1 /* 2 * IKEv2 responder (RFC 4306) for EAP-IKEV2 3 * Copyright (c) 2007, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "dh_groups.h" 19 #include "ikev2.h" 20 21 22 void ikev2_responder_deinit(struct ikev2_responder_data *data) 23 { 24 ikev2_free_keys(&data->keys); 25 wpabuf_free(data->i_dh_public); 26 wpabuf_free(data->r_dh_private); 27 os_free(data->IDi); 28 os_free(data->IDr); 29 os_free(data->shared_secret); 30 wpabuf_free(data->i_sign_msg); 31 wpabuf_free(data->r_sign_msg); 32 os_free(data->key_pad); 33 } 34 35 36 static int ikev2_derive_keys(struct ikev2_responder_data *data) 37 { 38 u8 *buf, *pos, *pad, skeyseed[IKEV2_MAX_HASH_LEN]; 39 size_t buf_len, pad_len; 40 struct wpabuf *shared; 41 const struct ikev2_integ_alg *integ; 42 const struct ikev2_prf_alg *prf; 43 const struct ikev2_encr_alg *encr; 44 int ret; 45 const u8 *addr[2]; 46 size_t len[2]; 47 48 /* RFC 4306, Sect. 2.14 */ 49 50 integ = ikev2_get_integ(data->proposal.integ); 51 prf = ikev2_get_prf(data->proposal.prf); 52 encr = ikev2_get_encr(data->proposal.encr); 53 if (integ == NULL || prf == NULL || encr == NULL) { 54 wpa_printf(MSG_INFO, "IKEV2: Unsupported proposal"); 55 return -1; 56 } 57 58 shared = dh_derive_shared(data->i_dh_public, data->r_dh_private, 59 data->dh); 60 if (shared == NULL) 61 return -1; 62 63 /* Construct Ni | Nr | SPIi | SPIr */ 64 65 buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN; 66 buf = os_malloc(buf_len); 67 if (buf == NULL) { 68 wpabuf_free(shared); 69 return -1; 70 } 71 72 pos = buf; 73 os_memcpy(pos, data->i_nonce, data->i_nonce_len); 74 pos += data->i_nonce_len; 75 os_memcpy(pos, data->r_nonce, data->r_nonce_len); 76 pos += data->r_nonce_len; 77 os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN); 78 pos += IKEV2_SPI_LEN; 79 os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN); 80 #ifdef CCNS_PL 81 #if __BYTE_ORDER == __LITTLE_ENDIAN 82 { 83 int i; 84 u8 *tmp = pos - IKEV2_SPI_LEN; 85 /* Incorrect byte re-ordering on little endian hosts.. */ 86 for (i = 0; i < IKEV2_SPI_LEN; i++) 87 *tmp++ = data->i_spi[IKEV2_SPI_LEN - 1 - i]; 88 for (i = 0; i < IKEV2_SPI_LEN; i++) 89 *tmp++ = data->r_spi[IKEV2_SPI_LEN - 1 - i]; 90 } 91 #endif 92 #endif /* CCNS_PL */ 93 94 /* SKEYSEED = prf(Ni | Nr, g^ir) */ 95 /* Use zero-padding per RFC 4306, Sect. 2.14 */ 96 pad_len = data->dh->prime_len - wpabuf_len(shared); 97 #ifdef CCNS_PL 98 /* Shared secret is not zero-padded correctly */ 99 pad_len = 0; 100 #endif /* CCNS_PL */ 101 pad = os_zalloc(pad_len ? pad_len : 1); 102 if (pad == NULL) { 103 wpabuf_free(shared); 104 os_free(buf); 105 return -1; 106 } 107 108 addr[0] = pad; 109 len[0] = pad_len; 110 addr[1] = wpabuf_head(shared); 111 len[1] = wpabuf_len(shared); 112 if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len, 113 2, addr, len, skeyseed) < 0) { 114 wpabuf_free(shared); 115 os_free(buf); 116 os_free(pad); 117 return -1; 118 } 119 os_free(pad); 120 wpabuf_free(shared); 121 122 /* DH parameters are not needed anymore, so free them */ 123 wpabuf_free(data->i_dh_public); 124 data->i_dh_public = NULL; 125 wpabuf_free(data->r_dh_private); 126 data->r_dh_private = NULL; 127 128 wpa_hexdump_key(MSG_DEBUG, "IKEV2: SKEYSEED", 129 skeyseed, prf->hash_len); 130 131 ret = ikev2_derive_sk_keys(prf, integ, encr, skeyseed, buf, buf_len, 132 &data->keys); 133 os_free(buf); 134 return ret; 135 } 136 137 138 static int ikev2_parse_transform(struct ikev2_proposal_data *prop, 139 const u8 *pos, const u8 *end) 140 { 141 int transform_len; 142 const struct ikev2_transform *t; 143 u16 transform_id; 144 const u8 *tend; 145 146 if (end - pos < (int) sizeof(*t)) { 147 wpa_printf(MSG_INFO, "IKEV2: Too short transform"); 148 return -1; 149 } 150 151 t = (const struct ikev2_transform *) pos; 152 transform_len = WPA_GET_BE16(t->transform_length); 153 if (transform_len < (int) sizeof(*t) || pos + transform_len > end) { 154 wpa_printf(MSG_INFO, "IKEV2: Invalid transform length %d", 155 transform_len); 156 return -1; 157 } 158 tend = pos + transform_len; 159 160 transform_id = WPA_GET_BE16(t->transform_id); 161 162 wpa_printf(MSG_DEBUG, "IKEV2: Transform:"); 163 wpa_printf(MSG_DEBUG, "IKEV2: Type: %d Transform Length: %d " 164 "Transform Type: %d Transform ID: %d", 165 t->type, transform_len, t->transform_type, transform_id); 166 167 if (t->type != 0 && t->type != 3) { 168 wpa_printf(MSG_INFO, "IKEV2: Unexpected Transform type"); 169 return -1; 170 } 171 172 pos = (const u8 *) (t + 1); 173 if (pos < tend) { 174 