File: | src/sbin/isakmpd/ike_auth.c |
Warning: | line 295, column 5 Potential leak of memory pointed to by 'keyfile' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: ike_auth.c,v 1.118 2020/07/07 17:33:40 tobhe Exp $ */ | |||
2 | /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ | |||
3 | ||||
4 | /* | |||
5 | * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. | |||
6 | * Copyright (c) 1999 Niels Provos. All rights reserved. | |||
7 | * Copyright (c) 1999 Angelos D. Keromytis. All rights reserved. | |||
8 | * Copyright (c) 2000, 2001, 2003 Håkan Olsson. All rights reserved. | |||
9 | * | |||
10 | * Redistribution and use in source and binary forms, with or without | |||
11 | * modification, are permitted provided that the following conditions | |||
12 | * are met: | |||
13 | * 1. Redistributions of source code must retain the above copyright | |||
14 | * notice, this list of conditions and the following disclaimer. | |||
15 | * 2. Redistributions in binary form must reproduce the above copyright | |||
16 | * notice, this list of conditions and the following disclaimer in the | |||
17 | * documentation and/or other materials provided with the distribution. | |||
18 | * | |||
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |||
20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |||
21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |||
22 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |||
23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |||
25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |||
26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |||
27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |||
28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |||
29 | */ | |||
30 | ||||
31 | /* | |||
32 | * This code was written under funding by Ericsson Radio Systems. | |||
33 | */ | |||
34 | ||||
35 | #include <sys/types.h> | |||
36 | #include <sys/stat.h> | |||
37 | #include <netinet/in.h> | |||
38 | #include <arpa/inet.h> | |||
39 | ||||
40 | #include <errno(*__errno()).h> | |||
41 | #include <fcntl.h> | |||
42 | #include <stdlib.h> | |||
43 | #include <string.h> | |||
44 | #include <unistd.h> | |||
45 | #include <regex.h> | |||
46 | #include <keynote.h> | |||
47 | #include <policy.h> | |||
48 | ||||
49 | #include "cert.h" | |||
50 | #include "conf.h" | |||
51 | #include "constants.h" | |||
52 | #if defined (USE_DNSSEC) | |||
53 | #include "dnssec.h" | |||
54 | #endif | |||
55 | #include "exchange.h" | |||
56 | #include "hash.h" | |||
57 | #include "ike_auth.h" | |||
58 | #include "ipsec.h" | |||
59 | #include "ipsec_doi.h" | |||
60 | #include "libcrypto.h" | |||
61 | #include "log.h" | |||
62 | #include "message.h" | |||
63 | #include "monitor.h" | |||
64 | #include "prf.h" | |||
65 | #include "transport.h" | |||
66 | #include "util.h" | |||
67 | #include "key.h" | |||
68 | #include "x509.h" | |||
69 | ||||
70 | #ifdef notyet | |||
71 | static u_int8_t *enc_gen_skeyid(struct exchange *, size_t *); | |||
72 | #endif | |||
73 | static u_int8_t *pre_shared_gen_skeyid(struct exchange *, size_t *); | |||
74 | ||||
75 | static int pre_shared_decode_hash(struct message *); | |||
76 | static int pre_shared_encode_hash(struct message *); | |||
77 | ||||
78 | static u_int8_t *sig_gen_skeyid(struct exchange *, size_t *); | |||
79 | static int rsa_sig_decode_hash(struct message *); | |||
80 | static int rsa_sig_encode_hash(struct message *); | |||
81 | ||||
82 | static int get_raw_key_from_file(int, u_int8_t *, size_t, RSA **); | |||
83 | ||||
84 | static int ike_auth_hash(struct exchange *, u_int8_t *); | |||
85 | ||||
86 | static struct ike_auth ike_auth[] = { | |||
87 | { | |||
88 | IKE_AUTH_PRE_SHARED1, pre_shared_gen_skeyid, | |||
89 | pre_shared_decode_hash, | |||
90 | pre_shared_encode_hash | |||
91 | }, | |||
92 | #ifdef notdef | |||
93 | { | |||
94 | IKE_AUTH_DSS2, sig_gen_skeyid, | |||
95 | pre_shared_decode_hash, | |||
96 | pre_shared_encode_hash | |||
97 | }, | |||
98 | #endif | |||
99 | { | |||
100 | IKE_AUTH_RSA_SIG3, sig_gen_skeyid, | |||
101 | rsa_sig_decode_hash, | |||
102 | rsa_sig_encode_hash | |||
103 | }, | |||
104 | #ifdef notdef | |||
105 | { | |||
106 | IKE_AUTH_RSA_ENC4, enc_gen_skeyid, | |||
107 | pre_shared_decode_hash, | |||
108 | pre_shared_encode_hash | |||
109 | }, | |||
110 | { | |||
111 | IKE_AUTH_RSA_ENC_REV5, enc_gen_skeyid, | |||
112 | pre_shared_decode_hash, | |||
113 | pre_shared_encode_hash | |||
114 | }, | |||
115 | #endif | |||
116 | }; | |||
117 | ||||
118 | struct ike_auth * | |||
119 | ike_auth_get(u_int16_t id) | |||
120 | { | |||
121 | size_t i; | |||
122 | ||||
123 | for (i = 0; i < sizeof ike_auth / sizeof ike_auth[0]; i++) | |||
124 | if (id == ike_auth[i].id) | |||
125 | return &ike_auth[i]; | |||
126 | return 0; | |||
127 | } | |||
128 | ||||
129 | /* | |||
130 | * Find and decode the configured key (pre-shared or public) for the | |||
131 | * peer denoted by ID. Stash the len in KEYLEN. | |||
132 | */ | |||
133 | static void * | |||
134 | ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen) | |||
135 | { | |||
136 | char *key, *buf; | |||
137 | char *keyfile, *privkeyfile; | |||
138 | FILE *keyfp; | |||
139 | RSA *rsakey; | |||
140 | size_t fsize, pkflen; | |||
141 | int fd; | |||
142 | ||||
143 | switch (type) { | |||
144 | case IKE_AUTH_PRE_SHARED1: | |||
145 | /* Get the pre-shared key for our peer. */ | |||
146 | key = conf_get_str(id, "Authentication"); | |||
147 | if (!key && local_id) | |||
148 | key = conf_get_str(local_id, "Authentication"); | |||
149 | ||||
150 | if (!key) { | |||
151 | log_print("ike_auth_get_key: " | |||
152 | "no key found for peer \"%s\" or local ID \"%s\"", | |||
153 | id, local_id ? local_id : "<none>"); | |||
154 | return 0; | |||
155 | } | |||
156 | /* If the key starts with 0x it is in hex format. */ | |||
