1/* $OpenBSD: ikev2_pld.c,v 1.135 2024/04/02 19:58:28 tobhe Exp $ */ 2 3/* 4 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> 5 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 6 * Copyright (c) 2014 Hans-Joerg Hoexer 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21#include <sys/queue.h> 22#include <sys/socket.h> 23#include <sys/uio.h> 24 25#include <netinet/in.h> 26#include <arpa/inet.h> 27 28#include <stdlib.h> 29#include <stdio.h> 30#include <unistd.h> 31#include <string.h> 32#include <signal.h> 33#include <endian.h> 34#include <errno.h> 35#include <err.h> 36#include <event.h> 37 38#include <openssl/sha.h> 39#include <openssl/evp.h> 40 41#include "iked.h" 42#include "ikev2.h" 43#include "eap.h" 44#include "dh.h" 45 46int ikev2_validate_pld(struct iked_message *, size_t, size_t, 47 struct ikev2_payload *); 48int ikev2_pld_payloads(struct iked *, struct iked_message *, 49 size_t, size_t, unsigned int); 50int ikev2_validate_sa(struct iked_message *, size_t, size_t, 51 struct ikev2_sa_proposal *); 52int ikev2_pld_sa(struct iked *, struct ikev2_payload *, 53 struct iked_message *, size_t, size_t); 54int ikev2_validate_xform(struct iked_message *, size_t, size_t, 55 struct ikev2_transform *); 56int ikev2_pld_xform(struct iked *, struct iked_message *, 57 size_t, size_t); 58int ikev2_validate_attr(struct iked_message *, size_t, size_t, 59 struct ikev2_attribute *); 60int ikev2_pld_attr(struct iked *, struct ikev2_transform *, 61 struct iked_message *, size_t, size_t); 62int ikev2_validate_ke(struct iked_message *, size_t, size_t, 63 struct ikev2_keyexchange *); 64int ikev2_pld_ke(struct iked *, struct ikev2_payload *, 65 struct iked_message *, size_t, size_t); 66int ikev2_validate_id(struct iked_message *, size_t, size_t, 67 struct ikev2_id *); 68int ikev2_pld_id(struct iked *, struct ikev2_payload *, 69 struct iked_message *, size_t, size_t, unsigned int); 70int ikev2_validate_cert(struct iked_message *, size_t, size_t, 71 struct ikev2_cert *); 72int ikev2_pld_cert(struct iked *, struct ikev2_payload *, 73 struct iked_message *, size_t, size_t); 74int ikev2_validate_certreq(struct iked_message *, size_t, size_t, 75 struct ikev2_cert *); 76int ikev2_pld_certreq(struct iked *, struct ikev2_payload *, 77 struct iked_message *, size_t, size_t); 78int ikev2_pld_nonce(struct iked *, struct ikev2_payload *, 79 struct iked_message *, size_t, size_t); 80int ikev2_validate_notify(struct iked_message *, size_t, size_t, 81 struct ikev2_notify *); 82int ikev2_pld_notify(struct iked *, struct ikev2_payload *, 83 struct iked_message *, size_t, size_t); 84int ikev2_validate_delete(struct iked_message *, size_t, size_t, 85 struct ikev2_delete *); 86int ikev2_pld_delete(struct iked *, struct ikev2_payload *, 87 struct iked_message *, size_t, size_t); 88int ikev2_validate_tss(struct iked_message *, size_t, size_t, 89 struct ikev2_tsp *); 90int ikev2_pld_tss(struct iked *, struct ikev2_payload *, 91 struct iked_message *, size_t, size_t); 92int ikev2_validate_ts(struct iked_message *, size_t, size_t, 93 struct ikev2_ts *); 94int ikev2_pld_ts(struct iked *, struct ikev2_payload *, 95 struct iked_message *, size_t, size_t, unsigned int); 96int ikev2_validate_auth(struct iked_message *, size_t, size_t, 97 struct ikev2_auth *); 98int ikev2_pld_auth(struct iked *, struct ikev2_payload *, 99 struct iked_message *, size_t, size_t); 100int ikev2_pld_e(struct iked *, struct ikev2_payload *, 101 struct iked_message *, size_t, size_t); 102int ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld, 103 struct iked_message *msg, size_t offset, size_t left); 104int ikev2_frags_reassemble(struct iked *env, 105 struct ikev2_payload *pld, struct iked_message *msg); 106int ikev2_validate_cp(struct iked_message *, size_t, size_t, 107 struct ikev2_cp *); 108int ikev2_pld_cp(struct iked *, struct ikev2_payload *, 109 struct iked_message *, size_t, size_t); 110int ikev2_validate_eap(struct iked_message *, size_t, size_t, 111 struct eap_header *); 112int ikev2_pld_eap(struct iked *, struct ikev2_payload *, 113 struct iked_message *, size_t, size_t); 114 115int 116ikev2_pld_parse(struct iked *env, struct ike_header *hdr, 117 struct iked_message *msg, size_t offset) 118{ 119 log_debug("%s: header ispi %s rspi %s" 120 " nextpayload %s version 0x%02x exchange %s flags 0x%02x" 121 " msgid %d length %u response %d", __func__, 122 print_spi(betoh64(hdr->ike_ispi), 8), 123 print_spi(betoh64(hdr->ike_rspi), 8), 124 print_map(hdr->ike_nextpayload, ikev2_payload_map), 125 hdr->ike_version, 126 print_map(hdr->ike_exchange, ikev2_exchange_map), 127 hdr->ike_flags, 128 betoh32(hdr->ike_msgid), 129 betoh32(hdr->ike_length), 130 msg->msg_response); 131 132 if (ibuf_size(msg->msg_data) < betoh32(hdr->ike_length)) { 133 log_debug("%s: short message", __func__); 134 return (-1); 135 } 136 137 offset += sizeof(*hdr); 138 139 return (ikev2_pld_payloads(env, msg, offset, 140 betoh32(hdr->ike_length), hdr->ike_nextpayload)); 141} 142 143int 144ikev2_validate_pld(struct iked_message *msg, size_t offset, size_t left, 145 struct ikev2_payload *pld) 146{ 147 uint8_t *msgbuf = ibuf_data(msg->msg_data); 148 size_t pld_length; 149 150 /* We need at least the generic header. */ 151 if (left < sizeof(*pld)) { 152 log_debug("%s: malformed payload: too short for generic " 153 "header (%zu < %zu)", __func__, left, sizeof(*pld)); 154 return (-1); 155 } 156 memcpy(pld, msgbuf + offset, sizeof(*pld)); 157 158 /* 159 * We need at least the specified number of bytes. 160 * pld_length is the full size of the payload including 161 * the generic payload header. 162 */ 163 pld_length = betoh16(pld->pld_length); 164 if (left < pld_length) { 165 log_debug("%s: malformed payload: shorter than specified " 166 "(%zu < %zu)", __func__, left, pld_length); 167 return (-1); 168 } 169 /* 170 * Sanity check the specified payload size, it must 171 * be at least the size of the generic payload header. 172 */ 173 if (pld_length < sizeof(*pld)) { 174 log_debug("%s: malformed payload: shorter than minimum " 175 "header size (%zu < %zu)", __func__, pld_length, 176 sizeof(*pld)); 177 return (-1); 178 } 179 180 return (0); 181} 182 183int 184ikev2_pld_payloads(struct iked *env, struct iked_message *msg, 185 size_t offset, size_t length, unsigned int payload) 186{ 187 struct ikev2_payload pld; 188 unsigned int e; 189 int ret; 190 uint8_t *msgbuf = ibuf_data(msg->msg_data); 191 size_t total, left; 192 193 /* Check if message was decrypted in an E payload */ 194 e = msg->msg_e ? IKED_E : 0; 195 196 /* Bytes left in datagram. */ 197 total = length - offset; 198 199 while (payload != 0 && offset < length) { 200 if (ikev2_validate_pld(msg, offset, total, &pld)) 201 return (-1); 202 203 log_debug("%s: %spayload %s" 204 " nextpayload %s critical 0x%02x length %d", 205 __func__, e ? "decrypted " : "", 206 print_map(payload, ikev2_payload_map), 207 print_map(pld.pld_nextpayload, ikev2_payload_map), 208 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD, 209 betoh16(pld.pld_length)); 210 211 /* Skip over generic payload header. */ 212 offset += sizeof(pld); 213 total -= sizeof(pld); 214 left = betoh16(pld.pld_length) - sizeof(pld); 215 ret = 0; 216 217 switch (payload | e) { 218 case IKEV2_PAYLOAD_SA: 219 case IKEV2_PAYLOAD_SA | IKED_E: 220 ret = ikev2_pld_sa(env, &pld, msg, offset, left); 221 break; 222 case IKEV2_PAYLOAD_KE: 223 case IKEV2_PAYLOAD_KE | IKED_E: 224 ret = ikev2_pld_ke(env, &pld, msg, offset, left); 225 break; 226 case IKEV2_PAYLOAD_IDi | IKED_E: 227 case IKEV2_PAYLOAD_IDr | IKED_E: 228 ret = ikev2_pld_id(env, &pld, msg, offset, left, 229 payload); 230 break; 231 case IKEV2_PAYLOAD_CERT | IKED_E: 232 ret = ikev2_pld_cert(env, &pld, msg, offset, left); 233 break; 234 case IKEV2_PAYLOAD_CERTREQ: 235 case IKEV2_PAYLOAD_CERTREQ | IKED_E: 236 ret = ikev2_pld_certreq(env, &pld, msg, offset, left); 237 break; 