Lines Matching refs:iph2
99 quick_i1prep(iph2, msg)
100 struct ph2handle *iph2;
106 if (iph2->status != PHASE2ST_STATUS2) {
108 "status mismatched %d.\n", iph2->status);
112 iph2->msgid = isakmp_newmsgid2(iph2->ph1);
113 iph2->ivm = oakley_newiv2(iph2->ph1, iph2->msgid);
114 if (iph2->ivm == NULL)
117 iph2->status = PHASE2ST_GETSPISENT;
126 if (pk_sendgetspi(iph2) < 0)
131 iph2->sce = sched_new(lcconf->wait_ph2complete,
132 pfkey_timeover_stub, iph2);
145 quick_i1send(iph2, msg)
146 struct ph2handle *iph2;
165 if (iph2->status != PHASE2ST_GETSPIDONE) {
167 "status mismatched %d.\n", iph2->status);
172 if (ipsecdoi_setph2proposal(iph2) < 0)
176 iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
177 if (iph2->nonce == NULL)
186 pfsgroup = iph2->proposal->pfs_group;
189 if (oakley_setdhgroup(pfsgroup, &iph2->pfsgrp) < 0) {
194 if (oakley_dh_generate(iph2->pfsgrp,
195 &iph2->dhpub, &iph2->dhpriv) < 0) {
201 if (ipsecdoi_setid2(iph2) < 0) {
207 plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
209 plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
218 id = (struct ipsecdoi_id_b *)iph2->id->v;
219 id_p = (struct ipsecdoi_id_b *)iph2->id_p->v;
222 && iph2->ph1->rmconf->support_mip6 == 0
223 && ipsecdoi_transportmode(iph2)) {
229 tlen = + sizeof(*gen) + iph2->sa->l
230 + sizeof(*gen) + iph2->nonce->l;
232 tlen += (sizeof(*gen) + iph2->dhpub->l);
234 tlen += sizeof(*gen) + iph2->id->l;
236 tlen += sizeof(*gen) + iph2->id_p->l;
248 p = set_isakmp_payload(p, iph2->sa, ISAKMP_NPTYPE_NONCE);
257 p = set_isakmp_payload(p, iph2->nonce, np);
262 p = set_isakmp_payload(p, iph2->dhpub, np);
267 p = set_isakmp_payload(p, iph2->id, np);
271 p = set_isakmp_payload(p, iph2->id_p, ISAKMP_NPTYPE_NONE);
274 hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, body);
279 iph2->sendbuf = quick_ir1mx(iph2, body, hash);
280 if (iph2->sendbuf == NULL)
284 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
285 if (isakmp_ph2resend(iph2) == -1)
289 iph2->status = PHASE2ST_MSG1SENT;
307 quick_i2recv(iph2, msg0)
308 struct ph2handle *iph2;
323 if (iph2->status != PHASE2ST_MSG1SENT) {
325 "status mismatched %d.\n", iph2->status);
331 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
335 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
353 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
369 plog(LLV_WARNING, LOCATION, iph2->ph1->remote,
376 tlen = iph2->nonce->l
384 p = hbuf->v + iph2->nonce->l; /* retain the space for Ni_b */
390 iph2->sa_ret = NULL;
401 if (iph2->sa_ret != NULL) {
407 if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
412 if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
417 if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
429 vp = iph2->id;
432 vp = iph2->id_p;
446 isakmp_check_notify(pa->ptr, iph2->ph1);
451 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
465 if (hash == NULL || iph2->sa_ret == NULL || iph2->nonce_p == NULL) {
466 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
472 memcpy(hbuf->v, iph2->nonce->v, iph2->nonce->l);
475 hbuf->l, tlen + iph2->nonce->l);
477 hbuf->l = iph2->nonce->l + tlen;
490 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, hbuf);
498 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
506 if (ipsecdoi_checkph2proposal(iph2) < 0) {
512 iph2->status = PHASE2ST_STATUS6;
525 VPTRINIT(iph2->sa_ret);
526 VPTRINIT(iph2->nonce_p);
527 VPTRINIT(iph2->dhpub_p);
528 VPTRINIT(iph2->id);
529 VPTRINIT(iph2->id_p);
540 quick_i2send(iph2, msg0)
541 struct ph2handle *iph2;
552 if (iph2->status != PHASE2ST_STATUS6) {
554 "status mismatched %d.\n", iph2->status);
564 tmp = vmalloc(iph2->nonce->l + iph2->nonce_p->l);