wpa_hexdump(MSG_DEBUG, "IKEV2: Transform Attributes", 175 pos, tend - pos); 176 } 177 178 switch (t->transform_type) { 179 case IKEV2_TRANSFORM_ENCR: 180 if (ikev2_get_encr(transform_id)) { 181 if (transform_id == ENCR_AES_CBC) { 182 if (tend - pos != 4) { 183 wpa_printf(MSG_DEBUG, "IKEV2: No " 184 "Transform Attr for AES"); 185 break; 186 } 187 #ifdef CCNS_PL 188 if (WPA_GET_BE16(pos) != 0x001d /* ?? */) { 189 wpa_printf(MSG_DEBUG, "IKEV2: Not a " 190 "Key Size attribute for " 191 "AES"); 192 break; 193 } 194 #else /* CCNS_PL */ 195 if (WPA_GET_BE16(pos) != 0x800e) { 196 wpa_printf(MSG_DEBUG, "IKEV2: Not a " 197 "Key Size attribute for " 198 "AES"); 199 break; 200 } 201 #endif /* CCNS_PL */ 202 if (WPA_GET_BE16(pos + 2) != 128) { 203 wpa_printf(MSG_DEBUG, "IKEV2: " 204 "Unsupported AES key size " 205 "%d bits", 206 WPA_GET_BE16(pos + 2)); 207 break; 208 } 209 } 210 prop->encr = transform_id; 211 } 212 break; 213 case IKEV2_TRANSFORM_PRF: 214 if (ikev2_get_prf(transform_id)) 215 prop->prf = transform_id; 216 break; 217 case IKEV2_TRANSFORM_INTEG: 218 if (ikev2_get_integ(transform_id)) 219 prop->integ = transform_id; 220 break; 221 case IKEV2_TRANSFORM_DH: 222 if (dh_groups_get(transform_id)) 223 prop->dh = transform_id; 224 break; 225 } 226 227 return transform_len; 228 } 229 230 231 static int ikev2_parse_proposal(struct ikev2_proposal_data *prop, 232 const u8 *pos, const u8 *end) 233 { 234 const u8 *pend, *ppos; 235 int proposal_len, i; 236 const struct ikev2_proposal *p; 237 238 if (end - pos < (int) sizeof(*p)) { 239 wpa_printf(MSG_INFO, "IKEV2: Too short proposal"); 240 return -1; 241 } 242 243 /* FIX: AND processing if multiple proposals use the same # */ 244 245 p = (const struct ikev2_proposal *) pos; 246 proposal_len = WPA_GET_BE16(p->proposal_length); 247 if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) { 248 wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d", 249 proposal_len); 250 return -1; 251 } 252 wpa_printf(MSG_DEBUG, "IKEV2: SAi1 Proposal # %d", 253 p->proposal_num); 254 wpa_printf(MSG_DEBUG, "IKEV2: Type: %d Proposal Length: %d " 255 " Protocol ID: %d", 256 p->type, proposal_len, p->protocol_id); 257 wpa_printf(MSG_DEBUG, "IKEV2: SPI Size: %d Transforms: %d", 258 p->spi_size, p->num_transforms); 259 260 if (p->type != 0 && p->type != 2) { 261 wpa_printf(MSG_INFO, "IKEV2: Unexpected Proposal type"); 262 return -1; 263 } 264 265 if (p->protocol_id != IKEV2_PROTOCOL_IKE) { 266 wpa_printf(MSG_DEBUG, "IKEV2: Unexpected Protocol ID " 267 "(only IKE allowed for EAP-IKEv2)"); 268 return -1; 269 } 270 271 if (p->proposal_num != prop->proposal_num) { 272 if (p->proposal_num == prop->proposal_num + 1) 273 prop->proposal_num = p->proposal_num; 274 else { 275 wpa_printf(MSG_INFO, "IKEV2: Unexpected Proposal #"); 276 return -1; 277 } 278 } 279 280 ppos = (const u8 *) (p + 1); 281 pend = pos + proposal_len; 282 if (ppos + p->spi_size > pend) { 283 wpa_printf(MSG_INFO, "IKEV2: Not enough room for SPI " 284 "in proposal"); 285 return -1; 286 } 287 if (p->spi_size) { 288 wpa_hexdump(MSG_DEBUG, "IKEV2: SPI", 289 ppos, p->spi_size); 290 ppos += p->spi_size; 291 } 292 293 /* 294 * For initial IKE_SA negotiation, SPI Size MUST be zero; for 295 * subsequent negotiations, it must be 8 for IKE. We only support 296 * initial case for now. 297 */ 298 if (p->spi_size != 0) { 299 wpa_printf(MSG_INFO, "IKEV2: Unexpected SPI Size"); 300 return -1; 301 } 302 303 if (p->num_transforms == 0) { 304 wpa_printf(MSG_INFO, "IKEV2: At least one transform required"); 305 return -1; 306 } 307 308 for (i = 0; i < (int) p->num_transforms; i++) { 309 int tlen = ikev2_parse_transform(prop, ppos, pend); 310 if (tlen < 0) 311 return -1; 312 ppos += tlen; 313 } 314 315 if (ppos != pend) { 316 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after " 317 "transforms"); 318 return -1; 319 } 320 321 return proposal_len; 322 } 323 324 325 static int ikev2_process_sai1(struct ikev2_responder_data *data, 326 const u8 *sai1, size_t sai1_len) 327 { 328 struct ikev2_proposal_data prop; 329 const u8 *pos, *end; 330 int found = 0; 331 332 /* Security Association Payloads: <Proposals> */ 333 334 if (sai1 == NULL) { 335 wpa_printf(MSG_INFO, "IKEV2: SAi1 not received"); 336 return -1; 337 } 338 339 os_memset(&prop, 0, sizeof(prop)); 340 prop.proposal_num = 1; 341 342 pos = sai1; 343 end = sai1 + sai1_len; 344 345 while (pos < end) { 346 int plen; 347 348 prop.integ = -1; 349 prop.prf = -1; 350 prop.encr = -1; 351 prop.dh = -1; 