search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tagged release 0.3.2
[vpnc.git] / vpnc.c
blob8e11b746eb0a1f0f6d1515ce6d058744169efdad
1 /* IPSec VPN client compatible with Cisco equipment.
2 Copyright (C) 2002 Geoffrey Keating
3 Copyright (C) 2003-2004 Maurice Massar
4 Copyright (C) 2004 Tomas Mraz
5 Copyright (C) 2004 Martin von Gagern
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22 #define _GNU_SOURCE
23 #include <assert.h>
24 #include <unistd.h>
25 #include <sys/fcntl.h>
26 #include <stdio.h>
27 #include <errno.h>
28 #include <string.h>
29 #include <time.h>
30 #include <stdlib.h>
31 #include <sys/socket.h>
32 #include <netinet/in.h>
33 #include <netdb.h>
34 #include <arpa/inet.h>
35 #include <poll.h>
36 #include <net/if.h>
37 #include <sys/ioctl.h>
38 #include <sys/utsname.h>
39
40 #include <gcrypt.h>
41
42 #include "sysdep.h"
43 #include "config.h"
44 #include "isakmp-pkt.h"
45 #include "math_group.h"
46 #include "dh.h"
47 #include "vpnc.h"
48
49 #define ISAKMP_PORT (500)
50
51 struct sa_block oursa[1];
52
53 static int sockfd = -1;
54 static struct sockaddr *dest_addr;
55 static uint16_t local_port; /* in network byte order */
56 static uint16_t encap_mode = IPSEC_ENCAP_TUNNEL;
57 static int timeout = 5000; /* 5 seconds */
58 static uint8_t *resend_hash = NULL;
59
60 static uint8_t r_packet[2048];
61 static ssize_t r_length;
62
63 extern void vpnc_doit(unsigned long tous_spi,
64 const unsigned char *tous_key,
65 struct sockaddr_in *tous_dest,
66 unsigned long tothem_spi,
67 const unsigned char *tothem_key,
68 struct sockaddr_in *tothem_dest,
69 int tun_fd, int md_algo, int cry_algo,
70 uint8_t * kill_packet_p, size_t kill_packet_size_p,
71 struct sockaddr *kill_dest_p,
72 uint16_t encap_mode, int isakmp_fd,
73 const char *pidfile);
74
75 extern int find_local_addr(struct sockaddr_in *dest,
76 struct sockaddr_in *source);
77
78 enum supp_algo_key {
79 SUPP_ALGO_NAME,
80 SUPP_ALGO_MY_ID,
81 SUPP_ALGO_IKE_SA,
82 SUPP_ALGO_IPSEC_SA
83 };
84
85 enum algo_group {
86 SUPP_ALGO_DH_GROUP,
87 SUPP_ALGO_HASH,
88 SUPP_ALGO_CRYPT,
89 SUPP_ALGO_AUTH
90 };
91
92 supported_algo_t supp_dh_group[] = {
93 {"nopfs", 0, 0, 0, 0},
94 {"dh1", OAKLEY_GRP_1, IKE_GROUP_MODP_768, IKE_GROUP_MODP_768, 0},
95 {"dh2", OAKLEY_GRP_2, IKE_GROUP_MODP_1024, IKE_GROUP_MODP_1024, 0},
96 {"dh5", OAKLEY_GRP_5, IKE_GROUP_MODP_1536, IKE_GROUP_MODP_1536, 0},
97 /*{ "dh7", OAKLEY_GRP_7, IKE_GROUP_EC2N_163K, IKE_GROUP_EC2N_163K, 0 } note: code missing */
98 {NULL, 0, 0, 0, 0}
99 };
100
101 supported_algo_t supp_hash[] = {
102 {"md5", GCRY_MD_MD5, IKE_HASH_MD5, IPSEC_AUTH_HMAC_MD5, 0},
103 {"sha1", GCRY_MD_SHA1, IKE_HASH_SHA, IPSEC_AUTH_HMAC_SHA, 0},
104 {NULL, 0, 0, 0, 0}
105 };
106
107 supported_algo_t supp_crypt[] = {
108 /*note: working, but not recommended */
109 {"des", GCRY_CIPHER_DES, IKE_ENC_DES_CBC, ISAKMP_IPSEC_ESP_DES, 0},
110 {"3des", GCRY_CIPHER_3DES, IKE_ENC_3DES_CBC, ISAKMP_IPSEC_ESP_3DES, 0},
111 {"aes128", GCRY_CIPHER_AES128, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 128},
112 {"aes192", GCRY_CIPHER_AES192, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 192},
113 {"aes256", GCRY_CIPHER_AES256, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 256},
114 {NULL, 0, 0, 0, 0}
115 };
116
117 supported_algo_t supp_auth[] = {
118 {"psk", 0, IKE_AUTH_PRESHARED, 0, 0},
119 {"psk+xauth", 0, IKE_AUTH_XAUTHInitPreShared, 0, 0},
120 {NULL, 0, 0, 0, 0}
121 };
122
123 const supported_algo_t *get_algo(enum algo_group what, enum supp_algo_key key, int id,
124 const char *name, int keylen)
125 {
126 supported_algo_t *sa = NULL;
127 int i = 0, val = 0;
128 const char *valname = NULL;
129
130 switch (what) {
131 case SUPP_ALGO_DH_GROUP:
132 sa = supp_dh_group;
133 break;
134 case SUPP_ALGO_HASH:
135 sa = supp_hash;
136 break;
137 case SUPP_ALGO_CRYPT:
138 sa = supp_crypt;
139 break;
140 case SUPP_ALGO_AUTH:
141 sa = supp_auth;
142 break;
143 default:
144 abort();
145 }
146
147 for (i = 0; sa[i].name != NULL; i++) {
148 switch (key) {
149 case SUPP_ALGO_NAME:
150 valname = sa[i].name;
151 break;
152 case SUPP_ALGO_MY_ID:
153 val = sa[i].my_id;
154 break;
155 case SUPP_ALGO_IKE_SA:
156 val = sa[i].ike_sa_id;
157 break;
158 case SUPP_ALGO_IPSEC_SA:
159 val = sa[i].ipsec_sa_id;
160 break;
161 default:
162 abort();
163 }
164 if ((key == SUPP_ALGO_NAME) ? !strcasecmp(name, valname) : (val == id))
165 if (keylen == sa[i].keylen)
166 return sa + i;
167 }
168
169 return NULL;
170 }
171
172 const supported_algo_t *get_dh_group_ike(void)
173 {
174 return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, config[CONFIG_IKE_DH], 0);
175 }
176 const supported_algo_t *get_dh_group_ipsec(int server_setting)
177 {
178 const char *pfs_setting = config[CONFIG_IPSEC_PFS];
179
180 if (!strcmp(config[CONFIG_IPSEC_PFS], "server")) {
181 /* treat server_setting == -1 (unknown) as 0 */
182 pfs_setting = (server_setting == 1) ? "dh2" : "nopfs";
183 }
184
185 return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, pfs_setting, 0);
186 }
187
188 static __inline__ int min(int a, int b)
189 {
190 return (a < b) ? a : b;
191 }
192
193 static void addenv(const void *name, const char *value)
194 {
195 char *strbuf = NULL, *oldval;
196
197 oldval = getenv(name);
198 if (oldval != NULL) {
199 strbuf = xallocc(strlen(oldval) + 1 + strlen(value) + 1);
200 strcat(strbuf, oldval);
201 strcat(strbuf, " ");
202 strcat(strbuf, value);
203 }
204
205 setenv(name, strbuf ? strbuf : value, 1);
206
207 if (strbuf)
208 free(strbuf);
209 }
210
211 static void addenv_ipv4(const void *name, uint8_t * data)
212 {
213 addenv(name, inet_ntoa(*((struct in_addr *)data)));
214 }
215
216 static int make_socket(uint16_t port)
217 {
218 int sock;
219 struct sockaddr_in name;
220
221 /* Create the socket. */
222 sock = socket(PF_INET, SOCK_DGRAM, 0);
223 if (sock < 0)
224 error(1, errno, "making socket");
225
226 /* Give the socket a name. */
227 name.sin_family = AF_INET;
228 name.sin_port = port;
229 name.sin_addr.s_addr = htonl(INADDR_ANY);
230 if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0)
231 error(1, errno, "binding to port %d", ntohs(port));
232
233 return sock;
234 }
235
236 static struct sockaddr *init_sockaddr(const char *hostname, uint16_t port)
237 {
238 struct hostent *hostinfo;
239 struct sockaddr_in *result;
240
241 result = malloc(sizeof(struct sockaddr_in));
242 if (result == NULL)
243 error(1, errno, "out of memory");
244
245 result->sin_family = AF_INET;
246 result->sin_port = htons(port);
247 if (inet_aton(hostname, &result->sin_addr) == 0) {
248 hostinfo = gethostbyname(hostname);
249 if (hostinfo == NULL)
250 error(1, 0, "unknown host `%s'\n", hostname);
251 result->sin_addr = *(struct in_addr *)hostinfo->h_addr;
252 }
253 return (struct sockaddr *)result;
254 }
255
256 static void setup_tunnel(struct sa_block *s)
257 {
258 if (config[CONFIG_IF_NAME])
259 memcpy(s->tun_name, config[CONFIG_IF_NAME], strlen(config[CONFIG_IF_NAME]));
260
261 s->tun_fd = tun_open(s->tun_name);
262 DEBUG(2, printf("using interface %s\n", s->tun_name));
263
264 if (s->tun_fd == -1)
265 error(1, errno, "can't initialise tunnel interface");
266 }
267
268 void config_tunnel(struct sa_block *s)
269 {
270 setenv("TUNDEV", s->tun_name, 1);
271 setenv("VPNGATEWAY", inet_ntoa(((struct sockaddr_in *)dest_addr)->sin_addr), 1);
272
273 system(config[CONFIG_CONFIG_SCRIPT]);
274 }
275
276 static int recv_ignore_dup(void *recvbuf, size_t recvbufsize)
277 {
278 uint8_t *resend_check_hash;
279 int recvsize, hash_len;
280 struct sockaddr_in recvaddr;
281 socklen_t recvaddr_size = sizeof(recvaddr);
282 char ntop_buf[32];
283
284 recvsize = recvfrom(sockfd, recvbuf, recvbufsize, 0,
285 (struct sockaddr *)&recvaddr, &recvaddr_size);
286 if (recvsize == -1)
287 error(1, errno, "receiving packet");
288 if (recvsize > 0) {
289 if (recvaddr_size != sizeof(recvaddr)
290 || recvaddr.sin_family != dest_addr->sa_family
291 || recvaddr.sin_port != ((struct sockaddr_in *)dest_addr)->sin_port
292 || memcmp(&recvaddr.sin_addr,
293 &((struct sockaddr_in *)dest_addr)->sin_addr,
294 sizeof(struct in_addr)) != 0) {
295 error(0, 0, "got response from unknown host %s:%d",
296 inet_ntop(recvaddr.sin_family, &recvaddr.sin_addr,
297 ntop_buf, sizeof(ntop_buf)), ntohs(recvaddr.sin_port));
298 return -1;
299 }
300
301 hash_len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
302 resend_check_hash = malloc(hash_len);
303 gcry_md_hash_buffer(GCRY_MD_SHA1, resend_check_hash, recvbuf, recvsize);
304 if (resend_hash && memcmp(resend_hash, resend_check_hash, hash_len) == 0) {
305 free(resend_check_hash);
306 return -1;
307 }
308 if (!resend_hash) {
309 resend_hash = resend_check_hash;
310 } else {
311 memcpy(resend_hash, resend_check_hash, hash_len);
312 free(resend_check_hash);
313 }
314 }
315 return recvsize;
316 }
317
318 /* Send TOSEND of size SENDSIZE to the socket. Then wait for a new packet,
319 resending TOSEND on timeout, and ignoring duplicate packets; the
320 new packet is put in RECVBUF of size RECVBUFSIZE and the actual size
321 of the new packet is returned. */
322
323 static ssize_t
324 sendrecv(void *recvbuf, size_t recvbufsize, void *tosend, size_t sendsize, int sendonly)
325 {
326 struct pollfd pfd;
327 int tries = 0;
328 int recvsize = -1;
329 time_t start = time(NULL);
330 time_t end = 0;
331 void *realtosend;
332
333 pfd.fd = sockfd;
334 pfd.events = POLLIN;
335 tries = 0;
336
337 if ((tosend != NULL)&&(encap_mode != IPSEC_ENCAP_TUNNEL)) {