570 memcpy(tmp->v, iph2->nonce->v, iph2->nonce->l);
571 memcpy(tmp->v + iph2->nonce->l, iph2->nonce_p->v, iph2->nonce_p->l);
573 hash = oakley_compute_hash3(iph2->ph1, iph2->msgid, tmp);
591 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
599 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
603 iph2->sendbuf = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
604 if (iph2->sendbuf == NULL)
608 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
610 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
611 if (isakmp_ph2resend(iph2) == -1)
615 if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0)
620 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local,
621 iph2->sendbuf, msg0) == -1) {
628 if (oakley_compute_keymat(iph2, INITIATOR) < 0)
631 iph2->status = PHASE2ST_ADDSA;
640 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
641 iph2->status = PHASE2ST_COMMIT;
648 if (pk_sendupdate(iph2) < 0) {
655 if (pk_sendadd(iph2) < 0) {
679 quick_i3recv(iph2, msg0)
680 struct ph2handle *iph2;
691 if (iph2->status != PHASE2ST_COMMIT) {
693 "status mismatched %d.\n", iph2->status);
699 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
703 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
721 isakmp_check_notify(pa->ptr, iph2->ph1);
732 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
742 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
759 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, notify);
768 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
775 iph2->status = PHASE2ST_ADDSA;
776 iph2->flags ^= ISAKMP_FLAG_C; /* reset bit */
786 if (pk_sendupdate(iph2) < 0) {
793 if (pk_sendadd(iph2) < 0) {
817 quick_r1recv(iph2, msg0)
818 struct ph2handle *iph2;
833 if (iph2->status != PHASE2ST_START) {
835 "status mismatched %d.\n", iph2->status);
841 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
847 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
865 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
882 plog(LLV_WARNING, LOCATION, iph2->ph1->remote,
903 iph2->sa = NULL; /* we don't support multi SAs. */
904 iph2->nonce_p = NULL;
905 iph2->dhpub_p = NULL;
906 iph2->id_p = NULL;
907 iph2->id = NULL;
928 if (iph2->sa != NULL) {
933 if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
938 if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
943 if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
948 if (iph2->id_p == NULL) {
952 if (isakmp_p2ph(&iph2->id_p, pa->ptr) < 0)
955 } else if (iph2->id == NULL) {
964 if (isakmp_p2ph(&iph2->id, pa->ptr) < 0)
969 plogdump(LLV_ERROR, iph2->id->v, iph2->id->l);
976 isakmp_check_notify(pa->ptr, iph2->ph1);
980 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
995 if (hash == NULL || iph2->sa == NULL || iph2->nonce_p == NULL) {
996 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1002 if (iph2->id_p) {
1004 plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
1006 if (iph2->id) {
1008 plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
1025 my_hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, hbuf);
1033 plog(LLV_DEBUG, LOCATION, iph2->ph1->remote,
1041 error = get_sainfo_r(iph2);
1049 error = get_proposal_r(iph2);
1053 if (set_proposal_from_proposal(iph2)) {
1062 if (ipsecdoi_selectph2proposal(iph2) < 0) {
1074 if (iph2->dhpub_p != NULL && iph2->approval->pfs_group == 0) {
1080 if (iph2->dhpub_p == NULL && iph2->approval->pfs_group != 0) {
1091 iph2->msg1 = vdup(msg0);
1094 iph2->status = PHASE2ST_STATUS2;
1107 VPTRINIT(iph2->sa);
1108 VPTRINIT(iph2->nonce_p);
1109 VPTRINIT(iph2->dhpub_p);
1110 VPTRINIT(iph2->id);
1111 VPTRINIT(iph2->id_p);
1121 quick_r1prep(iph2, msg)
1122 struct ph2handle *iph2;
