1 /* $OpenBSD: ike_main_mode.c,v 1.16 2005/04/08 22:32:10 cloder Exp $ */ 2 /* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */ 3 4 /* 5 * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 /* 29 * This code was written under funding by Ericsson Radio Systems. 30 */ 31 32 #include <sys/types.h> 33 #include <netinet/in.h> 34 #include <stdlib.h> 35 #include <string.h> 36 37 #include "attribute.h" 38 #include "conf.h" 39 #include "constants.h" 40 #include "crypto.h" 41 #include "dh.h" 42 #include "doi.h" 43 #include "exchange.h" 44 #include "hash.h" 45 #include "ike_auth.h" 46 #include "ike_main_mode.h" 47 #include "ike_phase_1.h" 48 #include "ipsec.h" 49 #include "ipsec_doi.h" 50 #include "isakmp.h" 51 #include "log.h" 52 #include "math_group.h" 53 #include "message.h" 54 #include "prf.h" 55 #include "sa.h" 56 #include "transport.h" 57 #include "util.h" 58 59 static int initiator_send_ID_AUTH(struct message *); 60 static int responder_send_ID_AUTH(struct message *); 61 static int responder_send_KE_NONCE(struct message *); 62 63 int (*ike_main_mode_initiator[]) (struct message *) = { 64 ike_phase_1_initiator_send_SA, 65 ike_phase_1_initiator_recv_SA, 66 ike_phase_1_initiator_send_KE_NONCE, 67 ike_phase_1_initiator_recv_KE_NONCE, 68 initiator_send_ID_AUTH, 69 ike_phase_1_recv_ID_AUTH 70 }; 71 72 int (*ike_main_mode_responder[]) (struct message *) = { 73 ike_phase_1_responder_recv_SA, 74 ike_phase_1_responder_send_SA, 75 ike_phase_1_recv_KE_NONCE, 76 responder_send_KE_NONCE, 77 ike_phase_1_recv_ID_AUTH, 78 responder_send_ID_AUTH 79 }; 80 81 static int 82 initiator_send_ID_AUTH(struct message *msg) 83 { 84 msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT; 85 86 if (ike_phase_1_send_ID(msg)) 87 return -1; 88 89 if (ike_phase_1_send_AUTH(msg)) 90 return -1; 91 92 return ipsec_initial_contact(msg); 93 } 94 95 /* Send our public DH value and a nonce to the initiator. */ 96 int 97 responder_send_KE_NONCE(struct message *msg) 98 { 99 /* XXX Should we really just use the initiator's nonce size? */ 100 if (ike_phase_1_send_KE_NONCE(msg, msg->exchange->nonce_i_len)) 101 return -1; 102 103 /* 104 * Calculate DH values & key material in parallel with the message 105 * going on a roundtrip over the wire. 106 */ 107 message_register_post_send(msg, 108 (void (*)(struct message *))ike_phase_1_post_exchange_KE_NONCE); 109 110 return 0; 111 } 112 113 static int 114 responder_send_ID_AUTH(struct message *msg) 115 { 116 msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT; 117 118 if (ike_phase_1_responder_send_ID_AUTH(msg)) 119 return -1; 120 121 return ipsec_initial_contact(msg); 122 } 123