157 | if (strncasecmp(key, "0x", 2) == 0) { | |||
158 | *keylen = (strlen(key) - 1) / 2; | |||
159 | buf = malloc(*keylen); | |||
160 | if (!buf) { | |||
161 | log_error("ike_auth_get_key: malloc (%lu) " | |||
162 | "failed", (unsigned long)*keylen); | |||
163 | return 0; | |||
164 | } | |||
165 | if (hex2raw(key + 2, (unsigned char *)buf, *keylen)) { | |||
166 | free(buf); | |||
167 | log_print("ike_auth_get_key: invalid hex key " | |||
168 | "%s", key); | |||
169 | return 0; | |||
170 | } | |||
171 | key = buf; | |||
172 | } else { | |||
173 | buf = key; | |||
174 | key = strdup(buf); | |||
175 | if (!key) { | |||
176 | log_error("ike_auth_get_key: strdup() failed"); | |||
177 | return 0; | |||
178 | } | |||
179 | *keylen = strlen(key); | |||
180 | } | |||
181 | break; | |||
182 | ||||
183 | case IKE_AUTH_RSA_SIG3: | |||
184 | if (local_id
| |||
185 | "Credential-directory")) != 0) { | |||
186 | struct stat sb; | |||
187 | struct keynote_deckey dc; | |||
188 | char *privkeyfile, *buf2; | |||
189 | size_t size; | |||
190 | ||||
191 | if (asprintf(&privkeyfile, "%s/%s/%s", keyfile, | |||
192 | local_id, PRIVATE_KEY_FILE"private_key") == -1) { | |||
193 | log_print("ike_auth_get_key: failed to asprintf()"); | |||
194 | return 0; | |||
195 | } | |||
196 | keyfile = privkeyfile; | |||
197 | ||||
198 | fd = monitor_open(keyfile, O_RDONLY0x0000, 0); | |||
199 | if (fd < 0) { | |||
200 | free(keyfile); | |||
201 | goto ignorekeynote; | |||
202 | } | |||
203 | ||||
204 | if (fstat(fd, &sb) == -1) { | |||
205 | log_print("ike_auth_get_key: fstat failed"); | |||
206 | free(keyfile); | |||
207 | close(fd); | |||
208 | return 0; | |||
209 | } | |||
210 | size = (size_t)sb.st_size; | |||
211 | ||||
212 | buf = calloc(size + 1, sizeof(char)); | |||
213 | if (!buf) { | |||
214 | log_print("ike_auth_get_key: failed allocating" | |||
215 | " %lu bytes", (unsigned long)size + 1); | |||
216 | free(keyfile); | |||
217 | close(fd); | |||
218 | return 0; | |||
219 | } | |||
220 | if (read(fd, buf, size) != (ssize_t)size) { | |||
221 | free(buf); | |||
222 | log_print("ike_auth_get_key: " | |||
223 | "failed reading %lu bytes from \"%s\"", | |||
224 | (unsigned long)size, keyfile); | |||
225 | free(keyfile); | |||
226 | close(fd); | |||
227 | return 0; | |||
228 | } | |||
229 | close(fd); | |||
230 | ||||
231 | /* Parse private key string */ | |||
232 | buf2 = kn_get_string(buf); | |||
233 | free(buf); | |||
234 | ||||
235 | if (!buf2 || kn_decode_key(&dc, buf2, | |||
236 | KEYNOTE_PRIVATE_KEY1) == -1) { | |||
237 | free(buf2); | |||
238 | log_print("ike_auth_get_key: failed decoding " | |||
239 | "key in \"%s\"", keyfile); | |||
240 | free(keyfile); | |||
241 | return 0; | |||
242 | } | |||
243 | free(buf2); | |||
244 | ||||
245 | if (dc.dec_algorithm != KEYNOTE_ALGORITHM_RSA6) { | |||
246 | log_print("ike_auth_get_key: wrong algorithm " | |||
247 | "type %d in \"%s\"", dc.dec_algorithm, | |||
248 | keyfile); | |||
249 | free(keyfile); | |||
250 | kn_free_key(&dc); | |||
251 | return 0; | |||
252 | } | |||
253 | free(keyfile); | |||
254 | return dc.dec_key; | |||
255 | } | |||
256 | ignorekeynote: | |||
257 | /* Otherwise, try X.509 */ | |||
258 | ||||
259 | privkeyfile = keyfile = NULL((void*)0); | |||
260 | fd = -1; | |||
261 | ||||
262 | if (local_id
| |||
263 | /* Look in Private-key-directory. */ | |||
264 | keyfile = conf_get_str("X509-certificates", | |||
265 | "Private-key-directory"); | |||
266 | pkflen = strlen(keyfile) + strlen(local_id) + sizeof "/"; | |||
267 | privkeyfile = calloc(pkflen, sizeof(char)); | |||
268 | if (!privkeyfile) { | |||
269 | log_print("ike_auth_get_key: failed to " | |||
270 | "allocate %lu bytes", (unsigned long)pkflen); | |||
271 | return 0; | |||
272 | } | |||
273 | ||||
274 | snprintf(privkeyfile, pkflen, "%s/%s", keyfile, | |||
275 | local_id); | |||
276 | keyfile = privkeyfile; | |||
277 | ||||
278 | fd = monitor_open(keyfile, O_RDONLY0x0000, 0); | |||
279 | if (fd == -1 && errno(*__errno()) != ENOENT2) { | |||
280 | log_print("ike_auth_get_key: failed opening " | |||
281 | "\"%s\"", keyfile); | |||
282 | free(privkeyfile); | |||
283 | privkeyfile = NULL((void*)0); | |||
284 | keyfile = NULL((void*)0); | |||
285 | } | |||
286 | } | |||
287 | ||||
288 | if (fd == -1) { | |||
289 | /* No key found, try default key. */ | |||
290 | keyfile = conf_get_str("X509-certificates", | |||
291 | "Private-key"); | |||
292 | ||||
293 | fd = monitor_open(keyfile, O_RDONLY0x0000, 0); | |||
294 | if (fd == -1) { | |||
295 | log_print("ike_auth_get_key: failed opening " | |||
| ||||
296 | "\"%s\"", keyfile); | |||
297 | return 0; | |||
298 | } | |||
299 | } | |||
300 | ||||
301 | if (check_file_secrecy_fd(fd, keyfile, &fsize)) { | |||
302 | free(privkeyfile); | |||
303 | close(fd); | |||
304 | return 0; | |||
305 | } | |||
306 | ||||
307 | if ((keyfp = fdopen(fd, "r")) == NULL((void*)0)) { | |||
308 | log_print("ike_auth_get_key: fdopen failed"); | |||
309 | free(privkeyfile); | |||
310 | close(fd); | |||
311 | return 0; | |||
312 | } | |||
313 | #if SSLEAY_VERSION_NUMBER0x20000000L >= 0x00904100L | |||
314 | rsakey = PEM_read_RSAPrivateKey(keyfp, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
315 | #else | |||
316 | rsakey = PEM_read_RSAPrivateKey(keyfp, NULL((void*)0), NULL((void*)0)); | |||
317 | #endif | |||
318 | fclose(keyfp); | |||
319 | ||||
320 | free(privkeyfile); | |||
321 | ||||
322 | if (!rsakey) { | |||
323 | log_print("ike_auth_get_key: " | |||
324 | "PEM_read_bio_RSAPrivateKey failed"); | |||
325 | return 0; | |||
326 | } | |||
327 | return rsakey; | |||
328 | ||||
329 | default: | |||
330 | log_print("ike_auth_get_key: unknown key type %d", type); | |||
331 | return 0; | |||
332 | } | |||
333 | ||||
334 | return key; | |||
335 | } | |||
336 | ||||
337 | static u_int8_t * | |||
338 | pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) | |||
339 | { | |||
