From: markus Date: Tue, 6 May 2014 07:24:37 +0000 (+0000) Subject: initial support for PFS; ok reyk@ X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9be300346fcdb5986fed985af27a17e95a0d266b;p=openbsd initial support for PFS; ok reyk@ --- diff --git a/sbin/iked/config.c b/sbin/iked/config.c index 987f5f24b2e..5c33685bbb9 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.27 2014/04/22 12:00:03 reyk Exp $ */ +/* $OpenBSD: config.c,v 1.28 2014/05/06 07:24:37 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -339,7 +339,8 @@ config_add_transform(struct iked_proposal *prop, u_int type, } struct iked_transform * -config_findtransform(struct iked_proposals *props, u_int8_t type) +config_findtransform(struct iked_proposals *props, u_int8_t type, + u_int proto) { struct iked_proposal *prop; struct iked_transform *xform; @@ -347,6 +348,9 @@ config_findtransform(struct iked_proposals *props, u_int8_t type) /* Search of the first transform with the desired type */ TAILQ_FOREACH(prop, props, prop_entry) { + /* Find any proposal or only selected SA proto */ + if (proto != 0 && prop->prop_protoid != proto) + continue; for (i = 0; i < prop->prop_nxforms; i++) { xform = prop->prop_xforms + i; if (xform->xform_type == type) diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 0e77aea7972..59321aedc6a 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.74 2014/05/06 07:08:10 markus Exp $ */ +/* $OpenBSD: iked.h,v 1.75 2014/05/06 07:24:37 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -411,6 +411,8 @@ struct iked_sa { struct iked_childsas sa_childsas; /* IPSec Child SAs */ struct iked_saflows sa_flows; /* IPSec flows */ + u_int64_t sa_rekeyspi; /* peerspi for rekey*/ + u_int8_t sa_ipcomp; /* IPcomp transform */ u_int16_t sa_cpi_out; /* IPcomp outgoing */ u_int16_t sa_cpi_in; /* IPcomp incoming*/ @@ -606,7 +608,7 @@ struct iked_user * u_int64_t config_getspi(void); struct iked_transform * - config_findtransform(struct iked_proposals *, u_int8_t); + config_findtransform(struct iked_proposals *, u_int8_t, u_int); void config_free_policy(struct iked *, struct iked_policy *); struct iked_proposal * config_add_proposal(struct iked_proposals *, u_int, u_int); diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 4756957315a..fd8285ab37a 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.103 2014/05/06 07:08:10 markus Exp $ */ +/* $OpenBSD: ikev2.c,v 1.104 2014/05/06 07:24:37 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -82,10 +82,14 @@ int ikev2_sa_initiator(struct iked *, struct iked_sa *, struct iked_message *); int ikev2_sa_responder(struct iked *, struct iked_sa *, struct iked_sa *, struct iked_message *); +int ikev2_sa_initiator_dh(struct iked_sa *, struct iked_message *, u_int); +int ikev2_sa_responder_dh(struct iked_sa *, struct iked_message *, u_int); +void ikev2_sa_cleanup_dh(struct iked_sa *); int ikev2_sa_keys(struct iked *, struct iked_sa *, struct ibuf *); int ikev2_sa_tag(struct iked_sa *, struct iked_id *); +int ikev2_set_sa_proposal(struct iked_sa *, struct iked_policy *, u_int); -int ikev2_childsa_negotiate(struct iked *, struct iked_sa *, int); +int ikev2_childsa_negotiate(struct iked *, struct iked_sa *, int, int); int ikev2_match_proposals(struct iked_proposal *, struct iked_proposal *, struct iked_transform **); int ikev2_valid_proposal(struct iked_proposal *, @@ -779,6 +783,7 @@ ikev2_init_ike_sa_peer(struct iked *env, struct iked_policy *pol, return (-1); /* Pick peer's DH group if asked */ + /* XXX free old sa_dhgroup ? */ sa->sa_dhgroup = pol->pol_peerdh; if (ikev2_sa_initiator(env, sa, NULL) == -1) @@ -1069,7 +1074,7 @@ ikev2_init_done(struct iked *env, struct