1: /* $NetBSD: oakley.c,v 1.22.2.2 2012/08/29 11:35:09 tteras Exp $ */
2:
3: /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #include "config.h"
35:
36: #include <sys/types.h>
37: #include <sys/param.h>
38: #include <sys/socket.h> /* XXX for subjectaltname */
39: #include <netinet/in.h> /* XXX for subjectaltname */
40:
41: #include <openssl/pkcs7.h>
42: #include <openssl/x509.h>
43:
44: #include <stdlib.h>
45: #include <stdio.h>
46: #include <string.h>
47: #include <errno.h>
48:
49: #if TIME_WITH_SYS_TIME
50: # include <sys/time.h>
51: # include <time.h>
52: #else
53: # if HAVE_SYS_TIME_H
54: # include <sys/time.h>
55: # else
56: # include <time.h>
57: # endif
58: #endif
59: #ifdef ENABLE_HYBRID
60: #include <resolv.h>
61: #endif
62:
63: #include "var.h"
64: #include "misc.h"
65: #include "vmbuf.h"
66: #include "str2val.h"
67: #include "plog.h"
68: #include "debug.h"
69:
70: #include "isakmp_var.h"
71: #include "isakmp.h"
72: #ifdef ENABLE_HYBRID
73: #include "isakmp_xauth.h"
74: #include "isakmp_cfg.h"
75: #endif
76: #include "oakley.h"
77: #include "admin.h"
78: #include "privsep.h"
79: #include "localconf.h"
80: #include "remoteconf.h"
81: #include "policy.h"
82: #include "handler.h"
83: #include "ipsec_doi.h"
84: #include "algorithm.h"
85: #include "dhgroup.h"
86: #include "sainfo.h"
87: #include "proposal.h"
88: #include "crypto_openssl.h"
89: #include "dnssec.h"
90: #include "sockmisc.h"
91: #include "strnames.h"
92: #include "gcmalloc.h"
93: #include "rsalist.h"
94:
95: #ifdef HAVE_GSSAPI
96: #include "gssapi.h"
97: #endif
98:
99: #define OUTBOUND_SA 0
100: #define INBOUND_SA 1
101:
102: #define INITDHVAL(a, s, d, t) \
103: do { \
104: vchar_t buf; \
105: buf.v = str2val((s), 16, &buf.l); \
106: memset(&a, 0, sizeof(struct dhgroup)); \
107: a.type = (t); \
108: a.prime = vdup(&buf); \
109: a.gen1 = 2; \
110: a.gen2 = 0; \
111: racoon_free(buf.v); \
112: } while(0);
113:
114: struct dhgroup dh_modp768;
115: struct dhgroup dh_modp1024;
116: struct dhgroup dh_modp1536;
117: struct dhgroup dh_modp2048;
118: struct dhgroup dh_modp3072;
119: struct dhgroup dh_modp4096;
120: struct dhgroup dh_modp6144;
121: struct dhgroup dh_modp8192;
122:
123:
124: static int oakley_check_dh_pub __P((vchar_t *, vchar_t **));
125: static int oakley_compute_keymat_x __P((struct ph2handle *, int, int));
126: static int oakley_check_certid __P((struct ph1handle *iph1));
127: static int check_typeofcertname __P((int, int));
128: static int oakley_padlen __P((int, int));
129: static int get_plainrsa_fromlocal __P((struct ph1handle *, int));
130:
131: int oakley_get_certtype(cert)
132: vchar_t *cert;
133: {
134: if (cert == NULL)
135: return ISAKMP_CERT_NONE;
136:
137: return cert->v[0];
138: }
139:
140: static vchar_t *
141: dump_isakmp_payload(gen)
142: struct isakmp_gen *gen;
143: {
144: vchar_t p;
145:
146: if (ntohs(gen->len) <= sizeof(*gen)) {
147: plog(LLV_ERROR, LOCATION, NULL,
148: "Len is too small !!.\n");
149: return NULL;
150: }
151:
152: p.v = (caddr_t) (gen + 1);
153: p.l = ntohs(gen->len) - sizeof(*gen);
154:
155: return vdup(&p);
156: }
157:
158: static vchar_t *
159: dump_x509(cert)
160: X509 *cert;
161: {
162: vchar_t *pl;
163: u_char *bp;
164: int len;
165:
166: len = i2d_X509(cert, NULL);
167:
168: pl = vmalloc(len + 1);
169: if (pl == NULL) {
170: plog(LLV_ERROR, LOCATION, NULL,
171: "Failed to copy CERT from packet.\n");
172: return NULL;
173: }
174:
175: pl->v[0] = ISAKMP_CERT_X509SIGN;
176: bp = (u_char *) &pl->v[1];
177: i2d_X509(cert, &bp);
178:
179: return pl;
180: }
181:
182:
183:
184: int
185: oakley_get_defaultlifetime()
186: {
187: return OAKLEY_ATTR_SA_LD_SEC_DEFAULT;
188: }
189:
190: int
191: oakley_dhinit()
192: {
193: /* set DH MODP */
194: INITDHVAL(dh_modp768, OAKLEY_PRIME_MODP768,
195: OAKLEY_ATTR_GRP_DESC_MODP768, OAKLEY_ATTR_GRP_TYPE_MODP);
196: INITDHVAL(dh_modp1024, OAKLEY_PRIME_MODP1024,
197: OAKLEY_ATTR_GRP_DESC_MODP1024, OAKLEY_ATTR_GRP_TYPE_MODP);
198: INITDHVAL(dh_modp1536, OAKLEY_PRIME_MODP1536,
199: OAKLEY_ATTR_GRP_DESC_MODP1536, OAKLEY_ATTR_GRP_TYPE_MODP);
200: INITDHVAL(dh_modp2048, OAKLEY_PRIME_MODP2048,
201: OAKLEY_ATTR_GRP_DESC_MODP2048, OAKLEY_ATTR_GRP_TYPE_MODP);
202: INITDHVAL(dh_modp3072, OAKLEY_PRIME_MODP3072,
203: OAKLEY_ATTR_GRP_DESC_MODP3072, OAKLEY_ATTR_GRP_TYPE_MODP);
204: INITDHVAL(dh_modp4096, OAKLEY_PRIME_MODP4096,
205: OAKLEY_ATTR_GRP_DESC_MODP4096, OAKLEY_ATTR_GRP_TYPE_MODP);
206: INITDHVAL(dh_modp6144, OAKLEY_PRIME_MODP6144,
207: OAKLEY_ATTR_GRP_DESC_MODP6144, OAKLEY_ATTR_GRP_TYPE_MODP);
208: INITDHVAL(dh_modp8192, OAKLEY_PRIME_MODP8192,
209: OAKLEY_ATTR_GRP_DESC_MODP8192, OAKLEY_ATTR_GRP_TYPE_MODP);
210:
211: return 0;
212: }
213:
214: void
215: oakley_dhgrp_free(dhgrp)
216: struct dhgroup *dhgrp;
217: {
218: if (dhgrp->prime)
219: vfree(dhgrp->prime);
220: if (dhgrp->curve_a)
221: vfree(dhgrp->curve_a);
222: if (dhgrp->curve_b)
223: vfree(dhgrp->curve_b);
224: if (dhgrp->order)
225: vfree(dhgrp->order);
226: racoon_free(dhgrp);
227: }
228:
229: /*
230: * RFC2409 5
231: * The length of the Diffie-Hellman public value MUST be equal to the
232: * length of the prime modulus over which the exponentiation was
233: * performed, prepending zero bits to the value if necessary.
234: */
235: static int
236: oakley_check_dh_pub(prime, pub0)
237: vchar_t *prime, **pub0;
238: {
239: vchar_t *tmp;
240: vchar_t *pub = *pub0;
241:
242: if (prime->l == pub->l)
243: return 0;
244:
245: if (prime->l < pub->l) {
246: /* what should i do ? */
247: plog(LLV_ERROR, LOCATION, NULL,
248: "invalid public information was generated.\n");
249: return -1;
250: }
251:
252: /* prime->l > pub->l */
253: tmp = vmalloc(prime->l);
254: if (tmp == NULL) {
255: plog(LLV_ERROR, LOCATION, NULL,
256: "failed to get DH buffer.\n");
257: return -1;
258: }
259: memcpy(tmp->v + prime->l - pub->l, pub->v, pub->l);
260:
261: vfree(*pub0);
262: *pub0 = tmp;
263:
264: return 0;
265: }
266:
267: /*
268: * compute sharing secret of DH
269: * IN: *dh, *pub, *priv, *pub_p
270: * OUT: **gxy
271: */
272: int
273: oakley_dh_compute(dh, pub, priv, pub_p, gxy)
274: const struct dhgroup *dh;
275: vchar_t *pub, *priv, *pub_p, **gxy;
276: {
277: #ifdef ENABLE_STATS
278: struct timeval start, end;
279: #endif
280: if ((*gxy = vmalloc(dh->prime->l)) == NULL) {
281: plog(LLV_ERROR, LOCATION, NULL,
282: "failed to get DH buffer.\n");
283: return -1;
284: }
285:
286: #ifdef ENABLE_STATS
287: gettimeofday(&start, NULL);
288: #endif
289: switch (dh->type) {
290: case OAKLEY_ATTR_GRP_TYPE_MODP:
291: if (eay_dh_compute(dh->prime, dh->gen1, pub, priv, pub_p, gxy) < 0) {
292: plog(LLV_ERROR, LOCATION, NULL,
293: "failed to compute dh value.\n");
294: return -1;
295: }
296: break;
297: case OAKLEY_ATTR_GRP_TYPE_ECP:
298: case OAKLEY_ATTR_GRP_TYPE_EC2N:
299: plog(LLV_ERROR, LOCATION, NULL,
300: "dh type %d isn't supported.\n", dh->type);
301: return -1;
302: default:
303: plog(LLV_ERROR, LOCATION, NULL,
304: "invalid dh type %d.\n", dh->type);
305: return -1;
306: }
307:
308: #ifdef ENABLE_STATS
309: gettimeofday(&end, NULL);
310: syslog(LOG_NOTICE, "%s(%s%zu): %8.6f", __func__,
311: s_attr_isakmp_group(dh->type), dh->prime->l << 3,
312: timedelta(&start, &end));
313: #endif
314:
315: plog(LLV_DEBUG, LOCATION, NULL, "compute DH's shared.\n");
316: plogdump(LLV_DEBUG, (*gxy)->v, (*gxy)->l);
317:
318: return 0;
319: }
320:
321: /*
322: * generate values of DH
323: * IN: *dh
324: * OUT: **pub, **priv
325: */
326: int
327: oakley_dh_generate(dh, pub, priv)
328: const struct dhgroup *dh;
329: vchar_t **pub, **priv;
330: {
331: #ifdef ENABLE_STATS
332: struct timeval start, end;
333: gettimeofday(&start, NULL);
334: #endif
335: switch (dh->type) {
336: case OAKLEY_ATTR_GRP_TYPE_MODP:
337: if (eay_dh_generate(dh->prime, dh->gen1, dh->gen2, pub, priv) < 0) {
338: plog(LLV_ERROR, LOCATION, NULL,
339: "failed to compute dh value.\n");
340: return -1;
341: }
342: break;
343:
344: case OAKLEY_ATTR_GRP_TYPE_ECP:
345: case OAKLEY_ATTR_GRP_TYPE_EC2N:
346: plog(LLV_ERROR, LOCATION, NULL,
347: "dh type %d isn't supported.\n", dh->type);
348: return -1;
349: default:
350: plog(LLV_ERROR, LOCATION, NULL,
351: "invalid dh type %d.\n", dh->type);
352: return -1;
353: }
354:
355: #ifdef ENABLE_STATS
356: gettimeofday(&end, NULL);
357: syslog(LOG_NOTICE, "%s(%s%zu): %8.6f", __func__,
358: s_attr_isakmp_group(dh->type), dh->prime->l << 3,
359: timedelta(&start, &end));
360: #endif
361:
362: if (oakley_check_dh_pub(dh->prime, pub) != 0)
363: return -1;
364:
365: plog(LLV_DEBUG, LOCATION, NULL, "compute DH's private.\n");
366: plogdump(LLV_DEBUG, (*priv)->v, (*priv)->l);
367: plog(LLV_DEBUG, LOCATION, NULL, "compute DH's public.\n");
368: plogdump(LLV_DEBUG, (*pub)->v, (*pub)->l);
369:
370: return 0;
371: }
372:
373: /*
374: * copy pre-defined dhgroup values.
375: */
376: int
377: oakley_setdhgroup(group, dhgrp)
378: int group;
379: struct dhgroup **dhgrp;
380: {
381: struct dhgroup *g;
382:
383: *dhgrp = NULL; /* just make sure, initialize */
384:
385: g = alg_oakley_dhdef_group(group);
386: if (g == NULL) {
387: plog(LLV_ERROR, LOCATION, NULL,
388: "invalid DH parameter grp=%d.\n", group);
389: return -1;
390: }
391:
392: if (!g->type || !g->prime || !g->gen1) {
393: /* unsuported */
394: plog(LLV_ERROR, LOCATION, NULL,
395: "unsupported DH parameters grp=%d.\n", group);
396: return -1;
397: }
398:
399: *dhgrp = racoon_calloc(1, sizeof(struct dhgroup));
400: if (*dhgrp == NULL) {
401: plog(LLV_ERROR, LOCATION, NULL,
402: "failed to get DH buffer.\n");
403: return 0;
404: }
405:
406: /* set defined dh vlaues */
407: memcpy(*dhgrp, g, sizeof(*g));
408: (*dhgrp)->prime = vdup(g->prime);
409:
410: return 0;
411: }
412:
413: /*
414: * PRF
415: *
416: * NOTE: we do not support prf with different input/output bitwidth,
417: * so we do not implement RFC2409 Appendix B (DOORAK-MAC example) in
418: * oakley_compute_keymat(). If you add support for such prf function,
419: * modify oakley_compute_keymat() accordingly.
