/*
* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: IKEv2/IPSEC SA negotiation
*
*/
#include <random.h>
#include <in_sock.h>
#include "ikev2Negotiation.h"
#include "ikedebug.h"
#include "ikev2natt.h"
#include "ikev2mobike.h"
#include "ikev2proposal.h"
#include "ikev2SAdata.h"
#include "ikev2pluginsession.h"
#include "ikev2pfkey.h"
#include "ikev2config.h"
#include "ikev2EapInterface.h"
#include "ikev2payloads.h"
#include "ikev2const.h"
#include "ikemsgrec.h"
#include "ipsecproposal.h"
#include "ipsecselectors.h"
#include "ikepolparser.h"
#include "kmdapi.h"
#include "ikecaelem.h"
#include "ikecalist.h"
#include "ikepkiutils.h"
#include "vpnapidefs.h"
#include "kmdeventloggerif.h"
#include "ipsecsalist.h"
#include "ikev2message.h"
#include "ikev2identity.h"
#include "ikev2acquire.h"
#include "ikev2expire.h"
#include "ikev2ipsecsarekeydata.h"
#include "ikev2messagesendqueue.h"
_LIT8(KIkev2PSKData, "Key Pad for IKEv2");
_LIT8(KZeroDesc, "");
CIkev2Negotiation* CIkev2Negotiation::NewL(CIkev2PluginSession& aIkeV2PlugInSession,
CPFKeySocketIf& aPfKeySocketIf,
MKmdEventLoggerIf& aEventLogger,
CIkev2MessageSendQueue& aMessageSendQue,
MIkeDebug& aDebug,
CIkeData* aIkeData,
TUint32 aVpnIapId,
TUint32 aSaId,
TInetAddr aPhysicalInterfaceAddress,
TInetAddr aRemoteAddress)
{
CIkev2Negotiation* self = new (ELeave) CIkev2Negotiation(aIkeV2PlugInSession, aPfKeySocketIf,
aEventLogger, aMessageSendQue,
aDebug, aSaId);
CleanupStack::PushL(self);
self->ConstructL();
self->iHdr.iIkeData = aIkeData;
self->iHdr.iVpnIapId = aVpnIapId;
self->iProcessEvents = ETrue;
self->iHdr.iRemoteAddr = aRemoteAddress;
self->iHdr.iRemoteAddr.SetPort(IKE_PORT);
//
// Get IP address information for IKE SA negotiation
// Remote address is taken from current IKE policy data (CIkeData)
// Local address is resolved via IKE policy using policy handle
//
if ( self->iHdr.iRemoteAddr.IsUnspecified() )
{
self->iHdr.iRemoteAddr = self->iHdr.iIkeData->iAddr;
self->iHdr.iRemoteAddr.SetPort(IKE_PORT);
}
self->iHdr.iDestinAddr = self->iHdr.iRemoteAddr;
self->iHdr.iLocalAddr = aPhysicalInterfaceAddress;
TInt Scope = self->iHdr.iRemoteAddr.Scope();
if ( Scope )
self->iHdr.iLocalAddr.SetScope(Scope); // Set local scope same with remote scope
CleanupStack::Pop(self);
return self;
}
CIkev2Negotiation* CIkev2Negotiation::NewL(CIkev2PluginSession& aIkeV2PlugInSession,
CPFKeySocketIf& aPfKeySocketIf,
MKmdEventLoggerIf& aEventLogger,
CIkev2MessageSendQueue& aMessageSendQue,
MIkeDebug& aDebug,
TIkev2SAData& aIkev2SAdata)
{
CIkev2Negotiation* self = new (ELeave) CIkev2Negotiation(aIkeV2PlugInSession, aPfKeySocketIf,
aEventLogger, aMessageSendQue,
aDebug, aIkev2SAdata.SaId());
CleanupStack::PushL(self);
self->ConstructL();
self->iHdr.Copy(aIkev2SAdata);
self->iState = KStateIkeSaCompleted;
CleanupStack::Pop(self);
return self;
}
CIkev2Negotiation::CIkev2Negotiation(CIkev2PluginSession& aIkeV2PlugInSession, CPFKeySocketIf& aPfKeySocketIf,
MKmdEventLoggerIf& aEventLogger, CIkev2MessageSendQueue& aMessageSendQue,
MIkeDebug& aDebug, TUint32 aSaId)
: iChild(aDebug), iIkeV2PlugInSession(aIkeV2PlugInSession), iPfKeySocketIf(aPfKeySocketIf),
iEventLogger(aEventLogger), iMessageSendQue(aMessageSendQue),iDebug(aDebug), iDHGroupGuess(1)
{
DEBUG_LOG1(_L("CIkev2Negotiation::CIkev2Negotiation: 0x%08x"), this);
iHdr.SetSaId(aSaId);
iHdr.iWindowSize = DEF_MSG_ID_WINDOW;
}
void CIkev2Negotiation::ConstructL()
{
iTimer = CIkev2RetransmitTimer::NewL(*this);
iSpiRetriever = CIpsecSaSpiRetriever::NewL(*this, iPfKeySocketIf);
iIkeV2PlugInSession.LinkNegotiation(this); // <- takes ownership of this
iProcessEvents = ETrue;
}
CIkev2Negotiation::~CIkev2Negotiation()
{
delete iSpiRetriever;
// Turn off event processing to prevent EAPVPNIF event
iProcessEvents = EFalse;
delete iTimer;
DEBUG_LOG1(_L("CIkev2Negotiation::~CIkev2Negotiation: 0x%08x"), this);
iIkeV2PlugInSession.RemoveNegotiation(this);
iHdr.CleanUp();
//
// Purge Acquire, Expire and Info message queues
//
CIkev2Acquire::PurgeQue(GetAcquireQue());
CIkev2Expire::PurgeQue(GetExpireQue());
delete iPeerCert;
delete iSavedSaInit;
delete iProposedSA;
delete iDHKeys;
delete iDHPublicPeer;
delete iNonce_I;
delete iNonce_R;
delete iAuthMsgInit;
delete iAuthMsgResp;
delete iRemoteIdentity;
delete iLocalIdentity;
delete iNatNotify;
delete iConfigMode;
delete iEapPlugin;
delete iPkiService;
delete iPresharedKey;
delete iChildSaRequest;
}
void CIkev2Negotiation::StartIkeSANegotiationL()
{
__ASSERT_DEBUG(iChildSaRequest == NULL, User::Invariant());
//This method should be called only if we have IA in use.
//Otherwise the negotiation should start with ProcessAcquire
__ASSERT_DEBUG(iHdr.iIkeData->iUseInternalAddr, User::Invariant());
//
// This method is called when an IKE SA negotiation is started due
// a RKMD::Activate() request with policy that uses IA.
//
iHdr.iInitiator = ETrue;
LoadEapPluginL();
GetNonceDataL(ETrue);
CIkev2Acquire* Acquire = IpsecSelectors::BuildVirtualAcquireL(iIkeV2PlugInSession);
CleanupStack::PushL(Acquire);
if ( !InitPkiServiceL() )
{
//No PkiService Needed.
//Continue by requesting SPI for IPsecSA.
CIkev2Acquire::Link(Acquire, GetAcquireQue());
//
// Get SPI for inbound SA with PFKEY GETSPI primitive
//
GetIpsecSPI(Acquire);
}
else
{
iChildSaRequest = Acquire;
}
CleanupStack::Pop(Acquire);
}
TBool CIkev2Negotiation::StartRespondingL(const ThdrISAKMP& aIkeMessage)
{
//
// This method is called when local end is going to ACT as a
// responder of an IKE SA negotiation.
// Initialize PKI service usage, if needed. Because PKI service
// initialisation is an asynchronous operation we must take a copy
// of incoming IKE message from where it is processed when PKI
// service initialisation is completed.
//
TBool Status( InitPkiServiceL() );
if ( Status )
{
TInt MsgLth = (TInt)aIkeMessage.GetLength();
delete iSavedSaInit;
iSavedSaInit = NULL;
iSavedSaInit = HBufC8::NewL(MsgLth);
iSavedSaInit->Des().Copy((TUint8*)&aIkeMessage, MsgLth);
}
return !Status;
}
void CIkev2Negotiation::StartIkeSADeleteL()
{
//
// This method is called when an IKE SA shall be deleted either due
// IKE SA timeout or due a RKMD::Deactivate() request
//
BuildDeleteRequestL(NULL);
}
void CIkev2Negotiation::IkeSaCompletedL()
{
//
// This method is when an IKE SA negotiation has been succesfully
// completed.
// The following actions are taken:
// -- Get Virtual IP from iConfigMode object, if present and
// modify IKE SA lifetime if Virtual Ip expiration time is
// shorter than configured iKE SA lifetime
// -- Create a new IKE SA object, if not a rekeyd IKE SA
// -- If activation going, call IkeSaCompleted method in plug-in
//
TVPNAddress VirtualIp;
if ( iConfigMode )
{
VirtualIp = iConfigMode->VirtualIp();
iHdr.StoreVirtualIp(VirtualIp.iVPNIfAddr);
TUint32 ExpireTime = iConfigMode->ExpireTime();
if ( ExpireTime && (ExpireTime < iHdr.iLifetime) )
iHdr.iLifetime = ExpireTime;
}
if(!iIkeV2PlugInSession.FindIkev2SA(iHdr.SaId(), KSaStateNotDefined, KSaStateNotDefined))
{
iIkeV2PlugInSession.CreateIkev2SAL(iHdr);
}
iIkeV2PlugInSession.IkeSaCompleted(KErrNone, VirtualIp);
iEventLogger.LogEvent(MKmdEventLoggerIf::KLogInfo, R_VPN_MSG_VPN_GW_AUTH_OK, KErrNone,
iHdr.iVpnIapId, &iHdr.iRemoteAddr);
iEventLogger.LogEvent(MKmdEventLoggerIf::KLogInfo, R_VPN_MSG_ADDR_INFO_FOR_VPN_AP,
iHdr.iNATFlags, iHdr.iVpnIapId,
(!VirtualIp.iVPNIfAddr.IsUnspecified() ? &(VirtualIp.iVPNIfAddr) : NULL));
if ( iChildSaRequest )
{
IpsecSANegotiatedL();
}
if ( RequestsPending() )
{
ContinueIkeNegotiationL();
}
else
{
if ( !iHdr.iInitiator )
{
iIkeV2PlugInSession.StopResponding();
delete this; // Current negotiation can be deleted
}
else iStopped = ETrue;
}
}
void CIkev2Negotiation::IkeSaFailed(TInt Status)
{
//
// This method is when a IKE SA negotiation has failed
// The following actions are taken:
//
TVPNAddress dummyVirtualIp;
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
if ( !iHdr.iInitiator )
iIkeV2PlugInSession.StopResponding();
if ( (iSendAttempt <= KMaxSendAttemps ) &&
((iState == KStateIkeSaEapStarted) ||
(iState == KStateIkeSaEapGoing)))
iDeleteIkeSA = ETrue;
else iStopped = ETrue;
iEventLogger.LogEvent(MKmdEventLoggerIf::KLogError, R_VPN_MSG_REAL_IAP_ACT_FAILED, Status,
iHdr.iVpnIapId, &iHdr.iRemoteAddr);
iIkeV2PlugInSession.IkeSaCompleted(Status, dummyVirtualIp);
}
void CIkev2Negotiation::IpsecSANegotiatedL()
{
//
// This method is when an Ipsec SA negotiation has been succesfully
// completed.
// -- Update Ipsec SADB using PFKEY Update and Add primitives
// -- Find a new IKE SA object and queue Ipsec SA data into it
// -- Try to start a new exchange from queue, if there is nothing
// to start in queues mark current negotiation stopped
//
iChild.iSrcSpecific = iChildSaRequest->SrcSpecific();
Ikev2Pfkey::UpdateIpsecSaDataBaseL(iHdr, iChild, iIkeV2PlugInSession, *iChildSaRequest);
CIpsecSARekeyData* rekeyData =
CIpsecSARekeyData::NewL(iChildSaRequest->ReplayWindow(),
iChildSaRequest->HardLifetime(),
iChildSaRequest->SoftLifetime(),
iChildSaRequest->TS_i(),
iChildSaRequest->TS_r(),
*iChildSaRequest->LocalId(),
*iChildSaRequest->RemoteId());
iChild.PurgeKeyMaterial(); // Ipsec Keymaterial not saved into IKE SA
iChild.DeleteRekeyData();
iChild.iRekeyData = rekeyData;
iIkeV2PlugInSession.UpdateIkev2SAL(&iHdr, &iChild);
delete iChildSaRequest;
iChildSaRequest = NULL;
if ( RequestsPending() )
ContinueIkeNegotiationL();
else
{ if ( iState == KStateIkeChildSAResponse )
delete this;
else iStopped = ETrue;
}
}
void CIkev2Negotiation::ProcessIkeMessageL(const ThdrISAKMP& aIkeMessage,
const TInetAddr& aRemote,
TUint16 aLocalPort)
{
//
// Start to process received IKE message by constructing a
// CIkev2Payloads object. CIkev2Payloads construction takes also
// care of the decryption of an Encrypted payload if present.
//
TBool Status( ETrue );
CIkev2Payloads* IkeMsg = CIkev2Payloads::NewL(aIkeMessage, iHdr);
CleanupStack::PushL(IkeMsg);
DEBUG_LOG2(_L("Process IKE message, SAID=%d, Msg ID=%d"),
iHdr.SaId(), aIkeMessage.GetMessageId());
if ( IkeMsg->Status() )
{
//
// An error occurred during IKE message parsing
//
SetNotifyCode(IkeMsg->Status());
DEBUG_LOG1(_L("Error in parsing of received IKE message: %d"), IkeMsg->Status());
if ( !iHdr.iInitiator && iState == KStateIdle )
{
iStopped = ETrue; // Negotiation object shall be released
}
else
{
CheckNotifyCodeL(IkeMsg);
}
CleanupStack::PopAndDestroy(IkeMsg); // IkeMsg
return;
}
if ( (iHdr.iNATFlags & (REMOTE_END_NAT + MOBIKE_USED)) &&
IkeMsg->Encrypted() )
{
//
// Received IKE message contains Encrypted payload. Save source
// IP as new destination IP to negotiation object
//
iHdr.iDestinAddr = aRemote;
iHdr.iDestinAddr.SetPort(FLOATED_IKE_PORT);
}
TPtrC8 ikeMsgDes((TUint8*)&aIkeMessage, aIkeMessage.GetLength());
TInetAddr localAddr(iHdr.iLocalAddr);
localAddr.SetPort(aLocalPort);
TRACE_MSG(ikeMsgDes, aRemote, localAddr,
(CIkePcapTrace::TEncryptionType)iHdr.iEncrAlg);
//
// Process received IKE message according to Exchange type
//
switch ( aIkeMessage.GetExchange() )
{
case IKE_SA_INIT:
DEBUG_LOG(_L("IKE_SA_INIT message received"));
Status = ProcessIkeSaInitL(IkeMsg, aRemote);
if ( !Status )
IkeSaFailed(KKmdIkeNegotFailed);
break;
case IKE_AUTH:
DEBUG_LOG(_L("IKE_AUTH message received"));
Status = ProcessIkeAuthL(IkeMsg);
if ( !Status )
IkeSaFailed(KKmdIkeAuthFailedErr);
break;
case CREATE_CHILD_SA:
DEBUG_LOG(_L("CREATE_CHILD_SA message received"));
Status = ProcessChildSaL(IkeMsg);
break;
case INFORMATIONAL:
DEBUG_LOG(_L("INFORMATION message received"));
Status = ProcessInfoMsgL(IkeMsg);
break;
default:
DEBUG_LOG(_L("UNKNOWN message received\n"));
Status = EFalse; // Negotiation object shall be released
break;
}
if ( !Status )
{
if ( iDeleteIkeSA )
{
//
// Used IKE SA shall be deleted due the fatal error occurred.
//
iDeleteIkeSA = EFalse;
iIkeV2PlugInSession.DeleteIkev2SA(iHdr.SaId());
BuildDeleteRequestL(NULL);
}
else
{
CheckNotifyCodeL(IkeMsg);
}
}
CleanupStack::PopAndDestroy(IkeMsg);
}
void CIkev2Negotiation::ProcessAcquireL(const TPfkeyMessage &aPfkeyMsg)
{
//
// Process received PFKEY Acquire primitive
// There is now the following possibilities:
// -- There already exists an IKE SA so new IPSEC SA is negotiated
// using IKE_CHILD_SA exchange
// -- The is no IKE SA yet.
// IPSEC SA can be negotiated concatenated during IKE_AUTH.
// If Virtual IP is specified, the CP payload is used to get
// that virtual IP address.
