1 /* 2 * IKEv2 responder (RFC 4306) for EAP-IKEV2 3 * Copyright (c) 2007, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/dh_groups.h" 13 #include "crypto/random.h" 14 #include "ikev2.h" 15 16 17 void ikev2_responder_deinit(struct ikev2_responder_data *data) 18 { 19 ikev2_free_keys(&data->keys); 20 wpabuf_free(data->i_dh_public); 21 wpabuf_free(data->r_dh_private); 22 os_free(data->IDi); 23 os_free(data->IDr); 24 os_free(data->shared_secret); 25 wpabuf_free(data->i_sign_msg); 26 wpabuf_free(data->r_sign_msg); 27 os_free(data->key_pad); 28 } 29 30 31 static int ikev2_derive_keys(struct ikev2_responder_data *data) 32 { 33 u8 *buf, *pos, *pad, skeyseed[IKEV2_MAX_HASH_LEN]; 34 size_t buf_len, pad_len; 35 struct wpabuf *shared; 36 const struct ikev2_integ_alg *integ; 37 const struct ikev2_prf_alg *prf; 38 const struct ikev2_encr_alg *encr; 39 int ret; 40 const u8 *addr[2]; 41 size_t len[2]; 42 43 /* RFC 4306, Sect. 2.14 */ 44 45 integ = ikev2_get_integ(data->proposal.integ); 46 prf = ikev2_get_prf(data->proposal.prf); 47 encr = ikev2_get_encr(data->proposal.encr); 48 if (integ == NULL || prf == NULL || encr == NULL) { 49 wpa_printf(MSG_INFO, "IKEV2: Unsupported proposal"); 50 return -1; 51 } 52 53 shared = dh_derive_shared(data->i_dh_public, data->r_dh_private, 54 data->dh); 55 if (shared == NULL) 56 return -1; 57 58 /* Construct Ni | Nr | SPIi | SPIr */ 59 60 buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN; 61 buf = os_malloc(buf_len); 62 if (buf == NULL) { 63 wpabuf_free(shared); 64 return -1; 65 } 66 67 pos = buf; 68 os_memcpy(pos, data->i_nonce, data->i_nonce_len); 69 pos += data->i_nonce_len; 70 os_memcpy(pos, data->r_nonce, data->r_nonce_len); 71 pos += data->r_nonce_len; 72 os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN); 73 pos += IKEV2_SPI_LEN; 74 os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN); 75 #ifdef CCNS_PL 76 #if __BYTE_ORDER == __LITTLE_ENDIAN 77 { 78 int i; 79 u8 *tmp = pos - IKEV2_SPI_LEN; 80 /* Incorrect byte re-ordering on little endian hosts.. */ 81 for (i = 0; i < IKEV2_SPI_LEN; i++) 82 *tmp++ = data->i_spi[IKEV2_SPI_LEN - 1 - i]; 83 for (i = 0; i < IKEV2_SPI_LEN; i++) 84 *tmp++ = data->r_spi[IKEV2_SPI_LEN - 1 - i]; 85 } 86 #endif 87 #endif /* CCNS_PL */ 88 89 /* SKEYSEED = prf(Ni | Nr, g^ir) */ 90 /* Use zero-padding per RFC 4306, Sect. 2.14 */ 91 pad_len = data->dh->prime_len - wpabuf_len(shared); 92 #ifdef CCNS_PL 93 /* Shared secret is not zero-padded correctly */ 94 pad_len = 0; 95 #endif /* CCNS_PL */ 96 pad = os_zalloc(pad_len ? pad_len : 1); 97 if (pad == NULL) { 98 wpabuf_free(shared); 99 os_free(buf); 100 return -1; 101 } 102 103 addr[0] = pad; 104 len[0] = pad_len; 105 addr[1] = wpabuf_head(shared); 106 len[1] = wpabuf_len(shared); 107 if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len, 108 2, addr, len, skeyseed) < 0) { 109 wpabuf_free(shared); 110 os_free(buf); 111 os_free(pad); 112 return -1; 113 } 114 os_free(pad); 115 wpabuf_free(shared); 116 117 /* DH parameters are not needed anymore, so free them */ 118 wpabuf_free(data->i_dh_public); 119 data->i_dh_public = NULL; 120 wpabuf_free(data->r_dh_private); 121 data->r_dh_private = NULL; 122 123 wpa_hexdump_key(MSG_DEBUG, "IKEV2: SKEYSEED", 124 skeyseed, prf->hash_len); 125 126 ret = ikev2_derive_sk_keys(prf, integ, encr, skeyseed, buf, buf_len, 127 &data->keys); 128 os_free(buf); 129 return ret; 130 } 131 132 133 static int ikev2_parse_transform(struct ikev2_proposal_data *prop, 134 const u8 *pos, const u8 *end) 135 { 136 int transform_len; 137 const struct ikev2_transform *t; 138 u16 transform_id; 139 const u8 *tend; 140 141 if (end - pos < (int) sizeof(*t)) { 142 wpa_printf(MSG_INFO, "IKEV2: Too short transform"); 143 return -1; 144 } 145 146 t = (const struct ikev2_transform *) pos; 147 transform_len = WPA_GET_BE16(t->transform_length); 148 if (transform_len < (int) sizeof(*t) || pos + transform_len > end) { 149 wpa_printf(MSG_INFO, "IKEV2: Invalid transform length %d", 150 transform_len); 151 return -1; 152 } 153 tend = pos + transform_len; 154 155 transform_id = WPA_GET_BE16(t->transform_id); 156 157 wpa_printf(MSG_DEBUG, "IKEV2: Transform:"); 158 wpa_printf(MSG_DEBUG, "IKEV2: Type: %d Transform Length: %d " 159 "Transform Type: %d Transform ID: %d", 160 t->type, transform_len, t->transform_type, transform_id); 161 162 if (t->type != 0 && t->type != 3) { 163 wpa_printf(MSG_INFO, "IKEV2: Unexpected Transform type"); 164 return -1; 165 } 166 167 pos = (const u8 *) (t + 1); 168 