Lines Matching refs:iph1
126 static int oakley_check_certid __P((struct ph1handle *iph1));
422 oakley_prf(key, buf, iph1)
424 struct ph1handle *iph1;
429 if (iph1->approval == NULL) {
436 type = iph1->approval->hashtype;
452 oakley_hash(buf, iph1)
454 struct ph1handle *iph1;
459 if (iph1->approval == NULL) {
466 type = iph1->approval->hashtype;
730 oakley_compute_hashx(struct ph1handle *iph1, ...)
740 va_start(ap, iph1);
755 va_start(ap, iph1);
767 res = oakley_prf(iph1->skeyid_a, buf, iph1);
784 oakley_compute_hash3(iph1, msgid, body)
785 struct ph1handle *iph1;
812 res = oakley_prf(iph1->skeyid_a, buf, iph1);
838 oakley_compute_hash1(iph1, msgid, body)
839 struct ph1handle *iph1;
868 res = oakley_prf(iph1->skeyid_a, buf, iph1);
891 oakley_ph1hash_common(iph1, sw)
892 struct ph1handle *iph1;
904 len = iph1->dhpub->l
905 + iph1->dhpub_p->l
907 + iph1->sa->l
908 + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
911 if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
912 if (iph1->gi_i != NULL && iph1->gi_r != NULL) {
913 bp = (sw == GENERATE ? iph1->gi_i : iph1->gi_r);
917 gssapi_get_itokens(iph1, &gsstokens);
919 gssapi_get_rtokens(iph1, &gsstokens);
935 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
939 bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
943 if (iph1->side == INITIATOR)
945 (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
948 (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
953 if (iph1->side == INITIATOR)
955 (char *)&iph1->index.r_ck : (char *)&iph1->index.i_ck);
958 (char *)&iph1->index.i_ck : (char *)&iph1->index.r_ck);
963 bp = iph1->sa;
967 bp = (sw == GENERATE ? iph1->id : iph1->id_p);
972 if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
973 if (iph1->gi_i != NULL && iph1->gi_r != NULL) {
974 bp = (sw == GENERATE ? iph1->gi_i : iph1->gi_r);
987 res = oakley_prf(iph1->skeyid, buf, iph1);
994 iph1->side == INITIATOR ? "init" : "resp");
1015 oakley_ph1hash_base_i(iph1, sw)
1016 struct ph1handle *iph1;
1027 if (iph1->etype != ISAKMP_ETYPE_BASE) {
1033 switch (iph1->approval->authmethod) {
1045 if (iph1->skeyid == NULL) {
1049 hashkey = iph1->skeyid;
1068 len = iph1->nonce->l + iph1->nonce_p->l;
1077 bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1081 bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1085 hash = oakley_hash(buf, iph1);
1097 iph1->approval->authmethod);
1102 len = (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1104 + iph1->sa->l
1105 + (sw == GENERATE ? iph1->id->l : iph1->id_p->l);
1114 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1118 memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1120 memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1123 memcpy(p, iph1->sa->v, iph1->sa->l);
1124 p += iph1->sa->l;
1126 bp = (sw == GENERATE ? iph1->id : iph1->id_p);
1134 res = oakley_prf(hashkey, buf, iph1);
1157 oakley_ph1hash_base_r(iph1, sw)
1158 struct ph1handle *iph1;
1168 if (iph1->etype != ISAKMP_ETYPE_BASE) {
1174 switch (iph1->approval->authmethod) {
1192 iph1->approval->authmethod);
