/home/build/libreswan/programs/pluto/ikev1.c

Bug Summary

File:	programs/pluto/ikev1.c
Warning:	line 3222, column 4 Value stored to 'c' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ikev1.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -pic-is-pie -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/lib64/clang/8.0.0 -D TimeZoneOffset=timezone -D linux -D PIE -D NSS_IPSEC_PROFILE -D XFRM_SUPPORT -D USE_XFRM_INTERFACE -D USE_DNSSEC -D DEFAULT_DNSSEC_ROOTKEY_FILE="/var/lib/unbound/root.key" -D HAVE_LABELED_IPSEC -D HAVE_SECCOMP -D LIBCURL -D USE_LINUX_AUDIT -D USE_SYSTEMD_WATCHDOG -D HAVE_NM -D XAUTH_HAVE_PAM -D USE_3DES -D USE_AES -D USE_CAMELLIA -D USE_CHACHA -D USE_DH31 -D USE_MD5 -D USE_SHA1 -D USE_SHA2 -D USE_PRF_AES_XCBC -D DEFAULT_RUNDIR="/run/pluto" -D IPSEC_CONF="/etc/ipsec.conf" -D IPSEC_CONFDDIR="/etc/ipsec.d" -D IPSEC_NSSDIR="/etc/ipsec.d" -D IPSEC_CONFDIR="/etc" -D IPSEC_EXECDIR="/usr/local/libexec/ipsec" -D IPSEC_SBINDIR="/usr/local/sbin" -D IPSEC_VARDIR="/var" -D POLICYGROUPSDIR="/etc/ipsec.d/policies" -D IPSEC_SECRETS_FILE="/etc/ipsec.secrets" -D FORCE_PR_ASSERT -D USE_FORK=1 -D USE_VFORK=0 -D USE_DAEMON=0 -D USE_PTHREAD_SETSCHEDPRIO=1 -D GCC_LINT -D HAVE_LIBCAP_NG -I . -I ../../OBJ.linux.x86_64/programs/pluto -I ../../include -I /usr/include/nss3 -I /usr/include/nspr4 -I /home/build/libreswan/programs/pluto/linux-copy -D HERE_BASENAME="ikev1.c" -internal-isystem /usr/local/include -internal-isystem /usr/lib64/clang/8.0.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wno-missing-field-initializers -std=gnu99 -fdebug-compilation-dir /home/build/libreswan/programs/pluto -ferror-limit 19 -fmessage-length 0 -stack-protector 3 -fobjc-runtime=gcc -fdiagnostics-show-option -analyzer-output=html -o /tmp/scan-build-2020-09-09-193337-25440-1 -x c /home/build/libreswan/programs/pluto/ikev1.c -faddrsig

1	/* State machine for IKEv1
2	*
3	* Copyright (C) 1997 Angelos D. Keromytis.
4	* Copyright (C) 1998-2010,2013-2016 D. Hugh Redelmeier <hugh@mimosa.com>
5	* Copyright (C) 2003-2008 Michael Richardson <mcr@xelerance.com>
6	* Copyright (C) 2008-2009 David McCullough <david_mccullough@securecomputing.com>
7	* Copyright (C) 2008-2010 Paul Wouters <paul@xelerance.com>
8	* Copyright (C) 2011 Avesh Agarwal <avagarwa@redhat.com>
9	* Copyright (C) 2008 Hiren Joshi <joshihirenn@gmail.com>
10	* Copyright (C) 2009 Anthony Tong <atong@TrustedCS.com>
11	* Copyright (C) 2012-2019 Paul Wouters <pwouters@redhat.com>
12	* Copyright (C) 2013 Wolfgang Nothdurft <wolfgang@linogate.de>
13	* Copyright (C) 2019-2019 Andrew Cagney <cagney@gnu.org>
14	*
15	* This program is free software; you can redistribute it and/or modify it
16	* under the terms of the GNU General Public License as published by the
17	* Free Software Foundation; either version 2 of the License, or (at your
18	* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
19	*
20	* This program is distributed in the hope that it will be useful, but
21	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23	* for more details.
24	*
25	*/
26
27	/* Ordering Constraints on Payloads
28	*
29	* rfc2409: The Internet Key Exchange (IKE)
30	*
31	* 5 Exchanges:
32	* "The SA payload MUST precede all other payloads in a phase 1 exchange."
33	*
34	* "Except where otherwise noted, there are no requirements for ISAKMP
35	* payloads in any message to be in any particular order."
36	*
37	* 5.3 Phase 1 Authenticated With a Revised Mode of Public Key Encryption:
38	*
39	* "If the HASH payload is sent it MUST be the first payload of the
40	* second message exchange and MUST be followed by the encrypted
41	* nonce. If the HASH payload is not sent, the first payload of the
42	* second message exchange MUST be the encrypted nonce."
43	*
44	* "Save the requirements on the location of the optional HASH payload
45	* and the mandatory nonce payload there are no further payload
46	* requirements. All payloads-- in whatever order-- following the
47	* encrypted nonce MUST be encrypted with Ke_i or Ke_r depending on the
48	* direction."
49	*
50	* 5.5 Phase 2 - Quick Mode
51	*
52	* "In Quick Mode, a HASH payload MUST immediately follow the ISAKMP
53	* header and a SA payload MUST immediately follow the HASH."
54	* [NOTE: there may be more than one SA payload, so this is not
55	* totally reasonable. Probably all SAs should be so constrained.]
56	*
57	* "If ISAKMP is acting as a client negotiator on behalf of another
58	* party, the identities of the parties MUST be passed as IDci and
59	* then IDcr."
60	*
61	* "With the exception of the HASH, SA, and the optional ID payloads,
62	* there are no payload ordering restrictions on Quick Mode."
63	*/
64
65	/* Unfolding of Identity -- a central mystery
66	*
67	* This concerns Phase 1 identities, those of the IKE hosts.
68	* These are the only ones that are authenticated. Phase 2
69	* identities are for IPsec SAs.
70	*
71	* There are three case of interest:
72	*
73	* (1) We initiate, based on a whack command specifying a Connection.
74	* We know the identity of the peer from the Connection.
75	*
76	* (2) (to be implemented) we initiate based on a flow from our client
77	* to some IP address.
78	* We immediately know one of the peer's client IP addresses from
79	* the flow. We must use this to figure out the peer's IP address
80	* and Id. To be solved.
81	*
82	* (3) We respond to an IKE negotiation.
83	* We immediately know the peer's IP address.
84	* We get an ID Payload in Main I2.
85	*
86	* Unfortunately, this is too late for a number of things:
87	* - the ISAKMP SA proposals have already been made (Main I1)
88	* AND one accepted (Main R1)
89	* - the SA includes a specification of the type of ID
90	* authentication so this is negotiated without being told the ID.
91	* - with Preshared Key authentication, Main I2 is encrypted
92	* using the key, so it cannot be decoded to reveal the ID
93	* without knowing (or guessing) which key to use.
94	*
95	* There are three reasonable choices here for the responder:
96	* + assume that the initiator is making wise offers since it
97	* knows the IDs involved. We can balk later (but not gracefully)
98	* when we find the actual initiator ID
99	* + attempt to infer identity by IP address. Again, we can balk
100	* when the true identity is revealed. Actually, it is enough
101	* to infer properties of the identity (eg. SA properties and
102	* PSK, if needed).
103	* + make all properties universal so discrimination based on
104	* identity isn't required. For example, always accept the same
105	* kinds of encryption. Accept Public Key Id authentication
106	* since the Initiator presumably has our public key and thinks
107	* we must have / can find peers. This approach is weakest
108	* for preshared key since the actual key must be known to
109	* decrypt the Initiator's ID Payload.
110	* These choices can be blended. For example, a class of Identities
111	* can be inferred, sufficient to select a preshared key but not
112	* sufficient to infer a unique identity.
113	*/
114
115	#include <stdio.h>
116	#include <stdlib.h>
117	#include <stddef.h>
118	#include <string.h>
119	#include <unistd.h>
120	#include <errno(*__errno_location ()).h>
121	#include <sys/types.h>
122	#include <sys/socket.h>
123	#include <netinet/in.h>
124	#include <arpa/inet.h>
125
126
127	#include "sysdep.h"
128	#include "constants.h"
129
130	#include "defs.h"
131	#include "ike_spi.h"
132	#include "id.h"
133	#include "x509.h"
134	#include "pluto_x509.h"
135	#include "certs.h"
136	#include "connections.h" /* needs id.h */
137	#include "state.h"
138	#include "ikev1_msgid.h"
139	#include "packet.h"
140	#include "crypto.h"
141	#include "ike_alg.h"
142	#include "log.h"
143	#include "demux.h" /* needs packet.h */
144	#include "ikev1.h"
145	#include "ipsec_doi.h" /* needs demux.h and state.h */
146	#include "ikev1_quick.h"
147	#include "timer.h"
148	#include "whack.h" /* requires connections.h */
149	#include "server.h"
150	#include "send.h"
151	#include "ikev1_send.h"
152	#include "ikev1_xauth.h"
153	#include "retransmit.h"
154	#include "nat_traversal.h"
155	#include "vendor.h"
156	#include "ikev1_dpd.h"
157	#include "hostpair.h"
158	#include "ip_address.h"
159	#include "ikev1_hash.h"
160	#include "ike_alg_encrypt_ops.h" /* XXX: oops */
161	#include "ikev1_states.h"
162	#include "initiate.h"
163	#include "iface.h"
164	#include "ip_selector.h"
165
166	#ifdef HAVE_NM1
167	#include "kernel.h"
168	#endif
169
170	#include "pluto_stats.h"
171
172	/*
173	* state_v1_microcode is a tuple of information parameterizing certain
174	* centralized processing of a packet. For example, it roughly
175	* specifies what payloads are expected in this message. The
176	* microcode is selected primarily based on the state. In Phase 1,
177	* the payload structure often depends on the authentication
178	* technique, so that too plays a part in selecting the
179	* state_v1_microcode to use.
180	*/
181
182	struct state_v1_microcode {
183	enum state_kind state, next_state;
184	lset_t flags;
185	lset_t req_payloads; /* required payloads (allows just one) */
186	lset_t opt_payloads; /* optional payloads (any number) */
187	enum event_type timeout_event;
188	ikev1_state_transition_fn *processor;
189	const char *message;
190	enum v1_hash_type hash_type;
191	};
192
193	void jam_v1_transition(struct jambuf buf, const struct state_v1_microcode transition)
194	{
195	if (transition == NULL((void*)0)) {
196	jam(buf, "NULL");
197	} else {
198	jam(buf, "%s->%s",
199	finite_states[transition->state]->short_name,
200	finite_states[transition->next_state]->short_name);
201	}
202	}
203
204	/* State Microcode Flags, in several groups */
205
206	/* Oakley Auth values: to which auth values does this entry apply?
207	* Most entries will use SMF_ALL_AUTH because they apply to all.
208	* Note: SMF_ALL_AUTH matches 0 for those circumstances when no auth
209	* has been set.
210	*
211	* The IKEv1 state machine then uses the auth type (SMF_*_AUTH flags)
212	* to select the exact state transition. For states where auth
213	* (SMF_*_AUTH flags) don't apply (.e.g, child states)
214	* flags\|=SMF_ALL_AUTH so the first transition always matches.
215	*
216	* Once a transition is selected, the containing payloads are checked
217	* against what is allowed. For instance, in STATE_MAIN_R2 ->
218	* STATE_MAIN_R3 with SMF_DS_AUTH requires P(SIG).
219	*
220	* In IKEv2, it is the message header and payload types that select
221	* the state. As for how the IKEv1 'from state' is selected, look for
222	* a big nasty magic switch.
223	*
224	* XXX: the state transition table is littered with STATE_UNDEFINED /
225	* SMF_ALL_AUTH / unexpected() entries. These are to catch things
226	* like unimplemented auth cases, and unexpected packets. For the
227	* latter, they seem to be place holders so that the table contains at
228	* least one entry for the state.
229	*
230	* XXX: Some of the SMF flags specify attributes of the current state
231	* (e.g., SMF_RETRANSMIT_ON_DUPLICATE), some apply to the state
232	* transition (e.g., SMF_REPLY), and some can be interpreted as either
233	* (.e.g., SMF_INPUT_ENCRYPTED).
234	*/
235	#define SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) LRANGE(0, OAKLEY_AUTH_ROOF - 1)(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)))
236	#define SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) LELEM(OAKLEY_PRESHARED_KEY)((lset_t)1 << (OAKLEY_PRESHARED_KEY))
237	#define SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) (LELEM(OAKLEY_DSS_SIG)((lset_t)1 << (OAKLEY_DSS_SIG)) \| LELEM(OAKLEY_RSA_SIG)((lset_t)1 << (OAKLEY_RSA_SIG)))
238	#define SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) LELEM(OAKLEY_RSA_ENC)((lset_t)1 << (OAKLEY_RSA_ENC))
239	#define SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) LELEM(OAKLEY_RSA_REVISED_MODE)((lset_t)1 << (OAKLEY_RSA_REVISED_MODE))
240
241	/* misc flags */
242	#define SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) LELEM(OAKLEY_AUTH_ROOF + 0)((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))
243	#define SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) LELEM(OAKLEY_AUTH_ROOF + 1)((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))
244	#define SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) LELEM(OAKLEY_AUTH_ROOF + 2)((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))
245	#define SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) LELEM(OAKLEY_AUTH_ROOF + 3)((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))
246	#define SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)) LELEM(OAKLEY_AUTH_ROOF + 4)((lset_t)1 << (OAKLEY_AUTH_ROOF + 4))
247
248	#define SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) (SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)))
249
250	/* this state generates a reply message */
251	#define SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) LELEM(OAKLEY_AUTH_ROOF + 5)((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))
252
253	/* this state completes P1, so any pending P2 negotiations should start */
254	#define SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) LELEM(OAKLEY_AUTH_ROOF + 6)((lset_t)1 << (OAKLEY_AUTH_ROOF + 6))
255
256	/* if we have canoncalized the authentication from XAUTH mode */
257	#define SMF_XAUTH_AUTH((lset_t)1 << (OAKLEY_AUTH_ROOF + 7)) LELEM(OAKLEY_AUTH_ROOF + 7)((lset_t)1 << (OAKLEY_AUTH_ROOF + 7))
258
259	/* end of flags */
260
261	static ikev1_state_transition_fn unexpected; /* forward declaration */
262	static ikev1_state_transition_fn informational; /* forward declaration */
263
264	/*
265	* v1_state_microcode_table is a table of all state_v1_microcode
266	* tuples. It must be in order of state (the first element). After
267	* initialization, ike_microcode_index[s] points to the first entry in
268	* v1_state_microcode_table for state s. Remember that each state
269	* name in Main or Quick Mode describes what has happened in the past,
270	* not what this message is.
271	*/
272
273	static const struct state_v1_microcode v1_state_microcode_table[] = {
274
275	#define P(n) LELEM(ISAKMP_NEXT_ ##n)((lset_t)1 << (ISAKMP_NEXT_ ##n))
276	#define FM(F) .processor = F, .message = #F
277
278	/*** Phase 1 Main Mode ***/
279
280	/* No state for main_outI1: --> HDR, SA */
281
282	/* STATE_MAIN_R0: I1 --> R1
283	* HDR, SA --> HDR, SA
284	*/
285	{ STATE_MAIN_R0, STATE_MAIN_R1,
286	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
287	P(SA), P(VID) \| P(CR),
288	EVENT_SO_DISCARD,
289	FM(main_inI1_outR1),
290	.hash_type = V1_HASH_NONE, },
291
292	/* STATE_MAIN_I1: R1 --> I2
293	* HDR, SA --> auth dependent
294	* SMF_PSK_AUTH, SMF_DS_AUTH: --> HDR, KE, Ni
295	* SMF_PKE_AUTH:
296	* --> HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
297	* SMF_RPKE_AUTH:
298	* --> HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDi1_b>Ke_i [,<<Cert-I_b>Ke_i]
299	* Note: since we don't know auth at start, we cannot differentiate
300	* microcode entries based on it.
