Fix error handling if no PSK found for main mode
[strongswan.git] / src / libcharon / sa / ikev1 / tasks / main_mode.c
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2011 Martin Willi
6 * Copyright (C) 2011 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "main_mode.h"
20
21 #include <string.h>
22
23 #include <daemon.h>
24 #include <sa/ikev1/keymat_v1.h>
25 #include <crypto/diffie_hellman.h>
26 #include <encoding/payloads/sa_payload.h>
27 #include <encoding/payloads/ke_payload.h>
28 #include <encoding/payloads/nonce_payload.h>
29 #include <encoding/payloads/id_payload.h>
30 #include <encoding/payloads/hash_payload.h>
31 #include <sa/ikev1/tasks/xauth.h>
32 #include <sa/ikev1/tasks/mode_config.h>
33 #include <sa/ikev1/tasks/informational.h>
34 #include <sa/ikev1/tasks/isakmp_delete.h>
35 #include <processing/jobs/adopt_children_job.h>
36
37 typedef struct private_main_mode_t private_main_mode_t;
38
39 /**
40 * Private members of a main_mode_t task.
41 */
42 struct private_main_mode_t {
43
44 /**
45 * Public methods and task_t interface.
46 */
47 main_mode_t public;
48
49 /**
50 * Assigned IKE_SA.
51 */
52 ike_sa_t *ike_sa;
53
54 /**
55 * Are we the initiator?
56 */
57 bool initiator;
58
59 /**
60 * IKE config to establish
61 */
62 ike_cfg_t *ike_cfg;
63
64 /**
65 * Peer config to use
66 */
67 peer_cfg_t *peer_cfg;
68
69 /**
70 * Local authentication configuration
71 */
72 auth_cfg_t *my_auth;
73
74 /**
75 * Remote authentication configuration
76 */
77 auth_cfg_t *other_auth;
78
79 /**
80 * selected IKE proposal
81 */
82 proposal_t *proposal;
83
84 /**
85 * DH exchange
86 */
87 diffie_hellman_t *dh;
88
89 /**
90 * Keymat derivation (from SA)
91 */
92 keymat_v1_t *keymat;
93
94 /**
95 * Received public DH value from peer
96 */
97 chunk_t dh_value;
98
99 /**
100 * Initiators nonce
101 */
102 chunk_t nonce_i;
103
104 /**
105 * Responder nonce
106 */
107 chunk_t nonce_r;
108
109 /**
110 * Encoded SA initiator payload used for authentication
111 */
112 chunk_t sa_payload;
113
114 /**
115 * Negotiated SA lifetime
116 */
117 u_int32_t lifetime;
118
119 /**
120 * Negotiated authentication method
121 */
122 auth_method_t auth_method;
123
124 /** states of main mode */
125 enum {
126 MM_INIT,
127 MM_SA,
128 MM_KE,
129 MM_AUTH,
130 } state;
131 };
132
133 /**
134 * Get the first authentcation config from peer config
135 */
136 static auth_cfg_t *get_auth_cfg(peer_cfg_t *peer_cfg, bool local)
137 {
138 enumerator_t *enumerator;
139 auth_cfg_t *cfg = NULL;
140
141 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
142 enumerator->enumerate(enumerator, &cfg);
143 enumerator->destroy(enumerator);
144 return cfg;
145 }
146
147 /**
148 * Create an authenticator, if supported
149 */
150 static authenticator_t *create_authenticator(private_main_mode_t *this,
151 id_payload_t *id)
152 {
153 authenticator_t *authenticator;
154 authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
155 this->auth_method, this->dh,
156 this->dh_value, this->sa_payload,
157 id->get_encoded(id));
158 if (!authenticator)
159 {
160 DBG1(DBG_IKE, "negotiated authentication method %N not supported",
161 auth_method_names, this->auth_method);
162 }
163 return authenticator;
164 }
165
166 /**
167 * Save the encoded SA payload of a message
168 */
169 static bool save_sa_payload(private_main_mode_t *this, message_t *message)
170 {
171 enumerator_t *enumerator;
172 payload_t *payload, *sa = NULL;
173 chunk_t data;
174 size_t offset = IKE_HEADER_LENGTH;
175
176 enumerator = message->create_payload_enumerator(message);
177 while (enumerator->enumerate(enumerator, &payload))
178 {
179 if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1)