1198 len = iph1->nonce->l + iph1->nonce_p->l;
1207 bp = (sw == GENERATE ? iph1->nonce_p : iph1->nonce);
1211 bp = (sw == GENERATE ? iph1->nonce : iph1->nonce_p);
1215 hash = oakley_hash(buf, iph1);
1222 len = (sw == GENERATE ? iph1->dhpub_p->l : iph1->dhpub->l)
1223 + (sw == GENERATE ? iph1->dhpub->l : iph1->dhpub_p->l)
1225 + iph1->sa->l
1226 + (sw == GENERATE ? iph1->id_p->l : iph1->id->l);
1236 bp = (sw == GENERATE ? iph1->dhpub_p : iph1->dhpub);
1240 bp = (sw == GENERATE ? iph1->dhpub : iph1->dhpub_p);
1244 memcpy(p, &iph1->index.i_ck, sizeof(cookie_t));
1246 memcpy(p, &iph1->index.r_ck, sizeof(cookie_t));
1249 memcpy(p, iph1->sa->v, iph1->sa->l);
1250 p += iph1->sa->l;
1252 bp = (sw == GENERATE ? iph1->id_p : iph1->id);
1260 res = oakley_prf(hash, buf, iph1);
1286 oakley_validate_auth(iph1)
1287 struct ph1handle *iph1;
1302 switch (iph1->approval->authmethod) {
1312 if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1313 plog(LLV_ERROR, LOCATION, iph1->remote,
1318 if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I &&
1319 ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0))
1328 r_hash = (caddr_t)(iph1->pl_hash + 1);
1332 ntohs(iph1->pl_hash->h.len) - sizeof(*iph1->pl_hash));
1334 switch (iph1->etype) {
1337 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1340 if (iph1->side == INITIATOR)
1341 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1343 my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1347 "invalid etype %d\n", iph1->etype);
1379 if (iph1->id_p == NULL) {
1380 plog(LLV_ERROR, LOCATION, iph1->remote,
1384 if (iph1->sig_p == NULL) {
1385 plog(LLV_ERROR, LOCATION, iph1->remote,
1391 plogdump(LLV_DEBUG, iph1->sig_p->v, iph1->sig_p->l);
1394 certtype = oakley_get_certtype(iph1->rmconf->peerscert);
1398 if (iph1->cert_p == NULL) {
1404 if (!iph1->rmconf->verify_cert)
1407 switch (oakley_get_certtype(iph1
1412 if (iph1->rmconf->cacertfile != NULL) {
1415 iph1->rmconf->cacertfile);
1422 iph1->cert_p,
1441 if (iph1->rmconf->peerscert == NULL) {
1447 if (iph1->cert_p != NULL) {
1448 vfree(iph1->cert_p);
1449 iph1->cert_p = NULL;
1452 iph1->cert_p = vdup(iph1->rmconf->peerscert);
1456 if (get_plainrsa_fromlocal(iph1, 0))
1461 if (iph1->cert_p != NULL) {
1462 vfree(iph1->cert_p);
1463 iph1->cert_p = NULL;
1466 iph1->cert_p = dnssec_getcert(iph1->id_p);
1467 if (iph1->cert_p == NULL) {
1477 oakley_get_certtype(iph1->rmconf->peerscert));
1482 if ((error = oakley_check_certid(iph1)) != 0)
1486 if (iph1->rmconf->verify_cert) {
1495 switch (iph1->etype) {
1498 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1501 if (iph1->side == INITIATOR)
1502 my_hash = oakley_ph1hash_base_r(iph1, VALIDATE);
1504 my_hash = oakley_ph1hash_base_i(iph1, VALIDATE);
1508 "invalid etype %d\n", iph1->etype);
1515 certtype = oakley_get_certtype(iph1->cert_p);
1517 certtype = oakley_get_certtype(iph1->rmconf->peerscert);
1522 iph1->sig_p,
1523 iph1->cert_p);
1527 iph1->rsa_p = rsa_try_check_rsasign(my_hash,
1528 iph1->sig_p, iph1->rsa_candidates);
1529 error = iph1->rsa_p ? 0 : -1;