//
CIkev2Acquire* Acquire = CIkev2Acquire::NewL(aPfkeyMsg, iIkeV2PlugInSession.GetSAId(),
GetLocalAddr(),
Ikev2Proposal::GetDHGroup(iHdr.iIkeData->iGroupDesc_II), ImplicitChildSa());
if ( iState == KStateIdle )
{
CleanupStack::PushL(Acquire);
LoadEapPluginL();
iHdr.iInitiator = ETrue;
GetNonceDataL(ETrue); // For IKE SA
if ( iHdr.iIkeData->iUseInternalAddr )
{
CArrayFix<TIkeV2TrafficSelector>* TsI = new (ELeave) CArrayFixFlat<TIkeV2TrafficSelector>(1);
CleanupStack::PushL(TsI);
TInetAddr StartIp;
TInetAddr EndIp;
StartIp.SetAddress(KInetAddrNone); // 0.0.0.0
StartIp.SetPort(0);
EndIp.SetAddress(KInetAddrAll); // 255.255.255.255
EndIp.SetPort(0xffff);
TIkeV2TrafficSelector ts(StartIp, EndIp,
aPfkeyMsg.iDstAddr.iExt->sadb_address_proto);
TsI->AppendL(ts);
CleanupStack::Pop(TsI);
Acquire->ReplaceTS_i(TsI);
Acquire->SetVirtualIp();
}
if ( InitPkiServiceL() )
{
// Store Acquire to wait PKI service init
iChildSaRequest = Acquire;
CleanupStack::Pop(Acquire);
return;
}
CleanupStack::Pop(Acquire);
}
CIkev2Acquire::Link(Acquire, GetAcquireQue());
GetIpsecSPI(Acquire);
}
void CIkev2Negotiation::ProcessExpireL(const TPfkeyMessage &aPfkeyMsg)
{
//
// Process received PFKEY Expire primitive
// Try to find first IPSEC SA data from the "parent" IKE SA and set
// inbound SA to zero in TIpsecSAData
//
TPtrC8 spi(reinterpret_cast<const TUint8*>(&aPfkeyMsg.iSa.iExt->sadb_sa_spi),
sizeof(aPfkeyMsg.iSa.iExt->sadb_sa_spi));
TIkeV2IpsecSAData* SaData =
iIkeV2PlugInSession.FindIpsecSAData(iHdr.SaId(), spi, ETrue);
if ( !SaData )
{
DEBUG_LOG(_L("PFKEY Expire received but no SA data found, stop negotiation"));
iStopped = ETrue;
return;
}
SaData->iSPI_In.Zero();
CIkev2Expire* Expire = CIkev2Expire::NewL(aPfkeyMsg);
CIkev2Expire::Link(Expire, GetExpireQue());
ContinueIkeNegotiationL();
}
void CIkev2Negotiation::StartIpsecSaRekeyingL(const TPfkeyMessage &aPfkeyMsg)
{
TPtrC8 spi(reinterpret_cast<const TUint8*>(&aPfkeyMsg.iSa.iExt->sadb_sa_spi),
sizeof(aPfkeyMsg.iSa.iExt->sadb_sa_spi));
TIkeV2IpsecSAData* SaData =
iIkeV2PlugInSession.FindIpsecSAData(iHdr.SaId(), spi, ETrue);
if ( !SaData )
{
DEBUG_LOG(_L("No IPSec SA data found, stop rekeying"));
iStopped = ETrue;
return;
}
iStopped = ETrue;
CArrayFix<TIkeV2TrafficSelector>* tsIArray = SaData->iRekeyData->TsIL();
CleanupStack::PushL(tsIArray);
CArrayFix<TIkeV2TrafficSelector>* tsRArray = SaData->iRekeyData->TsRL();
CleanupStack::PushL(tsRArray);
__ASSERT_DEBUG(tsIArray->Count() > 0, User::Invariant());
__ASSERT_DEBUG(tsRArray->Count() > 0, User::Invariant());
TIkeV2TrafficSelector tsI = (*tsIArray)[0];
TIkeV2TrafficSelector tsR = (*tsRArray)[0];
CleanupStack::PopAndDestroy(tsRArray);
CleanupStack::PopAndDestroy(tsIArray);
TInetAddr localSelector;
TInetAddr localSelectorMask;
TInetAddr remoteSelector;
TInetAddr remoteSelectorMask;
if (iHdr.iInitiator)
{
localSelector = tsI.StartingAddress();
localSelectorMask = tsI.Mask();
remoteSelector = tsR.StartingAddress();
remoteSelectorMask = tsR.Mask();
}
else
{
localSelector = tsR.StartingAddress();
localSelectorMask = tsR.Mask();
remoteSelector = tsI.StartingAddress();
remoteSelectorMask = tsI.Mask();
}
CIpsecSaSpecList* SaList = iIkeV2PlugInSession.GetIPsecSaSpecListL(localSelector, localSelectorMask, //local address/port info
remoteSelector, remoteSelectorMask,
aPfkeyMsg.iDstAddr.iExt->sadb_address_proto);
CleanupStack::PushL(SaList);
__ASSERT_DEBUG(SaList != NULL, User::Invariant());
__ASSERT_DEBUG(SaList->Count() > 0, User::Invariant());
iStopped = EFalse;
const TIpsecSaSpec& saSpec = SaList->At(0);
CIkev2Acquire* Acquire = CIkev2Acquire::NewL(aPfkeyMsg, iIkeV2PlugInSession.GetSAId(), GetLocalAddr(),
Ikev2Proposal::GetDHGroup(iHdr.iIkeData->iGroupDesc_II), ImplicitChildSa(),
&saSpec, SaData->iRekeyData);
CleanupStack::PopAndDestroy(SaList); //SaList
Acquire->SetSPI_ToBeRekeyed(spi);
if ( iState == KStateIdle )
{
CleanupStack::PushL(Acquire);
LoadEapPluginL();
iHdr.iInitiator = ETrue;
GetNonceDataL(ETrue); // For IKE SA
if ( iHdr.iIkeData->iUseInternalAddr )
{
CArrayFix<TIkeV2TrafficSelector>* TsI = new (ELeave) CArrayFixFlat<TIkeV2TrafficSelector>(1);
CleanupStack::PushL(TsI);
TInetAddr StartIp;
TInetAddr EndIp;
StartIp.SetAddress(KInetAddrNone); // 0.0.0.0
StartIp.SetPort(0);
EndIp.SetAddress(KInetAddrAll); // 255.255.255.255
EndIp.SetPort(0xffff);
TIkeV2TrafficSelector ts(StartIp, EndIp,
aPfkeyMsg.iDstAddr.iExt->sadb_address_proto);
TsI->AppendL(ts);
Acquire->ReplaceTS_i(TsI);
CleanupStack::Pop(TsI);
Acquire->SetVirtualIp();
}
if ( InitPkiServiceL() )
{
iChildSaRequest = Acquire; // Store Acquire to wait PKI service init
CleanupStack::Pop(Acquire);
return;
}
CleanupStack::Pop(Acquire);
}
CIkev2Acquire::Link(Acquire, GetAcquireQue());
GetIpsecSPI(Acquire);
}
void CIkev2Negotiation::GetIpsecSPI(CIkev2Acquire* aAcquire)
{
ASSERT(aAcquire);
//
// Get SPI for inbound SA with PFKEY GETSPI primitive
//
TInetAddr DstAddr;
if ( aAcquire->SrcSpecific() )
DstAddr = iHdr.iLocalAddr;
else DstAddr.Init(0);
DstAddr.SetPort(0);
TInetAddr SrcAddr = iHdr.iRemoteAddr;
SrcAddr.SetPort(0);
iSpiRetriever->GetIpsecSaSpi(aAcquire->Id(),
aAcquire->IpsecProtocol(),
SrcAddr, DstAddr);
}
void CIkev2Negotiation::IpsecSaSpiRetrieved(TUint32 aSpiRequestId,
TInt aStatus,
TUint32 aSpi)
{
if (aStatus == KErrNone)
{
TRAP(aStatus, IpsecSaSpiRetrievedL(aSpiRequestId, aSpi));
}
if (aStatus != KErrNone)
{
//Leave that we have not been able to handle
//above layers. We bail out and report error.
iIkeV2PlugInSession.DeleteIkev2SA(iHdr.SaId());
iIkeV2PlugInSession.IkeSaDeleted(aStatus);
delete this;
}
}
void CIkev2Negotiation::CancelOperation()
{
if ( iTimer != NULL )
{
iTimer->Cancel();
}
if ( iSpiRetriever != NULL )
{
iSpiRetriever->Cancel();
}
}
void CIkev2Negotiation::IpsecSaSpiRetrievedL(TUint32 aSpiRequestId, TUint32 aSpi)
{
DEBUG_LOG(_L("CIkev2Negotiation::SpiRetrievedL"));
//
// Ipsec SPI received. Find an Acquire object for received SPI and
// save SPI into found object.
//
CIkev2Acquire* Acquire = CIkev2Acquire::Find(aSpiRequestId, GetAcquireQue());
__ASSERT_DEBUG(Acquire, User::Invariant());
TPtrC8 spiPtr(reinterpret_cast<TUint8*>(&aSpi), sizeof(aSpi));
Acquire->SetSPI_In(spiPtr);
//
// Ipsec SPI received. Find an Acquire object for received SPI and
// save SPI into found object.
//
ContinueIkeNegotiationL();
}
void CIkev2Negotiation::ContinueIkeNegotiationL()
{
//
// This method takes actions according to current state (iState) of
// the negotiation.
//
CIkev2Acquire* Acquire;
CIkev2Expire* Expire;
switch ( iState )
{
case KStateIdle:
//
// Start IKE_SA_INIT exchange
//
StartIkeSaInitL();
break;
case KStateIkeSaAuthWaitSpi:
{
//
// Complete IKE_AUTH exchange (with concatenated Child SA)
//
iChildSaRequest = CIkev2Acquire::GetNext(GetAcquireQue(), ETrue);
DEBUG_LOG(_L("CIkev2Negotiation::ContinueIkeNegotiationL"));
DEBUG_LOG1(_L("iChildSaRequest is %d"), (TInt)iChildSaRequest);
SendIkeAuthMessageL();
}
break;
case KStateIkeSaCompleted:
//
// There is no activity going on this negotiation
// If there is something in request queues start process
// them in the following order:
// -- Check if there is something in info queue (NIY)
// -- Check if there is something in expire queue (NIY)
// -- Check if there is ready responses in acquire queue
// -- Check if there is ready request in acquire queue
//
Expire = CIkev2Expire::GetNext(GetExpireQue());
if ( Expire )
{
CleanupStack::PushL(Expire);
BuildDeleteRequestL(Expire);
CleanupStack::PopAndDestroy(Expire);
}
else
{
Acquire = CIkev2Acquire::GetNext(GetAcquireQue(), ETrue);
if ( Acquire )
{
BuildChildSAMessageL(Acquire, EFalse);
}
else
{
Acquire = CIkev2Acquire::GetNext(GetAcquireQue(), EFalse);
BuildChildSAMessageL(Acquire, ETrue);
}
}
break;
default:
break;
}
}
void CIkev2Negotiation::StartIkeSaInitL()
{
//
// Create Initiator SPI for the new IKE SA
//
CreateIkeSPI(iHdr.SpiI());
//
// Get required peer identity from policy (IDr)
//
iRemoteIdentity = Ikev2Proposal::GetRemoteIdentityL(iHdr.iIkeData);
__ASSERT_ALWAYS(iHdr.iInitiator, User::Invariant());
//
// Build and send the first IKE_SA_INIT message (request)
// HDR, SAi1, KEi, Ni, N[NAT_SRC], N[NAT_DST]
//
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
IKE_SA_INIT,
iHdr.iInitiator,
EFalse,
iHdr.NextRequestId(),
iDebug);
CleanupStack::PushL(ikeMsg);
HBufC8* saBfr = Ikev2Proposal::FromPolicyToProposaL(iHdr, iSPI_Rekey, iDHGroupGuess);
CleanupStack::PushL(saBfr);
ikeMsg->AppendSaPayloadL(*saBfr);
CleanupStack::Pop(saBfr);
SetProposedSa(saBfr);
AppendKEPayloadL(*ikeMsg, iHdr.iDHGroup);
ikeMsg->AppendNoncePayloadL(*iNonce_I);
if ( !iHdr.iIkeData->iUseNatProbing )
{
delete iNatNotify;
iNatNotify = NULL;
TInetAddr LocalIp;
if ( iHdr.iIkeData->iUseMobIke )
LocalIp.SetAddress(KInetAddrNone);
else LocalIp = iHdr.iLocalAddr;
iNatNotify = CIkev2NatT::NewL(
LocalIp, iHdr.iRemoteAddr, IKE_PORT, ikeMsg->InitiatorSpi(), ikeMsg->ResponderSpi());
ikeMsg->AppendNotifyPayloadL(IKEV2_PROTOCOL, KZeroDesc, NAT_DETECTION_SOURCE_IP,
iNatNotify->SourceNofify());
ikeMsg->AppendNotifyPayloadL(IKEV2_PROTOCOL, KZeroDesc, NAT_DETECTION_DESTINATION_IP,
iNatNotify->DestinNofify());
}
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
iState = KStateIkeSaInitRequest;
}
void CIkev2Negotiation::SendIkeAuthMessageL()
{
//
// Build and send IKE_AUTH message
// IKE_AUTH message sent by the initiator is the following:
// HDR(A,B), SK {IDi, [CERT] [CERTREQ], [IDr], [AUTH], [CP], [SAi2,
// TSi, TSr]}
// IKE_AUTH message sent by the responder is the following:
// HDR(A,B), SK {IDr, [CERT,] AUTH, [CP], [SAr2, TSi, TSr]}
// CERT and CERTREQ payloads are added into message on when needed.
// AUTH payload is missing from initiators message when EAP in use.
// IPSEC SA:s are not always negotiated within IKE_AUTH messages.
// In this sitution SAx2, TSi and TSr payloads shall be missing.
// CP payload is used the Virtual IP address (secure network DNS
// IP:s) for client Virtual IP interface.
// Initiators CP payload shall contain CFG_REQUEST and and
// responders CP payload CFG_REPLY.
// When CP payload is used IKE_AUTH message MUST always contain
// IPSEC SA negotiation payloads within.
// In case INITIAL_CONTACT is used, the first IKE_AUTH request on given
// IKE SA contains INITIAL_CONTACT Notification Payload that is added in
// the end of the IKE_AUTH message.