if (pos < tend) { 169 wpa_hexdump(MSG_DEBUG, "IKEV2: Transform Attributes", 170 pos, tend - pos); 171 } 172 173 switch (t->transform_type) { 174 case IKEV2_TRANSFORM_ENCR: 175 if (ikev2_get_encr(transform_id)) { 176 if (transform_id == ENCR_AES_CBC) { 177 if (tend - pos != 4) { 178 wpa_printf(MSG_DEBUG, "IKEV2: No " 179 "Transform Attr for AES"); 180 break; 181 } 182 #ifdef CCNS_PL 183 if (WPA_GET_BE16(pos) != 0x001d /* ?? */) { 184 wpa_printf(MSG_DEBUG, "IKEV2: Not a " 185 "Key Size attribute for " 186 "AES"); 187 break; 188 } 189 #else /* CCNS_PL */ 190 if (WPA_GET_BE16(pos) != 0x800e) { 191 wpa_printf(MSG_DEBUG, "IKEV2: Not a " 192 "Key Size attribute for " 193 "AES"); 194 break; 195 } 196 #endif /* CCNS_PL */ 197 if (WPA_GET_BE16(pos + 2) != 128) { 198 wpa_printf(MSG_DEBUG, "IKEV2: " 199 "Unsupported AES key size " 200 "%d bits", 201 WPA_GET_BE16(pos + 2)); 202 break; 203 } 204 } 205 prop->encr = transform_id; 206 } 207 break; 208 case IKEV2_TRANSFORM_PRF: 209 if (ikev2_get_prf(transform_id)) 210 prop->prf = transform_id; 211 break; 212 case IKEV2_TRANSFORM_INTEG: 213 if (ikev2_get_integ(transform_id)) 214 prop->integ = transform_id; 215 break; 216 case IKEV2_TRANSFORM_DH: 217 if (dh_groups_get(transform_id)) 218 prop->dh = transform_id; 219 break; 220 } 221 222 return transform_len; 223 } 224 225 226 static int ikev2_parse_proposal(struct ikev2_proposal_data *prop, 227 const u8 *pos, const u8 *end) 228 { 229 const u8 *pend, *ppos; 230 int proposal_len, i; 231 const struct ikev2_proposal *p; 232 233 if (end - pos < (int) sizeof(*p)) { 234 wpa_printf(MSG_INFO, "IKEV2: Too short proposal"); 235 return -1; 236 } 237 238 /* FIX: AND processing if multiple proposals use the same # */ 239 240 p = (const struct ikev2_proposal *) pos; 241 proposal_len = WPA_GET_BE16(p->proposal_length); 242 if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) { 243 wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d", 244 proposal_len); 245 return -1; 246 } 247 wpa_printf(MSG_DEBUG, "IKEV2: SAi1 Proposal # %d", 248 p->proposal_num); 249 wpa_printf(MSG_DEBUG, "IKEV2: Type: %d Proposal Length: %d " 250 " Protocol ID: %d", 251 p->type, proposal_len, p->protocol_id); 252 wpa_printf(MSG_DEBUG, "IKEV2: SPI Size: %d Transforms: %d", 253 p->spi_size, p->num_transforms); 254 255 if (p->type != 0 && p->type != 2) { 256 wpa_printf(MSG_INFO, "IKEV2: Unexpected Proposal type"); 257 return -1; 258 } 259 260 if (p->protocol_id != IKEV2_PROTOCOL_IKE) { 261 wpa_printf(MSG_DEBUG, "IKEV2: Unexpected Protocol ID " 262 "(only IKE allowed for EAP-IKEv2)"); 263 return -1; 264 } 265 266 if (p->proposal_num != prop->proposal_num) { 267 if (p->proposal_num == prop->proposal_num + 1) 268 prop->proposal_num = p->proposal_num; 269 else { 270 wpa_printf(MSG_INFO, "IKEV2: Unexpected Proposal #"); 271 return -1; 272 } 273 } 274 275 ppos = (const u8 *) (p + 1); 276 pend = pos + proposal_len; 277 if (ppos + p->spi_size > pend) { 278 wpa_printf(MSG_INFO, "IKEV2: Not enough room for SPI " 279 "in proposal"); 280 return -1; 281 } 282 if (p->spi_size) { 283 wpa_hexdump(MSG_DEBUG, "IKEV2: SPI", 284 ppos, p->spi_size); 285 ppos += p->spi_size; 286 } 287 288 /* 289 * For initial IKE_SA negotiation, SPI Size MUST be zero; for 290 * subsequent negotiations, it must be 8 for IKE. We only support 291 * initial case for now. 292 */ 293 if (p->spi_size != 0) { 294 wpa_printf(MSG_INFO, "IKEV2: Unexpected SPI Size"); 295 return -1; 296 } 297 298 if (p->num_transforms == 0) { 299 wpa_printf(MSG_INFO, "IKEV2: At least one transform required"); 300 return -1; 301 } 302 303 for (i = 0; i < (int) p->num_transforms; i++) { 304 int tlen = ikev2_parse_transform(prop, ppos, pend); 305 if (tlen < 0) 306 return -1; 307 ppos += tlen; 308 } 309 310 if (ppos != pend) { 311 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after " 312 "transforms"); 313 return -1; 314 } 315 316 return proposal_len; 317 } 318 319 320 static int ikev2_process_sai1(struct ikev2_responder_data *data, 321 const u8 *sai1, size_t sai1_len) 322 { 323 struct ikev2_proposal_data prop; 324 const u8 *pos, *end; 325 int found = 0; 326 327 /* Security Association Payloads: <Proposals> */ 328 329 if (sai1 == NULL) { 330 wpa_printf(MSG_INFO, "IKEV2: SAi1 not received"); 331 return -1; 332 } 333 334 os_memset(&prop, 0, sizeof(prop)); 335 prop.proposal_num = 1; 336 337 pos = sai1; 338 end = sai1 + sai1_len; 339 340 while (pos < end) { 341 int plen; 342 343 prop.integ = -1; 344 prop.prf = -1; 345 prop.encr = -1; 