1 /* $OpenBSD: ike_auth.c,v 1.95 2004/08/08 19:11:06 deraadt Exp $ */
2 /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
5 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
6 * Copyright (c) 1999 Niels Provos. All rights reserved.
7 * Copyright (c) 1999 Angelos D. Keromytis. All rights reserved.
8 * Copyright (c) 2000, 2001, 2003 HÃ¥kan Olsson. All rights reserved.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * This code was written under funding by Ericsson Radio Systems.
35 #include <sys/types.h>
37 #include <netinet/in.h>
38 #include <arpa/inet.h>
46 #if defined (USE_KEYNOTE)
55 #include "constants.h"
56 #if defined (USE_DNSSEC)
64 #include "ipsec_doi.h"
65 #include "libcrypto.h"
70 #include "transport.h"
73 #if defined (USE_X509)
78 static u_int8_t
*enc_gen_skeyid(struct exchange
*, size_t *);
80 static u_int8_t
*pre_shared_gen_skeyid(struct exchange
*, size_t *);
82 static int pre_shared_decode_hash(struct message
*);
83 static int pre_shared_encode_hash(struct message
*);
85 #if defined (USE_X509) || defined (USE_KEYNOTE)
86 static u_int8_t
*sig_gen_skeyid(struct exchange
*, size_t *);
87 static int rsa_sig_decode_hash(struct message
*);
88 static int rsa_sig_encode_hash(struct message
*);
91 #if defined (USE_RAWKEY)
92 static int get_raw_key_from_file(int, u_int8_t
*, size_t, RSA
**);
95 static int ike_auth_hash(struct exchange
*, u_int8_t
*);
97 static struct ike_auth ike_auth
[] = {
99 IKE_AUTH_PRE_SHARED
, pre_shared_gen_skeyid
,
100 pre_shared_decode_hash
,
101 pre_shared_encode_hash
105 IKE_AUTH_DSS
, sig_gen_skeyid
,
106 pre_shared_decode_hash
,
107 pre_shared_encode_hash
110 #if defined (USE_X509) || defined (USE_KEYNOTE)
112 IKE_AUTH_RSA_SIG
, sig_gen_skeyid
,
119 IKE_AUTH_RSA_ENC
, enc_gen_skeyid
,
120 pre_shared_decode_hash
,
121 pre_shared_encode_hash
124 IKE_AUTH_RSA_ENC_REV
, enc_gen_skeyid
,
125 pre_shared_decode_hash
,
126 pre_shared_encode_hash
132 ike_auth_get(u_int16_t id
)
136 for (i
= 0; i
< sizeof ike_auth
/ sizeof ike_auth
[0]; i
++)
137 if (id
== ike_auth
[i
].id
)
143 * Find and decode the configured key (pre-shared or public) for the
144 * peer denoted by ID. Stash the len in KEYLEN.
147 ike_auth_get_key(int type
, char *id
, char *local_id
, size_t *keylen
)
150 #if defined (USE_X509) || defined (USE_KEYNOTE)
153 #if defined (USE_X509)
161 case IKE_AUTH_PRE_SHARED
:
162 /* Get the pre-shared key for our peer. */
163 key
= conf_get_str(id
, "Authentication");
164 if (!key
&& local_id
)
165 key
= conf_get_str(local_id
, "Authentication");
168 log_print("ike_auth_get_key: "
169 "no key found for peer \"%s\" or local ID \"%s\"",
173 /* If the key starts with 0x it is in hex format. */
174 if (strncasecmp(key
, "0x", 2) == 0) {
175 *keylen
= (strlen(key
) - 1) / 2;
176 buf
= malloc(*keylen
);
178 log_error("ike_auth_get_key: malloc (%lu) "
179 "failed", (unsigned long)*keylen
);
182 if (hex2raw(key
+ 2, (unsigned char *)buf
, *keylen
)) {
184 log_print("ike_auth_get_key: invalid hex key "
193 log_error("ike_auth_get_key: strdup() failed");
196 *keylen
= strlen(key
);
200 case IKE_AUTH_RSA_SIG
:
201 #if defined (USE_X509) || defined (USE_KEYNOTE)
202 #if defined (USE_KEYNOTE)
203 if (local_id
&& (keyfile
= conf_get_str("KeyNote",
204 "Credential-directory")) != 0) {
