Bug Summary

File:programs/pluto/ikev1.c
Warning:line 2106, column 25
Access to field 'st_logger' results in a dereference of a null pointer (loaded from variable 'st')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-redhat-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ikev1.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/build/quick-libreswan-2/programs/pluto -resource-dir /usr/lib64/clang/13.0.0 -D TimeZoneOffset=timezone -D PIE -D NSS_IPSEC_PROFILE -D XFRM_LIFETIME_DEFAULT=30 -D USE_IKEv1 -D XFRM_SUPPORT -D USE_XFRM_INTERFACE -D USE_DNSSEC -D DEFAULT_DNSSEC_ROOTKEY_FILE="/var/lib/unbound/root.key" -D HAVE_LABELED_IPSEC -D HAVE_SECCOMP -D LIBCURL -D USE_LINUX_AUDIT -D HAVE_NM -D USE_PAM_AUTH -D USE_3DES -D USE_AES -D USE_CAMELLIA -D USE_CHACHA -D USE_DH31 -D USE_MD5 -D USE_SHA1 -D USE_SHA2 -D USE_PRF_AES_XCBC -D USE_NSS_KDF -D DEFAULT_RUNDIR="/run/pluto" -D IPSEC_CONF="/etc/ipsec.conf" -D IPSEC_CONFDDIR="/etc/ipsec.d" -D IPSEC_NSSDIR="/var/lib/ipsec/nss" -D IPSEC_CONFDIR="/etc" -D IPSEC_EXECDIR="/usr/local/libexec/ipsec" -D IPSEC_SBINDIR="/usr/local/sbin" -D IPSEC_VARDIR="/var" -D POLICYGROUPSDIR="/etc/ipsec.d/policies" -D IPSEC_SECRETS_FILE="/etc/ipsec.secrets" -D FORCE_PR_ASSERT -D USE_FORK=1 -D USE_VFORK=0 -D USE_DAEMON=0 -D USE_PTHREAD_SETSCHEDPRIO=1 -D GCC_LINT -D HAVE_LIBCAP_NG -I . -I ../../OBJ.linux.x86_64/programs/pluto -I ../../include -I /usr/include/nss3 -I /usr/include/nspr4 -I /home/build/quick-libreswan-2/programs/pluto/linux-copy -D HERE_FILENAME="programs/pluto/ikev1.c" -internal-isystem /usr/lib64/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=gnu99 -fdebug-compilation-dir=/home/build/quick-libreswan-2/programs/pluto -ferror-limit 19 -stack-protector 3 -fgnuc-version=4.2.1 -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-01-01-205714-1273399-1 -x c /home/build/quick-libreswan-2/programs/pluto/ikev1.c
1/* State machine for IKEv1
2 *
3 * Copyright (C) 1997 Angelos D. Keromytis.
4 * Copyright (C) 1998-2010,2013-2016 D. Hugh Redelmeier <hugh@mimosa.com>
5 * Copyright (C) 2003-2008 Michael Richardson <mcr@xelerance.com>
6 * Copyright (C) 2008-2009 David McCullough <david_mccullough@securecomputing.com>
7 * Copyright (C) 2008-2010 Paul Wouters <paul@xelerance.com>
8 * Copyright (C) 2011 Avesh Agarwal <avagarwa@redhat.com>
9 * Copyright (C) 2008 Hiren Joshi <joshihirenn@gmail.com>
10 * Copyright (C) 2009 Anthony Tong <atong@TrustedCS.com>
11 * Copyright (C) 2012-2019 Paul Wouters <pwouters@redhat.com>
12 * Copyright (C) 2013 Wolfgang Nothdurft <wolfgang@linogate.de>
13 * Copyright (C) 2019-2019 Andrew Cagney <cagney@gnu.org>
14 *
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2 of the License, or (at your
18 * option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
19 *
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 * for more details.
24 *
25 */
26
27/* Ordering Constraints on Payloads
28 *
29 * rfc2409: The Internet Key Exchange (IKE)
30 *
31 * 5 Exchanges:
32 * "The SA payload MUST precede all other payloads in a phase 1 exchange."
33 *
34 * "Except where otherwise noted, there are no requirements for ISAKMP
35 * payloads in any message to be in any particular order."
36 *
37 * 5.3 Phase 1 Authenticated With a Revised Mode of Public Key Encryption:
38 *
39 * "If the HASH payload is sent it MUST be the first payload of the
40 * second message exchange and MUST be followed by the encrypted
41 * nonce. If the HASH payload is not sent, the first payload of the
42 * second message exchange MUST be the encrypted nonce."
43 *
44 * "Save the requirements on the location of the optional HASH payload
45 * and the mandatory nonce payload there are no further payload
46 * requirements. All payloads-- in whatever order-- following the
47 * encrypted nonce MUST be encrypted with Ke_i or Ke_r depending on the
48 * direction."
49 *
50 * 5.5 Phase 2 - Quick Mode
51 *
52 * "In Quick Mode, a HASH payload MUST immediately follow the ISAKMP
53 * header and a SA payload MUST immediately follow the HASH."
54 * [NOTE: there may be more than one SA payload, so this is not
55 * totally reasonable. Probably all SAs should be so constrained.]
56 *
57 * "If ISAKMP is acting as a client negotiator on behalf of another
58 * party, the identities of the parties MUST be passed as IDci and
59 * then IDcr."
60 *
61 * "With the exception of the HASH, SA, and the optional ID payloads,
62 * there are no payload ordering restrictions on Quick Mode."
63 */
64
65/* Unfolding of Identity -- a central mystery
66 *
67 * This concerns Phase 1 identities, those of the IKE hosts.
68 * These are the only ones that are authenticated. Phase 2
69 * identities are for IPsec SAs.
70 *
71 * There are three case of interest:
72 *
73 * (1) We initiate, based on a whack command specifying a Connection.
74 * We know the identity of the peer from the Connection.
75 *
76 * (2) (to be implemented) we initiate based on a flow from our client
77 * to some IP address.
78 * We immediately know one of the peer's client IP addresses from
79 * the flow. We must use this to figure out the peer's IP address
80 * and Id. To be solved.
81 *
82 * (3) We respond to an IKE negotiation.
83 * We immediately know the peer's IP address.
84 * We get an ID Payload in Main I2.
85 *
86 * Unfortunately, this is too late for a number of things:
87 * - the ISAKMP SA proposals have already been made (Main I1)
88 * AND one accepted (Main R1)
89 * - the SA includes a specification of the type of ID
90 * authentication so this is negotiated without being told the ID.
91 * - with Preshared Key authentication, Main I2 is encrypted
92 * using the key, so it cannot be decoded to reveal the ID
93 * without knowing (or guessing) which key to use.
94 *
95 * There are three reasonable choices here for the responder:
96 * + assume that the initiator is making wise offers since it
97 * knows the IDs involved. We can balk later (but not gracefully)
98 * when we find the actual initiator ID
99 * + attempt to infer identity by IP address. Again, we can balk
100 * when the true identity is revealed. Actually, it is enough
101 * to infer properties of the identity (eg. SA properties and
102 * PSK, if needed).
103 * + make all properties universal so discrimination based on
104 * identity isn't required. For example, always accept the same
105 * kinds of encryption. Accept Public Key Id authentication
106 * since the Initiator presumably has our public key and thinks
107 * we must have / can find peers. This approach is weakest
108 * for preshared key since the actual key must be known to
109 * decrypt the Initiator's ID Payload.
110 * These choices can be blended. For example, a class of Identities
111 * can be inferred, sufficient to select a preshared key but not
112 * sufficient to infer a unique identity.
113 */
114
115#include <stdio.h>
116#include <stdlib.h>
117#include <stddef.h>
118#include <string.h>
119#include <unistd.h>
120#include <errno(*__errno_location ()).h>
121#include <sys/types.h>
122#include <sys/socket.h>
123#include <netinet/in.h>
124#include <arpa/inet.h>
125
126
127#include "sysdep.h"
128#include "constants.h"
129
130#include "defs.h"
131#include "ike_spi.h"
132#include "id.h"
133#include "x509.h"
134#include "pluto_x509.h"
135#include "certs.h"
136#include "connections.h" /* needs id.h */
137#include "state.h"
138#include "ikev1_msgid.h"
139#include "packet.h"
140#include "crypto.h"
141#include "ike_alg.h"
142#include "log.h"
143#include "demux.h" /* needs packet.h */
144#include "ikev1.h"
145#include "ipsec_doi.h" /* needs demux.h and state.h */
146#include "ikev1_quick.h"
147#include "timer.h"
148#include "whack.h" /* requires connections.h */
149#include "server.h"
150#include "send.h"
151#include "ikev1_send.h"
152#include "ikev1_xauth.h"
153#include "retransmit.h"
154#include "nat_traversal.h"
155#include "ikev1_nat.h"
156#include "vendor.h"
157#include "ikev1_dpd.h"
158#include "host_pair.h"
159#include "ip_address.h"
160#include "ikev1_hash.h"
161#include "ike_alg_encrypt_ops.h" /* XXX: oops */
162#include "ikev1_states.h"
163#include "initiate.h"
164#include "iface.h"
165#include "ip_selector.h"
166#include "unpack.h"
167#include "pending.h"
168#include "state_db.h"
169
170#ifdef HAVE_NM1
171#include "kernel.h"
172#endif
173
174#include "pluto_stats.h"
175
176/*
177 * state_v1_microcode is a tuple of information parameterizing certain
178 * centralized processing of a packet. For example, it roughly
179 * specifies what payloads are expected in this message. The
180 * microcode is selected primarily based on the state. In Phase 1,
181 * the payload structure often depends on the authentication
182 * technique, so that too plays a part in selecting the
183 * state_v1_microcode to use.
184 */
185
186struct state_v1_microcode {
187 enum state_kind state, next_state;
188 lset_t flags;
189 lset_t req_payloads; /* required payloads (allows just one) */
190 lset_t opt_payloads; /* optional payloads (any number) */
191 enum event_type timeout_event;
192 ikev1_state_transition_fn *processor;
193 const char *message;
194 enum v1_hash_type hash_type;
195};
196
197void jam_v1_transition(struct jambuf *buf, const struct state_v1_microcode *transition)
198{
199 if (transition == NULL((void*)0)) {
200 jam(buf, "NULL");
201 } else {
202 jam(buf, "%s->%s",
203 finite_states[transition->state]->short_name,
204 finite_states[transition->next_state]->short_name);
205 }
206}
207
208/* State Microcode Flags, in several groups */
209
210/* Oakley Auth values: to which auth values does this entry apply?
211 * Most entries will use SMF_ALL_AUTH because they apply to all.
212 * Note: SMF_ALL_AUTH matches 0 for those circumstances when no auth
213 * has been set.
214 *
215 * The IKEv1 state machine then uses the auth type (SMF_*_AUTH flags)
216 * to select the exact state transition. For states where auth
217 * (SMF_*_AUTH flags) don't apply (.e.g, child states)
218 * flags|=SMF_ALL_AUTH so the first transition always matches.
219 *
220 * Once a transition is selected, the containing payloads are checked
221 * against what is allowed. For instance, in STATE_MAIN_R2 ->
222 * STATE_MAIN_R3 with SMF_DS_AUTH requires P(SIG).
223 *
224 * In IKEv2, it is the message header and payload types that select
225 * the state. As for how the IKEv1 'from state' is selected, look for
226 * a big nasty magic switch.
227 *
228 * XXX: the state transition table is littered with STATE_UNDEFINED /
229 * SMF_ALL_AUTH / unexpected() entries. These are to catch things
230 * like unimplemented auth cases, and unexpected packets. For the
231 * latter, they seem to be place holders so that the table contains at
232 * least one entry for the state.
233 *
234 * XXX: Some of the SMF flags specify attributes of the current state
235 * (e.g., SMF_RETRANSMIT_ON_DUPLICATE), some apply to the state
236 * transition (e.g., SMF_REPLY), and some can be interpreted as either
237 * (.e.g., SMF_INPUT_ENCRYPTED).
238 */
239#define SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) LRANGE(0, OAKLEY_AUTH_ROOF - 1)(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)))
240#define SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) LELEM(OAKLEY_PRESHARED_KEY)((lset_t)1 << (OAKLEY_PRESHARED_KEY))
241#define SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) (LELEM(OAKLEY_DSS_SIG)((lset_t)1 << (OAKLEY_DSS_SIG)) | LELEM(OAKLEY_RSA_SIG)((lset_t)1 << (OAKLEY_RSA_SIG)))
242#define SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) LELEM(OAKLEY_RSA_ENC)((lset_t)1 << (OAKLEY_RSA_ENC))
243#define SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) LELEM(OAKLEY_RSA_REVISED_MODE)((lset_t)1 << (OAKLEY_RSA_REVISED_MODE))
244
245/* misc flags */
246#define SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) LELEM(OAKLEY_AUTH_ROOF + 0)((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))
247#define SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) LELEM(OAKLEY_AUTH_ROOF + 1)((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))
248#define SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) LELEM(OAKLEY_AUTH_ROOF + 2)((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))
249#define SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) LELEM(OAKLEY_AUTH_ROOF + 3)((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))
250#define SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)) LELEM(OAKLEY_AUTH_ROOF + 4)((lset_t)1 << (OAKLEY_AUTH_ROOF + 4))
251
252#define SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) (SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)))
253
254/* this state generates a reply message */
255#define SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) LELEM(OAKLEY_AUTH_ROOF + 5)((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))
256
257/* this state completes P1, so any pending P2 negotiations should start */
258#define SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) LELEM(OAKLEY_AUTH_ROOF + 6)((lset_t)1 << (OAKLEY_AUTH_ROOF + 6))
259
260/* if we have canoncalized the authentication from XAUTH mode */
261#define SMF_XAUTH_AUTH((lset_t)1 << (OAKLEY_AUTH_ROOF + 7)) LELEM(OAKLEY_AUTH_ROOF + 7)((lset_t)1 << (OAKLEY_AUTH_ROOF + 7))
262
263/* end of flags */
264
265static ikev1_state_transition_fn unexpected; /* forward declaration */
266static ikev1_state_transition_fn informational; /* forward declaration */
267
268/*
269 * v1_state_microcode_table is a table of all state_v1_microcode
270 * tuples. It must be in order of state (the first element). After
271 * initialization, ike_microcode_index[s] points to the first entry in
272 * v1_state_microcode_table for state s. Remember that each state
273 * name in Main or Quick Mode describes what has happened in the past,
274 * not what this message is.
275 */
276
277static const struct state_v1_microcode v1_state_microcode_table[] = {
278
279#define P(n) LELEM(ISAKMP_NEXT_ ##n)((lset_t)1 << (ISAKMP_NEXT_ ##n))
280#define FM(F) .processor = F, .message = #F
281
282 /***** Phase 1 Main Mode *****/
283
284 /* No state for main_outI1: --> HDR, SA */
285
286 /* STATE_MAIN_R0: I1 --> R1
287 * HDR, SA --> HDR, SA
288 */
289 { STATE_MAIN_R0, STATE_MAIN_R1,
290 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
291 P(SA), P(VID) | P(CR),
292 EVENT_SA_DISCARD,
293 FM(main_inI1_outR1),
294 .hash_type = V1_HASH_NONE, },
295
296 /* STATE_MAIN_I1: R1 --> I2
297 * HDR, SA --> auth dependent
298 * SMF_PSK_AUTH, SMF_DS_AUTH: --> HDR, KE, Ni
299 * SMF_PKE_AUTH:
300 * --> HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
301 * SMF_RPKE_AUTH:
302 * --> HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDi1_b>Ke_i [,<<Cert-I_b>Ke_i]
303 * Note: since we don't know auth at start, we cannot differentiate
304 * microcode entries based on it.
305 */
306 { STATE_MAIN_I1, STATE_MAIN_I2,
307 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
308 P(SA), P(VID) | P(CR),
309 EVENT_RETRANSMIT,
310 FM(main_inR1_outI2),
311 .hash_type = V1_HASH_NONE, },
312
313 /* STATE_MAIN_R1: I2 --> R2
314 * SMF_PSK_AUTH, SMF_DS_AUTH: HDR, KE, Ni --> HDR, KE, Nr
315 * SMF_PKE_AUTH: HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
316 * --> HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
317 * SMF_RPKE_AUTH:
318 * HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDi1_b>Ke_i [,<<Cert-I_b>Ke_i]
319 * --> HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r
320 */
321 { STATE_MAIN_R1, STATE_MAIN_R2,
322 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
323 P(KE) | P(NONCE), P(VID) | P(CR) | P(NATD_RFC),
324 EVENT_RETRANSMIT,
325 FM(main_inI2_outR2),
326 .hash_type = V1_HASH_NONE, },
327
328 { STATE_MAIN_R1, STATE_UNDEFINED,
329 SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
330 P(KE) | P(ID) | P(NONCE), P(VID) | P(CR) | P(HASH),
331 EVENT_RETRANSMIT,
332 FM(unexpected) /* ??? not yet implemented */,
333 .hash_type = V1_HASH_NONE, },
334
335 { STATE_MAIN_R1, STATE_UNDEFINED,
336 SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
337 P(NONCE) | P(KE) | P(ID), P(VID) | P(CR) | P(HASH) | P(CERT),
338 EVENT_RETRANSMIT,
339 FM(unexpected) /* ??? not yet implemented */,
340 .hash_type = V1_HASH_NONE, },
341
342 /* for states from here on, output message must be encrypted */
343
344 /* STATE_MAIN_I2: R2 --> I3
345 * SMF_PSK_AUTH: HDR, KE, Nr --> HDR*, IDi1, HASH_I
346 * SMF_DS_AUTH: HDR, KE, Nr --> HDR*, IDi1, [ CERT, ] SIG_I
347 * SMF_PKE_AUTH: HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
348 * --> HDR*, HASH_I
349 * SMF_RPKE_AUTH: HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r
350 * --> HDR*, HASH_I
351 */
352 { STATE_MAIN_I2, STATE_MAIN_I3,
353 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
354 P(KE) | P(NONCE), P(VID) | P(CR) | P(NATD_RFC),
355 EVENT_RETRANSMIT,
356 FM(main_inR2_outI3),
357 /* calls main_mode_hash() after DH */
358 .hash_type = V1_HASH_NONE, },
359
360 { STATE_MAIN_I2, STATE_UNDEFINED,
361 SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
362 P(KE) | P(ID) | P(NONCE), P(VID) | P(CR),
363 EVENT_RETRANSMIT,
364 FM(unexpected) /* ??? not yet implemented */,
365 .hash_type = V1_HASH_NONE, },
366
367 { STATE_MAIN_I2, STATE_UNDEFINED,
368 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
369 P(NONCE) | P(KE) | P(ID), P(VID) | P(CR),
370 EVENT_RETRANSMIT,
371 FM(unexpected) /* ??? not yet implemented */,
372 .hash_type = V1_HASH_NONE, },
373
374 /* for states from here on, input message must be encrypted */
375
376 /* STATE_MAIN_R2: I3 --> R3
377 * SMF_PSK_AUTH: HDR*, IDi1, HASH_I --> HDR*, IDr1, HASH_R
378 * SMF_DS_AUTH: HDR*, IDi1, [ CERT, ] SIG_I --> HDR*, IDr1, [ CERT, ] SIG_R
379 * SMF_PKE_AUTH, SMF_RPKE_AUTH: HDR*, HASH_I --> HDR*, HASH_R
380 */
381 { STATE_MAIN_R2, STATE_MAIN_R3,
382 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) |
383 SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
384 P(ID) | P(HASH), P(VID) | P(CR),
385 EVENT_SA_REPLACE,
386 FM(main_inI3_outR3),
387 /* calls oakley_id_and_auth() which calls main_mode_hash() */
388 /* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
389 HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b ) */
390 .hash_type = V1_HASH_NONE, },
391
392 { STATE_MAIN_R2, STATE_MAIN_R3,
393 SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) |
394 SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
395 P(ID) | P(SIG), P(VID) | P(CR) | P(CERT),
396 EVENT_SA_REPLACE,
397 FM(main_inI3_outR3),
398 /* calls oakley_id_and_auth() which calls main_mode_hash() */
399 /* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
400 HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
401 SIG_I = SIGN(HASH_I) *",
402 SIG_I = SIGN(HASH_I) */
403 .hash_type = V1_HASH_NONE, },
404
405 { STATE_MAIN_R2, STATE_UNDEFINED,
406 SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) | SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) | SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) |
407 SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) |
408 SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
409 P(HASH), P(VID) | P(CR),
410 EVENT_SA_REPLACE,
411 FM(unexpected) /* ??? not yet implemented */,
412 .hash_type = V1_HASH_NONE, },
413
414 /* STATE_MAIN_I3: R3 --> done
415 * SMF_PSK_AUTH: HDR*, IDr1, HASH_R --> done
416 * SMF_DS_AUTH: HDR*, IDr1, [ CERT, ] SIG_R --> done
417 * SMF_PKE_AUTH, SMF_RPKE_AUTH: HDR*, HASH_R --> done
418 * May initiate quick mode by calling quick_outI1
419 */
420 { STATE_MAIN_I3, STATE_MAIN_I4,
421 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) |
422 SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
423 P(ID) | P(HASH), P(VID) | P(CR),
424 EVENT_SA_REPLACE,
425 FM(main_inR3),
426 /* calls oakley_id_and_auth() which calls main_mode_hash() */
427 /* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
428 HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b ) */
429 .hash_type = V1_HASH_NONE, },
430
431 { STATE_MAIN_I3, STATE_MAIN_I4,
432 SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) |
433 SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
434 P(ID) | P(SIG), P(VID) | P(CR) | P(CERT),
435 EVENT_SA_REPLACE,
436 FM(main_inR3),
437 /* calls oakley_id_and_auth() which calls main_mode_hash() */
438 /* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
439 HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b )
440 SIG_R = SIGN(HASH_R) */
441 .hash_type = V1_HASH_NONE, },
442
443 { STATE_MAIN_I3, STATE_UNDEFINED,
444 SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) | SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) |
445 SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
446 P(HASH), P(VID) | P(CR),
447 EVENT_SA_REPLACE,
448 FM(unexpected) /* ??? not yet implemented */,
449 .hash_type = V1_HASH_NONE, },
450
451 /* STATE_MAIN_R3: can only get here due to packet loss */
452 { STATE_MAIN_R3, STATE_UNDEFINED,
453 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
454 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
455 EVENT_NULL,
456 FM(unexpected),
457 .hash_type = V1_HASH_NONE, },
458
459 /* STATE_MAIN_I4: can only get here due to packet loss */
460 { STATE_MAIN_I4, STATE_UNDEFINED,
461 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
462 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
463 EVENT_NULL,
464 FM(unexpected),
465 .hash_type = V1_HASH_NONE, },
466
467 /***** Phase 1 Aggressive Mode *****/
468
469 /* No initial state for aggr_outI1:
470 * SMF_DS_AUTH (RFC 2409 5.1) and SMF_PSK_AUTH (RFC 2409 5.4):
471 * -->HDR, SA, KE, Ni, IDii
472 *
473 * Not implemented:
474 * RFC 2409 5.2: --> HDR, SA, [ HASH(1),] KE, <IDii_b>Pubkey_r, <Ni_b>Pubkey_r
475 * RFC 2409 5.3: --> HDR, SA, [ HASH(1),] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDii_b>Ke_i [, <Cert-I_b>Ke_i ]
476 */
477
478 /* STATE_AGGR_R0:
479 * SMF_PSK_AUTH: HDR, SA, KE, Ni, IDii
480 * --> HDR, SA, KE, Nr, IDir, HASH_R
481 * SMF_DS_AUTH: HDR, SA, KE, Nr, IDii
482 * --> HDR, SA, KE, Nr, IDir, [CERT,] SIG_R
483 */
484 { STATE_AGGR_R0, STATE_AGGR_R1,
485 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
486 P(SA) | P(KE) | P(NONCE) | P(ID), P(VID) | P(NATD_RFC),
487 EVENT_SA_DISCARD,
488 FM(aggr_inI1_outR1),
489 /* N/A */
490 .hash_type = V1_HASH_NONE, },
491
492 /* STATE_AGGR_I1:
493 * SMF_PSK_AUTH: HDR, SA, KE, Nr, IDir, HASH_R
494 * --> HDR*, HASH_I
495 * SMF_DS_AUTH: HDR, SA, KE, Nr, IDir, [CERT,] SIG_R
496 * --> HDR*, [CERT,] SIG_I
497 */
498 { STATE_AGGR_I1, STATE_AGGR_I2,
499 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) |
500 SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
501 P(SA) | P(KE) | P(NONCE) | P(ID) | P(HASH), P(VID) | P(NATD_RFC),
502 EVENT_SA_REPLACE,
503 FM(aggr_inR1_outI2),
504 /* after DH calls oakley_id_and_auth() which calls main_mode_hash() */
505 /* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
506 HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b ) */
507 .hash_type = V1_HASH_NONE, },
508
509 { STATE_AGGR_I1, STATE_AGGR_I2,
510 SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) |
511 SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
512 P(SA) | P(KE) | P(NONCE) | P(ID) | P(SIG), P(VID) | P(NATD_RFC),
513 EVENT_SA_REPLACE,
514 FM(aggr_inR1_outI2),
515 /* after DH calls oakley_id_and_auth() which calls main_mode_hash() */
516 /* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
517 HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b )
518 SIG_R = SIGN(HASH_R) */
519 .hash_type = V1_HASH_NONE, },
520
521 /* STATE_AGGR_R1:
522 * SMF_PSK_AUTH: HDR*, HASH_I --> done
523 * SMF_DS_AUTH: HDR*, SIG_I --> done
524 */
525 { STATE_AGGR_R1, STATE_AGGR_R2,
526 SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) |
527 SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) |
528 SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
529 P(HASH), P(VID) | P(NATD_RFC),
530 EVENT_SA_REPLACE,
531 FM(aggr_inI2),
532 /* calls oakley_id_and_auth() which calls main_mode_hash() */
533 /* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
534 HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b ) */
535 .hash_type = V1_HASH_NONE, },
536
537 { STATE_AGGR_R1, STATE_AGGR_R2,
538 SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) | ((lset_t)1 << (
OAKLEY_RSA_SIG))) | SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) |
539 SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) |
540 SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
541 P(SIG), P(VID) | P(NATD_RFC),
542 EVENT_SA_REPLACE,
543 FM(aggr_inI2),
544 /* calls oakley_id_and_auth() which calls main_mode_hash() */
545 /* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
546 HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
547 SIG_I = SIGN(HASH_I) */
548 .hash_type = V1_HASH_NONE, },
549
550 /* STATE_AGGR_I2: can only get here due to packet loss */
551 { STATE_AGGR_I2, STATE_UNDEFINED,
552 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
553 LEMPTY((lset_t)0), LEMPTY((lset_t)0), EVENT_NULL,
554 FM(unexpected),
555 .hash_type = V1_HASH_NONE, },
556
557 /* STATE_AGGR_R2: can only get here due to packet loss */
558 { STATE_AGGR_R2, STATE_UNDEFINED,
559 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))),
560 LEMPTY((lset_t)0), LEMPTY((lset_t)0), EVENT_NULL,
561 FM(unexpected),
562 .hash_type = V1_HASH_NONE, },
563
564 /***** Phase 2 Quick Mode *****/
565
566 /* No state for quick_outI1:
567 * --> HDR*, HASH(1), SA, Nr [, KE ] [, IDci, IDcr ]
568 */
569
570 /* STATE_QUICK_R0:
571 * HDR*, HASH(1), SA, Ni [, KE ] [, IDci, IDcr ] -->
572 * HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ]
573 * Installs inbound IPsec SAs.