420: */
421: vchar_t *
422: oakley_prf(key, buf, iph1)
423: vchar_t *key, *buf;
424: struct ph1handle *iph1;
425: {
426: vchar_t *res = NULL;
427: int type;
428:
429: if (iph1->approval == NULL) {
430: /*
431: * it's before negotiating hash algorithm.
432: * We use md5 as default.
433: */
434: type = OAKLEY_ATTR_HASH_ALG_MD5;
435: } else
436: type = iph1->approval->hashtype;
437:
438: res = alg_oakley_hmacdef_one(type, key, buf);
439: if (res == NULL) {
440: plog(LLV_ERROR, LOCATION, NULL,
441: "invalid hmac algorithm %d.\n", type);
442: return NULL;
443: }
444:
445: return res;
446: }
447:
448: /*
449: * hash
450: */
451: vchar_t *
452: oakley_hash(buf, iph1)
453: vchar_t *buf;
454: struct ph1handle *iph1;
455: {
456: vchar_t *res = NULL;
457: int type;
458:
459: if (iph1->approval == NULL) {
460: /*
461: * it's before negotiating hash algorithm.
462: * We use md5 as default.
463: */
464: type = OAKLEY_ATTR_HASH_ALG_MD5;
465: } else
466: type = iph1->approval->hashtype;
467:
468: res = alg_oakley_hashdef_one(type, buf);
469: if (res == NULL) {
470: plog(LLV_ERROR, LOCATION, NULL,
471: "invalid hash algorithm %d.\n", type);
472: return NULL;
473: }
474:
475: return res;
476: }
477:
478: /*
479: * compute KEYMAT
480: * see seciton 5.5 Phase 2 - Quick Mode in isakmp-oakley-05.
481: */
482: int
483: oakley_compute_keymat(iph2, side)
484: struct ph2handle *iph2;
485: int side;
486: {
487: int error = -1;
488:
489: /* compute sharing secret of DH when PFS */
490: if (iph2->approval->pfs_group && iph2->dhpub_p) {
491: if (oakley_dh_compute(iph2->pfsgrp, iph2->dhpub,
492: iph2->dhpriv, iph2->dhpub_p, &iph2->dhgxy) < 0)
493: goto end;
494: }
495:
496: /* compute keymat */
497: if (oakley_compute_keymat_x(iph2, side, INBOUND_SA) < 0
498: || oakley_compute_keymat_x(iph2, side, OUTBOUND_SA) < 0)
499: goto end;
500:
501: plog(LLV_DEBUG, LOCATION, NULL, "KEYMAT computed.\n");
502:
503: error = 0;
504:
505: end:
506: return error;
507: }
508:
509: /*
510: * compute KEYMAT.
511: * KEYMAT = prf(SKEYID_d, protocol | SPI | Ni_b | Nr_b).
512: * If PFS is desired and KE payloads were exchanged,
513: * KEYMAT = prf(SKEYID_d, g(qm)^xy | protocol | SPI | Ni_b | Nr_b)
514: *
515: * NOTE: we do not support prf with different input/output bitwidth,
516: * so we do not implement RFC2409 Appendix B (DOORAK-MAC example).
517: */
518: static int
519: oakley_compute_keymat_x(iph2, side, sa_dir)
520: struct ph2handle *iph2;
521: int side;
522: int sa_dir;
523: {
524: vchar_t *buf = NULL, *res = NULL, *bp;
525: char *p;
526: int len;
527: int error = -1;
528: int pfs = 0;
529: int dupkeymat; /* generate K[1-dupkeymat] */
530: struct saproto *pr;
531: struct satrns *tr;
532: int encklen, authklen, l;
533:
534: pfs = ((iph2->approval->pfs_group && iph2->dhgxy) ? 1 : 0);
535:
536: len = pfs ? iph2->dhgxy->l : 0;
537: len += (1
538: + sizeof(u_int32_t) /* XXX SPI size */
539: + iph2->nonce->l
540: + iph2->nonce_p->l);
541: buf = vmalloc(len);
542: if (buf == NULL) {
543: plog(LLV_ERROR, LOCATION, NULL,
544: "failed to get keymat buffer.\n");
545: goto end;
546: }
547:
548: for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
549: p = buf->v;
550:
551: /* if PFS */
552: if (pfs) {
553: memcpy(p, iph2->dhgxy->v, iph2->dhgxy->l);
554: p += iph2->dhgxy->l;
555: }
556:
557: p[0] = pr->proto_id;
558: p += 1;
559:
560: memcpy(p, (sa_dir == INBOUND_SA ? &pr->spi : &pr->spi_p),
561: sizeof(pr->spi));
562: p += sizeof(pr->spi);
563:
564: bp = (side == INITIATOR ? iph2->nonce : iph2->nonce_p);
565: memcpy(p, bp->v, bp->l);
566: p += bp->l;
567:
568: bp = (side == INITIATOR ? iph2->nonce_p : iph2->nonce);
569: memcpy(p, bp->v, bp->l);
570: p += bp->l;
571:
572: /* compute IV */
573: plog(LLV_DEBUG, LOCATION, NULL, "KEYMAT compute with\n");
574: plogdump(LLV_DEBUG, buf->v, buf->l);
575:
576: /* res = K1 */
577: res = oakley_prf(iph2->ph1->skeyid_d, buf, iph2->ph1);
578: if (res == NULL)
579: goto end;
580:
581: /* compute key length needed */
582: encklen = authklen = 0;
583: switch (pr->proto_id) {
584: case IPSECDOI_PROTO_IPSEC_ESP:
585: for (tr = pr->head; tr; tr = tr->next) {
586: l = alg_ipsec_encdef_keylen(tr->trns_id,
587: tr->encklen);
588: if (l > encklen)
589: encklen = l;
590:
591: l = alg_ipsec_hmacdef_hashlen(tr->authtype);
592: if (l > authklen)
593: authklen = l;
594: }
595: break;
596: case IPSECDOI_PROTO_IPSEC_AH:
597: for (tr = pr->head; tr; tr = tr->next) {
598: l = alg_ipsec_hmacdef_hashlen(tr->trns_id);
599: if (l > authklen)
600: authklen = l;
601: }
602: break;
603: default:
604: break;
605: }
606: plog(LLV_DEBUG, LOCATION, NULL, "encklen=%d authklen=%d\n",
607: encklen, authklen);
608:
609: dupkeymat = (encklen + authklen) / 8 / res->l;
610: dupkeymat += 2; /* safety mergin */
611: if (dupkeymat < 3)
612: dupkeymat = 3;
613: plog(LLV_DEBUG, LOCATION, NULL,
614: "generating %zu bits of key (dupkeymat=%d)\n",
615: dupkeymat * 8 * res->l, dupkeymat);
616: if (0 < --dupkeymat) {
617: vchar_t *prev = res; /* K(n-1) */
618: vchar_t *seed = NULL; /* seed for Kn */
619: size_t l;
620:
621: /*
622: * generating long key (isakmp-oakley-08 5.5)
623: * KEYMAT = K1 | K2 | K3 | ...
624: * where
625: * src = [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b
626: * K1 = prf(SKEYID_d, src)
627: * K2 = prf(SKEYID_d, K1 | src)
628: * K3 = prf(SKEYID_d, K2 | src)
629: * Kn = prf(SKEYID_d, K(n-1) | src)
630: */
631: plog(LLV_DEBUG, LOCATION, NULL,
632: "generating K1...K%d for KEYMAT.\n",
633: dupkeymat + 1);
634:
635: seed = vmalloc(prev->l + buf->l);
636: if (seed == NULL) {
637: plog(LLV_ERROR, LOCATION, NULL,
638: "failed to get keymat buffer.\n");
639: if (prev && prev != res)
640: vfree(prev);
641: goto end;
642: }
643:
644: while (dupkeymat--) {
645: vchar_t *this = NULL; /* Kn */
646: int update_prev;
647:
648: memcpy(seed->v, prev->v, prev->l);
649: memcpy(seed->v + prev->l, buf->v, buf->l);
650: this = oakley_prf(iph2->ph1->skeyid_d, seed,
651: iph2->ph1);
652: if (!this) {
653: plog(LLV_ERROR, LOCATION, NULL,
654: "oakley_prf memory overflow\n");
655: if (prev && prev != res)
656: vfree(prev);
657: vfree(this);
658: vfree(seed);
659: goto end;
660: }
661:
662: update_prev = (prev && prev == res) ? 1 : 0;
663:
664: l = res->l;
665: res = vrealloc(res, l + this->l);
666:
667: if (update_prev)
668: prev = res;
669:
670: if (res == NULL) {
671: plog(LLV_ERROR, LOCATION, NULL,
672: "failed to get keymat buffer.\n");
673: if (prev && prev != res)
674: vfree(prev);
675: vfree(this);
676: vfree(seed);
677: goto end;
678: }
679: memcpy(res->v + l, this->v, this->l);
680:
681: if (prev && prev != res)
682: vfree(prev);
683: prev = this;
684: this = NULL;
685: }
686:
687: if (prev && prev != res)
688: vfree(prev);
689: vfree(seed);
690: }
691:
692: plogdump(LLV_DEBUG, res->v, res->l);
693:
694: if (sa_dir == INBOUND_SA)
695: pr->keymat = res;
696: else
697: pr->keymat_p = res;
698: res = NULL;
699: }
700:
701: error = 0;
702:
703: end:
704: if (error) {
705: for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
706: if (pr->keymat) {
707: vfree(pr->keymat);
708: pr->keymat = NULL;
709: }
710: if (pr->keymat_p) {
711: vfree(pr->keymat_p);
712: pr->keymat_p = NULL;
713: }
714: }
715: }
716:
717: if (buf != NULL)
718: vfree(buf);
719: if (res)
720: vfree(res);
721:
722: return error;
723: }
724:
725: #if notyet
726: /*
727: * NOTE: Must terminate by NULL.
728: */
729: vchar_t *
730: oakley_compute_hashx(struct ph1handle *iph1, ...)
731: {
732: vchar_t *buf, *res;
733: vchar_t *s;
734: caddr_t p;
735: int len;
736:
737: va_list ap;
738:
739: /* get buffer length */
740: va_start(ap, iph1);
741: len = 0;
742: while ((s = va_arg(ap, vchar_t *)) != NULL) {
743: len += s->l
744: }
745: va_end(ap);
746:
747: buf = vmalloc(len);
748: if (buf == NULL) {
749: plog(LLV_ERROR, LOCATION, NULL,
750: "failed to get hash buffer\n");
751: return NULL;
752: }
753:
754: /* set buffer */
755: va_start(ap, iph1);
756: p = buf->v;
757: while ((s = va_arg(ap, char *)) != NULL) {
758: memcpy(p, s->v, s->l);
759: p += s->l;
760: }
761: va_end(ap);
762:
763: plog(LLV_DEBUG, LOCATION, NULL, "HASH with: \n");
764: plogdump(LLV_DEBUG, buf->v, buf->l);
765:
766: /* compute HASH */
767: res = oakley_prf(iph1->skeyid_a, buf, iph1);
768: vfree(buf);
769: if (res == NULL)
770: return NULL;
771:
772: plog(LLV_DEBUG, LOCATION, NULL, "HASH computed:\n");
773: plogdump(LLV_DEBUG, res->v, res->l);
774:
775: return res;
776: }
777: #endif
778:
779: /*
780: * compute HASH(3) prf(SKEYID_a, 0 | M-ID | Ni_b | Nr_b)
781: * see seciton 5.5 Phase 2 - Quick Mode in isakmp-oakley-05.
782: */
783: vchar_t *
784: oakley_compute_hash3(iph1, msgid, body)
785: struct ph1handle *iph1;
786: u_int32_t msgid;
787: vchar_t *body;
788: {
789: vchar_t *buf = 0, *res = 0;
790: int len;
791: int error = -1;
792:
793: /* create buffer */
794: len = 1 + sizeof(u_int32_t) + body->l;
795: buf = vmalloc(len);
796: if (buf == NULL) {
797: plog(LLV_DEBUG, LOCATION, NULL,
798: "failed to get hash buffer\n");
799: goto end;
800: }
801:
802: buf->v[0] = 0;
803:
804: memcpy(buf->v + 1, (char *)&msgid, sizeof(msgid));
805:
806: memcpy(buf->v + 1 + sizeof(u_int32_t), body->v, body->l);
807:
808: plog(LLV_DEBUG, LOCATION, NULL, "HASH with: \n");
809: plogdump(LLV_DEBUG, buf->v, buf->l);
810:
811: /* compute HASH */
812: res = oakley_prf(iph1->skeyid_a, buf, iph1);
813: if (res == NULL)
814: goto end;
815:
816: error = 0;
817:
818: plog(LLV_DEBUG, LOCATION, NULL, "HASH computed:\n");
819: plogdump(LLV_DEBUG, res->v, res->l);
820:
821: end:
822: if (buf != NULL)
823: vfree(buf);
824: return res;
825: }
826:
827: /*
828: * compute HASH type of prf(SKEYID_a, M-ID | buffer)
829: * e.g.
