Bug Summary

File:programs/pluto/ikev1_quick.c
Warning:line 1082, column 24
Dereference of null pointer

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-redhat-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ikev1_quick.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/build/quick-libreswan-2/programs/pluto -resource-dir /usr/lib64/clang/13.0.0 -D TimeZoneOffset=timezone -D PIE -D NSS_IPSEC_PROFILE -D XFRM_LIFETIME_DEFAULT=30 -D USE_IKEv1 -D XFRM_SUPPORT -D USE_XFRM_INTERFACE -D USE_DNSSEC -D DEFAULT_DNSSEC_ROOTKEY_FILE="/var/lib/unbound/root.key" -D HAVE_LABELED_IPSEC -D HAVE_SECCOMP -D LIBCURL -D USE_LINUX_AUDIT -D HAVE_NM -D USE_PAM_AUTH -D USE_3DES -D USE_AES -D USE_CAMELLIA -D USE_CHACHA -D USE_DH31 -D USE_MD5 -D USE_SHA1 -D USE_SHA2 -D USE_PRF_AES_XCBC -D USE_NSS_KDF -D DEFAULT_RUNDIR="/run/pluto" -D IPSEC_CONF="/etc/ipsec.conf" -D IPSEC_CONFDDIR="/etc/ipsec.d" -D IPSEC_NSSDIR="/var/lib/ipsec/nss" -D IPSEC_CONFDIR="/etc" -D IPSEC_EXECDIR="/usr/local/libexec/ipsec" -D IPSEC_SBINDIR="/usr/local/sbin" -D IPSEC_VARDIR="/var" -D POLICYGROUPSDIR="/etc/ipsec.d/policies" -D IPSEC_SECRETS_FILE="/etc/ipsec.secrets" -D FORCE_PR_ASSERT -D USE_FORK=1 -D USE_VFORK=0 -D USE_DAEMON=0 -D USE_PTHREAD_SETSCHEDPRIO=1 -D GCC_LINT -D HAVE_LIBCAP_NG -I . -I ../../OBJ.linux.x86_64/programs/pluto -I ../../include -I /usr/include/nss3 -I /usr/include/nspr4 -I /home/build/quick-libreswan-2/programs/pluto/linux-copy -D HERE_FILENAME="programs/pluto/ikev1_quick.c" -internal-isystem /usr/lib64/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=gnu99 -fdebug-compilation-dir=/home/build/quick-libreswan-2/programs/pluto -ferror-limit 19 -stack-protector 3 -fgnuc-version=4.2.1 -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-01-01-205714-1273399-1 -x c /home/build/quick-libreswan-2/programs/pluto/ikev1_quick.c
1/*
2 * IPsec IKEv1 DOI Quick Mode functions.
3 *
4 * Copyright (C) 1997 Angelos D. Keromytis.
5 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
6 * Copyright (C) 2003-2008 Michael Richardson <mcr@xelerance.com>
7 * Copyright (C) 2003-2009 Paul Wouters <paul@xelerance.com>
8 * Copyright (C) 2009 Avesh Agarwal <avagarwa@redhat.com>
9 * Copyright (C) 2012-2013 Paul Wouters <paul@libreswan.org>
10 * Copyright (C) 2013-2019 D. Hugh Redelmeier <hugh@mimosa.com>
11 * Copyright (C) 2013-2019 Andrew Cagney <cagney@gnu.org>
12 * Copyright (C) 2019 Paul Wouters <pwouters@redhat.com>
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 *
24 */
25
26#include <stdio.h>
27#include <string.h>
28#include <stddef.h>
29#include <stdlib.h>
30#include <unistd.h>
31#include <sys/socket.h>
32#include <netinet/in.h>
33#include <arpa/inet.h>
34#include <resolv.h>
35
36
37#include "sysdep.h"
38#include "constants.h"
39#include "defs.h"
40#include "state.h"
41#include "ikev1_msgid.h"
42#include "id.h"
43#include "x509.h"
44#include "certs.h"
45#include "connections.h" /* needs id.h */
46#include "keys.h"
47#include "packet.h"
48#include "demux.h" /* needs packet.h */
49#include "kernel.h" /* needs connections.h */
50#include "log.h"
51#include "server.h"
52#include "ikev1_spdb.h"
53#include "timer.h"
54#include "rnd.h"
55#include "ipsec_doi.h" /* needs demux.h and state.h */
56#include "whack.h"
57#include "fetch.h"
58#include "asn1.h"
59#include "ikev1_send.h"
60#include "crypto.h"
61#include "secrets.h"
62#include "ikev1_prf.h"
63#include "ike_alg.h"
64#include "kernel_alg.h"
65#include "plutoalg.h"
66#include "crypt_symkey.h"
67#include "crypt_prf.h"
68#include "crypt_hash.h"
69#include "ikev1.h"
70#include "ikev1_quick.h"
71#include "ikev1_continuations.h"
72
73#include "ikev1_xauth.h"
74
75#include "vendor.h"
76#include "nat_traversal.h"
77#include "ikev1_nat.h"
78#include "virtual_ip.h"
79#include "ikev1_dpd.h"
80#include "pluto_x509.h"
81#include "ip_address.h"
82#include "ip_info.h"
83#include "ip_protocol.h"
84#include "ip_selector.h"
85#include "ikev1_hash.h"
86#include "ikev1_message.h"
87#include "crypt_ke.h"
88#include <blapit.h>
89#include "crypt_dh.h"
90#include "unpack.h"
91#include "orient.h"
92
93#ifdef USE_XFRM_INTERFACE1
94# include "kernel_xfrm_interface.h"
95#endif
96
97const struct dh_desc *ikev1_quick_pfs(const struct child_proposals proposals)
98{
99 if (proposals.p == NULL((void*)0)) {
100 return NULL((void*)0);
101 }
102 struct proposal *proposal = next_proposal(proposals.p, NULL((void*)0));
103 struct algorithm *dh = next_algorithm(proposal, PROPOSAL_dh, NULL((void*)0));
104 if (dh == NULL((void*)0)) {
105 return NULL((void*)0);
106 }
107 return dh_desc(dh->desc);
108}
109
110/* accept_PFS_KE
111 *
112 * Check and accept optional Quick Mode KE payload for PFS.
113 * Extends ACCEPT_PFS to check whether KE is allowed or required.
114 */
115static notification_t accept_PFS_KE(struct state *st, struct msg_digest *md,
116 chunk_t *dest, const char *val_name, const char *msg_name)
117{
118 struct payload_digest *const ke_pd = md->chain[ISAKMP_NEXT_KE];
119
120 if (ke_pd == NULL((void*)0)) {
121 if (st->st_pfs_group != NULL((void*)0)) {
122 log_state(RC_LOG_SERIOUS, st,
123 "missing KE payload in %s message", msg_name);
124 return INVALID_KEY_INFORMATION;
125 }
126 return NOTHING_WRONG;
127 } else {
128 if (st->st_pfs_group == NULL((void*)0)) {
129 log_state(RC_LOG_SERIOUS, st,
130 "%s message KE payload requires a GROUP_DESCRIPTION attribute in SA",
131 msg_name);
132 return INVALID_KEY_INFORMATION;
133 }
134 if (ke_pd->next != NULL((void*)0)) {
135 log_state(RC_LOG_SERIOUS, st,
136 "%s message contains several KE payloads; we accept at most one",
137 msg_name);
138 return INVALID_KEY_INFORMATION; /* ??? */
139 }
140 if (!unpack_KE(dest, val_name, st->st_pfs_group,
141 ke_pd, st->st_logger)) {
142 return INVALID_KEY_INFORMATION;
143 }
144 return NOTHING_WRONG;
145 }
146}
147
148/* Initiate quick mode.
149 * --> HDR*, HASH(1), SA, Nr [, KE ] [, IDci, IDcr ]
150 * (see RFC 2409 "IKE" 5.5)
151 * Note: this is not called from demux.c
152 */
153
154static bool_Bool emit_subnet_id(const ip_subnet net,
155 uint8_t protoid,
156 uint16_t port,
157 struct pbs_outpacket_byte_stream *outs)
158{
159 const struct ip_info *ai = subnet_type(&net);
160 const bool_Bool usehost = subnet_prefix_bits(net) == ai->mask_cnt;
161 pb_stream id_pbs;
162
163 struct isakmp_ipsec_id id = {
164 .isaiid_idtype = usehost ? ai->id_ip_addr : ai->id_ip_addr_subnet,
165 .isaiid_protoid = protoid,
166 .isaiid_port = port,
167 };
168
169 if (!out_struct(&id, &isakmp_ipsec_identification_desc, outs, &id_pbs))
170 return false0;
171
172 ip_address tp = subnet_prefix(net);
173 diag_t d = pbs_out_address(&id_pbs, tp, "client network");
174 if (d != NULL((void*)0)) {
175 llog_diag(RC_LOG_SERIOUS, outs->outs_logger, &d, "%s", "");
176 return false0;
177 }
178
179 if (!usehost) {
180 ip_address tm = subnet_prefix_mask(net);
181 diag_t d = pbs_out_address(&id_pbs, tm, "client mask");
182 if (d != NULL((void*)0)) {
183 llog_diag(RC_LOG_SERIOUS, outs->outs_logger, &d, "%s", "");
184 return false0;
185 }
186 }
187
188 close_output_pbs(&id_pbs);
189 return true1;
190}
191
192/*
193 * Produce the new key material of Quick Mode.
194 * RFC 2409 "IKE" section 5.5
195 * specifies how this is to be done.
196 */
197static void compute_proto_keymat(struct state *st,
198 uint8_t protoid,
199 struct ipsec_proto_info *pi,
200 const char *satypename)
201{
202 size_t needed_len = 0; /* bytes of keying material needed */
203
204 /*
205 * Add up the requirements for keying material (It probably
206 * doesn't matter if we produce too much!)
207 *
208 * XXX: This entire switch can probably be reduced to just the
209 * "default:" case.