574 * Because it may suspend for asynchronous DNS, first_out_payload
575 * is set to NONE to suppress early emission of HDR*.
576 * ??? it is legal to have multiple SAs, but we don't support it yet.
577 */
578 { STATE_QUICK_R0, STATE_QUICK_R1,
579 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
580 P(HASH) | P(SA) | P(NONCE), /* P(SA) | */ P(KE) | P(ID) | P(NATOA_RFC),
581 EVENT_RETRANSMIT,
582 FM(quick_inI1_outR1),
583 /* RFC 2409: 5.5 Phase 2 - Quick Mode:
584 HASH(1) = prf(SKEYID_a, M-ID | <rest>) */
585 .hash_type = V1_HASH_1, },
586
587 /* STATE_QUICK_I1:
588 * HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ] -->
589 * HDR*, HASH(3)
590 * Installs inbound and outbound IPsec SAs, routing, etc.
591 * ??? it is legal to have multiple SAs, but we don't support it yet.
592 */
593 { STATE_QUICK_I1, STATE_QUICK_I2,
594 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
595 P(HASH) | P(SA) | P(NONCE), /* P(SA) | */ P(KE) | P(ID) | P(NATOA_RFC),
596 EVENT_SA_REPLACE,
597 FM(quick_inR1_outI2),
598 /* RFC 2409: 5.5 Phase 2 - Quick Mode:
599 HASH(2) = prf(SKEYID_a, M-ID | Ni_b | <rest>) */
600 .hash_type = V1_HASH_2, },
601
602 /* STATE_QUICK_R1: HDR*, HASH(3) --> done
603 * Installs outbound IPsec SAs, routing, etc.
604 */
605 { STATE_QUICK_R1, STATE_QUICK_R2,
606 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
607 P(HASH), LEMPTY((lset_t)0),
608 EVENT_SA_REPLACE,
609 FM(quick_inI2),
610 /* RFC 2409: 5.5 Phase 2 - Quick Mode:
611 HASH(3) = prf(SKEYID_a, 0 | M-ID | Ni_b | Nr_b) */
612 .hash_type = V1_HASH_3, },
613
614 /* STATE_QUICK_I2: can only happen due to lost packet */
615 { STATE_QUICK_I2, STATE_UNDEFINED,
616 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) |
617 SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
618 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
619 EVENT_NULL,
620 FM(unexpected),
621 .hash_type = V1_HASH_NONE, },
622
623 /* STATE_QUICK_R2: can only happen due to lost packet */
624 { STATE_QUICK_R2, STATE_UNDEFINED,
625 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
626 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
627 EVENT_NULL,
628 FM(unexpected),
629 .hash_type = V1_HASH_NONE, },
630
631 /***** informational messages *****/
632
633 /* Informational Exchange (RFC 2408 4.8):
634 * HDR N/D
635 * Unencrypted: must not occur after ISAKMP Phase 1 exchange of keying material.
636 */
637 /* STATE_INFO: */
638 { STATE_INFO, STATE_UNDEFINED,
639 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))),
640 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
641 EVENT_NULL,
642 FM(informational),
643 .hash_type = V1_HASH_NONE, },
644
645 /* Informational Exchange (RFC 2408 4.8):
646 * HDR* N/D
647 */
648 /* STATE_INFO_PROTECTED: */
649 { STATE_INFO_PROTECTED, STATE_UNDEFINED,
650 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
651 P(HASH), LEMPTY((lset_t)0),
652 EVENT_NULL,
653 FM(informational),
654 /* RFC 2409: 5.7 ISAKMP Informational Exchanges:
655 HASH(1) = prf(SKEYID_a, M-ID | N/D) */
656 .hash_type = V1_HASH_1, },
657
658 { STATE_XAUTH_R0, STATE_XAUTH_R1,
659 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
660 P(MCFG_ATTR) | P(HASH), P(VID),
661 EVENT_NULL,
662 FM(xauth_inR0),
663 /* RFC ????: */
664 .hash_type = V1_HASH_1, }, /* Re-transmit may be done by previous state */
665
666 { STATE_XAUTH_R1, STATE_MAIN_R3,
667 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
668 P(MCFG_ATTR) | P(HASH), P(VID),
669 EVENT_SA_REPLACE,
670 FM(xauth_inR1),
671 /* RFC ????: */
672 .hash_type = V1_HASH_1, },
673
674#if 0
675 /* for situation where there is XAUTH + ModeCFG */
676 { STATE_XAUTH_R2, STATE_XAUTH_R3,
677 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
678 P(MCFG_ATTR) | P(HASH), P(VID),
679 EVENT_SA_REPLACE,
680 FM(xauth_inR2), },
681
682 { STATE_XAUTH_R3, STATE_MAIN_R3,
683 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
684 P(MCFG_ATTR) | P(HASH), P(VID),
685 EVENT_SA_REPLACE,
686 FM(xauth_inR3), },
687#endif
688
689/* MODE_CFG_x:
690 * Case R0: Responder -> Initiator
691 * <- Req(addr=0)
692 * Reply(ad=x) ->
693 *
694 * Case R1: Set(addr=x) ->
695 * <- Ack(ok)
696 */
697
698 { STATE_MODE_CFG_R0, STATE_MODE_CFG_R1,
699 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
700 P(MCFG_ATTR) | P(HASH), P(VID),
701 EVENT_SA_REPLACE,
702 FM(modecfg_inR0),
703 /* RFC ????: */
704 .hash_type = V1_HASH_1, },
705
706 { STATE_MODE_CFG_R1, STATE_MODE_CFG_R2,
707 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
708 P(MCFG_ATTR) | P(HASH), P(VID),
709 EVENT_SA_REPLACE,
710 FM(modecfg_inR1),
711 /* RFC ????: */
712 .hash_type = V1_HASH_1, },
713
714 { STATE_MODE_CFG_R2, STATE_UNDEFINED,
715 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))),
716 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
717 EVENT_NULL,
718 FM(unexpected),
719 .hash_type = V1_HASH_NONE, },
720
721 { STATE_MODE_CFG_I1, STATE_MAIN_I4,
722 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
723 P(MCFG_ATTR) | P(HASH), P(VID),
724 EVENT_SA_REPLACE,
725 FM(modecfg_inR1),
726 /* RFC ????: */
727 .hash_type = V1_HASH_1, },
728
729 { STATE_XAUTH_I0, STATE_XAUTH_I1,
730 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
731 P(MCFG_ATTR) | P(HASH), P(VID),
732 EVENT_RETRANSMIT,
733 FM(xauth_inI0),
734 /* RFC ????: */
735 .hash_type = V1_HASH_1, },
736
737 { STATE_XAUTH_I1, STATE_MAIN_I4,
738 SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 <<
(0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) | SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 3))) | SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) | SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
739 P(MCFG_ATTR) | P(HASH), P(VID),
740 EVENT_RETRANSMIT,
741 FM(xauth_inI1),
742 /* RFC ????: */
743 .hash_type = V1_HASH_1, },
744
745 { STATE_IKEv1_ROOF, STATE_IKEv1_ROOF,
746 LEMPTY((lset_t)0),
747 LEMPTY((lset_t)0), LEMPTY((lset_t)0),
748 EVENT_NULL, NULL((void*)0),
749 .hash_type = V1_HASH_NONE, },
750
751#undef FM
752#undef P
753};
754
755void init_ikev1(struct logger *logger)
756{
757 dbg("checking IKEv1 state table"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("checking IKEv1 state table"); } };
758
759 /*
760 * Fill in FINITE_STATES[].
761 *
762 * This is a hack until each finite-state is a separate object
763 * with corresponding edges (aka microcodes).
764 *
765 * XXX: Long term goal is to have a constant FINITE_STATES[]
766 * contain constant pointers and this static writeable array
767 * to just go away.
768 */
769 for (enum state_kind kind = STATE_IKEv1_FLOOR; kind < STATE_IKEv1_ROOF; kind++) {
770 /* fill in using static struct */
771 const struct finite_state *fs = &v1_states[kind - STATE_IKEv1_FLOOR];
772 passert(fs->kind == kind)({ _Bool assertion__ = fs->kind == kind; if (!assertion__)
{ where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 772, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "fs->kind == kind"); }
(void) 1; });
773 passert(finite_states[kind] == NULL)({ _Bool assertion__ = finite_states[kind] == ((void*)0); if (
!assertion__) { where_t here = ({ static const struct where here
= { .func = __func__, .file = "programs/pluto/ikev1.c", .line
= 773, }; &here; }); const struct logger *logger_ = &
failsafe_logger; llog_passert(logger_, here, "%s", "finite_states[kind] == ((void*)0)"
); } (void) 1; });
774 finite_states[kind] = fs;
775 }
776
777 /*
778 * Go through the state transition table filling in details
779 * and checking for inconsistencies.
780 */
781 for (const struct state_v1_microcode *t = v1_state_microcode_table;
782 t->state < STATE_IKEv1_ROOF; t++) {
783
784 passert(t->state >= STATE_IKEv1_FLOOR)({ _Bool assertion__ = t->state >= STATE_IKEv1_FLOOR; if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1.c",
.line = 784, }; &here; }); const struct logger *logger_ =
&failsafe_logger; llog_passert(logger_, here, "%s", "t->state >= STATE_IKEv1_FLOOR"
); } (void) 1; });
785 passert(t->state < STATE_IKEv1_ROOF)({ _Bool assertion__ = t->state < STATE_IKEv1_ROOF; if (
!assertion__) { where_t here = ({ static const struct where here
= { .func = __func__, .file = "programs/pluto/ikev1.c", .line
= 785, }; &here; }); const struct logger *logger_ = &
failsafe_logger; llog_passert(logger_, here, "%s", "t->state < STATE_IKEv1_ROOF"
); } (void) 1; });
786 struct finite_state *from = &v1_states[t->state - STATE_IKEv1_FLOOR];
787
788 /*
789 * Deal with next_state == STATE_UNDEFINED.
790 *
791 * XXX: STATE_UNDEFINED is used when a state
792 * transitions back to the same state; such
793 * transitions should instead explicitly specify that
794 * same state.
795 */
796 enum state_kind next_state = (t->next_state == STATE_UNDEFINED ?
797 t->state : t->next_state);
798 passert(STATE_IKEv1_FLOOR <= next_state &&({ _Bool assertion__ = STATE_IKEv1_FLOOR <= next_state &&
next_state < STATE_IKEv1_ROOF; if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 799, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF"
); } (void) 1; })
799 next_state < STATE_IKEv1_ROOF)({ _Bool assertion__ = STATE_IKEv1_FLOOR <= next_state &&
next_state < STATE_IKEv1_ROOF; if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 799, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF"
); } (void) 1; });
800 const struct finite_state *to = finite_states[next_state];
801 passert(to != NULL)({ _Bool assertion__ = to != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 801, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "to != ((void*)0)"); } (void) 1; });
802
803 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
804 if (from->nr_transitions == 0) {
805 LSWLOG_DEBUG(buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (; buf != ((void*)
0); jambuf_to_logger(buf, &failsafe_logger, DEBUG_STREAM)
, buf = ((void*)0)) {
806 jam_string(buf, " ");
807 lswlog_finite_state(buf, from);
808 jam_string(buf, ":");
809 }
810 }
811 DBG_log(" -> %s %s (%s)", to->short_name,
812 enum_name_short(&event_type_names,
813 t->timeout_event),
814 t->message);
815 }
816
817 /*
818 * Point .fs_v1_transitions at to the first entry in
819 * v1_state_microcode_table for that state. All other
820 * transitions for that state should follow
821 * immediately after (or to put it another way, the
822 * previous transition's state should be the same as
823 * this).
824 */
825 if (from->v1_transitions == NULL((void*)0)) {
826 from->v1_transitions = t;
827 } else {
828 passert(t[-1].state == t->state)({ _Bool assertion__ = t[-1].state == t->state; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 828, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "t[-1].state == t->state"
); } (void) 1; });
829 }
830 from->nr_transitions++;
831
832 if (t->message == NULL((void*)0)) {
833 pexpect_failllog_pexpect(logger, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 833, }; &here; }), "transition %s -> %s missing .message",
834 from->short_name, to->short_name);
835 }
836
837 /*
838 * Copy (actually merge) the flags that apply to the
839 * state; and not the state transition.
840 *
841 * The original code used something like state
842 * .microcode .flags after the state transition had
843 * completed. I.e., use the flags from a
844 * not-yet-taken potential future state transition and
845 * not the previous one.
846 *
847 * This is just trying to extract them and
848 * check they are consistent.
849 *
850 * XXX: this is confusing
851 *
852 * Should fs_flags and SMF_RETRANSMIT_ON_DUPLICATE
853 * should be replaced by SMF_RESPONDING in the
854 * transition flags?
855 *
856 * Or is this more like .fs_timeout_event which is
857 * always true of a state?
858 */
859 if ((t->flags & from->flags) != from->flags) {
860 DBGF(DBG_BASE, "transition %s -> %s (%s) missing flags 0x%"PRIxLSET,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("transition %s -> %s (%s) missing flags 0x%"
"l" "x", from->short_name, to->short_name, t->message
, from->flags); } }
861 from->short_name, to->short_name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("transition %s -> %s (%s) missing flags 0x%"
"l" "x", from->short_name, to->short_name, t->message
, from->flags); } }
862 t->message, from->flags){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("transition %s -> %s (%s) missing flags 0x%"
"l" "x", from->short_name, to->short_name, t->message
, from->flags); } };
863 }
864 from->flags |= t->flags & SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4));
865
866 if (!(t->flags & SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) &&
867 (t->flags & SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))) &&
868 t->processor != unexpected) {
869 /*
870 * The first encrypted message carries
871 * authentication information so isn't
872 * applicable. Other encrypted messages
873 * require integrity via the HASH payload.
874 */
875 if (!(t->req_payloads & LELEM(ISAKMP_NEXT_HASH)((lset_t)1 << (ISAKMP_NEXT_HASH)))) {
876 pexpect_failllog_pexpect(logger, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 876, }; &here; }),
877 "transition %s -> %s (%s) missing HASH payload",
878 from->short_name, to->short_name,
879 t->message);
880 }
881 if (t->hash_type == V1_HASH_NONE) {
882 pexpect_failllog_pexpect(logger, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 882, }; &here; }),
883 "transition %s -> %s (%s) missing HASH protection",
884 from->short_name, to->short_name,
885 t->message);
886 }
887 }
888 }
889}
890
891static stf_status unexpected(struct state *st, struct msg_digest *md UNUSED__attribute__ ((unused)))
892{
893 log_state(RC_LOG_SERIOUS, st, "unexpected message received in state %s",
894 st->st_state->name);
895 return STF_IGNORE;
896}
897
898/*
899 * RFC 2408 Section 4.6
900 *
901 * # Initiator Direction Responder NOTE
902 * (1) HDR*; N/D => Error Notification or Deletion
903 */
904static stf_status informational(struct state *st, struct msg_digest *md)
905{
906 /*
907 * XXX: Danger: ST is deleted midway through this function.
908 */
909 pexpect(st == md->v1_st)({ _Bool assertion__ = st == md->v1_st; if (!assertion__) {
where_t here_ = ({ static const struct where here = { .func =
__func__, .file = "programs/pluto/ikev1.c", .line = 909, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "st == md->v1_st"); }
assertion__; });
910 st = md->v1_st; /* may be NULL */
911
912 struct payload_digest *const n_pld = md->chain[ISAKMP_NEXT_N];
913
914 /* If the Notification Payload is not null... */
915 if (n_pld != NULL((void*)0)) {
916 pb_stream *const n_pbs = &n_pld->pbs;
917 struct isakmp_notification *const n =
918 &n_pld->payload.notification;
919
920 /* Switch on Notification Type (enum) */
921 /* note that we _can_ get notification payloads unencrypted
922 * once we are at least in R3/I4.
923 * and that the handler is expected to treat them suspiciously.
924 */
925 dbg("processing informational %s (%d)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("processing informational %s (%d)", enum_name(
&ikev1_notify_names, n->isan_type), n->isan_type); }
}
926 enum_name(&ikev1_notify_names, n->isan_type),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("processing informational %s (%d)", enum_name(
&ikev1_notify_names, n->isan_type), n->isan_type); }
}
927 n->isan_type){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("processing informational %s (%d)", enum_name(
&ikev1_notify_names, n->isan_type), n->isan_type); }
};
928
929 pstats(ikev1_recv_notifies_e, n->isan_type){ const unsigned __pstat = (n->isan_type); if (__pstat <
(sizeof(pstats_ikev1_recv_notifies_e) / sizeof(*(pstats_ikev1_recv_notifies_e
)))) { pstats_ikev1_recv_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_recv_notifies_e", __pstat); } };
930
931 switch (n->isan_type) {
932 /*
933 * We answer DPD probes even if they claimed not to support
934 * Dead Peer Detection.