238 case IKEV2_PAYLOAD_AUTH | IKED_E: 239 ret = ikev2_pld_auth(env, &pld, msg, offset, left); 240 break; 241 case IKEV2_PAYLOAD_NONCE: 242 case IKEV2_PAYLOAD_NONCE | IKED_E: 243 ret = ikev2_pld_nonce(env, &pld, msg, offset, left); 244 break; 245 case IKEV2_PAYLOAD_NOTIFY: 246 case IKEV2_PAYLOAD_NOTIFY | IKED_E: 247 ret = ikev2_pld_notify(env, &pld, msg, offset, left); 248 break; 249 case IKEV2_PAYLOAD_DELETE | IKED_E: 250 ret = ikev2_pld_delete(env, &pld, msg, offset, left); 251 break; 252 case IKEV2_PAYLOAD_TSi | IKED_E: 253 case IKEV2_PAYLOAD_TSr | IKED_E: 254 ret = ikev2_pld_tss(env, &pld, msg, offset, left); 255 break; 256 case IKEV2_PAYLOAD_SK: 257 ret = ikev2_pld_e(env, &pld, msg, offset, left); 258 break; 259 case IKEV2_PAYLOAD_SKF: 260 ret = ikev2_pld_ef(env, &pld, msg, offset, left); 261 break; 262 case IKEV2_PAYLOAD_CP | IKED_E: 263 ret = ikev2_pld_cp(env, &pld, msg, offset, left); 264 break; 265 case IKEV2_PAYLOAD_EAP | IKED_E: 266 ret = ikev2_pld_eap(env, &pld, msg, offset, left); 267 break; 268 default: 269 print_hex(msgbuf, offset, 270 betoh16(pld.pld_length) - sizeof(pld)); 271 break; 272 } 273 274 if (ret != 0 && ikev2_msg_frompeer(msg)) { 275 (void)ikev2_send_informational(env, msg); 276 return (-1); 277 } 278 279 /* Encrypted payloads must appear last */ 280 if ((payload == IKEV2_PAYLOAD_SK) || 281 (payload == IKEV2_PAYLOAD_SKF)) 282 return (0); 283 284 payload = pld.pld_nextpayload; 285 offset += left; 286 total -= left; 287 } 288 289 return (0); 290} 291 292int 293ikev2_validate_sa(struct iked_message *msg, size_t offset, size_t left, 294 struct ikev2_sa_proposal *sap) 295{ 296 uint8_t *msgbuf = ibuf_data(msg->msg_data); 297 size_t sap_length; 298 299 if (left < sizeof(*sap)) { 300 log_debug("%s: malformed payload: too short for header " 301 "(%zu < %zu)", __func__, left, sizeof(*sap)); 302 return (-1); 303 } 304 memcpy(sap, msgbuf + offset, sizeof(*sap)); 305 306 sap_length = betoh16(sap->sap_length); 307 if (sap_length < sizeof(*sap)) { 308 log_debug("%s: malformed payload: shorter than minimum header " 309 "size (%zu < %zu)", __func__, sap_length, sizeof(*sap)); 310 return (-1); 311 } 312 if (left < sap_length) { 313 log_debug("%s: malformed payload: too long for actual payload " 314 "size (%zu < %zu)", __func__, left, sap_length); 315 return (-1); 316 } 317 /* 318 * If there is only one proposal, sap_length must be the 319 * total payload size. 320 */ 321 if (!sap->sap_more && left != sap_length) { 322 log_debug("%s: malformed payload: SA payload length mismatches " 323 "single proposal substructure length (%zu != %zu)", 324 __func__, left, sap_length); 325 return (-1); 326 } 327 /* 328 * If there are more than one proposal, there must be bytes 329 * left in the payload. 330 */ 331 if (sap->sap_more && left <= sap_length) { 332 log_debug("%s: malformed payload: SA payload too small for " 333 "further proposals (%zu <= %zu)", __func__, 334 left, sap_length); 335 return (-1); 336 } 337 return (0); 338} 339 340int 341ikev2_pld_sa(struct iked *env, struct ikev2_payload *pld, 342 struct iked_message *msg, size_t offset, size_t left) 343{ 344 struct ikev2_sa_proposal sap; 345 struct iked_proposal *prop = NULL; 346 uint32_t spi32; 347 uint64_t spi = 0, spi64; 348 uint8_t *msgbuf = ibuf_data(msg->msg_data); 349 int r; 350 struct iked_proposals *props; 351 size_t total; 352 353 do { 354 if (ikev2_validate_sa(msg, offset, left, &sap)) 355 return (-1); 356 357 /* Assumed size of the first proposals, including SPI if present. */ 358 total = (betoh16(sap.sap_length) - sizeof(sap)); 359 360 props = &msg->msg_parent->msg_proposals; 361 362 offset += sizeof(sap); 363 left -= sizeof(sap); 364 365 if (sap.sap_spisize) { 366 if (left < sap.sap_spisize) { 367 log_debug("%s: malformed payload: SPI larger than " 368 "actual payload (%zu < %d)", __func__, left, 369 sap.sap_spisize); 370 return (-1); 371 } 372 if (total < sap.sap_spisize) { 373 log_debug("%s: malformed payload: SPI larger than " 374 "proposal (%zu < %d)", __func__, total, 375 sap.sap_spisize); 376 return (-1); 377 } 378 switch (sap.sap_spisize) { 379 case 4: 380 memcpy(&spi32, msgbuf + offset, 4); 381 spi = betoh32(spi32); 382 break; 383 case 8: 384 memcpy(&spi64, msgbuf + offset, 8); 385 spi = betoh64(spi64); 386 break; 387 default: 388 log_debug("%s: unsupported SPI size %d", 389 __func__, sap.sap_spisize); 390 return (-1); 391 } 392 393 offset += sap.sap_spisize; 394 left -= sap.sap_spisize; 395 396 /* Assumed size of the proposal, now without SPI. */ 397 total -= sap.sap_spisize; 398 } 399 400 /* 401 * As we verified sanity of packet headers, this check will 402 * be always false, but just to be sure we keep it. 403 */ 404 if (left < total) { 405 log_debug("%s: malformed payload: too long for payload " 406 "(%zu < %zu)", __func__, left, total); 407 return (-1); 408 } 409 410 log_debug("%s: more %d reserved %d length %d" 411 " proposal #%d protoid %s spisize %d xforms %d spi %s", 412 __func__, sap.sap_more, sap.sap_reserved, 413 betoh16(sap.sap_length), sap.sap_proposalnr, 414 print_map(sap.sap_protoid, ikev2_saproto_map), sap.sap_spisize, 415 sap.sap_transforms, print_spi(spi, sap.sap_spisize)); 416 417 if (ikev2_msg_frompeer(msg)) { 418 if ((msg->msg_parent->msg_prop = config_add_proposal(props, 419 sap.sap_proposalnr, sap.sap_protoid)) == NULL) { 420 log_debug("%s: invalid proposal", __func__); 421 return (-1); 422 } 423 prop = msg->msg_parent->msg_prop; 424 prop->prop_peerspi.spi = spi; 425 prop->prop_peerspi.spi_protoid = sap.sap_protoid; 426 prop->prop_peerspi.spi_size = sap.sap_spisize; 427 428 prop->prop_localspi.spi_protoid = sap.sap_protoid; 429 prop->prop_localspi.spi_size = sap.sap_spisize; 430 } 431 432 /* 433 * Parse the attached transforms 434 */ 435 if (sap.sap_transforms) { 436 r = ikev2_pld_xform(env, msg, offset, total); 437 if ((r == -2) && ikev2_msg_frompeer(msg)) { 438 log_debug("%s: invalid proposal transform", 439 __func__); 440 441 /* cleanup and ignore proposal */ 442 config_free_proposal(props, prop); 443 prop = msg->msg_parent->msg_prop = NULL; 444 } else if (r != 0) { 445 log_debug("%s: invalid proposal transforms", 446 __func__); 447 return (-1); 448 } 449 } 450 451 offset += total; 452 left -= total; 453 } while (sap.sap_more); 454 455 return (0); 456} 457 458int 459ikev2_validate_xform(struct iked_message *msg, size_t offset, size_t total, 460 struct ikev2_transform *xfrm) 461{ 462 uint8_t *msgbuf = ibuf_data(msg->msg_data); 463 size_t xfrm_length; 464 465 if (total < sizeof(*xfrm)) { 466 log_debug("%s: malformed payload: too short for header " 467 "(%zu < %zu)", __func__, total, sizeof(*xfrm)); 468 return (-1); 469 } 470 memcpy(xfrm, msgbuf + offset, sizeof(*xfrm)); 471 472 xfrm_length = betoh16(xfrm->xfrm_length); 473 if (xfrm_length < sizeof(*xfrm)) { 474 log_debug("%s: malformed payload: shorter than minimum header " 475 "size (%zu < %zu)", __func__, xfrm_length, sizeof(*xfrm)); 476 return (-1); 477 } 478 if (total < xfrm_length) { 479 log_debug("%s: malformed payload: too long for payload size " 480 "(%zu < %zu)", __func__, total, xfrm_length); 481 return (-1); 482 } 483 484 return (0); 485} 486 487int 488ikev2_pld_xform(struct iked *env, struct iked_message *msg, 489 size_t offset, size_t total) 490{ 491 struct ikev2_transform xfrm; 492 char id[BUFSIZ]; 493 int ret = 0; 494 int r; 495 size_t xfrm_length; 496 497 if (ikev2_validate_xform(msg, offset, total, &xfrm)) 498 return (-1); 499 500 xfrm_length = betoh16(xfrm.xfrm_length); 501 502 switch (xfrm.xfrm_type) { 503 case IKEV2_XFORMTYPE_ENCR: 504 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 505 ikev2_xformencr_map), sizeof(id)); 506 break; 507 case IKEV2_XFORMTYPE_PRF: 508 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 509 ikev2_xformprf_map), sizeof(id)); 510 break; 511 case IKEV2_XFORMTYPE_INTEGR: 512 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 