180 {
181 sa = payload;
182 break;
183 }
184 else
185 {
186 offset += payload->get_length(payload);
187 }
188 }
189 enumerator->destroy(enumerator);
190
191 data = message->get_packet_data(message);
192 if (sa && data.len >= offset + sa->get_length(sa))
193 {
194 /* Get SA payload without 4 byte fixed header */
195 data = chunk_skip(data, offset);
196 data.len = sa->get_length(sa);
197 data = chunk_skip(data, 4);
198 this->sa_payload = chunk_clone(data);
199 return TRUE;
200 }
201 return FALSE;
202 }
203
204 /**
205 * Generate and add NONCE, KE payload
206 */
207 static bool add_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
208 message_t *message)
209 {
210 nonce_payload_t *nonce_payload;
211 ke_payload_t *ke_payload;
212 rng_t *rng;
213
214 ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
215 this->dh);
216 message->add_payload(message, &ke_payload->payload_interface);
217
218 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
219 if (!rng)
220 {
221 DBG1(DBG_IKE, "no RNG found to create nonce");
222 return FALSE;
223 }
224 rng->allocate_bytes(rng, NONCE_SIZE, nonce);
225 rng->destroy(rng);
226
227 nonce_payload = nonce_payload_create(NONCE_V1);
228 nonce_payload->set_nonce(nonce_payload, *nonce);
229 message->add_payload(message, &nonce_payload->payload_interface);
230
231 return TRUE;
232 }
233
234 /**
235 * Extract nonce from NONCE payload, process KE payload
236 */
237 static bool get_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
238 message_t *message)
239 {
240 nonce_payload_t *nonce_payload;
241 ke_payload_t *ke_payload;
242
243 ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1);
244 if (!ke_payload)
245 {
246 DBG1(DBG_IKE, "KE payload missing in message");
247 return FALSE;
248 }
249 this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload));
250 this->dh->set_other_public_value(this->dh, this->dh_value);
251
252 nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1);
253 if (!nonce_payload)
254 {
255 DBG1(DBG_IKE, "NONCE payload missing in message");
256 return FALSE;
257 }
258 *nonce = nonce_payload->get_nonce(nonce_payload);
259
260 return TRUE;
261 }
262
263 /**
264 * Get the two auth classes from local or remote config
265 */
266 static void get_auth_class(peer_cfg_t *peer_cfg, bool local,
267 auth_class_t *c1, auth_class_t *c2)
268 {
269 enumerator_t *enumerator;
270 auth_cfg_t *auth;
271
272 *c1 = *c2 = AUTH_CLASS_ANY;
273
274 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
275 while (enumerator->enumerate(enumerator, &auth))
276 {
277 if (*c1 == AUTH_CLASS_ANY)
278 {
279 *c1 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
280 }
281 else
282 {
283 *c2 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
284 break;
285 }
286 }
287 enumerator->destroy(enumerator);
288 }
289
290 /**
291 * Get auth method to use from a peer config
292 */
293 static auth_method_t get_auth_method(private_main_mode_t *this,
294 peer_cfg_t *peer_cfg)
295 {
296 auth_class_t i1, i2, r1, r2;
297
298 get_auth_class(peer_cfg, this->initiator, &i1, &i2);
299 get_auth_class(peer_cfg, !this->initiator, &r1, &r2);
300
301 if (i1 == AUTH_CLASS_PUBKEY && r1 == AUTH_CLASS_PUBKEY)
302 {
303 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
304 {
305 /* TODO-IKEv1: ECDSA? */
306 return AUTH_RSA;
307 }
308 if (i2 == AUTH_CLASS_XAUTH)
309 {
310 return AUTH_XAUTH_INIT_RSA;
311 }
312 if (r2 == AUTH_CLASS_XAUTH)
313 {
314 return AUTH_XAUTH_RESP_RSA;
315 }
316 }
317 if (i1 == AUTH_CLASS_PSK && r1 == AUTH_CLASS_PSK)
318 {
319 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
320 {
321 return AUTH_PSK;
322 }
323 if (i2 == AUTH_CLASS_XAUTH)