iked_sa *sa) if (!sa_stateok(sa, IKEV2_STATE_VALID)) return (0); /* ignored */ - ret = ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator); + ret = ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator, 0); if (ret == 0) ret = ikev2_childsa_enable(env, sa); if (ret == 0) { @@ -2088,7 +2093,7 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa) if (ikev2_cp_setaddr(env, sa) < 0) return (-1); - if (ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator) == -1) + if (ikev2_childsa_negotiate(env, sa, sa->sa_hdr.sh_initiator, 0) == -1) return (-1); /* New encrypted message buffer */ @@ -2332,13 +2337,43 @@ ikev2_send_ike_e(struct iked *env, struct iked_sa *sa, struct ibuf *buf, return (ret); } +int +ikev2_set_sa_proposal(struct iked_sa *sa, struct iked_policy *pol, + u_int proto) +{ + struct iked_proposal *prop, *copy; + struct iked_transform *xform; + u_int i; + + /* create copy of the policy proposals */ + config_free_proposals(&sa->sa_proposals, proto); + TAILQ_FOREACH(prop, &pol->pol_proposals, prop_entry) { + if (proto != 0 && prop->prop_protoid != proto) + continue; + if ((copy = config_add_proposal(&sa->sa_proposals, + prop->prop_id, prop->prop_protoid)) == NULL) + return (-1); + for (i = 0; i < prop->prop_nxforms; i++) { + xform = &prop->prop_xforms[i]; + if (config_add_transform(copy, xform->xform_type, + xform->xform_id, xform->xform_length, + xform->xform_keylength) == NULL) + return (-1); + } + } + return (0); +} + int ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, struct iked_spi *rekey, u_int8_t protoid) { + struct iked_policy *pol = sa->sa_policy; struct iked_childsa *csa = NULL, *csb = NULL; struct ikev2_notify *n; struct ikev2_payload *pld = NULL; + struct ikev2_keyexchange *ke; + struct group *group; struct ibuf *e = NULL, *nonce = NULL; u_int8_t *ptr; u_int8_t firstpayload; @@ -2353,6 +2388,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, else log_debug("%s: creating new CHILD SAs", __func__); + sa->sa_rekeyspi = 0; /* clear rekey spi */ initiator = sa->sa_hdr.sh_initiator ? 1 : 0; if (rekey && @@ -2361,6 +2397,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, (csb = csa->csa_peersa) == NULL)) { log_debug("%s: CHILD SA %s wasn't found", __func__, print_spi(rekey->spi, rekey->spi_size)); + goto done; } /* Generate new nonce */ @@ -2375,7 +2412,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, goto done; /* compression */ - if ((sa->sa_policy->pol_flags & IKED_POLICY_IPCOMP) && + if ((pol->pol_flags & IKED_POLICY_IPCOMP) && (len = ikev2_add_ipcompnotify(env, e, &pld, 0, sa)) == -1) goto done; @@ -2389,6 +2426,17 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, /* SA payload */ if ((pld = ikev2_add_payload(e)) == NULL) goto done; + + /* + * We need to reset the sa_proposal. Otherwise it would be + * left over from the IKE_AUTH exchange and would not contain + * any DH groups (e.g. for ESP child SAs). + */ + if (ikev2_set_sa_proposal(sa, pol, protoid) < 0) { + log_debug("%s: ikev2_set_sa_proposal failed", __func__); + goto done; + } + if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, protoid, 1, 0)) == -1) goto done; @@ -2403,6 +2451,32 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, goto done; len = ibuf_size(nonce); + if (config_findtransform(&pol->pol_proposals, IKEV2_XFORMTYPE_DH, + protoid)) { + log_debug("%s: enable PFS", __func__); + ikev2_sa_cleanup_dh(sa); + if (ikev2_sa_initiator_dh(sa, NULL, protoid) < 0) { + log_debug("%s: failed to setup DH", __func__); + goto done; + } + if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) + goto done; + + /* KE payload */ + if ((pld = ikev2_add_payload(e)) == NULL) + goto