projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added not-yet used sa_payload parameters used in IKEv1
[strongswan.git] / src / libcharon / sa / tasks / ike_init.c
1 /*
2 * Copyright (C) 2008-2009 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include "ike_init.h"
19
20 #include <string.h>
21
22 #include <daemon.h>
23 #include <sa/keymat_v2.h>
24 #include <crypto/diffie_hellman.h>
25 #include <encoding/payloads/sa_payload.h>
26 #include <encoding/payloads/ke_payload.h>
27 #include <encoding/payloads/nonce_payload.h>
28
29 /** maximum retries to do with cookies/other dh groups */
30 #define MAX_RETRIES 5
31
32 typedef struct private_ike_init_t private_ike_init_t;
33
34 /**
35 * Private members of a ike_init_t task.
36 */
37 struct private_ike_init_t {
38
39 /**
40 * Public methods and task_t interface.
41 */
42 ike_init_t public;
43
44 /**
45 * Assigned IKE_SA.
46 */
47 ike_sa_t *ike_sa;
48
49 /**
50 * Are we the initiator?
51 */
52 bool initiator;
53
54 /**
55 * IKE config to establish
56 */
57 ike_cfg_t *config;
58
59 /**
60 * diffie hellman group to use
61 */
62 diffie_hellman_group_t dh_group;
63
64 /**
65 * diffie hellman key exchange
66 */
67 diffie_hellman_t *dh;
68
69 /**
70 * Keymat derivation (from IKE_SA)
71 */
72 keymat_v2_t *keymat;
73
74 /**
75 * nonce chosen by us
76 */
77 chunk_t my_nonce;
78
79 /**
80 * nonce chosen by peer
81 */
82 chunk_t other_nonce;
83
84 /**
85 * Negotiated proposal used for IKE_SA
86 */
87 proposal_t *proposal;
88
89 /**
90 * Old IKE_SA which gets rekeyed
91 */
92 ike_sa_t *old_sa;
93
94 /**
95 * cookie received from responder
96 */
97 chunk_t cookie;
98
99 /**
100 * retries done so far after failure (cookie or bad dh group)
101 */
102 u_int retry;
103 };
104
105 /**
106 * build the payloads for the message
107 */
108 static void build_payloads(private_ike_init_t *this, message_t *message)
109 {
110 sa_payload_t *sa_payload;
111 ke_payload_t *ke_payload;
112 nonce_payload_t *nonce_payload;
113 linked_list_t *proposal_list;
114 ike_sa_id_t *id;
115 proposal_t *proposal;
116 enumerator_t *enumerator;
117
118 id = this->ike_sa->get_id(this->ike_sa);
119
120 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
121
122 if (this->initiator)
123 {
124 proposal_list = this->config->get_proposals(this->config);
125 if (this->old_sa)
126 {
127 /* include SPI of new IKE_SA when we are rekeying */
128 enumerator = proposal_list->create_enumerator(proposal_list);
129 while (enumerator->enumerate(enumerator, (void**)&proposal))
130 {
131 proposal->set_spi(proposal, id->get_initiator_spi(id));
132 }
133 enumerator->destroy(enumerator);
134 }
135
136 sa_payload = sa_payload_create_from_proposals_v2(proposal_list);
137 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
138 }
139 else
140 {
141 if (this->old_sa)
142 {
143 /* include SPI of new IKE_SA when we are rekeying */
144 this->proposal->set_spi(this->proposal, id->get_responder_spi(id));
145 }
146 sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
147 }
148 message->add_payload(message, (payload_t*)sa_payload);
149
150 nonce_payload = nonce_payload_create(NONCE);
151 nonce_payload->set_nonce(nonce_payload, this->my_nonce);
152 ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE, this->dh);
153
154 if (this->old_sa)
155 { /* payload order differs if we are rekeying */
156 message->add_payload(message, (payload_t*)nonce_payload);
157 message->add_payload(message, (payload_t*)ke_payload);
158 }
159 else
160 {
161 message->add_payload(message, (payload_t*)ke_payload);
162 message->add_payload(message, (payload_t*)nonce_payload);
163 }
164 }
165
166 /**
167 * Read payloads from message
168 */