935 * We would have to send some kind of reply anyway to prevent
936 * a retransmit, so rather then send an error, we might as
937 * well just send a DPD reply
938 */
939 case R_U_THERE:
940 if (st == NULL((void*)0)) {
941 llog(RC_LOG, md->md_logger,
942 "received bogus R_U_THERE informational message");
943 return STF_IGNORE;
944 }
945 return dpd_inI_outR(st, n, n_pbs);
946
947 case R_U_THERE_ACK:
948 if (st == NULL((void*)0)) {
949 llog(RC_LOG, md->md_logger,
950 "received bogus R_U_THERE_ACK informational message");
951 return STF_IGNORE;
952 }
953 return dpd_inR(st, n, n_pbs);
954
955 case PAYLOAD_MALFORMED:
956 if (st != NULL((void*)0)) {
957 st->hidden_variables.st_malformed_received++;
958
959 log_state(RC_LOG, st, "received %u malformed payload notifies",
960 st->hidden_variables.st_malformed_received);
961
962 if (st->hidden_variables.st_malformed_sent >
963 MAXIMUM_MALFORMED_NOTIFY16 / 2 &&
964 ((st->hidden_variables.st_malformed_sent +
965 st->hidden_variables.
966 st_malformed_received) >
967 MAXIMUM_MALFORMED_NOTIFY16)) {
968 log_state(RC_LOG, st, "too many malformed payloads (we sent %u and received %u",
969 st->hidden_variables.st_malformed_sent,
970 st->hidden_variables.st_malformed_received);
971 delete_state(st);
972 md->v1_st = st = NULL((void*)0);
973 }
974 }
975
976 return STF_IGNORE;
977
978 case ISAKMP_N_CISCO_LOAD_BALANCE:
979 /*
980 * ??? what the heck is in the payload?
981 * We take the peer's new IP address from the last 4 octets.
982 * Is anything else possible? Expected? Documented?
983 */
984 if (st == NULL((void*)0) || !IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0))) {
985 llog(RC_LOG, md->md_logger,
986 "ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message with for unestablished state.");
987 } else if (pbs_left(n_pbs)((size_t)((n_pbs)->roof - (n_pbs)->cur)) < 4) {
988 log_state(RC_LOG_SERIOUS, st,
989 "ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message without IPv4 address");
990 } else {
991 /*
992 * Copy (not cast) the last 4 bytes
993 * (size of an IPv4) address from the
994 * end of the notification into IN
995 * (can't cast as can't assume that
996 * ->roof-4 is correctly aligned).
997 */
998 struct in_addr in;
999 memcpy(&in, n_pbs->roof - sizeof(in), sizeof(in));
1000 ip_address new_peer = address_from_in_addr(&in);
1001
1002 /* is all zeros? */
1003 if (address_is_any(new_peer)) {
1004 ipstr_buf b;
1005
1006 log_state(RC_LOG_SERIOUS, st,
1007 "ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message with invalid IPv4 address %s",
1008 ipstr(&new_peer, &b));
1009 return false0; /* XXX: STF_*? */
1010 }
1011
1012 /* Saving connection name and whack sock id */
1013 const char *tmp_name = st->st_connection->name;
1014 struct fd *tmp_whack_sock = fd_dup(st->st_logger->object_whackfd, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 1014, }; &here; }));
1015
1016 /* deleting ISAKMP SA with the current remote peer */
1017 delete_state(st);
1018 md->v1_st = st = NULL((void*)0);
1019
1020 /* to find and store the connection associated with tmp_name */
1021 /* ??? how do we know that tmp_name hasn't been freed? */
1022 struct connection *tmp_c = conn_by_name(tmp_name, false0/*!strict*/);
1023
1024 if (tmp_c == NULL((void*)0))
1025 return STF_IGNORE;
1026
1027 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1028 address_buf npb;
1029 DBG_log("new peer address: %s",
1030 str_address(&new_peer, &npb));
1031
1032 /* Current remote peer info */
1033 int count_spd = 1;
1034 for (const struct spd_route *tmp_spd = &tmp_c->spd;
1035 tmp_spd != NULL((void*)0); tmp_spd = tmp_spd->spd_next) {
1036 address_buf b;
1037
1038 DBG_log("spd route number: %d",
1039 count_spd++);
1040
1041 /**that info**/
1042 DBG_log("that id kind: %d",
1043 tmp_spd->that.id.kind);
1044 DBG_log("that id ipaddr: %s",
1045 str_address(&tmp_spd->that.id.ip_addr, &b));
1046 if (tmp_spd->that.id.name.ptr != NULL((void*)0)) {
1047 DBG_dump_hunk("that id name",{ typeof(tmp_spd->that.id. name) hunk_ = tmp_spd->that.
id. name; DBG_dump("that id name", hunk_.ptr, hunk_.len); }
1048 tmp_spd->that.id. name){ typeof(tmp_spd->that.id. name) hunk_ = tmp_spd->that.
id. name; DBG_dump("that id name", hunk_.ptr, hunk_.len); };
1049 }
1050 DBG_log("that host_addr: %s",
1051 str_address(&tmp_spd->that.host_addr, &b));
1052 DBG_log("that nexthop: %s",
1053 str_address(&tmp_spd->that.host_nexthop, &b));
1054 DBG_log("that srcip: %s",
1055 str_address(&tmp_spd->that.host_srcip, &b));
1056 selector_buf sb;
1057 DBG_log("that client: %s",
1058 str_selector(&tmp_spd->that.client, &sb));
1059 DBG_log("that has_client: %d",
1060 tmp_spd->that.has_client);
1061 DBG_log("that has_port_wildcard: %d",
1062 tmp_spd->that.has_port_wildcard);
1063 DBG_log("that has_id_wildcards: %d",
1064 tmp_spd->that.has_id_wildcards);
1065 }
1066
1067 if (tmp_c->interface != NULL((void*)0)) {
1068 endpoint_buf b;
1069 DBG_log("Current interface_addr: %s",
1070 str_endpoint(&tmp_c->interface->local_endpoint, &b));
1071 }
1072 }
1073
1074 /* save peer's old address for comparison purposes */
1075 ip_address old_addr = tmp_c->spd.that.host_addr;
1076
1077 /* update peer's address */
1078 tmp_c->spd.that.host_addr = new_peer;
1079
1080 /* Modifying connection info to store the redirected remote peer info */
1081 dbg("Old host_addr_name : %s", tmp_c->spd.that.host_addr_name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Old host_addr_name : %s", tmp_c->spd.that.
host_addr_name); } };
1082 tmp_c->spd.that.host_addr_name = NULL((void*)0);
1083
1084 /* ??? do we know the id.kind has an ip_addr? */
1085 tmp_c->spd.that.id.ip_addr = new_peer;
1086
1087 /* update things that were the old peer */
1088 if (address_eq_address(tmp_c->spd.this.host_nexthop, old_addr)) {
1089 address_buf ob, nb;
1090 dbg("local next hop %s is the same as the old remote addr, changing local next hop to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("local next hop %s is the same as the old remote addr, changing local next hop to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } }
1091 str_address(&old_addr, &ob),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("local next hop %s is the same as the old remote addr, changing local next hop to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } }
1092 str_address(&new_peer, &nb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("local next hop %s is the same as the old remote addr, changing local next hop to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } };
1093 tmp_c->spd.this.host_nexthop = new_peer;
1094 }
1095
1096 if (address_eq_address(tmp_c->spd.that.host_srcip, old_addr)) {
1097 address_buf ob, nb;
1098 dbg("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } }
1099 str_address(&old_addr, &ob),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } }
1100 str_address(&new_peer, &nb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } };
1101 tmp_c->spd.that.host_srcip = new_peer;
1102 }
1103
1104 /*
1105 * XXX: should this also check that
1106 * the client is a single address?
1107 */
1108 ip_address client_prefix = selector_prefix(tmp_c->spd.that.client);
1109 if (address_eq_address(client_prefix, old_addr)) {
1110 address_buf ob, nb;
1111 dbg("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } }
1112 str_address(&old_addr, &ob),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } }
1113 str_address(&new_peer, &nb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s"
, str_address(&old_addr, &ob), str_address(&new_peer
, &nb)); } };
1114 tmp_c->spd.that.client = selector_from_address(new_peer);
1115 }
1116
1117 /*
1118 * ??? is this wise? This may changes
1119 * a lot of other connections.
1120 */
1121 tmp_c->host_pair->remote = new_peer;
1122
1123 /* Initiating connection to the redirected peer */
1124 struct logger logger[] = { GLOBAL_LOGGER(tmp_whack_sock)(struct logger) { .where = ({ static const struct where here =
{ .func = __func__, .file = "programs/pluto/ikev1.c", .line =
1124, }; &here; }), .global_whackfd = tmp_whack_sock, .object
= ((void*)0), .object_vec = &logger_global_vec, }, }; /*placeholder*/
1125 initiate_connections_by_name(tmp_name, /*remote-name*/NULL((void*)0),
1126 /*background?*/tmp_whack_sock == NULL((void*)0)/*guess*/,
1127 logger);
1128 close_any(&tmp_whack_sock)close_any_fd((&tmp_whack_sock), ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1.c",
.line = 1128, }; &here; }));
1129 }
1130 return STF_IGNORE;
1131 default:
1132 {
1133 struct logger *logger = st != NULL((void*)0) ? st->st_logger :
1134 md->md_logger;
1135 llog(RC_LOG_SERIOUS, logger,
1136 "received and ignored notification payload: %s",
1137 enum_name(&ikev1_notify_names, n->isan_type));
1138 return STF_IGNORE;
1139 }
1140 }
1141 } else {
1142 /* warn if we didn't find any Delete or Notify payload in packet */
1143 if (md->chain[ISAKMP_NEXT_D] == NULL((void*)0)) {
1144 const struct logger *logger = (st != NULL((void*)0) ? st->st_logger :
1145 md != NULL((void*)0) ? md->md_logger :
1146 &failsafe_logger);
1147 llog(RC_LOG_SERIOUS, logger,
1148 "received and ignored empty informational notification payload");
1149 }
1150 return STF_IGNORE;
1151 }
1152}
1153
1154/*
1155 * create output HDR as replica of input HDR - IKEv1 only; return the body
1156 */
1157void ikev1_init_pbs_out_from_md_hdr(struct msg_digest *md, bool_Bool enc,
1158 struct pbs_outpacket_byte_stream *output_stream, uint8_t *output_buffer,
1159 size_t sizeof_output_buffer,
1160 struct pbs_outpacket_byte_stream *rbody,
1161 struct logger *logger)
1162{
1163 struct isakmp_hdr hdr = md->hdr; /* mostly same as incoming header */
1164
1165 /* make sure we start with a clean buffer */
1166 *output_stream = open_pbs_out("reply packet", output_buffer, sizeof_output_buffer, logger);
1167
1168 hdr.isa_flags = 0; /* zero all flags */
1169 if (enc)
1170 hdr.isa_flags |= ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX);
1171
1172 if (impair.send_bogus_isakmp_flag) {
1173 hdr.isa_flags |= ISAKMP_FLAGS_RESERVED_BIT6(1<<ISAKMP_FLAGS_RESERVED_BIT6_IX);
1174 }
1175
1176 /* there is only one IKEv1 version, and no new one will ever come - no need to set version */
1177 hdr.isa_np = 0;
1178 /* surely must have room and be well-formed */
1179 passert(out_struct(&hdr, &isakmp_hdr_desc, output_stream, rbody))({ _Bool assertion__ = out_struct(&hdr, &isakmp_hdr_desc
, output_stream, rbody); if (!assertion__) { where_t here = (
{ static const struct where here = { .func = __func__, .file =
"programs/pluto/ikev1.c", .line = 1179, }; &here; }); const
struct logger *logger_ = &failsafe_logger; llog_passert(
logger_, here, "%s", "out_struct(&hdr, &isakmp_hdr_desc, output_stream, rbody)"
); } (void) 1; });
1180}
1181
1182/*
1183 * Recognise and, if necesssary, respond to an IKEv1 duplicate.
1184 *
1185 * Use .st_state, which is the true current state, and not MD
1186 * .FROM_STATE (which is derived from some convoluted magic) when
1187 * determining if the duplicate should or should not get a response.
1188 */
1189static bool_Bool ikev1_duplicate(struct state *st, struct msg_digest *md)
1190{
1191 passert(st != NULL)({ _Bool assertion__ = st != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 1191, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "st != ((void*)0)"); } (void) 1; });
1192 if (st->st_v1_rpacket.ptr != NULL((void*)0) &&
1193 st->st_v1_rpacket.len == pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs
)->start)) &&
1194 memeq(st->st_v1_rpacket.ptr, md->packet_pbs.start,(memcmp((st->st_v1_rpacket.ptr), (md->packet_pbs.start)
, (st->st_v1_rpacket.len)) == 0)
1195 st->st_v1_rpacket.len)(memcmp((st->st_v1_rpacket.ptr), (md->packet_pbs.start)
, (st->st_v1_rpacket.len)) == 0)) {
1196 /*
1197 * Duplicate. Drop or retransmit?
1198 *
1199 * Only re-transmit when the last state transition
1200 * (triggered by this packet the first time) included
1201 * a reply.
1202 *
1203 * XXX: is SMF_RETRANSMIT_ON_DUPLICATE useful or
1204 * correct?
1205 */
1206 bool_Bool replied = (st->st_v1_last_transition != NULL((void*)0) &&
1207 (st->st_v1_last_transition->flags & SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))));
1208 bool_Bool retransmit_on_duplicate =
1209 (st->st_state->flags & SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)));
1210 if (replied && retransmit_on_duplicate) {
1211 /*
1212 * Transitions with EVENT_SA_DISCARD should
1213 * always respond to re-transmits (why?); else
1214 * cap.
1215 */
1216 if (st->st_v1_last_transition->timeout_event == EVENT_SA_DISCARD ||
1217 count_duplicate(st, MAXIMUM_v1_ACCEPTED_DUPLICATES2)) {
1218 log_state(RC_RETRANSMISSION, st,
1219 "retransmitting in response to duplicate packet; already %s",
1220 st->st_state->name);
1221 resend_recorded_v1_ike_msg(st, "retransmit in response to duplicate");
1222 } else {
1223 log_state(RC_LOG_SERIOUS, st,
1224 "discarding duplicate packet -- exhausted retransmission; already %s",
1225 st->st_state->name);
1226 }
1227 } else {
1228 dbg("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s"
, st->st_serialno, st->st_state->name, bool_str(replied
), bool_str(retransmit_on_duplicate)); } }
1229 st->st_serialno, st->st_state->name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s"
, st->st_serialno, st->st_state->name, bool_str(replied
), bool_str(retransmit_on_duplicate)); } }
1230 bool_str(replied), bool_str(retransmit_on_duplicate)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s"
, st->st_serialno, st->st_state->name, bool_str(replied
), bool_str(retransmit_on_duplicate)); } };
1231 }
1232 return true1;
1233 }
1234 return false0;
1235}
1236
1237/* process an input packet, possibly generating a reply.
1238 *
1239 * If all goes well, this routine eventually calls a state-specific
1240 * transition function.
1241 *
1242 * This routine will not release_any_md(mdp). It is expected that its
1243 * caller will do this. In fact, it will zap *mdp to NULL if it thinks
1244 * **mdp should not be freed. So the caller should be prepared for
1245 * *mdp being set to NULL.
1246 */
1247void process_v1_packet(struct msg_digest *md)
1248{
1249 bool_Bool new_iv_set = false0;
1250 struct state *st = NULL((void*)0);
1251 enum state_kind from_state = STATE_UNDEFINED; /* state we started in */
1252
1253#define SEND_NOTIFICATION(t){ { const unsigned __pstat = (t); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e
) / sizeof(*(pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e
[__pstat]++; } else if ((cur_debugging & (((lset_t)1 <<
(DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e"
, __pstat); } }; if (st != ((void*)0)) send_notification_from_state
(st, from_state, t); else send_notification_from_md(md, t); } \
1254 { \
1255 pstats(ikev1_sent_notifies_e, t){ const unsigned __pstat = (t); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e
) / sizeof(*(pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e
[__pstat]++; } else if ((cur_debugging & (((lset_t)1 <<
(DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e"
, __pstat); } }; \
1256 if (st != NULL((void*)0)) \
1257 send_notification_from_state(st, from_state, t); \
1258 else \
1259 send_notification_from_md(md, t); \
1260 }
1261
1262#define LOG_PACKET(RC, ...){ if (st != ((void*)0)) { log_state(RC, st, ...); } else { llog
(RC, md->md_logger, ...); } } \
1263 { \
1264 if (st != NULL((void*)0)) { \
1265 log_state(RC, st, __VA_ARGS__); \
1266 } else { \
1267 llog(RC, md->md_logger, __VA_ARGS__); \
1268 } \
1269 }
1270#define LOG_PACKET_JAMBUF(RC_FLAGS, BUF)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *BUF = &jambuf
; BUF != ((void*)0); BUF = ((void*)0)) for (({ if (((RC_FLAGS
) & NO_PREFIX) == ((lset_t)0) && (((RC_FLAGS) &
STREAM_MASK) != DEBUG_STREAM || (cur_debugging & (((lset_t
)1 << (DBG_ADD_PREFIX_IX)))))) { ((st != ((void*)0) ? st
->st_logger : md->md_logger))->object_vec->jam_object_prefix
(BUF, ((st != ((void*)0) ? st->st_logger : md->md_logger
))->object); } }); BUF != ((void*)0); jambuf_to_logger(BUF
, ((st != ((void*)0) ? st->st_logger : md->md_logger)),
RC_FLAGS), BUF = ((void*)0)) \
1271 LLOG_JAMBUF(RC_FLAGS, (st != NULL ? st->st_logger : md->md_logger), BUF)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *BUF = &jambuf
; BUF != ((void*)0); BUF = ((void*)0)) for (({ if (((RC_FLAGS
) & NO_PREFIX) == ((lset_t)0) && (((RC_FLAGS) &
STREAM_MASK) != DEBUG_STREAM || (cur_debugging & (((lset_t
)1 << (DBG_ADD_PREFIX_IX)))))) { ((st != ((void*)0) ? st
->st_logger : md->md_logger))->object_vec->jam_object_prefix
(BUF, ((st != ((void*)0) ? st->st_logger : md->md_logger
))->object); } }); BUF != ((void*)0); jambuf_to_logger(BUF
, ((st != ((void*)0) ? st->st_logger : md->md_logger)),
RC_FLAGS), BUF = ((void*)0))
1272
1273 switch (md->hdr.isa_xchg) {
1274 case ISAKMP_XCHG_AGGR:
1275 case ISAKMP_XCHG_IDPROT: /* part of a Main Mode exchange */
1276 if (md->hdr.isa_msgid != v1_MAINMODE_MSGID((msgid_t) 0)) {
1277 LOG_PACKET(RC_LOG, "Message ID was 0x%08" PRIx32 " but should be zero in phase 1",{ if (st != ((void*)0)) { log_state(RC_LOG, st, "Message ID was 0x%08"
"x" " but should be zero in phase 1", md->hdr.isa_msgid);
} else { llog(RC_LOG, md->md_logger, "Message ID was 0x%08"
"x" " but should be zero in phase 1", md->hdr.isa_msgid);
} }
1278 md->hdr.isa_msgid){ if (st != ((void*)0)) { log_state(RC_LOG, st, "Message ID was 0x%08"
"x" " but should be zero in phase 1", md->hdr.isa_msgid);
} else { llog(RC_LOG, md->md_logger, "Message ID was 0x%08"
"x" " but should be zero in phase 1", md->hdr.isa_msgid);
} };
1279 SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID
); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1280 return;
1281 }
1282
1283 if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1284 LOG_PACKET(RC_LOG, "Initiator Cookie must not be zero in phase 1 message"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "Initiator Cookie must not be zero in phase 1 message"
); } else { llog(RC_LOG, md->md_logger, "Initiator Cookie must not be zero in phase 1 message"
); } };
1285 SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat <
(sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_COOKIE
); else send_notification_from_md(md, INVALID_COOKIE); };
1286 return;
1287 }
1288
1289 if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1290 /*
1291 * initial message from initiator
1292 */
1293 if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) {
1294 LOG_PACKET(RC_LOG, "initial phase 1 message is invalid: its Encrypted Flag is on"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "initial phase 1 message is invalid: its Encrypted Flag is on"
); } else { llog(RC_LOG, md->md_logger, "initial phase 1 message is invalid: its Encrypted Flag is on"
); } };
1295 SEND_NOTIFICATION(INVALID_FLAGS){ { const unsigned __pstat = (INVALID_FLAGS); if (__pstat <
(sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_FLAGS
); else send_notification_from_md(md, INVALID_FLAGS); };
1296 return;
1297 }
1298
1299 /*
1300 * If there is already an existing state with
1301 * this ICOOKIE, assume it is some sort of
1302 * re-transmit.
1303 */
1304 st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1305 md->hdr.isa_msgid);
1306 if (st != NULL((void*)0)) {
1307 if (!ikev1_duplicate(st, md)) {
1308 /*
1309 * Not a duplicate for the
1310 * current state; assume that
1311 * this a really old
1312 * re-transmit for an earlier
1313 * state that should be
1314 * discarded.
1315 */
1316 log_state(RC_LOG, st, "discarding initial packet; already %s",
1317 st->st_state->name);
1318 }
1319 return;
1320 }
1321 passert(st == NULL)({ _Bool assertion__ = st == ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 1321, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "st == ((void*)0)"); } (void) 1; }); /* new state needed */
1322 /* don't build a state until the message looks tasty */
1323 from_state = (md->hdr.isa_xchg == ISAKMP_XCHG_IDPROT ?
1324 STATE_MAIN_R0 : STATE_AGGR_R0);
1325 } else {
1326 /* not an initial message */
1327
1328 st = find_state_ikev1(&md->hdr.isa_ike_spis,
1329 md->hdr.isa_msgid);
1330
1331 if (st == NULL((void*)0)) {
1332 /*
1333 * perhaps this is a first message
1334 * from the responder and contains a
1335 * responder cookie that we've not yet
1336 * seen.
1337 */
1338 st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1339 md->hdr.isa_msgid);
1340
1341 if (st == NULL((void*)0)) {
1342 llog(RC_LOG, md->md_logger,
1343 "phase 1 message is part of an unknown exchange");
1344 /* XXX Could send notification back */
1345 return;
1346 }
1347 }
1348 from_state = st->st_state->kind;
1349 }
1350 break;
1351
1352 case ISAKMP_XCHG_INFO: /* an informational exchange */
1353 st = find_v1_info_state(&md->hdr.isa_ike_spis,
1354 v1_MAINMODE_MSGID((msgid_t) 0));
1355
1356 if (st == NULL((void*)0)) {
1357 /*
1358 * might be an informational response to our
1359 * first message, in which case, we don't know
1360 * the rcookie yet.
