-# $OpenBSD: Makefile,v 1.12 2014/08/27 10:28:57 reyk Exp $
+# $OpenBSD: Makefile,v 1.13 2015/10/19 11:25:35 reyk Exp $
PROG= iked
SRCS= ca.c chap_ms.c config.c control.c crypto.c dh.c \
- eap.c iked.c ikev1.c ikev2.c ikev2_msg.c ikev2_pld.c \
+ eap.c iked.c ikev2.c ikev2_msg.c ikev2_pld.c \
log.c ocsp.c pfkey.c policy.c proc.c timer.c util.c \
imsg_util.c smult_curve25519_ref.c
SRCS+= eap_map.c ikev2_map.c
-/* $OpenBSD: ca.c,v 1.37 2015/10/01 10:59:23 reyk Exp $ */
+/* $OpenBSD: ca.c,v 1.38 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
int ca_privkey_serialize(EVP_PKEY *, struct iked_id *);
int ca_pubkey_serialize(EVP_PKEY *, struct iked_id *);
int ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
-int ca_dispatch_ikev1(int, struct privsep_proc *, struct imsg *);
int ca_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
static struct privsep_proc procs[] = {
{ "parent", PROC_PARENT, ca_dispatch_parent },
- { "ikev1", PROC_IKEV1, ca_dispatch_ikev1 },
{ "ikev2", PROC_IKEV2, ca_dispatch_ikev2 }
};
return (0);
}
-int
-ca_dispatch_ikev1(int fd, struct privsep_proc *p, struct imsg *imsg)
-{
- return (-1);
-}
-
int
ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
{
-/* $OpenBSD: config.c,v 1.38 2015/10/15 18:40:38 mmcc Exp $ */
+/* $OpenBSD: config.c,v 1.39 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
unsigned int type;
type = couple ? IMSG_CTL_COUPLE : IMSG_CTL_DECOUPLE;
- proc_compose_imsg(&env->sc_ps, PROC_IKEV1, -1, type, -1, NULL, 0);
proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1, type, -1, NULL, 0);
return (0);
unsigned int type;
type = passive ? IMSG_CTL_PASSIVE : IMSG_CTL_ACTIVE;
- proc_compose_imsg(&env->sc_ps, PROC_IKEV1, -1, type, -1, NULL, 0);
proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1, type, -1, NULL, 0);
return (0);
-/* $OpenBSD: control.c,v 1.16 2015/01/16 06:39:58 deraadt Exp $ */
+/* $OpenBSD: control.c,v 1.17 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
proc_forward_imsg(&env->sc_ps, &imsg, PROC_PARENT, -1);
proc_forward_imsg(&env->sc_ps, &imsg, PROC_IKEV2, -1);
- proc_forward_imsg(&env->sc_ps, &imsg, PROC_IKEV1, -1);
break;
case IMSG_CTL_RELOAD:
case IMSG_CTL_RESET:
-/* $OpenBSD: iked.c,v 1.26 2015/10/15 18:40:38 mmcc Exp $ */
+/* $OpenBSD: iked.c,v 1.27 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
void parent_shutdown(struct iked *);
void parent_sig_handler(int, short, void *);
-int parent_dispatch_ikev1(int, struct privsep_proc *, struct imsg *);
int parent_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
int parent_dispatch_ca(int, struct privsep_proc *, struct imsg *);
int parent_configure(struct iked *);
static struct privsep_proc procs[] = {
- { "ikev1", PROC_IKEV1, parent_dispatch_ikev1, ikev1 },
{ "ikev2", PROC_IKEV2, parent_dispatch_ikev2, ikev2 },
{ "ca", PROC_CERT, parent_dispatch_ca, caproc, IKED_CA }
};
config_setpfkey(env, PROC_IKEV2);
/* Now compile the policies and calculate skip steps */
- config_setcompile(env, PROC_IKEV1);
config_setcompile(env, PROC_IKEV2);
bzero(&ss, sizeof(ss));
