]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/oakley.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-332.100.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / oakley.c
1 /* $NetBSD: oakley.c,v 1.9.6.2 2007/04/04 13:08:28 vanhu Exp $ */
2
3 /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/socket.h> /* XXX for subjectaltname */
39 #include <netinet/in.h> /* XXX for subjectaltname */
40
41 #ifdef HAVE_OPENSSL
42 #include <openssl/pkcs7.h>
43 #include <openssl/x509.h>
44 #endif
45
46 #include <stdlib.h>
47 #include <stdio.h>
48 #include <string.h>
49 #include <errno.h>
50 #include <arpa/inet.h>
51 #include <TargetConditionals.h>
52
53 #if TIME_WITH_SYS_TIME
54 # include <sys/time.h>
55 # include <time.h>
56 #else
57 # if HAVE_SYS_TIME_H
58 # include <sys/time.h>
59 # else
60 # include <time.h>
61 # endif
62 #endif
63
64 #include "var.h"
65 #include "misc.h"
66 #include "vmbuf.h"
67 #include "str2val.h"
68 #include "plog.h"
69 #include "debug.h"
70
71 #include "isakmp_var.h"
72 #include "isakmp.h"
73 #ifdef ENABLE_HYBRID
74 #include "isakmp_xauth.h"
75 #include "isakmp_cfg.h"
76 #endif
77 #include "oakley.h"
78 #include "localconf.h"
79 #include "policy.h"
80 #include "handler.h"
81 #include "ipsec_doi.h"
82 #include "algorithm.h"
83 #include "dhgroup.h"
84 #include "sainfo.h"
85 #include "proposal.h"
86 #include "crypto_openssl.h"
87 #include "crypto_cssm.h"
88 #if HAVE_OPENDIR
89 #include "open_dir.h"
90 #endif
91 #include "sockmisc.h"
92 #include "strnames.h"
93 #include "gcmalloc.h"
94 #include <CoreFoundation/CoreFoundation.h>
95 #include "remoteconf.h"
96 #include "vpn_control.h"
97 #ifndef HAVE_OPENSSL
98 #include <Security/SecCertificate.h>
99 #include <Security/SecCertificatePriv.h>
100 #endif
101 #include "vpn_control_var.h"
102 #include "extern.h"
103
104 #define OUTBOUND_SA 0
105 #define INBOUND_SA 1
106
107 #define CERT_CHECKID_FROM_PEER 0
108 #define CERT_CHECKID_FROM_RMCONFIG 1
109
110 #ifdef HAVE_OPENSSL
111 #define INITDHVAL(a, s, d, t) \
112 do { \
113 vchar_t buf; \
114 buf.v = str2val((s), 16, &buf.l); \
115 memset(&a, 0, sizeof(struct dhgroup)); \
116 a.type = (t); \
117 a.prime = vdup(&buf); \
118 a.gen1 = 2; \
119 a.gen2 = 0; \
120 racoon_free(buf.v); \
121 } while(0);
122 #else /* HAVE_OPENSSL */
123 #define INITDHVAL(a, s, d, t) \
124 do { \
125 vchar_t buf; \
126 buf.v = str2val((s), 16, &buf.l); \
127 memset(&a, 0, sizeof(struct dhgroup)); \
128 a.desc = (d); \
129 a.type = (t); \
130 a.prime = vdup(&buf); \
131 a.gen1 = 2; \
132 a.gen2 = 0; \
133 racoon_free(buf.v); \
134 } while(0);
135 #endif /* HAVE_OPENSSL */
136
137 struct dhgroup dh_modp768;
138 struct dhgroup dh_modp1024;
139 struct dhgroup dh_modp1536;
140 struct dhgroup dh_modp2048;
141 struct dhgroup dh_modp3072;
142 struct dhgroup dh_modp4096;
143 struct dhgroup dh_modp6144;
144 struct dhgroup dh_modp8192;
145
146
147 static int oakley_check_dh_pub (vchar_t *, vchar_t **);
148 static int oakley_compute_keymat_x (phase2_handle_t *, int, int);
149 static int get_cert_fromlocal (phase1_handle_t *, int);
150 static int oakley_check_certid (phase1_handle_t *iph1);
151 static int oakley_check_certid_1 (vchar_t *, int, int, void*, cert_status_t *certStatus);
152 #ifdef HAVE_OPENSSL
153 static int check_typeofcertname (int, int);
154 #endif
155 static cert_t *save_certbuf (struct isakmp_gen *);
156 static int oakley_padlen (int, int);
157
158 static int base64toCFData (vchar_t *, CFDataRef*);
159 static cert_t *oakley_appendcert_to_certchain (cert_t *, cert_t *);
160
161 int
162 oakley_get_defaultlifetime()
163 {
164 return OAKLEY_ATTR_SA_LD_SEC_DEFAULT;
165 }
166
167 int
168 oakley_dhinit()
169 {
170 /* set DH MODP */
171 INITDHVAL(dh_modp768, OAKLEY_PRIME_MODP768,
172 OAKLEY_ATTR_GRP_DESC_MODP768, OAKLEY_ATTR_GRP_TYPE_MODP);
173 INITDHVAL(dh_modp1024, OAKLEY_PRIME_MODP1024,
174 OAKLEY_ATTR_GRP_DESC_MODP1024, OAKLEY_ATTR_GRP_TYPE_MODP);
175 INITDHVAL(dh_modp1536, OAKLEY_PRIME_MODP1536,
176 OAKLEY_ATTR_GRP_DESC_MODP1536, OAKLEY_ATTR_GRP_TYPE_MODP);
177 INITDHVAL(dh_modp2048, OAKLEY_PRIME_MODP2048,
178 OAKLEY_ATTR_GRP_DESC_MODP2048, OAKLEY_ATTR_GRP_TYPE_MODP);
179 INITDHVAL(dh_modp3072, OAKLEY_PRIME_MODP3072,
180 OAKLEY_ATTR_GRP_DESC_MODP3072, OAKLEY_ATTR_GRP_TYPE_MODP);
181 INITDHVAL(dh_modp4096, OAKLEY_PRIME_MODP4096,
182 OAKLEY_ATTR_GRP_DESC_MODP4096, OAKLEY_ATTR_GRP_TYPE_MODP);
183 INITDHVAL(dh_modp6144, OAKLEY_PRIME_MODP6144,
184 OAKLEY_ATTR_GRP_DESC_MODP6144, OAKLEY_ATTR_GRP_TYPE_MODP);
185 INITDHVAL(dh_modp8192, OAKLEY_PRIME_MODP8192,
186 OAKLEY_ATTR_GRP_DESC_MODP8192, OAKLEY_ATTR_GRP_TYPE_MODP);
187
188 return 0;
189 }
190
191 void
192 oakley_dhgrp_free(struct dhgroup *dhgrp)
193 {
194 VPTRINIT(dhgrp->prime);
195 VPTRINIT(dhgrp->curve_a);
196 VPTRINIT(dhgrp->curve_b);
197 VPTRINIT(dhgrp->order);
198 racoon_free(dhgrp);
199 }
200
201 /*
202 * RFC2409 5
203 * The length of the Diffie-Hellman public value MUST be equal to the
204 * length of the prime modulus over which the exponentiation was
205 * performed, prepending zero bits to the value if necessary.
206 */
207 static int
208 oakley_check_dh_pub(vchar_t *prime, vchar_t **pub0)
209 {
210 vchar_t *tmp;
211 vchar_t *pub = *pub0;
212
213 if (prime->l == pub->l)
214 return 0;
215
216 if (prime->l < pub->l) {
217 /* what should i do ? */
218 plog(ASL_LEVEL_ERR,
219 "invalid public information was generated.\n");
220 return -1;
221 }
222
223 /* prime->l > pub->l */
224 tmp = vmalloc(prime->l);
225 if (tmp == NULL) {
226 plog(ASL_LEVEL_ERR,
227 "failed to get DH buffer.\n");
228 return -1;
229 }
230 memcpy(tmp->v + prime->l - pub->l, pub->v, pub->l);
231
232 vfree(*pub0);
233 *pub0 = tmp;
234
235 return 0;
236 }
237
238 /*
239 * compute sharing secret of DH
240 * IN: *dh, *pub, *priv, *pub_p
241 * OUT: **gxy
242 */
243 #ifdef HAVE_OPENSSL
244 int
245 oakley_dh_compute(const struct dhgroup *dh, vchar_t *pub, vchar_t *priv, vchar_t *pub_p, vchar_t **gxy)
246 {
247 #ifdef ENABLE_STATS
248 struct timeval start, end;
249 #endif
250 if ((*gxy = vmalloc(dh->prime->l)) == NULL) {
251 plog(ASL_LEVEL_ERR,
252 "failed to get DH buffer.\n");
253 return -1;
254 }
255
256 #ifdef ENABLE_STATS
257 gettimeofday(&start, NULL);
258 #endif
259 switch (dh->type) {
260 case OAKLEY_ATTR_GRP_TYPE_MODP:
261 if (eay_dh_compute(dh->prime, dh->gen1, pub, priv, pub_p, gxy) < 0) {
262 plog(ASL_LEVEL_ERR,
263 "failed to compute dh value.\n");
264 return -1;
265 }
266 break;
267 case OAKLEY_ATTR_GRP_TYPE_ECP:
268 case OAKLEY_ATTR_GRP_TYPE_EC2N:
269 plog(ASL_LEVEL_ERR,
270 "dh type %d isn't supported.\n", dh->type);
271 return -1;
272 default:
273 plog(ASL_LEVEL_ERR,
274 "invalid dh type %d.\n", dh->type);
275 return -1;
276 }
277
278 #ifdef ENABLE_STATS
279 gettimeofday(&end, NULL);
280 plog(ASL_LEVEL_NOTICE, "%s(%s%d): %8.6f", __func__,
281 s_attr_isakmp_group(dh->type), dh->prime->l << 3,
282 timedelta(&start, &end));
283 #endif
284
285 plog(ASL_LEVEL_DEBUG, "compute DH's shared.\n");
286
287 return 0;
288 }
289 #else
290 int
291 oakley_dh_compute(const struct dhgroup *dh, vchar_t *pub_p, size_t publicKeySize, vchar_t **gxy, SecDHContext *dhC)
292 {
293
294 vchar_t *computed_key = NULL;
295 size_t computed_keylen;
296 size_t maxKeyLen;
297
298 #ifdef ENABLE_STATS
299 struct timeval start, end;
300 gettimeofday(&start, NULL);
301 #endif
302
303 plog(ASL_LEVEL_DEBUG, "compute DH result.\n");
304
305 maxKeyLen = SecDHGetMaxKeyLength(*dhC);
306 computed_key = vmalloc(maxKeyLen);
307 if (computed_key == NULL) {
308 plog(ASL_LEVEL_ERR, "memory error.\n");
309 goto fail;
310 }
311 computed_keylen = computed_key->l;
312 if (SecDHComputeKey(*dhC, (uint8_t*)pub_p->v + (maxKeyLen - publicKeySize), publicKeySize,
313 (uint8_t*)computed_key->v, &computed_keylen)) {
314 plog(ASL_LEVEL_ERR, "failed to compute dh value.\n");
315 goto fail;
316 }
317
318 #ifdef ENABLE_STATS
319 gettimeofday(&end, NULL);
320 plog(ASL_LEVEL_NOTICE, "%s(%s%d): %8.6f", __func__,
321 s_attr_isakmp_group(dh->type), dh->prime->l << 3,
322 timedelta(&start, &end));
323 #endif
324
325 *gxy = vmalloc(maxKeyLen);
326 if (*gxy == NULL) {
327 plog(ASL_LEVEL_ERR, "memory error.\n");
328 goto fail;
329 }
330 memcpy((*gxy)->v + (maxKeyLen - computed_keylen), computed_key->v, computed_keylen);
331 plog(ASL_LEVEL_DEBUG, "compute DH's shared.\n");
332 if (*dhC) {
333 SecDHDestroy(*dhC);
334 *dhC = NULL;
335 }
336 vfree(computed_key);
337 return 0;
338
339 fail:
340 if (*dhC) {
341 SecDHDestroy(*dhC);
342 *dhC = NULL;
343 }
344 vfree(*gxy);
345 vfree(computed_key);
346 return -1;
347 }
348
349 #endif
350
351 /*
352 * generate values of DH
353 * IN: *dh
354 * OUT: **pub, **priv
355 */
356 #ifdef HAVE_OPENSSL
357 int
358 oakley_dh_generate(const struct dhgroup *dh, vchar_t **pub, vchar_t **priv)
359 {
360 #ifdef ENABLE_STATS
361 struct timeval start, end;
362 gettimeofday(&start, NULL);
363 #endif
364 switch (dh->type) {
365 case OAKLEY_ATTR_GRP_TYPE_MODP:
366 if (eay_dh_generate(dh->prime, dh->gen1, dh->gen2, pub, priv) < 0) {
367 plog(ASL_LEVEL_ERR,
368 "failed to compute dh value.\n");
369 return -1;
370 }
371 break;
372
373 case OAKLEY_ATTR_GRP_TYPE_ECP:
374 case OAKLEY_ATTR_GRP_TYPE_EC2N:
375 plog(ASL_LEVEL_ERR,
376 "dh type %d isn't supported.\n", dh->type);
377 return -1;
378 default:
379 plog(ASL_LEVEL_ERR,
380 "invalid dh type %d.\n", dh->type);
381 return -1;
382 }
383
384 #ifdef ENABLE_STATS
385 gettimeofday(&end, NULL);
386 plog(ASL_LEVEL_NOTICE, "%s(%s%d): %8.6f", __func__,
387 s_attr_isakmp_group(dh->type), dh->prime->l << 3,
388 timedelta(&start, &end));
389 #endif
390
391 if (oakley_check_dh_pub(dh->prime, pub) != 0)
392 return -1;
393
394 plog(ASL_LEVEL_DEBUG, "compute DH's private.\n");
395 plog(ASL_LEVEL_DEBUG, "compute DH's public.\n");
396
397 return 0;
398 }
399 #else
400 int
401 oakley_dh_generate(const struct dhgroup *dh, vchar_t **pub, size_t *publicKeySize, SecDHContext *dhC)
402 {
403 vchar_t *public = NULL;
404 size_t maxKeyLen;
405
406 #ifdef ENABLE_STATS
407 struct timeval start, end;
408 gettimeofday(&start, NULL);
409 #endif
410
411 plog(ASL_LEVEL_DEBUG, "generate DH key pair.\n");
412 *pub = NULL;
413 switch (dh->type) {
414 case OAKLEY_ATTR_GRP_TYPE_MODP:
415 #define SECDH_MODP_GENERATOR 2
416 if (SecDHCreate(SECDH_MODP_GENERATOR, (uint8_t*)dh->prime->v, dh->prime->l, 0, NULL, 0, dhC)) {
417 plog(ASL_LEVEL_ERR, "failed to create dh context.\n");
418 goto fail;
419 }
420 maxKeyLen = SecDHGetMaxKeyLength(*dhC);
421 public = vmalloc(maxKeyLen);
422 *publicKeySize = public->l;
423 if (public == NULL) {
424 plog(ASL_LEVEL_ERR, "memory error.\n");
425 goto fail;
426 }
427 if (SecDHGenerateKeypair(*dhC, (uint8_t*)public->v, publicKeySize)) {
428 plog(ASL_LEVEL_ERR, "failed to generate dh key pair.\n");
429 goto fail;
430 }
431 plog(ASL_LEVEL_DEBUG, "got DH key pair.\n");
432
433 *pub = vmalloc(maxKeyLen);
434 if (*pub == NULL) {
435 plog(ASL_LEVEL_ERR, "memory error.\n");
436 goto fail;
437 }
438 /* copy and fill with leading zeros */
439 memcpy((*pub)->v + (maxKeyLen - *publicKeySize), public->v, *publicKeySize);
440 break;
441
442 case OAKLEY_ATTR_GRP_TYPE_ECP:
443 case OAKLEY_ATTR_GRP_TYPE_EC2N:
444 plog(ASL_LEVEL_ERR,
445 "dh type %d isn't supported.\n", dh->type);
446 goto fail;
447 default:
448 plog(ASL_LEVEL_ERR,
449 "invalid dh type %d.\n", dh->type);
450 goto fail;
451 }
452
453 #ifdef ENABLE_STATS
454 gettimeofday(&end, NULL);
455 plog(ASL_LEVEL_NOTICE, "%s(%s%d): %8.6f", __func__,
456 s_attr_isakmp_group(dh->type), dh->prime->l << 3,
457 timedelta(&start, &end));
458 #endif
459
460 if (oakley_check_dh_pub(dh->prime, pub) != 0) {
461 plog(ASL_LEVEL_DEBUG, "failed DH public key size check.\n");
462 goto fail;
463 }
464
465 //plogdump(ASL_LEVEL_DEBUG, (*pub)->v, (*pub)->l, "compute DH's public.\n");
466
467 vfree(public);
468 return 0;
469
470 fail:
471 if (*dhC) {
472 SecDHDestroy(*dhC);
473 *dhC = NULL;
474 }
475 vfree(*pub);
476 vfree(public);
477 return -1;
478
479 }
480 #endif
481
482 /*
483 * copy pre-defined dhgroup values.
