projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ike-init: Verify REDIRECT notify before processing IKE_SA_INIT message
[strongswan.git] / src / libcharon / sa / ikev2 / tasks / ike_init.c
1 /*
2 * Copyright (C) 2008-2015 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include "ike_init.h"
19
20 #include <string.h>
21
22 #include <daemon.h>
23 #include <bio/bio_reader.h>
24 #include <bio/bio_writer.h>
25 #include <sa/ikev2/keymat_v2.h>
26 #include <crypto/diffie_hellman.h>
27 #include <crypto/hashers/hash_algorithm_set.h>
28 #include <encoding/payloads/sa_payload.h>
29 #include <encoding/payloads/ke_payload.h>
30 #include <encoding/payloads/nonce_payload.h>
31
32 /** maximum retries to do with cookies/other dh groups */
33 #define MAX_RETRIES 5
34
35 typedef struct private_ike_init_t private_ike_init_t;
36
37 /**
38 * Private members of a ike_init_t task.
39 */
40 struct private_ike_init_t {
41
42 /**
43 * Public methods and task_t interface.
44 */
45 ike_init_t public;
46
47 /**
48 * Assigned IKE_SA.
49 */
50 ike_sa_t *ike_sa;
51
52 /**
53 * Are we the initiator?
54 */
55 bool initiator;
56
57 /**
58 * IKE config to establish
59 */
60 ike_cfg_t *config;
61
62 /**
63 * diffie hellman group to use
64 */
65 diffie_hellman_group_t dh_group;
66
67 /**
68 * diffie hellman key exchange
69 */
70 diffie_hellman_t *dh;
71
72 /**
73 * Applying DH public value failed?
74 */
75 bool dh_failed;
76
77 /**
78 * Keymat derivation (from IKE_SA)
79 */
80 keymat_v2_t *keymat;
81
82 /**
83 * nonce chosen by us
84 */
85 chunk_t my_nonce;
86
87 /**
88 * nonce chosen by peer
89 */
90 chunk_t other_nonce;
91
92 /**
93 * nonce generator
94 */
95 nonce_gen_t *nonceg;
96
97 /**
98 * Negotiated proposal used for IKE_SA
99 */
100 proposal_t *proposal;
101
102 /**
103 * Old IKE_SA which gets rekeyed
104 */
105 ike_sa_t *old_sa;
106
107 /**
108 * cookie received from responder
109 */
110 chunk_t cookie;
111
112 /**
113 * retries done so far after failure (cookie or bad dh group)
114 */
115 u_int retry;
116
117 /**
118 * Whether to use Signature Authentication as per RFC 7427
119 */
120 bool signature_authentication;
121
122 /**
123 * Whether to follow IKEv2 redirects as per RFC 5685
124 */
125 bool follow_redirects;
126 };
127
128 /**
129 * Allocate our own nonce value
130 */
131 static bool generate_nonce(private_ike_init_t *this)
132 {
133 if (!this->nonceg)
134 {
135 DBG1(DBG_IKE, "no nonce generator found to create nonce");
136 return FALSE;
137 }
138 if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE,
139 &this->my_nonce))
140 {
141 DBG1(DBG_IKE, "nonce allocation failed");
142 return FALSE;
143 }
144 return TRUE;
145 }
146
147 /**
148 * Notify the peer about the hash algorithms we support or expect,
149 * as per RFC 7427
150 */
151 static void send_supported_hash_algorithms(private_ike_init_t *this,
152 message_t *message)
153 {
154 hash_algorithm_set_t *algos;
155 enumerator_t *enumerator, *rounds;
156 bio_writer_t *writer;
157 hash_algorithm_t hash;
158 peer_cfg_t *peer;
159 auth_cfg_t *auth;
160 auth_rule_t rule;
161 uintptr_t config;
162 char *plugin_name;
163
164 algos = hash_algorithm_set_create();
165 peer = this->ike_sa->get_peer_cfg(this->ike_sa);
166 if (peer)
167 {
168 rounds = peer->create_auth_cfg_enumerator(peer, FALSE);
169 while (rounds->enumerate(rounds, &auth))
170 {
171 enumerator = auth->create_enumerator(auth);
172 while (enumerator->enumerate(enumerator, &rule, &config))
173 {
