Send notifies in all error cases of Main Mode
[strongswan.git] / src / libcharon / sa / tasks / main_mode.c
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2011 Martin Willi
6 * Copyright (C) 2011 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "main_mode.h"
20
21 #include <string.h>
22
23 #include <daemon.h>
24 #include <sa/keymat_v1.h>
25 #include <crypto/diffie_hellman.h>
26 #include <encoding/payloads/sa_payload.h>
27 #include <encoding/payloads/ke_payload.h>
28 #include <encoding/payloads/nonce_payload.h>
29 #include <encoding/payloads/id_payload.h>
30 #include <encoding/payloads/hash_payload.h>
31 #include <sa/tasks/xauth.h>
32 #include <sa/tasks/mode_config.h>
33 #include <sa/tasks/informational.h>
34
35 typedef struct private_main_mode_t private_main_mode_t;
36
37 /**
38 * Private members of a main_mode_t task.
39 */
40 struct private_main_mode_t {
41
42 /**
43 * Public methods and task_t interface.
44 */
45 main_mode_t public;
46
47 /**
48 * Assigned IKE_SA.
49 */
50 ike_sa_t *ike_sa;
51
52 /**
53 * Are we the initiator?
54 */
55 bool initiator;
56
57 /**
58 * IKE config to establish
59 */
60 ike_cfg_t *ike_cfg;
61
62 /**
63 * Peer config to use
64 */
65 peer_cfg_t *peer_cfg;
66
67 /**
68 * Local authentication configuration
69 */
70 auth_cfg_t *my_auth;
71
72 /**
73 * Remote authentication configuration
74 */
75 auth_cfg_t *other_auth;
76
77 /**
78 * selected IKE proposal
79 */
80 proposal_t *proposal;
81
82 /**
83 * DH exchange
84 */
85 diffie_hellman_t *dh;
86
87 /**
88 * Keymat derivation (from SA)
89 */
90 keymat_v1_t *keymat;
91
92 /**
93 * Received public DH value from peer
94 */
95 chunk_t dh_value;
96
97 /**
98 * Initiators nonce
99 */
100 chunk_t nonce_i;
101
102 /**
103 * Responder nonce
104 */
105 chunk_t nonce_r;
106
107 /**
108 * Encoded SA initiator payload used for authentication
109 */
110 chunk_t sa_payload;
111
112 /**
113 * Negotiated SA lifetime
114 */
115 u_int32_t lifetime;
116
117 /**
118 * Negotiated authentication method
119 */
120 auth_method_t auth_method;
121
122 /** states of main mode */
123 enum {
124 MM_INIT,
125 MM_SA,
126 MM_KE,
127 MM_AUTH,
128 } state;
129 };
130
131 /**
132 * Get the first authentcation config from peer config
133 */
134 static auth_cfg_t *get_auth_cfg(peer_cfg_t *peer_cfg, bool local)
135 {
136 enumerator_t *enumerator;
137 auth_cfg_t *cfg = NULL;
138
139 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
140 enumerator->enumerate(enumerator, &cfg);
141 enumerator->destroy(enumerator);
142 return cfg;
143 }
144
145 /**
146 * Create an authenticator, if supported
147 */
148 static authenticator_t *create_authenticator(private_main_mode_t *this,
149 id_payload_t *id)
150 {
151 authenticator_t *authenticator;
152 authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
153 this->auth_method, this->dh,
154 this->dh_value, this->sa_payload,
155 id->get_encoded(id));
156 if (!authenticator)
157 {
158 DBG1(DBG_IKE, "negotiated authentication method %N not supported",
159 auth_method_names, this->auth_method);
160 }
161 return authenticator;
162 }
163
164 /**
165 * Save the encoded SA payload of a message
166 */
167 static bool save_sa_payload(private_main_mode_t *this, message_t *message)
168 {
169 enumerator_t *enumerator;
170 payload_t *payload, *sa = NULL;
171 chunk_t data;
172 size_t offset = IKE_HEADER_LENGTH;
173
174 enumerator = message->create_payload_enumerator(message);
175 while (enumerator->enumerate(enumerator, &payload))
176 {
177 if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1)
178 {
179 sa = payload;
180 break;
181 }
182 else
183 {