206 struct keynote_deckey dc
;
207 char *privkeyfile
, *buf2
;
211 pkflen
= strlen(keyfile
) + strlen(local_id
) +
212 sizeof PRIVATE_KEY_FILE
+ sizeof "//" - 1;
213 privkeyfile
= calloc(pkflen
, sizeof(char));
215 log_print("ike_auth_get_key: failed to "
216 "allocate %d bytes", pkflen
);
219 snprintf(privkeyfile
, pkflen
, "%s/%s/%s", keyfile
,
220 local_id
, PRIVATE_KEY_FILE
);
221 keyfile
= privkeyfile
;
223 fd
= monitor_open(keyfile
, O_RDONLY
, 0);
229 if (fstat(fd
, &sb
) < 0) {
230 log_print("ike_auth_get_key: fstat failed");
235 size
= (size_t)sb
.st_size
;
237 buf
= calloc(size
+ 1, sizeof(char));
239 log_print("ike_auth_get_key: failed allocating"
240 " %lu bytes", (unsigned long)size
+ 1);
245 if (read(fd
, buf
, size
) != (ssize_t
)size
) {
247 log_print("ike_auth_get_key: "
248 "failed reading %lu bytes from \"%s\"",
249 (unsigned long)size
, keyfile
);
256 /* Parse private key string */
257 buf2
= kn_get_string(buf
);
260 if (!buf2
|| kn_decode_key(&dc
, buf2
,
261 KEYNOTE_PRIVATE_KEY
) == -1) {
264 log_print("ike_auth_get_key: failed decoding "
265 "key in \"%s\"", keyfile
);
271 if (dc
.dec_algorithm
!= KEYNOTE_ALGORITHM_RSA
) {
272 log_print("ike_auth_get_key: wrong algorithm "
273 "type %d in \"%s\"", dc
.dec_algorithm
,
283 #endif /* USE_KEYNOTE */
285 /* Otherwise, try X.509 */
286 keyfile
= conf_get_str("X509-certificates", "Private-key");
288 fd
= monitor_open(keyfile
, O_RDONLY
, 0);
290 log_print("ike_auth_get_key: failed opening \"%s\"",
295 if (check_file_secrecy_fd(fd
, keyfile
, &fsize
) < 0) {
300 if ((keyfp
= fdopen(fd
, "r")) == NULL
) {
301 log_print("ike_auth_get_key: fdopen failed");
305 #if SSLEAY_VERSION_NUMBER >= 0x00904100L
306 rsakey
= PEM_read_RSAPrivateKey(keyfp
, NULL
, NULL
, NULL
);
308 rsakey
= PEM_read_RSAPrivateKey(keyfp
, NULL
, NULL
);
313 log_print("ike_auth_get_key: "
314 "PEM_read_bio_RSAPrivateKey failed");
318 #endif /* USE_X509 */
319 #endif /* USE_X509 || USE_KEYNOTE */
322 log_print("ike_auth_get_key: unknown key type %d", type
);
330 pre_shared_gen_skeyid(struct exchange
*exchange
, size_t *sz
)
333 struct ipsec_exch
*ie
= exchange
->data
;
334 u_int8_t
*skeyid
, *buf
= 0;
339 * If we're the responder and have the initiator's ID (which is the
340 * case in Aggressive mode), try to find the preshared key in the
341 * section of the initiator's Phase 1 ID. This allows us to do
342 * mobile user support with preshared keys.
344 if (!exchange
->initiator
&& exchange
->id_i
) {
345 switch (exchange
->id_i
[0]) {
346 case IPSEC_ID_IPV4_ADDR
:
347 case IPSEC_ID_IPV6_ADDR
:
348 util_ntoa((char **) &buf
,
349 exchange
->id_i
[0] == IPSEC_ID_IPV4_ADDR
? AF_INET
:
350 AF_INET6
, exchange
->id_i
+ ISAKMP_ID_DATA_OFF
-
357 case IPSEC_ID_USER_FQDN
:
358 buf
= calloc(exchange
->id_i_len
- ISAKMP_ID_DATA_OFF
+
359 ISAKMP_GEN_SZ
+ 1, sizeof(char));
361 log_print("pre_shared_gen_skeyid: malloc (%lu"
363 (unsigned long)exchange
->id_i_len
-
364 ISAKMP_ID_DATA_OFF
+ ISAKMP_GEN_SZ
+ 1);
368 exchange
->id_i
+ ISAKMP_ID_DATA_OFF
-
370 exchange
->id_i_len
- ISAKMP_ID_DATA_OFF
+
374 /* XXX Support more ID types ? */
380 * Get the pre-shared key for our peer. This will work even if the key
381 * has been passed to us through a mechanism like PFKEYv2.