174 if (rule == AUTH_RULE_SIGNATURE_SCHEME)
175 {
176 hash = hasher_from_signature_scheme(config);
177 if (hasher_algorithm_for_ikev2(hash))
178 {
179 algos->add(algos, hash);
180 }
181 }
182 }
183 enumerator->destroy(enumerator);
184 }
185 rounds->destroy(rounds);
186 }
187
188 if (!algos->count(algos))
189 {
190 enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
191 while (enumerator->enumerate(enumerator, &hash, &plugin_name))
192 {
193 if (hasher_algorithm_for_ikev2(hash))
194 {
195 algos->add(algos, hash);
196 }
197 }
198 enumerator->destroy(enumerator);
199 }
200
201 if (algos->count(algos))
202 {
203 writer = bio_writer_create(0);
204 enumerator = algos->create_enumerator(algos);
205 while (enumerator->enumerate(enumerator, &hash))
206 {
207 writer->write_uint16(writer, hash);
208 }
209 enumerator->destroy(enumerator);
210 message->add_notify(message, FALSE, SIGNATURE_HASH_ALGORITHMS,
211 writer->get_buf(writer));
212 writer->destroy(writer);
213 }
214 algos->destroy(algos);
215 }
216
217 /**
218 * Store algorithms supported by other peer
219 */
220 static void handle_supported_hash_algorithms(private_ike_init_t *this,
221 notify_payload_t *notify)
222 {
223 bio_reader_t *reader;
224 u_int16_t algo;
225 bool added = FALSE;
226
227 reader = bio_reader_create(notify->get_notification_data(notify));
228 while (reader->remaining(reader) >= 2 && reader->read_uint16(reader, &algo))
229 {
230 if (hasher_algorithm_for_ikev2(algo))
231 {
232 this->keymat->add_hash_algorithm(this->keymat, algo);
233 added = TRUE;
234 }
235 }
236 reader->destroy(reader);
237
238 if (added)
239 {
240 this->ike_sa->enable_extension(this->ike_sa, EXT_SIGNATURE_AUTH);
241 }
242 }
243
244 /**
245 * build the payloads for the message
246 */
247 static bool build_payloads(private_ike_init_t *this, message_t *message)
248 {
249 sa_payload_t *sa_payload;
250 ke_payload_t *ke_payload;
251 nonce_payload_t *nonce_payload;
252 linked_list_t *proposal_list;
253 ike_sa_id_t *id;
254 proposal_t *proposal;
255 enumerator_t *enumerator;
256
257 id = this->ike_sa->get_id(this->ike_sa);
258
259 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
260
261 if (this->initiator)
262 {
263 proposal_list = this->config->get_proposals(this->config);
264 if (this->old_sa)
265 {
266 /* include SPI of new IKE_SA when we are rekeying */
267 enumerator = proposal_list->create_enumerator(proposal_list);
268 while (enumerator->enumerate(enumerator, (void**)&proposal))
269 {
270 proposal->set_spi(proposal, id->get_initiator_spi(id));
271 }
272 enumerator->destroy(enumerator);
273 }
274
275 sa_payload = sa_payload_create_from_proposals_v2(proposal_list);
276 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
277 }
278 else
279 {
280 if (this->old_sa)
281 {
282 /* include SPI of new IKE_SA when we are rekeying */
283 this->proposal->set_spi(this->proposal, id->get_responder_spi(id));
284 }
285 sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
286 }
287 message->add_payload(message, (payload_t*)sa_payload);
288
289 nonce_payload = nonce_payload_create(PLV2_NONCE);
290 nonce_payload->set_nonce(nonce_payload, this->my_nonce);
291 ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
292 this->dh);
293 if (!ke_payload)
294 {
295 DBG1(DBG_IKE, "creating KE payload failed");
296 return FALSE;
297 }
298
299 if (this->old_sa)
300 { /* payload order differs if we are rekeying */
301 message->add_payload(message, (payload_t*)nonce_payload);