184 offset += payload->get_length(payload);
185 }
186 }
187 enumerator->destroy(enumerator);
188
189 data = message->get_packet_data(message);
190 if (sa && data.len >= offset + sa->get_length(sa))
191 {
192 /* Get SA payload without 4 byte fixed header */
193 data = chunk_skip(data, offset);
194 data.len = sa->get_length(sa);
195 data = chunk_skip(data, 4);
196 this->sa_payload = chunk_clone(data);
197 return TRUE;
198 }
199 return FALSE;
200 }
201
202 /**
203 * Generate and add NONCE, KE payload
204 */
205 static bool add_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
206 message_t *message)
207 {
208 nonce_payload_t *nonce_payload;
209 ke_payload_t *ke_payload;
210 rng_t *rng;
211
212 ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
213 this->dh);
214 message->add_payload(message, &ke_payload->payload_interface);
215
216 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
217 if (!rng)
218 {
219 DBG1(DBG_IKE, "no RNG found to create nonce");
220 return FALSE;
221 }
222 rng->allocate_bytes(rng, NONCE_SIZE, nonce);
223 rng->destroy(rng);
224
225 nonce_payload = nonce_payload_create(NONCE_V1);
226 nonce_payload->set_nonce(nonce_payload, *nonce);
227 message->add_payload(message, &nonce_payload->payload_interface);
228
229 return TRUE;
230 }
231
232 /**
233 * Extract nonce from NONCE payload, process KE payload
234 */
235 static bool get_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
236 message_t *message)
237 {
238 nonce_payload_t *nonce_payload;
239 ke_payload_t *ke_payload;
240
241 ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1);
242 if (!ke_payload)
243 {
244 DBG1(DBG_IKE, "KE payload missing in message");
245 return FALSE;
246 }
247 this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload));
248 this->dh->set_other_public_value(this->dh, this->dh_value);
249
250 nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1);
251 if (!nonce_payload)
252 {
253 DBG1(DBG_IKE, "NONCE payload missing in message");
254 return FALSE;
255 }
256 *nonce = nonce_payload->get_nonce(nonce_payload);
257
258 return TRUE;
259 }
260
261 /**
262 * Get the two auth classes from local or remote config
263 */
264 static void get_auth_class(peer_cfg_t *peer_cfg, bool local,
265 auth_class_t *c1, auth_class_t *c2)
266 {
267 enumerator_t *enumerator;
268 auth_cfg_t *auth;
269
270 *c1 = *c2 = AUTH_CLASS_ANY;
271
272 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
273 while (enumerator->enumerate(enumerator, &auth))
274 {
275 if (*c1 == AUTH_CLASS_ANY)
276 {
277 *c1 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
278 }
279 else
280 {
281 *c2 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
282 break;
283 }
284 }
285 enumerator->destroy(enumerator);
286 }
287
288 /**
289 * Get auth method to use from a peer config
290 */
291 static auth_method_t get_auth_method(private_main_mode_t *this,
292 peer_cfg_t *peer_cfg)
293 {
294 auth_class_t i1, i2, r1, r2;
295
296 get_auth_class(peer_cfg, this->initiator, &i1, &i2);
297 get_auth_class(peer_cfg, !this->initiator, &r1, &r2);
298
299 if (i1 == AUTH_CLASS_PUBKEY && r1 == AUTH_CLASS_PUBKEY)
300 {
301 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
302 {
303 /* TODO-IKEv1: ECDSA? */
304 return AUTH_RSA;
305 }
306 if (i2 == AUTH_CLASS_XAUTH)
307 {
308 return AUTH_XAUTH_INIT_RSA;
309 }
310 if (r2 == AUTH_CLASS_XAUTH)
311 {
312 return AUTH_XAUTH_RESP_RSA;
313 }
314 }
315 if (i1 == AUTH_CLASS_PSK && r1 == AUTH_CLASS_PSK)
316 {
317 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
318 {
319 return AUTH_PSK;
320 }
321 if (i2 == AUTH_CLASS_XAUTH)
322 {
323 return AUTH_XAUTH_INIT_PSK;