383 key
= ike_auth_get_key(IKE_AUTH_PRE_SHARED
, exchange
->name
,
384 (char *) buf
, &keylen
);
388 /* Fail if no key could be found. */
392 /* Store the secret key for later policy processing. */
393 exchange
->recv_key
= calloc(keylen
+ 1, sizeof(char));
394 exchange
->recv_keytype
= ISAKMP_KEY_PASSPHRASE
;
395 if (!exchange
->recv_key
) {
396 log_error("pre_shared_gen_skeyid: malloc (%lu) failed",
397 (unsigned long)keylen
);
401 memcpy(exchange
->recv_key
, key
, keylen
);
402 exchange
->recv_certtype
= ISAKMP_CERTENC_NONE
;
405 prf
= prf_alloc(ie
->prf_type
, ie
->hash
->type
, exchange
->recv_key
,
410 *sz
= prf
->blocksize
;
411 skeyid
= malloc(*sz
);
413 log_error("pre_shared_gen_skeyid: malloc (%lu) failed",
418 prf
->Init(prf
->prfctx
);
419 prf
->Update(prf
->prfctx
, exchange
->nonce_i
, exchange
->nonce_i_len
);
420 prf
->Update(prf
->prfctx
, exchange
->nonce_r
, exchange
->nonce_r_len
);
421 prf
->Final(skeyid
, prf
->prfctx
);
426 #if defined (USE_X509) || defined (USE_KEYNOTE)
427 /* Both DSS & RSA signature authentication use this algorithm. */
429 sig_gen_skeyid(struct exchange
*exchange
, size_t *sz
)
432 struct ipsec_exch
*ie
= exchange
->data
;
436 key
= malloc(exchange
->nonce_i_len
+ exchange
->nonce_r_len
);
439 memcpy(key
, exchange
->nonce_i
, exchange
->nonce_i_len
);
440 memcpy(key
+ exchange
->nonce_i_len
, exchange
->nonce_r
,
441 exchange
->nonce_r_len
);
443 LOG_DBG((LOG_NEGOTIATION
, 80, "sig_gen_skeyid: PRF type %d, hash %d",
444 ie
->prf_type
, ie
->hash
->type
));
445 LOG_DBG_BUF((LOG_NEGOTIATION
, 80,
446 "sig_gen_skeyid: SKEYID initialized with",
447 (u_int8_t
*)key
, exchange
->nonce_i_len
+ exchange
->nonce_r_len
));
449 prf
= prf_alloc(ie
->prf_type
, ie
->hash
->type
, key
,
450 exchange
->nonce_i_len
+ exchange
->nonce_r_len
);
455 *sz
= prf
->blocksize
;
456 skeyid
= malloc(*sz
);
458 log_error("sig_gen_skeyid: malloc (%lu) failed",
463 LOG_DBG((LOG_NEGOTIATION
, 80, "sig_gen_skeyid: g^xy length %lu",
464 (unsigned long) ie
->g_x_len
));
465 LOG_DBG_BUF((LOG_NEGOTIATION
, 80,
466 "sig_gen_skeyid: SKEYID fed with g^xy", ie
->g_xy
, ie
->g_x_len
));
468 prf
->Init(prf
->prfctx
);
469 prf
->Update(prf
->prfctx
, ie
->g_xy
, ie
->g_x_len
);
470 prf
->Final(skeyid
, prf
->prfctx
);
474 #endif /* USE_X509 || USE_KEYNOTE */
478 * Both standard and revised RSA encryption authentication use this SKEYID
482 enc_gen_skeyid(struct exchange
*exchange
, size_t *sz
)
485 struct ipsec_exch
*ie
= exchange
->data
;
486 struct hash
*hash
= ie
->hash
;
489 hash
->Init(hash
->ctx
);
490 hash
->Update(hash
->ctx
, exchange
->nonce_i
, exchange
->nonce_i_len
);
491 hash
->Update(hash
->ctx
, exchange
->nonce_r
, exchange
->nonce_r_len
);
492 hash
->Final(hash
->digest
, hash
->ctx
);
493 prf
= prf_alloc(ie
->prf_type
, hash
->type
, hash
->digest
, *sz
);
497 *sz
= prf
->blocksize
;
498 skeyid
= malloc(*sz
);
500 log_error("enc_gen_skeyid: malloc (%d) failed", *sz
);
504 prf
->Init(prf
->prfctx
);
505 prf
->Update(prf
->prfctx
, exchange
->cookies
, ISAKMP_HDR_COOKIES_LEN
);
506 prf
->Final(skeyid
, prf
->prfctx
);
513 pre_shared_decode_hash(struct message
*msg
)
515 struct exchange
*exchange
= msg
->exchange
;
516 struct ipsec_exch
*ie
= exchange
->data
;
517 struct payload
*payload
;
518 size_t hashsize
= ie
->hash
->hashsize
;
520 int initiator
= exchange