513 ikev2_xformauth_map), sizeof(id)); 514 break; 515 case IKEV2_XFORMTYPE_DH: 516 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 517 ikev2_xformdh_map), sizeof(id)); 518 break; 519 case IKEV2_XFORMTYPE_ESN: 520 strlcpy(id, print_map(betoh16(xfrm.xfrm_id), 521 ikev2_xformesn_map), sizeof(id)); 522 break; 523 default: 524 snprintf(id, sizeof(id), "<%d>", betoh16(xfrm.xfrm_id)); 525 break; 526 } 527 528 log_debug("%s: more %d reserved %d length %zu" 529 " type %s id %s", 530 __func__, xfrm.xfrm_more, xfrm.xfrm_reserved, xfrm_length, 531 print_map(xfrm.xfrm_type, ikev2_xformtype_map), id); 532 533 /* 534 * Parse transform attributes, if available 535 */ 536 msg->msg_attrlength = 0; 537 if (xfrm_length > sizeof(xfrm)) { 538 if (ikev2_pld_attr(env, &xfrm, msg, offset + sizeof(xfrm), 539 xfrm_length - sizeof(xfrm)) != 0) { 540 return (-1); 541 } 542 } 543 544 if (ikev2_msg_frompeer(msg)) { 545 r = config_add_transform(msg->msg_parent->msg_prop, 546 xfrm.xfrm_type, betoh16(xfrm.xfrm_id), 547 msg->msg_attrlength, msg->msg_attrlength); 548 if (r == -1) { 549 log_debug("%s: failed to add transform: alloc error", 550 __func__); 551 return (r); 552 } else if (r == -2) { 553 log_debug("%s: failed to add transform: unknown type", 554 __func__); 555 return (r); 556 } 557 } 558 559 /* Next transform */ 560 offset += xfrm_length; 561 total -= xfrm_length; 562 if (xfrm.xfrm_more == IKEV2_XFORM_MORE) 563 ret = ikev2_pld_xform(env, msg, offset, total); 564 else if (total != 0) { 565 /* No more transforms but still some data left. */ 566 log_debug("%s: less data than specified, %zu bytes left", 567 __func__, total); 568 ret = -1; 569 } 570 571 return (ret); 572} 573 574int 575ikev2_validate_attr(struct iked_message *msg, size_t offset, size_t total, 576 struct ikev2_attribute *attr) 577{ 578 uint8_t *msgbuf = ibuf_data(msg->msg_data); 579 580 if (total < sizeof(*attr)) { 581 log_debug("%s: malformed payload: too short for header " 582 "(%zu < %zu)", __func__, total, sizeof(*attr)); 583 return (-1); 584 } 585 memcpy(attr, msgbuf + offset, sizeof(*attr)); 586 587 return (0); 588} 589 590int 591ikev2_pld_attr(struct iked *env, struct ikev2_transform *xfrm, 592 struct iked_message *msg, size_t offset, size_t total) 593{ 594 struct ikev2_attribute attr; 595 unsigned int type; 596 uint8_t *msgbuf = ibuf_data(msg->msg_data); 597 int ret = 0; 598 size_t attr_length; 599 600 if (ikev2_validate_attr(msg, offset, total, &attr)) 601 return (-1); 602 603 type = betoh16(attr.attr_type) & ~IKEV2_ATTRAF_TV; 604 605 log_debug("%s: attribute type %s length %d total %zu", 606 __func__, print_map(type, ikev2_attrtype_map), 607 betoh16(attr.attr_length), total); 608 609 if (betoh16(attr.attr_type) & IKEV2_ATTRAF_TV) { 610 /* Type-Value attribute */ 611 offset += sizeof(attr); 612 total -= sizeof(attr); 613 614 if (type == IKEV2_ATTRTYPE_KEY_LENGTH) 615 msg->msg_attrlength = betoh16(attr.attr_length); 616 } else { 617 /* Type-Length-Value attribute */ 618 attr_length = betoh16(attr.attr_length); 619 if (attr_length < sizeof(attr)) { 620 log_debug("%s: malformed payload: shorter than " 621 "minimum header size (%zu < %zu)", __func__, 622 attr_length, sizeof(attr)); 623 return (-1); 624 } 625 if (total < attr_length) { 626 log_debug("%s: malformed payload: attribute larger " 627 "than actual payload (%zu < %zu)", __func__, 628 total, attr_length); 629 return (-1); 630 } 631 print_hex(msgbuf, offset + sizeof(attr), 632 attr_length - sizeof(attr)); 633 offset += attr_length; 634 total -= attr_length; 635 } 636 637 if (total > 0) { 638 /* Next attribute */ 639 ret = ikev2_pld_attr(env, xfrm, msg, offset, total); 640 } 641 642 return (ret); 643} 644 645int 646ikev2_validate_ke(struct iked_message *msg, size_t offset, size_t left, 647 struct ikev2_keyexchange *kex) 648{ 649 uint8_t *msgbuf = ibuf_data(msg->msg_data); 650 651 if (left < sizeof(*kex)) { 652 log_debug("%s: malformed payload: too short for header " 653 "(%zu < %zu)", __func__, left, sizeof(*kex)); 654 return (-1); 655 } 656 memcpy(kex, msgbuf + offset, sizeof(*kex)); 657 658 return (0); 659} 660 661int 662ikev2_pld_ke(struct iked *env, struct ikev2_payload *pld, 663 struct iked_message *msg, size_t offset, size_t left) 664{ 665 struct ikev2_keyexchange kex; 666 uint8_t *buf; 667 size_t len; 668 uint8_t *msgbuf = ibuf_data(msg->msg_data); 669 670 if (ikev2_validate_ke(msg, offset, left, &kex)) 671 return (-1); 672 673 log_debug("%s: dh group %s reserved %d", __func__, 674 print_map(betoh16(kex.kex_dhgroup), ikev2_xformdh_map), 675 betoh16(kex.kex_reserved)); 676 677 buf = msgbuf + offset + sizeof(kex); 678 len = left - sizeof(kex); 679 680 if (len == 0) { 681 log_debug("%s: malformed payload: no KE data given", __func__); 682 return (-1); 683 } 684 685 print_hex(buf, 0, len); 686 687 if (ikev2_msg_frompeer(msg)) { 688 if (msg->msg_parent->msg_ke != NULL) { 689 log_info("%s: duplicate KE payload", __func__); 690 return (-1); 691 } 692 if ((msg->msg_parent->msg_ke = ibuf_new(buf, len)) == NULL) { 693 log_debug("%s: failed to get exchange", __func__); 694 return (-1); 695 } 696 msg->msg_parent->msg_dhgroup = betoh16(kex.kex_dhgroup); 697 } 698 699 return (0); 700} 701 702int 703ikev2_validate_id(struct iked_message *msg, size_t offset, size_t left, 704 struct ikev2_id *id) 705{ 706 uint8_t *msgbuf = ibuf_data(msg->msg_data); 707 708 if (left < sizeof(*id)) { 709 log_debug("%s: malformed payload: too short for header " 710 "(%zu < %zu)", __func__, left, sizeof(*id)); 711 return (-1); 712 } 713 memcpy(id, msgbuf + offset, sizeof(*id)); 714 715 if (id->id_type == IKEV2_ID_NONE) { 716 log_debug("%s: malformed payload: invalid ID type.", 717 __func__); 718 return (-1); 719 } 720 721 return (0); 722} 723 724int 725ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, 726 struct iked_message *msg, size_t offset, size_t left, unsigned int payload) 727{ 728 uint8_t *ptr; 729 struct ikev2_id id; 730 size_t len; 731 struct iked_id *idp, idb; 732 const struct iked_sa *sa = msg->msg_sa; 733 uint8_t *msgbuf = ibuf_data(msg->msg_data); 734 char idstr[IKED_ID_SIZE]; 735 736 if (ikev2_validate_id(msg, offset, left, &id)) 737 return (-1); 738 739 bzero(&idb, sizeof(idb)); 740 741 /* Don't strip the Id payload header */ 742 ptr = msgbuf + offset; 743 len = left; 744 745 idb.id_type = id.id_type; 746 idb.id_offset = sizeof(id); 747 if ((idb.id_buf = ibuf_new(ptr, len)) == NULL) 748 return (-1); 749 750 if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) { 751 ibuf_free(idb.id_buf); 752 log_debug("%s: malformed id", __func__); 753 return (-1); 754 } 755 756 log_debug("%s: id %s length %zu", __func__, idstr, len); 757 758 if (!ikev2_msg_frompeer(msg)) { 759 ibuf_free(idb.id_buf); 760 return (0); 761 } 762 763 if (((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) || 764 (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) 765 idp = &msg->msg_parent->msg_peerid; 766 else if (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) 767 idp = &msg->msg_parent->msg_localid; 768 else { 769 ibuf_free(idb.id_buf); 770 log_debug("%s: unexpected id payload", __func__); 771 return (0); 772 } 773 774 if (idp->id_type) { 775 ibuf_free(idb.id_buf); 776 log_debug("%s: duplicate id payload", __func__); 777 return (-1); 778 } 779 780 idp->id_buf = idb.id_buf; 781 idp->id_offset = idb.id_offset; 782 idp->id_type = idb.id_type; 783 784 return (0); 785} 786 787int 788ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left, 789 struct ikev2_cert *cert) 790{ 791 uint8_t *msgbuf = ibuf_data(msg->msg_data); 792 793 if (left < sizeof(*cert)) { 794 log_debug("%s: malformed payload: too short for header " 795 "(%zu < %zu)", __func__, left, sizeof(*cert)); 796 return (-1); 797 } 798 memcpy(cert, msgbuf + offset, sizeof(*cert)); 799 if (cert->cert_type == IKEV2_CERT_NONE) { 800 log_debug("%s: malformed payload: invalid cert