484 */
485 int
486 oakley_setdhgroup(int group, struct dhgroup **dhgrp)
487 {
488 struct dhgroup *g;
489
490 *dhgrp = NULL; /* just make sure, initialize */
491
492 g = alg_oakley_dhdef_group(group);
493 if (g == NULL) {
494 plog(ASL_LEVEL_ERR,
495 "invalid DH parameter grp=%d.\n", group);
496 return -1;
497 }
498
499 if (!g->type || !g->prime || !g->gen1) {
500 /* unsuported */
501 plog(ASL_LEVEL_ERR,
502 "unsupported DH parameters grp=%d.\n", group);
503 return -1;
504 }
505
506 *dhgrp = racoon_calloc(1, sizeof(struct dhgroup));
507 if (*dhgrp == NULL) {
508 plog(ASL_LEVEL_ERR,
509 "failed to get DH buffer.\n");
510 return 0;
511 }
512
513 /* set defined dh vlaues */
514 memcpy(*dhgrp, g, sizeof(*g));
515 (*dhgrp)->prime = vdup(g->prime);
516
517 return 0;
518 }
519
520 /*
521 * PRF
522 *
523 * NOTE: we do not support prf with different input/output bitwidth,
524 * so we do not implement RFC2409 Appendix B (DOORAK-MAC example) in
525 * oakley_compute_keymat(). If you add support for such prf function,
526 * modify oakley_compute_keymat() accordingly.
527 */
528 vchar_t *
529 oakley_prf(vchar_t *key, vchar_t *buf, phase1_handle_t *iph1)
530 {
531 vchar_t *res = NULL;
532 int type = OAKLEY_ATTR_HASH_ALG_MD5;
533
534 if (iph1->approval == NULL) {
535 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
536 /*
537 * it's before negotiating hash algorithm.
538 * We use md5 as default.
539 */
540 type = OAKLEY_ATTR_HASH_ALG_MD5;
541 }
542 } else
543 {
544 type = iph1->approval->hashtype;
545 }
546 res = alg_oakley_hmacdef_one(type, key, buf);
547 if (res == NULL) {
548 plog(ASL_LEVEL_ERR,
549 "invalid hmac algorithm %d.\n", type);
550 return NULL;
551 }
552
553 return res;
554 }
555
556 /*
557 * hash
558 */
559 vchar_t *
560 oakley_hash(vchar_t *buf, phase1_handle_t *iph1)
561 {
562 vchar_t *res = NULL;
563 int type = OAKLEY_ATTR_HASH_ALG_MD5;
564
565 if (iph1->approval == NULL) {
566 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
567 /*
568 * it's before negotiating hash algorithm.
569 * We use md5 as default.
570 */
571 type = OAKLEY_ATTR_HASH_ALG_MD5;
572 }
573 } else {
574 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
575 type = iph1->approval->hashtype;
576 }
577 }
578
579 res = alg_oakley_hashdef_one(type, buf);
580 if (res == NULL) {
581 plog(ASL_LEVEL_ERR,
582 "invalid hash algorithm %d.\n", type);
583 return NULL;
584 }
585
586 return res;
587 }
588
589 /*
590 * compute KEYMAT
591 * see seciton 5.5 Phase 2 - Quick Mode in isakmp-oakley-05.
592 */
593 int
594 oakley_compute_keymat(phase2_handle_t *iph2, int side)
595 {
596 int error = -1;
597
598 /* compute sharing secret of DH when PFS */
599 if (iph2->approval->pfs_group && iph2->dhpub_p) {
600 #ifdef HAVE_OPENSSL
601 if (oakley_dh_compute(iph2->pfsgrp, iph2->dhpub,
602 iph2->dhpriv, iph2->dhpub_p, &iph2->dhgxy) < 0)
603 #else
604 if (oakley_dh_compute(iph2->pfsgrp, iph2->dhpub_p, iph2->publicKeySize, &iph2->dhgxy, &iph2->dhC) < 0)
605 #endif
606 goto end;
607 }
608
609 /* compute keymat */
610 if (oakley_compute_keymat_x(iph2, side, INBOUND_SA) < 0
611 || oakley_compute_keymat_x(iph2, side, OUTBOUND_SA) < 0)
612 goto end;
613
614 plog(ASL_LEVEL_DEBUG, "KEYMAT computed.\n");
615
616 error = 0;
617
618 end:
619 return error;
620 }
621
622 /*
623 * compute KEYMAT.
624 * KEYMAT = prf(SKEYID_d, protocol | SPI | Ni_b | Nr_b).
625 * If PFS is desired and KE payloads were exchanged,
626 * KEYMAT = prf(SKEYID_d, g(qm)^xy | protocol | SPI | Ni_b | Nr_b)
627 *
628 * NOTE: we do not support prf with different input/output bitwidth,
629 * so we do not implement RFC2409 Appendix B (DOORAK-MAC example).
630 */
631 static int
632 oakley_compute_keymat_x(phase2_handle_t *iph2, int side, int sa_dir)
633 {
634 vchar_t *buf = NULL, *res = NULL, *bp;
635 char *p;
636 int len;
637 int error = -1;
638 int pfs = 0;
639 int dupkeymat; /* generate K[1-dupkeymat] */
640 struct saproto *pr;
641 struct satrns *tr;
642 int encklen, authklen, l;
643
644 pfs = ((iph2->approval->pfs_group && iph2->dhgxy) ? 1 : 0);
645
646 len = pfs ? iph2->dhgxy->l : 0;
647 len += (1
648 + sizeof(u_int32_t) /* XXX SPI size */
649 + iph2->nonce->l
650 + iph2->nonce_p->l);
651 buf = vmalloc(len);
652 if (buf == NULL) {
653 plog(ASL_LEVEL_ERR,
654 "failed to get keymat buffer.\n");
655 goto end;
656 }
657
658 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
659 p = buf->v;
660
661 /* if PFS */
662 if (pfs) {
663 memcpy(p, iph2->dhgxy->v, iph2->dhgxy->l);
664 p += iph2->dhgxy->l;
665 }
666
667 p[0] = pr->proto_id;
668 p += 1;
669
670 memcpy(p, (sa_dir == INBOUND_SA ? &pr->spi : &pr->spi_p),
671 sizeof(pr->spi));
672 p += sizeof(pr->spi);
673
674 bp = (side == INITIATOR ? iph2->nonce : iph2->nonce_p);
675 memcpy(p, bp->v, bp->l);
676 p += bp->l;
677
678 bp = (side == INITIATOR ? iph2->nonce_p : iph2->nonce);
679 memcpy(p, bp->v, bp->l);
680 p += bp->l;
681
682 /* compute IV */
683 //plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "KEYMAT compute with\n");
684
685 /* res = K1 */
686 res = oakley_prf(iph2->ph1->skeyid_d, buf, iph2->ph1);
687 if (res == NULL)
688 goto end;
689
690 /* compute key length needed */
691 encklen = authklen = 0;
692 switch (pr->proto_id) {
693 case IPSECDOI_PROTO_IPSEC_ESP:
694 for (tr = pr->head; tr; tr = tr->next) {
695 l = alg_ipsec_encdef_keylen(tr->trns_id,
696 tr->encklen);
697 if (l > encklen)
698 encklen = l;
699
700 l = alg_ipsec_hmacdef_hashlen(tr->authtype);
701 if (l > authklen)
702 authklen = l;
703 }
704 break;
705 case IPSECDOI_PROTO_IPSEC_AH:
706 for (tr = pr->head; tr; tr = tr->next) {
707 l = alg_ipsec_hmacdef_hashlen(tr->trns_id);
708 if (l > authklen)
709 authklen = l;
710 }
711 break;
712 default:
713 break;
714 }
715 plog(ASL_LEVEL_DEBUG, "encklen=%d authklen=%d\n",
716 encklen, authklen);
717
718 dupkeymat = (encklen + authklen) / 8 / res->l;
719 dupkeymat += 2; /* safety mergin */
720 if (dupkeymat < 3)
721 dupkeymat = 3;
722 //plog(ASL_LEVEL_DEBUG,
723 // "generating %zu bits of key (dupkeymat=%d)\n",
724 // dupkeymat * 8 * res->l, dupkeymat);
725 if (0 < --dupkeymat) {
726 vchar_t *prev = res; /* K(n-1) */
727 vchar_t *seed = NULL; /* seed for Kn */
728 size_t l;
729
730 /*
731 * generating long key (isakmp-oakley-08 5.5)
732 * KEYMAT = K1 | K2 | K3 | ...
733 * where
734 * src = [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b
735 * K1 = prf(SKEYID_d, src)
736 * K2 = prf(SKEYID_d, K1 | src)
737 * K3 = prf(SKEYID_d, K2 | src)
738 * Kn = prf(SKEYID_d, K(n-1) | src)
739 */
740 //plog(ASL_LEVEL_DEBUG,
741 // "generating K1...K%d for KEYMAT.\n",
742 // dupkeymat + 1);
743
744 seed = vmalloc(prev->l + buf->l);
745 if (seed == NULL) {
746 plog(ASL_LEVEL_ERR,
747 "failed to get keymat buffer.\n");
748 if (prev && prev != res)
749 vfree(prev);
750 goto end;
751 }
752
753 while (dupkeymat--) {
754 vchar_t *this = NULL; /* Kn */
755 int update_prev;
756
757 memcpy(seed->v, prev->v, prev->l);
758 memcpy(seed->v + prev->l, buf->v, buf->l);
759 this = oakley_prf(iph2->ph1->skeyid_d, seed,
760 iph2->ph1);
761 if (!this) {
762 plog(ASL_LEVEL_ERR,
763 "oakley_prf memory overflow\n");
764 if (prev && prev != res)
765 vfree(prev);
766 vfree(this);
767 vfree(seed);
768 goto end;
769 }
770
771 update_prev = (prev && prev == res) ? 1 : 0;
772
773 l = res->l;
774 res = vrealloc(res, l + this->l);
775
776 if (update_prev)
777 prev = res;
778
779 if (res == NULL) {
780 plog(ASL_LEVEL_ERR,
781 "failed to get keymat buffer.\n");
782 if (prev && prev != res)
783 vfree(prev);
784 vfree(this);
785 vfree(seed);
786 goto end;
787 }
788 memcpy(res->v + l, this->v, this->l);
789
790 if (prev && prev != res)
791 vfree(prev);
792 prev = this;
793 this = NULL;
794 }
795
796 if (prev && prev != res)
797 vfree(prev);
798 vfree(seed);
799 }
800
801 //plogdump(ASL_LEVEL_DEBUG, res->v, res->l, "");
802
803 if (sa_dir == INBOUND_SA)
804 pr->keymat = res;
805 else
806 pr->keymat_p = res;
807 res = NULL;
808 }
809
810 error = 0;
811
812 end:
813 if (error) {
814 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
815 if (pr->keymat) {
816 vfree(pr->keymat);
817 pr->keymat = NULL;
818 }
819 if (pr->keymat_p) {
820 vfree(pr->keymat_p);
821 pr->keymat_p = NULL;
822 }
823 }
824 }
825
826 if (buf != NULL)
827 vfree(buf);
828 if (res)
829 vfree(res);
830
831 return error;
832 }
833
834
835 /*
836 * compute HASH(3) prf(SKEYID_a, 0 | M-ID | Ni_b | Nr_b)
837 * see seciton 5.5 Phase 2 - Quick Mode in isakmp-oakley-05.
838 */
839 vchar_t *
840 oakley_compute_hash3(phase1_handle_t *iph1, u_int32_t msgid, vchar_t *body)
841 {
842 vchar_t *buf = 0, *res = 0;
843 int len;
844 int error = -1;
845
846 /* create buffer */
847 len = 1 + sizeof(u_int32_t) + body->l;
848 buf = vmalloc(len);
849 if (buf == NULL) {
850 plog(ASL_LEVEL_NOTICE,
851 "failed to get hash buffer\n");
852 goto end;
853 }
854
855 buf->v[0] = 0;
856
857 memcpy(buf->v + 1, (char *)&msgid, sizeof(msgid));
858
859 memcpy(buf->v + 1 + sizeof(u_int32_t), body->v, body->l);
860
861 /* compute HASH */
862 res = oakley_prf(iph1->skeyid_a, buf, iph1);
863 if (res == NULL)
864 goto end;
865
866 error = 0;
867
868 //plogdump(ASL_LEVEL_DEBUG, res->v, res->l, "HASH computed:\n");
869
870 end:
871 if (buf != NULL)
872 vfree(buf);
873 return res;
874 }
875
876 /*
877 * compute HASH type of prf(SKEYID_a, M-ID | buffer)
878 * e.g.