352 plen = ikev2_parse_proposal(&prop, pos, end); 353 if (plen < 0) 354 return -1; 355 356 if (!found && prop.integ != -1 && prop.prf != -1 && 357 prop.encr != -1 && prop.dh != -1) { 358 os_memcpy(&data->proposal, &prop, sizeof(prop)); 359 data->dh = dh_groups_get(prop.dh); 360 found = 1; 361 } 362 363 pos += plen; 364 } 365 366 if (pos != end) { 367 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after proposals"); 368 return -1; 369 } 370 371 if (!found) { 372 wpa_printf(MSG_INFO, "IKEV2: No acceptable proposal found"); 373 return -1; 374 } 375 376 wpa_printf(MSG_DEBUG, "IKEV2: Accepted proposal #%d: ENCR:%d PRF:%d " 377 "INTEG:%d D-H:%d", data->proposal.proposal_num, 378 data->proposal.encr, data->proposal.prf, 379 data->proposal.integ, data->proposal.dh); 380 381 return 0; 382 } 383 384 385 static int ikev2_process_kei(struct ikev2_responder_data *data, 386 const u8 *kei, size_t kei_len) 387 { 388 u16 group; 389 390 /* 391 * Key Exchange Payload: 392 * DH Group # (16 bits) 393 * RESERVED (16 bits) 394 * Key Exchange Data (Diffie-Hellman public value) 395 */ 396 397 if (kei == NULL) { 398 wpa_printf(MSG_INFO, "IKEV2: KEi not received"); 399 return -1; 400 } 401 402 if (kei_len < 4 + 96) { 403 wpa_printf(MSG_INFO, "IKEV2: Too show Key Exchange Payload"); 404 return -1; 405 } 406 407 group = WPA_GET_BE16(kei); 408 wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u", group); 409 410 if (group != data->proposal.dh) { 411 wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u does not match " 412 "with the selected proposal (%u)", 413 group, data->proposal.dh); 414 /* Reject message with Notify payload of type 415 * INVALID_KE_PAYLOAD (RFC 4306, Sect. 3.4) */ 416 data->error_type = INVALID_KE_PAYLOAD; 417 data->state = NOTIFY; 418 return -1; 419 } 420 421 if (data->dh == NULL) { 422 wpa_printf(MSG_INFO, "IKEV2: Unsupported DH group"); 423 return -1; 424 } 425 426 /* RFC 4306, Section 3.4: 427 * The length of DH public value MUST be equal to the lenght of the 428 * prime modulus. 429 */ 430 if (kei_len - 4 != data->dh->prime_len) { 431 wpa_printf(MSG_INFO, "IKEV2: Invalid DH public value length " 432 "%ld (expected %ld)", 433 (long) (kei_len - 4), (long) data->dh->prime_len); 434 return -1; 435 } 436 437 wpabuf_free(data->i_dh_public); 438 data->i_dh_public = wpabuf_alloc(kei_len - 4); 439 if (data->i_dh_public == NULL) 440 return -1; 441 wpabuf_put_data(data->i_dh_public, kei + 4, kei_len - 4); 442 443 wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value", 444 data->i_dh_public); 445 446 return 0; 447 } 448 449 450 static int ikev2_process_ni(struct ikev2_responder_data *data, 451 const u8 *ni, size_t ni_len) 452 { 453 if (ni == NULL) { 454 wpa_printf(MSG_INFO, "IKEV2: Ni not received"); 455 return -1; 456 } 457 458 if (ni_len < IKEV2_NONCE_MIN_LEN || ni_len > IKEV2_NONCE_MAX_LEN) { 459 wpa_printf(MSG_INFO, "IKEV2: Invalid Ni length %ld", 460 (long) ni_len); 461 return -1; 462 } 463 464 #ifdef CCNS_PL 465 /* Zeros are removed incorrectly from the beginning of the nonces */ 466 while (ni_len > 1 && *ni == 0) { 467 ni_len--; 468 ni++; 469 } 470 #endif /* CCNS_PL */ 471 472 data->i_nonce_len = ni_len; 473 os_memcpy(data->i_nonce, ni, ni_len); 474 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Ni", 475 data->i_nonce, data->i_nonce_len); 476 477 return 0; 478 } 479 480 481 static int ikev2_process_sa_init(struct ikev2_responder_data *data, 482 const struct ikev2_hdr *hdr, 483 struct ikev2_payloads *pl) 484 { 485 if (ikev2_process_sai1(data, pl->sa, pl->sa_len) < 0 || 486 ikev2_process_kei(data, pl->ke, pl->ke_len) < 0 || 487 ikev2_process_ni(data, pl->nonce, pl->nonce_len) < 0) 488 return -1; 489 490 os_memcpy(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN); 491 492 return 0; 493 } 494 495 496 static int ikev2_process_idi(struct ikev2_responder_data *data, 497 const u8 *idi, size_t idi_len) 498 { 499 u8 id_type; 500 501 if (idi == NULL) { 502 wpa_printf(MSG_INFO, "IKEV2: No IDi received"); 503 return -1; 504 } 505 506 if (idi_len < 4) { 507 wpa_printf(MSG_INFO, "IKEV2: Too short IDi payload"); 508 return -1; 509 } 510 511 id_type = idi[0]; 512 idi += 4; 513 idi_len -= 4; 514 515 wpa_printf(MSG_DEBUG, "IKEV2: IDi ID Type %d", id_type); 516 wpa_hexdump_ascii(MSG_DEBUG, "IKEV2: IDi", idi, idi_len); 517 os_free(data->IDi); 518 data->IDi = os_malloc(idi_len); 519 if (data->IDi == NULL) 520 return -1; 521 os_memcpy(data->IDi, idi, idi_len); 522 data->IDi_len = idi_len; 523 