Lines Matching refs:iph1

135 static int oakley_check_certid __P((struct ph1handle *iph1));
379 oakley_prf(key, buf, iph1) in oakley_prf() argument
381 struct ph1handle *iph1;
386 if (iph1->approval == NULL) {
393 type = iph1->approval->hashtype;
409 oakley_hash(buf, iph1) in oakley_hash() argument
411 struct ph1handle *iph1;
416 if (iph1->approval == NULL) {
423 type = iph1->approval->hashtype;
687 oakley_compute_hashx(struct ph1handle *iph1, ...) in oakley_compute_hashx() argument
697 va_start(ap, iph1); in oakley_compute_hashx()
712 va_start(ap, iph1); in oakley_compute_hashx()
724 res = oakley_prf(iph1->skeyid_a, buf, iph1); in oakley_compute_hashx()
741 oakley_compute_hash3(iph1, msgid, body) in oakley_compute_hash3() argument
742 struct ph1handle *iph1; in oakley_compute_hash3()
769 res = oakley_prf(iph1->skeyid_a, buf, iph1);
795 oakley_compute_hash1(iph1, msgid, body) in oakley_compute_hash1() argument
796 struct ph1handle *iph1; in oakley_compute_hash1()
825 res = oakley_prf(iph1->skeyid_a, buf, iph1);
848 oakley_ph1hash_common(iph1, sw) in oakley_ph1hash_common() argument
849 struct ph1handle *iph1; in oakley_ph1hash_common()
861 len = iph1->dhpub->l
862 + iph1->dhpub_p->l
864 + iph1->sa->l
865 + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
868 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
869 if (iph1->gi_i != NULL && iph1->gi_r != NULL) {
870 bp = (sw == GENERATE ? iph1->gi_i : iph1->gi_r);
874 gssapi_get_itokens(iph1, &gsstokens);
876 gssapi_get_rtokens(iph1, &gsstokens);
892 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
896 bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
900 if (iph1->side == INITIATOR)
902 (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
905 (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
910 if (iph1->side == INITIATOR)
912 (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
915 (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
920 bp = iph1->sa;
924 bp = (sw == GENERATE ? iph1->id : iph1->id_p);
929 if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
930 if (iph1->gi_i != NULL && iph1->gi_r != NULL) {
931 bp = (sw == GENERATE ? iph1->gi_i : iph1->gi_r);
944 res = oakley_prf(iph1->skeyid, buf, iph1);
951 iph1->side == INITIATOR ? "init" : "resp");
972 oakley_ph1hash_base_i(iph1, sw) in oakley_ph1hash_base_i() argument
973 struct ph1handle *iph1; in oakley_ph1hash_base_i()
984 if (iph1->etype != ISAKMP_ETYPE_BASE) {
990 switch (AUTHMETHOD(iph1)) {
1002 if (iph1->skeyid == NULL) {
1006 hashkey = iph1->skeyid;
1025 len = iph1->nonce->l + iph1->nonce_p->l;
1034 bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1038 bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1042 hash = oakley_hash(buf, iph1);
1054 iph1->approval->authmethod);
1059 len = (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1061 + iph1->sa->l
1062 + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
1071 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1075 memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1077 memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1080 memcpy(p, iph1->sa->v, iph1->sa->l);
1081 p += iph1->sa->l;
1083 bp = (sw == GENERATE ? iph1->id : iph1->id_p);
1091 res = oakley_prf(hashkey, buf, iph1);
1114 oakley_ph1hash_base_r(iph1, sw) in oakley_ph1hash_base_r() argument