340 | struct prf *prf; | |||
341 | struct ipsec_exch *ie = exchange->data; | |||
342 | u_int8_t *skeyid, *buf = 0; | |||
343 | unsigned char *key; | |||
344 | size_t keylen; | |||
345 | ||||
346 | /* | |||
347 | * If we're the responder and have the initiator's ID (which is the | |||
348 | * case in Aggressive mode), try to find the preshared key in the | |||
349 | * section of the initiator's Phase 1 ID. This allows us to do | |||
350 | * mobile user support with preshared keys. | |||
351 | */ | |||
352 | if (!exchange->initiator && exchange->id_i) { | |||
353 | switch (exchange->id_i[0]) { | |||
354 | case IPSEC_ID_IPV4_ADDR1: | |||
355 | case IPSEC_ID_IPV6_ADDR5: | |||
356 | util_ntoa((char **) &buf, | |||
357 | exchange->id_i[0] == IPSEC_ID_IPV4_ADDR1 ? AF_INET2 : | |||
358 | AF_INET624, exchange->id_i + ISAKMP_ID_DATA_OFF8 - | |||
359 | ISAKMP_GEN_SZ4); | |||
360 | if (!buf) | |||
361 | return 0; | |||
362 | break; | |||
363 | ||||
364 | case IPSEC_ID_FQDN2: | |||
365 | case IPSEC_ID_USER_FQDN3: | |||
366 | buf = calloc(exchange->id_i_len - ISAKMP_ID_DATA_OFF8 + | |||
367 | ISAKMP_GEN_SZ4 + 1, sizeof(char)); | |||
368 | if (!buf) { | |||
369 | log_print("pre_shared_gen_skeyid: malloc (%lu" | |||
370 | ") failed", | |||
371 | (unsigned long)exchange->id_i_len - | |||
372 | ISAKMP_ID_DATA_OFF8 + ISAKMP_GEN_SZ4 + 1); | |||
373 | return 0; | |||
374 | } | |||
375 | memcpy(buf, | |||
376 | exchange->id_i + ISAKMP_ID_DATA_OFF8 - | |||
377 | ISAKMP_GEN_SZ4, | |||
378 | exchange->id_i_len - ISAKMP_ID_DATA_OFF8 + | |||
379 | ISAKMP_GEN_SZ4); | |||
380 | break; | |||
381 | ||||
382 | /* XXX Support more ID types ? */ | |||
383 | default: | |||
384 | break; | |||
385 | } | |||
386 | } | |||
387 | /* | |||
388 | * Get the pre-shared key for our peer. This will work even if the key | |||
389 | * has been passed to us through a mechanism like PFKEYv2. | |||
390 | */ | |||
391 | key = ike_auth_get_key(IKE_AUTH_PRE_SHARED1, exchange->name, | |||
392 | (char *)buf, &keylen); | |||
393 | free(buf); | |||
394 | ||||
395 | /* Fail if no key could be found. */ | |||
396 | if (!key) | |||
397 | return 0; | |||
398 | ||||
399 | /* Store the secret key for later policy processing. */ | |||
400 | exchange->recv_key = calloc(keylen + 1, sizeof(char)); | |||
401 | exchange->recv_keytype = ISAKMP_KEY_PASSPHRASE1; | |||
402 | if (!exchange->recv_key) { | |||
403 | log_error("pre_shared_gen_skeyid: malloc (%lu) failed", | |||
404 | (unsigned long)keylen); | |||
405 | free(key); | |||
406 | return 0; | |||
407 | } | |||
408 | memcpy(exchange->recv_key, key, keylen); | |||
409 | exchange->recv_certtype = ISAKMP_CERTENC_NONE0; | |||
410 | free(key); | |||
411 | ||||
412 | prf = prf_alloc(ie->prf_type, ie->hash->type, exchange->recv_key, | |||
413 | keylen); | |||
414 | if (!prf) | |||
415 | return 0; | |||
416 | ||||
417 | *sz = prf->blocksize; | |||
418 | skeyid = malloc(*sz); | |||
419 | if (!skeyid) { | |||
420 | log_error("pre_shared_gen_skeyid: malloc (%lu) failed", | |||
421 | (unsigned long)*sz); | |||
422 | prf_free(prf); | |||
423 | return 0; | |||
424 | } | |||
425 | prf->Init(prf->prfctx); | |||
426 | prf->Update(prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); | |||
427 | prf->Update(prf->prfctx, exchange->nonce_r, exchange->nonce_r_len); | |||
428 | prf->Final(skeyid, prf->prfctx); | |||
429 | prf_free(prf); | |||
430 | return skeyid; | |||
431 | } | |||
432 | ||||
433 | /* Both DSS & RSA signature authentication use this algorithm. */ | |||
434 | static u_int8_t * | |||
435 | sig_gen_skeyid(struct exchange *exchange, size_t *sz) | |||
436 | { | |||
437 | struct prf *prf; | |||
438 | struct ipsec_exch *ie = exchange->data; | |||
439 | u_int8_t *skeyid; | |||
440 | unsigned char *key; | |||
441 | ||||
442 | key = malloc(exchange->nonce_i_len + exchange->nonce_r_len); | |||
443 | if (!key) | |||
444 | return 0; | |||
445 | memcpy(key, exchange->nonce_i, exchange->nonce_i_len); | |||
446 | memcpy(key + exchange->nonce_i_len, exchange->nonce_r, | |||
447 | exchange->nonce_r_len); | |||
448 | ||||
449 | LOG_DBG((LOG_NEGOTIATION, 80, "sig_gen_skeyid: PRF type %d, hash %d",log_debug (LOG_NEGOTIATION, 80, "sig_gen_skeyid: PRF type %d, hash %d" , ie->prf_type, ie->hash->type) | |||
450 | ie->prf_type, ie->hash->type))log_debug (LOG_NEGOTIATION, 80, "sig_gen_skeyid: PRF type %d, hash %d" , ie->prf_type, ie->hash->type); | |||
451 | LOG_DBG_BUF((LOG_NEGOTIATION, 80,log_debug_buf (LOG_NEGOTIATION, 80, "sig_gen_skeyid: SKEYID initialized with" , (u_int8_t *)key, exchange->nonce_i_len + exchange->nonce_r_len ) | |||
452 | "sig_gen_skeyid: SKEYID initialized with",log_debug_buf (LOG_NEGOTIATION, 80, "sig_gen_skeyid: SKEYID initialized with" , (u_int8_t *)key, exchange->nonce_i_len + exchange->nonce_r_len ) | |||
453 | (u_int8_t *)key, exchange->nonce_i_len + exchange->nonce_r_len))log_debug_buf (LOG_NEGOTIATION, 80, "sig_gen_skeyid: SKEYID initialized with" , (u_int8_t *)key, exchange->nonce_i_len + exchange->nonce_r_len ); | |||
454 | ||||
455 | prf = prf_alloc(ie->prf_type, ie->hash->type, key, | |||
456 | exchange->nonce_i_len + exchange->nonce_r_len); | |||
457 | free(key); | |||
458 | if (!prf) | |||
459 | return 0; | |||
460 | ||||
461 | *sz = prf->blocksize; | |||
462 | skeyid = malloc(*sz); | |||
463 | if (!skeyid) { | |||
464 | log_error("sig_gen_skeyid: malloc (%lu) failed", | |||
465 | (unsigned long)*sz); | |||
466 | prf_free(prf); | |||
467 | return 0; | |||
468 | } | |||
469 | LOG_DBG((LOG_NEGOTIATION, 80, "sig_gen_skeyid: g^xy length %lu",log_debug (LOG_NEGOTIATION, 80, "sig_gen_skeyid: g^xy length %lu" , (unsigned long)ie->g_xy_len) | |||
470 | (unsigned long)ie->g_xy_len))log_debug (LOG_NEGOTIATION, 80, "sig_gen_skeyid: g^xy length %lu" , (unsigned long)ie->g_xy_len); | |||
471 | LOG_DBG_BUF((LOG_NEGOTIATION, 80,log_debug_buf (LOG_NEGOTIATION, 80, "sig_gen_skeyid: SKEYID fed with g^xy" , ie->g_xy, ie->g_xy_len) | |||