1530 genlist_free(iph1->rsa_candidates, NULL);
1531 iph1->rsa_candidates = NULL;
1555 if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) {
1573 if (iph1->rmconf->xauth)
1576 switch (iph1->etype) {
1579 my_hash = oakley_ph1hash_common(iph1, VALIDATE);
1583 "invalid etype %d\n", iph1->etype);
1588 if (gssapi_more_tokens(iph1))
1594 gsshash = gssapi_unwraphash(iph1);
1619 if (iph1->id_p == NULL || iph1->pl_hash == NULL) {
1620 plog(LLV_ERROR, LOCATION, iph1->remote,
1624 plog(LLV_ERROR, LOCATION, iph1->remote,
1626 s_oakley_attr_method(iph1->approval->authmethod));
1629 plog(LLV_ERROR, LOCATION, iph1->remote,
1631 iph1->approval->authmethod);
1637 s_oakley_attr_method(iph1->approval->authmethod),
1648 oakley_getmycert(iph1)
1649 struct ph1handle *iph1;
1651 switch (oakley_get_certtype(iph1->rmconf->mycert)) {
1653 if (iph1->cert)
1655 iph1->cert = vdup(iph1->rmconf->mycert);
1659 if (iph1->rsa)
1661 return get_plainrsa_fromlocal(iph1, 1);
1666 oakley_get_certtype(iph1->rmconf->mycert));
1675 get_plainrsa_fromlocal(iph1, my)
1676 struct ph1handle *iph1;
1684 iph1->rsa_candidates = rsa_lookup_keys(iph1, my);
1685 if (!iph1->rsa_candidates ||
1686 rsa_list_count(iph1->rsa_candidates) == 0) {
1691 iph1->local, iph1->remote));
1695 if (my && rsa_list_count(iph1->rsa_candidates) > 1) {
1699 rsa_list_count(iph1->rsa_candidates),
1701 iph1->local, iph1->remote));
1710 iph1->rsa = ((struct rsa_key *)
1711 genlist_next(iph1->rsa_candidates, NULL))->rsa;
1713 genlist_free(iph1->rsa_candidates, NULL);
1714 iph1->rsa_candidates = NULL;
1716 if (iph1->rsa == NULL)
1729 oakley_getsign(iph1)
1730 struct ph1handle *iph1;
1736 switch (oakley_get_certtype(iph1->rmconf->mycert)) {
1739 if (iph1->rmconf->myprivfile == NULL) {
1747 iph1->rmconf->myprivfile);
1756 iph1->sig = eay_get_x509sign(iph1->hash, privkey);
1760 iph1->sig = eay_get_rsasign(iph1->hash, iph1->rsa);
1766 oakley_get_certtype(iph1->rmconf->mycert));
1770 if (iph1->sig == NULL) {
1776 plogdump(LLV_DEBUG, iph1->sig->v, iph1->sig->l);
1791 oakley_check_certid(iph1)
1792 struct ph1handle *iph1;
1800 if (iph1->rmconf == NULL || iph1->rmconf->verify_cert == FALSE)
1803 if (iph1->id_p == NULL || iph1->cert_p == NULL) {
1804 plog(LLV_ERROR, LOCATION, iph1->remote, "no ID nor CERT found.\n");
1808 id_b = (struct ipsecdoi_id_b *)iph1->id_p->v;
1809 idlen = iph1->id_p->l - sizeof(*id_b);
1813 name = eay_get_x509asn1subjectname(iph1->cert_p);
1815 plog(LLV_ERROR, LOCATION, iph1->remote,
1820 plog(LLV_ERROR, LOCATION, iph1->remote,
1827 plog(LLV_ERROR, LOCATION, iph1->remote,
1831 if (iph1->rmconf->verify_identifier) {
1851 if (eay_get_x509subjectaltname(iph1->cert_p,
1907 if (iph1->rmconf->verify_identifier)
1918 if (eay_get_x509subjectaltname(iph1->cert_p,
2008 oakley_savecert(iph1, gen)
2009 struct ph1handle *iph1;
2030 c = &iph1->cert_p;
2033 c = &iph1->crl_p;
2119 if (oakley_check_certid(iph1)) {
2155 if (oakley_check_certid(iph1)){
2193 oakley_savecr(iph1, gen)
2194 struct ph1handle *iph1;
2212 c = &iph1->cr_p;
2242 if (resolveph1rmconf(iph1) == 0) {