324 {
325 return AUTH_XAUTH_INIT_PSK;
326 }
327 if (r2 == AUTH_CLASS_XAUTH)
328 {
329 return AUTH_XAUTH_RESP_PSK;
330 }
331 }
332 if (i1 == AUTH_CLASS_XAUTH && r1 == AUTH_CLASS_PUBKEY &&
333 i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
334 {
335 return AUTH_HYBRID_INIT_RSA;
336 }
337 return AUTH_NONE;
338 }
339
340 /**
341 * Check if a peer skipped authentication by using Hybrid authentication
342 */
343 static bool skipped_auth(private_main_mode_t *this, bool local)
344 {
345 bool initiator;
346
347 initiator = local == this->initiator;
348 if (initiator && this->auth_method == AUTH_HYBRID_INIT_RSA)
349 {
350 return TRUE;
351 }
352 if (!initiator && this->auth_method == AUTH_HYBRID_RESP_RSA)
353 {
354 return TRUE;
355 }
356 return FALSE;
357 }
358
359 /**
360 * Check if remote authentication constraints fulfilled
361 */
362 static bool check_constraints(private_main_mode_t *this)
363 {
364 identification_t *id;
365 auth_cfg_t *auth;
366
367 auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
368 /* auth identity to comply */
369 id = this->ike_sa->get_other_id(this->ike_sa);
370 auth->add(auth, AUTH_RULE_IDENTITY, id->clone(id));
371 if (skipped_auth(this, FALSE))
372 {
373 return TRUE;
374 }
375 return auth->complies(auth, this->other_auth, TRUE);
376 }
377
378 /**
379 * Save authentication information after authentication succeeded
380 */
381 static void save_auth_cfg(private_main_mode_t *this, bool local)
382 {
383 auth_cfg_t *auth;
384
385 if (skipped_auth(this, local))
386 {
387 return;
388 }
389 auth = auth_cfg_create();
390 /* for local config, we _copy_ entires from the config, as it contains
391 * certificates we must send later. */
392 auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
393 this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
394 }
395
396 /**
397 * Select the best configuration as responder
398 */
399 static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id)
400 {
401 enumerator_t *enumerator;
402 peer_cfg_t *current, *found = NULL;
403 host_t *me, *other;
404
405 me = this->ike_sa->get_my_host(this->ike_sa);
406 other = this->ike_sa->get_other_host(this->ike_sa);
407 DBG1(DBG_CFG, "looking for %N peer configs matching %H...%H[%Y]",
408 auth_method_names, this->auth_method, me, other, id);
409 enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
410 me, other, NULL, id, IKEV1);
411 while (enumerator->enumerate(enumerator, &current))
412 {
413 if (get_auth_method(this, current) == this->auth_method)
414 {
415 found = current->get_ref(current);
416 break;
417 }
418 }
419 enumerator->destroy(enumerator);
420
421 if (found)
422 {
423 DBG2(DBG_CFG, "selected peer config \"%s\"", found->get_name(found));
424 }
425 return found;
426 }
427
428 /**
429 * Check for notify errors, return TRUE if error found
430 */
431 static bool has_notify_errors(private_main_mode_t *this, message_t *message)
432 {
433 enumerator_t *enumerator;
434 payload_t *payload;
435 bool err = FALSE;
436
437 enumerator = message->create_payload_enumerator(message);
438 while (enumerator->enumerate(enumerator, &payload))
439 {
440 if (payload->get_type(payload) == NOTIFY_V1)
441 {
442 notify_payload_t *notify;
443 notify_type_t type;
444
445 notify = (notify_payload_t*)payload;
446 type = notify->get_notify_type(notify);
447 if (type < 16384)
448 {
449 DBG1(DBG_IKE, "received %N error notify",
450 notify_type_names, type);
451 err = TRUE;
452 }
453 else if (type == INITIAL_CONTACT_IKEV1)
454 {
455 if (!this->initiator && this->state == MM_AUTH)
456 {
457 /* If authenticated and received INITIAL_CONTACT,
458 * delete any existing IKE_SAs with that peer.