830: * for quick mode HASH(1):
831: * prf(SKEYID_a, M-ID | SA | Ni [ | KE ] [ | IDci | IDcr ])
832: * for quick mode HASH(2):
833: * prf(SKEYID_a, M-ID | Ni_b | SA | Nr [ | KE ] [ | IDci | IDcr ])
834: * for Informational exchange:
835: * prf(SKEYID_a, M-ID | N/D)
836: */
837: vchar_t *
838: oakley_compute_hash1(iph1, msgid, body)
839: struct ph1handle *iph1;
840: u_int32_t msgid;
841: vchar_t *body;
842: {
843: vchar_t *buf = NULL, *res = NULL;
844: char *p;
845: int len;
846: int error = -1;
847:
848: /* create buffer */
849: len = sizeof(u_int32_t) + body->l;
850: buf = vmalloc(len);
851: if (buf == NULL) {
852: plog(LLV_DEBUG, LOCATION, NULL,
853: "failed to get hash buffer\n");
854: goto end;
855: }
856:
857: p = buf->v;
858:
859: memcpy(buf->v, (char *)&msgid, sizeof(msgid));
860: p += sizeof(u_int32_t);
861:
862: memcpy(p, body->v, body->l);
863:
864: plog(LLV_DEBUG, LOCATION, NULL, "HASH with:\n");
865: plogdump(LLV_DEBUG, buf->v, buf->l);
866:
867: /* compute HASH */
868: res = oakley_prf(iph1->skeyid_a, buf, iph1);
869: if (res == NULL)
870: goto end;
871:
872: error = 0;
873:
874: plog(LLV_DEBUG, LOCATION, NULL, "HASH computed:\n");
875: plogdump(LLV_DEBUG, res->v, res->l);
876:
877: end:
878: if (buf != NULL)
879: vfree(buf);
880: return res;
881: }
882:
883: /*
884: * compute phase1 HASH
885: * main/aggressive
886: * I-digest = prf(SKEYID, g^i | g^r | CKY-I | CKY-R | SAi_b | ID_i1_b)
887: * R-digest = prf(SKEYID, g^r | g^i | CKY-R | CKY-I | SAi_b | ID_r1_b)
888: * for gssapi, also include all GSS tokens, and call gss_wrap on the result
889: */
890: vchar_t *
891: oakley_ph1hash_common(iph1, sw)
892: struct ph1handle *iph1;
893: int sw;
894: {
895: vchar_t *buf = NULL, *res = NULL, *bp;
896: char *p, *bp2;
897: int len, bl;
898: int error = -1;
899: #ifdef HAVE_GSSAPI
900: vchar_t *gsstokens = NULL;
901: #endif
902:
903: /* create buffer */
904: len = iph1->dhpub->l
905: + iph1->dhpub_p->l
906: + sizeof(cookie_t) * 2
907: + iph1->sa->l
908: + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
909:
910: #ifdef HAVE_GSSAPI
911: if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
912: if (iph1->gi_i != NULL && iph1->gi_r != NULL) {
913: bp = (sw == GENERATE ? iph1->gi_i : iph1->gi_r);
914: len += bp->l;
915: }
916: if (sw == GENERATE)
917: gssapi_get_itokens(iph1, &gsstokens);
918: else
919: gssapi_get_rtokens(iph1, &gsstokens);
920: if (gsstokens == NULL)
921: return NULL;
922: len += gsstokens->l;
923: }
924: #endif
925:
926: buf = vmalloc(len);
927: if (buf == NULL) {
928: plog(LLV_ERROR, LOCATION, NULL,
929: "failed to get hash buffer\n");
930: goto end;
931: }
932:
933: p = buf->v;
934:
935: bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
936: memcpy(p, bp->v, bp->l);
937: p += bp->l;
938:
939: bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
940: memcpy(p, bp->v, bp->l);
941: p += bp->l;
942:
943: if (iph1->side == INITIATOR)
944: bp2 = (sw == GENERATE ?
945: (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
946: else
947: bp2 = (sw == GENERATE ?
948: (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
949: bl = sizeof(cookie_t);
950: memcpy(p, bp2, bl);
951: p += bl;
952:
953: if (iph1->side == INITIATOR)
954: bp2 = (sw == GENERATE ?
955: (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
956: else
957: bp2 = (sw == GENERATE ?
958: (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
959: bl = sizeof(cookie_t);
960: memcpy(p, bp2, bl);
961: p += bl;
962:
963: bp = iph1->sa;
964: memcpy(p, bp->v, bp->l);
965: p += bp->l;
966:
967: bp = (sw == GENERATE ? iph1->id : iph1->id_p);
968: memcpy(p, bp->v, bp->l);
969: p += bp->l;
970:
971: #ifdef HAVE_GSSAPI
972: if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
973: if (iph1->gi_i != NULL && iph1->gi_r != NULL) {
974: bp = (sw == GENERATE ? iph1->gi_i : iph1->gi_r);
975: memcpy(p, bp->v, bp->l);
976: p += bp->l;
977: }
978: memcpy(p, gsstokens->v, gsstokens->l);
979: p += gsstokens->l;
980: }
981: #endif
982:
983: plog(LLV_DEBUG, LOCATION, NULL, "HASH with:\n");
984: plogdump(LLV_DEBUG, buf->v, buf->l);
985:
986: /* compute HASH */
987: res = oakley_prf(iph1->skeyid, buf, iph1);
988: if (res == NULL)
989: goto end;
990:
991: error = 0;
992:
993: plog(LLV_DEBUG, LOCATION, NULL, "HASH (%s) computed:\n",
994: iph1->side == INITIATOR ? "init" : "resp");
995: plogdump(LLV_DEBUG, res->v, res->l);
996:
997: end:
998: if (buf != NULL)
999: vfree(buf);
1000: #ifdef HAVE_GSSAPI
1001: if (gsstokens != NULL)
1002: vfree(gsstokens);
1003: #endif
1004: return res;
1005: }
1006:
1007: /*
1008: * compute HASH_I on base mode.
1009: * base:psk,rsa
1010: * HASH_I = prf(SKEYID, g^xi | CKY-I | CKY-R | SAi_b | IDii_b)
1011: * base:sig
1012: * HASH_I = prf(hash(Ni_b | Nr_b), g^xi | CKY-I | CKY-R | SAi_b | IDii_b)
1013: */
1014: vchar_t *
1015: oakley_ph1hash_base_i(iph1, sw)
1016: struct ph1handle *iph1;
1017: int sw;
1018: {
1019: vchar_t *buf = NULL, *res = NULL, *bp;
1020: vchar_t *hashkey = NULL;
1021: vchar_t *hash = NULL; /* for signature mode */
1022: char *p;
1023: int len;
1024: int error = -1;
1025:
1026: /* sanity check */
1027: if (iph1->etype != ISAKMP_ETYPE_BASE) {
1028: plog(LLV_ERROR, LOCATION, NULL,
1029: "invalid etype for this hash function\n");
1030: return NULL;
1031: }
1032:
1033: switch (iph1->approval->authmethod) {
1034: case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
1035: case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
1036: case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
1037: #ifdef ENABLE_HYBRID
1038: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
1039: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
1040: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
1041: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
1042: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I:
1043: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
1044: #endif
1045: if (iph1->skeyid == NULL) {
1046: plog(LLV_ERROR, LOCATION, NULL, "no SKEYID found.\n");
1047: return NULL;
1048: }
1049: hashkey = iph1->skeyid;
1050: break;
1051:
1052: case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
1053: case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
1054: #ifdef HAVE_GSSAPI
1055: case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB:
1056: #endif
1057: #ifdef ENABLE_HYBRID
1058: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1059: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
1060: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
1061: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
1062: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
1063: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
1064: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
1065: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
1066: #endif
1067: /* make hash for seed */
1068: len = iph1->nonce->l + iph1->nonce_p->l;
1069: buf = vmalloc(len);
1070: if (buf == NULL) {
1071: plog(LLV_ERROR, LOCATION, NULL,
1072: "failed to get hash buffer\n");
1073: goto end;
1074: }
1075: p = buf->v;
1076:
1077: bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1078: memcpy(p, bp->v, bp->l);
1079: p += bp->l;
1080:
1081: bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1082: memcpy(p, bp->v, bp->l);
1083: p += bp->l;
1084:
1085: hash = oakley_hash(buf, iph1);
1086: if (hash == NULL)
1087: goto end;
1088: vfree(buf);
1089: buf = NULL;
1090:
1091: hashkey = hash;
1092: break;
1093:
1094: default:
1095: plog(LLV_ERROR, LOCATION, NULL,
1096: "not supported authentication method %d\n",
1097: iph1->approval->authmethod);
1098: return NULL;
1099:
1100: }
1101:
1102: len = (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1103: + sizeof(cookie_t) * 2
1104: + iph1->sa->l
1105: + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
1106: buf = vmalloc(len);
1107: if (buf == NULL) {
1108: plog(LLV_ERROR, LOCATION, NULL,
1109: "failed to get hash buffer\n");
1110: goto end;
1111: }
1112: p = buf->v;
1113:
1114: bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1115: memcpy(p, bp->v, bp->l);
1116: p += bp->l;
1117:
1118: memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1119: p += sizeof(cookie_t);
1120: memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1121: p += sizeof(cookie_t);
1122:
1123: memcpy(p, iph1->sa->v, iph1->sa->l);
1124: p += iph1->sa->l;
1125:
1126: bp = (sw == GENERATE ? iph1->id : iph1->id_p);
1127: memcpy(p, bp->v, bp->l);
1128: p += bp->l;
1129:
1130: plog(LLV_DEBUG, LOCATION, NULL, "HASH_I with:\n");
1131: plogdump(LLV_DEBUG, buf->v, buf->l);
1132:
1133: /* compute HASH */
1134: res = oakley_prf(hashkey, buf, iph1);
1135: if (res == NULL)
1136: goto end;
1137:
1138: error = 0;
1139:
1140: plog(LLV_DEBUG, LOCATION, NULL, "HASH_I computed:\n");
1141: plogdump(LLV_DEBUG, res->v, res->l);
1142:
1143: end:
1144: if (hash != NULL)
1145: vfree(hash);
1146: if (buf != NULL)
1147: vfree(buf);
1148: return res;
1149: }
1150:
1151: /*
1152: * compute HASH_R on base mode for signature method.
1153: * base:
1154: * HASH_R = prf(hash(Ni_b | Nr_b), g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b)
1155: */
1156: vchar_t *
1157: oakley_ph1hash_base_r(iph1, sw)
1158: struct ph1handle *iph1;
1159: int sw;
1160: {
1161: vchar_t *buf = NULL, *res = NULL, *bp;
1162: vchar_t *hash = NULL;
1163: char *p;
1164: int len;
1165: int error = -1;
1166:
1167: /* sanity check */
1168: if (iph1->etype != ISAKMP_ETYPE_BASE) {
1169: plog(LLV_ERROR, LOCATION, NULL,
1170: "invalid etype for this hash function\n");
1171: return NULL;
1172: }
1173:
1174: switch (iph1->approval->authmethod) {
1175: case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
1176: case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
1177: #ifdef ENABLE_HYBRID
1178: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1179: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
1180: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
1181: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
1182: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
1183: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
1184: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
1185: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
1186: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I:
1187: #endif
1188: break;
1189: default:
1190: plog(LLV_ERROR, LOCATION, NULL,
1191: "not supported authentication method %d\n",
1192: iph1->approval->authmethod);
1193: return NULL;
1194: break;
1195: }
1196:
1197: /* make hash for seed */
1198: len = iph1->nonce->l + iph1->nonce_p->l;
1199: buf = vmalloc(len);
1200: if (buf == NULL) {
1201: plog(LLV_ERROR, LOCATION, NULL,
1202: "failed to get hash buffer\n");
1203: goto end;
1204: }
1205: p = buf->v;
1206:
1207: bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1208: memcpy(p, bp->v, bp->l);
1209: p += bp->l;
1210:
1211: bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1212: memcpy(p, bp->v, bp->l);
1213: p += bp->l;
1214:
1215: hash = oakley_hash(buf, iph1);
1216: if (hash == NULL)
1217: goto end;
1218: vfree(buf);
1219: buf = NULL;
1220:
1221: /* make really hash */
1222: len = (sw == GENERATE ? iph1->dhpub_p->l : iph1->dhpub->l)
1223: + (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1224: + sizeof(cookie_t) * 2
1225: + iph1->sa->l
1226: + (sw == GENERATE ? iph1->id_p->l : iph1->id->l);
1227: buf = vmalloc(len);
1228: if (buf == NULL) {
1229: plog(LLV_ERROR, LOCATION, NULL,
1230: "failed to get hash buffer\n");
1231: goto end;
1232: }
1233: p = buf->v;
1234:
1235:
1236: bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
1237: memcpy(p, bp->v, bp->l);
1238: p += bp->l;
1239:
1240: bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1241: memcpy(p, bp->v, bp->l);
1242: p += bp->l;
1243:
1244: memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1245: p += sizeof(cookie_t);
1246: memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1247: p += sizeof(cookie_t);
1248:
1249: memcpy(p, iph1->sa->v, iph1->sa->l);
1250: p += iph1->sa->l;
1251:
1252: bp = (sw == GENERATE ? iph1->id_p : iph1->id);
1253: memcpy(p, bp->v, bp->l);
1254: p += bp->l;
1255:
1256: plog(LLV_DEBUG, LOCATION, NULL, "HASH_R with:\n");
1257: plogdump(LLV_DEBUG, buf->v, buf->l);
1258:
1259: /* compute HASH */
1260: res = oakley_prf(hash, buf, iph1);
1261: if (res == NULL)
1262: goto end;
1263:
1264: error = 0;
1265:
1266: plog(LLV_DEBUG, LOCATION, NULL, "HASH_R computed:\n");
1267: plogdump(LLV_DEBUG, res->v, res->l);
1268:
1269: end:
1270: if (buf != NULL)
1271: vfree(buf);
1272: if (hash)
1273: vfree(hash);
1274: return res;
1275: }
1276:
1277: /*
1278: * compute each authentication method in phase 1.
1279: * OUT:
1280: * 0: OK
1281: * -1: error
1282: * other: error to be reply with notification.
1283: * the value is notification type.