879 * for quick mode HASH(1):
880 * prf(SKEYID_a, M-ID | SA | Ni [ | KE ] [ | IDci | IDcr ])
881 * for quick mode HASH(2):
882 * prf(SKEYID_a, M-ID | Ni_b | SA | Nr [ | KE ] [ | IDci | IDcr ])
883 * for Informational exchange:
884 * prf(SKEYID_a, M-ID | N/D)
885 */
886 vchar_t *
887 oakley_compute_hash1(phase1_handle_t *iph1, u_int32_t msgid, vchar_t *body)
888 {
889 vchar_t *buf = NULL, *res = NULL;
890 char *p;
891 int len;
892 int error = -1;
893
894 /* create buffer */
895 len = sizeof(u_int32_t) + body->l;
896 buf = vmalloc(len);
897 if (buf == NULL) {
898 plog(ASL_LEVEL_NOTICE,
899 "failed to get hash buffer\n");
900 goto end;
901 }
902
903 p = buf->v;
904
905 memcpy(buf->v, (char *)&msgid, sizeof(msgid));
906 p += sizeof(u_int32_t);
907
908 memcpy(p, body->v, body->l);
909
910 /* compute HASH */
911 res = oakley_prf(iph1->skeyid_a, buf, iph1);
912 if (res == NULL)
913 goto end;
914
915 error = 0;
916
917 //plogdump(ASL_LEVEL_DEBUG, res->v, res->l, "HASH computed:\n");
918
919 end:
920 if (buf != NULL)
921 vfree(buf);
922 return res;
923 }
924
925 /*
926 * compute phase1 HASH
927 * main/aggressive
928 * I-digest = prf(SKEYID, g^i | g^r | CKY-I | CKY-R | SAi_b | ID_i1_b)
929 * R-digest = prf(SKEYID, g^r | g^i | CKY-R | CKY-I | SAi_b | ID_r1_b)
930 * for gssapi, also include all GSS tokens, and call gss_wrap on the result
931 */
932 vchar_t *
933 oakley_ph1hash_common(phase1_handle_t *iph1, int sw)
934 {
935 vchar_t *buf = NULL, *res = NULL, *bp;
936 char *p, *bp2;
937 int len, bl;
938 int error = -1;
939
940 /* create buffer */
941 len = iph1->dhpub->l
942 + iph1->dhpub_p->l
943 + sizeof(cookie_t) * 2
944 + iph1->sa->l
945 + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
946
947 buf = vmalloc(len);
948 if (buf == NULL) {
949 plog(ASL_LEVEL_ERR,
950 "failed to get hash buffer\n");
951 goto end;
952 }
953
954 p = buf->v;
955
956 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
957 memcpy(p, bp->v, bp->l);
958 p += bp->l;
959
960 bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
961 memcpy(p, bp->v, bp->l);
962 p += bp->l;
963
964 if (iph1->side == INITIATOR)
965 bp2 = (sw == GENERATE ?
966 (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
967 else
968 bp2 = (sw == GENERATE ?
969 (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
970 bl = sizeof(cookie_t);
971 memcpy(p, bp2, bl);
972 p += bl;
973
974 if (iph1->side == INITIATOR)
975 bp2 = (sw == GENERATE ?
976 (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
977 else
978 bp2 = (sw == GENERATE ?
979 (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
980 bl = sizeof(cookie_t);
981 memcpy(p, bp2, bl);
982 p += bl;
983
984 bp = iph1->sa;
985 memcpy(p, bp->v, bp->l);
986 p += bp->l;
987
988 bp = (sw == GENERATE ? iph1->id : iph1->id_p);
989 memcpy(p, bp->v, bp->l);
990 p += bp->l;
991
992 /* compute HASH */
993 res = oakley_prf(iph1->skeyid, buf, iph1);
994 if (res == NULL)
995 goto end;
996
997 error = 0;
998
999 end:
1000 if (buf != NULL)
1001 vfree(buf);
1002 return res;
1003 }
1004
1005 /*
1006 * compute HASH_I on base mode.
1007 * base:psk,rsa
1008 * HASH_I = prf(SKEYID, g^xi | CKY-I | CKY-R | SAi_b | IDii_b)
1009 * base:sig
1010 * HASH_I = prf(hash(Ni_b | Nr_b), g^xi | CKY-I | CKY-R | SAi_b | IDii_b)
1011 */
1012 vchar_t *
1013 oakley_ph1hash_base_i(phase1_handle_t *iph1, int sw)
1014 {
1015 vchar_t *buf = NULL, *res = NULL, *bp;
1016 vchar_t *hashkey = NULL;
1017 vchar_t *hash = NULL; /* for signature mode */
1018 char *p;
1019 int len;
1020 int error = -1;
1021
1022 /* sanity check */
1023 if (iph1->etype != ISAKMP_ETYPE_BASE) {
1024 plog(ASL_LEVEL_ERR,
1025 "invalid etype for this hash function\n");
1026 return NULL;
1027 }
1028
1029 switch (AUTHMETHOD(iph1)) {
1030 case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
1031 case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
1032 case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
1033 #ifdef ENABLE_HYBRID
1034 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
1035 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
1036 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
1037 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
1038 case FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I:
1039 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
1040 #endif
1041 if (iph1->skeyid == NULL) {
1042 plog(ASL_LEVEL_ERR, "no SKEYID found.\n");
1043 return NULL;
1044 }
1045 hashkey = iph1->skeyid;
1046 break;
1047
1048 case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
1049 #ifdef ENABLE_HYBRID
1050 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1051 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
1052 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
1053 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
1054 #endif
1055 /* make hash for seed */
1056 len = iph1->nonce->l + iph1->nonce_p->l;
1057 buf = vmalloc(len);
1058 if (buf == NULL) {
1059 plog(ASL_LEVEL_ERR,
1060 "failed to get hash buffer\n");
1061 goto end;
1062 }
1063 p = buf->v;
1064
1065 bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1066 memcpy(p, bp->v, bp->l);
1067 p += bp->l;
1068
1069 bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1070 memcpy(p, bp->v, bp->l);
1071 p += bp->l;
1072
1073 hash = oakley_hash(buf, iph1);
1074 if (hash == NULL)
1075 goto end;
1076 vfree(buf);
1077 buf = NULL;
1078
1079 hashkey = hash;
1080 break;
1081
1082 default:
1083 plog(ASL_LEVEL_ERR,
1084 "not supported authentication method %d\n",
1085 iph1->approval->authmethod);
1086 return NULL;
1087
1088 }
1089
1090 len = (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1091 + sizeof(cookie_t) * 2
1092 + iph1->sa->l
1093 + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
1094 buf = vmalloc(len);
1095 if (buf == NULL) {
1096 plog(ASL_LEVEL_ERR,
1097 "failed to get hash buffer\n");
1098 goto end;
1099 }
1100 p = buf->v;
1101
1102 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1103 memcpy(p, bp->v, bp->l);
1104 p += bp->l;
1105
1106 memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1107 p += sizeof(cookie_t);
1108 memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1109 p += sizeof(cookie_t);
1110
1111 memcpy(p, iph1->sa->v, iph1->sa->l);
1112 p += iph1->sa->l;
1113
1114 bp = (sw == GENERATE ? iph1->id : iph1->id_p);
1115 memcpy(p, bp->v, bp->l);
1116 p += bp->l;
1117
1118 //plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "HASH_I with:\n");
1119
1120 /* compute HASH */
1121 res = oakley_prf(hashkey, buf, iph1);
1122 if (res == NULL)
1123 goto end;
1124
1125 error = 0;
1126
1127 //plogdump(ASL_LEVEL_DEBUG, res->v, res->l, "HASH_I computed:\n");
1128
1129 end:
1130 if (hash != NULL)
1131 vfree(hash);
1132 if (buf != NULL)
1133 vfree(buf);
1134 return res;
1135 }
1136
1137 /*
1138 * compute HASH_R on base mode for signature method.
1139 * base:
1140 * HASH_R = prf(hash(Ni_b | Nr_b), g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b)
1141 */
1142 vchar_t *
1143 oakley_ph1hash_base_r(phase1_handle_t *iph1, int sw)
1144 {
1145 vchar_t *buf = NULL, *res = NULL, *bp;
1146 vchar_t *hash = NULL;
1147 char *p;
1148 int len;
1149 int error = -1;
1150
1151 /* sanity check */
1152 if (iph1->etype != ISAKMP_ETYPE_BASE) {
1153 plog(ASL_LEVEL_ERR,
1154 "invalid etype for this hash function\n");
1155 return NULL;
1156 }
1157
1158 switch(AUTHMETHOD(iph1)) {
1159 case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
1160 #ifdef ENABLE_HYBRID
1161 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1162 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
1163 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
1164 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
1165 case FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I:
1166 #endif
1167 break;
1168 default:
1169 plog(ASL_LEVEL_ERR,
1170 "not supported authentication method %d\n",
1171 iph1->approval->authmethod);
1172 return NULL;
1173 break;
1174 }
1175
1176 /* make hash for seed */
1177 len = iph1->nonce->l + iph1->nonce_p->l;
1178 buf = vmalloc(len);
1179 if (buf == NULL) {
1180 plog(ASL_LEVEL_ERR,
1181 "failed to get hash buffer\n");
1182 goto end;
1183 }
1184 p = buf->v;
1185
1186 bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1187 memcpy(p, bp->v, bp->l);
1188 p += bp->l;
1189
1190 bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1191 memcpy(p, bp->v, bp->l);
1192 p += bp->l;
1193
1194 hash = oakley_hash(buf, iph1);
1195 if (hash == NULL)
1196 goto end;
1197 vfree(buf);
1198 buf = NULL;
1199
1200 /* make really hash */
1201 len = (sw == GENERATE ? iph1->dhpub_p->l : iph1->dhpub->l)
1202 + (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1203 + sizeof(cookie_t) * 2
1204 + iph1->sa->l
1205 + (sw == GENERATE ? iph1->id_p->l : iph1->id->l);
1206 buf = vmalloc(len);
1207 if (buf == NULL) {
1208 plog(ASL_LEVEL_ERR,
1209 "failed to get hash buffer\n");
1210 goto end;
1211 }
1212 p = buf->v;
1213
1214
1215 bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
1216 memcpy(p, bp->v, bp->l);
1217 p += bp->l;
1218
1219 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1220 memcpy(p, bp->v, bp->l);
1221 p += bp->l;
1222
1223 memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1224 p += sizeof(cookie_t);
1225 memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1226 p += sizeof(cookie_t);
1227
1228 memcpy(p, iph1->sa->v, iph1->sa->l);
1229 p += iph1->sa->l;
1230
1231 bp = (sw == GENERATE ? iph1->id_p : iph1->id);
1232 memcpy(p, bp->v, bp->l);
1233 p += bp->l;
1234
1235 //plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "HASH_R with:\n");
1236
1237 /* compute HASH */
1238 res = oakley_prf(hash, buf, iph1);
1239 if (res == NULL)
1240 goto end;
1241
1242 error = 0;
1243
1244 //plogdump(ASL_LEVEL_DEBUG, res->v, res->l, "HASH_R computed:\n");
1245
1246 end:
1247 if (buf != NULL)
1248 vfree(buf);
1249 if (hash)
1250 vfree(hash);
1251 return res;
1252 }
1253
1254 #if HAVE_OPENDIR
1255 static int
1256 oakley_verify_userid(phase1_handle_t *iph1)
1257 {
1258 cert_t *p;
1259 vchar_t *user_id;
1260 int user_id_found = 0;
1261 #ifndef HAVE_OPENSSL
1262 SecCertificateRef certificate;
1263 CFArrayRef commonNames;
1264 CFIndex i, l;
1265 CFStringRef name;
1266 #endif /* HAVE_OPENSSL */
1267
1268 for (p = iph1->cert_p; p; p = p->chain) {
1269 #ifdef HAVE_OPENSSL
1270 user_id = eay_get_x509_common_name(&p->cert); //%%%%%%%% fix this
1271 if (user_id) {
1272 user_id_found = 1;
1273 // the following functions will check if user_id == 0
1274 if (open_dir_authorize_id(user_id, iph1->rmconf->open_dir_auth_group)) {
1275 vfree(user_id);
1276 return 0;
1277 }
1278 vfree(user_id);
1279 }
1280 #else /* HAVE_OPENSSL */
1281 certificate = crypto_cssm_x509cert_CreateSecCertificateRef(&p->cert);
1282 if (certificate == NULL) {
1283 plog(ASL_LEVEL_ERR,
1284 "ovuid failed to get SecCertificateRef\n");
1285 continue;
1286 }
1287
1288 commonNames = SecCertificateCopyCommonNames(certificate);
1289 if (commonNames == NULL) {
1290 plog(ASL_LEVEL_ERR,
1291 "ovuid failed to get commonNames\n");
1292 CFRelease(certificate);
1293 continue;
1294 }
1295
1296 l = CFArrayGetCount(commonNames);
1297 for (i = 0; i < l; i++) {
1298 name = CFArrayGetValueAtIndex(commonNames, i);
1299 user_id = vmalloc(CFStringGetMaximumSizeForEncoding(CFStringGetLength(name),
1300 kCFStringEncodingUTF8) + 1);
1301 if (user_id) {
1302 if (CFStringGetCString(name, user_id->v, user_id->l,
1303 kCFStringEncodingUTF8)) {
1304 user_id_found = 1;
1305 // the following functions will check if user_id == 0
1306 if (open_dir_authorize_id(user_id, iph1->rmconf->open_dir_auth_group)) {
1307 vfree(user_id);
1308 CFRelease(certificate);
1309 CFRelease(commonNames);
1310 return 0;
1311 }
1312 }
1313 vfree(user_id);
1314 }
1315 }
1316 CFRelease(certificate);
1317 CFRelease(commonNames);
1318 #endif /* HAVE_OPENSSL */
1319 }
1320 if (user_id_found) {
1321 plog(ASL_LEVEL_ERR,
1322 "the peer is not authorized for access.\n");
1323 } else {
1324 plog(ASL_LEVEL_ERR,
1325 "the peer is not authorized for access - user ID not found.\n");
1326 }
1327 return ISAKMP_NTYPE_AUTHENTICATION_FAILED;
1328 }
1329 #endif /* HAVE_OPENDIR */
1330
1331 /*
1332 * compute each authentication method in phase 1.
1333 * OUT:
1334 * 0: OK
1335 * -1: error
1336 * other: error to be reply with notification.
1337 * the value is notification type.