1128 if (iph2->status != PHASE2ST_STATUS2) {
1130 "status mismatched %d.\n", iph2->status);
1134 iph2->status = PHASE2ST_GETSPISENT;
1137 if (pk_sendgetspi(iph2) < 0)
1142 iph2->sce = sched_new(lcconf->wait_ph2complete,
1143 pfkey_timeover_stub, iph2);
1156 quick_r2send(iph2, msg)
1157 struct ph2handle *iph2;
1175 if (iph2->status != PHASE2ST_GETSPIDONE) {
1177 "status mismatched %d.\n", iph2->status);
1182 if (ipsecdoi_updatespi(iph2) < 0) {
1188 iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
1189 if (iph2->nonce == NULL)
1193 pfsgroup = iph2->approval->pfs_group;
1194 if (iph2->dhpub_p != NULL && pfsgroup != 0) {
1196 if (oakley_setdhgroup(pfsgroup, &iph2->pfsgrp) < 0) {
1202 if (oakley_dh_generate(iph2->pfsgrp,
1203 &iph2->dhpub, &iph2->dhpriv) < 0) {
1209 tlen = sizeof(*gen) + iph2->sa_ret->l
1210 + sizeof(*gen) + iph2->nonce->l;
1211 if (iph2->dhpub_p != NULL && pfsgroup != 0)
1212 tlen += (sizeof(*gen) + iph2->dhpub->l);
1213 if (iph2->id_p != NULL)
1214 tlen += (sizeof(*gen) + iph2->id_p->l
1215 + sizeof(*gen) + iph2->id->l);
1226 p = set_isakmp_payload(body->v, iph2->sa_ret, ISAKMP_NPTYPE_NONCE);
1230 p = set_isakmp_payload(p, iph2->nonce,
1231 (iph2->dhpub_p != NULL && pfsgroup != 0)
1233 : (iph2->id_p != NULL
1238 if (iph2->dhpub_p != NULL && pfsgroup != 0) {
1240 p = set_isakmp_payload(p, iph2->dhpub,
1241 (iph2->id_p == NULL)
1247 if (iph2->id_p != NULL) {
1249 p = set_isakmp_payload(p, iph2->id_p, ISAKMP_NPTYPE_ID);
1252 p = set_isakmp_payload(p, iph2->id, ISAKMP_NPTYPE_NONE);
1258 struct saprop *pp = iph2->approval;
1301 tmp = vmalloc(iph2->nonce_p->l + body->l);
1307 memcpy(tmp->v, iph2->nonce_p->v, iph2->nonce_p->l);
1308 memcpy(tmp->v + iph2->nonce_p->l, body->v, body->l);
1310 hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, tmp);
1318 iph2->sendbuf = quick_ir1mx(iph2, body, hash);
1319 if (iph2->sendbuf == NULL)
1323 iph2->retry_counter = iph2->ph1->rmconf->retry_counter;
1324 if (isakmp_ph2resend(iph2) == -1)
1328 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local, iph2->sendbuf, iph2->msg1) == -1) {
1335 iph2->status = PHASE2ST_MSG1SENT;
1353 quick_r3recv(iph2, msg0)
1354 struct ph2handle *iph2;
1364 if (iph2->status != PHASE2ST_MSG1SENT) {
1366 "status mismatched %d.\n", iph2->status);
1372 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1376 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
1394 isakmp_check_notify(pa->ptr, iph2->ph1);
1398 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1408 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1426 tmp = vmalloc(iph2->nonce_p->l + iph2->nonce->l);
1432 memcpy(tmp->v, iph2->nonce_p->v, iph2->nonce_p->l);
1433 memcpy(tmp->v + iph2->nonce_p->l, iph2->nonce->v, iph2->nonce->l);
1435 my_hash = oakley_compute_hash3(iph2->ph1, iph2->msgid, tmp);
1444 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
1452 if (ISSET(iph2->flags, ISAKMP_FLAG_C)) {
1453 iph2->status = PHASE2ST_COMMIT;
1455 iph2->status = PHASE2ST_STATUS6;
1473 quick_r3send(iph2, msg0)
1474 struct ph2handle *iph2;
1486 if (iph2->status != PHASE2ST_COMMIT) {
1488 "status mismatched %d.\n", iph2->status);
1495 tlen = sizeof(struct isakmp_pl_n) + iph2->approval->head->spisize;
1506 n->proto_id = iph2->approval->head->proto_id;
1507 n->spi_size = sizeof(iph2->approval->head->spisize);
1509 memcpy(n + 1, &iph2->approval->head->spi, iph2->approval->head->spisize);
1511 myhash = oakley_compute_hash1(iph2->ph1, iph2->msgid, notify);
1527 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
1538 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
1542 iph2->sendbuf = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
1543 if (iph2->sendbuf == NULL)