//
if ( !iLocalIdentity )
{
//
// Own identity does not exists yet. Do not build IKE_AUTH
// message now
//
iState = KStateIkeWaitingId;
return;
}
TUint32 MsgId = (iHdr.iInitiator) ? iHdr.NextRequestId() : iHdr.ExpectedRequestId();
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
IKE_AUTH,
iHdr.iInitiator,
!iHdr.iInitiator, //Initiator sends only requests
MsgId,
iDebug);
CleanupStack::PushL(ikeMsg);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
__ASSERT_DEBUG(iLocalIdentity != NULL, User::Invariant());
if (iHdr.iInitiator)
{
ikeMsg->AppendIdiPayloadL(*iLocalIdentity);
}
else
{
ikeMsg->AppendIdrPayloadL(*iLocalIdentity);
}
if ( iPkiService &&
iPkiService->UserCertificateData().Length() > 0)
{
ikeMsg->AppendCertPayloadL(iPkiService->UserCertificateData());
}
if ( iPkiService &&
iPkiService->I2CertificateData().Length() > 0)
{
ikeMsg->AppendCertPayloadL(iPkiService->I2CertificateData());
}
if ( iPkiService &&
iPkiService->I1CertificateData().Length() > 0)
{
ikeMsg->AppendCertPayloadL(iPkiService->I1CertificateData());
}
if ( iHdr.iInitiator && iHdr.iIkeData->iInitialContact )
{
ikeMsg->AppendNotifyPayloadL(IKEV2_PROT_NONE, KZeroDesc, INITIAL_CONTACT, KZeroDesc);
}
if ( iHdr.iInitiator && iPkiService != NULL && iPkiService->CaList().Count() > 0)
{
ikeMsg->AppendCertReqPayloadL(iPkiService->CaList());
}
if ( iHdr.iInitiator && iRemoteIdentity )
{
//
// Add IDr payload
//
ikeMsg->AppendIdrPayloadL(*iRemoteIdentity);
}
if ( !iEapPlugin )
{
HBufC8* authData = NULL;
if ( iHdr.iInitiator )
{
authData = SignAuthDataL(*iAuthMsgInit, (TUint8)iHdr.iAuthMethod);
}
else
{
authData = SignAuthDataL(*iAuthMsgResp, (TUint8)iHdr.iAuthMethod);
}
CleanupStack::PushL(authData);
ikeMsg->AppendAuthPayloadL(iHdr.iAuthMethod, *authData);
CleanupStack::PopAndDestroy(authData);
}
if ( iHdr.iIkeData->iUseMobIke )
{
//
// Add MOBIKE_SUPPORTED notify payload
//
ikeMsg->AppendNotifyPayloadL(IKEV2_PROT_NONE,
KZeroDesc,
MOBIKE_SUPPORTED,
KZeroDesc);
}
//
// Add Child SA and Traffic selector payloads into IKE_AUTH message
// if required
//
if ( iChildSaRequest )
{
iChild.iSPI_In = iChildSaRequest->SPI_In();
iChildSaRequest->AddIpsecSpiToSa(iChild.iSPI_In);
if ( iChildSaRequest->ForVirtualIp() )
{
//
// As Virtual Ip from peer SGW using Config Payload
// Build CP request data by constructing CIkev2Config Object
//
if ( !iConfigMode )
iConfigMode = CIkev2Config::NewL(iChildSaRequest);
ikeMsg->AppendConfigurationPayloadL(iConfigMode->CpType(), iConfigMode->Cp());
}
ikeMsg->AppendSaPayloadL(*iChildSaRequest->SA());
ikeMsg->AppendTsiPayloadL(iChildSaRequest->TS_i());
ikeMsg->AppendTsrPayloadL(iChildSaRequest->TS_r());
}
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
if ( iHdr.iInitiator )
{
if ( iEapPlugin )
iState = KStateIkeSaEapStarted;
else iState = KStateIkeSaAuthRequest;
}
else
{
iState = KStateIkeSaCompleted;
IkeSaCompletedL();
}
}
void CIkev2Negotiation::SendKeepAliveMsgL()
{
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
INFORMATIONAL,
iHdr.iInitiator,
EFalse,
iHdr.NextRequestId(),
iDebug);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
SendIkeMsgL(ikeMsg);
iState = KStateIkeInfoRequest;
DEBUG_LOG(_L("CIkev2Negotiation::SendKeepAliveMsgL"));
}
void CIkev2Negotiation::BuildChildSAMessageL(
CIkev2Acquire* aAcquire, TBool aInitiator)
{
ASSERT(aAcquire);
//
// Build and send CREATE_CHILD_SA message
// CREATE_CHILD_SA request message sent is the following:
// HDR(A,B), SK {[N], SA, Ni, [KEi], [TSi, TSr]}
// CREATE_CHILD_SA response message is the following:
// HDR(A,B), SK {SA, Nr, [KEi], [TSi, TSr]}
//
iChild.iSPI_In = aAcquire->SPI_In();
iChildSaRequest = aAcquire;
//TPayloadIkev2* PreviousPayload;
//TPayloadIkev2* EncrPayload;
GetNonceDataL(aInitiator);
aAcquire->AddIpsecSpiToSa(aAcquire->SPI_In());
TUint32 MsgId = (aInitiator) ? iHdr.NextRequestId() : iHdr.ExpectedRequestId();
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
CREATE_CHILD_SA,
iHdr.iInitiator,
!aInitiator,
MsgId,
iDebug);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
if (aInitiator && aAcquire->SPI_ToBeRekeyed().Length() > 0)
{
ikeMsg->AppendNotifyPayloadL(aAcquire->IpsecProtocol(),
aAcquire->SPI_ToBeRekeyed(),
REKEY_SA, KZeroDesc);
}
ikeMsg->AppendSaPayloadL(*aAcquire->SA());
if ( aInitiator )
{
ikeMsg->AppendNoncePayloadL(*iNonce_I);
}
else
{
ikeMsg->AppendNoncePayloadL(*iNonce_R);
}
delete iDHKeys; // Delete old DH object
iDHKeys = NULL;
if ( aAcquire->DHGroup() )
{
AppendKEPayloadL(*ikeMsg, aAcquire->DHGroup());
}
ikeMsg->AppendTsiPayloadL(aAcquire->TS_i());
ikeMsg->AppendTsrPayloadL(aAcquire->TS_r());
SendIkeMsgL(ikeMsg);
if ( aInitiator )
{
iState = KStateIkeChildSARequest;
}
else
{
if (iDHKeys && iDHPublicPeer)
{
HBufC8* g_ir = iDHKeys->ComputeAgreedKeyL(iDHPublicPeer->Des());
CleanupStack::PushL(g_ir);
iChild.GenerateIpsecKeysL(iHdr.iSK_d, *g_ir,
*iNonce_I, *iNonce_R, iHdr.iPRFAlg);
g_ir->Des().FillZ(); // Wipe out shared secret value from buffer
CleanupStack::PopAndDestroy(); //g_ir
}
else
{
iChild.GenerateIpsecKeysL(iHdr.iSK_d, KZeroDesc,
*iNonce_I, *iNonce_R, iHdr.iPRFAlg);
}
IpsecSANegotiatedL();
iState = KStateIkeChildSAResponse;
}
}
void CIkev2Negotiation::BuildDeleteRequestL(CIkev2Expire* aExpire)
{
//
// Build and send INFORMATIONAL exchange message with delete payload
// HDR(A,B), SK {D}
// If CIkev2Expire object defined, build a Delete payload with Ipsec
// SPI and protocl stored into CIkev2Expire object. If no CIkev2Expire build
// Delete payload for IKE SA.
//
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
INFORMATIONAL,
iHdr.iInitiator,
EFalse,
iHdr.NextRequestId(),
iDebug);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
CDesC8Array* spiArray = new (ELeave) CDesC8ArrayFlat(2);
CleanupStack::PushL(spiArray);
if ( aExpire )
{
spiArray->AppendL(aExpire->SPI());
ikeMsg->AppendDeletePayloadL(aExpire->Protocol(), *spiArray);
}
else
{
ikeMsg->AppendDeletePayloadL(IKEV2_PROTOCOL, *spiArray);
}
CleanupStack::PopAndDestroy(spiArray);
SendIkeMsgL(ikeMsg);
DEBUG_LOG(_L("CIkev2Negotiation::BuildDeleteRequestL() Delete send OK"));
if ( aExpire )
{
iState = KStateChildDeleteRequest;
}
else
{
iState = KStateIkeDeleteRequest;
}
}
void CIkev2Negotiation::BuildIkeSaRekeyMsgL(TBool aRequest)
{
//
// Build and send CHILD_SA exchange message which contains IKE SA
// rekey message (either request or response)
// HDR, SA, Nonce, KE
//
HBufC8* SaBfr;
HBufC8* Nonce;
TUint32 MsgId;
if ( aRequest )
{
// Get a new SA Id for rekeyed IKE SA
iSAid_Rekey = iIkeV2PlugInSession.GetSAId();
CreateIkeSPI(iSPI_Rekey, ETrue);
SaBfr = Ikev2Proposal::FromPolicyToProposaL(iHdr, iSPI_Rekey, iDHGroupGuess, ETrue);
SetProposedSa(SaBfr); // Save SA payload buffer
GetNonceDataL(ETrue);
Nonce = iNonce_I;
MsgId = iHdr.NextRequestId();
}
else
{
SaBfr = PeekProposedSa();
Ikev2Proposal::ChangeSpiInProposal(SaBfr, iSPI_Rekey);
GetNonceDataL(EFalse);
Nonce = iNonce_R;
MsgId = iHdr.ExpectedRequestId();
}
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
CREATE_CHILD_SA,
iHdr.iInitiator,
!aRequest,
MsgId,
iDebug);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
ikeMsg->AppendSaPayloadL(*SaBfr);
ikeMsg->AppendNoncePayloadL(*Nonce);
AppendKEPayloadL(*ikeMsg, iHdr.iDHGroup);
SendIkeMsgL(ikeMsg);
if ( aRequest )
{
iState = KStateIkeSARekeyRequest;
}
}
void CIkev2Negotiation::CheckNotifyCodeL(CIkev2Payloads* aIkeMsg)
{
ASSERT(aIkeMsg);
//
// Some error has occurred during incoming IKE message handling
// Build an error response with specified Notify message type
//
TInt MsgType( GetNotifyCode() );
if ( MsgType )
{
//
// Build and error response/request with Notify payload
// If received message with error condition is a request
// Notify payload is transmitted in the response IKE message
// of ongoing exchange (with erronous request message id)
// If received message with error conditions is a response
// an informational exchange is initiated with Notify payload
//
CIkeV2Message* XmitHdr = NULL;
TBool Response(aIkeMsg->GetIkeMsg()->GetFlags() & IKEV2_RESPONSE_MSG);
if ( Response )
{
iState = KStateIkeInfoRequest;
TUint32 MsgId = aIkeMsg->GetIkeMsg()->GetMessageId();
XmitHdr = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
INFORMATIONAL,
iHdr.iInitiator,
EFalse,
MsgId,
iDebug);
}
else
{
XmitHdr = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
aIkeMsg->GetIkeMsg()->GetExchange(),
iHdr.iInitiator,
ETrue,
iHdr.ExpectedRequestId(),
iDebug);
}
if (aIkeMsg->Encrypted())
{
XmitHdr->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
}
TInt notifyDataLength = 0;
TUint8* notifyData = NotifyData(notifyDataLength);
if (notifyDataLength == 0)
{
XmitHdr->AppendNotifyPayloadL(IKEV2_PROT_NONE, KZeroDesc, MsgType, KZeroDesc);
}
else
{
TPtrC8 notifyDataPtrC(notifyData, notifyDataLength);
XmitHdr->AppendNotifyPayloadL(IKEV2_PROT_NONE, KZeroDesc, MsgType, notifyDataPtrC);
iNotifyDataLth = 0; //Reset notifydata
}
SendIkeMsgL(XmitHdr);
iEventLogger.LogEvent(MKmdEventLoggerIf::KLogError, R_VPN_MSG_SENT_ERROR_RESPONSE,
MsgType, iHdr.iVpnIapId, &iHdr.iRemoteAddr);
}
}
void CIkev2Negotiation::GetNatStatus(TBool aSupported, const TInetAddr& aRemote)
{
//
// Examine NAT discovery status (from iHdr.iNATFlags) and set
// floated port usage indicator, if required.
//
if ( aSupported )
{
if ( iHdr.iNATFlags & (REMOTE_END_NAT + LOCAL_END_NAT) )
{
if ( iHdr.iNATFlags & REMOTE_END_NAT )
{
//
// Remote end is behind NAT. Save current source IP to be
// used as further destination address.
// When remote and is behind NAT it is supposed that it
// must be pure mapping between public- and private IP
// addresses (remote NAPT is NOT supported)
//
DEBUG_LOG(_L("Remote end is behind NAT"));
iHdr.iDestinAddr = aRemote; // Remote end behind NAT, use current source IP as destin
}
if ( iHdr.iNATFlags & LOCAL_END_NAT )
{
DEBUG_LOG(_L("NAT discovery result: Local end is behind NAT"));
}
iHdr.iFloatedPort = ETrue;
iHdr.iDestinAddr.SetPort(FLOATED_IKE_PORT);
}
else
{
if ( iHdr.iMobikeUsed )
{
iHdr.iFloatedPort = ETrue;
iHdr.iDestinAddr.SetPort(FLOATED_IKE_PORT);
}
DEBUG_LOG(_L("NAT discovery result: There is no NAT between negotiating ends"));
}
}
else
{
DEBUG_LOG(_L("NAT discovery operation failed"));
}
}
void CIkev2Negotiation::CreateIkeSPI(TIkeSPI& aSPI, TBool aRekey)
{
//
// Create IKE SPI for local end.
// The SPI value is created from the following "parameters" in
// IKEv2 negotiation object:
// - The first 4 octets of SPI value are the SAId (32 bit value)
// - The last 4 octets of SPI contains "pseudo random" value:
// X = (SAId + negotiation object pointer) >> (SAId & 3)
//
TUint32 SpiValue1;
TUint32 SpiValue2;
if ( aRekey )
SpiValue1 = iSAid_Rekey;
else SpiValue1 = iHdr.SaId();
Mem::Copy((TUint8*)&SpiValue2, (TUint8*)this, 4);
SpiValue2 = (SpiValue2 + SpiValue1) >> (SpiValue1 & 3);
PUT32(aSPI.Ptr(), SpiValue1);
PUT32((aSPI.Ptr() + 4), SpiValue2);
aSPI.SetLength(IKEV2_SPI_SIZE);
}
void CIkev2Negotiation::LoadEapPluginL()
{
//
// If EAP configured in policy, construct EAP interface object to
// communicate EAP ECOM plug-in
// If consruction causes an error, stop negotiation request
//
iHdr.iEAPType = iHdr.iIkeData->iEAPProtocol;
if ( !iEapPlugin && iHdr.iEAPType )
{
iEapPlugin = CIkev2EapIf::NewL(*this, (TUint8)iHdr.iEAPType, iHdr.iIkeData, iDebug);
TInt Status = iEapPlugin->Status();
if ( Status != KErrNone )
{
iStopped = ETrue;
}
else iEapPlugin->QueryIdentity();
}
}
TBool CIkev2Negotiation::InitPkiServiceL()
{
DEBUG_LOG(_L("-> CIkev2Negotiation::InitPkiServiceL"));
//
// If EAP configured in policy, construct EAP interface object to
// communicate EAP ECOM plug-in
// If consruction causes an error, return corresponding error code
// to stop negotiation request
//
TBool Status = EFalse;
if ( !iPkiService && Ikev2Proposal::PkiServiceNeeded(iHdr.iIkeData) )
{
iPkiService = CIkeV2PkiService::NewL(*this, iDebug);
if (iHdr.iIkeData->iCAList->Count() == 0)
{
User::Leave(KVpnErrInvalidCaCertFile);
}
iPkiService->InitIkeV2PkiService(iHdr.iIkeData);
iState = KStateIkeInitPkiService;
Status = ETrue;
}
DEBUG_LOG(_L("<- CIkev2Negotiation::InitPkiServiceL"));
return Status;
}
void CIkev2Negotiation::SendIkeMsgL(CIkeV2Message* aMsg)
{
ASSERT(aMsg);
TPtrC8 encryptionKey;
TPtrC8 integrityKey;
if ( iHdr.iInitiator )
{
encryptionKey.Set(iHdr.iSK_ei);
integrityKey.Set(iHdr.iSK_ai);
}
else
{
encryptionKey.Set(iHdr.iSK_er);
integrityKey.Set(iHdr.iSK_ar);
}
TInetAddr sourceAddr(iHdr.iLocalAddr);
if (iHdr.iFloatedPort)
{
sourceAddr.SetPort(FLOATED_IKE_PORT);
}
else
{
sourceAddr.SetPort(IKE_PORT);
}
aMsg->PrepareIkeMessageDatagramL(iHdr.iEncrAlg, encryptionKey,
iHdr.iIntegAlg, integrityKey,
sourceAddr, iHdr.iDestinAddr);
iMessageSendQue.SendIkeMessageL(aMsg->IkeMessageDatagram(), iHdr.iFloatedPort);
if (aMsg->Flags() & IKEV2_RESPONSE_MSG )
{
iHdr.SaveRespMsg(aMsg);
iHdr.iRespRetryCount = 0;
}
else
{
iSendAttempt = 1;
iTimer->Cancel();
iTimer->IssueRequest(iSendAttempt); // Start retry timer
iHdr.SaveRequestMsg(aMsg);
}
}
void CIkev2Negotiation::RetransmitRequest()
{
TRAPD(err, DoRetransmitL(EFalse));
if ( err != KErrNone )
{
iIkeV2PlugInSession.IkeSaDeleted( err );
}
}
void CIkev2Negotiation::DoRetransmitL(TBool aResponse)
{
if ( aResponse )
{
//
// Peer has retransmitted a request, retransmit last response
// message saved.
//
if ( iHdr.iLastResponse && (iHdr.iRespRetryCount <= KMaxSendAttemps) )
{
iHdr.iRespRetryCount ++;
//iHdr.iLastResponse = NULL;
DEBUG_LOG3(_L("IKE response message rexmitted on SAId: %d , Retry: %d , State: %d"), iHdr.SaId(), iHdr.iRespRetryCount, iState );
iMessageSendQue.SendIkeMessageL(iHdr.iLastResponse->IkeMessageDatagram(),
iHdr.iFloatedPort);
}
else iStopped = ETrue;
}
else
{
//
// No response received to a transmitted IKE request message
// Retransmit message if retry count not exhausted
//
DEBUG_LOG(_L("No response received for transmitted IKE request."));
iSendAttempt++;
iMessageSendQue.CancelSend(iHdr.iLastRequest->IkeMessageDatagram());
if ( iSendAttempt <= KMaxSendAttemps )
{
DEBUG_LOG3(_L("IKE Message rexmitted on SAId: %d , State: %d , Retry: %d"),iHdr.SaId(), iState, iSendAttempt );
iMessageSendQue.SendIkeMessageL(iHdr.iLastRequest->IkeMessageDatagram(),
iHdr.iFloatedPort);
iTimer->IssueRequest(iSendAttempt); // Restart retry timer
}
else
{
DEBUG_LOG3(_L("Transmit retry count reached on SAId: %d , State: %d , retry: %d"),iHdr.SaId(), iState, iSendAttempt );
if ( iState < KStateIkeSaCompleted )
{
IkeSaFailed(KKmdIkeNegotFailed); // IKE SA negotiation going
}
else
{
iIkeV2PlugInSession.DeleteIkev2SA(iHdr.SaId());
iIkeV2PlugInSession.IkeSaDeleted(KKmdIkeNoResponseErr); //IKE SA deletion going
delete this;
}
}
}
}
void CIkev2Negotiation::IkeV2PkiInitCompleteL(TInt aStatus)
{
DEBUG_LOG(_L("-> CIkev2Negotiation::IkeV2PkiInitCompleteL"));
//
// The implementation for class MPkiServiceComplete virtual function
// This method is called when a PKI service operation is
// completed.
//
__ASSERT_ALWAYS( iPkiService != NULL, User::Invariant());
__ASSERT_ALWAYS(iState == KStateIkeInitPkiService, User::Invariant());
switch(aStatus)
{
case KErrNone:
//
// PKI service object has been constructed
// Start IKE_SA_INIT exchange
//
iState = KStateIdle;
if ( iChildSaRequest )
{
CIkev2Acquire* Acquire = iChildSaRequest;
iChildSaRequest = NULL;
CIkev2Acquire::Link(Acquire, GetAcquireQue());
GetIpsecSPI(Acquire);
}
else if ( iSavedSaInit )
{
TPtr8 IkeMsg(iSavedSaInit->Des());
const ThdrISAKMP* IkeMessage = ThdrISAKMP::Ptr(IkeMsg);
ProcessIkeMessageL(*IkeMessage, iHdr.iRemoteAddr, IKE_PORT);
if ( Stopped() )
delete this;
}
break;
case KErrNotFound:
DEBUG_LOG(_L("IKEv2 CA certificate retrieve failed. Certificate not found"));
IkeSaFailed(KVpnErrInvalidCaCertFile);
break;
default:
{
DEBUG_LOG1(_L("IKEv2 CA certificate retrieve failed (%d)"), aStatus);
IkeSaFailed(aStatus);
}
break;
}
DEBUG_LOG(_L("<- CIkev2Negotiation::IkeV2PkiInitCompleteL"));
}
void CIkev2Negotiation::SendEapDataL(HBufC8* aEapData)
{
//
// Send an IKE containing an EAP payload (within Encrypted Payload)
// The entire EAP payload data is provided in aEapData buffer
//
CleanupStack::PushL(aEapData);
if ( iState == KStateIkeSaEapGoing )
{
__ASSERT_DEBUG(iHdr.iInitiator, User::Invariant());
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(), iHdr.SpiR(),
IKE_AUTH,
iHdr.iInitiator,
EFalse,
iHdr.NextRequestId(),
iDebug);
CleanupStack::PushL(ikeMsg);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
ikeMsg->AppendEapPayloadL(*aEapData);
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
}
CleanupStack::PopAndDestroy(aEapData);
}
void CIkev2Negotiation::EapEventL(TInt aEvent)
{
// See whether the object is accepting any events
// (it is, by default, but will not take events during destruction phase)
if (!iProcessEvents)
{
return;
}
//
// An event idicated by the EAP plugin process event according to
// event type
//
switch ( aEvent )
{
case KEapEventSuccess:
if ( (iState == KStateIkeSaEapGoing) || (iState == KStateIkeSaEapStarted) )
{
//
// EAP auhtentication succeeded.
// Build IKE message HDR, SK {AUTH}
//
__ASSERT_DEBUG( iHdr.iInitiator, User::Invariant());
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(), iHdr.SpiR(),
IKE_AUTH,
iHdr.iInitiator,
EFalse,
iHdr.NextRequestId(),
iDebug);
CleanupStack::PushL(ikeMsg);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
HBufC8* authData = SignAuthDataL(*iAuthMsgInit, (TUint8)iHdr.iAuthMethod);
CleanupStack::PushL(authData);
ikeMsg->AppendAuthPayloadL(iHdr.iAuthMethod, *authData);
CleanupStack::PopAndDestroy(authData);
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
iState = KStateIkeSaAuthRequest;
iEapCompleted = ETrue;
}
break;
case KEapEventGetIdentity:
GetOwnIdentityL(ETrue); // Gets the Identity from EAP plugin
if ( iState == KStateIkeWaitingId )
{
//
// Identity data provided by the EAP plug-in
// Complete local signed data and send the first
// IKE_AUTH message
//
AddIdToSignedDataL(ETrue, iAuthMsgInit, iLocalIdentity->PayloadData());
SendIkeAuthMessageL();
}
break;
case KEapEventGetPSK:
if ( iState == KStateIkeSaEapGoing )
{
//
// Preshared key provided by the EAP plug-in
// Get key data and link it into negotiation object
//
iPresharedKey = iEapPlugin->MSK();
}
break;
default: // = KEapEventFailed
//
// EAP authentication is failed. Stop negotiation
//
IkeSaFailed(KKmdIkeAuthFailedErr); // IKE SA negotiation going
break;
}
}
TBool CIkev2Negotiation::ProcessIkeSaInitL(CIkev2Payloads* aIkeMsg, const TInetAddr& aRemote)
{
ASSERT(aIkeMsg);
//
// Process IKE message of exchange type IKE_SA_INIT
//
ThdrISAKMP* IkeHdr = aIkeMsg->GetIkeMsg(); // IKE Message fixed header
TBool Response = IkeHdr->GetFlags() & IKEV2_RESPONSE_MSG;
TBool Initiator = IkeHdr->GetFlags() & IKEV2_INITIATOR;
TUint32 MsgId = IkeHdr->GetMessageId();
if ( iHdr.iInitiator )
{
if ( Initiator ) {
DEBUG_LOG1(_L("IKEv2 Message with Orig_Init-bit in wrong state: %d"), iState);
return ETrue;
}
if ( !Response )
{
DEBUG_LOG1(_L("IKEv2 Message is not response; state: %d"), iState);
return ETrue;
}
if ( MsgId != iHdr.ExpectedResponseId() )
{
DEBUG_LOG1(_L("Wrong message id in response; state: %d"), iState);
return ETrue;
}
if (iState == KStateIkeSaInitRequest)
{
//record responder SPI
aIkeMsg->GetIkeMsg()->GetSPI_R(iHdr.SpiR());
//
// Received message should be a response to a
// IKE_SA_INIT request transmitted.
//
if (IkeHdr->GetPayload() == IKEV2_PAYLOAD_NOTIF)
{
return ProcessNotifyPayloadsL(*aIkeMsg->iNotifs, EFalse, IKE_SA_INIT);
}
//
// Response message should be format:
// HDR(A,B), SAr1, KEr, Nr, [CERTREQ]
//
if ( !CheckPayloadsOrder(aIkeMsg, IKE_SA_INIT, ETrue) )
{
DEBUG_LOG1(_L("Erroneous IKE_SA_INIT response: %d"), iState);
return EFalse;
}
if ( !Ikev2Proposal::VerifySaResponseL(iHdr, iChild, *PeekProposedSa(), *aIkeMsg) )
{
DEBUG_LOG1(_L("Unaccepted SA content in IKE_SA_INIT response: %d"),iState);
return EFalse;
}
if ( aIkeMsg->iNonce->PlDataLen() < IKEV2_MIN_NONCE_SIZE )
{
DEBUG_LOG1(_L("Nonce data too short %d"), iState);
return EFalse;
}
if ( iNatNotify )
{
TBool Supported;
TInetAddr LocalIp;
if ( iHdr.iIkeData->iUseMobIke )
LocalIp.SetAddress(KInetAddrNone);
else LocalIp = iHdr.iLocalAddr;
#ifdef _DEBUG
TBuf<80> debugBuf;
DEBUG_LOG(_L("Calculating NAT detection:"));
LocalIp.Output(debugBuf);
DEBUG_LOG2(_L("LocalIp %S:%d"), &debugBuf, IKE_PORT);
iHdr.iRemoteAddr.Output(debugBuf);
DEBUG_LOG2(_L("RemoteIp %S:%d"), &debugBuf, IKE_PORT);
#endif
iHdr.iNATFlags = CIkev2NatT::CheckPeerNotifysL(*aIkeMsg->iNotifs, LocalIp, iHdr.iRemoteAddr, IKE_PORT,
iHdr.SpiI(), iHdr.SpiR(), Supported);
GetNatStatus(Supported, aRemote);
}
delete iNonce_R;
iNonce_R = NULL;
iNonce_R = HBufC8::NewL(aIkeMsg->iNonce->PlDataLen());
iNonce_R->Des().Copy(aIkeMsg->iNonce->PayloadData(), aIkeMsg->iNonce->PlDataLen());
if ( !ProcessKeyExchangeL((TKEPayloadIkev2*)aIkeMsg->iKe, iHdr.iDHGroup) )
{
return EFalse;
}
//
// IKE_SA_INIT request is completed enter IKE_AUTH
//
GenerateIkeKeysL();
TPtrC8 ikeHdrPtr((TUint8*)IkeHdr, IkeHdr->GetLength());
SaveSignedDataL(EFalse, ikeHdrPtr); // Save IKE_AUTH message 2
//We ignore possible cert req payloads and just work
//according our policy
if ( !iHdr.iEAPType &&
(iHdr.iAuthMethod == RSA_DIGITAL_SIGN || iHdr.iAuthMethod == DSS_DIGITAL_SIGN) )
{
SaveSignedDataL(ETrue, iHdr.iLastRequest->IkeMessageDatagram()); // Own identity not yet saved to signed data
GetOwnIdentityL(); // Get own Identity from Certificate (or policy)
AddIdToSignedDataL(ETrue, iAuthMsgInit, iLocalIdentity->PayloadData());
}
else
{
//
// Check if "implicit" Child SA exchange required
// by getting request CIkev2Acquire object from queue
//
GetOwnIdentityL();
SaveSignedDataL(ETrue, iHdr.iLastRequest->IkeMessageDatagram()); // Own identity saved to signed data
}
iChildSaRequest = CIkev2Acquire::GetNext(GetAcquireQue(), EFalse);
SendIkeAuthMessageL();
}
else
{
//
// Ignore received message silently
//
DEBUG_LOG1(_L("IKE_SA_INIT response received in state %d"), iState);
}
}
else {
if ( !Initiator )
{
DEBUG_LOG1(_L("IKEv2 Message without Orig_Init-bit in wrong, state: %d"), iState);
return ETrue;
}
if ( Response )
{
DEBUG_LOG1(_L("IKEv2 Message is not request, state: %d"), iState);
return ETrue;
}
switch ( iState )
{
case KStateIdle:
case KStateIkeSaInitResponse:
//Record Initiator SPI
aIkeMsg->GetIkeMsg()->GetSPI_I(iHdr.SpiI());
iHdr.SpiI().SetLength(IKEV2_SPI_SIZE);
//
// Received message should be an IKE_SA_INIT request
// Request message should be format:
// HDR(A,0), SAi1, KEi, Ni, [CERTREQ]
//
{
if ( !CheckPayloadsOrder(aIkeMsg, IKE_SA_INIT, EFalse) )
{
DEBUG_LOG1(_L("Erroneous IKE_SA_INIT request: %d"), iState);
return EFalse;
}
if ( MsgId != iHdr.ExpectedRequestId() ) {
if ( iHdr.iLastResponse != NULL &&
MsgId == iHdr.iLastResponse->MessageId() &&
iState == KStateIkeSaInitResponse )
{
//
// Retransmission of an earlier IKE_SA_INIT
// request. Retransmit current IKE_SA_INIT
// response (if retry count not exhausted)
//
DoRetransmitL(ETrue);
return ETrue;
}
else {
DEBUG_LOG1(_L("Wrong message id in request, state: %d"), iState);
return EFalse;
}
}
if ( iState == KStateIkeSaInitResponse )
return EFalse; // IKE_SA_INIT request retry with a new message ID
iIkeV2PlugInSession.StartResponding();
//
// Build a SA payload from current IKE policy and
// verify received IKE SA request with it
//
HBufC8* SaBfr = Ikev2Proposal::FromPolicyToProposaL(iHdr, iSPI_Rekey, iDHGroupGuess);
CleanupStack::PushL(SaBfr);
HBufC8* proposedSa = NULL;
TBool SaOk = Ikev2Proposal::VerifySaRequestAndGetProposedSaBufferL(iHdr, iChild,
*SaBfr, *aIkeMsg,
proposedSa);
CleanupStack::PopAndDestroy();
if ( !SaOk )
{
DEBUG_LOG1(_L("Unaccepted SA content in IKE_SA_INIT request: %d"),iState);
SetNotifyCode(NO_PROPOSAL_CHOSEN);
return EFalse;
}
SetProposedSa(proposedSa);
proposedSa = NULL;
if ( aIkeMsg->iNonce->PlDataLen() < IKEV2_MIN_NONCE_SIZE )
{
DEBUG_LOG1(_L("Nonce data too short %d"), iState);
return EFalse;
}
//Check peer NAT status
TBool useNatDetection = EFalse;
if ( !iHdr.iIkeData->iUseNatProbing )
{
TInetAddr LocalIp;
if ( iHdr.iIkeData->iUseMobIke )
LocalIp.SetAddress(KInetAddrNone);
else LocalIp = iHdr.iLocalAddr;
iHdr.iNATFlags = CIkev2NatT::CheckPeerNotifysL(*aIkeMsg->iNotifs, LocalIp,
iHdr.iRemoteAddr, IKE_PORT,
iHdr.SpiI(), iHdr.SpiR(), useNatDetection);
}
if ( !ProcessKeyExchangeL((TKEPayloadIkev2*)aIkeMsg->iKe, iHdr.iDHGroup) )
return EFalse;
//
// Create own SPI (responder)
//
CreateIkeSPI(iHdr.SpiR());
delete iNonce_I;
iNonce_I = NULL;
iNonce_I = HBufC8::NewL(aIkeMsg->iNonce->PlDataLen());
iNonce_I->Des().Copy(aIkeMsg->iNonce->PayloadData(), aIkeMsg->iNonce->PlDataLen());
GetNonceDataL(EFalse);
TPtrC8 ikeHdrPtr((TUint8*)IkeHdr, IkeHdr->GetLength());
SaveSignedDataL(EFalse, ikeHdrPtr); // Save IKE_AUTH message 2
//
// Build IKE_SA_INIT response message: HDR, SAr1, KEr, Nr, [CERTREQ]
//
__ASSERT_DEBUG(!iHdr.iInitiator, User::Invariant());
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(), iHdr.SpiR(),
IKE_SA_INIT,
iHdr.iInitiator,
ETrue,
iHdr.ExpectedRequestId(),
iDebug);
CleanupStack::PushL(ikeMsg);
HBufC8* saBfr = Ikev2Proposal::FromPolicyToProposaL(iHdr, iSPI_Rekey, iDHGroupGuess);
CleanupStack::PushL(saBfr);
ikeMsg->AppendSaPayloadL(*saBfr);
CleanupStack::Pop(saBfr);
SetProposedSa(saBfr);
AppendKEPayloadL(*ikeMsg, iHdr.iDHGroup);
ikeMsg->AppendNoncePayloadL(*iNonce_R);
if ( iPkiService )
{
ikeMsg->AppendCertReqPayloadL(iPkiService->CaList());
}
if ( useNatDetection )
{
delete iNatNotify;
iNatNotify = NULL;
TInetAddr LocalIp;
if ( iHdr.iIkeData->iUseMobIke )
LocalIp.SetAddress(KInetAddrNone);
else LocalIp = iHdr.iLocalAddr;
iNatNotify = CIkev2NatT::NewL(LocalIp, iHdr.iRemoteAddr, IKE_PORT, ikeMsg->InitiatorSpi(), ikeMsg->ResponderSpi());
ikeMsg->AppendNotifyPayloadL(IKEV2_PROTOCOL, KZeroDesc, NAT_DETECTION_SOURCE_IP,
iNatNotify->SourceNofify());
ikeMsg->AppendNotifyPayloadL(IKEV2_PROTOCOL, KZeroDesc, NAT_DETECTION_DESTINATION_IP,
iNatNotify->DestinNofify());
}
GetNatStatus(useNatDetection, aRemote);
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
GenerateIkeKeysL();
SaveSignedDataL(ETrue, ikeMsg->IkeMessageDatagram()); // Own identity is not yet saved to signed data
iState = KStateIkeSaInitResponse;
}
break;
default:
//
// Ignore received message silently
//
DEBUG_LOG1(_L("IKE_SA_INIT message received in state %d"), iState);
break;
}
}
return ETrue;
}
TBool CIkev2Negotiation::ProcessIkeAuthL(CIkev2Payloads* aIkeMsg)
{
ASSERT(aIkeMsg);
//
// Process IKE message of exchange type IKE_AUTH
//
ThdrISAKMP* IkeHdr = aIkeMsg->GetIkeMsg(); // IKE Message fixed header
TBool Response = IkeHdr->GetFlags() & IKEV2_RESPONSE_MSG;
TBool Initiator = IkeHdr->GetFlags() & IKEV2_INITIATOR;
TUint32 MsgId = IkeHdr->GetMessageId();
if ( iHdr.iInitiator )
{
if ( Initiator )
{
DEBUG_LOG1(_L("IKEv2 Message with Orig_Init-bit in wrong state: %d"), iState);
return ETrue;
}
if ( !Response )
{
DEBUG_LOG1(_L("IKEv2 Message is not response; state: %d"), iState);
return ETrue;
}
if ( MsgId != iHdr.ExpectedResponseId() )
{
DEBUG_LOG1(_L("Wrong message id in response; state: %d"), iState);
return ETrue;
}
switch ( iState )
{
case KStateIkeSaAuthRequest:
DEBUG_LOG(_L("Handling IKE_AUTH response"));
//
// Received message should be a response to a
// IKE_AUTH request transmitted.
// Response message should be format:
// HDR(A,B), SK {IDr, [CERT,] AUTH, [CP], SAr2, TSi, TSr}
//
if ( aIkeMsg->iEncr )
{
ProcessNotifyPayloadsL(*aIkeMsg->iNotifs, EFalse, IKE_AUTH);
if ( iDeleteIkeSA )
{
DEBUG_LOG1(_L("Error Notify in IKE_AUTH response: %d"), iState);
//Because we are just in IKE_AUTH no IKE_SAs exists --> we don't
//want to delete one. So we set iDeleteIkeSA back to false.
iDeleteIkeSA = EFalse;
return EFalse;
}
}
if ( !CheckPayloadsOrder(aIkeMsg, IKE_AUTH, ETrue) )
{
DEBUG_LOG1(_L("Erroneous IKE_AUTH response: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
if ( iChildSaRequest && !iChildSARejected && !aIkeMsg->iSa )
{
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
}
return EFalse;
}
DEBUG_LOG(_L("IKE_AUTH payload order check passed"));
TBool Status;
if ( iEapCompleted )
{
Status = AuthenticatePeerL(aIkeMsg->iAuth);
}
else
{
if ( iPkiService && !VerifyPeerCertificateL(aIkeMsg->iCerts, aIkeMsg->iIdR) )
{
SetNotifyCode(AUTHENTICATION_FAILED);
return EFalse;
}
Status = AddIdAndAuthenticatePeerL(aIkeMsg);
}
if ( !Status )
{
SetNotifyCode(AUTHENTICATION_FAILED);
return EFalse;
}
//
// If implicit Child SA negotiation requested,
// verify IPSEC SA- and Traffic selector payloads, too
//
if ( iChildSaRequest )
{
DEBUG_LOG(_L("Processing CHILD_SA creation"));
if ( !iChildSARejected )
{
if ( !Ikev2Proposal::VerifySaResponseL(iHdr, iChild, *iChildSaRequest->SA(), *aIkeMsg) )
{
DEBUG_LOG1(_L("Unaccepted SA payload content in IKE_AUTH response: %d"),iState);
SetNotifyCode(NO_PROPOSAL_CHOSEN);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
DEBUG_LOG(_L("SA response verified"));
if ( !IpsecSelectors::VerifyTrafficSelectorsL(iChildSaRequest, (TTSPayloadIkev2*)aIkeMsg->iTsI, (TTSPayloadIkev2*)aIkeMsg->iTsR ) )
{
DEBUG_LOG1(_L("Unaccepted Traffic Selectors in IKE_AUTH response: %d"),iState);
SetNotifyCode(TS_UNACCEPTABLE);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
DEBUG_LOG(_L("Traffic selectors verified"));
if ( aIkeMsg->iCp )
{
if ( iConfigMode )
{
iConfigMode->ProcessCpL(aIkeMsg->iCp);
}
else
{
DEBUG_LOG(_L("Unsolicited CP payload in IKE_AUTH response"));
}
}
iChildSaRequest->SetSPI_Out(iChild.iSPI_Out);
DEBUG_LOG(_L("Generating IPsec keys"));
iChild.GenerateIpsecKeysL(iHdr.iSK_d, KZeroDesc,
*iNonce_I, *iNonce_R, iHdr.iPRFAlg);
DEBUG_LOG(_L("IPsec keys generated"));
}
else
{
DEBUG_LOG1(_L("Implicit CHILD_SA rejected Notify in IKE_AUTH response: %d"), iState);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
}
}
//
// IKE_AUTH request is completed and IKE SA has been
// negotiated
//
IkeSaCompletedL();
break;
case KStateIkeSaEapStarted:
//
// Received message should be an IKE_AUTH response
// containing an EAP payload.
// The content of received IKE message shall be:
// HDR, SK {IDr, [CERT,] AUTH, EAP }
//
if ( !aIkeMsg->iEncr || !aIkeMsg->iIdR || !aIkeMsg->iAuth || !aIkeMsg->iEap )
{
DEBUG_LOG1(_L("Erroneous IKE_AUTH response: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
return EFalse;
}
if ( iPkiService && !VerifyPeerCertificateL(aIkeMsg->iCerts, aIkeMsg->iIdR) )
{
SetNotifyCode(AUTHENTICATION_FAILED);
return EFalse;
}
if ( !AddIdAndAuthenticatePeerL(aIkeMsg) )
{
SetNotifyCode(AUTHENTICATION_FAILED);
return EFalse;
}
iState = KStateIkeSaEapGoing;
iEapPlugin->EapDataInbound(aIkeMsg->iEap);
break;
case KStateIkeSaEapGoing:
//
// Received message should be an IKE_AUTH response
// containing an EAP payload.
// The content of received IKE message shall be:
// HDR, SK {EAP}
//
if ( !aIkeMsg->iEncr || !aIkeMsg->iEap )
{
DEBUG_LOG1(_L("Erroneous IKE_AUTH response: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
return EFalse;
}
iEapPlugin->EapDataInbound(aIkeMsg->iEap);
break;
default:
//
// Ignore received message silently
//
DEBUG_LOG1(_L("IKE_AUTH response received in state %d"), iState);
break;
}
}
else
{
if ( !Initiator )
{
DEBUG_LOG1(_L("IKEv2 Message without Orig_Init-bit in wrong, state: %d"), iState);
return ETrue;
}
if ( Response )
{
DEBUG_LOG1(_L("IKEv2 Message is not request, state: %d"), iState);
return ETrue;
}
switch ( iState )
{
case KStateIkeSaInitResponse:
case KStateIkeSaCompleted:
//
// Received message should be an IKE_AUTH request
// Request message should be format:
// HDR(A,B), SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr}
//
if ( !CheckPayloadsOrder(aIkeMsg, IKE_AUTH, EFalse) )
{
DEBUG_LOG1(_L("Erroneous IKE_AUTH request: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
return EFalse;
}
if ( MsgId != iHdr.ExpectedRequestId() ) {
if ( iHdr.iLastResponse != NULL &&
MsgId == iHdr.iLastResponse->MessageId() &&
iState == KStateIkeSaCompleted )
{
//
// Retransmission of an earlier IKE_SA_INIT
// request. Retransmit current IKE_SA_INIT
// response (if retry count not exhausted)
//
DoRetransmitL(ETrue);
return ETrue;
}
else {
DEBUG_LOG1(_L("Wrong message id in request, state: %d"), iState);
SetNotifyCode(INVALID_MESSAGE_ID);
StoreNotifyData32(MsgId);
return EFalse;
}
}
if ( iState == KStateIkeSaCompleted )
return EFalse; // IKE_AUTH request retry with a new message ID
//if ( aIkeMsg->iEncr )
//{
ProcessNotifyPayloadsL(*aIkeMsg->iNotifs, EFalse, IKE_AUTH);
if ( iDeleteIkeSA )
{
DEBUG_LOG1(_L("Error Notify in IKE_AUTH response: %d"), iState);
return EFalse;
}
//}
if ( iPkiService && !VerifyPeerCertificateL(aIkeMsg->iCerts, aIkeMsg->iIdI) )
{
DEBUG_LOG(_L("Peer certificate validation failed."));
SetNotifyCode(AUTHENTICATION_FAILED);
return EFalse;
}
if ( !AddIdAndAuthenticatePeerL(aIkeMsg) )
{
SetNotifyCode(AUTHENTICATION_FAILED);
return EFalse;
}
//
// Process "concatenated" Child SA- and Traffic
// Selector payloads if present
//
if ( aIkeMsg->iSa )
{
DEBUG_LOG(_L("IKE_AUTH request has SA and TS payload."));
CIkev2Acquire* Acquire = IpsecSelectors::GetIpsecPolicyL(iIkeV2PlugInSession, aIkeMsg);
if ( !Acquire )
{
DEBUG_LOG1(_L("Unaccepted Traffic Selectors in IKE_AUTH request: %d"),iState);
SetNotifyCode(TS_UNACCEPTABLE);
return EFalse;
}
CleanupStack::PushL(Acquire);
HBufC8* proposedSaBuffer = NULL;
if (!Ikev2Proposal::VerifySaRequestAndGetProposedSaBufferL(iHdr, iChild,
*Acquire->SA(), *aIkeMsg,
proposedSaBuffer))
{
CleanupStack::PopAndDestroy(Acquire);
DEBUG_LOG1(_L("Unaccepted SA content in IKE_AUTH request: %d"),iState);
SetNotifyCode(NO_PROPOSAL_CHOSEN);
return EFalse;
}
SetProposedSa(proposedSaBuffer);
proposedSaBuffer = NULL;
//
// Replace SA payload buffer in CIkev2Acquire with
// selected SA payload built in VerifySaRequestL
//
CleanupStack::Pop(Acquire);
Acquire->ReplaceSA(GetProposedSa());
Acquire->SetSPI_Out(iChild.iSPI_Out);
Acquire->SetResponse();
if ( iChild.iTransport )
{
Acquire->SetTransport();
}
CIkev2Acquire::Link(Acquire, GetAcquireQue());
DEBUG_LOG(_L("Acquire linked."));
if ( aIkeMsg->iCp )
{
//
// CP payload received as IKE SA responder
// Handle CP payload and return "dummy"
// virtual IP to initiator.
//
delete iConfigMode;
iConfigMode = NULL;
iConfigMode = CIkev2Config::NewL(Acquire, (TInetAddr*)&iHdr.iRemoteAddr);
iConfigMode->ProcessCpL(aIkeMsg->iCp);
Acquire->SetVirtualIp();
}
//
// Get SPI for new inbound SA
//
iChild.GenerateIpsecKeysL(iHdr.iSK_d, KZeroDesc,
*iNonce_I, *iNonce_R, iHdr.iPRFAlg);
if ( iPkiService && !iEapPlugin &&
aIkeMsg->iCertReqs &&
aIkeMsg->iCertReqs->Count() )
{
GetOwnIdentityL(); // Get own Identity from Certificate (or policy)
AddIdToSignedDataL(ETrue, iAuthMsgResp, iLocalIdentity->PayloadData());
CIkev2Acquire* Acquire = CIkev2Acquire::PeekFirst(GetAcquireQue());
if ( Acquire )
{
GetIpsecSPI(Acquire);
iState = KStateIkeSaAuthWaitSpi;
}
else
{
DEBUG_LOG(_L("CIkev2Acquire::PeekFirst returned NULL."));
DEBUG_LOG(_L("Sending IKE_AUTH response."));
SendIkeAuthMessageL();
}
}
else
{
GetOwnIdentityL();
AddIdToSignedDataL(ETrue, iAuthMsgResp, iLocalIdentity->PayloadData());
GetIpsecSPI(Acquire);
iState = KStateIkeSaAuthWaitSpi;
}
}
else
{
if ( iPkiService && !iEapPlugin &&
aIkeMsg->iCertReqs &&
aIkeMsg->iCertReqs->Count() )
{
GetOwnIdentityL(); // Get own Identity from Certificate (or policy)
AddIdToSignedDataL(ETrue, iAuthMsgResp, iLocalIdentity->PayloadData());
CIkev2Acquire* Acquire = CIkev2Acquire::PeekFirst(GetAcquireQue());
if ( Acquire )
{
GetIpsecSPI(Acquire);
iState = KStateIkeSaAuthWaitSpi;
}
else
{
SendIkeAuthMessageL();
}
}
else
{
//
// Build and send an IKE_AUTH response
//
GetOwnIdentityL();
AddIdToSignedDataL(ETrue, iAuthMsgResp, iLocalIdentity->PayloadData());
SendIkeAuthMessageL();
}
}
break;
default:
//
// Ignore received message silently
//
DEBUG_LOG1(_L("IKE_SA_INIT message received in state %d"), iState);
break;
}
}
return ETrue;
}
TBool CIkev2Negotiation::ProcessChildSaL(CIkev2Payloads* aIkeMsg)
{
ASSERT(aIkeMsg);
//
// Process IKE message of exchange type CREATE_CHILD_SA
//
TUint16 PfsDHGroup;
ThdrISAKMP* IkeHdr = aIkeMsg->GetIkeMsg(); // IKE Message fixed header
TBool Response = IkeHdr->GetFlags() & IKEV2_RESPONSE_MSG;
TBool Initiator = IkeHdr->GetFlags() & IKEV2_INITIATOR;
TUint32 MsgId = IkeHdr->GetMessageId();
if ( iHdr.iInitiator )
{
if ( Initiator )
{
DEBUG_LOG1(_L("IKEv2 Message with Orig_Init-bit in wrong state: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
return EFalse;
}
}
else
{
if ( !Initiator )
{
DEBUG_LOG1(_L("IKEv2 Message without Orig_Init-bit in wrong state: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
return EFalse;
}
}
if ( Response )
{
//
// CREATE_CHILD_SA response message received
//
switch ( iState )
{
case KStateIkeChildSARequest:
//
// Received message should be a response to a
// CREATE_CHILD_SA request transmitted.
// Response message should be format:
// HDR(A,B), SK { SA, Nr, [KEr], [TSi, TSr]}
//
if ( MsgId != iHdr.ExpectedResponseId() )
{
DEBUG_LOG1(_L("Wrong message id in response; state: %d"), iState);
SetNotifyCode(INVALID_MESSAGE_ID);
StoreNotifyData32(MsgId);
return EFalse;
}
if ( aIkeMsg->iEncr )
{
ProcessNotifyPayloadsL(*aIkeMsg->iNotifs, EFalse, CREATE_CHILD_SA);
if ( iDeleteIkeSA )
{
DEBUG_LOG1(_L("Error Notify in CREATE_CHILD_SA response: %d"), iState);
return EFalse;
}
if ( iChildSARejected )
{
DEBUG_LOG1(_L("CHILD_SA rejected Notify in CREATE_CHILD_SA response: %d"), iState);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
iStopped = ETrue;
return EFalse;
}
}
if ( !CheckPayloadsOrder(aIkeMsg, CREATE_CHILD_SA, ETrue) )
{
DEBUG_LOG1(_L("Erroneous CREATE_CHILD_SA response: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
if ( aIkeMsg->iNonce->PlDataLen() < IKEV2_MIN_NONCE_SIZE )
{
DEBUG_LOG1(_L("Nonce data too short %d"), iState);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
iStopped = ETrue;
return EFalse;
}
if ( !Ikev2Proposal::VerifySaResponseL(iHdr, iChild, *iChildSaRequest->SA(), *aIkeMsg) )
{
DEBUG_LOG1(_L("Unaccepted SA content in CREATE_CHILD_SA response: %d"),iState);
SetNotifyCode(NO_PROPOSAL_CHOSEN);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
if ( !IpsecSelectors::VerifyTrafficSelectorsL(iChildSaRequest, (TTSPayloadIkev2*)aIkeMsg->iTsI, (TTSPayloadIkev2*)aIkeMsg->iTsR ) )
{
DEBUG_LOG1(_L("Unaccepted Traffic Selectors in CREATE_CHILD_SA response: %d"),iState);
SetNotifyCode(TS_UNACCEPTABLE);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
delete iNonce_R;
iNonce_R = NULL;
iNonce_R = HBufC8::NewL(aIkeMsg->iNonce->PlDataLen());
iNonce_R->Des().Copy(aIkeMsg->iNonce->PayloadData(), aIkeMsg->iNonce->PlDataLen());
PfsDHGroup = iChildSaRequest->DHGroup();
if ( PfsDHGroup )
{
if ( !ProcessKeyExchangeL((TKEPayloadIkev2*)aIkeMsg->iKe, PfsDHGroup) )
{
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
HBufC8* g_ir = iDHKeys->ComputeAgreedKeyL(iDHPublicPeer->Des());
CleanupStack::PushL(g_ir);
iChild.GenerateIpsecKeysL(iHdr.iSK_d, *g_ir,
*iNonce_I, *iNonce_R, iHdr.iPRFAlg);
g_ir->Des().FillZ(); // Wipe out shared secret value from buffer
CleanupStack::PopAndDestroy(); //g_ir
}
else if ( aIkeMsg->iKe )
{
DEBUG_LOG1(_L("Unsolicted Key Exchange payload present in CREATE_CHILD_SA response: %d"),iState);
SetNotifyCode(INVALID_KE_PAYLOAD);
iChildSaRequest = Ikev2Pfkey::DeleteInboundSPI(iHdr, iIkeV2PlugInSession, iChildSaRequest);
return EFalse;
}
else
{
iChild.GenerateIpsecKeysL(iHdr.iSK_d, KZeroDesc,
*iNonce_I, *iNonce_R, iHdr.iPRFAlg);
}
//
// CREATE_CHILD_SA request is completed Update
//
IpsecSANegotiatedL();
break;
case KStateIkeSARekeyRequest:
//
// Received message should be a response to a
// IKE SA rekey CHILD_SA request transmitted.
// Response message should be format:
// HDR(A,B), SK { SA, Nr, KEr }
//
if ( CheckPayloadsOrder(aIkeMsg, CREATE_CHILD_SA, ETrue) && aIkeMsg->iKe )
{
DEBUG_LOG1(_L("IKE SA rekey message received as CHILD_SA response: %d"), iState);
ProcessIkeSARekeyL(aIkeMsg);
}
else
{
DEBUG_LOG1(_L("Erroneous IKE SA rekey message received as CHILD_SA response: %d"),iState);
}
//iIkeV2PlugInSession.UpdateIkev2SAL(&iHdr, NULL, EFalse);
BuildDeleteRequestL(NULL); // Delete IKE SA rekeyed
iIkeV2PlugInSession.DeleteIkev2SA(iHdr.SaId());
break;
default:
//
// Ignore received message silently
//
DEBUG_LOG1(_L("CREATE_CHILD_SA response received in state %d"), iState);
break;
}
}
else
{
//
// CREATE_CHILD_SA request message received
//
if ( MsgId != iHdr.ExpectedRequestId() ) {
if ( iHdr.iLastResponse != NULL &&
MsgId == iHdr.iLastResponse->MessageId() )
{
//
// Retransmission of an earlier request.
// Retransmit current response
//
iState = KStateIkeChildSAResponse;
DoRetransmitL(ETrue);
return ETrue;
}
else {
DEBUG_LOG1(_L("Wrong message id in request, state: %d"), iState);
SetNotifyCode(INVALID_MESSAGE_ID);
StoreNotifyData32(MsgId);
return EFalse;
}
}
if ( iState >= KStateIkeSaCompleted )
{
//
// Received CREATE_CHILD_SA message can be one of the
// following:
// -- Create new Ipsec SA request:
// HDR(A,B), SK { SA, Nr, [KEi], [TSi, TSr]}
// -- Rekey Ipsec SA request:
// HDR(A,B), SK { N, SA, Ni, [KEi], [TSi, TSr]}
// -- Rekey IKE SA request:
// HDR(A,B), SK { SA, Ni, KEi}
//
if ( !CheckPayloadsOrder(aIkeMsg, CREATE_CHILD_SA, EFalse) )
{
DEBUG_LOG1(_L("Erroneous CREATE_CHILD_SA request: %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
return EFalse;
}
//
// Check is the current request an IKE SA rekey by checking
// Proposal payload protocol value
//
if ( Ikev2Proposal::IkeSaRekey(aIkeMsg) )
{
TBool Status;
if ( iState == KStateIkeSARekeyRequest )
{
DEBUG_LOG1(_L("IKE SA Rekey collision for SAID: %d"), iHdr.SaId());
SetNotifyCode(NO_ADDITIONAL_SAS);
Status = EFalse;
}
else
{
DEBUG_LOG1(_L("IKE SA Rekey started by peer for SAID: %d"), iHdr.SaId());
iState = KStateIkeSARekeyResponse;
Status = ProcessIkeSARekeyL(aIkeMsg);
iIkeV2PlugInSession.UpdateIkev2SAL(&iHdr, NULL);
}
return Status;
}
if ( CIkev2Acquire::Responding(GetAcquireQue()) )
{
DEBUG_LOG1(_L("CREATE_CHILD_SA IKE SA request already pending: %d"), iState);
SetNotifyCode(NO_ADDITIONAL_SAS);
return EFalse;
}
//
// Get acceptable Ipsec policy for peer defined traffic
// selectors (and peer address)
//
CIkev2Acquire* Acquire = IpsecSelectors::GetIpsecPolicyL(iIkeV2PlugInSession, aIkeMsg,
iHdr.iIkeData->iGroupDesc_II);
if ( !Acquire )
{
DEBUG_LOG1(_L("Unaccepted Traffic Selectors in CREATE_CHILD_SA request: %d"),iState);
SetNotifyCode(TS_UNACCEPTABLE);
return EFalse;
}
CleanupStack::PushL(Acquire);
HBufC8* proposedSaBuffer = NULL;
if (!Ikev2Proposal::VerifySaRequestAndGetProposedSaBufferL(iHdr, iChild, *Acquire->SA(),
*aIkeMsg, proposedSaBuffer))
{
CleanupStack::PopAndDestroy(Acquire);
DEBUG_LOG1(_L("Unaccepted SA content in CREATE_CHILD_SA request: %d"),iState);
SetNotifyCode(NO_PROPOSAL_CHOSEN);
return EFalse;
}
this->SetProposedSa(proposedSaBuffer);
proposedSaBuffer = NULL;
delete iNonce_I;
iNonce_I = NULL;
iNonce_I = HBufC8::NewL(aIkeMsg->iNonce->PlDataLen());
iNonce_I->Des().Copy(aIkeMsg->iNonce->PayloadData(), aIkeMsg->iNonce->PlDataLen());
if ( aIkeMsg->iKe )
{
PfsDHGroup = Acquire->DHGroup();
if ( PfsDHGroup == 0 )
{
PfsDHGroup = Ikev2Proposal::GetDHGroup(iHdr.iIkeData->iGroupDesc_II);
Acquire->DHGroup(PfsDHGroup);
}
if ( !ProcessKeyExchangeL((TKEPayloadIkev2*)aIkeMsg->iKe, PfsDHGroup) )
{
CleanupStack::PopAndDestroy(Acquire);
return EFalse;
}
}
CleanupStack::Pop(Acquire);
Acquire->SetSPI_Out(iChild.iSPI_Out);
Acquire->SetResponse();
if ( iChild.iTransport )
Acquire->SetTransport();
CIkev2Acquire::Link(Acquire, GetAcquireQue());
//
// Get SPI for new inbound SA
//
GetIpsecSPI(Acquire);
}
else
{
//
// Ignore received message silently
//
DEBUG_LOG1(_L("CREATE_CHILD_SA request received in state %d"), iState);
}
}
return ETrue;
}
TBool CIkev2Negotiation::ProcessIkeSARekeyL(CIkev2Payloads* aIkeMsg)
{
ASSERT(aIkeMsg);
//
// Process IKE SA rekey message (as IKE_CHILD_SA exchange)
// HDR(A,B), SK { SA, Nonce, KE}
//
if ( (iState == KStateIkeSARekeyRequest) || (iState == KStateIkeSARekeyResponse) )
{
//
// Received CREATE_CHILD_SA message for IKE SA rekey must
// look like the following: HDR(A,B), SK { SA, Ni, [KEi]}
// Allocate a new CIkev2Negotiation object for new IKE SA
//
//
CIkev2Negotiation* NewSA = new (ELeave) CIkev2Negotiation(iIkeV2PlugInSession, iPfKeySocketIf,
iEventLogger, iMessageSendQue, iDebug, 0);
CleanupStack::PushL(NewSA);
//Do not copy the previous sent request and response:
CIkeV2Message* lastResponse = iHdr.iLastResponse;
iHdr.iLastResponse = NULL;
CIkeV2Message* lastRequest = iHdr.iLastRequest;
iHdr.iLastRequest = NULL;
NewSA->iHdr.Copy(iHdr);
iHdr.iLastResponse = lastResponse;
iHdr.iLastRequest = lastRequest;
NewSA->iHdr.iWindowSize = 1;
NewSA->iHdr.iEncrAlg = 0;
NewSA->iHdr.iPRFAlg = 0;
NewSA->iHdr.iIntegAlg = 0;
NewSA->iHdr.iDHGroup = 0;
NewSA->iHdr.iAuthMethod = 0;
NewSA->iHdr.iCipherKeyLth = 0;
NewSA->iHdr.iCipherBlkLth = 0;
NewSA->iHdr.iIntChkSumLth = 0;
if ( iState == KStateIkeSARekeyRequest )
{
NewSA->iHdr.iInitiator = ETrue;
NewSA->iHdr.SetSaId(iSAid_Rekey);
NewSA->iHdr.SetSpiI(iSPI_Rekey);
NewSA->iNonce_I = iNonce_I; // Nonce was created in BuildIkeSaRekeyMsgL() earlier
NewSA->iDHKeys = iDHKeys; // DH keys object was created in BuildIkeSaRekeyMsgL() earlier
iNonce_I = NULL;
iDHKeys = NULL;
}
else
{
NewSA->iHdr.iInitiator = EFalse;
NewSA->iHdr.SetSaId(iIkeV2PlugInSession.GetSAId()); // Get a new SA Id
NewSA->CreateIkeSPI(NewSA->iHdr.SpiR());
}
//
// Build a SA payload from current IKE policy and
// verify received IKE SA request with it
//
HBufC8* SaBfr = Ikev2Proposal::FromPolicyToProposaL(NewSA->iHdr, NewSA->iSPI_Rekey, NewSA->iDHGroupGuess, ETrue);
CleanupStack::PushL(SaBfr);
HBufC8* proposedSaBuffer = NULL;
TBool SaOk = Ikev2Proposal::VerifySaRequestAndGetProposedSaBufferL(NewSA->iHdr, NewSA->iChild,
*SaBfr, *aIkeMsg, proposedSaBuffer);
CleanupStack::PopAndDestroy();
if ( iState == KStateIkeSARekeyRequest )
SaOk &= Ikev2Proposal::GetRekeySpi(aIkeMsg, NewSA->iHdr.SpiR());
else SaOk &= Ikev2Proposal::GetRekeySpi(aIkeMsg, NewSA->iHdr.SpiI());
if ( !SaOk )
{
DEBUG_LOG1(_L("Unaccepted SA content in IKE_SA Rekey request: %d"), iState);
SetNotifyCode(NO_PROPOSAL_CHOSEN);
CleanupStack::PopAndDestroy(NewSA);
return EFalse;
}
NewSA->SetProposedSa(proposedSaBuffer);
proposedSaBuffer = NULL;
if ( aIkeMsg->iNonce->PlDataLen() < IKEV2_MIN_NONCE_SIZE )
{
DEBUG_LOG1(_L("Nonce data too short in IKE_SA Rekey request %d"), iState);
SetNotifyCode(INVALID_SYNTAX);
CleanupStack::PopAndDestroy(NewSA);
return EFalse;
}
if ( iState == KStateIkeSARekeyRequest )
{
NewSA->iNonce_R = HBufC8::NewL(aIkeMsg->iNonce->PlDataLen());
NewSA->iNonce_R->Des().Copy(aIkeMsg->iNonce->PayloadData(), aIkeMsg->iNonce->PlDataLen());
}
else
{
NewSA->iNonce_I = HBufC8::NewL(aIkeMsg->iNonce->PlDataLen());
NewSA->iNonce_I->Des().Copy(aIkeMsg->iNonce->PayloadData(), aIkeMsg->iNonce->PlDataLen());
}
if ( !NewSA->ProcessKeyExchangeL((TKEPayloadIkev2*)aIkeMsg->iKe, NewSA->iHdr.iDHGroup) )
{
//If there was notify code set, copy it to current negotiation before destroying NewSa
if(NewSA->GetNotifyCode())
{
SetNotifyCode(NewSA->GetNotifyCode());
}
TInt dataLth(0);
TUint8* notifyData = NewSA->NotifyData(dataLth);
if(dataLth == 2)
{
StoreNotifyData16(GET16(notifyData));
}
else if(dataLth == 4)
{
StoreNotifyData32(GET32(notifyData));
}
CleanupStack::PopAndDestroy(NewSA);
return EFalse;
}
if ( iState == KStateIkeSARekeyResponse )
{
//
// Build IKE SA rekey response (CHILD_SA response):
// HDR, SAr, Nr, KEr
//
iDHKeys = NewSA->iDHKeys; // To calculate own DH value
iSPI_Rekey = NewSA->iHdr.SpiR();
SetProposedSa(NewSA->GetProposedSa());
BuildIkeSaRekeyMsgL(EFalse);
NewSA->iNonce_R = iNonce_R; // Nonce is created in BuildIkeSaRekeyMsgL()
iNonce_R = NULL;
iDHKeys = NULL;
}
//
// Generate key material for new IKE SA
//
NewSA->GenerateIkeKeysL(&iHdr);
//
// Create a new IKE SA and swap IPSec SA from rekeyed IKE SA
// to the new just created SA
//
iIkeV2PlugInSession.CreateIkev2SAL(NewSA->iHdr);
iIkeV2PlugInSession.InheritIpsecSas(NewSA->iHdr.SaId(), iHdr.SaId());
CleanupStack::PopAndDestroy(NewSA);
}
return ETrue;
}
TBool CIkev2Negotiation::ProcessInfoMsgL(CIkev2Payloads* aIkeMsg)
{
ASSERT(aIkeMsg);
//
// Process IKE message of exchange type INFORMATIONAL
// HDR, SK {[N,] [D,] [CP,] ...}
// Only encyrpted and authenitcated are processed.
//
if ( !aIkeMsg->Encrypted() )
{
if ( iState == KStateIdle)
iStopped = ETrue;
return EFalse;
}
ThdrISAKMP* IkeHdr = aIkeMsg->GetIkeMsg(); // IKE Message fixed header
TBool Response = IkeHdr->GetFlags() & IKEV2_RESPONSE_MSG;
TUint32 MsgId = IkeHdr->GetMessageId();
if ( Response )
{
if ( (iState == KStateIkeInfoRequest) || (iState == KStateIkeDeleteRequest) )
{
//
// A response received to a transmitted Informational request
//
DEBUG_LOG(_L("Response received to a transmitted Informational request"));
if ( MsgId == iHdr.ExpectedResponseId() )
{
iIkeV2PlugInSession.UpdateIkev2SAL(&iHdr, NULL);
if ( iState == KStateIkeDeleteRequest )
{
iIkeV2PlugInSession.IkeSaDeleted(KErrNone); //IKE SA deletion going
}
else
{
if ( aIkeMsg->iNotifs->Count() )
{
ProcessNotifyPayloadsL(*aIkeMsg->iNotifs, EFalse, INFORMATIONAL);
}
}
iStopped = ETrue;
return EFalse;
}
}
else if ( iState == KStateChildDeleteRequest )
{
//
// A response received to a transmitted Child SA delete request
//
if ( aIkeMsg->iDeletes->Count() )
{
ProcessDeletePayloadsL(*aIkeMsg->iDeletes, EFalse);
}
//
// Update sequence numbers and IKE SA data
//
iIkeV2PlugInSession.UpdateIkev2SAL(&iHdr, NULL);
iStopped = ETrue;
return EFalse;
}
}
else
{
//
// A Informational request received. Process request according
// to payload content and send informational response.
//
DEBUG_LOG1(_L("INFORMATIONAL request received in state %d"), iState);
if ( MsgId == iHdr.ExpectedRequestId() )
{
TBool BuildResponse = ETrue;
if ( aIkeMsg->iDeletes->Count() )
{
BuildResponse = ProcessDeletePayloadsL(*aIkeMsg->iDeletes, ETrue);
}
if ( aIkeMsg->iNotifs->Count() )
{
BuildResponse = ProcessNotifyPayloadsL(*aIkeMsg->iNotifs, ETrue, INFORMATIONAL);
}
if ( BuildResponse )
{
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
INFORMATIONAL,
iHdr.iInitiator,
ETrue,
iHdr.ExpectedRequestId(),
iDebug);
CleanupStack::PushL(ikeMsg);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
if ( (iState != KStateIkeInfoRequest) && (iState != KStateIkeDeleteRequest) && (iState != KStateIkeDeleteResponse) )
{
iState = KStateIkeSaCompleted;
}
}
}
}
return ETrue;
}
TBool CIkev2Negotiation::ProcessNotifyPayloadsL(const CArrayFixFlat<TNotifPayloadIkev2*>& aNotifys,
TBool aRequest, TInt aExchange)
{
if ( Ikev2MobIke::ProcessNotifysL(this, aNotifys, aRequest, aExchange) )
{
return EFalse; // Notify payload(s) was processed by MOBIKE protocol
}
TInt MsgType;
TNotifPayloadIkev2* Payload;
TInt Count = aNotifys.Count();
TInt i = 0;
while ( i < Count )
{
Payload = aNotifys.At(i);
MsgType = (TInt)Payload->GetMsgType();
DEBUG_LOG1(_L("Received Notify payload message type %d"), MsgType);
//
// Process possible error type Notify messages
//
if (aExchange == IKE_SA_INIT)
{
switch ( MsgType )
{
case INVALID_SYNTAX:
//Fall through
case NO_PROPOSAL_CHOSEN:
return EFalse;
case INVALID_KE_PAYLOAD:
ProcessInvalidKePayloadNotifyL();
return ETrue;
case COOKIE:
return ProcessCookieL(aNotifys, aRequest);
default:
break;
}
}
else
{
switch ( MsgType )
{
case UNSUPPORTED_CRITICAL_PAYLOAD:
case INVALID_SYNTAX:
case INVALID_MESSAGE_ID:
case AUTHENTICATION_FAILED:
case INTERNAL_ADDRESS_FAILURE:
case FAILED_CP_REQUIRED:
//
// When some of these error types received IKE SA shall
// corresponding IKE SA shall be deleted
//
iDeleteIkeSA = ETrue;
break;
case NO_PROPOSAL_CHOSEN:
case SINGLE_PAIR_REQUIRED:
case NO_ADDITIONAL_SAS:
case TS_UNACCEPTABLE:
case INVALID_SELECTORS:
//
// When some of these error types received within
// IKE_AUTH or CREATE_CHILD_SA exchange (in response)
// Child SA request is interpreted to be failed
//
if ( ((aExchange == IKE_AUTH) || (aExchange == CREATE_CHILD_SA) ) && !aRequest )
iChildSARejected = ETrue;
break;
default:
break;
}
}
i++;
}
return ETrue;
}
TBool CIkev2Negotiation::ProcessCookieL(const CArrayFixFlat<TNotifPayloadIkev2*>& aNotifys, TBool aRequest)
{
//
// Special handling for COOKIE Notify payload.
// The following actions are taken:
// - Assure that the first Notify payload in array is cookie
// - When the COOKIE is received in response (aRequest = EFalse)
// - Retransmit IKE_SA_INIT request again in format:
// HDR(A,0), N(COOKIE), SAi1, KEi, Ni, [Nat Notifies]
// - When the COOKIE is received in request (aRequest = ETrue)
// - Assure that COOKIE returned by the initiator is the we
// have earlier transmitted.
//
if ( aNotifys.Count() )
{
const TNotifPayloadIkev2* NotifyPayload = aNotifys.At(0);
if ( NotifyPayload->GetMsgType() == COOKIE && !aRequest)
{
//
// Local end COOKIE usage has not been implemented yet
//
//
// Init a new IKE message buffer and copy received COOKIE
// Notify to the first payload. Concatenate then all
// payloads from original IKE_SA_INIT request to this new
// IKE message (and set next payload field in Notify)
//
DEBUG_LOG1(_L("Cookie received, IKE_SA_INIT repeated: %d"), iState);
if ( iCookieReturned )
{
//
// One cookie already returned. Avoid cookie-loop
// by stopping ongoing IKE_SA_INIT exchange
//
DEBUG_LOG(_L("Cookie already returned once, IKE_SA_INIT exchange stopped"));
return EFalse;
}
CIkeV2Message* originalIkeSaInitRequest = iHdr.iLastRequest;
const TPtrC8 cookieData(NotifyPayload->NotifData(), NotifyPayload->NotifDataLength());
// Use protocol id sent by gateway. RFC says id should be zero, but some GWs
// work against the spec.
TUint8 protocolId = NotifyPayload->GetProtocolId();
originalIkeSaInitRequest->PrependCookieNotifyPayloadL(protocolId, cookieData);
iHdr.iLastRequest = NULL; //claims the ownership of the message
SendIkeMsgL(originalIkeSaInitRequest);
iTimer->Cancel(); // Reset transmit retry timer
iTimer->IssueRequest(iSendAttempt); // Start retry timer
iCookieReturned = ETrue;
return ETrue;
}
}
DEBUG_LOG1(_L("Cookie required, NO COOKIE Notify found: %d"), iState);
return EFalse;
}
TBool CIkev2Negotiation::ProcessDeletePayloadsL(const CArrayFixFlat<TDeletePlIkev2*>& aDeletes,
TBool aRequest)
{
//
// Process delete payloads received.
//
CDesC8ArrayFlat* SpiList = NULL;
TUint8 Protocol = IKEV2_PROT_NONE;
for (TInt i = 0; i < aDeletes.Count(); ++i)
{
const TDeletePlIkev2* Payload = aDeletes.At(i);
Protocol = Payload->GetProtocolId();
switch ( Protocol )
{
case IKEV2_PROTOCOL:
//
// Deletion of current existing IKE SA. All IPSEC SA:s
// negotiated within IKE SA are deleted implicitly
//
iIkeV2PlugInSession.DeleteIkev2SA(iHdr.SaId());
delete SpiList;
SpiList = NULL;
i = aDeletes.Count(); // Stop outer while loop
iState = KStateIkeDeleteResponse; // Set next state here
break;
case IKEV2_IPSEC_AH:
case IKEV2_IPSEC_ESP:
if ( Payload->GetSPISize() == 4 )
{
//
// Delete Ipsec SPI:s from IKE SA (and IPSEC SADB)
// If Delete payload received within Info request
// build inbound SPI list of corresponding inbound
// SA:s
//
TUint SpiCount = (TInt)Payload->GetNbrOfSpis();
if ( TPayloadIkev2::Cast(Payload)->GetLength() ==
( TDeletePlIkev2::Size() + 4*SpiCount) )
{
const TUint8* Spis = Payload->SPIs();
if ( aRequest && !SpiList )
{
SpiList = new (ELeave) CDesC8ArrayFlat(2);
CleanupStack::PushL(SpiList);
}
while ( SpiCount )
{
TPtrC8 Spi(Spis, 4);
if ( SpiList )
{
const TIkeV2IpsecSAData* IpsecSa =
iIkeV2PlugInSession.FindIpsecSAData(iHdr.SaId(), Spi, EFalse);
if ( IpsecSa && IpsecSa->iSPI_In.Length() > 0 )
{
SpiList->AppendL(IpsecSa->iSPI_In);
}
}
iIkeV2PlugInSession.DeleteIpsecSAData(iHdr.SaId(), Spi, EFalse);
Spis += 4;
SpiCount--;
}
}
}
break;
default:
break;
}
}
if ( SpiList )
{
//
// Build Informational exchange response with a
// Delete payload containing SPI:s of corresponding
// inbound SA:s.
//
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
INFORMATIONAL,
iHdr.iInitiator,
ETrue,
iHdr.ExpectedRequestId(), iDebug);
CleanupStack::PushL(ikeMsg);
ikeMsg->AppendEncryptedPayloadL(iHdr.iCipherBlkLth);
ikeMsg->AppendDeletePayloadL(Protocol, *SpiList);
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
CleanupStack::PopAndDestroy(SpiList);
iState = KStateIkeSaCompleted;
aRequest = EFalse;
}
return aRequest;
}
void CIkev2Negotiation::ProcessInvalidKePayloadNotifyL()
{
// Build and send new IKE_SA_INIT message (request) with another DH group #
// HDR, SAi1, KEi, Ni, N[NAT_SRC], N[NAT_DST]
//
iDHGroupGuess++;
delete iDHKeys; // Delete old DH object
iDHKeys = NULL;
iHdr.iDHGroup = 0;
TUint32 lastRequestMsgId = 0;
if(iHdr.iLastRequest != NULL)
{
lastRequestMsgId = iHdr.iLastRequest->MessageId();
}
CIkeV2Message* ikeMsg = CIkeV2Message::NewL(iHdr.SpiI(),
iHdr.SpiR(),
IKE_SA_INIT,
iHdr.iInitiator,
EFalse,
lastRequestMsgId,
iDebug);
CleanupStack::PushL(ikeMsg);
HBufC8* saBfr = Ikev2Proposal::FromPolicyToProposaL(iHdr, iSPI_Rekey, iDHGroupGuess);
CleanupStack::PushL(saBfr);
ikeMsg->AppendSaPayloadL(*saBfr);
CleanupStack::Pop(saBfr);
SetProposedSa(saBfr);
AppendKEPayloadL(*ikeMsg, iHdr.iDHGroup);
ikeMsg->AppendNoncePayloadL(*iNonce_I);
if ( !iHdr.iIkeData->iUseNatProbing )
{
delete iNatNotify;
iNatNotify = NULL;
TInetAddr LocalIp;
if ( iHdr.iIkeData->iUseMobIke )
LocalIp.SetAddress(KInetAddrNone);
else LocalIp = iHdr.iLocalAddr;
iNatNotify = CIkev2NatT::NewL(
LocalIp, iHdr.iRemoteAddr, IKE_PORT, ikeMsg->InitiatorSpi(), ikeMsg->ResponderSpi());
ikeMsg->AppendNotifyPayloadL(IKEV2_PROTOCOL, KZeroDesc, NAT_DETECTION_SOURCE_IP,
iNatNotify->SourceNofify());
ikeMsg->AppendNotifyPayloadL(IKEV2_PROTOCOL, KZeroDesc, NAT_DETECTION_DESTINATION_IP,
iNatNotify->DestinNofify());
}
CleanupStack::Pop(ikeMsg);
SendIkeMsgL(ikeMsg);
iState = KStateIkeSaInitRequest;
}
void CIkev2Negotiation::GetNonceDataL(TBool aInitiator)
{
//
// Get random data for local nonce
//
HBufC8* Nonce;
if ( aInitiator )
{
Nonce = HBufC8::NewL(IKEV2_DEF_NONCE_SIZE);
delete iNonce_I;
iNonce_I = Nonce;
}
else
{
Nonce = HBufC8::NewL(IKEV2_DEF_NONCE_SIZE);
delete iNonce_R;
iNonce_R = Nonce;
}
TPtr8 RandOctet(Nonce->Des());
RandOctet.SetLength(IKEV2_DEF_NONCE_SIZE);
TRandom::RandomL(RandOctet);
}
void CIkev2Negotiation::GetOwnIdentityL(TBool aEapIdResponse)
{
if ( iLocalIdentity )
{
return; // We already have own identity data
}
//
// The own IKE identity data is built with the following system:
// -- If Own Certificate exist take try to get identity data from it
// If no Certificate or identity cannot be get from certificate
// -- If EAP used use identity speficied by the EAP plugin
// -- If EAP not used, get own identity data information from current IKE policy
// If no identity information found use local IP address as
// identity. Own IKE Identity information is stored in iLocalIdentity
// buffer (linked into negotiation object) in format of Identity
// payload (TIDPayloadIkev2)
//
HBufC8* IdBfr = NULL;
TUint8 IdType = ID_NOT_DEFINED;
//Try to get the identity from the user certificate
if ( iPkiService && iPkiService->UserCertificateData().Length() > 0 )
{
IdType = iHdr.iIkeData->iIdType;
IdBfr = IkePkiUtils::GetIdentityFromCertL(IdType, iPkiService->UserCertificateData());
if ( IdBfr != NULL)
{
if (IdType == ID_NOT_DEFINED)
{
IdType = ID_DER_ASN1_DN;
}
}
else
{
//We didn't get the ID data from the user certificate.
//Make sure that the type is set to not defined.
IdType = ID_NOT_DEFINED;
}
}
//If we didn't get the identity from the user certificate,
//try to get it from the EAP plugin.
if ( IdType == ID_NOT_DEFINED && iEapPlugin )
{
__ASSERT_DEBUG(IdBfr == NULL, User::Invariant());
//
// Try to get Own identity data from EAP Plug-in
//
IdBfr = iEapPlugin->Identity();
if ( IdBfr != NULL && IdBfr->Length() )
{
//
// Identity data provided by EAP plug-in. Define IKE Id type
// value according to Identity data content. If Id data
// contains realm (format username@realm) Id type
// ID_RFC822_ADDR is used. If no realm in ID use type ID_KEY_ID
//
TInt offset = IdBfr->Find(_L8("@"));
IdType = ( offset == KErrNotFound ) ? ID_KEY_ID : ID_RFC822_ADDR;
}
else
{
delete IdBfr;
IdBfr = NULL;
if ( !aEapIdResponse )
return; // Identity not yet available continue waiting
}
}
//If we don't have identity so far, try to get it from the
//policy:
if ( IdType == ID_NOT_DEFINED &&
iHdr.iIkeData->iIdType != ID_NOT_DEFINED &&
iHdr.iIkeData->iFQDN.Length() > 0)
{
__ASSERT_DEBUG(IdBfr == NULL, User::Invariant());
IdBfr = HBufC8::NewL(iHdr.iIkeData->iFQDN.Length());
IdBfr->Des().Copy(iHdr.iIkeData->iFQDN);
IdType = iHdr.iIkeData->iIdType;
}
//If we have not been able to get the identity so far, we are using the default
//identity, which is our own IP address.
if ( IdType == ID_NOT_DEFINED)
{
__ASSERT_DEBUG(IdBfr == NULL, User::Invariant());
if ( (iHdr.iLocalAddr.Family()== KAfInet) || iHdr.iLocalAddr.IsV4Mapped() )
{
TUint32 num = ByteOrder::Swap32(iHdr.iLocalAddr.Address());//Put in network order
IdBfr = HBufC8::NewL(sizeof(num));
IdBfr->Des().Append(reinterpret_cast<TUint8*>(&num), sizeof(num));
IdType = ID_IPV4_ADDR;
}
else
{
IdBfr = HBufC8::NewL(16);
const TUint8* pnum = &iHdr.iLocalAddr.Ip6Address().u.iAddr8[0]; //Address in a bytestream
IdBfr->Des().Append(pnum, 16);
IdType = ID_IPV6_ADDR;
}
}
__ASSERT_DEBUG((IdType != ID_NOT_DEFINED && IdBfr != NULL), User::Invariant());
CleanupStack::PushL(IdBfr);
iLocalIdentity = CIkeV2Identity::NewL(IdType, *IdBfr);
CleanupStack::PopAndDestroy(IdBfr);
}
void CIkev2Negotiation::GenerateIkeKeysL(TIkev2SAData* aRekeydSaData)
{
//
// Generate IKE keying material. Start by calculating
// Diffie-Hellman secret.
//
User::LeaveIfNull(iDHPublicPeer);
if ( !iDHKeys )
{
iDHKeys = CDHKeys::CreateDHKeyL(iHdr.iDHGroup);
iDHKeys->XValueL(); // Calculate own DH public value
}
HBufC8* g_ir = iDHKeys->ComputeAgreedKeyL(iDHPublicPeer->Des());
CleanupStack::PushL(g_ir);
delete iDHKeys;
iDHKeys = NULL;
HBufC8* Ni_Nr;
HBufC8* SKEYSEED;
TUint16 prfAlg(0);
if ( aRekeydSaData )
{
//
// Calculate IKE keying material seed SKEYDSEED = prf(SK_d(old), [g^ir (new)] | Ni | Nr)
//
Ni_Nr = HBufC8::NewL(g_ir->Length() + iNonce_I->Length() + iNonce_R->Length());
CleanupStack::PushL(Ni_Nr);
Ni_Nr->Des().Copy(g_ir->Des());
Ni_Nr->Des().Append(iNonce_I->Des());
Ni_Nr->Des().Append(iNonce_R->Des());
prfAlg = aRekeydSaData->iPRFAlg;
SKEYSEED = IkeCrypto::PrfhmacL(*Ni_Nr, aRekeydSaData->iSK_d, prfAlg);
CleanupStack::PushL(SKEYSEED);
}
else
{
//
// Calculate IKE keying material seed SKEYDSEED = prf(Ni | Nr, g^ir)
//
Ni_Nr = HBufC8::NewL(iNonce_I->Length() + iNonce_R->Length());
CleanupStack::PushL(Ni_Nr);
Ni_Nr->Des().Copy(iNonce_I->Des());
Ni_Nr->Des().Append(iNonce_R->Des());
prfAlg = iHdr.iPRFAlg;
SKEYSEED = IkeCrypto::PrfhmacL(*g_ir, *Ni_Nr, prfAlg);
CleanupStack::PushL(SKEYSEED);
}
g_ir->Des().FillZ(); // Wipe out shared secret value from buffer
iHdr.GenerateIkeKeyDerivatesL(SKEYSEED->Des(),prfAlg, *iNonce_I, *iNonce_R);
SKEYSEED->Des().FillZ(); // Wipe out SKEYSEED value from buffer
CleanupStack::PopAndDestroy(3); //g_ir , Ni_Nr and SKEYSEED
}
void CIkev2Negotiation::SaveSignedDataL(TBool aLocal, const TDesC8& aIkeMsg)
{
//
// Allocate buffer for signed octets needed for IKE SA
// authentication with AUTH payload.
// The signed octet contains the following data:
// Initiator:
// - IKE_SA_INIT message content (message number 1)
// concatenated with responder nonce data and value
// prf(SK_pi,IDi") where IDi" is initiator ID data without fixed
// payload header
//
// Responder:
// - IKE_SA_INIT message content (message number 2)
// concatenated with initiator nonce data and value
// prf(SK_pr,IDr") where IDr" is responder ID data without fixed
// payload header
//
TInt SignedLth = aIkeMsg.Length(); // Initial value
HBufC8* Nonce;
HBufC8** SignedBfrPtr;
if ( aLocal )
{
if ( iHdr.iInitiator )
{
SignedBfrPtr = &iAuthMsgInit;
Nonce = iNonce_R;
}
else {
SignedBfrPtr = &iAuthMsgResp;
Nonce = iNonce_I;
}
}
else
{
if ( iHdr.iInitiator )
{
SignedBfrPtr = &iAuthMsgResp;
Nonce = iNonce_I;
}
else
{
SignedBfrPtr = &iAuthMsgInit;
Nonce = iNonce_R;
}
}
SignedLth += Nonce->Length() + IkeCrypto::AlgorithmInfo(IKEV2_PRF, iHdr.iPRFAlg);
HBufC8* Signed = HBufC8::NewL(SignedLth);
Signed->Des().Copy(aIkeMsg);
Signed->Des().Append(Nonce->Des());
if ( aLocal && iLocalIdentity )
{
//
// Add value prf(SK_px,IDx") into local signed data buffer end
//
AddIdToSignedDataL(ETrue, Signed, iLocalIdentity->PayloadData());
}
delete *SignedBfrPtr;
*SignedBfrPtr = Signed;
}
void CIkev2Negotiation::AddIdToSignedDataL(TBool aLocal, HBufC8* aSigned, const TDesC8& aIdData)
{
ASSERT(aSigned);
//
// Add value prf(SK_px,IDx") into signed data buffer end
//
HBufC8* signedIdData = NULL;;
if ( iHdr.iInitiator )
{
if ( aLocal )
{
signedIdData = IkeCrypto::PrfhmacL(aIdData, iHdr.iSK_pi, iHdr.iPRFAlg);
}
else
{
signedIdData = IkeCrypto::PrfhmacL(aIdData, iHdr.iSK_pr, iHdr.iPRFAlg);
}
}
else
{
if ( aLocal )
{
signedIdData = IkeCrypto::PrfhmacL(aIdData, iHdr.iSK_pr, iHdr.iPRFAlg);
}
else
{
signedIdData = IkeCrypto::PrfhmacL(aIdData, iHdr.iSK_pi, iHdr.iPRFAlg);
}
}
aSigned->Des().Append(*signedIdData);
delete signedIdData;
}
HBufC8* CIkev2Negotiation::SignAuthDataL(const TDesC8& aAuthData, TUint8 aAuthMethod)
{
//
// Sign aMsgData according to authentication method parameter
//
HBufC8* signedAuthData = NULL;
if ( iPkiService &&
iPkiService->TrustedCaName().Length() > 0 &&
iPkiService->UserCertificateData().Length() > 0 )
{
//
// Message data <msg octets> is signed using private key
//
TPtrC8 TrustedCa(iPkiService->TrustedCaName());
signedAuthData = HBufC8::NewLC(320); // reserved for sign (aware for 2048 bits signatures)
TPtr8 signedAuthDataPtr(signedAuthData->Des());
iPkiService->Ikev2SignatureL(TrustedCa, iHdr.iIkeData->iOwnCert, aAuthData, signedAuthDataPtr, aAuthMethod);
CleanupStack::Pop(signedAuthData);
}
else
{
//
// Message data is signed using negotiated PRF function as
// follows:
// AUTH =
// prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>)
// If EAP method that creates a shared key as a side effect of
// authentication used, this shared key is used as Shared Secret
// Otherwise preshared key configured into policy is used as
// Shared secret.