->initiator
;
523 /* Choose the right fields to fill-in. */
524 hash_p
= initiator
? &ie
->hash_r
: &ie
->hash_i
;
526 payload
= payload_first(msg
, ISAKMP_PAYLOAD_HASH
);
528 log_print("pre_shared_decode_hash: no HASH payload found");
531 /* Check that the hash is of the correct size. */
532 if (GET_ISAKMP_GEN_LENGTH(payload
->p
) - ISAKMP_GEN_SZ
!= hashsize
)
535 /* XXX Need this hash be in the SA? */
536 *hash_p
= malloc(hashsize
);
538 log_error("pre_shared_decode_hash: malloc (%lu) failed",
539 (unsigned long)hashsize
);
542 memcpy(*hash_p
, payload
->p
+ ISAKMP_HASH_DATA_OFF
, hashsize
);
543 snprintf(header
, sizeof header
, "pre_shared_decode_hash: HASH_%c",
544 initiator
? 'R' : 'I');
545 LOG_DBG_BUF((LOG_MISC
, 80, header
, *hash_p
, hashsize
));
547 payload
->flags
|= PL_MARK
;
551 #if defined (USE_X509) || defined (USE_KEYNOTE)
552 /* Decrypt the HASH in SIG, we already need a parsed ID payload. */
554 rsa_sig_decode_hash(struct message
*msg
)
556 struct cert_handler
*handler
;
557 struct exchange
*exchange
= msg
->exchange
;
558 struct ipsec_exch
*ie
= exchange
->data
;
561 u_int8_t
*rawcert
= 0, **hash_p
, **id_cert
, *id
;
562 u_int32_t rawcertlen
, *id_cert_len
;
564 size_t hashsize
= ie
->hash
->hashsize
, id_len
;
566 int len
, initiator
= exchange
->initiator
;
567 int found
= 0, n
, i
, id_found
;
568 #if defined (USE_DNSSEC)
569 u_int8_t
*rawkey
= 0;
573 /* Choose the right fields to fill-in. */
574 hash_p
= initiator
? &ie
->hash_r
: &ie
->hash_i
;
575 id
= initiator
? exchange
->id_r
: exchange
->id_i
;
576 id_len
= initiator
? exchange
->id_r_len
: exchange
->id_i_len
;
578 if (!id
|| id_len
== 0) {
579 log_print("rsa_sig_decode_hash: ID is missing");
583 * XXX Assume we should use the same kind of certification as the
584 * remote... moreover, just use the first CERT payload to decide what
587 p
= payload_first(msg
, ISAKMP_PAYLOAD_CERT
);
589 handler
= cert_get(ISAKMP_CERTENC_KEYNOTE
);
591 handler
= cert_get(GET_ISAKMP_CERT_ENCODING(p
->p
));
593 log_print("rsa_sig_decode_hash: cert_get (%d) failed",
594 p
? GET_ISAKMP_CERT_ENCODING(p
->p
) : -1);
597 #if defined (USE_POLICY) || defined (USE_KEYNOTE)
599 * We need the policy session initialized now, so we can add
602 exchange
->policy_id
= kn_init();
603 if (exchange
->policy_id
== -1) {
604 log_print("rsa_sig_decode_hash: failed to initialize policy "
608 #endif /* USE_POLICY || USE_KEYNOTE */
610 /* Obtain a certificate from our certificate storage. */
611 if (handler
->cert_obtain(id
, id_len
, 0, &rawcert
, &rawcertlen
)) {
612 if (handler
->id
== ISAKMP_CERTENC_X509_SIG
) {
613 cert
= handler
->cert_get(rawcert
, rawcertlen
);
615 LOG_DBG((LOG_CRYPTO
, 50, "rsa_sig_decode_hash:"
616 " certificate malformed"));
618 if (!handler
->cert_get_key(cert
, &key
)) {
619 log_print("rsa_sig_decode_hash: "
620 "decoding certificate failed");
621 handler
->cert_free(cert
);
624 LOG_DBG((LOG_CRYPTO
, 40,
625 "rsa_sig_decode_hash: using cert "
626 "of type %d", handler
->id
));
627 exchange
->recv_cert
= cert
;
628 exchange
->recv_certtype
= handler
->id
;
629 #if defined (USE_POLICY)
630 x509_generate_kn(exchange
->policy_id
,
632 #endif /* USE_POLICY */
635 } else if (handler
->id
== ISAKMP_CERTENC_KEYNOTE
)
636 handler
->cert_insert(exchange
->policy_id
, rawcert
);
640 * Walk over potential CERT payloads in this message.