1338 */
1339 int
1340 oakley_validate_auth(phase1_handle_t *iph1)
1341 {
1342 vchar_t *my_hash = NULL;
1343 int result;
1344 #ifdef ENABLE_STATS
1345 struct timeval start, end;
1346 #endif
1347 SecKeyRef publicKeyRef = NULL;
1348
1349 #ifdef ENABLE_STATS
1350 gettimeofday(&start, NULL);
1351 #endif
1352
1353 switch (AUTHMETHOD(iph1)) {
1354 case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
1355 #ifdef ENABLE_HYBRID
1356 case FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I:
1357 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
1358 #endif
1359 /* validate HASH */
1360 {
1361 char *r_hash;
1362
1363 if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1364 plog(ASL_LEVEL_ERR,
1365 "few isakmp message received.\n");
1366 return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1367 }
1368 #ifdef ENABLE_HYBRID
1369 if (AUTHMETHOD(iph1) == FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I &&
1370 ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0))
1371 {
1372 plog(ASL_LEVEL_ERR, "No SIG was passed, "
1373 "hybrid auth is enabled, "
1374 "but peer is no Xauth compliant\n");
1375 return ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED;
1376 break;
1377 }
1378 #endif
1379 r_hash = (caddr_t)(iph1->pl_hash + 1);
1380
1381 //plogdump(ASL_LEVEL_DEBUG, r_hash,
1382 // ntohs(iph1->pl_hash->h.len) - sizeof(*iph1->pl_hash), "HASH received:\n");
1383
1384 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
1385 switch (iph1->etype) {
1386 case ISAKMP_ETYPE_IDENT:
1387 case ISAKMP_ETYPE_AGG:
1388 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1389 break;
1390 case ISAKMP_ETYPE_BASE:
1391 if (iph1->side == INITIATOR)
1392 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1393 else
1394 my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1395 break;
1396 default:
1397 plog(ASL_LEVEL_ERR,
1398 "invalid etype %d\n", iph1->etype);
1399 return ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE;
1400 }
1401 }
1402 if (my_hash == NULL)
1403 return ISAKMP_INTERNAL_ERROR;
1404
1405 result = memcmp(my_hash->v, r_hash, my_hash->l);
1406 vfree(my_hash);
1407
1408 if (result) {
1409 plog(ASL_LEVEL_ERR, "HASH mismatched\n");
1410 return ISAKMP_NTYPE_INVALID_HASH_INFORMATION;
1411 }
1412
1413 plog(ASL_LEVEL_DEBUG, "HASH for PSK validated.\n");
1414 }
1415 break;
1416 case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
1417 #ifdef ENABLE_HYBRID
1418 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1419 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
1420 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
1421 #endif
1422 {
1423 int error = 0;
1424 int certtype = 0;
1425
1426 /* validation */
1427 if (iph1->id_p == NULL) {
1428 plog(ASL_LEVEL_ERR,
1429 "no ID payload was passed.\n");
1430 return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1431 }
1432 if (iph1->sig_p == NULL) {
1433 plog(ASL_LEVEL_ERR,
1434 "no SIG payload was passed.\n");
1435 return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1436 }
1437
1438 plog(ASL_LEVEL_DEBUG, "SIGN passed\n");
1439
1440 /* get peer's cert */
1441 switch (iph1->rmconf->getcert_method) {
1442 case ISAKMP_GETCERT_PAYLOAD:
1443 if (iph1->cert_p == NULL) {
1444 plog(ASL_LEVEL_ERR,
1445 "no peer's CERT payload found.\n");
1446 return ISAKMP_INTERNAL_ERROR;
1447 }
1448 break;
1449 default:
1450 plog(ASL_LEVEL_ERR,
1451 "invalid getcert_mothod: %d\n",
1452 iph1->rmconf->getcert_method);
1453 return ISAKMP_INTERNAL_ERROR;
1454 }
1455
1456 /* compare ID payload and certificate name */
1457 if (iph1->rmconf->verify_cert &&
1458 (error = oakley_check_certid(iph1)) != 0)
1459 return error;
1460
1461 #if HAVE_OPENDIR
1462 /* check cert common name against Open Directory authentication group */
1463 if (iph1->rmconf->cert_verification_option == VERIFICATION_OPTION_OPEN_DIR) {
1464 if (oakley_verify_userid(iph1)) {
1465 return ISAKMP_NTYPE_AUTHENTICATION_FAILED;
1466 }
1467 }
1468 #endif /* HAVE_OPENDIR */
1469
1470 /* verify certificate */
1471 if (iph1->rmconf->verify_cert
1472 && iph1->rmconf->getcert_method == ISAKMP_GETCERT_PAYLOAD) {
1473 certtype = iph1->rmconf->certtype;
1474 #ifdef ENABLE_HYBRID
1475 switch (AUTHMETHOD(iph1)) {
1476 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1477 certtype = iph1->cert_p->type;
1478 break;
1479 default:
1480 break;
1481 }
1482 #endif
1483 switch (certtype) {
1484 case ISAKMP_CERT_X509SIGN:
1485 {
1486 /* use ID from remote configuration */
1487 /* check each ID in list */
1488 struct idspec *id_spec;
1489 CFStringRef hostname = NULL;
1490 char *peers_id;
1491 struct genlist_entry *gpb = NULL;
1492
1493 if (iph1->rmconf->cert_verification_option == VERIFICATION_OPTION_PEERS_IDENTIFIER) {
1494 id_spec = genlist_next(iph1->rmconf->idvl_p, &gpb); /* expect only one id */
1495 if (id_spec->idtype == IDTYPE_ADDRESS) {
1496 switch ((ALIGNED_CAST(struct sockaddr_storage *)(id_spec->id->v))->ss_family) {
1497 case AF_INET:
1498 peers_id = inet_ntoa((ALIGNED_CAST(struct sockaddr_in *)(id_spec->id->v))->sin_addr);
1499 hostname = CFStringCreateWithCString(NULL, peers_id, kCFStringEncodingUTF8);
1500 break;
1501 #ifdef INET6
1502 case AF_INET6:
1503 return ISAKMP_NTYPE_INVALID_ID_INFORMATION; /* not currently supported for embedded */
1504 break;
1505 #endif
1506 default:
1507 plog(ASL_LEVEL_ERR,
1508 "unknown address type for peers identifier.\n");
1509 return ISAKMP_NTYPE_AUTHENTICATION_FAILED;
1510 break;
1511 }
1512 } else {
1513 hostname = CFStringCreateWithBytes(NULL, (u_int8_t *)id_spec->id->v, id_spec->id->l, kCFStringEncodingUTF8, FALSE);
1514 }
1515 if (hostname == NULL) {
1516 plog(ASL_LEVEL_ERR, "missing hostname for peers identifier.\n");
1517 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1518 }
1519 }
1520 error = crypto_cssm_check_x509cert(oakley_get_peer_cert_from_certchain(iph1), iph1->cert_p, hostname, &publicKeyRef);
1521 if (hostname)
1522 CFRelease(hostname);
1523 }
1524 break;
1525
1526 default:
1527 plog(ASL_LEVEL_ERR,
1528 "no supported certtype %d\n", certtype);
1529 return ISAKMP_INTERNAL_ERROR;
1530 }
1531 if (error != 0) {
1532 plog(ASL_LEVEL_ERR,
1533 "the peer's certificate is not verified.\n");
1534 return ISAKMP_NTYPE_INVALID_CERT_AUTHORITY;
1535 }
1536 }
1537
1538 plog(ASL_LEVEL_DEBUG, "CERT validated\n");
1539
1540 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
1541 /* compute hash */
1542 switch (iph1->etype) {
1543 case ISAKMP_ETYPE_IDENT:
1544 case ISAKMP_ETYPE_AGG:
1545 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1546 break;
1547 case ISAKMP_ETYPE_BASE:
1548 if (iph1->side == INITIATOR)
1549 my_hash = oakley_ph1hash_base_r(iph1, VALIDATE);
1550 else
1551 my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1552 break;
1553 default:
1554 plog(ASL_LEVEL_ERR,
1555 "invalid etype %d\n", iph1->etype);
1556 return ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE;
1557 }
1558 }
1559 if (my_hash == NULL)
1560 return ISAKMP_INTERNAL_ERROR;
1561
1562
1563 certtype = iph1->rmconf->certtype;
1564 #ifdef ENABLE_HYBRID
1565 switch (AUTHMETHOD(iph1)) {
1566 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1567 certtype = iph1->cert_p->type;
1568 break;
1569 default:
1570 break;
1571 }
1572 #endif
1573 /* check signature */
1574 switch (certtype) {
1575 case ISAKMP_CERT_X509SIGN:
1576 if (publicKeyRef == NULL) {
1577 plog(ASL_LEVEL_ERR, "@@@@@@ publicKeyRef is NULL\n");
1578 }
1579 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
1580 error = crypto_cssm_verify_x509sign(publicKeyRef, my_hash, iph1->sig_p, FALSE);
1581 }
1582 if (error) {
1583 plog(ASL_LEVEL_ERR, "error verifying signature %s\n", GetSecurityErrorString(error));
1584 }
1585
1586 CFRelease(publicKeyRef);
1587 break;
1588 default:
1589 plog(ASL_LEVEL_ERR,
1590 "no supported certtype %d\n",
1591 certtype);
1592 vfree(my_hash);
1593 return ISAKMP_INTERNAL_ERROR;
1594 }
1595
1596 vfree(my_hash);
1597 if (error != 0) {
1598 plog(ASL_LEVEL_ERR,
1599 "Invalid SIG.\n");
1600 return ISAKMP_NTYPE_INVALID_SIGNATURE;
1601 }
1602 plog(ASL_LEVEL_DEBUG, "SIG authenticated\n");
1603 }
1604 break;
1605 #ifdef ENABLE_HYBRID
1606 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
1607 {
1608 if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) {
1609 plog(ASL_LEVEL_ERR, "No SIG was passed, "
1610 "hybrid auth is enabled, "
1611 "but peer is no Xauth compliant\n");
1612 return ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED;
1613 break;
1614 }
1615 plog(ASL_LEVEL_NOTICE, "No SIG was passed, "
1616 "but hybrid auth is enabled\n");
1617
1618 return 0;
1619 break;
1620 }
1621 #endif
1622 case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
1623 case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
1624 #ifdef ENABLE_HYBRID
1625 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
1626 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
1627 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
1628 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
1629 #endif
1630 if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1631 plog(ASL_LEVEL_ERR,
1632 "few isakmp message received.\n");
1633 return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1634 }
1635 plog(ASL_LEVEL_ERR,
1636 "not supported authmethod type %s\n",
1637 s_oakley_attr_method(iph1->approval->authmethod));
1638 return ISAKMP_INTERNAL_ERROR;
1639 default:
1640 plog(ASL_LEVEL_ERR,
1641 "invalid authmethod %d why ?\n",
1642 iph1->approval->authmethod);
1643 return ISAKMP_INTERNAL_ERROR;
1644 }
1645 #ifdef ENABLE_STATS
1646 gettimeofday(&end, NULL);
1647 plog(ASL_LEVEL_NOTICE, "%s(%s): %8.6f", __func__,
1648 s_oakley_attr_method(iph1->approval->authmethod),
1649 timedelta(&start, &end));
1650 #endif
1651
1652 return 0;
1653 }
1654
1655 int
1656 oakley_find_status_in_certchain (cert_t *certchain, cert_status_t certStatus)
1657 {
1658 cert_t *p;
1659
1660 for (p = certchain; p; p = p->chain) {
1661 if (p->status == certStatus) {
1662 return 1;
1663 }
1664 }
1665 return 0;
1666 }
1667
1668 static
1669 int
1670 oakley_vpncontrol_notify_ike_failed_if_mycert_invalid (phase1_handle_t *iph1, int notify_initiator)
1671 {
1672 #ifndef HAVE_OPENSSL
1673 int premature = oakley_find_status_in_certchain(iph1->cert, CERT_STATUS_PREMATURE);
1674 int expired = oakley_find_status_in_certchain(iph1->cert, CERT_STATUS_EXPIRED);
1675 if (premature || expired) {
1676 u_int32_t fail_reason;
1677
1678 if (premature) {
1679 fail_reason = VPNCTL_NTYPE_LOCAL_CERT_PREMATURE;
1680 } else {
1681 fail_reason = VPNCTL_NTYPE_LOCAL_CERT_EXPIRED;
1682 }
1683 vpncontrol_notify_ike_failed(fail_reason, notify_initiator, iph1_get_remote_v4_address(iph1), 0, NULL);
1684 return -1;
1685 }
1686 #endif /* HAVE_OPENSSL */
1687 return 0;
1688 }
1689
1690 /* get my certificate
1691 * NOTE: include certificate type.
1692 */
1693 int
1694 oakley_getmycert(phase1_handle_t *iph1)
1695 {
1696 int err;
1697
1698 switch (iph1->rmconf->certtype) {
1699 case ISAKMP_CERT_X509SIGN:
1700 if (iph1->cert)
1701 return 0;
1702 if ( !(err = get_cert_fromlocal(iph1, 1))){
1703 if (oakley_vpncontrol_notify_ike_failed_if_mycert_invalid(iph1, FROM_LOCAL)) {
1704 return -1;
1705 }
1706 }
1707 return err;
1708 default:
1709 plog(ASL_LEVEL_ERR,
1710 "Unknown certtype #%d\n",
1711 iph1->rmconf->certtype);
1712 return -1;
1713 }
1714
1715 }
1716
1717 /*
1718 * get a CERT from local file.
1719 * IN:
1720 * my != 0 my cert.
1721 * my == 0 peer's cert.
1722 */
1723 static int
1724 get_cert_fromlocal(phase1_handle_t *iph1, int my)
1725 {
1726 vchar_t *cert = NULL;
1727 cert_t **certpl;
1728 int error = -1;
1729 cert_status_t status = CERT_STATUS_OK;
1730
1731 if (my)
1732 certpl = &iph1->cert;
1733 else
1734 certpl = &iph1->cert_p;
1735 if (iph1->rmconf->identity_in_keychain == 0) {
1736 plog(ASL_LEVEL_ERR, "no CERT defined.\n");
1737 return 0;
1738 }
1739
1740 switch (iph1->rmconf->certtype) {
1741 case ISAKMP_CERT_X509SIGN:
1742 if (iph1->rmconf->identity_in_keychain) {
1743 CFDataRef dataRef;
1744
1745 if (iph1->rmconf->keychainCertRef == NULL || base64toCFData(iph1->rmconf->keychainCertRef, &dataRef))
1746 goto end;
1747 cert = crypto_cssm_get_x509cert(dataRef, &status);
1748 plog(ASL_LEVEL_DEBUG, "done with chking cert status %d\n",status);
1749 CFRelease(dataRef);
1750 break;
1751 } // else fall thru
1752 default:
1753 plog(ASL_LEVEL_ERR,
1754 "not supported certtype %d\n",
1755 iph1->rmconf->certtype);
1756 goto end;
1757 }
1758
1759 if (!cert) {
1760 plog(ASL_LEVEL_ERR,
1761 "failed to get %s CERT.\n",
1762 my ? "my" : "peers");
1763 goto end;
1764 }
1765
1766 *certpl = oakley_newcert();
1767 if (!*certpl) {
1768 plog(ASL_LEVEL_ERR,
1769 "failed to get cert buffer.\n");
1770 goto end;
1771 }
1772 (*certpl)->pl = vmalloc(cert->l + 1);
1773 if ((*certpl)->pl == NULL) {
1774 plog(ASL_LEVEL_ERR,
1775 "failed to get cert buffer\n");
1776 oakley_delcert(*certpl);
1777 *certpl = NULL;
1778 goto end;
1779 }
1780 memcpy((*certpl)->pl->v + 1, cert->v, cert->l);
1781 (*certpl)->pl->v[0] = iph1->rmconf->certtype;
1782 (*certpl)->type = iph1->rmconf->certtype;
1783 (*certpl)->status = status;
1784 (*certpl)->cert.v = (*certpl)->pl->v + 1;
1785 (*certpl)->cert.l = (*certpl)->pl->l - 1;
1786
1787 plog(ASL_LEVEL_DEBUG, "created CERT payload\n");
1788
1789 error = 0;
1790
1791 end:
1792 if (cert != NULL)
1793 vfree(cert);
1794
1795 return error;
1796 }
1797
1798
1799 /* get signature */
1800 int
1801 oakley_getsign(phase1_handle_t *iph1)
1802 {
1803 vchar_t *privkey = NULL;
1804 int error = -1;
1805
1806 switch (iph1->rmconf->certtype) {
1807 case ISAKMP_CERT_X509SIGN:
1808 // cert in keychain - use cssm to sign
1809 if (iph1->rmconf->identity_in_keychain) {
1810 CFDataRef dataRef;
1811
1812 if (iph1->rmconf->keychainCertRef == NULL || base64toCFData(iph1->rmconf->keychainCertRef, &dataRef))
1813 goto end;
1814 iph1->sig = crypto_cssm_getsign(dataRef, iph1->hash);
1815 CFRelease(dataRef);
1816 break;
1817 } // else fall thru
1818 default:
1819 plog(ASL_LEVEL_ERR,
1820 "Unknown certtype #%d\n",
1821 iph1->rmconf->certtype);
1822 goto end;
1823 }
1824
1825 if (iph1->sig == NULL) {
1826 plog(ASL_LEVEL_ERR, "failed to sign.\n");
1827 goto end;
1828 }
1829
1830 //plogdump(ASL_LEVEL_DEBUG, iph1->sig->v, iph1->sig->l, "SIGN computed:\n");
1831
1832 error = 0;
1833
1834 end:
1835 if (privkey != NULL)
1836 vfree(privkey);
1837
1838 return error;
1839 }
1840
1841 void
1842 oakley_verify_certid(phase1_handle_t *iph1)
1843 {
1844 if (iph1->rmconf->verify_cert &&
1845 oakley_check_certid(iph1)){
1846 plog(ASL_LEVEL_DEBUG,
1847 "Discarding CERT: does not match ID:\n");
1848 oakley_delcert(iph1->cert_p);
1849 iph1->cert_p = NULL;
1850 }
1851 }
1852
1853 static int
1854 oakley_check_certid_in_certchain(cert_t *certchain, int idtype, int idlen, void *id)
1855 {
1856 cert_t *p;
1857
1858 for (p = certchain; p; p = p->chain) {
1859 if (oakley_check_certid_1(&p->cert, idtype, idlen, id, &p->status) == 0) {
1860 return 0;
1861 }
1862 }
1863 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1864 }
1865
1866 cert_t *
1867 oakley_get_peer_cert_from_certchain(phase1_handle_t * iph1)
1868 {
1869 cert_t *p;
1870 struct ipsecdoi_id_b *id_b;
1871 int idlen;
1872 void *peers_id;
1873
1874 if (!iph1->id_p || !iph1->cert_p) {
1875 plog(ASL_LEVEL_ERR, "no ID nor CERT found.\n");
1876 return NULL;
1877 }
1878 if (!iph1->cert_p->chain) {
1879 // no chain: simply return the only cert
1880 return iph1->cert_p;
1881 }
1882
1883 id_b = ALIGNED_CAST(struct ipsecdoi_id_b *)iph1->id_p->v;
1884 peers_id = id_b + 1;
1885 idlen = iph1->id_p->l - sizeof(*id_b);
1886 for (p = iph1->cert_p; p; p = p->chain) {
1887 if (oakley_check_certid_1(&p->cert, id_b->type, idlen, peers_id, &p->status) == 0) {
1888 return p;
1889 }
1890 }
1891 return NULL;
1892 }
1893
1894 /*
1895 * compare certificate name and ID value.