324 }
325 if (r2 == AUTH_CLASS_XAUTH)
326 {
327 return AUTH_XAUTH_RESP_PSK;
328 }
329 }
330 if (i1 == AUTH_CLASS_XAUTH && r1 == AUTH_CLASS_PUBKEY &&
331 i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
332 {
333 return AUTH_HYBRID_INIT_RSA;
334 }
335 return AUTH_NONE;
336 }
337
338 /**
339 * Check if a peer skipped authentication by using Hybrid authentication
340 */
341 static bool skipped_auth(private_main_mode_t *this, bool local)
342 {
343 bool initiator;
344
345 initiator = local == this->initiator;
346 if (initiator && this->auth_method == AUTH_HYBRID_INIT_RSA)
347 {
348 return TRUE;
349 }
350 if (!initiator && this->auth_method == AUTH_HYBRID_RESP_RSA)
351 {
352 return TRUE;
353 }
354 return FALSE;
355 }
356
357 /**
358 * Check if remote authentication constraints fulfilled
359 */
360 static bool check_constraints(private_main_mode_t *this)
361 {
362 identification_t *id;
363 auth_cfg_t *auth;
364
365 auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
366 /* auth identity to comply */
367 id = this->ike_sa->get_other_id(this->ike_sa);
368 auth->add(auth, AUTH_RULE_IDENTITY, id->clone(id));
369 if (skipped_auth(this, FALSE))
370 {
371 return TRUE;
372 }
373 return auth->complies(auth, this->other_auth, TRUE);
374 }
375
376 /**
377 * Save authentication information after authentication succeeded
378 */
379 static void save_auth_cfg(private_main_mode_t *this, bool local)
380 {
381 auth_cfg_t *auth;
382
383 if (skipped_auth(this, local))
384 {
385 return;
386 }
387 auth = auth_cfg_create();
388 /* for local config, we _copy_ entires from the config, as it contains
389 * certificates we must send later. */
390 auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
391 this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
392 }
393
394 /**
395 * Select the best configuration as responder
396 */
397 static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id)
398 {
399 enumerator_t *enumerator;
400 peer_cfg_t *current, *found = NULL;
401 host_t *me, *other;
402
403 me = this->ike_sa->get_my_host(this->ike_sa);
404 other = this->ike_sa->get_other_host(this->ike_sa);
405 DBG1(DBG_CFG, "looking for %N peer configs matching %H...%H[%Y]",
406 auth_method_names, this->auth_method, me, other, id);
407 enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
408 me, other, NULL, id);
409 while (enumerator->enumerate(enumerator, &current))
410 {
411 if (get_auth_method(this, current) == this->auth_method)
412 {
413 found = current->get_ref(current);
414 break;
415 }
416 }
417 enumerator->destroy(enumerator);
418
419 if (found)
420 {
421 DBG2(DBG_CFG, "selected peer config \"%s\"", found->get_name(found));
422 }
423 return found;
424 }
425
426 /**
427 * Check for notify errors, return TRUE if error found
428 */
429 static bool has_notify_errors(private_main_mode_t *this, message_t *message)
430 {
431 enumerator_t *enumerator;
432 payload_t *payload;
433 bool err = FALSE;
434
435 enumerator = message->create_payload_enumerator(message);
436 while (enumerator->enumerate(enumerator, &payload))
437 {
438 if (payload->get_type(payload) == NOTIFY_V1)
439 {
440 notify_payload_t *notify;
441 notify_type_t type;
442
443 notify = (notify_payload_t*)payload;
444 type = notify->get_notify_type(notify);
445 if (type < 16384)
446 {
447 DBG1(DBG_IKE, "received %N error notify",
448 notify_type_names, type);
449 err = TRUE;
450 }
451 else if (type == INITIAL_CONTACT_IKEV1)
452 {
453 if (!this->initiator && this->state == MM_AUTH)
454 {
455 /* If authenticated and received INITIAL_CONTACT,
456 * delete any existing IKE_SAs with that peer.