data->IDi_type = id_type; 524 525 return 0; 526 } 527 528 529 static int ikev2_process_cert(struct ikev2_responder_data *data, 530 const u8 *cert, size_t cert_len) 531 { 532 u8 cert_encoding; 533 534 if (cert == NULL) { 535 if (data->peer_auth == PEER_AUTH_CERT) { 536 wpa_printf(MSG_INFO, "IKEV2: No Certificate received"); 537 return -1; 538 } 539 return 0; 540 } 541 542 if (cert_len < 1) { 543 wpa_printf(MSG_INFO, "IKEV2: No Cert Encoding field"); 544 return -1; 545 } 546 547 cert_encoding = cert[0]; 548 cert++; 549 cert_len--; 550 551 wpa_printf(MSG_DEBUG, "IKEV2: Cert Encoding %d", cert_encoding); 552 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Certificate Data", cert, cert_len); 553 554 /* TODO: validate certificate */ 555 556 return 0; 557 } 558 559 560 static int ikev2_process_auth_cert(struct ikev2_responder_data *data, 561 u8 method, const u8 *auth, size_t auth_len) 562 { 563 if (method != AUTH_RSA_SIGN) { 564 wpa_printf(MSG_INFO, "IKEV2: Unsupported authentication " 565 "method %d", method); 566 return -1; 567 } 568 569 /* TODO: validate AUTH */ 570 return 0; 571 } 572 573 574 static int ikev2_process_auth_secret(struct ikev2_responder_data *data, 575 u8 method, const u8 *auth, 576 size_t auth_len) 577 { 578 u8 auth_data[IKEV2_MAX_HASH_LEN]; 579 const struct ikev2_prf_alg *prf; 580 581 if (method != AUTH_SHARED_KEY_MIC) { 582 wpa_printf(MSG_INFO, "IKEV2: Unsupported authentication " 583 "method %d", method); 584 return -1; 585 } 586 587 /* msg | Nr | prf(SK_pi,IDi') */ 588 if (ikev2_derive_auth_data(data->proposal.prf, data->i_sign_msg, 589 data->IDi, data->IDi_len, data->IDi_type, 590 &data->keys, 1, data->shared_secret, 591 data->shared_secret_len, 592 data->r_nonce, data->r_nonce_len, 593 data->key_pad, data->key_pad_len, 594 auth_data) < 0) { 595 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data"); 596 return -1; 597 } 598 599 wpabuf_free(data->i_sign_msg); 600 data->i_sign_msg = NULL; 601 602 prf = ikev2_get_prf(data->proposal.prf); 603 if (prf == NULL) 604 return -1; 605 606 if (auth_len != prf->hash_len || 607 os_memcmp(auth, auth_data, auth_len) != 0) { 608 wpa_printf(MSG_INFO, "IKEV2: Invalid Authentication Data"); 609 wpa_hexdump(MSG_DEBUG, "IKEV2: Received Authentication Data", 610 auth, auth_len); 611 wpa_hexdump(MSG_DEBUG, "IKEV2: Expected Authentication Data", 612 auth_data, prf->hash_len); 613 data->error_type = AUTHENTICATION_FAILED; 614 data->state = NOTIFY; 615 return -1; 616 } 617 618 wpa_printf(MSG_DEBUG, "IKEV2: Server authenticated successfully " 619 "using shared keys"); 620 621 return 0; 622 } 623 624 625 static int ikev2_process_auth(struct ikev2_responder_data *data, 626 const u8 *auth, size_t auth_len) 627 { 628 u8 auth_method; 629 630 if (auth == NULL) { 631 wpa_printf(MSG_INFO, "IKEV2: No Authentication Payload"); 632 return -1; 633 } 634 635 if (auth_len < 4) { 636 wpa_printf(MSG_INFO, "IKEV2: Too short Authentication " 637 "Payload"); 638 return -1; 639 } 640 641 auth_method = auth[0]; 642 auth += 4; 643 auth_len -= 4; 644 645 wpa_printf(MSG_DEBUG, "IKEV2: Auth Method %d", auth_method); 646 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Authentication Data", auth, auth_len); 647 648 switch (data->peer_auth) { 649 case PEER_AUTH_CERT: 650 return ikev2_process_auth_cert(data, auth_method, auth, 651 auth_len); 652 case PEER_AUTH_SECRET: 653 return ikev2_process_auth_secret(data, auth_method, auth, 654 auth_len); 655 } 656 657 return -1; 658 } 659 660 661 static int ikev2_process_sa_auth_decrypted(struct ikev2_responder_data *data, 662 u8 next_payload, 663 u8 *payload, size_t payload_len) 664 { 665 struct ikev2_payloads pl; 666 667 wpa_printf(MSG_DEBUG, "IKEV2: Processing decrypted payloads"); 668 669 if (ikev2_parse_payloads(&pl, next_payload, payload, payload + 670 payload_len) < 0) { 671 wpa_printf(MSG_INFO, "IKEV2: Failed to parse decrypted " 672 "payloads"); 673 return -1; 674 } 675 676 if (ikev2_process_idi(data, pl.idi, pl.idi_len) < 0 || 677 ikev2_process_cert(data, pl.cert, pl.cert_len) < 0 || 678 ikev2_process_auth(data, pl.auth, pl.auth_len) < 0) 679 return -1; 680 681 return 0; 682 } 683 684 685 static int ikev2_process_sa_auth(struct ikev2_responder_data *data, 686 const struct ikev2_hdr *hdr, 687 struct ikev2_payloads *pl) 688 { 689 u8 *decrypted; 690 size_t decrypted_len; 691 int ret; 692 693 decrypted = ikev2_decrypt_payload(data->proposal.encr, 694 data->proposal.integ, 695 &data->keys, 1, hdr, pl->encrypted, 696 pl->encrypted_len, &decrypted_len); 