1115 struct ph1handle *iph1; in oakley_ph1hash_base_r()
1125 if (iph1->etype != ISAKMP_ETYPE_BASE) {
1131 switch(AUTHMETHOD(iph1)) {
1149 iph1->approval->authmethod);
1155 len = iph1->nonce->l + iph1->nonce_p->l;
1164 bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1168 bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1172 hash = oakley_hash(buf, iph1);
1179 len = (sw == GENERATE ? iph1->dhpub_p->l : iph1->dhpub->l)
1180 + (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1182 + iph1->sa->l
1183 + (sw == GENERATE ? iph1->id_p->l : iph1->id->l);
1193 bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
1197 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1201 memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1203 memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1206 memcpy(p, iph1->sa->v, iph1->sa->l);
1207 p += iph1->sa->l;
1209 bp = (sw == GENERATE ? iph1->id_p : iph1->id);
1217 res = oakley_prf(hash, buf, iph1);
1243 oakley_validate_auth(iph1) in oakley_validate_auth() argument
1244 struct ph1handle *iph1; in oakley_validate_auth()
1259 switch (AUTHMETHOD(iph1)) {
1269 if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1270 plog(LLV_ERROR, LOCATION, iph1->remote,
1275 if (AUTHMETHOD(iph1) == FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I &&
1276 ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0))
1285 r_hash = (caddr_t)(iph1->pl_hash + 1);
1289 ntohs(iph1->pl_hash->h.len) - sizeof(*iph1->pl_hash));
1291 switch (iph1->etype) {
1294 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1297 if (iph1->side == INITIATOR)
1298 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1300 my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1304 "invalid etype %d\n", iph1->etype);
1336 if (iph1->id_p == NULL) {
1337 plog(LLV_ERROR, LOCATION, iph1->remote,
1341 if (iph1->sig_p == NULL) {
1342 plog(LLV_ERROR, LOCATION, iph1->remote,
1348 plogdump(LLV_DEBUG, iph1->sig_p->v, iph1->sig_p->l);
1351 switch (iph1->rmconf->getcert_method) {
1353 if (iph1->cert_p == NULL) {
1360 switch (iph1->rmconf->certtype) {
1362 if (iph1->rmconf->peerscertfile == NULL) {
1369 if (iph1->cert_p != NULL) {
1370 oakley_delcert(iph1->cert_p);
1371 iph1->cert_p = NULL;
1374 error = get_cert_fromlocal(iph1, 0);
1384 error = get_plainrsa_fromlocal(iph1, 0);
1391 if (iph1->rmconf->peerscertfile != NULL) {
1399 if (iph1->cert_p != NULL) {
1400 oakley_delcert(iph1->cert_p);
1401 iph1->cert_p = NULL;
1404 iph1->cert_p = dnssec_getcert(iph1->id_p);
1405 if (iph1->cert_p == NULL) {
1415 iph1->rmconf->getcert_method);
1420 if (iph1->rmconf->verify_cert &&
1421 (error = oakley_check_certid(iph1)) != 0)
1425 if (iph1->rmconf->verify_cert
1426 && iph1->rmconf->getcert_method == ISAKMP_GETCERT_PAYLOAD) {
1427 certtype = iph1->rmconf->certtype;
1429 switch (AUTHMETHOD(iph1)) {
1432 certtype = iph1->cert_p->type;
1443 if (iph1->rmconf->cacertfile != NULL) {
1446 iph1->rmconf->cacertfile);
1452 error = eay_check_x509cert(&iph1->cert_p->cert,
1472 if (iph1->rmconf->verify_cert){
1480 switch (iph1->etype) {
1483 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1486 if (iph1->side == INITIATOR)
1487 my_hash = oakley_ph1hash_base_r(iph1, VALIDATE);
1489 my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1493 "invalid etype %d\n", iph1->etype);
1500 certtype = iph1->rmconf->certtype;
