Lines Matching refs:iph1

107 ident_i1send(iph1, msg)  in ident_i1send()  argument
108 struct ph1handle *iph1; in ident_i1send()
133 if (iph1->status != PHASE1ST_START) {
135 "status mismatched %d.\n", iph1->status);
140 memset(&iph1->index, 0, sizeof(iph1->index));
141 isakmp_newcookie((caddr_t)&iph1->index, iph1->remote, iph1->local);
144 iph1->sa = ipsecdoi_setph1proposal(iph1->rmconf->proposal);
145 if (iph1->sa == NULL)
149 plist = isakmp_plist_append(plist, iph1->sa, ISAKMP_NPTYPE_SA);
153 if (iph1->rmconf->nat_traversal)
158 switch (RMAUTHMETHOD(iph1)) {
185 if (iph1->rmconf->ike_frag) {
198 if(iph1->rmconf->dpd){
206 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
209 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
213 iph1->retry_counter = iph1->rmconf->retry_counter;
214 if (isakmp_ph1resend(iph1) == -1)
217 iph1->status = PHASE1ST_MSG1SENT;
252 ident_i2recv(iph1, msg) in ident_i2recv() argument
253 struct ph1handle *iph1; in ident_i2recv()
263 if (iph1->status != PHASE1ST_MSG1SENT) {
265 "status mismatched %d.\n", iph1->status);
286 plog(LLV_ERROR, LOCATION, iph1->remote,
302 handle_vendorid(iph1, pa->ptr);
306 plog(LLV_ERROR, LOCATION, iph1->remote,
315 if (NATT_AVAILABLE(iph1))
316 plog(LLV_INFO, LOCATION, iph1->remote,
318 vid_string_by_id(iph1->natt_options->version));
322 if (ipsecdoi_checkph1proposal(satmp, iph1) < 0) {
323 plog(LLV_ERROR, LOCATION, iph1->remote,
328 VPTRINIT(iph1->sa_ret);
330 iph1->status = PHASE1ST_MSG2RECEIVED;
352 ident_i2send(iph1, msg) in ident_i2send() argument
353 struct ph1handle *iph1; in ident_i2send()
359 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
361 "status mismatched %d.\n", iph1->status);
366 memcpy(&iph1->index.r_ck, &((struct isakmp *)msg->v)->r_ck,
370 if (oakley_dh_generate(iph1->approval->dhgrp,
371 &iph1->dhpub, &iph1->dhpriv) < 0)
375 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
376 if (iph1->nonce == NULL)
380 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB &&
381 gssapi_get_itoken(iph1, NULL) < 0)
386 iph1->sendbuf = ident_ir2mx(iph1);
387 if (iph1->sendbuf == NULL)
391 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
395 iph1->retry_counter = iph1->rmconf->retry_counter;
396 if (isakmp_ph1resend(iph1) == -1)
400 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
406 iph1->status = PHASE1ST_MSG2SENT;
423 ident_i3recv(iph1, msg) in ident_i3recv() argument
424 struct ph1handle *iph1; in ident_i3recv()
439 if (iph1->status != PHASE1ST_MSG2SENT) {
441 "status mismatched %d.\n", iph1->status);
456 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
460 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
464 handle_vendorid(iph1, pa->ptr);
467 if (oakley_savecr(iph1, pa->ptr) < 0)
474 gssapi_save_received_token(iph1, gsstoken);
481 if (NATT_AVAILABLE(iph1) && iph1->natt_options != NULL &&
482 pa->type == iph1->natt_options->payload_nat_d) {
490 iph1->natt_flags |= NAT_DETECTED;
494 natd_verified = natt_compare_addr_hash (iph1,
509 plog(LLV_ERROR, LOCATION, iph1->remote,
518 if (NATT_AVAILABLE(iph1)) {
520 iph1->natt_flags & NAT_DETECTED ?