210 */
211 switch (protoid) {
212 case PROTO_IPSEC_ESP3:
213 switch (pi->attrs.transattrs.ta_ikev1_encryptta_encrypt->common.id[IKEv1_ESP_ID]) {
214 case ESP_NULL:
215 needed_len = 0;
216 break;
217 case ESP_DES:
218 needed_len = DES_CBC_BLOCK_SIZE(((64) + 8 - 1) / 8);
219 break;
220 case ESP_3DES:
221 needed_len = DES_CBC_BLOCK_SIZE(((64) + 8 - 1) / 8) * 3;
222 break;
223 case ESP_AES:
224 needed_len = AES_CBC_BLOCK_SIZE(((128) + 8 - 1) / 8);
225 /* if an attribute is set, then use that! */
226 if (st->st_esp.attrs.transattrs.enckeylen != 0) {
227 needed_len =
228 st->st_esp.attrs.transattrs.enckeylen /
229 BITS_PER_BYTE8;
230 /* XXX: obtained from peer - was it verified for validity yet? */
231 }
232 break;
233 case ESP_AES_CTR:
234 if (st->st_esp.attrs.transattrs.enckeylen != 0) {
235 needed_len =
236 st->st_esp.attrs.transattrs.enckeylen /
237 BITS_PER_BYTE8;
238 /* XXX: obtained from peer - was it verified for validity yet? */
239 } else {
240 /* if no keylength set, pick strongest allowed */
241 needed_len = AES_CTR_KEY_MAX_LEN256 / BITS_PER_BYTE8;
242 }
243 /* AES_CTR requires an extra AES_CTR_SALT_BYTES (4) bytes of salt */
244 needed_len += AES_CTR_SALT_BYTES4;
245 break;
246 case ESP_AES_GCM_8:
247 case ESP_AES_GCM_12:
248 case ESP_AES_GCM_16:
249 /* valid keysize enforced before we get here */
250 if (st->st_esp.attrs.transattrs.enckeylen != 0) {
251 passert(st->st_esp.attrs.transattrs.enckeylen == 128 ||({ _Bool assertion__ = st->st_esp.attrs.transattrs.enckeylen
== 128 || st->st_esp.attrs.transattrs.enckeylen == 192 ||
st->st_esp.attrs.transattrs.enckeylen == 256; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 253
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_esp.attrs.transattrs.enckeylen == 128 || st->st_esp.attrs.transattrs.enckeylen == 192 || st->st_esp.attrs.transattrs.enckeylen == 256"
); } (void) 1; })
252 st->st_esp.attrs.transattrs.enckeylen == 192 ||({ _Bool assertion__ = st->st_esp.attrs.transattrs.enckeylen
== 128 || st->st_esp.attrs.transattrs.enckeylen == 192 ||
st->st_esp.attrs.transattrs.enckeylen == 256; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 253
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_esp.attrs.transattrs.enckeylen == 128 || st->st_esp.attrs.transattrs.enckeylen == 192 || st->st_esp.attrs.transattrs.enckeylen == 256"
); } (void) 1; })
253 st->st_esp.attrs.transattrs.enckeylen == 256)({ _Bool assertion__ = st->st_esp.attrs.transattrs.enckeylen
== 128 || st->st_esp.attrs.transattrs.enckeylen == 192 ||
st->st_esp.attrs.transattrs.enckeylen == 256; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 253
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_esp.attrs.transattrs.enckeylen == 128 || st->st_esp.attrs.transattrs.enckeylen == 192 || st->st_esp.attrs.transattrs.enckeylen == 256"
); } (void) 1; });
254 needed_len = st->st_esp.attrs.transattrs.enckeylen / BITS_PER_BYTE8;
255 } else {
256 /* if no keylength set, pick strongest allowed */
257 needed_len = AEAD_AES_KEY_MAX_LEN256 / BITS_PER_BYTE8;
258 }
259 /* AES_GCM requires an extra AES_GCM_SALT_BYTES (4) bytes of salt */
260 needed_len += AES_GCM_SALT_BYTES4;
261 break;
262 case ESP_AES_CCM_8:
263 case ESP_AES_CCM_12:
264 case ESP_AES_CCM_16:
265 /* valid keysize enforced before we get here */
266 if (st->st_esp.attrs.transattrs.enckeylen != 0) {
267 passert(st->st_esp.attrs.transattrs.enckeylen == 128 ||({ _Bool assertion__ = st->st_esp.attrs.transattrs.enckeylen
== 128 || st->st_esp.attrs.transattrs.enckeylen == 192 ||
st->st_esp.attrs.transattrs.enckeylen == 256; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 269
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_esp.attrs.transattrs.enckeylen == 128 || st->st_esp.attrs.transattrs.enckeylen == 192 || st->st_esp.attrs.transattrs.enckeylen == 256"
); } (void) 1; })
268 st->st_esp.attrs.transattrs.enckeylen == 192 ||({ _Bool assertion__ = st->st_esp.attrs.transattrs.enckeylen
== 128 || st->st_esp.attrs.transattrs.enckeylen == 192 ||
st->st_esp.attrs.transattrs.enckeylen == 256; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 269
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_esp.attrs.transattrs.enckeylen == 128 || st->st_esp.attrs.transattrs.enckeylen == 192 || st->st_esp.attrs.transattrs.enckeylen == 256"
); } (void) 1; })
269 st->st_esp.attrs.transattrs.enckeylen == 256)({ _Bool assertion__ = st->st_esp.attrs.transattrs.enckeylen
== 128 || st->st_esp.attrs.transattrs.enckeylen == 192 ||
st->st_esp.attrs.transattrs.enckeylen == 256; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 269
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_esp.attrs.transattrs.enckeylen == 128 || st->st_esp.attrs.transattrs.enckeylen == 192 || st->st_esp.attrs.transattrs.enckeylen == 256"
); } (void) 1; });
270 needed_len = st->st_esp.attrs.transattrs.enckeylen / BITS_PER_BYTE8;
271 } else {
272 /* if no keylength set, pick strongest allowed */
273 needed_len = AEAD_AES_KEY_MAX_LEN256 / BITS_PER_BYTE8;
274 }
275 /* AES_CCM requires an extra AES_CCM_SALT_BYTES (3) bytes of salt */
276 needed_len += AES_CCM_SALT_BYTES3;
277 break;
278
279 case ESP_CAMELLIA:
280 /* if an attribute is set, then use that! */
281 if (st->st_esp.attrs.transattrs.enckeylen == 0) {
282 needed_len = CAMELLIA_BLOCK_SIZE16;
283 } else {
284 needed_len =
285 st->st_esp.attrs.transattrs.enckeylen /
286 BITS_PER_BYTE8;
287 /* XXX: obtained from peer - was it verified for validity yet? */
288 }
289 break;
290
291 case ESP_CAST:
292 case ESP_TWOFISH:
293 case ESP_SERPENT:
294 /* ESP_SEED is for IKEv1 only and not supported. Its number in IKEv2 has been re-used */
295 bad_case(pi->attrs.transattrs.ta_ikev1_encrypt)libreswan_bad_case("pi->attrs.transattrs.ta_ikev1_encrypt"
, (pi->attrs.transattrs.ta_encrypt->common.id[IKEv1_ESP_ID
]), ({ static const struct where here = { .func = __func__, .
file = "programs/pluto/ikev1_quick.c", .line = 295, }; &here
; }));
296
297 default:
298 /* bytes */
299 needed_len = encrypt_max_key_bit_length(pi->attrs.transattrs.ta_encrypt) / BITS_PER_BYTE8;
300 if (needed_len > 0) {
301 /* XXX: check key_len coupling with kernel.c's */
302 if (pi->attrs.transattrs.enckeylen) {
303 needed_len =
304 pi->attrs.transattrs.enckeylen
305 / BITS_PER_BYTE8;
306 dbg("compute_proto_keymat: key_len=%d from peer",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("compute_proto_keymat: key_len=%d from peer", (
int)needed_len); } }
307 (int)needed_len){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("compute_proto_keymat: key_len=%d from peer", (
int)needed_len); } };
308 }
309 break;
310 }
311 bad_case(pi->attrs.transattrs.ta_ikev1_encrypt)libreswan_bad_case("pi->attrs.transattrs.ta_ikev1_encrypt"
, (pi->attrs.transattrs.ta_encrypt->common.id[IKEv1_ESP_ID
]), ({ static const struct where here = { .func = __func__, .
file = "programs/pluto/ikev1_quick.c", .line = 311, }; &here
; }));
312 }
313 dbg("compute_proto_keymat: needed_len (after ESP enc)=%d", (int)needed_len){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("compute_proto_keymat: needed_len (after ESP enc)=%d"
, (int)needed_len); } };
314 needed_len += pi->attrs.transattrs.ta_integ->integ_keymat_size;
315 dbg("compute_proto_keymat: needed_len (after ESP auth)=%d", (int)needed_len){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("compute_proto_keymat: needed_len (after ESP auth)=%d"
, (int)needed_len); } };
316 break;
317
318 case PROTO_IPSEC_AH2:
319 needed_len += pi->attrs.transattrs.ta_integ->integ_keymat_size;
320 break;
321
322 default:
323 bad_case(protoid)libreswan_bad_case("protoid", (protoid), ({ static const struct
where here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 323, }; &here; }));
324 }
325
326 pi->keymat_len = needed_len;
327
328 pfreeany(pi->our_keymat){ typeof(pi->our_keymat) *pp_ = &(pi->our_keymat); if
(*pp_ != ((void*)0)) { pfree(*pp_); *pp_ = ((void*)0); } };
329 pi->our_keymat = ikev1_section_5_keymat(st->st_oakley.ta_prf,
330 st->st_skeyid_d_nssst_skey_d_nss,
331 st->st_dh_shared_secret,
332 protoid,
333 THING_AS_SHUNK(pi->our_spi)shunk2(&(pi->our_spi), sizeof(pi->our_spi)),
334 st->st_ni, st->st_nr,
335 needed_len,
336 st->st_logger).ptr;
337
338 pfreeany(pi->peer_keymat){ typeof(pi->peer_keymat) *pp_ = &(pi->peer_keymat)
; if (*pp_ != ((void*)0)) { pfree(*pp_); *pp_ = ((void*)0); }
};
339 pi->peer_keymat = ikev1_section_5_keymat(st->st_oakley.ta_prf,
340 st->st_skeyid_d_nssst_skey_d_nss,
341 st->st_dh_shared_secret,
342 protoid,
343 THING_AS_SHUNK(pi->attrs.spi)shunk2(&(pi->attrs.spi), sizeof(pi->attrs.spi)),
344 st->st_ni, st->st_nr,
345 needed_len,
346 st->st_logger).ptr;
347
348 if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
349 DBG_log("%s KEYMAT", satypename);
350 DBG_dump(" KEYMAT computed:", pi->our_keymat,
351 pi->keymat_len);
352 DBG_dump(" Peer KEYMAT computed:", pi->peer_keymat,
353 pi->keymat_len);
354 }
355}
356
357static void compute_keymats(struct state *st)
358{
359 if (st->st_ah.present)
360 compute_proto_keymat(st, PROTO_IPSEC_AH2, &st->st_ah, "AH");
361 if (st->st_esp.present)
362 compute_proto_keymat(st, PROTO_IPSEC_ESP3, &st->st_esp, "ESP");
363}
364
365/*
366 * Decode the variable part of an ID packet (during Quick Mode).
367 *
368 * This is designed for packets that identify clients, not peers.
369 * Rejects 0.0.0.0/32 or IPv6 equivalent because (1) it is wrong and
370 * (2) we use this value for inband signalling.