1284: */
1285: int
1286: oakley_validate_auth(iph1)
1287: struct ph1handle *iph1;
1288: {
1289: vchar_t *my_hash = NULL;
1290: int result;
1291: int no_verify_needed = -1;
1292: #ifdef HAVE_GSSAPI
1293: vchar_t *gsshash = NULL;
1294: #endif
1295: #ifdef ENABLE_STATS
1296: struct timeval start, end;
1297: #endif
1298:
1299: #ifdef ENABLE_STATS
1300: gettimeofday(&start, NULL);
1301: #endif
1302:
1303: switch (iph1->approval->authmethod) {
1304: case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
1305: #ifdef ENABLE_HYBRID
1306: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I:
1307: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
1308: #endif
1309: /* validate HASH */
1310: {
1311: char *r_hash;
1312:
1313: if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1314: plog(LLV_ERROR, LOCATION, iph1->remote,
1315: "few isakmp message received.\n");
1316: return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1317: }
1318: #ifdef ENABLE_HYBRID
1319: if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I &&
1320: ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0))
1321: {
1322: plog(LLV_ERROR, LOCATION, NULL, "No SIG was passed, "
1323: "hybrid auth is enabled, "
1324: "but peer is no Xauth compliant\n");
1325: return ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED;
1326: break;
1327: }
1328: #endif
1329: r_hash = (caddr_t)(iph1->pl_hash + 1);
1330:
1331: plog(LLV_DEBUG, LOCATION, NULL, "HASH received:\n");
1332: plogdump(LLV_DEBUG, r_hash,
1333: ntohs(iph1->pl_hash->h.len) - sizeof(*iph1->pl_hash));
1334:
1335: switch (iph1->etype) {
1336: case ISAKMP_ETYPE_IDENT:
1337: case ISAKMP_ETYPE_AGG:
1338: my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1339: break;
1340: case ISAKMP_ETYPE_BASE:
1341: if (iph1->side == INITIATOR)
1342: my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1343: else
1344: my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1345: break;
1346: default:
1347: plog(LLV_ERROR, LOCATION, NULL,
1348: "invalid etype %d\n", iph1->etype);
1349: return ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE;
1350: }
1351: if (my_hash == NULL)
1352: return ISAKMP_INTERNAL_ERROR;
1353:
1354: result = memcmp(my_hash->v, r_hash, my_hash->l);
1355: vfree(my_hash);
1356:
1357: if (result) {
1358: plog(LLV_ERROR, LOCATION, NULL, "HASH mismatched\n");
1359: return ISAKMP_NTYPE_INVALID_HASH_INFORMATION;
1360: }
1361:
1362: plog(LLV_DEBUG, LOCATION, NULL, "HASH for PSK validated.\n");
1363: }
1364: break;
1365: #ifdef ENABLE_HYBRID
1366: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
1367: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
1368: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
1369: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
1370: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
1371: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
1372: no_verify_needed = 0;
1373: #endif
1374: case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
1375: case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
1376: {
1377: int error = 0;
1378: int certtype;
1379:
1380: /* validation */
1381: if (iph1->id_p == NULL) {
1382: plog(LLV_ERROR, LOCATION, iph1->remote,
1383: "no ID payload was passed.\n");
1384: return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1385: }
1386: if (iph1->sig_p == NULL) {
1387: plog(LLV_ERROR, LOCATION, iph1->remote,
1388: "no SIG payload was passed.\n");
1389: return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1390: }
1391:
1392: plog(LLV_DEBUG, LOCATION, NULL, "SIGN passed:\n");
1393: plogdump(LLV_DEBUG, iph1->sig_p->v, iph1->sig_p->l);
1394:
1395: /* get peer's cert */
1396: certtype = oakley_get_certtype(iph1->rmconf->peerscert);
1397: switch (certtype) {
1398: case ISAKMP_CERT_NONE:
1399: /* expect to receive one from peer */
1400: if (iph1->cert_p == NULL) {
1401: plog(LLV_ERROR, LOCATION, NULL,
1402: "no peer's CERT payload found.\n");
1403: return ISAKMP_INTERNAL_ERROR;
1404: }
1405: /* verify the cert if needed */
1406: if (!iph1->rmconf->verify_cert)
1407: break;
1408:
1409: switch (oakley_get_certtype(iph1->cert_p)) {
1410: case ISAKMP_CERT_X509SIGN: {
1411: char path[MAXPATHLEN];
1412: char *ca;
1413:
1414: if (iph1->rmconf->cacertfile != NULL) {
1415: getpathname(path, sizeof(path),
1416: LC_PATHTYPE_CERT,
1417: iph1->rmconf->cacertfile);
1418: ca = path;
1419: } else {
1420: ca = NULL;
1421: }
1422:
1423: error = eay_check_x509cert(
1424: iph1->cert_p,
1425: lcconf->pathinfo[LC_PATHTYPE_CERT],
1426: ca, 0);
1427: break;
1428: }
1429: default:
1430: plog(LLV_ERROR, LOCATION, NULL,
1431: "peers_cert certtype %d was not expected\n",
1432: certtype);
1433: return ISAKMP_INTERNAL_ERROR;
1434: }
1435:
1436: if (error != 0) {
1437: plog(LLV_ERROR, LOCATION, iph1->remote,
1438: "the peer's certificate is not verified.\n");
1439: return ISAKMP_NTYPE_INVALID_CERT_AUTHORITY;
1440: }
1441: break;
1442: case ISAKMP_CERT_X509SIGN:
1443: if (iph1->rmconf->peerscert == NULL) {
1444: plog(LLV_ERROR, LOCATION, NULL,
1445: "no peer's CERT file found.\n");
1446: return ISAKMP_INTERNAL_ERROR;
1447: }
1448: /* don't use received cert */
1449: if (iph1->cert_p != NULL) {
1450: vfree(iph1->cert_p);
1451: iph1->cert_p = NULL;
1452: }
1453: /* copy from remoteconf instead */
1454: iph1->cert_p = vdup(iph1->rmconf->peerscert);
1455: break;
1456: case ISAKMP_CERT_PLAINRSA:
1457: if (get_plainrsa_fromlocal(iph1, 0))
1458: return ISAKMP_INTERNAL_ERROR;
1459: /* suppress CERT validation warning, unless hybrid mode in use */
1460: if (no_verify_needed == -1)
1461: no_verify_needed = 1;
1462: break;
1463: case ISAKMP_CERT_DNS:
1464: /* don't use received cert */
1465: if (iph1->cert_p != NULL) {
1466: vfree(iph1->cert_p);
1467: iph1->cert_p = NULL;
1468: }
1469:
1470: iph1->cert_p = dnssec_getcert(iph1->id_p);
1471: if (iph1->cert_p == NULL) {
1472: plog(LLV_ERROR, LOCATION, NULL,
1473: "no CERT RR found.\n");
1474: return ISAKMP_INTERNAL_ERROR;
1475: }
1476: break;
1477: default:
1478: plog(LLV_ERROR, LOCATION, NULL,
1479: "invalid certificate type: %d\n",
1480: oakley_get_certtype(iph1->rmconf->peerscert));
1481: return ISAKMP_INTERNAL_ERROR;
1482: }
1483:
1484: /* compare ID payload and certificate name */
1485: if ((error = oakley_check_certid(iph1)) != 0)
1486: return error;
1487:
1488: /* Generate a warning unless verify_cert */
1489: if (iph1->rmconf->verify_cert) {
1490: plog(LLV_DEBUG, LOCATION, iph1->remote,
1491: "CERT validated\n");
1492: } else if (no_verify_needed != 1) {
1493: plog(LLV_WARNING, LOCATION, iph1->remote,
1494: "CERT validation disabled by configuration\n");
1495: }
1496:
1497: /* compute hash */
1498: switch (iph1->etype) {
1499: case ISAKMP_ETYPE_IDENT:
1500: case ISAKMP_ETYPE_AGG:
1501: my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1502: break;
1503: case ISAKMP_ETYPE_BASE:
1504: if (iph1->side == INITIATOR)
1505: my_hash = oakley_ph1hash_base_r(iph1, VALIDATE);
1506: else
1507: my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1508: break;
1509: default:
1510: plog(LLV_ERROR, LOCATION, NULL,
1511: "invalid etype %d\n", iph1->etype);
1512: return ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE;
1513: }
1514: if (my_hash == NULL)
1515: return ISAKMP_INTERNAL_ERROR;
1516:
1517: /* check signature */
1518: certtype = oakley_get_certtype(iph1->cert_p);
1519: if (certtype == ISAKMP_CERT_NONE)
1520: certtype = oakley_get_certtype(iph1->rmconf->peerscert);
1521: switch (certtype) {
1522: case ISAKMP_CERT_X509SIGN:
1523: case ISAKMP_CERT_DNS:
1524: error = eay_check_x509sign(my_hash,
1525: iph1->sig_p,
1526: iph1->cert_p);
1527: break;
1528: case ISAKMP_CERT_PLAINRSA:
1529: iph1->rsa_p = rsa_try_check_rsasign(my_hash,
1530: iph1->sig_p, iph1->rsa_candidates);
1531: error = iph1->rsa_p ? 0 : -1;
1532: genlist_free(iph1->rsa_candidates, NULL);
1533: iph1->rsa_candidates = NULL;
1534: break;
1535: default:
1536: plog(LLV_ERROR, LOCATION, NULL,
1537: "cannot check signature for certtype %d\n",
1538: certtype);
1539: vfree(my_hash);
1540: return ISAKMP_INTERNAL_ERROR;
1541: }
1542:
1543: vfree(my_hash);
1544: if (error != 0) {
1545: plog(LLV_ERROR, LOCATION, NULL,
1546: "Invalid SIG.\n");
1547: return ISAKMP_NTYPE_INVALID_SIGNATURE;
1548: }
1549: plog(LLV_DEBUG, LOCATION, NULL, "SIG authenticated\n");
1550: }
1551: break;
1552: #ifdef ENABLE_HYBRID
1553: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
1554: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
1555: {
1556: if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) {
1557: plog(LLV_ERROR, LOCATION, NULL, "No SIG was passed, "
1558: "hybrid auth is enabled, "
1559: "but peer is no Xauth compliant\n");
1560: return ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED;
1561: break;
1562: }
1563: plog(LLV_INFO, LOCATION, NULL, "No SIG was passed, "
1564: "but hybrid auth is enabled\n");
1565:
1566: return 0;
1567: break;
1568: }
1569: #endif
1570: #ifdef HAVE_GSSAPI
1571: case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB:
1572: /* check if we're not into XAUTH_PSKEY_I instead */
1573: #ifdef ENABLE_HYBRID
1574: if (iph1->rmconf->xauth)
1575: break;
1576: #endif
1577: switch (iph1->etype) {
1578: case ISAKMP_ETYPE_IDENT:
1579: case ISAKMP_ETYPE_AGG:
1580: my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1581: break;
1582: default:
1583: plog(LLV_ERROR, LOCATION, NULL,
1584: "invalid etype %d\n", iph1->etype);
1585: return ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE;
1586: }
1587:
1588: if (my_hash == NULL) {
1589: if (gssapi_more_tokens(iph1))
1590: return ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE;
1591: else
1592: return ISAKMP_NTYPE_INVALID_HASH_INFORMATION;
1593: }
1594:
1595: gsshash = gssapi_unwraphash(iph1);
1596: if (gsshash == NULL) {
1597: vfree(my_hash);
1598: return ISAKMP_NTYPE_INVALID_HASH_INFORMATION;
1599: }
1600:
1601: result = memcmp(my_hash->v, gsshash->v, my_hash->l);
1602: vfree(my_hash);
1603: vfree(gsshash);
1604:
1605: if (result) {
1606: plog(LLV_ERROR, LOCATION, NULL, "HASH mismatched\n");
1607: return ISAKMP_NTYPE_INVALID_HASH_INFORMATION;
1608: }
1609: plog(LLV_DEBUG, LOCATION, NULL, "hash compared OK\n");
1610: break;
1611: #endif
1612: case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
1613: case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
1614: #ifdef ENABLE_HYBRID
1615: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
1616: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
1617: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
1618: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
1619: #endif
1620: if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1621: plog(LLV_ERROR, LOCATION, iph1->remote,
1622: "few isakmp message received.\n");
1623: return ISAKMP_NTYPE_PAYLOAD_MALFORMED;
1624: }
1625: plog(LLV_ERROR, LOCATION, iph1->remote,
1626: "not supported authmethod type %s\n",
1627: s_oakley_attr_method(iph1->approval->authmethod));
1628: return ISAKMP_INTERNAL_ERROR;
1629: default:
1630: plog(LLV_ERROR, LOCATION, iph1->remote,
1631: "invalid authmethod %d why ?\n",
1632: iph1->approval->authmethod);
1633: return ISAKMP_INTERNAL_ERROR;
1634: }
1635: #ifdef ENABLE_STATS
1636: gettimeofday(&end, NULL);
1637: syslog(LOG_NOTICE, "%s(%s): %8.6f", __func__,
1638: s_oakley_attr_method(iph1->approval->authmethod),
1639: timedelta(&start, &end));
1640: #endif
1641:
1642: return 0;
1643: }
1644:
1645: /* get my certificate
1646: * NOTE: include certificate type.
