
2207 int
ipsec_fill_in_hash(struct message * msg)2208 ipsec_fill_in_hash(struct message *msg)
2209 {
2210 	struct exchange *exchange = msg->exchange;
2211 	struct sa      *isakmp_sa = msg->isakmp_sa;
2212 	struct ipsec_sa *isa = isakmp_sa->data;
2213 	struct hash    *hash = hash_get(isa->hash);
2214 	struct prf     *prf;
2215 	struct payload *payload;
2216 	u_int8_t       *buf;
2217 	u_int32_t       i;
2218 	char            header[80];
2219 
2220 	/* If no SKEYID_a, we need not do anything.  */
2221 	if (!isa->skeyid_a)
2222 		return 0;
2223 
2224 	payload = payload_first(msg, ISAKMP_PAYLOAD_HASH);
2225 	if (!payload) {
2226 		log_print("ipsec_fill_in_hash: no HASH payload found");
2227 		return -1;
2228 	}
2229 	buf = payload->p;
2230 
2231 	/* Allocate the prf and start calculating our HASH(1).  */
2232 	LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: SKEYID_a",
2233 	    isa->skeyid_a, isa->skeyid_len));
2234 	prf = prf_alloc(isa->prf_type, hash->type, isa->skeyid_a,
2235 	    isa->skeyid_len);
2236 	if (!prf)
2237 		return -1;
2238 
2239 	prf->Init(prf->prfctx);
2240 	LOG_DBG_BUF((LOG_MISC, 90, "ipsec_fill_in_hash: message_id",
2241 	    exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
2242 	prf->Update(prf->prfctx, exchange->message_id,
2243 	    ISAKMP_HDR_MESSAGE_ID_LEN);
2244 
2245 	/* Loop over all payloads after HASH(1).  */
2246 	for (i = 2; i < msg->iovlen; i++) {
2247 		/* XXX Misleading payload type printouts.  */
2248 		snprintf(header, sizeof header,
2249 		    "ipsec_fill_in_hash: payload %d after HASH(1)", i - 1);
2250 		LOG_DBG_BUF((LOG_MISC, 90, header, msg->iov[i].iov_base,
2251 		    msg->iov[i].iov_len));
2252 		prf->Update(prf->prfctx, msg->iov[i].iov_base,
2253 		    msg->iov[i].iov_len);
2254 	}
2255 	prf->Final(buf + ISAKMP_HASH_DATA_OFF, prf->prfctx);
2256 	prf_free(prf);
2257 	LOG_DBG_BUF((LOG_MISC, 80, "ipsec_fill_in_hash: HASH(1)", buf +
2258 	    ISAKMP_HASH_DATA_OFF, hash->hashsize));
2259 
2260 	return 0;
2261 }
2262 
2263 /* Add a HASH payload to MSG, if we have an ISAKMP SA we're protected by.  */
2264 static int
ipsec_informational_pre_hook(struct message * msg)2265 ipsec_informational_pre_hook(struct message *msg)
2266 {
2267 	struct sa      *isakmp_sa = msg->isakmp_sa;
2268 	struct ipsec_sa *isa;
2269 	struct hash    *hash;
2270 
2271 	if (!isakmp_sa)
2272 		return 0;
2273 	isa = isakmp_sa->data;
2274 	hash = hash_get(isa->hash);
2275 	return ipsec_add_hash_payload(msg, hash->hashsize) == 0;
2276 }
2277 
2278 /*
2279  * Fill in the HASH payload in MSG, if we have an ISAKMP SA we're protected by.
2280  */
2281 static int
ipsec_informational_post_hook(struct message * msg)2282 ipsec_informational_post_hook(struct message *msg)
2283 {
2284 	if (!msg->isakmp_sa)
2285 		return 0;
2286 	return ipsec_fill_in_hash(msg);
2287 }
2288 
2289 ssize_t
ipsec_id_size(char * section,u_int8_t * id)2290 ipsec_id_size(char *section, u_int8_t *id)
2291 {
2292 	char *type, *data;
2293 
2294 	type = conf_get_str(section, "ID-type");
2295 	if (!type) {
2296 		log_print("ipsec_id_size: section %s has no \"ID-type\" tag",
2297 		    section);
2298 		return -1;
2299 	}
2300 	*id = constant_value(ipsec_id_cst, type);
2301 	switch (*id) {
2302 	case IPSEC_ID_IPV4_ADDR:
2303 		return sizeof(struct in_addr);
2304 	case IPSEC_ID_IPV4_ADDR_SUBNET:
2305 		return 2 * sizeof(struct in_addr);
2306 	case IPSEC_ID_IPV6_ADDR:
2307 		return sizeof(struct in6_addr);
2308 	case IPSEC_ID_IPV6_ADDR_SUBNET:
2309 		return 2 * sizeof(struct in6_addr);
2310 	case IPSEC_ID_FQDN:
2311 	case IPSEC_ID_USER_FQDN:
2312 	case IPSEC_ID_KEY_ID:
2313 	case IPSEC_ID_DER_ASN1_DN:
2314 	case IPSEC_ID_DER_ASN1_GN:
2315 		data = conf_get_str(section, "Name");
2316 		if (!data) {
2317 			log_print("ipsec_id_size: "
2318 			    "section %s has no \"Name\" tag", section);
2319 			return -1;
2320 		}
2321 		return strlen(data);
2322 	}
2323 	log_print("ipsec_id_size: unrecognized/unsupported ID-type %d (%s)",
2324 	    *id, type);
2325 	return -1;
2326 }
2327 
2328 /*
2329  * Generate a string version of the ID.