338 DEBUG(2, printf("NAT-T mode, adding non-esp marker\n"));
339 realtosend = xallocc(sendsize+4);
340 memcpy(realtosend+4, tosend, sendsize);
341 sendsize += 4;
342 } else {
343 realtosend = tosend;
344 }
345
346 for (;;) {
347 int pollresult;
348
349 if (realtosend != NULL)
350 if (sendto(sockfd, realtosend, sendsize, 0,
351 dest_addr, sizeof(struct sockaddr_in)) != (int)sendsize)
352 error(1, errno, "can't send packet");
353 if (sendonly)
354 break;
355
356 do {
357 pollresult = poll(&pfd, 1, timeout << tries);
358 } while (pollresult == -1 && errno == EINTR);
359
360 if (pollresult == -1)
361 error(1, errno, "can't poll socket");
362 if (pollresult != 0) {
363 recvsize = recv_ignore_dup(recvbuf, recvbufsize);
364 end = time(NULL);
365 if (recvsize != -1)
366 break;
367 continue;
368 }
369
370 if (tries > 5)
371 error(1, 0, "no response from target");
372 tries++;
373 }
374
375 if ((tosend != NULL)&&(encap_mode != IPSEC_ENCAP_TUNNEL))
376 free(realtosend);
377
378 if (sendonly)
379 return 0;
380
381 if (encap_mode != IPSEC_ENCAP_TUNNEL) {
382 recvsize -= 4; /* 4 bytes non-esp marker */
383 memcpy(recvbuf, recvbuf+4, recvsize);
384 }
385
386 /* Wait at least 2s for a response or 4 times the time it took
387 * last time. */
388 if (start == end)
389 timeout = 2000;
390 else
391 timeout = 4000 * (end - start);
392
393 return recvsize;
394 }
395
396 int isakmp_crypt(struct sa_block *s, uint8_t * block, size_t blocklen, int enc)
397 {
398 unsigned char *new_iv, *iv = NULL;
399 int info_ex;
400 gcry_cipher_hd_t cry_ctx;
401
402 if (blocklen < ISAKMP_PAYLOAD_O || ((blocklen - ISAKMP_PAYLOAD_O) % s->ivlen != 0))
403 abort();
404
405 if (!enc && (memcmp(block + ISAKMP_I_COOKIE_O, s->i_cookie, ISAKMP_COOKIE_LENGTH) != 0
406 || memcmp(block + ISAKMP_R_COOKIE_O, s->r_cookie, ISAKMP_COOKIE_LENGTH) != 0)) {
407 DEBUG(2, printf("got paket with wrong cookies\n"));
408 return ISAKMP_N_INVALID_COOKIE;
409 }
410
411 info_ex = block[ISAKMP_EXCHANGE_TYPE_O] == ISAKMP_EXCHANGE_INFORMATIONAL;
412
413 if (memcmp(block + ISAKMP_MESSAGE_ID_O, s->current_iv_msgid, 4) != 0) {
414 gcry_md_hd_t md_ctx;
415
416 gcry_md_open(&md_ctx, s->md_algo, 0);
417 gcry_md_write(md_ctx, s->initial_iv, s->ivlen);
418 gcry_md_write(md_ctx, block + ISAKMP_MESSAGE_ID_O, 4);
419 gcry_md_final(md_ctx);
420 if (info_ex) {
421 iv = xallocc(s->ivlen);
422 memcpy(iv, gcry_md_read(md_ctx, 0), s->ivlen);
423 } else {
424 memcpy(s->current_iv, gcry_md_read(md_ctx, 0), s->ivlen);
425 memcpy(s->current_iv_msgid, block + ISAKMP_MESSAGE_ID_O, 4);
426 }
427 gcry_md_close(md_ctx);
428 } else if (info_ex) {
429 abort();
430 }
431
432 if (!info_ex) {
433 iv = s->current_iv;
434 }
435
436 new_iv = xallocc(s->ivlen);
437 gcry_cipher_open(&cry_ctx, s->cry_algo, GCRY_CIPHER_MODE_CBC, 0);
438 gcry_cipher_setkey(cry_ctx, s->key, s->keylen);
439 gcry_cipher_setiv(cry_ctx, iv, s->ivlen);
440 if (!enc) {
441 memcpy(new_iv, block + blocklen - s->ivlen, s->ivlen);
442 gcry_cipher_decrypt(cry_ctx, block + ISAKMP_PAYLOAD_O, blocklen - ISAKMP_PAYLOAD_O,
443 NULL, 0);
444 if (!info_ex)
445 memcpy(s->current_iv, new_iv, s->ivlen);
446 } else {
447 gcry_cipher_encrypt(cry_ctx, block + ISAKMP_PAYLOAD_O, blocklen - ISAKMP_PAYLOAD_O,
448 NULL, 0);
449 if (!info_ex)
450 memcpy(s->current_iv, block + blocklen - s->ivlen, s->ivlen);
451 }
452 gcry_cipher_close(cry_ctx);
453
454 free(new_iv);
455 if (info_ex)
456 free(iv);
457
458 return 0;
459 }
460
461 static uint16_t unpack_verify_phase2(struct sa_block *s,
462 uint8_t * r_packet,
463 size_t r_length, struct isakmp_packet **r_p, const uint8_t * nonce, size_t nonce_size)
464 {
465 struct isakmp_packet *r;
466 int reject = 0;
467
468 *r_p = NULL;
469
470 if (r_length < ISAKMP_PAYLOAD_O || ((r_length - ISAKMP_PAYLOAD_O) % s->ivlen != 0)) {
471 DEBUG(2, printf("payload to short or not padded: len=%d, min=%d (ivlen=%d)\n",
472 r_length, ISAKMP_PAYLOAD_O, s->ivlen));
473 return ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS;
474 }
475
476 reject = isakmp_crypt(s, r_packet, r_length, 0);
477 if (reject != 0)
478 return reject;
479
480 {
481 r = parse_isakmp_packet(r_packet, r_length, &reject);
482 if (reject != 0)
483 return reject;
484 }
485
486 /* Verify the basic stuff. */
487 if (r->flags != ISAKMP_FLAG_E)
488 return ISAKMP_N_INVALID_FLAGS;
489
490 {
491 size_t sz, spos;
492 gcry_md_hd_t hm;
493 unsigned char *expected_hash;
494 struct isakmp_payload *h = r->payload;
495
496 if (h == NULL || h->type != ISAKMP_PAYLOAD_HASH || h->u.hash.length != s->md_len)
497 return ISAKMP_N_INVALID_HASH_INFORMATION;
498
499 spos = (ISAKMP_PAYLOAD_O + (r_packet[ISAKMP_PAYLOAD_O + 2] << 8)
500 + r_packet[ISAKMP_PAYLOAD_O + 3]);
501
502 /* Compute the real length based on the payload lengths. */
503 for (sz = spos; r_packet[sz] != 0; sz += r_packet[sz + 2] << 8 | r_packet[sz + 3]) ;
504 sz += r_packet[sz + 2] << 8 | r_packet[sz + 3];
505
506 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
507 gcry_md_setkey(hm, s->skeyid_a, s->md_len);
508 gcry_md_write(hm, r_packet + ISAKMP_MESSAGE_ID_O, 4);
509 if (nonce)
510 gcry_md_write(hm, nonce, nonce_size);
511 gcry_md_write(hm, r_packet + spos, sz - spos);
512 gcry_md_final(hm);
513 expected_hash = gcry_md_read(hm, 0);
514
515 if (opt_debug >= 3) {
516 printf("hashlen: %lu\n", (unsigned long)s->md_len);
517 printf("u.hash.length: %d\n", h->u.hash.length);
518 hex_dump("expected_hash", expected_hash, s->md_len);
519 hex_dump("h->u.hash.data", h->u.hash.data, s->md_len);
520 }
521
522 reject = 0;
523 if (memcmp(h->u.hash.data, expected_hash, s->md_len) != 0)
524 reject = ISAKMP_N_AUTHENTICATION_FAILED;
525 gcry_md_close(hm);
526 #if 0
527 if (reject != 0)
528 return reject;
529 #endif
530 }
531 *r_p = r;
532 return 0;
533 }
534
535 static void
536 phase2_authpacket(struct sa_block *s, struct isakmp_payload *pl,
537 uint8_t exchange_type, uint32_t msgid,
538 uint8_t ** p_flat, size_t * p_size,
539 uint8_t * nonce_i, int ni_len, uint8_t * nonce_r, int nr_len)
540 {
541 struct isakmp_packet *p;
542 uint8_t *pl_flat;
543 size_t pl_size;
544 gcry_md_hd_t hm;
545 uint8_t msgid_sent[4];
546
547 /* Build up the packet. */
548 p = new_isakmp_packet();
549 memcpy(p->i_cookie, s->i_cookie, ISAKMP_COOKIE_LENGTH);
550 memcpy(p->r_cookie, s->r_cookie, ISAKMP_COOKIE_LENGTH);
551 p->flags = ISAKMP_FLAG_E;
552 p->isakmp_version = ISAKMP_VERSION;
553 p->exchange_type = exchange_type;
554 p->message_id = msgid;
555 p->payload = new_isakmp_payload(ISAKMP_PAYLOAD_HASH);
556 p->payload->next = pl;
557 p->payload->u.hash.length = s->md_len;
558 p->payload->u.hash.data = xallocc(s->md_len);
559
560 /* Set the MAC. */
561 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
562 gcry_md_setkey(hm, s->skeyid_a, s->md_len);
563
564 if (pl == NULL) {
565 DEBUG(3, printf("authing NULL package!\n"));
566 gcry_md_write(hm, "" /* \0 */ , 1);
567 }
568
569 msgid_sent[0] = msgid >> 24;
570 msgid_sent[1] = msgid >> 16;
571 msgid_sent[2] = msgid >> 8;
572 msgid_sent[3] = msgid;
573 gcry_md_write(hm, msgid_sent, sizeof(msgid_sent));
574
575 if (nonce_i != NULL)
576 gcry_md_write(hm, nonce_i, ni_len);
577
578 if (nonce_r != NULL)
579 gcry_md_write(hm, nonce_r, nr_len);
580
581 if (pl != NULL) {
582 flatten_isakmp_payload(pl, &pl_flat, &pl_size);
583 gcry_md_write(hm, pl_flat, pl_size);
584 memset(pl_flat, 0, pl_size);
585 free(pl_flat);
586 }
587
588 gcry_md_final(hm);
589 memcpy(p->payload->u.hash.data, gcry_md_read(hm, 0), s->md_len);
590 gcry_md_close(hm);
591
592 flatten_isakmp_packet(p, p_flat, p_size, s->ivlen);
593 free_isakmp_packet(p);
594 }
595
596 static void sendrecv_phase2(struct sa_block *s, struct isakmp_payload *pl,
597 uint8_t exchange_type, uint32_t msgid, int sendonly,
598 uint8_t ** save_p_flat, size_t * save_p_size,
599 uint8_t * nonce_i, int ni_len, uint8_t * nonce_r, int nr_len)
600 {
601 uint8_t *p_flat;
602 size_t p_size;
603 ssize_t recvlen;
604
605 if ((save_p_flat == NULL) || (*save_p_flat == NULL)) {
606 phase2_authpacket(s, pl, exchange_type, msgid, &p_flat, &p_size,
607 nonce_i, ni_len, nonce_r, nr_len);
608 isakmp_crypt(s, p_flat, p_size, 1);
609 } else {
610 p_flat = *save_p_flat;
611 p_size = *save_p_size;
612 }
613
614 recvlen = sendrecv(r_packet, sizeof(r_packet), p_flat, p_size, sendonly);
615 if (sendonly == 0)
616 r_length = recvlen;
617
618 if (save_p_flat == NULL) {
619 free(p_flat);
620 } else {
621 *save_p_flat = p_flat;
622 *save_p_size = p_size;
623 }
624 }
625
626 static void phase2_fatal(struct sa_block *s, const char *msg, int id)
627 {
628 struct isakmp_payload *pl;
629 uint32_t msgid;
630
631 DEBUG(1, printf("\n\n---!!!!!!!!! entering phase2_fatal !!!!!!!!!---\n\n\n"));
632 gcry_randomize((uint8_t *) & msgid, sizeof(msgid), GCRY_WEAK_RANDOM);
633 pl = new_isakmp_payload(ISAKMP_PAYLOAD_N);
634 pl->u.n.doi = ISAKMP_DOI_IPSEC;
635 pl->u.n.protocol = ISAKMP_IPSEC_PROTO_ISAKMP;
636 pl->u.n.type = id;
637 sendrecv_phase2(s, pl, ISAKMP_EXCHANGE_INFORMATIONAL, msgid, 1, 0, 0, 0, 0, 0, 0);
638
639 gcry_randomize((uint8_t *) & msgid, sizeof(msgid), GCRY_WEAK_RANDOM);
640 pl = new_isakmp_payload(ISAKMP_PAYLOAD_D);
641 pl->u.d.doi = ISAKMP_DOI_IPSEC;
642 pl->u.d.protocol = ISAKMP_IPSEC_PROTO_ISAKMP;
643 pl->u.d.spi_length = 2 * ISAKMP_COOKIE_LENGTH;
644 pl->u.d.num_spi = 1;
645 pl->u.d.spi = xallocc(1 * sizeof(uint8_t *));
646 pl->u.d.spi[0] = xallocc(2 * ISAKMP_COOKIE_LENGTH);
647 memcpy(pl->u.d.spi[0] + ISAKMP_COOKIE_LENGTH * 0, s->i_cookie, ISAKMP_COOKIE_LENGTH);