1361 */
1362 st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1363 v1_MAINMODE_MSGID((msgid_t) 0));
1364 }
1365
1366 if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) {
1367 bool_Bool quiet = (st == NULL((void*)0));
1368
1369 if (st == NULL((void*)0)) {
1370 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1371 DBG_log("Informational Exchange is for an unknown (expired?) SA with MSGID:0x%08" PRIx32"x",
1372 md->hdr.isa_msgid);
1373 DBG_dump_thing("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:",DBG_dump("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:"
, &(md->hdr.isa_ike_spis.initiator), sizeof(md->hdr
.isa_ike_spis.initiator))
1374 md->hdr.isa_ike_initiator_spi)DBG_dump("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:"
, &(md->hdr.isa_ike_spis.initiator), sizeof(md->hdr
.isa_ike_spis.initiator));
1375 DBG_dump_thing("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:",DBG_dump("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:"
, &(md->hdr.isa_ike_spis.responder), sizeof(md->hdr
.isa_ike_spis.responder))
1376 md->hdr.isa_ike_responder_spi)DBG_dump("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:"
, &(md->hdr.isa_ike_spis.responder), sizeof(md->hdr
.isa_ike_spis.responder));
1377 }
1378
1379 /* XXX Could send notification back */
1380 return;
1381 }
1382
1383 if (!IS_V1_ISAKMP_ENCRYPTED(st->st_state->kind)((((lset_t)1 << (st->st_state->kind)) & ((((lset_t
)1 << (STATE_MAIN_I4)) - ((lset_t)1 << (STATE_MAIN_R2
)) + ((lset_t)1 << (STATE_MAIN_I4))) | (((lset_t)1 <<
(STATE_AGGR_R2)) - ((lset_t)1 << (STATE_AGGR_R1)) + ((
lset_t)1 << (STATE_AGGR_R2))) | (((lset_t)1 << (STATE_QUICK_R2
)) - ((lset_t)1 << (STATE_QUICK_R0)) + ((lset_t)1 <<
(STATE_QUICK_R2))) | ((lset_t)1 << (STATE_INFO_PROTECTED
)) | (((lset_t)1 << (STATE_XAUTH_I1)) - ((lset_t)1 <<
(STATE_XAUTH_R0)) + ((lset_t)1 << (STATE_XAUTH_I1)))))
!= ((lset_t)0))) {
1384 if (!quiet) {
1385 log_state(RC_LOG_SERIOUS, st,
1386 "encrypted Informational Exchange message is invalid because no key is known");
1387 }
1388 /* XXX Could send notification back */
1389 return;
1390 }
1391
1392 if (md->hdr.isa_msgid == v1_MAINMODE_MSGID((msgid_t) 0)) {
1393 if (!quiet) {
1394 log_state(RC_LOG_SERIOUS, st,
1395 "Informational Exchange message is invalid because it has a Message ID of 0");
1396 }
1397 /* XXX Could send notification back */
1398 return;
1399 }
1400
1401 if (!unique_msgid(st, md->hdr.isa_msgid)) {
1402 if (!quiet) {
1403 log_state(RC_LOG_SERIOUS, st,
1404 "Informational Exchange message is invalid because it has a previously used Message ID (0x%08" PRIx32"x" " )",
1405 md->hdr.isa_msgid);
1406 }
1407 /* XXX Could send notification back */
1408 return;
1409 }
1410 st->st_v1_msgid.reserved = false0;
1411
1412 init_phase2_iv(st, &md->hdr.isa_msgid);
1413 new_iv_set = true1;
1414
1415 from_state = STATE_INFO_PROTECTED;
1416 } else {
1417 if (st != NULL((void*)0) &&
1418 IS_V1_ISAKMP_AUTHENTICATED(st->st_state)(STATE_MAIN_R3 <= ((st->st_state)->kind) && STATE_AGGR_R0
!= ((st->st_state)->kind) && STATE_AGGR_I1 != (
(st->st_state)->kind))) {
1419 log_state(RC_LOG_SERIOUS, st,
1420 "Informational Exchange message must be encrypted");
1421 /* XXX Could send notification back */
1422 return;
1423 }
1424 from_state = STATE_INFO;
1425 }
1426 break;
1427
1428 case ISAKMP_XCHG_QUICK: /* part of a Quick Mode exchange */
1429
1430 if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1431 dbg("Quick Mode message is invalid because it has an Initiator Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Quick Mode message is invalid because it has an Initiator Cookie of 0"
); } };
1432 SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat <
(sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_COOKIE
); else send_notification_from_md(md, INVALID_COOKIE); };
1433 return;
1434 }
1435
1436 if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1437 dbg("Quick Mode message is invalid because it has a Responder Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Quick Mode message is invalid because it has a Responder Cookie of 0"
); } };
1438 SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat <
(sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_COOKIE
); else send_notification_from_md(md, INVALID_COOKIE); };
1439 return;
1440 }
1441
1442 if (md->hdr.isa_msgid == v1_MAINMODE_MSGID((msgid_t) 0)) {
1443 dbg("Quick Mode message is invalid because it has a Message ID of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Quick Mode message is invalid because it has a Message ID of 0"
); } };
1444 SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID
); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1445 return;
1446 }
1447
1448 st = find_state_ikev1(&md->hdr.isa_ike_spis,
1449 md->hdr.isa_msgid);
1450
1451 if (st == NULL((void*)0)) {
1452 /* No appropriate Quick Mode state.
1453 * See if we have a Main Mode state.
1454 * ??? what if this is a duplicate of another message?
1455 */
1456 st = find_state_ikev1(&md->hdr.isa_ike_spis,
1457 v1_MAINMODE_MSGID((msgid_t) 0));
1458
1459 if (st == NULL((void*)0)) {
1460 dbg("Quick Mode message is for a non-existent (expired?) ISAKMP SA"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Quick Mode message is for a non-existent (expired?) ISAKMP SA"
); } };
1461 /* XXX Could send notification back */
1462 return;
1463 }
1464
1465 if (st->st_oakley.doing_xauth) {
1466 dbg("Cannot do Quick Mode until XAUTH done."){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Cannot do Quick Mode until XAUTH done."); } };
1467 return;
1468 }
1469
1470 /* Have we just given an IP address to peer? */
1471 if (st->st_state->kind == STATE_MODE_CFG_R2) {
1472 /* ISAKMP is up... */
1473 change_state(st, STATE_MAIN_R3);
1474 }
1475
1476#ifdef SOFTREMOTE_CLIENT_WORKAROUND
1477 /* See: http://popoludnica.pl/?id=10100110 */
1478 if (st->st_state->kind == STATE_MODE_CFG_R1) {
1479 log_state(RC_LOG, st,
1480 "SoftRemote workaround: Cannot do Quick Mode until MODECFG done.");
1481 return;
1482 }
1483#endif
1484
1485
1486 if (!IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0))) {
1487 log_state(RC_LOG_SERIOUS, st,
1488 "Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA");
1489 SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? */){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1490 return;
1491 }
1492
1493 if (!unique_msgid(st, md->hdr.isa_msgid)) {
1494 log_state(RC_LOG_SERIOUS, st,
1495 "Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x%08" PRIx32"x" " (perhaps this is a duplicated packet)",
1496 md->hdr.isa_msgid);
1497 SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID
); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1498 return;
1499 }
1500 st->st_v1_msgid.reserved = false0;
1501
1502 /* Quick Mode Initial IV */
1503 init_phase2_iv(st, &md->hdr.isa_msgid);
1504 new_iv_set = true1;
1505
1506 from_state = STATE_QUICK_R0;
1507 } else {
1508 if (st->st_oakley.doing_xauth) {
1509 log_state(RC_LOG, st, "Cannot do Quick Mode until XAUTH done.");
1510 return;
1511 }
1512 from_state = st->st_state->kind;
1513 }
1514
1515 break;
1516
1517 case ISAKMP_XCHG_MODE_CFG:
1518 if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1519 dbg("Mode Config message is invalid because it has an Initiator Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Mode Config message is invalid because it has an Initiator Cookie of 0"
); } };
1520 /* XXX Could send notification back */
1521 return;
1522 }
1523
1524 if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1525 dbg("Mode Config message is invalid because it has a Responder Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Mode Config message is invalid because it has a Responder Cookie of 0"
); } };
1526 /* XXX Could send notification back */
1527 return;
1528 }
1529
1530 if (md->hdr.isa_msgid == 0) {
1531 dbg("Mode Config message is invalid because it has a Message ID of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Mode Config message is invalid because it has a Message ID of 0"
); } };
1532 /* XXX Could send notification back */
1533 return;
1534 }
1535
1536 st = find_v1_info_state(&md->hdr.isa_ike_spis, md->hdr.isa_msgid);
1537
1538 if (st == NULL((void*)0)) {
1539 /* No appropriate Mode Config state.
1540 * See if we have a Main Mode state.
1541 * ??? what if this is a duplicate of another message?
1542 */
1543 dbg("No appropriate Mode Config state yet. See if we have a Main Mode state"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("No appropriate Mode Config state yet. See if we have a Main Mode state"
); } };
1544
1545 st = find_v1_info_state(&md->hdr.isa_ike_spis, 0);
1546
1547 if (st == NULL((void*)0)) {
1548 dbg("Mode Config message is for a non-existent (expired?) ISAKMP SA"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Mode Config message is for a non-existent (expired?) ISAKMP SA"
); } };
1549 /* XXX Could send notification back */
1550 /* ??? ought to log something (not just DBG)? */
1551 return;
1552 }
1553
1554
1555 const struct end *this = &st->st_connection->spd.this;
1556 esb_buf b;
1557 dbg(" processing received isakmp_xchg_type %s; this is a%s%s%s%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), this->xauth_server ? " xauthserver" : "", this->xauth_client
? " xauthclient" : "", this->modecfg_server ? " modecfgserver"
: "", this->modecfg_client ? " modecfgclient" : ""); } }
1558 enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), this->xauth_server ? " xauthserver" : "", this->xauth_client
? " xauthclient" : "", this->modecfg_server ? " modecfgserver"
: "", this->modecfg_client ? " modecfgclient" : ""); } }
1559 this->xauth_server ? " xauthserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), this->xauth_server ? " xauthserver" : "", this->xauth_client
? " xauthclient" : "", this->modecfg_server ? " modecfgserver"
: "", this->modecfg_client ? " modecfgclient" : ""); } }
1560 this->xauth_client ? " xauthclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), this->xauth_server ? " xauthserver" : "", this->xauth_client
? " xauthclient" : "", this->modecfg_server ? " modecfgserver"
: "", this->modecfg_client ? " modecfgclient" : ""); } }
1561 this->modecfg_server ? " modecfgserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), this->xauth_server ? " xauthserver" : "", this->xauth_client
? " xauthclient" : "", this->modecfg_server ? " modecfgserver"
: "", this->modecfg_client ? " modecfgclient" : ""); } }
1562 this->modecfg_client ? " modecfgclient" : ""){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), this->xauth_server ? " xauthserver" : "", this->xauth_client
? " xauthclient" : "", this->modecfg_server ? " modecfgserver"
: "", this->modecfg_client ? " modecfgclient" : ""); } };
1563
1564 if (!IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0))) {
1565 dbg("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)"
, st->st_state->name); } }
1566 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)"
, st->st_state->name); } };
1567 /* XXX Could send notification back */
1568 return;
1569 }
1570 dbg(" call init_phase2_iv"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" call init_phase2_iv"); } };
1571 init_phase2_iv(st, &md->hdr.isa_msgid);
1572 new_iv_set = true1;
1573
1574 /*
1575 * okay, now we have to figure out if we are receiving a bogus
1576 * new message in an outstanding XAUTH server conversation
1577 * (i.e. a reply to our challenge)
1578 * (this occurs with some broken other implementations).
1579 *
1580 * or if receiving for the first time, an XAUTH challenge.
1581 *
1582 * or if we are getting a MODECFG request.
1583 *
1584 * we distinguish these states because we cannot both be an
1585 * XAUTH server and client, and our policy tells us which
1586 * one we are.
1587 *
1588 * to complicate further, it is normal to start a new msgid
1589 * when going from one state to another, or when restarting
1590 * the challenge.
1591 *
1592 */
1593
1594 if (this->xauth_server &&
1595 st->st_state->kind == STATE_XAUTH_R1 &&
1596 st->quirks.xauth_ack_msgid) {
1597 from_state = STATE_XAUTH_R1;
1598 dbg(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE"
, st->st_state->name); } }
1599 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE"
, st->st_state->name); } };
1600 } else if (this->xauth_client &&
1601 IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st
->st_state->kind) <= STATE_AGGR_R2)) {
1602 from_state = STATE_XAUTH_I0;
1603 dbg(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE"
, st->st_state->name); } }
1604 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE"
, st->st_state->name); } };
1605 } else if (this->xauth_client &&
1606 st->st_state->kind == STATE_XAUTH_I1) {
1607 /*
1608 * in this case, we got a new MODECFG message after I0, maybe
1609 * because it wants to start over again.
1610 */
1611 from_state = STATE_XAUTH_I0;
1612 dbg(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1"
, st->st_state->name); } }
1613 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1"
, st->st_state->name); } };
1614 } else if (this->modecfg_server &&
1615 IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st
->st_state->kind) <= STATE_AGGR_R2)) {
1616 from_state = STATE_MODE_CFG_R0;
1617 dbg(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE"
, st->st_state->name); } }
1618 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE"
, st->st_state->name); } };
1619 } else if (this->modecfg_client &&
1620 IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st
->st_state->kind) <= STATE_AGGR_R2)) {
1621 from_state = STATE_MODE_CFG_R1;
1622 dbg(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE"
, st->st_state->name); } }
1623 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE"
, st->st_state->name); } };
1624 } else {
1625 esb_buf b;
1626 dbg("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } }
1627 enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } }
1628 st->st_connection ->spd.this.xauth_server ? " xauthserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } }
1629 st->st_connection->spd.this.xauth_client ? " xauthclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } }
1630 st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } }
1631 st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } }
1632 st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE"
, enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &
b), st->st_connection ->spd.this.xauth_server ? " xauthserver"
: "", st->st_connection->spd.this.xauth_client ? " xauthclient"
: "", st->st_connection->spd.this.modecfg_server ? " modecfgserver"
: "", st->st_connection->spd.this.modecfg_client ? " modecfgclient"
: "", st->st_state->name); } };
1633 return;
1634 }
1635 } else {
1636 if (st->st_connection->spd.this.xauth_server &&
1637 IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st
->st_state->kind) <= STATE_AGGR_R2)) {
1638 /* Switch from Phase1 to Mode Config */
1639 dbg("We were in phase 1, with no state, so we went to XAUTH_R0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("We were in phase 1, with no state, so we went to XAUTH_R0"
); } };
1640 change_state(st, STATE_XAUTH_R0);
1641 }
1642
1643 /* otherwise, this is fine, we continue in the state we are in */
1644 from_state = st->st_state->kind;
1645 }
1646
1647 break;
1648
1649 case ISAKMP_XCHG_NONE:
1650 case ISAKMP_XCHG_BASE:
1651 case ISAKMP_XCHG_AO:
1652 case ISAKMP_XCHG_NGRP:
1653 default:
1654 {
1655 esb_buf b;
1656 dbg("unsupported exchange type %s in message",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("unsupported exchange type %s in message", enum_show
(&ikev1_exchange_names, md->hdr.isa_xchg, &b)); } }
1657 enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("unsupported exchange type %s in message", enum_show
(&ikev1_exchange_names, md->hdr.isa_xchg, &b)); } };
1658 SEND_NOTIFICATION(UNSUPPORTED_EXCHANGE_TYPE){ { const unsigned __pstat = (UNSUPPORTED_EXCHANGE_TYPE); if (
__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*
(pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e
[__pstat]++; } else if ((cur_debugging & (((lset_t)1 <<
(DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e"
, __pstat); } }; if (st != ((void*)0)) send_notification_from_state
(st, from_state, UNSUPPORTED_EXCHANGE_TYPE); else send_notification_from_md
(md, UNSUPPORTED_EXCHANGE_TYPE); };
1659 return;
1660 }
1661 }
1662
1663 /* We have found a from_state, and perhaps a state object.
1664 * If we need to build a new state object,
1665 * we wait until the packet has been sanity checked.
1666 */
1667
1668 /* We don't support the Commit Flag. It is such a bad feature.
1669 * It isn't protected -- neither encrypted nor authenticated.
1670 * A man in the middle turns it on, leading to DoS.
1671 * We just ignore it, with a warning.
1672 */
1673 if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_COMMIT(1<<ISAKMP_FLAGS_v1_COMMIT_IX))
1674 dbg("IKE message has the Commit Flag set but Pluto doesn't implement this feature due to security concerns; ignoring flag"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("IKE message has the Commit Flag set but Pluto doesn't implement this feature due to security concerns; ignoring flag"
); } };
1675
1676 /* Handle IKE fragmentation payloads */
1677 if (md->hdr.isa_np == ISAKMP_NEXT_IKE_FRAGMENTATION) {
1678 struct isakmp_ikefrag fraghdr;
1679 int last_frag_index = 0; /* index of the last fragment */
1680 pb_stream frag_pbs;
1681
1682 if (st == NULL((void*)0)) {
1683 dbg("received IKE fragment, but have no state. Ignoring packet."){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received IKE fragment, but have no state. Ignoring packet."
); } };
1684 return;
1685 }
1686
1687 if ((st->st_connection->policy & POLICY_IKE_FRAG_ALLOW((lset_t)1 << (POLICY_IKE_FRAG_ALLOW_IX))) == 0) {
1688 dbg("discarding IKE fragment packet - fragmentation not allowed by local policy (ike_frag=no)"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("discarding IKE fragment packet - fragmentation not allowed by local policy (ike_frag=no)"
); } };
1689 return;
1690 }
1691
1692 diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ikefrag_desc,
1693 &fraghdr, sizeof(fraghdr), &frag_pbs);
1694 if (d != NULL((void*)0)) {
1695 llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
1696 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1697 return;
1698 }
1699 if (pbs_room(&frag_pbs)((size_t)((&frag_pbs)->roof - (&frag_pbs)->start
)) != fraghdr.isafrag_length ||
1700 fraghdr.isafrag_np != ISAKMP_NEXT_NONE ||
1701 fraghdr.isafrag_number == 0 ||
1702 fraghdr.isafrag_number > 16) {
1703 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1704 return;
1705 }
1706
1707 dbg("received IKE fragment id '%d', number '%u'%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received IKE fragment id '%d', number '%u'%s"
, fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags
== 1) ? "(last)" : ""); } }
1708 fraghdr.isafrag_id,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received IKE fragment id '%d', number '%u'%s"
, fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags
== 1) ? "(last)" : ""); } }
1709 fraghdr.isafrag_number,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received IKE fragment id '%d', number '%u'%s"
, fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags
== 1) ? "(last)" : ""); } }
1710 (fraghdr.isafrag_flags == 1) ? "(last)" : ""){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received IKE fragment id '%d', number '%u'%s"
, fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags
== 1) ? "(last)" : ""); } };
1711
1712 struct v1_ike_rfrag *ike_frag = alloc_thing(struct v1_ike_rfrag, "ike_frag")((struct v1_ike_rfrag*) alloc_bytes(sizeof(struct v1_ike_rfrag
), ("ike_frag")));
1713 ike_frag->md = md_addref(md, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 1713, }; &here; }));
1714 ike_frag->index = fraghdr.isafrag_number;
1715 ike_frag->last = (fraghdr.isafrag_flags & 1);
1716 ike_frag->size = pbs_left(&frag_pbs)((size_t)((&frag_pbs)->roof - (&frag_pbs)->cur)
);
1717 ike_frag->data = frag_pbs.cur;
1718
1719 /* Add the fragment to the state */
1720 struct v1_ike_rfrag **i = &st->st_v1_rfrags;
1721 for (;;) {
1722 if (ike_frag != NULL((void*)0)) {
1723 /* Still looking for a place to insert ike_frag */
1724 if (*i == NULL((void*)0) ||
1725 (*i)->index > ike_frag->index) {
1726 ike_frag->next = *i;
1727 *i = ike_frag;
1728 ike_frag = NULL((void*)0);
1729 } else if ((*i)->index == ike_frag->index) {
1730 /* Replace fragment with same index */
1731 struct v1_ike_rfrag *old = *i;
1732
1733 ike_frag->next = old->next;
1734 *i = ike_frag;
1735 pexpect(old->md != NULL)({ _Bool assertion__ = old->md != ((void*)0); if (!assertion__
) { where_t here_ = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 1735, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "old->md != ((void*)0)"
); } assertion__; });
1736 release_any_md(&old->md)md_delref(&old->md, ({ static const struct where here =
{ .func = __func__, .file = "programs/pluto/ikev1.c", .line =
1736, }; &here; }));
1737 pfree(old);
1738 ike_frag = NULL((void*)0);
1739 }
1740 }
1741
1742 if (*i == NULL((void*)0))
1743 break;
1744
1745 if ((*i)->last)
1746 last_frag_index = (*i)->index;
1747
1748 i = &(*i)->next;
1749 }
1750
1751 /* We have the last fragment, reassemble if complete */
1752 if (last_frag_index != 0) {
1753 size_t size = 0;
1754 int prev_index = 0;
1755
1756 for (struct v1_ike_rfrag *frag = st->st_v1_rfrags; frag; frag = frag->next) {
1757 size += frag->size;
1758 if (frag->index != ++prev_index) {
1759 break; /* fragment list incomplete */
1760 } else if (frag->index == last_frag_index) {
1761 struct msg_digest *whole_md = alloc_md(frag->md->iface,
1762 &frag->md->sender,
1763 HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 1763, }; &here; }));
1764 uint8_t *buffer = alloc_bytes(size,
1765 "IKE fragments buffer");
1766 size_t offset = 0;
1767
1768 /* Reassemble fragments in buffer */
1769 frag = st->st_v1_rfrags;
1770 while (frag != NULL((void*)0) &&
1771 frag->index <= last_frag_index)
1772 {
1773 passert(offset + frag->size <=({ _Bool assertion__ = offset + frag->size <= size; if (
!assertion__) { where_t here = ({ static const struct where here
= { .func = __func__, .file = "programs/pluto/ikev1.c", .line
= 1774, }; &here; }); const struct logger *logger_ = &
failsafe_logger; llog_passert(logger_, here, "%s", "offset + frag->size <= size"
); } (void) 1; })
1774 size)({ _Bool assertion__ = offset + frag->size <= size; if (
!assertion__) { where_t here = ({ static const struct where here
= { .func = __func__, .file = "programs/pluto/ikev1.c", .line
= 1774, }; &here; }); const struct logger *logger_ = &
failsafe_logger; llog_passert(logger_, here, "%s", "offset + frag->size <= size"
); } (void) 1; });
1775 memcpy(buffer + offset,
1776 frag->data, frag->size);
1777 offset += frag->size;
1778 frag = frag->next;
1779 }
1780
1781 init_pbs(&whole_md->packet_pbs, buffer, size,
1782 "packet");
1783
1784 process_packet(&whole_md);
1785 release_any_md(&whole_md)md_delref(&whole_md, ({ static const struct where here = {
.func = __func__, .file = "programs/pluto/ikev1.c", .line = 1785
, }; &here; }));
1786 free_v1_message_queues(st);
1787 /* optimize: if receiving fragments, immediately respond with fragments too */
1788 st->st_v1_seen_fragments = true1;
1789 dbg(" updated IKE fragment state to respond using fragments without waiting for re-transmits"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log(" updated IKE fragment state to respond using fragments without waiting for re-transmits"
); } };
1790 break;
1791 }
1792 }
1793 }
1794
1795 return;
1796 }
1797
1798 /*
1799 * Set smc to describe this state's properties.
