Lines Matching refs:iph1
103 base_i1send(iph1, msg)
104 struct ph1handle *iph1;
131 if (iph1->status != PHASE1ST_START) {
133 "status mismatched %d.\n", iph1->status);
138 memset(&iph1->index, 0, sizeof(iph1->index));
139 isakmp_newcookie((caddr_t)&iph1->index, iph1->remote, iph1->local);
142 if (ipsecdoi_setid1(iph1) < 0)
146 iph1->sa = ipsecdoi_setph1proposal(iph1->rmconf,
147 iph1->rmconf->proposal);
148 if (iph1->sa == NULL)
152 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
153 if (iph1->nonce == NULL)
158 switch (iph1->rmconf->proposal->authmethod) {
179 if (iph1->rmconf->ike_frag) {
191 if (iph1->rmconf->nat_traversal) {
214 plist = isakmp_plist_append(plist, iph1->sa, ISAKMP_NPTYPE_SA);
217 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
220 plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);
235 if (iph1->rmconf->dpd) {
246 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
250 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
254 if (isakmp_ph1send(iph1) == -1)
257 iph1->status = PHASE1ST_MSG1SENT;
292 base_i2recv(iph1, msg)
293 struct ph1handle *iph1;
306 if (iph1->status != PHASE1ST_MSG1SENT) {
308 "status mismatched %d.\n", iph1->status);
320 plog(LLV_ERROR, LOCATION, iph1->remote,
336 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
340 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
344 handle_vendorid(iph1, pa->ptr);
348 plog(LLV_ERROR, LOCATION, iph1->remote,
356 if (iph1->nonce_p == NULL || iph1->id_p == NULL) {
357 plog(LLV_ERROR, LOCATION, iph1->remote,
363 if (ipsecdoi_checkid1(iph1) != 0) {
364 plog(LLV_ERROR, LOCATION, iph1->remote,
370 if (NATT_AVAILABLE(iph1))
371 plog(LLV_INFO, LOCATION, iph1->remote,
373 vid_string_by_id(iph1->natt_options->version));
377 if (ipsecdoi_checkph1proposal(satmp, iph1) < 0) {
378 plog(LLV_ERROR, LOCATION, iph1->remote,
383 VPTRINIT(iph1->sa_ret);
385 iph1->status = PHASE1ST_MSG2RECEIVED;
396 VPTRINIT(iph1->nonce_p);
397 VPTRINIT(iph1->id_p);
411 base_i2send(iph1, msg)
412 struct ph1handle *iph1;
421 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
423 "status mismatched %d.\n", iph1->status);
428 memcpy(&iph1->index.r_ck, &((struct isakmp *)msg->v)->r_ck,
432 if (oakley_dh_generate(iph1->approval->dhgrp,
433 &iph1->dhpub, &iph1->dhpriv) < 0)
437 switch (iph1->approval->authmethod) {
449 if (oakley_skeyid(iph1) < 0)
456 iph1->hash = oakley_ph1hash_base_i(iph1, GENERATE);
457 if (iph1->hash == NULL)
459 switch (iph1->approval->authmethod) {
466 vid = set_vendorid(iph1->approval->vendorid);
469 plist = isakmp_plist_append(plist, iph1->dhpub, ISAKMP_NPTYPE_KE);
472 plist = isakmp_plist_append(plist, iph1->hash, ISAKMP_NPTYPE_HASH);
486 if (oakley_getmycert(iph1) < 0)
489 if (oakley_getsign(iph1) < 0)
492 if (iph1->cert && iph1->rmconf->send_cert)
496 plist = isakmp_plist_append(plist, iph1->dhpub,
501 plist = isakmp_plist_append(plist, iph1->cert,
506 iph1->sig, ISAKMP_NPTYPE_SIG);
525 if (NATT_AVAILABLE(iph1))
530 if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
532 "NAT-D hashing failed for %s\n", saddr2str(iph1->remote));
536 if ((natd[1] = natt_hash_addr (iph1, iph1->local)) == NULL) {
538 "NAT-D hashing failed for %s\n", saddr2str(iph1->local));
542 plist = isakmp_plist_append(plist, natd[0], iph1->natt_options->payload_nat_d);
543 plist = isakmp_plist_append(plist, natd[1], iph1->natt_options->payload_nat_d);
547 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
550 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
554 if (isakmp_ph1send(iph1) == -1)
558 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
564 iph1->status = PHASE1ST_MSG2SENT;
582 base_i3recv(iph1, msg)
583 struct ph1handle *iph1;
595 if (iph1->status != PHASE1ST_MSG2SENT) {
597 "status mismatched %d.\n", iph1->status);
612 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
616 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
619 if (oakley_savecert(iph1, pa->ptr) < 0)
623 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
627 handle_vendorid(iph1, pa->ptr);
633 if (NATT_AVAILABLE(iph1) && iph1->natt_options &&
634 pa->type == iph1->natt_options->payload_nat_d) {
642 iph1->natt_flags |= NAT_DETECTED;
645 from iph1->natt_flags */
646 natd_verified = natt_compare_addr_hash (iph1,
661 plog(LLV_ERROR, LOCATION, iph1->remote,
670 if (NATT_AVAILABLE(iph1)) {
672 iph1->natt_flags & NAT_DETECTED ?