522 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
523 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
524 if (iph1->natt_flags & NAT_DETECTED)
525 natt_float_ports (iph1);
530 if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
531 plog(LLV_ERROR, LOCATION, iph1->remote,
536 if (oakley_checkcr(iph1) < 0) {
541 iph1->status = PHASE1ST_MSG3RECEIVED;
553 VPTRINIT(iph1->dhpub_p);
554 VPTRINIT(iph1->nonce_p);
555 VPTRINIT(iph1->id_p);
556 oakley_delcert(iph1->cr_p);
557 iph1->cr_p = NULL;
572 ident_i3send(iph1, msg0) in ident_i3send() argument
573 struct ph1handle *iph1; in ident_i3send()
583 if (iph1->status != PHASE1ST_MSG3RECEIVED) {
585 "status mismatched %d.\n", iph1->status);
590 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
591 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
595 if (oakley_skeyid(iph1) < 0)
597 if (oakley_skeyid_dae(iph1) < 0)
599 if (oakley_compute_enckey(iph1) < 0)
601 if (oakley_newiv(iph1) < 0)
605 if (ipsecdoi_setid1(iph1) < 0)
609 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB &&
610 gssapi_more_tokens(iph1)) {
612 if (gssapi_get_itoken(iph1, &len) < 0)
621 iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
622 if (iph1->hash == NULL)
625 iph1->hash = NULL;
628 iph1->flags |= ISAKMP_FLAG_E;
631 iph1->sendbuf = ident_ir3mx(iph1);
632 if (iph1->sendbuf == NULL)
636 iph1->retry_counter = iph1->rmconf->retry_counter;
637 if (isakmp_ph1resend(iph1) == -1)
641 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg0) == -1) {
648 memcpy(iph1->ivm->ive->v, iph1->ivm->iv->v, iph1->ivm->iv->l);
650 iph1->status = PHASE1ST_MSG3SENT;
667 ident_i4recv(iph1, msg0) in ident_i4recv() argument
668 struct ph1handle *iph1; in ident_i4recv()
681 if (iph1->status != PHASE1ST_MSG3SENT) {
683 "status mismatched %d.\n", iph1->status);
689 plog(LLV_ERROR, LOCATION, iph1->remote,
694 msg = oakley_do_decrypt(iph1, msg0, iph1->ivm->iv, iph1->ivm->ive);
703 iph1->pl_hash = NULL;
711 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
715 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
718 if (oakley_savecert(iph1, pa->ptr) < 0)
722 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
729 gssapi_save_received_token(iph1, gsstoken);
733 handle_vendorid(iph1, pa->ptr);
736 isakmp_check_notify(pa->ptr, iph1);
740 plog(LLV_ERROR, LOCATION, iph1->remote,
751 if (ipsecdoi_checkid1(iph1) != 0) {
752 plog(LLV_ERROR, LOCATION, iph1->remote,
761 type = oakley_validate_auth(iph1);
767 EVT_PUSH(iph1->local, iph1->remote,
769 isakmp_info_send_n1(iph1, type, NULL);
781 plog(LLV_DEBUG, LOCATION, iph1->remote, "peer's ID:");
782 plogdump(LLV_DEBUG, iph1->id_p->v, iph1->id_p->l);
785 memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->ive->l);
791 iph1->status = gsstoken != 0 ? PHASE1ST_MSG3RECEIVED :
794 iph1->status = PHASE1ST_MSG4RECEIVED;
810 VPTRINIT(iph1->id_p);
811 oakley_delcert(iph1->cert_p);
812 iph1->cert_p = NULL;
813 oakley_delcert(iph1->crl_p);
814 iph1->crl_p = NULL;
815 VPTRINIT(iph1->sig_p);
825 ident_i4send(iph1, msg) in ident_i4send() argument
826 struct ph1handle *iph1; in ident_i4send()
832 if (iph1->status != PHASE1ST_MSG4RECEIVED) {
834 "status mismatched %d.\n", iph1->status);
839 memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->iv->l);
841 iph1->status = PHASE1ST_ESTABLISHED;
857 ident_r1recv(iph1, msg) in ident_r1recv() argument
858 struct ph1handle *iph1; in ident_r1recv()
867 if (iph1->status != PHASE1ST_START) {
869 "status mismatched %d.\n", iph1->status);
884 plog(LLV_ERROR, LOCATION, iph1->remote,
890 if (isakmp_p2ph(&iph1->sa, pa->ptr) < 0)
900 vid_numeric = handle_vendorid(iph1, pa->ptr);
904 iph1->frag = 1;
915 plog(LLV_ERROR, LOCATION, iph1->remote,
924 if (NATT_AVAILABLE(iph1))
925 plog(LLV_INFO, LOCATION, iph1->remote,
927 vid_string_by_id(iph1->natt_options->version));
931 if (ipsecdoi_checkph1proposal(iph1->sa, iph1) < 0) {
932 plog(LLV_ERROR, LOCATION, iph1->remote,
938 iph1->status = PHASE1ST_MSG1RECEIVED;
946 VPTRINIT(iph1->sa);
960 ident_r1send(iph1, msg) in ident_r1send() argument
961 struct ph1handle *iph1; in ident_r1send()
985 if (iph1->status != PHASE1ST_MSG1RECEIVED) {
987 "status mismatched %d.\n", iph1->status);
992 isakmp_newcookie((caddr_t)&iph1->index.r_ck, iph1->remote, iph1->local);
995 if (iph1->approval->gssid != NULL) {
996 gss_sa = ipsecdoi_setph1proposal(iph1->approval);
997 if (gss_sa != iph1->sa_ret)
1001 gss_sa = iph1->sa_ret;
1007 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
1018 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) {
1030 if (NATT_AVAILABLE(iph1))
1031 vid_natt = set_vendorid(iph1->natt_options->version);
1038 if(iph1->rmconf->dpd){
1045 if (iph1->frag) {
1059 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
1062 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
1066 iph1->retry_counter = iph1->rmconf->retry_counter;
1067 if (isakmp_ph1resend(iph1) == -1) {
1072 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1078 iph1->status = PHASE1ST_MSG1SENT;
1119 ident_r2recv(iph1, msg) in ident_r2recv() argument
1120 struct ph1handle *iph1; in ident_r2recv()
1134 if (iph1->status != PHASE1ST_MSG1SENT) {
1136 "status mismatched %d.\n", iph1->status);
1150 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
1154 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
1158 handle_vendorid(iph1, pa->ptr);
1161 plog(LLV_WARNING, LOCATION, iph1->remote,
1169 gssapi_save_received_token(iph1, gsstoken);
1176 if (NATT_AVAILABLE(iph1) && iph1->natt_options != NULL &&
1177 pa->type == iph1->natt_options->payload_nat_d)
1186 iph1->natt_flags |= NAT_DETECTED;
1188 natd_verified = natt_compare_addr_hash (iph1,
1203 plog(LLV_ERROR, LOCATION, iph1->remote,
1212 if (NATT_AVAILABLE(iph1))
1214 iph1->natt_flags & NAT_DETECTED ?