697 if (decrypted == NULL) 698 return -1; 699 700 ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload, 701 decrypted, decrypted_len); 702 os_free(decrypted); 703 704 return ret; 705 } 706 707 708 static int ikev2_validate_rx_state(struct ikev2_responder_data *data, 709 u8 exchange_type, u32 message_id) 710 { 711 switch (data->state) { 712 case SA_INIT: 713 /* Expect to receive IKE_SA_INIT: HDR, SAi1, KEi, Ni */ 714 if (exchange_type != IKE_SA_INIT) { 715 wpa_printf(MSG_INFO, "IKEV2: Unexpected Exchange Type " 716 "%u in SA_INIT state", exchange_type); 717 return -1; 718 } 719 if (message_id != 0) { 720 wpa_printf(MSG_INFO, "IKEV2: Unexpected Message ID %u " 721 "in SA_INIT state", message_id); 722 return -1; 723 } 724 break; 725 case SA_AUTH: 726 /* Expect to receive IKE_SA_AUTH: 727 * HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] 728 * AUTH, SAi2, TSi, TSr} 729 */ 730 if (exchange_type != IKE_SA_AUTH) { 731 wpa_printf(MSG_INFO, "IKEV2: Unexpected Exchange Type " 732 "%u in SA_AUTH state", exchange_type); 733 return -1; 734 } 735 if (message_id != 1) { 736 wpa_printf(MSG_INFO, "IKEV2: Unexpected Message ID %u " 737 "in SA_AUTH state", message_id); 738 return -1; 739 } 740 break; 741 case CHILD_SA: 742 if (exchange_type != CREATE_CHILD_SA) { 743 wpa_printf(MSG_INFO, "IKEV2: Unexpected Exchange Type " 744 "%u in CHILD_SA state", exchange_type); 745 return -1; 746 } 747 if (message_id != 2) { 748 wpa_printf(MSG_INFO, "IKEV2: Unexpected Message ID %u " 749 "in CHILD_SA state", message_id); 750 return -1; 751 } 752 break; 753 case NOTIFY: 754 case IKEV2_DONE: 755 case IKEV2_FAILED: 756 return -1; 757 } 758 759 return 0; 760 } 761 762 763 int ikev2_responder_process(struct ikev2_responder_data *data, 764 const struct wpabuf *buf) 765 { 766 const struct ikev2_hdr *hdr; 767 u32 length, message_id; 768 const u8 *pos, *end; 769 struct ikev2_payloads pl; 770 771 wpa_printf(MSG_MSGDUMP, "IKEV2: Received message (len %lu)", 772 (unsigned long) wpabuf_len(buf)); 773 774 if (wpabuf_len(buf) < sizeof(*hdr)) { 775 wpa_printf(MSG_INFO, "IKEV2: Too short frame to include HDR"); 776 return -1; 777 } 778 779 data->error_type = 0; 780 hdr = (const struct ikev2_hdr *) wpabuf_head(buf); 781 end = wpabuf_head_u8(buf) + wpabuf_len(buf); 782 message_id = WPA_GET_BE32(hdr->message_id); 783 length = WPA_GET_BE32(hdr->length); 784 785 wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Initiator's SPI", 786 hdr->i_spi, IKEV2_SPI_LEN); 787 wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Responder's SPI", 788 hdr->r_spi, IKEV2_SPI_LEN); 789 wpa_printf(MSG_DEBUG, "IKEV2: Next Payload: %u Version: 0x%x " 790 "Exchange Type: %u", 791 hdr->next_payload, hdr->version, hdr->exchange_type); 792 wpa_printf(MSG_DEBUG, "IKEV2: Message ID: %u Length: %u", 793 message_id, length); 794 795 if (hdr->version != IKEV2_VERSION) { 796 wpa_printf(MSG_INFO, "IKEV2: Unsupported HDR version 0x%x " 797 "(expected 0x%x)", hdr->version, IKEV2_VERSION); 798 return -1; 799 } 800 801 if (length != wpabuf_len(buf)) { 802 wpa_printf(MSG_INFO, "IKEV2: Invalid length (HDR: %lu != " 803 "RX: %lu)", (unsigned long) length, 804 (unsigned long) wpabuf_len(buf)); 805 return -1; 806 } 807 808 if (ikev2_validate_rx_state(data, hdr->exchange_type, message_id) < 0) 809 return -1; 810 811 if ((hdr->flags & (IKEV2_HDR_INITIATOR | IKEV2_HDR_RESPONSE)) != 812 IKEV2_HDR_INITIATOR) { 813 wpa_printf(MSG_INFO, "IKEV2: Unexpected Flags value 0x%x", 814 hdr->flags); 815 return -1; 816 } 817 818 if (data->state != SA_INIT) { 819 if (os_memcmp(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN) != 0) { 820 wpa_printf(MSG_INFO, "IKEV2: Unexpected IKE_SA " 821 "Initiator's SPI"); 822 return -1; 823 } 824 if (os_memcmp(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN) != 0) { 825 wpa_printf(MSG_INFO, "IKEV2: Unexpected IKE_SA " 826 "Responder's SPI"); 827 return -1; 828 } 829 } 830 831 pos = (const u8 *) (hdr + 1); 832 if (ikev2_parse_payloads(&pl, hdr->next_payload, pos, end) < 0) 833 return -1; 834 835 if (data->state == SA_INIT) { 836 data->last_msg = LAST_MSG_SA_INIT; 837 if (ikev2_process_sa_init(data, hdr, &pl) < 0) { 838 if (data->state == NOTIFY) 839 return 0; 840 return -1; 841 } 842 wpabuf_free(data->i_sign_msg); 843 data->i_sign_msg = wpabuf_dup(buf); 844 } 845 846 if (data->state == SA_AUTH) { 847 data->last_msg = LAST_MSG_SA_AUTH; 848 if (ikev2_process_sa_auth(data, hdr, &pl) < 0) { 849 if (data->state == NOTIFY) 850 return 