457 * The delete takes place when the SA is checked in due
458 * to other id not known until the 3rd message.*/
459 this->ike_sa->set_condition(this->ike_sa,
460 COND_INIT_CONTACT_SEEN, TRUE);
461 }
462 }
463 else
464 {
465 DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
466 }
467 }
468 }
469 enumerator->destroy(enumerator);
470
471 return err;
472 }
473
474 /**
475 * Queue a task sending a notify in an INFORMATIONAL exchange
476 */
477 static status_t send_notify(private_main_mode_t *this, notify_type_t type)
478 {
479 notify_payload_t *notify;
480 ike_sa_id_t *ike_sa_id;
481 u_int64_t spi_i, spi_r;
482 chunk_t spi;
483
484 notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
485 PROTO_IKE, type);
486 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
487 spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
488 spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
489 spi = chunk_cata("cc", chunk_from_thing(spi_i), chunk_from_thing(spi_r));
490 notify->set_spi_data(notify, spi);
491
492 this->ike_sa->queue_task(this->ike_sa,
493 (task_t*)informational_create(this->ike_sa, notify));
494 /* cancel all active/passive tasks in favour of informational */
495 return ALREADY_DONE;
496 }
497
498 METHOD(task_t, build_i, status_t,
499 private_main_mode_t *this, message_t *message)
500 {
501 switch (this->state)
502 {
503 case MM_INIT:
504 {
505 sa_payload_t *sa_payload;
506 linked_list_t *proposals;
507 packet_t *packet;
508
509 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
510 DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
511 this->ike_sa->get_name(this->ike_sa),
512 this->ike_sa->get_unique_id(this->ike_sa),
513 this->ike_sa->get_other_host(this->ike_sa));
514 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
515
516 this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
517 this->peer_cfg->get_ref(this->peer_cfg);
518
519 this->my_auth = get_auth_cfg(this->peer_cfg, TRUE);
520 this->other_auth = get_auth_cfg(this->peer_cfg, FALSE);
521 if (!this->my_auth || !this->other_auth)
522 {
523 DBG1(DBG_CFG, "no auth config found");
524 return FAILED;
525 }
526 this->auth_method = get_auth_method(this, this->peer_cfg);
527 if (this->auth_method == AUTH_NONE)
528 {
529 DBG1(DBG_CFG, "configuration uses unsupported authentication");
530 return FAILED;
531 }
532 this->lifetime = this->peer_cfg->get_reauth_time(this->peer_cfg,
533 FALSE);
534 if (!this->lifetime)
535 { /* fall back to rekey time of no rekey time configured */
536 this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
537 FALSE);
538 }
539 proposals = this->ike_cfg->get_proposals(this->ike_cfg);
540 sa_payload = sa_payload_create_from_proposals_v1(proposals,
541 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
542 proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
543
544 message->add_payload(message, &sa_payload->payload_interface);
545
546 /* pregenerate message to store SA payload */
547 if (this->ike_sa->generate_message(this->ike_sa, message,
548 &packet) != SUCCESS)
549 {
550 DBG1(DBG_IKE, "pregenerating SA payload failed");
551 return FAILED;
552 }
553 packet->destroy(packet);
554 if (!save_sa_payload(this, message))
555 {
556 DBG1(DBG_IKE, "SA payload invalid");
557 return FAILED;
558 }
559
560 this->state = MM_SA;
561 return NEED_MORE;
562 }
563 case MM_SA:
564 {
565 u_int16_t group;
566
567 if (!this->keymat->create_hasher(this->keymat, this->proposal))
568 {
569 return send_notify(this, NO_PROPOSAL_CHOSEN);
570 }
571 if (!this->proposal->get_algorithm(this->proposal,
572 DIFFIE_HELLMAN_GROUP, &group, NULL))
573 {
574 DBG1(DBG_IKE, "DH group selection failed");
575 return send_notify(this, NO_PROPOSAL_CHOSEN);
576 }
577 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
578 group);
579 if (!this->dh)
580 {
581 DBG1(DBG_IKE, "negotiated DH group not supported");