641 * XXX I believe this is the wrong spot for this. CERTs can appear
644 for (p
= payload_first(msg
, ISAKMP_PAYLOAD_CERT
); p
;
645 p
= TAILQ_NEXT(p
, link
)) {
649 * When we have found a key, just walk over the rest, marking
655 handler
= cert_get(GET_ISAKMP_CERT_ENCODING(p
->p
));
657 LOG_DBG((LOG_MISC
, 30, "rsa_sig_decode_hash: "
658 "no handler for %s CERT encoding",
659 constant_name(isakmp_certenc_cst
,
660 GET_ISAKMP_CERT_ENCODING(p
->p
))));
663 cert
= handler
->cert_get(p
->p
+ ISAKMP_CERT_DATA_OFF
,
664 GET_ISAKMP_GEN_LENGTH(p
->p
) - ISAKMP_CERT_DATA_OFF
);
666 log_print("rsa_sig_decode_hash: "
667 "can not get data from CERT");
670 if (!handler
->cert_validate(cert
)) {
671 handler
->cert_free(cert
);
672 log_print("rsa_sig_decode_hash: received CERT can't "
676 if (GET_ISAKMP_CERT_ENCODING(p
->p
) ==
677 ISAKMP_CERTENC_X509_SIG
) {
678 if (!handler
->cert_get_subjects(cert
, &n
, &id_cert
,
680 handler
->cert_free(cert
);
681 log_print("rsa_sig_decode_hash: can not get "
682 "subject from CERT");
686 for (i
= 0; i
< n
; i
++)
687 if (id_cert_len
[i
] == id_len
&&
688 id
[0] == id_cert
[i
][0] &&
689 memcmp(id
+ 4, id_cert
[i
] + 4, id_len
- 4)
695 handler
->cert_free(cert
);
696 log_print("rsa_sig_decode_hash: no CERT "
697 "subject match the ID");
701 cert_free_subjects(n
, id_cert
, id_cert_len
);
703 if (!handler
->cert_get_key(cert
, &key
)) {
704 handler
->cert_free(cert
);
705 log_print("rsa_sig_decode_hash: decoding payload CERT "
709 /* We validated the cert, cache it for later use. */
710 handler
->cert_insert(exchange
->policy_id
, cert
);
712 exchange
->recv_cert
= cert
;
713 exchange
->recv_certtype
= GET_ISAKMP_CERT_ENCODING(p
->p
);
715 #if defined (USE_POLICY) || defined (USE_KEYNOTE)
716 if (exchange
->recv_certtype
== ISAKMP_CERTENC_KEYNOTE
) {
717 struct keynote_deckey dc
;
721 dc
.dec_algorithm
= KEYNOTE_ALGORITHM_RSA
;
724 pp
= kn_encode_key(&dc
, INTERNAL_ENC_PKCS1
,
725 ENCODING_HEX
, KEYNOTE_PUBLIC_KEY
);
728 log_print("rsa_sig_decode_hash: failed to "
732 dclen
= strlen(pp
) + sizeof "rsa-hex:";
733 exchange
->keynote_key
= calloc(dclen
, sizeof(char));
734 if (!exchange
->keynote_key
) {
737 log_print("rsa_sig_decode_hash: failed to "
738 "allocate %d bytes", dclen
);
741 snprintf(exchange
->keynote_key
, dclen
, "rsa-hex:%s",
750 #if defined (USE_DNSSEC)
752 * If no certificate provided a key, try to find a validated DNSSEC
756 rawkey
= dns_get_key(IKE_AUTH_RSA_SIG
, msg
, &rawkeylen
);
758 /* We need to convert 'void *rawkey' into 'RSA *key'. */
759 if (dns_RSA_dns_to_x509(rawkey
, rawkeylen
, &key
) == 0)
762 log_print("rsa_sig_decode_hash: KEY to RSA key "
763 "conversion failed");
768 #endif /* USE_DNSSEC */
770 #if defined (USE_RAWKEY)
771 /* If we still have not found a key, try to read it from a file. */
773 if (get_raw_key_from_file(IKE_AUTH_RSA_SIG
, id
, id_len
, &key
)
779 log_print("rsa_sig_decode_hash: no public key found");
782 p
= payload_first(msg
, ISAKMP_PAYLOAD_SIG
);
784 log_print("rsa_sig_decode_hash: missing signature payload");