1547 if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0)
1551 if (add_recvdpkt(iph2->ph1->remote, iph2->ph1->local, iph2->sendbuf, msg0) == -1) {
1557 iph2->status = PHASE2ST_COMMIT;
1576 quick_r3prep(iph2, msg0)
1577 struct ph2handle *iph2;
1584 if (iph2->status != PHASE2ST_STATUS6) {
1586 "status mismatched %d.\n", iph2->status);
1591 if (oakley_compute_keymat(iph2, RESPONDER) < 0)
1594 iph2->status = PHASE2ST_ADDSA;
1595 iph2->flags ^= ISAKMP_FLAG_C; /* reset bit */
1605 if (pk_sendupdate(iph2) < 0) {
1612 if (pk_sendadd(iph2) < 0) {
1622 if (iph2->spidx_gen) {
1627 struct sockaddr *src = iph2->src;
1628 struct sockaddr *dst = iph2->dst;
1631 iph2->src = dst;
1632 iph2->dst = src;
1633 if (pk_sendspdupdate2(iph2) < 0) {
1642 iph2->src = src;
1643 iph2->dst = dst;
1644 spidx = (struct policyindex *)iph2->spidx_gen;
1653 if (pk_sendspdupdate2(iph2) < 0) {
1662 delsp_bothdir((struct policyindex *)iph2->spidx_gen);
1663 racoon_free(iph2->spidx_gen);
1664 iph2->spidx_gen = NULL;
1680 quick_ir1mx(iph2, body, hash)
1681 struct ph2handle *iph2;
1703 iph2->flags |= ISAKMP_FLAG_E;
1706 p = set_isakmp_header2(buf, iph2, ISAKMP_NPTYPE_HASH);
1717 isakmp_printpacket(buf, iph2->ph1->local, iph2->ph1->remote, 1);
1721 new = oakley_do_encrypt(iph2->ph1, buf, iph2->ivm->ive, iph2->ivm->iv);
1745 get_sainfo_r(iph2)
1746 struct ph2handle *iph2;
1752 if (iph2->id_p == NULL) {
1753 switch (iph2->src->sa_family) {
1762 "invalid family: %d\n", iph2->src->sa_family);
1765 idsrc = ipsecdoi_sockaddr2id(iph2->src, prefixlen,
1768 idsrc = vdup(iph2->id);
1776 if (iph2->id == NULL) {
1777 switch (iph2->dst->sa_family) {
1786 "invalid family: %d\n", iph2->dst->sa_family);
1789 iddst = ipsecdoi_sockaddr2id(iph2->dst, prefixlen,
1792 iddst = vdup(iph2->id_p);
1800 iph2->sainfo = getsainfo(idsrc, iddst);
1801 if (iph2->sainfo == NULL) {
1808 "get sa info: %s\n", sainfo2str(iph2->sainfo));
1831 get_proposal_r(iph2)
1832 struct ph2handle *iph2;
1840 if ((iph2->id_p != NULL && iph2->id == NULL)
1841 || (iph2->id_p == NULL && iph2->id != NULL)) {
1848 if (iph2->src_id || iph2->dst_id) {
1866 if (iph2->id != NULL
1867 && (_XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR
1868 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR
1869 || _XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR_SUBNET
1870 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR_SUBNET)) {
1872 error = ipsecdoi_id2sockaddr(iph2->id,
1885 if (_XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR) {
1887 iph2->src);
1893 if (_XIDT(iph2->id) == IPSECDOI_ID_IPV4_ADDR
1894 || _XIDT(iph2->id) == IPSECDOI_ID_IPV6_ADDR)
1895 idi2type = _XIDT(iph2->id);
1910 memcpy(&spidx.dst, iph2->src, sysdep_sa_len(iph2->src));
1927 if (iph2->id_p != NULL
1928 && (_XIDT(iph2->id_p) == IPSECDOI_ID_IPV4_ADDR
1929 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR
1930 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV4_ADDR_SUBNET
1931 || _XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR_SUBNET)) {
1933 error = ipsecdoi_id2sockaddr(iph2->id_p,
1944 if (_XIDT(iph2->id_p) == IPSECDOI_ID_IPV6_ADDR) {
1946 iph2->dst);
1953 if (_XIDT(iph2->id_p) == idi2type
1955 iph2->src_id = dupsaddr((struct sockaddr *)&spidx.dst);
1956 iph2->dst_id = dupsaddr((struct sockaddr *)&spidx.src);
1967 memcpy(&spidx.src, iph2->dst, sysdep_sa_len(iph2->dst));
2006 if (iph2->ph1->rmconf->gen_policy) {
2011 iph2->spidx_gen = racoon_malloc(sizeof(spidx));
2012 if (!iph2->spidx_gen) {
2017 memcpy(iph2->spidx_gen, &spidx, sizeof(spidx));
2060 /* set new proposal derived from a policy into the iph2->proposal. */
2061 if (set_proposal_from_policy(iph2, sp_in, sp_out) < 0) {