Add PT-TLS interface to strongSwan PDP
[strongswan.git] / src / libcharon / plugins / tnc_pdp / tnc_pdp.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_pdp.h"
17 #include "tnc_pdp_connections.h"
18
19 #include <errno.h>
20 #include <unistd.h>
21
22 #include <radius_message.h>
23 #include <radius_mppe.h>
24
25 #include <pt_tls_dispatcher.h>
26
27 #include <daemon.h>
28 #include <utils/debug.h>
29 #include <pen/pen.h>
30 #include <threading/thread.h>
31 #include <processing/jobs/callback_job.h>
32 #include <sa/eap/eap_method.h>
33
34 typedef struct private_tnc_pdp_t private_tnc_pdp_t;
35
36 /**
37 * Default RADIUS port, when not configured
38 */
39 #define RADIUS_PORT 1812
40
41 /**
42 * Default PT-TLS port, when not configured
43 */
44 #define PT_TLS_PORT 271
45
46 /**
47 * Maximum size of a RADIUS IP packet
48 */
49 #define MAX_PACKET 4096
50
51 /**
52 * private data of tnc_pdp_t
53 */
54 struct private_tnc_pdp_t {
55
56 /**
57 * implements tnc_pdp_t interface
58 */
59 tnc_pdp_t public;
60
61 /**
62 * ID of the server
63 */
64 identification_t *server;
65
66 /**
67 * EAP method type to be used
68 */
69 eap_type_t type;
70
71 /**
72 * IPv4 RADIUS socket
73 */
74 int ipv4;
75
76 /**
77 * IPv6 RADIUS socket
78 */
79 int ipv6;
80
81 /**
82 * RADIUS shared secret
83 */
84 chunk_t secret;
85
86 /**
87 * MD5 hasher
88 */
89 hasher_t *hasher;
90
91 /**
92 * HMAC MD5 signer, with secret set
93 */
94 signer_t *signer;
95
96 /**
97 * Nonce generator for MS-MPPE salt values
98 */
99 nonce_gen_t *ng;
100
101 /**
102 * List of registered TNC-PDP connections
103 */
104 tnc_pdp_connections_t *connections;
105
106 /**
107 * PT-TLS dispatcher
108 */
109 pt_tls_dispatcher_t *pt_tls_dispatcher;
110
111 };
112
113
114 /**
115 * Open IPv4 or IPv6 UDP RADIUS socket
116 */
117 static int open_socket(int family, u_int16_t port)
118 {
119 int on = TRUE;
120 struct sockaddr_storage addr;
121 socklen_t addrlen;
122 int skt;
123
124 memset(&addr, 0, sizeof(addr));
125 addr.ss_family = family;
126
127 /* precalculate constants depending on address family */
128 switch (family)
129 {
130 case AF_INET:
131 {
132 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
133
134 htoun32(&sin->sin_addr.s_addr, INADDR_ANY);
135 htoun16(&sin->sin_port, port);
136 addrlen = sizeof(struct sockaddr_in);
137 break;
138 }
139 case AF_INET6:
140 {
141 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
142
143 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
144 htoun16(&sin6->sin6_port, port);
145 addrlen = sizeof(struct sockaddr_in6);
146 break;
147 }
148 default:
149 return 0;
150 }
151
152 /* open the socket */
153 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
154 if (skt < 0)
155 {
156 DBG1(DBG_CFG, "opening RADIUS socket failed: %s", strerror(errno));
157 return 0;
158 }
159 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
160 {
161 DBG1(DBG_CFG, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
162 close(skt);
163 return 0;
164 }
165
166 /* bind the socket */
167 if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
168 {
169 DBG1(DBG_CFG, "unable to bind RADIUS socket: %s", strerror(errno));
170 close(skt);
171 return 0;
172 }
173
174 return skt;
175 }
176
177 /**
178 * Send a RADIUS message to client
179 */
180 static void send_message(private_tnc_pdp_t *this, radius_message_t *message,
181 host_t *client)
182 {
183 int fd;
184 chunk_t data;
185
186 fd = (client->get_family(client) == AF_INET) ? this->ipv4 : this->ipv6;
187 data = message->get_encoding(message);
188
189 DBG2(DBG_CFG, "sending RADIUS packet to %#H", client);
190 DBG3(DBG_CFG, "%B", &data);
191
192 if (sendto(fd, data.ptr, data.len, 0, client->get_sockaddr(client),
193 *client->get_sockaddr_len(client)) != data.len)
194 {
195 DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno));
196 }
197 }
198
199 /**
200 * Encrypt a MS-MPPE-Send/Recv-Key
201 */
202 static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type,
203 chunk_t key, u_int16_t *salt,
204 radius_message_t *request)
205 {
206 chunk_t a, r, seed, data;
207 u_char b[HASH_SIZE_MD5], *c;
208 mppe_key_t *mppe_key;
209
210 /**
211 * From RFC2548 (encryption):
212 * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1)
213 * b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2)
214 * . . .