788 /* Check that the sig is of the correct size. */
789 len
= GET_ISAKMP_GEN_LENGTH(p
->p
) - ISAKMP_SIG_SZ
;
790 if (len
!= RSA_size(key
)) {
792 log_print("rsa_sig_decode_hash: "
793 "SIG payload length does not match public key");
796 *hash_p
= malloc(len
);
799 log_error("rsa_sig_decode_hash: malloc (%d) failed", len
);
802 len
= RSA_public_decrypt(len
, p
->p
+ ISAKMP_SIG_DATA_OFF
, *hash_p
, key
,
806 log_print("rsa_sig_decode_hash: RSA_public_decrypt () failed");
809 /* Store key for later use */
810 exchange
->recv_key
= key
;
811 exchange
->recv_keytype
= ISAKMP_KEY_RSA
;
813 if (len
!= (int) hashsize
) {
816 log_print("rsa_sig_decode_hash: len %lu != hashsize %lu",
817 (unsigned long)len
, (unsigned long)hashsize
);
820 snprintf(header
, sizeof header
, "rsa_sig_decode_hash: HASH_%c",
821 initiator
? 'R' : 'I');
822 LOG_DBG_BUF((LOG_MISC
, 80, header
, *hash_p
, hashsize
));
827 #endif /* USE_X509 || USE_KEYNOTE */
830 pre_shared_encode_hash(struct message
*msg
)
832 struct exchange
*exchange
= msg
->exchange
;
833 struct ipsec_exch
*ie
= exchange
->data
;
834 size_t hashsize
= ie
->hash
->hashsize
;
836 int initiator
= exchange
->initiator
;
839 buf
= ipsec_add_hash_payload(msg
, hashsize
);
843 if (ike_auth_hash(exchange
, buf
+ ISAKMP_HASH_DATA_OFF
) == -1)
846 snprintf(header
, sizeof header
, "pre_shared_encode_hash: HASH_%c",
847 initiator
? 'I' : 'R');
848 LOG_DBG_BUF((LOG_MISC
, 80, header
, buf
+ ISAKMP_HASH_DATA_OFF
,
853 #if defined (USE_X509) || defined (USE_KEYNOTE)
854 /* Encrypt the HASH into a SIG type. */
856 rsa_sig_encode_hash(struct message
*msg
)
858 struct exchange
*exchange
= msg
->exchange
;
859 struct ipsec_exch
*ie
= exchange
->data
;
860 size_t hashsize
= ie
->hash
->hashsize
, id_len
;
861 struct cert_handler
*handler
;
863 int initiator
= exchange
->initiator
, idtype
;
864 u_int8_t
*buf
, *data
, *buf2
, *id
;
869 id
= initiator
? exchange
->id_i
: exchange
->id_r
;
870 id_len
= initiator
? exchange
->id_i_len
: exchange
->id_r_len
;
872 /* We may have been provided these by the kernel */
873 buf
= (u_int8_t
*) conf_get_str(exchange
->name
, "Credentials");
874 if (buf
&& (idtype
= conf_get_num(exchange
->name
, "Credential_Type",
876 exchange
->sent_certtype
= idtype
;
877 handler
= cert_get(idtype
);
879 log_print("rsa_sig_encode_hash: cert_get (%d) failed",
883 exchange
->sent_cert
=
884 handler
->cert_from_printable((char *)buf
);
885 if (!exchange
->sent_cert
) {
886 log_print("rsa_sig_encode_hash: failed to retrieve "
890 handler
->cert_serialize(exchange
->sent_cert
, &data
, &datalen
);
892 log_print("rsa_sig_encode_hash: cert serialization "
896 goto aftercert
; /* Skip all the certificate discovery */
898 /* XXX This needs to be configurable. */
899 idtype
= ISAKMP_CERTENC_KEYNOTE
;
901 /* Find a certificate with subjectAltName = id. */
902 handler
= cert_get(idtype
);
904 idtype
= ISAKMP_CERTENC_X509_SIG
;
905 handler
= cert_get(idtype
);
907 log_print("rsa_sig_encode_hash: cert_get(%d) failed",
912 if (handler
->cert_obtain(id
, id_len
, 0, &data
, &datalen
) == 0) {