301	*/
302	{ STATE_MAIN_I1, STATE_MAIN_I2,
303	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
304	P(SA), P(VID) \| P(CR),
305	EVENT_RETRANSMIT,
306	FM(main_inR1_outI2),
307	.hash_type = V1_HASH_NONE, },
308
309	/* STATE_MAIN_R1: I2 --> R2
310	* SMF_PSK_AUTH, SMF_DS_AUTH: HDR, KE, Ni --> HDR, KE, Nr
311	* SMF_PKE_AUTH: HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
312	* --> HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
313	* SMF_RPKE_AUTH:
314	* HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDi1_b>Ke_i [,<<Cert-I_b>Ke_i]
315	* --> HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r
316	*/
317	{ STATE_MAIN_R1, STATE_MAIN_R2,
318	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
319	P(KE) \| P(NONCE), P(VID) \| P(CR) \| P(NATD_RFC),
320	EVENT_RETRANSMIT,
321	FM(main_inI2_outR2),
322	.hash_type = V1_HASH_NONE, },
323
324	{ STATE_MAIN_R1, STATE_UNDEFINED,
325	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
326	P(KE) \| P(ID) \| P(NONCE), P(VID) \| P(CR) \| P(HASH),
327	EVENT_RETRANSMIT,
328	FM(unexpected) /* ??? not yet implemented */,
329	.hash_type = V1_HASH_NONE, },
330
331	{ STATE_MAIN_R1, STATE_UNDEFINED,
332	SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
333	P(NONCE) \| P(KE) \| P(ID), P(VID) \| P(CR) \| P(HASH) \| P(CERT),
334	EVENT_RETRANSMIT,
335	FM(unexpected) /* ??? not yet implemented */,
336	.hash_type = V1_HASH_NONE, },
337
338	/* for states from here on, output message must be encrypted */
339
340	/* STATE_MAIN_I2: R2 --> I3
341	* SMF_PSK_AUTH: HDR, KE, Nr --> HDR*, IDi1, HASH_I
342	* SMF_DS_AUTH: HDR, KE, Nr --> HDR*, IDi1, [ CERT, ] SIG_I
343	* SMF_PKE_AUTH: HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
344	* --> HDR*, HASH_I
345	* SMF_RPKE_AUTH: HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r
346	* --> HDR*, HASH_I
347	*/
348	{ STATE_MAIN_I2, STATE_MAIN_I3,
349	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
350	P(KE) \| P(NONCE), P(VID) \| P(CR) \| P(NATD_RFC),
351	EVENT_RETRANSMIT,
352	FM(main_inR2_outI3),
353	/* calls main_mode_hash() after DH */
354	.hash_type = V1_HASH_NONE, },
355
356	{ STATE_MAIN_I2, STATE_UNDEFINED,
357	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
358	P(KE) \| P(ID) \| P(NONCE), P(VID) \| P(CR),
359	EVENT_RETRANSMIT,
360	FM(unexpected) /* ??? not yet implemented */,
361	.hash_type = V1_HASH_NONE, },
362
363	{ STATE_MAIN_I2, STATE_UNDEFINED,
364	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
365	P(NONCE) \| P(KE) \| P(ID), P(VID) \| P(CR),
366	EVENT_RETRANSMIT,
367	FM(unexpected) /* ??? not yet implemented */,
368	.hash_type = V1_HASH_NONE, },
369
370	/* for states from here on, input message must be encrypted */
371
372	/* STATE_MAIN_R2: I3 --> R3
373	* SMF_PSK_AUTH: HDR, IDi1, HASH_I --> HDR, IDr1, HASH_R
374	* SMF_DS_AUTH: HDR, IDi1, [ CERT, ] SIG_I --> HDR, IDr1, [ CERT, ] SIG_R
375	* SMF_PKE_AUTH, SMF_RPKE_AUTH: HDR, HASH_I --> HDR, HASH_R
376	*/
377	{ STATE_MAIN_R2, STATE_MAIN_R3,
378	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
379	SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
380	P(ID) \| P(HASH), P(VID) \| P(CR),
381	EVENT_SA_REPLACE,
382	FM(main_inI3_outR3),
383	/* calls oakley_id_and_auth() which calls main_mode_hash() */
384	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
385	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b ) */
386	.hash_type = V1_HASH_NONE, },
387
388	{ STATE_MAIN_R2, STATE_MAIN_R3,
389	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
390	SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
391	P(ID) \| P(SIG), P(VID) \| P(CR) \| P(CERT),
392	EVENT_SA_REPLACE,
393	FM(main_inI3_outR3),
394	/* calls oakley_id_and_auth() which calls main_mode_hash() */
395	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
396	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b )
397	SIG_I = SIGN(HASH_I) *",
398	SIG_I = SIGN(HASH_I) */
399	.hash_type = V1_HASH_NONE, },
400
401	{ STATE_MAIN_R2, STATE_UNDEFINED,
402	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \|
403	SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
404	SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
405	P(HASH), P(VID) \| P(CR),
406	EVENT_SA_REPLACE,
407	FM(unexpected) /* ??? not yet implemented */,
408	.hash_type = V1_HASH_NONE, },
409
410	/* STATE_MAIN_I3: R3 --> done
411	* SMF_PSK_AUTH: HDR*, IDr1, HASH_R --> done
412	* SMF_DS_AUTH: HDR*, IDr1, [ CERT, ] SIG_R --> done
413	* SMF_PKE_AUTH, SMF_RPKE_AUTH: HDR*, HASH_R --> done
414	* May initiate quick mode by calling quick_outI1
415	*/
416	{ STATE_MAIN_I3, STATE_MAIN_I4,
417	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \|
418	SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
419	P(ID) \| P(HASH), P(VID) \| P(CR),
420	EVENT_SA_REPLACE,
421	FM(main_inR3),
422	/* calls oakley_id_and_auth() which calls main_mode_hash() */
423	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
424	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b ) */
425	.hash_type = V1_HASH_NONE, },
426
427	{ STATE_MAIN_I3, STATE_MAIN_I4,
428	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \|
429	SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
430	P(ID) \| P(SIG), P(VID) \| P(CR) \| P(CERT),
431	EVENT_SA_REPLACE,
432	FM(main_inR3),
433	/* calls oakley_id_and_auth() which calls main_mode_hash() */
434	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
435	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b )
436	SIG_R = SIGN(HASH_R) */
437	.hash_type = V1_HASH_NONE, },
438
439	{ STATE_MAIN_I3, STATE_UNDEFINED,
440	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \|
441	SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
442	P(HASH), P(VID) \| P(CR),
443	EVENT_SA_REPLACE,
444	FM(unexpected) /* ??? not yet implemented */,
445	.hash_type = V1_HASH_NONE, },
446
447	/* STATE_MAIN_R3: can only get here due to packet loss */
448	{ STATE_MAIN_R3, STATE_UNDEFINED,
449	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
450	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
451	EVENT_NULL,
452	FM(unexpected),
453	.hash_type = V1_HASH_NONE, },
454
455	/* STATE_MAIN_I4: can only get here due to packet loss */
456	{ STATE_MAIN_I4, STATE_UNDEFINED,
457	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
458	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
459	EVENT_NULL,
460	FM(unexpected),
461	.hash_type = V1_HASH_NONE, },
462
463	/*** Phase 1 Aggressive Mode ***/
464
465	/* No initial state for aggr_outI1:
466	* SMF_DS_AUTH (RFC 2409 5.1) and SMF_PSK_AUTH (RFC 2409 5.4):
467	* -->HDR, SA, KE, Ni, IDii
468	*
469	* Not implemented:
470	* RFC 2409 5.2: --> HDR, SA, [ HASH(1),] KE, <IDii_b>Pubkey_r, <Ni_b>Pubkey_r
471	* RFC 2409 5.3: --> HDR, SA, [ HASH(1),] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDii_b>Ke_i [, <Cert-I_b>Ke_i ]
472	*/
473
474	/* STATE_AGGR_R0:
475	* SMF_PSK_AUTH: HDR, SA, KE, Ni, IDii
476	* --> HDR, SA, KE, Nr, IDir, HASH_R
477	* SMF_DS_AUTH: HDR, SA, KE, Nr, IDii
478	* --> HDR, SA, KE, Nr, IDir, [CERT,] SIG_R
479	*/
480	{ STATE_AGGR_R0, STATE_AGGR_R1,
481	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
482	P(SA) \| P(KE) \| P(NONCE) \| P(ID), P(VID) \| P(NATD_RFC),
483	EVENT_SO_DISCARD,
484	FM(aggr_inI1_outR1),
485	/* N/A */
486	.hash_type = V1_HASH_NONE, },
487
488	/* STATE_AGGR_I1:
489	* SMF_PSK_AUTH: HDR, SA, KE, Nr, IDir, HASH_R
490	* --> HDR*, HASH_I
491	* SMF_DS_AUTH: HDR, SA, KE, Nr, IDir, [CERT,] SIG_R
492	* --> HDR*, [CERT,] SIG_I
493	*/
494	{ STATE_AGGR_I1, STATE_AGGR_I2,
495	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \|
496	SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
497	P(SA) \| P(KE) \| P(NONCE) \| P(ID) \| P(HASH), P(VID) \| P(NATD_RFC),
498	EVENT_SA_REPLACE,
499	FM(aggr_inR1_outI2),
500	/* after DH calls oakley_id_and_auth() which calls main_mode_hash() */
501	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
502	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b ) */
503	.hash_type = V1_HASH_NONE, },
504
505	{ STATE_AGGR_I1, STATE_AGGR_I2,
506	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \|
507	SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
508	P(SA) \| P(KE) \| P(NONCE) \| P(ID) \| P(SIG), P(VID) \| P(NATD_RFC),
509	EVENT_SA_REPLACE,
510	FM(aggr_inR1_outI2),
511	/* after DH calls oakley_id_and_auth() which calls main_mode_hash() */
512	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
513	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b )
514	SIG_R = SIGN(HASH_R) */
515	.hash_type = V1_HASH_NONE, },
516
517	/* STATE_AGGR_R1:
518	* SMF_PSK_AUTH: HDR*, HASH_I --> done
519	* SMF_DS_AUTH: HDR*, SIG_I --> done
520	*/
521	{ STATE_AGGR_R1, STATE_AGGR_R2,
522	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \|
523	SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) \|
524	SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
525	P(HASH), P(VID) \| P(NATD_RFC),
526	EVENT_SA_REPLACE,
527	FM(aggr_inI2),
528	/* calls oakley_id_and_auth() which calls main_mode_hash() */
529	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
530	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b ) */
531	.hash_type = V1_HASH_NONE, },
532
533	{ STATE_AGGR_R1, STATE_AGGR_R2,
534	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \|
535	SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) \|
536	SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
537	P(SIG), P(VID) \| P(NATD_RFC),
538	EVENT_SA_REPLACE,
539	FM(aggr_inI2),
540	/* calls oakley_id_and_auth() which calls main_mode_hash() */
541	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
542	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b )
543	SIG_I = SIGN(HASH_I) */
544	.hash_type = V1_HASH_NONE, },
545
546	/* STATE_AGGR_I2: can only get here due to packet loss */
547	{ STATE_AGGR_I2, STATE_UNDEFINED,
548	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
549	LEMPTY((lset_t)0), LEMPTY((lset_t)0), EVENT_NULL,
550	FM(unexpected),
551	.hash_type = V1_HASH_NONE, },
552
553	/* STATE_AGGR_R2: can only get here due to packet loss */
554	{ STATE_AGGR_R2, STATE_UNDEFINED,
555	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))),
556	LEMPTY((lset_t)0), LEMPTY((lset_t)0), EVENT_NULL,
557	FM(unexpected),
558	.hash_type = V1_HASH_NONE, },
559
560	/*** Phase 2 Quick Mode ***/
561
562	/* No state for quick_outI1:
563	* --> HDR*, HASH(1), SA, Nr [, KE ] [, IDci, IDcr ]
564	*/
565
566	/* STATE_QUICK_R0:
567	* HDR*, HASH(1), SA, Ni [, KE ] [, IDci, IDcr ] -->
568	* HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ]
569	* Installs inbound IPsec SAs.
570	* Because it may suspend for asynchronous DNS, first_out_payload
571	* is set to NONE to suppress early emission of HDR*.
572	* ??? it is legal to have multiple SAs, but we don't support it yet.
573	*/
574	{ STATE_QUICK_R0, STATE_QUICK_R1,
575	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
576	P(HASH) \| P(SA) \| P(NONCE), /* P(SA) \| */ P(KE) \| P(ID) \| P(NATOA_RFC),
577	EVENT_RETRANSMIT,
578	FM(quick_inI1_outR1),
579	/* RFC 2409: 5.5 Phase 2 - Quick Mode:
580	HASH(1) = prf(SKEYID_a, M-ID \| <rest>) */
581	.hash_type = V1_HASH_1, },
582
583	/* STATE_QUICK_I1:
584	* HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ] -->
585	* HDR*, HASH(3)
586	* Installs inbound and outbound IPsec SAs, routing, etc.
587	* ??? it is legal to have multiple SAs, but we don't support it yet.
588	*/
589	{ STATE_QUICK_I1, STATE_QUICK_I2,
590	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
591	P(HASH) \| P(SA) \| P(NONCE), /* P(SA) \| */ P(KE) \| P(ID) \| P(NATOA_RFC),
592	EVENT_SA_REPLACE,
593	FM(quick_inR1_outI2),
594	/* RFC 2409: 5.5 Phase 2 - Quick Mode:
595	HASH(2) = prf(SKEYID_a, M-ID \| Ni_b \| <rest>) */
596	.hash_type = V1_HASH_2, },
597
598	/* STATE_QUICK_R1: HDR*, HASH(3) --> done
599	* Installs outbound IPsec SAs, routing, etc.
600	*/
601	{ STATE_QUICK_R1, STATE_QUICK_R2,
602	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
603	P(HASH), LEMPTY((lset_t)0),
604	EVENT_SA_REPLACE,
605	FM(quick_inI2),
606	/* RFC 2409: 5.5 Phase 2 - Quick Mode:
607	HASH(3) = prf(SKEYID_a, 0 \| M-ID \| Ni_b \| Nr_b) */
608	.hash_type = V1_HASH_3, },
609
610	/* STATE_QUICK_I2: can only happen due to lost packet */
611	{ STATE_QUICK_I2, STATE_UNDEFINED,
612	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
613	SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
614	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
615	EVENT_NULL,
616	FM(unexpected),
617	.hash_type = V1_HASH_NONE, },
618
619	/* STATE_QUICK_R2: can only happen due to lost packet */
620	{ STATE_QUICK_R2, STATE_UNDEFINED,
621	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
622	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
623	EVENT_NULL,
624	FM(unexpected),
625	.hash_type = V1_HASH_NONE, },
626
627	/*** informational messages ***/
628
629	/* Informational Exchange (RFC 2408 4.8):
630	* HDR N/D
631	* Unencrypted: must not occur after ISAKMP Phase 1 exchange of keying material.
632	*/
633	/* STATE_INFO: */
634	{ STATE_INFO, STATE_UNDEFINED,
635	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))),
636	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
637	EVENT_NULL,
638	FM(informational),
639	.hash_type = V1_HASH_NONE, },
640
641	/* Informational Exchange (RFC 2408 4.8):
642	* HDR* N/D
643	*/
644	/* STATE_INFO_PROTECTED: */
645	{ STATE_INFO_PROTECTED, STATE_UNDEFINED,
646	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
647	P(HASH), LEMPTY((lset_t)0),
648	EVENT_NULL,
649	FM(informational),
650	/* RFC 2409: 5.7 ISAKMP Informational Exchanges:
651	HASH(1) = prf(SKEYID_a, M-ID \| N/D) */
652	.hash_type = V1_HASH_1, },
653
654	{ STATE_XAUTH_R0, STATE_XAUTH_R1,
655	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
656	P(MCFG_ATTR) \| P(HASH), P(VID),
657	EVENT_NULL,
658	FM(xauth_inR0),
659	/* RFC ????: */
660	.hash_type = V1_HASH_1, }, /* Re-transmit may be done by previous state */
661
662	{ STATE_XAUTH_R1, STATE_MAIN_R3,
663	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
664	P(MCFG_ATTR) \| P(HASH), P(VID),
665	EVENT_SA_REPLACE,
666	FM(xauth_inR1),
667	/* RFC ????: */
668	.hash_type = V1_HASH_1, },
669
670	#if 0
671	/* for situation where there is XAUTH + ModeCFG */
672	{ STATE_XAUTH_R2, STATE_XAUTH_R3,
673	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
674	P(MCFG_ATTR) \| P(HASH), P(VID),
675	EVENT_SA_REPLACE,
676	FM(xauth_inR2), },
677
678	{ STATE_XAUTH_R3, STATE_MAIN_R3,
679	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
680	P(MCFG_ATTR) \| P(HASH), P(VID),
681	EVENT_SA_REPLACE,
682	FM(xauth_inR3), },
683	#endif
684
685	/* MODE_CFG_x:
686	* Case R0: Responder -> Initiator
687	* <- Req(addr=0)
688	* Reply(ad=x) ->
689	*
690	* Case R1: Set(addr=x) ->
691	* <- Ack(ok)
692	*/
693
694	{ STATE_MODE_CFG_R0, STATE_MODE_CFG_R1,
695	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
696	P(MCFG_ATTR) \| P(HASH), P(VID),
697	EVENT_SA_REPLACE,
698	FM(modecfg_inR0),
699	/* RFC ????: */
700	.hash_type = V1_HASH_1, },
701
702	{ STATE_MODE_CFG_R1, STATE_MODE_CFG_R2,
703	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
704	P(MCFG_ATTR) \| P(HASH), P(VID),
705	EVENT_SA_REPLACE,
706	FM(modecfg_inR1),
707	/* RFC ????: */
708	.hash_type = V1_HASH_1, },
709
710	{ STATE_MODE_CFG_R2, STATE_UNDEFINED,
711	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
712	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
713	EVENT_NULL,
714	FM(unexpected),
715	.hash_type = V1_HASH_NONE, },
716
717	{ STATE_MODE_CFG_I1, STATE_MAIN_I4,
718	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
719	P(MCFG_ATTR) \| P(HASH), P(VID),
720	EVENT_SA_REPLACE,
721	FM(modecfg_inR1),
722	/* RFC ????: */
723	.hash_type = V1_HASH_1, },
724
725	{ STATE_XAUTH_I0, STATE_XAUTH_I1,
726	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
727	P(MCFG_ATTR) \| P(HASH), P(VID),
728	EVENT_RETRANSMIT,
729	FM(xauth_inI0),
730	/* RFC ????: */
731	.hash_type = V1_HASH_1, },
732
733	{ STATE_XAUTH_I1, STATE_MAIN_I4,
734	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
735	P(MCFG_ATTR) \| P(HASH), P(VID),
736	EVENT_RETRANSMIT,
737	FM(xauth_inI1),
738	/* RFC ????: */
739	.hash_type = V1_HASH_1, },
740
741	{ STATE_IKEv1_ROOF, STATE_IKEv1_ROOF,
742	LEMPTY((lset_t)0),
743	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
744	EVENT_NULL, NULL((void*)0),
745	.hash_type = V1_HASH_NONE, },
746
747	#undef FM
748	#undef P
749	};
750
751	void init_ikev1(void)
752	{
753	struct logger logger[1] = { GLOBAL_LOGGER(null_fd)(struct logger) { .where = (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 753}, .global_whackfd = ((struct fd ) ((void)0)), .object = ((void*)0), .object_vec = &logger_global_vec , }, };
754	dbg("checking IKEv1 state table"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("checking IKEv1 state table"); } };
755
756	/*
757	* Fill in FINITE_STATES[].
