restructured file layout
[strongswan.git] / src / charon / sa / tasks / ike_init.c
1 /**
2 * @file ike_init.c
3 *
4 * @brief Implementation of the ike_init task.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2007 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include "ike_init.h"
25
26 #include <string.h>
27
28 #include <daemon.h>
29 #include <crypto/diffie_hellman.h>
30 #include <encoding/payloads/sa_payload.h>
31 #include <encoding/payloads/ke_payload.h>
32 #include <encoding/payloads/nonce_payload.h>
33
34 /** maximum retries to do with cookies/other dh groups */
35 #define MAX_RETRIES 5
36
37 typedef struct private_ike_init_t private_ike_init_t;
38
39 /**
40 * Private members of a ike_init_t task.
41 */
42 struct private_ike_init_t {
43
44 /**
45 * Public methods and task_t interface.
46 */
47 ike_init_t public;
48
49 /**
50 * Assigned IKE_SA.
51 */
52 ike_sa_t *ike_sa;
53
54 /**
55 * Are we the initiator?
56 */
57 bool initiator;
58
59 /**
60 * IKE config to establish
61 */
62 ike_cfg_t *config;
63
64 /**
65 * diffie hellman group to use
66 */
67 diffie_hellman_group_t dh_group;
68
69 /**
70 * Diffie hellman object used to generate public DH value.
71 */
72 diffie_hellman_t *diffie_hellman;
73
74 /**
75 * nonce chosen by us
76 */
77 chunk_t my_nonce;
78
79 /**
80 * nonce chosen by peer
81 */
82 chunk_t other_nonce;
83
84 /**
85 * Negotiated proposal used for IKE_SA
86 */
87 proposal_t *proposal;
88
89 /**
90 * Old IKE_SA which gets rekeyed
91 */
92 ike_sa_t *old_sa;
93
94 /**
95 * cookie received from responder
96 */
97 chunk_t cookie;
98
99 /**
100 * retries done so far after failure (cookie or bad dh group)
101 */
102 u_int retry;
103 };
104
105 /**
106 * build the payloads for the message
107 */
108 static void build_payloads(private_ike_init_t *this, message_t *message)
109 {
110 sa_payload_t *sa_payload;
111 ke_payload_t *ke_payload;
112 nonce_payload_t *nonce_payload;
113 linked_list_t *proposal_list;
114 ike_sa_id_t *id;
115 proposal_t *proposal;
116 iterator_t *iterator;
117
118 id = this->ike_sa->get_id(this->ike_sa);
119
120 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
121
122 if (this->initiator)
123 {
124 proposal_list = this->config->get_proposals(this->config);
125 if (this->old_sa)
126 {
127 /* include SPI of new IKE_SA when we are rekeying */
128 iterator = proposal_list->create_iterator(proposal_list, TRUE);
129 while (iterator->iterate(iterator, (void**)&proposal))
130 {
131 proposal->set_spi(proposal, id->get_initiator_spi(id));
132 }
133 iterator->destroy(iterator);
134 }
135
136 sa_payload = sa_payload_create_from_proposal_list(proposal_list);
137 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
138 }
139 else
140 {
141 if (this->old_sa)
142 {
143 /* include SPI of new IKE_SA when we are rekeying */
144 this->proposal->set_spi(this->proposal, id->get_responder_spi(id));
145 }
146 sa_payload = sa_payload_create_from_proposal(this->proposal);
147 }
148 message->add_payload(message, (payload_t*)sa_payload);
149
150 nonce_payload = nonce_payload_create();
151 nonce_payload->set_nonce(nonce_payload, this->my_nonce);
152 message->add_payload(message, (payload_t*)nonce_payload);
153
154 ke_payload = ke_payload_create_from_diffie_hellman(this->diffie_hellman);
155 message->add_payload(message, (payload_t*)ke_payload);
156 }
157
158 /**
159 * Read payloads from message
160 */
161 static void process_payloads(private_ike_init_t *this, message_t *message)
162 {
163 iterator_t *iterator;
164 payload_t *payload;
165
166 iterator = message->get_payload_iterator(message);
167 while (iterator->iterate(iterator, (void**)&payload))
168 {
169 switch (payload->get_type(payload))
170 {
171 case SECURITY_ASSOCIATION:
172 {
173 sa_payload_t *sa_payload = (sa_payload_t*)payload;
174 linked_list_t *proposal_list;