1647: */
1648: int
1649: oakley_getmycert(iph1)
1650: struct ph1handle *iph1;
1651: {
1652: switch (oakley_get_certtype(iph1->rmconf->mycert)) {
1653: case ISAKMP_CERT_X509SIGN:
1654: if (iph1->cert)
1655: return 0;
1656: iph1->cert = vdup(iph1->rmconf->mycert);
1657: break;
1658: case ISAKMP_CERT_PLAINRSA:
1659: if (iph1->rsa)
1660: return 0;
1661: return get_plainrsa_fromlocal(iph1, 1);
1662: default:
1663: plog(LLV_ERROR, LOCATION, NULL,
1664: "Unknown certtype #%d\n",
1665: oakley_get_certtype(iph1->rmconf->mycert));
1666: return -1;
1667: }
1668:
1669: return 0;
1670: }
1671:
1672: static int
1673: get_plainrsa_fromlocal(iph1, my)
1674: struct ph1handle *iph1;
1675: int my;
1676: {
1677: char path[MAXPATHLEN];
1678: vchar_t *cert = NULL;
1679: char *certfile;
1680: int error = -1;
1681:
1682: iph1->rsa_candidates = rsa_lookup_keys(iph1, my);
1683: if (!iph1->rsa_candidates ||
1684: rsa_list_count(iph1->rsa_candidates) == 0) {
1685: plog(LLV_ERROR, LOCATION, NULL,
1686: "%s RSA key not found for %s\n",
1687: my ? "Private" : "Public",
1688: saddr2str_fromto("%s <-> %s",
1689: iph1->local, iph1->remote));
1690: goto end;
1691: }
1692:
1693: if (my && rsa_list_count(iph1->rsa_candidates) > 1) {
1694: plog(LLV_WARNING, LOCATION, NULL,
1695: "More than one (=%lu) private "
1696: "PlainRSA key found for %s\n",
1697: rsa_list_count(iph1->rsa_candidates),
1698: saddr2str_fromto("%s <-> %s",
1699: iph1->local, iph1->remote));
1700: plog(LLV_WARNING, LOCATION, NULL,
1701: "This may have unpredictable results, "
1702: "i.e. wrong key could be used!\n");
1703: plog(LLV_WARNING, LOCATION, NULL,
1704: "Consider using only one single private "
1705: "key for all peers...\n");
1706: }
1707: if (my) {
1708: iph1->rsa = ((struct rsa_key *)
1709: genlist_next(iph1->rsa_candidates, NULL))->rsa;
1710:
1711: genlist_free(iph1->rsa_candidates, NULL);
1712: iph1->rsa_candidates = NULL;
1713:
1714: if (iph1->rsa == NULL)
1715: goto end;
1716: }
1717:
1718: error = 0;
1719:
1720: end:
1721: return error;
1722: }
1723:
1724: /* get signature */
1725: int
1726: oakley_getsign(iph1)
1727: struct ph1handle *iph1;
1728: {
1729: char path[MAXPATHLEN];
1730: vchar_t *privkey = NULL;
1731: int error = -1;
1732:
1733: switch (oakley_get_certtype(iph1->rmconf->mycert)) {
1734: case ISAKMP_CERT_X509SIGN:
1735: case ISAKMP_CERT_DNS:
1736: if (iph1->rmconf->myprivfile == NULL) {
1737: plog(LLV_ERROR, LOCATION, NULL, "no cert defined.\n");
1738: goto end;
1739: }
1740:
1741: /* make private file name */
1742: getpathname(path, sizeof(path),
1743: LC_PATHTYPE_CERT,
1744: iph1->rmconf->myprivfile);
1745: privkey = privsep_eay_get_pkcs1privkey(path);
1746: if (privkey == NULL) {
1747: plog(LLV_ERROR, LOCATION, NULL,
1748: "failed to get private key.\n");
1749: goto end;
1750: }
1751: plog(LLV_DEBUG2, LOCATION, NULL, "private key:\n");
1752: plogdump(LLV_DEBUG2, privkey->v, privkey->l);
1753: iph1->sig = eay_get_x509sign(iph1->hash, privkey);
1754: break;
1755: case ISAKMP_CERT_PLAINRSA:
1756: iph1->sig = eay_get_rsasign(iph1->hash, iph1->rsa);
1757: break;
1758: default:
1759: plog(LLV_ERROR, LOCATION, NULL,
1760: "Unknown certtype #%d\n",
1761: oakley_get_certtype(iph1->rmconf->mycert));
1762: goto end;
1763: }
1764:
1765: if (iph1->sig == NULL) {
1766: plog(LLV_ERROR, LOCATION, NULL, "failed to sign.\n");
1767: goto end;
1768: }
1769:
1770: plog(LLV_DEBUG, LOCATION, NULL, "SIGN computed:\n");
1771: plogdump(LLV_DEBUG, iph1->sig->v, iph1->sig->l);
1772:
1773: error = 0;
1774:
1775: end:
1776: if (privkey != NULL)
1777: vfree(privkey);
1778:
1779: return error;
1780: }
1781:
1782: /*
1783: * compare certificate name and ID value.
1784: */
1785: static int
1786: oakley_check_certid(iph1)
1787: struct ph1handle *iph1;
1788: {
1789: struct ipsecdoi_id_b *id_b;
1790: vchar_t *name = NULL;
1791: char *altname = NULL;
1792: int idlen, type;
1793: int error;
1794:
1795: if (iph1->rmconf == NULL || iph1->rmconf->verify_cert == FALSE)
1796: return 0;
1797:
1798: if (iph1->id_p == NULL || iph1->cert_p == NULL) {
1799: plog(LLV_ERROR, LOCATION, iph1->remote, "no ID nor CERT found.\n");
1800: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1801: }
1802:
1803: id_b = (struct ipsecdoi_id_b *)iph1->id_p->v;
1804: idlen = iph1->id_p->l - sizeof(*id_b);
1805:
1806: switch (id_b->type) {
1807: case IPSECDOI_ID_DER_ASN1_DN:
1808: name = eay_get_x509asn1subjectname(iph1->cert_p);
1809: if (!name) {
1810: plog(LLV_ERROR, LOCATION, iph1->remote,
1811: "failed to get subjectName\n");
1812: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1813: }
1814: if (idlen != name->l) {
1815: plog(LLV_ERROR, LOCATION, iph1->remote,
1816: "Invalid ID length in phase 1.\n");
1817: vfree(name);
1818: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1819: }
1820: error = memcmp(id_b + 1, name->v, idlen);
1821: if (error != 0) {
1822: plog(LLV_ERROR, LOCATION, iph1->remote,
1823: "ID mismatched with ASN1 SubjectName.\n");
1824: plogdump(LLV_DEBUG, id_b + 1, idlen);
1825: plogdump(LLV_DEBUG, name->v, idlen);
1826: if (iph1->rmconf->verify_identifier) {
1827: vfree(name);
1828: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1829: }
1830: }
1831: vfree(name);
1832: return 0;
1833: case IPSECDOI_ID_IPV4_ADDR:
1834: case IPSECDOI_ID_IPV6_ADDR:
1835: {
1836: /*
1837: * converting to binary from string because openssl return
1838: * a string even if object is a binary.
1839: * XXX fix it ! access by ASN.1 directly without.
1840: */
1841: struct addrinfo hints, *res;
1842: caddr_t a = NULL;
1843: int pos;
1844:
1845: for (pos = 1; ; pos++) {
1846: if (eay_get_x509subjectaltname(iph1->cert_p,
1847: &altname, &type, pos) !=0) {
1848: plog(LLV_ERROR, LOCATION, NULL,
1849: "failed to get subjectAltName\n");
1850: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1851: }
1852:
1853: /* it's the end condition of the loop. */
1854: if (!altname) {
1855: plog(LLV_ERROR, LOCATION, NULL,
1856: "no proper subjectAltName.\n");
1857: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1858: }
1859:
1860: if (check_typeofcertname(id_b->type, type) == 0)
1861: break;
1862:
1863: /* next name */
1864: racoon_free(altname);
1865: altname = NULL;
1866: }
1867: memset(&hints, 0, sizeof(hints));
1868: hints.ai_family = PF_UNSPEC;
1869: hints.ai_socktype = SOCK_RAW;
1870: hints.ai_flags = AI_NUMERICHOST;
1871: error = getaddrinfo(altname, NULL, &hints, &res);
1872: racoon_free(altname);
1873: altname = NULL;
1874: if (error != 0) {
1875: plog(LLV_ERROR, LOCATION, NULL,
1876: "no proper subjectAltName.\n");
1877: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1878: }
1879: switch (res->ai_family) {
1880: case AF_INET:
1881: a = (caddr_t)&((struct sockaddr_in *)res->ai_addr)->sin_addr.s_addr;
1882: break;
1883: #ifdef INET6
1884: case AF_INET6:
1885: a = (caddr_t)&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr.s6_addr;
1886: break;
1887: #endif
1888: default:
1889: plog(LLV_ERROR, LOCATION, NULL,
1890: "family not supported: %d.\n", res->ai_family);
1891: freeaddrinfo(res);
1892: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1893: }
1894: error = memcmp(id_b + 1, a, idlen);
1895: freeaddrinfo(res);
1896: vfree(name);
1897: if (error != 0) {
1898: plog(LLV_ERROR, LOCATION, NULL,
1899: "ID mismatched with subjectAltName.\n");
1900: plogdump(LLV_DEBUG, id_b + 1, idlen);
1901: plogdump(LLV_DEBUG, a, idlen);
1902: if (iph1->rmconf->verify_identifier)
1903: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1904: }
1905: return 0;
1906: }
1907: case IPSECDOI_ID_FQDN:
1908: case IPSECDOI_ID_USER_FQDN:
1909: {
1910: int pos;
1911:
1912: for (pos = 1; ; pos++) {
1913: if (eay_get_x509subjectaltname(iph1->cert_p,
1914: &altname, &type, pos) != 0){
1915: plog(LLV_ERROR, LOCATION, NULL,
1916: "failed to get subjectAltName\n");
1917: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1918: }
1919:
1920: /* it's the end condition of the loop. */
1921: if (!altname) {
1922: plog(LLV_ERROR, LOCATION, NULL,
1923: "no proper subjectAltName.\n");
1924: return ISAKMP_NTYPE_INVALID_CERTIFICATE;
1925: }
1926:
1927: if (check_typeofcertname(id_b->type, type) == 0)
1928: break;
1929:
1930: /* next name */
1931: racoon_free(altname);
1932: altname = NULL;
1933: }
1934: if (idlen != strlen(altname)) {
1935: plog(LLV_ERROR, LOCATION, NULL,
1936: "Invalid ID length in phase 1.\n");
1937: racoon_free(altname);
1938: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1939: }
1940: if (check_typeofcertname(id_b->type, type) != 0) {
1941: plog(LLV_ERROR, LOCATION, NULL,
1942: "ID type mismatched. ID: %s CERT: %s.\n",
1943: s_ipsecdoi_ident(id_b->type),
1944: s_ipsecdoi_ident(type));
1945: racoon_free(altname);
1946: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1947: }
1948: error = memcmp(id_b + 1, altname, idlen);
1949: if (error) {
1950: plog(LLV_ERROR, LOCATION, NULL, "ID mismatched.\n");
1951: plogdump(LLV_DEBUG, id_b + 1, idlen);
1952: plogdump(LLV_DEBUG, altname, idlen);
1953: racoon_free(altname);
1954: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1955: }
1956: racoon_free(altname);
1957: return 0;
1958: }
1959: default:
1960: plog(LLV_ERROR, LOCATION, NULL,
1961: "Inpropper ID type passed: %s.\n",
1962: s_ipsecdoi_ident(id_b->type));
1963: return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
1964: }
1965: /*NOTREACHED*/
1966: }
1967:
1968: static int
1969: check_typeofcertname(doi, genid)
1970: int doi, genid;
1971: {
1972: switch (doi) {
1973: case IPSECDOI_ID_IPV4_ADDR:
1974: case IPSECDOI_ID_IPV4_ADDR_SUBNET:
1975: case IPSECDOI_ID_IPV6_ADDR:
1976: case IPSECDOI_ID_IPV6_ADDR_SUBNET:
1977: case IPSECDOI_ID_IPV4_ADDR_RANGE:
1978: case IPSECDOI_ID_IPV6_ADDR_RANGE:
1979: if (genid != GENT_IPADD)
1980: return -1;
1981: return 0;
1982: case IPSECDOI_ID_FQDN:
1983: if (genid != GENT_DNS)
1984: return -1;
1985: return 0;
1986: case IPSECDOI_ID_USER_FQDN:
1987: if (genid != GENT_EMAIL)
1988: return -1;
1989: return 0;
1990: case IPSECDOI_ID_DER_ASN1_DN: /* should not be passed to this function*/
1991: case IPSECDOI_ID_DER_ASN1_GN:
1992: case IPSECDOI_ID_KEY_ID:
1993: default:
1994: return -1;
1995: }
1996: /*NOTREACHED*/
1997: }
1998:
1999: /*
2000: * save certificate including certificate type.
2001: */
2002: int
2003: oakley_savecert(iph1, gen)
2004: struct ph1handle *iph1;
2005: struct isakmp_gen *gen;
2006: {
2007: vchar_t **c;
2008: u_int8_t type;
2009: STACK_OF(X509) *certs=NULL;
2010: PKCS7 *p7;
2011:
2012: type = *(u_int8_t *)(gen + 1) & 0xff;
2013:
2014: switch (type) {
2015: case ISAKMP_CERT_DNS:
2016: plog(LLV_WARNING, LOCATION, NULL,
2017: "CERT payload is unnecessary in DNSSEC. "
2018: "ignore this CERT payload.\n");
2019: return 0;
2020: case ISAKMP_CERT_PKCS7:
2021: case ISAKMP_CERT_PGP:
2022: case ISAKMP_CERT_X509SIGN:
2023: case ISAKMP_CERT_KERBEROS:
2024: case ISAKMP_CERT_SPKI:
2025: c = &iph1->cert_p;
2026: break;
2027: case ISAKMP_CERT_CRL:
2028: c = &iph1->crl_p;
2029: break;
2030: case ISAKMP_CERT_X509KE:
2031: case ISAKMP_CERT_X509ATTR:
2032: case ISAKMP_CERT_ARL:
2033: plog(LLV_ERROR, LOCATION, NULL,
2034: "No supported such CERT type %d\n", type);
2035: return -1;
2036: default:
2037: plog(LLV_ERROR, LOCATION, NULL,
2038: "Invalid CERT type %d\n", type);
2039: return -1;
2040: }
2041:
2042: /* XXX choice the 1th cert, ignore after the cert. */
2043: /* XXX should be processed. */
2044: if (*c) {
2045: plog(LLV_WARNING, LOCATION, NULL,
2046: "ignore 2nd CERT payload.\n");
2047: return 0;
2048: }
2049:
2050: if (type == ISAKMP_CERT_PKCS7) {
2051: u_char *bp;
2052: int i;
2053:
2054: /* Skip the header */
2055: bp = (u_char *)(gen + 1);
2056: /* And the first byte is the certificate type,
2057: * we know that already
2058: */
2059: bp++;
2060: p7 = d2i_PKCS7(NULL, (void *)&bp,
2061: ntohs(gen->len) - sizeof(*gen) - 1);
2062:
2063: if (!p7) {
2064: plog(LLV_ERROR, LOCATION, NULL,
2065: "Failed to parse PKCS#7 CERT.\n");
2066: return -1;
2067: }
2068:
2069: /* Copied this from the openssl pkcs7 application;
2070: * there"s little by way of documentation for any of
2071: * it. I can only presume it"s correct.