758	*
759	* This is a hack until each finite-state is a separate object
760	* with corresponding edges (aka microcodes).
761	*
762	* XXX: Long term goal is to have a constant FINITE_STATES[]
763	* contain constant pointers and this static writeable array
764	* to just go away.
765	*/
766	for (enum state_kind kind = STATE_IKEv1_FLOOR; kind < STATE_IKEv1_ROOF; kind++) {
767	/* fill in using static struct */
768	const struct finite_state *fs = &v1_states[kind - STATE_IKEv1_FLOOR];
769	passert(fs->kind == kind){ _Bool assertion__ = fs->kind == kind; if (!assertion__) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 769}, "%s", "fs->kind == kind"); } };
770	passert(finite_states[kind] == NULL){ _Bool assertion__ = finite_states[kind] == ((void*)0); if ( !assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 770}, "%s", "finite_states[kind] == NULL" ); } };
771	finite_states[kind] = fs;
772	}
773
774	/*
775	* Go through the state transition table filling in details
776	* and checking for inconsistencies.
777	*/
778	for (const struct state_v1_microcode *t = v1_state_microcode_table;
779	t->state < STATE_IKEv1_ROOF; t++) {
780
781	passert(t->state >= STATE_IKEv1_FLOOR){ _Bool assertion__ = t->state >= STATE_IKEv1_FLOOR; if (!assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 781}, "%s", "t->state >= STATE_IKEv1_FLOOR" ); } };
782	passert(t->state < STATE_IKEv1_ROOF){ _Bool assertion__ = t->state < STATE_IKEv1_ROOF; if ( !assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 782}, "%s", "t->state < STATE_IKEv1_ROOF" ); } };
783	struct finite_state *from = &v1_states[t->state - STATE_IKEv1_FLOOR];
784
785	/*
786	* Deal with next_state == STATE_UNDEFINED.
787	*
788	* XXX: STATE_UNDEFINED is used when a state
789	* transitions back to the same state; such
790	* transitions should instead explicitly specify that
791	* same state.
792	*/
793	enum state_kind next_state = (t->next_state == STATE_UNDEFINED ?
794	t->state : t->next_state);
795	passert(STATE_IKEv1_FLOOR <= next_state &&{ _Bool assertion__ = STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF; if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 796}, "%s", "STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF" ); } }
796	next_state < STATE_IKEv1_ROOF){ _Bool assertion__ = STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF; if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 796}, "%s", "STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF" ); } };
797	const struct finite_state *to = finite_states[next_state];
798	passert(to != NULL){ _Bool assertion__ = to != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 798}, "%s", "to != NULL"); } };
799
800	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
801	if (from->nr_transitions == 0) {
802	LSWLOG_DEBUG(buf)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), buf = &jambuf ; buf != ((void)0); buf = ((void)0)) for (; buf != ((void) 0); jambuf_to_debug_stream(buf), buf = ((void)0)) {
803	jam_string(buf, " ");
804	lswlog_finite_state(buf, from);
805	jam_string(buf, ":");
806	}
807	}
808	DBG_log(" -> %s %s (%s)", to->short_name,
809	enum_short_name(&timer_event_names,
810	t->timeout_event),
811	t->message);
812	}
813
814	/*
815	* Point .fs_v1_transitions at to the first entry in
816	* v1_state_microcode_table for that state. All other
817	* transitions for that state should follow
818	* immediately after (or to put it another way, the
819	* previous transition's state should be the same as
820	* this).
821	*/
822	if (from->v1_transitions == NULL((void*)0)) {
823	from->v1_transitions = t;
824	} else {
825	passert(t[-1].state == t->state){ _Bool assertion__ = t[-1].state == t->state; if (!assertion__ ) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 825}, "%s", "t[-1].state == t->state" ); } };
826	}
827	from->nr_transitions++;
828
829	if (t->message == NULL((void*)0)) {
830	pexpect_fail(logger, HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 830}, "transition %s -> %s missing .message",
831	from->short_name, to->short_name);
832	}
833
834	/*
835	* Copy (actually merge) the flags that apply to the
836	* state; and not the state transition.
837	*
838	* The original code used something like state
839	* .microcode .flags after the state transition had
840	* completed. I.e., use the flags from a
841	* not-yet-taken potential future state transition and
842	* not the previous one.
843	*
844	* This is just trying to extract them and
845	* check they are consistent.
846	*
847	* XXX: this is confusing
848	*
849	* Should fs_flags and SMF_RETRANSMIT_ON_DUPLICATE
850	* should be replaced by SMF_RESPONDING in the
851	* transition flags?
852	*
853	* Or is this more like .fs_timeout_event which is
854	* always true of a state?
855	*/
856	if ((t->flags & from->flags) != from->flags) {
857	DBGF(DBG_BASE, "transition %s -> %s (%s) missing flags 0x%"PRIxLSET,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("transition %s -> %s (%s) missing flags 0x%" "l" "x", from->short_name, to->short_name, t->message , from->flags); } }
858	from->short_name, to->short_name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("transition %s -> %s (%s) missing flags 0x%" "l" "x", from->short_name, to->short_name, t->message , from->flags); } }
859	t->message, from->flags){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("transition %s -> %s (%s) missing flags 0x%" "l" "x", from->short_name, to->short_name, t->message , from->flags); } };
860	}
861	from->flags \|= t->flags & SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4));
862
863	if (!(t->flags & SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) &&
864	(t->flags & SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))) &&
865	t->processor != unexpected) {
866	/*
867	* The first encrypted message carries
868	* authentication information so isn't
869	* applicable. Other encrypted messages
870	* require integrity via the HASH payload.
871	*/
872	if (!(t->req_payloads & LELEM(ISAKMP_NEXT_HASH)((lset_t)1 << (ISAKMP_NEXT_HASH)))) {
873	pexpect_fail(logger, HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 873},
874	"transition %s -> %s (%s) missing HASH payload",
875	from->short_name, to->short_name,
876	t->message);
877	}
878	if (t->hash_type == V1_HASH_NONE) {
879	pexpect_fail(logger, HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 879},
880	"transition %s -> %s (%s) missing HASH protection",
881	from->short_name, to->short_name,
882	t->message);
883	}
884	}
885	}
886	}
887
888	static stf_status unexpected(struct state st, struct msg_digest md UNUSED__attribute__ ((unused)))
889	{
890	log_state(RC_LOG_SERIOUS, st, "unexpected message received in state %s",
891	st->st_state->name);
892	return STF_IGNORE;
893	}
894
895	/*
896	* RFC 2408 Section 4.6
897	*
898	* # Initiator Direction Responder NOTE
899	* (1) HDR*; N/D => Error Notification or Deletion
900	*/
901	static stf_status informational(struct state st, struct msg_digest md)
902	{
903	/*
904	* XXX: Danger: ST is deleted midway through this function.
905	*/
906	pexpect(st == md->st)({ _Bool assertion__ = st == md->st; if (!assertion__) { log_pexpect ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 906}, "%s", "st == md->st"); } assertion__; });
907	st = md->st; /* may be NULL */
908
909	struct payload_digest *const n_pld = md->chain[ISAKMP_NEXT_N];
910
911	/* If the Notification Payload is not null... */
912	if (n_pld != NULL((void*)0)) {
913	pb_stream *const n_pbs = &n_pld->pbs;
914	struct isakmp_notification *const n =
915	&n_pld->payload.notification;
916
917	/* Switch on Notification Type (enum) */
918	/* note that we _can_ get notification payloads unencrypted
919	* once we are at least in R3/I4.
920	* and that the handler is expected to treat them suspiciously.
921	*/
922	dbg("processing informational %s (%d)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("processing informational %s (%d)", enum_name( &ikev1_notify_names, n->isan_type), n->isan_type); } }
923	enum_name(&ikev1_notify_names, n->isan_type),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("processing informational %s (%d)", enum_name( &ikev1_notify_names, n->isan_type), n->isan_type); } }
924	n->isan_type){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("processing informational %s (%d)", enum_name( &ikev1_notify_names, n->isan_type), n->isan_type); } };
925
926	pstats(ikev1_recv_notifies_e, n->isan_type){ const unsigned __pstat = (n->isan_type); if (__pstat < (sizeof(pstats_ikev1_recv_notifies_e) / sizeof(*(pstats_ikev1_recv_notifies_e )))) { pstats_ikev1_recv_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_recv_notifies_e", __pstat); } };
927
928	switch (n->isan_type) {
929	/*
930	* We answer DPD probes even if they claimed not to support
931	* Dead Peer Detection.
932	* We would have to send some kind of reply anyway to prevent
933	* a retransmit, so rather then send an error, we might as
934	* well just send a DPD reply
935	*/
936	case R_U_THERE:
937	if (st == NULL((void*)0)) {
938	log_md(RC_LOG, md, "received bogus R_U_THERE informational message");
939	return STF_IGNORE;
940	}
941	return dpd_inI_outR(st, n, n_pbs);
942
943	case R_U_THERE_ACK:
944	if (st == NULL((void*)0)) {
945	log_md(RC_LOG, md, "received bogus R_U_THERE_ACK informational message");
946	return STF_IGNORE;
947	}
948	return dpd_inR(st, n, n_pbs);
949
950	case PAYLOAD_MALFORMED:
951	if (st != NULL((void*)0)) {
952	st->hidden_variables.st_malformed_received++;
953
954	log_state(RC_LOG, st, "received %u malformed payload notifies",
955	st->hidden_variables.st_malformed_received);
956
957	if (st->hidden_variables.st_malformed_sent >
958	MAXIMUM_MALFORMED_NOTIFY16 / 2 &&
959	((st->hidden_variables.st_malformed_sent +
960	st->hidden_variables.
961	st_malformed_received) >
962	MAXIMUM_MALFORMED_NOTIFY16)) {
963	log_state(RC_LOG, st, "too many malformed payloads (we sent %u and received %u",
964	st->hidden_variables.st_malformed_sent,
965	st->hidden_variables.st_malformed_received);
966	delete_state(st);
967	md->st = st = NULL((void*)0);
968	}
969	}
970
971	return STF_IGNORE;
972
973	case ISAKMP_N_CISCO_LOAD_BALANCE:
974	/*
975	* ??? what the heck is in the payload?
976	* We take the peer's new IP address from the last 4 octets.
977	* Is anything else possible? Expected? Documented?
978	*/
979	if (st == NULL((void*)0) \|\| !IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0))) {
980	log_md(RC_LOG, md, "ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message with for unestablished state.");
981	} else if (pbs_left(n_pbs)((size_t)((n_pbs)->roof - (n_pbs)->cur)) < 4) {
982	log_state(RC_LOG_SERIOUS, st,
983	"ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message without IPv4 address");
984	} else {
985	/*
986	* Copy (not cast) the last 4 bytes
987	* (size of an IPv4) address from the
988	* end of the notification into IN
989	* (can't cast as can't assume that
990	* ->roof-4 is correctly aligned).
991	*/
992	struct in_addr in;
993	memcpy(&in, n_pbs->roof - sizeof(in), sizeof(in));
994	ip_address new_peer = address_from_in_addr(&in);
995
996	/* is all zeros? */
997	if (address_is_any(&new_peer)) {
998	ipstr_buf b;
999
1000	log_state(RC_LOG_SERIOUS, st,
1001	"ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message with invalid IPv4 address %s",
1002	ipstr(&new_peer, &b));
1003	return FALSE0; /* XXX: STF_? /
1004	}
1005
1006	/* Saving connection name and whack sock id */
1007	const char *tmp_name = st->st_connection->name;
1008	struct fd *tmp_whack_sock = dup_any(st->st_whack_sock)dup_any_fd((st->st_logger->object_whackfd), (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1008});
1009
1010	/* deleting ISAKMP SA with the current remote peer */
1011	delete_state(st);
1012	md->st = st = NULL((void*)0);
1013
1014	/* to find and store the connection associated with tmp_name */
1015	/* ??? how do we know that tmp_name hasn't been freed? */
1016	struct connection tmp_c = conn_by_name(tmp_name, false0/!strict*/);
1017
1018	if (tmp_c == NULL((void*)0))
1019	return STF_IGNORE;
1020
1021	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1022	address_buf npb;
1023	DBG_log("new peer address: %s",
1024	str_address(&new_peer, &npb));
1025
1026	/* Current remote peer info */
1027	int count_spd = 1;
1028	for (const struct spd_route *tmp_spd = &tmp_c->spd;
1029	tmp_spd != NULL((void*)0); tmp_spd = tmp_spd->spd_next) {
1030	address_buf b;
1031	endpoint_buf e;
1032
1033	DBG_log("spd route number: %d",
1034	count_spd++);
1035
1036	/that info/
1037	DBG_log("that id kind: %d",
1038	tmp_spd->that.id.kind);
1039	DBG_log("that id ipaddr: %s",
1040	str_address(&tmp_spd->that.id.ip_addr, &b));
1041	if (tmp_spd->that.id.name.ptr != NULL((void*)0)) {
1042	DBG_dump_hunk("that id name",{ typeof(tmp_spd->that.id. name) hunk_ = tmp_spd->that. id. name; DBG_dump("that id name", hunk_.ptr, hunk_.len); }
1043	tmp_spd->that.id. name){ typeof(tmp_spd->that.id. name) hunk_ = tmp_spd->that. id. name; DBG_dump("that id name", hunk_.ptr, hunk_.len); };
1044	}
1045	DBG_log("that host_addr: %s",
1046	str_endpoint(&tmp_spd->that.host_addr, &e));
1047	DBG_log("that nexthop: %s",
1048	str_address(&tmp_spd->that.host_nexthop, &b));
1049	DBG_log("that srcip: %s",
1050	str_address(&tmp_spd->that.host_srcip, &b));
1051	selector_buf sb;
1052	DBG_log("that client: %s",
1053	str_selector(&tmp_spd->that.client, &sb));
1054	DBG_log("that has_client: %d",
1055	tmp_spd->that.has_client);
1056	DBG_log("that has_port_wildcard: %d",
1057	tmp_spd->that.has_port_wildcard);
1058	DBG_log("that has_id_wildcards: %d",
1059	tmp_spd->that.has_id_wildcards);
1060	}
1061
1062	if (tmp_c->interface != NULL((void*)0)) {
1063	endpoint_buf b;
1064	DBG_log("Current interface_addr: %s",
1065	str_endpoint(&tmp_c->interface->local_endpoint, &b));
1066	}
1067	}
1068
1069	/* save peer's old address for comparison purposes */
1070	ip_address old_addr = tmp_c->spd.that.host_addr;
1071
1072	/* update peer's address */
1073	tmp_c->spd.that.host_addr = new_peer;
1074
1075	/* Modifying connection info to store the redirected remote peer info */
1076	dbg("Old host_addr_name : %s", tmp_c->spd.that.host_addr_name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Old host_addr_name : %s", tmp_c->spd.that. host_addr_name); } };
1077	tmp_c->spd.that.host_addr_name = NULL((void*)0);
1078
1079	/* ??? do we know the id.kind has an ip_addr? */
1080	tmp_c->spd.that.id.ip_addr = new_peer;
1081
1082	/* update things that were the old peer */
1083	ipstr_buf b;
1084	if (sameaddr(&tmp_c->spd.this.host_nexthop,
1085	&old_addr)) {
1086	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1087	DBG_log("this host's next hop %s was the same as the old remote addr",
1088	ipstr(&old_addr, &b));
1089	DBG_log("changing this host's next hop to %s",
1090	ipstr(&new_peer, &b));
1091	}
1092	tmp_c->spd.this.host_nexthop = new_peer;
1093	}
1094
1095	if (sameaddr(&tmp_c->spd.that.host_srcip,
1096	&old_addr)) {
1097	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1098	DBG_log("Old that host's srcip %s was the same as the old remote addr",
1099	ipstr(&old_addr, &b));
1100	DBG_log("changing that host's srcip to %s",
1101	ipstr(&new_peer, &b));
1102	}
1103	tmp_c->spd.that.host_srcip = new_peer;
1104	}
1105
1106	if (sameaddr(&tmp_c->spd.that.client.addr,
1107	&old_addr)) {
1108	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1109	DBG_log("Old that client ip %s was the same as the old remote address",
1110	ipstr(&old_addr, &b));
1111	DBG_log("changing that client's ip to %s",
1112	ipstr(&new_peer, &b));
1113	}
1114	tmp_c->spd.that.client.addr = new_peer;
1115	}
1116
1117	/*
1118	* ??? is this wise? This may changes
1119	* a lot of other connections.
1120	*
1121	* XXX:
1122	*
1123	* As for the old code, preserve the
1124	* existing port. NEW_PEER, an
1125	* address, doesn't have a port and
1126	* presumably the port wasn't
1127	* updated(?).