1216 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
1217 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
1221 if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
1222 plog(LLV_ERROR, LOCATION, iph1->remote,
1227 iph1->status = PHASE1ST_MSG2RECEIVED;
1240 VPTRINIT(iph1->dhpub_p);
1241 VPTRINIT(iph1->nonce_p);
1242 VPTRINIT(iph1->id_p);
1257 ident_r2send(iph1, msg) in ident_r2send() argument
1258 struct ph1handle *iph1; in ident_r2send()
1264 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
1266 "status mismatched %d.\n", iph1->status);
1271 if (oakley_dh_generate(iph1->approval->dhgrp,
1272 &iph1->dhpub, &iph1->dhpriv) < 0)
1276 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
1277 if (iph1->nonce == NULL)
1281 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
1282 gssapi_get_rtoken(iph1, NULL);
1286 iph1->sendbuf = ident_ir2mx(iph1);
1287 if (iph1->sendbuf == NULL)
1291 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
1295 iph1->retry_counter = iph1->rmconf->retry_counter;
1296 if (isakmp_ph1resend(iph1) == -1)
1300 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1307 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
1308 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
1312 if (oakley_skeyid(iph1) < 0)
1314 if (oakley_skeyid_dae(iph1) < 0)
1316 if (oakley_compute_enckey(iph1) < 0)
1318 if (oakley_newiv(iph1) < 0)
1321 iph1->status = PHASE1ST_MSG2SENT;
1338 ident_r3recv(iph1, msg0) in ident_r3recv() argument
1339 struct ph1handle *iph1; in ident_r3recv()
1352 if (iph1->status != PHASE1ST_MSG2SENT) {
1354 "status mismatched %d.\n", iph1->status);
1360 plog(LLV_ERROR, LOCATION, iph1->remote,
1365 msg = oakley_do_decrypt(iph1, msg0, iph1->ivm->iv, iph1->ivm->ive);
1374 iph1->pl_hash = NULL;
1382 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
1386 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
1389 if (oakley_savecr(iph1, pa->ptr) < 0)
1393 if (oakley_savecert(iph1, pa->ptr) < 0)
1397 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
1404 gssapi_save_received_token(iph1, gsstoken);
1408 handle_vendorid(iph1, pa->ptr);
1411 isakmp_check_notify(pa->ptr, iph1);
1415 plog(LLV_ERROR, LOCATION, iph1->remote,
1428 switch (AUTHMETHOD(iph1)) {
1435 if (iph1->id_p == NULL || iph1->pl_hash == NULL)
1444 if (iph1->id_p == NULL || iph1->sig_p == NULL)
1453 if (iph1->pl_hash == NULL)
1458 if (gsstoken == NULL && iph1->pl_hash == NULL)
1463 plog(LLV_ERROR, LOCATION, iph1->remote,
1465 iph1->approval->authmethod);
1469 plog(LLV_ERROR, LOCATION, iph1->remote,
1476 if (ipsecdoi_checkid1(iph1) != 0) {
1477 plog(LLV_ERROR, LOCATION, iph1->remote,
1486 type = oakley_validate_auth(iph1);
1492 EVT_PUSH(iph1->local, iph1->remote,
1494 isakmp_info_send_n1(iph1, type, NULL);
1501 if (oakley_checkcr(iph1) < 0) {
1511 plog(LLV_DEBUG, LOCATION, iph1->remote, "peer's ID\n");
1512 plogdump(LLV_DEBUG, iph1->id_p->v, iph1->id_p->l);
1515 memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->ive->l);
1518 iph1->status = gsstoken != NULL ? PHASE1ST_MSG2RECEIVED :
1521 iph1->status = PHASE1ST_MSG3RECEIVED;
1537 VPTRINIT(iph1->id_p);
1538 oakley_delcert(iph1->cert_p);
1539 iph1->cert_p = NULL;
1540 oakley_delcert(iph1->crl_p);
1541 iph1->crl_p = NULL;
1542 VPTRINIT(iph1->sig_p);