215 * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i)
216 */
217
218 data = chunk_alloc(sizeof(mppe_key_t) +
219 HASH_SIZE_MD5 * (1 + key.len / HASH_SIZE_MD5));
220 memset(data.ptr, 0x00, data.len);
221
222 mppe_key = (mppe_key_t*)data.ptr;
223 mppe_key->id = htonl(PEN_MICROSOFT);
224 mppe_key->type = type;
225 mppe_key->length = data.len - sizeof(mppe_key->id);
226 mppe_key->key[0] = key.len;
227
228 memcpy(&mppe_key->key[1], key.ptr, key.len);
229
230 /**
231 * generate a 16 bit unique random salt value for the MPPE stream cipher
232 * the MSB of the salt MUST be set to 1
233 */
234 a = chunk_create((u_char*)&(mppe_key->salt), sizeof(mppe_key->salt));
235 do
236 {
237 if (!this->ng->get_nonce(this->ng, a.len, a.ptr))
238 {
239 free(data.ptr);
240 return chunk_empty;
241 }
242 *a.ptr |= 0x80;
243 }
244 while (mppe_key->salt == *salt);
245
246 /* update the salt value */
247 *salt = mppe_key->salt;
248
249 r = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5);
250 seed = chunk_cata("cc", r, a);
251
252 c = mppe_key->key;
253 while (c < data.ptr + data.len)
254 {
255 /* b(i) = MD5(S + c(i-1)) */
256 if (!this->hasher->get_hash(this->hasher, this->secret, NULL) ||
257 !this->hasher->get_hash(this->hasher, seed, b))
258 {
259 free(data.ptr);
260 return chunk_empty;
261 }
262
263 /* c(i) = b(i) xor p(1) */
264 memxor(c, b, HASH_SIZE_MD5);
265
266 /* prepare next round */
267 seed = chunk_create(c, HASH_SIZE_MD5);
268 c += HASH_SIZE_MD5;
269 }
270
271 return data;
272 }
273
274 /**
275 * Send a RADIUS response for a request
276 */
277 static void send_response(private_tnc_pdp_t *this, radius_message_t *request,
278 radius_message_code_t code, eap_payload_t *eap,
279 identification_t *group, chunk_t msk, host_t *client)
280 {
281 radius_message_t *response;
282 chunk_t data, recv, send;
283 u_int32_t tunnel_type;
284 u_int16_t salt = 0;
285
286 response = radius_message_create(code);
287 data = eap->get_data(eap);
288 DBG3(DBG_CFG, "%N payload %B", eap_type_names, this->type, &data);
289
290 /* fragment data suitable for RADIUS */
291 while (data.len > MAX_RADIUS_ATTRIBUTE_SIZE)
292 {
293 response->add(response, RAT_EAP_MESSAGE,
294 chunk_create(data.ptr, MAX_RADIUS_ATTRIBUTE_SIZE));
295 data = chunk_skip(data, MAX_RADIUS_ATTRIBUTE_SIZE);
296 }
297 response->add(response, RAT_EAP_MESSAGE, data);
298
299 if (group)
300 {
301 tunnel_type = RADIUS_TUNNEL_TYPE_ESP;
302 htoun32(data.ptr, tunnel_type);
303 data.len = sizeof(tunnel_type);
304 response->add(response, RAT_TUNNEL_TYPE, data);
305 response->add(response, RAT_FILTER_ID, group->get_encoding(group));
306 }
307 if (msk.len)
308 {
309 recv = chunk_create(msk.ptr, msk.len / 2);
310 data = encrypt_mppe_key(this, MS_MPPE_RECV_KEY, recv, &salt, request);
311 response->add(response, RAT_VENDOR_SPECIFIC, data);
312 chunk_free(&data);
313
314 send = chunk_create(msk.ptr + recv.len, msk.len - recv.len);
315 data = encrypt_mppe_key(this, MS_MPPE_SEND_KEY, send, &salt, request);