log_debug("%s: level %d config file %s", __func__, reset, filename);
if (reset == RESET_RELOAD) {
- config_setreset(env, RESET_POLICY, PROC_IKEV1);
config_setreset(env, RESET_POLICY, PROC_IKEV2);
config_setreset(env, RESET_CA, PROC_CERT);
}
/* Re-compile policies and skip steps */
- config_setcompile(env, PROC_IKEV1);
config_setcompile(env, PROC_IKEV2);
config_setcoupled(env, env->sc_decoupled ? 0 : 1);
config_setmode(env, env->sc_passive ? 1 : 0);
config_setocsp(env);
} else {
- config_setreset(env, reset, PROC_IKEV1);
config_setreset(env, reset, PROC_IKEV2);
config_setreset(env, reset, PROC_CERT);
}
}
}
-int
-parent_dispatch_ikev1(int fd, struct privsep_proc *p, struct imsg *imsg)
-{
- switch (imsg->hdr.type) {
- default:
- break;
- }
-
- return (-1);
-}
-
int
parent_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
{
case IMSG_CTL_DECOUPLE:
case IMSG_CTL_ACTIVE:
case IMSG_CTL_PASSIVE:
- proc_compose_imsg(&env->sc_ps, PROC_IKEV1, -1,
- type, -1, NULL, 0);
proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1,
type, -1, NULL, 0);
break;
-/* $OpenBSD: iked.h,v 1.89 2015/10/01 10:59:23 reyk Exp $ */
+/* $OpenBSD: iked.h,v 1.90 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
ssize_t dsa_sign_final(struct iked_dsa *, void *, size_t);
ssize_t dsa_verify_final(struct iked_dsa *, void *, size_t);
-/* ikev1.c */
-pid_t ikev1(struct privsep *, struct privsep_proc *);
-
/* ikev2.c */
pid_t ikev2(struct privsep *, struct privsep_proc *);
void ikev2_recv(struct iked *, struct iked_message *);
+++ /dev/null
-/* $OpenBSD: ikev1.c,v 1.18 2015/08/21 11:59:27 reyk Exp $ */
-
-/*
- * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * XXX Either implement IKEv1,
- * XXX or find a way to pass IKEv1 messages to isakmpd,
- * XXX or remove this file and ikev1 from the iked tree.
- */
-
-#include <sys/queue.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <sys/uio.h>
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <signal.h>
-#include <errno.h>
-#include <err.h>
-#include <pwd.h>
-#include <event.h>
-
-#include "iked.h"
-#include "ikev2.h"
-
-int ikev1_dispatch_parent(int, struct privsep_proc *, struct imsg *);
-int ikev1_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
-int ikev1_dispatch_cert(int, struct privsep_proc *, struct imsg *);
-
-void ikev1_msg_cb(int, short, void *);
-void ikev1_recv(struct iked *, struct iked_message *);
-
-static struct privsep_proc procs[] = {
- { "parent", PROC_PARENT, ikev1_dispatch_parent },
- { "ikev2", PROC_IKEV2, ikev1_dispatch_ikev2 },
- { "certstore", PROC_CERT, ikev1_dispatch_cert }
-};
-
-pid_t
-ikev1(struct privsep *ps, struct privsep_proc *p)
-{
- return (proc_run(ps, p, procs, nitems(procs), NULL, NULL));
-}
-
-int
-ikev1_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
-{
- struct iked *env = p->p_env;
-
- switch (imsg->hdr.type) {
- case IMSG_CTL_RESET:
- log_debug("%s: config reload", __func__);
- return (0);
- case IMSG_CTL_COUPLE:
- case IMSG_CTL_DECOUPLE:
- return (0);
- case IMSG_CTL_ACTIVE:
- case IMSG_CTL_PASSIVE:
- return (0);