582 return send_notify(this, INVALID_KEY_INFORMATION);
583 }
584 if (!add_nonce_ke(this, &this->nonce_i, message))
585 {
586 return send_notify(this, INVALID_KEY_INFORMATION);
587 }
588 this->state = MM_KE;
589 return NEED_MORE;
590 }
591 case MM_KE:
592 {
593 authenticator_t *authenticator;
594 id_payload_t *id_payload;
595 identification_t *id;
596
597 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
598 if (!id)
599 {
600 DBG1(DBG_CFG, "own identity not known");
601 return send_notify(this, INVALID_ID_INFORMATION);
602 }
603
604 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
605
606 id_payload = id_payload_create_from_identification(ID_V1, id);
607 message->add_payload(message, &id_payload->payload_interface);
608
609 authenticator = create_authenticator(this, id_payload);
610 if (!authenticator || authenticator->build(authenticator,
611 message) != SUCCESS)
612 {
613 DESTROY_IF(authenticator);
614 return send_notify(this, AUTHENTICATION_FAILED);
615 }
616 authenticator->destroy(authenticator);
617 save_auth_cfg(this, TRUE);
618
619 this->state = MM_AUTH;
620 return NEED_MORE;
621 }
622 default:
623 return FAILED;
624 }
625 }
626
627 METHOD(task_t, process_r, status_t,
628 private_main_mode_t *this, message_t *message)
629 {
630 switch (this->state)
631 {
632 case MM_INIT:
633 {
634 linked_list_t *list;
635 sa_payload_t *sa_payload;
636
637 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
638 DBG0(DBG_IKE, "%H is initiating a Main Mode",
639 message->get_source(message));
640 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
641
642 this->ike_sa->update_hosts(this->ike_sa,
643 message->get_destination(message),
644 message->get_source(message), TRUE);
645
646 sa_payload = (sa_payload_t*)message->get_payload(message,
647 SECURITY_ASSOCIATION_V1);
648 if (!sa_payload || !save_sa_payload(this, message))
649 {
650 DBG1(DBG_IKE, "SA payload missing or invalid");
651 return send_notify(this, INVALID_PAYLOAD_TYPE);
652 }
653
654 list = sa_payload->get_proposals(sa_payload);
655 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
656 list, FALSE);
657 list->destroy_offset(list, offsetof(proposal_t, destroy));
658 if (!this->proposal)
659 {
660 DBG1(DBG_IKE, "no proposal found");
661 return send_notify(this, NO_PROPOSAL_CHOSEN);
662 }
663
664 this->auth_method = sa_payload->get_auth_method(sa_payload);
665 this->lifetime = sa_payload->get_lifetime(sa_payload);
666
667 this->state = MM_SA;
668 return NEED_MORE;
669 }
670 case MM_SA:
671 {
672 u_int16_t group;
673
674 if (!this->keymat->create_hasher(this->keymat, this->proposal))
675 {
676 return send_notify(this, INVALID_KEY_INFORMATION);
677 }
678 if (!this->proposal->get_algorithm(this->proposal,
679 DIFFIE_HELLMAN_GROUP, &group, NULL))
680 {
681 DBG1(DBG_IKE, "DH group selection failed");
682 return send_notify(this, INVALID_KEY_INFORMATION);
683 }
684 this->dh = lib->crypto->create_dh(lib->crypto, group);
685 if (!this->dh)
686 {
687 DBG1(DBG_IKE, "negotiated DH group not supported");
688 return send_notify(this, INVALID_KEY_INFORMATION);
689 }
690 if (!get_nonce_ke(this, &this->nonce_i, message))
691 {
692 return send_notify(this, INVALID_PAYLOAD_TYPE);
693 }
694 this->state = MM_KE;
695 return NEED_MORE;
696 }
697 case MM_KE:
698 {
699 authenticator_t *authenticator;
700 id_payload_t *id_payload;
701 identification_t *id;
702
703 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
704 if (!id_payload)
705 {
706 DBG1(DBG_IKE, "IDii payload missing");
707 return send_notify(this, INVALID_PAYLOAD_TYPE);
708 }
709
710 id = id_payload->get_identification(id_payload);
711 this->ike_sa->set_other_id(this->ike_sa, id);
712 this->peer_cfg = select_config(this, id);
713 if (!this->peer_cfg)
714 {
715 DBG1(DBG_IKE, "no peer config found");
716 return send_notify(this, AUTHENTICATION_FAILED);