472 | "sig_gen_skeyid: SKEYID fed with g^xy", ie->g_xy, ie->g_xy_len))log_debug_buf (LOG_NEGOTIATION, 80, "sig_gen_skeyid: SKEYID fed with g^xy" , ie->g_xy, ie->g_xy_len); | |||
473 | ||||
474 | prf->Init(prf->prfctx); | |||
475 | prf->Update(prf->prfctx, ie->g_xy, ie->g_xy_len); | |||
476 | prf->Final(skeyid, prf->prfctx); | |||
477 | prf_free(prf); | |||
478 | return skeyid; | |||
479 | } | |||
480 | ||||
481 | #ifdef notdef | |||
482 | /* | |||
483 | * Both standard and revised RSA encryption authentication use this SKEYID | |||
484 | * computation. | |||
485 | */ | |||
486 | static u_int8_t * | |||
487 | enc_gen_skeyid(struct exchange *exchange, size_t *sz) | |||
488 | { | |||
489 | struct prf *prf; | |||
490 | struct ipsec_exch *ie = exchange->data; | |||
491 | struct hash *hash = ie->hash; | |||
492 | u_int8_t *skeyid; | |||
493 | ||||
494 | hash->Init(hash->ctx); | |||
495 | hash->Update(hash->ctx, exchange->nonce_i, exchange->nonce_i_len); | |||
496 | hash->Update(hash->ctx, exchange->nonce_r, exchange->nonce_r_len); | |||
497 | hash->Final(hash->digest, hash->ctx); | |||
498 | prf = prf_alloc(ie->prf_type, hash->type, hash->digest, *sz); | |||
499 | if (!prf) | |||
500 | return 0; | |||
501 | ||||
502 | *sz = prf->blocksize; | |||
503 | skeyid = malloc(*sz); | |||
504 | if (!skeyid) { | |||
505 | log_error("enc_gen_skeyid: malloc (%d) failed", *sz); | |||
506 | prf_free(prf); | |||
507 | return 0; | |||
508 | } | |||
509 | prf->Init(prf->prfctx); | |||
510 | prf->Update(prf->prfctx, exchange->cookies, ISAKMP_HDR_COOKIES_LEN(8 + 8)); | |||
511 | prf->Final(skeyid, prf->prfctx); | |||
512 | prf_free(prf); | |||
513 | return skeyid; | |||
514 | } | |||
515 | #endif /* notdef */ | |||
516 | ||||
517 | static int | |||
518 | pre_shared_decode_hash(struct message *msg) | |||
519 | { | |||
520 | struct exchange *exchange = msg->exchange; | |||
521 | struct ipsec_exch *ie = exchange->data; | |||
522 | struct payload *payload; | |||
523 | size_t hashsize = ie->hash->hashsize; | |||
524 | char header[80]; | |||
525 | int initiator = exchange->initiator; | |||
526 | u_int8_t **hash_p; | |||
527 | ||||
528 | /* Choose the right fields to fill-in. */ | |||
529 | hash_p = initiator ? &ie->hash_r : &ie->hash_i; | |||
530 | ||||
531 | payload = payload_first(msg, ISAKMP_PAYLOAD_HASH8); | |||
532 | if (!payload) { | |||
533 | log_print("pre_shared_decode_hash: no HASH payload found"); | |||
534 | return -1; | |||
535 | } | |||
536 | /* Check that the hash is of the correct size. */ | |||
537 | if (GET_ISAKMP_GEN_LENGTH(payload->p)field_get_num (isakmp_gen_fld + 2, payload->p) - ISAKMP_GEN_SZ4 != hashsize) | |||
538 | return -1; | |||
539 | ||||
540 | /* XXX Need this hash be in the SA? */ | |||
541 | *hash_p = malloc(hashsize); | |||
542 | if (!*hash_p) { | |||
543 | log_error("pre_shared_decode_hash: malloc (%lu) failed", | |||
544 | (unsigned long)hashsize); | |||
545 | return -1; | |||
546 | } | |||
547 | memcpy(*hash_p, payload->p + ISAKMP_HASH_DATA_OFF4, hashsize); | |||
548 | snprintf(header, sizeof header, "pre_shared_decode_hash: HASH_%c", | |||
549 | initiator ? 'R' : 'I'); | |||
550 | LOG_DBG_BUF((LOG_MISC, 80, header, *hash_p, hashsize))log_debug_buf (LOG_MISC, 80, header, *hash_p, hashsize); | |||
551 | ||||
552 | payload->flags |= PL_MARK1; | |||
553 | return 0; | |||
554 | } | |||
555 | ||||
556 | /* Decrypt the HASH in SIG, we already need a parsed ID payload. */ | |||
557 | static int | |||
558 | rsa_sig_decode_hash(struct message *msg) | |||
559 | { | |||
560 | struct cert_handler *handler; | |||
561 | struct exchange *exchange = msg->exchange; | |||
562 | struct ipsec_exch *ie = exchange->data; | |||
563 | struct payload *p; | |||
564 | void *cert = 0; | |||
565 | u_int8_t *rawcert = 0, **hash_p, **id_cert, *id; | |||
566 | u_int32_t rawcertlen, *id_cert_len; | |||
567 | RSA *key = 0; | |||
568 | size_t hashsize = ie->hash->hashsize, id_len; | |||
569 | char header[80]; | |||
570 | int len, initiator = exchange->initiator; | |||
571 | int found = 0, n, i, id_found; | |||
572 | #if defined (USE_DNSSEC) | |||
573 | u_int8_t *rawkey = 0; | |||
574 | u_int32_t rawkeylen; | |||
575 | #endif | |||
576 | ||||
577 | /* Choose the right fields to fill-in. */ | |||
578 | hash_p = initiator ? &ie->hash_r : &ie->hash_i; | |||
579 | id = initiator ? exchange->id_r : exchange->id_i; | |||
580 | id_len = initiator ? exchange->id_r_len : exchange->id_i_len; | |||
581 | ||||
582 | if (!id || id_len == 0) { | |||
583 | log_print("rsa_sig_decode_hash: ID is missing"); | |||
584 | return -1; | |||
585 | } | |||
586 | /* | |||
587 | * XXX Assume we should use the same kind of certification as the | |||
588 | * remote... moreover, just use the first CERT payload to decide what | |||
589 | * to use. | |||
590 | */ | |||
591 | p = payload_first(msg, ISAKMP_PAYLOAD_CERT6); | |||
592 | if (!p) | |||
593 | handler = cert_get(ISAKMP_CERTENC_KEYNOTE11); | |||
594 | else | |||
595 | handler = cert_get(GET_ISAKMP_CERT_ENCODING(p->p)field_get_num (isakmp_cert_fld + 0, p->p)); | |||
596 | if (!handler) { | |||
597 | log_print("rsa_sig_decode_hash: cert_get (%d) failed", | |||
598 | p ? GET_ISAKMP_CERT_ENCODING(p->p)field_get_num (isakmp_cert_fld + 0, p->p) : -1); | |||
599 | return -1; | |||
600 | } | |||
601 | /* | |||
602 | * We need the policy session initialized now, so we can add | |||
603 | * credentials etc. | |||
604 | */ | |||
605 | exchange->policy_id = kn_init(); | |||
606 | if (exchange->policy_id == -1) { | |||
607 | log_print("rsa_sig_decode_hash: failed to initialize policy " | |||
608 | "session"); | |||
609 | return -1; | |||
610 | } | |||
611 | ||||
612 | /* Obtain a certificate from our certificate storage. */ | |||
613 | if (handler->cert_obtain(id, id_len, 0, &rawcert, &rawcertlen)) { | |||