type", __func__); 801 return (-1); 802 } 803 804 return (0); 805} 806 807int 808ikev2_pld_cert(struct iked *env, struct ikev2_payload *pld, 809 struct iked_message *msg, size_t offset, size_t left) 810{ 811 struct ikev2_cert cert; 812 uint8_t *buf; 813 size_t len; 814 struct iked_id *certid; 815 uint8_t *msgbuf = ibuf_data(msg->msg_data); 816 const struct iked_sa *sa = msg->msg_sa; 817 int i; 818 819 if (ikev2_validate_cert(msg, offset, left, &cert)) 820 return (-1); 821 offset += sizeof(cert); 822 823 buf = msgbuf + offset; 824 len = left - sizeof(cert); 825 826 log_debug("%s: type %s length %zu", 827 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 828 829 print_hex(buf, 0, len); 830 831 if (!ikev2_msg_frompeer(msg)) 832 return (0); 833 834 /* do not accept internal encoding in the wire */ 835 if (cert.cert_type == IKEV2_CERT_BUNDLE) { 836 log_debug("%s: ignoring IKEV2_CERT_BUNDLE", 837 SPI_SA(sa, __func__)); 838 return (0); 839 } 840 841 certid = &msg->msg_parent->msg_cert; 842 if (certid->id_type) { 843 /* try to set supplemental certs */ 844 for (i = 0; i < IKED_SCERT_MAX; i++) { 845 certid = &msg->msg_parent->msg_scert[i]; 846 if (!certid->id_type) 847 break; 848 } 849 if (certid->id_type) { 850 log_debug("%s: too many cert payloads, ignoring", 851 SPI_SA(sa, __func__)); 852 return (0); 853 } 854 } 855 856 if ((certid->id_buf = ibuf_new(buf, len)) == NULL) { 857 log_debug("%s: failed to save cert", __func__); 858 return (-1); 859 } 860 certid->id_type = cert.cert_type; 861 certid->id_offset = 0; 862 863 return (0); 864} 865 866int 867ikev2_validate_certreq(struct iked_message *msg, size_t offset, size_t left, 868 struct ikev2_cert *cert) 869{ 870 uint8_t *msgbuf = ibuf_data(msg->msg_data); 871 872 if (left < sizeof(*cert)) { 873 log_debug("%s: malformed payload: too short for header " 874 "(%zu < %zu)", __func__, left, sizeof(*cert)); 875 return (-1); 876 } 877 memcpy(cert, msgbuf + offset, sizeof(*cert)); 878 879 return (0); 880} 881 882int 883ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld, 884 struct iked_message *msg, size_t offset, size_t left) 885{ 886 struct ikev2_cert cert; 887 struct iked_certreq *cr; 888 uint8_t *buf; 889 ssize_t len; 890 uint8_t *msgbuf = ibuf_data(msg->msg_data); 891 892 if (ikev2_validate_certreq(msg, offset, left, &cert)) 893 return (-1); 894 offset += sizeof(cert); 895 896 buf = msgbuf + offset; 897 len = left - sizeof(cert); 898 899 log_debug("%s: type %s length %zd", 900 __func__, print_map(cert.cert_type, ikev2_cert_map), len); 901 902 print_hex(buf, 0, len); 903 904 if (!ikev2_msg_frompeer(msg)) 905 return (0); 906 907 if (cert.cert_type == IKEV2_CERT_X509_CERT) { 908 if (len == 0) { 909 log_info("%s: invalid length 0", __func__); 910 return (0); 911 } 912 if ((len % SHA_DIGEST_LENGTH) != 0) { 913 log_info("%s: invalid certificate request", 914 __func__); 915 return (-1); 916 } 917 } 918 919 if ((cr = calloc(1, sizeof(struct iked_certreq))) == NULL) { 920 log_info("%s: failed to allocate certreq.", __func__); 921 return (-1); 922 } 923 if ((cr->cr_data = ibuf_new(buf, len)) == NULL) { 924 log_info("%s: failed to allocate buffer.", __func__); 925 free(cr); 926 return (-1); 927 } 928 cr->cr_type = cert.cert_type; 929 SIMPLEQ_INSERT_TAIL(&msg->msg_parent->msg_certreqs, cr, cr_entry); 930 931 return (0); 932} 933 934int 935ikev2_validate_auth(struct iked_message *msg, size_t offset, size_t left, 936 struct ikev2_auth *auth) 937{ 938 uint8_t *msgbuf = ibuf_data(msg->msg_data); 939 940 if (left < sizeof(*auth)) { 941 log_debug("%s: malformed payload: too short for header " 942 "(%zu < %zu)", __func__, left, sizeof(*auth)); 943 return (-1); 944 } 945 memcpy(auth, msgbuf + offset, sizeof(*auth)); 946 947 if (auth->auth_method == 0) { 948 log_info("%s: malformed payload: invalid auth method", 949 __func__); 950 return (-1); 951 } 952 953 return (0); 954} 955 956int 957ikev2_pld_auth(struct iked *env, struct ikev2_payload *pld, 958 struct iked_message *msg, size_t offset, size_t left) 959{ 960 struct ikev2_auth auth; 961 struct iked_id *idp; 962 uint8_t *buf; 963 size_t len; 964 uint8_t *msgbuf = ibuf_data(msg->msg_data); 965 966 if (ikev2_validate_auth(msg, offset, left, &auth)) 967 return (-1); 968 offset += sizeof(auth); 969 970 buf = msgbuf + offset; 971 len = left - sizeof(auth); 972 973 log_debug("%s: method %s length %zu", 974 __func__, print_map(auth.auth_method, ikev2_auth_map), len); 975 976 print_hex(buf, 0, len); 977 978 if (!ikev2_msg_frompeer(msg)) 979 return (0); 980 981 idp = &msg->msg_parent->msg_auth; 982 if (idp->id_type) { 983 log_debug("%s: duplicate auth payload", __func__); 984 return (-1); 985 } 986 987 ibuf_free(idp->id_buf); 988 idp->id_type = auth.auth_method; 989 idp->id_offset = 0; 990 if ((idp->id_buf = ibuf_new(buf, len)) == NULL) 991 return (-1); 992 993 return (0); 994} 995 996int 997ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld, 998 struct iked_message *msg, size_t offset, size_t left) 999{ 1000 size_t len; 1001 uint8_t *buf; 1002 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1003 1004 buf = msgbuf + offset; 1005 len = left; 1006 1007 if (len == 0) { 1008 log_debug("%s: malformed payload: no NONCE given", __func__); 1009 return (-1); 1010 } 1011 1012 print_hex(buf, 0, len); 1013 1014 if (ikev2_msg_frompeer(msg)) { 1015 if (msg->msg_parent->msg_nonce != NULL) { 1016 log_info("%s: duplicate NONCE payload", __func__); 1017 return (-1); 1018 } 1019 if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) { 1020 log_debug("%s: failed to get peer nonce", __func__); 1021 return (-1); 1022 } 1023 msg->msg_parent->msg_nonce = msg->msg_nonce; 1024 } 1025 1026 return (0); 1027} 1028 1029int 1030ikev2_validate_notify(struct iked_message *msg, size_t offset, size_t left, 1031 struct ikev2_notify *n) 1032{ 1033 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1034 1035 if (left < sizeof(*n)) { 1036 log_debug("%s: malformed payload: too short for header " 1037 "(%zu < %zu)", __func__, left, sizeof(*n)); 1038 return (-1); 1039 } 1040 memcpy(n, msgbuf + offset, sizeof(*n)); 1041 1042 return (0); 1043} 1044 1045int 1046ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, 1047 struct iked_message *msg, size_t offset, size_t left) 1048{ 1049 struct ikev2_notify n; 1050 const struct iked_sa *sa = msg->msg_sa; 1051 uint8_t *buf, md[SHA_DIGEST_LENGTH]; 1052 uint32_t spi32; 1053 uint64_t spi64; 1054 struct iked_spi *rekey; 1055 uint16_t type; 1056 uint16_t signature_hash; 1057 1058 if (ikev2_validate_notify(msg, offset, left, &n)) 1059 return (-1); 1060 type = betoh16(n.n_type); 1061 1062 log_debug("%s: protoid %s spisize %d type %s", 1063 __func__, 1064 print_map(n.n_protoid, ikev2_saproto_map), n.n_spisize, 1065 print_map(type, ikev2_n_map)); 1066 1067 left -= sizeof(n); 1068 if ((buf = ibuf_seek(msg->msg_data, offset + sizeof(n), left)) == NULL) 1069 return (-1); 1070 1071 print_hex(buf, 0, left); 1072 1073 if (!ikev2_msg_frompeer(msg)) 1074 return (0); 1075 1076 switch (type) { 1077 case IKEV2_N_NAT_DETECTION_SOURCE_IP: 1078 case IKEV2_N_NAT_DETECTION_DESTINATION_IP: 1079 if (left != sizeof(md)) { 1080 log_debug("%s: malformed payload: hash size mismatch" 1081 " (%zu != %zu)", __func__, left, sizeof(md)); 1082 return (-1); 1083 } 1084 if (ikev2_nat_detection(env, msg, md, sizeof(md), type, 1085 ikev2_msg_frompeer(msg)) == -1) 1086 return (-1); 1087 if (memcmp(buf, md, left) != 0) { 1088 log_debug("%s: %s detected NAT", __func__, 1089 print_map(type, ikev2_n_map)); 1090 if (type == IKEV2_N_NAT_DETECTION_SOURCE_IP) 1091 msg->msg_parent->msg_nat_detected 1092 |= IKED_MSG_NAT_SRC_IP; 1093 else 1094 msg->msg_parent->msg_nat_detected 1095 |= IKED_MSG_NAT_DST_IP; 1096 } 1097 print_hex(md, 0, sizeof(md)); 1098 /* remember for MOBIKE */ 1099 msg->msg_parent->msg_natt_rcvd = 1; 1100 break; 1101 case IKEV2_N_AUTHENTICATION_FAILED: 1102 if (!msg->msg_e) { 1103 log_debug("%s: AUTHENTICATION_FAILED not encrypted", 1104 __func__); 1105 return (-1); 1106 } 1107 /* 1108 * If we are the responder, then we only accept 1109 * AUTHENTICATION_FAILED from authenticated peers. 