302 message->add_payload(message, (payload_t*)ke_payload);
303 }
304 else
305 {
306 message->add_payload(message, (payload_t*)ke_payload);
307 message->add_payload(message, (payload_t*)nonce_payload);
308 }
309
310 /* negotiate fragmentation if we are not rekeying */
311 if (!this->old_sa &&
312 this->config->fragmentation(this->config) != FRAGMENTATION_NO)
313 {
314 if (this->initiator ||
315 this->ike_sa->supports_extension(this->ike_sa,
316 EXT_IKE_FRAGMENTATION))
317 {
318 message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED,
319 chunk_empty);
320 }
321 }
322 /* submit supported hash algorithms for signature authentication */
323 if (!this->old_sa && this->signature_authentication)
324 {
325 if (this->initiator ||
326 this->ike_sa->supports_extension(this->ike_sa,
327 EXT_SIGNATURE_AUTH))
328 {
329 send_supported_hash_algorithms(this, message);
330 }
331 }
332 /* notify other peer if we support redirection */
333 if (!this->old_sa && this->initiator && this->follow_redirects)
334 {
335 identification_t *gateway;
336 host_t *from;
337 chunk_t data;
338
339 from = this->ike_sa->get_redirected_from(this->ike_sa);
340 if (from)
341 {
342 gateway = identification_create_from_sockaddr(
343 from->get_sockaddr(from));
344 data = redirect_data_create(gateway, chunk_empty);
345 message->add_notify(message, FALSE, REDIRECTED_FROM, data);
346 chunk_free(&data);
347 gateway->destroy(gateway);
348 }
349 else
350 {
351 message->add_notify(message, FALSE, REDIRECT_SUPPORTED,
352 chunk_empty);
353 }
354 }
355 return TRUE;
356 }
357
358 /**
359 * Read payloads from message
360 */
361 static void process_payloads(private_ike_init_t *this, message_t *message)
362 {
363 enumerator_t *enumerator;
364 payload_t *payload;
365 ke_payload_t *ke_payload = NULL;
366
367 enumerator = message->create_payload_enumerator(message);
368 while (enumerator->enumerate(enumerator, &payload))
369 {
370 switch (payload->get_type(payload))
371 {
372 case PLV2_SECURITY_ASSOCIATION:
373 {
374 sa_payload_t *sa_payload = (sa_payload_t*)payload;
375 linked_list_t *proposal_list;
376 bool private;
377
378 proposal_list = sa_payload->get_proposals(sa_payload);
379 private = this->ike_sa->supports_extension(this->ike_sa,
380 EXT_STRONGSWAN);
381 this->proposal = this->config->select_proposal(this->config,
382 proposal_list, private);
383 if (!this->proposal)
384 {
385 charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,
386 proposal_list);
387 }
388 proposal_list->destroy_offset(proposal_list,
389 offsetof(proposal_t, destroy));
390 break;
391 }
392 case PLV2_KEY_EXCHANGE:
393 {
394 ke_payload = (ke_payload_t*)payload;
395
396 this->dh_group = ke_payload->get_dh_group_number(ke_payload);
397 break;
398 }
399 case PLV2_NONCE:
400 {
401 nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
402
403 this->other_nonce = nonce_payload->get_nonce(nonce_payload);
404 break;
405 }
406 case PLV2_NOTIFY:
407 {
408 notify_payload_t *notify = (notify_payload_t*)payload;
409
410 switch (notify->get_notify_type(notify))
411 {
412 case FRAGMENTATION_SUPPORTED:
413 this->ike_sa->enable_extension(this->ike_sa,
414 EXT_IKE_FRAGMENTATION);
415 break;
416 case SIGNATURE_HASH_ALGORITHMS:
417 if (this->signature_authentication)
418 {
419 handle_supported_hash_algorithms(this, notify);
420 }
421 break;
422 case REDIRECTED_FROM:
423 {
424 identification_t *gateway;
425 chunk_t data;
426
427 data = notify->get_notification_data(notify);
428 gateway = redirect_data_parse(data, NULL);