316 response->add(response, RAT_VENDOR_SPECIFIC, data);
317 chunk_free(&data);
318 }
319 response->set_identifier(response, request->get_identifier(request));
320 if (response->sign(response, request->get_authenticator(request),
321 this->secret, this->hasher, this->signer, NULL, TRUE))
322 {
323 DBG1(DBG_CFG, "sending RADIUS %N to client '%H'",
324 radius_message_code_names, code, client);
325 send_message(this, response, client);
326 }
327 response->destroy(response);
328 }
329
330 /**
331 * Process EAP message
332 */
333 static void process_eap(private_tnc_pdp_t *this, radius_message_t *request,
334 host_t *source)
335 {
336 enumerator_t *enumerator;
337 eap_payload_t *in, *out = NULL;
338 eap_method_t *method;
339 eap_type_t eap_type;
340 u_int32_t eap_vendor;
341 chunk_t data, message = chunk_empty, msk = chunk_empty;
342 chunk_t user_name = chunk_empty, nas_id = chunk_empty;
343 identification_t *group = NULL;
344 radius_message_code_t code = RMC_ACCESS_CHALLENGE;
345 int type;
346
347 enumerator = request->create_enumerator(request);
348 while (enumerator->enumerate(enumerator, &type, &data))
349 {
350 switch (type)
351 {
352 case RAT_USER_NAME:
353 user_name = data;
354 break;
355 case RAT_NAS_IDENTIFIER:
356 nas_id = data;
357 break;
358 case RAT_EAP_MESSAGE:
359 if (data.len)
360 {
361 message = chunk_cat("mc", message, data);
362 }
363 break;
364 default:
365 break;
366 }
367 }
368 enumerator->destroy(enumerator);
369
370 if (message.len)
371 {
372 in = eap_payload_create_data(message);
373
374 /* apply EAP method selected by RADIUS server */
375 eap_type = in->get_type(in, &eap_vendor);
376
377 DBG3(DBG_CFG, "%N payload %B", eap_type_names, eap_type, &message);
378
379 if (eap_type == EAP_IDENTITY)
380 {
381 identification_t *peer;
382 chunk_t eap_identity;
383
384 if (message.len < 5)
385 {
386 goto end;
387 }
388 eap_identity = chunk_create(message.ptr + 5, message.len - 5);
389 peer = identification_create_from_data(eap_identity);
390 method = charon->eap->create_instance(charon->eap, this->type,
391 0, EAP_SERVER, this->server, peer);
392 if (!method)
393 {
394 peer->destroy(peer);
395 goto end;
396 }
397 this->connections->add(this->connections, nas_id, user_name, peer,
398 method);
399 if (method->initiate(method, &out) == NEED_MORE)
400 {
401 send_response(this, request, code, out, group, msk, source);
402 }
403 }
404 else
405 {
406 ike_sa_t *ike_sa;
407 auth_cfg_t *auth;
408 auth_rule_t type;
409 identification_t *data;
410 enumerator_t *e;
411
412 method = this->connections->get_state(this->connections, nas_id,
413 user_name, &ike_sa);
414 if (!method)
415 {
416 goto end;
417 }
418 charon->bus->set_sa(charon->bus, ike_sa);
419
420 switch (method->process(method, in, &out))
421 {
422 case NEED_MORE:
423 code = RMC_ACCESS_CHALLENGE;
424 break;
425 case SUCCESS:
426 code = RMC_ACCESS_ACCEPT;
427 method->get_msk(method, &msk);
428 auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
429 e = auth->create_enumerator(auth);