1128	*/
1129	tmp_c->host_pair->remote = endpoint3(&ip_protocol_udp,
1130	&new_peer,
1131	endpoint_port(&tmp_c->host_pair->remote));
1132
1133	/* Initiating connection to the redirected peer */
1134	initiate_connections_by_name(tmp_name, NULL((void*)0),
1135	tmp_whack_sock,
1136	tmp_whack_sock == NULL((void)0)/guess*/);
1137	close_any(&tmp_whack_sock)close_any_fd((&tmp_whack_sock), (where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 1137});
1138	}
1139	return STF_IGNORE;
1140	default:
1141	{
1142	struct logger logger = (st != NULL((void)0) ? st->st_logger :
1143	md != NULL((void*)0) ? md->md_logger :
1144	&failsafe_logger);
1145	log_message(RC_LOG_SERIOUS, logger,
1146	"received and ignored notification payload: %s",
1147	enum_name(&ikev1_notify_names, n->isan_type));
1148	return STF_IGNORE;
1149	}
1150	}
1151	} else {
1152	/* warn if we didn't find any Delete or Notify payload in packet */
1153	if (md->chain[ISAKMP_NEXT_D] == NULL((void*)0)) {
1154	struct logger logger = (st != NULL((void)0) ? st->st_logger :
1155	md != NULL((void*)0) ? md->md_logger :
1156	&failsafe_logger);
1157	log_message(RC_LOG_SERIOUS, logger,
1158	"received and ignored empty informational notification payload");
1159	}
1160	return STF_IGNORE;
1161	}
1162	}
1163
1164	/*
1165	* create output HDR as replica of input HDR - IKEv1 only; return the body
1166	*/
1167	void ikev1_init_pbs_out_from_md_hdr(struct msg_digest *md, bool_Bool enc,
1168	struct pbs_outpacket_byte_stream output_stream, uint8_t output_buffer,
1169	size_t sizeof_output_buffer,
1170	struct pbs_outpacket_byte_stream *rbody,
1171	struct logger *logger)
1172	{
1173	struct isakmp_hdr hdr = md->hdr; /* mostly same as incoming header */
1174
1175	/* make sure we start with a clean buffer */
1176	*output_stream = open_pbs_out("reply packet", output_buffer, sizeof_output_buffer, logger);
1177
1178	hdr.isa_flags = 0; /* zero all flags */
1179	if (enc)
1180	hdr.isa_flags \|= ISAKMP_FLAGS_v1_ENCRYPTION(1 << 0);
1181
1182	if (impair.send_bogus_isakmp_flag) {
1183	hdr.isa_flags \|= ISAKMP_FLAGS_RESERVED_BIT6(1 << 6);
1184	}
1185
1186	/* there is only one IKEv1 version, and no new one will ever come - no need to set version */
1187	hdr.isa_np = 0;
1188	/* surely must have room and be well-formed */
1189	passert(out_struct(&hdr, &isakmp_hdr_desc, output_stream, rbody)){ _Bool assertion__ = out_struct(&hdr, &isakmp_hdr_desc , output_stream, rbody); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1189}, "%s", "out_struct(&hdr, &isakmp_hdr_desc, output_stream, rbody)" ); } };
1190	}
1191
1192	/*
1193	* Recognise and, if necesssary, respond to an IKEv1 duplicate.
1194	*
1195	* Use .st_state, which is the true current state, and not MD
1196	* .FROM_STATE (which is derived from some convoluted magic) when
1197	* determining if the duplicate should or should not get a response.
1198	*/
1199	static bool_Bool ikev1_duplicate(struct state st, struct msg_digest md)
1200	{
1201	passert(st != NULL){ _Bool assertion__ = st != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1201}, "%s", "st != NULL"); } };
1202	if (st->st_v1_rpacket.ptr != NULL((void*)0) &&
1203	st->st_v1_rpacket.len == pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs )->start)) &&
1204	memeq(st->st_v1_rpacket.ptr, md->packet_pbs.start,(memcmp((st->st_v1_rpacket.ptr), (md->packet_pbs.start) , (st->st_v1_rpacket.len)) == 0)
1205	st->st_v1_rpacket.len)(memcmp((st->st_v1_rpacket.ptr), (md->packet_pbs.start) , (st->st_v1_rpacket.len)) == 0)) {
1206	/*
1207	* Duplicate. Drop or retransmit?
1208	*
1209	* Only re-transmit when the last state transition
1210	* (triggered by this packet the first time) included
1211	* a reply.
1212	*
1213	* XXX: is SMF_RETRANSMIT_ON_DUPLICATE useful or
1214	* correct?
1215	*/
1216	bool_Bool replied = (st->st_v1_last_transition != NULL((void*)0) &&
1217	(st->st_v1_last_transition->flags & SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))));
1218	bool_Bool retransmit_on_duplicate =
1219	(st->st_state->flags & SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)));
1220	if (replied && retransmit_on_duplicate) {
1221	/*
1222	* Transitions with EVENT_SO_DISCARD should
1223	* always respond to re-transmits (why?); else
1224	* cap.
1225	*/
1226	if (st->st_v1_last_transition->timeout_event == EVENT_SO_DISCARD \|\|
1227	count_duplicate(st, MAXIMUM_v1_ACCEPTED_DUPLICATES2)) {
1228	log_state(RC_RETRANSMISSION, st,
1229	"retransmitting in response to duplicate packet; already %s",
1230	st->st_state->name);
1231	resend_recorded_v1_ike_msg(st, "retransmit in response to duplicate");
1232	} else {
1233	log_state(RC_LOG_SERIOUS, st,
1234	"discarding duplicate packet -- exhausted retransmission; already %s",
1235	st->st_state->name);
1236	}
1237	} else {
1238	dbg("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s" , st->st_serialno, st->st_state->name, bool_str(replied ), bool_str(retransmit_on_duplicate)); } }
1239	st->st_serialno, st->st_state->name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s" , st->st_serialno, st->st_state->name, bool_str(replied ), bool_str(retransmit_on_duplicate)); } }
1240	bool_str(replied), bool_str(retransmit_on_duplicate)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s" , st->st_serialno, st->st_state->name, bool_str(replied ), bool_str(retransmit_on_duplicate)); } };
1241	}
1242	return true1;
1243	}
1244	return false0;
1245	}
1246
1247	/* process an input packet, possibly generating a reply.
1248	*
1249	* If all goes well, this routine eventually calls a state-specific
1250	* transition function.
1251	*
1252	* This routine will not release_any_md(mdp). It is expected that its
1253	* caller will do this. In fact, it will zap *mdp to NULL if it thinks
1254	* **mdp should not be freed. So the caller should be prepared for
1255	* *mdp being set to NULL.
1256	*/
1257	void process_v1_packet(struct msg_digest *md)
1258	{
1259	const struct state_v1_microcode *smc;
1260	bool_Bool new_iv_set = FALSE0;
1261	struct state st = NULL((void)0);
1262	enum state_kind from_state = STATE_UNDEFINED; /* state we started in */
1263
1264	#define SEND_NOTIFICATION(t){ { const unsigned __pstat = (t); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e ) / sizeof((pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e [__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e" , __pstat); } }; if (st != ((void)0)) send_notification_from_state (st, from_state, t); else send_notification_from_md(md, t); } \
1265	{ \
1266	pstats(ikev1_sent_notifies_e, t){ const unsigned __pstat = (t); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e ) / sizeof(*(pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e [__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e" , __pstat); } }; \
1267	if (st != NULL((void*)0)) \
1268	send_notification_from_state(st, from_state, t); \
1269	else \
1270	send_notification_from_md(md, t); \
1271	}
1272
1273	#define LOG_PACKET(RC, ...){ if (st != ((void*)0)) { log_state(RC, st, ...); } else { log_md (RC, md, ...); } } \
1274	{ \
1275	if (st != NULL((void*)0)) { \
1276	log_state(RC, st, __VA_ARGS__); \
1277	} else { \
1278	log_md(RC, md, __VA_ARGS__); \
1279	} \
1280	}
1281
1282	switch (md->hdr.isa_xchg) {
1283	case ISAKMP_XCHG_AGGR:
1284	case ISAKMP_XCHG_IDPROT: /* part of a Main Mode exchange */
1285	if (md->hdr.isa_msgid != v1_MAINMODE_MSGID((msgid_t) 0)) {
1286	LOG_PACKET(RC_LOG, "Message ID was 0x%08" PRIx32 " but should be zero in phase 1",{ if (st != ((void*)0)) { log_state(RC_LOG, st, "Message ID was 0x%08" "x" " but should be zero in phase 1", md->hdr.isa_msgid); } else { log_md(RC_LOG, md, "Message ID was 0x%08" "x" " but should be zero in phase 1" , md->hdr.isa_msgid); } }
1287	md->hdr.isa_msgid){ if (st != ((void*)0)) { log_state(RC_LOG, st, "Message ID was 0x%08" "x" " but should be zero in phase 1", md->hdr.isa_msgid); } else { log_md(RC_LOG, md, "Message ID was 0x%08" "x" " but should be zero in phase 1" , md->hdr.isa_msgid); } };
1288	SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID ); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1289	return;
1290	}
1291
1292	if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1293	LOG_PACKET(RC_LOG, "Initiator Cookie must not be zero in phase 1 message"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "Initiator Cookie must not be zero in phase 1 message" ); } else { log_md(RC_LOG, md, "Initiator Cookie must not be zero in phase 1 message" ); } };
1294	SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_COOKIE ); else send_notification_from_md(md, INVALID_COOKIE); };
1295	return;
1296	}
1297
1298	if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1299	/*
1300	* initial message from initiator
1301	*/
1302	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1 << 0)) {
1303	LOG_PACKET(RC_LOG, "initial phase 1 message is invalid: its Encrypted Flag is on"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "initial phase 1 message is invalid: its Encrypted Flag is on" ); } else { log_md(RC_LOG, md, "initial phase 1 message is invalid: its Encrypted Flag is on" ); } };
1304	SEND_NOTIFICATION(INVALID_FLAGS){ { const unsigned __pstat = (INVALID_FLAGS); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_FLAGS ); else send_notification_from_md(md, INVALID_FLAGS); };
1305	return;
1306	}
1307
1308	/*
1309	* If there is already an existing state with
1310	* this ICOOKIE, assume it is some sort of
1311	* re-transmit.
1312	*/
1313	st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1314	md->hdr.isa_msgid);
1315	if (st != NULL((void*)0)) {
1316	so_serial_t old_state = push_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1316});
1317	if (!ikev1_duplicate(st, md)) {
1318	/*
1319	* Not a duplicate for the
1320	* current state; assume that
1321	* this a really old
1322	* re-transmit for an earlier
1323	* state that should be
1324	* discarded.
1325	*/
1326	log_state(RC_LOG, st, "discarding initial packet; already %s",
1327	st->st_state->name);
1328	}
1329	pop_cur_state(old_state)log_pop_state(old_state, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1329});
1330	return;
1331	}
1332	passert(st == NULL){ _Bool assertion__ = st == ((void)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1332}, "%s", "st == NULL"); } }; / new state needed */
1333	/* don't build a state until the message looks tasty */
1334	from_state = (md->hdr.isa_xchg == ISAKMP_XCHG_IDPROT ?
1335	STATE_MAIN_R0 : STATE_AGGR_R0);
1336	} else {
1337	/* not an initial message */
1338
1339	st = find_state_ikev1(&md->hdr.isa_ike_spis,
1340	md->hdr.isa_msgid);
1341
1342	if (st == NULL((void*)0)) {
1343	/*
1344	* perhaps this is a first message
1345	* from the responder and contains a
1346	* responder cookie that we've not yet
1347	* seen.
1348	*/
1349	st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1350	md->hdr.isa_msgid);
1351
1352	if (st == NULL((void*)0)) {
1353	log_md(RC_LOG, md, "phase 1 message is part of an unknown exchange");
1354	/* XXX Could send notification back */
1355	return;
1356	}
1357	}
1358	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1358});
1359	from_state = st->st_state->kind;
1360	}
1361	break;
1362
1363	case ISAKMP_XCHG_INFO: /* an informational exchange */
1364	st = find_v1_info_state(&md->hdr.isa_ike_spis,
1365	v1_MAINMODE_MSGID((msgid_t) 0));
1366
1367	if (st == NULL((void*)0)) {
1368	/*
1369	* might be an informational response to our
1370	* first message, in which case, we don't know
1371	* the rcookie yet.
1372	*/
1373	st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1374	v1_MAINMODE_MSGID((msgid_t) 0));
1375	}
1376
1377	if (st != NULL((void*)0))
1378	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1378});
1379
1380	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1 << 0)) {
1381	bool_Bool quiet = (st == NULL((void*)0));
1382
1383	if (st == NULL((void*)0)) {
1384	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1385	DBG_log("Informational Exchange is for an unknown (expired?) SA with MSGID:0x%08" PRIx32"x",
1386	md->hdr.isa_msgid);
1387	DBG_dump_thing("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:",DBG_dump("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:" , &(md->hdr.isa_ike_spis.initiator), sizeof(md->hdr .isa_ike_spis.initiator))
1388	md->hdr.isa_ike_initiator_spi)DBG_dump("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:" , &(md->hdr.isa_ike_spis.initiator), sizeof(md->hdr .isa_ike_spis.initiator));
1389	DBG_dump_thing("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:",DBG_dump("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:" , &(md->hdr.isa_ike_spis.responder), sizeof(md->hdr .isa_ike_spis.responder))
1390	md->hdr.isa_ike_responder_spi)DBG_dump("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:" , &(md->hdr.isa_ike_spis.responder), sizeof(md->hdr .isa_ike_spis.responder));
1391	}
1392
1393	/* XXX Could send notification back */
1394	return;
1395	}
1396
1397	if (!IS_ISAKMP_ENCRYPTED(st->st_state->kind)((((lset_t)1 << (st->st_state->kind)) & ((((lset_t )1 << (STATE_MAIN_I4)) - ((lset_t)1 << (STATE_MAIN_R2 )) + ((lset_t)1 << (STATE_MAIN_I4))) \| (((lset_t)1 << (STATE_AGGR_R2)) - ((lset_t)1 << (STATE_AGGR_R1)) + (( lset_t)1 << (STATE_AGGR_R2))) \| (((lset_t)1 << (STATE_QUICK_R2 )) - ((lset_t)1 << (STATE_QUICK_R0)) + ((lset_t)1 << (STATE_QUICK_R2))) \| ((lset_t)1 << (STATE_INFO_PROTECTED )) \| (((lset_t)1 << (STATE_XAUTH_I1)) - ((lset_t)1 << (STATE_XAUTH_R0)) + ((lset_t)1 << (STATE_XAUTH_I1))))) != ((lset_t)0))) {
1398	if (!quiet) {
1399	log_state(RC_LOG_SERIOUS, st,
1400	"encrypted Informational Exchange message is invalid because no key is known");
1401	}
1402	/* XXX Could send notification back */
1403	return;
1404	}
1405
1406	if (md->hdr.isa_msgid == v1_MAINMODE_MSGID((msgid_t) 0)) {
1407	if (!quiet) {
1408	log_state(RC_LOG_SERIOUS, st,
1409	"Informational Exchange message is invalid because it has a Message ID of 0");
1410	}
1411	/* XXX Could send notification back */
1412	return;
1413	}
1414
1415	if (!unique_msgid(st, md->hdr.isa_msgid)) {
1416	if (!quiet) {
1417	log_state(RC_LOG_SERIOUS, st,
1418	"Informational Exchange message is invalid because it has a previously used Message ID (0x%08" PRIx32"x" " )",
1419	md->hdr.isa_msgid);
1420	}
1421	/* XXX Could send notification back */
1422	return;
1423	}
1424	st->st_v1_msgid.reserved = FALSE0;
1425
1426	init_phase2_iv(st, &md->hdr.isa_msgid);
1427	new_iv_set = TRUE1;
1428
1429	from_state = STATE_INFO_PROTECTED;
1430	} else {
1431	if (st != NULL((void*)0) &&
1432	IS_ISAKMP_AUTHENTICATED(st->st_state)(STATE_MAIN_R3 <= (st->st_state->kind) && STATE_AGGR_R0 != (st->st_state->kind) && STATE_AGGR_I1 != (st ->st_state->kind))) {
1433	log_state(RC_LOG_SERIOUS, st,
1434	"Informational Exchange message must be encrypted");
1435	/* XXX Could send notification back */
1436	return;
1437	}
1438	from_state = STATE_INFO;
1439	}
1440	break;
1441
1442	case ISAKMP_XCHG_QUICK: /* part of a Quick Mode exchange */
1443
1444	if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1445	dbg("Quick Mode message is invalid because it has an Initiator Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is invalid because it has an Initiator Cookie of 0" ); } };
1446	SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_COOKIE ); else send_notification_from_md(md, INVALID_COOKIE); };
1447	return;
1448	}
1449
1450	if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1451	dbg("Quick Mode message is invalid because it has a Responder Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is invalid because it has a Responder Cookie of 0" ); } };
1452	SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_COOKIE ); else send_notification_from_md(md, INVALID_COOKIE); };
1453	return;
1454	}
1455
1456	if (md->hdr.isa_msgid == v1_MAINMODE_MSGID((msgid_t) 0)) {
1457	dbg("Quick Mode message is invalid because it has a Message ID of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is invalid because it has a Message ID of 0" ); } };
1458	SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID ); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1459	return;
1460	}
1461
1462	st = find_state_ikev1(&md->hdr.isa_ike_spis,
1463	md->hdr.isa_msgid);
1464
1465	if (st == NULL((void*)0)) {
1466	/* No appropriate Quick Mode state.
1467	* See if we have a Main Mode state.
1468	* ??? what if this is a duplicate of another message?