614 | if (handler->id == ISAKMP_CERTENC_X509_SIG4) { | |||
615 | cert = handler->cert_get(rawcert, rawcertlen); | |||
616 | if (!cert) | |||
617 | LOG_DBG((LOG_CRYPTO, 50, "rsa_sig_decode_hash:"log_debug (LOG_CRYPTO, 50, "rsa_sig_decode_hash:" " certificate malformed" ) | |||
618 | " certificate malformed"))log_debug (LOG_CRYPTO, 50, "rsa_sig_decode_hash:" " certificate malformed" ); | |||
619 | else { | |||
620 | if (!handler->cert_get_key(cert, &key)) { | |||
621 | log_print("rsa_sig_decode_hash: " | |||
622 | "decoding certificate failed"); | |||
623 | handler->cert_free(cert); | |||
624 | } else { | |||
625 | found++; | |||
626 | LOG_DBG((LOG_CRYPTO, 40,log_debug (LOG_CRYPTO, 40, "rsa_sig_decode_hash: using cert " "of type %d", handler->id) | |||
627 | "rsa_sig_decode_hash: using cert "log_debug (LOG_CRYPTO, 40, "rsa_sig_decode_hash: using cert " "of type %d", handler->id) | |||
628 | "of type %d", handler->id))log_debug (LOG_CRYPTO, 40, "rsa_sig_decode_hash: using cert " "of type %d", handler->id); | |||
629 | exchange->recv_cert = cert; | |||
630 | exchange->recv_certtype = handler->id; | |||
631 | x509_generate_kn(exchange->policy_id, | |||
632 | cert); | |||
633 | } | |||
634 | } | |||
635 | } else if (handler->id == ISAKMP_CERTENC_KEYNOTE11) | |||
636 | handler->cert_insert(exchange->policy_id, rawcert); | |||
637 | free(rawcert); | |||
638 | } | |||
639 | /* | |||
640 | * Walk over potential CERT payloads in this message. | |||
641 | * XXX I believe this is the wrong spot for this. CERTs can appear | |||
642 | * anytime. | |||
643 | */ | |||
644 | TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_CERT], link)for((p) = ((&msg->payload[6])->tqh_first); (p) != ( (void*)0); (p) = ((p)->link.tqe_next)) { | |||
645 | p->flags |= PL_MARK1; | |||
646 | ||||
647 | /* | |||
648 | * When we have found a key, just walk over the rest, marking | |||
649 | * them. | |||
650 | */ | |||
651 | if (found) | |||
652 | continue; | |||
653 | ||||
654 | handler = cert_get(GET_ISAKMP_CERT_ENCODING(p->p)field_get_num (isakmp_cert_fld + 0, p->p)); | |||
655 | if (!handler) { | |||
656 | LOG_DBG((LOG_MISC, 30, "rsa_sig_decode_hash: "log_debug (LOG_MISC, 30, "rsa_sig_decode_hash: " "no handler for %s CERT encoding" , constant_name(isakmp_certenc_cst, field_get_num (isakmp_cert_fld + 0, p->p))) | |||
657 | "no handler for %s CERT encoding",log_debug (LOG_MISC, 30, "rsa_sig_decode_hash: " "no handler for %s CERT encoding" , constant_name(isakmp_certenc_cst, field_get_num (isakmp_cert_fld + 0, p->p))) | |||
658 | constant_name(isakmp_certenc_cst,log_debug (LOG_MISC, 30, "rsa_sig_decode_hash: " "no handler for %s CERT encoding" , constant_name(isakmp_certenc_cst, field_get_num (isakmp_cert_fld + 0, p->p))) | |||
659 | GET_ISAKMP_CERT_ENCODING(p->p))))log_debug (LOG_MISC, 30, "rsa_sig_decode_hash: " "no handler for %s CERT encoding" , constant_name(isakmp_certenc_cst, field_get_num (isakmp_cert_fld + 0, p->p))); | |||
660 | continue; | |||
661 | } | |||
662 | cert = handler->cert_get(p->p + ISAKMP_CERT_DATA_OFF5, | |||
663 | GET_ISAKMP_GEN_LENGTH(p->p)field_get_num (isakmp_gen_fld + 2, p->p) - ISAKMP_CERT_DATA_OFF5); | |||
664 | if (!cert) { | |||
665 | log_print("rsa_sig_decode_hash: " | |||
666 | "can not get data from CERT"); | |||
667 | continue; | |||
668 | } | |||
669 | if (!handler->cert_validate(cert)) { | |||
670 | handler->cert_free(cert); | |||
671 | log_print("rsa_sig_decode_hash: received CERT can't " | |||
672 | "be validated"); | |||
673 | continue; | |||
674 | } | |||
675 | if (GET_ISAKMP_CERT_ENCODING(p->p)field_get_num (isakmp_cert_fld + 0, p->p) == | |||
676 | ISAKMP_CERTENC_X509_SIG4) { | |||
677 | if (!handler->cert_get_subjects(cert, &n, &id_cert, | |||
678 | &id_cert_len)) { | |||
679 | handler->cert_free(cert); | |||
680 | log_print("rsa_sig_decode_hash: can not get " | |||
681 | "subject from CERT"); | |||
682 | continue; | |||
683 | } | |||
684 | id_found = 0; | |||
685 | for (i = 0; i < n; i++) | |||
686 | if (id_cert_len[i] == id_len && | |||
687 | id[0] == id_cert[i][0] && | |||
688 | memcmp(id + 4, id_cert[i] + 4, id_len - 4) | |||
689 | == 0) { | |||
690 | id_found++; | |||
691 | break; | |||
692 | } | |||
693 | if (!id_found) { | |||
694 | handler->cert_free(cert); | |||
695 | log_print("rsa_sig_decode_hash: no CERT " | |||
696 | "subject match the ID"); | |||
697 | free(id_cert); | |||
698 | continue; | |||
699 | } | |||
700 | cert_free_subjects(n, id_cert, id_cert_len); | |||
701 | } | |||
702 | if (!handler->cert_get_key(cert, &key)) { | |||
703 | handler->cert_free(cert); | |||
704 | log_print("rsa_sig_decode_hash: decoding payload CERT " | |||
705 | "failed"); | |||
706 | continue; | |||
707 | } | |||
708 | /* We validated the cert, cache it for later use. */ | |||
709 | handler->cert_insert(exchange->policy_id, cert); | |||
710 | ||||
711 | exchange->recv_cert = cert; | |||
712 | exchange->recv_certtype = GET_ISAKMP_CERT_ENCODING(p->p)field_get_num (isakmp_cert_fld + 0, p->p); | |||
713 | ||||
714 | if (exchange->recv_certtype == ISAKMP_CERTENC_KEYNOTE11) { | |||
715 | struct keynote_deckey dc; | |||
716 | char *pp; | |||
717 | ||||
718 | dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA6; | |||
719 | dc.dec_key = key; | |||
720 | ||||
721 | pp = kn_encode_key(&dc, INTERNAL_ENC_PKCS11, | |||
722 | ENCODING_HEX1, KEYNOTE_PUBLIC_KEY0); | |||
723 | if (pp == NULL((void*)0)) { | |||
724 | kn_free_key(&dc); | |||
725 | log_print("rsa_sig_decode_hash: failed to " | |||
726 | "ASCII-encode key"); | |||
727 | return -1; | |||
728 | } | |||
729 | if (asprintf(&exchange->keynote_key, "rsa-hex:%s", | |||
730 | pp) == -1) { | |||
731 | free(pp); | |||
732 | kn_free_key(&dc); | |||
733 | log_print("rsa_sig_decode_hash: failed to asprintf()"); | |||
734 | return -1; | |||
735 | } | |||
736 | free(pp); | |||
737 | } | |||
738 | found++; | |||
739 | } | |||