1502 switch (AUTHMETHOD(iph1)) {
1505 certtype = iph1->cert_p->type;
1516 iph1->sig_p,
1517 &iph1->cert_p->cert);
1521 iph1->rsa_p = rsa_try_check_rsasign(my_hash,
1522 iph1->sig_p, iph1->rsa_candidates);
1523 error = iph1->rsa_p ? 0 : -1;
1548 if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) {
1566 if (iph1->rmconf->xauth)
1569 switch (iph1->etype) {
1572 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1576 "invalid etype %d\n", iph1->etype);
1581 if (gssapi_more_tokens(iph1))
1587 gsshash = gssapi_unwraphash(iph1);
1612 if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1613 plog(LLV_ERROR, LOCATION, iph1->remote,
1617 plog(LLV_ERROR, LOCATION, iph1->remote,
1619 s_oakley_attr_method(iph1->approval->authmethod));
1622 plog(LLV_ERROR, LOCATION, iph1->remote,
1624 iph1->approval->authmethod);
1630 s_oakley_attr_method(iph1->approval->authmethod),
1641 oakley_getmycert(iph1) in oakley_getmycert() argument
1642 struct ph1handle *iph1; in oakley_getmycert()
1644 switch (iph1->rmconf->certtype) {
1646 if (iph1->cert)
1648 return get_cert_fromlocal(iph1, 1);
1652 if (iph1->rsa)
1654 return get_plainrsa_fromlocal(iph1, 1);
1660 iph1->rmconf->certtype);
1673 get_cert_fromlocal(iph1, my) in get_cert_fromlocal() argument
1674 struct ph1handle *iph1; in get_cert_fromlocal()
1684 certfile = iph1->rmconf->mycertfile;
1685 certpl = &iph1->cert;
1687 certfile = iph1->rmconf->peerscertfile;
1688 certpl = &iph1->cert_p;
1695 switch (iph1->rmconf->certtype) {
1712 iph1->rmconf->certtype);
1738 (*certpl)->pl->v[0] = iph1->rmconf->certtype;
1739 (*certpl)->type = iph1->rmconf->certtype;
1757 get_plainrsa_fromlocal(iph1, my) in get_plainrsa_fromlocal() argument
1758 struct ph1handle *iph1; in get_plainrsa_fromlocal()
1766 iph1->rsa_candidates = rsa_lookup_keys(iph1, my);
1767 if (!iph1->rsa_candidates ||
1768 rsa_list_count(iph1->rsa_candidates) == 0) {
1773 iph1->local, iph1->remote));
1777 if (my && rsa_list_count(iph1->rsa_candidates) > 1) {
1781 rsa_list_count(iph1->rsa_candidates),
1783 iph1->local, iph1->remote));
1792 iph1->rsa = ((struct rsa_key *)
1793 genlist_next(iph1->rsa_candidates, NULL))->rsa;
1795 genlist_free(iph1->rsa_candidates, NULL);
1796 iph1->rsa_candidates = NULL;
1798 if (iph1->rsa == NULL)
1868 oakley_getsign(iph1) in oakley_getsign() argument
1869 struct ph1handle *iph1; in oakley_getsign()
1875 switch (iph1->rmconf->certtype) {
1878 if (iph1->rmconf->myprivfile == NULL) {
1886 iph1->rmconf->myprivfile);
1888 iph1->sig = keystore_sign(iph1->hash, path);
1899 iph1->sig = eay_get_x509sign(iph1->hash, privkey);
1904 iph1->sig = eay_get_rsasign(iph1->hash, iph1->rsa);
1910 iph1->rmconf->certtype);
1914 if (iph1->sig == NULL) {
1920 plogdump(LLV_DEBUG, iph1->sig->v, iph1->sig->l);
1935 oakley_check_certid(iph1) in oakley_check_certid() argument
1936 struct ph1handle *iph1; in oakley_check_certid()
1944 if (iph1->id_p == NULL || iph1->cert_p == NULL) {
1949 id_b = (struct ipsecdoi_id_b *)iph1->id_p->v;
1950 idlen = iph1->id_p->l - sizeof(*id_b);
1954 name = eay_get_x509asn1subjectname(&iph1->cert_p->cert);
1989 if (eay_get_x509subjectaltname(&iph1->cert_p->cert,
2055 if (eay_get_x509subjectaltname(&iph1->cert_p->cert,
2145 oakley_savecert(iph1, gen) in oakley_savecert() argument
2146 struct ph1handle *iph1; in oakley_savecert()
2169 c = &iph1->cert_p;
2172 c = &iph1->crl_p;