371 */
372static bool_Bool decode_net_id(struct isakmp_ipsec_id *id,
373 struct pbs_inpacket_byte_stream *id_pbs,
374 ip_selector *client,
375 const char *which,
376 struct logger *logger)
377{
378 *client = unset_selector;
379 const struct ip_info *afi = NULL((void*)0);
380
381 /* IDB and IDTYPENAME must have same scope. */
382 enum ike_id_type id_type = id->isaiid_idtype;
383 esb_buf idb;
384 const char *idtypename = enum_show(&ike_id_type_names, id_type, &idb);
385
386 switch (id_type) {
387 case ID_IPV4_ADDR:
388 case ID_IPV4_ADDR_SUBNET:
389 case ID_IPV4_ADDR_RANGE:
390 afi = &ipv4_info;
391 break;
392 case ID_IPV6_ADDR:
393 case ID_IPV6_ADDR_SUBNET:
394 case ID_IPV6_ADDR_RANGE:
395 afi = &ipv6_info;
396 break;
397 case ID_FQDN:
398 llog(RC_COMMENT, logger, "%s type is FQDN", which);
399 return true1;
400
401 default:
402 /* XXX support more */
403 llog(RC_LOG_SERIOUS, logger, "unsupported ID type %s",
404 idtypename);
405 /* XXX Could send notification back */
406 return false0;
407 }
408
409 ip_subnet net;
410 switch (id_type) {
411 case ID_IPV4_ADDR:
412 case ID_IPV6_ADDR:
413 {
414 ip_address temp_address;
415 diag_t d = pbs_in_address(id_pbs, &temp_address, afi, "ID address");
416 if (d != NULL((void*)0)) {
417 llog_diag(RC_LOG, logger, &d, "%s", "");
418 return false0;
419 }
420 /* i.e., "zero" */
421 if (address_is_any(temp_address)) {
422 ipstr_buf b;
423 llog(RC_LOG_SERIOUS, logger,
424 "%s ID payload %s is invalid (%s) in Quick I1",
425 which, idtypename, ipstr(&temp_address, &b));
426 /* XXX Could send notification back */
427 return false0;
428 }
429 net = subnet_from_address(temp_address);
430 subnet_buf b;
431 dbg("%s is %s", which, str_subnet(&net, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("%s is %s", which, str_subnet(&net, &b
)); } };
432 break;
433 }
434
435 case ID_IPV4_ADDR_SUBNET:
436 case ID_IPV6_ADDR_SUBNET:
437 {
438 diag_t d;
439
440 ip_address temp_address;
441 d = pbs_in_address(id_pbs, &temp_address, afi, "ID address");
442 if (d != NULL((void*)0)) {
443 llog_diag(RC_LOG, logger, &d, "%s", "");
444 return false0;
445 }
446
447 ip_address temp_mask;
448 d = pbs_in_address(id_pbs, &temp_mask, afi, "ID mask");
449 if (d != NULL((void*)0)) {
450 llog_diag(RC_LOG, logger, &d, "%s", "");
451 return false0;
452 }
453
454 err_t ughmsg = address_mask_to_subnet(temp_address, temp_mask, &net);
455 if (ughmsg == NULL((void*)0) && subnet_is_zero(net)) {
456 /* i.e., ::/128 or 0.0.0.0/32 */
457 ughmsg = "subnet contains no addresses";
458 }
459 if (ughmsg != NULL((void*)0)) {
460 llog(RC_LOG_SERIOUS, logger,
461 "%s ID payload %s bad subnet in Quick I1 (%s)",
462 which, idtypename, ughmsg);
463 /* XXX Could send notification back */
464 return false0;
465 }
466 subnet_buf buf;
467 dbg("%s is subnet %s", which, str_subnet(&net, &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("%s is subnet %s", which, str_subnet(&net,
&buf)); } };
468 break;
469 }
470
471 case ID_IPV4_ADDR_RANGE:
472 case ID_IPV6_ADDR_RANGE:
473 {
474 diag_t d;
475
476 ip_address temp_address_from;
477 d = pbs_in_address(id_pbs, &temp_address_from, afi, "ID from address");
478 if (d != NULL((void*)0)) {
479 llog_diag(RC_LOG, logger, &d, "%s", "");
480 return false0;
481 }
482
483 ip_address temp_address_to;
484 d = pbs_in_address(id_pbs, &temp_address_to, afi, "ID to address");
485 if (d != NULL((void*)0)) {
486 llog_diag(RC_LOG, logger, &d, "%s", "");
487 return false0;
488 }
489
490 err_t ughmsg = addresses_to_nonzero_subnet(temp_address_from,
491 temp_address_to, &net);
492 if (ughmsg != NULL((void*)0)) {
493 address_buf a, b;
494 llog(RC_LOG_SERIOUS, logger,
495 "%s ID payload in Quick I1, %s %s - %s unacceptable: %s",
496 which, idtypename,
497 str_address_sensitive(&temp_address_from, &a),
498 str_address_sensitive(&temp_address_to, &b),
499 ughmsg);
500 return false0;
501 }
502
503 subnet_buf buf;
504 dbg("%s is subnet %s (received as range)", which, str_subnet(&net, &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("%s is subnet %s (received as range)", which, str_subnet
(&net, &buf)); } };
505 break;
506 }
507 default:
508 /* first case rejected all others */
509 bad_case(id_type)libreswan_bad_case("id_type", (id_type), ({ static const struct
where here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 509, }; &here; }));
510 }
511
512 const ip_protocol *protocol = protocol_by_ipproto(id->isaiid_protoid);
513 if (!pexpect(protocol != NULL)({ _Bool assertion__ = protocol != ((void*)0); if (!assertion__
) { where_t here_ = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 513
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "protocol != ((void*)0)"
); } assertion__; })) {
514 /* things would need to be pretty screwed up */
515 return false0;
516 }
517
518 ip_port port = ip_hport(id->isaiid_port);
519 *client = selector_from_subnet_protocol_port(net, protocol, port);
520
521 return true1;
522}
523
524/*
525 * Like decode, but checks that what is received matches what was
526 * sent.
527 */
528
529static bool_Bool check_net_id(struct isakmp_ipsec_id *id,
530 struct pbs_inpacket_byte_stream *id_pbs,
531 uint8_t protoid,
532 uint16_t port,
533 ip_subnet net,
534 const char *which,
535 struct logger *logger)
536{
537 bool_Bool bad_proposal = false0;
538
539 ip_selector selector_temp;
540 if (!decode_net_id(id, id_pbs, &selector_temp, which, logger))
541 return false0;
542 /* toss the proto/port */
543 ip_subnet subnet_temp = selector_subnet(selector_temp);
544
545 if (!subnet_eq_subnet(net, subnet_temp)) {
546 subnet_buf subrec;
547 subnet_buf subxmt;
548 llog(RC_LOG_SERIOUS, logger,
549 "%s subnet returned doesn't match my proposal - us: %s vs them: %s",
550 which, str_subnet(&net, &subxmt),
551 str_subnet(&subnet_temp, &subrec));
552 llog(RC_LOG_SERIOUS, logger,
553 "Allowing questionable (microsoft) proposal anyway");
554 bad_proposal = false0;
555 }
556 if (protoid != id->isaiid_protoid) {
557 llog(RC_LOG_SERIOUS, logger,
558 "%s peer returned protocol id does not match my proposal - us: %d vs them: %d",
559 which, protoid, id->isaiid_protoid);
560 llog(RC_LOG_SERIOUS, logger,
561 "Allowing questionable (microsoft) proposal anyway]");
562 bad_proposal = false0;
563 }
564 /*
565 * workaround for #802- "our client ID returned doesn't match my proposal"
566 * until such time as bug #849 is properly fixed.
567 */
568 if (port != id->isaiid_port) {
569 llog(RC_LOG_SERIOUS, logger,
570 "%s peer returned port doesn't match my proposal - us: %d vs them: %d",
571 which, port, id->isaiid_port);
572 if (port != 0 && id->isaiid_port != 1701) {
573 llog(RC_LOG_SERIOUS, logger,
574 "Allowing bad L2TP/IPsec proposal (see bug #849) anyway");
575 bad_proposal = false0;
576 } else {
577 bad_proposal = true1;
578 }
579 }
580
581 return !bad_proposal;
582}
583
584/* Compute Phase 2 IV.
585 * Uses Phase 1 IV from st_iv; puts result in st_new_iv.
586 */
587void init_phase2_iv(struct state *st, const msgid_t *msgid)
588{
589 const struct hash_desc *h = st->st_oakley.ta_prf->hasher;
590 passert(h != NULL)({ _Bool assertion__ = h != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 590, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "h != ((void*)0)"); } (void
) 1; });
591
592 if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
593 DBG_dump_hunk("last Phase 1 IV:", st->st_v1_ph1_iv){ typeof(st->st_v1_ph1_iv) hunk_ = st->st_v1_ph1_iv; DBG_dump
("last Phase 1 IV:", hunk_.ptr, hunk_.len); };
594 DBG_dump_hunk("current Phase 1 IV:", st->st_v1_iv){ typeof(st->st_v1_iv) hunk_ = st->st_v1_iv; DBG_dump("current Phase 1 IV:"
, hunk_.ptr, hunk_.len); };
595 }
596
597 struct crypt_hash *ctx = crypt_hash_init("Phase 2 IV", h,
598 st->st_logger);
599 crypt_hash_digest_hunk(ctx, "PH1_IV", st->st_v1_ph1_iv){ typeof(st->st_v1_ph1_iv) hunk_ = st->st_v1_ph1_iv; crypt_hash_digest_bytes
(ctx, "PH1_IV", hunk_.ptr, hunk_.len); };
600 passert(*msgid != 0)({ _Bool assertion__ = *msgid != 0; if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 600, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "*msgid != 0"); } (void) 1
; });
601 passert(sizeof(msgid_t) == sizeof(uint32_t))({ _Bool assertion__ = sizeof(msgid_t) == sizeof(uint32_t); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 601, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "sizeof(msgid_t) == sizeof(uint32_t)"
); } (void) 1; });
602 msgid_t raw_msgid = htonl(*msgid);
603 crypt_hash_digest_thing(ctx, "MSGID", raw_msgid)crypt_hash_digest_bytes(ctx, "MSGID", &raw_msgid, sizeof(
raw_msgid));
604 st->st_v1_new_iv = crypt_hash_final_mac(&ctx);
605}
606
607static ke_and_nonce_cb quick_outI1_continue; /* type assertion */
608
609void quick_outI1(struct fd *whack_sock,
610 struct state *isakmp_sa,
611 struct connection *c,
612 lset_t policy,
613 unsigned long try,
614 so_serial_t replacing,
615 shunk_t sec_label)
616{
617 struct state *st = ikev1_duplicate_state(c, isakmp_sa, whack_sock);
618 passert(c != NULL)({ _Bool assertion__ = c != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 618, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "c != ((void*)0)"); } (void
) 1; });
619
620 st->st_policy = policy;
621 st->st_try = try;
622
623 if (c->config->sec_label.len != 0) {
624 dbg("pending phase 2 with base security context '"PRI_SHUNK"'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("pending phase 2 with base security context '"
"%.*s""'", ((int) (c->config->sec_label).len), (const char
*) ((c->config->sec_label).ptr)); } }
625 pri_shunk(c->config->sec_label)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("pending phase 2 with base security context '"
"%.*s""'", ((int) (c->config->sec_label).len), (const char
*) ((c->config->sec_label).ptr)); } };
626 if (sec_label.len != 0) {
627 st->st_v1_acquired_sec_label = clone_hunk(sec_label, "st_acquired_sec_label")({ typeof(sec_label) hunk_ = sec_label; clone_bytes_as_chunk(
hunk_.ptr, hunk_.len, "st_acquired_sec_label"); });
628 dbg("pending phase 2 with 'instance' security context '"PRI_SHUNK"'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("pending phase 2 with 'instance' security context '"
"%.*s""'", ((int) (sec_label).len), (const char *) ((sec_label
).ptr)); } }
629 pri_shunk(sec_label)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("pending phase 2 with 'instance' security context '"
"%.*s""'", ((int) (sec_label).len), (const char *) ((sec_label
).ptr)); } };
630 }
631 }
632
633
634 st->st_v1_msgid.id = generate_msgid(isakmp_sa);
635 change_state(st, STATE_QUICK_I1); /* from STATE_UNDEFINED */
636
637 binlog_refresh_state(st)binlog_state((st), (st)->st_state->kind);
638
639 /* figure out PFS group, if any */
640
641 if (policy & POLICY_PFS((lset_t)1 << (POLICY_PFS_IX)) ) {
642 /*
643 * Old code called ike_alg_pfsgroup() and that first
644 * checked st->st_policy for POLICY_PFS. It's assumed
645 * the check was redundant.
646 */
647 pexpect((st->st_policy & POLICY_PFS))({ _Bool assertion__ = (st->st_policy & ((lset_t)1 <<
(POLICY_PFS_IX))); if (!assertion__) { where_t here_ = ({ static
const struct where here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 647, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_pexpect(logger_, here_, "%s", "(st->st_policy & ((lset_t)1 << (POLICY_PFS_IX)))"
); } assertion__; });
648 /*
649 * See if pfs_group has been specified for this conn,
650 * use that group.
651 * if not, fallback to old use-same-as-P1 behaviour
652 */
653 st->st_pfs_group = ikev1_quick_pfs(c->child_proposals);
654 /* otherwise, use the same group as during Phase 1:
655 * since no negotiation is possible, we pick one that is
656 * very likely supported.