740 | ||||
741 | #if defined (USE_DNSSEC) | |||
742 | /* | |||
743 | * If no certificate provided a key, try to find a validated DNSSEC | |||
744 | * KEY. | |||
745 | */ | |||
746 | if (!found) { | |||
747 | rawkey = dns_get_key(IKE_AUTH_RSA_SIG3, msg, &rawkeylen); | |||
748 | ||||
749 | /* We need to convert 'void *rawkey' into 'RSA *key'. */ | |||
750 | if (dns_RSA_dns_to_x509(rawkey, rawkeylen, &key) == 0) | |||
751 | found++; | |||
752 | else | |||
753 | log_print("rsa_sig_decode_hash: KEY to RSA key " | |||
754 | "conversion failed"); | |||
755 | ||||
756 | free(rawkey); | |||
757 | } | |||
758 | #endif /* USE_DNSSEC */ | |||
759 | ||||
760 | /* If we still have not found a key, try to read it from a file. */ | |||
761 | if (!found) | |||
762 | if (get_raw_key_from_file(IKE_AUTH_RSA_SIG3, id, id_len, &key) | |||
763 | != -1) | |||
764 | found++; | |||
765 | ||||
766 | if (!found) { | |||
767 | log_print("rsa_sig_decode_hash: no public key found"); | |||
768 | return -1; | |||
769 | } | |||
770 | p = payload_first(msg, ISAKMP_PAYLOAD_SIG9); | |||
771 | if (!p) { | |||
772 | log_print("rsa_sig_decode_hash: missing signature payload"); | |||
773 | RSA_free(key); | |||
774 | return -1; | |||
775 | } | |||
776 | /* Check that the sig is of the correct size. */ | |||
777 | len = GET_ISAKMP_GEN_LENGTH(p->p)field_get_num (isakmp_gen_fld + 2, p->p) - ISAKMP_SIG_SZ4; | |||
778 | if (len != RSA_size(key)) { | |||
779 | RSA_free(key); | |||
780 | log_print("rsa_sig_decode_hash: " | |||
781 | "SIG payload length does not match public key"); | |||
782 | return -1; | |||
783 | } | |||
784 | *hash_p = malloc(len); | |||
785 | if (!*hash_p) { | |||
786 | RSA_free(key); | |||
787 | log_error("rsa_sig_decode_hash: malloc (%d) failed", len); | |||
788 | return -1; | |||
789 | } | |||
790 | len = RSA_public_decrypt(len, p->p + ISAKMP_SIG_DATA_OFF4, *hash_p, key, | |||
791 | RSA_PKCS1_PADDING1); | |||
792 | if (len == -1) { | |||
793 | RSA_free(key); | |||
794 | log_print("rsa_sig_decode_hash: RSA_public_decrypt () failed"); | |||
795 | return -1; | |||
796 | } | |||
797 | /* Store key for later use */ | |||
798 | exchange->recv_key = key; | |||
799 | exchange->recv_keytype = ISAKMP_KEY_RSA2; | |||
800 | ||||
801 | if (len != (int)hashsize) { | |||
802 | free(*hash_p); | |||
803 | *hash_p = 0; | |||
804 | log_print("rsa_sig_decode_hash: len %lu != hashsize %lu", | |||
805 | (unsigned long)len, (unsigned long)hashsize); | |||
806 | return -1; | |||
807 | } | |||
808 | snprintf(header, sizeof header, "rsa_sig_decode_hash: HASH_%c", | |||
809 | initiator ? 'R' : 'I'); | |||
810 | LOG_DBG_BUF((LOG_MISC, 80, header, *hash_p, hashsize))log_debug_buf (LOG_MISC, 80, header, *hash_p, hashsize); | |||
811 | ||||
812 | p->flags |= PL_MARK1; | |||
813 | return 0; | |||
814 | } | |||
815 | ||||
816 | static int | |||
817 | pre_shared_encode_hash(struct message *msg) | |||
818 | { | |||
819 | struct exchange *exchange = msg->exchange; | |||
820 | struct ipsec_exch *ie = exchange->data; | |||
821 | size_t hashsize = ie->hash->hashsize; | |||
822 | char header[80]; | |||
823 | int initiator = exchange->initiator; | |||
824 | u_int8_t *buf; | |||
825 | ||||
826 | buf = ipsec_add_hash_payload(msg, hashsize); | |||
827 | if (!buf) | |||
828 | return -1; | |||
829 | ||||
830 | if (ike_auth_hash(exchange, buf + ISAKMP_HASH_DATA_OFF4) == -1) | |||
831 | return -1; | |||
832 | ||||
833 | snprintf(header, sizeof header, "pre_shared_encode_hash: HASH_%c", | |||
834 | initiator ? 'I' : 'R'); | |||
835 | LOG_DBG_BUF((LOG_MISC, 80, header, buf + ISAKMP_HASH_DATA_OFF,log_debug_buf (LOG_MISC, 80, header, buf + 4, hashsize) | |||
836 | hashsize))log_debug_buf (LOG_MISC, 80, header, buf + 4, hashsize); | |||
837 | return 0; | |||
838 | } | |||
839 | ||||
840 | /* Encrypt the HASH into a SIG type. */ | |||
841 | static int | |||
842 | rsa_sig_encode_hash(struct message *msg) | |||
843 | { | |||
844 | struct exchange *exchange = msg->exchange; | |||
845 | struct ipsec_exch *ie = exchange->data; | |||
846 | size_t hashsize = ie->hash->hashsize, id_len; | |||
847 | struct cert_handler *handler; | |||
848 | char header[80]; | |||
849 | int initiator = exchange->initiator, idtype; | |||
850 | u_int8_t *buf, *data, *buf2, *id; | |||
851 | u_int32_t datalen; | |||
852 | int32_t sigsize; | |||
853 | void *sent_key; | |||
854 | ||||
855 | id = initiator ? exchange->id_i : exchange->id_r; | |||
| ||||
856 | id_len = initiator
| |||
857 | ||||
858 | /* We may have been provided these by the kernel */ | |||
859 | buf = (u_int8_t *)conf_get_str(exchange->name, "Credentials"); | |||
860 | if (buf && (idtype = conf_get_num(exchange->name, "Credential_Type", | |||
861 | -1)) != -1) { | |||
862 | exchange->sent_certtype = idtype; | |||
863 | handler = cert_get(idtype); | |||
864 | if (!handler) { | |||
865 | log_print("rsa_sig_encode_hash: cert_get (%d) failed", | |||
866 | idtype); | |||
867 | return -1; | |||
868 | } | |||
869 | exchange->sent_cert = | |||
870 | handler->cert_from_printable((char *)buf); | |||
871 | if (!exchange->sent_cert) { | |||
872 | log_print("rsa_sig_encode_hash: failed to retrieve " | |||
873 | "certificate"); | |||
874 | return -1; | |||
875 | } | |||
876 | handler->cert_serialize(exchange->sent_cert, &data, &datalen); | |||
877 | if (!data) { | |||
878 | log_print("rsa_sig_encode_hash: cert serialization " | |||
879 | "failed"); | |||
880 | return -1; | |||
881 | } | |||
882 | goto aftercert; /* Skip all the certificate discovery */ | |||
883 | } | |||
884 | /* XXX This needs to be configurable. */ | |||
885 | idtype = ISAKMP_CERTENC_KEYNOTE11; | |||
886 | ||||
887 | /* Find a certificate with subjectAltName = id. */ | |||
888 | handler = cert_get(idtype); | |||
889 | if (!handler) { | |||
890 | idtype = ISAKMP_CERTENC_X509_SIG4; | |||
891 | handler = cert_get(idtype); | |||
892 | if (!handler) { | |||