2330  */
2331 char *
ipsec_id_string(u_int8_t * id,size_t id_len)2332 ipsec_id_string(u_int8_t *id, size_t id_len)
2333 {
2334 	char           *buf = 0;
2335 	char           *addrstr = 0;
2336 	size_t          len, size;
2337 
2338 	/*
2339 	 * XXX Real ugly way of making the offsets correct.  Be aware that id
2340 	 * now will point before the actual buffer and cannot be dereferenced
2341 	 * without an offset larger than or equal to ISAKM_GEN_SZ.
2342          */
2343 	id -= ISAKMP_GEN_SZ;
2344 
2345 	/* This is the actual length of the ID data field.  */
2346 	id_len += ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF;
2347 
2348 	/*
2349 	 * Conservative allocation.
2350 	 * XXX I think the ASN1 DN case can be thought through to give a better
2351 	 * estimate.
2352          */
2353 	size = MAX(sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
2354 	    sizeof "asn1_dn/" + id_len - ISAKMP_ID_DATA_OFF);
2355 	buf = malloc(size);
2356 	if (!buf)
2357 		/* XXX Log?  */
2358 		goto fail;
2359 
2360 	switch (GET_ISAKMP_ID_TYPE(id)) {
2361 	case IPSEC_ID_IPV4_ADDR:
2362 		if (id_len < sizeof(struct in_addr))
2363 			goto fail;
2364 		util_ntoa(&addrstr, AF_INET, id + ISAKMP_ID_DATA_OFF);
2365 		if (!addrstr)
2366 			goto fail;
2367 		snprintf(buf, size, "ipv4/%s", addrstr);
2368 		break;
2369 
2370 	case IPSEC_ID_IPV6_ADDR:
2371 		if (id_len < sizeof(struct in6_addr))
2372 			goto fail;
2373 		util_ntoa(&addrstr, AF_INET6, id + ISAKMP_ID_DATA_OFF);
2374 		if (!addrstr)
2375 			goto fail;
2376 		snprintf(buf, size, "ipv6/%s", addrstr);
2377 		break;
2378 
2379 	case IPSEC_ID_FQDN:
2380 	case IPSEC_ID_USER_FQDN:
2381 		strlcpy(buf,
2382 		GET_ISAKMP_ID_TYPE(id) == IPSEC_ID_FQDN ? "fqdn/" : "ufqdn/",
2383 		    size);
2384 		len = strlen(buf);
2385 
2386 		memcpy(buf + len, id + ISAKMP_ID_DATA_OFF, id_len);
2387 		*(buf + len + id_len) = '\0';
2388 		break;
2389 
2390 	case IPSEC_ID_DER_ASN1_DN:
2391 		strlcpy(buf, "asn1_dn/", size);
2392 		len = strlen(buf);
2393 		addrstr = x509_DN_string(id + ISAKMP_ID_DATA_OFF,
2394 		    id_len - ISAKMP_ID_DATA_OFF);
2395 		if (!addrstr)
2396 			goto fail;
2397 		if (size < len + strlen(addrstr) + 1)
2398 			goto fail;
2399 		strlcpy(buf + len, addrstr, size - len);
2400 		break;
2401 
2402 	default:
2403 		/* Unknown type.  */
2404 		LOG_DBG((LOG_MISC, 10,
2405 		    "ipsec_id_string: unknown identity type %d\n",
2406 		    GET_ISAKMP_ID_TYPE(id)));
2407 		goto fail;
2408 	}
2409 
2410 	if (addrstr)
2411 		free(addrstr);
2412 	return buf;
2413 
2414 fail:
2415 	if (buf)
2416 		free(buf);
2417 	if (addrstr)
2418 		free(addrstr);
2419 	return 0;
2420 }
2421