2281 if(iph1->rmconf->verify_cert &&
2282 oakley_check_certid(iph1)) {
2329 if(iph1->rmconf->verify_cert &&
2330 oakley_check_certid(iph1)){
2368 oakley_savecr(iph1, gen) in oakley_savecr() argument
2369 struct ph1handle *iph1; in oakley_savecr()
2387 c = &iph1->cr_p;
2491 oakley_getcr(iph1) in oakley_getcr() argument
2492 struct ph1handle *iph1; in oakley_getcr()
2502 if(iph1->rmconf->certtype == ISAKMP_CERT_NONE) {
2503 buf->v[0] = iph1->rmconf->cacerttype;
2505 s_isakmp_certtype(iph1->rmconf->cacerttype));
2507 buf->v[0] = iph1->rmconf->certtype;
2509 s_isakmp_certtype(iph1->rmconf->certtype));
2522 oakley_checkcr(iph1) in oakley_checkcr() argument
2523 struct ph1handle *iph1; in oakley_checkcr()
2525 if (iph1->cr_p == NULL)
2528 plog(LLV_DEBUG, LOCATION, iph1->remote,
2530 s_isakmp_certtype(iph1->cr_p->type));
2532 if (iph1->cr_p->type != iph1->rmconf->certtype) {
2533 plog(LLV_ERROR, LOCATION, iph1->remote,
2535 (char)iph1->cr_p->type);
2575 oakley_skeyid(iph1) in oakley_skeyid() argument
2576 struct ph1handle *iph1; in oakley_skeyid()
2584 switch (AUTHMETHOD(iph1)) {
2590 if (iph1->etype != ISAKMP_ETYPE_IDENT) {
2591 iph1->authstr = getpskbyname(iph1->id_p);
2592 if (iph1->authstr == NULL) {
2593 if (iph1->rmconf->verify_identifier) {
2594 plog(LLV_ERROR, LOCATION, iph1->remote,
2598 plog(LLV_NOTIFY, LOCATION, iph1->remote,
2603 if (iph1->authstr == NULL) {
2610 iph1->authstr = getpskbyaddr(iph1->remote);
2611 if (iph1->authstr == NULL) {
2612 plog(LLV_ERROR, LOCATION, iph1->remote,
2614 saddrwop2str(iph1->remote));
2621 plogdump(LLV_DEBUG2, iph1->authstr->v, iph1->authstr->l);
2623 len = iph1->nonce->l + iph1->nonce_p->l;
2632 bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2638 bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2644 iph1->skeyid = oakley_prf(iph1->authstr, buf, iph1);
2645 if (iph1->skeyid == NULL)
2664 len = iph1->nonce->l + iph1->nonce_p->l;
2673 bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2679 bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2685 iph1->skeyid = oakley_prf(buf, iph1->dhgxy, iph1);
2686 if (iph1->skeyid == NULL)
2699 s_oakley_attr_method(iph1->approval->authmethod));
2704 iph1->approval->authmethod);
2709 plogdump(LLV_DEBUG, iph1->skeyid->v, iph1->skeyid->l);
2727 oakley_skeyid_dae(iph1) in oakley_skeyid_dae() argument
2728 struct ph1handle *iph1; in oakley_skeyid_dae()
2735 if (iph1->skeyid == NULL) {
2742 len = iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2751 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2752 p += iph1->dhgxy->l;
2753 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2755 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2758 iph1->skeyid_d = oakley_prf(iph1->skeyid, buf, iph1);
2759 if (iph1->skeyid_d == NULL)
2766 plogdump(LLV_DEBUG, iph1->skeyid_d->v, iph1->skeyid_d->l);
2770 len = iph1->skeyid_d->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2778 memcpy(p, iph1->skeyid_d->v, iph1->skeyid_d->l);
2779 p += iph1->skeyid_d->l;
2780 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2781 p += iph1->dhgxy->l;
2782 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2784 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2787 iph1->skeyid_a = oakley_prf(iph1->skeyid, buf, iph1);
2788 if (iph1->skeyid_a == NULL)
2795 plogdump(LLV_DEBUG, iph1->skeyid_a->v, iph1->skeyid_a->l);
