Lines Matching refs:iph2
103 quick_i1prep(iph2, msg)
104 struct ph2handle *iph2;
110 if (iph2->status != PHASE2ST_STATUS2) {
112 "status mismatched %d.\n", iph2->status);
116 iph2->msgid = isakmp_newmsgid2(iph2->ph1);
117 iph2->ivm = oakley_newiv2(iph2->ph1, iph2->msgid);
118 if (iph2->ivm == NULL)
121 iph2->status = PHASE2ST_GETSPISENT;
130 if (pk_sendgetspi(iph2) < 0)
135 iph2->sce = sched_new(lcconf->wait_ph2complete,
136 pfkey_timeover_stub, iph2);
149 quick_i1send(iph2, msg)
150 struct ph2handle *iph2;
169 if (iph2->status != PHASE2ST_GETSPIDONE) {
171 "status mismatched %d.\n", iph2->status);
176 if (ipsecdoi_setph2proposal(iph2) < 0)
180 iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
181 if (iph2->nonce == NULL)
190 pfsgroup = iph2->proposal->pfs_group;
193 if (oakley_setdhgroup(pfsgroup, &iph2->pfsgrp) < 0) {
198 if (oakley_dh_generate(iph2->pfsgrp,
199 &iph2->dhpub, &iph2->dhpriv) < 0) {
205 if (ipsecdoi_setid2(iph2) < 0) {
211 plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
213 plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
222 id = (struct ipsecdoi_id_b *)iph2->id->v;
223 id_p = (struct ipsecdoi_id_b *)iph2->id_p->v;
226 && iph2->ph1->rmconf->support_proxy == 0
227 && ipsecdoi_transportmode(iph2->proposal)) {
233 tlen = + sizeof(*gen) + iph2->sa->l
234 + sizeof(*gen) + iph2->nonce->l;
236 tlen += (sizeof(*gen) + iph2->dhpub->l);
238 tlen += sizeof(*gen) + iph2->id->l;
240 tlen += sizeof(*gen) + iph2->id_p->l;
252 p = set_isakmp_payload(p, iph2->sa, ISAKMP_NPTYPE_NONCE);
261 p = set_isakmp_payload(p, iph2->nonce, np);
266 p = set_isakmp_payload(p, iph2->dhpub, np);
271 p = set_isakmp_payload(p, iph2->id, np);
275 p = set_isakmp_payload(p, iph2->id_p, ISAKMP_NPTYPE_NONE);
278 hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, body);
283 iph2->sendbuf = quick_ir1mx(iph2, body, hash);
284 if (iph2->sendbuf == NULL)
288 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
289 if (isakmp_ph2resend(iph2) == -1)
293 iph2->status = PHASE2ST_MSG1SENT;
311 quick_i2recv(iph2, msg0)
312 struct ph2handle *iph2;
327 if (iph2->status != PHASE2ST_MSG1SENT) {
329 "status mismatched %d.\n", iph2->status);
335 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
339 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
357 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
373 plog(LLV_WARNING, LOCATION, iph2->ph1->remote,
380 tlen = iph2->nonce->l
388 p = hbuf->v + iph2->nonce->l; /* retain the space for Ni_b */
394 iph2->sa_ret = NULL;
405 if (iph2->sa_ret != NULL) {
411 if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
416 if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
421 if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
433 vp = iph2->id;
436 vp = iph2->id_p;
452 isakmp_check_notify(pa->ptr, iph2->ph1);
464 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
478 if (hash == NULL || iph2->sa_ret == NULL || iph2->nonce_p == NULL) {
479 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
485 memcpy(hbuf->v, iph2->nonce->v, iph2->nonce->l);
488 hbuf->l, tlen + iph2->nonce->l);
490 hbuf->l = iph2->nonce->l + tlen;
503 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, hbuf);
511 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
519 if (ipsecdoi_checkph2proposal(iph2) < 0) {
525 iph2->status = PHASE2ST_STATUS6;
538 VPTRINIT(iph2->sa_ret);
539 VPTRINIT(iph2->nonce_p);
540 VPTRINIT(iph2->dhpub_p);
541 VPTRINIT(iph2->id);
542 VPTRINIT(iph2->id_p);
553 quick_i2send(iph2, msg0)
554 struct ph2handle *iph2;
565 if (iph2->status != PHASE2ST_STATUS6) {
567 "status mismatched %d.\n", iph2->status);
577 tmp = vmalloc(iph2->nonce->l + iph2->nonce_p->l);
583 memcpy(tmp->v, iph2->nonce->v, iph2->nonce->l);
584 memcpy(tmp->v + iph2->nonce->l, iph2->nonce_p->v, iph2->nonce_p->l);
586 hash = oakley_compute_hash3(iph2->ph1, iph2->msgid, tmp);