648 memcpy(pl->u.d.spi[0] + ISAKMP_COOKIE_LENGTH * 1, s->r_cookie, ISAKMP_COOKIE_LENGTH);
649 sendrecv_phase2(s, pl, ISAKMP_EXCHANGE_INFORMATIONAL, msgid, 1, 0, 0, 0, 0, 0, 0);
650
651 error(1, 0, msg, isakmp_notify_to_error(id));
652 }
653
654 static uint8_t *gen_keymat(struct sa_block *s,
655 uint8_t protocol, uint32_t spi,
656 int md_algo, int crypt_algo,
657 const uint8_t * dh_shared, size_t dh_size,
658 const uint8_t * ni_data, size_t ni_size, const uint8_t * nr_data, size_t nr_size)
659 {
660 gcry_md_hd_t hm;
661 uint8_t *block;
662 int i;
663 int blksz;
664 int cnt;
665
666 int md_len = gcry_md_get_algo_dlen(md_algo);
667 size_t cry_len;
668
669 gcry_cipher_algo_info(crypt_algo, GCRYCTL_GET_KEYLEN, NULL, &cry_len);
670 blksz = md_len + cry_len;
671 cnt = (blksz + s->md_len - 1) / s->md_len;
672 block = xallocc(cnt * s->md_len);
673 DEBUG(3, printf("generating %d bytes keymat (cnt=%d)\n", blksz, cnt));
674 if (cnt < 1)
675 abort();
676
677 for (i = 0; i < cnt; i++) {
678 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
679 gcry_md_setkey(hm, s->skeyid_d, s->md_len);
680 if (i != 0)
681 gcry_md_write(hm, block + (i - 1) * s->md_len, s->md_len);
682 if (dh_shared != NULL)
683 gcry_md_write(hm, dh_shared, dh_size);
684 gcry_md_write(hm, &protocol, 1);
685 gcry_md_write(hm, (uint8_t *) & spi, sizeof(spi));
686 gcry_md_write(hm, ni_data, ni_size);
687 gcry_md_write(hm, nr_data, nr_size);
688 gcry_md_final(hm);
689 memcpy(block + i * s->md_len, gcry_md_read(hm, 0), s->md_len);
690 gcry_md_close(hm);
691 }
692 return block;
693 }
694
695 /* * */
696
697 struct isakmp_attribute *make_transform_ike(int dh_group, int crypt, int hash, int keylen, int auth)
698 {
699 struct isakmp_attribute *a = NULL;
700
701 a = new_isakmp_attribute(IKE_ATTRIB_LIFE_DURATION, a);
702 a->af = isakmp_attr_lots;
703 a->u.lots.length = 4;
704 a->u.lots.data = xallocc(a->u.lots.length);
705 *((uint32_t *) a->u.lots.data) = htonl(2147483);
706 a = new_isakmp_attribute_16(IKE_ATTRIB_LIFE_TYPE, IKE_LIFE_TYPE_SECONDS, a);
707 a = new_isakmp_attribute_16(IKE_ATTRIB_GROUP_DESC, dh_group, a);
708 a = new_isakmp_attribute_16(IKE_ATTRIB_AUTH_METHOD, auth, a);
709 a = new_isakmp_attribute_16(IKE_ATTRIB_HASH, hash, a);
710 a = new_isakmp_attribute_16(IKE_ATTRIB_ENC, crypt, a);
711 if (keylen != 0)
712 a = new_isakmp_attribute_16(IKE_ATTRIB_KEY_LENGTH, keylen, a);
713 return a;
714 }
715
716 struct isakmp_payload *make_our_sa_ike(void)
717 {
718 struct isakmp_payload *r = new_isakmp_payload(ISAKMP_PAYLOAD_SA);
719 struct isakmp_payload *t = NULL, *tn;
720 struct isakmp_attribute *a;
721 int dh_grp = get_dh_group_ike()->ike_sa_id;
722 unsigned int auth, crypt, hash, keylen;
723 int i;
724
725 r->u.sa.doi = ISAKMP_DOI_IPSEC;
726 r->u.sa.situation = ISAKMP_IPSEC_SIT_IDENTITY_ONLY;
727 r->u.sa.proposals = new_isakmp_payload(ISAKMP_PAYLOAD_P);
728 r->u.sa.proposals->u.p.prot_id = ISAKMP_IPSEC_PROTO_ISAKMP;
729 for (auth = 0; supp_auth[auth].name != NULL; auth++) {
730 for (crypt = 0; supp_crypt[crypt].name != NULL; crypt++) {
731 if ((supp_crypt[crypt].my_id == GCRY_CIPHER_DES) && (opt_1des == 0))
732 continue;
733 keylen = supp_crypt[crypt].keylen;
734 for (hash = 0; supp_hash[hash].name != NULL; hash++) {
735 tn = t;
736 t = new_isakmp_payload(ISAKMP_PAYLOAD_T);
737 t->u.t.id = ISAKMP_IPSEC_KEY_IKE;
738 a = make_transform_ike(dh_grp, supp_crypt[crypt].ike_sa_id,
739 supp_hash[hash].ike_sa_id, keylen, supp_auth[auth].ike_sa_id);
740 t->u.t.attributes = a;
741 t->next = tn;
742 }
743 }
744 }
745 for (i = 0, tn = t; tn; tn = tn->next)
746 tn->u.t.number = i++;
747 r->u.sa.proposals->u.p.transforms = t;
748 return r;
749 }
750
751 void do_phase_1(const char *key_id, const char *shared_key, struct sa_block *s)
752 {
753 unsigned char i_nonce[20];
754 struct group *dh_grp;
755 unsigned char *dh_public;
756 unsigned char *returned_hash;
757 static const uint8_t xauth_vid[] = XAUTH_VENDOR_ID;
758 static const uint8_t unity_vid[] = UNITY_VENDOR_ID;
759 static const uint8_t unknown_vid[] = UNKNOWN_VENDOR_ID;
760 static const uint8_t natt_vid[] = NATT_VENDOR_ID; /* NAT traversal */
761 #if 0
762 static const uint8_t dpd_vid[] = DPD_VENDOR_ID; /* dead peer detection */
763 static const uint8_t my_vid[] = {
764 0x35, 0x53, 0x07, 0x6c, 0x4f, 0x65, 0x12, 0x68, 0x02, 0x82, 0xf2, 0x15,
765 0x8a, 0xa8, 0xa0, 0x9e
766 };
767 #endif
768
769 struct isakmp_packet *p1;
770 int seen_natt_vid = 0, seen_natd = 0, seen_natd_them = 0, seen_natd_us = 0, natd_type = 0;
771 unsigned char *natd_us = NULL, *natd_them = NULL;
772
773 DEBUG(2, printf("S4.1\n"));
774 gcry_randomize(s->i_cookie, ISAKMP_COOKIE_LENGTH, GCRY_STRONG_RANDOM);
775 s->do_pfs = -1;
776 if (s->i_cookie[0] == 0)
777 s->i_cookie[0] = 1;
778 hex_dump("i_cookie", s->i_cookie, ISAKMP_COOKIE_LENGTH);
779 gcry_randomize(i_nonce, sizeof(i_nonce), GCRY_STRONG_RANDOM);
780 hex_dump("i_nonce", i_nonce, sizeof(i_nonce));
781 DEBUG(2, printf("S4.2\n"));
782 /* Set up the Diffie-Hellman stuff. */
783 {
784 dh_grp = group_get(get_dh_group_ike()->my_id);
785 dh_public = xallocc(dh_getlen(dh_grp));
786 dh_create_exchange(dh_grp, dh_public);
787 hex_dump("dh_public", dh_public, dh_getlen(dh_grp));
788 }
789
790 DEBUG(2, printf("S4.3\n"));
791 /* Create the first packet. */
792 {
793 struct isakmp_payload *l;
794 uint8_t *pkt;
795 size_t pkt_len;
796
797 p1 = new_isakmp_packet();
798 memcpy(p1->i_cookie, s->i_cookie, ISAKMP_COOKIE_LENGTH);
799 p1->isakmp_version = ISAKMP_VERSION;
800 p1->exchange_type = ISAKMP_EXCHANGE_AGGRESSIVE;
801 p1->payload = l = make_our_sa_ike();
802 l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_KE, dh_public, dh_getlen(dh_grp));
803 l->next->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_NONCE,
804 i_nonce, sizeof(i_nonce));
805 l = l->next->next;
806 l->next = new_isakmp_payload(ISAKMP_PAYLOAD_ID);
807 l = l->next;
808 l->u.id.type = ISAKMP_IPSEC_ID_KEY_ID;
809 l->u.id.protocol = IPPROTO_UDP;
810 l->u.id.port = ntohs(local_port);
811 l->u.id.length = strlen(key_id);
812 l->u.id.data = xallocc(l->u.id.length);
813 memcpy(l->u.id.data, key_id, strlen(key_id));
814 l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
815 xauth_vid, sizeof(xauth_vid));
816 l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
817 unity_vid, sizeof(unity_vid));
818 if (!config[CONFIG_DISABLE_NATT])
819 l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
820 natt_vid, sizeof(natt_vid));
821 #if 0
822 l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
823 dpd_vid, sizeof(dpd_vid));
824 #endif
825 flatten_isakmp_packet(p1, &pkt, &pkt_len, 0);
826
827 /* Now, send that packet and receive a new one. */
828 r_length = sendrecv(r_packet, sizeof(r_packet), pkt, pkt_len, 0);
829 free(pkt);
830 }
831 DEBUG(2, printf("S4.4\n"));
832 /* Decode the recieved packet. */
833 {
834 struct isakmp_packet *r;
835 int reject;
836 struct isakmp_payload *rp;
837 struct isakmp_payload *nonce = NULL;
838 struct isakmp_payload *ke = NULL;
839 struct isakmp_payload *hash = NULL;
840 struct isakmp_payload *idp = NULL;
841 int seen_sa = 0, seen_xauth_vid = 0;
842 unsigned char *skeyid;
843 gcry_md_hd_t skeyid_ctx;
844
845 reject = 0;
846 r = parse_isakmp_packet(r_packet, r_length, &reject);
847
848 /* Verify the correctness of the recieved packet. */
849 if (reject == 0 && memcmp(r->i_cookie, s->i_cookie, ISAKMP_COOKIE_LENGTH) != 0)
850 reject = ISAKMP_N_INVALID_COOKIE;
851 if (reject == 0)
852 memcpy(s->r_cookie, r->r_cookie, ISAKMP_COOKIE_LENGTH);
853 if (reject == 0 && r->exchange_type != ISAKMP_EXCHANGE_AGGRESSIVE)
854 reject = ISAKMP_N_INVALID_EXCHANGE_TYPE;
855 if (reject == 0 && r->flags != 0)
856 reject = ISAKMP_N_INVALID_FLAGS;
857 if (reject == 0 && r->message_id != 0)
858 reject = ISAKMP_N_INVALID_MESSAGE_ID;
859 if (reject != 0)
860 error(1, 0, "response was invalid [1]: %s", isakmp_notify_to_error(reject));
861 for (rp = r->payload; rp && reject == 0; rp = rp->next)
862 switch (rp->type) {
863 case ISAKMP_PAYLOAD_SA:
864 if (reject == 0 && rp->u.sa.doi != ISAKMP_DOI_IPSEC)
865 reject = ISAKMP_N_DOI_NOT_SUPPORTED;
866 if (reject == 0 &&
867 rp->u.sa.situation != ISAKMP_IPSEC_SIT_IDENTITY_ONLY)
868 reject = ISAKMP_N_SITUATION_NOT_SUPPORTED;
869 if (reject == 0 &&
870 (rp->u.sa.proposals == NULL
871 || rp->u.sa.proposals->next != NULL))
872 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
873 if (reject == 0 &&
874 rp->u.sa.proposals->u.p.prot_id !=
875 ISAKMP_IPSEC_PROTO_ISAKMP)
876 reject = ISAKMP_N_INVALID_PROTOCOL_ID;
877 if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 0)
878 reject = ISAKMP_N_INVALID_SPI;
879 if (reject == 0 &&
880 (rp->u.sa.proposals->u.p.transforms == NULL
881 || rp->u.sa.proposals->u.p.transforms->next !=
882 NULL))
883 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
884 if (reject == 0 &&
885 (rp->u.sa.proposals->u.p.transforms->u.t.id
886 != ISAKMP_IPSEC_KEY_IKE))
887 reject = ISAKMP_N_INVALID_TRANSFORM_ID;
888 if (reject == 0) {
889 struct isakmp_attribute *a
890 =
891 rp->u.sa.proposals->u.p.transforms->u.t.attributes;
892 int seen_enc = 0, seen_hash = 0, seen_auth = 0;
893 int seen_group = 0, seen_keylen = 0;
894 for (; a && reject == 0; a = a->next)
895 switch (a->type) {
896 case IKE_ATTRIB_GROUP_DESC:
897 if (a->af == isakmp_attr_16 &&
898 a->u.attr_16 ==
899 get_dh_group_ike()->ike_sa_id)
900 seen_group = 1;
901 else
902 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
903 break;