1469	*/
1470	st = find_state_ikev1(&md->hdr.isa_ike_spis,
1471	v1_MAINMODE_MSGID((msgid_t) 0));
1472
1473	if (st == NULL((void*)0)) {
1474	dbg("Quick Mode message is for a non-existent (expired?) ISAKMP SA"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is for a non-existent (expired?) ISAKMP SA" ); } };
1475	/* XXX Could send notification back */
1476	return;
1477	}
1478
1479	if (st->st_oakley.doing_xauth) {
1480	dbg("Cannot do Quick Mode until XAUTH done."){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Cannot do Quick Mode until XAUTH done."); } };
1481	return;
1482	}
1483
1484	/* Have we just given an IP address to peer? */
1485	if (st->st_state->kind == STATE_MODE_CFG_R2) {
1486	/* ISAKMP is up... */
1487	change_state(st, STATE_MAIN_R3);
1488	}
1489
1490	#ifdef SOFTREMOTE_CLIENT_WORKAROUND
1491	/* See: http://popoludnica.pl/?id=10100110 */
1492	if (st->st_state->kind == STATE_MODE_CFG_R1) {
1493	log_state(RC_LOG, st,
1494	"SoftRemote workaround: Cannot do Quick Mode until MODECFG done.");
1495	return;
1496	}
1497	#endif
1498
1499	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1499});
1500
1501	if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0))) {
1502	log_state(RC_LOG_SERIOUS, st,
1503	"Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA");
1504	SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? /){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1505	return;
1506	}
1507
1508	if (!unique_msgid(st, md->hdr.isa_msgid)) {
1509	log_state(RC_LOG_SERIOUS, st,
1510	"Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x%08" PRIx32"x" " (perhaps this is a duplicated packet)",
1511	md->hdr.isa_msgid);
1512	SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID ); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1513	return;
1514	}
1515	st->st_v1_msgid.reserved = FALSE0;
1516
1517	/* Quick Mode Initial IV */
1518	init_phase2_iv(st, &md->hdr.isa_msgid);
1519	new_iv_set = TRUE1;
1520
1521	from_state = STATE_QUICK_R0;
1522	} else {
1523	if (st->st_oakley.doing_xauth) {
1524	log_state(RC_LOG, st, "Cannot do Quick Mode until XAUTH done.");
1525	return;
1526	}
1527	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1527});
1528	from_state = st->st_state->kind;
1529	}
1530
1531	break;
1532
1533	case ISAKMP_XCHG_MODE_CFG:
1534	if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1535	dbg("Mode Config message is invalid because it has an Initiator Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is invalid because it has an Initiator Cookie of 0" ); } };
1536	/* XXX Could send notification back */
1537	return;
1538	}
1539
1540	if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1541	dbg("Mode Config message is invalid because it has a Responder Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is invalid because it has a Responder Cookie of 0" ); } };
1542	/* XXX Could send notification back */
1543	return;
1544	}
1545
1546	if (md->hdr.isa_msgid == 0) {
1547	dbg("Mode Config message is invalid because it has a Message ID of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is invalid because it has a Message ID of 0" ); } };
1548	/* XXX Could send notification back */
1549	return;
1550	}
1551
1552	st = find_v1_info_state(&md->hdr.isa_ike_spis, md->hdr.isa_msgid);
1553
1554	if (st == NULL((void*)0)) {
1555	/* No appropriate Mode Config state.
1556	* See if we have a Main Mode state.
1557	* ??? what if this is a duplicate of another message?
1558	*/
1559	dbg("No appropriate Mode Config state yet. See if we have a Main Mode state"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("No appropriate Mode Config state yet. See if we have a Main Mode state" ); } };
1560
1561	st = find_v1_info_state(&md->hdr.isa_ike_spis, 0);
1562
1563	if (st == NULL((void*)0)) {
1564	dbg("Mode Config message is for a non-existent (expired?) ISAKMP SA"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is for a non-existent (expired?) ISAKMP SA" ); } };
1565	/* XXX Could send notification back */
1566	/* ??? ought to log something (not just DBG)? */
1567	return;
1568	}
1569
1570	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1570});
1571
1572	const struct end *this = &st->st_connection->spd.this;
1573	dbg(" processing received isakmp_xchg_type %s; this is a%s%s%s%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), this ->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1574	enum_show(&ikev1_exchange_names, md->hdr.isa_xchg),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), this ->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1575	this->xauth_server ? " xauthserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), this ->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1576	this->xauth_client ? " xauthclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), this ->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1577	this->modecfg_server ? " modecfgserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), this ->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1578	this->modecfg_client ? " modecfgclient" : ""){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), this ->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } };
1579
1580	if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0))) {
1581	dbg("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)" , st->st_state->name); } }
1582	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)" , st->st_state->name); } };
1583	/* XXX Could send notification back */
1584	return;
1585	}
1586	dbg(" call init_phase2_iv"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" call init_phase2_iv"); } };
1587	init_phase2_iv(st, &md->hdr.isa_msgid);
1588	new_iv_set = TRUE1;
1589
1590	/*
1591	* okay, now we have to figure out if we are receiving a bogus
1592	* new message in an outstanding XAUTH server conversation
1593	* (i.e. a reply to our challenge)
1594	* (this occurs with some broken other implementations).
1595	*
1596	* or if receiving for the first time, an XAUTH challenge.
1597	*
1598	* or if we are getting a MODECFG request.
1599	*
1600	* we distinguish these states because we cannot both be an
1601	* XAUTH server and client, and our policy tells us which
1602	* one we are.
1603	*
1604	* to complicate further, it is normal to start a new msgid
1605	* when going from one state to another, or when restarting
1606	* the challenge.
1607	*
1608	*/
1609
1610	if (this->xauth_server &&
1611	st->st_state->kind == STATE_XAUTH_R1 &&
1612	st->quirks.xauth_ack_msgid) {
1613	from_state = STATE_XAUTH_R1;
1614	dbg(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE" , st->st_state->name); } }
1615	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE" , st->st_state->name); } };
1616	} else if (this->xauth_client &&
1617	IS_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1618	from_state = STATE_XAUTH_I0;
1619	dbg(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE" , st->st_state->name); } }
1620	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE" , st->st_state->name); } };
1621	} else if (this->xauth_client &&
1622	st->st_state->kind == STATE_XAUTH_I1) {
1623	/*
1624	* in this case, we got a new MODECFG message after I0, maybe
1625	* because it wants to start over again.
1626	*/
1627	from_state = STATE_XAUTH_I0;
1628	dbg(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1" , st->st_state->name); } }
1629	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1" , st->st_state->name); } };
1630	} else if (this->modecfg_server &&
1631	IS_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1632	from_state = STATE_MODE_CFG_R0;
1633	dbg(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE" , st->st_state->name); } }
1634	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE" , st->st_state->name); } };
1635	} else if (this->modecfg_client &&
1636	IS_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1637	from_state = STATE_MODE_CFG_R1;
1638	dbg(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE" , st->st_state->name); } }
1639	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE" , st->st_state->name); } };
1640	} else {
1641	dbg("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1642	enum_show(&ikev1_exchange_names, md->hdr.isa_xchg),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1643	st->st_connection ->spd.this.xauth_server ? " xauthserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1644	st->st_connection->spd.this.xauth_client ? " xauthclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1645	st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1646	st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1647	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg), st ->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } };
1648	return;
1649	}
1650	} else {
1651	if (st->st_connection->spd.this.xauth_server &&
1652	IS_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1653	/* Switch from Phase1 to Mode Config */
1654	dbg("We were in phase 1, with no state, so we went to XAUTH_R0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("We were in phase 1, with no state, so we went to XAUTH_R0" ); } };
1655	change_state(st, STATE_XAUTH_R0);
1656	}
1657
1658	/* otherwise, this is fine, we continue in the state we are in */
1659	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1659});
1660	from_state = st->st_state->kind;
1661	}
1662
1663	break;
1664
1665	case ISAKMP_XCHG_NONE:
1666	case ISAKMP_XCHG_BASE:
1667	case ISAKMP_XCHG_AO:
1668	case ISAKMP_XCHG_NGRP:
1669	default:
1670	dbg("unsupported exchange type %s in message",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("unsupported exchange type %s in message", enum_show (&ikev1_exchange_names, md->hdr.isa_xchg)); } }
1671	enum_show(&ikev1_exchange_names, md->hdr.isa_xchg)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("unsupported exchange type %s in message", enum_show (&ikev1_exchange_names, md->hdr.isa_xchg)); } };
1672	SEND_NOTIFICATION(UNSUPPORTED_EXCHANGE_TYPE){ { const unsigned __pstat = (UNSUPPORTED_EXCHANGE_TYPE); if ( __pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(* (pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e [__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e" , __pstat); } }; if (st != ((void*)0)) send_notification_from_state (st, from_state, UNSUPPORTED_EXCHANGE_TYPE); else send_notification_from_md (md, UNSUPPORTED_EXCHANGE_TYPE); };
1673	return;
1674	}
1675
1676	/* We have found a from_state, and perhaps a state object.
1677	* If we need to build a new state object,
1678	* we wait until the packet has been sanity checked.
1679	*/
1680
1681	/* We don't support the Commit Flag. It is such a bad feature.
1682	* It isn't protected -- neither encrypted nor authenticated.
1683	* A man in the middle turns it on, leading to DoS.
1684	* We just ignore it, with a warning.
1685	*/
1686	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_COMMIT(1 << 1))
1687	dbg("IKE message has the Commit Flag set but Pluto doesn't implement this feature due to security concerns; ignoring flag"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKE message has the Commit Flag set but Pluto doesn't implement this feature due to security concerns; ignoring flag" ); } };
1688
1689	/* Handle IKE fragmentation payloads */
1690	if (md->hdr.isa_np == ISAKMP_NEXT_IKE_FRAGMENTATION) {
1691	struct isakmp_ikefrag fraghdr;
1692	int last_frag_index = 0; /* index of the last fragment */
1693	pb_stream frag_pbs;
1694
1695	if (st == NULL((void*)0)) {
1696	dbg("received IKE fragment, but have no state. Ignoring packet."){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment, but have no state. Ignoring packet." ); } };
1697	return;
1698	}
1699
1700	if ((st->st_connection->policy & POLICY_IKE_FRAG_ALLOW((lset_t)1 << (POLICY_IKE_FRAG_ALLOW_IX))) == 0) {
1701	dbg("discarding IKE fragment packet - fragmentation not allowed by local policy (ike_frag=no)"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("discarding IKE fragment packet - fragmentation not allowed by local policy (ike_frag=no)" ); } };
1702	return;
1703	}
1704
1705	if (!in_struct(&fraghdr, &isakmp_ikefrag_desc,
1706	&md->message_pbs, &frag_pbs) \|\|
1707	pbs_room(&frag_pbs)((size_t)((&frag_pbs)->roof - (&frag_pbs)->start )) != fraghdr.isafrag_length \|\|
1708	fraghdr.isafrag_np != ISAKMP_NEXT_NONE \|\|
1709	fraghdr.isafrag_number == 0 \|\|
1710	fraghdr.isafrag_number > 16) {
1711	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1712	return;
1713	}
1714
1715	dbg("received IKE fragment id '%d', number '%u'%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } }
1716	fraghdr.isafrag_id,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } }
1717	fraghdr.isafrag_number,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } }
1718	(fraghdr.isafrag_flags == 1) ? "(last)" : ""){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } };
1719
1720	struct v1_ike_rfrag ike_frag = alloc_thing(struct v1_ike_rfrag, "ike_frag")((struct v1_ike_rfrag) alloc_bytes(sizeof(struct v1_ike_rfrag ), ("ike_frag")));
1721	ike_frag->md = md_addref(md, HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1721});
1722	ike_frag->index = fraghdr.isafrag_number;
1723	ike_frag->last = (fraghdr.isafrag_flags & 1);
1724	ike_frag->size = pbs_left(&frag_pbs)((size_t)((&frag_pbs)->roof - (&frag_pbs)->cur) );
1725	ike_frag->data = frag_pbs.cur;
1726
1727	/* Add the fragment to the state */
1728	struct v1_ike_rfrag **i = &st->st_v1_rfrags;
1729	for (;;) {
1730	if (ike_frag != NULL((void*)0)) {
1731	/* Still looking for a place to insert ike_frag */
1732	if (i == NULL((void)0) \|\|
1733	(*i)->index > ike_frag->index) {
1734	ike_frag->next = *i;
1735	*i = ike_frag;
1736	ike_frag = NULL((void*)0);
1737	} else if ((*i)->index == ike_frag->index) {
1738	/* Replace fragment with same index */
1739	struct v1_ike_rfrag old = i;
1740
1741	ike_frag->next = old->next;
1742	*i = ike_frag;
1743	pexpect(old->md != NULL)({ _Bool assertion__ = old->md != ((void*)0); if (!assertion__ ) { log_pexpect((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1743}, "%s", "old->md != NULL"); } assertion__; });
1744	release_any_md(&old->md)md_delref(&old->md, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1744});
1745	pfree(old);
1746	ike_frag = NULL((void*)0);
1747	}
1748	}
1749
1750	if (i == NULL((void)0))
1751	break;
1752
1753	if ((*i)->last)
1754	last_frag_index = (*i)->index;
1755
1756	i = &(*i)->next;
1757	}
1758
1759	/* We have the last fragment, reassemble if complete */
1760	if (last_frag_index != 0) {
1761	size_t size = 0;
1762	int prev_index = 0;
1763
1764	for (struct v1_ike_rfrag *frag = st->st_v1_rfrags; frag; frag = frag->next) {
1765	size += frag->size;
1766	if (frag->index != ++prev_index) {
1767	break; /* fragment list incomplete */
1768	} else if (frag->index == last_frag_index) {
1769	struct msg_digest *whole_md = alloc_md(frag->md->iface,
1770	&frag->md->sender,
1771	HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1771});
1772	uint8_t *buffer = alloc_bytes(size,
1773	"IKE fragments buffer");
1774	size_t offset = 0;
1775
1776	/* Reassemble fragments in buffer */
1777	frag = st->st_v1_rfrags;
1778	while (frag != NULL((void*)0) &&
1779	frag->index <= last_frag_index)
1780	{
1781	passert(offset + frag->size <={ _Bool assertion__ = offset + frag->size <= size; if ( !assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 1782}, "%s", "offset + frag->size <= size" ); } }
1782	size){ _Bool assertion__ = offset + frag->size <= size; if ( !assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 1782}, "%s", "offset + frag->size <= size" ); } };
1783	memcpy(buffer + offset,
1784	frag->data, frag->size);
1785	offset += frag->size;
1786	frag = frag->next;
1787	}
1788
1789	init_pbs(&whole_md->packet_pbs, buffer, size,
1790	"packet");
1791
1792	process_packet(&whole_md);
1793	release_any_md(&whole_md)md_delref(&whole_md, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1793});
1794	free_v1_message_queues(st);
1795	/* optimize: if receiving fragments, immediately respond with fragments too */
1796	st->st_seen_fragments = TRUE1;
1797	dbg(" updated IKE fragment state to respond using fragments without waiting for re-transmits"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" updated IKE fragment state to respond using fragments without waiting for re-transmits" ); } };
1798	break;
1799	}
1800	}
1801	}
1802
1803	return;
1804	}
1805
1806	/* Set smc to describe this state's properties.
1807	* Look up the appropriate microcode based on state and
1808	* possibly Oakley Auth type.
1809	*/
1810	passert(STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF){ _Bool assertion__ = STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF; if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1810}, "%s", "STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF" ); } };
1811	const struct finite_state *fs = finite_states[from_state];
1812	passert(fs != NULL){ _Bool assertion__ = fs != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1812}, "%s", "fs != NULL"); } };
1813	smc = fs->v1_transitions;
1814	passert(smc != NULL){ _Bool assertion__ = smc != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1814}, "%s", "smc != NULL"); } };
1815
1816	/*
1817	* Find the state's the state transitions that has matching
1818	* authentication.
1819	*
1820	* For states where this makes no sense (eg, quick states
1821	* creating a CHILD_SA), .flags\|=SMF_ALL_AUTH so the first
1822	* (only) one always matches.
1823	*
1824	* XXX: The code assumes that when there is always a match (if
1825	* there isn't the passert() triggers. If needed, bogus
1826	* transitions that log/drop the packet are added to the
1827	* table? Would simply dropping the packets be easier.
1828	*/
1829	if (st != NULL((void*)0)) {
1830	oakley_auth_t baseauth =
1831	xauth_calcbaseauth(st->st_oakley.auth);
1832
1833	while (!LHAS(smc->flags, baseauth)(((smc->flags) & ((lset_t)1 << (baseauth))) != ( (lset_t)0))) {
1834	smc++;
1835	passert(smc->state == from_state){ _Bool assertion__ = smc->state == from_state; if (!assertion__ ) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1835}, "%s", "smc->state == from_state" ); } };
1836	}
1837	}
1838
1839	/*
1840	* XXX: do this earlier? */
1841	if (verbose_state_busy(st))
1842	return;
1843
1844	/*
1845	* Detect and handle duplicated packets. This won't work for
1846	* the initial packet of an exchange because we won't have a
1847	* state object to remember it. If we are in a non-receiving
1848	* state (terminal), and the preceding state did transmit,
1849	* then the duplicate may indicate that that transmission
1850	* wasn't received -- retransmit it. Otherwise, just discard
1851	* it. ??? Notification packets are like exchanges -- I hope
1852	* that they are idempotent!
1853	*
1854	* XXX: do this earlier?
1855	*/
1856	if (st != NULL((void*)0) && ikev1_duplicate(st, md)) {
1857	return;
1858	}
1859
1860	/* save values for use in resumption of processing below.
1861	* (may be suspended due to crypto operation not yet complete)
1862	*/
1863	md->st = st;
1864	md->v1_from_state = from_state;
1865	md->smc = smc;
1866	md->new_iv_set = new_iv_set;
1867
1868	/*
1869	* look for encrypt packets. We cannot handle them if we have not
1870	* yet calculated the skeyids. We will just store the packet in
1871	* the suspended state, since the calculation is likely underway.
1872	*
1873	* note that this differs from above, because skeyid is calculated
1874	* in between states. (or will be, once DH is async)
1875	*
1876	*/
1877	if ((md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1 << 0)) &&
1878	st != NULL((void*)0) &&
1879	!st->hidden_variables.st_skeyid_calculated) {
1880	endpoint_buf b;
1881	dbg("received encrypted packet from %s but exponentiation still in progress",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received encrypted packet from %s but exponentiation still in progress" , str_endpoint(&md->sender, &b)); } }
1882	str_endpoint(&md->sender, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received encrypted packet from %s but exponentiation still in progress" , str_endpoint(&md->sender, &b)); } };
1883
1884	/*
1885	* if there was a previous packet, let it go, and go
1886	* with most recent one.