893 | log_print("rsa_sig_encode_hash: cert_get(%d) failed", | |||
894 | idtype); | |||
895 | return -1; | |||
896 | } | |||
897 | } | |||
898 | if (handler->cert_obtain(id, id_len, 0, &data, &datalen) == 0) { | |||
899 | if (idtype
| |||
900 | idtype = ISAKMP_CERTENC_X509_SIG4; | |||
901 | handler = cert_get(idtype); | |||
902 | if (!handler) { | |||
903 | log_print("rsa_sig_encode_hash: cert_get(%d) " | |||
904 | "failed", idtype); | |||
905 | return -1; | |||
906 | } | |||
907 | if (handler->cert_obtain(id, id_len, 0, &data, | |||
908 | &datalen) == 0) { | |||
909 | LOG_DBG((LOG_MISC, 10, "rsa_sig_encode_hash: "log_debug (LOG_MISC, 10, "rsa_sig_encode_hash: " "no certificate to send for id %s" , ipsec_id_string(id, id_len)) | |||
910 | "no certificate to send for id %s",log_debug (LOG_MISC, 10, "rsa_sig_encode_hash: " "no certificate to send for id %s" , ipsec_id_string(id, id_len)) | |||
911 | ipsec_id_string(id, id_len)))log_debug (LOG_MISC, 10, "rsa_sig_encode_hash: " "no certificate to send for id %s" , ipsec_id_string(id, id_len)); | |||
912 | goto skipcert; | |||
913 | } | |||
914 | } else { | |||
915 | LOG_DBG((LOG_MISC, 10,log_debug (LOG_MISC, 10, "rsa_sig_encode_hash: no certificate to send" " for id %s", ipsec_id_string(id, id_len)) | |||
916 | "rsa_sig_encode_hash: no certificate to send"log_debug (LOG_MISC, 10, "rsa_sig_encode_hash: no certificate to send" " for id %s", ipsec_id_string(id, id_len)) | |||
917 | " for id %s", ipsec_id_string(id, id_len)))log_debug (LOG_MISC, 10, "rsa_sig_encode_hash: no certificate to send" " for id %s", ipsec_id_string(id, id_len)); | |||
918 | goto skipcert; | |||
919 | } | |||
920 | } | |||
921 | /* Let's store the certificate we are going to use */ | |||
922 | exchange->sent_certtype = idtype; | |||
923 | exchange->sent_cert = handler->cert_get(data, datalen); | |||
924 | if (!exchange->sent_cert) { | |||
925 | free(data); | |||
926 | log_print("rsa_sig_encode_hash: failed to get certificate " | |||
927 | "from wire encoding"); | |||
928 | return -1; | |||
929 | } | |||
930 | aftercert: | |||
931 | ||||
932 | buf = realloc(data, ISAKMP_CERT_SZ5 + datalen); | |||
933 | if (!buf) { | |||
934 | log_error("rsa_sig_encode_hash: realloc (%p, %d) failed", data, | |||
935 | ISAKMP_CERT_SZ5 + datalen); | |||
936 | free(data); | |||
937 | return -1; | |||
938 | } | |||
939 | memmove(buf + ISAKMP_CERT_SZ5, buf, datalen); | |||
940 | SET_ISAKMP_CERT_ENCODING(buf, idtype)field_set_num (isakmp_cert_fld + 0, buf, idtype); | |||
941 | if (message_add_payload(msg, ISAKMP_PAYLOAD_CERT6, buf, | |||
942 | ISAKMP_CERT_SZ5 + datalen, 1)) { | |||
943 | free(buf); | |||
944 | return -1; | |||
945 | } | |||
946 | skipcert: | |||
947 | ||||
948 | /* Again, we may have these from the kernel */ | |||
949 | buf = (u_int8_t *)conf_get_str(exchange->name, "PKAuthentication"); | |||
950 | if (buf) { | |||
951 | key_from_printable(ISAKMP_KEY_RSA2, ISAKMP_KEYTYPE_PRIVATE1, | |||
952 | (char *)buf, &data, &datalen); | |||
953 | if (!data) { | |||
954 | log_print("rsa_sig_encode_hash: badly formatted RSA " | |||
955 | "private key"); | |||
956 | return 0; | |||
957 | } | |||
958 | sent_key = key_internalize(ISAKMP_KEY_RSA2, | |||
959 | ISAKMP_KEYTYPE_PRIVATE1, data, datalen); | |||
960 | if (!sent_key) { | |||
961 | log_print("rsa_sig_encode_hash: bad RSA private key " | |||
962 | "from dynamic SA acquisition subsystem"); | |||
963 | return 0; | |||
964 | } | |||
965 | } else { | |||
966 | /* Try through the regular means. */ | |||
967 | switch (id[ISAKMP_ID_TYPE_OFF4 - ISAKMP_GEN_SZ4]) { | |||
968 | case IPSEC_ID_IPV4_ADDR1: | |||
969 | case IPSEC_ID_IPV6_ADDR5: | |||
970 | util_ntoa((char **)&buf2, | |||
971 | id[ISAKMP_ID_TYPE_OFF4 - ISAKMP_GEN_SZ4] == | |||
972 | IPSEC_ID_IPV4_ADDR1 ? AF_INET2 : AF_INET624, | |||
973 | id + ISAKMP_ID_DATA_OFF8 - ISAKMP_GEN_SZ4); | |||
974 | if (!buf2) | |||
975 | return 0; | |||
976 | break; | |||
977 | ||||
978 | case IPSEC_ID_FQDN2: | |||
979 | case IPSEC_ID_USER_FQDN3: | |||
980 | buf2 = calloc(id_len - ISAKMP_ID_DATA_OFF8 + | |||
981 | ISAKMP_GEN_SZ4 + 1, sizeof(char)); | |||
982 | if (!buf2) { | |||
983 | log_print("rsa_sig_encode_hash: malloc (%lu) " | |||
984 | "failed", (unsigned long)id_len - | |||
985 | ISAKMP_ID_DATA_OFF8 + ISAKMP_GEN_SZ4 + 1); | |||
986 | return 0; | |||
987 | } | |||
988 | memcpy(buf2, id + ISAKMP_ID_DATA_OFF8 - ISAKMP_GEN_SZ4, | |||
989 | id_len - ISAKMP_ID_DATA_OFF8 + ISAKMP_GEN_SZ4); | |||
990 | break; | |||
991 | ||||
992 | /* XXX Support more ID types? */ | |||
993 | default: | |||
994 | buf2 = 0; | |||
995 | return 0; | |||
996 | } | |||
997 | ||||
998 | sent_key = ike_auth_get_key(IKE_AUTH_RSA_SIG3, exchange->name, | |||
999 | (char *)buf2, 0); | |||
1000 | free(buf2); | |||
1001 | ||||
1002 | /* Did we find a key? */ | |||
1003 | if (!sent_key) { | |||
1004 | log_print("rsa_sig_encode_hash: " | |||
1005 | "could not get private key"); | |||
1006 | return -1; | |||
1007 | } | |||
1008 | } | |||
1009 | ||||
1010 | /* Enable RSA blinding. */ | |||
1011 | if (RSA_blinding_on(sent_key, NULL((void*)0)) != 1) { | |||
1012 | log_error("rsa_sig_encode_hash: RSA_blinding_on () failed."); | |||
1013 | RSA_free(sent_key); | |||
1014 | return -1; | |||
1015 | } | |||
1016 | /* XXX hashsize is not necessarily prf->blocksize. */ | |||
1017 | buf = malloc(hashsize); | |||
1018 | if (!buf) { | |||
1019 | log_error("rsa_sig_encode_hash: malloc (%lu) failed", | |||
1020 | (unsigned long)hashsize); | |||
1021 | RSA_free(sent_key); | |||
1022 | return -1; | |||
1023 | } | |||
1024 | if (ike_auth_hash(exchange, buf) == -1) { | |||
1025 | free(buf); | |||
1026 | RSA_free(sent_key); | |||
1027 | return -1; | |||
1028 | } | |||
1029 | snprintf(header, sizeof header, "rsa_sig_encode_hash: HASH_%c", | |||
1030 | initiator ? 'I' : 'R'); | |||