904 case IKE_ATTRIB_AUTH_METHOD:
905 if (a->af == isakmp_attr_16)
906 seen_auth = a->u.attr_16;
907 else
908 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
909 break;
910 case IKE_ATTRIB_HASH:
911 if (a->af == isakmp_attr_16)
912 seen_hash = a->u.attr_16;
913 else
914 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
915 break;
916 case IKE_ATTRIB_ENC:
917 if (a->af == isakmp_attr_16)
918 seen_enc = a->u.attr_16;
919 else
920 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
921 break;
922 case IKE_ATTRIB_KEY_LENGTH:
923 if (a->af == isakmp_attr_16)
924 seen_keylen = a->u.attr_16;
925 else
926 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
927 break;
928 case IKE_ATTRIB_LIFE_TYPE:
929 case IKE_ATTRIB_LIFE_DURATION:
930 break;
931 default:
932 DEBUG(1, printf
933 ("unknown attribute %d, arborting..\n",
934 a->type));
935 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
936 break;
937 }
938 if (!seen_group || !seen_auth || !seen_hash || !seen_enc)
939 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
940
941 if (get_algo(SUPP_ALGO_AUTH, SUPP_ALGO_IKE_SA, seen_auth,
942 NULL, 0) == NULL)
943 reject = ISAKMP_N_NO_PROPOSAL_CHOSEN;
944 if (get_algo(SUPP_ALGO_HASH, SUPP_ALGO_IKE_SA, seen_hash,
945 NULL, 0) == NULL)
946 reject = ISAKMP_N_NO_PROPOSAL_CHOSEN;
947 if (get_algo(SUPP_ALGO_CRYPT, SUPP_ALGO_IKE_SA, seen_enc,
948 NULL, seen_keylen) == NULL)
949 reject = ISAKMP_N_NO_PROPOSAL_CHOSEN;
950
951 if (reject == 0) {
952 seen_sa = 1;
953 s->auth_algo = seen_auth;
954 s->cry_algo =
955 get_algo(SUPP_ALGO_CRYPT, SUPP_ALGO_IKE_SA,
956 seen_enc, NULL, seen_keylen)->my_id;
957 s->md_algo =
958 get_algo(SUPP_ALGO_HASH, SUPP_ALGO_IKE_SA,
959 seen_hash, NULL, 0)->my_id;
960 s->md_len = gcry_md_get_algo_dlen(s->md_algo);
961 DEBUG(1, printf("IKE SA selected %s-%s-%s\n",
962 get_algo(SUPP_ALGO_AUTH,
963 SUPP_ALGO_IKE_SA, seen_auth,
964 NULL, 0)->name,
965 get_algo(SUPP_ALGO_CRYPT,
966 SUPP_ALGO_IKE_SA, seen_enc,
967 NULL, seen_keylen)->name,
968 get_algo(SUPP_ALGO_HASH,
969 SUPP_ALGO_IKE_SA, seen_hash,
970 NULL, 0)->name));
971 }
972 }
973 break;
974
975 case ISAKMP_PAYLOAD_ID:
976 idp = rp;
977 break;
978 case ISAKMP_PAYLOAD_KE:
979 ke = rp;
980 break;
981 case ISAKMP_PAYLOAD_NONCE:
982 nonce = rp;
983 break;
984 case ISAKMP_PAYLOAD_HASH:
985 hash = rp;
986 break;
987 case ISAKMP_PAYLOAD_VID:
988 if (rp->u.vid.length == sizeof(xauth_vid)
989 && memcmp(rp->u.vid.data, xauth_vid,
990 sizeof(xauth_vid)) == 0)
991 seen_xauth_vid = 1;
992 else if (rp->u.vid.length == sizeof(natt_vid)
993 && memcmp(rp->u.vid.data, natt_vid,
994 sizeof(natt_vid)) == 0)
995 seen_natt_vid = 1;
996 break;
997 case ISAKMP_PAYLOAD_NAT_D_OLD:
998 case ISAKMP_PAYLOAD_NAT_D:
999 natd_type = rp->type;
1000 DEBUG(2, printf("peer is using type %d for NAT-Discovery payloads\n", natd_type));
1001 if (!seen_sa || !seen_natt_vid) {
1002 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1003 } else if (config[CONFIG_DISABLE_NATT]) {
1004 ;
1005 } else if (rp->u.natd.length != s->md_len) {
1006 reject = ISAKMP_N_PAYLOAD_MALFORMED;
1007 } else if (seen_natd == 0) {
1008 gcry_md_hd_t hm;
1009 natd_us = xallocc(s->md_len);
1010 natd_them = xallocc(s->md_len);
1011 memcpy(natd_us, rp->u.natd.data, s->md_len);
1012 gcry_md_open(&hm, s->md_algo, 0);
1013 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1014 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1015 gcry_md_write(hm, &((struct sockaddr_in *)dest_addr)->sin_addr,
1016 sizeof(struct in_addr));
1017 gcry_md_write(hm, &((struct sockaddr_in *)dest_addr)->sin_port,
1018 sizeof(uint16_t));
1019 gcry_md_final(hm);
1020 memcpy(natd_them, gcry_md_read(hm, 0), s->md_len);
1021 gcry_md_close(hm);
1022 seen_natd = 1;
1023 } else {
1024 if (memcmp(natd_them, rp->u.natd.data, s->md_len) == 0)
1025 seen_natd_them = 1;
1026 }
1027 break;
1028 default:
1029 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1030 break;
1031 }
1032
1033 if (reject == 0) {
1034 gcry_cipher_algo_info(s->cry_algo, GCRYCTL_GET_BLKLEN, NULL, &(s->ivlen));
1035 gcry_cipher_algo_info(s->cry_algo, GCRYCTL_GET_KEYLEN, NULL, &(s->keylen));
1036 }
1037
1038 if (reject == 0 && (ke == NULL || ke->u.ke.length != dh_getlen(dh_grp)))
1039 reject = ISAKMP_N_INVALID_KEY_INFORMATION;
1040 if (reject == 0 && nonce == NULL)
1041 reject = ISAKMP_N_INVALID_HASH_INFORMATION;
1042 if (reject != 0)
1043 error(1, 0, "response was invalid [2]: %s", isakmp_notify_to_error(reject));
1044 if (reject == 0 && idp == NULL)
1045 reject = ISAKMP_N_INVALID_ID_INFORMATION;
1046 if (reject == 0 && (hash == NULL || hash->u.hash.length != s->md_len))
1047 reject = ISAKMP_N_INVALID_HASH_INFORMATION;
1048 if (reject != 0)
1049 error(1, 0, "response was invalid [3]: %s", isakmp_notify_to_error(reject));
1050
1051 /* Generate SKEYID. */
1052 {
1053 gcry_md_open(&skeyid_ctx, s->md_algo, GCRY_MD_FLAG_HMAC);
1054 gcry_md_setkey(skeyid_ctx, shared_key, strlen(shared_key));
1055 gcry_md_write(skeyid_ctx, i_nonce, sizeof(i_nonce));
1056 gcry_md_write(skeyid_ctx, nonce->u.nonce.data, nonce->u.nonce.length);
1057 gcry_md_final(skeyid_ctx);
1058 skeyid = gcry_md_read(skeyid_ctx, 0);
1059 hex_dump("skeyid", skeyid, s->md_len);
1060 }
1061
1062 /* Verify the hash. */
1063 {
1064 gcry_md_hd_t hm;
1065 unsigned char *expected_hash;
1066 uint8_t *sa_f, *idi_f, *idp_f;
1067 size_t sa_size, idi_size, idp_size;
1068 struct isakmp_payload *sa, *idi;
1069
1070 sa = p1->payload;
1071 for (idi = sa; idi->type != ISAKMP_PAYLOAD_ID; idi = idi->next) ;
1072 sa->next = NULL;
1073 idi->next = NULL;
1074 idp->next = NULL;
1075 flatten_isakmp_payload(sa, &sa_f, &sa_size);
1076 flatten_isakmp_payload(idi, &idi_f, &idi_size);
1077 flatten_isakmp_payload(idp, &idp_f, &idp_size);
1078
1079 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
1080 gcry_md_setkey(hm, skeyid, s->md_len);
1081 gcry_md_write(hm, ke->u.ke.data, ke->u.ke.length);
1082 gcry_md_write(hm, dh_public, dh_getlen(dh_grp));
1083 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1084 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1085 gcry_md_write(hm, sa_f + 4, sa_size - 4);
1086 gcry_md_write(hm, idp_f + 4, idp_size - 4);
1087 gcry_md_final(hm);
1088 expected_hash = gcry_md_read(hm, 0);
1089
1090 if (memcmp(expected_hash, hash->u.hash.data, s->md_len) != 0) {
1091 error(1, 0, "hash comparison failed: %s\ncheck group password!",
1092 isakmp_notify_to_error(ISAKMP_N_AUTHENTICATION_FAILED));
1093 }
1094 gcry_md_close(hm);
1095
1096 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
1097 gcry_md_setkey(hm, skeyid, s->md_len);
1098 gcry_md_write(hm, dh_public, dh_getlen(dh_grp));
1099 gcry_md_write(hm, ke->u.ke.data, ke->u.ke.length);
1100 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1101 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1102 gcry_md_write(hm, sa_f + 4, sa_size - 4);
1103 gcry_md_write(hm, idi_f + 4, idi_size - 4);
1104 gcry_md_final(hm);
1105 returned_hash = xallocc(s->md_len);
1106 memcpy(returned_hash, gcry_md_read(hm, 0), s->md_len);
1107 gcry_md_close(hm);
1108 hex_dump("returned_hash", returned_hash, s->md_len);
1109
1110 free(sa_f);
1111 free(idi);
1112 free(idp);
1113 }
1114
1115 /* Determine all the SKEYID_x keys. */
1116 {
1117 gcry_md_hd_t hm;
1118 int i;
1119 static const unsigned char c012[3] = { 0, 1, 2 };
1120 unsigned char *skeyid_e;
1121 unsigned char *dh_shared_secret;
1122
1123 /* Determine the shared secret. */
1124 dh_shared_secret = xallocc(dh_getlen(dh_grp));
1125 dh_create_shared(dh_grp, dh_shared_secret, ke->u.ke.data);
1126 hex_dump("dh_shared_secret", dh_shared_secret, dh_getlen(dh_grp));
1127
1128 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
1129 gcry_md_setkey(hm, skeyid, s->md_len);
1130 gcry_md_write(hm, dh_shared_secret, dh_getlen(dh_grp));
1131 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1132 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1133 gcry_md_write(hm, c012 + 0, 1);
1134 gcry_md_final(hm);
1135 s->skeyid_d = xallocc(s->md_len);
1136 memcpy(s->skeyid_d, gcry_md_read(hm, 0), s->md_len);
1137 gcry_md_close(hm);
1138 hex_dump("skeyid_d", s->skeyid_d, s->md_len);
1139
1140 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
1141 gcry_md_setkey(hm, skeyid, s->md_len);
1142 gcry_md_write(hm, s->skeyid_d, s->md_len);
1143 gcry_md_write(hm, dh_shared_secret, dh_getlen(dh_grp));
1144 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1145 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1146 gcry_md_write(hm, c012 + 1, 1);
1147 gcry_md_final(hm);
1148 s->skeyid_a = xallocc(s->md_len);
1149 memcpy(s->skeyid_a, gcry_md_read(hm, 0), s->md_len);
1150 gcry_md_close(hm);
1151 hex_dump("skeyid_a", s->skeyid_a, s->md_len);
1152
1153 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
1154 gcry_md_setkey(hm, skeyid, s->md_len);
1155 gcry_md_write(hm, s->skeyid_a, s->md_len);
1156 gcry_md_write(hm, dh_shared_secret, dh_getlen(dh_grp));
1157 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1158 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1159 gcry_md_write(hm, c012 + 2, 1);
1160 gcry_md_final(hm);
1161 skeyid_e = xallocc(s->md_len);
1162 memcpy(skeyid_e, gcry_md_read(hm, 0), s->md_len);
1163 gcry_md_close(hm);
1164 hex_dump("skeyid_e", skeyid_e, s->md_len);
1165
1166 memset(dh_shared_secret, 0, sizeof(dh_shared_secret));
1167
1168 /* Determine the IKE encryption key. */
1169 s->key = xallocc(s->keylen);
1170
1171 if (s->keylen > s->md_len) {
1172 for (i = 0; i * s->md_len < s->keylen; i++) {