1887	*/
1888	if (st->st_suspended_md != NULL((void*)0)) {
1889	dbg("releasing suspended operation before completion: %p",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("releasing suspended operation before completion: %p" , st->st_suspended_md); } }
1890	st->st_suspended_md){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("releasing suspended operation before completion: %p" , st->st_suspended_md); } };
1891	release_any_md(&st->st_suspended_md)md_delref(&st->st_suspended_md, (where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 1891});
1892	}
1893	suspend_any_md(st, md){ if (md != ((void)0)) { { if ((cur_debugging & (((lset_t )1 << (DBG_BASE_IX))))) { DBG_log("suspending state #%lu and saving MD %p" , (st)->st_serialno, md); } }; { _Bool assertion__ = (st)-> st_suspended_md == ((void)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1893}, "%s", "(st)->st_suspended_md == NULL"); } }; (st)-> st_suspended_md = md_addref(md, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 1893}); (st)->st_suspended_md_func = __func__; (st)->st_suspended_md_line = 1893; { _Bool assertion__ = state_is_busy(st); if (!assertion__) { lsw_passert_fail((where_t ) { .func = __func__, .basename = "ikev1.c" , .line = 1893}, "%s" , "state_is_busy(st)"); } }; } else { { if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("no MD to suspend" ); } }; } };
1894	return;
1895	}
1896
1897	process_packet_tail(md);
1898	/* our caller will release_any_md(mdp); */
1899	}
1900
1901	/*
1902	* This routine will not release_any_md(mdp). It is expected that its
1903	* caller will do this. In fact, it will zap *mdp to NULL if it thinks
1904	* **mdp should not be freed. So the caller should be prepared for
1905	* *mdp being set to NULL.
1906	*/
1907	void process_packet_tail(struct msg_digest *md)
1908	{
1909	struct state *st = md->st;
1910	enum state_kind from_state = md->v1_from_state;
1911	const struct state_v1_microcode *smc = md->smc;
1912	bool_Bool new_iv_set = md->new_iv_set;
1913	bool_Bool self_delete = FALSE0;
1914
1915	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1 << 0)) {
1916
1917	endpoint_buf b;
1918	dbg("received encrypted packet from %s", str_endpoint(&md->sender, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received encrypted packet from %s", str_endpoint (&md->sender, &b)); } };
1919
1920	if (st == NULL((void*)0)) {
1921	LOG_PACKET(RC_LOG,{ if (st != ((void*)0)) { log_state(RC_LOG, st, "discarding encrypted message for an unknown ISAKMP SA" ); } else { log_md(RC_LOG, md, "discarding encrypted message for an unknown ISAKMP SA" ); } }
1922	"discarding encrypted message for an unknown ISAKMP SA"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "discarding encrypted message for an unknown ISAKMP SA" ); } else { log_md(RC_LOG, md, "discarding encrypted message for an unknown ISAKMP SA" ); } };
1923	return;
1924	}
1925	if (st->st_skeyid_e_nssst_skey_ei_nss == NULL((void*)0)) {
1926	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "discarding encrypted message because we haven't yet negotiated keying material" ); } else { log_md(RC_LOG_SERIOUS, md, "discarding encrypted message because we haven't yet negotiated keying material" ); } }
1927	"discarding encrypted message because we haven't yet negotiated keying material"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "discarding encrypted message because we haven't yet negotiated keying material" ); } else { log_md(RC_LOG_SERIOUS, md, "discarding encrypted message because we haven't yet negotiated keying material" ); } };
1928	return;
1929	}
1930
1931	/* Mark as encrypted */
1932	md->encrypted = TRUE1;
1933
1934	/* do the specified decryption
1935	*
1936	* IV is from st->st_iv or (if new_iv_set) st->st_new_iv.
1937	* The new IV is placed in st->st_new_iv
1938	*
1939	* See RFC 2409 "IKE" Appendix B
1940	*
1941	* XXX The IV should only be updated really if the packet
1942	* is successfully processed.
1943	* We should keep this value, check for a success return
1944	* value from the parsing routines and then replace.
1945	*
1946	* Each post phase 1 exchange generates IVs from
1947	* the last phase 1 block, not the last block sent.
1948	*/
1949	const struct encrypt_desc *e = st->st_oakley.ta_encrypt;
1950
1951	if (pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)) % e->enc_blocksize != 0) {
1952	LOG_PACKET(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed message: not a multiple of encryption blocksize" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed message: not a multiple of encryption blocksize" ); } };
1953	return;
1954	}
1955
1956	/* XXX Detect weak keys */
1957
1958	/* grab a copy of raw packet (for duplicate packet detection) */
1959	md->raw_packet = clone_bytes_as_chunk(md->packet_pbs.start,
1960	pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs )->start)),
1961	"raw packet");
1962
1963	/* Decrypt everything after header */
1964	if (!new_iv_set) {
1965	if (st->st_v1_iv.len == 0) {
1966	init_phase2_iv(st, &md->hdr.isa_msgid);
1967	} else {
1968	/* use old IV */
1969	restore_new_iv(st, st->st_v1_iv){ (st)->st_v1_new_iv = (st->st_v1_iv); };
1970	}
1971	}
1972
1973	passert(st->st_v1_new_iv.len >= e->enc_blocksize){ _Bool assertion__ = st->st_v1_new_iv.len >= e->enc_blocksize ; if (!assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 1973}, "%s", "st->st_v1_new_iv.len >= e->enc_blocksize" ); } };
1974	st->st_v1_new_iv.len = e->enc_blocksize; /* truncate */
1975
1976	if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
1977	DBG_log("decrypting %u bytes using algorithm %s",
1978	(unsigned) pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)),
1979	st->st_oakley.ta_encrypt->common.fqn);
1980	DBG_dump_hunk("IV before:", st->st_v1_new_iv){ typeof(st->st_v1_new_iv) hunk_ = st->st_v1_new_iv; DBG_dump ("IV before:", hunk_.ptr, hunk_.len); };
1981	}
1982	e->encrypt_ops->do_crypt(e, md->message_pbs.cur,
1983	pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)),
1984	st->st_enc_key_nss,
1985	st->st_v1_new_iv.ptr, FALSE0,
1986	st->st_logger);
1987	if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
1988	DBG_dump_hunk("IV after:", st->st_v1_new_iv){ typeof(st->st_v1_new_iv) hunk_ = st->st_v1_new_iv; DBG_dump ("IV after:", hunk_.ptr, hunk_.len); };
1989	DBG_log("decrypted payload (starts at offset %td):",
1990	md->message_pbs.cur - md->message_pbs.roof);
1991	DBG_dump(NULL((void*)0), md->message_pbs.start,
1992	md->message_pbs.roof - md->message_pbs.start);
1993	}
1994	} else {
1995	/* packet was not encryped -- should it have been? */
1996
1997	if (smc->flags & SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))) {
1998	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "packet rejected: should have been encrypted" ); } else { log_md(RC_LOG_SERIOUS, md, "packet rejected: should have been encrypted" ); } }
1999	"packet rejected: should have been encrypted"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "packet rejected: should have been encrypted" ); } else { log_md(RC_LOG_SERIOUS, md, "packet rejected: should have been encrypted" ); } };
2000	SEND_NOTIFICATION(INVALID_FLAGS){ { const unsigned __pstat = (INVALID_FLAGS); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_FLAGS ); else send_notification_from_md(md, INVALID_FLAGS); };
2001	return;
2002	}
2003	}
2004
2005	/* Digest the message.
2006	* Padding must be removed to make hashing work.
2007	* Padding comes from encryption (so this code must be after decryption).
2008	* Padding rules are described before the definition of
2009	* struct isakmp_hdr in packet.h.
2010	*/
2011	{
2012	enum next_payload_types_ikev1 np = md->hdr.isa_np;
2013	lset_t needed = smc->req_payloads;
2014	const char *excuse =
2015	LIN(SMF_PSK_AUTH \| SMF_FIRST_ENCRYPTED_INPUT,(((((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) & (smc->flags)) == (((lset_t )1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))))
2016	smc->flags)(((((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) & (smc->flags)) == (((lset_t )1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)))) ?
2017	"probable authentication failure (mismatch of preshared secrets?): "
2018	:
2019	"";
2020
2021	while (np != ISAKMP_NEXT_NONE) {
2022	struct_desc *sd = v1_payload_desc(np);
2023
2024	if (md->digest_roof >= elemsof(md->digest)(sizeof(md->digest) / sizeof(*(md->digest)))) {
2025	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof((md->digest)))); } else { log_md(RC_LOG_SERIOUS, md, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof(*(md->digest)))); } }
2026	"more than %zu payloads in message; ignored",{ if (st != ((void)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof((md->digest)))); } else { log_md(RC_LOG_SERIOUS, md, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof(*(md->digest)))); } }
2027	elemsof(md->digest)){ if (st != ((void)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof((md->digest)))); } else { log_md(RC_LOG_SERIOUS, md, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof(*(md->digest)))); } };
2028	if (!md->encrypted) {
2029	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2030	}
2031	return;
2032	}
2033	struct payload_digest *const pd = md->digest + md->digest_roof;
2034
2035	/*
2036	* only do this in main mode. In aggressive mode, there
2037	* is no negotiation of NAT-T method. Get it right.
2038	*/
2039	if (st != NULL((void)0) && st->st_connection != NULL((void)0) &&
2040	(st->st_connection->policy & POLICY_AGGRESSIVE((lset_t)1 << (POLICY_AGGRESSIVE_IX))) == LEMPTY((lset_t)0))
2041	{
2042	switch (np) {
2043	case ISAKMP_NEXT_NATD_RFC:
2044	case ISAKMP_NEXT_NATOA_RFC:
2045	if ((st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_RFC))) == LEMPTY((lset_t)0)) {
2046	/*
2047	* don't accept NAT-D/NAT-OA reloc directly in message,
2048	* unless we're using NAT-T RFC
2049	*/
2050	dbg("st_nat_traversal was: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", bitnamesof(natt_bit_names , st->hidden_variables.st_nat_traversal)); } }
2051	bitnamesof(natt_bit_names,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", bitnamesof(natt_bit_names , st->hidden_variables.st_nat_traversal)); } }
2052	st->hidden_variables.st_nat_traversal)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", bitnamesof(natt_bit_names , st->hidden_variables.st_nat_traversal)); } };
2053	sd = NULL((void*)0);
2054	}
2055	break;
2056	default:
2057	break;
2058	}
2059	}
2060
2061	if (sd == NULL((void*)0)) {
2062	/* payload type is out of range or requires special handling */
2063	switch (np) {
2064	case ISAKMP_NEXT_ID:
2065	/* ??? two kinds of ID payloads */
2066	sd = (IS_PHASE1(from_state)(STATE_MAIN_R0 <= (from_state) && (from_state) <= STATE_AGGR_R2) \|\|
2067	IS_PHASE15(from_state)(STATE_XAUTH_R0 <= (from_state) && (from_state) <= STATE_XAUTH_I1)) ?
2068	&isakmp_identification_desc :
2069	&isakmp_ipsec_identification_desc;
2070	break;
2071
2072	case ISAKMP_NEXT_NATD_DRAFTS: /* out of range */
2073	/*
2074	* ISAKMP_NEXT_NATD_DRAFTS was a private use type before RFC-3947.
2075	* Since it has the same format as ISAKMP_NEXT_NATD_RFC,
2076	* just rewrite np and sd, and carry on.
2077	*/
2078	np = ISAKMP_NEXT_NATD_RFC;
2079	sd = &isakmp_nat_d_drafts;
2080	break;
2081
2082	case ISAKMP_NEXT_NATOA_DRAFTS: /* out of range */
2083	/* NAT-OA was a private use type before RFC-3947 -- same format */
2084	np = ISAKMP_NEXT_NATOA_RFC;
2085	sd = &isakmp_nat_oa_drafts;
2086	break;
2087
2088	case ISAKMP_NEXT_SAK: /* or ISAKMP_NEXT_NATD_BADDRAFTS */
2089	/*
2090	* Official standards say that this is ISAKMP_NEXT_SAK,
2091	* a part of Group DOI, something we don't implement.
2092	* Old non-updated Cisco gear abused this number in ancient NAT drafts.
2093	* We ignore (rather than reject) this in support of people
2094	* with crufty Cisco machines.
2095	*/
2096	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } }
2097	"%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } }
2098	excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } };
2099	/*
2100	* Hack to discard payload, whatever it was.
2101	* Since we are skipping the rest of the loop
2102	* body we must do some things ourself:
2103	* - demarshall the payload
2104	* - grab the next payload number (np)
2105	* - don't keep payload (don't increment pd)
2106	* - skip rest of loop body
2107	*/
2108	if (!in_struct(&pd->payload, &isakmp_ignore_desc, &md->message_pbs,
2109	&pd->pbs)) {
2110	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smalformed payload in packet" , excuse); } }
2111	"%smalformed payload in packet",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smalformed payload in packet" , excuse); } }
2112	excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smalformed payload in packet" , excuse); } };
2113	if (!md->encrypted) {
2114	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2115	}
2116	return;
2117	}
2118	np = pd->payload.generic.isag_np;
2119	/* NOTE: we do not increment pd! */
2120	continue; /* skip rest of the loop */
2121
2122	default:
2123	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } else { log_md (RC_LOG_SERIOUS, md, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } }
2124	"%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } else { log_md (RC_LOG_SERIOUS, md, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } }
2125	excuse,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } else { log_md (RC_LOG_SERIOUS, md, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } }
2126	enum_show(&ikev1_payload_names, np)){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } else { log_md (RC_LOG_SERIOUS, md, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np)); } };
2127	if (!md->encrypted) {
2128	SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE){ { const unsigned __pstat = (INVALID_PAYLOAD_TYPE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_PAYLOAD_TYPE ); else send_notification_from_md(md, INVALID_PAYLOAD_TYPE); };
2129	}
2130	return;
2131	}
2132	passert(sd != NULL){ _Bool assertion__ = sd != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2132}, "%s", "sd != NULL"); } };
2133	}
2134
2135	passert(np < LELEM_ROOF){ _Bool assertion__ = np < 64; if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2135}, "%s", "np < LELEM_ROOF"); } };
2136
2137	{
2138	lset_t s = LELEM(np)((lset_t)1 << (np));
2139
2140	if (LDISJOINT(s,(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2141	needed \| smc->opt_payloads \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2142	LELEM(ISAKMP_NEXT_VID) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2143	LELEM(ISAKMP_NEXT_N) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2144	LELEM(ISAKMP_NEXT_D) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2145	LELEM(ISAKMP_NEXT_CR) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2146	LELEM(ISAKMP_NEXT_CERT))(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )) {
2147	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } else { log_md(RC_LOG_SERIOUS, md , "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } }
2148	"%smessage ignored because it contains a payload type (%s) unexpected by state %s",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } else { log_md(RC_LOG_SERIOUS, md , "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } }
2149	excuse,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } else { log_md(RC_LOG_SERIOUS, md , "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } }
2150	enum_show(&ikev1_payload_names, np),{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } else { log_md(RC_LOG_SERIOUS, md , "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } }
2151	finite_states[smc->state]->name){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } else { log_md(RC_LOG_SERIOUS, md , "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np), finite_states [smc->state]->name); } };
2152	if (!md->encrypted) {
2153	SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE){ { const unsigned __pstat = (INVALID_PAYLOAD_TYPE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_PAYLOAD_TYPE ); else send_notification_from_md(md, INVALID_PAYLOAD_TYPE); };
2154	}
2155	return;
2156	}
2157
2158	dbg("got payload 0x%" PRIxLSET" (%s) needed: 0x%" PRIxLSET " opt: 0x%" PRIxLSET,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l" "x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names , np), needed, smc->opt_payloads); } }
2159	s, enum_show(&ikev1_payload_names, np),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l" "x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names , np), needed, smc->opt_payloads); } }
2160	needed, smc->opt_payloads){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l" "x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names , np), needed, smc->opt_payloads); } };
2161	needed &= ~s;
2162	}
2163
2164	/*
2165	* Read in the payload recording what type it
2166	* should be
2167	*/
2168	pd->payload_type = np;
2169	if (!in_struct(&pd->payload, sd, &md->message_pbs,
2170	&pd->pbs)) {
2171	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smalformed payload in packet" , excuse); } }
2172	"%smalformed payload in packet",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smalformed payload in packet" , excuse); } }
2173	excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { log_md(RC_LOG_SERIOUS, md, "%smalformed payload in packet" , excuse); } };
2174	if (!md->encrypted) {
2175	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2176	}
2177	return;
2178	}
2179
2180	/* do payload-type specific debugging */
2181	switch (np) {
2182	case ISAKMP_NEXT_ID:
2183	case ISAKMP_NEXT_NATOA_RFC:
2184	/* dump ID section */
2185	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2186	DBG_dump(" obj: ", pd->pbs.cur,
2187	pbs_left(&pd->pbs)((size_t)((&pd->pbs)->roof - (&pd->pbs)-> cur)));
2188	}
2189	break;
2190	default:
2191	break;
2192	}
2193
2194
2195	/*
2196	* Place payload at the end of the chain for this type.
2197	* This code appears in ikev1.c and ikev2.c.
