1 /* $OpenBSD: ike_main_mode.c,v 1.15 2004/06/14 09:55:41 ho Exp $ */
2 /* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */
5 * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * This code was written under funding by Ericsson Radio Systems.
32 #include <sys/types.h>
33 #include <netinet/in.h>
39 #include "attribute.h"
41 #include "constants.h"
48 #include "ike_main_mode.h"
49 #include "ike_phase_1.h"
51 #include "ipsec_doi.h"
54 #include "math_group.h"
58 #include "transport.h"
61 static int initiator_send_ID_AUTH(struct message
*);
62 static int responder_send_ID_AUTH(struct message
*);
63 static int responder_send_KE_NONCE(struct message
*);
65 int (*ike_main_mode_initiator
[]) (struct message
*) = {
66 ike_phase_1_initiator_send_SA
,
67 ike_phase_1_initiator_recv_SA
,
68 ike_phase_1_initiator_send_KE_NONCE
,
69 ike_phase_1_initiator_recv_KE_NONCE
,
70 initiator_send_ID_AUTH
,
71 ike_phase_1_recv_ID_AUTH
74 int (*ike_main_mode_responder
[]) (struct message
*) = {
75 ike_phase_1_responder_recv_SA
,
76 ike_phase_1_responder_send_SA
,
77 ike_phase_1_recv_KE_NONCE
,
78 responder_send_KE_NONCE
,
79 ike_phase_1_recv_ID_AUTH
,
80 responder_send_ID_AUTH
84 initiator_send_ID_AUTH(struct message
*msg
)
86 msg
->exchange
->flags
|= EXCHANGE_FLAG_ENCRYPT
;
88 if (ike_phase_1_send_ID(msg
))
91 if (ike_phase_1_send_AUTH(msg
))
94 return ipsec_initial_contact(msg
);
97 /* Send our public DH value and a nonce to the initiator. */
99 responder_send_KE_NONCE(struct message
*msg
)
101 /* XXX Should we really just use the initiator's nonce size? */
102 if (ike_phase_1_send_KE_NONCE(msg
, msg
->exchange
->nonce_i_len
))
106 * Calculate DH values & key material in parallel with the message
107 * going on a roundtrip over the wire.
109 message_register_post_send(msg
,
110 (void (*)(struct message
*))ike_phase_1_post_exchange_KE_NONCE
);
116 responder_send_ID_AUTH(struct message
*msg
)
118 msg
->exchange
->flags
|= EXCHANGE_FLAG_ENCRYPT
;
120 if (ike_phase_1_responder_send_ID_AUTH(msg
))
123 return ipsec_initial_contact(msg
);