430 while (e->enumerate(e, &type, &data))
431 {
432 /* look for group memberships */
433 if (type == AUTH_RULE_GROUP)
434 {
435 group = data;
436 }
437 }
438 e->destroy(e);
439
440 DESTROY_IF(out);
441 out = eap_payload_create_code(EAP_SUCCESS,
442 in->get_identifier(in));
443 break;
444 case FAILED:
445 default:
446 code = RMC_ACCESS_REJECT;
447 DESTROY_IF(out);
448 out = eap_payload_create_code(EAP_FAILURE,
449 in->get_identifier(in));
450 }
451 charon->bus->set_sa(charon->bus, NULL);
452 send_response(this, request, code, out, group, msk, source);
453 this->connections->unlock(this->connections);
454 }
455
456 if (code == RMC_ACCESS_ACCEPT || code == RMC_ACCESS_REJECT)
457 {
458 this->connections->remove(this->connections, nas_id, user_name);
459 }
460
461 out->destroy(out);
462 end:
463 free(message.ptr);
464 in->destroy(in);
465 }
466 }
467
468 /**
469 * Process packets received on the RADIUS socket
470 */
471 static bool receive(private_tnc_pdp_t *this, int fd, watcher_event_t event)
472 {
473 radius_message_t *request;
474 char buffer[MAX_PACKET];
475 int bytes_read = 0;
476 host_t *source;
477 union {
478 struct sockaddr_in in4;
479 struct sockaddr_in6 in6;
480 } src;
481 struct iovec iov = {
482 .iov_base = buffer,
483 .iov_len = MAX_PACKET,
484 };
485 struct msghdr msg = {
486 .msg_name = &src,
487 .msg_namelen = sizeof(src),
488 .msg_iov = &iov,
489 .msg_iovlen = 1,
490 };
491
492 /* read received packet */
493 bytes_read = recvmsg(fd, &msg, 0);
494 if (bytes_read < 0)
495 {
496 DBG1(DBG_CFG, "error reading RADIUS socket: %s", strerror(errno));
497 return FALSE;
498 }
499 if (msg.msg_flags & MSG_TRUNC)
500 {
501 DBG1(DBG_CFG, "receive buffer too small, RADIUS packet discarded");
502 return FALSE;
503 }
504 source = host_create_from_sockaddr((sockaddr_t*)&src);
505 DBG2(DBG_CFG, "received RADIUS packet from %#H", source);
506 DBG3(DBG_CFG, "%b", buffer, bytes_read);
507 request = radius_message_parse(chunk_create(buffer, bytes_read));
508 if (request)
509 {
510 DBG1(DBG_CFG, "received RADIUS %N from client '%H'",
511 radius_message_code_names, request->get_code(request), source);
512
513 if (request->verify(request, NULL, this->secret, this->hasher,
514 this->signer))
515 {
516 process_eap(this, request, source);
517 }
518 request->destroy(request);
519 }
520 else
521 {
522 DBG1(DBG_CFG, "received invalid RADIUS message, ignored");
523 }
524 source->destroy(source);
525 return TRUE;
526 }
527
528 METHOD(tnc_pdp_t, destroy, void,
529 private_tnc_pdp_t *this)
530 {
531 if (this->ipv4)
532 {
533 lib->watcher->remove(lib->watcher, this->ipv4);
534 close(this->ipv4);
535 }
536 if (this->ipv6)
537 {
538 lib->watcher->remove(lib->watcher, this->ipv6);
539 close(this->ipv6);
540 }
541 DESTROY_IF(this->server);
542 DESTROY_IF(this->pt_tls_dispatcher);
543 DESTROY_IF(this->signer);
544 DESTROY_IF(this->hasher);
545 DESTROY_IF(this->ng);
546 DESTROY_IF(this->connections);
547 free(this);
548 }
549
550 /*
551 * see header file