2198	*/
2199	{
2200	/* np is a proper subscript for chain[] */
2201	passert(np < elemsof(md->chain)){ _Bool assertion__ = np < (sizeof(md->chain) / sizeof( *(md->chain))); if (!assertion__) { lsw_passert_fail((where_t ) { .func = __func__, .basename = "ikev1.c" , .line = 2201}, "%s" , "np < elemsof(md->chain)"); } };
2202	struct payload_digest **p = &md->chain[np];
2203
2204	while (p != NULL((void)0))
2205	p = &(*p)->next;
2206	*p = pd;
2207	pd->next = NULL((void*)0);
2208	}
2209
2210	np = pd->payload.generic.isag_np;
2211	md->digest_roof++;
2212
2213	/* since we've digested one payload happily, it is probably
2214	* the case that any decryption worked. So we will not suggest
2215	* encryption failure as an excuse for subsequent payload
2216	* problems.
2217	*/
2218	excuse = "";
2219	}
2220
2221	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX)))) &&
2222	pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)) != 0) {
2223	DBG_log("removing %d bytes of padding",
2224	(int) pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)));
2225	}
2226
2227	md->message_pbs.roof = md->message_pbs.cur;
2228
2229	/* check that all mandatory payloads appeared */
2230
2231	if (needed != 0) {
2232	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } else { log_md(RC_LOG_SERIOUS, md, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } }
2233	"message for %s is missing payloads %s",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } else { log_md(RC_LOG_SERIOUS, md, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } }
2234	finite_states[from_state]->name,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } else { log_md(RC_LOG_SERIOUS, md, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } }
2235	bitnamesof(payload_name_ikev1, needed)){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } else { log_md(RC_LOG_SERIOUS, md, "message for %s is missing payloads %s" , finite_states[from_state]->name, bitnamesof(payload_name_ikev1 , needed)); } };
2236	if (!md->encrypted) {
2237	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2238	}
2239	return;
2240	}
2241	}
2242
2243	if (!check_v1_HASH(smc->hash_type, smc->message, st, md)) {
2244	/SEND_NOTIFICATION(INVALID_HASH_INFORMATION);/
2245	return;
2246	}
2247
2248	/* more sanity checking: enforce most ordering constraints */
2249
2250	if (IS_PHASE1(from_state)(STATE_MAIN_R0 <= (from_state) && (from_state) <= STATE_AGGR_R2) \|\| IS_PHASE15(from_state)(STATE_XAUTH_R0 <= (from_state) && (from_state) <= STATE_XAUTH_I1)) {
2251	/* rfc2409: The Internet Key Exchange (IKE), 5 Exchanges:
2252	* "The SA payload MUST precede all other payloads in a phase 1 exchange."
2253	*/
2254	if (md->chain[ISAKMP_NEXT_SA] != NULL((void*)0) &&
2255	md->hdr.isa_np != ISAKMP_NEXT_SA) {
2256	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Phase 1 message: does not start with an SA payload" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Phase 1 message: does not start with an SA payload" ); } }
2257	"malformed Phase 1 message: does not start with an SA payload"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Phase 1 message: does not start with an SA payload" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Phase 1 message: does not start with an SA payload" ); } };
2258	if (!md->encrypted) {
2259	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2260	}
2261	return;
2262	}
2263	} else if (IS_QUICK(from_state)(STATE_QUICK_R0 <= (from_state) && (from_state) <= STATE_QUICK_R2)) {
2264	/* rfc2409: The Internet Key Exchange (IKE), 5.5 Phase 2 - Quick Mode
2265	*
2266	* "In Quick Mode, a HASH payload MUST immediately follow the ISAKMP
2267	* header and a SA payload MUST immediately follow the HASH."
2268	* [NOTE: there may be more than one SA payload, so this is not
2269	* totally reasonable. Probably all SAs should be so constrained.]
2270	*
2271	* "If ISAKMP is acting as a client negotiator on behalf of another
2272	* party, the identities of the parties MUST be passed as IDci and
2273	* then IDcr."
2274	*
2275	* "With the exception of the HASH, SA, and the optional ID payloads,
2276	* there are no payload ordering restrictions on Quick Mode."
2277	*/
2278
2279	if (md->hdr.isa_np != ISAKMP_NEXT_HASH) {
2280	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: does not start with a HASH payload" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: does not start with a HASH payload" ); } }
2281	"malformed Quick Mode message: does not start with a HASH payload"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: does not start with a HASH payload" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: does not start with a HASH payload" ); } };
2282	if (!md->encrypted) {
2283	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2284	}
2285	return;
2286	}
2287
2288	{
2289	struct payload_digest *p;
2290	int i;
2291
2292	p = md->chain[ISAKMP_NEXT_SA];
2293	i = 1;
2294	while (p != NULL((void*)0)) {
2295	if (p != &md->digest[i]) {
2296	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: SA payload is in wrong position" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: SA payload is in wrong position" ); } }
2297	"malformed Quick Mode message: SA payload is in wrong position"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: SA payload is in wrong position" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: SA payload is in wrong position" ); } };
2298	if (!md->encrypted) {
2299	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2300	}
2301	return;
2302	}
2303	p = p->next;
2304	i++;
2305	}
2306	}
2307
2308	/* rfc2409: The Internet Key Exchange (IKE), 5.5 Phase 2 - Quick Mode:
2309	* "If ISAKMP is acting as a client negotiator on behalf of another
2310	* party, the identities of the parties MUST be passed as IDci and
2311	* then IDcr."
2312	*/
2313	{
2314	struct payload_digest *id = md->chain[ISAKMP_NEXT_ID];
2315
2316	if (id != NULL((void*)0)) {
2317	if (id->next == NULL((void*)0) \|\|
2318	id->next->next != NULL((void*)0)) {
2319	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } }
2320	"malformed Quick Mode message: if any ID payload is present, there must be exactly two"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } };
2321	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2322	return;
2323	}
2324	if (id + 1 != id->next) {
2325	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: the ID payloads are not adjacent" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: the ID payloads are not adjacent" ); } }
2326	"malformed Quick Mode message: the ID payloads are not adjacent"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: the ID payloads are not adjacent" ); } else { log_md(RC_LOG_SERIOUS, md, "malformed Quick Mode message: the ID payloads are not adjacent" ); } };
2327	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2328	return;
2329	}
2330	}
2331	}
2332	}
2333
2334	/*
2335	* Ignore payloads that we don't handle:
2336	*/
2337	/* XXX Handle Notifications */
2338	{
2339	struct payload_digest *p = md->chain[ISAKMP_NEXT_N];
2340
2341	while (p != NULL((void*)0)) {
2342	switch (p->payload.notification.isan_type) {
2343	case R_U_THERE:
2344	case R_U_THERE_ACK:
2345	case ISAKMP_N_CISCO_LOAD_BALANCE:
2346	case PAYLOAD_MALFORMED:
2347	case INVALID_MESSAGE_ID:
2348	case IPSEC_RESPONDER_LIFETIME:
2349	if (md->hdr.isa_xchg == ISAKMP_XCHG_INFO) {
2350	/* these are handled later on in informational() */
2351	break;
2352	}
2353	/* FALL THROUGH */
2354	default:
2355	if (st == NULL((void*)0)) {
2356	dbg("ignoring informational payload %s, no corresponding state",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ignoring informational payload %s, no corresponding state" , enum_show(& ikev1_notify_names, p->payload.notification .isan_type)); } }
2357	enum_show(& ikev1_notify_names,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ignoring informational payload %s, no corresponding state" , enum_show(& ikev1_notify_names, p->payload.notification .isan_type)); } }
2358	p->payload.notification.isan_type)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ignoring informational payload %s, no corresponding state" , enum_show(& ikev1_notify_names, p->payload.notification .isan_type)); } };
2359	} else {
2360	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type), st->st_v1_msgid.id, p-> payload.notification.isan_length); } else { log_md(RC_LOG_SERIOUS , md, "ignoring informational payload %s, msgid=%08" "x" ", length=%d" , enum_show(&ikev1_notify_names, p->payload.notification .isan_type), st->st_v1_msgid.id, p->payload.notification .isan_length); } }
2361	"ignoring informational payload %s, msgid=%08" PRIx32 ", length=%d",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type), st->st_v1_msgid.id, p-> payload.notification.isan_length); } else { log_md(RC_LOG_SERIOUS , md, "ignoring informational payload %s, msgid=%08" "x" ", length=%d" , enum_show(&ikev1_notify_names, p->payload.notification .isan_type), st->st_v1_msgid.id, p->payload.notification .isan_length); } }
2362	enum_show(&ikev1_notify_names,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type), st->st_v1_msgid.id, p-> payload.notification.isan_length); } else { log_md(RC_LOG_SERIOUS , md, "ignoring informational payload %s, msgid=%08" "x" ", length=%d" , enum_show(&ikev1_notify_names, p->payload.notification .isan_type), st->st_v1_msgid.id, p->payload.notification .isan_length); } }
2363	p->payload.notification.isan_type),{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type), st->st_v1_msgid.id, p-> payload.notification.isan_length); } else { log_md(RC_LOG_SERIOUS , md, "ignoring informational payload %s, msgid=%08" "x" ", length=%d" , enum_show(&ikev1_notify_names, p->payload.notification .isan_type), st->st_v1_msgid.id, p->payload.notification .isan_length); } }
2364	st->st_v1_msgid.id,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type), st->st_v1_msgid.id, p-> payload.notification.isan_length); } else { log_md(RC_LOG_SERIOUS , md, "ignoring informational payload %s, msgid=%08" "x" ", length=%d" , enum_show(&ikev1_notify_names, p->payload.notification .isan_type), st->st_v1_msgid.id, p->payload.notification .isan_length); } }
2365	p->payload.notification.isan_length){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type), st->st_v1_msgid.id, p-> payload.notification.isan_length); } else { log_md(RC_LOG_SERIOUS , md, "ignoring informational payload %s, msgid=%08" "x" ", length=%d" , enum_show(&ikev1_notify_names, p->payload.notification .isan_type), st->st_v1_msgid.id, p->payload.notification .isan_length); } };
2366	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2367	DBG_dump_pbs(&p->pbs)DBG_dump((&p->pbs)->name, (&p->pbs)->start , ((size_t)((&p->pbs)->cur - (&p->pbs)->start )));
2368	}
2369	}
2370	}
2371	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2372	DBG_dump("info:", p->pbs.cur,
2373	pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur )));
2374	}
2375
2376	p = p->next;
2377	}
2378
2379	p = md->chain[ISAKMP_NEXT_D];
2380	while (p != NULL((void*)0)) {
2381	self_delete \|= accept_delete(md, p);
2382	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2383	DBG_dump("del:", p->pbs.cur,
2384	pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur )));
2385	}
2386	if (md->st != st) {
2387	pexpect(md->st == NULL)({ _Bool assertion__ = md->st == ((void*)0); if (!assertion__ ) { log_pexpect((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2387}, "%s", "md->st == NULL"); } assertion__; } );
2388	dbg("zapping ST as accept_delete() zapped MD.ST"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("zapping ST as accept_delete() zapped MD.ST"); } };
2389	st = md->st;
2390	}
2391	p = p->next;
2392	}
2393
2394	p = md->chain[ISAKMP_NEXT_VID];
2395	while (p != NULL((void*)0)) {
2396	handle_vendorid(md, (char *)p->pbs.cur,
2397	pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur )), FALSE0);
2398	p = p->next;
2399	}
2400	}
2401
2402	if (self_delete) {
2403	accept_self_delete(md);
2404	st = md->st;
2405	/* note: st ought to be NULL from here on */
2406	}
2407
2408	pexpect(st == md->st)({ _Bool assertion__ = st == md->st; if (!assertion__) { log_pexpect ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2408}, "%s", "st == md->st"); } assertion__; });
2409	statetime_t start = statetime_start(md->st);
2410	/*
2411	* XXX: danger - the .informational() processor deletes ST;
2412	* and then tunnels this loss through MD.ST.
2413	*/
2414	complete_v1_state_transition(md, smc->processor(st, md));
2415	statetime_stop(&start, "%s()", __func__);
2416	/* our caller will release_any_md(mdp); */
2417	}
2418
2419	/*
2420	* replace previous receive packet with latest, to update
2421	* our notion of a retransmitted packet. This is important
2422	* to do, even for failing transitions, and suspended transitions
2423	* because the sender may well retransmit their request.
2424	* We had better be idempotent since we can be called
2425	* multiple times in handling a packet due to crypto helper logic.
2426	*/
2427	static void remember_received_packet(struct state st, struct msg_digest md)
2428	{
2429	if (md->encrypted) {
2430	/* if encrypted, duplication already done */
2431	if (md->raw_packet.ptr != NULL((void*)0)) {
2432	pfreeany(st->st_v1_rpacket.ptr){ typeof(st->st_v1_rpacket.ptr) pp_ = &(st->st_v1_rpacket .ptr); if (pp_ != ((void)0)) { pfree(pp_); pp_ = ((void) 0); } };
2433	st->st_v1_rpacket = md->raw_packet;
2434	md->raw_packet = EMPTY_CHUNK((const chunk_t) { .ptr = ((void*)0), .len = 0 });
2435	}
2436	} else {
2437	/* this may be a repeat, but it will work */
2438	free_chunk_content(&st->st_v1_rpacket);
2439	st->st_v1_rpacket = clone_bytes_as_chunk(md->packet_pbs.start,
2440	pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs )->start)),
2441	"raw packet");
2442	}
2443	}
2444
2445	/* complete job started by the state-specific state transition function
2446	*
2447	* This routine will not release_any_md(mdp). It is expected that its
2448	* caller will do this. In fact, it will zap *mdp to NULL if it thinks
2449	* **mdp should not be freed. So the caller should be prepared for
2450	* *mdp being set to NULL.
2451	*
2452	* md is used to:
2453	* - find st
2454	* - find from_state (st might be gone)
2455	* - find note for STF_FAIL (might not be part of result (STF_FAIL+note))
2456	* - find note for STF_INTERNAL_ERROR
2457	* - record md->event_already_set
2458	* - remember_received_packet(st, md);
2459	* - nat_traversal_change_port_lookup(md, st);
2460	* - smc for smc->next_state
2461	* - smc for smc->flags & SMF_REPLY to trigger a reply
2462	* - smc for smc->timeout_event
2463	* - smc for !(smc->flags & SMF_INITIATOR) for Contivity mode
2464	* - smc for smc->flags & SMF_RELEASE_PENDING_P2 to trigger unpend call
2465	* - smc for smc->flags & SMF_INITIATOR to adjust retransmission
2466	* - fragvid, dpd, nortel
2467	*/
2468	void complete_v1_state_transition(struct msg_digest *md, stf_status result)
2469	{
2470	passert(md != NULL){ _Bool assertion__ = md != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2470}, "%s", "md != NULL"); } };
2471
2472	/* handle oddball/meta results now */
2473
2474	/*
2475	* statistics; lump all FAILs together
2476	*
2477	* Fun fact: using min() stupidly fails (at least in GCC 8.1.1 with -Werror=sign-compare)
2478	* error: comparison of integer expressions of different signedness: `stf_status' {aka `enum <anonymous>'} and `int'
2479	*/
2480	pstats(ike_stf, PMIN(result, STF_FAIL)){ const unsigned __pstat = (((result) <= (STF_FAIL) ? (result ) : (STF_FAIL))); if (__pstat < (sizeof(pstats_ike_stf) / sizeof (*(pstats_ike_stf)))) { pstats_ike_stf[__pstat]++; } else if ( (cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ike_stf", __pstat); } };
2481
2482	dbg("complete v1 state transition with %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } }
2483	result > STF_FAIL ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } }
2484	enum_name(&ikev1_notify_names, result - STF_FAIL) :{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } }
2485	enum_name(&stf_status_names, result)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } };
2486
2487	switch (result) {
2488	case STF_SUSPEND:
2489	set_cur_state(md->st)log_push_state(md->st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2489}); /* might have changed */
2490	/*
2491	* If this transition was triggered by an incoming
2492	* packet, save it.
2493	*
2494	* XXX: some initiator code creates a fake MD (there
2495	* isn't a real one); save that as well.
2496	*/
2497	suspend_any_md(md->st, md){ if (md != ((void)0)) { { if ((cur_debugging & (((lset_t )1 << (DBG_BASE_IX))))) { DBG_log("suspending state #%lu and saving MD %p" , (md->st)->st_serialno, md); } }; { _Bool assertion__ = (md->st)->st_suspended_md == ((void)0); if (!assertion__ ) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2497}, "%s", "(md->st)->st_suspended_md == NULL" ); } }; (md->st)->st_suspended_md = md_addref(md, (where_t ) { .func = __func__, .basename = "ikev1.c" , .line = 2497}); (md->st)->st_suspended_md_func = __func__; (md->st) ->st_suspended_md_line = 2497; { _Bool assertion__ = state_is_busy (md->st); if (!assertion__) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2497}, "%s" , "state_is_busy(md->st)"); } }; } else { { if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("no MD to suspend" ); } }; } };
2498	return;
2499	case STF_IGNORE:
2500	return;
2501	default:
2502	break;
2503	}
2504
2505	/* safe to refer to md /
2506
2507	enum state_kind from_state = md->v1_from_state;
2508
2509	struct state *st = md->st;
2510	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2510}); /* might have changed */
2511
2512	passert(st != NULL){ _Bool assertion__ = st != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2512}, "%s", "st != NULL"); } };
2513	pexpect(!state_is_busy(st))({ _Bool assertion__ = !state_is_busy(st); if (!assertion__) { log_pexpect((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2513}, "%s", "!state_is_busy(st)"); } assertion__; });
2514
2515	if (result > STF_OK) {
2516	linux_audit_conn(md->st, IS_IKE_SA_ESTABLISHED(md->st)( ((((lset_t)1 << ((md->st)->st_state->kind)) & (((lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << ( STATE_MAIN_I4)) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t )1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0 )) \| ((lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0)) \| ((lset_t)1 << (STATE_MODE_CFG_R1 )) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1)) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA)))) != ((lset_t)0)) \|\| ((((md-> st)->st_state->kind == STATE_V2_ESTABLISHED_IKE_SA) && !((md->st)->st_clonedfrom != 0)) && ((md->st )->st_clonedfrom == 0))) ? LAK_CHILD_FAIL : LAK_PARENT_FAIL);
2517	}
2518
2519	switch (result) {
2520	case STF_OK:
2521	{
2522	/* advance the state */
2523	const struct state_v1_microcode *smc = md->smc;
2524
2525	dbg("doing_xauth:%s, t_xauth_client_done:%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str (st->st_oakley.doing_xauth), bool_str(st->hidden_variables .st_xauth_client_done)); } }
2526	bool_str(st->st_oakley.doing_xauth),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str (st->st_oakley.doing_xauth), bool_str(st->hidden_variables .st_xauth_client_done)); } }
2527	bool_str(st->hidden_variables.st_xauth_client_done)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str (st->st_oakley.doing_xauth), bool_str(st->hidden_variables .st_xauth_client_done)); } };
2528
2529	/* accept info from VID because we accept this message */
2530
2531	/*
2532	* Most of below VIDs only appear Main/Aggr mode, not Quick mode,
2533	* so why are we checking them for each state transition?