657 */
658 if (st->st_pfs_group == NULL((void*)0))
659 st->st_pfs_group = isakmp_sa->st_oakley.ta_dh;
660 }
661
662 LLOG_JAMBUF(RC_LOG, st->st_logger, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((RC_LOG) &
NO_PREFIX) == ((lset_t)0) && (((RC_LOG) & STREAM_MASK
) != DEBUG_STREAM || (cur_debugging & (((lset_t)1 <<
(DBG_ADD_PREFIX_IX)))))) { (st->st_logger)->object_vec
->jam_object_prefix(buf, (st->st_logger)->object); }
}); buf != ((void*)0); jambuf_to_logger(buf, (st->st_logger
), RC_LOG), buf = ((void*)0)) {
663 jam(buf, "initiating Quick Mode IKEv1");
664 if (policy != LEMPTY((lset_t)0)) {
665 jam(buf, "+");
666 jam_policy(buf, policy);
667 }
668 if (replacing != SOS_NOBODY0) {
669 jam(buf, " to replace #%lu", replacing);
670 }
671 jam(buf, " {using isakmp#%lu msgid:%08" PRIx32"x" " proposal=",
672 isakmp_sa->st_serialno, st->st_v1_msgid.id);
673 if (st->st_connection->child_proposals.p != NULL((void*)0)) {
674 jam_proposals(buf, st->st_connection->child_proposals.p);
675 } else {
676 jam(buf, "defaults");
677 }
678 jam(buf, " pfsgroup=");
679 if ((policy & POLICY_PFS((lset_t)1 << (POLICY_PFS_IX))) != LEMPTY((lset_t)0)) {
680 jam_string(buf, st->st_pfs_group->common.fqn);
681 } else {
682 jam_string(buf, "no-pfs");
683 }
684 jam(buf, "}");
685 }
686
687 /* save for post crypto logging */
688 st->st_ipsec_pred = replacing;
689
690 if (policy & POLICY_PFS((lset_t)1 << (POLICY_PFS_IX))) {
691 submit_ke_and_nonce(st, st->st_pfs_group,
692 quick_outI1_continue,
693 "quick_outI1 KE");
694 } else {
695 submit_ke_and_nonce(st, NULL((void*)0) /* no-nonce*/,
696 quick_outI1_continue,
697 "quick_outI1 KE");
698 }
699}
700
701static ke_and_nonce_cb quick_outI1_continue_tail; /* type assertion */
702
703static stf_status quick_outI1_continue(struct state *st,
704 struct msg_digest *unused_md,
705 struct dh_local_secret *local_secret,
706 chunk_t *nonce)
707{
708 dbg("quick_outI1_continue for #%lu: calculated ke+nonce, sending I1",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_outI1_continue for #%lu: calculated ke+nonce, sending I1"
, st->st_serialno); } }
709 st->st_serialno){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_outI1_continue for #%lu: calculated ke+nonce, sending I1"
, st->st_serialno); } };
710
711 pexpect(unused_md == NULL)({ _Bool assertion__ = unused_md == ((void*)0); if (!assertion__
) { where_t here_ = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 711
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "unused_md == ((void*)0)"
); } assertion__; }); /* no packet */
712 passert(st != NULL)({ _Bool assertion__ = st != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 712, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st != ((void*)0)"); } (void
) 1; });
713
714 /*
715 * XXX: Read and weep:
716 *
717 * - when the tail function fails, ST is leaked
718 *
719 * - there is no QUICK I0->I1 state transition
720 *
721 * - compilete_v1_state_transition() isn't called
722 *
723 * - trying to call compilete_v1_state_transition() digs a
724 * hole - as it assumes md (perhaps this is why the function
725 * wasn't called)
726 */
727 stf_status e = quick_outI1_continue_tail(st, unused_md, local_secret, nonce);
728 if (e == STF_INTERNAL_ERROR) {
729 log_state(RC_LOG_SERIOUS, st,
730 "%s: quick_outI1_tail() failed with STF_INTERNAL_ERROR",
731 __func__);
732 }
733 /*
734 * This way all the broken behaviour is ignored.
735 */
736 return STF_SKIP_COMPLETE_STATE_TRANSITION;
737}
738
739static stf_status quick_outI1_continue_tail(struct state *st,
740 struct msg_digest *unused_md,
741 struct dh_local_secret *local_secret,
742 chunk_t *nonce)
743{
744 dbg("quick_outI1_continue for #%lu: calculated ke+nonce, sending I1",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_outI1_continue for #%lu: calculated ke+nonce, sending I1"
, st->st_serialno); } }
745 st->st_serialno){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_outI1_continue for #%lu: calculated ke+nonce, sending I1"
, st->st_serialno); } };
746
747 pexpect(unused_md == NULL)({ _Bool assertion__ = unused_md == ((void*)0); if (!assertion__
) { where_t here_ = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 747
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "unused_md == ((void*)0)"
); } assertion__; }); /* no packet */
748 passert(st != NULL)({ _Bool assertion__ = st != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 748, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st != ((void*)0)"); } (void
) 1; });
749
750 struct state *isakmp_sa = state_with_serialno(st->st_clonedfrom);
751 struct connection *c = st->st_connection;
752 pb_stream rbody;
753 bool_Bool has_client = c->spd.this.has_client || c->spd.that.has_client ||
754 c->spd.this.protocol != 0 || c->spd.that.protocol != 0 ||
755 c->spd.this.port != 0 || c->spd.that.port != 0;
756
757 if (isakmp_sa == NULL((void*)0)) {
758 /* phase1 state got deleted while cryptohelper was working */
759 log_state(RC_LOG_SERIOUS, st,
760 "phase2 initiation failed because parent ISAKMP #%lu is gone",
761 st->st_clonedfrom);
762 return STF_FATAL;
763 }
764
765 if (isakmp_sa->hidden_variables.st_nat_traversal & NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) {
766 /* Duplicate nat_traversal status in new state */
767 st->hidden_variables.st_nat_traversal =
768 isakmp_sa->hidden_variables.st_nat_traversal;
769 if (LHAS(isakmp_sa->hidden_variables.st_nat_traversal,(((isakmp_sa->hidden_variables.st_nat_traversal) & ((lset_t
)1 << (NATED_HOST))) != ((lset_t)0))
770 NATED_HOST)(((isakmp_sa->hidden_variables.st_nat_traversal) & ((lset_t
)1 << (NATED_HOST))) != ((lset_t)0)))
771 has_client = true1;
772 v1_maybe_natify_initiator_endpoints(st, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1_quick.c", .line = 772, }; &here;
}));
773 } else {
774 st->hidden_variables.st_nat_traversal = LEMPTY((lset_t)0);
775 }
776
777 /* set up reply */
778 reply_stream = open_pbs_out("reply packet",reply_buffer, sizeof(reply_buffer), st->st_logger);
779
780 /* HDR* out */
781 {
782 struct isakmp_hdr hdr = {
783 .isa_version = ISAKMP_MAJOR_VERSION0x1 << ISA_MAJ_SHIFT4 |
784 ISAKMP_MINOR_VERSION0x0,
785 .isa_xchg = ISAKMP_XCHG_QUICK,
786 .isa_msgid = st->st_v1_msgid.id,
787 .isa_flags = ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX),
788 };
789 hdr.isa_ike_initiator_spiisa_ike_spis.initiator = st->st_ike_spis.initiator;
790 hdr.isa_ike_responder_spiisa_ike_spis.responder = st->st_ike_spis.responder;
791 if (!out_struct(&hdr, &isakmp_hdr_desc, &reply_stream,
792 &rbody)) {
793 return STF_INTERNAL_ERROR;
794 }
795 }
796
797 /* HASH(1) -- create and note space to be filled later */
798 struct v1_hash_fixup hash_fixup;
799 if (!emit_v1_HASH(V1_HASH_1, "outI1",
800 IMPAIR_v1_QUICK_EXCHANGE,
801 st, &hash_fixup, &rbody)) {
802 return STF_INTERNAL_ERROR;
803 }
804
805 /* SA out */
806
807 /* Emit SA payload based on a subset of the policy bits.
808 * POLICY_COMPRESS is considered iff we can do IPcomp.
809 */
810 {
811 lset_t pm = st->st_policy & (POLICY_ENCRYPT((lset_t)1 << (POLICY_ENCRYPT_IX)) |
812 POLICY_AUTHENTICATE((lset_t)1 << (POLICY_AUTHENTICATE_IX)) |
813 (can_do_IPcomp ? POLICY_COMPRESS((lset_t)1 << (POLICY_COMPRESS_IX)) : 0));
814 policy_buf pb;
815 dbg("emitting quick defaults using policy %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("emitting quick defaults using policy %s", str_policy
(pm, &pb)); } }
816 str_policy(pm, &pb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("emitting quick defaults using policy %s", str_policy
(pm, &pb)); } };
817
818 if (!ikev1_out_sa(&rbody,
819 &ipsec_sadb[pm >> POLICY_IPSEC_SHIFTPOLICY_ENCRYPT_IX],
820 st, false0, false0)) {
821 return STF_INTERNAL_ERROR;
822 }
823 }
824
825 {
826 /* Ni out */
827 if (!ikev1_ship_nonce(&st->st_ni, nonce, &rbody, "Ni")) {
828 return STF_INTERNAL_ERROR;
829 }
830 }
831
832 /* [ KE ] out (for PFS) */
833 if (st->st_pfs_group != NULL((void*)0)) {
834 if (!ikev1_ship_KE(st, local_secret, &st->st_gi, &rbody)) {
835 return STF_INTERNAL_ERROR;
836 }
837 }
838
839 /* [ IDci, IDcr ] out */
840 if (has_client) {
841 /* IDci (we are initiator), then IDcr (peer is responder) */
842 if (!emit_subnet_id(selector_subnet(c->spd.this.client),
843 c->spd.this.protocol,
844 c->spd.this.port, &rbody) ||
845 !emit_subnet_id(selector_subnet(c->spd.that.client),
846 c->spd.that.protocol,
847 c->spd.that.port, &rbody)) {
848 return STF_INTERNAL_ERROR;
849 }
850 }
851
852 if ((st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATOA( ((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_02_03)) | ((
lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_05)) | ((lset_t)
1 << (NAT_TRAVERSAL_METHOD_IETF_RFC)) )) &&
853 !(st->st_policy & POLICY_TUNNEL((lset_t)1 << (POLICY_TUNNEL_IX))) &&
854 LHAS(st->hidden_variables.st_nat_traversal, NATED_HOST)(((st->hidden_variables.st_nat_traversal) & ((lset_t)1
<< (NATED_HOST))) != ((lset_t)0))) {
855 /** Send NAT-OA if our address is NATed */
856 if (!v1_nat_traversal_add_initiator_natoa(&rbody, st)) {
857 return STF_INTERNAL_ERROR;
858 }
859 }
860
861 /* finish computing HASH(1), inserting it in output */
862 fixup_v1_HASH(st, &hash_fixup, st->st_v1_msgid.id, rbody.cur);
863
864 /* encrypt message, except for fixed part of header */
865
866 init_phase2_iv(isakmp_sa, &st->st_v1_msgid.id);
867 restore_new_iv(st, isakmp_sa->st_v1_new_iv){ (st)->st_v1_new_iv = (isakmp_sa->st_v1_new_iv); };
868
869 if (!ikev1_encrypt_message(&rbody, st)) {
870 return STF_INTERNAL_ERROR;
871 }
872
873 record_and_send_v1_ike_msg(st, &reply_stream,
874 "reply packet from quick_outI1");
875
876 delete_event(st);
877 clear_retransmits(st);
878 start_retransmits(st);
879
880 if (st->st_ipsec_pred == SOS_NOBODY0) {
881 log_state(RC_NEW_V1_STATE + st->st_state->kind, st,
882 "%s", st->st_state->story);
883 } else {
884 log_state(RC_NEW_V1_STATE + st->st_state->kind, st,
885 "%s, to replace #%lu",
886 st->st_state->story,
887 st->st_ipsec_pred);
888 st->st_ipsec_pred = SOS_NOBODY0;
889 }
890
891 return STF_OK;
892}
893
894/* Handle first message of Phase 2 -- Quick Mode.
895 * HDR*, HASH(1), SA, Ni [, KE ] [, IDci, IDcr ] -->
896 * HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ]
897 * (see RFC 2409 "IKE" 5.5)
898 * Installs inbound IPsec SAs.
899 * Although this seems early, we know enough to do so, and
900 * this way we know that it is soon enough to catch all
901 * packets that other side could send using this IPsec SA.
902 *
903 * Broken into parts to allow asynchronous DNS for TXT records:
904 *
905 * - quick_inI1_outR1 starts the ball rolling.
906 * It checks and parses enough to learn the Phase 2 IDs
907 *
908 * - quick_inI1_outR1_tail does the rest of the job
909 * XXX: why the function split?
910 *
911 * At the end of quick_inI1_outR1_tail, we have all the info we need, but we
912 * haven't done any nonce generation or DH that we might need
913 * to do, so that are two crypto continuations that do this work,
914 * they are:
915 * quick_inI1_outR1_continue1 -- called after NONCE/KE
916 * quick_inI1_outR1_continue2 -- called after DH (if PFS)
917 *
918 * we have to call nonce/ke and DH if we are doing PFS.