1110 * If we are the initiator, the peer cannot be authenticated. 1111 */ 1112 if (!sa->sa_hdr.sh_initiator) { 1113 if (!sa_stateok(sa, IKEV2_STATE_VALID)) { 1114 log_debug("%s: ignoring AUTHENTICATION_FAILED" 1115 " from unauthenticated initiator", 1116 __func__); 1117 return (-1); 1118 } 1119 } else { 1120 if (sa_stateok(sa, IKEV2_STATE_VALID)) { 1121 log_debug("%s: ignoring AUTHENTICATION_FAILED" 1122 " from authenticated responder", 1123 __func__); 1124 return (-1); 1125 } 1126 } 1127 msg->msg_parent->msg_flags 1128 |= IKED_MSG_FLAGS_AUTHENTICATION_FAILED; 1129 break; 1130 case IKEV2_N_INVALID_KE_PAYLOAD: 1131 if (sa_stateok(sa, IKEV2_STATE_VALID) && 1132 !msg->msg_e) { 1133 log_debug("%s: INVALID_KE_PAYLOAD not encrypted", 1134 __func__); 1135 return (-1); 1136 } 1137 if (left != sizeof(msg->msg_parent->msg_group)) { 1138 log_debug("%s: malformed payload: group size mismatch" 1139 " (%zu != %zu)", __func__, left, 1140 sizeof(msg->msg_parent->msg_group)); 1141 return (-1); 1142 } 1143 memcpy(&msg->msg_parent->msg_group, buf, left); 1144 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_INVALID_KE; 1145 break; 1146 case IKEV2_N_NO_ADDITIONAL_SAS: 1147 if (!msg->msg_e) { 1148 log_debug("%s: NO_ADDITIONAL_SAS not encrypted", 1149 __func__); 1150 return (-1); 1151 } 1152 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_ADDITIONAL_SAS; 1153 break; 1154 case IKEV2_N_REKEY_SA: 1155 if (!msg->msg_e) { 1156 log_debug("%s: N_REKEY_SA not encrypted", __func__); 1157 return (-1); 1158 } 1159 if (left != n.n_spisize) { 1160 log_debug("%s: malformed notification", __func__); 1161 return (-1); 1162 } 1163 rekey = &msg->msg_parent->msg_rekey; 1164 if (rekey->spi != 0) { 1165 log_debug("%s: rekeying of multiple SAs not supported", 1166 __func__); 1167 return (-1); 1168 } 1169 switch (n.n_spisize) { 1170 case 4: 1171 memcpy(&spi32, buf, left); 1172 rekey->spi = betoh32(spi32); 1173 break; 1174 case 8: 1175 memcpy(&spi64, buf, left); 1176 rekey->spi = betoh64(spi64); 1177 break; 1178 default: 1179 log_debug("%s: invalid spi size %d", __func__, 1180 n.n_spisize); 1181 return (-1); 1182 } 1183 rekey->spi_size = n.n_spisize; 1184 rekey->spi_protoid = n.n_protoid; 1185 1186 log_debug("%s: rekey %s spi %s", __func__, 1187 print_map(n.n_protoid, ikev2_saproto_map), 1188 print_spi(rekey->spi, n.n_spisize)); 1189 break; 1190 case IKEV2_N_TEMPORARY_FAILURE: 1191 if (!msg->msg_e) { 1192 log_debug("%s: IKEV2_N_TEMPORARY_FAILURE not encrypted", 1193 __func__); 1194 return (-1); 1195 } 1196 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_TEMPORARY_FAILURE; 1197 break; 1198 case IKEV2_N_IPCOMP_SUPPORTED: 1199 if (!msg->msg_e) { 1200 log_debug("%s: N_IPCOMP_SUPPORTED not encrypted", 1201 __func__); 1202 return (-1); 1203 } 1204 if (left < sizeof(msg->msg_parent->msg_cpi) + 1205 sizeof(msg->msg_parent->msg_transform)) { 1206 log_debug("%s: ignoring malformed ipcomp notification", 1207 __func__); 1208 return (0); 1209 } 1210 memcpy(&msg->msg_parent->msg_cpi, buf, 1211 sizeof(msg->msg_parent->msg_cpi)); 1212 memcpy(&msg->msg_parent->msg_transform, 1213 buf + sizeof(msg->msg_parent->msg_cpi), 1214 sizeof(msg->msg_parent->msg_transform)); 1215 1216 log_debug("%s: %s cpi 0x%x, transform %s, length %zu", __func__, 1217 msg->msg_parent->msg_response ? "res" : "req", 1218 betoh16(msg->msg_parent->msg_cpi), 1219 print_map(msg->msg_parent->msg_transform, 1220 ikev2_ipcomp_map), left); 1221 1222 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_IPCOMP_SUPPORTED; 1223 break; 1224 case IKEV2_N_CHILD_SA_NOT_FOUND: 1225 if (!msg->msg_e) { 1226 log_debug("%s: N_CHILD_SA_NOT_FOUND not encrypted", 1227 __func__); 1228 return (-1); 1229 } 1230 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_CHILD_SA_NOT_FOUND; 1231 break; 1232 case IKEV2_N_NO_PROPOSAL_CHOSEN: 1233 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN; 1234 break; 1235 case IKEV2_N_MOBIKE_SUPPORTED: 1236 if (!msg->msg_e) { 1237 log_debug("%s: N_MOBIKE_SUPPORTED not encrypted", 1238 __func__); 1239 return (-1); 1240 } 1241 if (left != 0) { 1242 log_debug("%s: ignoring malformed mobike" 1243 " notification: %zu", __func__, left); 1244 return (0); 1245 } 1246 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_MOBIKE; 1247 break; 1248 case IKEV2_N_USE_TRANSPORT_MODE: 1249 if (!msg->msg_e) { 1250 log_debug("%s: N_USE_TRANSPORT_MODE not encrypted", 1251 __func__); 1252 return (-1); 1253 } 1254 if (left != 0) { 1255 log_debug("%s: ignoring malformed transport mode" 1256 " notification: %zu", __func__, left); 1257 return (0); 1258 } 1259 if (msg->msg_parent->msg_response) { 1260 if (!(msg->msg_policy->pol_flags & IKED_POLICY_TRANSPORT)) { 1261 log_debug("%s: ignoring transport mode" 1262 " notification (policy)", __func__); 1263 return (0); 1264 } 1265 } 1266 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_USE_TRANSPORT; 1267 break; 1268 case IKEV2_N_UPDATE_SA_ADDRESSES: 1269 if (!msg->msg_e) { 1270 log_debug("%s: N_UPDATE_SA_ADDRESSES not encrypted", 1271 __func__); 1272 return (-1); 1273 } 1274 if (!sa->sa_mobike) { 1275 log_debug("%s: ignoring update sa addresses" 1276 " notification w/o mobike: %zu", __func__, left); 1277 return (0); 1278 } 1279 if (left != 0) { 1280 log_debug("%s: ignoring malformed update sa addresses" 1281 " notification: %zu", __func__, left); 1282 return (0); 1283 } 1284 msg->msg_parent->msg_update_sa_addresses = 1; 1285 break; 1286 case IKEV2_N_COOKIE2: 1287 if (!msg->msg_e) { 1288 log_debug("%s: N_COOKIE2 not encrypted", 1289 __func__); 1290 return (-1); 1291 } 1292 if (!sa->sa_mobike) { 1293 log_debug("%s: ignoring cookie2 notification" 1294 " w/o mobike: %zu", __func__, left); 1295 return (0); 1296 } 1297 if (left < IKED_COOKIE2_MIN || left > IKED_COOKIE2_MAX) { 1298 log_debug("%s: ignoring malformed cookie2" 1299 " notification: %zu", __func__, left); 1300 return (0); 1301 } 1302 ibuf_free(msg->msg_cookie2); /* should not happen */ 1303 if ((msg->msg_cookie2 = ibuf_new(buf, left)) == NULL) { 1304 log_debug("%s: failed to get peer cookie2", __func__); 1305 return (-1); 1306 } 1307 msg->msg_parent->msg_cookie2 = msg->msg_cookie2; 1308 break; 1309 case IKEV2_N_COOKIE: 1310 if (msg->msg_e) { 1311 log_debug("%s: N_COOKIE encrypted", 1312 __func__); 1313 return (-1); 1314 } 1315 if (left < IKED_COOKIE_MIN || left > IKED_COOKIE_MAX) { 1316 log_debug("%s: ignoring malformed cookie" 1317 " notification: %zu", __func__, left); 1318 return (0); 1319 } 1320 log_debug("%s: received cookie, len %zu", __func__, left); 1321 print_hex(buf, 0, left); 1322 1323 ibuf_free(msg->msg_cookie); 1324 if ((msg->msg_cookie = ibuf_new(buf, left)) == NULL) { 1325 log_debug("%s: failed to get peer cookie", __func__); 1326 return (-1); 1327 } 1328 msg->msg_parent->msg_cookie = msg->msg_cookie; 1329 break; 1330 case IKEV2_N_FRAGMENTATION_SUPPORTED: 1331 if (msg->msg_e) { 1332 log_debug("%s: N_FRAGMENTATION_SUPPORTED encrypted", 1333 __func__); 1334 return (-1); 1335 } 1336 if (left != 0) { 1337 log_debug("%s: ignoring malformed fragmentation" 1338 " notification: %zu", __func__, left); 1339 return (0); 1340 } 1341 msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_FRAGMENTATION; 1342 break; 1343 case IKEV2_N_SIGNATURE_HASH_ALGORITHMS: 1344 if (msg->msg_e) { 1345 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: encrypted", 1346 __func__); 1347 return (-1); 1348 } 1349 if (sa == NULL) { 1350 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: no SA", 1351 __func__); 1352 return (-1); 1353 } 1354 if (sa->sa_sigsha2) { 1355 log_debug("%s: SIGNATURE_HASH_ALGORITHMS: " 1356 "duplicate notify", __func__); 1357 return (0); 1358 } 1359 if (left < sizeof(signature_hash) || 