1800 *
1801 * Look up the appropriate microcode based on state and
1802 * possibly Oakley Auth type.
1803 */
1804 passert(STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF)({ _Bool assertion__ = STATE_IKEv1_FLOOR <= from_state &&
from_state < STATE_IKEv1_ROOF; if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 1804, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF"
); } (void) 1; });
1805 const struct finite_state *fs = finite_states[from_state];
1806 passert(fs != NULL)({ _Bool assertion__ = fs != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 1806, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "fs != ((void*)0)"); } (void) 1; });
1807 const struct state_v1_microcode *smc = fs->v1_transitions;
1808 passert(smc != NULL)({ _Bool assertion__ = smc != ((void*)0); if (!assertion__) {
where_t here = ({ static const struct where here = { .func =
__func__, .file = "programs/pluto/ikev1.c", .line = 1808, };
&here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "smc != ((void*)0)"); } (
void) 1; });
1809
1810 /*
1811 * Find the state's the state transitions that has matching
1812 * authentication.
1813 *
1814 * For states where this makes no sense (eg, quick states
1815 * creating a CHILD_SA), .flags|=SMF_ALL_AUTH so the first
1816 * (only) one always matches.
1817 *
1818 * XXX: The code assumes that when there is always a match (if
1819 * there isn't the passert() triggers. If needed, bogus
1820 * transitions that log/drop the packet are added to the
1821 * table? Would simply dropping the packets be easier.
1822 */
1823 if (st != NULL((void*)0)) {
1824 oakley_auth_t baseauth =
1825 xauth_calcbaseauth(st->st_oakley.auth);
1826
1827 while (!LHAS(smc->flags, baseauth)(((smc->flags) & ((lset_t)1 << (baseauth))) != (
(lset_t)0))) {
1828 smc++;
1829 passert(smc->state == from_state)({ _Bool assertion__ = smc->state == from_state; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 1829, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "smc->state == from_state"
); } (void) 1; });
1830 }
1831 }
1832
1833 /*
1834 * XXX: do this earlier? */
1835 if (verbose_state_busy(st))
1836 return;
1837
1838 /*
1839 * Detect and handle duplicated packets. This won't work for
1840 * the initial packet of an exchange because we won't have a
1841 * state object to remember it. If we are in a non-receiving
1842 * state (terminal), and the preceding state did transmit,
1843 * then the duplicate may indicate that that transmission
1844 * wasn't received -- retransmit it. Otherwise, just discard
1845 * it. ??? Notification packets are like exchanges -- I hope
1846 * that they are idempotent!
1847 *
1848 * XXX: do this earlier?
1849 */
1850 if (st != NULL((void*)0) && ikev1_duplicate(st, md)) {
1851 return;
1852 }
1853
1854 /* save values for use in resumption of processing below.
1855 * (may be suspended due to crypto operation not yet complete)
1856 */
1857 md->v1_st = st;
1858 md->smc = smc;
1859 md->new_iv_set = new_iv_set;
1860
1861 /*
1862 * look for encrypt packets. We cannot handle them if we have not
1863 * yet calculated the skeyids. We will just store the packet in
1864 * the suspended state, since the calculation is likely underway.
1865 *
1866 * note that this differs from above, because skeyid is calculated
1867 * in between states. (or will be, once DH is async)
1868 *
1869 */
1870 if ((md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) &&
1871 st != NULL((void*)0) &&
1872 !st->hidden_variables.st_skeyid_calculated) {
1873 endpoint_buf b;
1874 dbg("received encrypted packet from %s but exponentiation still in progress",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received encrypted packet from %s but exponentiation still in progress"
, str_endpoint(&md->sender, &b)); } }
1875 str_endpoint(&md->sender, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received encrypted packet from %s but exponentiation still in progress"
, str_endpoint(&md->sender, &b)); } };
1876
1877 /*
1878 * if there was a previous packet, let it go, and go
1879 * with most recent one.
1880 */
1881 if (st->st_suspended_md != NULL((void*)0)) {
1882 dbg("releasing suspended operation before completion: %p",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("releasing suspended operation before completion: %p"
, st->st_suspended_md); } }
1883 st->st_suspended_md){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("releasing suspended operation before completion: %p"
, st->st_suspended_md); } };
1884 release_any_md(&st->st_suspended_md)md_delref(&st->st_suspended_md, ({ static const struct
where here = { .func = __func__, .file = "programs/pluto/ikev1.c"
, .line = 1884, }; &here; }));
1885 }
1886 suspend_any_md(st, md){ if (md != ((void*)0)) { { if ((cur_debugging & (((lset_t
)1 << (DBG_BASE_IX))))) { DBG_log("suspending state #%lu and saving MD %p"
, (st)->st_serialno, md); } }; ({ _Bool assertion__ = (st)
->st_suspended_md == ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 1886, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "(st)->st_suspended_md == ((void*)0)"
); } (void) 1; }); (st)->st_suspended_md = md_addref(md, (
{ static const struct where here = { .func = __func__, .file =
"programs/pluto/ikev1.c", .line = 1886, }; &here; })); (
st)->st_suspended_md_func = __func__; (st)->st_suspended_md_line
= 1886; ({ _Bool assertion__ = state_is_busy(st); if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 1886, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "state_is_busy(st)"); } (
void) 1; }); } else { { if ((cur_debugging & (((lset_t)1 <<
(DBG_BASE_IX))))) { DBG_log("no MD to suspend"); } }; } };
1887 return;
1888 }
1889
1890 process_packet_tail(md);
1891 /* our caller will release_any_md(mdp); */
1892}
1893
1894/*
1895 * This routine will not release_any_md(mdp). It is expected that its
1896 * caller will do this. In fact, it will zap *mdp to NULL if it thinks
1897 * **mdp should not be freed. So the caller should be prepared for
1898 * *mdp being set to NULL.
1899 */
1900void process_packet_tail(struct msg_digest *md)
1901{
1902 struct state *st = md->v1_st;
1
'st' initialized here
1903 const struct state_v1_microcode *smc = md->smc;
1904 enum state_kind from_state = smc->state;
1905 bool_Bool new_iv_set = md->new_iv_set;
1906 bool_Bool self_delete = false0;
1907
1908 if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) {
2
Assuming the condition is false
3
Taking false branch
1909
1910 endpoint_buf b;
1911 dbg("received encrypted packet from %s", str_endpoint(&md->sender, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("received encrypted packet from %s", str_endpoint
(&md->sender, &b)); } };
1912
1913 if (st == NULL((void*)0)) {
1914 LOG_PACKET(RC_LOG,{ if (st != ((void*)0)) { log_state(RC_LOG, st, "discarding encrypted message for an unknown ISAKMP SA"
); } else { llog(RC_LOG, md->md_logger, "discarding encrypted message for an unknown ISAKMP SA"
); } }
1915 "discarding encrypted message for an unknown ISAKMP SA"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "discarding encrypted message for an unknown ISAKMP SA"
); } else { llog(RC_LOG, md->md_logger, "discarding encrypted message for an unknown ISAKMP SA"
); } };
1916 return;
1917 }
1918 if (st->st_skeyid_e_nssst_skey_ei_nss == NULL((void*)0)) {
1919 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "discarding encrypted message because we haven't yet negotiated keying material"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "discarding encrypted message because we haven't yet negotiated keying material"
); } }
1920 "discarding encrypted message because we haven't yet negotiated keying material"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "discarding encrypted message because we haven't yet negotiated keying material"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "discarding encrypted message because we haven't yet negotiated keying material"
); } };
1921 return;
1922 }
1923
1924 /* Mark as encrypted */
1925 md->encrypted = true1;
1926
1927 /* do the specified decryption
1928 *
1929 * IV is from st->st_iv or (if new_iv_set) st->st_new_iv.
1930 * The new IV is placed in st->st_new_iv
1931 *
1932 * See RFC 2409 "IKE" Appendix B
1933 *
1934 * XXX The IV should only be updated really if the packet
1935 * is successfully processed.
1936 * We should keep this value, check for a success return
1937 * value from the parsing routines and then replace.
1938 *
1939 * Each post phase 1 exchange generates IVs from
1940 * the last phase 1 block, not the last block sent.
1941 */
1942 const struct encrypt_desc *e = st->st_oakley.ta_encrypt;
1943
1944 if (pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs
)->cur)) % e->enc_blocksize != 0) {
1945 LOG_PACKET(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed message: not a multiple of encryption blocksize"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed message: not a multiple of encryption blocksize"
); } };
1946 return;
1947 }
1948
1949 /* XXX Detect weak keys */
1950
1951 /* grab a copy of raw packet (for duplicate packet detection) */
1952 md->raw_packet = clone_bytes_as_chunk(md->packet_pbs.start,
1953 pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs
)->start)),
1954 "raw packet");
1955
1956 /* Decrypt everything after header */
1957 if (!new_iv_set) {
1958 if (st->st_v1_iv.len == 0) {
1959 init_phase2_iv(st, &md->hdr.isa_msgid);
1960 } else {
1961 /* use old IV */
1962 restore_new_iv(st, st->st_v1_iv){ (st)->st_v1_new_iv = (st->st_v1_iv); };
1963 }
1964 }
1965
1966 passert(st->st_v1_new_iv.len >= e->enc_blocksize)({ _Bool assertion__ = st->st_v1_new_iv.len >= e->enc_blocksize
; if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1.c",
.line = 1966, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_v1_new_iv.len >= e->enc_blocksize"
); } (void) 1; });
1967 st->st_v1_new_iv.len = e->enc_blocksize; /* truncate */
1968
1969 if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
1970 DBG_log("decrypting %u bytes using algorithm %s",
1971 (unsigned) pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs
)->cur)),
1972 st->st_oakley.ta_encrypt->common.fqn);
1973 DBG_dump_hunk("IV before:", st->st_v1_new_iv){ typeof(st->st_v1_new_iv) hunk_ = st->st_v1_new_iv; DBG_dump
("IV before:", hunk_.ptr, hunk_.len); };
1974 }
1975 e->encrypt_ops->do_crypt(e, md->message_pbs.cur,
1976 pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs
)->cur)),
1977 st->st_enc_key_nss,
1978 st->st_v1_new_iv.ptr, false0,
1979 st->st_logger);
1980 if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
1981 DBG_dump_hunk("IV after:", st->st_v1_new_iv){ typeof(st->st_v1_new_iv) hunk_ = st->st_v1_new_iv; DBG_dump
("IV after:", hunk_.ptr, hunk_.len); };
1982 DBG_log("decrypted payload (starts at offset %td):",
1983 md->message_pbs.cur - md->message_pbs.roof);
1984 DBG_dump(NULL((void*)0), md->message_pbs.start,
1985 md->message_pbs.roof - md->message_pbs.start);
1986 }
1987 } else {
1988 /* packet was not encryped -- should it have been? */
1989
1990 if (smc->flags & SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))) {
4
Assuming the condition is false
5
Taking false branch
1991 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "packet rejected: should have been encrypted"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "packet rejected: should have been encrypted"
); } }
1992 "packet rejected: should have been encrypted"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "packet rejected: should have been encrypted"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "packet rejected: should have been encrypted"
); } };
1993 SEND_NOTIFICATION(INVALID_FLAGS){ { const unsigned __pstat = (INVALID_FLAGS); if (__pstat <
(sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_FLAGS
); else send_notification_from_md(md, INVALID_FLAGS); };
1994 return;
1995 }
1996 }
1997
1998 /* Digest the message.
1999 * Padding must be removed to make hashing work.
2000 * Padding comes from encryption (so this code must be after decryption).
2001 * Padding rules are described before the definition of
2002 * struct isakmp_hdr in packet.h.
2003 */
2004 {
2005 enum next_payload_types_ikev1 np = md->hdr.isa_np;
2006 lset_t needed = smc->req_payloads;
2007 const char *excuse =
2008 LIN(SMF_PSK_AUTH | SMF_FIRST_ENCRYPTED_INPUT,(((((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 1))) & (smc->flags)) == (((lset_t
)1 << (OAKLEY_PRESHARED_KEY)) | ((lset_t)1 << (OAKLEY_AUTH_ROOF
+ 1))))
6
Assuming the condition is false
7
'?' condition is false
2009 smc->flags)(((((lset_t)1 << (OAKLEY_PRESHARED_KEY)) | ((lset_t)1 <<
(OAKLEY_AUTH_ROOF + 1))) & (smc->flags)) == (((lset_t
)1 << (OAKLEY_PRESHARED_KEY)) | ((lset_t)1 << (OAKLEY_AUTH_ROOF
+ 1)))) ?
2010 "probable authentication failure (mismatch of preshared secrets?): "
2011 :
2012 "";
2013
2014 while (np != ISAKMP_NEXT_NONE) {
8
Assuming 'np' is not equal to ISAKMP_NEXT_NONE
9
Loop condition is true. Entering loop body
2015 struct_desc *sd = v1_payload_desc(np);
2016
2017 if (md->digest_roof >= elemsof(md->digest)(sizeof(md->digest) / sizeof(*(md->digest)))) {
10
Assuming the condition is false
11
Taking false branch
2018 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored"
, (sizeof(md->digest) / sizeof(*(md->digest)))); } else
{ llog(RC_LOG_SERIOUS, md->md_logger, "more than %zu payloads in message; ignored"
, (sizeof(md->digest) / sizeof(*(md->digest)))); } }
2019 "more than %zu payloads in message; ignored",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored"
, (sizeof(md->digest) / sizeof(*(md->digest)))); } else
{ llog(RC_LOG_SERIOUS, md->md_logger, "more than %zu payloads in message; ignored"
, (sizeof(md->digest) / sizeof(*(md->digest)))); } }
2020 elemsof(md->digest)){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored"
, (sizeof(md->digest) / sizeof(*(md->digest)))); } else
{ llog(RC_LOG_SERIOUS, md->md_logger, "more than %zu payloads in message; ignored"
, (sizeof(md->digest) / sizeof(*(md->digest)))); } };
2021 if (!md->encrypted) {
2022 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2023 }
2024 return;
2025 }
2026 struct payload_digest *const pd = md->digest + md->digest_roof;
2027
2028 /*
2029 * only do this in main mode. In aggressive mode, there
2030 * is no negotiation of NAT-T method. Get it right.
2031 */
2032 if (st != NULL((void*)0) && st->st_connection != NULL((void*)0) &&
12
Assuming 'st' is equal to NULL
2033 (st->st_connection->policy & POLICY_AGGRESSIVE((lset_t)1 << (POLICY_AGGRESSIVE_IX))) == LEMPTY((lset_t)0))
2034 {
2035 switch (np) {
2036 case ISAKMP_NEXT_NATD_RFC:
2037 case ISAKMP_NEXT_NATOA_RFC:
2038 if ((st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_RFC))) == LEMPTY((lset_t)0)) {
2039 /*
2040 * don't accept NAT-D/NAT-OA reloc directly in message,
2041 * unless we're using NAT-T RFC
2042 */
2043 lset_buf lb;
2044 dbg("st_nat_traversal was: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names
, st->hidden_variables.st_nat_traversal, &lb)); } }
2045 str_lset(&natt_method_names,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names
, st->hidden_variables.st_nat_traversal, &lb)); } }
2046 st->hidden_variables.st_nat_traversal,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names
, st->hidden_variables.st_nat_traversal, &lb)); } }
2047 &lb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names
, st->hidden_variables.st_nat_traversal, &lb)); } };
2048 sd = NULL((void*)0);
2049 }
2050 break;
2051 default:
2052 break;
2053 }
2054 }
2055
2056 if (sd == NULL((void*)0)) {
13
Assuming 'sd' is equal to NULL
14
Taking true branch
2057 /* payload type is out of range or requires special handling */
2058 switch (np) {
15
Control jumps to 'case ISAKMP_NEXT_SAK:' at line 2083
2059 case ISAKMP_NEXT_ID:
2060 /* ??? two kinds of ID payloads */
2061 sd = (IS_V1_PHASE1(from_state)(STATE_MAIN_R0 <= (from_state) && (from_state) <=
STATE_AGGR_R2) ||
2062 IS_V1_PHASE15(from_state)(STATE_XAUTH_R0 <= (from_state) && (from_state) <=
STATE_XAUTH_I1)) ?
2063 &isakmp_identification_desc :
2064 &isakmp_ipsec_identification_desc;
2065 break;
2066
2067 case ISAKMP_NEXT_NATD_DRAFTS: /* out of range */
2068 /*
2069 * ISAKMP_NEXT_NATD_DRAFTS was a private use type before RFC-3947.
2070 * Since it has the same format as ISAKMP_NEXT_NATD_RFC,
2071 * just rewrite np and sd, and carry on.
2072 */
2073 np = ISAKMP_NEXT_NATD_RFC;
2074 sd = &isakmp_nat_d_drafts;
2075 break;
2076
2077 case ISAKMP_NEXT_NATOA_DRAFTS: /* out of range */
2078 /* NAT-OA was a private use type before RFC-3947 -- same format */
2079 np = ISAKMP_NEXT_NATOA_RFC;
2080 sd = &isakmp_nat_oa_drafts;
2081 break;
2082
2083 case ISAKMP_NEXT_SAK: /* or ISAKMP_NEXT_NATD_BADDRAFTS */
2084 /*
2085 * Official standards say that this is ISAKMP_NEXT_SAK,
2086 * a part of Group DOI, something we don't implement.
2087 * Old non-updated Cisco gear abused this number in ancient NAT drafts.
2088 * We ignore (rather than reject) this in support of people
2089 * with crufty Cisco machines.
2090 */
2091 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored"
, excuse); } }
16
Taking false branch
2092 "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored"
, excuse); } }
2093 excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored"
, excuse); } };
2094 /*
2095 * Hack to discard payload, whatever it was.
2096 * Since we are skipping the rest of the loop
2097 * body we must do some things ourself:
2098 * - demarshall the payload
2099 * - grab the next payload number (np)
2100 * - don't keep payload (don't increment pd)
2101 * - skip rest of loop body
2102 */
2103 diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
2104 &pd->payload, sizeof(pd->payload), &pd->pbs);
2105 if (d != NULL((void*)0)) {
17
Assuming 'd' is not equal to NULL
18
Taking true branch
2106 llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
19
Access to field 'st_logger' results in a dereference of a null pointer (loaded from variable 'st')
2107 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet"
, excuse); } }
2108 "%smalformed payload in packet",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet"
, excuse); } }
2109 excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet"
, excuse); } };
2110 if (!md->encrypted) {
2111 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2112 }
2113 return;
2114 }
2115 np = pd->payload.generic.isag_np;
2116 /* NOTE: we do not increment pd! */
2117 continue; /* skip rest of the loop */
2118
2119 default:
2120 {
2121 esb_buf b;
2122 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
}
2123 "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
}
2124 excuse,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
}
2125 enum_show(&ikev1_payload_names, np, &b)){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&ikev1_payload_names, np, &b)); }
};
2126 if (!md->encrypted) {
2127 SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE){ { const unsigned __pstat = (INVALID_PAYLOAD_TYPE); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_PAYLOAD_TYPE
); else send_notification_from_md(md, INVALID_PAYLOAD_TYPE); };
2128 }
2129 return;
2130 }
2131 }
2132 passert(sd != NULL)({ _Bool assertion__ = sd != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 2132, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "sd != ((void*)0)"); } (void) 1; });
2133 }
2134
2135 passert(np < LELEM_ROOF)({ _Bool assertion__ = np < 64; if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 2135, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "np < 64"); } (void) 1; });
2136
2137 {
2138 lset_t s = LELEM(np)((lset_t)1 << (np));
2139
2140 if (LDISJOINT(s,(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)
2141 needed | smc->opt_payloads |(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)
2142 LELEM(ISAKMP_NEXT_VID) |(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)
2143 LELEM(ISAKMP_NEXT_N) |(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)
2144 LELEM(ISAKMP_NEXT_D) |(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)
2145 LELEM(ISAKMP_NEXT_CR) |(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)
2146 LELEM(ISAKMP_NEXT_CERT))(((s) & (needed | smc->opt_payloads | ((lset_t)1 <<
(ISAKMP_NEXT_VID)) | ((lset_t)1 << (ISAKMP_NEXT_N)) | (
(lset_t)1 << (ISAKMP_NEXT_D)) | ((lset_t)1 << (ISAKMP_NEXT_CR
)) | ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0)
)) {
2147 esb_buf b;
2148 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } else { llog(RC_LOG_SERIOUS, md->
md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } }
2149 "%smessage ignored because it contains a payload type (%s) unexpected by state %s",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } else { llog(RC_LOG_SERIOUS, md->
md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } }
2150 excuse,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } else { llog(RC_LOG_SERIOUS, md->
md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } }
2151 enum_show(&ikev1_payload_names, np, &b),{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } else { llog(RC_LOG_SERIOUS, md->
md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } }
2152 finite_states[smc->state]->name){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } else { llog(RC_LOG_SERIOUS, md->
md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s"
, excuse, enum_show(&ikev1_payload_names, np, &b), finite_states
[smc->state]->name); } };
2153 if (!md->encrypted) {
2154 SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE){ { const unsigned __pstat = (INVALID_PAYLOAD_TYPE); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, INVALID_PAYLOAD_TYPE
); else send_notification_from_md(md, INVALID_PAYLOAD_TYPE); };
2155 }
2156 return;
2157 }
2158
2159 esb_buf b;
2160 dbg("got payload 0x%" PRIxLSET" (%s) needed: 0x%" PRIxLSET " opt: 0x%" PRIxLSET,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l"
"x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names
, np, &b), needed, smc->opt_payloads); } }
2161 s, enum_show(&ikev1_payload_names, np, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l"
"x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names
, np, &b), needed, smc->opt_payloads); } }
2162 needed, smc->opt_payloads){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l"
"x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names
, np, &b), needed, smc->opt_payloads); } };
2163 needed &= ~s;
2164 }
2165
2166 /*
2167 * Read in the payload recording what type it
2168 * should be
2169 */
2170 pd->payload_type = np;
2171 diag_t d = pbs_in_struct(&md->message_pbs, sd,
2172 &pd->payload, sizeof(pd->payload),
2173 &pd->pbs);
2174 if (d != NULL((void*)0)) {
2175 llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
2176 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet"
, excuse); } }
2177 "%smalformed payload in packet",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet"
, excuse); } }
2178 excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet"
, excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet"
, excuse); } };
2179 if (!md->encrypted) {
2180 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2181 }
2182 return;
2183 }
2184
2185 /* do payload-type specific debugging */
2186 switch (np) {
2187 case ISAKMP_NEXT_ID:
2188 case ISAKMP_NEXT_NATOA_RFC:
2189 /* dump ID section */
2190 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2191 DBG_dump(" obj: ", pd->pbs.cur,
2192 pbs_left(&pd->pbs)((size_t)((&pd->pbs)->roof - (&pd->pbs)->
cur)));
2193 }
2194 break;
2195 default:
2196 break;
2197 }
2198
2199
2200 /*
2201 * Place payload at the end of the chain for this type.