919 */
920
921static stf_status quick_inI1_outR1_tail(struct state *p1st, struct msg_digest *md,
922 const ip_selector *local_client,
923 const ip_selector *remote_client,
924 struct crypt_mac new_iv);
925
926stf_status quick_inI1_outR1(struct state *p1st, struct msg_digest *md)
927{
928 passert(p1st != NULL && p1st == md->v1_st)({ _Bool assertion__ = p1st != ((void*)0) && p1st == md
->v1_st; if (!assertion__) { where_t here = ({ static const
struct where here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 928, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "p1st != ((void*)0) && p1st == md->v1_st"
); } (void) 1; });
1
Assuming 'p1st' is not equal to null
2
Assuming 'p1st' is equal to field 'v1_st'
3
Taking false branch
929 struct connection *c = p1st->st_connection;
930 ip_selector local_client;
931 ip_selector remote_client;
932
933 /*
934 * [ IDci, IDcr ] in
935 *
936 * We do this now (probably out of physical order) because we
937 * wish to select the correct connection before we consult it
938 * for policy.
939 */
940
941 struct payload_digest *const IDci = md->chain[ISAKMP_NEXT_ID];
942 if (IDci != NULL((void*)0)) {
4
Assuming 'IDci' is not equal to NULL
5
Taking true branch
943 struct payload_digest *IDcr = IDci->next;
944
945 /* ??? we are assuming IPSEC_DOI */
946
947 /* IDci (initiator is remote peer) */
948
949 if (!decode_net_id(&IDci->payload.ipsec_id, &IDci->pbs,
6
Assuming the condition is false
7
Taking false branch
950 &remote_client, "peer client", p1st->st_logger))
951 return STF_FAIL + INVALID_ID_INFORMATION;
952
953 /* for code overwriting above */
954 const ip_protocol *remote_protocol = protocol_by_ipproto(IDci->payload.ipsec_id.isaiid_protoid);
955 ip_port remote_port = ip_hport(IDci->payload.ipsec_id.isaiid_port);
956
957 /* Hack for MS 818043 NAT-T Update.
958 *
959 * <http://support.microsoft.com/kb/818043>
960 * "L2TP/IPsec NAT-T update for Windows XP and Windows
961 * 2000" This update is has a bug. We choose to work
962 * around that bug rather than failing to
963 * interoperate. As to what the bug is, Paul says: "I
964 * believe on rekey, it sent a bogus subnet or wrong
965 * type of ID." ??? needs more complete description.
966 */
967 if (IDci->payload.ipsec_id.isaiid_idtype == ID_FQDN) {
8
Assuming field 'isaiid_idtype' is not equal to ID_FQDN
9
Taking false branch
968 log_state(RC_LOG_SERIOUS, p1st,
969 "Applying workaround for MS-818043 NAT-T bug");
970 remote_client = selector_from_address_protocol_port(c->spd.that.host_addr,
971 remote_protocol,
972 remote_port);
973 }
974 /* End Hack for MS 818043 NAT-T Update */
975
976
977 /* IDcr (we are local responder) */
978
979 if (!decode_net_id(&IDcr->payload.ipsec_id, &IDcr->pbs,
10
Assuming the condition is false
11
Taking false branch
980 &local_client, "our client", p1st->st_logger))
981 return STF_FAIL + INVALID_ID_INFORMATION;
982
983 /*
984 * if there is a NATOA payload, then use it as
985 * &st->st_connection->spd.that.client, if the type
986 * of the ID was FQDN
987 *
988 * We actually do NATOA calculation again later on,
989 * but we need the info here, and we don't have a
990 * state to store it in until after we've done the
991 * authorization steps.
992 */
993 if ((p1st->hidden_variables.st_nat_traversal & NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) &&
12
Assuming the condition is true
994 (p1st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATOA( ((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_02_03)) | ((
lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_05)) | ((lset_t)
1 << (NAT_TRAVERSAL_METHOD_IETF_RFC)) )) &&
13
Assuming the condition is false
995 (IDci->payload.ipsec_id.isaiid_idtype == ID_FQDN)) {
996 struct hidden_variables hv;
997 shunk_t idfqdn = pbs_in_left_as_shunk(&IDcr->pbs);
998
999 hv = p1st->hidden_variables;
1000 nat_traversal_natoa_lookup(md, &hv, p1st->st_logger);
1001
1002 if (address_is_specified(hv.st_nat_oa)) {
1003 remote_client = selector_from_address_protocol_port(hv.st_nat_oa,
1004 remote_protocol,
1005 remote_port);
1006 LLOG_JAMBUF(RC_LOG_SERIOUS, p1st->st_logger, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((RC_LOG_SERIOUS
) & NO_PREFIX) == ((lset_t)0) && (((RC_LOG_SERIOUS
) & STREAM_MASK) != DEBUG_STREAM || (cur_debugging & (
((lset_t)1 << (DBG_ADD_PREFIX_IX)))))) { (p1st->st_logger
)->object_vec->jam_object_prefix(buf, (p1st->st_logger
)->object); } }); buf != ((void*)0); jambuf_to_logger(buf,
(p1st->st_logger), RC_LOG_SERIOUS), buf = ((void*)0)) {
1007 jam(buf, "IDci was FQDN: ");
1008 jam_sanitized_hunk(buf, idfqdn)({ typeof(idfqdn) hunk_ = (idfqdn); jam_sanitized_bytes(buf, hunk_
.ptr, hunk_.len); });
1009 jam(buf, ", using NAT_OA=");
1010 jam_selector(buf, &remote_client);
1011 jam(buf, " as IDci");
1012 }
1013 }
1014 }
1015 } else {
1016 /* implicit IDci and IDcr: peer and self */
1017 if (address_type(&c->spd.this.host_addr) != address_type(&c->spd.that.host_addr))
1018 return STF_FAIL;
1019
1020 local_client = selector_from_address(c->spd.this.host_addr);
1021 remote_client = selector_from_address(c->spd.that.host_addr);
1022 }
1023
1024 struct crypt_mac new_iv;
1025 save_new_iv(p1st, new_iv){ (new_iv) = (p1st)->st_v1_new_iv; };
1026
1027 /*
1028 * XXX: merge.
1029 */
1030 return quick_inI1_outR1_tail(p1st, md, &local_client, &remote_client, new_iv);
14
Calling 'quick_inI1_outR1_tail'
1031}
1032
1033/* forward definitions */
1034static stf_status quick_inI1_outR1_continue12_tail(struct state *st, struct msg_digest *md);
1035
1036static ke_and_nonce_cb quick_inI1_outR1_continue1; /* forward decl and type assertion */
1037static dh_shared_secret_cb quick_inI1_outR1_continue2; /* forward decl and type assertion */
1038
1039static stf_status quick_inI1_outR1_tail(struct state *p1st, struct msg_digest *md,
1040 const ip_selector *local_client,
1041 const ip_selector *remote_client,
1042 struct crypt_mac new_iv)
1043{
1044 pexpect(p1st == md->v1_st)({ _Bool assertion__ = p1st == md->v1_st; if (!assertion__
) { where_t here_ = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 1044
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_pexpect(logger_, here_, "%s", "p1st == md->v1_st");
} assertion__; });
15
Taking false branch
1045 struct connection *c = p1st->st_connection;
16
'c' initialized here
1046 struct hidden_variables hv;
1047
1048 /*
1049 * XXX: isn't local->remote backwards? The peer things it
1050 * proposed the reverse?
1051 */
1052 selectors_buf sb;
1053 log_state(RC_LOG, p1st, "the peer proposed: %s",
1054 str_selectors(local_client, remote_client, &sb));
1055
1056 /* Now that we have identities of client subnets, we must look for
1057 * a suitable connection (our current one only matches for hosts).
1058 */
1059 {
1060 struct connection *p = find_v1_client_connection(c, local_client, remote_client);
1061
1062 if ((p1st->hidden_variables.st_nat_traversal & NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) &&
19
Taking true branch
1063 !(p1st->st_policy & POLICY_TUNNEL((lset_t)1 << (POLICY_TUNNEL_IX))) &&
17
Assuming the condition is true
1064 p == NULL((void*)0)) {
18
Assuming 'p' is equal to NULL
1065 p = c;
1066 connection_buf cib;
1067 dbg("using something (we hope the IP we or they are NAT'ed to) for transport mode connection "PRI_CONNECTION"",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("using something (we hope the IP we or they are NAT'ed to) for transport mode connection "
"\"%s\"%s""", (p)->name, str_connection_instance(p, &cib
)); } }
20
Assuming the condition is false
21
Taking false branch
1068 pri_connection(p, &cib)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("using something (we hope the IP we or they are NAT'ed to) for transport mode connection "
"\"%s\"%s""", (p)->name, str_connection_instance(p, &cib
)); } };
1069 }
1070
1071 if (p == NULL((void*)0)) {
22
Assuming 'p' is equal to NULL
23
Taking true branch
1072 LLOG_JAMBUF(RC_LOG, p1st->st_logger, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((RC_LOG) &
NO_PREFIX) == ((lset_t)0) && (((RC_LOG) & STREAM_MASK
) != DEBUG_STREAM || (cur_debugging & (((lset_t)1 <<
(DBG_ADD_PREFIX_IX)))))) { (p1st->st_logger)->object_vec
->jam_object_prefix(buf, (p1st->st_logger)->object);
} }); buf != ((void*)0); jambuf_to_logger(buf, (p1st->st_logger
), RC_LOG), buf = ((void*)0)) {
24
Loop condition is true. Entering loop body
25
Loop condition is true. Entering loop body
26
Loop condition is true. Entering loop body
1073 jam(buf, "cannot respond to IPsec SA request because no connection is known for ");
1074
1075 /*
1076 * This message occurs in very
1077 * puzzling circumstances so we must
1078 * add as much information and beauty
1079 * as we can.
1080 */
1081
1082 struct end local = c->spd.this;
27
Dereference of null pointer
1083 local.client = *local_client;
1084 local.has_client = !selector_eq_address(*local_client, local.host_addr);
1085 local.protocol = selector_protocol(*local_client)->ipproto;
1086 local.port = selector_port(*local_client).hport;
1087 jam_end(buf, &local, NULL((void*)0), /*left?*/true1, LEMPTY((lset_t)0), oriented(c));
1088
1089 jam(buf, "...");
1090
1091 struct end remote = c->spd.that;
1092 remote.client = *remote_client;
1093 remote.has_client = !selector_eq_address(*remote_client, remote.host_addr);
1094 remote.protocol = selector_protocol(*remote_client)->ipproto;
1095 remote.port = selector_port(*remote_client).hport;
1096 jam_end(buf, &remote, NULL((void*)0), /*left?*/false0, LEMPTY((lset_t)0), oriented(c));
1097 }
1098 return STF_FAIL + INVALID_ID_INFORMATION;
1099 }
1100
1101 /* did we find a better connection? */
1102 if (p != c) {
1103 /* We've got a better connection: it can support the
1104 * specified clients. But it may need instantiation.
1105 */
1106 if (p->kind == CK_TEMPLATE) {
1107 /* Plain Road Warrior because no OPPO for IKEv1
1108 * instantiate, carrying over authenticated peer ID
1109 */
1110 p = rw_instantiate(p, &c->spd.that.host_addr,
1111 remote_client,
1112 &c->spd.that.id);
1113 }
1114 /* temporarily bump up cur_debugging to get "using..." message
1115 * printed if we'd want it with new connection.
