Lines Matching refs:iph1
103 base_i1send(iph1, msg) in base_i1send() argument
104 struct ph1handle *iph1; in base_i1send()
131 if (iph1->status != PHASE1ST_START) {
133 "status mismatched %d.\n", iph1->status);
138 memset(&iph1->index, 0, sizeof(iph1->index));
139 isakmp_newcookie((caddr_t)&iph1->index, iph1->remote, iph1->local);
142 if (ipsecdoi_setid1(iph1) < 0)
146 iph1->sa = ipsecdoi_setph1proposal(iph1->rmconf->proposal);
147 if (iph1->sa == NULL)
151 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
152 if (iph1->nonce == NULL)
157 switch (RMAUTHMETHOD(iph1)) {
178 if (iph1->rmconf->ike_frag) {
190 if (iph1->rmconf->nat_traversal) {
213 plist = isakmp_plist_append(plist, iph1->sa, ISAKMP_NPTYPE_SA);
216 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
219 plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);
234 if (iph1->rmconf->dpd) {
245 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
249 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
253 iph1->retry_counter = iph1->rmconf->retry_counter;
254 if (isakmp_ph1resend(iph1) == -1)
257 iph1->status = PHASE1ST_MSG1SENT;
292 base_i2recv(iph1, msg) in base_i2recv() argument
293 struct ph1handle *iph1; in base_i2recv()
307 if (iph1->status != PHASE1ST_MSG1SENT) {
309 "status mismatched %d.\n", iph1->status);
321 plog(LLV_ERROR, LOCATION, iph1->remote,
337 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
341 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
345 handle_vendorid(iph1, pa->ptr);
349 plog(LLV_ERROR, LOCATION, iph1->remote,
357 if (iph1->nonce_p == NULL || iph1->id_p == NULL) {
358 plog(LLV_ERROR, LOCATION, iph1->remote,
364 if (ipsecdoi_checkid1(iph1) != 0) {
365 plog(LLV_ERROR, LOCATION, iph1->remote,
371 if (NATT_AVAILABLE(iph1))
372 plog(LLV_INFO, LOCATION, iph1->remote,
374 vid_string_by_id(iph1->natt_options->version));
378 if (ipsecdoi_checkph1proposal(satmp, iph1) < 0) {
379 plog(LLV_ERROR, LOCATION, iph1->remote,
384 VPTRINIT(iph1->sa_ret);
386 iph1->status = PHASE1ST_MSG2RECEIVED;
397 VPTRINIT(iph1->nonce_p);
398 VPTRINIT(iph1->id_p);
412 base_i2send(iph1, msg) in base_i2send() argument
413 struct ph1handle *iph1; in base_i2send()
422 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
424 "status mismatched %d.\n", iph1->status);
429 memcpy(&iph1->index.r_ck, &((struct isakmp *)msg->v)->r_ck,
433 if (oakley_dh_generate(iph1->approval->dhgrp,
434 &iph1->dhpub, &iph1->dhpriv) < 0)
438 switch (AUTHMETHOD(iph1)) {
450 if (oakley_skeyid(iph1) < 0)
457 iph1->hash = oakley_ph1hash_base_i(iph1, GENERATE);
458 if (iph1->hash == NULL)
460 switch (AUTHMETHOD(iph1)) {
467 vid = set_vendorid(iph1->approval->vendorid);
470 plist = isakmp_plist_append(plist, iph1->dhpub, ISAKMP_NPTYPE_KE);
473 plist = isakmp_plist_append(plist, iph1->hash, ISAKMP_NPTYPE_HASH);
487 if (oakley_getmycert(iph1) < 0)
490 if (oakley_getsign(iph1) < 0)
493 if (iph1->cert && iph1->rmconf->send_cert)
498 iph1->dhpub, ISAKMP_NPTYPE_KE);
503 iph1->cert->pl, ISAKMP_NPTYPE_CERT);
507 iph1->sig, ISAKMP_NPTYPE_SIG);
526 if (NATT_AVAILABLE(iph1))
531 if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
533 "NAT-D hashing failed for %s\n", saddr2str(iph1->remote));
537 if ((natd[1] = natt_hash_addr (iph1, iph1->local)) == NULL) {
539 "NAT-D hashing failed for %s\n", saddr2str(iph1->local));
543 plist = isakmp_plist_append(plist, natd[0], iph1->natt_options->payload_nat_d);
544 plist = isakmp_plist_append(plist, natd[1], iph1->natt_options->payload_nat_d);
548 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
551 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
555 iph1->retry_counter = iph1->rmconf->retry_counter;
556 if (isakmp_ph1resend(iph1) == -1)
560 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
566 iph1->status = PHASE1ST_MSG2SENT;
584 base_i3recv(iph1, msg) in base_i3recv() argument
585 struct ph1handle *iph1; in base_i3recv()
598 if (iph1->status != PHASE1ST_MSG2SENT) {
600 "status mismatched %d.\n", iph1->status);
615 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
619 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
622 if (oakley_savecert(iph1, pa->ptr) < 0)
626 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
630 handle_vendorid(iph1, pa->ptr);
636 if (NATT_AVAILABLE(iph1) && iph1->natt_options &&
637 pa->type == iph1->natt_options->payload_nat_d) {
645 iph1->natt_flags |= NAT_DETECTED;
649 natd_verified = natt_compare_addr_hash (iph1,
664 plog(LLV_ERROR, LOCATION, iph1->remote,
673 if (NATT_AVAILABLE(iph1)) {
675 iph1->natt_flags & NAT_DETECTED ?