717 }
718 this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
719
720 this->my_auth = get_auth_cfg(this->peer_cfg, TRUE);
721 this->other_auth = get_auth_cfg(this->peer_cfg, FALSE);
722 if (!this->my_auth || !this->other_auth)
723 {
724 DBG1(DBG_IKE, "auth config missing");
725 return send_notify(this, AUTHENTICATION_FAILED);
726 }
727
728 authenticator = create_authenticator(this, id_payload);
729 if (!authenticator || authenticator->process(authenticator,
730 message) != SUCCESS)
731 {
732 DESTROY_IF(authenticator);
733 return send_notify(this, AUTHENTICATION_FAILED);
734 }
735 authenticator->destroy(authenticator);
736 if (!check_constraints(this))
737 {
738 return send_notify(this, AUTHENTICATION_FAILED);
739 }
740 save_auth_cfg(this, FALSE);
741
742 this->state = MM_AUTH;
743 if (has_notify_errors(this, message))
744 {
745 return FAILED;
746 }
747 return NEED_MORE;
748 }
749 default:
750 return FAILED;
751 }
752 }
753
754 /**
755 * Lookup a shared secret for this IKE_SA
756 */
757 static shared_key_t *lookup_shared_key(private_main_mode_t *this)
758 {
759 host_t *me, *other;
760 identification_t *my_id, *other_id;
761 shared_key_t *shared_key = NULL;
762
763 /* try to get a PSK for IP addresses */
764 me = this->ike_sa->get_my_host(this->ike_sa);
765 other = this->ike_sa->get_other_host(this->ike_sa);
766 my_id = identification_create_from_sockaddr(me->get_sockaddr(me));
767 other_id = identification_create_from_sockaddr(other->get_sockaddr(other));
768 if (my_id && other_id)
769 {
770 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
771 my_id, other_id);
772 }
773 DESTROY_IF(my_id);
774 DESTROY_IF(other_id);
775 if (shared_key)
776 {
777 return shared_key;
778 }
779
780 if (this->my_auth && this->other_auth)
781 { /* as initiator, use identities from configuraiton */
782 my_id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
783 other_id = this->other_auth->get(this->other_auth, AUTH_RULE_IDENTITY);
784 if (my_id && other_id)
785 {
786 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
787 my_id, other_id);
788 }
789 else
790 {
791 DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
792 my_id, me, other_id, other);
793 }
794 }
795 else
796 { /* as responder, we try to find a config by IP */
797 enumerator_t *enumerator;
798 auth_cfg_t *my_auth, *other_auth;
799 peer_cfg_t *peer_cfg = NULL;
800
801 enumerator = charon->backends->create_peer_cfg_enumerator(
802 charon->backends, me, other, NULL, NULL);
803 while (enumerator->enumerate(enumerator, &peer_cfg))
804 {
805 my_auth = get_auth_cfg(peer_cfg, TRUE);
806 other_auth = get_auth_cfg(peer_cfg, FALSE);
807 if (my_auth && other_auth)
808 {
809 my_id = my_auth->get(my_auth, AUTH_RULE_IDENTITY);
810 other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
811 if (my_id && other_id)
812 {
813 shared_key = lib->credmgr->get_shared(lib->credmgr,
814 SHARED_IKE, my_id, other_id);
815 if (shared_key)
816 {
817 break;
818 }
819 else
820 {
821 DBG1(DBG_IKE, "no shared key found for "
822 "'%Y'[%H] - '%Y'[%H]", my_id, me, other_id, other);
823 }
824 }
825 }
826 }
827 enumerator->destroy(enumerator);
828 if (!peer_cfg)
829 {
830 DBG1(DBG_IKE, "no shared key found for %H - %H", me, other);
831 }
832 }
833 return shared_key;
834 }
835
836 /**
837 * Derive key material for this IKE_SA
838 */
839 static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
840 chunk_t nonce_r)
841 {
842 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
843 shared_key_t *shared_key = NULL;
844
845 switch (this->auth_method)
846 {
847 case AUTH_PSK:
848 case AUTH_XAUTH_INIT_PSK:
849 case AUTH_XAUTH_RESP_PSK:
850 shared_key = lookup_shared_key(this);
851 break;
852 default:
853 break;
854 }
855 if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
856 this->dh_value, nonce_i, nonce_r, id, this->auth_method, shared_key))