2072: */
2073:
2074: i = OBJ_obj2nid(p7->type);
2075: switch (i) {
2076: case NID_pkcs7_signed:
2077: certs=p7->d.sign->cert;
2078: break;
2079: case NID_pkcs7_signedAndEnveloped:
2080: certs=p7->d.signed_and_enveloped->cert;
2081: break;
2082: default:
2083: break;
2084: }
2085:
2086: if (!certs) {
2087: plog(LLV_ERROR, LOCATION, NULL,
2088: "CERT PKCS#7 bundle contains no certs.\n");
2089: PKCS7_free(p7);
2090: return -1;
2091: }
2092:
2093: for (i = 0; i < sk_X509_num(certs); i++) {
2094: int len;
2095: u_char *bp;
2096: X509 *cert = sk_X509_value(certs,i);
2097:
2098: plog(LLV_DEBUG, LOCATION, NULL,
2099: "Trying PKCS#7 cert %d.\n", i);
2100:
2101: /* We'll just try each cert in turn */
2102: *c = dump_x509(cert);
2103:
2104: if (!*c) {
2105: plog(LLV_ERROR, LOCATION, NULL,
2106: "Failed to get CERT buffer.\n");
2107: continue;
2108: }
2109:
2110: /* Ignore cert if it doesn't match identity
2111: * XXX If verify cert is disabled, we still just take
2112: * the first certificate....
2113: */
2114: if (oakley_check_certid(iph1)) {
2115: plog(LLV_DEBUG, LOCATION, NULL,
2116: "Discarding CERT: does not match ID.\n");
2117: vfree((*c));
2118: *c = NULL;
2119: continue;
2120: }
2121:
2122: {
2123: char *p = eay_get_x509text(*c);
2124: plog(LLV_DEBUG, LOCATION, NULL, "CERT saved:\n");
2125: plogdump(LLV_DEBUG, (*c)->v, (*c)->l);
2126: plog(LLV_DEBUG, LOCATION, NULL, "%s",
2127: p ? p : "\n");
2128: racoon_free(p);
2129: }
2130: break;
2131: }
2132: PKCS7_free(p7);
2133: } else {
2134: *c = dump_isakmp_payload(gen);
2135: if (!*c) {
2136: plog(LLV_ERROR, LOCATION, NULL,
2137: "Failed to get CERT buffer.\n");
2138: return -1;
2139: }
2140:
2141: switch (type) {
2142: case ISAKMP_CERT_PGP:
2143: case ISAKMP_CERT_X509SIGN:
2144: case ISAKMP_CERT_KERBEROS:
2145: case ISAKMP_CERT_SPKI:
2146: /* Ignore cert if it doesn't match identity
2147: * XXX If verify cert is disabled, we still just take
2148: * the first certificate....
2149: */
2150: if (oakley_check_certid(iph1)){
2151: plog(LLV_DEBUG, LOCATION, NULL,
2152: "Discarding CERT: does not match ID.\n");
2153: vfree((*c));
2154: *c = NULL;
2155: return 0;
2156: }
2157:
2158: {
2159: char *p = eay_get_x509text(*c);
2160: plog(LLV_DEBUG, LOCATION, NULL, "CERT saved:\n");
2161: plogdump(LLV_DEBUG, (*c)->v, (*c)->l);
2162: plog(LLV_DEBUG, LOCATION, NULL, "%s", p ? p : "\n");
2163: racoon_free(p);
2164: }
2165: break;
2166: case ISAKMP_CERT_CRL:
2167: plog(LLV_DEBUG, LOCATION, NULL, "CRL saved:\n");
2168: plogdump(LLV_DEBUG, (*c)->v, (*c)->l);
2169: break;
2170: case ISAKMP_CERT_X509KE:
2171: case ISAKMP_CERT_X509ATTR:
2172: case ISAKMP_CERT_ARL:
2173: default:
2174: /* XXX */
2175: vfree(*c);
2176: *c = NULL;
2177: return 0;
2178: }
2179: }
2180:
2181: return 0;
2182: }
2183:
2184: /*
2185: * save certificate including certificate type.
2186: */
2187: int
2188: oakley_savecr(iph1, gen)
2189: struct ph1handle *iph1;
2190: struct isakmp_gen *gen;
2191: {
2192: vchar_t *cert;
2193: vchar_t **c;
2194: u_int8_t type;
2195:
2196: type = *(u_int8_t *)(gen + 1) & 0xff;
2197: switch (type) {
2198: case ISAKMP_CERT_DNS:
2199: plog(LLV_WARNING, LOCATION, NULL,
2200: "CERT payload is unnecessary in DNSSEC\n");
2201: /*FALLTHRU*/
2202: case ISAKMP_CERT_PKCS7:
2203: case ISAKMP_CERT_PGP:
2204: case ISAKMP_CERT_X509SIGN:
2205: case ISAKMP_CERT_KERBEROS:
2206: case ISAKMP_CERT_SPKI:
2207: c = &iph1->cr_p;
2208: break;
2209: case ISAKMP_CERT_X509KE:
2210: case ISAKMP_CERT_X509ATTR:
2211: case ISAKMP_CERT_ARL:
2212: plog(LLV_ERROR, LOCATION, NULL,
2213: "No supported such CR type %d\n", type);
2214: return -1;
2215: case ISAKMP_CERT_CRL:
2216: default:
2217: plog(LLV_ERROR, LOCATION, NULL,
2218: "Invalid CR type %d\n", type);
2219: return -1;
2220: }
2221:
2222: /* Already found an acceptable CR? */
2223: if (*c != NULL)
2224: return 0;
2225:
2226: cert = dump_isakmp_payload(gen);
2227: if (cert == NULL) {
2228: plog(LLV_ERROR, LOCATION, NULL,
2229: "Failed to get CR buffer.\n");
2230: return -1;
2231: }
2232:
2233: plog(LLV_DEBUG, LOCATION, NULL, "CR received:\n");
2234: plogdump(LLV_DEBUG, cert->v, cert->l);
2235:
2236: *c = cert;
2237: if (resolveph1rmconf(iph1) == 0) {
2238: /* Found unique match */
2239: plog(LLV_DEBUG, LOCATION, NULL, "CR saved.\n");
2240: } else {
2241: /* Still ambiguous or matches nothing, ignore this CR */
2242: *c = NULL;
2243: vfree(cert);
2244: }
2245: return 0;
2246: }
2247:
2248: /*
2249: * Add a single CR.
2250: */
2251: struct append_cr_ctx {
2252: struct ph1handle *iph1;
2253: struct payload_list *plist;
2254: };
2255:
2256: static int
2257: oakley_append_rmconf_cr(rmconf, ctx)
2258: struct remoteconf *rmconf;
2259: void *ctx;
2260: {
2261: struct append_cr_ctx *actx = (struct append_cr_ctx *) ctx;
2262: vchar_t *buf, *asn1dn = NULL;
2263: int type;
2264:
2265: /* Do we want to send CR about this? */
2266: if (rmconf->send_cr == FALSE)
2267: return 0;
2268:
2269: if (rmconf->peerscert != NULL) {
2270: type = oakley_get_certtype(rmconf->peerscert);
2271: asn1dn = eay_get_x509asn1issuername(rmconf->peerscert);
2272: } else if (rmconf->cacert != NULL) {
2273: type = oakley_get_certtype(rmconf->cacert);
2274: asn1dn = eay_get_x509asn1subjectname(rmconf->cacert);
2275: } else
2276: return 0;
2277:
2278: if (asn1dn == NULL) {
2279: plog(LLV_ERROR, LOCATION, actx->iph1->remote,
2280: "Failed to get CR ASN1 DN from certificate\n");
2281: return 0;
2282: }
2283:
2284: buf = vmalloc(1 + asn1dn->l);
2285: if (buf == NULL)
2286: goto err;
2287:
2288: buf->v[0] = type;
2289: memcpy(&buf->v[1], asn1dn->v, asn1dn->l);
2290:
2291: plog(LLV_DEBUG, LOCATION, actx->iph1->remote,
2292: "appending CR: %s\n",
2293: s_isakmp_certtype(buf->v[0]));
2294: plogdump(LLV_DEBUG, buf->v, buf->l);
2295:
2296: actx->plist = isakmp_plist_append_full(actx->plist, buf, ISAKMP_NPTYPE_CR, 1);
2297:
2298: err:
2299: vfree(asn1dn);
2300: return 0;
2301: }
2302:
2303: /*
2304: * Append list of acceptable CRs.
2305: * RFC2048 3.10
2306: */
2307: struct payload_list *
2308: oakley_append_cr(plist, iph1)
2309: struct payload_list *plist;
2310: struct ph1handle *iph1;
2311: {
2312: struct append_cr_ctx ctx;
2313: struct rmconfselector sel;
2314:
2315: ctx.iph1 = iph1;
2316: ctx.plist = plist;
2317: if (iph1->rmconf == NULL) {
2318: rmconf_selector_from_ph1(&sel, iph1);
2319: enumrmconf(&sel, oakley_append_rmconf_cr, &ctx);
2320: } else {
2321: oakley_append_rmconf_cr(iph1->rmconf, &ctx);
2322: }
2323:
2324: return ctx.plist;
2325: }
2326:
2327: /*
2328: * check peer's CR.
2329: */
2330: int
2331: oakley_checkcr(iph1)
2332: struct ph1handle *iph1;
2333: {
2334: int type;
2335:
2336: if (iph1->cr_p == NULL)
2337: return 0;
2338:
2339: plog(LLV_DEBUG, LOCATION, iph1->remote,
2340: "peer transmitted CR: %s\n",
2341: s_isakmp_certtype(oakley_get_certtype(iph1->cr_p)));
2342:
2343: type = oakley_get_certtype(iph1->cr_p);
2344: if (type != oakley_get_certtype(iph1->rmconf->mycert)) {
2345: plog(LLV_ERROR, LOCATION, iph1->remote,
2346: "such a cert type isn't supported: %d\n",
2347: type);
2348: return -1;
2349: }
2350:
2351: return 0;
2352: }
2353:
2354: /*
2355: * check to need CR payload.
2356: */
2357: int
2358: oakley_needcr(type)
2359: int type;
2360: {
2361: switch (type) {
2362: case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
2363: case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
2364: #ifdef ENABLE_HYBRID
2365: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
2366: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
2367: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
2368: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
2369: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
2370: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
2371: #endif
2372: return 1;
2373: default:
2374: return 0;
2375: }
2376: /*NOTREACHED*/
2377: }
2378:
2379: /*
2380: * compute SKEYID
2381: * see seciton 5. Exchanges in RFC 2409
2382: * psk: SKEYID = prf(pre-shared-key, Ni_b | Nr_b)
2383: * sig: SKEYID = prf(Ni_b | Nr_b, g^ir)
2384: * enc: SKEYID = prf(H(Ni_b | Nr_b), CKY-I | CKY-R)
2385: */
2386: int
2387: oakley_skeyid(iph1)
2388: struct ph1handle *iph1;
2389: {
2390: vchar_t *buf = NULL, *bp;
2391: char *p;
2392: int len;
2393: int error = -1;
2394:
2395: /* SKEYID */
2396: switch (iph1->approval->authmethod) {
2397: case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
2398: #ifdef ENABLE_HYBRID
2399: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I:
2400: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
2401: #endif
2402: if (iph1->etype != ISAKMP_ETYPE_IDENT) {
2403: iph1->authstr = getpskbyname(iph1->id_p);
2404: if (iph1->authstr == NULL) {
2405: if (iph1->rmconf->verify_identifier) {
2406: plog(LLV_ERROR, LOCATION, iph1->remote,
2407: "couldn't find the pskey.\n");
2408: goto end;
2409: }
2410: plog(LLV_NOTIFY, LOCATION, iph1->remote,
2411: "couldn't find the proper pskey, "
2412: "try to get one by the peer's address.\n");
2413: }
2414: }
2415: if (iph1->authstr == NULL) {
2416: /*
2417: * If the exchange type is the main mode or if it's
2418: * failed to get the psk by ID, racoon try to get
2419: * the psk by remote IP address.
2420: * It may be nonsense.
