1 /* $OpenBSD: ike_main_mode.c,v 1.19 2018/01/15 09:54:48 mpi Exp $ */
2 /* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */
3
4 /*
5 * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 /*
29 * This code was written under funding by Ericsson Radio Systems.
30 */
31
32 #include <sys/types.h>
33 #include <netinet/in.h>
34 #include <stdlib.h>
35 #include <string.h>
36
37 #include "attribute.h"
38 #include "conf.h"
39 #include "constants.h"
40 #include "crypto.h"
41 #include "dh.h"
42 #include "doi.h"
43 #include "exchange.h"
44 #include "hash.h"
45 #include "ike_auth.h"
46 #include "ike_main_mode.h"
47 #include "ike_phase_1.h"
48 #include "ipsec.h"
49 #include "ipsec_doi.h"
50 #include "isakmp.h"
51 #include "log.h"
52 #include "message.h"
53 #include "prf.h"
54 #include "sa.h"
55 #include "transport.h"
56 #include "util.h"
57
58 static int initiator_send_ID_AUTH(struct message *);
59 static int responder_send_ID_AUTH(struct message *);
60 static int responder_send_KE_NONCE(struct message *);
61
62 int (*ike_main_mode_initiator[]) (struct message *) = {
63 ike_phase_1_initiator_send_SA,
64 ike_phase_1_initiator_recv_SA,
65 ike_phase_1_initiator_send_KE_NONCE,
66 ike_phase_1_initiator_recv_KE_NONCE,
67 initiator_send_ID_AUTH,
68 ike_phase_1_recv_ID_AUTH
69 };
70
71 int (*ike_main_mode_responder[]) (struct message *) = {
72 ike_phase_1_responder_recv_SA,
73 ike_phase_1_responder_send_SA,
74 ike_phase_1_recv_KE_NONCE,
75 responder_send_KE_NONCE,
76 ike_phase_1_recv_ID_AUTH,
77 responder_send_ID_AUTH
78 };
79
80 static int
initiator_send_ID_AUTH(struct message * msg)81 initiator_send_ID_AUTH(struct message *msg)
82 {
83 msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT;
84
85 if (ike_phase_1_send_ID(msg))
86 return -1;
87
88 if (ike_phase_1_send_AUTH(msg))
89 return -1;
90
91 return ipsec_initial_contact(msg);
92 }
93
94 /* Send our public DH value and a nonce to the initiator. */
95 int
responder_send_KE_NONCE(struct message * msg)96 responder_send_KE_NONCE(struct message *msg)
97 {
98 /* XXX Should we really just use the initiator's nonce size? */
99 if (ike_phase_1_send_KE_NONCE(msg, msg->exchange->nonce_i_len))
100 return -1;
101
102 /*
103 * Calculate DH values & key material in parallel with the message
104 * going on a roundtrip over the wire.
105 */
106 message_register_post_send(msg,
107 (void (*)(struct message *))ike_phase_1_post_exchange_KE_NONCE);
108
109 return 0;
110 }
111
112 static int
responder_send_ID_AUTH(struct message * msg)113 responder_send_ID_AUTH(struct message *msg)
114 {
115 msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT;
116
117 if (ike_phase_1_responder_send_ID_AUTH(msg))
118 return -1;
119
120 return ipsec_initial_contact(msg);
121 }
122