2799 len = iph1->skeyid_a->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2807 memcpy(p, iph1->skeyid_a->v, iph1->skeyid_a->l);
2808 p += iph1->skeyid_a->l;
2809 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2810 p += iph1->dhgxy->l;
2811 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2813 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2816 iph1->skeyid_e = oakley_prf(iph1->skeyid, buf, iph1);
2817 if (iph1->skeyid_e == NULL)
2824 plogdump(LLV_DEBUG, iph1->skeyid_e->v, iph1->skeyid_e->l);
2839 oakley_compute_enckey(iph1) in oakley_compute_enckey() argument
2840 struct ph1handle *iph1; in oakley_compute_enckey()
2846 keylen = alg_oakley_encdef_keylen(iph1->approval->enctype,
2847 iph1->approval->encklen);
2852 iph1->approval->enctype,
2853 iph1->approval->encklen);
2856 iph1->key = vmalloc(keylen >> 3);
2857 if (iph1->key == NULL) {
2864 prflen = alg_oakley_hashdef_hashlen(iph1->approval->hashtype);
2867 "invalid hash type %d.\n", iph1->approval->hashtype);
2872 if (iph1->key->l <= iph1->skeyid_e->l) {
2877 memcpy(iph1->key->v, iph1->skeyid_e->v, iph1->key->l);
2895 iph1->skeyid_e->l, iph1->key->l);
2902 p = (u_char *)iph1->key->v;
2903 ep = p + iph1->key->l;
2907 if (p == (u_char *)iph1->key->v) {
2912 res = oakley_prf(iph1->skeyid_e, buf, iph1);
2951 if (iph1->approval->enctype > ARRAYLEN(oakley_encdef)
2952 || oakley_encdef[iph1->approval->enctype].weakkey == NULL) {
2955 iph1->approval->enctype);
2958 if ((oakley_encdef[iph1->approval->enctype].weakkey)(iph1->key)) {
2966 plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
3010 oakley_newiv(iph1) in oakley_newiv() argument
3011 struct ph1handle *iph1; in oakley_newiv()
3019 len = iph1->dhpub->l + iph1->dhpub_p->l;
3029 bp = (iph1->side == INITIATOR ? iph1->dhpub : iph1->dhpub_p);
3033 bp = (iph1->side == INITIATOR ? iph1->dhpub_p : iph1->dhpub);
3047 newivm->iv = oakley_hash(buf, iph1);
3055 newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3059 iph1->approval->enctype);
3079 iph1->ivm = newivm;
3094 oakley_newiv2(iph1, msgid) in oakley_newiv2() argument
3095 struct ph1handle *iph1; in oakley_newiv2()
3105 len = iph1->ivm->iv->l + sizeof(msgid_t);
3115 memcpy(p, iph1->ivm->iv->v, iph1->ivm->iv->l);
3116 p += iph1->ivm->iv->l;
3133 if ((newivm->iv = oakley_hash(buf, iph1)) == NULL)
3137 newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3141 iph1->approval->enctype);
3188 oakley_do_decrypt(iph1, msg, ivdp, ivep) in oakley_do_decrypt() argument
3189 struct ph1handle *iph1; in oakley_do_decrypt()
3201 blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3205 iph1->approval->enctype);
3231 new = alg_oakley_encdef_decrypt(iph1->approval->enctype,
3232 buf, iph1->key, ivdp);
3235 "decryption %d failed.\n", iph1->approval->enctype);
3239 plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
3289 isakmp_printpacket(buf, iph1->remote, iph1->local, 1);
3309 oakley_do_encrypt(iph1, msg, ivep, ivp) in oakley_do_encrypt() argument
3310 struct ph1handle *iph1; in oakley_do_encrypt()
3323 blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3327 iph1->approval->enctype);
3364 new = alg_oakley_encdef_encrypt(iph1->approval->enctype,
3365 buf, iph1->key, ivep);
3368 "encryption %d failed.\n", iph1->approval->enctype);
3372 plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);