677 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
678 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
679 if (iph1->natt_flags & NAT_DETECTED)
680 natt_float_ports (iph1);
686 ptype = oakley_validate_auth(iph1);
692 EVT_PUSH(iph1->local, iph1->remote,
694 isakmp_info_send_n1(iph1, ptype, NULL);
699 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
700 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
704 switch (AUTHMETHOD(iph1)) {
714 if (oakley_skeyid(iph1) < 0)
722 if (oakley_skeyid_dae(iph1) < 0)
724 if (oakley_compute_enckey(iph1) < 0)
726 if (oakley_newiv(iph1) < 0)
730 memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->iv->l);
733 iph1->flags |= ISAKMP_FLAG_E;
735 iph1->status = PHASE1ST_MSG3RECEIVED;
744 VPTRINIT(iph1->dhpub_p);
745 oakley_delcert(iph1->cert_p);
746 iph1->cert_p = NULL;
747 oakley_delcert(iph1->crl_p);
748 iph1->crl_p = NULL;
749 VPTRINIT(iph1->sig_p);
759 base_i3send(iph1, msg) in base_i3send() argument
760 struct ph1handle *iph1; in base_i3send()
766 if (iph1->status != PHASE1ST_MSG3RECEIVED) {
768 "status mismatched %d.\n", iph1->status);
772 iph1->status = PHASE1ST_ESTABLISHED;
788 base_r1recv(iph1, msg) in base_r1recv() argument
789 struct ph1handle *iph1; in base_r1recv()
798 if (iph1->status != PHASE1ST_START) {
800 "status mismatched %d.\n", iph1->status);
815 plog(LLV_ERROR, LOCATION, iph1->remote,
821 if (isakmp_p2ph(&iph1->sa, pa->ptr) < 0)
831 if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
835 if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
839 vid_numeric = handle_vendorid(iph1, pa->ptr);
843 iph1->frag = 1;
848 plog(LLV_ERROR, LOCATION, iph1->remote,
856 if (iph1->nonce_p == NULL || iph1->id_p == NULL) {
857 plog(LLV_ERROR, LOCATION, iph1->remote,
863 if (ipsecdoi_checkid1(iph1) != 0) {
864 plog(LLV_ERROR, LOCATION, iph1->remote,
870 if (NATT_AVAILABLE(iph1))
871 plog(LLV_INFO, LOCATION, iph1->remote,
873 vid_string_by_id(iph1->natt_options->version));
877 if (ipsecdoi_checkph1proposal(iph1->sa, iph1) < 0) {
878 plog(LLV_ERROR, LOCATION, iph1->remote,
884 iph1->status = PHASE1ST_MSG1RECEIVED;
893 VPTRINIT(iph1->sa);
894 VPTRINIT(iph1->nonce_p);
895 VPTRINIT(iph1->id_p);
909 base_r1send(iph1, msg) in base_r1send() argument
910 struct ph1handle *iph1; in base_r1send()
930 if (iph1->status != PHASE1ST_MSG1RECEIVED) {
932 "status mismatched %d.\n", iph1->status);
937 isakmp_newcookie((caddr_t)&iph1->index.r_ck, iph1->remote, iph1->local);
940 if (ipsecdoi_setid1(iph1) < 0)
944 iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
945 if (iph1->nonce == NULL)
949 plist = isakmp_plist_append(plist, iph1->sa_ret, ISAKMP_NPTYPE_SA);
952 plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
955 plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);
959 if (NATT_AVAILABLE(iph1))
960 vid_natt = set_vendorid(iph1->natt_options->version);
965 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
976 if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) {
991 if (iph1->dpd_support && iph1->rmconf->dpd) {
1002 if (iph1->rmconf->ike_frag) {
1015 iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
1018 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
1022 iph1->retry_counter = iph1->rmconf->retry_counter;