1896 */
1897 static int
1898 oakley_check_certid(phase1_handle_t *iph1)
1899 {
1900 struct ipsecdoi_id_b *id_b;
1901 int idlen;
1902 u_int8_t doi_type = 255;
1903 void *peers_id = NULL;
1904
1905 /* use ID from peer */
1906 if (iph1->id_p == NULL || iph1->cert_p == NULL) {
1907 plog(ASL_LEVEL_ERR, "no ID nor CERT found.\n");
1908 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1909 }
1910 id_b = ALIGNED_CAST(struct ipsecdoi_id_b *)iph1->id_p->v;
1911 doi_type = id_b->type;
1912 peers_id = id_b + 1;
1913 idlen = iph1->id_p->l - sizeof(*id_b);
1914
1915 return oakley_check_certid_in_certchain(iph1->cert_p, doi_type, idlen, peers_id);
1916
1917 }
1918
1919 static int
1920 oakley_check_certid_1(vchar_t *cert, int idtype, int idlen, void *id, cert_status_t *certStatus)
1921 {
1922
1923 int len = 0;
1924 int error = 0;
1925
1926 #ifdef HAVE_OPENSSL
1927 int type;
1928 char *altname = NULL;
1929 #endif
1930
1931 switch (idtype) {
1932 case IPSECDOI_ID_DER_ASN1_DN:
1933 {
1934 CFDataRef subject;
1935 SecCertificateRef certificate;
1936 UInt8* namePtr = NULL;
1937
1938 certificate = crypto_cssm_x509cert_CreateSecCertificateRef(cert);
1939 if (certificate == NULL) {
1940 plog(ASL_LEVEL_ERR,
1941 "failed to get SecCertificateRef\n");
1942 if (certStatus && !*certStatus) {
1943 *certStatus = CERT_STATUS_INVALID;
1944 }
1945 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1946 }
1947 subject = crypto_cssm_CopySubjectSequence(certificate);
1948 if (subject == NULL) {
1949 plog(ASL_LEVEL_ERR, "failed to get certificate subjectName\n");
1950 if (certStatus && !*certStatus) {
1951 *certStatus = CERT_STATUS_INVALID_SUBJNAME;
1952 }
1953 error = ISAKMP_NTYPE_INVALID_CERTIFICATE;
1954 } else {
1955 len = CFDataGetLength(subject);
1956 namePtr = (UInt8*)CFDataGetBytePtr(subject);
1957 if (namePtr) {
1958 if (idlen != len || memcmp(id, namePtr, idlen)) {
1959 plog(ASL_LEVEL_ERR, "ID mismatched with certificate subjectName\n");
1960 error =ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1961 }
1962 } else {
1963 plog(ASL_LEVEL_ERR, "no certificate subjectName found\n");
1964 error = ISAKMP_NTYPE_INVALID_CERTIFICATE;
1965 }
1966 }
1967 if (error) {
1968 plog(ASL_LEVEL_ERR,
1969 "ID mismatched with certificate subjectName\n");
1970 if (namePtr != NULL) {
1971 plogdump(ASL_LEVEL_ERR, namePtr, len, "subjectName (type %s):\n",
1972 s_ipsecdoi_ident(idtype));
1973 } else {
1974 plog(ASL_LEVEL_ERR, "subjectName (type %s):\n", s_ipsecdoi_ident(idtype));
1975 }
1976 plogdump(ASL_LEVEL_ERR, id, idlen, "ID:\n");
1977 if (certStatus && !*certStatus) {
1978 *certStatus = CERT_STATUS_INVALID_SUBJNAME;
1979 }
1980 }
1981 CFRelease(certificate);
1982 if (subject != NULL) {
1983 CFRelease(subject);
1984 }
1985 return 0;
1986 }
1987 break;
1988
1989 case IPSECDOI_ID_IPV4_ADDR:
1990 case IPSECDOI_ID_IPV6_ADDR:
1991 {
1992 #ifndef HAVE_OPENSSL
1993 CFIndex pos, count;
1994 SecCertificateRef certificate;
1995 CFArrayRef addresses;
1996 #define ADDRESS_BUF_SIZE 64
1997
1998 certificate = crypto_cssm_x509cert_CreateSecCertificateRef(cert);
1999 if (certificate == NULL) {
2000 plog(ASL_LEVEL_ERR,
2001 "failed to get SecCertificateRef\n");
2002 if (certStatus && !*certStatus) {
2003 *certStatus = CERT_STATUS_INVALID;
2004 }
2005 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2006 }
2007 addresses = SecCertificateCopyIPAddresses(certificate);
2008 if (addresses == NULL) {
2009 plog(ASL_LEVEL_ERR, "failed to get subjectName\n");
2010 if (certStatus && !*certStatus) {
2011 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2012 }
2013 CFRelease(certificate);
2014 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2015 }
2016 count = CFArrayGetCount(addresses);
2017 for (pos = 0; pos < count; pos++) {
2018
2019 CFStringRef address;
2020 CFIndex addressLen;
2021 char *addressBuf, numAddress[128];
2022 int result;
2023
2024 address = CFArrayGetValueAtIndex(addresses, pos);
2025 addressLen = CFStringGetLength(address);
2026 if (addressLen == 0)
2027 continue;
2028 addressBuf = racoon_malloc(ADDRESS_BUF_SIZE);
2029 if (addressBuf == NULL) {
2030 plog(ASL_LEVEL_ERR, "out of memory\n");
2031 CFRelease(addresses);
2032 CFRelease(certificate);
2033 return -1;
2034 }
2035 if (CFStringGetCString(address, addressBuf, ADDRESS_BUF_SIZE, kCFStringEncodingUTF8) == TRUE) {
2036 result = inet_pton(idtype == IPSECDOI_ID_IPV4_ADDR ? AF_INET : AF_INET6, addressBuf, numAddress);
2037 racoon_free(addressBuf);
2038 if (result == 0)
2039 continue; // wrong type or invalid address
2040 if (!memcmp(id, numAddress, idtype == IPSECDOI_ID_IPV4_ADDR ? 32 : 128) == 0) { // found a match ?
2041 CFRelease(addresses);
2042 CFRelease(certificate);
2043 return 0;
2044 }
2045 } else
2046 racoon_free(addressBuf);
2047 }
2048 plog(ASL_LEVEL_ERR, "ID mismatched with subjectAltName.\n");
2049 plog(ASL_LEVEL_ERR,
2050 "subjectAltName (expected type %s):\n", s_ipsecdoi_ident(idtype));
2051 plogdump(ASL_LEVEL_ERR, id, idlen, "ID:\n");
2052 CFRelease(addresses);
2053 CFRelease(certificate);
2054 if (certStatus && !*certStatus) {
2055 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2056 }
2057 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2058 #else
2059 /*
2060 * Openssl returns the IPAddress as an ASN1 octet string (binary format)
2061 * followed by a trailing NULL. 5 bytes for IPv4 and 17 bytes for IPv6
2062 */
2063 #define SUBJ_ALT_NAME_IPV4_ADDRESS_LEN 5
2064 #define SUBJ_ALT_NAME_IPV6_ADDRESS_LEN 17
2065
2066 int pos;
2067
2068 if ((idtype == IPSECDOI_ID_IPV4_ADDR && idlen != sizeof(struct in_addr))
2069 || (idtype == IPSECDOI_ID_IPV6_ADDR && idlen != sizeof(struct in6_addr))) {
2070 plog(ASL_LEVEL_ERR,
2071 "invalid address length passed.\n");
2072 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2073 }
2074
2075 for (pos = 1; ; pos++) {
2076 if (eay_get_x509subjectaltname(cert, &altname, &type, pos, &len) !=0) {
2077 plog(ASL_LEVEL_ERR,
2078 "failed to get subjectAltName\n");
2079 if (certStatus && !*certStatus) {
2080 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2081 }
2082 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2083 }
2084
2085 /* it's the end condition of the loop. */
2086 if (!altname) {
2087 plog(ASL_LEVEL_ERR,
2088 "invalid subjectAltName\n");
2089 if (certStatus && !*certStatus) {
2090 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2091 }
2092 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2093 }
2094
2095 if (check_typeofcertname(idtype, type) != 0) {
2096 /* wrong type - skip this one */
2097 racoon_free(altname);
2098 altname = NULL;
2099 continue;
2100 }
2101
2102 if (len == SUBJ_ALT_NAME_IPV4_ADDRESS_LEN) { /* IPv4 */
2103 if (idtype != IPSECDOI_ID_IPV4_ADDR) {
2104 /* wrong IP address type - skip this one */
2105 racoon_free(altname);
2106 altname = NULL;
2107 continue;
2108 }
2109 }
2110 #ifdef INET6
2111 else if (len == SUBJ_ALT_NAME_IPV6_ADDRESS_LEN) { /* IPv6 */
2112 if (idtype != IPSECDOI_ID_IPV6_ADDR) {
2113 /* wrong IP address type - skip this one */
2114 racoon_free(altname);
2115 altname = NULL;
2116 continue;
2117 }
2118 }
2119 #endif
2120 else {
2121 /* invalid IP address length in certificate - bad or bogus certificate */
2122 plog(ASL_LEVEL_ERR,
2123 "invalid IP address in certificate.\n");
2124 plogdump(ASL_LEVEL_ERR, altname, len, "subjectAltName (expected type %s, got type %s):\n",
2125 s_ipsecdoi_ident(idtype),
2126 s_ipsecdoi_ident(type));
2127 racoon_free(altname);
2128 altname = NULL;
2129 if (certStatus && !*certStatus) {
2130 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2131 }
2132 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2133 }
2134
2135 /* compare the addresses */
2136 error = memcmp(id, altname, idlen);
2137 if (error)
2138 continue;
2139 racoon_free(altname);
2140 return 0;
2141 }
2142 /* failed to find a match */
2143 plog(ASL_LEVEL_ERR,
2144 "ID mismatched with subjectAltName.\n");
2145 plogdump(ASL_LEVEL_ERR, altname, len, "subjectAltName (expected type %s, got type %s):\n",
2146 s_ipsecdoi_ident(idtype),
2147 s_ipsecdoi_ident(type));
2148 plogdump(ASL_LEVEL_ERR, id, idlen, "ID:\n");
2149 racoon_free(altname);
2150 if (certStatus && !*certStatus)
2151 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2152 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2153
2154 #endif /* HAVE_OPENSSL */
2155 }
2156
2157 #ifndef HAVE_OPENSSL
2158 case IPSECDOI_ID_FQDN:
2159 {
2160 CFIndex pos, count;
2161 SecCertificateRef certificate;
2162 CFArrayRef names;
2163 CFStringRef name, ID;
2164
2165 certificate = crypto_cssm_x509cert_CreateSecCertificateRef(cert);
2166 if (certificate == NULL) {
2167 plog(ASL_LEVEL_ERR,
2168 "failed to get SecCertificateRef\n");
2169 if (certStatus && !*certStatus) {
2170 *certStatus = CERT_STATUS_INVALID;
2171 }
2172 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2173 }
2174 names = SecCertificateCopyDNSNames(certificate);
2175 if (names == NULL) {
2176 plog(ASL_LEVEL_ERR,
2177 "failed to get subjectName\n");
2178 if (certStatus && !*certStatus) {
2179 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2180 }
2181 CFRelease(certificate);
2182 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2183 }
2184 count = CFArrayGetCount(names);
2185 ID = CFStringCreateWithBytes(kCFAllocatorDefault, id, idlen, kCFStringEncodingUTF8, FALSE);
2186 if (ID== NULL) {
2187 plog(ASL_LEVEL_ERR, "memory error\n");
2188 CFRelease(names);
2189 CFRelease(certificate);
2190 return 0;
2191 }
2192 for (pos = 0; pos < count; pos++) {
2193 name = CFArrayGetValueAtIndex(names, pos);
2194 if (CFStringCompare(name, ID, 0) == kCFCompareEqualTo) {
2195 CFRelease(ID);
2196 CFRelease(names);
2197 CFRelease(certificate);
2198 return 0;
2199 }
2200 }
2201 plog(ASL_LEVEL_ERR, "ID mismatched with subjectAltName.\n");
2202 plog(ASL_LEVEL_ERR,
2203 "subjectAltName (expected type %s):\n", s_ipsecdoi_ident(idtype));
2204 plogdump(ASL_LEVEL_ERR, id, idlen, "ID:\n");
2205 CFRelease(ID);
2206 CFRelease(names);
2207 CFRelease(certificate);
2208 if (certStatus && !*certStatus) {
2209 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2210 }
2211 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2212 }
2213
2214 case IPSECDOI_ID_USER_FQDN:
2215 {
2216 CFIndex pos, count;
2217
2218 SecCertificateRef certificate;
2219 CFArrayRef names;
2220 CFStringRef name, ID;
2221
2222 certificate = crypto_cssm_x509cert_CreateSecCertificateRef(cert);
2223 if (certificate == NULL) {
2224 plog(ASL_LEVEL_ERR,
2225 "failed to get SecCertificateRef\n");
2226 if (certStatus && !*certStatus) {
2227 *certStatus = CERT_STATUS_INVALID;
2228 }
2229 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2230 }
2231 names = SecCertificateCopyRFC822Names(certificate);
2232 if (names == NULL) {
2233 plog(ASL_LEVEL_ERR,
2234 "failed to get subjectName\n");
2235 if (certStatus && !*certStatus) {
2236 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2237 }
2238 CFRelease(certificate);
2239 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2240 }
2241 count = CFArrayGetCount(names);
2242 ID = CFStringCreateWithBytes(kCFAllocatorDefault, id, idlen, kCFStringEncodingUTF8, FALSE);
2243 if (ID == NULL) {
2244 plog(ASL_LEVEL_ERR,
2245 "memory error\n");
2246 if (certStatus && !*certStatus) {
2247 *certStatus = CERT_STATUS_INVALID;
2248 }
2249 CFRelease(names);
2250 CFRelease(certificate);
2251 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2252 }
2253 for (pos = 0; pos < count; pos++) {
2254 name = CFArrayGetValueAtIndex(names, pos);
2255 if (CFStringCompare(name, ID, 0) == kCFCompareEqualTo) {
2256 CFRelease(ID);
2257 CFRelease(names);
2258 CFRelease(certificate);
