b15ed3307dcdaf0a366a991a01abe8efa4308979
[strongswan.git] / src / libcharon / sa / tasks / main_mode.c
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2011 Martin Willi
6 * Copyright (C) 2011 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "main_mode.h"
20
21 #include <string.h>
22
23 #include <daemon.h>
24 #include <sa/keymat_v1.h>
25 #include <crypto/diffie_hellman.h>
26 #include <encoding/payloads/sa_payload.h>
27 #include <encoding/payloads/ke_payload.h>
28 #include <encoding/payloads/nonce_payload.h>
29 #include <encoding/payloads/id_payload.h>
30 #include <encoding/payloads/hash_payload.h>
31 #include <sa/tasks/xauth.h>
32 #include <sa/tasks/mode_config.h>
33 #include <sa/tasks/informational.h>
34
35 typedef struct private_main_mode_t private_main_mode_t;
36
37 /**
38 * Private members of a main_mode_t task.
39 */
40 struct private_main_mode_t {
41
42 /**
43 * Public methods and task_t interface.
44 */
45 main_mode_t public;
46
47 /**
48 * Assigned IKE_SA.
49 */
50 ike_sa_t *ike_sa;
51
52 /**
53 * Are we the initiator?
54 */
55 bool initiator;
56
57 /**
58 * IKE config to establish
59 */
60 ike_cfg_t *ike_cfg;
61
62 /**
63 * Peer config to use
64 */
65 peer_cfg_t *peer_cfg;
66
67 /**
68 * Local authentication configuration
69 */
70 auth_cfg_t *my_auth;
71
72 /**
73 * Remote authentication configuration
74 */
75 auth_cfg_t *other_auth;
76
77 /**
78 * selected IKE proposal
79 */
80 proposal_t *proposal;
81
82 /**
83 * DH exchange
84 */
85 diffie_hellman_t *dh;
86
87 /**
88 * Keymat derivation (from SA)
89 */
90 keymat_v1_t *keymat;
91
92 /**
93 * Received public DH value from peer
94 */
95 chunk_t dh_value;
96
97 /**
98 * Initiators nonce
99 */
100 chunk_t nonce_i;
101
102 /**
103 * Responder nonce
104 */
105 chunk_t nonce_r;
106
107 /**
108 * Encoded SA initiator payload used for authentication
109 */
110 chunk_t sa_payload;
111
112 /**
113 * Negotiated SA lifetime
114 */
115 u_int32_t lifetime;
116
117 /**
118 * Negotiated authentication method
119 */
120 auth_method_t auth_method;
121
122 /**
123 * Authenticator to use
124 */
125 authenticator_t *authenticator;
126
127 /** states of main mode */
128 enum {
129 MM_INIT,
130 MM_SA,
131 MM_KE,
132 MM_AUTH,
133 } state;
134 };
135
136 /**
137 * Get the first authentcation config from peer config
138 */
139 static auth_cfg_t *get_auth_cfg(peer_cfg_t *peer_cfg, bool local)
140 {
141 enumerator_t *enumerator;
142 auth_cfg_t *cfg = NULL;
143
144 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
145 enumerator->enumerate(enumerator, &cfg);
146 enumerator->destroy(enumerator);
147 return cfg;
148 }
149
150 /**
151 * Save the encoded SA payload of a message
152 */
153 static bool save_sa_payload(private_main_mode_t *this, message_t *message)
154 {
155 enumerator_t *enumerator;
156 payload_t *payload, *sa = NULL;
157 chunk_t data;
158 size_t offset = IKE_HEADER_LENGTH;
159
160 enumerator = message->create_payload_enumerator(message);
161 while (enumerator->enumerate(enumerator, &payload))
162 {
163 if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1)
164 {
165 sa = payload;
166 break;
167 }
168 else
169 {
170 offset += payload->get_length(payload);
171 }
172 }
173 enumerator->destroy(enumerator);
174
175 data = message->get_packet_data(message);
176 if (sa && data.len >= offset + sa->get_length(sa))
177 {
178 /* Get SA payload without 4 byte fixed header */
179 data = chunk_skip(data, offset);
180 data.len = sa->get_length(sa);
181 data = chunk_skip(data, 4);
182 this->sa_payload = chunk_clone(data);
183 return TRUE;
184 }
185 return FALSE;
186 }
187
188 /**
189 * Generate and add NONCE, KE payload
190 */
191 static bool add_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
192 message_t *message)
193 {