169 static void process_payloads(private_ike_init_t *this, message_t *message)
170 {
171 enumerator_t *enumerator;
172 payload_t *payload;
173
174 enumerator = message->create_payload_enumerator(message);
175 while (enumerator->enumerate(enumerator, &payload))
176 {
177 switch (payload->get_type(payload))
178 {
179 case SECURITY_ASSOCIATION:
180 {
181 sa_payload_t *sa_payload = (sa_payload_t*)payload;
182 linked_list_t *proposal_list;
183 bool private;
184
185 proposal_list = sa_payload->get_proposals(sa_payload);
186 private = this->ike_sa->supports_extension(this->ike_sa,
187 EXT_STRONGSWAN);
188 this->proposal = this->config->select_proposal(this->config,
189 proposal_list, private);
190 proposal_list->destroy_offset(proposal_list,
191 offsetof(proposal_t, destroy));
192 break;
193 }
194 case KEY_EXCHANGE:
195 {
196 ke_payload_t *ke_payload = (ke_payload_t*)payload;
197
198 this->dh_group = ke_payload->get_dh_group_number(ke_payload);
199 if (!this->initiator)
200 {
201 this->dh = this->keymat->keymat.create_dh(
202 &this->keymat->keymat, this->dh_group);
203 }
204 if (this->dh)
205 {
206 this->dh->set_other_public_value(this->dh,
207 ke_payload->get_key_exchange_data(ke_payload));
208 }
209 break;
210 }
211 case NONCE:
212 {
213 nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
214
215 this->other_nonce = nonce_payload->get_nonce(nonce_payload);
216 break;
217 }
218 default:
219 break;
220 }
221 }
222 enumerator->destroy(enumerator);
223 }
224
225 METHOD(task_t, build_i, status_t,
226 private_ike_init_t *this, message_t *message)
227 {
228 rng_t *rng;
229
230 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
231 DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
232 this->ike_sa->get_name(this->ike_sa),
233 this->ike_sa->get_unique_id(this->ike_sa),
234 this->ike_sa->get_other_host(this->ike_sa));
235 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
236
237 if (this->retry >= MAX_RETRIES)
238 {
239 DBG1(DBG_IKE, "giving up after %d retries", MAX_RETRIES);
240 return FAILED;
241 }
242
243 /* if the DH group is set via use_dh_group(), we already have a DH object */
244 if (!this->dh)
245 {
246 this->dh_group = this->config->get_dh_group(this->config);
247 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
248 this->dh_group);
249 if (!this->dh)
250 {
251 DBG1(DBG_IKE, "configured DH group %N not supported",
252 diffie_hellman_group_names, this->dh_group);
253 return FAILED;
254 }
255 }
256
257 /* generate nonce only when we are trying the first time */
258 if (this->my_nonce.ptr == NULL)
259 {
260 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
261 if (!rng)
262 {
263 DBG1(DBG_IKE, "error generating nonce");
264 return FAILED;
265 }
266 rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
267 rng->destroy(rng);
268 }
269
270 if (this->cookie.ptr)
271 {
272 message->add_notify(message, FALSE, COOKIE, this->cookie);
273 }
274
275 build_payloads(this, message);
276
277 #ifdef ME
278 {
279 chunk_t connect_id = this->ike_sa->get_connect_id(this->ike_sa);
280 if (connect_id.ptr)
281 {
282 message->add_notify(message, FALSE, ME_CONNECTID, connect_id);
283 }
284 }
285 #endif /* ME */
286
287 return NEED_MORE;
288 }
289
290 METHOD(task_t, process_r, status_t,
291 private_ike_init_t *this, message_t *message)
292 {
293 rng_t *rng;
294
295 this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
296 DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
297 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
298
299 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
300 if (!rng)
301 {
302 DBG1(DBG_IKE, "error generating nonce");
303 return FAILED;
304 }