0; 851 return -1; 852 } 853 } 854 855 return 0; 856 } 857 858 859 static void ikev2_build_hdr(struct ikev2_responder_data *data, 860 struct wpabuf *msg, u8 exchange_type, 861 u8 next_payload, u32 message_id) 862 { 863 struct ikev2_hdr *hdr; 864 865 wpa_printf(MSG_DEBUG, "IKEV2: Adding HDR"); 866 867 /* HDR - RFC 4306, Sect. 3.1 */ 868 hdr = wpabuf_put(msg, sizeof(*hdr)); 869 os_memcpy(hdr->i_spi, data->i_spi, IKEV2_SPI_LEN); 870 os_memcpy(hdr->r_spi, data->r_spi, IKEV2_SPI_LEN); 871 hdr->next_payload = next_payload; 872 hdr->version = IKEV2_VERSION; 873 hdr->exchange_type = exchange_type; 874 hdr->flags = IKEV2_HDR_RESPONSE; 875 WPA_PUT_BE32(hdr->message_id, message_id); 876 } 877 878 879 static int ikev2_build_sar1(struct ikev2_responder_data *data, 880 struct wpabuf *msg, u8 next_payload) 881 { 882 struct ikev2_payload_hdr *phdr; 883 size_t plen; 884 struct ikev2_proposal *p; 885 struct ikev2_transform *t; 886 887 wpa_printf(MSG_DEBUG, "IKEV2: Adding SAr1 payload"); 888 889 /* SAr1 - RFC 4306, Sect. 2.7 and 3.3 */ 890 phdr = wpabuf_put(msg, sizeof(*phdr)); 891 phdr->next_payload = next_payload; 892 phdr->flags = 0; 893 894 p = wpabuf_put(msg, sizeof(*p)); 895 #ifdef CCNS_PL 896 /* Seems to require that the Proposal # is 1 even though RFC 4306 897 * Sect 3.3.1 has following requirement "When a proposal is accepted, 898 * all of the proposal numbers in the SA payload MUST be the same and 899 * MUST match the number on the proposal sent that was accepted.". 900 */ 901 p->proposal_num = 1; 902 #else /* CCNS_PL */ 903 p->proposal_num = data->proposal.proposal_num; 904 #endif /* CCNS_PL */ 905 p->protocol_id = IKEV2_PROTOCOL_IKE; 906 p->num_transforms = 4; 907 908 t = wpabuf_put(msg, sizeof(*t)); 909 t->type = 3; 910 t->transform_type = IKEV2_TRANSFORM_ENCR; 911 WPA_PUT_BE16(t->transform_id, data->proposal.encr); 912 if (data->proposal.encr == ENCR_AES_CBC) { 913 /* Transform Attribute: Key Len = 128 bits */ 914 #ifdef CCNS_PL 915 wpabuf_put_be16(msg, 0x001d); /* ?? */ 916 #else /* CCNS_PL */ 917 wpabuf_put_be16(msg, 0x800e); /* AF=1, AttrType=14 */ 918 #endif /* CCNS_PL */ 919 wpabuf_put_be16(msg, 128); /* 128-bit key */ 920 } 921 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) t; 922 WPA_PUT_BE16(t->transform_length, plen); 923 924 t = wpabuf_put(msg, sizeof(*t)); 925 t->type = 3; 926 WPA_PUT_BE16(t->transform_length, sizeof(*t)); 927 t->transform_type = IKEV2_TRANSFORM_PRF; 928 WPA_PUT_BE16(t->transform_id, data->proposal.prf); 929 930 t = wpabuf_put(msg, sizeof(*t)); 931 t->type = 3; 932 WPA_PUT_BE16(t->transform_length, sizeof(*t)); 933 t->transform_type = IKEV2_TRANSFORM_INTEG; 934 WPA_PUT_BE16(t->transform_id, data->proposal.integ); 935 936 t = wpabuf_put(msg, sizeof(*t)); 937 WPA_PUT_BE16(t->transform_length, sizeof(*t)); 938 t->transform_type = IKEV2_TRANSFORM_DH; 939 WPA_PUT_BE16(t->transform_id, data->proposal.dh); 940 941 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) p; 942 WPA_PUT_BE16(p->proposal_length, plen); 943 944 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 945 WPA_PUT_BE16(phdr->payload_length, plen); 946 947 return 0; 948 } 949 950 951 static int ikev2_build_ker(struct ikev2_responder_data *data, 952 struct wpabuf *msg, u8 next_payload) 953 { 954 struct ikev2_payload_hdr *phdr; 955 size_t plen; 956 struct wpabuf *pv; 957 958 wpa_printf(MSG_DEBUG, "IKEV2: Adding KEr payload"); 959 960 pv = dh_init(data->dh, &data->r_dh_private); 961 if (pv == NULL) { 962 wpa_printf(MSG_DEBUG, "IKEV2: Failed to initialize DH"); 963 return -1; 964 } 965 966 /* KEr - RFC 4306, Sect. 3.4 */ 967 phdr = wpabuf_put(msg, sizeof(*phdr)); 968 phdr->next_payload = next_payload; 969 phdr->flags = 0; 970 971 wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */ 972 wpabuf_put(msg, 2); /* RESERVED */ 973 /* 974 * RFC 4306, Sect. 3.4: possible zero padding for public value to 975 * match the length of the prime. 976 */ 977 wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv)); 978 wpabuf_put_buf(msg, pv); 979 wpabuf_free(pv); 980 981 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 982 WPA_PUT_BE16(phdr->payload_length, plen); 983 return 0; 984 } 985 986 987 static int ikev2_build_nr(struct ikev2_responder_data *data, 988 struct wpabuf *msg, u8 next_payload) 989 { 990 struct ikev2_payload_hdr *phdr; 991 size_t plen; 992 993 wpa_printf(MSG_DEBUG, "IKEV2: Adding Nr payload"); 994 995 /* Nr - RFC 4306, Sect. 3.9 */ 996 phdr = wpabuf_put(msg, sizeof(*phdr)); 997 phdr->next_payload = next_payload; 998 phdr->flags = 0; 999 wpabuf_put_data(msg, data->r_nonce, data->r_nonce_len); 1000 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1001 WPA_PUT_BE16(phdr->payload_length, plen); 1002 return 0; 1003 } 1004 1005 1006 static int ikev2_build_idr(struct ikev2_responder_data *data, 1007 struct wpabuf *msg, u8 next_payload) 1008 { 1009 struct ikev2_payload_hdr *phdr; 1010 size_t plen; 1011 1012 wpa_printf(MSG_DEBUG, "IKEV2: Adding IDr payload"); 1013 1014 if (data->IDr == NULL) { 1015 wpa_printf(MSG_INFO, "IKEV2: No IDr available"); 1016 return -1; 1017 } 1018 1019 /* IDr - RFC 4306, Sect. 3.5 */ 1020 phdr = wpabuf_put(msg, sizeof(*phdr)); 1021 phdr->next_payload = next_payload; 1022 phdr->flags = 0; 1023 wpabuf_put_u8(msg, ID_KEY_ID); 1024 wpabuf_put(msg, 3); /* RESERVED */ 1025 wpabuf_put_data(msg, data->IDr, data->IDr_len); 1026 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1027 WPA_PUT_BE16(phdr->payload_length, plen); 1028 return 0; 1029 } 1030 1031 1032 static int ikev2_build_auth(struct ikev2_responder_data *data, 1033 struct wpabuf *msg, u8 next_payload) 1034 { 1035 struct ikev2_payload_hdr *phdr; 1036 size_t plen; 1037 const struct ikev2_prf_alg *prf; 1038 1039 wpa_printf(MSG_DEBUG, "IKEV2: Adding AUTH payload"); 1040 1041 prf = ikev2_get_prf(data->proposal.prf); 1042 if (prf == NULL) 1043 return -1; 1044 1045 /* Authentication - RFC 4306, Sect. 3.8 */ 1046 phdr = wpabuf_put(msg, sizeof(*phdr)); 1047 phdr->next_payload = next_payload; 1048 phdr->flags = 0; 1049 wpabuf_put_u8(msg, AUTH_SHARED_KEY_MIC); 1050 wpabuf_put(msg, 3); /* RESERVED */ 1051 1052 /* msg | Ni | prf(SK_pr,IDr') */ 1053 if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg, 1054 data->IDr, data->IDr_len, ID_KEY_ID, 1055 &data->keys, 0, data->shared_secret, 1056 data->shared_secret_len, 1057 data->i_nonce, data->i_nonce_len, 1058 data->key_pad, data->key_pad_len, 1059 wpabuf_put(msg, prf->hash_len)) < 0) { 1060 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data"); 1061 return -1; 1062 } 1063 wpabuf_free(data->r_sign_msg); 1064 data->r_sign_msg = NULL; 1065 1066 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1067 WPA_PUT_BE16(phdr->payload_length, plen); 1068 return 0; 1069 } 1070 1071 1072 static int ikev2_build_notification(struct ikev2_responder_data *data, 1073 struct wpabuf *msg, u8 next_payload) 1074 { 1075 struct ikev2_payload_hdr *phdr; 1076 size_t plen; 1077 1078 wpa_printf(MSG_DEBUG, "IKEV2: Adding Notification payload"); 1079 1080 if (data->error_type == 0) { 1081 wpa_printf(MSG_INFO, "IKEV2: No Notify Message Type " 1082 "available"); 1083 return -1; 1084 } 1085 1086 /* Notify - RFC 4306, Sect. 3.10 */ 1087 phdr = wpabuf_put(msg, sizeof(*phdr)); 1088 phdr->next_payload = next_payload; 1089 phdr->flags = 0; 1090 #ifdef CCNS_PL 1091 wpabuf_put_u8(msg, 1); /* Protocol ID: IKE_SA notification */ 1092 #else /* CCNS_PL */ 1093 wpabuf_put_u8(msg, 0); /* Protocol ID: no existing SA */ 1094 #endif /* CCNS_PL */ 1095 wpabuf_put_u8(msg, 0); /* SPI Size */ 1096 wpabuf_put_be16(msg, data->error_type); 1097 1098 switch (data->error_type) { 1099 case INVALID_KE_PAYLOAD: 1100 if (data->proposal.dh == -1) { 1101 wpa_printf(MSG_INFO, "IKEV2: No DH Group selected for " 1102 "INVALID_KE_PAYLOAD notifications"); 1103 return -1; 1104 } 1105 wpabuf_put_be16(msg, data->proposal.dh); 1106 wpa_printf(MSG_DEBUG, "IKEV2: INVALID_KE_PAYLOAD - request " 1107 "DH Group #%d", data->proposal.dh); 1108 break; 1109 case AUTHENTICATION_FAILED: 1110 /* no associated data */ 1111 break; 1112 default: 1113 wpa_printf(MSG_INFO, "IKEV2: Unsupported Notify Message Type " 1114 "%d", data->error_type); 1115 return -1; 1116 } 1117 1118 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1119 WPA_PUT_BE16(phdr->payload_length, plen); 1120 return 0; 1121 } 1122 1123 1124 static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data) 1125 { 1126 struct wpabuf *msg; 1127 1128 /* build IKE_SA_INIT: HDR, SAr1, KEr, Nr, [CERTREQ], [SK{IDr}] */ 1129 1130 if (os_get_random(data->r_spi, IKEV2_SPI_LEN)) 1131 return NULL; 1132 wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Responder's SPI", 1133 data->r_spi, IKEV2_SPI_LEN); 1134 1135 data->r_nonce_len = IKEV2_NONCE_MIN_LEN; 1136 if (os_get_random(data->r_nonce, data->r_nonce_len)) 1137 return NULL; 1138 #ifdef CCNS_PL 1139 /* Zeros are removed incorrectly from the beginning of the nonces in 1140 * key derivation; as a workaround, make sure Nr does not start with 1141 * zero.. */ 1142 if (data->r_nonce[0] == 0) 1143 data->r_nonce[0] = 1; 1144 #endif /* CCNS_PL */ 1145 wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len); 1146 1147 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500); 1148 if (msg == NULL) 1149 return NULL; 1150 1151 ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0); 1152 if (ikev2_build_sar1(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) || 1153 ikev2_build_ker(data, msg, IKEV2_PAYLOAD_NONCE) || 1154 ikev2_build_nr(data, msg, data->peer_auth == PEER_AUTH_SECRET ? 1155 IKEV2_PAYLOAD_ENCRYPTED : 1156 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) { 1157 wpabuf_free(msg); 1158 return NULL; 1159 } 1160 1161 if (ikev2_derive_keys(data)) { 1162 wpabuf_free(msg); 1163 return NULL; 1164 } 1165 1166 if (data->peer_auth == PEER_AUTH_CERT) { 1167 /* TODO: CERTREQ with SHA-1 hashes of Subject Public Key Info 1168 * for trust agents */ 1169 } 1170 1171 if (data->peer_auth == PEER_AUTH_SECRET) { 1172 struct wpabuf *plain = wpabuf_alloc(data->IDr_len + 1000); 1173 if (plain == NULL) { 1174 wpabuf_free(msg); 1175 return NULL; 1176 } 1177 if (ikev2_build_idr(data, plain, 1178 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || 1179 ikev2_build_encrypted(data->proposal.encr, 1180 data->proposal.integ, 1181 &data->keys, 0, msg, plain, 1182 IKEV2_PAYLOAD_IDr)) { 1183 wpabuf_free(plain); 1184 wpabuf_free(msg); 1185 return NULL; 1186 } 1187 wpabuf_free(plain); 1188 } 1189 1190 ikev2_update_hdr(msg); 1191 1192 wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_INIT)", msg); 1193 1194 data->state = SA_AUTH; 1195 1196 wpabuf_free(data->r_sign_msg); 1197 data->r_sign_msg = wpabuf_dup(msg); 1198 1199 return msg; 1200 } 1201 1202 1203 static struct wpabuf * ikev2_build_sa_auth(struct ikev2_responder_data *data) 1204 { 1205 struct wpabuf *msg, *plain; 1206 1207 /* build IKE_SA_AUTH: HDR, SK {IDr, [CERT,] AUTH} */ 1208 1209 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000); 1210 if (msg == NULL) 1211 return NULL; 1212 ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1); 1213 1214 plain = wpabuf_alloc(data->IDr_len + 1000); 1215 if (plain == NULL) { 1216 wpabuf_free(msg); 1217 return NULL; 1218 } 1219 1220 if (ikev2_build_idr(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) || 1221 ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || 1222 ikev2_build_encrypted(data->proposal.encr, data->proposal.integ, 1223 &data->keys, 0, msg, plain, 1224 IKEV2_PAYLOAD_IDr)) { 1225 wpabuf_free(plain); 1226 wpabuf_free(msg); 1227 return NULL; 1228 } 1229 wpabuf_free(plain); 1230 1231 wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_AUTH)", msg); 1232 1233 data->state = IKEV2_DONE; 1234 1235 return msg; 1236 } 1237 1238 1239 static struct wpabuf * ikev2_build_notify(struct ikev2_responder_data *data) 1240 { 1241 struct wpabuf *msg; 1242 1243 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + 1000); 1244 if (msg == NULL) 1245 return NULL; 1246 if (data->last_msg == LAST_MSG_SA_AUTH) { 1247 /* HDR, SK{N} */ 1248 struct wpabuf *plain = wpabuf_alloc(100); 1249 if (plain == NULL) { 1250 wpabuf_free(msg); 1251 return NULL; 1252 } 1253 ikev2_build_hdr(data, msg, IKE_SA_AUTH, 1254 IKEV2_PAYLOAD_ENCRYPTED, 1); 1255 if (ikev2_build_notification(data, plain, 1256 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || 1257 ikev2_build_encrypted(data->proposal.encr, 1258 data->proposal.integ, 1259 &data->keys, 0, msg, plain, 1260 IKEV2_PAYLOAD_NOTIFICATION)) { 1261 wpabuf_free(plain); 1262 wpabuf_free(msg); 1263 return NULL; 1264 } 1265 data->state = IKEV2_FAILED; 1266 } else { 1267 /* HDR, N */ 1268 ikev2_build_hdr(data, msg, IKE_SA_INIT, 1269 IKEV2_PAYLOAD_NOTIFICATION, 0); 1270 if (ikev2_build_notification(data, msg, 1271 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) { 1272 wpabuf_free(msg); 1273 return NULL; 1274 } 1275 data->state = SA_INIT; 1276 } 1277 1278 ikev2_update_hdr(msg); 1279 1280 wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (Notification)", 1281 msg); 1282 1283 return msg; 1284 } 1285 1286 1287 struct wpabuf * ikev2_responder_build(struct ikev2_responder_data *data) 1288 { 1289 switch (data->state) { 1290 case SA_INIT: 1291 return ikev2_build_sa_init(data); 1292 case SA_AUTH: 1293 return ikev2_build_sa_auth(data); 1294 case CHILD_SA: 1295 return NULL; 1296 case NOTIFY: 1297 return ikev2_build_notify(data); 1298 case IKEV2_DONE: 1299 case IKEV2_FAILED: 1300 return NULL; 1301 } 1302 return NULL; 1303 } 1304