1116 */
1117 {
1118 lset_t old_cur_debugging = cur_debugging;
1119
1120 set_debugging(lmod(cur_debugging, p->extra_debugging));
1121 connection_buf cib;
1122 dbg("using connection "PRI_CONNECTION"",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("using connection ""\"%s\"%s""", (p)->name,
str_connection_instance(p, &cib)); } }
1123 pri_connection(p, &cib)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("using connection ""\"%s\"%s""", (p)->name,
str_connection_instance(p, &cib)); } };
1124 set_debugging(old_cur_debugging);
1125 }
1126 c = p;
1127 }
1128
1129 /* fill in the client's true ip address/subnet */
1130 dbg("client: %s port wildcard: %s virtual: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("client: %s port wildcard: %s virtual: %s", bool_str
(c->spd.that.has_client), bool_str(c->spd.that.has_port_wildcard
), bool_str(is_virtual_connection(c))); } }
1131 bool_str(c->spd.that.has_client),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("client: %s port wildcard: %s virtual: %s", bool_str
(c->spd.that.has_client), bool_str(c->spd.that.has_port_wildcard
), bool_str(is_virtual_connection(c))); } }
1132 bool_str(c->spd.that.has_port_wildcard),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("client: %s port wildcard: %s virtual: %s", bool_str
(c->spd.that.has_client), bool_str(c->spd.that.has_port_wildcard
), bool_str(is_virtual_connection(c))); } }
1133 bool_str(is_virtual_connection(c))){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("client: %s port wildcard: %s virtual: %s", bool_str
(c->spd.that.has_client), bool_str(c->spd.that.has_port_wildcard
), bool_str(is_virtual_connection(c))); } };
1134
1135 /* fill in the client's true port */
1136 if (c->spd.that.has_port_wildcard) {
1137 int port = selector_port(*remote_client).hport;
1138 update_selector_hport(&c->spd.that.client, port){ (&c->spd.that.client)->hport = (port); };
1139 c->spd.that.port = port;
1140 c->spd.that.has_port_wildcard = false0;
1141 }
1142
1143 if (is_virtual_connection(c)) {
1144
1145 c->spd.that.client = *remote_client;
1146 c->spd.that.has_client = true1;
1147 virtual_ip_delref(&c->spd.that.virt, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1_quick.c", .line = 1147, }; &here
; }));
1148
1149 if (selector_eq_address(*remote_client, c->spd.that.host_addr)) {
1150 c->spd.that.has_client = false0;
1151 }
1152
1153 LSWDBGP(DBG_BASE, buf)for (_Bool lswlog_p = (cur_debugging & (((lset_t)1 <<
(DBG_BASE_IX)))); lswlog_p; lswlog_p = 0) for (char lswbuf[(
(size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ != ((void*)0); lswbuf_
= ((void*)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf
), sizeof(lswbuf)), *buf = &jambuf; buf != ((void*)0); buf
= ((void*)0)) for (; buf != ((void*)0); jambuf_to_logger(buf
, &failsafe_logger, DEBUG_STREAM), buf = ((void*)0)) {
1154 jam(buf, "setting phase 2 virtual values to ");
1155 jam_end(buf, &c->spd.that, NULL((void*)0), /*left?*/true1, LEMPTY((lset_t)0), oriented(c));
1156 }
1157 }
1158 }
1159
1160 passert((p1st->st_policy & POLICY_PFS) == 0 ||({ _Bool assertion__ = (p1st->st_policy & ((lset_t)1 <<
(POLICY_PFS_IX))) == 0 || p1st->st_pfs_group != ((void*)0
); if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1161, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "(p1st->st_policy & ((lset_t)1 << (POLICY_PFS_IX))) == 0 || p1st->st_pfs_group != ((void*)0)"
); } (void) 1; })
1161 p1st->st_pfs_group != NULL)({ _Bool assertion__ = (p1st->st_policy & ((lset_t)1 <<
(POLICY_PFS_IX))) == 0 || p1st->st_pfs_group != ((void*)0
); if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1161, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "(p1st->st_policy & ((lset_t)1 << (POLICY_PFS_IX))) == 0 || p1st->st_pfs_group != ((void*)0)"
); } (void) 1; });
1162
1163 /* now that we are sure of our connection, create our new state, and
1164 * do any asynchronous cryptographic operations that we may need to
1165 * make it all work.
1166 */
1167
1168 hv = p1st->hidden_variables;
1169 if ((hv.st_nat_traversal & NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) &&
1170 (hv.st_nat_traversal & NAT_T_WITH_NATOA( ((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_02_03)) | ((
lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_05)) | ((lset_t)
1 << (NAT_TRAVERSAL_METHOD_IETF_RFC)) )))
1171 nat_traversal_natoa_lookup(md, &hv, p1st->st_logger);
1172
1173 /* create our new state */
1174 {
1175 struct state *const st = ikev1_duplicate_state(c, p1st, null_fd((struct fd *) ((void*)0)));
1176
1177 /* first: fill in missing bits of our new state object
1178 * note: we don't copy over st_peer_pubkey, the public key
1179 * that authenticated the ISAKMP SA. We only need it in this
1180 * routine, so we can "reach back" to p1st to get it.
1181 */
1182
1183 st->st_try = 0; /* not our job to try again from start */
1184
1185 st->st_v1_msgid.id = md->hdr.isa_msgid;
1186
1187 restore_new_iv(st, new_iv){ (st)->st_v1_new_iv = (new_iv); };
1188
1189 switch_md_st(md, st, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1_quick.c", .line = 1189, }; &here
; })); /* feed back new state */
1190
1191 change_state(st, STATE_QUICK_R0);
1192
1193 binlog_refresh_state(st)binlog_state((st), (st)->st_state->kind);
1194
1195 /* copy hidden variables (possibly with changes) */
1196 st->hidden_variables = hv;
1197
1198 /* copy the connection's
1199 * IPSEC policy into our state. The ISAKMP policy is water under
1200 * the bridge, I think. It will reflect the ISAKMP SA that we
1201 * are using.
1202 */
1203 st->st_policy = (p1st->st_policy & POLICY_ID_AUTH_MASK(((lset_t)1 << (POLICY_AUTH_NULL_IX)) - ((lset_t)1 <<
(POLICY_PSK_IX)) + ((lset_t)1 << (POLICY_AUTH_NULL_IX)
))) |
1204 (c->policy & ~POLICY_ID_AUTH_MASK(((lset_t)1 << (POLICY_AUTH_NULL_IX)) - ((lset_t)1 <<
(POLICY_PSK_IX)) + ((lset_t)1 << (POLICY_AUTH_NULL_IX)
)));
1205
1206 if (p1st->hidden_variables.st_nat_traversal & NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) {
1207 /* ??? this partially overwrites what was done via hv */
1208 st->hidden_variables.st_nat_traversal =
1209 p1st->hidden_variables.st_nat_traversal;
1210 nat_traversal_change_port_lookup(md, md->v1_st);
1211 v1_maybe_natify_initiator_endpoints(st, HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1_quick.c", .line = 1211, }; &here
; }));
1212 } else {
1213 /* ??? this partially overwrites what was done via hv */
1214 st->hidden_variables.st_nat_traversal = LEMPTY((lset_t)0);
1215 }
1216
1217 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1217, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1218 passert(st->st_connection == c)({ _Bool assertion__ = st->st_connection == c; if (!assertion__
) { where_t here = ({ static const struct where here = { .func
= __func__, .file = "programs/pluto/ikev1_quick.c", .line = 1218
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "st->st_connection == c"
); } (void) 1; });
1219
1220 /* process SA in */
1221 {
1222 struct payload_digest *const sapd =
1223 md->chain[ISAKMP_NEXT_SA];
1224 pb_stream in_pbs = sapd->pbs;
1225
1226 /* parse and accept body, setting variables, but not forming
1227 * our reply. We'll make up the reply later on.
1228 *
1229 * note that we process the copy of the pbs,
1230 * so that we can process it again in the
1231 * tail(). XXX: Huh, this is the tail
1232 * function!
1233 *
1234 */
1235 st->st_pfs_group = &unset_group;
1236 RETURN_STF_FAILURE(parse_ipsec_sa_body(&in_pbs,{ notification_t res = (parse_ipsec_sa_body(&in_pbs, &
sapd->payload. sa, ((void*)0), 0, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } }
1237 &sapd->payload.{ notification_t res = (parse_ipsec_sa_body(&in_pbs, &
sapd->payload. sa, ((void*)0), 0, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } }
1238 sa,{ notification_t res = (parse_ipsec_sa_body(&in_pbs, &
sapd->payload. sa, ((void*)0), 0, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } }
1239 NULL,{ notification_t res = (parse_ipsec_sa_body(&in_pbs, &
sapd->payload. sa, ((void*)0), 0, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } }
1240 false, st)){ notification_t res = (parse_ipsec_sa_body(&in_pbs, &
sapd->payload. sa, ((void*)0), 0, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } };
1241 }
1242
1243 /* Ni in */
1244 RETURN_STF_FAILURE(accept_v1_nonce(st->st_logger, md, &st->st_ni, "Ni")){ notification_t res = (accept_v1_nonce(st->st_logger, md,
&st->st_ni, "Ni")); if (res != NOTHING_WRONG) { return
STF_FAIL + res; } };
1245
1246 /* [ KE ] in (for PFS) */
1247 RETURN_STF_FAILURE(accept_PFS_KE(st, md, &st->st_gi,{ notification_t res = (accept_PFS_KE(st, md, &st->st_gi
, "Gi", "Quick Mode I1")); if (res != NOTHING_WRONG) { return
STF_FAIL + res; } }
1248 "Gi", "Quick Mode I1")){ notification_t res = (accept_PFS_KE(st, md, &st->st_gi
, "Gi", "Quick Mode I1")); if (res != NOTHING_WRONG) { return
STF_FAIL + res; } };
1249
1250 passert(st->st_pfs_group != &unset_group)({ _Bool assertion__ = st->st_pfs_group != &unset_group
; if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1250, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_pfs_group != &unset_group"
); } (void) 1; });
1251
1252 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1252, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1253
1254 submit_ke_and_nonce(st, st->st_pfs_group/*possibly-null*/,
1255 quick_inI1_outR1_continue1,
1256 "quick_inI1_outR1_tail");
1257
1258 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1258, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1259 return STF_SUSPEND;
1260 }
1261}
1262
1263static stf_status quick_inI1_outR1_continue1(struct state *st,
1264 struct msg_digest *md,
1265 struct dh_local_secret *local_secret,
1266 chunk_t *nonce)
1267{
1268 dbg("quick_inI1_outR1_cryptocontinue1 for #%lu: calculated ke+nonce, calculating DH",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_inI1_outR1_cryptocontinue1 for #%lu: calculated ke+nonce, calculating DH"
, st->st_serialno); } }
1269 st->st_serialno){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_inI1_outR1_cryptocontinue1 for #%lu: calculated ke+nonce, calculating DH"
, st->st_serialno); } };
1270
1271 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1271, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1272
1273 /* we always calculate a nonce */
1274 unpack_nonce(&st->st_nr, nonce);
1275
1276 if (st->st_pfs_group != NULL((void*)0)) {
1277 /* PFS is on: do a new DH */
1278 unpack_KE_from_helper(st, local_secret, &st->st_gr);
1279 submit_dh_shared_secret(st, st->st_gi,
1280 quick_inI1_outR1_continue2,
1281 HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1_quick.c", .line = 1281, }; &here
; }));
1282 /*
1283 * XXX: Since more crypto has been requested, MD needs
1284 * to be re suspended. If the original crypto request
1285 * did everything this wouldn't be needed.
1286 */
1287 return STF_SUSPEND;
1288 } else {
1289 /*
1290 * but if PFS is off, we don't do a second DH, so just
1291 * call the continuation with NULL struct
1292 * pluto_crypto_req *
1293 */
1294 return quick_inI1_outR1_continue12_tail(st, md);
1295 }
1296}
1297
1298static stf_status quick_inI1_outR1_continue2(struct state *st,
1299 struct msg_digest *md)
1300{
1301 dbg("quick_inI1_outR1_cryptocontinue2 for #%lu: calculated DH, sending R1",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_inI1_outR1_cryptocontinue2 for #%lu: calculated DH, sending R1"
, st->st_serialno); } }
1302 st->st_serialno){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_inI1_outR1_cryptocontinue2 for #%lu: calculated DH, sending R1"
, st->st_serialno); } };
1303
1304 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1304, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1305 passert(md != NULL)({ _Bool assertion__ = md != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 1305, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "md != ((void*)0)"); } (void
) 1; });
1306 return quick_inI1_outR1_continue12_tail(st, md);
1307}
1308
1309/*
1310 * Spit out the IPsec ID payload we got.
1311 *
1312 * We go to some trouble to use out_struct so NP
1313 * for adjacent packets is handled correctly.