194 nonce_payload_t *nonce_payload;
195 ke_payload_t *ke_payload;
196 rng_t *rng;
197
198 ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
199 this->dh);
200 message->add_payload(message, &ke_payload->payload_interface);
201
202 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
203 if (!rng)
204 {
205 DBG1(DBG_IKE, "no RNG found to create nonce");
206 return FALSE;
207 }
208 rng->allocate_bytes(rng, NONCE_SIZE, nonce);
209 rng->destroy(rng);
210
211 nonce_payload = nonce_payload_create(NONCE_V1);
212 nonce_payload->set_nonce(nonce_payload, *nonce);
213 message->add_payload(message, &nonce_payload->payload_interface);
214
215 return TRUE;
216 }
217
218 /**
219 * Extract nonce from NONCE payload, process KE payload
220 */
221 static bool get_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
222 message_t *message)
223 {
224 nonce_payload_t *nonce_payload;
225 ke_payload_t *ke_payload;
226
227 ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1);
228 if (!ke_payload)
229 {
230 DBG1(DBG_IKE, "KE payload missing in message");
231 return FALSE;
232 }
233 this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload));
234 this->dh->set_other_public_value(this->dh, this->dh_value);
235
236 nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1);
237 if (!nonce_payload)
238 {
239 DBG1(DBG_IKE, "NONCE payload missing in message");
240 return FALSE;
241 }
242 *nonce = nonce_payload->get_nonce(nonce_payload);
243
244 return TRUE;
245 }
246
247 /**
248 * Get the two auth classes from local or remote config
249 */
250 static void get_auth_class(peer_cfg_t *peer_cfg, bool local,
251 auth_class_t *c1, auth_class_t *c2)
252 {
253 enumerator_t *enumerator;
254 auth_cfg_t *auth;
255
256 *c1 = *c2 = AUTH_CLASS_ANY;
257
258 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
259 while (enumerator->enumerate(enumerator, &auth))
260 {
261 if (*c1 == AUTH_CLASS_ANY)
262 {
263 *c1 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
264 }
265 else
266 {
267 *c2 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
268 break;
269 }
270 }
271 enumerator->destroy(enumerator);
272 }
273
274 /**
275 * Get auth method to use from a peer config
276 */
277 static auth_method_t get_auth_method(private_main_mode_t *this,
278 peer_cfg_t *peer_cfg)
279 {
280 auth_class_t i1, i2, r1, r2;
281
282 get_auth_class(peer_cfg, this->initiator, &i1, &i2);
283 get_auth_class(peer_cfg, !this->initiator, &r1, &r2);
284
285 if (i1 == AUTH_CLASS_PUBKEY && r1 == AUTH_CLASS_PUBKEY)
286 {
287 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
288 {
289 /* TODO-IKEv1: ECDSA? */
290 return AUTH_RSA;
291 }
292 if (i2 == AUTH_CLASS_XAUTH)
293 {
294 return AUTH_XAUTH_INIT_RSA;
295 }
296 if (r2 == AUTH_CLASS_XAUTH)
297 {
298 return AUTH_XAUTH_RESP_RSA;
299 }
300 }
301 if (i1 == AUTH_CLASS_PSK && r1 == AUTH_CLASS_PSK)
302 {
303 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
304 {
305 return AUTH_PSK;
306 }
307 if (i2 == AUTH_CLASS_XAUTH)
308 {
309 return AUTH_XAUTH_INIT_PSK;
310 }
311 if (r2 == AUTH_CLASS_XAUTH)
312 {
313 return AUTH_XAUTH_RESP_PSK;
314 }
315 }
316 /* TODO-IKEv1: Hybrid methods? */
317 return AUTH_NONE;;
318 }
319
320 /**
321 * Select the best configuration as responder
322 */
323 static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id)
324 {
325 enumerator_t *enumerator;
326 peer_cfg_t *current, *found = NULL;
327 host_t *me, *other;
328
329 me = this->ike_sa->get_my_host(this->ike_sa);
330 other = this->ike_sa->get_other_host(this->ike_sa);
331 DBG1(DBG_CFG, "looking for peer configs matching %H...%H[%Y]", me, other, id);
332 enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
333 me, other, NULL, id);
334 while (enumerator->enumerate(enumerator, &current))
335 {