175
176 proposal_list = sa_payload->get_proposals(sa_payload);
177 this->proposal = this->config->select_proposal(this->config,
178 proposal_list);
179 proposal_list->destroy_offset(proposal_list,
180 offsetof(proposal_t, destroy));
181 break;
182 }
183 case KEY_EXCHANGE:
184 {
185 ke_payload_t *ke_payload = (ke_payload_t*)payload;
186 diffie_hellman_group_t dh_group;
187 chunk_t key_data;
188
189 dh_group = ke_payload->get_dh_group_number(ke_payload);
190
191 if (this->initiator)
192 {
193 if (dh_group != this->dh_group)
194 {
195 DBG1(DBG_IKE, "received a DH group not requested (%N)",
196 diffie_hellman_group_names, dh_group);
197 break;
198 }
199 }
200 else
201 {
202 this->dh_group = dh_group;
203 if (!this->config->check_dh_group(this->config, dh_group))
204 {
205 break;
206 }
207 this->diffie_hellman = diffie_hellman_create(dh_group);
208 }
209 if (this->diffie_hellman)
210 {
211 key_data = ke_payload->get_key_exchange_data(ke_payload);
212 this->diffie_hellman->set_other_public_value(this->diffie_hellman, key_data);
213 }
214 break;
215 }
216 case NONCE:
217 {
218 nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
219 this->other_nonce = nonce_payload->get_nonce(nonce_payload);
220 break;
221 }
222 default:
223 break;
224 }
225 }
226 iterator->destroy(iterator);
227 }
228
229 /**
230 * Implementation of task_t.process for initiator
231 */
232 static status_t build_i(private_ike_init_t *this, message_t *message)
233 {
234 randomizer_t *randomizer;
235 status_t status;
236
237 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
238 SIG(IKE_UP_START, "initiating IKE_SA to %H",
239 this->config->get_other_host(this->config));
240 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
241
242 if (this->retry++ >= MAX_RETRIES)
243 {
244 SIG(IKE_UP_FAILED, "giving up after %d retries", MAX_RETRIES);
245 return FAILED;
246 }
247
248 /* if the DH group is set via use_dh_group(), we already have a DH object */
249 if (!this->diffie_hellman)
250 {
251 this->dh_group = this->config->get_dh_group(this->config);
252 this->diffie_hellman = diffie_hellman_create(this->dh_group);
253 if (this->diffie_hellman == NULL)
254 {
255 SIG(IKE_UP_FAILED, "configured DH group %N not supported",
256 diffie_hellman_group_names, this->dh_group);
257 return FAILED;
258 }
259 }
260
261 /* generate nonce only when we are trying the first time */
262 if (this->my_nonce.ptr == NULL)
263 {
264 randomizer = randomizer_create();
265 status = randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE,
266 &this->my_nonce);
267 randomizer->destroy(randomizer);
268 if (status != SUCCESS)
269 {
270 SIG(IKE_UP_FAILED, "error generating random nonce value");
271 return FAILED;
272 }
273 }
274
275 if (this->cookie.ptr)
276 {
277 message->add_notify(message, FALSE, COOKIE, this->cookie);
278 }
279
280 build_payloads(this, message);
281
282
283 return NEED_MORE;
284 }
285
286 /**
287 * Implementation of task_t.process for initiator
288 */
289 static status_t process_r(private_ike_init_t *this, message_t *message)
290 {
291 randomizer_t *randomizer;
292
293 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
294 SIG(IKE_UP_FAILED, "%H is initiating an IKE_SA",
295 message->get_source(message));
296 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
297
298 randomizer = randomizer_create();
299 if (randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE,
300 &this->my_nonce) != SUCCESS)
301 {
302 DBG1(DBG_IKE, "error generating random nonce value");
303 }
304 randomizer->destroy(randomizer);
305
306 process_payloads(this, message);
307
308 return NEED_MORE;
309 }
310
311 /**
312 * Implementation of task_t.build for responder
313 */
314 static status_t build_r(private_ike_init_t *this, message_t *message)
315 {
316 chunk_t secret;
317 status_t status;
318