2421: */
2422: iph1->authstr = getpskbyaddr(iph1->remote);
2423: if (iph1->authstr == NULL) {
2424: plog(LLV_ERROR, LOCATION, iph1->remote,
2425: "couldn't find the pskey for %s.\n",
2426: saddrwop2str(iph1->remote));
2427: goto end;
2428: }
2429: }
2430: plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
2431: /* should be secret PSK */
2432: plog(LLV_DEBUG2, LOCATION, NULL, "psk: ");
2433: plogdump(LLV_DEBUG2, iph1->authstr->v, iph1->authstr->l);
2434:
2435: len = iph1->nonce->l + iph1->nonce_p->l;
2436: buf = vmalloc(len);
2437: if (buf == NULL) {
2438: plog(LLV_ERROR, LOCATION, NULL,
2439: "failed to get skeyid buffer\n");
2440: goto end;
2441: }
2442: p = buf->v;
2443:
2444: bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2445: plog(LLV_DEBUG, LOCATION, NULL, "nonce 1: ");
2446: plogdump(LLV_DEBUG, bp->v, bp->l);
2447: memcpy(p, bp->v, bp->l);
2448: p += bp->l;
2449:
2450: bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2451: plog(LLV_DEBUG, LOCATION, NULL, "nonce 2: ");
2452: plogdump(LLV_DEBUG, bp->v, bp->l);
2453: memcpy(p, bp->v, bp->l);
2454: p += bp->l;
2455:
2456: iph1->skeyid = oakley_prf(iph1->authstr, buf, iph1);
2457: if (iph1->skeyid == NULL)
2458: goto end;
2459: break;
2460:
2461: case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
2462: case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
2463: #ifdef ENABLE_HYBRID
2464: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
2465: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
2466: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
2467: case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
2468: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
2469: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
2470: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
2471: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
2472: #endif
2473: #ifdef HAVE_GSSAPI
2474: case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB:
2475: #endif
2476: len = iph1->nonce->l + iph1->nonce_p->l;
2477: buf = vmalloc(len);
2478: if (buf == NULL) {
2479: plog(LLV_ERROR, LOCATION, NULL,
2480: "failed to get nonce buffer\n");
2481: goto end;
2482: }
2483: p = buf->v;
2484:
2485: bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2486: plog(LLV_DEBUG, LOCATION, NULL, "nonce1: ");
2487: plogdump(LLV_DEBUG, bp->v, bp->l);
2488: memcpy(p, bp->v, bp->l);
2489: p += bp->l;
2490:
2491: bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2492: plog(LLV_DEBUG, LOCATION, NULL, "nonce2: ");
2493: plogdump(LLV_DEBUG, bp->v, bp->l);
2494: memcpy(p, bp->v, bp->l);
2495: p += bp->l;
2496:
2497: iph1->skeyid = oakley_prf(buf, iph1->dhgxy, iph1);
2498: if (iph1->skeyid == NULL)
2499: goto end;
2500: break;
2501: case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
2502: case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
2503: #ifdef ENABLE_HYBRID
2504: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
2505: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
2506: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
2507: case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
2508: #endif
2509: plog(LLV_WARNING, LOCATION, NULL,
2510: "not supported authentication method %s\n",
2511: s_oakley_attr_method(iph1->approval->authmethod));
2512: goto end;
2513: default:
2514: plog(LLV_ERROR, LOCATION, NULL,
2515: "invalid authentication method %d\n",
2516: iph1->approval->authmethod);
2517: goto end;
2518: }
2519:
2520: plog(LLV_DEBUG, LOCATION, NULL, "SKEYID computed:\n");
2521: plogdump(LLV_DEBUG, iph1->skeyid->v, iph1->skeyid->l);
2522:
2523: error = 0;
2524:
2525: end:
2526: if (buf != NULL)
2527: vfree(buf);
2528: return error;
2529: }
2530:
2531: /*
2532: * compute SKEYID_[dae]
2533: * see seciton 5. Exchanges in RFC 2409
2534: * SKEYID_d = prf(SKEYID, g^ir | CKY-I | CKY-R | 0)
2535: * SKEYID_a = prf(SKEYID, SKEYID_d | g^ir | CKY-I | CKY-R | 1)
2536: * SKEYID_e = prf(SKEYID, SKEYID_a | g^ir | CKY-I | CKY-R | 2)
2537: */
2538: int
2539: oakley_skeyid_dae(iph1)
2540: struct ph1handle *iph1;
2541: {
2542: vchar_t *buf = NULL;
2543: char *p;
2544: int len;
2545: int error = -1;
2546:
2547: if (iph1->skeyid == NULL) {
2548: plog(LLV_ERROR, LOCATION, NULL, "no SKEYID found.\n");
2549: goto end;
2550: }
2551:
2552: /* SKEYID D */
2553: /* SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0) */
2554: len = iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2555: buf = vmalloc(len);
2556: if (buf == NULL) {
2557: plog(LLV_ERROR, LOCATION, NULL,
2558: "failed to get skeyid buffer\n");
2559: goto end;
2560: }
2561: p = buf->v;
2562:
2563: memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2564: p += iph1->dhgxy->l;
2565: memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2566: p += sizeof(cookie_t);
2567: memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2568: p += sizeof(cookie_t);
2569: *p = 0;
2570: iph1->skeyid_d = oakley_prf(iph1->skeyid, buf, iph1);
2571: if (iph1->skeyid_d == NULL)
2572: goto end;
2573:
2574: vfree(buf);
2575: buf = NULL;
2576:
2577: plog(LLV_DEBUG, LOCATION, NULL, "SKEYID_d computed:\n");
2578: plogdump(LLV_DEBUG, iph1->skeyid_d->v, iph1->skeyid_d->l);
2579:
2580: /* SKEYID A */
2581: /* SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1) */
2582: len = iph1->skeyid_d->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2583: buf = vmalloc(len);
2584: if (buf == NULL) {
2585: plog(LLV_ERROR, LOCATION, NULL,
2586: "failed to get skeyid buffer\n");
2587: goto end;
2588: }
2589: p = buf->v;
2590: memcpy(p, iph1->skeyid_d->v, iph1->skeyid_d->l);
2591: p += iph1->skeyid_d->l;
2592: memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2593: p += iph1->dhgxy->l;
2594: memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2595: p += sizeof(cookie_t);
2596: memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2597: p += sizeof(cookie_t);
2598: *p = 1;
2599: iph1->skeyid_a = oakley_prf(iph1->skeyid, buf, iph1);
2600: if (iph1->skeyid_a == NULL)
2601: goto end;
2602:
2603: vfree(buf);
2604: buf = NULL;
2605:
2606: plog(LLV_DEBUG, LOCATION, NULL, "SKEYID_a computed:\n");
2607: plogdump(LLV_DEBUG, iph1->skeyid_a->v, iph1->skeyid_a->l);
2608:
2609: /* SKEYID E */
2610: /* SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2) */
2611: len = iph1->skeyid_a->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2612: buf = vmalloc(len);
2613: if (buf == NULL) {
2614: plog(LLV_ERROR, LOCATION, NULL,
2615: "failed to get skeyid buffer\n");
2616: goto end;
2617: }
2618: p = buf->v;
2619: memcpy(p, iph1->skeyid_a->v, iph1->skeyid_a->l);
2620: p += iph1->skeyid_a->l;
2621: memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2622: p += iph1->dhgxy->l;
2623: memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2624: p += sizeof(cookie_t);
2625: memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2626: p += sizeof(cookie_t);
2627: *p = 2;
2628: iph1->skeyid_e = oakley_prf(iph1->skeyid, buf, iph1);
2629: if (iph1->skeyid_e == NULL)
2630: goto end;
2631:
2632: vfree(buf);
2633: buf = NULL;
2634:
2635: plog(LLV_DEBUG, LOCATION, NULL, "SKEYID_e computed:\n");
2636: plogdump(LLV_DEBUG, iph1->skeyid_e->v, iph1->skeyid_e->l);
2637:
2638: error = 0;
2639:
2640: end:
2641: if (buf != NULL)
2642: vfree(buf);
2643: return error;
2644: }
2645:
2646: /*
2647: * compute final encryption key.
2648: * see Appendix B.
2649: */
2650: int
2651: oakley_compute_enckey(iph1)
2652: struct ph1handle *iph1;
2653: {
2654: u_int keylen, prflen;
2655: int error = -1;
2656:
2657: /* RFC2409 p39 */
2658: keylen = alg_oakley_encdef_keylen(iph1->approval->enctype,
2659: iph1->approval->encklen);
2660: if (keylen == -1) {
2661: plog(LLV_ERROR, LOCATION, NULL,
2662: "invalid encryption algorithm %d, "
2663: "or invalid key length %d.\n",
2664: iph1->approval->enctype,
2665: iph1->approval->encklen);
2666: goto end;
2667: }
2668: iph1->key = vmalloc(keylen >> 3);
2669: if (iph1->key == NULL) {
2670: plog(LLV_ERROR, LOCATION, NULL,
2671: "failed to get key buffer\n");
2672: goto end;
2673: }
2674:
2675: /* set prf length */
2676: prflen = alg_oakley_hashdef_hashlen(iph1->approval->hashtype);
2677: if (prflen == -1) {
2678: plog(LLV_ERROR, LOCATION, NULL,
2679: "invalid hash type %d.\n", iph1->approval->hashtype);
2680: goto end;
2681: }
2682:
2683: /* see isakmp-oakley-08 5.3. */
2684: if (iph1->key->l <= iph1->skeyid_e->l) {
2685: /*
2686: * if length(Ka) <= length(SKEYID_e)
2687: * Ka = first length(K) bit of SKEYID_e
2688: */
2689: memcpy(iph1->key->v, iph1->skeyid_e->v, iph1->key->l);
2690: } else {
2691: vchar_t *buf = NULL, *res = NULL;
2692: u_char *p, *ep;
2693: int cplen;
2694: int subkey;
2695:
2696: /*
2697: * otherwise,
2698: * Ka = K1 | K2 | K3
2699: * where
2700: * K1 = prf(SKEYID_e, 0)
2701: * K2 = prf(SKEYID_e, K1)
2702: * K3 = prf(SKEYID_e, K2)
2703: */
2704: plog(LLV_DEBUG, LOCATION, NULL,
2705: "len(SKEYID_e) < len(Ka) (%zu < %zu), "
2706: "generating long key (Ka = K1 | K2 | ...)\n",
2707: iph1->skeyid_e->l, iph1->key->l);
2708:
2709: if ((buf = vmalloc(prflen >> 3)) == 0) {
2710: plog(LLV_ERROR, LOCATION, NULL,
2711: "failed to get key buffer\n");
2712: goto end;
2713: }
2714: p = (u_char *)iph1->key->v;
2715: ep = p + iph1->key->l;
2716:
2717: subkey = 1;
2718: while (p < ep) {
2719: if (p == (u_char *)iph1->key->v) {
2720: /* just for computing K1 */
2721: buf->v[0] = 0;
2722: buf->l = 1;
2723: }
2724: res = oakley_prf(iph1->skeyid_e, buf, iph1);
2725: if (res == NULL) {
2726: vfree(buf);
2727: goto end;
2728: }
2729: plog(LLV_DEBUG, LOCATION, NULL,
2730: "compute intermediate encryption key K%d\n",
2731: subkey);
2732: plogdump(LLV_DEBUG, buf->v, buf->l);
2733: plogdump(LLV_DEBUG, res->v, res->l);
2734:
2735: cplen = (res->l < ep - p) ? res->l : ep - p;
2736: memcpy(p, res->v, cplen);
2737: p += cplen;
2738:
2739: buf->l = prflen >> 3; /* to cancel K1 speciality */
2740: if (res->l != buf->l) {
2741: plog(LLV_ERROR, LOCATION, NULL,
2742: "internal error: res->l=%zu buf->l=%zu\n",
2743: res->l, buf->l);
2744: vfree(res);
2745: vfree(buf);
2746: goto end;
2747: }
2748: memcpy(buf->v, res->v, res->l);
2749: vfree(res);
2750: subkey++;
2751: }
2752:
2753: vfree(buf);
2754: }
2755:
2756: /*
2757: * don't check any weak key or not.
2758: * draft-ietf-ipsec-ike-01.txt Appendix B.
2759: * draft-ietf-ipsec-ciph-aes-cbc-00.txt Section 2.3.
2760: */
2761: #if 0
2762: /* weakkey check */
2763: if (iph1->approval->enctype > ARRAYLEN(oakley_encdef)
2764: || oakley_encdef[iph1->approval->enctype].weakkey == NULL) {
2765: plog(LLV_ERROR, LOCATION, NULL,
2766: "encryption algorithm %d isn't supported.\n",
2767: iph1->approval->enctype);
2768: goto end;
2769: }
2770: if ((oakley_encdef[iph1->approval->enctype].weakkey)(iph1->key)) {
2771: plog(LLV_ERROR, LOCATION, NULL,
2772: "weakkey was generated.\n");
2773: goto end;
2774: }
2775: #endif
2776:
2777: plog(LLV_DEBUG, LOCATION, NULL, "final encryption key computed:\n");
2778: plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
2779:
2780: error = 0;
2781:
2782: end:
2783: return error;
2784: }
2785:
2786: /*
2787: * compute IV and set to ph1handle
2788: * IV = hash(g^xi | g^xr)
2789: * see 4.1 Phase 1 state in draft-ietf-ipsec-ike.
2790: */
2791: int
2792: oakley_newiv(iph1)
2793: struct ph1handle *iph1;
2794: {
2795: struct isakmp_ivm *newivm = NULL;
2796: vchar_t *buf = NULL, *bp;
2797: char *p;
2798: int len;
2799:
2800: /* create buffer */
2801: len = iph1->dhpub->l + iph1->dhpub_p->l;
2802: buf = vmalloc(len);
2803: if (buf == NULL) {
2804: plog(LLV_ERROR, LOCATION, NULL,
2805: "failed to get iv buffer\n");
2806: return -1;
2807: }
2808:
2809: p = buf->v;
2810:
2811: bp = (iph1->side == INITIATOR ? iph1->dhpub : iph1->dhpub_p);
2812: memcpy(p, bp->v, bp->l);
2813: p += bp->l;
2814:
2815: bp = (iph1->side == INITIATOR ? iph1->dhpub_p : iph1->dhpub);
2816: memcpy(p, bp->v, bp->l);
2817: p += bp->l;
2818:
2819: /* allocate IVm */
2820: newivm = racoon_calloc(1, sizeof(struct isakmp_ivm));
2821: if (newivm == NULL) {
2822: plog(LLV_ERROR, LOCATION, NULL,
2823: "failed to get iv buffer\n");
2824: vfree(buf);
2825: return -1;
2826: }
2827:
2828: /* compute IV */
2829: newivm->iv = oakley_hash(buf, iph1);
2830: if (newivm->iv == NULL) {
2831: vfree(buf);
2832: oakley_delivm(newivm);
2833: return -1;
2834: }
2835:
2836: /* adjust length of iv */
2837: newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
2838: if (newivm->iv->l == -1) {
2839: plog(LLV_ERROR, LOCATION, NULL,
2840: "invalid encryption algorithm %d.\n",
2841: iph1->approval->enctype);
2842: vfree(buf);
2843: oakley_delivm(newivm);
2844: return -1;
2845: }
2846:
2847: /* create buffer to save iv */
2848: if ((newivm->ive = vdup(newivm->iv)) == NULL) {
2849: plog(LLV_ERROR, LOCATION, NULL,
2850: "vdup (%s)\n", strerror(errno));
2851: vfree(buf);
2852: oakley_delivm(newivm);
2853: return -1;
2854: }
2855:
2856: vfree(buf);
2857:
2858: plog(LLV_DEBUG, LOCATION, NULL, "IV computed:\n");
2859: plogdump(LLV_DEBUG, newivm->iv->v, newivm->iv->l);
2860:
2861: iph1->ivm = newivm;
2862:
2863: return 0;
2864: }
2865:
2866: /*
2867: * compute IV for the payload after phase 1.