done; + if ((ke = ibuf_advance(e, sizeof(*ke))) == NULL) + goto done; + if ((group = sa->sa_dhgroup) == NULL) { + log_debug("%s: invalid dh", __func__); + goto done; + } + ke->kex_dhgroup = htobe16(group->id); + if (ikev2_add_buf(e, sa->sa_dhiexchange) == -1) + goto done; + len = sizeof(*ke) + dh_getlen(group); + } + if ((len = ikev2_add_ts(e, &pld, len, sa, !initiator)) == -1) goto done; @@ -2435,6 +2509,11 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, if (rekey) { csa->csa_rekey = 1; csb->csa_rekey = 1; + /* + * Remember the peer spi of the rekeyed + * SA for ikev2_init_create_child_sa(). + */ + sa->sa_rekeyspi = csa->csa_peerspi; } sa->sa_stateflags |= IKED_REQ_CHILDSA; } @@ -2447,25 +2526,30 @@ done: int ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) { - struct iked_childsa *csa; + struct iked_childsa *csa = NULL; struct iked_proposal *prop; struct iked_sa *sa = msg->msg_sa; struct ikev2_delete *del; struct ibuf *buf = NULL; - u_int64_t peerspi; u_int32_t spi32; - int rekeying = 0, ret = -1; + int pfs = 0, ret = -1; if (!ikev2_msg_frompeer(msg) || (sa->sa_stateflags & IKED_REQ_CHILDSA) == 0) return (0); - if (msg->msg_prop == NULL) { + if (msg->msg_prop == NULL || + TAILQ_EMPTY(&msg->msg_proposals)) { log_debug("%s: no proposal specified", __func__); return (-1); } - /* Update peer SPI */ + if (ikev2_sa_negotiate(sa, &sa->sa_proposals, + &msg->msg_proposals) != 0) { + log_debug("%s: no proposal chosen", __func__); + return (-1); + } + TAILQ_FOREACH(prop, &sa->sa_proposals, prop_entry) { if (prop->prop_protoid == msg->msg_prop->prop_protoid) break; @@ -2476,13 +2560,29 @@ ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) return (-1); } - peerspi = prop->prop_peerspi.spi; - prop->prop_peerspi.spi = msg->msg_prop->prop_peerspi.spi; + if (sa->sa_rekeyspi && + (csa = childsa_lookup(sa, sa->sa_rekeyspi, prop->prop_protoid)) + != NULL) { + log_debug("%s: rekeying CHILD SA old %s spi %s", __func__, + print_spi(csa->csa_spi.spi, csa->csa_spi.spi_size), + print_spi(prop->prop_peerspi.spi, + prop->prop_peerspi.spi_size)); + } - if ((csa = childsa_lookup(sa, peerspi, prop->prop_protoid)) != NULL) { - rekeying = 1; - log_debug("%s: rekeying CHILD SA %s", __func__, - print_spi(peerspi, prop->prop_peerspi.spi_size)); + /* check KE payload for PFS */ + if (ibuf_length(msg->msg_ke)) { + log_debug("%s: using PFS", __func__); + if (ikev2_sa_initiator_dh(sa, msg, prop->prop_protoid) < 0) { + log_debug("%s: failed to setup DH", __func__); + return (ret); + } + if (sa->sa_dhpeer == NULL) { + log_debug("%s: no peer DH", __func__); + return (ret); + } + pfs = 1; + /* XXX check group against policy ? */ + /* XXX should ikev2_sa_negotiate do this? */ } /* Update responder's nonce */ @@ -2493,12 +2593,12 @@ ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) ibuf_release(sa->sa_rnonce); sa->sa_rnonce = ibuf_dup(msg->msg_nonce); - if (ikev2_childsa_negotiate(env, sa, 1)) { + if (ikev2_childsa_negotiate(env, sa, 1, pfs)) { log_debug("%s: failed to get CHILD SAs", __func__); return (-1); } - if (rekeying) { + if (csa) { /* Child SA rekeying */ if ((buf = ibuf_static()) == NULL) @@ -2542,16 +2642,14 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) struct iked_sa *nsa = NULL, *sa = msg->msg_sa; struct iked_spi *spi, *rekey = &msg->msg_rekey; struct ikev2_keyexchange *ke; - struct ikev2_notify *n; struct ikev2_payload *pld = NULL; - struct ibuf *buf = NULL, *e = NULL, *nonce = NULL; + struct ibuf *e = NULL, *nonce = NULL; struct group *group; - u_int64_t spi64; - u_int32_t spi32; u_int8_t firstpayload; ssize_t len = 0; int initiator, protoid, rekeying = 1; int ret = -1; + int pfs = 0; initiator = sa->sa_hdr.sh_initiator ? 1 : 0; @@ -2606,31 +2704,17 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) } else { /* Child SA creating/rekeying */ + /* check KE payload for PFS */ if (ibuf_length(msg->msg_parent->msg_ke)) { - /* We do not support KE payload yet */ - if ((buf = ibuf_static()) == NULL) - return (-1); - if ((n = ibuf_advance(buf, sizeof(*n))) == NULL) { - ibuf_release(buf); - return (-1); - } - n->n_protoid = protoid; - n->n_spisize = rekey->spi_size; - n->n_type = htobe16(IKEV2_N_NO_ADDITIONAL_SAS); - switch (rekey->spi_size) { - case 4: - spi32 = htobe32(rekey->spi); - ibuf_add(buf, &spi32, rekey->spi_size); - break; - case 8: - spi64 = htobe64(rekey->spi); - ibuf_add(buf, &spi64, rekey->spi_size); - break; + log_debug("%s: using PFS", __func__); + ikev2_sa_cleanup_dh(sa); + if (ikev2_sa_responder_dh(sa, msg->msg_parent, + protoid) < 0) { + log_debug("%s: failed to setup DH", __func__); + return (ret); } - ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_NOTIFY, - IKEV2_EXCHANGE_CREATE_CHILD_SA, 1); - ibuf_release(buf); - return (0); + pfs = 1; + /* XXX check group against policy ? */ } /* Update peer SPI */ @@ -2680,7 +2764,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) ibuf_release(sa->sa_rnonce); sa->sa_rnonce = nonce; - if (ikev2_childsa_negotiate(env, sa, 0)) { + if (ikev2_childsa_negotiate(env, sa, 0, pfs)) { log_debug("%s: failed to get CHILD SAs", __func__); return (-1); } @@ -2720,7 +2804,8 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) goto done; len = ibuf_size(nonce); - if (protoid == IKEV2_SAPROTO_IKE) { + if (protoid == IKEV2_SAPROTO_IKE || pfs) { + if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) goto done; @@ -2729,18 +2814,21 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) goto done; if ((ke = ibuf_advance(e, sizeof(*ke))) == NULL) goto done; - if ((group = nsa->sa_dhgroup) == NULL) { + if ((group = nsa ? + nsa->sa_dhgroup : sa->sa_dhgroup) == NULL) { log_debug("%s: invalid dh", __func__); goto done; } ke->kex_dhgroup = htobe16(group->id); - if (ikev2_add_buf(e, nsa->sa_dhrexchange) == -1) + if (ikev2_add_buf(e, nsa ? + nsa->sa_dhrexchange : sa->sa_dhrexchange) == -1) goto done; len = sizeof(*ke) + dh_getlen(group); - } else { + } + + if (protoid != IKEV2_SAPROTO_IKE) if ((len = ikev2_add_ts(e, &pld, len, sa, initiator)) == -1) goto done; - } if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONE) == -1) goto done; @@ -3065,12 +3153,13 @@ ikev2_sa_negotiate(struct iked_sa *sa, struct iked_proposals *local, struct iked_proposals *peer) { struct iked_proposal *ppeer = NULL, *plocal, *prop, vpeer, vlocal; - struct iked_transform *chosen[IKEV2_XFORMTYPE_MAX]; + struct iked_transform chosen[IKEV2_XFORMTYPE_MAX]; + struct iked_transform *valid[IKEV2_XFORMTYPE_MAX]; struct iked_transform *match[IKEV2_XFORMTYPE_MAX]; u_int i, score, chosen_score = 0; u_int8_t protoid = 0; - bzero(chosen, sizeof(chosen)); + bzero(valid, sizeof(valid)); bzero(&vlocal, sizeof(vlocal)); bzero(&vpeer, sizeof(vpeer)); @@ -3089,8 +3178,11 @@ ikev2_sa_negotiate(struct iked_sa *sa, struct iked_proposals *local, log_debug("%s: score %d", __func__, score); if (score && (!chosen_score || score < chosen_score)) { chosen_score = score; - for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) - chosen[i] = match[i]; + for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) { + if ((valid[i] = match[i])) + memcpy(&chosen[i], match[i], + sizeof(chosen[0])); + } memcpy(&vpeer, ppeer, sizeof(vpeer)); memcpy(&vlocal, plocal, sizeof(vlocal)); } @@ -3118,18 +3210,18 @@ ikev2_sa_negotiate(struct iked_sa *sa, struct iked_proposals *local, } for (i = 0; i < IKEV2_XFORMTYPE_MAX; i++) { - if (chosen[i] == NULL) + if (valid[i] == NULL) continue; print_debug("%s: score %d: %s %s", __func__, - chosen[i]->xform_score, print_map(i, ikev2_xformtype_map), - print_map(chosen[i]->xform_id, chosen[i]->xform_map)); - if (chosen[i]->xform_length) - print_debug(" %d", chosen[i]->xform_length); + chosen[i].xform_score, print_map(i, ikev2_xformtype_map), + print_map(chosen[i].xform_id, chosen[i].xform_map)); + if (chosen[i].xform_length) + print_debug(" %d", chosen[i].xform_length); print_debug("\n"); - if (config_add_transform(prop, chosen[i]->xform_type, - chosen[i]->xform_id, chosen[i]->xform_length, - chosen[i]->xform_keylength) == NULL) + if (config_add_transform(prop, chosen[i].xform_type, + chosen[i].xform_id, chosen[i].xform_length, + chosen[i].xform_keylength) == NULL) break; } @@ -3137,15 +3229,14 @@ ikev2_sa_negotiate(struct iked_sa *sa, struct iked_proposals *local, } int -ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, - struct iked_message *msg) +ikev2_sa_initiator_dh(struct iked_sa *sa, struct iked_message *msg, u_int proto) { struct iked_policy *pol = sa->sa_policy; struct iked_transform *xform; if (sa->sa_dhgroup == NULL) { if ((xform = config_findtransform(&pol->pol_proposals, - IKEV2_XFORMTYPE_DH)) == NULL) { + IKEV2_XFORMTYPE_DH, proto)) == NULL) { log_debug("%s: did not find dh transform", __func__); return (-1); } @@ -3170,28 +3261,10 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, } } - if (!ibuf_length(sa->sa_inonce)) { - if ((sa->sa_inonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { - log_debug("%s: failed to get local nonce", __func__); - return (-1); - } - } - /* Initial message */ if (msg == NULL) return (0); - if (!ibuf_length(sa->sa_rnonce)) { - if (!ibuf_length(msg->msg_nonce)) { - log_debug("%s: invalid peer nonce", __func__); - return (-1); - } - if ((sa->sa_rnonce = ibuf_dup(msg->msg_nonce)) == NULL) { - log_debug("%s: failed to get peer nonce", __func__); - return (-1); - } - } - if (!ibuf_length(sa->sa_dhrexchange)) { if (!ibuf_length(msg->msg_ke)) { log_debug("%s: invalid peer dh exchange", __func__); @@ -3211,6 +3284,39 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, /* Set a pointer to the peer exchange */ sa->sa_dhpeer = sa->sa_dhrexchange; + return (0); +} + +int +ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, + struct iked_message *msg) +{ + struct iked_transform *xform; + + if (ikev2_sa_initiator_dh(sa, msg, 0) < 0) + return (-1); + + if (!ibuf_length(sa->sa_inonce)) { + if ((sa->sa_inonce = ibuf_random(IKED_NONCE_SIZE)) == NULL) { + log_debug("%s: failed to get local nonce", __func__); + return (-1); + } + } + + /* Initial message */ + if (msg == NULL) + return (0); + + if (!ibuf_length(sa->sa_rnonce)) { + if (!ibuf_length(msg->msg_nonce)) { + log_debug("%s: invalid peer nonce", __func__); + return (-1); + } + if ((sa->sa_rnonce = ibuf_dup(msg->msg_nonce)) == NULL) { + log_debug("%s: failed to get peer nonce", __func__); + return (-1); + } + } /* XXX we need a better way to get this */ if (ikev2_sa_negotiate(sa, &msg->msg_policy->pol_proposals, @@ -3223,7 +3329,7 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, if (sa->sa_encr == NULL) { if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_ENCR)) == NULL) { + IKEV2_XFORMTYPE_ENCR, 0)) == NULL) { log_debug("%s: did not find encr transform", __func__); return (-1); } @@ -3236,7 +3342,7 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, if (sa->sa_prf == NULL) { if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_PRF)) == NULL) { + IKEV2_XFORMTYPE_PRF, 0)) == NULL) { log_debug("%s: did not find prf