604 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
612 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
616 iph2->sendbuf = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
617 if (iph2->sendbuf == NULL)
621 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
623 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
624 if (isakmp_ph2resend(iph2) == -1)
628 if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0)
633 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local,
634 iph2->sendbuf, msg0) == -1) {
641 if (oakley_compute_keymat(iph2, INITIATOR) < 0)
644 iph2->status = PHASE2ST_ADDSA;
653 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
654 iph2->status = PHASE2ST_COMMIT;
661 if (pk_sendupdate(iph2) < 0) {
668 if (pk_sendadd(iph2) < 0) {
692 quick_i3recv(iph2, msg0)
693 struct ph2handle *iph2;
704 if (iph2->status != PHASE2ST_COMMIT) {
706 "status mismatched %d.\n", iph2->status);
712 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
716 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
739 isakmp_check_notify(pa->ptr, iph2->ph1);
750 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
760 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
777 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, notify);
786 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
793 iph2->status = PHASE2ST_ADDSA;
794 iph2->flags ^= ISAKMP_FLAG_C; /* reset bit */
804 if (pk_sendupdate(iph2) < 0) {
811 if (pk_sendadd(iph2) < 0) {
835 quick_r1recv(iph2, msg0)
836 struct ph2handle *iph2;
851 if (iph2->status != PHASE2ST_START) {
853 "status mismatched %d.\n", iph2->status);
859 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
865 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
883 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
900 plog(LLV_WARNING, LOCATION, iph2->ph1->remote,
921 iph2->sa = NULL; /* we don't support multi SAs. */
922 iph2->nonce_p = NULL;
923 iph2->dhpub_p = NULL;
924 iph2->id_p = NULL;
925 iph2->id = NULL;
946 if (iph2->sa != NULL) {
951 if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
956 if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
961 if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
966 if (iph2->id_p == NULL) {
970 if (isakmp_p2ph(&iph2->id_p, pa->ptr) < 0)
973 } else if (iph2->id == NULL) {
983 if (isakmp_p2ph(&iph2->id, pa->ptr) < 0)
988 plogdump(LLV_ERROR, iph2->id->v, iph2->id->l);
995 isakmp_check_notify(pa->ptr, iph2->ph1);
1006 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1021 if (hash == NULL || iph2->sa == NULL || iph2->nonce_p == NULL) {
1022 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1028 if (iph2->id_p) {
1030 plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
1032 if (iph2->id) {
1034 plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
1051 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, hbuf);
1059 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
1067 error = get_sainfo_r(iph2);
1076 error = get_proposal_r(iph2);
1080 if (set_proposal_from_proposal(iph2)) {
1089 if (ipsecdoi_selectph2proposal(iph2) < 0) {
1101 if (iph2->dhpub_p != NULL && iph2->approval->pfs_group == 0) {
1107 if (iph2->dhpub_p == NULL && iph2->approval->pfs_group != 0) {
1118 iph2->msg1 = vdup(msg0);
1121 iph2->status = PHASE2ST_STATUS2;
1134 VPTRINIT(iph2->sa);
1135 VPTRINIT(iph2->nonce_p);
1136 VPTRINIT(iph2->dhpub_p);
1137 VPTRINIT(iph2->id);
1138 VPTRINIT(iph2->id_p);
1148 quick_r1prep(iph2, msg)
1149 struct ph2handle *iph2;
1155 if (iph2->status != PHASE2ST_STATUS2) {
1157 "status mismatched %d.\n", iph2->status);
1161 iph2->status = PHASE2ST_GETSPISENT;
1164 if (pk_sendgetspi(iph2) < 0)
1169 iph2->sce = sched_new(lcconf->wait_ph2complete,
1170 pfkey_timeover_stub, iph2);
1183 quick_r2send(iph2, msg)
1184 struct ph2handle *iph2;