2868: * It's not limited for phase 2.
2869: * if pahse 1 was encrypted.
2870: * IV = hash(last CBC block of Phase 1 | M-ID)
2871: * if phase 1 was not encrypted.
2872: * IV = hash(phase 1 IV | M-ID)
2873: * see 4.2 Phase 2 state in draft-ietf-ipsec-ike.
2874: */
2875: struct isakmp_ivm *
2876: oakley_newiv2(iph1, msgid)
2877: struct ph1handle *iph1;
2878: u_int32_t msgid;
2879: {
2880: struct isakmp_ivm *newivm = NULL;
2881: vchar_t *buf = NULL;
2882: char *p;
2883: int len;
2884: int error = -1;
2885:
2886: /* create buffer */
2887: len = iph1->ivm->iv->l + sizeof(msgid_t);
2888: buf = vmalloc(len);
2889: if (buf == NULL) {
2890: plog(LLV_ERROR, LOCATION, NULL,
2891: "failed to get iv buffer\n");
2892: goto end;
2893: }
2894:
2895: p = buf->v;
2896:
2897: memcpy(p, iph1->ivm->iv->v, iph1->ivm->iv->l);
2898: p += iph1->ivm->iv->l;
2899:
2900: memcpy(p, &msgid, sizeof(msgid));
2901:
2902: plog(LLV_DEBUG, LOCATION, NULL, "compute IV for phase2\n");
2903: plog(LLV_DEBUG, LOCATION, NULL, "phase1 last IV:\n");
2904: plogdump(LLV_DEBUG, buf->v, buf->l);
2905:
2906: /* allocate IVm */
2907: newivm = racoon_calloc(1, sizeof(struct isakmp_ivm));
2908: if (newivm == NULL) {
2909: plog(LLV_ERROR, LOCATION, NULL,
2910: "failed to get iv buffer\n");
2911: goto end;
2912: }
2913:
2914: /* compute IV */
2915: if ((newivm->iv = oakley_hash(buf, iph1)) == NULL)
2916: goto end;
2917:
2918: /* adjust length of iv */
2919: newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
2920: if (newivm->iv->l == -1) {
2921: plog(LLV_ERROR, LOCATION, NULL,
2922: "invalid encryption algorithm %d.\n",
2923: iph1->approval->enctype);
2924: goto end;
2925: }
2926:
2927: /* create buffer to save new iv */
2928: if ((newivm->ive = vdup(newivm->iv)) == NULL) {
2929: plog(LLV_ERROR, LOCATION, NULL, "vdup (%s)\n", strerror(errno));
2930: goto end;
2931: }
2932:
2933: error = 0;
2934:
2935: plog(LLV_DEBUG, LOCATION, NULL, "phase2 IV computed:\n");
2936: plogdump(LLV_DEBUG, newivm->iv->v, newivm->iv->l);
2937:
2938: end:
2939: if (error && newivm != NULL){
2940: oakley_delivm(newivm);
2941: newivm=NULL;
2942: }
2943: if (buf != NULL)
2944: vfree(buf);
2945: return newivm;
2946: }
2947:
2948: void
2949: oakley_delivm(ivm)
2950: struct isakmp_ivm *ivm;
2951: {
2952: if (ivm == NULL)
2953: return;
2954:
2955: if (ivm->iv != NULL)
2956: vfree(ivm->iv);
2957: if (ivm->ive != NULL)
2958: vfree(ivm->ive);
2959: racoon_free(ivm);
2960: plog(LLV_DEBUG, LOCATION, NULL, "IV freed\n");
2961:
2962: return;
2963: }
2964:
2965: /*
2966: * decrypt packet.
2967: * save new iv and old iv.
2968: */
2969: vchar_t *
2970: oakley_do_decrypt(iph1, msg, ivdp, ivep)
2971: struct ph1handle *iph1;
2972: vchar_t *msg, *ivdp, *ivep;
2973: {
2974: vchar_t *buf = NULL, *new = NULL;
2975: char *pl;
2976: int len;
2977: u_int8_t padlen;
2978: int blen;
2979: int error = -1;
2980:
2981: plog(LLV_DEBUG, LOCATION, NULL, "begin decryption.\n");
2982:
2983: blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
2984: if (blen == -1) {
2985: plog(LLV_ERROR, LOCATION, NULL,
2986: "invalid encryption algorithm %d.\n",
2987: iph1->approval->enctype);
2988: goto end;
2989: }
2990:
2991: /* save IV for next, but not sync. */
2992: memset(ivep->v, 0, ivep->l);
2993: memcpy(ivep->v, (caddr_t)&msg->v[msg->l - blen], blen);
2994:
2995: plog(LLV_DEBUG, LOCATION, NULL,
2996: "IV was saved for next processing:\n");
2997: plogdump(LLV_DEBUG, ivep->v, ivep->l);
2998:
2999: pl = msg->v + sizeof(struct isakmp);
3000:
3001: len = msg->l - sizeof(struct isakmp);
3002:
3003: /* create buffer */
3004: buf = vmalloc(len);
3005: if (buf == NULL) {
3006: plog(LLV_ERROR, LOCATION, NULL,
3007: "failed to get buffer to decrypt.\n");
3008: goto end;
3009: }
3010: memcpy(buf->v, pl, len);
3011:
3012: /* do decrypt */
3013: new = alg_oakley_encdef_decrypt(iph1->approval->enctype,
3014: buf, iph1->key, ivdp);
3015: if (new == NULL || new->v == NULL || new->l == 0) {
3016: plog(LLV_ERROR, LOCATION, NULL,
3017: "decryption %d failed.\n", iph1->approval->enctype);
3018: goto end;
3019: }
3020: plog(LLV_DEBUG, LOCATION, NULL, "with key:\n");
3021: plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
3022:
3023: vfree(buf);
3024: buf = NULL;
3025:
3026: plog(LLV_DEBUG, LOCATION, NULL, "decrypted payload by IV:\n");
3027: plogdump(LLV_DEBUG, ivdp->v, ivdp->l);
3028:
3029: plog(LLV_DEBUG, LOCATION, NULL,
3030: "decrypted payload, but not trimed.\n");
3031: plogdump(LLV_DEBUG, new->v, new->l);
3032:
3033: /* get padding length */
3034: if (lcconf->pad_excltail)
3035: padlen = new->v[new->l - 1] + 1;
3036: else
3037: padlen = new->v[new->l - 1];
3038: plog(LLV_DEBUG, LOCATION, NULL, "padding len=%u\n", padlen);
3039:
3040: /* trim padding */
3041: if (lcconf->pad_strict) {
3042: if (padlen > new->l) {
3043: plog(LLV_ERROR, LOCATION, NULL,
3044: "invalied padding len=%u, buflen=%zu.\n",
3045: padlen, new->l);
3046: plogdump(LLV_ERROR, new->v, new->l);
3047: goto end;
3048: }
3049: new->l -= padlen;
3050: plog(LLV_DEBUG, LOCATION, NULL, "trimmed padding\n");
3051: } else {
3052: plog(LLV_DEBUG, LOCATION, NULL, "skip to trim padding.\n");
3053: }
3054:
3055: /* create new buffer */
3056: len = sizeof(struct isakmp) + new->l;
3057: buf = vmalloc(len);
3058: if (buf == NULL) {
3059: plog(LLV_ERROR, LOCATION, NULL,
3060: "failed to get buffer to decrypt.\n");
3061: goto end;
3062: }
3063: memcpy(buf->v, msg->v, sizeof(struct isakmp));
3064: memcpy(buf->v + sizeof(struct isakmp), new->v, new->l);
3065: ((struct isakmp *)buf->v)->len = htonl(buf->l);
3066:
3067: plog(LLV_DEBUG, LOCATION, NULL, "decrypted.\n");
3068: plogdump(LLV_DEBUG, buf->v, buf->l);
3069:
3070: #ifdef HAVE_PRINT_ISAKMP_C
3071: isakmp_printpacket(buf, iph1->remote, iph1->local, 1);
3072: #endif
3073:
3074: error = 0;
3075:
3076: end:
3077: if (error && buf != NULL) {
3078: vfree(buf);
3079: buf = NULL;
3080: }
3081: if (new != NULL)
3082: vfree(new);
3083:
3084: return buf;
3085: }
3086:
3087: /*
3088: * encrypt packet.
3089: */
3090: vchar_t *
3091: oakley_do_encrypt(iph1, msg, ivep, ivp)
3092: struct ph1handle *iph1;
3093: vchar_t *msg, *ivep, *ivp;
3094: {
3095: vchar_t *buf = 0, *new = 0;
3096: char *pl;
3097: int len;
3098: u_int padlen;
3099: int blen;
3100: int error = -1;
3101:
3102: plog(LLV_DEBUG, LOCATION, NULL, "begin encryption.\n");
3103:
3104: /* set cbc block length */
3105: blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3106: if (blen == -1) {
3107: plog(LLV_ERROR, LOCATION, NULL,
3108: "invalid encryption algorithm %d.\n",
3109: iph1->approval->enctype);
3110: goto end;
3111: }
3112:
3113: pl = msg->v + sizeof(struct isakmp);
3114: len = msg->l - sizeof(struct isakmp);
3115:
3116: /* add padding */
3117: padlen = oakley_padlen(len, blen);
3118: plog(LLV_DEBUG, LOCATION, NULL, "pad length = %u\n", padlen);
3119:
3120: /* create buffer */
3121: buf = vmalloc(len + padlen);
3122: if (buf == NULL) {
3123: plog(LLV_ERROR, LOCATION, NULL,
3124: "failed to get buffer to encrypt.\n");
3125: goto end;
3126: }
3127: if (padlen) {
3128: int i;
3129: char *p = &buf->v[len];
3130: if (lcconf->pad_random) {
3131: for (i = 0; i < padlen; i++)
3132: *p++ = eay_random() & 0xff;
3133: }
3134: }
3135: memcpy(buf->v, pl, len);
3136:
3137: /* make pad into tail */
3138: if (lcconf->pad_excltail)
3139: buf->v[len + padlen - 1] = padlen - 1;
3140: else
3141: buf->v[len + padlen - 1] = padlen;
3142:
3143: plogdump(LLV_DEBUG, buf->v, buf->l);
3144:
3145: /* do encrypt */
3146: new = alg_oakley_encdef_encrypt(iph1->approval->enctype,
3147: buf, iph1->key, ivep);
3148: if (new == NULL) {
3149: plog(LLV_ERROR, LOCATION, NULL,
3150: "encryption %d failed.\n", iph1->approval->enctype);
3151: goto end;
3152: }
3153: plog(LLV_DEBUG, LOCATION, NULL, "with key:\n");
3154: plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
3155:
3156: vfree(buf);
3157: buf = NULL;
3158:
3159: plog(LLV_DEBUG, LOCATION, NULL, "encrypted payload by IV:\n");
3160: plogdump(LLV_DEBUG, ivep->v, ivep->l);
3161:
3162: /* save IV for next */
3163: memset(ivp->v, 0, ivp->l);
3164: memcpy(ivp->v, (caddr_t)&new->v[new->l - blen], blen);
3165:
3166: plog(LLV_DEBUG, LOCATION, NULL, "save IV for next:\n");
3167: plogdump(LLV_DEBUG, ivp->v, ivp->l);
3168:
3169: /* create new buffer */
3170: len = sizeof(struct isakmp) + new->l;
3171: buf = vmalloc(len);
3172: if (buf == NULL) {
3173: plog(LLV_ERROR, LOCATION, NULL,
3174: "failed to get buffer to encrypt.\n");
3175: goto end;
3176: }
3177: memcpy(buf->v, msg->v, sizeof(struct isakmp));
3178: memcpy(buf->v + sizeof(struct isakmp), new->v, new->l);
3179: ((struct isakmp *)buf->v)->len = htonl(buf->l);
3180:
3181: error = 0;
3182:
3183: plog(LLV_DEBUG, LOCATION, NULL, "encrypted.\n");
3184:
3185: end:
3186: if (error && buf != NULL) {
3187: vfree(buf);
3188: buf = NULL;
3189: }
3190: if (new != NULL)
3191: vfree(new);
3192:
3193: return buf;
3194: }
3195:
3196: /* culculate padding length */
3197: static int
3198: oakley_padlen(len, base)
3199: int len, base;
3200: {
3201: int padlen;
3202:
3203: padlen = base - len % base;
3204:
3205: if (lcconf->pad_randomlen)
3206: padlen += ((eay_random() % (lcconf->pad_maxsize + 1) + 1) *
3207: base);
3208:
3209: return padlen;
3210: }
3211:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to oakley.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon