Lines Matching refs:iph2
102 quick_i1prep(iph2, msg) in quick_i1prep() argument
103 struct ph2handle *iph2; in quick_i1prep()
109 if (iph2->status != PHASE2ST_STATUS2) {
111 "status mismatched %d.\n", iph2->status);
115 iph2->msgid = isakmp_newmsgid2(iph2->ph1);
116 iph2->ivm = oakley_newiv2(iph2->ph1, iph2->msgid);
117 if (iph2->ivm == NULL)
120 iph2->status = PHASE2ST_GETSPISENT;
129 if (pk_sendgetspi(iph2) < 0)
134 iph2->sce = sched_new(lcconf->wait_ph2complete,
135 pfkey_timeover_stub, iph2);
148 quick_i1send(iph2, msg) in quick_i1send() argument
149 struct ph2handle *iph2; in quick_i1send()
168 if (iph2->status != PHASE2ST_GETSPIDONE) {
170 "status mismatched %d.\n", iph2->status);
175 if (ipsecdoi_setph2proposal(iph2) < 0)
179 iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
180 if (iph2->nonce == NULL)
189 pfsgroup = iph2->proposal->pfs_group;
192 if (oakley_setdhgroup(pfsgroup, &iph2->pfsgrp) < 0) {
197 if (oakley_dh_generate(iph2->pfsgrp,
198 &iph2->dhpub, &iph2->dhpriv) < 0) {
204 if (ipsecdoi_setid2(iph2) < 0) {
210 plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
212 plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
221 id = (struct ipsecdoi_id_b *)iph2->id->v;
222 id_p = (struct ipsecdoi_id_b *)iph2->id_p->v;
225 && iph2->ph1->rmconf->support_proxy == 0
226 && ipsecdoi_transportmode(iph2->proposal)) {
232 tlen = + sizeof(*gen) + iph2->sa->l
233 + sizeof(*gen) + iph2->nonce->l;
235 tlen += (sizeof(*gen) + iph2->dhpub->l);
237 tlen += sizeof(*gen) + iph2->id->l;
239 tlen += sizeof(*gen) + iph2->id_p->l;
251 p = set_isakmp_payload(p, iph2->sa, ISAKMP_NPTYPE_NONCE);
260 p = set_isakmp_payload(p, iph2->nonce, np);
265 p = set_isakmp_payload(p, iph2->dhpub, np);
270 p = set_isakmp_payload(p, iph2->id, np);
274 p = set_isakmp_payload(p, iph2->id_p, ISAKMP_NPTYPE_NONE);
277 hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, body);
282 iph2->sendbuf = quick_ir1mx(iph2, body, hash);
283 if (iph2->sendbuf == NULL)
287 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
288 if (isakmp_ph2resend(iph2) == -1)
292 iph2->status = PHASE2ST_MSG1SENT;
310 quick_i2recv(iph2, msg0) in quick_i2recv() argument
311 struct ph2handle *iph2; in quick_i2recv()
326 if (iph2->status != PHASE2ST_MSG1SENT) {
328 "status mismatched %d.\n", iph2->status);
334 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
338 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
356 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
372 plog(LLV_WARNING, LOCATION, iph2->ph1->remote,
379 tlen = iph2->nonce->l
387 p = hbuf->v + iph2->nonce->l; /* retain the space for Ni_b */
393 iph2->sa_ret = NULL;
404 if (iph2->sa_ret != NULL) {
410 if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
415 if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
420 if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
432 vp = iph2->id;
435 vp = iph2->id_p;
451 isakmp_check_notify(pa->ptr, iph2->ph1);
463 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
477 if (hash == NULL || iph2->sa_ret == NULL || iph2->nonce_p == NULL) {
478 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
484 memcpy(hbuf->v, iph2->nonce->v, iph2->nonce->l);
487 hbuf->l, tlen + iph2->nonce->l);
489 hbuf->l = iph2->nonce->l + tlen;
502 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, hbuf);
510 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
518 if (ipsecdoi_checkph2proposal(iph2) < 0) {
524 iph2->status = PHASE2ST_STATUS6;
537 VPTRINIT(iph2->sa_ret);
538 VPTRINIT(iph2->nonce_p);
539 VPTRINIT(iph2->dhpub_p);
540 VPTRINIT(iph2->id);
541 VPTRINIT(iph2->id_p);
552 quick_i2send(iph2, msg0) in quick_i2send() argument
553 struct ph2handle *iph2; in quick_i2send()
564 if (iph2->status != PHASE2ST_STATUS6) {
566 "status mismatched %d.\n", iph2->status);
576 tmp = vmalloc(iph2->nonce->l + iph2->nonce_p->l);
582 memcpy(tmp->v, iph2->nonce->v, iph2->nonce->l);
583 memcpy(tmp->v + iph2->nonce->l, iph2->nonce_p->v, iph2->nonce_p->l);
585 hash = oakley_compute_hash3(iph2->ph1, iph2->msgid, tmp);
603 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
611 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
615 iph2->sendbuf = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
616 if (iph2->sendbuf == NULL)
620 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
622 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
623 if (isakmp_ph2resend(iph2) == -1)
627 if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0)
632 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local,
633 iph2->sendbuf, msg0) == -1) {
640 if (oakley_compute_keymat(iph2, INITIATOR) < 0)
643 iph2->status = PHASE2ST_ADDSA;
652 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
653 iph2->status = PHASE2ST_COMMIT;
660 if (pk_sendupdate(iph2) < 0) {
667 if (pk_sendadd(iph2) < 0) {
691 quick_i3recv(iph2, msg0) in quick_i3recv() argument
692 struct ph2handle *iph2; in quick_i3recv()
703 if (iph2->status != PHASE2ST_COMMIT) {
705 "status mismatched %d.\n", iph2->status);
711 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
715 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
738 isakmp_check_notify(pa->ptr, iph2->ph1);
749 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
759 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
776 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, notify);
785 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
792 iph2->status = PHASE2ST_ADDSA;
793 iph2->flags ^= ISAKMP_FLAG_C; /* reset bit */
803 if (pk_sendupdate(iph2) < 0) {
810 if (pk_sendadd(iph2) < 0) {
834 quick_r1recv(iph2, msg0) in quick_r1recv() argument
835 struct ph2handle *iph2; in quick_r1recv()
850 if (iph2->status != PHASE2ST_START) {
852 "status mismatched %d.\n", iph2->status);
858 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
864 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
882 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
899 plog(LLV_WARNING, LOCATION, iph2->ph1->remote,
920 iph2->sa = NULL; /* we don't support multi SAs. */
921 iph2->nonce_p = NULL;
922 iph2->dhpub_p = NULL;
923 iph2->id_p = NULL;
924 iph2->id = NULL;
945 if (iph2->sa != NULL) {
950 if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
955 if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
960 if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
965 if (iph2->id_p == NULL) {
969 if (isakmp_p2ph(&iph2->id_p, pa->ptr) < 0)
972 } else if (iph2->id == NULL) {
982 if (isakmp_p2ph(&iph2->id, pa->ptr) < 0)
987 plogdump(LLV_ERROR, iph2->id->v, iph2->id->l);
994 isakmp_check_notify(pa->ptr, iph2->ph1);
1005 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1020 if (hash == NULL || iph2->sa == NULL || iph2->nonce_p == NULL) {
1021 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1027 if (iph2->id_p) {
1029 plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
1031 if (iph2->id) {
1033 plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
1050 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, hbuf);
1058 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
1066 error = get_sainfo_r(iph2);
1075 error = get_proposal_r(iph2);
1079 if (set_proposal_from_proposal(iph2)) {
1088 if (ipsecdoi_selectph2proposal(iph2) < 0) {
1100 if (iph2->dhpub_p != NULL && iph2->approval->pfs_group == 0) {
1106 if (iph2->dhpub_p == NULL && iph2->approval->pfs_group != 0) {
1117 iph2->msg1 = vdup(msg0);
1120 iph2->status = PHASE2ST_STATUS2;
1133 VPTRINIT(iph2->sa);
1134 VPTRINIT(iph2->nonce_p);
1135 VPTRINIT(iph2->dhpub_p);
1136 VPTRINIT(iph2->id);
1137 VPTRINIT(iph2->id_p);
1147 quick_r1prep(iph2, msg) in quick_r1prep() argument
1148 struct ph2handle *iph2; in quick_r1prep()
1154 if (iph2->status != PHASE2ST_STATUS2) {
1156 "status mismatched %d.\n", iph2->status);
1160 iph2->status = PHASE2ST_GETSPISENT;
1163 if (pk_sendgetspi(iph2) < 0)
1168 iph2->sce = sched_new(lcconf->wait_ph2complete,
1169 pfkey_timeover_stub, iph2);