1543 oakley_delcert(iph1->cr_p);
1544 iph1->cr_p = NULL;
1559 ident_r3send(iph1, msg) in ident_r3send() argument
1560 struct ph1handle *iph1; in ident_r3send()
1570 if (iph1->status != PHASE1ST_MSG3RECEIVED) {
1572 "status mismatched %d.\n", iph1->status);
1577 if (ipsecdoi_setid1(iph1) < 0)
1581 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB &&
1582 gssapi_more_tokens(iph1)) {
1583 gssapi_get_rtoken(iph1, &len);
1592 iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
1593 if (iph1->hash == NULL)
1596 iph1->hash = NULL;
1599 iph1->flags |= ISAKMP_FLAG_E;
1602 iph1->sendbuf = ident_ir3mx(iph1);
1603 if (iph1->sendbuf == NULL)
1607 if (isakmp_send(iph1, iph1->sendbuf) < 0)
1611 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1618 memcpy(iph1->ivm->ive->v, iph1->ivm->iv->v, iph1->ivm->iv->l);
1620 iph1->status = PHASE1ST_ESTABLISHED;
1644 ident_ir2mx(iph1) in ident_ir2mx() argument
1645 struct ph1handle *iph1; in ident_ir2mx()
1661 if (iph1->side == RESPONDER
1662 && iph1->rmconf->send_cr
1663 && oakley_needcr(iph1->approval->authmethod)
1664 && iph1->rmconf->peerscertfile == NULL) {
1666 cr = oakley_getcr(iph1);
1675 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
1676 gssapi_get_token_to_send(iph1, &gsstoken);
1680 plist = isakmp_plist_append(plist, iph1->dhpub, ISAKMP_NPTYPE_KE);
1683 plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);
1686 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
1700 if (NATT_AVAILABLE(iph1) && iph1->status == PHASE1ST_MSG2RECEIVED)
1702 if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
1704 "NAT-D hashing failed for %s\n", saddr2str(iph1->remote));
1708 if ((natd[1] = natt_hash_addr (iph1, iph1->local)) == NULL) {
1710 "NAT-D hashing failed for %s\n", saddr2str(iph1->local));
1715 plist = isakmp_plist_append(plist, natd[0], iph1->natt_options->payload_nat_d);
1716 plist = isakmp_plist_append(plist, natd[1], iph1->natt_options->payload_nat_d);
1720 buf = isakmp_plist_set_all (&plist, iph1);
1764 ident_ir3mx(iph1) in ident_ir3mx() argument
1765 struct ph1handle *iph1; in ident_ir3mx()
1779 switch (AUTHMETHOD(iph1)) {
1788 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
1791 plist = isakmp_plist_append(plist, iph1->hash, ISAKMP_NPTYPE_HASH);
1803 if (oakley_getmycert(iph1) < 0)
1806 if (oakley_getsign(iph1) < 0)
1810 if (iph1->side == INITIATOR
1811 && iph1->rmconf->send_cr
1812 && oakley_needcr(iph1->approval->authmethod)
1813 && iph1->rmconf->peerscertfile == NULL) {
1815 cr = oakley_getcr(iph1);
1823 if (iph1->cert != NULL && iph1->rmconf->send_cert)
1827 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
1831 plist = isakmp_plist_append(plist, iph1->cert->pl, ISAKMP_NPTYPE_CERT);
1833 plist = isakmp_plist_append(plist, iph1->sig, ISAKMP_NPTYPE_SIG);
1841 if (iph1->hash != NULL) {
1842 gsshash = gssapi_wraphash(iph1);
1846 gssapi_get_token_to_send(iph1, &gsstoken);
1849 if (!gssapi_id_sent(iph1)) {
1851 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
1852 gssapi_set_id_sent(iph1);
1855 if (iph1->hash != NULL)
1872 iph1->approval->authmethod);
1877 iph1->approval->authmethod);
1881 buf = isakmp_plist_set_all (&plist, iph1);
1884 isakmp_printpacket(buf, iph1->local, iph1->remote, 1);
1888 new = oakley_do_encrypt(iph1, buf, iph1->ivm->ive, iph1->ivm->iv);