857 {
858 DESTROY_IF(shared_key);
859 DBG1(DBG_IKE, "key derivation for %N failed",
860 auth_method_names, this->auth_method);
861 return FALSE;
862 }
863 DESTROY_IF(shared_key);
864 charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, nonce_i, nonce_r,
865 NULL);
866
867 return TRUE;
868 }
869
870 /**
871 * Set IKE_SA to established state
872 */
873 static void establish(private_main_mode_t *this)
874 {
875 DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
876 this->ike_sa->get_name(this->ike_sa),
877 this->ike_sa->get_unique_id(this->ike_sa),
878 this->ike_sa->get_my_host(this->ike_sa),
879 this->ike_sa->get_my_id(this->ike_sa),
880 this->ike_sa->get_other_host(this->ike_sa),
881 this->ike_sa->get_other_id(this->ike_sa));
882
883 this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
884 charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
885 }
886
887 METHOD(task_t, build_r, status_t,
888 private_main_mode_t *this, message_t *message)
889 {
890 switch (this->state)
891 {
892 case MM_SA:
893 {
894 sa_payload_t *sa_payload;
895
896 sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
897 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
898 message->add_payload(message, &sa_payload->payload_interface);
899
900 return NEED_MORE;
901 }
902 case MM_KE:
903 {
904 if (!add_nonce_ke(this, &this->nonce_r, message))
905 {
906 return send_notify(this, INVALID_KEY_INFORMATION);
907 }
908 if (!derive_keys(this, this->nonce_i, this->nonce_r))
909 {
910 return send_notify(this, INVALID_KEY_INFORMATION);
911 }
912 return NEED_MORE;
913 }
914 case MM_AUTH:
915 {
916 authenticator_t *authenticator;
917 id_payload_t *id_payload;
918 identification_t *id;
919
920 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
921 if (!id)
922 {
923 DBG1(DBG_CFG, "own identity not known");
924 return send_notify(this, INVALID_ID_INFORMATION);
925 }
926 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
927
928 id_payload = id_payload_create_from_identification(ID_V1, id);
929 message->add_payload(message, &id_payload->payload_interface);
930
931 authenticator = create_authenticator(this, id_payload);
932 if (!authenticator || authenticator->build(authenticator,
933 message) != SUCCESS)
934 {
935 DESTROY_IF(authenticator);
936 return send_notify(this, AUTHENTICATION_FAILED);
937 }
938 authenticator->destroy(authenticator);
939 save_auth_cfg(this, TRUE);
940
941 if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
942 {
943 this->ike_sa->queue_task(this->ike_sa,
944 (task_t*)mode_config_create(this->ike_sa, TRUE));
945 }
946
947 switch (this->auth_method)
948 {
949 case AUTH_XAUTH_INIT_PSK:
950 case AUTH_XAUTH_INIT_RSA:
951 case AUTH_HYBRID_INIT_RSA:
952 this->ike_sa->queue_task(this->ike_sa,
953 (task_t*)xauth_create(this->ike_sa, TRUE));
954 return SUCCESS;
955 case AUTH_XAUTH_RESP_PSK:
956 case AUTH_XAUTH_RESP_RSA:
957 case AUTH_HYBRID_RESP_RSA:
958 /* TODO-IKEv1: not yet supported */
959 return FAILED;
960 default:
961 establish(this);
962 return SUCCESS;
963 }
964 }
965 default:
966 return FAILED;
967 }
968 }
969
970 METHOD(task_t, process_i, status_t,
971 private_main_mode_t *this, message_t *message)
972 {
973 switch (this->state)
974 {
975 case MM_SA:
976 {
977 linked_list_t *list;
978 sa_payload_t *sa_payload;
979 auth_method_t auth_method;
980 u_int32_t lifetime;
981
982 sa_payload = (sa_payload_t*)message->get_payload(message,
983 SECURITY_ASSOCIATION_V1);
984 if (!sa_payload)
985 {
986 DBG1(DBG_IKE, "SA payload missing");
987 return send_notify(this, INVALID_PAYLOAD_TYPE);
988 }
989 list = sa_payload->get_proposals(sa_payload);
990 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
991 list, FALSE);
992 list->destroy_offset(list, offsetof(proposal_t, destroy));
993 if (!this->proposal)
994 {
995 DBG1(DBG_IKE, "no proposal found");