2259 return 0;
2260 }
2261 }
2262 plog(ASL_LEVEL_ERR, "ID mismatched with subjectAltName.\n");
2263 plog(ASL_LEVEL_ERR,
2264 "subjectAltName (expected type %s):\n", s_ipsecdoi_ident(idtype));
2265 plogdump(ASL_LEVEL_ERR, id, idlen, "ID:\n");
2266 CFRelease(ID);
2267 CFRelease(names);
2268 CFRelease(certificate);
2269 if (certStatus && !*certStatus) {
2270 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2271 }
2272 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2273 }
2274 #else
2275 case IPSECDOI_ID_FQDN:
2276 case IPSECDOI_ID_USER_FQDN:
2277 {
2278 int pos;
2279
2280 for (pos = 1; ; pos++) {
2281 if (eay_get_x509subjectaltname(cert, &altname, &type, pos, &len) != 0) {
2282 plog(ASL_LEVEL_ERR,
2283 "failed to get subjectAltName\n");
2284 if (certStatus && !*certStatus) {
2285 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2286 }
2287 return ISAKMP_NTYPE_INVALID_CERTIFICATE;
2288 }
2289
2290 /* it's the end condition of the loop. */
2291 if (!altname) {
2292 plog(ASL_LEVEL_ERR,
2293 "invalid subjectAltName\n");
2294 if (certStatus && !*certStatus) {
2295 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2296 }
2297 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2298 }
2299
2300 if (check_typeofcertname(idtype, type) != 0) {
2301 /* wrong general type - skip this one */
2302 racoon_free(altname);
2303 altname = NULL;
2304 continue;
2305 }
2306
2307 if (idlen != strlen(altname)) {
2308 /* wrong length - skip this one */
2309 racoon_free(altname);
2310 altname = NULL;
2311 continue;
2312 }
2313 error = memcmp(id, altname, idlen);
2314 if (error)
2315 continue;
2316 racoon_free(altname);
2317 return 0;
2318 }
2319 plog(ASL_LEVEL_ERR, "ID mismatched with subjectAltName.\n");
2320 plog(ASL_LEVEL_ERR,
2321 "subjectAltName (expected type %s, got type %s):\n",
2322 s_ipsecdoi_ident(idtype),
2323 s_ipsecdoi_ident(type));
2324 plogdump(ASL_LEVEL_ERR, altname, len, "subjectAltName (expected type %s, got type %s):\n",
2325 s_ipsecdoi_ident(idtype),
2326 s_ipsecdoi_ident(type));
2327 plogdump(ASL_LEVEL_ERR, id, idlen, "ID:\n");
2328 racoon_free(altname);
2329 if (certStatus && !*certStatus)
2330 *certStatus = CERT_STATUS_INVALID_SUBJALTNAME;
2331 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2332 }
2333 #endif
2334 default:
2335 plog(ASL_LEVEL_ERR,
2336 "Impropper ID type passed: %s.\n",
2337 s_ipsecdoi_ident(idtype));
2338 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
2339 }
2340 /*NOTREACHED*/
2341 }
2342 #ifdef HAVE_OPENSSL
2343 static int
2344 check_typeofcertname(int doi, int genid)
2345 {
2346 switch (doi) {
2347 case IPSECDOI_ID_IPV4_ADDR:
2348 case IPSECDOI_ID_IPV4_ADDR_SUBNET:
2349 case IPSECDOI_ID_IPV6_ADDR:
2350 case IPSECDOI_ID_IPV6_ADDR_SUBNET:
2351 case IPSECDOI_ID_IPV4_ADDR_RANGE:
2352 case IPSECDOI_ID_IPV6_ADDR_RANGE:
2353 if (genid != GENT_IPADD)
2354 return -1;
2355 return 0;
2356 case IPSECDOI_ID_FQDN:
2357 if (genid != GENT_DNS)
2358 return -1;
2359 return 0;
2360 case IPSECDOI_ID_USER_FQDN:
2361 if (genid != GENT_EMAIL)
2362 return -1;
2363 return 0;
2364 case IPSECDOI_ID_DER_ASN1_DN: /* should not be passed to this function*/
2365 case IPSECDOI_ID_DER_ASN1_GN:
2366 case IPSECDOI_ID_KEY_ID:
2367 default:
2368 return -1;
2369 }
2370 /*NOTREACHED*/
2371 }
2372 #endif
2373
2374 /*
2375 * save certificate including certificate type.
2376 */
2377 int
2378 oakley_savecert(phase1_handle_t *iph1, struct isakmp_gen *gen)
2379 {
2380 cert_t **c;
2381 u_int8_t type;
2382 type = *(u_int8_t *)(gen + 1) & 0xff;
2383
2384 switch (type) {
2385 case ISAKMP_CERT_X509SIGN:
2386 c = &iph1->cert_p;
2387 break;
2388 default:
2389 plog(ASL_LEVEL_ERR,
2390 "Invalid CERT type %d\n", type);
2391 return -1;
2392 }
2393
2394 if (*c) {
2395 plog(ASL_LEVEL_WARNING,
2396 "preexisting CERT payload... chaining.\n");
2397 }
2398
2399 cert_t *new;
2400 new = save_certbuf(gen);
2401 if (!new) {
2402 plog(ASL_LEVEL_ERR,
2403 "Failed to get CERT buffer.\n");
2404 return -1;
2405 }
2406
2407 switch (new->type) {
2408 case ISAKMP_CERT_X509SIGN:
2409 /* Ignore cert if it doesn't match identity
2410 * XXX If verify cert is disabled, we still just take
2411 * the first certificate....
2412 */
2413 *c = oakley_appendcert_to_certchain(*c, new);
2414 plog(ASL_LEVEL_DEBUG, "CERT saved:\n");
2415 break;
2416 default:
2417 /* XXX */
2418 oakley_delcert(new);
2419 return 0;
2420 }
2421
2422 return 0;
2423 }
2424
2425 /*
2426 * save certificate including certificate type.
2427 */
2428 int
2429 oakley_savecr(phase1_handle_t *iph1, struct isakmp_gen *gen)
2430 {
2431 cert_t **c;
2432 u_int8_t type;
2433 cert_t *new;
2434
2435 type = *(u_int8_t *)(gen + 1) & 0xff;
2436
2437 switch (type) {
2438 case ISAKMP_CERT_X509SIGN:
2439 if (iph1->cr_p) {
2440 oakley_delcert(iph1->cr_p);
2441 iph1->cr_p = NULL;
2442 }
2443 c = &iph1->cr_p;
2444 break;
2445 default:
2446 plog(ASL_LEVEL_ERR,
2447 "Invalid CR type %d\n", type);
2448 return -1;
2449 }
2450
2451 new = save_certbuf(gen);
2452 if (!new) {
2453 plog(ASL_LEVEL_ERR,
2454 "Failed to get CR buffer.\n");
2455 return -1;
2456 }
2457 *c = oakley_appendcert_to_certchain(*c, new);
2458 plog(ASL_LEVEL_DEBUG, "CR saved\n");
2459
2460 return 0;
2461 }
2462
2463 static cert_t *
2464 save_certbuf(struct isakmp_gen *gen)
2465 {
2466 cert_t *new;
2467
2468 if(ntohs(gen->len) <= sizeof(*gen)){
2469 plog(ASL_LEVEL_ERR,
2470 "Len is too small !!.\n");
2471 return NULL;
2472 }
2473
2474 new = oakley_newcert();
2475 if (!new) {
2476 plog(ASL_LEVEL_ERR,
2477 "Failed to get CERT buffer.\n");
2478 return NULL;
2479 }
2480
2481 new->pl = vmalloc(ntohs(gen->len) - sizeof(*gen));
2482 if (new->pl == NULL) {
2483 plog(ASL_LEVEL_ERR,
2484 "Failed to copy CERT from packet.\n");
2485 oakley_delcert(new);
2486 new = NULL;
2487 return NULL;
2488 }
2489 memcpy(new->pl->v, gen + 1, new->pl->l);
2490 new->type = new->pl->v[0] & 0xff;
2491 new->cert.v = new->pl->v + 1;
2492 new->cert.l = new->pl->l - 1;
2493
2494 return new;
2495 }
2496
2497 /*
2498 * get my CR.
2499 * NOTE: No Certificate Authority field is included to CR payload at the
2500 * moment. Becuase any certificate authority are accepted without any check.
2501 * The section 3.10 in RFC2408 says that this field SHOULD not be included,
2502 * if there is no specific certificate authority requested.
2503 */
2504 vchar_t *
2505 oakley_getcr(phase1_handle_t *iph1)
2506 {
2507 vchar_t *buf;
2508
2509 buf = vmalloc(1);
2510 if (buf == NULL) {
2511 plog(ASL_LEVEL_ERR,
2512 "failed to get cr buffer\n");
2513 return NULL;
2514 }
2515 if(iph1->rmconf->certtype == ISAKMP_CERT_NONE) {
2516 buf->v[0] = iph1->rmconf->cacerttype;
2517 plog(ASL_LEVEL_DEBUG, "create my CR: NONE, using %s instead\n",
2518 s_isakmp_certtype(iph1->rmconf->cacerttype));
2519 } else {
2520 buf->v[0] = iph1->rmconf->certtype;
2521 plog(ASL_LEVEL_DEBUG, "create my CR: %s\n",
2522 s_isakmp_certtype(iph1->rmconf->certtype));
2523 }
2524 //if (buf->l > 1)
2525 // plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "");
2526
2527 return buf;
2528 }
2529
2530 /*
2531 * check peer's CR.
2532 */
2533 int
2534 oakley_checkcr(phase1_handle_t *iph1)
2535 {
2536 if (iph1->cr_p == NULL)
2537 return 0;
2538
2539 plog(ASL_LEVEL_DEBUG,
2540 "peer transmitted CR: %s\n",
2541 s_isakmp_certtype(iph1->cr_p->type));
2542
2543 if (iph1->cr_p->type != iph1->rmconf->certtype) {
2544 plog(ASL_LEVEL_ERR,
2545 "such a cert type isn't supported: %d\n",
2546 (char)iph1->cr_p->type);
2547 return -1;
2548 }
2549
2550 return 0;
2551 }
2552
2553 /*
2554 * check to need CR payload.
2555 */
2556 int
2557 oakley_needcr(int type)
2558 {
2559 switch (type) {
2560 case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
2561 #ifdef ENABLE_HYBRID
2562 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
2563 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
2564 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
2565 #endif
2566 return 1;
2567 default:
2568 return 0;
2569 }
2570 /*NOTREACHED*/
2571 }
2572
2573 vchar_t *
2574 oakley_getpskall(phase1_handle_t *iph1)
2575 {
2576 vchar_t *secret = NULL;
2577
2578 if (iph1->rmconf->shared_secret) {
2579
2580 switch (iph1->rmconf->secrettype) {
2581 case SECRETTYPE_KEY:
2582 /* in psk file - use KEY from remote configuration to locate it */
2583 secret = getpsk(iph1->rmconf->shared_secret->v, iph1->rmconf->shared_secret->l-1);
2584 break;
2585 #if HAVE_KEYCHAIN
2586 case SECRETTYPE_KEYCHAIN:
2587 /* in the system keychain */
2588 secret = getpskfromkeychain(iph1->rmconf->shared_secret->v, iph1->etype, iph1->rmconf->secrettype, NULL);
2589 break;
2590 case SECRETTYPE_KEYCHAIN_BY_ID:
2591 /* in the system keychain - use peer id */
2592 secret = getpskfromkeychain(iph1->rmconf->shared_secret->v, iph1->etype, iph1->rmconf->secrettype, iph1->id_p);
2593 break;
2594 #endif // HAVE_KEYCHAIN
2595 case SECRETTYPE_USE:
2596 /* in the remote configuration */
2597 default:
2598 /* rmconf->shared_secret is a string and contains a NULL character that must be removed */
2599 secret = vmalloc(iph1->rmconf->shared_secret->l - 1);
2600 if (secret == NULL) {
2601 plog(ASL_LEVEL_ERR, "memory error.\n");
2602 goto end;
2603 }
2604 memcpy(secret->v, iph1->rmconf->shared_secret->v, secret->l);
2605 }
2606 } else if (iph1->etype != ISAKMP_ETYPE_IDENT) {
2607 secret = getpskbyname(iph1->id_p);
2608 if (!secret) {
2609 if (iph1->rmconf->verify_identifier) {
2610 plog(ASL_LEVEL_ERR, "couldn't find pskey by peer's ID.\n");
2611 goto end;
2612 }
2613 }
2614 }
2615 if (!secret) {
2616 plog(ASL_LEVEL_NOTICE, "try to get pskey by the peer's address.\n");
2617 secret = getpskbyaddr(iph1->remote);
2618 if (!secret) {
2619 plog(ASL_LEVEL_ERR,
2620 "couldn't find the pskey by address %s.\n",
2621 saddrwop2str((struct sockaddr *)iph1->remote));
2622 }
2623 }
2624
2625 end:
2626 return secret;
2627 }
2628
2629 /*
2630 * compute SKEYID
2631 * see seciton 5. Exchanges in RFC 2409
2632 * psk: SKEYID = prf(pre-shared-key, Ni_b | Nr_b)
2633 * sig: SKEYID = prf(Ni_b | Nr_b, g^ir)
2634 * enc: SKEYID = prf(H(Ni_b | Nr_b), CKY-I | CKY-R)
2635 */
2636 int
2637 oakley_skeyid(phase1_handle_t *iph1)
2638 {
2639 vchar_t *key = NULL;
2640 vchar_t *buf = NULL;
2641 vchar_t *bp;
2642 char *p;
2643 int len;
2644 int error = -1;
2645
2646 /* SKEYID */
2647 switch (AUTHMETHOD(iph1)) {
2648 case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
2649 #ifdef ENABLE_HYBRID
2650 case FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I:
2651 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
2652 #endif
2653 key = oakley_getpskall(iph1);
2654 if (key == NULL) {
2655 plog(ASL_LEVEL_ERR,
2656 "couldn't find the pskey for %s.\n",
2657 saddrwop2str((struct sockaddr *)iph1->remote));
2658 goto end;
2659 }
2660 plog(ASL_LEVEL_DEBUG, "the psk found.\n");
2661 /* should be secret PSK */
2662 plogdump(ASL_LEVEL_DEBUG, key->v, key->l, "psk: ");
2663
2664 len = iph1->nonce->l + iph1->nonce_p->l;
2665 buf = vmalloc(len);
2666 if (buf == NULL) {
2667 plog(ASL_LEVEL_ERR,
2668 "failed to get skeyid buffer\n");
2669 goto end;
2670 }
2671 p = buf->v;
2672
2673 bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2674 //plogdump(ASL_LEVEL_DEBUG, bp->v, bp->l, "nonce 1: ");
2675 memcpy(p, bp->v, bp->l);
2676 p += bp->l;
2677
2678 bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2679 //plogdump(ASL_LEVEL_DEBUG, bp->v, bp->l, "nonce 2: ");
2680 memcpy(p, bp->v, bp->l);
2681 p += bp->l;
2682
2683 iph1->skeyid = oakley_prf(key, buf, iph1);
2684
2685 if (iph1->skeyid == NULL)
2686 goto end;
2687 break;
2688
2689 case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
2690 #ifdef ENABLE_HYBRID