1202 if (iph2->status != PHASE2ST_GETSPIDONE) {
1204 "status mismatched %d.\n", iph2->status);
1209 if (ipsecdoi_updatespi(iph2) < 0) {
1215 iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
1216 if (iph2->nonce == NULL)
1220 pfsgroup = iph2->approval->pfs_group;
1221 if (iph2->dhpub_p != NULL && pfsgroup != 0) {
1223 if (oakley_setdhgroup(pfsgroup, &iph2->pfsgrp) < 0) {
1229 if (oakley_dh_generate(iph2->pfsgrp,
1230 &iph2->dhpub, &iph2->dhpriv) < 0) {
1236 tlen = sizeof(*gen) + iph2->sa_ret->l
1237 + sizeof(*gen) + iph2->nonce->l;
1238 if (iph2->dhpub_p != NULL && pfsgroup != 0)
1239 tlen += (sizeof(*gen) + iph2->dhpub->l);
1240 if (iph2->id_p != NULL)
1241 tlen += (sizeof(*gen) + iph2->id_p->l
1242 + sizeof(*gen) + iph2->id->l);
1253 p = set_isakmp_payload(body->v, iph2->sa_ret, ISAKMP_NPTYPE_NONCE);
1257 p = set_isakmp_payload(p, iph2->nonce,
1258 (iph2->dhpub_p != NULL && pfsgroup != 0)
1260 : (iph2->id_p != NULL
1265 if (iph2->dhpub_p != NULL && pfsgroup != 0) {
1267 p = set_isakmp_payload(p, iph2->dhpub,
1268 (iph2->id_p == NULL)
1274 if (iph2->id_p != NULL) {
1276 p = set_isakmp_payload(p, iph2->id_p, ISAKMP_NPTYPE_ID);
1279 p = set_isakmp_payload(p, iph2->id, ISAKMP_NPTYPE_NONE);
1285 struct saprop *pp = iph2->approval;
1332 tmp = vmalloc(iph2->nonce_p->l + body->l);
1338 memcpy(tmp->v, iph2->nonce_p->v, iph2->nonce_p->l);
1339 memcpy(tmp->v + iph2->nonce_p->l, body->v, body->l);
1341 hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, tmp);
1349 iph2->sendbuf = quick_ir1mx(iph2, body, hash);
1350 if (iph2->sendbuf == NULL)
1354 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
1355 if (isakmp_ph2resend(iph2) == -1)
1359 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local, iph2->sendbuf, iph2->msg1) == -1) {
1366 iph2->status = PHASE2ST_MSG1SENT;
1384 quick_r3recv(iph2, msg0)
1385 iph2;
1395 if (iph2->status != PHASE2ST_MSG1SENT) {
1397 "status mismatched %d.\n", iph2->status);
1403 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1407 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
1425 isakmp_check_notify(pa->ptr, iph2->ph1);
1429 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1439 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1457 tmp = vmalloc(iph2->nonce_p->l + iph2->nonce->l);
1463 memcpy(tmp->v, iph2->nonce_p->v, iph2->nonce_p->l);
1464 memcpy(tmp->v + iph2->nonce_p->l, iph2->nonce->v, iph2->nonce->l);
1466 my_hash = oakley_compute_hash3(iph2->ph1, iph2->msgid, tmp);
1475 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1483 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
1484 iph2->status = PHASE2ST_COMMIT;
1486 iph2->status = PHASE2ST_STATUS6;
1504 quick_r3send(iph2, msg0)
1505 struct ph2handle *iph2;
1517 if (iph2->status != PHASE2ST_COMMIT) {
1519 "status mismatched %d.\n", iph2->status);
1528 tlen = sizeof(struct isakmp_pl_n) + iph2->approval->head->spisize;
1539 n->proto_id = iph2->approval->head->proto_id;
1540 n->spi_size = sizeof(iph2->approval->head->spisize);
1542 memcpy(n + 1, &iph2->approval->head->spi, iph2->approval->head->spisize);
1544 myhash = oakley_compute_hash1(iph2->ph1, iph2->msgid, notify);
1560 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
1571 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
1575 iph2->sendbuf = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
1576 if (iph2->sendbuf == NULL)
1580 if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0)
1584 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local, iph2->sendbuf, msg0) == -1) {
1590 iph2->status = PHASE2ST_COMMIT;
1621 quick_r3prep(iph2, msg0)
1622 struct ph2handle *iph2;
1628 if (iph2->status != PHASE2ST_STATUS6) {
1630 "status mismatched %d.\n", iph2->status);
1635 if (oakley_compute_keymat(iph2, RESPONDER) < 0)
1638 iph2->status = PHASE2ST_ADDSA;