429 if (!gateway)
430 {
431 DBG1(DBG_IKE, "received invalid REDIRECTED_FROM "
432 "notify, ignored");
433 break;
434 }
435 DBG1(DBG_IKE, "client got redirected from %Y", gateway);
436 gateway->destroy(gateway);
437 /* fall-through */
438 }
439 case REDIRECT_SUPPORTED:
440 if (!this->old_sa)
441 {
442 this->ike_sa->enable_extension(this->ike_sa,
443 EXT_IKE_REDIRECTION);
444 }
445 break;
446 default:
447 /* other notifies are handled elsewhere */
448 break;
449 }
450
451 }
452 default:
453 break;
454 }
455 }
456 enumerator->destroy(enumerator);
457
458 if (ke_payload && this->proposal &&
459 this->proposal->has_dh_group(this->proposal, this->dh_group))
460 {
461 if (!this->initiator)
462 {
463 this->dh = this->keymat->keymat.create_dh(
464 &this->keymat->keymat, this->dh_group);
465 }
466 if (this->dh)
467 {
468 this->dh_failed = !this->dh->set_other_public_value(this->dh,
469 ke_payload->get_key_exchange_data(ke_payload));
470 }
471 }
472 }
473
474 METHOD(task_t, build_i, status_t,
475 private_ike_init_t *this, message_t *message)
476 {
477 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
478 DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
479 this->ike_sa->get_name(this->ike_sa),
480 this->ike_sa->get_unique_id(this->ike_sa),
481 this->ike_sa->get_other_host(this->ike_sa));
482 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
483
484 if (this->retry >= MAX_RETRIES)
485 {
486 DBG1(DBG_IKE, "giving up after %d retries", MAX_RETRIES);
487 return FAILED;
488 }
489
490 /* if the DH group is set via use_dh_group(), we already have a DH object */
491 if (!this->dh)
492 {
493 this->dh_group = this->config->get_dh_group(this->config);
494 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
495 this->dh_group);
496 if (!this->dh)
497 {
498 DBG1(DBG_IKE, "configured DH group %N not supported",
499 diffie_hellman_group_names, this->dh_group);
500 return FAILED;
501 }
502 }
503
504 /* generate nonce only when we are trying the first time */
505 if (this->my_nonce.ptr == NULL)
506 {
507 if (!generate_nonce(this))
508 {
509 return FAILED;
510 }
511 }
512
513 if (this->cookie.ptr)
514 {
515 message->add_notify(message, FALSE, COOKIE, this->cookie);
516 }
517
518 if (!build_payloads(this, message))
519 {
520 return FAILED;
521 }
522
523 #ifdef ME
524 {
525 chunk_t connect_id = this->ike_sa->get_connect_id(this->ike_sa);
526 if (connect_id.ptr)
527 {
528 message->add_notify(message, FALSE, ME_CONNECTID, connect_id);
529 }
530 }
531 #endif /* ME */
532
533 return NEED_MORE;
534 }
535
536 METHOD(task_t, process_r, status_t,
537 private_ike_init_t *this, message_t *message)
538 {
539 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
540 DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
541 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
542
543 if (!generate_nonce(this))
544 {
545 return FAILED;
546 }
547
548 #ifdef ME
549 {
550 notify_payload_t *notify = message->get_notify(message, ME_CONNECTID);
551 if (notify)
552 {
553 chunk_t connect_id = notify->get_notification_data(notify);
554 DBG2(DBG_IKE, "received ME_CONNECTID %#B", &connect_id);
555 charon->connect_manager->stop_checks(charon->connect_manager,
556 connect_id);
557 }
558 }
559 #endif /* ME */
560
561 process_payloads(this, message);
562
563 return NEED_MORE;
564 }
565
566 /**
567 * Derive the keymat for the IKE_SA
568 */
569 static bool derive_keys(private_ike_init_t *this,
570 chunk_t nonce_i, chunk_t nonce_r)