459 * The delete takes place when the SA is checked in due
460 * to other id not known until the 3rd message.*/
461 this->ike_sa->set_condition(this->ike_sa,
462 COND_INIT_CONTACT_SEEN, TRUE);
463 }
464 }
465 else
466 {
467 DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
468 }
469 }
470 }
471 enumerator->destroy(enumerator);
472
473 return err;
474 }
475
476 /**
477 * Queue a task sending a notify in an INFORMATIONAL exchange
478 */
479 static status_t send_notify(private_main_mode_t *this, notify_type_t type)
480 {
481 notify_payload_t *notify;
482 ike_sa_id_t *ike_sa_id;
483 u_int64_t spi_i, spi_r;
484 chunk_t spi;
485
486 notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
487 PROTO_IKE, type);
488 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
489 spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
490 spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
491 spi = chunk_cata("cc", chunk_from_thing(spi_i), chunk_from_thing(spi_r));
492 notify->set_spi_data(notify, spi);
493
494 this->ike_sa->queue_task(this->ike_sa,
495 (task_t*)informational_create(this->ike_sa, notify));
496 /* cancel all active/passive tasks in favour of informational */
497 return ALREADY_DONE;
498 }
499
500 /**
501 * Queue a delete task if authentication failed as initiator
502 */
503 static status_t send_delete(private_main_mode_t *this)
504 {
505 this->ike_sa->queue_task(this->ike_sa,
506 (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
507 /* cancel all active tasks in favour of informational */
508 return ALREADY_DONE;
509 }
510
511 METHOD(task_t, build_i, status_t,
512 private_main_mode_t *this, message_t *message)
513 {
514 switch (this->state)
515 {
516 case MM_INIT:
517 {
518 sa_payload_t *sa_payload;
519 linked_list_t *proposals;
520 packet_t *packet;
521
522 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
523 DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
524 this->ike_sa->get_name(this->ike_sa),
525 this->ike_sa->get_unique_id(this->ike_sa),
526 this->ike_sa->get_other_host(this->ike_sa));
527 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
528
529 this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
530 this->peer_cfg->get_ref(this->peer_cfg);
531
532 this->my_auth = get_auth_cfg(this->peer_cfg, TRUE);
533 this->other_auth = get_auth_cfg(this->peer_cfg, FALSE);
534 if (!this->my_auth || !this->other_auth)
535 {
536 DBG1(DBG_CFG, "no auth config found");
537 return FAILED;
538 }
539 this->auth_method = get_auth_method(this, this->peer_cfg);
540 if (this->auth_method == AUTH_NONE)
541 {
542 DBG1(DBG_CFG, "configuration uses unsupported authentication");
543 return FAILED;
544 }
545 this->lifetime = this->peer_cfg->get_reauth_time(this->peer_cfg,
546 FALSE);
547 if (!this->lifetime)
548 { /* fall back to rekey time of no rekey time configured */
549 this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
550 FALSE);
551 }
552 this->lifetime += this->peer_cfg->get_over_time(this->peer_cfg);
553 proposals = this->ike_cfg->get_proposals(this->ike_cfg);
554 sa_payload = sa_payload_create_from_proposals_v1(proposals,
555 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
556 proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
557
558 message->add_payload(message, &sa_payload->payload_interface);
559
560 /* pregenerate message to store SA payload */
561 if (this->ike_sa->generate_message(this->ike_sa, message,
562 &packet) != SUCCESS)
563 {
564 DBG1(DBG_IKE, "pregenerating SA payload failed");
565 return FAILED;
566 }
567 packet->destroy(packet);
568 if (!save_sa_payload(this, message))
569 {
570 DBG1(DBG_IKE, "SA payload invalid");
571 return FAILED;
572 }
573
574 this->state = MM_SA;
575 return NEED_MORE;
576 }
577 case MM_SA:
578 {
579 u_int16_t group;
580
581 if (!this->keymat->create_hasher(this->keymat, this->proposal))
582 {
583 return send_notify(this, NO_PROPOSAL_CHOSEN);
584 }
585 if (!this->proposal->get_algorithm(this->proposal,
586 DIFFIE_HELLMAN_GROUP, &group, NULL))
587 {