913 if (idtype
== ISAKMP_CERTENC_KEYNOTE
) {
914 idtype
= ISAKMP_CERTENC_X509_SIG
;
915 handler
= cert_get(idtype
);
917 log_print("rsa_sig_encode_hash: cert_get(%d) "
921 if (handler
->cert_obtain(id
, id_len
, 0, &data
,
923 LOG_DBG((LOG_MISC
, 10, "rsa_sig_encode_hash: "
924 "no certificate to send"));
928 LOG_DBG((LOG_MISC
, 10,
929 "rsa_sig_encode_hash: no certificate to send"));
933 /* Let's store the certificate we are going to use */
934 exchange
->sent_certtype
= idtype
;
935 exchange
->sent_cert
= handler
->cert_get(data
, datalen
);
936 if (!exchange
->sent_cert
) {
938 log_print("rsa_sig_encode_hash: failed to get certificate "
939 "from wire encoding");
944 buf
= realloc(data
, ISAKMP_CERT_SZ
+ datalen
);
946 log_error("rsa_sig_encode_hash: realloc (%p, %d) failed", data
,
947 ISAKMP_CERT_SZ
+ datalen
);
951 memmove(buf
+ ISAKMP_CERT_SZ
, buf
, datalen
);
952 SET_ISAKMP_CERT_ENCODING(buf
, idtype
);
953 if (message_add_payload(msg
, ISAKMP_PAYLOAD_CERT
, buf
,
954 ISAKMP_CERT_SZ
+ datalen
, 1)) {
960 /* Again, we may have these from the kernel */
961 buf
= (u_int8_t
*) conf_get_str(exchange
->name
, "PKAuthentication");
963 key_from_printable(ISAKMP_KEY_RSA
, ISAKMP_KEYTYPE_PRIVATE
,
964 (char *)buf
, &data
, &datalen
);
966 log_print("rsa_sig_encode_hash: badly formatted RSA "
970 sent_key
= key_internalize(ISAKMP_KEY_RSA
,
971 ISAKMP_KEYTYPE_PRIVATE
, data
, datalen
);
973 log_print("rsa_sig_encode_hash: bad RSA private key "
974 "from dynamic SA acquisition subsystem");
978 /* Try through the regular means. */
979 switch (id
[ISAKMP_ID_TYPE_OFF
- ISAKMP_GEN_SZ
]) {
980 case IPSEC_ID_IPV4_ADDR
:
981 case IPSEC_ID_IPV6_ADDR
:
982 util_ntoa((char **)&buf2
,
983 id
[ISAKMP_ID_TYPE_OFF
- ISAKMP_GEN_SZ
] ==
984 IPSEC_ID_IPV4_ADDR
? AF_INET
: AF_INET6
,
985 id
+ ISAKMP_ID_DATA_OFF
- ISAKMP_GEN_SZ
);
991 case IPSEC_ID_USER_FQDN
:
992 buf2
= calloc(id_len
- ISAKMP_ID_DATA_OFF
+
993 ISAKMP_GEN_SZ
+ 1, sizeof(char));
995 log_print("rsa_sig_encode_hash: malloc (%lu) "
996 "failed", (unsigned long)id_len
-
997 ISAKMP_ID_DATA_OFF
+ ISAKMP_GEN_SZ
+ 1);
1000 memcpy(buf2
, id
+ ISAKMP_ID_DATA_OFF
- ISAKMP_GEN_SZ
,
1001 id_len
- ISAKMP_ID_DATA_OFF
+ ISAKMP_GEN_SZ
);
1004 /* XXX Support more ID types? */
1010 sent_key
= ike_auth_get_key(IKE_AUTH_RSA_SIG
, exchange
->name
,
1014 /* Did we find a key? */
1016 log_print("rsa_sig_encode_hash: "
1017 "could not get private key");
1022 /* Enable RSA blinding. */
1023 if (RSA_blinding_on(sent_key
, NULL
) != 1) {
1024 log_error("rsa_sig_encode_hash: RSA_blinding_on () failed.");
1027 /* XXX hashsize is not necessarily prf->blocksize. */
1028 buf
= malloc(hashsize
);
1030 log_error("rsa_sig_encode_hash: malloc (%lu) failed",
1031 (unsigned long)hashsize
);
1034 if (ike_auth_hash(exchange
, buf
) == -1) {
1038 snprintf(header
, sizeof header
, "rsa_sig_encode_hash: HASH_%c",
1039 initiator
? 'I' : 'R');
1040 LOG_DBG_BUF((LOG_MISC
, 80, header
, buf
, hashsize
));
1042 data
= malloc(RSA_size(sent_key
));
1044 log_error("rsa_sig_encode_hash: malloc (%d) failed",
1045 RSA_size(sent_key