1360 left % sizeof(signature_hash)) { 1361 log_debug("%s: malformed signature hash notification" 1362 "(%zu bytes)", __func__, left); 1363 return (0); 1364 } 1365 while (left >= sizeof(signature_hash)) { 1366 memcpy(&signature_hash, buf, sizeof(signature_hash)); 1367 signature_hash = betoh16(signature_hash); 1368 log_debug("%s: signature hash %s (%x)", __func__, 1369 print_map(signature_hash, ikev2_sighash_map), 1370 signature_hash); 1371 left -= sizeof(signature_hash); 1372 buf += sizeof(signature_hash); 1373 if (signature_hash == IKEV2_SIGHASH_SHA2_256) 1374 msg->msg_parent->msg_flags 1375 |= IKED_MSG_FLAGS_SIGSHA2; 1376 } 1377 break; 1378 } 1379 1380 return (0); 1381} 1382 1383int 1384ikev2_validate_delete(struct iked_message *msg, size_t offset, size_t left, 1385 struct ikev2_delete *del) 1386{ 1387 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1388 1389 if (left < sizeof(*del)) { 1390 log_debug("%s: malformed payload: too short for header " 1391 "(%zu < %zu)", __func__, left, sizeof(*del)); 1392 return (-1); 1393 } 1394 memcpy(del, msgbuf + offset, sizeof(*del)); 1395 1396 if (del->del_protoid == 0) { 1397 log_info("%s: malformed payload: invalid protoid", __func__); 1398 return (-1); 1399 } 1400 1401 return (0); 1402} 1403 1404int 1405ikev2_pld_delete(struct iked *env, struct ikev2_payload *pld, 1406 struct iked_message *msg, size_t offset, size_t left) 1407{ 1408 struct ikev2_delete del; 1409 uint8_t *buf, *msgbuf = ibuf_data(msg->msg_data); 1410 size_t cnt, sz, len; 1411 1412 if (ikev2_validate_delete(msg, offset, left, &del)) 1413 return (-1); 1414 1415 /* Skip if it's a response, then we don't have to deal with it */ 1416 if (ikev2_msg_frompeer(msg) && 1417 msg->msg_parent->msg_response) 1418 return (0); 1419 1420 cnt = betoh16(del.del_nspi); 1421 sz = del.del_spisize; 1422 1423 log_debug("%s: proto %s spisize %zu nspi %zu", 1424 __func__, print_map(del.del_protoid, ikev2_saproto_map), 1425 sz, cnt); 1426 1427 if (msg->msg_parent->msg_del_protoid) { 1428 log_debug("%s: duplicate delete payload", __func__); 1429 return (0); 1430 } 1431 1432 msg->msg_parent->msg_del_protoid = del.del_protoid; 1433 msg->msg_parent->msg_del_cnt = cnt; 1434 msg->msg_parent->msg_del_spisize = sz; 1435 1436 buf = msgbuf + offset + sizeof(del); 1437 len = left - sizeof(del); 1438 if (len == 0 || sz == 0 || cnt == 0) 1439 return (0); 1440 1441 if ((len / sz) != cnt) { 1442 log_debug("%s: invalid payload length %zu/%zu != %zu", 1443 __func__, len, sz, cnt); 1444 return (-1); 1445 } 1446 1447 print_hex(buf, 0, len); 1448 1449 msg->msg_parent->msg_del_buf = ibuf_new(buf, len); 1450 1451 return (0); 1452} 1453 1454int 1455ikev2_validate_tss(struct iked_message *msg, size_t offset, size_t left, 1456 struct ikev2_tsp *tsp) 1457{ 1458 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1459 1460 if (left < sizeof(*tsp)) { 1461 log_debug("%s: malformed payload: too short for header " 1462 "(%zu < %zu)", __func__, left, sizeof(*tsp)); 1463 return (-1); 1464 } 1465 memcpy(tsp, msgbuf + offset, sizeof(*tsp)); 1466 1467 return (0); 1468} 1469 1470int 1471ikev2_pld_tss(struct iked *env, struct ikev2_payload *pld, 1472 struct iked_message *msg, size_t offset, size_t left) 1473{ 1474 struct ikev2_tsp tsp; 1475 struct ikev2_ts ts; 1476 size_t ts_len, i; 1477 1478 if (ikev2_validate_tss(msg, offset, left, &tsp)) 1479 return (-1); 1480 1481 offset += sizeof(tsp); 1482 left -= sizeof(tsp); 1483 1484 log_debug("%s: count %d length %zu", __func__, 1485 tsp.tsp_count, left); 1486 1487 for (i = 0; i < tsp.tsp_count; i++) { 1488 if (ikev2_validate_ts(msg, offset, left, &ts)) 1489 return (-1); 1490 1491 log_debug("%s: type %s protoid %u length %d " 1492 "startport %u endport %u", __func__, 1493 print_map(ts.ts_type, ikev2_ts_map), 1494 ts.ts_protoid, betoh16(ts.ts_length), 1495 betoh16(ts.ts_startport), 1496 betoh16(ts.ts_endport)); 1497 1498 offset += sizeof(ts); 1499 left -= sizeof(ts); 1500 1501 ts_len = betoh16(ts.ts_length) - sizeof(ts); 1502 if (ikev2_pld_ts(env, pld, msg, offset, ts_len, ts.ts_type)) 1503 return (-1); 1504 1505 offset += ts_len; 1506 left -= ts_len; 1507 } 1508 1509 return (0); 1510} 1511 1512int 1513ikev2_validate_ts(struct iked_message *msg, size_t offset, size_t left, 1514 struct ikev2_ts *ts) 1515{ 1516 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1517 size_t ts_length; 1518 1519 if (left < sizeof(*ts)) { 1520 log_debug("%s: malformed payload: too short for header " 1521 "(%zu < %zu)", __func__, left, sizeof(*ts)); 1522 return (-1); 1523 } 1524 memcpy(ts, msgbuf + offset, sizeof(*ts)); 1525 1526 ts_length = betoh16(ts->ts_length); 1527 if (ts_length < sizeof(*ts)) { 1528 log_debug("%s: malformed payload: shorter than minimum header " 1529 "size (%zu < %zu)", __func__, ts_length, sizeof(*ts)); 1530 return (-1); 1531 } 1532 if (left < ts_length) { 1533 log_debug("%s: malformed payload: too long for payload size " 1534 "(%zu < %zu)", __func__, left, ts_length); 1535 return (-1); 1536 } 1537 1538 return (0); 1539} 1540 1541int 1542ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld, 1543 struct iked_message *msg, size_t offset, size_t left, unsigned int type) 1544{ 1545 struct sockaddr_in start4, end4; 1546 struct sockaddr_in6 start6, end6; 1547 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1548 uint8_t *ptr; 1549 1550 ptr = msgbuf + offset; 1551 1552 switch (type) { 1553 case IKEV2_TS_IPV4_ADDR_RANGE: 1554 if (left < 2 * 4) { 1555 log_debug("%s: malformed payload: too short " 1556 "for ipv4 addr range (%zu < %u)", 1557 __func__, left, 2 * 4); 1558 return (-1); 1559 } 1560 1561 bzero(&start4, sizeof(start4)); 1562 start4.sin_family = AF_INET; 1563 start4.sin_len = sizeof(start4); 1564 memcpy(&start4.sin_addr.s_addr, ptr, 4); 1565 ptr += 4; 1566 left -= 4; 1567 1568 bzero(&end4, sizeof(end4)); 1569 end4.sin_family = AF_INET; 1570 end4.sin_len = sizeof(end4); 1571 memcpy(&end4.sin_addr.s_addr, ptr, 4); 1572 left -= 4; 1573 1574 log_debug("%s: start %s end %s", __func__, 1575 print_addr(&start4), print_addr(&end4)); 1576 break; 1577 case IKEV2_TS_IPV6_ADDR_RANGE: 1578 if (left < 2 * 16) { 1579 log_debug("%s: malformed payload: too short " 1580 "for ipv6 addr range (%zu < %u)", 1581 __func__, left, 2 * 16); 1582 return (-1); 1583 } 1584 bzero(&start6, sizeof(start6)); 1585 start6.sin6_family = AF_INET6; 1586 start6.sin6_len = sizeof(start6); 1587 memcpy(&start6.sin6_addr, ptr, 16); 1588 ptr += 16; 1589 left -= 16; 1590 1591 bzero(&end6, sizeof(end6)); 1592 end6.sin6_family = AF_INET6; 1593 end6.sin6_len = sizeof(end6); 1594 memcpy(&end6.sin6_addr, ptr, 16); 1595 left -= 16; 1596 1597 log_debug("%s: start %s end %s", __func__, 1598 print_addr(&start6), print_addr(&end6)); 1599 break; 1600 default: 1601 log_debug("%s: ignoring unknown TS type %u", __func__, type); 1602 return (0); 1603 } 1604 1605 if (left > 0) { 1606 log_debug("%s: malformed payload: left (%zu) > 0", 1607 __func__, left); 1608 return (-1); 1609 } 1610 1611 return (0); 1612} 1613 1614int 1615ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld, 1616 struct iked_message *msg, size_t offset, size_t left) 1617{ 1618 struct iked_sa *sa = msg->msg_sa; 1619 struct iked_frag *sa_frag = &sa->sa_fragments; 1620 struct iked_frag_entry *el; 1621 struct ikev2_frag_payload frag; 1622 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1623 uint8_t *buf; 1624 struct ibuf *e = NULL; 1625 size_t frag_num, frag_total; 1626 size_t len; 1627 int ret = -1; 1628 int processed = 0; 1629 ssize_t elen; 1630 1631 buf = msgbuf + offset; 1632 memcpy(&frag, buf, sizeof(frag)); 1633 frag_num = betoh16(frag.frag_num); 1634 frag_total = betoh16(frag.frag_total); 1635 1636 offset += sizeof(frag); 1637 buf = msgbuf + offset; 1638 len = left - sizeof(frag); 1639 1640 ikestat_inc(env, ikes_frag_rcvd); 1641 1642 /* Limit number of total fragments to avoid DOS */ 1643 if (frag_total > IKED_FRAG_TOTAL_MAX ) { 1644 log_debug("%s: Total Fragments too big %zu", 1645 __func__, frag_total); 1646 goto dropall; 1647 } 1648 1649 /* Check sanity of fragment header */ 1650 if (frag_num == 0 || frag_total == 0) { 1651 log_debug("%s: Malformed fragment received: %zu of %zu", 1652 __func__, frag_num, frag_total); 1653 goto done; 1654 } 1655 log_debug("%s: Received fragment: %zu of %zu", 1656 __func__, frag_num, frag_total); 1657 1658 /* Drop fragment if frag_num and frag_total don't match */ 1659 if (frag_num > frag_total) 1660 goto done; 1661 1662 /* Decrypt fragment */ 1663 if ((e = ibuf_new(buf, len)) == NULL) 1664 goto done; 1665 1666 if ((e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e)) 1667 == NULL ) { 1668 log_debug("%s: Failed to decrypt fragment: %zu of %zu", 1669 __func__, frag_num, frag_total); 1670 goto done; 1671 } 1672 elen = ibuf_size(e); 1673 1674 /* Check new fragmented message */ 1675 if (sa_frag->frag_arr == NULL) { 1676 sa_frag->frag_arr = recallocarray(NULL, 0, frag_total, 1677 sizeof(struct iked_frag_entry*)); 1678 if (sa_frag->frag_arr == NULL) { 1679 log_info("%s: recallocarray sa_frag->frag_arr.", __func__); 1680 goto done; 1681 } 1682 sa_frag->frag_total = frag_total; 1683 } else { 1684 /* Drop all fragments if frag_total doesn't match previous */ 1685 if (frag_total != sa_frag->frag_total) 1686 goto dropall; 1687 1688 /* Silent drop if fragment already stored */ 1689 if (sa_frag->frag_arr[frag_num-1] != NULL) 1690 goto done; 1691 } 1692 1693 /* The first fragments IKE header determines pld_nextpayload */ 1694 if (frag_num == 1) 1695 sa_frag->frag_nextpayload = pld->pld_nextpayload; 1696 1697 /* Insert new list element */ 1698 el = calloc(1, sizeof(struct iked_frag_entry)); 1699 if (el == NULL) { 1700 log_info("%s: Failed allocating new fragment: %zu of %zu", 1701 __func__, frag_num, frag_total); 1702 goto done; 1703 } 1704 1705 sa_frag->frag_arr[frag_num-1] = el; 1706 el->frag_size = elen; 1707 el->frag_data = calloc(1, elen); 1708 if (el->frag_data == NULL) { 1709 log_debug("%s: Failed allocating new fragment data: %zu of %zu", 1710 __func__, frag_num, frag_total); 1711 goto done; 1712 } 1713 1714 /* Copy plaintext to fragment */ 1715 memcpy(el->frag_data, ibuf_seek(e, 0, 0), elen); 1716 sa_frag->frag_total_size += elen; 1717 sa_frag->frag_count++; 1718 1719 /* If all frags are received start reassembly */ 1720 if (sa_frag->frag_count == sa_frag->frag_total) { 1721 log_debug("%s: All fragments received: %zu of %zu", 1722 __func__, frag_num, frag_total); 1723 ret = ikev2_frags_reassemble(env, pld, msg); 1724 } else { 1725 ret = 0; 1726 } 1727 processed = 1; 1728 1729done: 1730 if (!processed) 1731 ikestat_inc(env, ikes_frag_rcvd_drop); 1732 ibuf_free(e); 1733 return (ret); 1734dropall: 1735 ikestat_add(env, ikes_frag_rcvd_drop, sa_frag->frag_count + 1); 1736 config_free_fragments(sa_frag); 1737 ibuf_free(e); 1738 return -1; 1739} 1740 1741int 1742ikev2_frags_reassemble(struct iked *env, struct ikev2_payload *pld, 1743 struct iked_message *msg) 1744{ 1745 struct iked_frag *sa_frag = &msg->msg_sa->sa_fragments; 1746 struct ibuf *e = NULL; 1747 struct iked_frag_entry *el; 1748 uint8_t *ptr; 1749 size_t offset; 1750 size_t i; 1751 struct iked_message emsg; 1752 int ret = -1; 1753 int processed = 0; 1754 1755 /* Reassemble fragments to single buffer */ 1756 if ((e = ibuf_new(NULL, sa_frag->frag_total_size)) == NULL) { 1757 log_debug("%s: Failed allocating SK buffer.", __func__); 1758 goto done; 1759 } 1760 1761 /* Empty queue to new buffer */ 1762 offset = 0; 1763 for (i = 0; i < sa_frag->frag_total; i++) { 1764 if ((el = sa_frag->frag_arr[i]) == NULL) 1765 fatalx("Tried to reassemble shallow frag_arr"); 1766 ptr = ibuf_seek(e, offset, el->frag_size); 1767 if (ptr == NULL) { 1768 log_info("%s: failed to reassemble fragments", __func__); 1769 goto done; 1770 } 1771 memcpy(ptr, el->frag_data, el->frag_size); 1772 offset += el->frag_size; 1773 } 1774 1775 log_debug("%s: Defragmented length %zd", __func__, 1776 sa_frag->frag_total_size); 1777 print_hex(ibuf_data(e), 0, sa_frag->frag_total_size); 1778 1779 /* Drop the original request's packets from the retransmit queue */ 1780 if (msg->msg_response) 1781 ikev2_msg_dispose(env, &msg->msg_sa->sa_requests, 1782 ikev2_msg_lookup(env, &msg->msg_sa->sa_requests, msg, 1783 msg->msg_exchange)); 1784 1785 /* 1786 * Parse decrypted payload 1787 */ 1788 bzero(&emsg, sizeof(emsg)); 1789 memcpy(&emsg, msg, sizeof(*msg)); 1790 emsg.msg_data = e; 1791 emsg.msg_e = 1; 1792 emsg.msg_parent = msg; 1793 TAILQ_INIT(&emsg.msg_proposals); 1794 1795 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e), 1796 sa_frag->frag_nextpayload); 1797 processed = 1; 1798done: 1799 if (processed) 1800 ikestat_add(env, ikes_frag_reass_ok, sa_frag->frag_total); 1801 else 1802 ikestat_add(env, ikes_frag_reass_drop, sa_frag->frag_total); 1803 config_free_fragments(sa_frag); 1804 ibuf_free(e); 1805 1806 return (ret); 1807} 1808 1809int 1810ikev2_pld_e(struct iked *env, struct ikev2_payload *pld, 1811 struct iked_message *msg, size_t offset, size_t left) 1812{ 1813 struct iked_sa *sa = msg->msg_sa; 1814 struct ibuf *e = NULL; 1815 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1816 struct iked_message emsg; 1817 uint8_t *buf; 1818 size_t len; 1819 int ret = -1; 1820 1821 if (sa->sa_fragments.frag_arr != NULL) { 1822 log_warn("%s: Received SK payload when SKFs are in queue.", 1823 __func__); 1824 config_free_fragments(&sa->sa_fragments); 1825 return (ret); 1826 } 1827 1828 buf = msgbuf + offset; 1829 len = left; 1830 1831 if ((e = ibuf_new(buf, len)) == NULL) 1832 goto done; 1833 1834 if (ikev2_msg_frompeer(msg)) { 1835 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1836 } else { 1837 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1838 e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); 1839 sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; 1840 } 1841 1842 if (e == NULL) 1843 goto done; 1844 1845 /* 1846 * Parse decrypted payload 1847 */ 1848 bzero(&emsg, sizeof(emsg)); 1849 memcpy(&emsg, msg, sizeof(*msg)); 1850 emsg.msg_data = e; 1851 emsg.msg_e = 1; 1852 emsg.msg_parent = msg; 1853 TAILQ_INIT(&emsg.msg_proposals); 1854 1855 ret = ikev2_pld_payloads(env, &emsg, 0, ibuf_size(e), 1856 pld->pld_nextpayload); 1857 1858 done: 1859 ibuf_free(e); 1860 1861 return (ret); 1862} 1863 1864int 1865ikev2_validate_cp(struct iked_message *msg, size_t offset, size_t left, 1866 struct ikev2_cp *cp) 1867{ 1868 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1869 1870 if (left < sizeof(*cp)) { 1871 log_debug("%s: malformed payload: too short for header " 1872 "(%zu < %zu)", __func__, left, sizeof(*cp)); 1873 return (-1); 1874 } 1875 memcpy(cp, msgbuf + offset, sizeof(*cp)); 1876 1877 return (0); 1878} 1879 1880int 1881ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld, 1882 struct iked_message *msg, size_t offset, size_t left) 1883{ 1884 struct ikev2_cp cp; 1885 struct ikev2_cfg *cfg; 1886 struct iked_addr *addr; 1887 struct sockaddr_in *in4; 1888 struct sockaddr_in6 *in6; 1889 uint8_t *msgbuf = ibuf_data(msg->msg_data); 1890 uint8_t *ptr; 1891 size_t len; 1892 int cfg_type; 1893 1894 if (ikev2_validate_cp(msg, offset, left, &cp)) 1895 return (-1); 1896 1897 ptr = msgbuf + offset + sizeof(cp); 1898 len = left - sizeof(cp); 1899 1900 log_debug("%s: type %s length %zu", 1901 __func__, print_map(cp.cp_type, ikev2_cp_map), len); 1902 print_hex(ptr, 0, len); 1903 1904 while (len > 0) { 1905 if (len < sizeof(*cfg)) { 1906 log_debug("%s: malformed payload: too short for cfg " 1907 "(%zu < %zu)", __func__, len, sizeof(*cfg)); 1908 return (-1); 1909 } 1910 cfg = (struct ikev2_cfg *)ptr; 1911 1912 log_debug("%s: %s 0x%04x length %d", __func__, 1913 print_map(betoh16(cfg->cfg_type), ikev2_cfg_map), 1914 betoh16(cfg->cfg_type), 1915 betoh16(cfg->cfg_length)); 1916 1917 