588 DBG1(DBG_IKE, "DH group selection failed");
589 return send_notify(this, NO_PROPOSAL_CHOSEN);
590 }
591 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
592 group);
593 if (!this->dh)
594 {
595 DBG1(DBG_IKE, "negotiated DH group not supported");
596 return send_notify(this, INVALID_KEY_INFORMATION);
597 }
598 if (!add_nonce_ke(this, &this->nonce_i, message))
599 {
600 return send_notify(this, INVALID_KEY_INFORMATION);
601 }
602 this->state = MM_KE;
603 return NEED_MORE;
604 }
605 case MM_KE:
606 {
607 authenticator_t *authenticator;
608 id_payload_t *id_payload;
609 identification_t *id;
610
611 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
612 if (!id)
613 {
614 DBG1(DBG_CFG, "own identity not known");
615 return send_notify(this, INVALID_ID_INFORMATION);
616 }
617
618 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
619
620 id_payload = id_payload_create_from_identification(ID_V1, id);
621 message->add_payload(message, &id_payload->payload_interface);
622
623 authenticator = create_authenticator(this, id_payload);
624 if (!authenticator || authenticator->build(authenticator,
625 message) != SUCCESS)
626 {
627 DESTROY_IF(authenticator);
628 return send_notify(this, AUTHENTICATION_FAILED);
629 }
630 authenticator->destroy(authenticator);
631 save_auth_cfg(this, TRUE);
632
633 this->state = MM_AUTH;
634 return NEED_MORE;
635 }
636 default:
637 return FAILED;
638 }
639 }
640
641 METHOD(task_t, process_r, status_t,
642 private_main_mode_t *this, message_t *message)
643 {
644 switch (this->state)
645 {
646 case MM_INIT:
647 {
648 linked_list_t *list;
649 sa_payload_t *sa_payload;
650
651 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
652 DBG0(DBG_IKE, "%H is initiating a Main Mode",
653 message->get_source(message));
654 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
655
656 this->ike_sa->update_hosts(this->ike_sa,
657 message->get_destination(message),
658 message->get_source(message), TRUE);
659
660 sa_payload = (sa_payload_t*)message->get_payload(message,
661 SECURITY_ASSOCIATION_V1);
662 if (!sa_payload || !save_sa_payload(this, message))
663 {
664 DBG1(DBG_IKE, "SA payload missing or invalid");
665 return send_notify(this, INVALID_PAYLOAD_TYPE);
666 }
667
668 list = sa_payload->get_proposals(sa_payload);
669 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
670 list, FALSE);
671 list->destroy_offset(list, offsetof(proposal_t, destroy));
672 if (!this->proposal)
673 {
674 DBG1(DBG_IKE, "no proposal found");
675 return send_notify(this, NO_PROPOSAL_CHOSEN);
676 }
677
678 this->auth_method = sa_payload->get_auth_method(sa_payload);
679 this->lifetime = sa_payload->get_lifetime(sa_payload);
680
681 this->state = MM_SA;
682 return NEED_MORE;
683 }
684 case MM_SA:
685 {
686 u_int16_t group;
687
688 if (!this->keymat->create_hasher(this->keymat, this->proposal))
689 {
690 return send_notify(this, INVALID_KEY_INFORMATION);
691 }
692 if (!this->proposal->get_algorithm(this->proposal,
693 DIFFIE_HELLMAN_GROUP, &group, NULL))
694 {
695 DBG1(DBG_IKE, "DH group selection failed");
696 return send_notify(this, INVALID_KEY_INFORMATION);
697 }
698 this->dh = lib->crypto->create_dh(lib->crypto, group);
699 if (!this->dh)
700 {
701 DBG1(DBG_IKE, "negotiated DH group not supported");
702 return send_notify(this, INVALID_KEY_INFORMATION);
703 }
704 if (!get_nonce_ke(this, &this->nonce_i, message))
705 {
706 return send_notify(this, INVALID_PAYLOAD_TYPE);
707 }
708 this->state = MM_KE;
709 return NEED_MORE;
710 }
711 case MM_KE:
712 {
713 authenticator_t *authenticator;
714 id_payload_t *id_payload;
715 identification_t *id;
716
717 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
718 if (!id_payload)
719 {
720 DBG1(DBG_IKE, "IDii payload missing");
721 return send_notify(this, INVALID_PAYLOAD_TYPE);
722 }
723
724 id = id_payload->get_identification(id_payload);
725 this->ike_sa->set_other_id(this->ike_sa, id);
726 this->peer_cfg = select_config(this, id);
727 if (!this->peer_cfg)
728 {
729 DBG1(DBG_IKE, "no peer config found");
730 return send_notify(this, AUTHENTICATION_FAILED);
731 }
732 this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
733
734 this->my_auth = get_auth_cfg(this->peer_cfg, TRUE);
735 this->other_auth = get_auth_cfg(this->peer_cfg, FALSE);
736 if (!this->my_auth || !this->other_auth)
737 {
738 DBG1(DBG_IKE, "auth config missing");
739 return send_notify(this, AUTHENTICATION_FAILED);
740 }
741
742 authenticator = create_authenticator(this, id_payload);
743 if (!authenticator || authenticator->process(authenticator,
744 message) != SUCCESS)
745 {
746 DESTROY_IF(authenticator);
747 return send_notify(this, AUTHENTICATION_FAILED);
748 }
749 authenticator->destroy(authenticator);
750 if (!check_constraints(this))
751 {
752 return send_notify(this, AUTHENTICATION_FAILED);
753 }
754 save_auth_cfg(this, FALSE);
755
756 this->state = MM_AUTH;
757 if (has_notify_errors(this, message))
758 {
759 return FAILED;
760 }
761 return NEED_MORE;
762 }
763 default:
764 return FAILED;
765 }
766 }
767
768 /**
769 * Lookup a shared secret for this IKE_SA
770 */
771 static shared_key_t *lookup_shared_key(private_main_mode_t *this)
772 {
773 host_t *me, *other;
774 identification_t *my_id, *other_id;
775 shared_key_t *shared_key = NULL;
776
777 /* try to get a PSK for IP addresses */
778 me = this->ike_sa->get_my_host(this->ike_sa);
779 other = this->ike_sa->get_other_host(this->ike_sa);
780 my_id = identification_create_from_sockaddr(me->get_sockaddr(me));
781 other_id = identification_create_from_sockaddr(other->get_sockaddr(other));
782 if (my_id && other_id)
783 {
784 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
785 my_id, other_id);
786 }
787 DESTROY_IF(my_id);
788 DESTROY_IF(other_id);
789 if (shared_key)
790 {
791 return shared_key;
792 }
793
794 if (this->my_auth && this->other_auth)
795 { /* as initiator, use identities from configuraiton */
796 my_id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
797 other_id = this->other_auth->get(this->other_auth, AUTH_RULE_IDENTITY);
798 if (my_id && other_id)
799 {
800 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
801 my_id, other_id);
802 if (!shared_key)
803 {
804 DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
805 my_id, me, other_id, other);
806 }
807 }
808 }
809 else
810 { /* as responder, we try to find a config by IP */
811 enumerator_t *enumerator;
812 auth_cfg_t *my_auth, *other_auth;
813 peer_cfg_t *peer_cfg = NULL;
814
815 enumerator = charon->backends->create_peer_cfg_enumerator(
816 charon->backends, me, other, NULL, NULL, IKEV1);
817 while (enumerator->enumerate(enumerator, &peer_cfg))
818 {
819 my_auth = get_auth_cfg(peer_cfg, TRUE);
820 other_auth = get_auth_cfg(peer_cfg, FALSE);
821 if (my_auth && other_auth)
822 {
823 my_id = my_auth->get(my_auth, AUTH_RULE_IDENTITY);
824 other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
825 if (my_id && other_id)
826 {
827 shared_key = lib->credmgr->get_shared(lib->credmgr,
828 SHARED_IKE, my_id, other_id);
829 if (shared_key)
830 {
831 break;
832 }
833 else
834 {
835 DBG1(DBG_IKE, "no shared key found for "
836 "'%Y'[%H] - '%Y'[%H]", my_id, me, other_id, other);
837 }
838 }
839 }
840 }
841 enumerator->destroy(enumerator);
842 if (!peer_cfg)
843 {
844 DBG1(DBG_IKE, "no shared key found for %H - %H", me, other);
845 }
846 }
847 return shared_key;
848 }
849
850 /**
851 * Derive key material for this IKE_SA
852 */
853 static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
854 chunk_t nonce_r)
855 {
856 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
857 shared_key_t *shared_key = NULL;
858
859 switch (this->auth_method)
860 {
861 case AUTH_PSK:
862 case AUTH_XAUTH_INIT_PSK:
863 case AUTH_XAUTH_RESP_PSK:
864 shared_key = lookup_shared_key(this);
865 if (!shared_key)
866 {
867 return FALSE;
868 }
869 break;
870 default:
871 break;
872 }
873 if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
874 this->dh_value, nonce_i, nonce_r, id, this->auth_method, shared_key))
875 {
876 DESTROY_IF(shared_key);
877 DBG1(DBG_IKE, "key derivation for %N failed",
878 auth_method_names, this->auth_method);
879 return FALSE;
880 }
881 DESTROY_IF(shared_key);
882 charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, nonce_i, nonce_r,
883 NULL);
884
885 return TRUE;
886 }
887
888 /**
889 * Set IKE_SA to established state
890 */
891 static void establish(private_main_mode_t *this)
892 {
893 DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
894 this->ike_sa->get_name(this->ike_sa),
895 this->ike_sa->get_unique_id(this->ike_sa),
896 this->ike_sa->get_my_host(this->ike_sa),
897 this->ike_sa->get_my_id(this->ike_sa),
898 this->ike_sa->get_other_host(this->ike_sa),
899 this->ike_sa->get_other_id(this->ike_sa));
900
901 this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
902 charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
903 }
904
905 METHOD(task_t, build_r, status_t,
906 private_main_mode_t *this, message_t *message)
907 {
908 switch (this->state)
909 {
910 case MM_SA:
911 {
912 sa_payload_t *sa_payload;
913
914 sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
915 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
916 message->add_payload(message, &sa_payload->payload_interface);
917
918 return NEED_MORE;
919 }
920 case MM_KE:
921 {
922 if (!add_nonce_ke(this, &this->nonce_r, message))
923 {
924 return send_notify(this, INVALID_KEY_INFORMATION);
925 }
926 if (!derive_keys(this, this->nonce_i, this->nonce_r))
927 {
928 return send_notify(this, INVALID_KEY_INFORMATION);
929 }
930 return NEED_MORE;
931 }
932 case MM_AUTH:
933 {
934 authenticator_t *authenticator;
935 id_payload_t *id_payload;
936 identification_t *id;
937
938 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
939 if (!id)
940 {
941 DBG1(DBG_CFG, "own identity not known");
942 return send_notify(this, INVALID_ID_INFORMATION);
943 }
944 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
945
946 id_payload = id_payload_create_from_identification(ID_V1, id);
947 message->add_payload(message, &id_payload->payload_interface);
948
949 authenticator = create_authenticator(this, id_payload);
950 if (!authenticator || authenticator->build(authenticator,
951 message) != SUCCESS)
952 {
953 DESTROY_IF(authenticator);
954 return send_notify(this, AUTHENTICATION_FAILED);
955 }
956 authenticator->destroy(authenticator);
957 save_auth_cfg(this, TRUE);
958
959 switch (this->auth_method)
960 {
961 case AUTH_XAUTH_INIT_PSK:
962 case AUTH_XAUTH_INIT_RSA:
963 case AUTH_HYBRID_INIT_RSA:
964 this->ike_sa->queue_task(this->ike_sa,
965 (task_t*)xauth_create(this->ike_sa, TRUE));
966 return SUCCESS;
967 case AUTH_XAUTH_RESP_PSK:
968 case AUTH_XAUTH_RESP_RSA:
969 case AUTH_HYBRID_RESP_RSA:
970 /* TODO-IKEv1: not yet supported */
971 return FAILED;
972 default:
973 establish(this);
974 lib->processor->queue_job(lib->processor, (job_t*)
975 adopt_children_job_create(
976 this->ike_sa->get_id(this->ike_sa)));
977 return SUCCESS;
978 }
979 }
980 default:
981 return FAILED;
982 }
983 }
984
985 METHOD(task_t, process_i, status_t,
986 private_main_mode_t *this, message_t *message)
987 {
988 switch (this->state)
989 {
990 case MM_SA:
991 {
992 linked_list_t *list;
993 sa_payload_t *sa_payload;
994 auth_method_t auth_method;
995 u_int32_t lifetime;
996
997 sa_payload = (sa_payload_t*)message->get_payload(message,
998 SECURITY_ASSOCIATION_V1);
999 if (!sa_payload)
1000 {
1001 DBG1(DBG_IKE, "SA payload missing");
1002 return send_notify(this, INVALID_PAYLOAD_TYPE);
1003 }
1004 list = sa_payload->get_proposals(sa_payload);
1005 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
1006 list, FALSE);
1007 list->destroy_offset(list, offsetof(proposal_t, destroy));
1008 if (!this->proposal)
1009 {
1010 DBG1(DBG_IKE, "no proposal found");
1011 return send_notify(this, NO_PROPOSAL_CHOSEN);
1012 }
1013
1014 lifetime = sa_payload->get_lifetime(sa_payload);
1015 if (lifetime != this->lifetime)
1016 {
1017 DBG1(DBG_IKE, "received lifetime %us does not match configured "
1018 "lifetime %us", lifetime, this->lifetime);