1182 quick_r2send(iph2, msg) in quick_r2send() argument
1183 struct ph2handle *iph2; in quick_r2send()
1201 if (iph2->status != PHASE2ST_GETSPIDONE) {
1203 "status mismatched %d.\n", iph2->status);
1208 if (ipsecdoi_updatespi(iph2) < 0) {
1214 iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
1215 if (iph2->nonce == NULL)
1219 pfsgroup = iph2->approval->pfs_group;
1220 if (iph2->dhpub_p != NULL && pfsgroup != 0) {
1222 if (oakley_setdhgroup(pfsgroup, &iph2->pfsgrp) < 0) {
1228 if (oakley_dh_generate(iph2->pfsgrp,
1229 &iph2->dhpub, &iph2->dhpriv) < 0) {
1235 tlen = sizeof(*gen) + iph2->sa_ret->l
1236 + sizeof(*gen) + iph2->nonce->l;
1237 if (iph2->dhpub_p != NULL && pfsgroup != 0)
1238 tlen += (sizeof(*gen) + iph2->dhpub->l);
1239 if (iph2->id_p != NULL)
1240 tlen += (sizeof(*gen) + iph2->id_p->l
1241 + sizeof(*gen) + iph2->id->l);
1252 p = set_isakmp_payload(body->v, iph2->sa_ret, ISAKMP_NPTYPE_NONCE);
1256 p = set_isakmp_payload(p, iph2->nonce,
1257 (iph2->dhpub_p != NULL && pfsgroup != 0)
1259 : (iph2->id_p != NULL
1264 if (iph2->dhpub_p != NULL && pfsgroup != 0) {
1266 p = set_isakmp_payload(p, iph2->dhpub,
1267 (iph2->id_p == NULL)
1273 if (iph2->id_p != NULL) {
1275 p = set_isakmp_payload(p, iph2->id_p, ISAKMP_NPTYPE_ID);
1278 p = set_isakmp_payload(p, iph2->id, ISAKMP_NPTYPE_NONE);
1284 struct saprop *pp = iph2->approval;
1331 tmp = vmalloc(iph2->nonce_p->l + body->l);
1337 memcpy(tmp->v, iph2->nonce_p->v, iph2->nonce_p->l);
1338 memcpy(tmp->v + iph2->nonce_p->l, body->v, body->l);
1340 hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, tmp);
1348 iph2->sendbuf = quick_ir1mx(iph2, body, hash);
1349 if (iph2->sendbuf == NULL)
1353 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
1354 if (isakmp_ph2resend(iph2) == -1)
1358 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local, iph2->sendbuf, iph2->msg1) == -1) {
1365 iph2->status = PHASE2ST_MSG1SENT;
1383 quick_r3recv(iph2, msg0) in quick_r3recv() argument
1384 struct ph2handle *iph2; in quick_r3recv()
1394 if (iph2->status != PHASE2ST_MSG1SENT) {
1396 "status mismatched %d.\n", iph2->status);
1402 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1406 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
1424 isakmp_check_notify(pa->ptr, iph2->ph1);
1428 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1438 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1456 tmp = vmalloc(iph2->nonce_p->l + iph2->nonce->l);
1462 memcpy(tmp->v, iph2->nonce_p->v, iph2->nonce_p->l);
1463 memcpy(tmp->v + iph2->nonce_p->l, iph2->nonce->v, iph2->nonce->l);
1465 my_hash = oakley_compute_hash3(iph2->ph1, iph2->msgid, tmp);
1474 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1482 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
1483 iph2->status = PHASE2ST_COMMIT;
1485 iph2->status = PHASE2ST_STATUS6;
1503 quick_r3send(iph2, msg0) in quick_r3send() argument
1504 struct ph2handle *iph2; in quick_r3send()
1516 if (iph2->status != PHASE2ST_COMMIT) {
1518 "status mismatched %d.\n", iph2->status);
1527 tlen = sizeof(struct isakmp_pl_n) + iph2->approval->head->spisize;
1538 n->proto_id = iph2->approval->head->proto_id;
1539 n->spi_size = sizeof(iph2->approval->head->spisize);
1541 memcpy(n + 1, &iph2->approval->head->spi, iph2->approval->head->spisize);
1543 myhash = oakley_compute_hash1(iph2->ph1, iph2->msgid, notify);
1559 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
1570 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
1574 iph2->sendbuf = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
1575 if (iph2->sendbuf == NULL)
1579 if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0)
1583 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local, iph2->sendbuf, msg0) == -1) {
1589 iph2->status = PHASE2ST_COMMIT;
1620 quick_r3prep(iph2, msg0) in quick_r3prep() argument
1621 struct ph2handle *iph2; in quick_r3prep()
1627 if (iph2->status != PHASE2ST_STATUS6) {
1629 "status mismatched %d.\n", iph2->status);
1634 if (oakley_compute_keymat(iph2, RESPONDER) < 0)