319 /* check if we have everything we need */
320 if (this->proposal == NULL ||
321 this->other_nonce.len == 0 || this->my_nonce.len == 0)
322 {
323 SIG(IKE_UP_FAILED, "received proposals inacceptable");
324 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
325 return FAILED;
326 }
327
328 if (this->diffie_hellman == NULL ||
329 this->diffie_hellman->get_shared_secret(this->diffie_hellman,
330 &secret) != SUCCESS)
331 {
332 chunk_t chunk;
333 u_int16_t dh_enc;
334
335 SIG(IKE_UP_FAILED, "received inacceptable DH group (%N)",
336 diffie_hellman_group_names, this->dh_group);
337 this->dh_group = this->config->get_dh_group(this->config);
338 dh_enc = htons(this->dh_group);
339 chunk.ptr = (u_int8_t*)&dh_enc;
340 chunk.len = sizeof(dh_enc);
341 message->add_notify(message, TRUE, INVALID_KE_PAYLOAD, chunk);
342 DBG1(DBG_IKE, "requesting DH group %N",
343 diffie_hellman_group_names, this->dh_group);
344 return FAILED;
345 }
346
347
348 if (this->old_sa)
349 {
350 ike_sa_id_t *id;
351 prf_t *prf, *child_prf;
352
353 /* Apply SPI if we are rekeying */
354 id = this->ike_sa->get_id(this->ike_sa);
355 id->set_initiator_spi(id, this->proposal->get_spi(this->proposal));
356
357 /* setup crypto keys for the rekeyed SA */
358 prf = this->old_sa->get_prf(this->old_sa);
359 child_prf = this->old_sa->get_child_prf(this->old_sa);
360 status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret,
361 this->other_nonce, this->my_nonce,
362 FALSE, child_prf, prf);
363 }
364 else
365 {
366 /* setup crypto keys */
367 status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret,
368 this->other_nonce, this->my_nonce,
369 FALSE, NULL, NULL);
370 }
371 if (status != SUCCESS)
372 {
373 SIG(IKE_UP_FAILED, "key derivation failed");
374 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
375 return FAILED;
376 }
377
378 build_payloads(this, message);
379
380 return SUCCESS;
381 }
382
383 /**
384 * Implementation of task_t.process for initiator
385 */
386 static status_t process_i(private_ike_init_t *this, message_t *message)
387 {
388 chunk_t secret;
389 status_t status;
390 iterator_t *iterator;
391 payload_t *payload;
392
393 /* check for erronous notifies */
394 iterator = message->get_payload_iterator(message);
395 while (iterator->iterate(iterator, (void**)&payload))
396 {
397 if (payload->get_type(payload) == NOTIFY)
398 {
399 notify_payload_t *notify = (notify_payload_t*)payload;
400 notify_type_t type = notify->get_notify_type(notify);
401
402 switch (type)
403 {
404 case INVALID_KE_PAYLOAD:
405 {
406 chunk_t data;
407 diffie_hellman_group_t old_dh_group;
408
409 old_dh_group = this->dh_group;
410 data = notify->get_notification_data(notify);
411 this->dh_group = ntohs(*((u_int16_t*)data.ptr));
412
413 DBG1(DBG_IKE, "peer didn't accept DH group %N, it requested"
414 " %N", diffie_hellman_group_names, old_dh_group,
415 diffie_hellman_group_names, this->dh_group);
416 if (!this->config->check_dh_group(this->config, this->dh_group))
417 {
418 DBG1(DBG_IKE, "requested DH group %N not acceptable, "
419 "giving up", diffie_hellman_group_names,
420 this->dh_group);
421 iterator->destroy(iterator);
422 return FAILED;
423 }
424
425 this->ike_sa->reset(this->ike_sa);
426
427 iterator->destroy(iterator);
428 return NEED_MORE;
429 }
430 case NAT_DETECTION_SOURCE_IP:
431 case NAT_DETECTION_DESTINATION_IP:
432 /* skip, handled in ike_natd_t */
433 break;
434 case COOKIE:
435 {
436 chunk_free(&this->cookie);
437 this->cookie = chunk_clone(notify->get_notification_data(notify));
438 this->ike_sa->reset(this->ike_sa);
439 iterator->destroy(iterator);
440 DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
441 return NEED_MORE;
442 }
443 default:
444 {
445 if (type < 16383)
446 {
447 SIG(IKE_UP_FAILED, "received %N notify error",
448 notify_type_names, type);