1173 gcry_md_open(&hm, s->md_algo, GCRY_MD_FLAG_HMAC);
1174 gcry_md_setkey(hm, skeyid_e, s->md_len);
1175 if (i == 0)
1176 gcry_md_write(hm, "" /* &'\0' */ , 1);
1177 else
1178 gcry_md_write(hm, s->key + (i - 1) * s->md_len,
1179 s->md_len);
1180 gcry_md_final(hm);
1181 memcpy(s->key + i * s->md_len, gcry_md_read(hm, 0),
1182 min(s->md_len, s->keylen - i * s->md_len));
1183 gcry_md_close(hm);
1184 }
1185 } else { /* keylen <= md_len */
1186 memcpy(s->key, skeyid_e, s->keylen);
1187 }
1188 hex_dump("enc-key", s->key, s->keylen);
1189
1190 memset(skeyid_e, 0, s->md_len);
1191 }
1192
1193 /* Determine the initial IV. */
1194 {
1195 gcry_md_hd_t hm;
1196
1197 assert(s->ivlen <= s->md_len);
1198 gcry_md_open(&hm, s->md_algo, 0);
1199 gcry_md_write(hm, dh_public, dh_getlen(dh_grp));
1200 gcry_md_write(hm, ke->u.ke.data, ke->u.ke.length);
1201 gcry_md_final(hm);
1202 s->current_iv = xallocc(s->ivlen);
1203 memcpy(s->current_iv, gcry_md_read(hm, 0), s->ivlen);
1204 gcry_md_close(hm);
1205 hex_dump("current_iv", s->current_iv, s->ivlen);
1206 memset(s->current_iv_msgid, 0, 4);
1207 }
1208
1209 gcry_md_close(skeyid_ctx);
1210 }
1211
1212 DEBUG(2, printf("S4.5\n"));
1213 /* Send final phase 1 packet. */
1214 {
1215 struct isakmp_packet *p2;
1216 uint8_t *p2kt;
1217 size_t p2kt_len;
1218 struct isakmp_payload *pl;
1219
1220 p2 = new_isakmp_packet();
1221 memcpy(p2->i_cookie, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1222 memcpy(p2->r_cookie, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1223 p2->flags = ISAKMP_FLAG_E;
1224 p2->isakmp_version = ISAKMP_VERSION;
1225 p2->exchange_type = ISAKMP_EXCHANGE_AGGRESSIVE;
1226 p2->payload = new_isakmp_data_payload(ISAKMP_PAYLOAD_HASH,
1227 returned_hash, s->md_len);
1228 p2->payload->next = pl = new_isakmp_payload(ISAKMP_PAYLOAD_N);
1229 pl->u.n.doi = ISAKMP_DOI_IPSEC;
1230 pl->u.n.protocol = ISAKMP_IPSEC_PROTO_ISAKMP;
1231 pl->u.n.type = ISAKMP_N_IPSEC_INITIAL_CONTACT;
1232 pl->u.n.spi_length = 2 * ISAKMP_COOKIE_LENGTH;
1233 pl->u.n.spi = xallocc(2 * ISAKMP_COOKIE_LENGTH);
1234 memcpy(pl->u.n.spi + ISAKMP_COOKIE_LENGTH * 0, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1235 memcpy(pl->u.n.spi + ISAKMP_COOKIE_LENGTH * 1, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1236 pl = pl->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
1237 unknown_vid, sizeof(unknown_vid));
1238 pl = pl->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
1239 unity_vid, sizeof(unity_vid));
1240
1241 /* include NAT traversal discovery payloads */
1242 if (seen_natt_vid) {
1243 assert(natd_type != 0);
1244 pl = pl->next = new_isakmp_data_payload(natd_type,
1245 natd_them, s->md_len);
1246 /* this could be repeated fo any known outbound interfaces */
1247 {
1248 gcry_md_hd_t hm;
1249 struct sockaddr_in src_addr;
1250 src_addr.sin_port=local_port;
1251 find_local_addr((struct sockaddr_in *)dest_addr, &src_addr);
1252 gcry_md_open(&hm, s->md_algo, 0);
1253 gcry_md_write(hm, s->i_cookie, ISAKMP_COOKIE_LENGTH);
1254 gcry_md_write(hm, s->r_cookie, ISAKMP_COOKIE_LENGTH);
1255 gcry_md_write(hm, &src_addr.sin_addr, sizeof(struct in_addr));
1256 gcry_md_write(hm, &local_port, sizeof(uint16_t));
1257 gcry_md_final(hm);
1258 pl = pl->next = new_isakmp_data_payload(natd_type,
1259 gcry_md_read(hm, 0), s->md_len);
1260 if (seen_natd && memcmp(natd_us, pl->u.ke.data, s->md_len) == 0)
1261 seen_natd_us = 1;
1262 gcry_md_close(hm);
1263 }
1264 if (seen_natd) {
1265 free(natd_us);
1266 free(natd_them);
1267 }
1268 /* if there is a NAT, change to port 4500 and select UDP encap */
1269 if (!seen_natd_us || !seen_natd_them) {
1270 DEBUG(1, printf("NAT status: this end behind NAT? %s -- remote end behind NAT? %s\n",
1271 seen_natd_us ? "no" : "YES", seen_natd_them ? "no" : "YES"));
1272 switch (natd_type) {
1273 case ISAKMP_PAYLOAD_NAT_D:
1274 encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
1275 break;
1276 case ISAKMP_PAYLOAD_NAT_D_OLD:
1277 encap_mode = IPSEC_ENCAP_UDP_TUNNEL_OLD;
1278 break;
1279 default:
1280 abort();
1281 }
1282 ((struct sockaddr_in *)dest_addr)->sin_port = htons(4500);
1283 if (local_port == htons(500)) {
1284 close(sockfd);
1285 sockfd = make_socket(local_port = htons(4500));
1286 }
1287 } else {
1288 DEBUG(1, printf("NAT status: NAT-T VID seen, no NAT device detected\n"));
1289 }
1290 } else {
1291 DEBUG(1, printf("NAT status: no NAT-T VID seen\n"));
1292 }
1293
1294
1295 flatten_isakmp_packet(p2, &p2kt, &p2kt_len, s->ivlen);
1296 free_isakmp_packet(p2);
1297 isakmp_crypt(s, p2kt, p2kt_len, 1);
1298
1299 s->initial_iv = xallocc(s->ivlen);
1300 memcpy(s->initial_iv, s->current_iv, s->ivlen);
1301 hex_dump("initial_iv", s->initial_iv, s->ivlen);
1302
1303 /* Now, send that packet and receive a new one. */
1304 r_length = sendrecv(r_packet, sizeof(r_packet), p2kt, p2kt_len, 0);
1305 free(p2kt);
1306 }
1307 DEBUG(2, printf("S4.6\n"));
1308
1309 free(returned_hash);
1310 }
1311
1312 static int do_phase2_notice_check(struct sa_block *s, struct isakmp_packet **r_p)
1313 {
1314 int reject = 0, old_connection = 0;
1315 struct isakmp_packet *r;
1316
1317 while (1) {
1318 reject = unpack_verify_phase2(s, r_packet, r_length, r_p, NULL, 0);
1319 if (reject == ISAKMP_N_INVALID_COOKIE) {
1320 r_length = sendrecv(r_packet, sizeof(r_packet), NULL, 0, 0);
1321 old_connection = 1;
1322 continue;
1323 }
1324 r = *r_p;
1325
1326 /* check for notices */
1327 if (r->exchange_type == ISAKMP_EXCHANGE_INFORMATIONAL &&
1328 r->payload->next != NULL) {
1329 if (r->payload->next->type == ISAKMP_PAYLOAD_N) {
1330 if (r->payload->next->u.n.type == ISAKMP_N_CISCO_LOAD_BALANCE) {
1331 /* load balancing notice ==> restart with new gw */
1332 if (r->payload->next->u.n.data_length != 4)
1333 error(1, 0, "malformed loadbalance target");
1334 memcpy(&((struct sockaddr_in *)dest_addr)->sin_addr,
1335 r->payload->next->u.n.data, 4);
1336 ((struct sockaddr_in *)dest_addr)->sin_port = htons(ISAKMP_PORT);
1337 encap_mode = IPSEC_ENCAP_TUNNEL;
1338 if (local_port == htons(4500)) {
1339 close(sockfd);
1340 sockfd = make_socket(local_port = htons(500));
1341 }
1342 DEBUG(2, printf("got cisco loadbalancing notice, diverting to %s\n",
1343 inet_ntoa(((struct sockaddr_in *)dest_addr)->
1344 sin_addr)));
1345 return -1;
1346 }
1347 if (r->payload->next->u.n.type == ISAKMP_N_IPSEC_RESPONDER_LIFETIME) {
1348 /* responder liftime notice ==> ignore */
1349 DEBUG(2, printf("got responder liftime notice, ignoring..\n"));
1350 r_length = sendrecv(r_packet, sizeof(r_packet), NULL, 0, 0);
1351 continue;
1352 }
1353 }
1354 if (r->payload->next->type == ISAKMP_PAYLOAD_D && old_connection) {
1355 /* responder liftime notice ==> ignore */
1356 DEBUG(2, printf("got delete for old connection, ignoring..\n"));
1357 r_length = sendrecv(r_packet, sizeof(r_packet), NULL, 0, 0);
1358 continue;
1359 }
1360 }
1361
1362 break;
1363 }
1364 return reject;
1365 }
1366
1367 static int do_phase_2_xauth(struct sa_block *s)
1368 {
1369 struct isakmp_packet *r;
1370 int loopcount;
1371
1372 DEBUG(2, printf("S5.1\n"));
1373 /* This can go around for a while. */
1374 for (loopcount = 0;; loopcount++) {
1375 int reject;
1376 struct isakmp_payload *rp;
1377 struct isakmp_attribute *a, *ap, *reply_attr;
1378 char ntop_buf[32];
1379 int seen_answer = 0;
1380
1381 DEBUG(2, printf("S5.2\n"));
1382
1383 /* recv and check for notices */
1384 reject = do_phase2_notice_check(s, &r);
1385 if (reject == -1)
1386 return 1;
1387
1388 DEBUG(2, printf("S5.3\n"));
1389 /* Check the transaction type is OK. */
1390 if (reject == 0 && r->exchange_type != ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
1391 reject = ISAKMP_N_INVALID_EXCHANGE_TYPE;
1392
1393 /* After the hash, expect an attribute block. */
1394 if (reject == 0
1395 && (r->payload->next == NULL
1396 || r->payload->next->next != NULL
1397 || r->payload->next->type != ISAKMP_PAYLOAD_MODECFG_ATTR))
1398 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1399
1400 if (reject == 0 && r->payload->next->u.modecfg.type == ISAKMP_MODECFG_CFG_SET)
1401 break;
1402 if (reject == 0 && r->payload->next->u.modecfg.type != ISAKMP_MODECFG_CFG_REQUEST)
1403 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1404
1405 if (reject != 0)
1406 phase2_fatal(s, "expected xauth packet; rejected: %s", reject);
1407
1408 DEBUG(2, printf("S5.4\n"));
1409 a = r->payload->next->u.modecfg.attributes;
1410 /* First, print any messages, and verify that we understand the
1411 * conversation. */
1412 for (ap = a; ap && seen_answer == 0; ap = ap->next)
1413 if (ap->type == ISAKMP_XAUTH_ATTRIB_ANSWER)
1414 seen_answer = 1;
1415
1416 for (ap = a; ap && reject == 0; ap = ap->next)
1417 switch (ap->type) {
1418 case ISAKMP_XAUTH_ATTRIB_TYPE:
1419 if (ap->af != isakmp_attr_16 || ap->u.attr_16 != 0)
1420 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1421 break;
1422 case ISAKMP_XAUTH_ATTRIB_USER_NAME:
1423 case ISAKMP_XAUTH_ATTRIB_USER_PASSWORD:
1424 case ISAKMP_XAUTH_ATTRIB_PASSCODE:
1425 case ISAKMP_XAUTH_ATTRIB_DOMAIN:
1426 case ISAKMP_XAUTH_ATTRIB_ANSWER:
1427 case ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR:
1428 break;
1429 case ISAKMP_XAUTH_ATTRIB_MESSAGE:
1430 if (opt_debug || seen_answer || config[CONFIG_XAUTH_INTERACTIVE]) {
1431 if (ap->af == isakmp_attr_16)
1432 printf("%c%c\n", ap->u.attr_16 >> 8, ap->u.attr_16);
1433 else
1434 printf("%.*s%s", ap->u.lots.length, ap->u.lots.data,
1435 ((ap->u.lots.data
1436 && ap->u.lots.data[ap->u.