346 prop.dh = -1; 347 plen = ikev2_parse_proposal(&prop, pos, end); 348 if (plen < 0) 349 return -1; 350 351 if (!found && prop.integ != -1 && prop.prf != -1 && 352 prop.encr != -1 && prop.dh != -1) { 353 os_memcpy(&data->proposal, &prop, sizeof(prop)); 354 data->dh = dh_groups_get(prop.dh); 355 found = 1; 356 } 357 358 pos += plen; 359 } 360 361 if (pos != end) { 362 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after proposals"); 363 return -1; 364 } 365 366 if (!found) { 367 wpa_printf(MSG_INFO, "IKEV2: No acceptable proposal found"); 368 return -1; 369 } 370 371 wpa_printf(MSG_DEBUG, "IKEV2: Accepted proposal #%d: ENCR:%d PRF:%d " 372 "INTEG:%d D-H:%d", data->proposal.proposal_num, 373 data->proposal.encr, data->proposal.prf, 374 data->proposal.integ, data->proposal.dh); 375 376 return 0; 377 } 378 379 380 static int ikev2_process_kei(struct ikev2_responder_data *data, 381 const u8 *kei, size_t kei_len) 382 { 383 u16 group; 384 385 /* 386 * Key Exchange Payload: 387 * DH Group # (16 bits) 388 * RESERVED (16 bits) 389 * Key Exchange Data (Diffie-Hellman public value) 390 */ 391 392 if (kei == NULL) { 393 wpa_printf(MSG_INFO, "IKEV2: KEi not received"); 394 return -1; 395 } 396 397 if (kei_len < 4 + 96) { 398 wpa_printf(MSG_INFO, "IKEV2: Too show Key Exchange Payload"); 399 return -1; 400 } 401 402 group = WPA_GET_BE16(kei); 403 wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u", group); 404 405 if (group != data->proposal.dh) { 406 wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u does not match " 407 "with the selected proposal (%u)", 408 group, data->proposal.dh); 409 /* Reject message with Notify payload of type 410 * INVALID_KE_PAYLOAD (RFC 4306, Sect. 3.4) */ 411 data->error_type = INVALID_KE_PAYLOAD; 412 data->state = NOTIFY; 413 return -1; 414 } 415 416 if (data->dh == NULL) { 417 wpa_printf(MSG_INFO, "IKEV2: Unsupported DH group"); 418 return -1; 419 } 420 421 /* RFC 4306, Section 3.4: 422 * The length of DH public value MUST be equal to the length of the 423 * prime modulus. 424 */ 425 if (kei_len - 4 != data->dh->prime_len) { 426 wpa_printf(MSG_INFO, "IKEV2: Invalid DH public value length " 427 "%ld (expected %ld)", 428 (long) (kei_len - 4), (long) data->dh->prime_len); 429 return -1; 430 } 431 432 wpabuf_free(data->i_dh_public); 433 data->i_dh_public = wpabuf_alloc(kei_len - 4); 434 if (data->i_dh_public == NULL) 435 return -1; 436 wpabuf_put_data(data->i_dh_public, kei + 4, kei_len - 4); 437 438 wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value", 439 data->i_dh_public); 440 441 return 0; 442 } 443 444 445 static int ikev2_process_ni(struct ikev2_responder_data *data, 446 const u8 *ni, size_t ni_len) 447 { 448 if (ni == NULL) { 449 wpa_printf(MSG_INFO, "IKEV2: Ni not received"); 450 return -1; 451 } 452 453 if (ni_len < IKEV2_NONCE_MIN_LEN || ni_len > IKEV2_NONCE_MAX_LEN) { 454 wpa_printf(MSG_INFO, "IKEV2: Invalid Ni length %ld", 455 (long) ni_len); 456 return -1; 457 } 458 459 #ifdef CCNS_PL 460 /* Zeros are removed incorrectly from the beginning of the nonces */ 461 while (ni_len > 1 && *ni == 0) { 462 ni_len--; 463 ni++; 464 } 465 #endif /* CCNS_PL */ 466 467 data->i_nonce_len = ni_len; 468 os_memcpy(data->i_nonce, ni, ni_len); 469 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Ni", 470 data->i_nonce, data->i_nonce_len); 471 472 return 0; 473 } 474 475 476 static int ikev2_process_sa_init(struct ikev2_responder_data *data, 477 const struct ikev2_hdr *hdr, 478 struct ikev2_payloads *pl) 479 { 480 if (ikev2_process_sai1(data, pl->sa, pl->sa_len) < 0 || 481 ikev2_process_kei(data, pl->ke, pl->ke_len) < 0 || 482 ikev2_process_ni(data, pl->nonce, pl->nonce_len) < 0) 483 return -1; 484 485 os_memcpy(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN); 486 487 return 0; 488 } 489 490 491 static int ikev2_process_idi(struct ikev2_responder_data *data, 492 const u8 *idi, size_t idi_len) 493 { 494 u8 id_type; 495 496 if (idi == NULL) { 497 wpa_printf(MSG_INFO, "IKEV2: No IDi received"); 498 return -1; 499 } 500 501 if (idi_len < 4) { 502 wpa_printf(MSG_INFO, "IKEV2: Too short IDi payload"); 503 return -1; 504 } 505 506 id_type = idi[0]; 507 idi += 4; 508 idi_len -= 4; 509 510 wpa_printf(MSG_DEBUG, "IKEV2: IDi ID Type %d", id_type); 511 wpa_hexdump_ascii(MSG_DEBUG, "IKEV2: IDi", idi, idi_len); 512 os_free(data->IDi); 513 data->IDi = os_malloc(idi_len); 514 if (data->IDi == NULL) 515 return -1; 516 os_memcpy(data->IDi, idi, idi_len); 517 data->IDi_len = idi_len; 