2691 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
2692 case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
2693 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
2694 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
2695 #endif
2696 len = iph1->nonce->l + iph1->nonce_p->l;
2697 buf = vmalloc(len);
2698 if (buf == NULL) {
2699 plog(ASL_LEVEL_ERR,
2700 "failed to get nonce buffer\n");
2701 goto end;
2702 }
2703 p = buf->v;
2704
2705 bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2706 //plogdump(ASL_LEVEL_DEBUG, bp->v, bp->l, "nonce1: ");
2707 memcpy(p, bp->v, bp->l);
2708 p += bp->l;
2709
2710 bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2711 //plogdump(ASL_LEVEL_DEBUG, bp->v, bp->l, "nonce2: ");
2712 memcpy(p, bp->v, bp->l);
2713 p += bp->l;
2714
2715 iph1->skeyid = oakley_prf(buf, iph1->dhgxy, iph1);
2716 if (iph1->skeyid == NULL)
2717 goto end;
2718 break;
2719 case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
2720 case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
2721 #ifdef ENABLE_HYBRID
2722 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
2723 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
2724 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
2725 case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
2726 #endif
2727 plog(ASL_LEVEL_WARNING,
2728 "not supported authentication method %s\n",
2729 s_oakley_attr_method(iph1->approval->authmethod));
2730 goto end;
2731 default:
2732 plog(ASL_LEVEL_ERR,
2733 "invalid authentication method %d\n",
2734 iph1->approval->authmethod);
2735 goto end;
2736 }
2737
2738 //plogdump(ASL_LEVEL_DEBUG, iph1->skeyid->v, iph1->skeyid->l, "IKEv1 SKEYID computed:\n");
2739
2740 error = 0;
2741
2742 end:
2743 if (key != NULL)
2744 vfree(key);
2745 if (buf != NULL)
2746 vfree(buf);
2747 return error;
2748 }
2749
2750 /*
2751 * compute SKEYID_[dae]
2752 */
2753 int
2754 oakley_skeyid_dae(phase1_handle_t *iph1)
2755 {
2756 vchar_t *buf = NULL;
2757 char *p;
2758 int len;
2759 int error = -1;
2760
2761 if (iph1->skeyid == NULL) {
2762 plog(ASL_LEVEL_ERR, "no SKEYID found.\n");
2763 goto end;
2764 }
2765
2766 /*
2767 * see seciton 5. Exchanges in RFC 2409
2768 * SKEYID_d = prf(SKEYID, g^ir | CKY-I | CKY-R | 0)
2769 * SKEYID_a = prf(SKEYID, SKEYID_d | g^ir | CKY-I | CKY-R | 1)
2770 * SKEYID_e = prf(SKEYID, SKEYID_a | g^ir | CKY-I | CKY-R | 2)
2771 */
2772 /* SKEYID D */
2773 /* SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0) */
2774 len = iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2775 buf = vmalloc(len);
2776 if (buf == NULL) {
2777 plog(ASL_LEVEL_ERR,
2778 "failed to get skeyid buffer\n");
2779 goto end;
2780 }
2781 p = buf->v;
2782
2783 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2784 p += iph1->dhgxy->l;
2785 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2786 p += sizeof(cookie_t);
2787 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2788 p += sizeof(cookie_t);
2789 *p = 0;
2790 iph1->skeyid_d = oakley_prf(iph1->skeyid, buf, iph1);
2791 if (iph1->skeyid_d == NULL)
2792 goto end;
2793
2794 vfree(buf);
2795 buf = NULL;
2796
2797 //plogdump(ASL_LEVEL_DEBUG, iph1->skeyid_d->v, iph1->skeyid_d->l, "SKEYID_d computed:\n");
2798
2799 /* SKEYID A */
2800 /* SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1) */
2801 len = iph1->skeyid_d->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2802 buf = vmalloc(len);
2803 if (buf == NULL) {
2804 plog(ASL_LEVEL_ERR,
2805 "failed to get skeyid buffer\n");
2806 goto end;
2807 }
2808 p = buf->v;
2809 memcpy(p, iph1->skeyid_d->v, iph1->skeyid_d->l);
2810 p += iph1->skeyid_d->l;
2811 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2812 p += iph1->dhgxy->l;
2813 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2814 p += sizeof(cookie_t);
2815 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2816 p += sizeof(cookie_t);
2817 *p = 1;
2818 iph1->skeyid_a = oakley_prf(iph1->skeyid, buf, iph1);
2819 if (iph1->skeyid_a == NULL)
2820 goto end;
2821
2822 vfree(buf);
2823 buf = NULL;
2824
2825 //plogdump(ASL_LEVEL_DEBUG, iph1->skeyid_a->v, iph1->skeyid_a->l, "SKEYID_a computed:\n");
2826
2827 /* SKEYID E */
2828 /* SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2) */
2829 len = iph1->skeyid_a->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2830 buf = vmalloc(len);
2831 if (buf == NULL) {
2832 plog(ASL_LEVEL_ERR,
2833 "failed to get skeyid buffer\n");
2834 goto end;
2835 }
2836 p = buf->v;
2837 memcpy(p, iph1->skeyid_a->v, iph1->skeyid_a->l);
2838 p += iph1->skeyid_a->l;
2839 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2840 p += iph1->dhgxy->l;
2841 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2842 p += sizeof(cookie_t);
2843 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2844 p += sizeof(cookie_t);
2845 *p = 2;
2846 iph1->skeyid_e = oakley_prf(iph1->skeyid, buf, iph1);
2847 if (iph1->skeyid_e == NULL)
2848 goto end;
2849
2850 vfree(buf);
2851 buf = NULL;
2852
2853 //plogdump(ASL_LEVEL_DEBUG, iph1->skeyid_e->v, iph1->skeyid_e->l, "SKEYID_e computed:\n");
2854
2855 error = 0;
2856
2857 end:
2858 if (buf != NULL)
2859 vfree(buf);
2860 return error;
2861 }
2862
2863 /*
2864 * compute final encryption key.
2865 * see Appendix B.
2866 */
2867 int
2868 oakley_compute_enckey(phase1_handle_t *iph1)
2869 {
2870 u_int keylen, prflen;
2871 int error = -1;
2872
2873 /* RFC2409 p39 */
2874 keylen = alg_oakley_encdef_keylen(iph1->approval->enctype,
2875 iph1->approval->encklen);
2876 if (keylen == -1) {
2877 plog(ASL_LEVEL_ERR,
2878 "invalid encryption algoritym %d, "
2879 "or invalid key length %d.\n",
2880 iph1->approval->enctype,
2881 iph1->approval->encklen);
2882 goto end;
2883 }
2884 iph1->key = vmalloc(keylen >> 3);
2885 if (iph1->key == NULL) {
2886 plog(ASL_LEVEL_ERR,
2887 "failed to get key buffer\n");
2888 goto end;
2889 }
2890
2891 /* set prf length */
2892 prflen = alg_oakley_hashdef_hashlen(iph1->approval->hashtype);
2893 if (prflen == -1) {
2894 plog(ASL_LEVEL_ERR,
2895 "invalid hash type %d.\n", iph1->approval->hashtype);
2896 goto end;
2897 }
2898
2899 /* see isakmp-oakley-08 5.3. */
2900 if (iph1->key->l <= iph1->skeyid_e->l) {
2901 /*
2902 * if length(Ka) <= length(SKEYID_e)
2903 * Ka = first length(K) bit of SKEYID_e
2904 */
2905 memcpy(iph1->key->v, iph1->skeyid_e->v, iph1->key->l);
2906 } else {
2907 vchar_t *buf = NULL, *res = NULL;
2908 u_char *p, *ep;
2909 int cplen;
2910 int subkey;
2911
2912 /*
2913 * otherwise,
2914 * Ka = K1 | K2 | K3
2915 * where
2916 * K1 = prf(SKEYID_e, 0)
2917 * K2 = prf(SKEYID_e, K1)
2918 * K3 = prf(SKEYID_e, K2)
2919 */
2920 plog(ASL_LEVEL_DEBUG,
2921 "len(SKEYID_e) < len(Ka) (%zu < %zu), "
2922 "generating long key (Ka = K1 | K2 | ...)\n",
2923 iph1->skeyid_e->l, iph1->key->l);
2924
2925 if ((buf = vmalloc(prflen >> 3)) == 0) {
2926 plog(ASL_LEVEL_ERR,
2927 "failed to get key buffer\n");
2928 goto end;
2929 }
2930 p = (u_char *)iph1->key->v;
2931 ep = p + iph1->key->l;
2932
2933 subkey = 1;
2934 while (p < ep) {
2935 if (p == (u_char *)iph1->key->v) {
2936 /* just for computing K1 */
2937 buf->v[0] = 0;
2938 buf->l = 1;
2939 }
2940 res = oakley_prf(iph1->skeyid_e, buf, iph1);
2941 if (res == NULL) {
2942 vfree(buf);
2943 goto end;
2944 }
2945 plog(ASL_LEVEL_DEBUG,
2946 "compute intermediate encryption key K%d\n",
2947 subkey);
2948 //plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "");
2949 //plogdump(ASL_LEVEL_DEBUG, res->v, res->l, "");
2950
2951 cplen = (res->l < ep - p) ? res->l : ep - p;
2952 memcpy(p, res->v, cplen);
2953 p += cplen;
2954
2955 buf->l = prflen >> 3; /* to cancel K1 speciality */
2956 if (res->l != buf->l) {
2957 plog(ASL_LEVEL_ERR,
2958 "internal error: res->l=%zu buf->l=%zu\n",
2959 res->l, buf->l);
2960 vfree(res);
2961 vfree(buf);
2962 goto end;
2963 }
2964 memcpy(buf->v, res->v, res->l);
2965 vfree(res);
2966 subkey++;
2967 }
2968
2969 vfree(buf);
2970 }
2971
2972 /*
2973 * don't check any weak key or not.
2974 * draft-ietf-ipsec-ike-01.txt Appendix B.
2975 * draft-ietf-ipsec-ciph-aes-cbc-00.txt Section 2.3.
2976 */
2977
2978 //plogdump(ASL_LEVEL_DEBUG, iph1->key->v, iph1->key->l, "final encryption key computed:\n");
2979
2980 error = 0;
2981
2982 end:
2983 return error;
2984 }
2985
2986 /* allocated new buffer for CERT */
2987 cert_t *
2988 oakley_newcert(void)
2989 {
2990 cert_t *new;
2991
2992 new = racoon_calloc(1, sizeof(*new));
2993 if (new == NULL) {
2994 plog(ASL_LEVEL_ERR,
2995 "failed to get cert's buffer\n");
2996 return NULL;
2997 }
2998
2999 new->pl = NULL;
3000 new->chain = NULL;
3001
3002 return new;
3003 }
3004
3005 /* delete buffer for CERT */
3006 void
3007 oakley_delcert_1(cert_t *cert)
3008 {
3009 if (!cert)
3010 return;
3011 if (cert->pl)
3012 VPTRINIT(cert->pl);
3013 racoon_free(cert);
3014 }
3015
3016 /* delete buffer for CERT */
3017 void
3018 oakley_delcert(cert_t *cert)
3019 {
3020 cert_t *p, *to_delete;
3021
3022 if (!cert)
3023 return;
3024
3025 for (p = cert; p;) {
3026 to_delete = p;
3027 p = p->chain;
3028 oakley_delcert_1(to_delete);
3029 }
3030 }
3031
3032 /* delete buffer for CERT */
3033 static cert_t *
3034 oakley_appendcert_to_certchain(cert_t *certchain, cert_t *new)
3035 {
3036 cert_t *p;
3037
3038 if (!certchain)
3039 return new;
3040
3041 for (p = certchain; p; p = p->chain) {
3042 if (!p->chain) {
3043 p->chain = new;
3044 return certchain;
3045 }
3046 }
3047 return NULL;
3048 }
3049
3050 /*
3051 * compute IV and set to ph1handle
3052 * IV = hash(g^xi | g^xr)
3053 * see 4.1 Phase 1 state in draft-ietf-ipsec-ike.
3054 */
3055 int
3056 oakley_newiv(phase1_handle_t *iph1)
3057 {
3058 struct isakmp_ivm *newivm = NULL;
3059 vchar_t *buf = NULL, *bp;
3060 char *p;
3061 int len;
3062
3063 /* create buffer */
3064 len = iph1->dhpub->l + iph1->dhpub_p->l;
3065 buf = vmalloc(len);
3066 if (buf == NULL) {
3067 plog(ASL_LEVEL_ERR,
3068 "Failed to get IV buffer\n");
3069 return -1;
3070 }
3071
3072 p = buf->v;
3073
3074 bp = (iph1->side == INITIATOR ? iph1->dhpub : iph1->dhpub_p);
3075 memcpy(p, bp->v, bp->l);
3076 p += bp->l;
3077
3078 bp = (iph1->side == INITIATOR ? iph1->dhpub_p : iph1->dhpub);
3079 memcpy(p, bp->v, bp->l);
3080 p += bp->l;
3081
3082 /* allocate IVm */
3083 newivm = racoon_calloc(1, sizeof(struct isakmp_ivm));
3084 if (newivm == NULL) {
3085 plog(ASL_LEVEL_ERR,
3086 "Failed to get IV buffer\n");
3087 vfree(buf);
3088 return -1;
3089 }
3090
3091 /* compute IV */
3092 newivm->iv = oakley_hash(buf, iph1);
3093 if (newivm->iv == NULL) {
3094 vfree(buf);
3095 oakley_delivm(newivm);
3096 return -1;
3097 }
3098
3099 /* adjust length of iv */
3100 newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3101 if (newivm->iv->l == -1) {
3102 plog(ASL_LEVEL_ERR,
3103 "Invalid encryption algorithm %d.\n",
3104 iph1->approval->enctype);
3105 vfree(buf);
3106 oakley_delivm(newivm);
3107 return -1;
3108 }
3109
3110 /* create buffer to save iv */
3111 if ((newivm->ive = vdup(newivm->iv)) == NULL) {
3112 plog(ASL_LEVEL_ERR,
3113 "vdup (%s)\n", strerror(errno));
3114 vfree(buf);
3115 oakley_delivm(newivm);
3116 return -1;
3117 }
3118
3119 vfree(buf);
3120
3121 //plogdump(ASL_LEVEL_DEBUG, newivm->iv->v, newivm->iv->l, "IV computed:\n");
3122
3123 if (iph1->ivm != NULL)
3124 oakley_delivm(iph1->ivm);
3125
3126 iph1->ivm = newivm;
3127
3128 return 0;
3129 }
3130
3131 /*
3132 * compute IV for the payload after phase 1.
3133 * It's not limited for phase 2.
3134 * if pahse 1 was encrypted.
3135 * IV = hash(last CBC block of Phase 1 | M-ID)
3136 * if phase 1 was not encrypted.
3137 * IV = hash(phase 1 IV | M-ID)
3138 * see 4.2 Phase 2 state in draft-ietf-ipsec-ike.