1437 lots.length - 1] !=
1438 '\n')
1439 ? "\n" : ""));
1440 }
1441 break;
1442 default:
1443 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1444 }
1445 DEBUG(2, printf("S5.5\n"));
1446 if (reject != 0)
1447 phase2_fatal(s, "xauth packet unsupported: %s", reject);
1448
1449 inet_ntop(dest_addr->sa_family,
1450 &((struct sockaddr_in *)dest_addr)->sin_addr, ntop_buf, sizeof(ntop_buf));
1451
1452 /* Collect data from the user. */
1453 reply_attr = NULL;
1454 for (ap = a; ap && reject == 0; ap = ap->next)
1455 switch (ap->type) {
1456 case ISAKMP_XAUTH_ATTRIB_DOMAIN:
1457 {
1458 struct isakmp_attribute *na;
1459 na = new_isakmp_attribute(ap->type, reply_attr);
1460 reply_attr = na;
1461 na->u.lots.length = strlen(config[CONFIG_DOMAIN]);
1462 if (na->u.lots.length == 0)
1463 error(1, 0,
1464 "server requested domain, but none set (use \"Domain ...\" in config or --domain");
1465 na->u.lots.data = xallocc(na->u.lots.length);
1466 memcpy(na->u.lots.data, config[CONFIG_DOMAIN],
1467 na->u.lots.length);
1468 break;
1469 }
1470 case ISAKMP_XAUTH_ATTRIB_USER_NAME:
1471 {
1472 struct isakmp_attribute *na;
1473 na = new_isakmp_attribute(ap->type, reply_attr);
1474 reply_attr = na;
1475 na->u.lots.length = strlen(config[CONFIG_XAUTH_USERNAME]);
1476 na->u.lots.data = xallocc(na->u.lots.length);
1477 memcpy(na->u.lots.data, config[CONFIG_XAUTH_USERNAME],
1478 na->u.lots.length);
1479 break;
1480 }
1481 case ISAKMP_XAUTH_ATTRIB_ANSWER:
1482 case ISAKMP_XAUTH_ATTRIB_USER_PASSWORD:
1483 case ISAKMP_XAUTH_ATTRIB_PASSCODE:
1484 if (seen_answer || config[CONFIG_XAUTH_INTERACTIVE]) {
1485 char *pass, *prompt = NULL;
1486 struct isakmp_attribute *na;
1487
1488 asprintf(&prompt, "%s for VPN %s@%s: ",
1489 (ap->type == ISAKMP_XAUTH_ATTRIB_ANSWER) ?
1490 "Answer" :
1491 (ap->type == ISAKMP_XAUTH_ATTRIB_USER_PASSWORD) ?
1492 "Password" : "Passcode",
1493 config[CONFIG_XAUTH_USERNAME], ntop_buf);
1494 pass = getpass(prompt);
1495 free(prompt);
1496
1497 na = new_isakmp_attribute(ap->type, reply_attr);
1498 reply_attr = na;
1499 na->u.lots.length = strlen(pass);
1500 na->u.lots.data = xallocc(na->u.lots.length);
1501 memcpy(na->u.lots.data, pass, na->u.lots.length);
1502 memset(pass, 0, na->u.lots.length);
1503 } else {
1504 struct isakmp_attribute *na;
1505 na = new_isakmp_attribute(ap->type, reply_attr);
1506 reply_attr = na;
1507 na->u.lots.length = strlen(config[CONFIG_XAUTH_PASSWORD]);
1508 na->u.lots.data = xallocc(na->u.lots.length);
1509 memcpy(na->u.lots.data, config[CONFIG_XAUTH_PASSWORD],
1510 na->u.lots.length);
1511 }
1512 break;
1513 default:
1514 ;
1515 }
1516
1517 /* Send the response. */
1518 rp = new_isakmp_payload(ISAKMP_PAYLOAD_MODECFG_ATTR);
1519 rp->u.modecfg.type = ISAKMP_MODECFG_CFG_REPLY;
1520 rp->u.modecfg.id = r->payload->next->u.modecfg.id;
1521 rp->u.modecfg.attributes = reply_attr;
1522 sendrecv_phase2(s, rp, ISAKMP_EXCHANGE_MODECFG_TRANSACTION,
1523 r->message_id, 0, 0, 0, 0, 0, 0, 0);
1524
1525 free_isakmp_packet(r);
1526 }
1527
1528 DEBUG(2, printf("S5.6\n"));
1529 {
1530 /* The final SET should have just one attribute. */
1531 int reject = 0;
1532 struct isakmp_attribute *a = r->payload->next->u.modecfg.attributes;
1533 uint16_t set_result;
1534
1535 if (a == NULL
1536 || a->type != ISAKMP_XAUTH_ATTRIB_STATUS
1537 || a->af != isakmp_attr_16 || a->next != NULL) {
1538 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1539 phase2_fatal(s, "xauth SET response rejected: %s", reject);
1540 }
1541 set_result = a->u.attr_16;
1542
1543 /* ACK the SET. */
1544 r->payload->next->u.modecfg.type = ISAKMP_MODECFG_CFG_ACK;
1545 sendrecv_phase2(s, r->payload->next, ISAKMP_EXCHANGE_MODECFG_TRANSACTION,
1546 r->message_id, 1, 0, 0, 0, 0, 0, 0);
1547 r->payload->next = NULL;
1548 free_isakmp_packet(r);
1549
1550 if (set_result == 0)
1551 error(2, 0, "authentication unsuccessful");
1552 }
1553 DEBUG(2, printf("S5.7\n"));
1554 return 0;
1555 }
1556
1557 static int do_phase_2_config(struct sa_block *s)
1558 {
1559 struct isakmp_payload *rp;
1560 struct isakmp_attribute *a;
1561 struct isakmp_packet *r;
1562 struct utsname uts;
1563 uint32_t msgid;
1564 int reject;
1565 int seen_address = 0;
1566 char *strbuf;
1567
1568 uname(&uts);
1569
1570 gcry_randomize((uint8_t *) & msgid, sizeof(msgid), GCRY_WEAK_RANDOM);
1571 if (msgid == 0)
1572 msgid = 1;
1573
1574 rp = new_isakmp_payload(ISAKMP_PAYLOAD_MODECFG_ATTR);
1575 rp->u.modecfg.type = ISAKMP_MODECFG_CFG_REQUEST;
1576 rp->u.modecfg.id = 20;
1577 a = NULL;
1578
1579 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION, a);
1580 a->u.lots.length = strlen(config[CONFIG_VERSION]);
1581 a->u.lots.data = xallocc(a->u.lots.length);
1582 memcpy(a->u.lots.data, config[CONFIG_VERSION], a->u.lots.length);
1583
1584 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_DDNS_HOSTNAME, a);
1585 a->u.lots.length = strlen(uts.nodename);
1586 a->u.lots.data = xallocc(a->u.lots.length);
1587 memcpy(a->u.lots.data, uts.nodename, a->u.lots.length);
1588
1589 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_BANNER, a);
1590 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_DO_PFS, a);
1591 if (opt_udpencap)
1592 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_UDP_ENCAP_PORT, a);
1593 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN, a);
1594 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS, a);
1595 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS, a);
1596 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK, a);
1597 a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS, a);
1598
1599 rp->u.modecfg.attributes = a;
1600 sendrecv_phase2(s, rp, ISAKMP_EXCHANGE_MODECFG_TRANSACTION, msgid, 0, 0, 0, 0, 0, 0, 0);
1601
1602 /* recv and check for notices */
1603 reject = do_phase2_notice_check(s, &r);
1604 if (reject == -1)
1605 return 1;
1606
1607 /* Check the transaction type & message ID are OK. */
1608 if (reject == 0 && r->message_id != msgid)
1609 reject = ISAKMP_N_INVALID_MESSAGE_ID;
1610 if (reject == 0 && r->exchange_type != ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
1611 reject = ISAKMP_N_INVALID_EXCHANGE_TYPE;
1612
1613 /* After the hash, expect an attribute block. */
1614 if (reject == 0
1615 && (r->payload->next == NULL
1616 || r->payload->next->next != NULL
1617 || r->payload->next->type != ISAKMP_PAYLOAD_MODECFG_ATTR
1618 #if 0
1619 || r->payload->next->u.modecfg.id != 20
1620 #endif
1621 || r->payload->next->u.modecfg.type != ISAKMP_MODECFG_CFG_REPLY))
1622 reject = ISAKMP_N_PAYLOAD_MALFORMED;
1623
1624 if (reject != 0)
1625 phase2_fatal(s, "configuration response rejected: %s", reject);
1626
1627 unsetenv("CISCO_BANNER");
1628 unsetenv("CISCO_DEF_DOMAIN");
1629 unsetenv("INTERNAL_IP4_NBNS");
1630 unsetenv("INTERNAL_IP4_DNS");
1631 unsetenv("INTERNAL_IP4_NETMASK");
1632 unsetenv("INTERNAL_IP4_ADDRESS");
1633
1634 for (a = r->payload->next->u.modecfg.attributes; a && reject == 0; a = a->next)
1635 switch (a->type) {
1636 case ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS:
1637 if (a->af != isakmp_attr_lots || a->u.lots.length != 4)
1638 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1639 else {
1640 addenv_ipv4("INTERNAL_IP4_ADDRESS", a->u.lots.data);
1641 memcpy(s->our_address, a->u.lots.data, 4);
1642 }
1643 seen_address = 1;
1644 break;
1645
1646 case ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK:
1647 if (a->af == isakmp_attr_lots && a->u.lots.length == 0) {
1648 DEBUG(2, printf("ignoring zero length netmask\n"));
1649 continue;
1650 }
1651 if (a->af != isakmp_attr_lots || a->u.lots.length != 4)
1652 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1653 else
1654 addenv_ipv4("INTERNAL_IP4_NETMASK", a->u.lots.data);
1655 break;
1656
1657 case ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS:
1658 if (a->af != isakmp_attr_lots || a->u.lots.length != 4)
1659 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1660 else
1661 addenv_ipv4("INTERNAL_IP4_DNS", a->u.lots.data);
1662 break;
1663
1664 case ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS:
1665 if (a->af != isakmp_attr_lots || a->u.lots.length != 4)
1666 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1667 else
1668 addenv_ipv4("INTERNAL_IP4_NBNS", a->u.lots.data);
1669 break;
1670
1671 case ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN:
1672 if (a->af != isakmp_attr_lots) {
1673 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1674 break;
1675 }
1676 strbuf = xallocc(a->u.lots.length + 1);
1677 memcpy(strbuf, a->u.lots.data, a->u.lots.length);
1678 addenv("CISCO_DEF_DOMAIN", strbuf);
1679 free(strbuf);
1680 break;
1681