552 */
553 tnc_pdp_t *tnc_pdp_create(void)
554 {
555 private_tnc_pdp_t *this;
556 char *secret, *server, *eap_type_str;
557 int radius_port, pt_tls_port;
558 identification_t *id;
559 host_t *host;
560
561 server = lib->settings->get_str(lib->settings,
562 "%s.plugins.tnc-pdp.server", NULL, charon->name);
563 pt_tls_port = lib->settings->get_int(lib->settings,
564 "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, charon->name);
565 radius_port = lib->settings->get_int(lib->settings,
566 "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, charon->name);
567 secret = lib->settings->get_str(lib->settings,
568 "%s.plugins.tnc-pdp.radius.secret", NULL, charon->name);
569 eap_type_str = lib->settings->get_str(lib->settings,
570 "%s.plugins.tnc-pdp.radius.method", "ttls", charon->name);
571
572 if (!server)
573 {
574 DBG1(DBG_CFG, "missing PDP server name, PDP disabled");
575 return NULL;
576 }
577 if (!secret)
578 {
579 DBG1(DBG_CFG, "missing RADIUS secret, PDP disabled");
580 return NULL;
581 }
582
583 host = host_create_from_dns(server, AF_UNSPEC, pt_tls_port);
584 if (!host)
585 {
586 DBG1(DBG_CFG, "could not resolve server name");
587 return NULL;
588 }
589 id = identification_create_from_string(server);
590
591 INIT(this,
592 .public = {
593 .destroy = _destroy,
594 },
595 .server = id,
596 .pt_tls_dispatcher = pt_tls_dispatcher_create(host, id, PT_TLS_AUTH_NONE),
597 .ipv4 = open_socket(AF_INET, radius_port),
598 .ipv6 = open_socket(AF_INET6, radius_port),
599 .secret = chunk_from_str(secret),
600 .type = eap_type_from_string(eap_type_str),
601 .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
602 .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
603 .ng = lib->crypto->create_nonce_gen(lib->crypto),
604 .connections = tnc_pdp_connections_create(),
605 );
606
607 if (!this->hasher || !this->signer || !this->ng)
608 {
609 DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/NG required");
610 destroy(this);
611 return NULL;
612 }
613
614 if (!this->ipv4 && !this->ipv6)
615 {
616 DBG1(DBG_NET, "could not create any RADIUS sockets");
617 destroy(this);
618 return NULL;
619 }
620 if (this->ipv4)
621 {
622 lib->watcher->add(lib->watcher, this->ipv4, WATCHER_READ,
623 (watcher_cb_t)receive, this);
624 }
625 else
626 {
627 DBG1(DBG_NET, "could not open IPv4 RADIUS socket, IPv4 disabled");
628 }
629 if (this->ipv6)
630 {
631 lib->watcher->add(lib->watcher, this->ipv6, WATCHER_READ,
632 (watcher_cb_t)receive, this);
633 }
634 else
635 {
636 DBG1(DBG_NET, "could not open IPv6 RADIUS socket, IPv6 disabled");
637 }
638
639 if (!this->signer->set_key(this->signer, this->secret))
640 {
641 DBG1(DBG_CFG, "could not set signer key");
642 destroy(this);
643 return NULL;
644 }
645
646 if (this->type == 0)
647 {
648 DBG1(DBG_CFG, "unrecognized eap method \"%s\"", eap_type_str);
649 destroy(this);
650 return NULL;
651 }
652 DBG1(DBG_IKE, "eap method %N selected", eap_type_names, this->type);
653
654 return &this->public;
655 }