ptr += sizeof(*cfg); 1918 len -= sizeof(*cfg); 1919 1920 if (len < betoh16(cfg->cfg_length)) { 1921 log_debug("%s: malformed payload: too short for " 1922 "cfg_length (%zu < %u)", __func__, len, 1923 betoh16(cfg->cfg_length)); 1924 return (-1); 1925 } 1926 1927 print_hex(ptr, sizeof(*cfg), betoh16(cfg->cfg_length)); 1928 1929 cfg_type = betoh16(cfg->cfg_type); 1930 switch (cfg_type) { 1931 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 1932 case IKEV2_CFG_INTERNAL_IP4_DNS: 1933 if (!ikev2_msg_frompeer(msg)) 1934 break; 1935 if (betoh16(cfg->cfg_length) == 0) 1936 break; 1937 /* XXX multiple-valued */ 1938 if (betoh16(cfg->cfg_length) < 4) { 1939 log_debug("%s: malformed payload: too short " 1940 "for ipv4 addr (%u < %u)", 1941 __func__, betoh16(cfg->cfg_length), 4); 1942 return (-1); 1943 } 1944 switch(cfg_type) { 1945 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 1946 if (msg->msg_parent->msg_cp_addr != NULL) { 1947 log_debug("%s: address already set", __func__); 1948 goto skip; 1949 } 1950 break; 1951 case IKEV2_CFG_INTERNAL_IP4_DNS: 1952 if (msg->msg_parent->msg_cp_dns != NULL) { 1953 log_debug("%s: dns already set", __func__); 1954 goto skip; 1955 } 1956 break; 1957 default: 1958 break; 1959 } 1960 if ((addr = calloc(1, sizeof(*addr))) == NULL) { 1961 log_debug("%s: malloc failed", __func__); 1962 break; 1963 } 1964 addr->addr_af = AF_INET; 1965 in4 = (struct sockaddr_in *)&addr->addr; 1966 in4->sin_family = AF_INET; 1967 in4->sin_len = sizeof(*in4); 1968 memcpy(&in4->sin_addr.s_addr, ptr, 4); 1969 switch(cfg_type) { 1970 case IKEV2_CFG_INTERNAL_IP4_ADDRESS: 1971 msg->msg_parent->msg_cp_addr = addr; 1972 log_debug("%s: IP4_ADDRESS %s", __func__, 1973 print_addr(&addr->addr)); 1974 break; 1975 case IKEV2_CFG_INTERNAL_IP4_DNS: 1976 msg->msg_parent->msg_cp_dns = addr; 1977 log_debug("%s: IP4_DNS %s", __func__, 1978 print_addr(&addr->addr)); 1979 break; 1980 default: 1981 log_debug("%s: cfg %s", __func__, 1982 print_addr(&addr->addr)); 1983 break; 1984 } 1985 break; 1986 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 1987 case IKEV2_CFG_INTERNAL_IP6_DNS: 1988 if (!ikev2_msg_frompeer(msg)) 1989 break; 1990 if (betoh16(cfg->cfg_length) == 0) 1991 break; 1992 /* XXX multiple-valued */ 1993 if (betoh16(cfg->cfg_length) < 16) { 1994 log_debug("%s: malformed payload: too short " 1995 "for ipv6 addr w/prefixlen (%u < %u)", 1996 __func__, betoh16(cfg->cfg_length), 16); 1997 return (-1); 1998 } 1999 switch(cfg_type) { 2000 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 2001 if (msg->msg_parent->msg_cp_addr6 != NULL) { 2002 log_debug("%s: address6 already set", __func__); 2003 goto skip; 2004 } 2005 break; 2006 case IKEV2_CFG_INTERNAL_IP6_DNS: 2007 if (msg->msg_parent->msg_cp_dns != NULL) { 2008 log_debug("%s: dns already set", __func__); 2009 goto skip; 2010 } 2011 break; 2012 } 2013 if ((addr = calloc(1, sizeof(*addr))) == NULL) { 2014 log_debug("%s: malloc failed", __func__); 2015 break; 2016 } 2017 addr->addr_af = AF_INET6; 2018 in6 = (struct sockaddr_in6 *)&addr->addr; 2019 in6->sin6_family = AF_INET6; 2020 in6->sin6_len = sizeof(*in6); 2021 memcpy(&in6->sin6_addr, ptr, 16); 2022 switch(cfg_type) { 2023 case IKEV2_CFG_INTERNAL_IP6_ADDRESS: 2024 msg->msg_parent->msg_cp_addr6 = addr; 2025 log_debug("%s: IP6_ADDRESS %s", __func__, 2026 print_addr(&addr->addr)); 2027 break; 2028 case IKEV2_CFG_INTERNAL_IP6_DNS: 2029 msg->msg_parent->msg_cp_dns = addr; 2030 log_debug("%s: IP6_DNS %s", __func__, 2031 print_addr(&addr->addr)); 2032 break; 2033 default: 2034 log_debug("%s: cfg %s/%d", __func__, 2035 print_addr(&addr->addr), ptr[16]); 2036 break; 2037 } 2038 break; 2039 } 2040 2041 skip: 2042 ptr += betoh16(cfg->cfg_length); 2043 len -= betoh16(cfg->cfg_length); 2044 } 2045 2046 if (!ikev2_msg_frompeer(msg)) 2047 return (0); 2048 2049 msg->msg_parent->msg_cp = cp.cp_type; 2050 2051 return (0); 2052} 2053 2054int 2055ikev2_validate_eap(struct iked_message *msg, size_t offset, size_t left, 2056 struct eap_header *hdr) 2057{ 2058 uint8_t *msgbuf = ibuf_data(msg->msg_data); 2059 2060 if (left < sizeof(*hdr)) { 2061 log_debug("%s: malformed payload: too short for header " 2062 "(%zu < %zu)", __func__, left, sizeof(*hdr)); 2063 return (-1); 2064 } 2065 memcpy(hdr, msgbuf + offset, sizeof(*hdr)); 2066 2067 return (0); 2068} 2069 2070int 2071ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld, 2072 struct iked_message *msg, size_t offset, size_t left) 2073{ 2074 struct eap_header hdr; 2075 struct eap_message *eap = NULL; 2076 const struct iked_sa *sa = msg->msg_sa; 2077 size_t eap_len; 2078 2079 if (ikev2_validate_eap(msg, offset, left, &hdr)) 2080 return (-1); 2081 2082 eap_len = betoh16(hdr.eap_length); 2083 if (left != eap_len) { 2084 log_info("%s: malformed payload: EAP length does not match" 2085 " payload length (%zu != %zu)", __func__, left, eap_len); 2086 return (-1); 2087 } 2088 2089 if (eap_len < sizeof(*eap)) { 2090 log_info("%s: %s id %d length %d", SPI_SA(sa, __func__), 2091 print_map(hdr.eap_code, eap_code_map), 2092 hdr.eap_id, betoh16(hdr.eap_length)); 2093 } else { 2094 /* Now try to get the indicated length */ 2095 if ((eap = ibuf_seek(msg->msg_data, offset, eap_len)) == NULL) { 2096 log_debug("%s: invalid EAP length", __func__); 2097 return (-1); 2098 } 2099 2100 log_info("%s: %s id %d length %d EAP-%s", SPI_SA(sa, __func__), 2101 print_map(eap->eap_code, eap_code_map), 2102 eap->eap_id, betoh16(eap->eap_length), 2103 print_map(eap->eap_type, eap_type_map)); 2104 2105 if (eap_parse(env, sa, msg, eap, msg->msg_response) == -1) 2106 return (-1); 2107 msg->msg_parent->msg_eap.eam_found = 1; 2108 } 2109 2110 return (0); 2111} 2112 2113/* parser for the initial IKE_AUTH payload, does not require msg_sa */ 2114int 2115ikev2_pld_parse_quick(struct iked *env, struct ike_header *hdr, 2116 struct iked_message *msg, size_t offset) 2117{ 2118 struct ikev2_payload pld; 2119 struct ikev2_frag_payload frag; 2120 uint8_t *msgbuf = ibuf_data(msg->msg_data); 2121 uint8_t *buf; 2122 size_t len, total, left; 2123 size_t length; 2124 unsigned int payload; 2125 2126 log_debug("%s: header ispi %s rspi %s" 2127 " nextpayload %s version 0x%02x exchange %s flags 0x%02x" 2128 " msgid %d length %u response %d", __func__, 2129 print_spi(betoh64(hdr->ike_ispi), 8), 2130 print_spi(betoh64(hdr->ike_rspi), 8), 2131 print_map(hdr->ike_nextpayload, ikev2_payload_map), 2132 hdr->ike_version, 2133 print_map(hdr->ike_exchange, ikev2_exchange_map), 2134 hdr->ike_flags, 2135 betoh32(hdr->ike_msgid), 2136 betoh32(hdr->ike_length), 2137 msg->msg_response); 2138 2139 length = betoh32(hdr->ike_length); 2140 2141 if (ibuf_size(msg->msg_data) < length) { 2142 log_debug("%s: short message", __func__); 2143 return (-1); 2144 } 2145 2146 offset += sizeof(*hdr); 2147 2148 /* Bytes left in datagram. */ 2149 total = length - offset; 2150 2151 payload = hdr->ike_nextpayload; 2152 2153 while (payload != 0 && offset < length) { 2154 if (ikev2_validate_pld(msg, offset, total, &pld)) 2155 return (-1); 2156 2157 log_debug("%s: %spayload %s" 2158 " nextpayload %s critical 0x%02x length %d", 2159 __func__, msg->msg_e ? "decrypted " : "", 2160 print_map(payload, ikev2_payload_map), 2161 print_map(pld.pld_nextpayload, ikev2_payload_map), 2162 pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD, 2163 betoh16(pld.pld_length)); 2164 2165 /* Skip over generic payload header. */ 2166 offset += sizeof(pld); 2167 total -= sizeof(pld); 2168 left = betoh16(pld.pld_length) - sizeof(pld); 2169 2170 switch (payload) { 2171 case IKEV2_PAYLOAD_SKF: 2172 len = left; 2173 buf = msgbuf + offset; 2174 if (len < sizeof(frag)) 2175 return (-1); 2176 memcpy(&frag, buf, sizeof(frag)); 2177 msg->msg_frag_num = betoh16(frag.frag_num); 2178 break; 2179 } 2180 2181 payload = pld.pld_nextpayload; 2182 offset += left; 2183 total -= left; 2184 } 2185 2186 return (0); 2187} 2188