1023 if (isakmp_ph1resend(iph1) == -1) {
1024 iph1 = NULL;
1029 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1035 iph1->status = PHASE1ST_MSG1SENT;
1059 if (iph1 != NULL)
1060 VPTRINIT(iph1->sa_ret);
1073 base_r2recv(iph1, msg) in base_r2recv() argument
1074 struct ph1handle *iph1; in base_r2recv()
1086 if (iph1->status != PHASE1ST_MSG1SENT) {
1088 "status mismatched %d.\n", iph1->status);
1097 iph1->pl_hash = NULL;
1105 if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
1109 iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
1112 if (oakley_savecert(iph1, pa->ptr) < 0)
1116 if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
1120 handle_vendorid(iph1, pa->ptr);
1126 if (pa->type == iph1->natt_options->payload_nat_d)
1135 iph1->natt_flags |= NAT_DETECTED;
1137 natd_verified = natt_compare_addr_hash (iph1,
1152 plog(LLV_ERROR, LOCATION, iph1->remote,
1161 if (oakley_dh_generate(iph1->approval->dhgrp,
1162 &iph1->dhpub, &iph1->dhpriv) < 0)
1166 if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
1167 iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
1171 if (oakley_skeyid(iph1) < 0)
1175 if (NATT_AVAILABLE(iph1))
1177 iph1->natt_flags & NAT_DETECTED ?
1179 iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
1180 iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
1185 ptype = oakley_validate_auth(iph1);
1191 EVT_PUSH(iph1->local, iph1->remote,
1193 isakmp_info_send_n1(iph1, ptype, NULL);
1197 iph1->status = PHASE1ST_MSG2RECEIVED;
1206 VPTRINIT(iph1->dhpub_p);
1207 oakley_delcert(iph1->cert_p);
1208 iph1->cert_p = NULL;
1209 oakley_delcert(iph1->crl_p);
1210 iph1->crl_p = NULL;
1211 VPTRINIT(iph1->sig_p);
1225 base_r2send(iph1, msg) in base_r2send() argument
1226 struct ph1handle *iph1; in base_r2send()
1235 if (iph1->status != PHASE1ST_MSG2RECEIVED) {
1237 "status mismatched %d.\n", iph1->status);
1243 switch (AUTHMETHOD(iph1)) {
1254 iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
1267 iph1->hash = oakley_ph1hash_base_r(iph1, GENERATE);
1272 iph1->approval->authmethod);
1275 if (iph1->hash == NULL)
1278 switch (AUTHMETHOD(iph1)) {
1283 vid = set_vendorid(iph1->approval->vendorid);
1287 iph1->dhpub, ISAKMP_NPTYPE_KE);
1291 iph1->hash, ISAKMP_NPTYPE_HASH);
1308 if (oakley_getmycert(iph1) < 0)
1311 if (oakley_getsign(iph1) < 0)
1314 if (iph1->cert && iph1->rmconf->send_cert)
1319 iph1->dhpub, ISAKMP_NPTYPE_KE);
1324 iph1->cert->pl, ISAKMP_NPTYPE_CERT);
1327 iph1->sig, ISAKMP_NPTYPE_SIG);
1345 if (NATT_AVAILABLE(iph1)) {
1350 if ((natd[0] = natt_hash_addr(iph1, iph1->remote)) == NULL) {
1353 saddr2str(iph1->remote));
1357 if ((natd[1] = natt_hash_addr(iph1, iph1->local)) == NULL) {
1360 saddr2str(iph1->local));
1365 natd[0], iph1->natt_options->payload_nat_d);
1367 natd[1], iph1->natt_options->payload_nat_d);
1371 iph1->sendbuf = isakmp_plist_set_all(&plist, iph1);
1374 isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
1378 if (isakmp_send(iph1, iph1->sendbuf) < 0)
1382 if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
1389 if (oakley_skeyid_dae(iph1) < 0)
1391 if (oakley_compute_enckey(iph1) < 0)
1393 if (oakley_newiv(iph1) < 0)
1397 iph1->flags |= ISAKMP_FLAG_E;
1399 iph1->status = PHASE1ST_ESTABLISHED;