));
1048 sigsize
= RSA_private_encrypt(hashsize
, buf
, data
, sent_key
,
1050 if (sigsize
== -1) {
1051 log_print("rsa_sig_encode_hash: "
1052 "RSA_private_encrypt () failed");
1059 datalen
= (u_int32_t
) sigsize
;
1063 buf
= realloc(data
, ISAKMP_SIG_SZ
+ datalen
);
1065 log_error("rsa_sig_encode_hash: realloc (%p, %d) failed", data
,
1066 ISAKMP_SIG_SZ
+ datalen
);
1070 memmove(buf
+ ISAKMP_SIG_SZ
, buf
, datalen
);
1072 snprintf(header
, sizeof header
, "rsa_sig_encode_hash: SIG_%c",
1073 initiator
? 'I' : 'R');
1074 LOG_DBG_BUF((LOG_MISC
, 80, header
, buf
+ ISAKMP_SIG_DATA_OFF
,
1076 if (message_add_payload(msg
, ISAKMP_PAYLOAD_SIG
, buf
,
1077 ISAKMP_SIG_SZ
+ datalen
, 1)) {
1083 #endif /* USE_X509 || USE_KEYNOTE */
1086 ike_auth_hash(struct exchange
*exchange
, u_int8_t
*buf
)
1088 struct ipsec_exch
*ie
= exchange
->data
;
1090 struct hash
*hash
= ie
->hash
;
1091 int initiator
= exchange
->initiator
;
1095 /* Choose the right fields to fill-in. */
1096 id
= initiator
? exchange
->id_i
: exchange
->id_r
;
1097 id_len
= initiator
? exchange
->id_i_len
: exchange
->id_r_len
;
1099 /* Allocate the prf and start calculating our HASH. */
1100 prf
= prf_alloc(ie
->prf_type
, hash
->type
, ie
->skeyid
, ie
->skeyid_len
);
1104 prf
->Init(prf
->prfctx
);
1105 prf
->Update(prf
->prfctx
, initiator
? ie
->g_xi
: ie
->g_xr
, ie
->g_x_len
);
1106 prf
->Update(prf
->prfctx
, initiator
? ie
->g_xr
: ie
->g_xi
, ie
->g_x_len
);
1107 prf
->Update(prf
->prfctx
, exchange
->cookies
+
1108 (initiator
? ISAKMP_HDR_ICOOKIE_OFF
: ISAKMP_HDR_RCOOKIE_OFF
),
1109 ISAKMP_HDR_ICOOKIE_LEN
);
1110 prf
->Update(prf
->prfctx
, exchange
->cookies
+
1111 (initiator
? ISAKMP_HDR_RCOOKIE_OFF
: ISAKMP_HDR_ICOOKIE_OFF
),
1112 ISAKMP_HDR_ICOOKIE_LEN
);
1113 prf
->Update(prf
->prfctx
, ie
->sa_i_b
, ie
->sa_i_b_len
);
1114 prf
->Update(prf
->prfctx
, id
, id_len
);
1115 prf
->Final(buf
, prf
->prfctx
);
1120 #if defined (USE_RAWKEY)
1122 get_raw_key_from_file(int type
, u_int8_t
*id
, size_t id_len
, RSA
**rsa
)
1124 char filename
[FILENAME_MAX
];
1128 if (type
!= IKE_AUTH_RSA_SIG
) { /* XXX More types? */
1129 LOG_DBG((LOG_NEGOTIATION
, 20, "get_raw_key_from_file: "
1130 "invalid auth type %d\n", type
));
1135 fstr
= conf_get_str("General", "Pubkey-directory");
1137 fstr
= CONF_DFLT_PUBKEY_DIR
;
1139 if (snprintf(filename
, sizeof filename
, "%s/", fstr
) >
1140 (int)sizeof filename
- 1)
1143 fstr
= ipsec_id_string(id
, id_len
);
1145 LOG_DBG((LOG_NEGOTIATION
, 50, "get_raw_key_from_file: "
1146 "ipsec_id_string failed"));
1149 strlcat(filename
, fstr
, sizeof filename
- strlen(filename
));
1152 /* If the file does not exist, fail silently. */
1153 keyfp
= monitor_fopen(filename
, "r");
1155 *rsa
= PEM_read_RSA_PUBKEY(keyfp
, NULL
, NULL
, NULL
);
1157 } else if (errno
!= ENOENT
) {
1158 log_error("get_raw_key_from_file: monitor_fopen "
1159 "(\"%s\", \"r\") failed", filename
);
1162 LOG_DBG((LOG_NEGOTIATION
, 50,
1163 "get_raw_key_from_file: file %s not found", filename
));
1165 return (*rsa
? 0 : -1);
1167 #endif /* USE_RAWKEY */