1682 case ISAKMP_MODECFG_ATTRIB_CISCO_BANNER:
1683 if (a->af != isakmp_attr_lots) {
1684 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1685 break;
1686 }
1687 strbuf = xallocc(a->u.lots.length + 1);
1688 memcpy(strbuf, a->u.lots.data, a->u.lots.length);
1689 addenv("CISCO_BANNER", strbuf);
1690 free(strbuf);
1691 DEBUG(1, printf("Banner: "));
1692 DEBUG(1, fwrite(a->u.lots.data, a->u.lots.length, 1, stdout));
1693 DEBUG(1, printf("\n"));
1694 break;
1695
1696 case ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION:
1697 DEBUG(2, printf("Remote Application Version: "));
1698 DEBUG(2, fwrite(a->u.lots.data, a->u.lots.length, 1, stdout));
1699 DEBUG(2, printf("\n"));
1700 break;
1701
1702 case ISAKMP_MODECFG_ATTRIB_CISCO_DO_PFS:
1703 if (a->af != isakmp_attr_16)
1704 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1705 else {
1706 s->do_pfs = a->u.attr_16;
1707 DEBUG(2, printf("got pfs setting: %d\n", s->do_pfs));
1708 }
1709 break;
1710
1711 case ISAKMP_MODECFG_ATTRIB_CISCO_UDP_ENCAP_PORT:
1712 if (a->af != isakmp_attr_16)
1713 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1714 else {
1715 s->peer_udpencap_port = a->u.attr_16;
1716 DEBUG(2, printf("got peer udp encapsulation port: %hu\n", s->peer_udpencap_port));
1717 }
1718 break;
1719
1720 default:
1721 DEBUG(2, printf("unknown attriube %d / 0x%X\n", a->type, a->type));
1722 break;
1723 }
1724
1725 if (reject == 0 && !seen_address)
1726 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1727
1728 if (reject != 0)
1729 phase2_fatal(s, "configuration response rejected: %s", reject);
1730
1731 DEBUG(1, printf("got address %s\n", getenv("INTERNAL_IP4_ADDRESS")));
1732 return 0;
1733 }
1734
1735 struct isakmp_attribute *make_transform_ipsec(int dh_group, int hash, int keylen)
1736 {
1737 struct isakmp_attribute *a = NULL;
1738
1739 a = new_isakmp_attribute(ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION, a);
1740 a->af = isakmp_attr_lots;
1741 a->u.lots.length = 4;
1742 a->u.lots.data = xallocc(a->u.lots.length);
1743 *((uint32_t *) a->u.lots.data) = htonl(2147483);
1744 a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE, IPSEC_LIFE_SECONDS, a);
1745
1746 if (dh_group)
1747 a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_GROUP_DESC, dh_group, a);
1748 a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_AUTH_ALG, hash, a);
1749 a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_ENCAP_MODE, encap_mode, a);
1750 if (keylen != 0)
1751 a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_KEY_LENGTH, keylen, a);
1752
1753 return a;
1754 }
1755
1756 struct isakmp_payload *make_our_sa_ipsec(struct sa_block *s)
1757 {
1758 struct isakmp_payload *r = new_isakmp_payload(ISAKMP_PAYLOAD_SA);
1759 struct isakmp_payload *p = NULL, *pn;
1760 struct isakmp_attribute *a;
1761 int dh_grp = get_dh_group_ipsec(s->do_pfs)->ipsec_sa_id;
1762 unsigned int crypt, hash, keylen;
1763 int i;
1764
1765 r = new_isakmp_payload(ISAKMP_PAYLOAD_SA);
1766 r->u.sa.doi = ISAKMP_DOI_IPSEC;
1767 r->u.sa.situation = ISAKMP_IPSEC_SIT_IDENTITY_ONLY;
1768 r->u.sa.proposals = new_isakmp_payload(ISAKMP_PAYLOAD_P);
1769 r->u.sa.proposals->u.p.spi_size = 4;
1770 r->u.sa.proposals->u.p.spi = xallocc(4);
1771 /* The sadb_sa_spi field is already in network order. */
1772 memcpy(r->u.sa.proposals->u.p.spi, &s->tous_esp_spi, 4);
1773 r->u.sa.proposals->u.p.prot_id = ISAKMP_IPSEC_PROTO_IPSEC_ESP;
1774 for (crypt = 0; supp_crypt[crypt].name != NULL; crypt++) {
1775 if ((supp_crypt[crypt].my_id == GCRY_CIPHER_DES) && (opt_1des == 0))
1776 continue;
1777 keylen = supp_crypt[crypt].keylen;
1778 for (hash = 0; supp_hash[hash].name != NULL; hash++) {
1779 pn = p;
1780 p = new_isakmp_payload(ISAKMP_PAYLOAD_P);
1781 p->u.p.spi_size = 4;
1782 p->u.p.spi = xallocc(4);
1783 /* The sadb_sa_spi field is already in network order. */
1784 memcpy(p->u.p.spi, &s->tous_esp_spi, 4);
1785 p->u.p.prot_id = ISAKMP_IPSEC_PROTO_IPSEC_ESP;
1786 p->u.p.transforms = new_isakmp_payload(ISAKMP_PAYLOAD_T);
1787 p->u.p.transforms->u.t.id = supp_crypt[crypt].ipsec_sa_id;
1788 a = make_transform_ipsec(dh_grp, supp_hash[hash].ipsec_sa_id, keylen);
1789 p->u.p.transforms->u.t.attributes = a;
1790 p->next = pn;
1791 }
1792 }
1793 for (i = 0, pn = p; pn; pn = pn->next)
1794 pn->u.p.number = i++;
1795 r->u.sa.proposals = p;
1796 return r;
1797 }
1798
1799 static void setup_link(struct sa_block *s)
1800 {
1801 struct isakmp_payload *rp, *us, *ke = NULL, *them, *nonce_r = NULL;
1802 struct isakmp_packet *r;
1803 struct group *dh_grp = NULL;
1804 uint32_t msgid;
1805 int reject;
1806 uint8_t *p_flat = NULL, *realiv = NULL, realiv_msgid[4];
1807 size_t p_size = 0;
1808 uint8_t nonce[20], *dh_public = NULL;
1809 int ipsec_cry_algo = 0, ipsec_hash_algo = 0, i;
1810
1811 DEBUG(2, printf("S7.1\n"));
1812 /* Set up the Diffie-Hellman stuff. */
1813 if (get_dh_group_ipsec(s->do_pfs)->my_id) {
1814 dh_grp = group_get(get_dh_group_ipsec(s->do_pfs)->my_id);
1815 DEBUG(3, printf("len = %d\n", dh_getlen(dh_grp)));
1816 dh_public = xallocc(dh_getlen(dh_grp));
1817 dh_create_exchange(dh_grp, dh_public);
1818 hex_dump("dh_public", dh_public, dh_getlen(dh_grp));
1819 }
1820
1821 gcry_randomize((uint8_t *) & s->tous_esp_spi, sizeof(s->tous_esp_spi), GCRY_WEAK_RANDOM);
1822 rp = make_our_sa_ipsec(s);
1823 gcry_randomize((uint8_t *) nonce, sizeof(nonce), GCRY_WEAK_RANDOM);
1824 rp->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_NONCE, nonce, sizeof(nonce));
1825
1826 us = new_isakmp_payload(ISAKMP_PAYLOAD_ID);
1827 us->u.id.type = ISAKMP_IPSEC_ID_IPV4_ADDR;
1828 us->u.id.length = 4;
1829 us->u.id.data = xallocc(4);
1830 memcpy(us->u.id.data, s->our_address, sizeof(struct in_addr));
1831 them = new_isakmp_payload(ISAKMP_PAYLOAD_ID);
1832 them->u.id.type = ISAKMP_IPSEC_ID_IPV4_ADDR_SUBNET;
1833 them->u.id.length = 8;
1834 them->u.id.data = xallocc(8);
1835 memset(them->u.id.data, 0, 8);
1836 us->next = them;
1837
1838 if (!dh_grp) {
1839 rp->next->next = us;
1840 } else {
1841 rp->next->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_KE,
1842 dh_public, dh_getlen(dh_grp));
1843 rp->next->next->next = us;
1844 }
1845
1846 gcry_randomize((uint8_t *) & msgid, sizeof(&msgid), GCRY_WEAK_RANDOM);
1847 if (msgid == 0)
1848 msgid = 1;
1849
1850 DEBUG(2, printf("S7.2\n"));
1851 for (i = 0; i < 4; i++) {
1852 sendrecv_phase2(s, rp, ISAKMP_EXCHANGE_IKE_QUICK,
1853 msgid, 0, &p_flat, &p_size, 0, 0, 0, 0);
1854
1855 if (realiv == NULL) {
1856 realiv = xallocc(s->ivlen);
1857 memcpy(realiv, s->current_iv, s->ivlen);
1858 memcpy(realiv_msgid, s->current_iv_msgid, 4);
1859 }
1860
1861 DEBUG(2, printf("S7.3\n"));
1862 reject = unpack_verify_phase2(s, r_packet, r_length, &r, nonce, sizeof(nonce));
1863
1864 DEBUG(2, printf("S7.4\n"));
1865 if (((reject == 0) || (reject == ISAKMP_N_AUTHENTICATION_FAILED))
1866 && r->exchange_type == ISAKMP_EXCHANGE_INFORMATIONAL) {
1867 /* handle notifie responder-lifetime (ignore) */
1868 /* (broken hash => ignore AUTHENTICATION_FAILED) */
1869 if (reject == 0 && r->payload->next->type != ISAKMP_PAYLOAD_N)
1870 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1871
1872 if (reject == 0
1873 && r->payload->next->u.n.type ==
1874 ISAKMP_N_IPSEC_RESPONDER_LIFETIME) {
1875 DEBUG(2, printf("ignoring responder-lifetime notify\n"));
1876 memcpy(s->current_iv, realiv, s->ivlen);
1877 memcpy(s->current_iv_msgid, realiv_msgid, 4);
1878 continue;
1879 }
1880 }
1881
1882 /* Check the transaction type & message ID are OK. */
1883 if (reject == 0 && r->message_id != msgid)
1884 reject = ISAKMP_N_INVALID_MESSAGE_ID;
1885
1886 if (reject == 0 && r->exchange_type != ISAKMP_EXCHANGE_IKE_QUICK)
1887 reject = ISAKMP_N_INVALID_EXCHANGE_TYPE;
1888
1889 /* The SA payload must be second. */
1890 if (reject == 0 && r->payload->next->type != ISAKMP_PAYLOAD_SA)
1891 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
1892
1893 if (p_flat)
1894 free(p_flat);
1895 if (realiv)
1896 free(realiv);
1897 break;
1898 }
1899
1900 DEBUG(2, printf("S7.5\n"));
1901 if (reject != 0)
1902 phase2_fatal(s, "quick mode response rejected: %s\ncheck pfs setting", reject);
1903
1904 DEBUG(2, printf("S7.6\n"));
1905 for (rp = r->payload->next; rp && reject == 0; rp = rp->next)
1906 switch (rp->type) {
1907 case ISAKMP_PAYLOAD_SA:
1908 if (reject == 0 && rp->u.sa.doi != ISAKMP_DOI_IPSEC)
1909 reject = ISAKMP_N_DOI_NOT_SUPPORTED;
1910 if (reject == 0 && rp->u.sa.situation != ISAKMP_IPSEC_SIT_IDENTITY_ONLY)
1911 reject = ISAKMP_N_SITUATION_NOT_SUPPORTED;
1912 if (reject == 0 &&
1913 (rp->u.sa.proposals == NULL || rp->u.sa.proposals->next != NULL))