571 {
572 keymat_v2_t *old_keymat;
573 pseudo_random_function_t prf_alg = PRF_UNDEFINED;
574 chunk_t skd = chunk_empty;
575 ike_sa_id_t *id;
576
577 id = this->ike_sa->get_id(this->ike_sa);
578 if (this->old_sa)
579 {
580 /* rekeying: Include old SKd, use old PRF, apply SPI */
581 old_keymat = (keymat_v2_t*)this->old_sa->get_keymat(this->old_sa);
582 prf_alg = old_keymat->get_skd(old_keymat, &skd);
583 if (this->initiator)
584 {
585 id->set_responder_spi(id, this->proposal->get_spi(this->proposal));
586 }
587 else
588 {
589 id->set_initiator_spi(id, this->proposal->get_spi(this->proposal));
590 }
591 }
592 if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
593 nonce_i, nonce_r, id, prf_alg, skd))
594 {
595 return FALSE;
596 }
597 charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, chunk_empty,
598 nonce_i, nonce_r, this->old_sa, NULL);
599 return TRUE;
600 }
601
602 METHOD(task_t, build_r, status_t,
603 private_ike_init_t *this, message_t *message)
604 {
605 identification_t *gateway;
606
607 /* check if we have everything we need */
608 if (this->proposal == NULL ||
609 this->other_nonce.len == 0 || this->my_nonce.len == 0)
610 {
611 DBG1(DBG_IKE, "received proposals inacceptable");
612 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
613 return FAILED;
614 }
615 this->ike_sa->set_proposal(this->ike_sa, this->proposal);
616
617 /* check if we'd have to redirect the client */
618 if (!this->old_sa &&
619 this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_REDIRECTION) &&
620 charon->redirect->redirect_on_init(charon->redirect, this->ike_sa,
621 &gateway))
622 {
623 chunk_t data;
624
625 DBG1(DBG_IKE, "redirecting peer to %Y", gateway);
626 data = redirect_data_create(gateway, this->other_nonce);
627 message->add_notify(message, TRUE, REDIRECT, data);
628 gateway->destroy(gateway);
629 chunk_free(&data);
630 return FAILED;
631 }
632
633 if (this->dh == NULL ||
634 !this->proposal->has_dh_group(this->proposal, this->dh_group))
635 {
636 u_int16_t group;
637
638 if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
639 &group, NULL))
640 {
641 DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
642 diffie_hellman_group_names, this->dh_group,
643 diffie_hellman_group_names, group);
644 this->dh_group = group;
645 group = htons(group);
646 message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
647 chunk_from_thing(group));
648 }
649 else
650 {
651 DBG1(DBG_IKE, "no acceptable proposal found");
652 }
653 return FAILED;
654 }
655
656 if (this->dh_failed)
657 {
658 DBG1(DBG_IKE, "applying DH public value failed");
659 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
660 return FAILED;
661 }
662
663 if (!derive_keys(this, this->other_nonce, this->my_nonce))
664 {
665 DBG1(DBG_IKE, "key derivation failed");
666 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
667 return FAILED;
668 }
669 if (!build_payloads(this, message))
670 {
671 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
672 return FAILED;
673 }
674 return SUCCESS;
675 }
676
677 /**
678 * Raise alerts for received notify errors
679 */
680 static void raise_alerts(private_ike_init_t *this, notify_type_t type)
681 {
682 linked_list_t *list;
683
684 switch (type)
685 {
686 case NO_PROPOSAL_CHOSEN:
687 list = this->config->get_proposals(this->config);
688 charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, list);
689 list->destroy_offset(list, offsetof(proposal_t, destroy));
690 break;
691 default:
692 break;
693 }
694 }
695
696 METHOD(task_t, pre_process_i, status_t,
697 private_ike_init_t *this, message_t *message)
698 {
699 enumerator_t *enumerator;
700 payload_t *payload;
701
702 /* check for erroneous notifies */
703 enumerator = message->create_payload_enumerator(message);
704 while (enumerator->enumerate(enumerator, &payload))
705 {
706 if (payload->get_type(payload) == PLV2_NOTIFY)
707 {
708 notify_payload_t *notify = (notify_payload_t*)payload;
709 notify_type_t type = notify->get_notify_type(notify);
710
711 switch (type)
712 {
713 case REDIRECT:
714 {
715 identification_t *gateway;
716 chunk_t data, nonce = chunk_empty;
717 status_t status = SUCCESS;
718
719 if (this->old_sa)
720 {
721 break;
722 }
723 data = notify->get_notification_data(notify);
724 gateway = redirect_data_parse(data, &nonce);
725 if (!gateway || !chunk_equals(nonce, this->my_nonce))
726 {
727 DBG1(DBG_IKE, "received invalid REDIRECT notify");
728 status = FAILED;
729 }
730 DESTROY_IF(gateway);
731 chunk_free(&nonce);
732 enumerator->destroy(enumerator);
733 return status;
734 }
735 default:
736 break;
737 }
738 }
739 }
740 enumerator->destroy(enumerator);
741 return SUCCESS;
742 }
743
744 METHOD(task_t, process_i, status_t,
745 private_ike_init_t *this, message_t *message)
746 {
747 enumerator_t *enumerator;
748 payload_t *payload;
749
750 /* check for erroneous notifies */
751 enumerator = message->create_payload_enumerator(message);
752 while (enumerator->enumerate(enumerator, &payload))
753 {
754 if (payload->get_type(payload) == PLV2_NOTIFY)
755 {
756 notify_payload_t *notify = (notify_payload_t*)payload;
757 notify_type_t type = notify->get_notify_type(notify);
758
759 switch (type)
760 {
761 case INVALID_KE_PAYLOAD:
762 {
763 chunk_t data;
764 diffie_hellman_group_t bad_group;
765
766 bad_group = this->dh_group;
767 data = notify->get_notification_data(notify);
768 this->dh_group = ntohs(*((u_int16_t*)data.ptr));
769 DBG1(DBG_IKE, "peer didn't accept DH group %N, "
770 "it requested %N", diffie_hellman_group_names,
771 bad_group, diffie_hellman_group_names, this->dh_group);
772
773 if (this->old_sa == NULL)
774 { /* reset the IKE_SA if we are not rekeying */
775 this->ike_sa->reset(this->ike_sa);
776 }
777
778 enumerator->destroy(enumerator);
779 this->retry++;
780 return NEED_MORE;
781 }
782 case NAT_DETECTION_SOURCE_IP:
783 case NAT_DETECTION_DESTINATION_IP:
784 /* skip, handled in ike_natd_t */
785 break;
786 case MULTIPLE_AUTH_SUPPORTED:
787 /* handled in ike_auth_t */
788 break;
789 case COOKIE:
790 {
791 chunk_free(&this->cookie);
792 this->cookie = chunk_clone(notify->get_notification_data(notify));
793 this->ike_sa->reset(this->ike_sa);
794 enumerator->destroy(enumerator);
795 DBG2(DBG_IKE, "received %N notify", notify_type_names, type);
796 this->retry++;
797 return NEED_MORE;
798 }
799 case REDIRECT:
800 {
801 identification_t *gateway;
802 chunk_t data, nonce = chunk_empty;
803 status_t status = FAILED;
804
805 if (this->old_sa)
806 {
807 DBG1(DBG_IKE, "received REDIRECT notify during rekeying"
808 ", ignored");
809 break;
810 }
811 data = notify->get_notification_data(notify);
812 gateway = redirect_data_parse(data, &nonce);
813 if (this->ike_sa->handle_redirect(this->ike_sa, gateway))
814 {
815 status = NEED_MORE;
816 }
817 DESTROY_IF(gateway);
818 chunk_free(&nonce);
819 enumerator->destroy(enumerator);
820 return status;
821 }
822 default:
823 {
824 if (type <= 16383)
825 {