518 data->IDi_type = id_type; 519 520 return 0; 521 } 522 523 524 static int ikev2_process_cert(struct ikev2_responder_data *data, 525 const u8 *cert, size_t cert_len) 526 { 527 u8 cert_encoding; 528 529 if (cert == NULL) { 530 if (data->peer_auth == PEER_AUTH_CERT) { 531 wpa_printf(MSG_INFO, "IKEV2: No Certificate received"); 532 return -1; 533 } 534 return 0; 535 } 536 537 if (cert_len < 1) { 538 wpa_printf(MSG_INFO, "IKEV2: No Cert Encoding field"); 539 return -1; 540 } 541 542 cert_encoding = cert[0]; 543 cert++; 544 cert_len--; 545 546 wpa_printf(MSG_DEBUG, "IKEV2: Cert Encoding %d", cert_encoding); 547 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Certificate Data", cert, cert_len); 548 549 /* TODO: validate certificate */ 550 551 return 0; 552 } 553 554 555 static int ikev2_process_auth_cert(struct ikev2_responder_data *data, 556 u8 method, const u8 *auth, size_t auth_len) 557 { 558 if (method != AUTH_RSA_SIGN) { 559 wpa_printf(MSG_INFO, "IKEV2: Unsupported authentication " 560 "method %d", method); 561 return -1; 562 } 563 564 /* TODO: validate AUTH */ 565 return 0; 566 } 567 568 569 static int ikev2_process_auth_secret(struct ikev2_responder_data *data, 570 u8 method, const u8 *auth, 571 size_t auth_len) 572 { 573 u8 auth_data[IKEV2_MAX_HASH_LEN]; 574 const struct ikev2_prf_alg *prf; 575 576 if (method != AUTH_SHARED_KEY_MIC) { 577 wpa_printf(MSG_INFO, "IKEV2: Unsupported authentication " 578 "method %d", method); 579 return -1; 580 } 581 582 /* msg | Nr | prf(SK_pi,IDi') */ 583 if (ikev2_derive_auth_data(data->proposal.prf, data->i_sign_msg, 584 data->IDi, data->IDi_len, data->IDi_type, 585 &data->keys, 1, data->shared_secret, 586 data->shared_secret_len, 587 data->r_nonce, data->r_nonce_len, 588 data->key_pad, data->key_pad_len, 589 auth_data) < 0) { 590 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data"); 591 return -1; 592 } 593 594 wpabuf_free(data->i_sign_msg); 595 data->i_sign_msg = NULL; 596 597 prf = ikev2_get_prf(data->proposal.prf); 598 if (prf == NULL) 599 return -1; 600 601 if (auth_len != prf->hash_len || 602 os_memcmp(auth, auth_data, auth_len) != 0) { 603 wpa_printf(MSG_INFO, "IKEV2: Invalid Authentication Data"); 604 wpa_hexdump(MSG_DEBUG, "IKEV2: Received Authentication Data", 605 auth, auth_len); 606 wpa_hexdump(MSG_DEBUG, "IKEV2: Expected Authentication Data", 607 auth_data, prf->hash_len); 608 data->error_type = AUTHENTICATION_FAILED; 609 data->state = NOTIFY; 610 return -1; 611 } 612 613 wpa_printf(MSG_DEBUG, "IKEV2: Server authenticated successfully " 614 "using shared keys"); 615 616 return 0; 617 } 618 619 620 static int ikev2_process_auth(struct ikev2_responder_data *data, 621 const u8 *auth, size_t auth_len) 622 { 623 u8 auth_method; 624 625 if (auth == NULL) { 626 wpa_printf(MSG_INFO, "IKEV2: No Authentication Payload"); 627 return -1; 628 } 629 630 if (auth_len < 4) { 631 wpa_printf(MSG_INFO, "IKEV2: Too short Authentication " 632 "Payload"); 633 return -1; 634 } 635 636 auth_method = auth[0]; 637 auth += 4; 638 auth_len -= 4; 639 640 wpa_printf(MSG_DEBUG, "IKEV2: Auth Method %d", auth_method); 641 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Authentication Data", auth, auth_len); 642 643 switch (data->peer_auth) { 644 case PEER_AUTH_CERT: 645 return ikev2_process_auth_cert(data, auth_method, auth, 646 auth_len); 647 case PEER_AUTH_SECRET: 648 return ikev2_process_auth_secret(data, auth_method, auth, 649 auth_len); 650 } 651 652 return -1; 653 } 654 655 656 static int ikev2_process_sa_auth_decrypted(struct ikev2_responder_data *data, 657 u8 next_payload, 658 u8 *payload, size_t payload_len) 659 { 660 struct ikev2_payloads pl; 661 662 wpa_printf(MSG_DEBUG, "IKEV2: Processing decrypted payloads"); 663 664 if (ikev2_parse_payloads(&pl, next_payload, payload, payload + 665 payload_len) < 0) { 666 wpa_printf(MSG_INFO, "IKEV2: Failed to parse decrypted " 667 "payloads"); 668 return -1; 669 } 670 671 if (ikev2_process_idi(data, pl.idi, pl.idi_len) < 0 || 672 ikev2_process_cert(data, pl.cert, pl.cert_len) < 0 || 673 ikev2_process_auth(data, pl.auth, pl.auth_len) < 0) 674 return -1; 675 676 return 0; 677 } 678 679 680 static int ikev2_process_sa_auth(struct ikev2_responder_data *data, 681 const struct ikev2_hdr *hdr, 682 struct ikev2_payloads *pl) 683 { 684 u8 *decrypted; 685 size_t decrypted_len; 686 int ret; 687 688 decrypted = ikev2_decrypt_payload(data->proposal.encr, 689 data->proposal.integ, 690 &data->keys, 1, hdr, pl->encrypted, 691 pl->encrypted_len, &decrypted_len); 692 if (decrypted == NULL) 693 return -1; 694 695 ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload, 696 decrypted, decrypted_len); 697 os_free(decrypted); 698 699 return ret; 700 } 701 702 703 static int ikev2_validate_rx_state(struct ikev2_responder_data *data, 704 u8 exchange_type, u32 message_id) 705 { 706 switch (data->state) { 707 case SA_INIT: 708 /* Expect to receive IKE_SA_INIT: HDR, SAi1, KEi, Ni */ 709 if (exchange_type != IKE_SA_INIT) { 710 wpa_printf(MSG_INFO, "IKEV2: Unexpected Exchange Type " 711 "%u in SA_INIT state", exchange_type); 712 return -1; 713 } 714 if (message_id != 0) { 715 wpa_printf(MSG_INFO, "IKEV2: Unexpected Message ID %u " 716 "in SA_INIT state", message_id); 717 return -1; 718 } 719 break; 720 case SA_AUTH: 721 /* Expect to receive IKE_SA_AUTH: 722 * HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] 723 * AUTH, SAi2, TSi, TSr} 724 */ 725 if (exchange_type != IKE_SA_AUTH) { 726 wpa_printf(MSG_INFO, "IKEV2: Unexpected Exchange Type " 727 "%u in SA_AUTH state", exchange_type); 728 return -1; 729 } 730 if (message_id != 1) { 731 wpa_printf(MSG_INFO, "IKEV2: Unexpected Message ID %u " 732 "in SA_AUTH state", message_id); 733 return -1; 734 } 735 break; 736 case CHILD_SA: 737 if (exchange_type != CREATE_CHILD_SA) { 738 wpa_printf(MSG_INFO, "IKEV2: Unexpected Exchange Type " 739 "%u in CHILD_SA state", exchange_type); 740 return -1; 741 } 742 if (message_id != 2) { 743 wpa_printf(MSG_INFO, "IKEV2: Unexpected Message ID %u " 744 "in CHILD_SA state", message_id); 745 return -1; 746 } 747 break; 748 case NOTIFY: 749 case IKEV2_DONE: 750 case IKEV2_FAILED: 751 return -1; 752 } 753 754 return 0; 755 } 756 757 758 int ikev2_responder_process(struct ikev2_responder_data *data, 759 const struct wpabuf *buf) 760 { 761 const struct ikev2_hdr *hdr; 762 u32 length, message_id; 763 const u8 *pos, *end; 764 struct ikev2_payloads pl; 765 766 wpa_printf(MSG_MSGDUMP, "IKEV2: Received message (len %lu)", 767 (unsigned long) wpabuf_len(buf)); 768 769 if (wpabuf_len(buf) < sizeof(*hdr)) { 770 wpa_printf(MSG_INFO, "IKEV2: Too short frame to include HDR"); 771 return -1; 772 } 773 774 data->error_type = 0; 775 hdr = (const struct ikev2_hdr *) wpabuf_head(buf); 776 end = wpabuf_head_u8(buf) + wpabuf_len(buf); 777 message_id = WPA_GET_BE32(hdr->message_id); 778 length = WPA_GET_BE32(hdr->length); 779 780 wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Initiator's SPI", 781 hdr->i_spi, IKEV2_SPI_LEN); 782 wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Responder's SPI", 783 hdr->r_spi, IKEV2_SPI_LEN); 784 wpa_printf(MSG_DEBUG, "IKEV2: Next Payload: %u Version: 0x%x " 785 "Exchange Type: %u", 786 hdr->next_payload, hdr->version, hdr->exchange_type); 787 wpa_printf(MSG_DEBUG, "IKEV2: Message ID: %u Length: %u", 788 message_id, length); 789 790 if (hdr->version != IKEV2_VERSION) { 791 wpa_printf(MSG_INFO, "IKEV2: Unsupported HDR version 0x%x " 792 "(expected 0x%x)", hdr->version, IKEV2_VERSION); 793 return -1; 794 } 795 796 if (length != wpabuf_len(buf)) { 797 wpa_printf(MSG_INFO, "IKEV2: Invalid length (HDR: %lu != " 798 "RX: %lu)", (unsigned long) length, 799 (unsigned long) wpabuf_len(buf)); 800 return -1; 801 } 802 803 if (ikev2_validate_rx_state(data, hdr->exchange_type, message_id) < 0) 804 return -1; 805 806 if ((hdr->flags & (IKEV2_HDR_INITIATOR | IKEV2_HDR_RESPONSE)) != 807 IKEV2_HDR_INITIATOR) { 808 wpa_printf(MSG_INFO, "IKEV2: Unexpected Flags value 0x%x", 809 hdr->flags); 810 return -1; 811 } 812 813 if (data->state != SA_INIT) { 814 if (os_memcmp(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN) != 0) { 815 wpa_printf(MSG_INFO, "IKEV2: Unexpected IKE_SA " 816 "Initiator's SPI"); 817 return -1; 818 } 819 if (os_memcmp(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN) != 0) { 820 wpa_printf(MSG_INFO, "IKEV2: Unexpected IKE_SA " 821 "Responder's SPI"); 822 return -1; 823 } 824 } 825 826 pos = (const u8 *) (hdr + 1); 827 if (ikev2_parse_payloads(&pl, hdr->next_payload, pos, end) < 0) 828 return -1; 829 830 if (data->state == SA_INIT) { 831 data->last_msg = LAST_MSG_SA_INIT; 832 if (ikev2_process_sa_init(data, hdr, &pl) < 0) { 833 if (data->state == NOTIFY) 834 return 0; 835 return -1; 836 } 837 wpabuf_free(data->i_sign_msg); 838 data->i_sign_msg = wpabuf_dup(buf); 839 } 840 841 if (data->state == SA_AUTH) { 842 data->last_msg = LAST_MSG_SA_AUTH; 843 if (ikev2_process_sa_auth(data, hdr, &pl) < 0) { 844 if (data->state == NOTIFY) 845 return 0; 846 return -1; 847 } 848 } 849 850 return 0; 851 } 852 853 854 static void ikev2_build_hdr(struct ikev2_responder_data *data, 855 struct wpabuf *msg, u8 exchange_type, 856 u8 next_payload, u32 message_id) 857 { 858 struct ikev2_hdr *hdr; 859 860 wpa_printf(MSG_DEBUG, "IKEV2: Adding HDR"); 861 862 /* HDR - RFC 4306, Sect. 3.1 */ 863 hdr = wpabuf_put(msg, sizeof(*hdr)); 864 os_memcpy(hdr->i_spi, data->i_spi, IKEV2_SPI_LEN); 865 os_memcpy(hdr->r_spi, data->r_spi, IKEV2_SPI_LEN); 866 hdr->next_payload = next_payload; 867 hdr->version = IKEV2_VERSION; 868 hdr->exchange_type = exchange_type; 869 hdr->flags = IKEV2_HDR_RESPONSE; 870 WPA_PUT_BE32(hdr->message_id, message_id); 871 } 872 873 874 static int ikev2_build_sar1(struct ikev2_responder_data *data, 875 struct wpabuf *msg, u8 next_payload) 876 { 877 struct ikev2_payload_hdr *phdr; 878 size_t plen; 879 struct ikev2_proposal *p; 880 struct ikev2_transform *t; 881 882 wpa_printf(MSG_DEBUG, "IKEV2: Adding SAr1 payload"); 883 884 /* SAr1 - RFC 4306, Sect. 2.7 and 3.3 */ 885 phdr = wpabuf_put(msg, sizeof(*phdr)); 886 phdr->next_payload = next_payload; 887 phdr->flags = 0; 888 889 p = wpabuf_put(msg, sizeof(*p)); 890 #ifdef CCNS_PL 891 /* Seems to require that the Proposal # is 1 even though RFC 4306 892 * Sect 3.3.1 has following requirement "When a proposal is accepted, 893 * all of the proposal numbers in the SA payload MUST be the same and 894 * MUST match the number on the proposal sent that was accepted.". 895 */ 896 p->proposal_num = 1; 897 #else /* CCNS_PL */ 898 p->proposal_num = data->proposal.proposal_num; 899 #endif /* CCNS_PL */ 900 p->protocol_id = IKEV2_PROTOCOL_IKE; 901 p->num_transforms = 4; 902 903 t = wpabuf_put(msg, sizeof(*t)); 904 t->type = 3; 905 t->transform_type = IKEV2_TRANSFORM_ENCR; 906 WPA_PUT_BE16(t->transform_id, data->proposal.encr); 907 if (data->proposal.encr == ENCR_AES_CBC) { 908 /* Transform Attribute: Key Len = 128 bits */ 909 #ifdef CCNS_PL 910 wpabuf_put_be16(msg, 0x001d); /* ?? */ 911 #else /* CCNS_PL */ 912 wpabuf_put_be16(msg, 0x800e); /* AF=1, AttrType=14 */ 913 #endif /* CCNS_PL */ 914 wpabuf_put_be16(msg, 128); /* 128-bit key */ 915 } 916 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) t; 917 WPA_PUT_BE16(t->transform_length, plen); 918 919 t = wpabuf_put(msg, sizeof(*t)); 920 t->type = 3; 921 WPA_PUT_BE16(t->transform_length, sizeof(*t)); 922 t->transform_type = IKEV2_TRANSFORM_PRF; 923 WPA_PUT_BE16(t->transform_id, data->proposal.prf); 924 925 t = wpabuf_put(msg, sizeof(*t)); 926 t->type = 3; 927 WPA_PUT_BE16(t->transform_length, sizeof(*t)); 928 t->transform_type = IKEV2_TRANSFORM_INTEG; 929 WPA_PUT_BE16(t->transform_id, data->proposal.integ); 930 931 t = wpabuf_put(msg, sizeof(*t)); 932 WPA_PUT_BE16(t->transform_length, sizeof(*t)); 933 t->transform_type = IKEV2_TRANSFORM_DH; 934 WPA_PUT_BE16(t->transform_id, data->proposal.dh); 935 936 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) p; 937 WPA_PUT_BE16(p->proposal_length, plen); 938 939 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 940 WPA_PUT_BE16(phdr->payload_length, plen); 941 942 return 0; 943 } 944 945 946 static int ikev2_build_ker(struct ikev2_responder_data *data, 947 struct wpabuf *msg, u8 next_payload) 948 { 949 struct ikev2_payload_hdr *phdr; 950 size_t plen; 951 struct wpabuf *pv; 952 953 wpa_printf(MSG_DEBUG, "IKEV2: Adding KEr payload"); 954 955 pv = dh_init(data->dh, &data->r_dh_private); 956 if (pv == NULL) { 957 wpa_printf(MSG_DEBUG, "IKEV2: Failed to initialize DH"); 958 return -1; 959 } 960 961 /* KEr - RFC 4306, Sect. 3.4 */ 962 phdr = wpabuf_put(msg, sizeof(*phdr)); 963 phdr->next_payload = next_payload; 964 phdr->flags = 0; 965 966 wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */ 967 wpabuf_put(msg, 2); /* RESERVED */ 968 /* 969 * RFC 4306, Sect. 3.4: possible zero padding for public value to 970 * match the length of the prime. 971 */ 972 wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv)); 973 wpabuf_put_buf(msg, pv); 974 wpabuf_free(pv); 975 976 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 977 WPA_PUT_BE16(phdr->payload_length, plen); 978 return 0; 979 } 980 981 982 static int ikev2_build_nr(struct ikev2_responder_data *data, 983 struct wpabuf *msg, u8 next_payload) 984 { 985 struct ikev2_payload_hdr *phdr; 986 size_t plen; 987 988 wpa_printf(MSG_DEBUG, "IKEV2: Adding Nr payload"); 989 990 /* Nr - RFC 4306, Sect. 3.9 */ 991 phdr = wpabuf_put(msg, sizeof(*phdr)); 992 phdr->next_payload = next_payload; 993 phdr->flags = 0; 994 wpabuf_put_data(msg, data->r_nonce, data->r_nonce_len); 995 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 996 WPA_PUT_BE16(phdr->payload_length, plen); 997 return 0; 998 } 999 1000 1001 static int ikev2_build_idr(struct ikev2_responder_data *data, 1002 struct wpabuf *msg, u8 next_payload) 1003 { 1004 struct ikev2_payload_hdr *phdr; 1005 size_t plen; 1006 1007 wpa_printf(MSG_DEBUG, "IKEV2: Adding IDr payload"); 1008 1009 if (data->IDr == NULL) { 1010 wpa_printf(MSG_INFO, "IKEV2: No IDr available"); 1011 return -1; 1012 } 1013 1014 /* IDr - RFC 4306, Sect. 3.5 */ 1015 phdr = wpabuf_put(msg, sizeof(*phdr)); 1016 phdr->next_payload = next_payload; 1017 phdr->flags = 0; 1018 wpabuf_put_u8(msg, ID_KEY_ID); 1019 wpabuf_put(msg, 3); /* RESERVED */ 1020 wpabuf_put_data(msg, data->IDr, data->IDr_len); 1021 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1022 WPA_PUT_BE16(phdr->payload_length, plen); 1023 return 0; 1024 } 1025 1026 1027 static int ikev2_build_auth(struct ikev2_responder_data *data, 1028 struct wpabuf *msg, u8 next_payload) 1029 { 1030 struct ikev2_payload_hdr *phdr; 1031 size_t plen; 1032 const struct ikev2_prf_alg *prf; 1033 1034 wpa_printf(MSG_DEBUG, "IKEV2: Adding AUTH payload"); 1035 1036 prf = ikev2_get_prf(data->proposal.prf); 1037 if (prf == NULL) 1038 return -1; 1039 1040 /* Authentication - RFC 4306, Sect. 3.8 */ 1041 phdr = wpabuf_put(msg, sizeof(*phdr)); 1042 phdr->next_payload = next_payload; 1043 phdr->flags = 0; 1044 wpabuf_put_u8(msg, AUTH_SHARED_KEY_MIC); 1045 wpabuf_put(msg, 3); /* RESERVED */ 1046 1047 /* msg | Ni | prf(SK_pr,IDr') */ 1048 if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg, 1049 data->IDr, data->IDr_len, ID_KEY_ID, 1050 &data->keys, 0, data->shared_secret, 1051 data->shared_secret_len, 1052 data->i_nonce, data->i_nonce_len, 1053 data->key_pad, data->key_pad_len, 1054 wpabuf_put(msg, prf->hash_len)) < 0) { 1055 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data"); 1056 return -1; 1057 } 1058 wpabuf_free(data->r_sign_msg); 1059 data->r_sign_msg = NULL; 1060 1061 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1062 WPA_PUT_BE16(phdr->payload_length, plen); 1063 return 0; 1064 } 1065 1066 1067 static int ikev2_build_notification(struct ikev2_responder_data *data, 1068 struct wpabuf *msg, u8 next_payload) 1069 { 1070 struct ikev2_payload_hdr *phdr; 1071 size_t plen; 1072 1073 wpa_printf(MSG_DEBUG, "IKEV2: Adding Notification payload"); 1074 1075 if (data->error_type == 0) { 1076 wpa_printf(MSG_INFO, "IKEV2: No Notify Message Type " 1077 "available"); 1078 return -1; 1079 } 1080 1081 /* Notify - RFC 4306, Sect. 3.10 */ 1082 phdr = wpabuf_put(msg, sizeof(*phdr)); 1083 phdr->next_payload = next_payload; 1084 phdr->flags = 0; 1085 #ifdef CCNS_PL 1086 wpabuf_put_u8(msg, 1); /* Protocol ID: IKE_SA notification */ 1087 #else /* CCNS_PL */ 1088 wpabuf_put_u8(msg, 0); /* Protocol ID: no existing SA */ 1089 #endif /* CCNS_PL */ 1090 wpabuf_put_u8(msg, 0); /* SPI Size */ 1091 wpabuf_put_be16(msg, data->error_type); 1092 1093 switch (data->error_type) { 1094 case INVALID_KE_PAYLOAD: 1095 if (data->proposal.dh == -1) { 1096 wpa_printf(MSG_INFO, "IKEV2: No DH Group selected for " 1097 "INVALID_KE_PAYLOAD notifications"); 1098 return -1; 1099 } 1100 wpabuf_put_be16(msg, data->proposal.dh); 1101 wpa_printf(MSG_DEBUG, "IKEV2: INVALID_KE_PAYLOAD - request " 1102 "DH Group #%d", data->proposal.dh); 1103 break; 1104 case AUTHENTICATION_FAILED: 1105 /* no associated data */ 1106 break; 1107 default: 1108 wpa_printf(MSG_INFO, "IKEV2: Unsupported Notify Message Type " 1109 "%d", data->error_type); 1110 return -1; 1111 } 1112 1113 plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; 1114 WPA_PUT_BE16(phdr->payload_length, plen); 1115 return 0; 1116 } 1117 1118 1119 static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data) 1120 { 1121 struct wpabuf *msg; 1122 1123 /* build IKE_SA_INIT: HDR, SAr1, KEr, Nr, [CERTREQ], [SK{IDr}] */ 1124 1125 if (os_get_random(data->r_spi, IKEV2_SPI_LEN)) 1126 return NULL; 1127 wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Responder's SPI", 1128 data->r_spi, IKEV2_SPI_LEN); 1129 1130 data->r_nonce_len = IKEV2_NONCE_MIN_LEN; 1131 if (random_get_bytes(data->r_nonce, data->r_nonce_len)) 1132 return NULL; 1133 #ifdef CCNS_PL 1134 /* Zeros are removed incorrectly from the beginning of the nonces in 1135 * key derivation; as a workaround, make sure Nr does not start with 1136 * zero.. */ 1137 if (data->r_nonce[0] == 0) 1138 data->r_nonce[0] = 1; 1139 #endif /* CCNS_PL */ 1140 wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len); 1141 1142 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500); 1143 if (msg == NULL) 1144 return NULL; 1145 1146 ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0); 1147 if (ikev2_build_sar1(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) || 1148 ikev2_build_ker(data, msg, IKEV2_PAYLOAD_NONCE) || 1149 ikev2_build_nr(data, msg, data->peer_auth == PEER_AUTH_SECRET ? 1150 IKEV2_PAYLOAD_ENCRYPTED : 1151 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) { 1152 wpabuf_free(msg); 1153 return NULL; 1154 } 1155 1156 if (ikev2_derive_keys(data)) { 1157 wpabuf_free(msg); 1158 return NULL; 1159 } 1160 1161 if (data->peer_auth == PEER_AUTH_CERT) { 1162 /* TODO: CERTREQ with SHA-1 hashes of Subject Public Key Info 1163 * for trust agents */ 1164 } 1165 1166 if (data->peer_auth == PEER_AUTH_SECRET) { 1167 struct wpabuf *plain = wpabuf_alloc(data->IDr_len + 1000); 1168 if (plain == NULL) { 1169 wpabuf_free(msg); 1170 return NULL; 1171 } 1172 if (ikev2_build_idr(data, plain, 1173 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || 1174 ikev2_build_encrypted(data->proposal.encr, 1175 data->proposal.integ, 1176 &data->keys, 0, msg, plain, 1177 IKEV2_PAYLOAD_IDr)) { 1178 wpabuf_free(plain); 1179 wpabuf_free(msg); 1180 return NULL; 1181 } 1182 wpabuf_free(plain); 1183 } 1184 1185 ikev2_update_hdr(msg); 1186 1187 wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_INIT)", msg); 1188 1189 data->state = SA_AUTH; 1190 1191 wpabuf_free(data->r_sign_msg); 1192 data->r_sign_msg = wpabuf_dup(msg); 1193 1194 return msg; 1195 } 1196 1197 1198 static struct wpabuf * ikev2_build_sa_auth(struct ikev2_responder_data *data) 1199 { 1200 struct wpabuf *msg, *plain; 1201 1202 /* build IKE_SA_AUTH: HDR, SK {IDr, [CERT,] AUTH} */ 1203 1204 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000); 1205 if (msg == NULL) 1206 return NULL; 1207 ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1); 1208 1209 plain = wpabuf_alloc(data->IDr_len + 1000); 1210 if (plain == NULL) { 1211 wpabuf_free(msg); 1212 return NULL; 1213 } 1214 1215 if (ikev2_build_idr(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) || 1216 ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || 1217 ikev2_build_encrypted(data->proposal.encr, data->proposal.integ, 1218 &data->keys, 0, msg, plain, 1219 IKEV2_PAYLOAD_IDr)) { 1220 wpabuf_free(plain); 1221 wpabuf_free(msg); 1222 return NULL; 1223 } 1224 wpabuf_free(plain); 1225 1226 wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_AUTH)", msg); 1227 1228 data->state = IKEV2_DONE; 1229 1230 return msg; 1231 } 1232 1233 1234 static struct wpabuf * ikev2_build_notify(struct ikev2_responder_data *data) 1235 { 1236 struct wpabuf *msg; 1237 1238 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + 1000); 1239 if (msg == NULL) 1240 return NULL; 1241 if (data->last_msg == LAST_MSG_SA_AUTH) { 1242 /* HDR, SK{N} */ 1243 struct wpabuf *plain = wpabuf_alloc(100); 1244 if (plain == NULL) { 1245 wpabuf_free(msg); 1246 return NULL; 1247 } 1248 ikev2_build_hdr(data, msg, IKE_SA_AUTH, 1249 IKEV2_PAYLOAD_ENCRYPTED, 1); 1250 if (ikev2_build_notification(data, plain, 1251 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || 1252 ikev2_build_encrypted(data->proposal.encr, 1253 data->proposal.integ, 1254 &data->keys, 0, msg, plain, 1255 IKEV2_PAYLOAD_NOTIFICATION)) { 1256 wpabuf_free(plain); 1257 wpabuf_free(msg); 1258 return NULL; 1259 } 1260 data->state = IKEV2_FAILED; 1261 } else { 1262 /* HDR, N */ 1263 ikev2_build_hdr(data, msg, IKE_SA_INIT, 1264 IKEV2_PAYLOAD_NOTIFICATION, 0); 1265 if (ikev2_build_notification(data, msg, 1266 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) { 1267 wpabuf_free(msg); 1268 return NULL; 1269 } 1270 data->state = SA_INIT; 1271 } 1272 1273 ikev2_update_hdr(msg); 1274 1275 wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (Notification)", 1276 msg); 1277 1278 return msg; 1279 } 1280 1281 1282 struct wpabuf * ikev2_responder_build(struct ikev2_responder_data *data) 1283 { 1284 switch (data->state) { 1285 case SA_INIT: 1286 return ikev2_build_sa_init(data); 1287 case SA_AUTH: 1288 return ikev2_build_sa_auth(data); 1289 case CHILD_SA: 1290 return NULL; 1291 case NOTIFY: 1292 return ikev2_build_notify(data); 1293 case IKEV2_DONE: 1294 case IKEV2_FAILED: 1295 return NULL; 1296 } 1297 return NULL; 1298 } 1299