1314 */
1315static bool_Bool echo_id(pb_stream *outs,
1316 const struct payload_digest *const id_pd)
1317{
1318 struct isakmp_ipsec_id id = id_pd->payload.ipsec_id;
1319 id.isaiid_np = 0;
1320 /* We leave .isaiid_length: It will be updated to the same value */
1321
1322 uint8_t *hs = outs->cur;
1323 pb_stream id_body;
1324 if (!out_struct(&id, &isakmp_ipsec_identification_desc, outs, &id_body))
1325 return false0;
1326 ptrdiff_t hl = id_body.cur - hs; /* length of header */
1327
1328 if (!out_raw(id_pd->pbs.start + hl, pbs_room(&id_pd->pbs)((size_t)((&id_pd->pbs)->roof - (&id_pd->pbs
)->start)) - hl, &id_body, "ID body"))
1329 return false0;
1330
1331 close_output_pbs(&id_body);
1332 return true1;
1333}
1334
1335static stf_status quick_inI1_outR1_continue12_tail(struct state *st, struct msg_digest *md)
1336{
1337 struct payload_digest *const id_pd = md->chain[ISAKMP_NEXT_ID];
1338 struct payload_digest *const sapd = md->chain[ISAKMP_NEXT_SA];
1339
1340 /* Start the output packet.
1341 *
1342 * proccess_packet() would automatically generate the HDR*
1343 * payload if smc->first_out_payload is not ISAKMP_NEXT_NONE.
1344 * We don't do this because we wish there to be no partially
1345 * built output packet if we need to suspend for asynch DNS.
1346 *
1347 * We build the reply packet as we parse the message since
1348 * the parse_ipsec_sa_body emits the reply SA
1349 */
1350
1351 /* HDR* out */
1352 struct pbs_outpacket_byte_stream rbody;
1353 ikev1_init_pbs_out_from_md_hdr(md, true1,
1354 &reply_stream, reply_buffer, sizeof(reply_buffer),
1355 &rbody, st->st_logger);
1356
1357 struct v1_hash_fixup hash_fixup;
1358 if (!emit_v1_HASH(V1_HASH_2, "quick inR1 outI2",
1359 IMPAIR_v1_QUICK_EXCHANGE,
1360 st, &hash_fixup, &rbody)) {
1361 return STF_INTERNAL_ERROR;
1362 }
1363
1364 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1364, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1365
1366 pb_stream r_sa_pbs;
1367
1368 {
1369 struct isakmp_sa sa = {
1370 .isasa_doi = ISAKMP_DOI_IPSEC1,
1371 };
1372 if (!out_struct(&sa, &isakmp_sa_desc, &rbody, &r_sa_pbs))
1373 return STF_INTERNAL_ERROR;
1374 }
1375
1376 /* parse and accept body, this time recording our reply */
1377 RETURN_STF_FAILURE(parse_ipsec_sa_body(&sapd->pbs,{ notification_t res = (parse_ipsec_sa_body(&sapd->pbs
, &sapd->payload.sa, &r_sa_pbs, 0, st)); if (res !=
NOTHING_WRONG) { return STF_FAIL + res; } }
1378 &sapd->payload.sa,{ notification_t res = (parse_ipsec_sa_body(&sapd->pbs
, &sapd->payload.sa, &r_sa_pbs, 0, st)); if (res !=
NOTHING_WRONG) { return STF_FAIL + res; } }
1379 &r_sa_pbs,{ notification_t res = (parse_ipsec_sa_body(&sapd->pbs
, &sapd->payload.sa, &r_sa_pbs, 0, st)); if (res !=
NOTHING_WRONG) { return STF_FAIL + res; } }
1380 false, st)){ notification_t res = (parse_ipsec_sa_body(&sapd->pbs
, &sapd->payload.sa, &r_sa_pbs, 0, st)); if (res !=
NOTHING_WRONG) { return STF_FAIL + res; } };
1381
1382 passert(st->st_pfs_group != &unset_group)({ _Bool assertion__ = st->st_pfs_group != &unset_group
; if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1382, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_pfs_group != &unset_group"
); } (void) 1; });
1383
1384 if ((st->st_policy & POLICY_PFS((lset_t)1 << (POLICY_PFS_IX))) && st->st_pfs_group == NULL((void*)0)) {
1385 log_state(RC_LOG_SERIOUS, st,
1386 "we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION");
1387 return STF_FAIL + NO_PROPOSAL_CHOSEN; /* ??? */
1388 }
1389
1390 log_state(RC_LOG, st,
1391 "responding to Quick Mode proposal {msgid:%08" PRIx32"x" "}",
1392 st->st_v1_msgid.id);
1393 LLOG_JAMBUF(RC_LOG, st->st_logger, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((RC_LOG) &
NO_PREFIX) == ((lset_t)0) && (((RC_LOG) & STREAM_MASK
) != DEBUG_STREAM || (cur_debugging & (((lset_t)1 <<
(DBG_ADD_PREFIX_IX)))))) { (st->st_logger)->object_vec
->jam_object_prefix(buf, (st->st_logger)->object); }
}); buf != ((void*)0); jambuf_to_logger(buf, (st->st_logger
), RC_LOG), buf = ((void*)0)) {
1394 jam(buf, " us: ");
1395 const struct connection *c = st->st_connection;
1396 const struct spd_route *sr = &c->spd;
1397 jam_end(buf, &sr->this, &sr->that, /*left?*/true1, LEMPTY((lset_t)0), oriented(c));
1398 jam(buf, " them: ");
1399 jam_end(buf, &sr->that, &sr->this, /*left?*/false0, LEMPTY((lset_t)0), oriented(c));
1400 }
1401
1402 /**** finish reply packet: Nr [, KE ] [, IDci, IDcr ] ****/
1403
1404 {
1405#ifdef IMPAIR_UNALIGNED_R1_MSG
1406 const char *padstr = getenv("PLUTO_UNALIGNED_R1_MSG");
1407#endif
1408 /* Nr out */
1409 if (!ikev1_justship_nonce(&st->st_nr, &rbody, "Nr"))
1410 return STF_INTERNAL_ERROR;
1411
1412#ifdef IMPAIR_UNALIGNED_R1_MSG
1413 if (padstr != NULL((void*)0)) {
1414 unsigned long padsize;
1415 err_t ugh = ttoulb(padstr, 0, 10, 100, &padsize);
1416 pb_stream vid_pbs;
1417
1418 if (ugh != NULL((void*)0)) {
1419 log_state(RC_LOG, st, "$PLUTO_UNALIGNED_R1_MSG malformed: %s; pretending it is 3", ugh);
1420 padsize = 3;
1421 }
1422
1423 log_state(RC_LOG, st, "inserting fake VID payload of %lu size",
1424 padsize);
1425
1426 if (st->st_pfs_group != NULL((void*)0))
1427 np = ISAKMP_NEXT_KE;
1428 else if (id_pd != NULL((void*)0))
1429 np = ISAKMP_NEXT_ID;
1430 else
1431 np = ISAKMP_NEXT_NONE;
1432
1433 if (!ikev1_out_generic(np,
1434 &isakmp_vendor_id_desc, &rbody,
1435 &vid_pbs))
1436 return STF_INTERNAL_ERROR;
1437
1438 if (!out_zero(padsize, &vid_pbs, "Filler VID"))
1439 return STF_INTERNAL_ERROR;
1440
1441 close_output_pbs(&vid_pbs);
1442 }
1443#endif
1444 }
1445
1446 /* [ KE ] out (for PFS) */
1447 if (st->st_pfs_group != NULL((void*)0) && st->st_gr.ptr != NULL((void*)0)) {
1448 if (!ikev1_justship_KE(st->st_logger, &st->st_gr, &rbody))
1449 return STF_INTERNAL_ERROR;
1450 }
1451
1452 /* [ IDci, IDcr ] out */
1453 if (id_pd != NULL((void*)0)) {
1454 passert(id_pd->next->next == NULL)({ _Bool assertion__ = id_pd->next->next == ((void*)0);
if (!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1454, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "id_pd->next->next == ((void*)0)"
); } (void) 1; }); /* exactly two */
1455 if (!echo_id(&rbody, id_pd) ||
1456 !echo_id(&rbody, id_pd->next))
1457 return STF_INTERNAL_ERROR;
1458 }
1459
1460 /* Compute reply HASH(2) and insert in output */
1461 fixup_v1_HASH(st, &hash_fixup, st->st_v1_msgid.id, rbody.cur);
1462
1463 /* Derive new keying material */
1464 compute_keymats(st);
1465
1466 /* Tell the kernel to establish the new inbound SA
1467 * (unless the commit bit is set -- which we don't support).
1468 * We do this before any state updating so that
1469 * failure won't look like success.
1470 */
1471#ifdef USE_XFRM_INTERFACE1
1472 struct connection *c = st->st_connection;
1473 if (c->xfrmi != NULL((void*)0) && c->xfrmi->if_id != 0)
1474 if (add_xfrmi(c, st->st_logger))
1475 return STF_FATAL;
1476#endif
1477 if (!install_inbound_ipsec_sa(st))
1478 return STF_INTERNAL_ERROR; /* ??? we may be partly committed */
1479
1480 /* we only audit once for IPsec SA's, we picked the inbound SA */
1481 linux_audit_conn(st, LAK_CHILD_START);
1482
1483 /* encrypt message, except for fixed part of header */
1484 if (!ikev1_encrypt_message(&rbody, st)) {
1485 delete_ipsec_sa(st);
1486 return STF_INTERNAL_ERROR; /* ??? we may be partly committed */
1487 }
1488
1489 dbg("finished processing quick inI1"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("finished processing quick inI1"); } };
1490 return STF_OK;
1491}
1492
1493/* Handle (the single) message from Responder in Quick Mode.
1494 * HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ] -->
1495 * HDR*, HASH(3)
1496 * (see RFC 2409 "IKE" 5.5)
1497 * Installs inbound and outbound IPsec SAs, routing, etc.