1639 iph2->flags ^= ISAKMP_FLAG_C; /* reset bit */
1649 if (pk_sendupdate(iph2) < 0) {
1656 if (pk_sendadd(iph2) < 0) {
1666 if (iph2->spidx_gen) {
1671 struct sockaddr *src = iph2->src;
1672 struct sockaddr *dst = iph2->dst;
1675 iph2->src = dst;
1676 iph2->dst = src;
1677 if (pk_sendspdupdate2(iph2) < 0) {
1685 spidx = (struct policyindex *)iph2->spidx_gen;
1688 if (tunnel_mode_prop(iph2->approval)) {
1690 if (pk_sendspdupdate2(iph2) < 0) {
1701 iph2->src = src;
1702 iph2->dst = dst;
1711 if (pk_sendspdupdate2(iph2) < 0) {
1720 delsp_bothdir((struct policyindex *)iph2->spidx_gen);
1721 racoon_free(iph2->spidx_gen);
1722 iph2->spidx_gen = NULL;
1723 iph2->generated_spidx=1;
1736 quick_ir1mx(iph2, body, hash)
1737 struct ph2handle *iph2;
1759 iph2->flags |= ISAKMP_FLAG_E;
1762 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
1774 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
1778 new = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
1803 get_sainfo_r(iph2)
1804 struct ph2handle *iph2;
1811 if (iph2->id == NULL) {
1812 switch (iph2->src->sa_family) {
1821 "invalid family: %d\n", iph2->src->sa_family);
1824 idsrc = ipsecdoi_sockaddr2id(iph2->src, prefixlen,
1827 idsrc = vdup(iph2->id);
1835 if (iph2->id_p == NULL) {
1836 switch (iph2->dst->sa_family) {
1845 "invalid family: %d\n", iph2->dst->sa_family);
1848 iddst = ipsecdoi_sockaddr2id(iph2->dst, prefixlen,
1851 iddst = vdup(iph2->id_p);
1861 conf = getrmconf(iph2->dst);
1871 iph2->sainfo = getsainfo(idsrc, iddst, iph2->ph1->id_p, remoteid);
1872 if (iph2->sainfo == NULL) {
1880 if (iph2->sainfo->group != NULL)
1881 if(group_check(iph2->ph1,&iph2->sainfo->group->v,1))
1886 "selected sainfo: %s\n", sainfo2str(iph2->sainfo));
1909 get_proposal_r(iph2)
1910 struct ph2handle *iph2;
1918 if ((iph2->id_p != NULL && iph2->id == NULL)
1919 || (iph2->id_p == NULL && iph2->id != NULL)) {
1926 if (iph2->src_id || iph2->dst_id) {
1944 if (iph2->id != NULL
1945 && (_XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR
1946 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR
1947 || _XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR_SUBNET
1948 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR_SUBNET)) {
1950 error = ipsecdoi_id2sockaddr(iph2->id,
1963 if (_XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR) {
1965 iph2->src);
1971 if (_XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR
1972 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR)
1973 idi2type = _XIDT(iph2->id);
1988 memcpy(&spidx.dst, iph2->src, sysdep_sa_len(iph2->src));
2005 if (iph2->id_p != NULL
2006 && (_XIDT(iph2->id_p) == IPSECDOI_ID_IPV4_ADDR
2007 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR
2008 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV4_ADDR_SUBNET
2009 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR_SUBNET)) {
2011 error = ipsecdoi_id2sockaddr(iph2->id_p,
2022 if (_XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR) {
2024 iph2->dst);
2031 if (_XIDT(iph2->id_p) == idi2type
2033 iph2->src_id = dupsaddr((struct sockaddr *)&spidx.dst);
2034 if (iph2->src_id == NULL) {
2039 iph2->dst_id = dupsaddr((struct sockaddr *)&spidx.src);
2040 if (iph2->dst_id == NULL) {
2055 memcpy(&spidx.src, iph2->dst, sysdep_sa_len(iph2->dst));
2097 if (get_security_context(iph2->sa, &spidx)) {
2107 if (iph2->ph1->rmconf->gen_policy) {
2112 iph2->spidx_gen = racoon_malloc(sizeof(spidx));
2113 if (!iph2->spidx_gen) {
2118 memcpy(iph2->spidx_gen, &spidx, sizeof(spidx));
2127 if (iph2->ph1->rmconf->gen_policy) {
2131 iph2->spidx_gen = racoon_malloc(sizeof(spidx));
2132 if (!iph2->spidx_gen) {
2137 memcpy(iph2->spidx_gen, &spidx, sizeof(spidx));
2175 /* set new proposal derived from a policy into the iph2->proposal. */
2176 if (set_proposal_from_policy(iph2, sp_in, sp_out) < 0) {
2184 set_secctx_in_proposal(iph2, spidx);