2257 struct ph1handle *iph1;
2284 plog(LLV_ERROR, LOCATION, actx->iph1->remote,
2296 plog(LLV_DEBUG, LOCATION, actx->iph1->remote,
2313 oakley_append_cr(plist, iph1)
2315 struct ph1handle *iph1;
2320 ctx.iph1 = iph1;
2322 if (iph1->rmconf == NULL) {
2323 rmconf_selector_from_ph1(&sel, iph1);
2326 oakley_append_rmconf_cr(iph1->rmconf, &ctx);
2336 oakley_checkcr(iph1)
2337 struct ph1handle *iph1;
2341 if (iph1->cr_p == NULL)
2344 plog(LLV_DEBUG, LOCATION, iph1->remote,
2346 s_isakmp_certtype(oakley_get_certtype(iph1->cr_p)));
2348 type = oakley_get_certtype(iph1->cr_p);
2349 if (type != oakley_get_certtype(iph1->rmconf->mycert)) {
2350 plog(LLV_ERROR, LOCATION, iph1->remote,
2392 oakley_skeyid(iph1)
2393 struct ph1handle *iph1;
2401 switch (iph1->approval->authmethod) {
2407 if (iph1->etype != ISAKMP_ETYPE_IDENT) {
2408 iph1->authstr = getpskbyname(iph1->id_p);
2409 if (iph1->authstr == NULL) {
2410 if (iph1->rmconf->verify_identifier) {
2411 plog(LLV_ERROR, LOCATION, iph1->remote,
2415 plog(LLV_NOTIFY, LOCATION, iph1->remote,
2420 if (iph1->authstr == NULL) {
2427 iph1->authstr = getpskbyaddr(iph1->remote);
2428 if (iph1->authstr == NULL) {
2429 plog(LLV_ERROR, LOCATION, iph1->remote,
2431 saddrwop2str(iph1->remote));
2438 plogdump(LLV_DEBUG2, iph1->authstr->v, iph1->authstr->l);
2440 len = iph1->nonce->l + iph1->nonce_p->l;
2449 bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2455 bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2461 iph1->skeyid = oakley_prf(iph1->authstr, buf, iph1);
2462 if (iph1->skeyid == NULL)
2481 len = iph1->nonce->l + iph1->nonce_p->l;
2490 bp = (iph1->side == INITIATOR ? iph1->nonce : iph1->nonce_p);
2496 bp = (iph1->side == INITIATOR ? iph1->nonce_p : iph1->nonce);
2502 iph1->skeyid = oakley_prf(buf, iph1->dhgxy, iph1);
2503 if (iph1->skeyid == NULL)
2516 s_oakley_attr_method(iph1->approval->authmethod));
2521 iph1->approval->authmethod);
2526 plogdump(LLV_DEBUG, iph1->skeyid->v, iph1->skeyid->l);
2544 oakley_skeyid_dae(iph1)
2545 struct ph1handle *iph1;
2552 if (iph1->skeyid == NULL) {
2559 len = iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2568 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2569 p += iph1->dhgxy->l;
2570 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2572 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2575 iph1->skeyid_d = oakley_prf(iph1->skeyid, buf, iph1);
2576 if (iph1->skeyid_d == NULL)
2583 plogdump(LLV_DEBUG, iph1->skeyid_d->v, iph1->skeyid_d->l);
2587 len = iph1->skeyid_d->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2595 memcpy(p, iph1->skeyid_d->v, iph1->skeyid_d->l);
2596 p += iph1->skeyid_d->l;
2597 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2598 p += iph1->dhgxy->l;
2599 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2601 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2604 iph1->skeyid_a = oakley_prf(iph1->skeyid, buf, iph1);
2605 if (iph1->skeyid_a == NULL)
2612 plogdump(LLV_DEBUG, iph1->skeyid_a->v, iph1->skeyid_a->l);