1498 */
1499static stf_status quick_inR1_outI2_tail(struct state *st, struct msg_digest *md);
1500
1501static dh_shared_secret_cb quick_inR1_outI2_continue; /* forward decl and type assertion */
1502
1503stf_status quick_inR1_outI2(struct state *st, struct msg_digest *md)
1504{
1505 /* SA in */
1506 {
1507 struct payload_digest *const sa_pd = md->chain[ISAKMP_NEXT_SA];
1508
1509 RETURN_STF_FAILURE(parse_ipsec_sa_body(&sa_pd->pbs,{ notification_t res = (parse_ipsec_sa_body(&sa_pd->pbs
, &sa_pd->payload.sa, ((void*)0), 1, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } }
1510 &sa_pd->payload.sa,{ notification_t res = (parse_ipsec_sa_body(&sa_pd->pbs
, &sa_pd->payload.sa, ((void*)0), 1, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } }
1511 NULL, true, st)){ notification_t res = (parse_ipsec_sa_body(&sa_pd->pbs
, &sa_pd->payload.sa, ((void*)0), 1, st)); if (res != NOTHING_WRONG
) { return STF_FAIL + res; } };
1512 }
1513
1514 /* Nr in */
1515 RETURN_STF_FAILURE(accept_v1_nonce(st->st_logger, md, &st->st_nr, "Nr")){ notification_t res = (accept_v1_nonce(st->st_logger, md,
&st->st_nr, "Nr")); if (res != NOTHING_WRONG) { return
STF_FAIL + res; } };
1516
1517 /* [ KE ] in (for PFS) */
1518 RETURN_STF_FAILURE(accept_PFS_KE(st, md, &st->st_gr, "Gr",{ notification_t res = (accept_PFS_KE(st, md, &st->st_gr
, "Gr", "Quick Mode R1")); if (res != NOTHING_WRONG) { return
STF_FAIL + res; } }
1519 "Quick Mode R1")){ notification_t res = (accept_PFS_KE(st, md, &st->st_gr
, "Gr", "Quick Mode R1")); if (res != NOTHING_WRONG) { return
STF_FAIL + res; } };
1520
1521 if (st->st_pfs_group != NULL((void*)0)) {
1522 /* set up DH calculation */
1523 submit_dh_shared_secret(st, st->st_gr,
1524 quick_inR1_outI2_continue,
1525 HERE({ static const struct where here = { .func = __func__, .file
= "programs/pluto/ikev1_quick.c", .line = 1525, }; &here
; }));
1526 return STF_SUSPEND;
1527 } else {
1528 /* just call the tail function */
1529 return quick_inR1_outI2_tail(st, md);
1530 }
1531}
1532
1533static stf_status quick_inR1_outI2_continue(struct state *st,
1534 struct msg_digest *md)
1535{
1536 dbg("quick_inR1_outI2_continue for #%lu: calculated ke+nonce, calculating DH",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_inR1_outI2_continue for #%lu: calculated ke+nonce, calculating DH"
, st->st_serialno); } }
1537 st->st_serialno){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX)
)))) { DBG_log("quick_inR1_outI2_continue for #%lu: calculated ke+nonce, calculating DH"
, st->st_serialno); } };
1538
1539 passert(st->st_connection != NULL)({ _Bool assertion__ = st->st_connection != ((void*)0); if
(!assertion__) { where_t here = ({ static const struct where
here = { .func = __func__, .file = "programs/pluto/ikev1_quick.c"
, .line = 1539, }; &here; }); const struct logger *logger_
= &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_connection != ((void*)0)"
); } (void) 1; });
1540 passert(md != NULL)({ _Bool assertion__ = md != ((void*)0); if (!assertion__) { where_t
here = ({ static const struct where here = { .func = __func__
, .file = "programs/pluto/ikev1_quick.c", .line = 1540, }; &
here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "md != ((void*)0)"); } (void
) 1; });
1541 return quick_inR1_outI2_tail(st, md);
1542}
1543
1544stf_status quick_inR1_outI2_tail(struct state *st, struct msg_digest *md)
1545{
1546 struct connection *c = st->st_connection;
1547
1548 struct pbs_outpacket_byte_stream rbody;
1549 ikev1_init_pbs_out_from_md_hdr(md, true1,
1550 &reply_stream, reply_buffer, sizeof(reply_buffer),
1551 &rbody, st->st_logger);
1552
1553 if ((st->hidden_variables.st_nat_traversal & NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) &&
1554 (st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATOA( ((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_02_03)) | ((
lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_05)) | ((lset_t)
1 << (NAT_TRAVERSAL_METHOD_IETF_RFC)) )))
1555 nat_traversal_natoa_lookup(md, &st->hidden_variables, st->st_logger);
1556
1557 /* [ IDci, IDcr ] in; these must match what we sent */
1558
1559 {
1560 struct payload_digest *const IDci = md->chain[ISAKMP_NEXT_ID];
1561 struct payload_digest *IDcr;
1562
1563 if (IDci != NULL((void*)0)) {
1564 /* ??? we are assuming IPSEC_DOI */
1565
1566 /* IDci (we are initiator) */
1567 if (!check_net_id(&IDci->payload.ipsec_id, &IDci->pbs,
1568 c->spd.this.protocol, c->spd.this.port,
1569 selector_subnet(st->st_connection->spd.this.client),
1570 "our client", st->st_logger))
1571 return STF_FAIL + INVALID_ID_INFORMATION;
1572
1573 /* we checked elsewhere that we got two of them */
1574 IDcr = IDci->next;
1575 passert(IDcr != NULL)({ _Bool assertion__ = IDcr != ((void*)0); if (!assertion__) {
where_t here = ({ static const struct where here = { .func =
__func__, .file = "programs/pluto/ikev1_quick.c", .line = 1575
, }; &here; }); const struct logger *logger_ = &failsafe_logger
; llog_passert(logger_, here, "%s", "IDcr != ((void*)0)"); } (
void) 1; });
1576
1577 /* IDcr (responder is peer) */
1578
1579 if (!check_net_id(&IDcr->payload.ipsec_id, &IDcr->pbs,
1580 c->spd.that.protocol, c->spd.that.port,
1581 selector_subnet(st->st_connection->spd.that.client),
1582 "peer client", st->st_logger))
1583 return STF_FAIL + INVALID_ID_INFORMATION;
1584
1585 /*
1586 * if there is a NATOA payload, then use it as
1587 * &st->st_connection->spd.that.client, if the type
1588 * of the ID was FQDN
1589 */
1590 if ((st->hidden_variables.st_nat_traversal &
1591 NAT_T_DETECTED( ((lset_t)1 << (NATED_HOST)) | ((lset_t)1 << (NATED_PEER
)) )) &&
1592 (st->hidden_variables.st_nat_traversal &
1593 NAT_T_WITH_NATOA( ((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_02_03)) | ((
lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_05)) | ((lset_t)
1 << (NAT_TRAVERSAL_METHOD_IETF_RFC)) )) &&
1594 IDcr->payload.ipsec_id.isaiid_idtype == ID_FQDN) {
1595 shunk_t idfqdn = pbs_in_left_as_shunk(&IDcr->pbs);
1596 st->st_connection->spd.that.client =
1597 selector_from_address(st->hidden_variables.st_nat_oa);
1598 LLOG_JAMBUF(RC_LOG_SERIOUS, st->st_logger, buf)for (char lswbuf[((size_t)1024)], *lswbuf_ = lswbuf; lswbuf_ !=
((void*)0); lswbuf_ = ((void*)0)) for (struct jambuf jambuf =
array_as_jambuf((lswbuf), sizeof(lswbuf)), *buf = &jambuf
; buf != ((void*)0); buf = ((void*)0)) for (({ if (((RC_LOG_SERIOUS
) & NO_PREFIX) == ((lset_t)0) && (((RC_LOG_SERIOUS
) & STREAM_MASK) != DEBUG_STREAM || (cur_debugging & (
((lset_t)1 << (DBG_ADD_PREFIX_IX)))))) { (st->st_logger
)->object_vec->jam_object_prefix(buf, (st->st_logger
)->object); } }); buf != ((void*)0); jambuf_to_logger(buf,
(st->st_logger), RC_LOG_SERIOUS), buf = ((void*)0)) {
1599 jam(buf, "IDcr was FQDN: ");
1600 jam_sanitized_hunk(buf, idfqdn)({ typeof(idfqdn) hunk_ = (idfqdn); jam_sanitized_bytes(buf, hunk_
.ptr, hunk_.len); });
1601 jam(buf, ", using NAT_OA=");
1602 jam_selector_subnet(buf, &st->st_connection->spd.that.client);
1603 jam(buf, " as IDcr");
1604 }
1605 }
1606 } else {
1607 /*
1608 * No IDci, IDcr: we must check that the
1609 * defaults match our proposal.
1610 */
1611 if (!selector_eq_address(c->spd.this.client, c->spd.this.host_addr) ||
1612 !selector_eq_address(c->spd.that.client, c->spd.that.host_addr)) {
1613 log_state(RC_LOG_SERIOUS, st,
1614 "IDci, IDcr payloads missing in message but default does not match proposal");
1615 return STF_FAIL + INVALID_ID_INFORMATION;
1616 }
1617 }
1618 }
1619
1620 /* ??? We used to copy the accepted proposal into the state, but it was
1621 * never used. From sa_pd->pbs.start, length pbs_room(&sa_pd->pbs).
1622 */
1623
1624 /**************** build reply packet HDR*, HASH(3) ****************/
1625
1626 /* HDR* out done */
1627
1628 /* HASH(3) out -- sometimes, we add more content */
1629 {
1630 struct v1_hash_fixup hash_fixup;
1631
1632#ifdef IMPAIR_UNALIGNED_I2_MSG
1633 {
1634 const char *padstr = getenv("PLUTO_UNALIGNED_I2_MSG");
1635
1636 if (padstr != NULL((void*)0)) {
1637 unsigned long padsize;
1638 err_t ugh = ttoulb(padstr, 0, 10, 100, &padsize)
1639 pb_stream vid_pbs;
1640
1641 if (ugh != NULL((void*)0)) {
1642 log_state(RC_LOG, st, "$PLUTO_UNALIGNED_I2_MSG malformed: %s; pretending it is 3",
1643 ugh);
1644 padsize = 3;
1645 }
1646
1647 log_state(RC_LOG, st,
1648 "inserting fake VID payload of %u size",
1649 padsize);
1650 START_HASH_PAYLOAD_NO_R_HASH_START(rbody,
1651 ISAKMP_NEXT_VID);
1652
1653 if (!ikev1_out_generic(ISAKMP_NEXT_NONE,
1654 &isakmp_vendor_id_desc,
1655 &rbody, &vid_pbs))
1656 return STF_INTERNAL_ERROR;
1657
1658 if (!out_zero(padsize, &vid_pbs, "Filler VID"))
1659 return STF_INTERNAL_ERROR;
1660
1661 close_output_pbs(&vid_pbs);
1662 } else {
1663 START_HASH_PAYLOAD(rbody,
1664 ISAKMP_NEXT_NONE);
1665 }
1666 }
1667#else
1668 if (!emit_v1_HASH(V1_HASH_3, "quick_inR1_outI2",
1669 IMPAIR_v1_QUICK_EXCHANGE, st, &hash_fixup, &rbody)) {
1670 return STF_INTERNAL_ERROR;
1671 }
1672#endif
1673
1674 fixup_v1_HASH(st, &hash_fixup, st->st_v1_msgid.id, NULL((void*)0));
1675 }
1676
1677 /* Derive new keying material */
1678 compute_keymats(st);
1679
1680 /* Tell the kernel to establish the inbound, outbound, and routing part
1681 * of the new SA (unless the commit bit is set -- which we don't support).
1682 * We do this before any state updating so that
1683 * failure won't look like success.
1684 */
1685#ifdef USE_XFRM_INTERFACE1
1686 if (c->xfrmi != NULL((void*)0) && c->xfrmi->if_id != 0)
1687 if (add_xfrmi(c, st->st_logger))
1688 return STF_FATAL;
1689#endif
1690 if (!install_ipsec_sa(st, true1))
1691 return STF_INTERNAL_ERROR;
1692
1693 /* encrypt message, except for fixed part of header */
1694
1695 if (!ikev1_encrypt_message(&rbody, st)) {
1696 delete_ipsec_sa(st);
1697 return STF_INTERNAL_ERROR; /* ??? we may be partly committed */
1698 }
1699
1700 set_newest_ipsec_sa("inR1_outI2", st);
1701
1702 if (dpd_init(st) != STF_OK) {
1703 delete_ipsec_sa(st);
1704 return STF_FAIL;
1705 }
1706
1707 return STF_OK;
1708}
1709
1710/* Handle last message of Quick Mode.
1711 * HDR*, HASH(3) -> done
1712 * (see RFC 2409 "IKE" 5.5)
1713 * Installs outbound IPsec SAs, routing, etc.
1714 */
1715stf_status quick_inI2(struct state *st, struct msg_digest *md UNUSED__attribute__ ((unused)))
1716{
1717 /* Tell the kernel to establish the outbound and routing part of the new SA
1718 * (the previous state established inbound)
1719 * (unless the commit bit is set -- which we don't support).
1720 * We do this before any state updating so that
1721 * failure won't look like success.
1722 */
1723#ifdef USE_XFRM_INTERFACE1
1724 struct connection *c = st->st_connection;
1725 if (c->xfrmi != NULL((void*)0) && c->xfrmi->if_id != 0)
1726 if (add_xfrmi(c, st->st_logger))
1727 return STF_FATAL;
1728#endif
1729 if (!install_ipsec_sa(st, false0))
1730 return STF_INTERNAL_ERROR;
1731
1732 set_newest_ipsec_sa("inI2", st);
1733
1734 update_iv(st){ (st)->st_v1_iv = (st)->st_v1_new_iv; }; /* not actually used, but tidy */
1735
1736 /*
1737 * If we have dpd delay and dpdtimeout set, then we are doing DPD
1738 * on this conn, so initialize it
1739 */
1740 if (dpd_init(st) != STF_OK) {
1741 delete_ipsec_sa(st);
1742 return STF_FAIL;
1743 }
1744
1745 return STF_OK;
1746}