336 if (get_auth_method(this, current) == this->auth_method)
337 {
338 found = current->get_ref(current);
339 break;
340 }
341 }
342 enumerator->destroy(enumerator);
343
344 if (found)
345 {
346 DBG2(DBG_CFG, "selected peer config \"%s\"", found->get_name(found));
347 }
348 return found;
349 }
350
351 /**
352 * Check for notify errors, return TRUE if error found
353 */
354 static bool has_notify_errors(private_main_mode_t *this, message_t *message)
355 {
356 enumerator_t *enumerator;
357 payload_t *payload;
358 bool err = FALSE;
359
360 enumerator = message->create_payload_enumerator(message);
361 while (enumerator->enumerate(enumerator, &payload))
362 {
363 if (payload->get_type(payload) == NOTIFY_V1)
364 {
365 notify_payload_t *notify;
366 notify_type_t type;
367
368 notify = (notify_payload_t*)payload;
369 type = notify->get_notify_type(notify);
370 if (type < 16384)
371 {
372 DBG1(DBG_IKE, "received %N error notify",
373 notify_type_names, type);
374 err = TRUE;
375 }
376 else if (type == INITIAL_CONTACT_IKEV1)
377 {
378 if (!this->initiator && this->state == MM_AUTH)
379 {
380 /* If authenticated and received INITIAL_CONTACT,
381 * delete any existing IKE_SAs with that peer.
382 * The delete takes place when the SA is checked in due
383 * to other id not known until the 3rd message.*/
384 this->ike_sa->set_condition(this->ike_sa,
385 COND_INIT_CONTACT_SEEN, TRUE);
386 }
387 }
388 else
389 {
390 DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
391 }
392 }
393 }
394 enumerator->destroy(enumerator);
395
396 return err;
397 }
398
399 /**
400 * Queue a task sending a notify in an INFORMATIONAL exchange
401 */
402 static status_t send_notify(private_main_mode_t *this,
403 notify_type_t type, chunk_t data)
404 {
405 notify_payload_t *notify;
406 ike_sa_id_t *ike_sa_id;
407 u_int64_t spi_i, spi_r;
408 chunk_t spi;
409
410 notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
411 PROTO_IKE, type);
412 notify->set_notification_data(notify, data);
413 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
414 spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
415 spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
416 spi = chunk_cata("cc", chunk_from_thing(spi_i), chunk_from_thing(spi_r));
417 notify->set_spi_data(notify, spi);
418
419 this->ike_sa->queue_task(this->ike_sa,
420 (task_t*)informational_create(this->ike_sa, notify));
421 /* cancel all active/passive tasks in favour of informational */
422 return ALREADY_DONE;
423 }
424
425 METHOD(task_t, build_i, status_t,
426 private_main_mode_t *this, message_t *message)
427 {
428 switch (this->state)
429 {
430 case MM_INIT:
431 {
432 sa_payload_t *sa_payload;
433 linked_list_t *proposals;
434 packet_t *packet;
435
436 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
437 DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
438 this->ike_sa->get_name(this->ike_sa),
439 this->ike_sa->get_unique_id(this->ike_sa),
440 this->ike_sa->get_other_host(this->ike_sa));
441 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
442
443 this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
444 this->peer_cfg->get_ref(this->peer_cfg);
445
446 this->my_auth = get_auth_cfg(this->peer_cfg, TRUE);
447 this->other_auth = get_auth_cfg(this->peer_cfg, FALSE);
448 if (!this->my_auth || !this->other_auth)
449 {
450 DBG1(DBG_CFG, "no auth config found");
451 return FAILED;
452 }
453 this->auth_method = get_auth_method(this, this->peer_cfg);
454 if (this->auth_method == AUTH_NONE)
455 {
456 DBG1(DBG_CFG, "configuration uses unsupported authentication");
457 return FAILED;
458 }
459 this->lifetime = this->peer_cfg->get_reauth_time(this->peer_cfg,
460 FALSE);
461 if (!this->lifetime)
462 { /* fall back to rekey time of no rekey time configured */