1019 }
1020 this->lifetime = lifetime;
1021 auth_method = sa_payload->get_auth_method(sa_payload);
1022 if (auth_method != this->auth_method)
1023 {
1024 DBG1(DBG_IKE, "received %N authentication, but configured %N, "
1025 "continue with configured", auth_method_names, auth_method,
1026 auth_method_names, this->auth_method);
1027 }
1028 return NEED_MORE;
1029 }
1030 case MM_KE:
1031 {
1032 if (!get_nonce_ke(this, &this->nonce_r, message))
1033 {
1034 return send_notify(this, INVALID_PAYLOAD_TYPE);
1035 }
1036 if (!derive_keys(this, this->nonce_i, this->nonce_r))
1037 {
1038 return send_notify(this, INVALID_KEY_INFORMATION);
1039 }
1040 return NEED_MORE;
1041 }
1042 case MM_AUTH:
1043 {
1044 authenticator_t *authenticator;
1045 id_payload_t *id_payload;
1046 identification_t *id;
1047
1048 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
1049 if (!id_payload)
1050 {
1051 DBG1(DBG_IKE, "IDir payload missing");
1052 return send_delete(this);
1053 }
1054 id = id_payload->get_identification(id_payload);
1055 if (!id->matches(id, this->other_auth->get(this->other_auth,
1056 AUTH_RULE_IDENTITY)))
1057 {
1058 DBG1(DBG_IKE, "IDir does not match");
1059 id->destroy(id);
1060 return send_delete(this);
1061 }
1062 this->ike_sa->set_other_id(this->ike_sa, id);
1063
1064 authenticator = create_authenticator(this, id_payload);
1065 if (!authenticator || authenticator->process(authenticator,
1066 message) != SUCCESS)
1067 {
1068 DESTROY_IF(authenticator);
1069 return send_delete(this);
1070 }
1071 authenticator->destroy(authenticator);
1072 if (!check_constraints(this))
1073 {
1074 return send_delete(this);
1075 }
1076 save_auth_cfg(this, FALSE);
1077
1078 if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
1079 {
1080 this->ike_sa->queue_task(this->ike_sa,
1081 (task_t*)mode_config_create(this->ike_sa, TRUE));
1082 }
1083
1084 switch (this->auth_method)
1085 {
1086 case AUTH_XAUTH_INIT_PSK:
1087 case AUTH_XAUTH_INIT_RSA:
1088 case AUTH_HYBRID_INIT_RSA:
1089 /* wait for XAUTH request */
1090 return SUCCESS;
1091 case AUTH_XAUTH_RESP_PSK:
1092 case AUTH_XAUTH_RESP_RSA:
1093 case AUTH_HYBRID_RESP_RSA:
1094 /* TODO-IKEv1: not yet */
1095 return FAILED;
1096 default:
1097 establish(this);
1098 return SUCCESS;
1099 }
1100 }
1101 default:
1102 return FAILED;
1103 }
1104 }
1105
1106 METHOD(task_t, get_type, task_type_t,
1107 private_main_mode_t *this)
1108 {
1109 return TASK_MAIN_MODE;
1110 }
1111
1112 METHOD(task_t, migrate, void,
1113 private_main_mode_t *this, ike_sa_t *ike_sa)
1114 {
1115 DESTROY_IF(this->peer_cfg);
1116 DESTROY_IF(this->proposal);
1117 DESTROY_IF(this->dh);
1118 chunk_free(&this->dh_value);
1119 chunk_free(&this->nonce_i);
1120 chunk_free(&this->nonce_r);
1121 chunk_free(&this->sa_payload);
1122
1123 this->ike_sa = ike_sa;
1124 this->keymat = (keymat_v1_t*)ike_sa->get_keymat(ike_sa);
1125 this->state = MM_INIT;
1126 this->peer_cfg = NULL;
1127 this->proposal = NULL;
1128 this->dh = NULL;
1129 }
1130
1131 METHOD(task_t, destroy, void,
1132 private_main_mode_t *this)
1133 {
1134 DESTROY_IF(this->peer_cfg);
1135 DESTROY_IF(this->proposal);
1136 DESTROY_IF(this->dh);
1137 free(this->dh_value.ptr);
1138 free(this->nonce_i.ptr);
1139 free(this->nonce_r.ptr);
1140 free(this->sa_payload.ptr);
1141 free(this);
1142 }
1143
1144 /*
1145 * Described in header.
1146 */
1147 main_mode_t *main_mode_create(ike_sa_t *ike_sa, bool initiator)
1148 {
1149 private_main_mode_t *this;
1150
1151 INIT(this,
1152 .public = {
1153 .task = {
1154 .get_type = _get_type,
1155 .migrate = _migrate,
1156 .destroy = _destroy,
1157 },
1158 },
1159 .ike_sa = ike_sa,
1160 .keymat = (keymat_v1_t*)ike_sa->get_keymat(ike_sa),
1161 .initiator = initiator,
1162 .state = MM_INIT,
1163 );
1164
1165 if (initiator)
1166 {
1167 this->public.task.build = _build_i;
1168 this->public.task.process = _process_i;
1169 }
1170 else
1171 {
1172 this->public.task.build = _build_r;
1173 this->public.task.process = _process_r;
1174 }
1175
1176 return &this->public;
1177 }