674 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
675 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
676 if (iph1->natt_flags & NAT_DETECTED)
677 natt_float_ports (iph1);
683 ptype = oakley_validate_auth(iph1);
689 evt_phase1(iph1, EVT_PHASE1_AUTH_FAILED, NULL);
690 isakmp_info_send_n1(iph1, ptype, NULL);
695 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
696 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
700 switch (iph1->approval->authmethod) {
710 if (oakley_skeyid(iph1) < 0)
718 if (oakley_skeyid_dae(iph1) < 0)
720 if (oakley_compute_enckey(iph1) < 0)
722 if (oakley_newiv(iph1) < 0)
726 memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->iv->l);
729 iph1->flags |= ISAKMP_FLAG_E;
731 iph1->status = PHASE1ST_MSG3RECEIVED;
740 VPTRINIT(iph1->dhpub_p);
741 VPTRINIT(iph1->cert_p);
742 VPTRINIT(iph1->crl_p);
743 VPTRINIT(iph1->sig_p);
753 base_i3send(iph1, msg)
754 struct ph1handle *iph1;
760 if (iph1->status != PHASE1ST_MSG3RECEIVED) {
762 "status mismatched %d.\n", iph1->status);
766 iph1->status = PHASE1ST_ESTABLISHED;
782 base_r1recv(iph1, msg)
783 struct ph1handle *iph1;
792 if (iph1->status != PHASE1ST_START) {
794 "status mismatched %d.\n", iph1->status);
806 plog(LLV_ERROR, LOCATION, iph1->remote,
812 if (isakmp_p2ph(&iph1->sa, pa->ptr) < 0)
822 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
826 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
830 vid_numeric = handle_vendorid(iph1, pa->ptr);
834 iph1->frag = 1;
839 plog(LLV_ERROR, LOCATION, iph1->remote,
847 if (iph1->nonce_p == NULL || iph1->id_p == NULL) {
848 plog(LLV_ERROR, LOCATION, iph1->remote,
854 if (ipsecdoi_checkid1(iph1) != 0) {
855 plog(LLV_ERROR, LOCATION, iph1->remote,
861 if (NATT_AVAILABLE(iph1))
862 plog(LLV_INFO, LOCATION, iph1->remote,
864 vid_string_by_id(iph1->natt_options->version));
868 if (ipsecdoi_checkph1proposal(iph1->sa, iph1) < 0) {
869 plog(LLV_ERROR, LOCATION, iph1->remote,
875 iph1->status = PHASE1ST_MSG1RECEIVED;
884 VPTRINIT(iph1->sa);
885 VPTRINIT(iph1->nonce_p);
886 VPTRINIT(iph1->id_p);
900 base_r1send(iph1, msg)
901 struct ph1handle *iph1;
921 if (iph1->status != PHASE1ST_MSG1RECEIVED) {
923 "status mismatched %d.\n", iph1->status);
928 isakmp_newcookie((caddr_t)&iph1->index.r_ck, iph1->remote, iph1->local);
931 if (ipsecdoi_setid1(iph1) < 0)
935 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
936 if (iph1->nonce == NULL)
940 plist = isakmp_plist_append(plist, iph1->sa_ret, ISAKMP_NPTYPE_SA);
943 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
946 plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);
950 if (NATT_AVAILABLE(iph1))
951 vid_natt = set_vendorid(iph1->natt_options->version);
956 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
967 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) {
982 if (iph1->dpd_support && iph1->rmconf->dpd) {
993 if (iph1->rmconf->ike_frag) {
1006 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
1009 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
1013 if (isakmp_ph1send(iph1) == -1) {
1014 iph1 = NULL;
