Lines Matching refs:iph1

111 agg_i1send(iph1, msg)  in agg_i1send()  argument
112 struct ph1handle *iph1; in agg_i1send()
145 if (iph1->status != PHASE1ST_START) {
147 "status mismatched %d.\n", iph1->status);
152 memset(&iph1->index, 0, sizeof(iph1->index));
153 isakmp_newcookie((caddr_t)&iph1->index, iph1->remote, iph1->local);
156 if (ipsecdoi_setid1(iph1) < 0)
160 iph1->sa = ipsecdoi_setph1proposal(iph1->rmconf->proposal);
161 if (iph1->sa == NULL)
165 if (iph1->rmconf->dhgrp == NULL) {
172 if (oakley_dh_generate(iph1->rmconf->dhgrp,
173 &iph1->dhpub, &iph1->dhpriv) < 0)
177 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
178 if (iph1->nonce == NULL)
183 switch (RMAUTHMETHOD(iph1)) {
204 if (iph1->rmconf->ike_frag) {
216 if (iph1->rmconf->send_cr
217 && oakley_needcr(iph1->rmconf->proposal->authmethod)
218 && iph1->rmconf->peerscertfile == NULL) {
220 cr = oakley_getcr(iph1);
229 s_oakley_attr_method(iph1->rmconf->proposal->authmethod));
231 if (RMAUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
232 gssapi_get_itoken(iph1, &len);
236 plist = isakmp_plist_append(plist, iph1->sa, ISAKMP_NPTYPE_SA);
239 plist = isakmp_plist_append(plist, iph1->dhpub, ISAKMP_NPTYPE_KE);
242 plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);
245 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
248 if (RMAUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
249 gssapi_get_token_to_send(iph1, &gsstoken);
266 if (iph1->rmconf->nat_traversal)
278 if(iph1->rmconf->dpd){
285 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
288 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
292 iph1->retry_counter = iph1->rmconf->retry_counter;
293 if (isakmp_ph1resend(iph1) == -1)
296 iph1->status = PHASE1ST_MSG1SENT;
338 agg_i2recv(iph1, msg) in agg_i2recv() argument
339 struct ph1handle *iph1; in agg_i2recv()
368 if (iph1->status != PHASE1ST_MSG1SENT) {
370 "status mismatched %d.\n", iph1->status);
380 iph1->pl_hash = NULL;
384 plog(LLV_ERROR, LOCATION, iph1->remote,
401 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
405 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
409 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
413 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
416 if (oakley_savecr(iph1, pa->ptr) < 0)
420 if (oakley_savecert(iph1, pa->ptr) < 0)
424 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
428 handle_vendorid(iph1, pa->ptr);
431 isakmp_check_notify(pa->ptr, iph1);
437 gssapi_save_received_token(iph1, gsstoken);
444 if (NATT_AVAILABLE(iph1) && iph1->natt_options != NULL &&
445 pa->type == iph1->natt_options->payload_nat_d) {
466 plog(LLV_ERROR, LOCATION, iph1->remote,
475 if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
476 plog(LLV_ERROR, LOCATION, iph1->remote,
482 if (ipsecdoi_checkid1(iph1) != 0) {
483 plog(LLV_ERROR, LOCATION, iph1->remote,
489 if (ipsecdoi_checkph1proposal(satmp, iph1) < 0) {
490 plog(LLV_ERROR, LOCATION, iph1->remote,
495 VPTRINIT(iph1->sa_ret);
498 memcpy(&iph1->index.r_ck, &((struct isakmp *)msg->v)->r_ck,
502 if (NATT_AVAILABLE(iph1)) {
506 plog(LLV_INFO, LOCATION, iph1->remote,
508 vid_string_by_id(iph1->natt_options->version));
512 iph1->natt_flags |= NAT_DETECTED;
517 natd_verified = natt_compare_addr_hash (iph1,
531 iph1->natt_flags & NAT_DETECTED ?
533 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
534 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
536 if (iph1->natt_flags & NAT_DETECTED)
537 natt_float_ports (iph1);
542 if (oakley_dh_compute(iph1->rmconf->dhgrp, iph1->dhpub,
543 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
547 if (oakley_skeyid(iph1) < 0)
549 if (oakley_skeyid_dae(iph1) < 0)
551 if (oakley_compute_enckey(iph1) < 0)
553 if (oakley_newiv(iph1) < 0)
557 ptype = oakley_validate_auth(iph1);
563 EVT_PUSH(iph1->local, iph1->remote,
565 isakmp_info_send_n1(iph1, ptype, NULL);
569 if (oakley_checkcr(iph1) < 0) {
575 iph1->status = PHASE1ST_MSG2RECEIVED;
589 VPTRINIT(iph1->dhpub_p);
590 VPTRINIT(iph1->nonce_p);
591 VPTRINIT(iph1->id_p);
592 oakley_delcert(iph1->cert_p);
593 iph1->cert_p = NULL;
594 oakley_delcert(iph1->crl_p);
595 iph1->crl_p = NULL;
596 VPTRINIT(iph1->sig_p);
597 oakley_delcert(iph1->cr_p);
598 iph1->cr_p = NULL;
613 agg_i2send(iph1, msg) in agg_i2send() argument
614 struct ph1handle *iph1; in agg_i2send()
623 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
625 "status mismatched %d.\n", iph1->status);
631 iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
632 if (iph1->hash == NULL) {
634 if (gssapi_more_tokens(iph1) &&
636 !iph1->rmconf->xauth &&
639 isakmp_info_send_n1(iph1,
645 switch (AUTHMETHOD(iph1)) {
654 iph1->hash, ISAKMP_NPTYPE_HASH);
665 if (oakley_getmycert(iph1) < 0)
668 if (oakley_getsign(iph1) < 0)
671 if (iph1->cert != NULL && iph1->rmconf->send_cert)
677 iph1->cert->pl, ISAKMP_NPTYPE_CERT);
681 iph1->sig, ISAKMP_NPTYPE_SIG);
693 gsshash = gssapi_wraphash(iph1);
697 isakmp_info_send_n1(iph1,
710 if (NATT_AVAILABLE(iph1)) {
716 if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
719 saddr2str(iph1->remote));
723 if ((natd[1] = natt_hash_addr (iph1, iph1->local)) == NULL) {
726 saddr2str(iph1->local));
731 natd[0], iph1->natt_options->payload_nat_d);
733 natd[1], iph1->natt_options->payload_nat_d);
737 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
740 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
744 if (isakmp_send(iph1, iph1->sendbuf) < 0)
748 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
755 iph1->flags |= ISAKMP_FLAG_E;
757 iph1->status = PHASE1ST_ESTABLISHED;
777 agg_r1recv(iph1, msg) in agg_r1recv() argument
778 struct ph1handle *iph1; in agg_r1recv()
790 if (iph1->status != PHASE1ST_START) {
792 "status mismatched %d.\n", iph1->status);
804 plog(LLV_ERROR, LOCATION, iph1->remote,
810 if (isakmp_p2ph(&iph1->sa, pa->ptr) < 0)
824 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
828 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
832 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
836 vid_numeric = handle_vendorid(iph1, pa->ptr);
840 iph1->frag = 1;
845 if (oakley_savecr(iph1, pa->ptr) < 0)
853 gssapi_save_received_token(iph1, gsstoken);
858 plog(LLV_ERROR, LOCATION, iph1->remote,
867 if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
868 plog(LLV_ERROR, LOCATION, iph1->remote,
874 if (ipsecdoi_checkid1(iph1) != 0) {
875 plog(LLV_ERROR, LOCATION, iph1->remote,
881 if (NATT_AVAILABLE(iph1))
882 plog(LLV_INFO, LOCATION, iph1->remote,
884 vid_string_by_id(iph1->natt_options->version));
888 if (ipsecdoi_checkph1proposal(iph1->sa, iph1) < 0) {
889 plog(LLV_ERROR, LOCATION, iph1->remote,
895 if (oakley_checkcr(iph1) < 0) {
900 iph1->status = PHASE1ST_MSG1RECEIVED;
912 VPTRINIT(iph1->sa);
913 VPTRINIT(iph1->dhpub_p);
914 VPTRINIT(iph1->nonce_p);
915 VPTRINIT(iph1->id_p);
916 oakley_delcert(iph1->cr_p);
917 iph1->cr_p = NULL;
932 agg_r1send(iph1, msg) in agg_r1send() argument
933 struct ph1handle *iph1; in agg_r1send()
964 if (iph1->status != PHASE1ST_MSG1RECEIVED) {
966 "status mismatched %d.\n", iph1->status);
971 isakmp_newcookie((caddr_t)&iph1->index.r_ck, iph1->remote, iph1->local);
974 if (ipsecdoi_setid1(iph1) < 0)
978 if (oakley_dh_generate(iph1->rmconf->dhgrp,
979 &iph1->dhpub, &iph1->dhpriv) < 0)
983 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
984 if (iph1->nonce == NULL)
988 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
989 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
993 if (oakley_skeyid(iph1) < 0)
995 if (oakley_skeyid_dae(iph1) < 0)
997 if (oakley_compute_enckey(iph1) < 0)
999 if (oakley_newiv(iph1) < 0)
1003 if (RMAUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
1004 gssapi_get_rtoken(iph1, &gsslen);
1009 iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
1010 if (iph1->hash == NULL) {
1012 if (gssapi_more_tokens(iph1))
1013 isakmp_info_send_n1(iph1,
1020 if (iph1->rmconf->send_cr
1021 && oakley_needcr(iph1->approval->authmethod)
1022 && iph1->rmconf->peerscertfile == NULL) {
1024 cr = oakley_getcr(iph1);
1034 if (NATT_AVAILABLE(iph1)) {
1036 vid_natt = set_vendorid(iph1->natt_options->version);
1040 if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
1042 "NAT-D hashing failed for %s\n", saddr2str(iph1->remote));
1046 if ((natd[1] = natt_hash_addr (iph1, iph1->local)) == NULL) {
1048 "NAT-D hashing failed for %s\n", saddr2str(iph1->local));
1055 if (iph1->dpd_support && iph1->rmconf->dpd)
1059 if (iph1->frag) {
1070 switch (AUTHMETHOD(iph1)) {
1077 iph1->sa_ret, ISAKMP_NPTYPE_SA);
1081 iph1->dhpub, ISAKMP_NPTYPE_KE);
1085 iph1->nonce, ISAKMP_NPTYPE_NONCE);
1089 iph1->id, ISAKMP_NPTYPE_ID);
1093 iph1->hash, ISAKMP_NPTYPE_HASH);
1110 if (oakley_getmycert(iph1) < 0)
1113 if (oakley_getsign(iph1) < 0)
1116 if (iph1->cert != NULL && iph1->rmconf->send_cert)
1121 iph1->sa_ret, ISAKMP_NPTYPE_SA);
1125 iph1->dhpub, ISAKMP_NPTYPE_KE);
1129 iph1->nonce, ISAKMP_NPTYPE_NONCE);
1133 iph1->id, ISAKMP_NPTYPE_ID);
1138 iph1->cert->pl, ISAKMP_NPTYPE_CERT);
1142 iph1->sig, ISAKMP_NPTYPE_SIG);
1160 gsshash = gssapi_wraphash(iph1);
1170 isakmp_info_send_n1(iph1,
1174 if (iph1->approval->gssid != NULL)
1176 ipsecdoi_setph1proposal(iph1->approval);
1178 gss_sa = iph1->sa_ret;
1180 if (gss_sa != iph1->sa_ret)
1189 iph1->dhpub, ISAKMP_NPTYPE_KE);
1193 iph1->nonce, ISAKMP_NPTYPE_NONCE);
1197 iph1->id, ISAKMP_NPTYPE_ID);
1200 gssapi_get_token_to_send(iph1, &gsstoken);
1214 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
1225 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) {
1242 plist = isakmp_plist_append(plist, natd[0], iph1->natt_options->payload_nat_d);
1243 plist = isakmp_plist_append(plist, natd[1], iph1->natt_options->payload_nat_d);
1257 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
1260 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 1);
1264 iph1->retry_counter = iph1->rmconf->retry_counter;
1265 if (isakmp_ph1resend(iph1) == -1)
1269 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1275 iph1->status = PHASE1ST_MSG1SENT;
1317 agg_r2recv(iph1, msg0) in agg_r2recv() argument
1318 struct ph1handle *iph1; in agg_r2recv()
1332 if (iph1->status != PHASE1ST_MSG1SENT) {
1334 "status mismatched %d.\n", iph1->status);
1341 msg = oakley_do_decrypt(iph1, msg0,
1342 iph1->ivm->iv, iph1->ivm->ive);
1353 iph1->pl_hash = NULL;
1361 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
1364 handle_vendorid(iph1, pa->ptr);
1367 if (oakley_savecert(iph1, pa->ptr) < 0)
1371 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
1375 isakmp_check_notify(pa->ptr, iph1);
1381 if (NATT_AVAILABLE(iph1) && iph1->natt_options != NULL &&
1382 pa->type == iph1->natt_options->payload_nat_d)
1391 iph1->natt_flags |= NAT_DETECTED;
1393 natd_verified = natt_compare_addr_hash (iph1,
1408 plog(LLV_ERROR, LOCATION, iph1->remote,
1417 if (NATT_AVAILABLE(iph1))
1419 iph1->natt_flags & NAT_DETECTED ?
1421 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
1422 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
1426 ptype = oakley_validate_auth(iph1);
1432 EVT_PUSH(iph1->local, iph1->remote,
1434 isakmp_info_send_n1(iph1, ptype, NULL);
1438 iph1->status = PHASE1ST_MSG2RECEIVED;
1448 oakley_delcert(iph1->cert_p);
1449 iph1->cert_p = NULL;
1450 oakley_delcert(iph1->crl_p);
1451 iph1->crl_p = NULL;
1452 VPTRINIT(iph1->sig_p);
1462 agg_r2send(iph1, msg) in agg_r2send() argument
1463 struct ph1handle *iph1; in agg_r2send()
1469 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
1471 "status mismatched %d.\n", iph1->status);
1478 memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->iv->l);
1481 iph1->flags |= ISAKMP_FLAG_E;
1483 iph1->status = PHASE1ST_ESTABLISHED;