transform", __func__); return (-1); } @@ -3249,7 +3355,7 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, if (sa->sa_integr == NULL) { if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_INTEGR)) == NULL) { + IKEV2_XFORMTYPE_INTEGR, 0)) == NULL) { log_debug("%s: did not find integr transform", __func__); return (-1); @@ -3270,6 +3376,53 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, return (ikev2_sa_keys(env, sa, NULL)); } +int +ikev2_sa_responder_dh(struct iked_sa *sa, struct iked_message *msg, u_int proto) +{ + struct iked_transform *xform; + + if (sa->sa_dhgroup == NULL) { + if ((xform = config_findtransform(&sa->sa_proposals, + IKEV2_XFORMTYPE_DH, proto)) == NULL) { + log_debug("%s: did not find dh transform", __func__); + return (-1); + } + if ((sa->sa_dhgroup = + group_get(xform->xform_id)) == NULL) { + log_debug("%s: invalid dh %d", __func__, + xform->xform_id); + return (-1); + } + } + + if (!ibuf_length(sa->sa_dhrexchange)) { + if ((sa->sa_dhrexchange = ibuf_new(NULL, + dh_getlen(sa->sa_dhgroup))) == NULL) { + log_debug("%s: failed to alloc dh exchange", __func__); + return (-1); + } + if (dh_create_exchange(sa->sa_dhgroup, + sa->sa_dhrexchange->buf) == -1) { + log_debug("%s: failed to get dh exchange", __func__); + return (-1); + } + } + + if (!ibuf_length(sa->sa_dhiexchange)) { + if ((sa->sa_dhiexchange = ibuf_dup(msg->msg_ke)) == NULL || + ((ssize_t)ibuf_length(sa->sa_dhiexchange) != + dh_getlen(sa->sa_dhgroup))) { + /* XXX send notification to peer */ + log_debug("%s: invalid dh, size %d", __func__, + dh_getlen(sa->sa_dhgroup) * 8); + return (-1); + } + } + + /* Set a pointer to the peer exchange */ + sa->sa_dhpeer = sa->sa_dhiexchange; + return (0); +} int ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, struct iked_message *msg) @@ -3308,7 +3461,7 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, if (sa->sa_encr == NULL) { if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_ENCR)) == NULL) { + IKEV2_XFORMTYPE_ENCR, 0)) == NULL) { log_debug("%s: did not find encr transform", __func__); return (-1); } @@ -3321,7 +3474,7 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, if (sa->sa_prf == NULL) { if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_PRF)) == NULL) { + IKEV2_XFORMTYPE_PRF, 0)) == NULL) { log_debug("%s: did not find prf transform", __func__); return (-1); } @@ -3334,7 +3487,7 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, if (sa->sa_integr == NULL) { if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_INTEGR)) == NULL) { + IKEV2_XFORMTYPE_INTEGR, 0)) == NULL) { log_debug("%s: did not find integr transform", __func__); return (-1); @@ -3346,45 +3499,8 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, } } - if (sa->sa_dhgroup == NULL) { - if ((xform = config_findtransform(&sa->sa_proposals, - IKEV2_XFORMTYPE_DH)) == NULL) { - log_debug("%s: did not find dh transform", __func__); - return (-1); - } - if ((sa->sa_dhgroup = - group_get(xform->xform_id)) == NULL) { - log_debug("%s: invalid dh", __func__); - return (-1); - } - } - - if (!ibuf_length(sa->sa_dhrexchange)) { - if ((sa->sa_dhrexchange = ibuf_new(NULL, - dh_getlen(sa->sa_dhgroup))) == NULL) { - log_debug("%s: failed to alloc dh exchange", __func__); - return (-1); - } - if (dh_create_exchange(sa->sa_dhgroup, - sa->sa_dhrexchange->buf) == -1) { - log_debug("%s: failed to get dh exchange", __func__); - return (-1); - } - } - - if (!ibuf_length(sa->sa_dhiexchange)) { - if ((sa->sa_dhiexchange = ibuf_dup(msg->msg_ke)) == NULL || - ((ssize_t)ibuf_length(sa->sa_dhiexchange) != - dh_getlen(sa->sa_dhgroup))) { - /* XXX send notification to peer */ - log_debug("%s: invalid dh, size %d", __func__, - dh_getlen(sa->sa_dhgroup) * 8); - return (-1); - } - } - - /* Set a pointer to the peer exchange */ - sa->sa_dhpeer = sa->sa_dhiexchange; + if (ikev2_sa_responder_dh(sa, msg, 0) < 0) + return (-1); return (ikev2_sa_keys(env, sa, osa ? osa->sa_key_d : NULL)); } @@ -3592,6 +3708,17 @@ ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key) return (ret); } +void +ikev2_sa_cleanup_dh(struct iked_sa *sa) +{ + ibuf_release(sa->sa_dhiexchange); + ibuf_release(sa->sa_dhrexchange); + group_free(sa->sa_dhgroup); + sa->sa_dhiexchange = NULL; + sa->sa_dhrexchange = NULL; + sa->sa_dhgroup = NULL; +} + struct ibuf * ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, size_t keymatlen) @@ -3749,14 +3876,16 @@ ikev2_sa_tag(struct iked_sa *sa, struct iked_id *id) } int -ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, int initiator) +ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, int initiator, + int pfs) { struct iked_proposal *prop; struct iked_transform *xform, *encrxf = NULL, *integrxf = NULL; struct iked_childsa *csa, *csb; struct iked_flow *flow, *saflow, *flowa, *flowb; struct iked_id *peerid, *localid; - struct ibuf *keymat = NULL, *seed = NULL; + struct ibuf *keymat = NULL, *seed = NULL, *dhsecret = NULL; + struct group *group; u_int32_t spi = 0; u_int i; size_t ilen = 0; @@ -3807,7 +3936,35 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, int initiator) log_debug("%s: key material length %zu", __func__, ilen); - if ((seed = ibuf_dup(sa->sa_inonce)) == NULL || + if ((seed = ibuf_new(NULL, 0)) == NULL) { + log_debug("%s: failed to setup IKE SA key material", __func__); + goto done; + } + if (pfs) { + log_debug("%s: using PFS", __func__); + if (sa->sa_dhpeer == NULL || ibuf_length(sa->sa_dhpeer) == 0 || + (group = sa->sa_dhgroup) == NULL) { + log_debug("%s: no dh group for pfs", __func__); + goto done; + } + if ((dhsecret = ibuf_new(NULL, dh_getlen(group))) == NULL) { + log_debug("%s: failed to alloc dh secret", __func__); + goto done; + } + if (dh_create_shared(group, dhsecret->buf, + sa->sa_dhpeer->buf) == -1) { + log_debug("%s: failed to get dh secret" + " group %d len %d secret %zu exchange %zu", __func__, + group->id, dh_getlen(group), ibuf_length(dhsecret), + ibuf_length(sa->sa_dhpeer)); + goto done; + } + if (ibuf_cat(seed, dhsecret) != 0) { + log_debug("%s: failed to set dh secret", __func__); + goto done; + } + } + if (ibuf_cat(seed, sa->sa_inonce) != 0 || ibuf_cat(seed, sa->sa_rnonce) != 0 || (keymat = ikev2_prfplus(sa->sa_prf, sa->sa_key_d, seed, ilen)) == NULL) { @@ -3973,6 +4130,7 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, int initiator) ret = 0; done: + ibuf_release(dhsecret); ibuf_release(keymat); ibuf_release(seed); diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index d72580498e4..6f11e77a601 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.41 2014/05/05 15:21:20 markus Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.42 2014/05/06 07:24:37 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -1157,6 +1157,7 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, " (%zu != %zu)", __func__, len, sizeof(group)); return (-1); } + /* XXX chould also happen for PFS */ if (!msg->msg_sa->sa_hdr.sh_initiator) { log_debug("%s: not an initiator", __func__); sa_free(env, msg->msg_sa); @@ -1175,6 +1176,7 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, group); sa_free(env, msg->msg_sa); msg->msg_sa = NULL; + /* XXX chould also happen for PFS so we have to check state XXX*/ timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa, NULL); timer_add(env, &env->sc_inittmr, IKED_INITIATOR_INITIAL); break;