2202 * This code appears in ikev1.c and ikev2.c.
2203 */
2204 {
2205 /* np is a proper subscript for chain[] */
2206 passert(np < elemsof(md->chain))({ _Bool assertion__ = np < (sizeof(md->chain) / sizeof
(*(md->chain))); if (!assertion__) { where_t here = ({ static
const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c"
, .line = 2206, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "np < (sizeof(md->chain) / sizeof(*(md->chain)))"
); } (void) 1; });
2207 struct payload_digest **p = &md->chain[np];
2208
2209 while (*p != NULL((void*)0))
2210 p = &(*p)->next;
2211 *p = pd;
2212 pd->next = NULL((void*)0);
2213 }
2214
2215 np = pd->payload.generic.isag_np;
2216 md->digest_roof++;
2217
2218 /* since we've digested one payload happily, it is probably
2219 * the case that any decryption worked. So we will not suggest
2220 * encryption failure as an excuse for subsequent payload
2221 * problems.
2222 */
2223 excuse = "";
2224 }
2225
2226 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX)))) &&
2227 pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs
)->cur)) != 0) {
2228 DBG_log("removing %d bytes of padding",
2229 (int) pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs
)->cur)));
2230 }
2231
2232 md->message_pbs.roof = md->message_pbs.cur;
2233
2234 /* check that all mandatory payloads appeared */
2235
2236 if (needed != 0) {
2237 LOG_PACKET_JAMBUF(RC_LOG_SERIOUS, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((RC_LOG_SERIOUS
) & NO_PREFIX) == ((lset_t)0) && (((RC_LOG_SERIOUS
) & STREAM_MASK) != DEBUG_STREAM || (cur_debugging & (
((lset_t)1 << (DBG_ADD_PREFIX_IX)))))) { ((st != ((void
*)0) ? st->st_logger : md->md_logger))->object_vec->
jam_object_prefix(buf, ((st != ((void*)0) ? st->st_logger :
md->md_logger))->object); } }); buf != ((void*)0); jambuf_to_logger
(buf, ((st != ((void*)0) ? st->st_logger : md->md_logger
)), RC_LOG_SERIOUS), buf = ((void*)0)) {
2238 jam(buf, "message for %s is missing payloads ",
2239 finite_states[from_state]->name);
2240 jam_lset_short(buf, &ikev1_payload_names, "+", needed);
2241 }
2242 if (!md->encrypted) {
2243 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2244 }
2245 return;
2246 }
2247 }
2248
2249 if (!check_v1_HASH(smc->hash_type, smc->message, st, md)) {
2250 /*SEND_NOTIFICATION(INVALID_HASH_INFORMATION);*/
2251 return;
2252 }
2253
2254 /* more sanity checking: enforce most ordering constraints */
2255
2256 if (IS_V1_PHASE1(from_state)(STATE_MAIN_R0 <= (from_state) && (from_state) <=
STATE_AGGR_R2) || IS_V1_PHASE15(from_state)(STATE_XAUTH_R0 <= (from_state) && (from_state) <=
STATE_XAUTH_I1)) {
2257 /* rfc2409: The Internet Key Exchange (IKE), 5 Exchanges:
2258 * "The SA payload MUST precede all other payloads in a phase 1 exchange."
2259 */
2260 if (md->chain[ISAKMP_NEXT_SA] != NULL((void*)0) &&
2261 md->hdr.isa_np != ISAKMP_NEXT_SA) {
2262 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Phase 1 message: does not start with an SA payload"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Phase 1 message: does not start with an SA payload"
); } }
2263 "malformed Phase 1 message: does not start with an SA payload"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Phase 1 message: does not start with an SA payload"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Phase 1 message: does not start with an SA payload"
); } };
2264 if (!md->encrypted) {
2265 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2266 }
2267 return;
2268 }
2269 } else if (IS_V1_QUICK(from_state)(STATE_QUICK_R0 <= (from_state) && (from_state) <=
STATE_QUICK_R2)) {
2270 /* rfc2409: The Internet Key Exchange (IKE), 5.5 Phase 2 - Quick Mode
2271 *
2272 * "In Quick Mode, a HASH payload MUST immediately follow the ISAKMP
2273 * header and a SA payload MUST immediately follow the HASH."
2274 * [NOTE: there may be more than one SA payload, so this is not
2275 * totally reasonable. Probably all SAs should be so constrained.]
2276 *
2277 * "If ISAKMP is acting as a client negotiator on behalf of another
2278 * party, the identities of the parties MUST be passed as IDci and
2279 * then IDcr."
2280 *
2281 * "With the exception of the HASH, SA, and the optional ID payloads,
2282 * there are no payload ordering restrictions on Quick Mode."
2283 */
2284
2285 if (md->hdr.isa_np != ISAKMP_NEXT_HASH) {
2286 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: does not start with a HASH payload"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: does not start with a HASH payload"
); } }
2287 "malformed Quick Mode message: does not start with a HASH payload"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: does not start with a HASH payload"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: does not start with a HASH payload"
); } };
2288 if (!md->encrypted) {
2289 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2290 }
2291 return;
2292 }
2293
2294 {
2295 struct payload_digest *p;
2296 int i;
2297
2298 p = md->chain[ISAKMP_NEXT_SA];
2299 i = 1;
2300 while (p != NULL((void*)0)) {
2301 if (p != &md->digest[i]) {
2302 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: SA payload is in wrong position"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: SA payload is in wrong position"
); } }
2303 "malformed Quick Mode message: SA payload is in wrong position"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: SA payload is in wrong position"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: SA payload is in wrong position"
); } };
2304 if (!md->encrypted) {
2305 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2306 }
2307 return;
2308 }
2309 p = p->next;
2310 i++;
2311 }
2312 }
2313
2314 /* rfc2409: The Internet Key Exchange (IKE), 5.5 Phase 2 - Quick Mode:
2315 * "If ISAKMP is acting as a client negotiator on behalf of another
2316 * party, the identities of the parties MUST be passed as IDci and
2317 * then IDcr."
2318 */
2319 {
2320 struct payload_digest *id = md->chain[ISAKMP_NEXT_ID];
2321
2322 if (id != NULL((void*)0)) {
2323 if (id->next == NULL((void*)0) ||
2324 id->next->next != NULL((void*)0)) {
2325 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: if any ID payload is present, there must be exactly two"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: if any ID payload is present, there must be exactly two"
); } }
2326 "malformed Quick Mode message: if any ID payload is present, there must be exactly two"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: if any ID payload is present, there must be exactly two"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: if any ID payload is present, there must be exactly two"
); } };
2327 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2328 return;
2329 }
2330 if (id + 1 != id->next) {
2331 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: the ID payloads are not adjacent"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: the ID payloads are not adjacent"
); } }
2332 "malformed Quick Mode message: the ID payloads are not adjacent"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: the ID payloads are not adjacent"
); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: the ID payloads are not adjacent"
); } };
2333 SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat
< (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED
); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2334 return;
2335 }
2336 }
2337 }
2338 }
2339
2340 /*
2341 * Ignore payloads that we don't handle:
2342 */
2343 /* XXX Handle Notifications */
2344 {
2345 struct payload_digest *p = md->chain[ISAKMP_NEXT_N];
2346
2347 while (p != NULL((void*)0)) {
2348 switch (p->payload.notification.isan_type) {
2349 case R_U_THERE:
2350 case R_U_THERE_ACK:
2351 case ISAKMP_N_CISCO_LOAD_BALANCE:
2352 case PAYLOAD_MALFORMED:
2353 case INVALID_MESSAGE_ID:
2354 case IPSEC_RESPONDER_LIFETIME:
2355 if (md->hdr.isa_xchg == ISAKMP_XCHG_INFO) {
2356 /* these are handled later on in informational() */
2357 break;
2358 }
2359 /* FALL THROUGH */
2360 default:
2361 if (st == NULL((void*)0)) {
2362 esb_buf b;
2363 dbg("ignoring informational payload %s, no corresponding state",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("ignoring informational payload %s, no corresponding state"
, enum_show(& ikev1_notify_names, p->payload.notification
.isan_type, &b)); } }
2364 enum_show(& ikev1_notify_names,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("ignoring informational payload %s, no corresponding state"
, enum_show(& ikev1_notify_names, p->payload.notification
.isan_type, &b)); } }
2365 p->payload.notification.isan_type, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("ignoring informational payload %s, no corresponding state"
, enum_show(& ikev1_notify_names, p->payload.notification
.isan_type, &b)); } };
2366 } else {
2367 esb_buf b;
2368 LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } }
2369 "ignoring informational payload %s, msgid=%08" PRIx32 ", length=%d",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } }
2370 enum_show(&ikev1_notify_names,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } }
2371 p->payload.notification.isan_type,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } }
2372 &b),{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } }
2373 st->st_v1_msgid.id,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } }
2374 p->payload.notification.isan_length){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS
, md->md_logger, "ignoring informational payload %s, msgid=%08"
"x" ", length=%d", enum_show(&ikev1_notify_names, p->
payload.notification.isan_type, &b), st->st_v1_msgid.id
, p->payload.notification.isan_length); } };
2375 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2376 DBG_dump_pbs(&p->pbs)DBG_dump((&p->pbs)->name, (&p->pbs)->start
, ((size_t)((&p->pbs)->cur - (&p->pbs)->start
)));
2377 }
2378 }
2379 }
2380 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2381 DBG_dump("info:", p->pbs.cur,
2382 pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur
)));
2383 }
2384
2385 p = p->next;
2386 }
2387
2388 p = md->chain[ISAKMP_NEXT_D];
2389 while (p != NULL((void*)0)) {
2390 self_delete |= accept_delete(md, p);
2391 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2392 DBG_dump("del:", p->pbs.cur,
2393 pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur
)));
2394 }
2395 if (md->v1_st != st) {
2396 pexpect(md->v1_st == NULL)({ _Bool assertion__ = md->v1_st == ((void*)0); if (!assertion__
) { where_t here_ = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 2396, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "md->v1_st == ((void*)0)"
); } assertion__; });
2397 dbg("zapping ST as accept_delete() zapped MD.ST"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("zapping ST as accept_delete() zapped MD.ST");
} };
2398 st = md->v1_st;
2399 }
2400 p = p->next;
2401 }
2402
2403 p = md->chain[ISAKMP_NEXT_VID];
2404 while (p != NULL((void*)0)) {
2405 handle_vendorid(md, (char *)p->pbs.cur,
2406 pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur
)), false0,
2407 st != NULL((void*)0) ? st->st_logger : md->md_logger);
2408 p = p->next;
2409 }
2410 }
2411
2412 if (self_delete) {
2413 accept_self_delete(md);
2414 st = md->v1_st;
2415 /* note: st ought to be NULL from here on */
2416 }
2417
2418 pexpect(st == md->v1_st)({ _Bool assertion__ = st == md->v1_st; if (!assertion__) {
where_t here_ = ({ static const struct where here = { .func =
__func__, .file = "programs/pluto/ikev1.c", .line = 2418, };
&here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "st == md->v1_st"); }
assertion__; });
2419 statetime_t start = statetime_start(md->v1_st);
2420 /*
2421 * XXX: danger - the .informational() processor deletes ST;
2422 * and then tunnels this loss through MD.ST.
2423 */
2424 stf_status e =smc->processor(st, md);
2425 complete_v1_state_transition(md->v1_st, md, e);
2426 statetime_stop(&start, "%s()", __func__);
2427 /* our caller will release_any_md(mdp); */
2428}
2429
2430/*
2431 * replace previous receive packet with latest, to update
2432 * our notion of a retransmitted packet. This is important
2433 * to do, even for failing transitions, and suspended transitions
2434 * because the sender may well retransmit their request.
2435 * We had better be idempotent since we can be called
2436 * multiple times in handling a packet due to crypto helper logic.
2437 */
2438static void remember_received_packet(struct state *st, struct msg_digest *md)
2439{
2440 if (md->encrypted) {
2441 /* if encrypted, duplication already done */
2442 if (md->raw_packet.ptr != NULL((void*)0)) {
2443 pfreeany(st->st_v1_rpacket.ptr){ typeof(st->st_v1_rpacket.ptr) *pp_ = &(st->st_v1_rpacket
.ptr); if (*pp_ != ((void*)0)) { pfree(*pp_); *pp_ = ((void*)
0); } };
2444 st->st_v1_rpacket = md->raw_packet;
2445 md->raw_packet = EMPTY_CHUNK((const chunk_t) { .ptr = ((void*)0), .len = 0 });
2446 }
2447 } else {
2448 /* this may be a repeat, but it will work */
2449 replace_chunk(&st->st_v1_rpacket,
2450 clone_bytes_as_chunk(md->packet_pbs.start,
2451 pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs
)->start)),
2452 "raw packet"));
2453 }
2454}
2455
2456static void jam_v1_ipsec_details(struct jambuf *buf, struct state *st)
2457{
2458 struct connection *const c = st->st_connection;
2459 jam_string(buf, c->policy & POLICY_TUNNEL((lset_t)1 << (POLICY_TUNNEL_IX)) ? "tunnel mode" : "transport mode");
2460 jam(buf, " ");
2461 jam_child_sa_details(buf, st);
2462}
2463
2464static void jam_v1_isakmp_details(struct jambuf *buf, struct state *st)
2465{
2466 jam_parent_sa_details(buf, st);
2467}
2468
2469/* complete job started by the state-specific state transition function
2470 *
2471 * This routine will not release_any_md(mdp). It is expected that its
2472 * caller will do this. In fact, it will zap *mdp to NULL if it thinks
2473 * **mdp should not be freed. So the caller should be prepared for
2474 * *mdp being set to NULL.
2475 *
2476 * md is used to:
2477 * - find st
2478 * - find from_state (st might be gone)
2479 * - find note for STF_FAIL (might not be part of result (STF_FAIL+note))
2480 * - find note for STF_INTERNAL_ERROR
2481 * - record md->event_already_set
2482 * - remember_received_packet(st, md);
2483 * - nat_traversal_change_port_lookup(md, st);
2484 * - smc for smc->next_state
2485 * - smc for smc->flags & SMF_REPLY to trigger a reply
2486 * - smc for smc->timeout_event
2487 * - smc for !(smc->flags & SMF_INITIATOR) for Contivity mode
2488 * - smc for smc->flags & SMF_RELEASE_PENDING_P2 to trigger unpend call
2489 * - smc for smc->flags & SMF_INITIATOR to adjust retransmission
2490 * - fragvid, dpd, nortel
2491 */
2492void complete_v1_state_transition(struct state *st, struct msg_digest *md, stf_status result)
2493{
2494 /* handle oddball/meta results now */
2495
2496 /*
2497 * statistics; lump all FAILs together
2498 *
2499 * Fun fact: using min() stupidly fails (at least in GCC 8.1.1 with -Werror=sign-compare)
2500 * error: comparison of integer expressions of different signedness: `stf_status' {aka `enum <anonymous>'} and `int'
2501 */
2502 pstats(ike_stf, PMIN(result, STF_FAIL)){ const unsigned __pstat = (((result) <= (STF_FAIL) ? (result
) : (STF_FAIL))); if (__pstat < (sizeof(pstats_ike_stf) / sizeof
(*(pstats_ike_stf)))) { pstats_ike_stf[__pstat]++; } else if (
(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
DBG_log("pstats %s %d", "ike_stf", __pstat); } };
2503
2504 dbg("complete v1 state transition with %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("complete v1 state transition with %s", result
> STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL
) : enum_name(&stf_status_names, result)); } }
2505 result > STF_FAIL ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("complete v1 state transition with %s", result
> STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL
) : enum_name(&stf_status_names, result)); } }
2506 enum_name(&ikev1_notify_names, result - STF_FAIL) :{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("complete v1 state transition with %s", result
> STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL
) : enum_name(&stf_status_names, result)); } }
2507 enum_name(&stf_status_names, result)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("complete v1 state transition with %s", result
> STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL
) : enum_name(&stf_status_names, result)); } };
2508
2509 switch (result) {
2510 case STF_SUSPEND:
2511 /*
2512 * If this transition was triggered by an incoming
2513 * packet, save it.
2514 *
2515 * XXX: some initiator code creates a fake MD (there
2516 * isn't a real one); save that as well.
2517 */
2518 passert(md != NULL)({ _Bool assertion__ = md != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 2518, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "md != ((void*)0)"); } (void) 1; });
2519 suspend_any_md(md->v1_st, md){ if (md != ((void*)0)) { { if ((cur_debugging & (((lset_t
)1 << (DBG_BASE_IX))))) { DBG_log("suspending state #%lu and saving MD %p"
, (md->v1_st)->st_serialno, md); } }; ({ _Bool assertion__
= (md->v1_st)->st_suspended_md == ((void*)0); if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 2519, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "(md->v1_st)->st_suspended_md == ((void*)0)"
); } (void) 1; }); (md->v1_st)->st_suspended_md = md_addref
(md, ({ static const struct where here = { .func = __func__, .
file = "programs/pluto/ikev1.c", .line = 2519, }; &here; }
)); (md->v1_st)->st_suspended_md_func = __func__; (md->
v1_st)->st_suspended_md_line = 2519; ({ _Bool assertion__ =
state_is_busy(md->v1_st); if (!assertion__) { where_t here
= ({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 2519, }; &here; }); const
struct logger *logger_ = &failsafe_logger; llog_passert(
logger_, here, "%s", "state_is_busy(md->v1_st)"); } (void)
1; }); } else { { if ((cur_debugging & (((lset_t)1 <<
(DBG_BASE_IX))))) { DBG_log("no MD to suspend"); } }; } };
2520 return;
2521 case STF_IGNORE:
2522 /* note: md might be NULL */
2523 return;
2524 default:
2525 passert(md != NULL)({ _Bool assertion__ = md != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 2525, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "md != ((void*)0)"); } (void) 1; });
2526 break;
2527 }
2528
2529 /* safe to refer to *md */
2530
2531 enum state_kind from_state = md->smc->state;
2532 st = md->v1_st;
2533
2534 passert(st != NULL)({ _Bool assertion__ = st != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 2534, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "st != ((void*)0)"); } (void) 1; });
2535 pexpect(!state_is_busy(st))({ _Bool assertion__ = !state_is_busy(st); if (!assertion__) {
where_t here_ = ({ static const struct where here = { .func =
__func__, .file = "programs/pluto/ikev1.c", .line = 2535, };
&here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "!state_is_busy(st)"); }
assertion__; });
2536
2537 if (result > STF_OK) {
2538 linux_audit_conn(md->v1_st, IS_V1_ISAKMP_SA_ESTABLISHED(md->v1_st)((((lset_t)1 << ((md->v1_st)->st_state->kind))
& (((lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 <<
(STATE_MAIN_I4)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((
lset_t)1 << (STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0
)) | ((lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R0)) | ((lset_t)1 << (STATE_MODE_CFG_R1
)) | ((lset_t)1 << (STATE_MODE_CFG_R2)) | ((lset_t)1 <<
(STATE_MODE_CFG_I1)) | ((lset_t)1 << (STATE_XAUTH_I0))
| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0)) ? LAK_CHILD_FAIL : LAK_PARENT_FAIL);
2539 }
2540
2541 switch (result) {
2542 case STF_OK:
2543 {
2544 /* advance the state */
2545 const struct state_v1_microcode *smc = md->smc;
2546
2547 dbg("doing_xauth:%s, t_xauth_client_done:%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str
(st->st_oakley.doing_xauth), bool_str(st->hidden_variables
.st_xauth_client_done)); } }
2548 bool_str(st->st_oakley.doing_xauth),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str
(st->st_oakley.doing_xauth), bool_str(st->hidden_variables
.st_xauth_client_done)); } }
2549 bool_str(st->hidden_variables.st_xauth_client_done)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str
(st->st_oakley.doing_xauth), bool_str(st->hidden_variables
.st_xauth_client_done)); } };
2550
2551 /* accept info from VID because we accept this message */
2552
2553 /*
2554 * Most of below VIDs only appear Main/Aggr mode, not Quick mode,
2555 * so why are we checking them for each state transition?