- case IMSG_UDP_SOCKET:
- return (config_getsocket(env, imsg, ikev1_msg_cb));
- case IMSG_COMPILE:
- return (0);
- default:
- break;
- }
-
- return (-1);
-}
-
-int
-ikev1_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
-{
- struct iked *env = p->p_env;
- struct iked_message msg;
- uint8_t *buf;
- ssize_t len;
-
- switch (imsg->hdr.type) {
- case IMSG_IKE_MESSAGE:
- log_debug("%s: message", __func__);
- IMSG_SIZE_CHECK(imsg, &msg);
- memcpy(&msg, imsg->data, sizeof(msg));
-
- len = IMSG_DATA_SIZE(imsg) - sizeof(msg);
- buf = (uint8_t *)imsg->data + sizeof(msg);
- if (len <= 0 || (msg.msg_data = ibuf_new(buf, len)) == NULL) {
- log_debug("%s: short message", __func__);
- return (0);
- }
-
- log_debug("%s: message length %zd", __func__, len);
-
- ikev1_recv(env, &msg);
- ikev2_msg_cleanup(env, &msg);
- return (0);
- default:
- break;
- }
-
- return (-1);
-}
-
-int
-ikev1_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg)
-{
- return (-1);
-}
-
-void
-ikev1_msg_cb(int fd, short event, void *arg)
-{
- struct iked_socket *sock = arg;
- struct iked *env = sock->sock_env;
- struct iked_message msg;
- struct ike_header hdr;
- uint8_t buf[IKED_MSGBUF_MAX];
- size_t len;
- struct iovec iov[2];
-
- msg.msg_peerlen = sizeof(msg.msg_peer);
- msg.msg_locallen = sizeof(msg.msg_local);
-
- if ((len = recvfromto(fd, buf, sizeof(buf), 0,
- (struct sockaddr*)&msg.msg_peer, &msg.msg_peerlen,
- (struct sockaddr*)&msg.msg_local, &msg.msg_locallen)) < 1)
- return;
-
- if ((size_t)len <= sizeof(hdr))
- return;
- memcpy(&hdr, buf, sizeof(hdr));
-
- if ((msg.msg_data = ibuf_new(buf, len)) == NULL)
- return;
-
- if (hdr.ike_version == IKEV2_VERSION) {
- iov[0].iov_base = &msg;
- iov[0].iov_len = sizeof(msg);
- iov[1].iov_base = buf;
- iov[1].iov_len = len;
-
- proc_composev_imsg(&env->sc_ps, PROC_IKEV2, -1,
- IMSG_IKE_MESSAGE, -1, iov, 2);
- goto done;
- }
-
- ikev1_recv(env, &msg);
-
- done:
- ikev2_msg_cleanup(env, &msg);
-}
-
-void
-ikev1_recv(struct iked *env, struct iked_message *msg)
-{
- struct ike_header *hdr;
-
- if (ibuf_size(msg->msg_data) <= sizeof(*hdr)) {
- log_debug("%s: short message", __func__);
- return;
- }
-
- hdr = (struct ike_header *)ibuf_data(msg->msg_data);
-
- log_debug("%s: header ispi %s rspi %s"
- " nextpayload %u version 0x%02x exchange %u flags 0x%02x"
- " msgid %u length %u", __func__,
- print_spi(betoh64(hdr->ike_ispi), 8),
- print_spi(betoh64(hdr->ike_rspi), 8),
- hdr->ike_nextpayload,
- hdr->ike_version,
- hdr->ike_exchange,
- hdr->ike_flags,
- betoh32(hdr->ike_msgid),
- betoh32(hdr->ike_length));
-
- log_debug("%s: IKEv1 not supported", __func__);
-}
-/* $OpenBSD: ikev2.c,v 1.126 2015/10/15 18:40:38 mmcc Exp $ */
+/* $OpenBSD: ikev2.c,v 1.127 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
#include "dh.h"
int ikev2_dispatch_parent(int, struct privsep_proc *, struct imsg *);
-int ikev2_dispatch_ikev1(int, struct privsep_proc *, struct imsg *);
int ikev2_dispatch_cert(int, struct privsep_proc *, struct imsg *);
struct iked_sa *
static struct privsep_proc procs[] = {