2616 len = iph1->skeyid_a->l + iph1->dhgxy->l + sizeof(cookie_t) * 2 + 1;
2624 memcpy(p, iph1->skeyid_a->v, iph1->skeyid_a->l);
2625 p += iph1->skeyid_a->l;
2626 memcpy(p, iph1->dhgxy->v, iph1->dhgxy->l);
2627 p += iph1->dhgxy->l;
2628 memcpy(p, (caddr_t)&iph1->index.i_ck, sizeof(cookie_t));
2630 memcpy(p, (caddr_t)&iph1->index.r_ck, sizeof(cookie_t));
2633 iph1->skeyid_e = oakley_prf(iph1->skeyid, buf, iph1);
2634 if (iph1->skeyid_e == NULL)
2641 plogdump(LLV_DEBUG, iph1->skeyid_e->v, iph1->skeyid_e->l);
2656 oakley_compute_enckey(iph1)
2657 struct ph1handle *iph1;
2663 keylen = alg_oakley_encdef_keylen(iph1->approval->enctype,
2664 iph1->approval->encklen);
2669 iph1->approval->enctype,
2670 iph1->approval->encklen);
2673 iph1->key = vmalloc(keylen >> 3);
2674 if (iph1->key == NULL) {
2681 prflen = alg_oakley_hashdef_hashlen(iph1->approval->hashtype);
2684 "invalid hash type %d.\n", iph1->approval->hashtype);
2689 if (iph1->key->l <= iph1->skeyid_e->l) {
2694 memcpy(iph1->key->v, iph1->skeyid_e->v, iph1->key->l);
2712 iph1->skeyid_e->l, iph1->key->l);
2719 p = (u_char *)iph1->key->v;
2720 ep = p + iph1->key->l;
2724 if (p == (u_char *)iph1->key->v) {
2729 res = oakley_prf(iph1->skeyid_e, buf, iph1);
2768 if (iph1->approval->enctype > ARRAYLEN(oakley_encdef)
2769 || oakley_encdef[iph1->approval->enctype].weakkey == NULL) {
2772 iph1->approval->enctype);
2775 if ((oakley_encdef[iph1->approval->enctype].weakkey)(iph1->key)) {
2783 plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
2797 oakley_newiv(iph1)
2798 struct ph1handle *iph1;
2806 len = iph1->dhpub->l + iph1->dhpub_p->l;
2816 bp = (iph1->side == INITIATOR ? iph1->dhpub : iph1->dhpub_p);
2820 bp = (iph1->side == INITIATOR ? iph1->dhpub_p : iph1->dhpub);
2834 newivm->iv = oakley_hash(buf, iph1);
2842 newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
2846 iph1->approval->enctype);
2866 iph1->ivm = newivm;
2881 oakley_newiv2(iph1, msgid)
2882 struct ph1handle *iph1;
2892 len = iph1->ivm->iv->l + sizeof(msgid_t);
2902 memcpy(p, iph1->ivm->iv->v, iph1->ivm->iv->l);
2903 p += iph1->ivm->iv->l;
2920 if ((newivm->iv = oakley_hash(buf, iph1)) == NULL)
2924 newivm->iv->l = alg_oakley_encdef_blocklen(iph1->approval->enctype);
2928 iph1->approval->enctype);
2975 oakley_do_decrypt(iph1, msg, ivdp, ivep)
2976 struct ph1handle *iph1;
2988 blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
2992 iph1->approval->enctype);
3018 new = alg_oakley_encdef_decrypt(iph1->approval->enctype,
3019 buf, iph1->key, ivdp);
3022 "decryption %d failed.\n", iph1->approval->enctype);
3026 plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
3076 isakmp_printpacket(buf, iph1->remote, iph1->local, 1);
3096 oakley_do_encrypt(iph1, msg, ivep, ivp)
3097 struct ph1handle *iph1;
3110 blen = alg_oakley_encdef_blocklen(iph1->approval->enctype);
3114 iph1->approval->enctype);
3151 new = alg_oakley_encdef_encrypt(iph1->approval->enctype,
3152 buf, iph1->key, ivep);
3155 "encryption %d failed.\n", iph1->approval->enctype);
3159 plogdump(LLV_DEBUG, iph1->key->v, iph1->key->l);