2556 */
2557
2558 if (md->fragvid) {
2559 dbg("peer supports fragmentation"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("peer supports fragmentation"); } };
2560 st->st_seen_fragmentation_supported = true1;
2561 }
2562
2563 if (md->dpd) {
2564 dbg("peer supports DPD"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("peer supports DPD"); } };
2565 st->hidden_variables.st_peer_supports_dpd = true1;
2566 if (dpd_active_locally(st)) {
2567 dbg("DPD is configured locally"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("DPD is configured locally"); } };
2568 }
2569 }
2570
2571 /* If state has VID_NORTEL, import it to activate workaround */
2572 if (md->nortel) {
2573 dbg("peer requires Nortel Contivity workaround"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("peer requires Nortel Contivity workaround"); }
};
2574 st->st_seen_nortel_vid = true1;
2575 }
2576
2577 if (!st->st_v1_msgid.reserved &&
2578 IS_CHILD_SA(st)((st)->st_clonedfrom != 0) &&
2579 st->st_v1_msgid.id != v1_MAINMODE_MSGID((msgid_t) 0)) {
2580 struct state *p1st = state_with_serialno(
2581 st->st_clonedfrom);
2582
2583 if (p1st != NULL((void*)0)) {
2584 /* do message ID reservation */
2585 reserve_msgid(p1st, st->st_v1_msgid.id);
2586 }
2587
2588 st->st_v1_msgid.reserved = true1;
2589 }
2590
2591 dbg("IKEv1: transition from state %s to state %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("IKEv1: transition from state %s to state %s",
finite_states[from_state]->name, finite_states[smc->next_state
]->name); } }
2592 finite_states[from_state]->name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("IKEv1: transition from state %s to state %s",
finite_states[from_state]->name, finite_states[smc->next_state
]->name); } }
2593 finite_states[smc->next_state]->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("IKEv1: transition from state %s to state %s",
finite_states[from_state]->name, finite_states[smc->next_state
]->name); } };
2594
2595 change_state(st, smc->next_state);
2596
2597 /*
2598 * XAUTH negotiation without ModeCFG cannot follow the regular
2599 * state machine change as it cannot be determined if the CFG
2600 * payload is "XAUTH OK, no ModeCFG" or "XAUTH OK, expect
2601 * ModeCFG". To the smc, these two cases look identical. So we
2602 * have an ad hoc state change here for the case where
2603 * we have XAUTH but not ModeCFG. We move it to the established
2604 * state, so the regular state machine picks up the Quick Mode.
2605 */
2606 if (st->st_connection->spd.this.xauth_client &&
2607 st->hidden_variables.st_xauth_client_done &&
2608 !st->st_connection->spd.this.modecfg_client &&
2609 st->st_state->kind == STATE_XAUTH_I1)
2610 {
2611 bool_Bool aggrmode = LHAS(st->st_connection->policy, POLICY_AGGRESSIVE_IX)(((st->st_connection->policy) & ((lset_t)1 <<
(POLICY_AGGRESSIVE_IX))) != ((lset_t)0));
2612
2613 log_state(RC_LOG, st, "XAUTH completed; ModeCFG skipped as per configuration");
2614 change_state(st, aggrmode ? STATE_AGGR_I2 : STATE_MAIN_I4);
2615 st->st_v1_msgid.phase15 = v1_MAINMODE_MSGID((msgid_t) 0);
2616 }
2617
2618 /* Schedule for whatever timeout is specified */
2619 if (!md->event_already_set) {
2620 /*
2621 * This md variable is hardly ever set.
2622 * Only deals with v1 <-> v2 switching
2623 * which will be removed in the near future anyway
2624 * (PW 2017 Oct 8)
2625 */
2626 dbg("event_already_set, deleting event"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("event_already_set, deleting event"); } };
2627 /*
2628 * Delete previous retransmission event.
2629 * New event will be scheduled below.
2630 */
2631 delete_event(st);
2632 clear_retransmits(st);
2633 }
2634
2635 /* Delete IKE fragments */
2636 free_v1_message_queues(st);
2637
2638 /* scrub the previous packet exchange */
2639 free_chunk_content(&st->st_v1_rpacket);
2640 free_chunk_content(&st->st_v1_tpacket);
2641
2642 /* in aggressive mode, there will be no reply packet in transition
2643 * from STATE_AGGR_R1 to STATE_AGGR_R2
2644 */
2645 if (nat_traversal_enabled && st->st_connection->ikev1_natt != NATT_NONE) {
2646 /* adjust our destination port if necessary */
2647 nat_traversal_change_port_lookup(md, st);
2648 v1_maybe_natify_initiator_endpoints(st, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 2648, }; &here; }));
2649 }
2650
2651 /*
2652 * Save both the received packet, and this
2653 * state-transition.
2654 *
2655 * Only when the (last) state transition was a "reply"
2656 * should a duplicate packet trigger a retransmit
2657 * (else they get discarded).
2658 *
2659 * XXX: .st_state .fs_flags & SMF_REPLY can't
2660 * be used because it contains flags for the new state
2661 * not the old-to-new state transition.
2662 */
2663 remember_received_packet(st, md);
2664 st->st_v1_last_transition = md->smc;
2665
2666 /* if requested, send the new reply packet */
2667 if (smc->flags & SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))) {
2668 endpoint_buf b;
2669 endpoint_buf b2;
2670 pexpect_st_local_endpoint(st);
2671 dbg("sending reply packet to %s (from %s)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint
(&st->st_remote_endpoint, &b), str_endpoint(&st
->st_interface->local_endpoint, &b2)); } }
2672 str_endpoint(&st->st_remote_endpoint, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint
(&st->st_remote_endpoint, &b), str_endpoint(&st
->st_interface->local_endpoint, &b2)); } }
2673 str_endpoint(&st->st_interface->local_endpoint, &b2)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint
(&st->st_remote_endpoint, &b), str_endpoint(&st
->st_interface->local_endpoint, &b2)); } };
2674
2675 close_output_pbs(&reply_stream); /* good form, but actually a no-op */
2676
2677 if (st->st_state->kind == STATE_MAIN_R2 &&
2678 impair.send_no_main_r2) {
2679 /* record-only so we properly emulate packet drop */
2680 record_outbound_v1_ike_msg(st, &reply_stream,
2681 finite_states[from_state]->name);
2682 log_state(RC_LOG, st, "IMPAIR: Skipped sending STATE_MAIN_R2 response packet");
2683 } else {
2684 record_and_send_v1_ike_msg(st, &reply_stream,
2685 finite_states[from_state]->name);
2686 }
2687 }
2688
2689 /* Schedule for whatever timeout is specified */
2690 if (!md->event_already_set) {
2691 dbg("!event_already_set at reschedule"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("!event_already_set at reschedule"); } };
2692 intmax_t delay_ms; /* delay is in milliseconds here */
2693 enum event_type kind = smc->timeout_event;
2694 bool_Bool agreed_time = false0;
2695 struct connection *c = st->st_connection;
2696
2697 /* fixup in case of state machine jump for xauth without modecfg */
2698 if (c->spd.this.xauth_client &&
2699 st->hidden_variables.st_xauth_client_done &&
2700 !c->spd.this.modecfg_client &&
2701 (st->st_state->kind == STATE_MAIN_I4 || st->st_state->kind == STATE_AGGR_I2))
2702 {
2703 dbg("fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE"
); } };
2704 kind = EVENT_SA_REPLACE;
2705 }
2706
2707 switch (kind) {
2708 case EVENT_RETRANSMIT: /* Retransmit packet */
2709 start_retransmits(st);
2710 break;
2711
2712 case EVENT_SA_REPLACE: /* SA replacement event */
2713 if (IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st
->st_state->kind) <= STATE_AGGR_R2) ||
2714 IS_V1_PHASE15(st->st_state->kind)(STATE_XAUTH_R0 <= (st->st_state->kind) && (
st->st_state->kind) <= STATE_XAUTH_I1)) {
2715 /* Note: we will defer to the "negotiated" (dictated)
2716 * lifetime if we are POLICY_DONT_REKEY.
2717 * This allows the other side to dictate
2718 * a time we would not otherwise accept
2719 * but it prevents us from having to initiate
2720 * rekeying. The negative consequences seem
2721 * minor.
2722 */
2723 delay_ms = deltamillisecs(c->sa_ike_life_seconds);
2724 if ((c->policy & POLICY_DONT_REKEY((lset_t)1 << (POLICY_DONT_REKEY_IX))) ||
2725 delay_ms >= deltamillisecs(st->st_oakley.life_seconds))
2726 {
2727 agreed_time = true1;
2728 delay_ms = deltamillisecs(st->st_oakley.life_seconds);
2729 }
2730 } else {
2731 /* Delay is min of up to four things:
2732 * each can limit the lifetime.
2733 */
2734 time_t delay = deltasecs(c->sa_ipsec_life_seconds);
2735
2736#define clamp_delay(trans) { \
2737 if (st->trans.present && \
2738 delay >= deltasecs(st->trans.attrs.life_seconds)) { \
2739 agreed_time = true1; \
2740 delay = deltasecs(st->trans.attrs.life_seconds); \
2741 } \
2742 }
2743 clamp_delay(st_ah);
2744 clamp_delay(st_esp);
2745 clamp_delay(st_ipcomp);
2746 delay_ms = delay * 1000;
2747#undef clamp_delay
2748 }
2749
2750 /* By default, we plan to rekey.
2751 *
2752 * If there isn't enough time to rekey, plan to
2753 * expire.
2754 *
2755 * If we are --dontrekey, a lot more rules apply.
2756 * If we are the Initiator, use REPLACE_IF_USED.
2757 * If we are the Responder, and the dictated time
2758 * was unacceptable (too large), plan to REPLACE
2759 * (the only way to ratchet down the time).
2760 * If we are the Responder, and the dictated time
2761 * is acceptable, plan to EXPIRE.
2762 *
2763 * Important policy lies buried here.
2764 * For example, we favour the initiator over the
2765 * responder by making the initiator start rekeying
2766 * sooner. Also, fuzz is only added to the
2767 * initiator's margin.
2768 *
2769 * Note: for ISAKMP SA, we let the negotiated
2770 * time stand (implemented by earlier logic).
2771 */
2772 if (agreed_time &&
2773 (c->policy & POLICY_DONT_REKEY((lset_t)1 << (POLICY_DONT_REKEY_IX)))) {
2774 kind = (smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) ?
2775 EVENT_v1_REPLACE_IF_USED :
2776 EVENT_SA_EXPIRE;
2777 }
2778 if (kind != EVENT_SA_EXPIRE) {
2779 time_t marg =
2780 deltasecs(c->sa_rekey_margin);
2781
2782 if (smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) {
2783 marg += marg *
2784 c->sa_rekey_fuzz /
2785 100.E0 *
2786 (rand() /
2787 (RAND_MAX2147483647 + 1.E0));
2788 } else {
2789 marg /= 2;
2790 }
2791
2792 if (delay_ms > marg * 1000) {
2793 delay_ms -= marg * 1000;
2794 st->st_replace_margin = deltatime(marg);
2795 } else {
2796 kind = EVENT_SA_EXPIRE;
2797 }
2798 }
2799 /* XXX: DELAY_MS should be a deltatime_t */
2800 event_schedule(kind, deltatime_ms(delay_ms), st);
2801 break;
2802
2803 case EVENT_SA_DISCARD:
2804 event_schedule(EVENT_SA_DISCARD, c->config->retransmit_timeout, st);
2805 break;
2806
2807 default:
2808 bad_case(kind)libreswan_bad_case("kind", (kind), ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1.c",
.line = 2808, }; &here; }));
2809 }
2810 }
2811
2812 /* tell whack and log of progress */
2813 {
2814 enum rc_type w;
2815 void (*jam_details)(struct jambuf *buf, struct state *st);
2816
2817 if (IS_IPSEC_SA_ESTABLISHED(st)(((st)->st_clonedfrom != 0) && (((st)->st_state
->kind) == STATE_QUICK_I2 || ((st)->st_state->kind) ==
STATE_QUICK_R1 || ((st)->st_state->kind) == STATE_QUICK_R2
|| ((st)->st_state->kind) == STATE_V2_ESTABLISHED_CHILD_SA
))) {
2818 pstat_sa_established(st);
2819 jam_details = jam_v1_ipsec_details;
2820 w = RC_SUCCESS; /* log our success */
2821 } else if (IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0))) {
2822 pstat_sa_established(st);
2823 jam_details = jam_v1_isakmp_details;
2824 w = RC_SUCCESS; /* log our success */
2825 } else {
2826 jam_details = NULL((void*)0);
2827 w = RC_NEW_V1_STATE + st->st_state->kind;
2828 }
2829
2830 passert(st->st_state->kind < STATE_IKEv1_ROOF)({ _Bool assertion__ = st->st_state->kind < STATE_IKEv1_ROOF
; if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1.c",
.line = 2830, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_state->kind < STATE_IKEv1_ROOF"
); } (void) 1; });
2831
2832 /* tell whack and logs our progress */
2833 LLOG_JAMBUF(w, st->st_logger, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((w) &
NO_PREFIX) == ((lset_t)0) && (((w) & STREAM_MASK
) != DEBUG_STREAM || (cur_debugging & (((lset_t)1 <<
(DBG_ADD_PREFIX_IX)))))) { (st->st_logger)->object_vec
->jam_object_prefix(buf, (st->st_logger)->object); }
}); buf != ((void*)0); jambuf_to_logger(buf, (st->st_logger
), w), buf = ((void*)0)) {
2834 jam(buf, "%s", st->st_state->story);
2835 /* document SA details for admin's pleasure */
2836 if (jam_details != NULL((void*)0)) {
2837 jam(buf, " ");
2838 jam_details(buf, st);
2839 }
2840 }
2841 }
2842
2843 /*
2844 * make sure that a DPD event gets created for a new phase 1
2845 * SA.
2846 * Why do we need a DPD event on an IKE SA???
2847 */
2848 if (IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0))) {
2849 if (dpd_init(st) != STF_OK) {
2850 log_state(RC_LOG_SERIOUS, st,
2851 "DPD initialization failed - continuing without DPD");
2852 }
2853 }
2854
2855 /* Special case for XAUTH server */
2856 if (st->st_connection->spd.this.xauth_server) {
2857 if (st->st_oakley.doing_xauth &&
2858 IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0))) {
2859 dbg("XAUTH: Sending XAUTH Login/Password Request"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("XAUTH: Sending XAUTH Login/Password Request")
; } };
2860 event_schedule(EVENT_v1_SEND_XAUTH,
2861 deltatime_ms(EVENT_v1_SEND_XAUTH_DELAY_MS80),
2862 st);
2863 break;
2864 }
2865 }
2866
2867 /*
2868 * for XAUTH client, we are also done, because we need to
2869 * stay in this state, and let the server query us
2870 */
2871 if (!IS_V1_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && (
st->st_state->kind) <= STATE_QUICK_R2) &&
2872 st->st_connection->spd.this.xauth_client &&
2873 !st->hidden_variables.st_xauth_client_done) {
2874 dbg("XAUTH client is not yet authenticated"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("XAUTH client is not yet authenticated"); } };
2875 break;
2876 }
2877
2878 /*
2879 * when talking to some vendors, we need to initiate a mode
2880 * cfg request to get challenged, but there is also an
2881 * override in the form of a policy bit.
2882 */
2883 dbg("modecfg pull: %s policy:%s %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } }
2884 (st->quirks.modecfg_pull_mode ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } }
2885 "quirk-poll" : "noquirk"),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } }
2886 (st->st_connection->policy & POLICY_MODECFG_PULL) ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } }
2887 "pull" : "push",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } }
2888 (st->st_connection->spd.this.modecfg_client ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } }
2889 "modecfg-client" : "not-client")){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks
.modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection
->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX
))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client
? "modecfg-client" : "not-client")); } };
2890
2891 if (st->st_connection->spd.this.modecfg_client &&
2892 IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0)) &&
2893 (st->quirks.modecfg_pull_mode ||
2894 st->st_connection->policy & POLICY_MODECFG_PULL((lset_t)1 << (POLICY_MODECFG_PULL_IX))) &&
2895 !st->hidden_variables.st_modecfg_started) {
2896 dbg("modecfg client is starting due to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg client is starting due to %s", st->
quirks.modecfg_pull_mode ? "quirk" : "policy"); } }
2897 st->quirks.modecfg_pull_mode ? "quirk" :{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg client is starting due to %s", st->
quirks.modecfg_pull_mode ? "quirk" : "policy"); } }
2898 "policy"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("modecfg client is starting due to %s", st->
quirks.modecfg_pull_mode ? "quirk" : "policy"); } };
2899 modecfg_send_request(st);
2900 break;
2901 }
2902
2903 /* Should we set the peer's IP address regardless? */
2904 if (st->st_connection->spd.this.modecfg_server &&
2905 IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0)) &&
2906 !st->hidden_variables.st_modecfg_vars_set &&
2907 !(st->st_connection->policy & POLICY_MODECFG_PULL((lset_t)1 << (POLICY_MODECFG_PULL_IX)))) {
2908 change_state(st, STATE_MODE_CFG_R1);
2909 log_state(RC_LOG, st, "Sending MODE CONFIG set");
2910 /*
2911 * ??? we ignore the result of modecfg.
2912 * But surely, if it fails, we ought to terminate this exchange.
2913 * What do the RFCs say?
2914 */
2915 modecfg_start_set(st);
2916 break;
2917 }
2918
2919 /*
2920 * If we are the responder and the client is in "Contivity mode",
2921 * we need to initiate Quick mode
2922 */
2923 if (!(smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) &&
2924 IS_V1_MODE_CFG_ESTABLISHED(st->st_state)(((st->st_state)->kind) == STATE_MODE_CFG_R2) &&
2925 (st->st_seen_nortel_vid)) {
2926 log_state(RC_LOG, st, "Nortel 'Contivity Mode' detected, starting Quick Mode");
2927 change_state(st, STATE_MAIN_R3); /* ISAKMP is up... */
2928 quick_outI1(st->st_logger->object_whackfd, st, st->st_connection,
2929 st->st_connection->policy, 1, SOS_NOBODY0, null_shunk);
2930 break;
2931 }
2932
2933 /* wait for modecfg_set */
2934 if (st->st_connection->spd.this.modecfg_client &&
2935 IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0)) &&
2936 !st->hidden_variables.st_modecfg_vars_set) {
2937 dbg("waiting for modecfg set from server"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("waiting for modecfg set from server"); } };
2938 break;
2939 }
2940
2941 dbg("phase 1 is done, looking for phase 2 to unpend"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("phase 1 is done, looking for phase 2 to unpend"
); } };
2942
2943 if (smc->flags & SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6))) {
2944 /* Initiate any Quick Mode negotiations that
2945 * were waiting to piggyback on this Keying Channel.
2946 *
2947 * ??? there is a potential race condition
2948 * if we are the responder: the initial Phase 2
2949 * message might outrun the final Phase 1 message.
2950 *
2951 * so, instead of actually sending the traffic now,
2952 * we schedule an event to do so.
2953 *
2954 * but, in fact, quick_mode will enqueue a cryptographic operation
2955 * anyway, which will get done "later" anyway, so maybe it is just fine
2956 * as it is.
2957 *
2958 */
2959 unpend(pexpect_ike_sa(st), NULL((void*)0));
2960 }
2961
2962 if (IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & (((
lset_t)1 << (STATE_MAIN_R3)) | ((lset_t)1 << (STATE_MAIN_I4
)) | ((lset_t)1 << (STATE_AGGR_I2)) | ((lset_t)1 <<
(STATE_AGGR_R2)) | ((lset_t)1 << (STATE_XAUTH_R0)) | (
(lset_t)1 << (STATE_XAUTH_R1)) | ((lset_t)1 << (STATE_MODE_CFG_R0
)) | ((lset_t)1 << (STATE_MODE_CFG_R1)) | ((lset_t)1 <<
(STATE_MODE_CFG_R2)) | ((lset_t)1 << (STATE_MODE_CFG_I1
)) | ((lset_t)1 << (STATE_XAUTH_I0)) | ((lset_t)1 <<
(STATE_XAUTH_I1)))) != ((lset_t)0)) ||
2963 IS_IPSEC_SA_ESTABLISHED(st)(((st)->st_clonedfrom != 0) && (((st)->st_state
->kind) == STATE_QUICK_I2 || ((st)->st_state->kind) ==
STATE_QUICK_R1 || ((st)->st_state->kind) == STATE_QUICK_R2
|| ((st)->st_state->kind) == STATE_V2_ESTABLISHED_CHILD_SA
)))
2964 release_any_whack(st, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 2964, }; &here; }), "IKEv1 transitions finished");
2965
2966 if (IS_V1_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && (
st->st_state->kind) <= STATE_QUICK_R2))
2967 break;
2968
2969 break;
2970 }
2971
2972 case STF_INTERNAL_ERROR:
2973 /* update the previous packet history */
2974 remember_received_packet(st, md);
2975 log_state(RC_INTERNALERR + md->v1_note, st,
2976 "state transition function for %s had internal error",
2977 st->st_state->name);
2978 release_pending_whacks(st, "internal error");
2979 break;
2980
2981 case STF_FATAL:
2982 passert(st != NULL)({ _Bool assertion__ = st != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1.c", .line = 2982, }; &here
; }); const struct logger *logger_ = &failsafe_logger; llog_passert
(logger_, here, "%s", "st != ((void*)0)"); } (void) 1; });
2983 /* update the previous packet history */
2984 remember_received_packet(st, md);
2985 log_state(RC_FATAL, st, "encountered fatal error in state %s",
2986 st->st_state->name);
2987#ifdef HAVE_NM1
2988 if (st->st_connection->remotepeertype == CISCO &&
2989 st->st_connection->nmconfigured) {
2990 if (!do_command(st->st_connection,
2991 &st->st_connection->spd,
2992 "disconnectNM",
2993 st, st->st_logger))
2994 dbg("sending disconnect to NM failed, you may need to do it manually"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("sending disconnect to NM failed, you may need to do it manually"
); } };
2995 }
2996#endif
2997 release_pending_whacks(st, "fatal error");
2998 delete_state(st);
2999 md->v1_st = st = NULL((void*)0);
3000 break;
3001
3002 default: /* a shortcut to STF_FAIL, setting md->note */
3003 passert(result > STF_FAIL)({ _Bool assertion__ = result > STF_FAIL; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1.c", .line = 3003, }
; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "result > STF_FAIL"); }
(void) 1; });
3004 md->v1_note = result - STF_FAIL;
3005 /* FALL THROUGH */
3006 case STF_FAIL:
3007 {
3008 /* As it is, we act as if this message never happened:
3009 * whatever retrying was in place, remains in place.