449 iterator->destroy(iterator);
450 return FAILED;
451 }
452 DBG1(DBG_IKE, "received %N notify",
453 notify_type_names, type);
454 break;
455 }
456 }
457 }
458 }
459 iterator->destroy(iterator);
460
461 process_payloads(this, message);
462
463 /* check if we have everything */
464 if (this->proposal == NULL ||
465 this->other_nonce.len == 0 || this->my_nonce.len == 0)
466 {
467 SIG(IKE_UP_FAILED, "peers proposal selection invalid");
468 return FAILED;
469 }
470
471 if (this->diffie_hellman == NULL ||
472 this->diffie_hellman->get_shared_secret(this->diffie_hellman,
473 &secret) != SUCCESS)
474 {
475 SIG(IKE_UP_FAILED, "peers DH group selection invalid");
476 return FAILED;
477 }
478
479 /* Apply SPI if we are rekeying */
480 if (this->old_sa)
481 {
482 ike_sa_id_t *id;
483 prf_t *prf, *child_prf;
484
485 id = this->ike_sa->get_id(this->ike_sa);
486 id->set_responder_spi(id, this->proposal->get_spi(this->proposal));
487
488 /* setup crypto keys for the rekeyed SA */
489 prf = this->old_sa->get_prf(this->old_sa);
490 child_prf = this->old_sa->get_child_prf(this->old_sa);
491 status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret,
492 this->my_nonce, this->other_nonce,
493 TRUE, child_prf, prf);
494 }
495 else
496 {
497 /* setup crypto keys for a new SA */
498 status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret,
499 this->my_nonce, this->other_nonce,
500 TRUE, NULL, NULL);
501 }
502 if (status != SUCCESS)
503 {
504 SIG(IKE_UP_FAILED, "key derivation failed");
505 return FAILED;
506 }
507 return SUCCESS;
508 }
509
510 /**
511 * Implementation of task_t.get_type
512 */
513 static task_type_t get_type(private_ike_init_t *this)
514 {
515 return IKE_INIT;
516 }
517
518 /**
519 * Implementation of task_t.get_type
520 */
521 static chunk_t get_lower_nonce(private_ike_init_t *this)
522 {
523 if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr,
524 min(this->my_nonce.len, this->other_nonce.len)) < 0)
525 {
526 return this->my_nonce;
527 }
528 else
529 {
530 return this->other_nonce;
531 }
532 }
533
534 /**
535 * Implementation of task_t.migrate
536 */
537 static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa)
538 {
539 DESTROY_IF(this->proposal);
540 DESTROY_IF(this->diffie_hellman);
541 chunk_free(&this->other_nonce);
542
543 this->ike_sa = ike_sa;
544 this->proposal = NULL;
545 this->diffie_hellman = diffie_hellman_create(this->dh_group);
546 }
547
548 /**
549 * Implementation of task_t.destroy
550 */
551 static void destroy(private_ike_init_t *this)
552 {
553 DESTROY_IF(this->proposal);
554 DESTROY_IF(this->diffie_hellman);
555 chunk_free(&this->my_nonce);
556 chunk_free(&this->other_nonce);
557 chunk_free(&this->cookie);
558 free(this);
559 }
560
561 /*
562 * Described in header.
563 */
564 ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
565 {
566 private_ike_init_t *this = malloc_thing(private_ike_init_t);
567
568 this->public.get_lower_nonce = (chunk_t(*)(ike_init_t*))get_lower_nonce;
569 this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
570 this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
571 this->public.task.destroy = (void(*)(task_t*))destroy;
572 if (initiator)
573 {
574 this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
575 this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
576 }
577 else
578 {
579 this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
580 this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
581 }
582
583 this->ike_sa = ike_sa;
584 this->initiator = initiator;
585 this->dh_group = MODP_NONE;
586 this->diffie_hellman = NULL;
587 this->my_nonce = chunk_empty;
588 this->other_nonce = chunk_empty;
589 this->cookie = chunk_empty;
590 this->proposal = NULL;
591 this->config = NULL;
592 this->old_sa = old_sa;
593 this->retry = 0;
594
595 return &this->public;
596 }