3139 */
3140 struct isakmp_ivm *
3141 oakley_newiv2(phase1_handle_t *iph1, u_int32_t msgid)
3142 {
3143 struct isakmp_ivm *newivm = NULL;
3144 vchar_t *buf = NULL;
3145 char *p;
3146 int len;
3147 int error = -1;
3148
3149 /* create buffer */
3150 len = iph1->ivm->iv->l + sizeof(msgid_t);
3151 buf = vmalloc(len);
3152 if (buf == NULL) {
3153 plog(ASL_LEVEL_ERR,
3154 "Failed to get IV buffer\n");
3155 goto end;
3156 }
3157
3158 p = buf->v;
3159
3160 memcpy(p, iph1->ivm->iv->v, iph1->ivm->iv->l);
3161 p += iph1->ivm->iv->l;
3162
3163 memcpy(p, &msgid, sizeof(msgid));
3164
3165 plog(ASL_LEVEL_DEBUG, "Compute IV for Phase 2\n");
3166 //plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "Phase 1 last IV:\n");
3167
3168 /* allocate IVm */
3169 newivm = racoon_calloc(1, sizeof(struct isakmp_ivm));
3170 if (newivm == NULL) {
3171 plog(ASL_LEVEL_ERR,
3172 "Failed to get IV buffer\n");
3173 goto end;
3174 }
3175
3176 /* compute IV */
3177 if ((newivm->iv = oakley_hash(buf, iph1)) == NULL)
3178 goto end;
3179
3180 /* adjust length of iv */
3181 newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3182 if (newivm->iv->l == -1) {
3183 plog(ASL_LEVEL_ERR,
3184 "Invalid encryption algorithm %d.\n",
3185 iph1->approval->enctype);
3186 goto end;
3187 }
3188
3189 /* create buffer to save new iv */
3190 if ((newivm->ive = vdup(newivm->iv)) == NULL) {
3191 plog(ASL_LEVEL_ERR, "vdup (%s)\n", strerror(errno));
3192 goto end;
3193 }
3194
3195 error = 0;
3196
3197 //plogdump(ASL_LEVEL_DEBUG, newivm->iv->v, newivm->iv->l, "Phase 2 IV computed:\n");
3198
3199 end:
3200 if (error && newivm != NULL){
3201 oakley_delivm(newivm);
3202 newivm=NULL;
3203 }
3204 if (buf != NULL)
3205 vfree(buf);
3206 return newivm;
3207 }
3208
3209 void
3210 oakley_delivm(struct isakmp_ivm *ivm)
3211 {
3212 if (ivm == NULL)
3213 return;
3214
3215 if (ivm->iv != NULL)
3216 vfree(ivm->iv);
3217 if (ivm->ive != NULL)
3218 vfree(ivm->ive);
3219 racoon_free(ivm);
3220 plog(ASL_LEVEL_DEBUG, "IV freed\n");
3221
3222 return;
3223 }
3224
3225 /*
3226 * decrypt packet.
3227 * save new iv and old iv.
3228 */
3229 vchar_t *
3230 oakley_do_ikev1_decrypt(phase1_handle_t *iph1, vchar_t *msg, vchar_t *ivdp, vchar_t *ivep)
3231 {
3232 vchar_t *buf = NULL, *new = NULL;
3233 char *pl;
3234 int len;
3235 u_int8_t padlen;
3236 int blen;
3237 int error = -1;
3238
3239 plog(ASL_LEVEL_DEBUG, "Begin decryption.\n");
3240
3241 blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3242 if (blen == -1) {
3243 plog(ASL_LEVEL_ERR,
3244 "Invalid encryption algorithm %d.\n",
3245 iph1->approval->enctype);
3246 goto end;
3247 }
3248
3249 /* save IV for next, but not sync. */
3250 memset(ivep->v, 0, ivep->l);
3251 memcpy(ivep->v, (caddr_t)&msg->v[msg->l - blen], blen);
3252
3253 plogdump(ASL_LEVEL_DEBUG, ivep->v, ivep->l, "IV was saved for next processing:\n");
3254
3255 pl = msg->v + sizeof(struct isakmp);
3256
3257 len = msg->l - sizeof(struct isakmp);
3258
3259 /* create buffer */
3260 buf = vmalloc(len);
3261 if (buf == NULL) {
3262 plog(ASL_LEVEL_ERR,
3263 "Failed to get buffer to decrypt.\n");
3264 goto end;
3265 }
3266 memcpy(buf->v, pl, len);
3267
3268 /* do decrypt */
3269 new = alg_oakley_encdef_decrypt(iph1->approval->enctype,
3270 buf, iph1->key, ivdp);
3271 if (new == NULL || new->v == NULL || new->l == 0) {
3272 plog(ASL_LEVEL_ERR,
3273 "Decryption %d failed.\n", iph1->approval->enctype);
3274 goto end;
3275 }
3276 //plogdump(ASL_LEVEL_DEBUG, iph1->key->v, iph1->key->l, "with key:\n");
3277
3278 vfree(buf);
3279 buf = NULL;
3280 if (new == NULL)
3281 goto end;
3282
3283 plog(ASL_LEVEL_DEBUG, "decrypted payload by IV:\n");
3284
3285 /* get padding length */
3286 if (lcconf->pad_excltail)
3287 padlen = new->v[new->l - 1] + 1;
3288 else
3289 padlen = new->v[new->l - 1];
3290 plog(ASL_LEVEL_DEBUG, "padding len=%u\n", padlen);
3291
3292 /* trim padding */
3293 if (lcconf->pad_strict) {
3294 if (padlen > new->l) {
3295 plog(ASL_LEVEL_ERR, "invalid padding len=%u, buflen=%zu.\n",
3296 padlen, new->l);
3297 goto end;
3298 }
3299 new->l -= padlen;
3300 plog(ASL_LEVEL_DEBUG, "trimmed padding\n");
3301 } else {
3302 plog(ASL_LEVEL_DEBUG, "skip to trim padding.\n");
3303 }
3304
3305 /* create new buffer */
3306 len = sizeof(struct isakmp) + new->l;
3307 buf = vmalloc(len);
3308 if (buf == NULL) {
3309 plog(ASL_LEVEL_ERR,
3310 "failed to get buffer to decrypt.\n");
3311 goto end;
3312 }
3313 memcpy(buf->v, msg->v, sizeof(struct isakmp));
3314 memcpy(buf->v + sizeof(struct isakmp), new->v, new->l);
3315 ((struct isakmp *)buf->v)->len = htonl(buf->l);
3316
3317 plog(ASL_LEVEL_DEBUG, "decrypted.\n");
3318
3319 #ifdef HAVE_PRINT_ISAKMP_C
3320 isakmp_printpacket(buf, iph1->remote, iph1->local, 1);
3321 #endif
3322
3323 error = 0;
3324
3325 end:
3326 if (error && buf != NULL) {
3327 vfree(buf);
3328 buf = NULL;
3329 }
3330 if (new != NULL)
3331 vfree(new);
3332
3333 return buf;
3334 }
3335
3336 /*
3337 * decrypt packet.
3338 */
3339 vchar_t *
3340 oakley_do_decrypt(phase1_handle_t *iph1, vchar_t *msg, vchar_t *ivdp, vchar_t *ivep)
3341 {
3342 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
3343 return(oakley_do_ikev1_decrypt(iph1, msg, ivdp, ivep));
3344 }
3345
3346 plog(ASL_LEVEL_ERR, "Failed to decrypt invalid IKE version");
3347 return NULL;
3348 }
3349
3350 /*
3351 * encrypt packet.
3352 */
3353 vchar_t *
3354 oakley_do_ikev1_encrypt(phase1_handle_t *iph1, vchar_t *msg, vchar_t *ivep, vchar_t *ivp)
3355 {
3356 vchar_t *buf = 0, *new = 0;
3357 char *pl;
3358 int len;
3359 u_int padlen;
3360 int blen;
3361 int error = -1;
3362
3363 plog(ASL_LEVEL_DEBUG, "Begin encryption.\n");
3364
3365 /* set cbc block length */
3366 blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3367 if (blen == -1) {
3368 plog(ASL_LEVEL_ERR,
3369 "Invalid encryption algorithm %d.\n",
3370 iph1->approval->enctype);
3371 goto end;
3372 }
3373
3374 pl = msg->v + sizeof(struct isakmp);
3375 len = msg->l - sizeof(struct isakmp);
3376
3377 /* add padding */
3378 padlen = oakley_padlen(len, blen);
3379 plog(ASL_LEVEL_DEBUG, "pad length = %u\n", padlen);
3380
3381 /* create buffer */
3382 buf = vmalloc(len + padlen);
3383 if (buf == NULL) {
3384 plog(ASL_LEVEL_ERR,
3385 "Failed to get buffer to encrypt.\n");
3386 goto end;
3387 }
3388 if (padlen) {
3389 int i;
3390 char *p = &buf->v[len];
3391 if (lcconf->pad_random) {
3392 for (i = 0; i < padlen; i++)
3393 *p++ = eay_random() & 0xff;
3394 }
3395 }
3396 memcpy(buf->v, pl, len);
3397
3398 /* make pad into tail */
3399 if (lcconf->pad_excltail)
3400 buf->v[len + padlen - 1] = padlen - 1;
3401 else
3402 buf->v[len + padlen - 1] = padlen;
3403
3404 plogdump(ASL_LEVEL_DEBUG, buf->v, buf->l, "About to encrypt %d bytes", buf->l);
3405
3406 /* do encrypt */
3407 new = alg_oakley_encdef_encrypt(iph1->approval->enctype,
3408 buf, iph1->key, ivep);
3409 if (new == NULL) {
3410 plog(ASL_LEVEL_ERR,
3411 "Encryption %d failed.\n", iph1->approval->enctype);
3412 goto end;
3413 }
3414 //plogdump(ASL_LEVEL_DEBUG, iph1->key->v, iph1->key->l, "with key:\n");
3415
3416 vfree(buf);
3417 buf = NULL;
3418 if (new == NULL)
3419 goto end;
3420
3421 //plogdump(ASL_LEVEL_DEBUG, ivep->v, ivep->l, "encrypted payload by IV:\n");
3422
3423 /* save IV for next */
3424 memset(ivp->v, 0, ivp->l);
3425 memcpy(ivp->v, (caddr_t)&new->v[new->l - blen], blen);
3426
3427 //plogdump(ASL_LEVEL_DEBUG, ivp->v, ivp->l, "save IV for next:\n");
3428
3429 /* create new buffer */
3430 len = sizeof(struct isakmp) + new->l;
3431 buf = vmalloc(len);
3432 if (buf == NULL) {
3433 plog(ASL_LEVEL_ERR,
3434 "Failed to get buffer to encrypt.\n");
3435 goto end;
3436 }
3437 memcpy(buf->v, msg->v, sizeof(struct isakmp));
3438 memcpy(buf->v + sizeof(struct isakmp), new->v, new->l);
3439 ((struct isakmp *)buf->v)->len = htonl(buf->l);
3440
3441 error = 0;
3442
3443 plog(ASL_LEVEL_DEBUG, "Encrypted.\n");
3444
3445 end:
3446 if (error && buf != NULL) {
3447 vfree(buf);
3448 buf = NULL;
3449 }
3450 if (new != NULL)
3451 vfree(new);
3452
3453 return buf;
3454 }
3455
3456 /*
3457 * encrypt packet.
3458 */
3459 vchar_t *
3460 oakley_do_encrypt(phase1_handle_t *iph1, vchar_t *msg, vchar_t *ivep, vchar_t *ivp)
3461 {
3462 if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1) {
3463 return(oakley_do_ikev1_encrypt(iph1, msg, ivep, ivp));
3464 }
3465
3466 plog(ASL_LEVEL_ERR, "Failed to encrypt invalid IKE version");
3467 return NULL;
3468 }
3469
3470 /* culculate padding length */
3471 static int
3472 oakley_padlen(int len, int base)
3473 {
3474 int padlen;
3475
3476 padlen = base - (len % base);
3477
3478 if (lcconf->pad_randomlen)
3479 padlen += ((eay_random() % (lcconf->pad_maxsize + 1) + 1) *
3480 base);
3481
3482 return padlen;
3483 }
3484
3485 /* -----------------------------------------------------------------------------
3486 The base-64 encoding packs three 8-bit bytes into four 7-bit ASCII
3487 characters. If the number of bytes in the original data isn't divisable
3488 by three, "=" characters are used to pad the encoded data. The complete
3489 set of characters used in base-64 are:
3490 'A'..'Z' => 00..25
3491 'a'..'z' => 26..51
3492 '0'..'9' => 52..61
3493 '+' => 62
3494 '/' => 63
3495 '=' => pad
3496
3497 ----------------------------------------------------------------------------- */
3498 static const signed char base64_DecodeTable[128] = {
3499 /* 000 */ -1, -1, -1, -1, -1, -1, -1, -1,
3500 /* 010 */ -1, -1, -1, -1, -1, -1, -1, -1,
3501 /* 020 */ -1, -1, -1, -1, -1, -1, -1, -1,
3502 /* 030 */ -1, -1, -1, -1, -1, -1, -1, -1,
3503 /* ' ' */ -1, -1, -1, -1, -1, -1, -1, -1,
3504 /* '(' */ -1, -1, -1, 62, -1, -1, -1, 63,
3505 /* '0' */ 52, 53, 54, 55, 56, 57, 58, 59,
3506 /* '8' */ 60, 61, -1, -1, -1, 0, -1, -1,
3507 /* '@' */ -1, 0, 1, 2, 3, 4, 5, 6,
3508 /* 'H' */ 7, 8, 9, 10, 11, 12, 13, 14,
3509 /* 'P' */ 15, 16, 17, 18, 19, 20, 21, 22,
3510 /* 'X' */ 23, 24, 25, -1, -1, -1, -1, -1,
3511 /* '`' */ -1, 26, 27, 28, 29, 30, 31, 32,
3512 /* 'h' */ 33, 34, 35, 36, 37, 38, 39, 40,
3513 /* 'p' */ 41, 42, 43, 44, 45, 46, 47, 48,
3514 /* 'x' */ 49, 50, 51, -1, -1, -1, -1, -1
3515 };
3516
3517 static int base64toCFData(vchar_t *textin, CFDataRef *dataRef)
3518 {
3519 uint8_t *tmpbuf;
3520 uint8_t c;
3521 int tmpbufpos = 0;
3522 int numeq = 0;
3523 int acc = 0;
3524 int cntr = 0;
3525 uint8_t *textcur = (__typeof__(textcur))textin->v;
3526 int len = textin->l;
3527 int i;
3528
3529 tmpbuf = malloc(len); // len of result will be less than encoded len
3530 if (tmpbuf == NULL) {
3531 yyerror("memory error - could not allocate buffer for certificate reference conversion from base-64.");
3532 return -1;
3533 }
3534
3535 for (i = 0; i < len; i++) {
3536 c = *(textcur++);
3537 if (c == '=')
3538 numeq++;
3539 else if (!isspace(c))
3540 numeq = 0;
3541 if (base64_DecodeTable[c] < 0)
3542 continue;
3543 cntr++;
3544 acc <<= 6;
3545 acc += base64_DecodeTable[c];
3546 if (0 == (cntr & 0x3)) {
3547 tmpbuf[tmpbufpos++] = (acc >> 16) & 0xff;
3548 if (numeq < 2)
3549 tmpbuf[tmpbufpos++] = (acc >> 8) & 0xff;
3550 if (numeq < 1)
3551 tmpbuf[tmpbufpos++] = acc & 0xff;
3552 }
3553 }
3554 *dataRef = CFDataCreate(NULL, tmpbuf, tmpbufpos);
3555 free(tmpbuf);
3556 if (*dataRef)
3557 return 0;
3558 else
3559 return -1;
3560
3561 }
3562
mirror of ipsec