3010 */
3011 /*
3012 * Try to convert the notification into a non-NULL
3013 * string. For NOTHING_WRONG, be vague (at the time
3014 * of writing the enum_names didn't contain
3015 * NOTHING_WRONG, and even if it did "nothing wrong"
3016 * wouldn't exactly help here :-).
3017 */
3018 const char *notify_name = (md->v1_note == NOTHING_WRONG ? "failed" :
3019 enum_name(&ikev1_notify_names, md->v1_note));
3020 if (notify_name == NULL((void*)0)) {
3021 notify_name = "internal error";
3022 }
3023 /*
3024 * ??? why no call of remember_received_packet?
3025 * Perhaps because the message hasn't been authenticated?
3026 * But then then any duplicate would lose too, I would think.
3027 */
3028
3029 if (md->v1_note != NOTHING_WRONG) {
3030 /* this will log */
3031 SEND_NOTIFICATION(md->v1_note){ { const unsigned __pstat = (md->v1_note); if (__pstat <
(sizeof(pstats_ikev1_sent_notifies_e) / sizeof(*(pstats_ikev1_sent_notifies_e
)))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging
& (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d"
, "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0
)) send_notification_from_state(st, from_state, md->v1_note
); else send_notification_from_md(md, md->v1_note); };
3032 } else {
3033 /* XXX: why whack only? */
3034 log_state(WHACK_STREAM | (RC_NOTIFICATION + md->v1_note), st,
3035 "state transition failed: %s", notify_name);
3036 }
3037
3038 dbg("state transition function for %s failed: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("state transition function for %s failed: %s",
st->st_state->name, notify_name); } }
3039 st->st_state->name, notify_name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("state transition function for %s failed: %s",
st->st_state->name, notify_name); } };
3040
3041#ifdef HAVE_NM1
3042 if (st->st_connection->remotepeertype == CISCO &&
3043 st->st_connection->nmconfigured) {
3044 if (!do_command(st->st_connection,
3045 &st->st_connection->spd,
3046 "disconnectNM",
3047 st, st->st_logger))
3048 dbg("sending disconnect to NM failed, you may need to do it manually"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("sending disconnect to NM failed, you may need to do it manually"
); } };
3049 }
3050#endif
3051 if (IS_V1_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && (
st->st_state->kind) <= STATE_QUICK_R2)) {
3052 delete_state(st);
3053 /* wipe out dangling pointer to st */
3054 md->v1_st = NULL((void*)0);
3055 }
3056 break;
3057 }
3058 }
3059}
3060
3061/*
3062 * note: may change which connection is referenced by md->v1_st->st_connection.
3063 * But only if we are a Main Mode Responder.
3064 */
3065bool_Bool ikev1_decode_peer_id(struct msg_digest *md, bool_Bool initiator, bool_Bool aggrmode)
3066{
3067 struct state *const st = md->v1_st;
3068 struct connection *c = st->st_connection;
3069 const struct payload_digest *const id_pld = md->chain[ISAKMP_NEXT_ID];
3070 const struct isakmp_id *const id = &id_pld->payload.id;
3071
3072 /*
3073 * I think that RFC2407 (IPSEC DOI) 4.6.2 is confused.
3074 * It talks about the protocol ID and Port fields of the ID
3075 * Payload, but they don't exist as such in Phase 1.
3076 * We use more appropriate names.
3077 * isaid_doi_specific_a is in place of Protocol ID.
3078 * isaid_doi_specific_b is in place of Port.
3079 * Besides, there is no good reason for allowing these to be
3080 * other than 0 in Phase 1.
3081 */
3082 if (st->hidden_variables.st_nat_traversal != LEMPTY((lset_t)0) &&
3083 id->isaid_doi_specific_a == IPPROTO_UDPIPPROTO_UDP &&
3084 (id->isaid_doi_specific_b == 0 ||
3085 id->isaid_doi_specific_b == NAT_IKE_UDP_PORT4500)) {
3086 dbg("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T"
, id->isaid_doi_specific_a, id->isaid_doi_specific_b); }
}
3087 id->isaid_doi_specific_a, id->isaid_doi_specific_b){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T"
, id->isaid_doi_specific_a, id->isaid_doi_specific_b); }
};
3088 } else if (!(id->isaid_doi_specific_a == 0 &&
3089 id->isaid_doi_specific_b == 0) &&
3090 !(id->isaid_doi_specific_a == IPPROTO_UDPIPPROTO_UDP &&
3091 id->isaid_doi_specific_b == IKE_UDP_PORT500))
3092 {
3093 log_state(RC_LOG_SERIOUS, st,
3094 "protocol/port in Phase 1 ID Payload MUST be 0/0 or %d/%d but are %d/%d (attempting to continue)",
3095 IPPROTO_UDPIPPROTO_UDP, IKE_UDP_PORT500,
3096 id->isaid_doi_specific_a,
3097 id->isaid_doi_specific_b);
3098 /*
3099 * We have turned this into a warning because of bugs in other
3100 * vendors' products. Specifically CISCO VPN3000.
3101 */
3102 /* return false; */
3103 }
3104
3105 struct id peer;
3106
3107 diag_t d = unpack_peer_id(id->isaid_idtype, &peer, &id_pld->pbs);
3108 if (d != NULL((void*)0)) {
3109 llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
3110 return false0;
3111 }
3112
3113 if (c->spd.that.id.kind == ID_FROMCERT) {
3114 /* breaks API, connection modified by %fromcert */
3115 duplicate_id(&c->spd.that.id, &peer);
3116 }
3117
3118 /*
3119 * For interop with SoftRemote/aggressive mode we need to remember some
3120 * things for checking the hash
3121 */
3122 st->st_peeridentity_protocol = id->isaid_doi_specific_a;
3123 st->st_peeridentity_port = ntohs(id->isaid_doi_specific_b);
3124
3125 {
3126 id_buf buf;
3127 esb_buf b;
3128 log_state(RC_LOG, st, "Peer ID is %s: '%s'",
3129 enum_show(&ike_id_type_names, id->isaid_idtype, &b),
3130 str_id(&peer, &buf)str_id_bytes(&peer, jam_raw_bytes, &buf));
3131 }
3132
3133 /* check for certificates */
3134 if (!v1_verify_certs(md)) {
3135 log_state(RC_LOG, st, "X509: CERT payload does not match connection ID");
3136 if (initiator || aggrmode) {
3137 /* cannot switch connection so fail */
3138 return false0;
3139 }
3140 }
3141
3142 /* check for certificate requests */
3143 ikev1_decode_cr(md, st->st_logger);
3144
3145 /*
3146 * Now that we've decoded the ID payload, let's see if we
3147 * need to switch connections.
3148 * Aggressive mode cannot switch connections.
3149 * We must not switch horses if we initiated:
3150 * - if the initiation was explicit, we'd be ignoring user's intent
3151 * - if opportunistic, we'll lose our HOLD info
3152 */
3153
3154 if (initiator) {
3155 if (!st->st_v1_peer_alt_id &&
3156 !same_id(&c->spd.that.id, &peer) &&
3157 c->spd.that.id.kind != ID_FROMCERT) {
3158 id_buf expect;
3159 id_buf found;
3160
3161 log_state(RC_LOG_SERIOUS, st,
3162 "we require IKEv1 peer to have ID '%s', but peer declares '%s'",
3163 str_id(&c->spd.that.id, &expect)str_id_bytes(&c->spd.that.id, jam_raw_bytes, &expect
),
3164 str_id(&peer, &found)str_id_bytes(&peer, jam_raw_bytes, &found));
3165 return false0;
3166 } else if (c->spd.that.id.kind == ID_FROMCERT) {
3167 if (peer.kind != ID_DER_ASN1_DN) {
3168 log_state(RC_LOG_SERIOUS, st,
3169 "peer ID is not a certificate type");
3170 return false0;
3171 }
3172 duplicate_id(&c->spd.that.id, &peer);
3173 }
3174 } else if (!aggrmode) {
3175 /* Main Mode Responder */
3176 uint16_t auth = xauth_calcbaseauth(st->st_oakley.auth);
3177 lset_t auth_policy;
3178
3179 switch (auth) {
3180 case OAKLEY_PRESHARED_KEY:
3181 auth_policy = POLICY_PSK((lset_t)1 << (POLICY_PSK_IX));
3182 break;
3183 case OAKLEY_RSA_SIG:
3184 auth_policy = POLICY_RSASIG((lset_t)1 << (POLICY_RSASIG_IX));
3185 break;
3186 /* Not implemented */
3187 case OAKLEY_DSS_SIG:
3188 case OAKLEY_RSA_ENC:
3189 case OAKLEY_RSA_REVISED_MODE:
3190 case OAKLEY_ECDSA_P256:
3191 case OAKLEY_ECDSA_P384:
3192 case OAKLEY_ECDSA_P521:
3193 default:
3194 dbg("ikev1 ike_decode_peer_id bad_case due to not supported policy"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("ikev1 ike_decode_peer_id bad_case due to not supported policy"
); } };
3195 return false0;
3196 }
3197
3198 bool_Bool fromcert;
3199 struct connection *r =
3200 refine_host_connection_on_responder(st, &peer,
3201 NULL((void*)0), /* IKEv1 does not support 'you Tarzan, me Jane' */
3202 auth_policy,
3203 AUTHBY_UNSET, /* ikev2 only */
3204 &fromcert);
3205
3206 if (r == NULL((void*)0)) {
3207 id_buf buf;
3208 dbg("no more suitable connection for peer '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("no more suitable connection for peer '%s'", str_id_bytes
(&peer, jam_raw_bytes, &buf)); } }
3209 str_id(&peer, &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("no more suitable connection for peer '%s'", str_id_bytes
(&peer, jam_raw_bytes, &buf)); } };
3210 /* can we continue with what we had? */
3211 if (!md->v1_st->st_v1_peer_alt_id &&
3212 !same_id(&c->spd.that.id, &peer) &&
3213 c->spd.that.id.kind != ID_FROMCERT) {
3214 log_state(RC_LOG, md->v1_st, "Peer mismatch on first found connection and no better connection found");
3215 return false0;
3216 } else {
3217 dbg("Peer ID matches and no better connection found - continuing with existing connection"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Peer ID matches and no better connection found - continuing with existing connection"
); } };
3218 r = c;
3219 }
3220 }
3221
3222 dn_buf buf;
3223 dbg("offered CA: '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("offered CA: '%s'", str_dn_or_null(r->spd.this
.ca, "%none", &buf)); } }
3224 str_dn_or_null(r->spd.this.ca, "%none", &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("offered CA: '%s'", str_dn_or_null(r->spd.this
.ca, "%none", &buf)); } };
3225
3226 if (r != c) {
3227 /*
3228 * We are changing st->st_connection!
3229 * Our caller might be surprised!
3230 */
3231 connection_buf b1, b2;
3232
3233 /* apparently, r is an improvement on c -- replace */
3234 log_state(RC_LOG, st, "switched from "PRI_CONNECTION"\"%s\"%s"" to "PRI_CONNECTION"\"%s\"%s""",
3235 pri_connection(c, &b1)(c)->name, str_connection_instance(c, &b1), pri_connection(r, &b2)(r)->name, str_connection_instance(r, &b2));
3236
3237 if (r->kind == CK_TEMPLATE || r->kind == CK_GROUP) {
3238 /* instantiate it, filling in peer's ID */
3239 r = rw_instantiate(r, &c->spd.that.host_addr,
3240 NULL((void*)0),
3241 &peer);
3242 }
3243
3244 update_state_connection(st, r);
3245 c = r; /* c not subsequently used */
3246 /* redo from scratch so we read and check CERT payload */
3247 dbg("retrying ike_decode_peer_id() with new conn"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("retrying ike_decode_peer_id() with new conn")
; } };
3248 passert(!initiator && !aggrmode)({ _Bool assertion__ = !initiator && !aggrmode; if (!
assertion__) { where_t here = ({ static const struct where here
= { .func = __func__, .file = "programs/pluto/ikev1.c", .line
= 3248, }; &here; }); const struct logger *logger_ = &
failsafe_logger; llog_passert(logger_, here, "%s", "!initiator && !aggrmode"
); } (void) 1; });
3249 return ikev1_decode_peer_id(md, false0, false0);
3250 } else if (c->spd.that.has_id_wildcards) {
3251 duplicate_id(&c->spd.that.id, &peer);
3252 c->spd.that.has_id_wildcards = false0;
3253 } else if (fromcert) {
3254 dbg("copying ID for fromcert"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("copying ID for fromcert"); } };
3255 duplicate_id(&c->spd.that.id, &peer);
3256 }
3257 }
3258
3259 return true1;
3260}
3261
3262bool_Bool ikev1_ship_chain(chunk_t *chain, int n, pb_stream *outs,
3263 uint8_t type)
3264{
3265 for (int i = 0; i < n; i++) {
3266 if (!ikev1_ship_CERT(type, HUNK_AS_SHUNK(chain[i])({ typeof(chain[i]) h_ = (chain[i]); shunk2(h_.ptr, h_.len); }
), outs))
3267 return false0;
3268 }
3269
3270 return true1;
3271}
3272
3273void doi_log_cert_thinking(uint16_t auth,
3274 enum ike_cert_type certtype,
3275 enum certpolicy policy,
3276 bool_Bool gotcertrequest,
3277 bool_Bool send_cert,
3278 bool_Bool send_chain)
3279{
3280 if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
3281 DBG_log("thinking about whether to send my certificate:");
3282
3283 esb_buf oan;
3284 esb_buf ictn;
3285 DBG_log(" I have RSA key: %s cert.type: %s ",
3286 enum_show(&oakley_auth_names, auth, &oan),
3287 enum_show(&ike_cert_type_names, certtype, &ictn));
3288
3289 esb_buf cptn;
3290 DBG_log(" sendcert: %s and I did%s get a certificate request ",
3291 enum_show(&certpolicy_type_names, policy, &cptn),
3292 gotcertrequest ? "" : " not");
3293
3294 DBG_log(" so %ssend cert.", send_cert ? "" : "do not ");
3295
3296 if (!send_cert) {
3297 if (auth == OAKLEY_PRESHARED_KEY) {
3298 DBG_log("I did not send a certificate because digital signatures are not being used. (PSK)");
3299 } else if (certtype == CERT_NONE) {
3300 DBG_log("I did not send a certificate because I do not have one.");
3301 } else if (policy == CERT_SENDIFASKED) {
3302 DBG_log("I did not send my certificate because I was not asked to.");
3303 } else {
3304 DBG_log("INVALID AUTH SETTING: %d", auth);
3305 }
3306 }
3307 if (send_chain)
3308 DBG_log("Sending one or more authcerts");
3309 }
3310}
3311
3312/*
3313 * an ISAKMP SA has been established.
3314 * Note the serial number, and release any connections with
3315 * the same peer ID but different peer IP address.
3316 *
3317 * Called by IKEv1 and IKEv2 when the IKE SA is established.
3318 * It checks if the freshly established connection needs is
3319 * replacing an established version of itself.
3320 *
3321 * The use of uniqueIDs is mostly historic and might be removed
3322 * in a future version. It is ignored for PSK based connections,
3323 * which only act based on being a "server using PSK".
3324 *
3325 * IKEv1 code does not send or process INITIAL_CONTACT
3326 * IKEv2 codes does so we take it into account.
3327 */
3328
3329void ISAKMP_SA_established(const struct ike_sa *ike)
3330{
3331 struct connection *c = ike->sa.st_connection;
3332 bool_Bool authnull = (LIN(POLICY_AUTH_NULL, c->policy)(((((lset_t)1 << (POLICY_AUTH_NULL_IX))) & (c->policy
)) == (((lset_t)1 << (POLICY_AUTH_NULL_IX)))) || c->spd.that.authby == AUTHBY_NULL);
3333
3334 if (c->spd.this.xauth_server && LIN(POLICY_PSK, c->policy)(((((lset_t)1 << (POLICY_PSK_IX))) & (c->policy)
) == (((lset_t)1 << (POLICY_PSK_IX))))) {
3335 /*
3336 * If we are a server and use PSK, all clients use the same group ID
3337 * Note that "xauth_server" also refers to IKEv2 CP
3338 */
3339 dbg("We are a server using PSK and clients are using a group ID"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("We are a server using PSK and clients are using a group ID"
); } };
3340 } else if (!uniqueIDs) {
3341 dbg("uniqueIDs disabled, not contemplating releasing older self"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("uniqueIDs disabled, not contemplating releasing older self"
); } };
3342 } else {
3343 /*
3344 * for all existing connections: if the same Phase 1 IDs are used,
3345 * unorient the (old) connection (if different from current connection)
3346 * Only do this for connections with the same name (can be shared ike sa)
3347 */
3348 struct connection_query cq = { .where = HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1.c", .line = 3348, }; &here; }), .c = NULL((void*)0), };
3349 while (new2old_connection(&cq)) {
3350 struct connection *d = cq.c;
3351
3352 /* if old IKE SA is same as new IKE sa and non-auth isn't overwrting auth */
3353 if (c != d && c->kind == d->kind && streq(c->name, d->name)(strcmp((c->name), (d->name)) == 0) &&
3354 same_id(&c->spd.this.id, &d->spd.this.id) &&
3355 same_id(&c->spd.that.id, &d->spd.that.id))
3356 {
3357 bool_Bool old_is_nullauth = (LIN(POLICY_AUTH_NULL, d->policy)(((((lset_t)1 << (POLICY_AUTH_NULL_IX))) & (d->policy
)) == (((lset_t)1 << (POLICY_AUTH_NULL_IX)))) || d->spd.that.authby == AUTHBY_NULL);
3358 bool_Bool same_remote_ip = sameaddr(&c->spd.that.host_addr, &d->spd.that.host_addr);
3359
3360 if (same_remote_ip && (!old_is_nullauth && authnull)) {
3361 log_state(RC_LOG, &ike->sa, "cannot replace old authenticated connection with authnull connection");
3362 } else if (!same_remote_ip && old_is_nullauth && authnull) {
3363 log_state(RC_LOG, &ike->sa, "NULL auth ID for different IP's cannot replace each other");
3364 } else {
3365 dbg("unorienting old connection with same IDs"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("unorienting old connection with same IDs"); }
};
3366 /*
3367 * When replacing an old
3368 * existing connection,
3369 * suppress sending delete
3370 * notify
3371 */
3372 suppress_delete_notify(ike, "ISAKMP", d->newest_ike_sa);
3373 suppress_delete_notify(ike, "IKE", d->newest_ipsec_sa);
3374 /*
3375 * XXX: Assume this call
3376 * doesn't want to log to
3377 * whack? Even though the IKE
3378 * SA may have whack attached,
3379 * don't transfer it to the
3380 * old connection.
3381 */
3382 if (d->kind == CK_INSTANCE) {
3383 delete_connection(&d, /*relations?*/false0);
3384 } else {
3385 release_connection(d, /*relations?*/false0); /* this deletes the states */
3386 }
3387 }
3388 }
3389 }
3390
3391 /*
3392 * This only affects IKEv2, since we don't store any
3393 * received INITIAL_CONTACT for IKEv1.
3394 * We don't do this on IKEv1, because it seems to
3395 * confuse various third parties (Windows, Cisco VPN 300,
3396 * and juniper
3397 * likely because this would be called before the IPsec SA
3398 * of QuickMode is installed, so the remote endpoints view
3399 * this IKE SA still as the active one?
3400 */
3401 if (ike->sa.st_ike_seen_v2n_initial_contact) {
3402 if (c->newest_ike_sa != SOS_NOBODY0 &&
3403 c->newest_ike_sa != ike->sa.st_serialno) {
3404 struct state *old_p1 = state_by_serialno(c->newest_ike_sa);
3405
3406 dbg("deleting replaced IKE state for %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("deleting replaced IKE state for %s", old_p1->
st_connection->name); } }
3407 old_p1->st_connection->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("deleting replaced IKE state for %s", old_p1->
st_connection->name); } };
3408 old_p1->st_send_delete = DONT_SEND_DELETE;
3409 event_force(EVENT_SA_EXPIRE, old_p1);
3410 }
3411
3412 if (c->newest_ipsec_sa != SOS_NOBODY0) {
3413 struct state *old_p2 = state_by_serialno(c->newest_ipsec_sa);
3414 struct connection *d = old_p2 == NULL((void*)0) ? NULL((void*)0) : old_p2->st_connection;
3415
3416 if (c == d && same_id(&c->spd.that.id, &d->spd.that.id)) {
3417 dbg("Initial Contact received, deleting old state #%lu from connection '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Initial Contact received, deleting old state #%lu from connection '%s'"
, c->newest_ipsec_sa, c->name); } }
3418 c->newest_ipsec_sa, c->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("Initial Contact received, deleting old state #%lu from connection '%s'"
, c->newest_ipsec_sa, c->name); } };
3419 old_p2->st_send_delete = DONT_SEND_DELETE;
3420 event_force(EVENT_SA_EXPIRE, old_p2);
3421 }
3422 }
3423 }
3424 }
3425
3426 c->newest_ike_sa = ike->sa.st_serialno;
3427}
3428
3429/*
3430 * Reply messages are built in this nasty evil global buffer.
3431 *
3432 * Only one packet can be built at a time. That should be ok as
3433 * packets are only built on the main thread and code and a packet is
3434 * created using a single operation.
3435 *
3436 * In the good old days code would partially construct a packet,
3437 * wonder off to do crypto and process other packets, and then assume
3438 * things could be picked up where they were left off. Code to make
3439 * that work (saving restoring the buffer, re-initializing the buffer
3440 * in strange places, ....) has all been removed.
3441 *
3442 * Something else that should go is global access to REPLY_STREAM.
3443 * Instead all code should use open_reply_stream() and a reference
3444 * with only local scope. This should reduce the odds of code
3445 * meddling in reply_stream on the sly.
3446 *
3447 * Another possibility is to move the buffer onto the stack. However,
3448 * the PBS is 64K and that isn't so good for small machines. Then
3449 * again the send.[hc] and demux[hc] code both allocate 64K stack
3450 * buffers already. Oops.
3451 */
3452
3453pb_stream reply_stream;