1637 iph2->status = PHASE2ST_ADDSA;
1638 iph2->flags ^= ISAKMP_FLAG_C; /* reset bit */
1648 if (pk_sendupdate(iph2) < 0) {
1655 if (pk_sendadd(iph2) < 0) {
1665 if (iph2->spidx_gen) {
1670 struct sockaddr *src = iph2->src;
1671 struct sockaddr *dst = iph2->dst;
1674 iph2->src = dst;
1675 iph2->dst = src;
1676 if (pk_sendspdupdate2(iph2) < 0) {
1684 spidx = (struct policyindex *)iph2->spidx_gen;
1687 if (tunnel_mode_prop(iph2->approval)) {
1689 if (pk_sendspdupdate2(iph2) < 0) {
1700 iph2->src = src;
1701 iph2->dst = dst;
1710 if (pk_sendspdupdate2(iph2) < 0) {
1719 delsp_bothdir((struct policyindex *)iph2->spidx_gen);
1720 racoon_free(iph2->spidx_gen);
1721 iph2->spidx_gen = NULL;
1722 iph2->generated_spidx=1;
1735 quick_ir1mx(iph2, body, hash) in quick_ir1mx() argument
1736 struct ph2handle *iph2; in quick_ir1mx()
1758 iph2->flags |= ISAKMP_FLAG_E;
1761 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
1773 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
1777 new = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
1802 get_sainfo_r(iph2) in get_sainfo_r() argument
1803 struct ph2handle *iph2; in get_sainfo_r()
1810 if (iph2->id == NULL) {
1811 switch (iph2->src->sa_family) {
1820 "invalid family: %d\n", iph2->src->sa_family);
1823 idsrc = ipsecdoi_sockaddr2id(iph2->src, prefixlen,
1826 idsrc = vdup(iph2->id);
1834 if (iph2->id_p == NULL) {
1835 switch (iph2->dst->sa_family) {
1844 "invalid family: %d\n", iph2->dst->sa_family);
1847 iddst = ipsecdoi_sockaddr2id(iph2->dst, prefixlen,
1850 iddst = vdup(iph2->id_p);
1860 conf = getrmconf(iph2->dst);
1870 iph2->sainfo = getsainfo(idsrc, iddst, iph2->ph1->id_p, remoteid);
1871 if (iph2->sainfo == NULL) {
1879 if (iph2->sainfo->group != NULL)
1880 if(group_check(iph2->ph1,&iph2->sainfo->group->v,1))
1885 "selected sainfo: %s\n", sainfo2str(iph2->sainfo));
1908 get_proposal_r(iph2) in get_proposal_r() argument
1909 struct ph2handle *iph2; in get_proposal_r()
1917 if ((iph2->id_p != NULL && iph2->id == NULL)
1918 || (iph2->id_p == NULL && iph2->id != NULL)) {
1925 if (iph2->src_id || iph2->dst_id) {
1943 if (iph2->id != NULL
1944 && (_XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR
1945 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR
1946 || _XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR_SUBNET
1947 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR_SUBNET)) {
1949 error = ipsecdoi_id2sockaddr(iph2->id,
1962 if (_XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR) {
1964 iph2->src);
1970 if (_XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR
1971 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR)
1972 idi2type = _XIDT(iph2->id);
1987 memcpy(&spidx.dst, iph2->src, sysdep_sa_len(iph2->src));
2004 if (iph2->id_p != NULL
2005 && (_XIDT(iph2->id_p) == IPSECDOI_ID_IPV4_ADDR
2006 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR
2007 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV4_ADDR_SUBNET
2008 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR_SUBNET)) {
2010 error = ipsecdoi_id2sockaddr(iph2->id_p,
2021 if (_XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR) {
2023 iph2->dst);
2030 if (_XIDT(iph2->id_p) == idi2type
2032 iph2->src_id = dupsaddr((struct sockaddr *)&spidx.dst);
2033 if (iph2->src_id == NULL) {
2038 iph2->dst_id = dupsaddr((struct sockaddr *)&spidx.src);
2039 if (iph2->dst_id == NULL) {
2054 memcpy(&spidx.src, iph2->dst, sysdep_sa_len(iph2->dst));
2096 if (get_security_context(iph2->sa, &spidx)) {
2106 if (iph2->ph1->rmconf->gen_policy) {
2111 iph2->spidx_gen = racoon_malloc(sizeof(spidx));
2112 if (!iph2->spidx_gen) {
2117 memcpy(iph2->spidx_gen, &spidx, sizeof(spidx));
2126 if (iph2->ph1->rmconf->gen_policy) {
2130 iph2->spidx_gen = racoon_malloc(sizeof(spidx));
2131 if (!iph2->spidx_gen) {
2136 memcpy(iph2->spidx_gen, &spidx, sizeof(spidx));
2175 if (set_proposal_from_policy(iph2, sp_in, sp_out) < 0) {
2183 set_secctx_in_proposal(iph2, spidx);