1031 | LOG_DBG_BUF((LOG_MISC, 80, header, buf, hashsize))log_debug_buf (LOG_MISC, 80, header, buf, hashsize); | |||
1032 | ||||
1033 | data = malloc(RSA_size(sent_key)); | |||
1034 | if (!data) { | |||
1035 | log_error("rsa_sig_encode_hash: malloc (%d) failed", | |||
1036 | RSA_size(sent_key)); | |||
1037 | free(buf); | |||
1038 | RSA_free(sent_key); | |||
1039 | return -1; | |||
1040 | } | |||
1041 | sigsize = RSA_private_encrypt(hashsize, buf, data, sent_key, | |||
1042 | RSA_PKCS1_PADDING1); | |||
1043 | if (sigsize == -1) { | |||
1044 | log_print("rsa_sig_encode_hash: " | |||
1045 | "RSA_private_encrypt () failed"); | |||
1046 | free(data); | |||
1047 | free(buf); | |||
1048 | RSA_free(sent_key); | |||
1049 | return -1; | |||
1050 | } | |||
1051 | datalen = (u_int32_t) sigsize; | |||
1052 | ||||
1053 | free(buf); | |||
1054 | RSA_free(sent_key); | |||
1055 | ||||
1056 | buf = realloc(data, ISAKMP_SIG_SZ4 + datalen); | |||
1057 | if (!buf) { | |||
1058 | log_error("rsa_sig_encode_hash: realloc (%p, %d) failed", data, | |||
1059 | ISAKMP_SIG_SZ4 + datalen); | |||
1060 | free(data); | |||
1061 | return -1; | |||
1062 | } | |||
1063 | memmove(buf + ISAKMP_SIG_SZ4, buf, datalen); | |||
1064 | ||||
1065 | snprintf(header, sizeof header, "rsa_sig_encode_hash: SIG_%c", | |||
1066 | initiator ? 'I' : 'R'); | |||
1067 | LOG_DBG_BUF((LOG_MISC, 80, header, buf + ISAKMP_SIG_DATA_OFF,log_debug_buf (LOG_MISC, 80, header, buf + 4, datalen) | |||
1068 | datalen))log_debug_buf (LOG_MISC, 80, header, buf + 4, datalen); | |||
1069 | if (message_add_payload(msg, ISAKMP_PAYLOAD_SIG9, buf, | |||
1070 | ISAKMP_SIG_SZ4 + datalen, 1)) { | |||
1071 | free(buf); | |||
1072 | return -1; | |||
1073 | } | |||
1074 | return 0; | |||
1075 | } | |||
1076 | ||||
1077 | int | |||
1078 | ike_auth_hash(struct exchange *exchange, u_int8_t *buf) | |||
1079 | { | |||
1080 | struct ipsec_exch *ie = exchange->data; | |||
1081 | struct prf *prf; | |||
1082 | struct hash *hash = ie->hash; | |||
1083 | int initiator = exchange->initiator; | |||
1084 | u_int8_t *id; | |||
1085 | size_t id_len; | |||
1086 | ||||
1087 | /* Choose the right fields to fill-in. */ | |||
1088 | id = initiator ? exchange->id_i : exchange->id_r; | |||
1089 | id_len = initiator ? exchange->id_i_len : exchange->id_r_len; | |||
1090 | ||||
1091 | /* Allocate the prf and start calculating our HASH. */ | |||
1092 | prf = prf_alloc(ie->prf_type, hash->type, ie->skeyid, ie->skeyid_len); | |||
1093 | if (!prf) | |||
1094 | return -1; | |||
1095 | ||||
1096 | prf->Init(prf->prfctx); | |||
1097 | prf->Update(prf->prfctx, initiator ? ie->g_xi : ie->g_xr, ie->g_x_len); | |||
1098 | prf->Update(prf->prfctx, initiator ? ie->g_xr : ie->g_xi, ie->g_x_len); | |||
1099 | prf->Update(prf->prfctx, exchange->cookies + | |||
1100 | (initiator ? ISAKMP_HDR_ICOOKIE_OFF0 : ISAKMP_HDR_RCOOKIE_OFF8), | |||
1101 | ISAKMP_HDR_ICOOKIE_LEN8); | |||
1102 | prf->Update(prf->prfctx, exchange->cookies + | |||
1103 | (initiator ? ISAKMP_HDR_RCOOKIE_OFF8 : ISAKMP_HDR_ICOOKIE_OFF0), | |||
1104 | ISAKMP_HDR_ICOOKIE_LEN8); | |||
1105 | prf->Update(prf->prfctx, ie->sa_i_b, ie->sa_i_b_len); | |||
1106 | prf->Update(prf->prfctx, id, id_len); | |||
1107 | prf->Final(buf, prf->prfctx); | |||
1108 | prf_free(prf); | |||
1109 | return 0; | |||
1110 | } | |||
1111 | ||||
1112 | static int | |||
1113 | get_raw_key_from_file(int type, u_int8_t *id, size_t id_len, RSA **rsa) | |||
1114 | { | |||
1115 | char filename[FILENAME_MAX1024]; | |||
1116 | char *fstr; | |||
1117 | FILE *keyfp; | |||
1118 | ||||
1119 | if (type != IKE_AUTH_RSA_SIG3) { /* XXX More types? */ | |||
1120 | LOG_DBG((LOG_NEGOTIATION, 20, "get_raw_key_from_file: "log_debug (LOG_NEGOTIATION, 20, "get_raw_key_from_file: " "invalid auth type %d\n" , type) | |||
1121 | "invalid auth type %d\n", type))log_debug (LOG_NEGOTIATION, 20, "get_raw_key_from_file: " "invalid auth type %d\n" , type); | |||
1122 | return -1; | |||
1123 | } | |||
1124 | *rsa = 0; | |||
1125 | ||||
1126 | fstr = conf_get_str("General", "Pubkey-directory"); | |||
1127 | if (!fstr) | |||
1128 | fstr = CONF_DFLT_PUBKEY_DIR"/etc/isakmpd/" "pubkeys/"; | |||
1129 | ||||
1130 | if (snprintf(filename, sizeof filename, "%s/", fstr) > | |||
1131 | (int)sizeof filename - 1) | |||
1132 | return -1; | |||
1133 | ||||
1134 | fstr = ipsec_id_string(id, id_len); | |||
1135 | if (!fstr) { | |||
1136 | LOG_DBG((LOG_NEGOTIATION, 50, "get_raw_key_from_file: "log_debug (LOG_NEGOTIATION, 50, "get_raw_key_from_file: " "ipsec_id_string failed" ) | |||
1137 | "ipsec_id_string failed"))log_debug (LOG_NEGOTIATION, 50, "get_raw_key_from_file: " "ipsec_id_string failed" ); | |||
1138 | return -1; | |||
1139 | } | |||
1140 | strlcat(filename, fstr, sizeof filename - strlen(filename)); | |||
1141 | free(fstr); | |||
1142 | ||||
1143 | /* If the file does not exist, fail silently. */ | |||
1144 | keyfp = monitor_fopen(filename, "r"); | |||
1145 | if (keyfp) { | |||
1146 | *rsa = PEM_read_RSA_PUBKEY(keyfp, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
1147 | if (!*rsa) { | |||
1148 | rewind(keyfp); | |||
1149 | *rsa = PEM_read_RSAPublicKey(keyfp, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
1150 | } | |||
1151 | if (!*rsa) | |||
1152 | log_print("get_raw_key_from_file: failed to get " | |||
1153 | "public key %s", filename); | |||
1154 | fclose(keyfp); | |||
1155 | } else if (errno(*__errno()) != ENOENT2) { | |||
1156 | log_error("get_raw_key_from_file: monitor_fopen " | |||
1157 | "(\"%s\", \"r\") failed", filename); | |||
1158 | return -1; | |||
1159 | } else | |||
1160 | LOG_DBG((LOG_NEGOTIATION, 50,log_debug (LOG_NEGOTIATION, 50, "get_raw_key_from_file: file %s not found" , filename) | |||
1161 | "get_raw_key_from_file: file %s not found", filename))log_debug (LOG_NEGOTIATION, 50, "get_raw_key_from_file: file %s not found" , filename); | |||
1162 | ||||
1163 | return (*rsa ? 0 : -1); | |||
1164 | } |