305 rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
306 rng->destroy(rng);
307
308 #ifdef ME
309 {
310 notify_payload_t *notify = message->get_notify(message, ME_CONNECTID);
311 if (notify)
312 {
313 chunk_t connect_id = notify->get_notification_data(notify);
314 DBG2(DBG_IKE, "received ME_CONNECTID %#B", &connect_id);
315 charon->connect_manager->stop_checks(charon->connect_manager,
316 connect_id);
317 }
318 }
319 #endif /* ME */
320
321 process_payloads(this, message);
322
323 return NEED_MORE;
324 }
325
326 /**
327 * Derive the keymat for the IKE_SA
328 */
329 static bool derive_keys(private_ike_init_t *this,
330 chunk_t nonce_i, chunk_t nonce_r)
331 {
332 keymat_v2_t *old_keymat;
333 pseudo_random_function_t prf_alg = PRF_UNDEFINED;
334 chunk_t skd = chunk_empty;
335 ike_sa_id_t *id;
336
337 id = this->ike_sa->get_id(this->ike_sa);
338 if (this->old_sa)
339 {
340 /* rekeying: Include old SKd, use old PRF, apply SPI */
341 old_keymat = (keymat_v2_t*)this->old_sa->get_keymat(this->old_sa);
342 prf_alg = old_keymat->get_skd(old_keymat, &skd);
343 if (this->initiator)
344 {
345 id->set_responder_spi(id, this->proposal->get_spi(this->proposal));
346 }
347 else
348 {
349 id->set_initiator_spi(id, this->proposal->get_spi(this->proposal));
350 }
351 }
352 if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
353 nonce_i, nonce_r, id, prf_alg, skd))
354 {
355 return FALSE;
356 }
357 charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
358 nonce_i, nonce_r, this->old_sa);
359 return TRUE;
360 }
361
362 METHOD(task_t, build_r, status_t,
363 private_ike_init_t *this, message_t *message)
364 {
365 /* check if we have everything we need */
366 if (this->proposal == NULL ||
367 this->other_nonce.len == 0 || this->my_nonce.len == 0)
368 {
369 DBG1(DBG_IKE, "received proposals inacceptable");
370 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
371 return FAILED;
372 }
373 this->ike_sa->set_proposal(this->ike_sa, this->proposal);
374
375 if (this->dh == NULL ||
376 !this->proposal->has_dh_group(this->proposal, this->dh_group))
377 {
378 u_int16_t group;
379
380 if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
381 &group, NULL))
382 {
383 DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
384 diffie_hellman_group_names, this->dh_group,
385 diffie_hellman_group_names, group);
386 this->dh_group = group;
387 group = htons(group);
388 message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
389 chunk_from_thing(group));
390 }
391 else
392 {
393 DBG1(DBG_IKE, "no acceptable proposal found");
394 }
395 return FAILED;
396 }
397
398 if (!derive_keys(this, this->other_nonce, this->my_nonce))
399 {
400 DBG1(DBG_IKE, "key derivation failed");
401 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
402 return FAILED;
403 }
404 build_payloads(this, message);
405 return SUCCESS;
406 }
407
408 METHOD(task_t, process_i, status_t,
409 private_ike_init_t *this, message_t *message)
410 {
411 enumerator_t *enumerator;
412 payload_t *payload;
413
414 /* check for erronous notifies */
415 enumerator = message->create_payload_enumerator(message);
416 while (enumerator->enumerate(enumerator, &payload))
417 {
418 if (payload->get_type(payload) == NOTIFY)
419 {
420 notify_payload_t *notify = (notify_payload_t*)payload;
421 notify_type_t type = notify->get_notify_type(notify);
422
423 switch (type)
424 {
425 case INVALID_KE_PAYLOAD:
426 {
427 chunk_t data;
428 diffie_hellman_group_t bad_group;
429
430 bad_group = this->dh_group;
431 data = notify->get_notification_data(notify);
432 this->dh_group = ntohs(*((u_int16_t*)data.ptr));
433 DBG1(DBG_IKE, "peer didn't accept DH group %N, "