//
if ( !iPresharedKey )
iPresharedKey = Ikev2Proposal::GetPSKFromPolicyL(iHdr.iIkeData);
//
// Calculate KEY = prf(Shared Secret,"Key Pad for IKEv2")
//
HBufC8* PskKey = IkeCrypto::PrfhmacL(KIkev2PSKData, *iPresharedKey, iHdr.iPRFAlg);
CleanupStack::PushL(PskKey);
//
// Calculate prf(KEY, <msg octets>)
//
signedAuthData = IkeCrypto::PrfhmacL(aAuthData, *PskKey, iHdr.iPRFAlg);
CleanupStack::PopAndDestroy(PskKey);
}
return signedAuthData;
}
TBool CIkev2Negotiation::AddIdAndAuthenticatePeerL(CIkev2Payloads* aIkeMsg)
{
ASSERT(aIkeMsg);
//
// Verify that authentication payload of peer is correct
// To do this the signed data octets of peer must be filled with
// value: prf(SK_px,IDx")
// So the peer ID payload must be verified first.
//
HBufC8* Signed;
TIDPayloadIkev2* Id;
if ( iHdr.iInitiator )
{
Signed = iAuthMsgResp;
Id = (TIDPayloadIkev2*)aIkeMsg->iIdR;
}
else
{
Signed = iAuthMsgInit;
Id = (TIDPayloadIkev2*)aIkeMsg->iIdI;
}
if ( !Signed || !Id )
return EFalse;
if ( !iPeerIdInSignedData )
{
TUint16 IdLth = TPayloadIkev2::Cast(Id)->GetLength();
if ( IdLth < TIDPayloadIkev2::Size() )
{
DEBUG_LOG1(_L("Peer ID payload too short; Length %d"), IdLth);
return EFalse;
}
//
// Add value prf(SK_px,IDx") into peer signed data buffer end
//
TPayloadIkev2* idPayload = TPayloadIkev2::Cast(Id);
TPtrC8 idPtr(idPayload->PayloadData(), (idPayload->GetLength() - TPayloadIkev2::Size()));
AddIdToSignedDataL(EFalse, Signed, idPtr);
iPeerIdInSignedData = ETrue;
}
return AuthenticatePeerL(aIkeMsg->iAuth);
}
TBool CIkev2Negotiation::AuthenticatePeerL(TAuthPayloadIkev2* aAuth)
{
//
// Authenticate peer tication payload of peer is correct
// To do this the signed data octets of peer must be filled with
// value: prf(SK_px,IDx")
// So the peer ID payload must be verified first.
//
HBufC8* Signed;
if ( iHdr.iInitiator )
Signed = iAuthMsgResp;
else Signed = iAuthMsgInit;
if ( !Signed || !aAuth )
return EFalse;
TUint16 AuthLth = TPayloadIkev2::Cast(aAuth)->GetLength();
if ( AuthLth < TAuthPayloadIkev2::Size() )
{
DEBUG_LOG1(_L("Peer Auth payload too short; Length %d"), AuthLth);
return EFalse;
}
AuthLth = (TUint16)(AuthLth - TAuthPayloadIkev2::Size());
TBool Status = EFalse;
if ( aAuth->GetAuthMethod() == PRESHARED_KEY )
{
DEBUG_LOG(_L("Authenticating SGW with PSK"));
//
// Pre shared key authentication is not accepted for peer if we
// have requested an certificate from peer (PKI authentication
// required)
//
if ( !iPkiAuthRequired )
{
HBufC8* AuthRef = SignAuthDataL(*Signed, PRESHARED_KEY);
CleanupStack::PushL(AuthRef);
if ( AuthRef->Length() == AuthLth )
{
Status = (Mem::Compare(AuthRef->Ptr(), AuthRef->Length(), aAuth->AuthData(), AuthLth ) == 0);
}
CleanupStack::PopAndDestroy(); // AuthRef
}
}
else
{
//
// Authentication based on PKI (private key signature)
//
if ( iPkiService && iPeerCert )
{
DEBUG_LOG(_L("Authenticating SGW with certs"));
TPtrC8 AuthData(Signed->Des());
TPtrC8 Signature(aAuth->AuthData(), AuthLth);
Status = IkePkiUtils::VerifyIkev2SignatureL(Signature, AuthData, *iPeerCert);
iPkiAuthRequired = EFalse;
}
}
if (Status)
{
DEBUG_LOG(_L("SGW authentication success"));
}
else
{
DEBUG_LOG(_L("SGW authentication failed"));
}
return Status;
}
TBool CIkev2Negotiation::VerifyPeerCertificateL(CArrayFixFlat<TCertPayloadIkev2*>* aCerts, TIDPayloadIkev2* aId )
{
TBool Status = EFalse;
const CIkeCaList& trustedCaList = iPkiService->CaList();
CX509Certificate* PeerCert = IkePkiUtils::VerifyCertificateL(*aCerts, trustedCaList);
if ( PeerCert && aId )
{
CleanupStack::PushL(PeerCert);
TPtrC8 IdData(aId->IdData(), (TPayloadIkev2::Cast(aId)->GetLength() - TIDPayloadIkev2::Size()));
Status = IkePkiUtils::CertifyIdentityL(PeerCert, IdData, (TInt)aId->GetIdType());
if ( Status )
{
DEBUG_LOG(_L("IDr matches the SGW certificate"));
if (iRemoteIdentity && !iHdr.iIkeData->iSkipRemoteIdCheck ) //iRemoteIdentity if the REMOTE_IF from the policy
{
//TIDPayloadIkev2* peerIdentityPayload = TIDPayloadIkev2::Cast(iRemoteIdentity->Ptr());
if (iRemoteIdentity->IdType() == aId->GetIdType())
{
TPtrC8 idPtr(aId->IdData(),
TPayloadIkev2::Cast(aId)->GetLength() - TIDPayloadIkev2::Size());
TPtrC8 peerIdentityPtr(iRemoteIdentity->Identity());
//Check if we accept partial remote id
if (iHdr.iIkeData->iAcceptPartialRemoteId &&
iRemoteIdentity->IdType() == ID_FQDN &&
peerIdentityPtr.Length() > idPtr.Length())
{
DEBUG_LOG(_L("Using PARTIAL_REMOTE_ID_CHECK"));
peerIdentityPtr.Set(peerIdentityPtr.Right(idPtr.Length()));
}
if (idPtr.Compare(peerIdentityPtr) == 0)
{
DEBUG_LOG(_L("IDr matches the REMOTE_ID"));
Status = ETrue;
}
else
{
DEBUG_LOG(_L("IDr does not match the REMOTE_ID"));
Status = EFalse;
}
}
else
{
DEBUG_LOG(_L("IDr payload ID does not match REMOTE_ID_TYPE"));
Status = EFalse;
}
}
}
else
{
DEBUG_LOG(_L("IDr does not match the SGW certificate"));
}
if ( Status )
{
CleanupStack::Pop(PeerCert);
delete iPeerCert;
iPeerCert = PeerCert;
}
else CleanupStack::PopAndDestroy(PeerCert);
}
return Status;
}
TBool CIkev2Negotiation::ProcessKeyExchangeL(TKEPayloadIkev2* aKePayload, TUint16 aGroup)
{
//
// Process key exchange payload received from peer
//
if ( !aKePayload )
{
DEBUG_LOG1(_L("Key Exchange payload not present, required Group %d"), aGroup);
SetNotifyCode(INVALID_KE_PAYLOAD);
StoreNotifyData16(aGroup);
return EFalse;
}
TUint16 PlLth = TPayloadIkev2::Cast(aKePayload)->GetLength();
if (( PlLth <= TKEPayloadIkev2::Size() ) || ( aKePayload->GetDHGroup() != aGroup ))
{
DEBUG_LOG1(_L("Peer Key Exchange DH group does not match, Group %d"), aKePayload->GetDHGroup());
SetNotifyCode(INVALID_KE_PAYLOAD);
StoreNotifyData16(aGroup);
return EFalse;
}
if ( !iDHKeys )
iDHKeys = CDHKeys::CreateDHKeyL(aGroup);
PlLth = (TUint16)(PlLth - TKEPayloadIkev2::Size());
if ( PlLth != iDHKeys->ModulusLength() )
{
DEBUG_LOG1(_L("Peer DH public value length does not match group, Length %d"), PlLth);
SetNotifyCode(INVALID_KE_PAYLOAD);
StoreNotifyData16(aGroup);
return EFalse;
}
delete iDHPublicPeer;
iDHPublicPeer = NULL;
iDHPublicPeer = HBufC8::NewL(PlLth);
iDHPublicPeer->Des().Copy(aKePayload->DHPublic(), PlLth);
return ETrue;
}
void CIkev2Negotiation::AppendKEPayloadL(CIkeV2Message& aIkeMsg, TUint16 aDHGroup)
{
if ( !iDHKeys )
iDHKeys = CDHKeys::CreateDHKeyL(aDHGroup);
iDHKeys->XValueL(); // Calculate own DH public value
HBufC8* dHPublic = iDHKeys->GetPubKey(); //save the public key in a buffer to have easy access
User::LeaveIfNull(dHPublic);
CleanupStack::PushL(dHPublic);
TInt modulusLength = iDHKeys->ModulusLength();
HBufC8* kePayloadData = HBufC8::NewLC(modulusLength);
TPtr8 kePayloadDataPtr(kePayloadData->Des());
__ASSERT_DEBUG(modulusLength == dHPublic->Length(), User::Invariant());
kePayloadDataPtr.Append(*dHPublic);
kePayloadDataPtr.SetLength(modulusLength); //adds zero padding, if needed
aIkeMsg.AppendKePayloadL(aDHGroup, *kePayloadData);
CleanupStack::PopAndDestroy(kePayloadData);
CleanupStack::PopAndDestroy(dHPublic);
}
TBool CIkev2Negotiation::CheckPayloadsOrder(CIkev2Payloads* aIkeMsg, TUint8 aExchange, TBool aResponse)
{
switch ( aExchange )
{
case IKE_SA_INIT:
if(!aIkeMsg->iSa || !aIkeMsg->iKe || !aIkeMsg->iNonce) return EFalse;
if(aIkeMsg->iSa->GetNextPayload() != IKEV2_PAYLOAD_KE) return EFalse;
if(aIkeMsg->iKe->GetNextPayload() != IKEV2_PAYLOAD_NONCE) return EFalse;
break;
case IKE_AUTH:
if(!iEapPlugin)
{
if(!aIkeMsg->iEncr || !aIkeMsg->iAuth || !aIkeMsg->iSa || !aIkeMsg->iTsI || !aIkeMsg->iTsR)
{
DEBUG_LOG(_L("1"));
return EFalse;
}
if(aIkeMsg->iSa->GetNextPayload() != IKEV2_PAYLOAD_TS_I)
{
DEBUG_LOG(_L("2"));
return EFalse;
}
if(aIkeMsg->iTsI->GetNextPayload() != IKEV2_PAYLOAD_TS_R)
{
DEBUG_LOG(_L("3"));
return EFalse;
}
if(aResponse)
{
if(!aIkeMsg->iIdR)
{
DEBUG_LOG(_L("4"));
return EFalse;
}
if(!aIkeMsg->iCerts || aIkeMsg->iCerts->Count() == 0)
{
if(aIkeMsg->iIdR->GetNextPayload() != IKEV2_PAYLOAD_AUTH)
{
DEBUG_LOG(_L("5"));
return EFalse;
}
}
else
{
if(aIkeMsg->iIdR->GetNextPayload() != IKEV2_PAYLOAD_CERT)
{
DEBUG_LOG(_L("6"));
return EFalse;
}
TInt c = aIkeMsg->iCerts->Count();
if(aIkeMsg->iCerts->At(c-1)->GetNextPayload() != IKEV2_PAYLOAD_AUTH)
{
DEBUG_LOG(_L("7"));
return EFalse;
}
}
}
else
{
if(!aIkeMsg->iIdI)
{
DEBUG_LOG(_L("8"));
return EFalse;
}
if(aIkeMsg->iCerts && aIkeMsg->iCerts->Count() != 0)
{
if(aIkeMsg->iIdI->GetNextPayload() != IKEV2_PAYLOAD_CERT)
{
DEBUG_LOG(_L("9"));
return EFalse;
}
}
if(aIkeMsg->iCertReqs && aIkeMsg->iCertReqs->Count() != 0)
{
TInt c = aIkeMsg->iCertReqs->Count();
if(aIkeMsg->iIdR && aIkeMsg->iCertReqs->At(c-1)->GetNextPayload() != IKEV2_PAYLOAD_ID_R)
{
DEBUG_LOG(_L("10"));
return EFalse;
}
if(!aIkeMsg->iIdR && aIkeMsg->iCertReqs->At(c-1)->GetNextPayload() != IKEV2_PAYLOAD_AUTH)
{
DEBUG_LOG(_L("11"));
return EFalse;
}
}
if(aIkeMsg->iIdR && aIkeMsg->iIdR->GetNextPayload() != IKEV2_PAYLOAD_AUTH)
{
DEBUG_LOG(_L("12"));
return EFalse;
}
}
}
break;
case CREATE_CHILD_SA:
if(!aIkeMsg->iEncr || !aIkeMsg->iSa || !aIkeMsg->iNonce) return EFalse;
if(aIkeMsg->iSa->GetNextPayload() != IKEV2_PAYLOAD_NONCE) return EFalse;
if(aIkeMsg->iKe && aIkeMsg->iNonce->GetNextPayload() != IKEV2_PAYLOAD_KE) return EFalse;
if(aIkeMsg->iTsI)
{
if(aIkeMsg->iKe && aIkeMsg->iKe->GetNextPayload() != IKEV2_PAYLOAD_TS_I) return EFalse;
if(!aIkeMsg->iKe && aIkeMsg->iNonce->GetNextPayload() != IKEV2_PAYLOAD_TS_I) return EFalse;
if(aIkeMsg->iTsI->GetNextPayload() != IKEV2_PAYLOAD_TS_R) return EFalse;
}
break;
default:
break;
}
DEBUG_LOG(_L("13"));
return ETrue;
}
TBool CIkev2Negotiation::Stopped()
{
return iStopped;
}
TBool CIkev2Negotiation::ImplicitChildSa()
{
return (iState < KStateIkeSaCompleted);
}
HBufC8* CIkev2Negotiation::PeekProposedSa()
{
return iProposedSA;
}
HBufC8* CIkev2Negotiation::GetProposedSa()
{
HBufC8* Sa = iProposedSA;
iProposedSA = NULL;
return Sa;
}
void CIkev2Negotiation::SetProposedSa(HBufC8* aSaPl)
{
delete iProposedSA;
iProposedSA = aSaPl;
}
CIkev2Acquire** CIkev2Negotiation::GetAcquireQue()
{
return &iAcquireFirst;
}
CIkev2Expire** CIkev2Negotiation::GetExpireQue()
{
return &iExpireFirst;
}
TBool CIkev2Negotiation::RequestsPending()
{
return (iAcquireFirst || iExpireFirst);
}
void CIkev2Negotiation::SetNotifyCode(TInt aMsgType)
{
if (iNotifyCode == 0)
iNotifyCode = aMsgType;
}
TInt CIkev2Negotiation::GetNotifyCode()
{
return iNotifyCode;
}
void CIkev2Negotiation::StoreNotifyData32(TUint32 aData)
{
PUT32(iNotifyData, aData);
iNotifyDataLth = 4;
}
void CIkev2Negotiation::StoreNotifyData16(TUint16 aData)
{
PUT16(iNotifyData, aData);
iNotifyDataLth = 2;
}
TUint8* CIkev2Negotiation::NotifyData(TInt& aDataLth)
{
aDataLth = iNotifyDataLth;
if ( iNotifyDataLth )
return iNotifyData;
else return NULL;
}
TInetAddr CIkev2Negotiation::GetLocalAddr() const
{
if ( iHdr.iVirtualAddr.IsUnspecified() )
{
return iHdr.iLocalAddr;
}
else
{
return iHdr.iVirtualAddr;
}
}