826 DBG1(DBG_IKE, "received %N notify error",
827 notify_type_names, type);
828 enumerator->destroy(enumerator);
829 raise_alerts(this, type);
830 return FAILED;
831 }
832 DBG2(DBG_IKE, "received %N notify",
833 notify_type_names, type);
834 break;
835 }
836 }
837 }
838 }
839 enumerator->destroy(enumerator);
840
841 process_payloads(this, message);
842
843 /* check if we have everything */
844 if (this->proposal == NULL ||
845 this->other_nonce.len == 0 || this->my_nonce.len == 0)
846 {
847 DBG1(DBG_IKE, "peers proposal selection invalid");
848 return FAILED;
849 }
850 this->ike_sa->set_proposal(this->ike_sa, this->proposal);
851
852 if (this->dh == NULL ||
853 !this->proposal->has_dh_group(this->proposal, this->dh_group))
854 {
855 DBG1(DBG_IKE, "peer DH group selection invalid");
856 return FAILED;
857 }
858
859 if (this->dh_failed)
860 {
861 DBG1(DBG_IKE, "applying DH public value failed");
862 return FAILED;
863 }
864
865 if (!derive_keys(this, this->my_nonce, this->other_nonce))
866 {
867 DBG1(DBG_IKE, "key derivation failed");
868 return FAILED;
869 }
870 return SUCCESS;
871 }
872
873 METHOD(task_t, get_type, task_type_t,
874 private_ike_init_t *this)
875 {
876 return TASK_IKE_INIT;
877 }
878
879 METHOD(task_t, migrate, void,
880 private_ike_init_t *this, ike_sa_t *ike_sa)
881 {
882 DESTROY_IF(this->proposal);
883 chunk_free(&this->other_nonce);
884
885 this->ike_sa = ike_sa;
886 this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
887 this->proposal = NULL;
888 this->dh_failed = FALSE;
889 if (this->dh && this->dh->get_dh_group(this->dh) != this->dh_group)
890 { /* reset DH value only if group changed (INVALID_KE_PAYLOAD) */
891 this->dh->destroy(this->dh);
892 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
893 this->dh_group);
894 }
895 }
896
897 METHOD(task_t, destroy, void,
898 private_ike_init_t *this)
899 {
900 DESTROY_IF(this->dh);
901 DESTROY_IF(this->proposal);
902 DESTROY_IF(this->nonceg);
903 chunk_free(&this->my_nonce);
904 chunk_free(&this->other_nonce);
905 chunk_free(&this->cookie);
906 free(this);
907 }
908
909 METHOD(ike_init_t, get_lower_nonce, chunk_t,
910 private_ike_init_t *this)
911 {
912 if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr,
913 min(this->my_nonce.len, this->other_nonce.len)) < 0)
914 {
915 return this->my_nonce;
916 }
917 else
918 {
919 return this->other_nonce;
920 }
921 }
922
923 /*
924 * Described in header.
925 */
926 ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
927 {
928 private_ike_init_t *this;
929
930 INIT(this,
931 .public = {
932 .task = {
933 .get_type = _get_type,
934 .migrate = _migrate,
935 .destroy = _destroy,
936 },
937 .get_lower_nonce = _get_lower_nonce,
938 },
939 .ike_sa = ike_sa,
940 .initiator = initiator,
941 .dh_group = MODP_NONE,
942 .keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
943 .old_sa = old_sa,
944 .signature_authentication = lib->settings->get_bool(lib->settings,
945 "%s.signature_authentication", TRUE, lib->ns),
946 .follow_redirects = lib->settings->get_bool(lib->settings,
947 "%s.follow_redirects", TRUE, lib->ns),
948 );
949 this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
950
951 if (initiator)
952 {
953 this->public.task.build = _build_i;
954 this->public.task.process = _process_i;
955 this->public.task.pre_process = _pre_process_i;
956 }
957 else
958 {
959 this->public.task.build = _build_r;
960 this->public.task.process = _process_r;
961 }
962 return &this->public;
963 }
strongSwan - IPsec VPN