434 "it requested %N", diffie_hellman_group_names,
435 bad_group, diffie_hellman_group_names, this->dh_group);
436
437 if (this->old_sa == NULL)
438 { /* reset the IKE_SA if we are not rekeying */
439 this->ike_sa->reset(this->ike_sa);
440 }
441
442 enumerator->destroy(enumerator);
443 this->retry++;
444 return NEED_MORE;
445 }
446 case NAT_DETECTION_SOURCE_IP:
447 case NAT_DETECTION_DESTINATION_IP:
448 /* skip, handled in ike_natd_t */
449 break;
450 case MULTIPLE_AUTH_SUPPORTED:
451 /* handled in ike_auth_t */
452 break;
453 case COOKIE:
454 {
455 chunk_free(&this->cookie);
456 this->cookie = chunk_clone(notify->get_notification_data(notify));
457 this->ike_sa->reset(this->ike_sa);
458 enumerator->destroy(enumerator);
459 DBG2(DBG_IKE, "received %N notify", notify_type_names, type);
460 this->retry++;
461 return NEED_MORE;
462 }
463 default:
464 {
465 if (type <= 16383)
466 {
467 DBG1(DBG_IKE, "received %N notify error",
468 notify_type_names, type);
469 enumerator->destroy(enumerator);
470 return FAILED;
471 }
472 DBG2(DBG_IKE, "received %N notify",
473 notify_type_names, type);
474 break;
475 }
476 }
477 }
478 }
479 enumerator->destroy(enumerator);
480
481 process_payloads(this, message);
482
483 /* check if we have everything */
484 if (this->proposal == NULL ||
485 this->other_nonce.len == 0 || this->my_nonce.len == 0)
486 {
487 DBG1(DBG_IKE, "peers proposal selection invalid");
488 return FAILED;
489 }
490 this->ike_sa->set_proposal(this->ike_sa, this->proposal);
491
492 if (this->dh == NULL ||
493 !this->proposal->has_dh_group(this->proposal, this->dh_group))
494 {
495 DBG1(DBG_IKE, "peer DH group selection invalid");
496 return FAILED;
497 }
498
499 if (!derive_keys(this, this->my_nonce, this->other_nonce))
500 {
501 DBG1(DBG_IKE, "key derivation failed");
502 return FAILED;
503 }
504 return SUCCESS;
505 }
506
507 METHOD(task_t, get_type, task_type_t,
508 private_ike_init_t *this)
509 {
510 return TASK_IKE_INIT;
511 }
512
513 METHOD(task_t, migrate, void,
514 private_ike_init_t *this, ike_sa_t *ike_sa)
515 {
516 DESTROY_IF(this->proposal);
517 chunk_free(&this->other_nonce);
518
519 this->ike_sa = ike_sa;
520 this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
521 this->proposal = NULL;
522 DESTROY_IF(this->dh);
523 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
524 this->dh_group);
525 }
526
527 METHOD(task_t, destroy, void,
528 private_ike_init_t *this)
529 {
530 DESTROY_IF(this->dh);
531 DESTROY_IF(this->proposal);
532 chunk_free(&this->my_nonce);
533 chunk_free(&this->other_nonce);
534 chunk_free(&this->cookie);
535 free(this);
536 }
537
538 METHOD(ike_init_t, get_lower_nonce, chunk_t,
539 private_ike_init_t *this)
540 {
541 if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr,
542 min(this->my_nonce.len, this->other_nonce.len)) < 0)
543 {
544 return this->my_nonce;
545 }
546 else
547 {
548 return this->other_nonce;
549 }
550 }
551
552 /*
553 * Described in header.
554 */
555 ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
556 {
557 private_ike_init_t *this;
558
559 INIT(this,
560 .public = {
561 .task = {
562 .get_type = _get_type,
563 .migrate = _migrate,
564 .destroy = _destroy,
565 },
566 .get_lower_nonce = _get_lower_nonce,
567 },
568 .ike_sa = ike_sa,
569 .initiator = initiator,
570 .dh_group = MODP_NONE,
571 .keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
572 .old_sa = old_sa,
573 );
574
575 if (initiator)
576 {
577 this->public.task.build = _build_i;
578 this->public.task.process = _process_i;
579 }
580 else
581 {
582 this->public.task.build = _build_r;
583 this->public.task.process = _process_r;
584 }
585
586 return &this->public;
587 }
strongSwan - IPsec VPN