{ "parent", PROC_PARENT, ikev2_dispatch_parent },
- { "ikev1", PROC_IKEV1, ikev2_dispatch_ikev1 },
{ "certstore", PROC_CERT, ikev2_dispatch_cert }
};
return (-1);
}
-int
-ikev2_dispatch_ikev1(int fd, struct privsep_proc *p, struct imsg *imsg)
-{
- struct iked *env = p->p_env;
- struct iked_message msg;
- uint8_t *buf;
- ssize_t len;
-
- switch (imsg->hdr.type) {
- case IMSG_IKE_MESSAGE:
- log_debug("%s: message", __func__);
- IMSG_SIZE_CHECK(imsg, &msg);
- memcpy(&msg, imsg->data, sizeof(msg));
-
- len = IMSG_DATA_SIZE(imsg) - sizeof(msg);
- buf = (uint8_t *)imsg->data + sizeof(msg);
- if (len <= 0 || (msg.msg_data = ibuf_new(buf, len)) == NULL) {
- log_debug("%s: short message", __func__);
- return (0);
- }
-
- log_debug("%s: message length %zd", __func__, len);
-
- ikev2_recv(env, &msg);
- ikev2_msg_cleanup(env, &msg);
- return (0);
- default:
- break;
- }
-
- return (-1);
-}
-
int
ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg)
{
-/* $OpenBSD: ikev2_msg.c,v 1.44 2015/10/15 18:40:38 mmcc Exp $ */
+/* $OpenBSD: ikev2_msg.c,v 1.45 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
#include "eap.h"
#include "dh.h"
+void ikev1_recv(struct iked *, struct iked_message *);
void ikev2_msg_response_timeout(struct iked *, void *);
void ikev2_msg_retransmit_timeout(struct iked *, void *);
uint8_t buf[IKED_MSGBUF_MAX];
ssize_t len;
off_t off;
- struct iovec iov[2];
bzero(&msg, sizeof(msg));
bzero(buf, sizeof(buf));
if ((msg.msg_data = ibuf_new(buf + off, len - off)) == NULL)
return;
- if (hdr.ike_version == IKEV1_VERSION) {
- iov[0].iov_base = &msg;
- iov[0].iov_len = sizeof(msg);
- iov[1].iov_base = buf;
- iov[1].iov_len = len;
-
- proc_composev_imsg(&env->sc_ps, PROC_IKEV1, -1,
- IMSG_IKE_MESSAGE, -1, iov, 2);
- goto done;
- }
TAILQ_INIT(&msg.msg_proposals);
-
msg.msg_fd = fd;
- ikev2_recv(env, &msg);
- done:
+ if (hdr.ike_version == IKEV1_VERSION)
+ ikev1_recv(env, &msg);
+ else
+ ikev2_recv(env, &msg);
+
ikev2_msg_cleanup(env, &msg);
}
+void
+ikev1_recv(struct iked *env, struct iked_message *msg)
+{
+ struct ike_header *hdr;
+
+ if (ibuf_size(msg->msg_data) <= sizeof(*hdr)) {
+ log_debug("%s: short message", __func__);
+ return;
+ }
+
+ hdr = (struct ike_header *)ibuf_data(msg->msg_data);
+
+ log_debug("%s: header ispi %s rspi %s"
+ " nextpayload %u version 0x%02x exchange %u flags 0x%02x"
+ " msgid %u length %u", __func__,
+ print_spi(betoh64(hdr->ike_ispi), 8),
+ print_spi(betoh64(hdr->ike_rspi), 8),
+ hdr->ike_nextpayload,
+ hdr->ike_version,
+ hdr->ike_exchange,
+ hdr->ike_flags,
+ betoh32(hdr->ike_msgid),
+ betoh32(hdr->ike_length));
+
+ log_debug("%s: IKEv1 not supported", __func__);
+}
+
struct ibuf *
ikev2_msg_init(struct iked *env, struct iked_message *msg,
struct sockaddr_storage *peer, socklen_t peerlen,
-/* $OpenBSD: types.h,v 1.21 2015/08/21 11:59:28 reyk Exp $ */
+/* $OpenBSD: types.h,v 1.22 2015/10/19 11:25:35 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
enum privsep_procid {
PROC_PARENT = 0,
- PROC_IKEV1,
PROC_IKEV2,
PROC_CERT,
PROC_MAX
projects / openbsd / commitdiff