463 this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
464 FALSE);
465 }
466 proposals = this->ike_cfg->get_proposals(this->ike_cfg);
467 sa_payload = sa_payload_create_from_proposals_v1(proposals,
468 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
469 proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
470
471 message->add_payload(message, &sa_payload->payload_interface);
472
473 /* pregenerate message to store SA payload */
474 if (this->ike_sa->generate_message(this->ike_sa, message,
475 &packet) != SUCCESS)
476 {
477 DBG1(DBG_IKE, "pregenerating SA payload failed");
478 return FAILED;
479 }
480 packet->destroy(packet);
481 if (!save_sa_payload(this, message))
482 {
483 DBG1(DBG_IKE, "SA payload invalid");
484 return FAILED;
485 }
486
487 this->state = MM_SA;
488 return NEED_MORE;
489 }
490 case MM_SA:
491 {
492 u_int16_t group;
493
494 if (!this->keymat->create_hasher(this->keymat, this->proposal))
495 {
496 return FAILED;
497 }
498 if (!this->proposal->get_algorithm(this->proposal,
499 DIFFIE_HELLMAN_GROUP, &group, NULL))
500 {
501 DBG1(DBG_IKE, "DH group selection failed");
502 return FAILED;
503 }
504 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
505 group);
506 if (!this->dh)
507 {
508 DBG1(DBG_IKE, "negotiated DH group not supported");
509 return FAILED;
510 }
511 if (!add_nonce_ke(this, &this->nonce_i, message))
512 {
513 return FAILED;
514 }
515 this->state = MM_KE;
516 return NEED_MORE;
517 }
518 case MM_KE:
519 {
520 id_payload_t *id_payload;
521 identification_t *id;
522
523 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
524 if (!id)
525 {
526 DBG1(DBG_CFG, "own identity not known");
527 return FAILED;
528 }
529
530 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
531
532 id_payload = id_payload_create_from_identification(ID_V1, id);
533 message->add_payload(message, &id_payload->payload_interface);
534
535 if (this->authenticator->build(this->authenticator,
536 message) != SUCCESS)
537 {
538 return FAILED;
539 }
540 this->state = MM_AUTH;
541 return NEED_MORE;
542 }
543 default:
544 return FAILED;
545 }
546 }
547
548 METHOD(task_t, process_r, status_t,
549 private_main_mode_t *this, message_t *message)
550 {
551 switch (this->state)
552 {
553 case MM_INIT:
554 {
555 linked_list_t *list;
556 sa_payload_t *sa_payload;
557
558 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
559 DBG0(DBG_IKE, "%H is initiating a Main Mode",
560 message->get_source(message));
561 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
562
563 this->ike_sa->update_hosts(this->ike_sa,
564 message->get_destination(message),
565 message->get_source(message), TRUE);
566
567 sa_payload = (sa_payload_t*)message->get_payload(message,
568 SECURITY_ASSOCIATION_V1);
569 if (!sa_payload || !save_sa_payload(this, message))
570 {
571 DBG1(DBG_IKE, "SA payload missing or invalid");
572 return FAILED;
573 }
574
575 list = sa_payload->get_proposals(sa_payload);
576 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
577 list, FALSE);
578 list->destroy_offset(list, offsetof(proposal_t, destroy));
579 if (!this->proposal)
580 {
581 DBG1(DBG_IKE, "no proposal found");
582 return send_notify(this, NO_PROPOSAL_CHOSEN, chunk_empty);
583 }
584
585 this->auth_method = sa_payload->get_auth_method(sa_payload);
586 this->lifetime = sa_payload->get_lifetime(sa_payload);
587
588 this->state = MM_SA;
589 return NEED_MORE;
590 }
591 case MM_SA:
592 {
593 u_int16_t group;
594
595 if (!this->keymat->create_hasher(this->keymat, this->proposal))
596 {
597 return FAILED;
598 }
599 if (!this->proposal->get_algorithm(this->proposal,
600 DIFFIE_HELLMAN_GROUP, &group, NULL))
601 {
602 DBG1(DBG_IKE, "DH group selection failed");
603 return FAILED;
604 }
605 this->dh = lib->crypto->create_dh(lib->crypto, group);
