summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/ike_aggressive.c
diff options
context:
space:
mode:
Diffstat (limited to 'keyexchange/isakmpd-20041012/ike_aggressive.c')
-rw-r--r--keyexchange/isakmpd-20041012/ike_aggressive.c184
1 files changed, 0 insertions, 184 deletions
diff --git a/keyexchange/isakmpd-20041012/ike_aggressive.c b/keyexchange/isakmpd-20041012/ike_aggressive.c
deleted file mode 100644
index 48ec10f..0000000
--- a/keyexchange/isakmpd-20041012/ike_aggressive.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* $OpenBSD: ike_aggressive.c,v 1.8 2004/07/29 08:54:08 ho Exp $ */
-/* $EOM: ike_aggressive.c,v 1.4 2000/01/31 22:33:45 niklas Exp $ */
-
-/*
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- * Copyright (c) 1999 Angelos D. Keromytis. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "sysdep.h"
-
-#include "attribute.h"
-#include "conf.h"
-#include "constants.h"
-#include "crypto.h"
-#include "dh.h"
-#include "doi.h"
-#include "exchange.h"
-#include "hash.h"
-#include "ike_auth.h"
-#include "ike_aggressive.h"
-#include "ike_phase_1.h"
-#include "ipsec.h"
-#include "ipsec_doi.h"
-#include "isakmp.h"
-#include "log.h"
-#include "math_group.h"
-#include "message.h"
-#if defined (USE_NAT_TRAVERSAL)
-#include "nat_traversal.h"
-#endif
-#include "prf.h"
-#include "sa.h"
-#include "transport.h"
-#include "util.h"
-
-static int initiator_recv_SA_KE_NONCE_ID_AUTH(struct message *);
-static int initiator_send_SA_KE_NONCE_ID(struct message *);
-static int initiator_send_AUTH(struct message *);
-static int responder_recv_SA_KE_NONCE_ID(struct message *);
-static int responder_send_SA_KE_NONCE_ID_AUTH(struct message *);
-static int responder_recv_AUTH(struct message *);
-
-int (*ike_aggressive_initiator[])(struct message *) = {
- initiator_send_SA_KE_NONCE_ID,
- initiator_recv_SA_KE_NONCE_ID_AUTH,
- initiator_send_AUTH
-};
-
-int (*ike_aggressive_responder[])(struct message *) = {
- responder_recv_SA_KE_NONCE_ID,
- responder_send_SA_KE_NONCE_ID_AUTH,
- responder_recv_AUTH
-};
-
-/* Offer a set of transforms to the responder in the MSG message. */
-static int
-initiator_send_SA_KE_NONCE_ID(struct message *msg)
-{
- if (ike_phase_1_initiator_send_SA(msg))
- return -1;
-
- if (ike_phase_1_initiator_send_KE_NONCE(msg))
- return -1;
-
- return ike_phase_1_send_ID(msg);
-}
-
-/* Figure out what transform the responder chose. */
-static int
-initiator_recv_SA_KE_NONCE_ID_AUTH(struct message *msg)
-{
- if (ike_phase_1_initiator_recv_SA(msg))
- return -1;
-
- if (ike_phase_1_initiator_recv_KE_NONCE(msg))
- return -1;
-
- return ike_phase_1_recv_ID_AUTH(msg);
-}
-
-static int
-initiator_send_AUTH(struct message *msg)
-{
- msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT;
-
- if (ike_phase_1_send_AUTH(msg))
- return -1;
-
- /*
- * RFC 2407 4.6.3 says that, among others, INITIAL-CONTACT MUST NOT
- * be sent in Aggressive Mode. This leaves us with the choice of
- * doing it in an informational exchange of its own with no delivery
- * guarantee or in the first Quick Mode, or not at all.
- * draft-jenkins-ipsec-rekeying-01.txt has some text that requires
- * INITIAL-CONTACT in phase 1, thus contradicting what we learned
- * above. I will bring this up in the IPsec list. For now we don't
- * do INITIAL-CONTACT at all when using aggressive mode.
- */
- return 0;
-}
-
-/*
- * Accept a set of transforms offered by the initiator and chose one we can
- * handle. Also accept initiator's public DH value, nonce and ID.
- */
-static int
-responder_recv_SA_KE_NONCE_ID(struct message *msg)
-{
- if (ike_phase_1_responder_recv_SA(msg))
- return -1;
-
- if (ike_phase_1_recv_ID(msg))
- return -1;
-
- return ike_phase_1_recv_KE_NONCE(msg);
-}
-
-/*
- * Reply with the transform we chose. Send our public DH value and a nonce
- * to the initiator.
- */
-static int
-responder_send_SA_KE_NONCE_ID_AUTH(struct message *msg)
-{
- /* Add the SA payload with the transform that was chosen. */
- if (ike_phase_1_responder_send_SA(msg))
- return -1;
-
- /* XXX Should we really just use the initiator's nonce size? */
- if (ike_phase_1_send_KE_NONCE(msg, msg->exchange->nonce_i_len))
- return -1;
-
- if (ike_phase_1_post_exchange_KE_NONCE(msg))
- return -1;
-
- return ike_phase_1_responder_send_ID_AUTH(msg);
-}
-
-/*
- * Reply with the transform we chose. Send our public DH value and a nonce
- * to the initiator.
- */
-static int
-responder_recv_AUTH(struct message *msg)
-{
- if (ike_phase_1_recv_AUTH(msg))
- return -1;
-
-#if defined (USE_NAT_TRAVERSAL)
- /* Aggressive: Check for NAT-D payloads and contents. */
- if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER)
- (void)nat_t_exchange_check_nat_d(msg);
-#endif
- return 0;
-}