996 return send_notify(this, NO_PROPOSAL_CHOSEN);
997 }
998
999 lifetime = sa_payload->get_lifetime(sa_payload);
1000 if (lifetime != this->lifetime)
1001 {
1002 DBG1(DBG_IKE, "received lifetime %us does not match configured "
1003 "%us, using lower value", lifetime, this->lifetime);
1004 }
1005 this->lifetime = min(this->lifetime, lifetime);
1006 auth_method = sa_payload->get_auth_method(sa_payload);
1007 if (auth_method != this->auth_method)
1008 {
1009 DBG1(DBG_IKE, "received %N authentication, but configured %N, "
1010 "continue with configured", auth_method_names, auth_method,
1011 auth_method_names, this->auth_method);
1012 }
1013 return NEED_MORE;
1014 }
1015 case MM_KE:
1016 {
1017 if (!get_nonce_ke(this, &this->nonce_r, message))
1018 {
1019 return send_notify(this, INVALID_PAYLOAD_TYPE);
1020 }
1021 if (!derive_keys(this, this->nonce_i, this->nonce_r))
1022 {
1023 return send_notify(this, INVALID_KEY_INFORMATION);
1024 }
1025 return NEED_MORE;
1026 }
1027 case MM_AUTH:
1028 {
1029 authenticator_t *authenticator;
1030 id_payload_t *id_payload;
1031 identification_t *id;
1032
1033 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
1034 if (!id_payload)
1035 {
1036 DBG1(DBG_IKE, "IDir payload missing");
1037 return send_notify(this, INVALID_PAYLOAD_TYPE);
1038 }
1039 id = id_payload->get_identification(id_payload);
1040 if (!id->matches(id, this->other_auth->get(this->other_auth,
1041 AUTH_RULE_IDENTITY)))
1042 {
1043 DBG1(DBG_IKE, "IDir does not match");
1044 id->destroy(id);
1045 return send_notify(this, INVALID_ID_INFORMATION);
1046 }
1047 this->ike_sa->set_other_id(this->ike_sa, id);
1048
1049 authenticator = create_authenticator(this, id_payload);
1050 if (!authenticator || authenticator->process(authenticator,
1051 message) != SUCCESS)
1052 {
1053 DESTROY_IF(authenticator);
1054 return send_notify(this, AUTHENTICATION_FAILED);
1055 }
1056 authenticator->destroy(authenticator);
1057 if (!check_constraints(this))
1058 {
1059 return send_notify(this, AUTHENTICATION_FAILED);
1060 }
1061 save_auth_cfg(this, FALSE);
1062
1063 switch (this->auth_method)
1064 {
1065 case AUTH_XAUTH_INIT_PSK:
1066 case AUTH_XAUTH_INIT_RSA:
1067 case AUTH_HYBRID_INIT_RSA:
1068 /* wait for XAUTH request */
1069 return SUCCESS;
1070 case AUTH_XAUTH_RESP_PSK:
1071 case AUTH_XAUTH_RESP_RSA:
1072 case AUTH_HYBRID_RESP_RSA:
1073 /* TODO-IKEv1: not yet */
1074 return FAILED;
1075 default:
1076 establish(this);
1077 return SUCCESS;
1078 }
1079 }
1080 default:
1081 return FAILED;
1082 }
1083 }
1084
1085 METHOD(task_t, get_type, task_type_t,
1086 private_main_mode_t *this)
1087 {
1088 return TASK_MAIN_MODE;
1089 }
1090
1091 METHOD(task_t, migrate, void,
1092 private_main_mode_t *this, ike_sa_t *ike_sa)
1093 {
1094 this->ike_sa = ike_sa;
1095 }
1096
1097 METHOD(task_t, destroy, void,
1098 private_main_mode_t *this)
1099 {
1100 DESTROY_IF(this->peer_cfg);
1101 DESTROY_IF(this->proposal);
1102 DESTROY_IF(this->dh);
1103 free(this->dh_value.ptr);
1104 free(this->nonce_i.ptr);
1105 free(this->nonce_r.ptr);
1106 free(this->sa_payload.ptr);
1107 free(this);
1108 }
1109
1110 /*
1111 * Described in header.
1112 */
1113 main_mode_t *main_mode_create(ike_sa_t *ike_sa, bool initiator)
1114 {
1115 private_main_mode_t *this;
1116
1117 INIT(this,
1118 .public = {
1119 .task = {
1120 .get_type = _get_type,
1121 .migrate = _migrate,
1122 .destroy = _destroy,
1123 },
1124 },
1125 .ike_sa = ike_sa,
1126 .keymat = (keymat_v1_t*)ike_sa->get_keymat(ike_sa),
1127 .initiator = initiator,
1128 .state = MM_INIT,
1129 );
1130
1131 if (initiator)
1132 {
1133 this->public.task.build = _build_i;
1134 this->public.task.process = _process_i;
1135 }
1136 else
1137 {
1138 this->public.task.build = _build_r;
1139 this->public.task.process = _process_r;
1140 }
1141
1142 return &this->public;
1143 }