606 if (!this->dh)
607 {
608 DBG1(DBG_IKE, "negotiated DH group not supported");
609 return FAILED;
610 }
611 if (!get_nonce_ke(this, &this->nonce_i, message))
612 {
613 return FAILED;
614 }
615 this->state = MM_KE;
616 return NEED_MORE;
617 }
618 case MM_KE:
619 {
620 id_payload_t *id_payload;
621 identification_t *id;
622
623 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
624 if (!id_payload)
625 {
626 DBG1(DBG_IKE, "IDii payload missing");
627 return FAILED;
628 }
629
630 id = id_payload->get_identification(id_payload);
631 this->ike_sa->set_other_id(this->ike_sa, id);
632 this->peer_cfg = select_config(this, id);
633 if (!this->peer_cfg)
634 {
635 DBG1(DBG_IKE, "no peer config found");
636 return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
637 }
638 this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
639
640 this->my_auth = get_auth_cfg(this->peer_cfg, TRUE);
641 this->other_auth = get_auth_cfg(this->peer_cfg, FALSE);
642 if (!this->my_auth || !this->other_auth)
643 {
644 DBG1(DBG_IKE, "auth config missing");
645 return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
646 }
647
648 if (this->authenticator->process(this->authenticator,
649 message) != SUCCESS)
650 {
651 return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
652 }
653 this->state = MM_AUTH;
654
655 if (has_notify_errors(this, message))
656 {
657 return FAILED;
658 }
659 return NEED_MORE;
660 }
661 default:
662 return FAILED;
663 }
664 }
665
666 /**
667 * Lookup a shared secret for this IKE_SA
668 */
669 static shared_key_t *lookup_shared_key(private_main_mode_t *this)
670 {
671 host_t *me, *other;
672 identification_t *my_id, *other_id;
673 shared_key_t *shared_key = NULL;
674
675 /* try to get a PSK for IP addresses */
676 me = this->ike_sa->get_my_host(this->ike_sa);
677 other = this->ike_sa->get_other_host(this->ike_sa);
678 my_id = identification_create_from_sockaddr(me->get_sockaddr(me));
679 other_id = identification_create_from_sockaddr(other->get_sockaddr(other));
680 if (my_id && other_id)
681 {
682 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
683 my_id, other_id);
684 }
685 DESTROY_IF(my_id);
686 DESTROY_IF(other_id);
687 if (shared_key)
688 {
689 return shared_key;
690 }
691
692 if (this->my_auth && this->other_auth)
693 { /* as initiator, use identities from configuraiton */
694 my_id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
695 other_id = this->other_auth->get(this->other_auth, AUTH_RULE_IDENTITY);
696 if (my_id && other_id)
697 {
698 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
699 my_id, other_id);
700 }
701 else
702 {
703 DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
704 my_id, me, other_id, other);
705 }
706 }
707 else
708 { /* as responder, we try to find a config by IP */
709 enumerator_t *enumerator;
710 auth_cfg_t *my_auth, *other_auth;
711 peer_cfg_t *peer_cfg = NULL;
712
713 enumerator = charon->backends->create_peer_cfg_enumerator(
714 charon->backends, me, other, NULL, NULL);
715 while (enumerator->enumerate(enumerator, &peer_cfg))
716 {
717 my_auth = get_auth_cfg(peer_cfg, TRUE);
718 other_auth = get_auth_cfg(peer_cfg, FALSE);
719 if (my_auth && other_auth)
720 {
721 my_id = my_auth->get(my_auth, AUTH_RULE_IDENTITY);
722 other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
723 if (my_id && other_id)
724 {
725 shared_key = lib->credmgr->get_shared(lib->credmgr,
726 SHARED_IKE, my_id, other_id);
727 if (shared_key)
728 {
729 break;
730 }
731 else
732 {
733 DBG1(DBG_IKE, "no shared key found for "
734 "'%Y'[%H] - '%Y'[%H]", my_id, me, other_id, other);
735 }
736 }
737 }
738 }
739 enumerator->destroy(enumerator);
740 if (!peer_cfg)
741 {
742 DBG1(DBG_IKE, "no shared key found for %H - %H", me, other);