1914 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1915 if (reject == 0 &&
1916 rp->u.sa.proposals->u.p.prot_id != ISAKMP_IPSEC_PROTO_IPSEC_ESP)
1917 reject = ISAKMP_N_INVALID_PROTOCOL_ID;
1918 if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 4)
1919 reject = ISAKMP_N_INVALID_SPI;
1920 if (reject == 0 &&
1921 (rp->u.sa.proposals->u.p.transforms == NULL
1922 || rp->u.sa.proposals->u.p.transforms->next != NULL))
1923 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1924 if (reject == 0) {
1925 struct isakmp_attribute *a
1926 = rp->u.sa.proposals->u.p.transforms->u.t.attributes;
1927 int seen_enc = rp->u.sa.proposals->u.p.transforms->u.t.id;
1928 int seen_auth = 0, seen_encap = 0, seen_group = 0, seen_keylen = 0;
1929
1930 memcpy(&s->tothem_esp_spi, rp->u.sa.proposals->u.p.spi, 4);
1931
1932 for (; a && reject == 0; a = a->next)
1933 switch (a->type) {
1934 case ISAKMP_IPSEC_ATTRIB_AUTH_ALG:
1935 if (a->af == isakmp_attr_16)
1936 seen_auth = a->u.attr_16;
1937 else
1938 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1939 break;
1940 case ISAKMP_IPSEC_ATTRIB_ENCAP_MODE:
1941 if (a->af == isakmp_attr_16 &&
1942 a->u.attr_16 == encap_mode)
1943 seen_encap = 1;
1944 else
1945 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1946 break;
1947 case ISAKMP_IPSEC_ATTRIB_GROUP_DESC:
1948 if (dh_grp &&
1949 a->af == isakmp_attr_16 &&
1950 a->u.attr_16 ==
1951 get_dh_group_ipsec(s->do_pfs)->ipsec_sa_id)
1952 seen_group = 1;
1953 else
1954 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1955 break;
1956 case ISAKMP_IPSEC_ATTRIB_KEY_LENGTH:
1957 if (a->af == isakmp_attr_16)
1958 seen_keylen = a->u.attr_16;
1959 else
1960 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1961 break;
1962 case ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE:
1963 case ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION:
1964 break;
1965 default:
1966 reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
1967 break;
1968 }
1969 if (reject == 0 && (!seen_auth || !seen_encap ||
1970 (dh_grp && !seen_group)))
1971 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1972
1973 if (reject == 0
1974 && get_algo(SUPP_ALGO_HASH, SUPP_ALGO_IPSEC_SA, seen_auth,
1975 NULL, 0) == NULL)
1976 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1977 if (reject == 0
1978 && get_algo(SUPP_ALGO_CRYPT, SUPP_ALGO_IPSEC_SA, seen_enc,
1979 NULL, seen_keylen) == NULL)
1980 reject = ISAKMP_N_BAD_PROPOSAL_SYNTAX;
1981
1982 if (reject == 0) {
1983 ipsec_cry_algo =
1984 get_algo(SUPP_ALGO_CRYPT, SUPP_ALGO_IPSEC_SA,
1985 seen_enc, NULL, seen_keylen)->my_id;
1986 ipsec_hash_algo =
1987 get_algo(SUPP_ALGO_HASH, SUPP_ALGO_IPSEC_SA,
1988 seen_auth, NULL, 0)->my_id;
1989 DEBUG(1, printf("IPSEC SA selected %s-%s\n",
1990 get_algo(SUPP_ALGO_CRYPT,
1991 SUPP_ALGO_IPSEC_SA, seen_enc, NULL,
1992 seen_keylen)->name,
1993 get_algo(SUPP_ALGO_HASH, SUPP_ALGO_IPSEC_SA,
1994 seen_auth, NULL, 0)->name));
1995 }
1996 }
1997 break;
1998
1999 case ISAKMP_PAYLOAD_N:
2000 break;
2001 case ISAKMP_PAYLOAD_ID:
2002 break;
2003 case ISAKMP_PAYLOAD_KE:
2004 ke = rp;
2005 break;
2006 case ISAKMP_PAYLOAD_NONCE:
2007 nonce_r = rp;
2008 break;
2009
2010 default:
2011 reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
2012 break;
2013 }
2014
2015 if (reject == 0 && nonce_r == NULL)
2016 reject = ISAKMP_N_INVALID_HASH_INFORMATION;
2017 if (reject == 0 && dh_grp && (ke == NULL || ke->u.ke.length != dh_getlen(dh_grp)))
2018 reject = ISAKMP_N_INVALID_KEY_INFORMATION;
2019 if (reject != 0)
2020 phase2_fatal(s, "quick mode response rejected [2]: %s", reject);
2021
2022 /* send final packet */
2023 sendrecv_phase2(s, NULL, ISAKMP_EXCHANGE_IKE_QUICK,
2024 msgid, 1, 0, 0, nonce, sizeof(nonce),
2025 nonce_r->u.nonce.data, nonce_r->u.nonce.length);
2026
2027 DEBUG(2, printf("S7.7\n"));
2028 /* Create the delete payload, now that we have all the information. */
2029 {
2030 struct isakmp_payload *d_isakmp, *d_ipsec;
2031 uint32_t del_msgid;
2032
2033 gcry_randomize((uint8_t *) & del_msgid, sizeof(del_msgid), GCRY_WEAK_RANDOM);
2034 d_isakmp = new_isakmp_payload(ISAKMP_PAYLOAD_D);
2035 d_isakmp->u.d.doi = ISAKMP_DOI_IPSEC;
2036 d_isakmp->u.d.protocol = ISAKMP_IPSEC_PROTO_ISAKMP;
2037 d_isakmp->u.d.spi_length = 2 * ISAKMP_COOKIE_LENGTH;
2038 d_isakmp->u.d.num_spi = 1;
2039 d_isakmp->u.d.spi = xallocc(1 * sizeof(uint8_t *));
2040 d_isakmp->u.d.spi[0] = xallocc(2 * ISAKMP_COOKIE_LENGTH);
2041 memcpy(d_isakmp->u.d.spi[0] + ISAKMP_COOKIE_LENGTH * 0, s->i_cookie,
2042 ISAKMP_COOKIE_LENGTH);
2043 memcpy(d_isakmp->u.d.spi[0] + ISAKMP_COOKIE_LENGTH * 1, s->r_cookie,
2044 ISAKMP_COOKIE_LENGTH);
2045 d_ipsec = new_isakmp_payload(ISAKMP_PAYLOAD_D);
2046 d_ipsec->next = d_isakmp;
2047 d_ipsec->u.d.doi = ISAKMP_DOI_IPSEC;
2048 d_ipsec->u.d.protocol = ISAKMP_IPSEC_PROTO_IPSEC_ESP;
2049 d_ipsec->u.d.spi_length = 4;
2050 d_ipsec->u.d.num_spi = 2;
2051 d_ipsec->u.d.spi = xallocc(2 * sizeof(uint8_t *));
2052 d_ipsec->u.d.spi[0] = xallocc(d_ipsec->u.d.spi_length);
2053 memcpy(d_ipsec->u.d.spi[0], &s->tous_esp_spi, 4);
2054 d_ipsec->u.d.spi[1] = xallocc(d_ipsec->u.d.spi_length);
2055 memcpy(d_ipsec->u.d.spi[1], &s->tothem_esp_spi, 4);
2056 phase2_authpacket(s, d_ipsec, ISAKMP_EXCHANGE_INFORMATIONAL,
2057 del_msgid, &s->kill_packet, &s->kill_packet_size,
2058 nonce, sizeof(nonce), nonce_r->u.nonce.data, nonce_r->u.nonce.length);
2059 isakmp_crypt(s, s->kill_packet, s->kill_packet_size, 1);
2060 }
2061 DEBUG(2, printf("S7.8\n"));
2062
2063 /* Set up the interface here so it's ready when our acknowledgement
2064 * arrives. */
2065 config_tunnel(s);
2066 DEBUG(2, printf("S7.9\n"));
2067 {
2068 uint8_t *tous_keys, *tothem_keys;
2069 struct sockaddr_in tothem_dest, tous_dest;
2070 unsigned char *dh_shared_secret = NULL;
2071 int tunnelfd = sockfd;
2072
2073 if (dh_grp) {
2074 /* Determine the shared secret. */
2075 dh_shared_secret = xallocc(dh_getlen(dh_grp));
2076 dh_create_shared(dh_grp, dh_shared_secret, ke->u.ke.data);
2077 hex_dump("dh_shared_secret", dh_shared_secret, dh_getlen(dh_grp));
2078 }
2079 tous_keys = gen_keymat(s, ISAKMP_IPSEC_PROTO_IPSEC_ESP, s->tous_esp_spi,
2080 ipsec_hash_algo, ipsec_cry_algo,
2081 dh_shared_secret, dh_grp ? dh_getlen(dh_grp) : 0,
2082 nonce, sizeof(nonce), nonce_r->u.nonce.data, nonce_r->u.nonce.length);
2083 memset(&tothem_dest, 0, sizeof(tothem_dest));
2084 tothem_dest.sin_family = AF_INET;
2085 memcpy(&tothem_dest.sin_addr, s->our_address, 4);
2086 tothem_keys = gen_keymat(s, ISAKMP_IPSEC_PROTO_IPSEC_ESP, s->tothem_esp_spi,
2087 ipsec_hash_algo, ipsec_cry_algo,
2088 dh_shared_secret, dh_grp ? dh_getlen(dh_grp) : 0,
2089 nonce, sizeof(nonce), nonce_r->u.nonce.data, nonce_r->u.nonce.length);
2090 memcpy(&tous_dest, dest_addr, sizeof(tous_dest));
2091 if (opt_udpencap && s->peer_udpencap_port) {
2092 close(tunnelfd);
2093 tunnelfd = make_socket(htons(opt_udpencapport));
2094 tous_dest.sin_port = htons(s->peer_udpencap_port);
2095 encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
2096 }
2097 DEBUG(2, printf("S7.10\n"));
2098 vpnc_doit(s->tous_esp_spi, tous_keys, &tothem_dest,
2099 s->tothem_esp_spi, tothem_keys, (struct sockaddr_in *)&tous_dest,
2100 s->tun_fd, ipsec_hash_algo, ipsec_cry_algo,
2101 s->kill_packet, s->kill_packet_size, dest_addr,
2102 encap_mode, tunnelfd,
2103 config[CONFIG_PID_FILE]);
2104 }
2105 }
2106
2107 int main(int argc, char **argv)
2108 {
2109 int do_load_balance;
2110 const uint8_t hex_test[] = { 0, 1, 2, 3 };
2111
2112 test_pack_unpack();
2113 gcry_check_version("1.1.90");
2114 gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
2115 group_init();
2116 memset(oursa, 0, sizeof(oursa));
2117
2118 do_config(argc, argv);
2119
2120 hex_dump("hex_test", hex_test, sizeof(hex_test));
2121
2122 DEBUG(1, printf("vpnc version " VERSION "\n"));
2123 DEBUG(2, printf("S1\n"));
2124 dest_addr = init_sockaddr(config[CONFIG_IPSEC_GATEWAY], ISAKMP_PORT);
2125 DEBUG(2, printf("S2\n"));
2126 local_port = htons(atoi(config[CONFIG_LOCAL_PORT]));
2127 sockfd = make_socket(local_port);
2128 DEBUG(2, printf("S3\n"));
2129 setup_tunnel(oursa);
2130
2131 do_load_balance = 0;
2132 do {
2133 DEBUG(2, printf("S4\n"));
2134 do_phase_1(config[CONFIG_IPSEC_ID], config[CONFIG_IPSEC_SECRET], oursa);
2135 DEBUG(2, printf("S5\n"));
2136 if (oursa->auth_algo == IKE_AUTH_XAUTHInitPreShared)
2137 do_load_balance = do_phase_2_xauth(oursa);
2138 DEBUG(2, printf("S6\n"));
2139 if (do_load_balance == 0)
2140 do_load_balance = do_phase_2_config(oursa);
2141 } while (do_load_balance);
2142 DEBUG(2, printf("S7\n"));
2143 setup_link(oursa);
2144
2145 return 0;
2146 }
client for cisco vpn concentrator