1019 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1025 iph1->status = PHASE1ST_MSG1SENT;
1049 if (iph1 != NULL)
1050 VPTRINIT(iph1->sa_ret);
1063 base_r2recv(iph1, msg)
1064 struct ph1handle *iph1;
1075 if (iph1->status != PHASE1ST_MSG1SENT) {
1077 "status mismatched %d.\n", iph1->status);
1086 iph1->pl_hash = NULL;
1094 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
1098 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
1101 if (oakley_savecert(iph1, pa->ptr) < 0)
1105 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
1109 handle_vendorid(iph1, pa->ptr);
1115 if (pa->type == iph1->natt_options->payload_nat_d)
1124 iph1->natt_flags |= NAT_DETECTED;
1126 natd_verified = natt_compare_addr_hash (iph1,
1141 plog(LLV_ERROR, LOCATION, iph1->remote,
1150 if (oakley_dh_generate(iph1->approval->dhgrp,
1151 &iph1->dhpub, &iph1->dhpriv) < 0)
1155 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
1156 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
1160 if (oakley_skeyid(iph1) < 0)
1164 if (NATT_AVAILABLE(iph1))
1166 iph1->natt_flags & NAT_DETECTED ?
1168 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
1169 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
1174 ptype = oakley_validate_auth(iph1);
1180 evt_phase1(iph1, EVT_PHASE1_AUTH_FAILED, NULL);
1181 isakmp_info_send_n1(iph1, ptype, NULL);
1185 iph1->status = PHASE1ST_MSG2RECEIVED;
1194 VPTRINIT(iph1->dhpub_p);
1195 VPTRINIT(iph1->cert_p);
1196 VPTRINIT(iph1->crl_p);
1197 VPTRINIT(iph1->sig_p);
1211 base_r2send(iph1, msg)
1212 struct ph1handle *iph1;
1221 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
1223 "status mismatched %d.\n", iph1->status);
1229 switch (iph1->approval->authmethod) {
1240 iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
1253 iph1->hash = oakley_ph1hash_base_r(iph1, GENERATE);
1258 iph1->approval->authmethod);
1261 if (iph1->hash == NULL)
1264 switch (iph1->approval->authmethod) {
1269 vid = set_vendorid(iph1->approval->vendorid);
1273 iph1->dhpub, ISAKMP_NPTYPE_KE);
1277 iph1->hash, ISAKMP_NPTYPE_HASH);
1294 if (oakley_getmycert(iph1) < 0)
1297 if (oakley_getsign(iph1) < 0)
1300 if (iph1->cert && iph1->rmconf->send_cert)
1304 plist = isakmp_plist_append(plist, iph1->dhpub,
1309 plist = isakmp_plist_append(plist, iph1->cert,
1313 plist = isakmp_plist_append(plist, iph1->sig,
1332 if (NATT_AVAILABLE(iph1)) {
1337 if ((natd[0] = natt_hash_addr(iph1, iph1->remote)) == NULL) {
1340 saddr2str(iph1
1344 if ((natd[1] = natt_hash_addr(iph1, iph1->local)) == NULL) {
1347 saddr2str(iph1->local));
1352 natd[0], iph1->natt_options->payload_nat_d);
1354 natd[1], iph1->natt_options->payload_nat_d);
1358 iph1->sendbuf = isakmp_plist_set_all(&plist, iph1);
1361 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
1365 if (isakmp_send(iph1, iph1->sendbuf) < 0)
1369 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1376 if (oakley_skeyid_dae(iph1) < 0)
1378 if (oakley_compute_enckey(iph1) < 0)
1380 if (oakley_newiv(iph1) < 0)
1384 iph1->flags |= ISAKMP_FLAG_E;
1386 iph1->status = PHASE1ST_ESTABLISHED;