743 }
744 }
745 return shared_key;
746 }
747
748 /**
749 * Derive key material for this IKE_SA
750 */
751 static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
752 chunk_t nonce_r)
753 {
754 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
755 shared_key_t *shared_key = NULL;
756
757 switch (this->auth_method)
758 {
759 case AUTH_PSK:
760 case AUTH_XAUTH_INIT_PSK:
761 case AUTH_XAUTH_RESP_PSK:
762 shared_key = lookup_shared_key(this);
763 break;
764 default:
765 break;
766 }
767 if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
768 this->dh_value, nonce_i, nonce_r, id, this->auth_method, shared_key))
769 {
770 DESTROY_IF(shared_key);
771 DBG1(DBG_IKE, "key derivation for %N failed",
772 auth_method_names, this->auth_method);
773 return FALSE;
774 }
775 DESTROY_IF(shared_key);
776 charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, nonce_i, nonce_r,
777 NULL);
778
779 this->authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
780 this->auth_method, this->dh,
781 this->dh_value, this->sa_payload);
782 if (!this->authenticator)
783 {
784 DBG1(DBG_IKE, "negotiated authentication method %N not supported",
785 auth_method_names, this->auth_method);
786 return FALSE;
787 }
788 return TRUE;
789 }
790
791 /**
792 * Set IKE_SA to established state
793 */
794 static void establish(private_main_mode_t *this)
795 {
796 DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
797 this->ike_sa->get_name(this->ike_sa),
798 this->ike_sa->get_unique_id(this->ike_sa),
799 this->ike_sa->get_my_host(this->ike_sa),
800 this->ike_sa->get_my_id(this->ike_sa),
801 this->ike_sa->get_other_host(this->ike_sa),
802 this->ike_sa->get_other_id(this->ike_sa));
803
804 this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
805 charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
806 }
807
808 METHOD(task_t, build_r, status_t,
809 private_main_mode_t *this, message_t *message)
810 {
811 switch (this->state)
812 {
813 case MM_SA:
814 {
815 sa_payload_t *sa_payload;
816
817 sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
818 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
819 message->add_payload(message, &sa_payload->payload_interface);
820
821 return NEED_MORE;
822 }
823 case MM_KE:
824 {
825 if (!add_nonce_ke(this, &this->nonce_r, message))
826 {
827 return FAILED;
828 }
829 if (!derive_keys(this, this->nonce_i, this->nonce_r))
830 {
831 return FAILED;
832 }
833 return NEED_MORE;
834 }
835 case MM_AUTH:
836 {
837 id_payload_t *id_payload;
838 identification_t *id;
839
840 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
841 if (!id)
842 {
843 DBG1(DBG_CFG, "own identity not known");
844 return FAILED;
845 }
846
847 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
848
849 id_payload = id_payload_create_from_identification(ID_V1, id);
850 message->add_payload(message, &id_payload->payload_interface);
851
852 if (this->authenticator->build(this->authenticator,
853 message) != SUCCESS)
854 {
855 return FAILED;
856 }
857
858 if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
859 {
860 this->ike_sa->queue_task(this->ike_sa,
861 (task_t*)mode_config_create(this->ike_sa, TRUE));
862 }
863
864 switch (this->auth_method)
865 {
866 case AUTH_XAUTH_INIT_PSK:
867 case AUTH_XAUTH_INIT_RSA:
868 this->ike_sa->queue_task(this->ike_sa,
869 (task_t*)xauth_create(this->ike_sa, TRUE));
870 return SUCCESS;
871 case AUTH_XAUTH_RESP_PSK:
872 case AUTH_XAUTH_RESP_RSA:
873 /* TODO-IKEv1: not yet supported */
874 return FAILED;
875 default:
876 establish(this);
877 return SUCCESS;
878 }
879 }
880 default:
881 return FAILED;
882 }
883 }
884
885 METHOD(task_t, process_i, status_t,
886 private_main_mode_t *this, message_t *message)
887 {
888 switch (this->state)
889 {
890 case MM_SA:
891 {
892 linked_list_t *list;
893 sa_payload_t *sa_payload;
894 auth_method_t auth_method;
895 u_int32_t lifetime;
896
897 sa_payload = (sa_payload_t*)message->get_payload(message,
898 SECURITY_ASSOCIATION_V1);
899 if (!sa_payload)
900 {
901 DBG1(DBG_IKE, "SA payload missing");
902 return FAILED;
903 }
904 list = sa_payload->get_proposals(sa_payload);
905 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
906 list, FALSE);
907 list->destroy_offset(list, offsetof(proposal_t, destroy));
908 if (!this->proposal)
909 {
910 DBG1(DBG_IKE, "no proposal found");
911 return FAILED;
912 }
913
914 lifetime = sa_payload->get_lifetime(sa_payload);
915 if (lifetime != this->lifetime)
916 {
917 DBG1(DBG_IKE, "received lifetime %us does not match configured "
918 "%us, using lower value", lifetime, this->lifetime);
919 }
920 this->lifetime = min(this->lifetime, lifetime);
921 auth_method = sa_payload->get_auth_method(sa_payload);
922 if (auth_method != this->auth_method)
923 {
924 DBG1(DBG_IKE, "received %N authentication, but configured %N, "
925 "continue with configured", auth_method_names, auth_method,
926 auth_method_names, this->auth_method);
927 }
928 return NEED_MORE;
929 }
930 case MM_KE:
931 {
932 if (!get_nonce_ke(this, &this->nonce_r, message))
933 {
934 return FAILED;
935 }
936 if (!derive_keys(this, this->nonce_i, this->nonce_r))
937 {
938 return FAILED;
939 }
940 return NEED_MORE;
941 }
942 case MM_AUTH:
943 {
944 id_payload_t *id_payload;
945 identification_t *id;
946
947 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
948 if (!id_payload)
949 {
950 DBG1(DBG_IKE, "IDir payload missing");
951 return FAILED;
952 }
953 id = id_payload->get_identification(id_payload);
954 if (!id->matches(id, this->other_auth->get(this->other_auth,
955 AUTH_RULE_IDENTITY)))
956 {
957 DBG1(DBG_IKE, "IDir does not match");
958 id->destroy(id);
959 return FAILED;
960 }
961 this->ike_sa->set_other_id(this->ike_sa, id);
962
963 if (this->authenticator->process(this->authenticator,
964 message) != SUCCESS)
965 {
966 return FAILED;
967 }
968
969 switch (this->auth_method)
970 {
971 case AUTH_XAUTH_INIT_PSK:
972 case AUTH_XAUTH_INIT_RSA:
973 /* wait for XAUTH request */
974 return SUCCESS;
975 case AUTH_XAUTH_RESP_PSK:
976 case AUTH_XAUTH_RESP_RSA:
977 /* TODO-IKEv1: not yet */
978 return FAILED;
979 default:
980 establish(this);
981 return SUCCESS;
982 }
983 }
984 default:
985 return FAILED;
986 }
987 }
988
989 METHOD(task_t, get_type, task_type_t,
990 private_main_mode_t *this)
991 {
992 return TASK_MAIN_MODE;
993 }
994
995 METHOD(task_t, migrate, void,
996 private_main_mode_t *this, ike_sa_t *ike_sa)
997 {
998 this->ike_sa = ike_sa;
999 }
1000
1001 METHOD(task_t, destroy, void,
1002 private_main_mode_t *this)
1003 {
1004 DESTROY_IF(this->peer_cfg);
1005 DESTROY_IF(this->proposal);
1006 DESTROY_IF(this->dh);
1007 DESTROY_IF(this->authenticator);
1008 free(this->dh_value.ptr);
1009 free(this->nonce_i.ptr);
1010 free(this->nonce_r.ptr);
1011 free(this->sa_payload.ptr);
1012 free(this);
1013 }
1014
1015 /*
1016 * Described in header.
1017 */
1018 main_mode_t *main_mode_create(ike_sa_t *ike_sa, bool initiator)
1019 {
1020 private_main_mode_t *this;
1021
1022 INIT(this,
1023 .public = {
1024 .task = {
1025 .get_type = _get_type,
1026 .migrate = _migrate,
1027 .destroy = _destroy,
1028 },
1029 },
1030 .ike_sa = ike_sa,
1031 .keymat = (keymat_v1_t*)ike_sa->get_keymat(ike_sa),
1032 .initiator = initiator,
1033 .state = MM_INIT,
1034 );
1035
1036 if (initiator)
1037 {
1038 this->public.task.build = _build_i;
1039 this->public.task.process = _process_i;
1040 }
1041 else
1042 {
1043 this->public.task.build = _build_r;
1044 this->public.task.process = _process_r;
1045 }
1046
1047 return &this->public;
1048 }