2534	*/
2535
2536	if (md->fragvid) {
2537	dbg("peer supports fragmentation"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("peer supports fragmentation"); } };
2538	st->st_seen_fragmentation_supported = TRUE1;
2539	}
2540
2541	if (md->dpd) {
2542	dbg("peer supports DPD"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("peer supports DPD"); } };
2543	st->hidden_variables.st_peer_supports_dpd = TRUE1;
2544	if (dpd_active_locally(st)) {
2545	dbg("DPD is configured locally"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("DPD is configured locally"); } };
2546	}
2547	}
2548
2549	/* If state has VID_NORTEL, import it to activate workaround */
2550	if (md->nortel) {
2551	dbg("peer requires Nortel Contivity workaround"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("peer requires Nortel Contivity workaround"); } };
2552	st->st_seen_nortel_vid = TRUE1;
2553	}
2554
2555	if (!st->st_v1_msgid.reserved &&
2556	IS_CHILD_SA(st)((st)->st_clonedfrom != 0) &&
2557	st->st_v1_msgid.id != v1_MAINMODE_MSGID((msgid_t) 0)) {
2558	struct state *p1st = state_with_serialno(
2559	st->st_clonedfrom);
2560
2561	if (p1st != NULL((void*)0)) {
2562	/* do message ID reservation */
2563	reserve_msgid(p1st, st->st_v1_msgid.id);
2564	}
2565
2566	st->st_v1_msgid.reserved = TRUE1;
2567	}
2568
2569	dbg("IKEv1: transition from state %s to state %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKEv1: transition from state %s to state %s", finite_states[from_state]->name, finite_states[smc->next_state ]->name); } }
2570	finite_states[from_state]->name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKEv1: transition from state %s to state %s", finite_states[from_state]->name, finite_states[smc->next_state ]->name); } }
2571	finite_states[smc->next_state]->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKEv1: transition from state %s to state %s", finite_states[from_state]->name, finite_states[smc->next_state ]->name); } };
2572
2573	change_state(st, smc->next_state);
2574
2575	/*
2576	* XAUTH negotiation without ModeCFG cannot follow the regular
2577	* state machine change as it cannot be determined if the CFG
2578	* payload is "XAUTH OK, no ModeCFG" or "XAUTH OK, expect
2579	* ModeCFG". To the smc, these two cases look identical. So we
2580	* have an ad hoc state change here for the case where
2581	* we have XAUTH but not ModeCFG. We move it to the established
2582	* state, so the regular state machine picks up the Quick Mode.
2583	*/
2584	if (st->st_connection->spd.this.xauth_client &&
2585	st->hidden_variables.st_xauth_client_done &&
2586	!st->st_connection->spd.this.modecfg_client &&
2587	st->st_state->kind == STATE_XAUTH_I1)
2588	{
2589	bool_Bool aggrmode = LHAS(st->st_connection->policy, POLICY_AGGRESSIVE_IX)(((st->st_connection->policy) & ((lset_t)1 << (POLICY_AGGRESSIVE_IX))) != ((lset_t)0));
2590
2591	log_state(RC_LOG, st, "XAUTH completed; ModeCFG skipped as per configuration");
2592	change_state(st, aggrmode ? STATE_AGGR_I2 : STATE_MAIN_I4);
2593	st->st_v1_msgid.phase15 = v1_MAINMODE_MSGID((msgid_t) 0);
2594	}
2595
2596	/* Schedule for whatever timeout is specified */
2597	if (!md->event_already_set) {
2598	/*
2599	* This md variable is hardly ever set.
2600	* Only deals with v1 <-> v2 switching
2601	* which will be removed in the near future anyway
2602	* (PW 2017 Oct 8)
2603	*/
2604	dbg("event_already_set, deleting event"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("event_already_set, deleting event"); } };
2605	/*
2606	* Delete previous retransmission event.
2607	* New event will be scheduled below.
2608	*/
2609	delete_event(st);
2610	clear_retransmits(st);
2611	}
2612
2613	/* Delete IKE fragments */
2614	free_v1_message_queues(st);
2615
2616	/* scrub the previous packet exchange */
2617	free_chunk_content(&st->st_v1_rpacket);
2618	free_chunk_content(&st->st_v1_tpacket);
2619
2620	/* in aggressive mode, there will be no reply packet in transition
2621	* from STATE_AGGR_R1 to STATE_AGGR_R2
2622	*/
2623	if (nat_traversal_enabled && st->st_connection->ikev1_natt != NATT_NONE) {
2624	/* adjust our destination port if necessary */
2625	nat_traversal_change_port_lookup(md, st);
2626	v1_maybe_natify_initiator_endpoints(st, HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2626});
2627	}
2628
2629	/*
2630	* Save both the received packet, and this
2631	* state-transition.
2632	*
2633	* Only when the (last) state transition was a "reply"
2634	* should a duplicate packet trigger a retransmit
2635	* (else they get discarded).
2636	*
2637	* XXX: .st_state .fs_flags & SMF_REPLY can't
2638	* be used because it contains flags for the new state
2639	* not the old-to-new state transition.
2640	*/
2641	remember_received_packet(st, md);
2642	st->st_v1_last_transition = md->smc;
2643
2644	/* if requested, send the new reply packet */
2645	if (smc->flags & SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))) {
2646	endpoint_buf b;
2647	endpoint_buf b2;
2648	pexpect_st_local_endpoint(st);
2649	dbg("sending reply packet to %s (from %s)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint (&st->st_remote_endpoint, &b), str_endpoint(&st ->st_interface->local_endpoint, &b2)); } }
2650	str_endpoint(&st->st_remote_endpoint, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint (&st->st_remote_endpoint, &b), str_endpoint(&st ->st_interface->local_endpoint, &b2)); } }
2651	str_endpoint(&st->st_interface->local_endpoint, &b2)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint (&st->st_remote_endpoint, &b), str_endpoint(&st ->st_interface->local_endpoint, &b2)); } };
2652
2653	close_output_pbs(&reply_stream); /* good form, but actually a no-op */
2654
2655	if (st->st_state->kind == STATE_MAIN_R2 &&
2656	impair.send_no_main_r2) {
2657	/* record-only so we properly emulate packet drop */
2658	record_outbound_v1_ike_msg(st, &reply_stream,
2659	finite_states[from_state]->name);
2660	log_state(RC_LOG, st, "IMPAIR: Skipped sending STATE_MAIN_R2 response packet");
2661	} else {
2662	record_and_send_v1_ike_msg(st, &reply_stream,
2663	finite_states[from_state]->name);
2664	}
2665	}
2666
2667	/* Schedule for whatever timeout is specified */
2668	if (!md->event_already_set) {
2669	dbg("!event_already_set at reschedule"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("!event_already_set at reschedule"); } };
2670	intmax_t delay_ms; /* delay is in milliseconds here */
2671	enum event_type kind = smc->timeout_event;
2672	bool_Bool agreed_time = FALSE0;
2673	struct connection *c = st->st_connection;
2674
2675	/* fixup in case of state machine jump for xauth without modecfg */
2676	if (c->spd.this.xauth_client &&
2677	st->hidden_variables.st_xauth_client_done &&
2678	!c->spd.this.modecfg_client &&
2679	(st->st_state->kind == STATE_MAIN_I4 \|\| st->st_state->kind == STATE_AGGR_I2))
2680	{
2681	dbg("fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE" ); } };
2682	kind = EVENT_SA_REPLACE;
2683	}
2684
2685	switch (kind) {
2686	case EVENT_RETRANSMIT: /* Retransmit packet */
2687	start_retransmits(st);
2688	break;
2689
2690	case EVENT_SA_REPLACE: /* SA replacement event */
2691	if (IS_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2) \|\|
2692	IS_PHASE15(st->st_state->kind)(STATE_XAUTH_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_XAUTH_I1)) {
2693	/* Note: we will defer to the "negotiated" (dictated)
2694	* lifetime if we are POLICY_DONT_REKEY.
2695	* This allows the other side to dictate
2696	* a time we would not otherwise accept
2697	* but it prevents us from having to initiate
2698	* rekeying. The negative consequences seem
2699	* minor.
2700	*/
2701	delay_ms = deltamillisecs(c->sa_ike_life_seconds);
2702	if ((c->policy & POLICY_DONT_REKEY((lset_t)1 << (POLICY_DONT_REKEY_IX))) \|\|
2703	delay_ms >= deltamillisecs(st->st_oakley.life_seconds))
2704	{
2705	agreed_time = TRUE1;
2706	delay_ms = deltamillisecs(st->st_oakley.life_seconds);
2707	}
2708	} else {
2709	/* Delay is min of up to four things:
2710	* each can limit the lifetime.
2711	*/
2712	time_t delay = deltasecs(c->sa_ipsec_life_seconds);
2713
2714	#define clamp_delay(trans) { \
2715	if (st->trans.present && \
2716	delay >= deltasecs(st->trans.attrs.life_seconds)) { \
2717	agreed_time = TRUE1; \
2718	delay = deltasecs(st->trans.attrs.life_seconds); \
2719	} \
2720	}
2721	clamp_delay(st_ah);
2722	clamp_delay(st_esp);
2723	clamp_delay(st_ipcomp);
2724	delay_ms = delay * 1000;
2725	#undef clamp_delay
2726	}
2727
2728	/* By default, we plan to rekey.
2729	*
2730	* If there isn't enough time to rekey, plan to
2731	* expire.
2732	*
2733	* If we are --dontrekey, a lot more rules apply.
2734	* If we are the Initiator, use REPLACE_IF_USED.
2735	* If we are the Responder, and the dictated time
2736	* was unacceptable (too large), plan to REPLACE
2737	* (the only way to ratchet down the time).
2738	* If we are the Responder, and the dictated time
2739	* is acceptable, plan to EXPIRE.
2740	*
2741	* Important policy lies buried here.
2742	* For example, we favour the initiator over the
2743	* responder by making the initiator start rekeying
2744	* sooner. Also, fuzz is only added to the
2745	* initiator's margin.
2746	*
2747	* Note: for ISAKMP SA, we let the negotiated
2748	* time stand (implemented by earlier logic).
2749	*/
2750	if (agreed_time &&
2751	(c->policy & POLICY_DONT_REKEY((lset_t)1 << (POLICY_DONT_REKEY_IX)))) {
2752	kind = (smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) ?
2753	EVENT_v1_SA_REPLACE_IF_USED :
2754	EVENT_SA_EXPIRE;
2755	}
2756	if (kind != EVENT_SA_EXPIRE) {
2757	time_t marg =
2758	deltasecs(c->sa_rekey_margin);
2759
2760	if (smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) {
2761	marg += marg *
2762	c->sa_rekey_fuzz /
2763	100.E0 *
2764	(rand() /
2765	(RAND_MAX2147483647 + 1.E0));
2766	} else {
2767	marg /= 2;
2768	}
2769
2770	if (delay_ms > marg * 1000) {
2771	delay_ms -= marg * 1000;
2772	st->st_replace_margin = deltatime(marg);
2773	} else {
2774	kind = EVENT_SA_EXPIRE;
2775	}
2776	}
2777	/* XXX: DELAY_MS should be a deltatime_t */
2778	event_schedule(kind, deltatime_ms(delay_ms), st);
2779	break;
2780
2781	case EVENT_SO_DISCARD:
2782	event_schedule(EVENT_SO_DISCARD, c->r_timeout, st);
2783	break;
2784
2785	default:
2786	bad_case(kind)libreswan_bad_case("kind", (kind), (where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 2786});
2787	}
2788	}
2789
2790	/* tell whack and log of progress */
2791	{
2792	enum rc_type w;
2793	void (log_details)(struct jambuf buf, struct state *st);
2794
2795	if (IS_IPSEC_SA_ESTABLISHED(st)(((st)->st_clonedfrom != 0) && ((st->st_state-> kind) == STATE_QUICK_I2 \|\| (st->st_state->kind) == STATE_QUICK_R1 \|\| (st->st_state->kind) == STATE_QUICK_R2 \|\| (st->st_state ->kind) == STATE_V2_ESTABLISHED_CHILD_SA))) {
2796	pstat_sa_established(st);
2797	log_details = lswlog_child_sa_established;
2798	w = RC_SUCCESS; /* log our success */
2799	} else if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0))) {
2800	pstat_sa_established(st);
2801	log_details = lswlog_ike_sa_established;
2802	w = RC_SUCCESS; /* log our success */
2803	} else {
2804	log_details = NULL((void*)0);
2805	w = RC_NEW_V1_STATE + st->st_state->kind;
2806	}
2807
2808	passert(st->st_state->kind < STATE_IKEv1_ROOF){ _Bool assertion__ = st->st_state->kind < STATE_IKEv1_ROOF ; if (!assertion__) { lsw_passert_fail((where_t) { .func = __func__ , .basename = "ikev1.c" , .line = 2808}, "%s", "st->st_state->kind < STATE_IKEv1_ROOF" ); } };
2809
2810	/* tell whack and logs our progress */
2811	LOG_JAMBUF(w, st->st_logger, buf)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), buf = &jambuf ; buf != ((void)0); buf = ((void)0)) for (({ if (((w) & STREAM_MASK) != DEBUG_STREAM \|\| (cur_debugging & (((lset_t )1 << (DBG_ADD_PREFIX_IX))))) { (st->st_logger)-> object_vec->jam_object_prefix(buf, (st->st_logger)-> object); } }); buf != ((void)0); jambuf_to_logger(buf, (st-> st_logger), w), buf = ((void)0)) {
2812	jam(buf, "%s", st->st_state->story);
2813	/* document SA details for admin's pleasure */
2814	if (log_details != NULL((void*)0)) {
2815	log_details(buf, st);
2816	}
2817	}
2818	}
2819
2820	/*
2821	* make sure that a DPD event gets created for a new phase 1
2822	* SA.
2823	* Why do we need a DPD event on an IKE SA???
2824	*/
2825	if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0))) {
2826	if (dpd_init(st) != STF_OK) {
2827	log_state(RC_LOG_SERIOUS, st,
2828	"DPD initialization failed - continuing without DPD");
2829	}
2830	}
2831
2832	/* Special case for XAUTH server */
2833	if (st->st_connection->spd.this.xauth_server) {
2834	if (st->st_oakley.doing_xauth &&
2835	IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0))) {
2836	dbg("XAUTH: Sending XAUTH Login/Password Request"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("XAUTH: Sending XAUTH Login/Password Request") ; } };
2837	event_schedule(EVENT_v1_SEND_XAUTH,
2838	deltatime_ms(EVENT_v1_SEND_XAUTH_DELAY_MS80),
2839	st);
2840	break;
2841	}
2842	}
2843
2844	/*
2845	* for XAUTH client, we are also done, because we need to
2846	* stay in this state, and let the server query us
2847	*/
2848	if (!IS_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_QUICK_R2) &&
2849	st->st_connection->spd.this.xauth_client &&
2850	!st->hidden_variables.st_xauth_client_done) {
2851	dbg("XAUTH client is not yet authenticated"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("XAUTH client is not yet authenticated"); } };
2852	break;
2853	}
2854
2855	/*
2856	* when talking to some vendors, we need to initiate a mode
2857	* cfg request to get challenged, but there is also an
2858	* override in the form of a policy bit.
2859	*/
2860	dbg("modecfg pull: %s policy:%s %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2861	(st->quirks.modecfg_pull_mode ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2862	"quirk-poll" : "noquirk"),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2863	(st->st_connection->policy & POLICY_MODECFG_PULL) ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2864	"pull" : "push",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2865	(st->st_connection->spd.this.modecfg_client ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2866	"modecfg-client" : "not-client")){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } };
2867
2868	if (st->st_connection->spd.this.modecfg_client &&
2869	IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0)) &&
2870	(st->quirks.modecfg_pull_mode \|\|
2871	st->st_connection->policy & POLICY_MODECFG_PULL((lset_t)1 << (POLICY_MODECFG_PULL_IX))) &&
2872	!st->hidden_variables.st_modecfg_started) {
2873	dbg("modecfg client is starting due to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg client is starting due to %s", st-> quirks.modecfg_pull_mode ? "quirk" : "policy"); } }
2874	st->quirks.modecfg_pull_mode ? "quirk" :{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg client is starting due to %s", st-> quirks.modecfg_pull_mode ? "quirk" : "policy"); } }
2875	"policy"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg client is starting due to %s", st-> quirks.modecfg_pull_mode ? "quirk" : "policy"); } };
2876	modecfg_send_request(st);
2877	break;
2878	}
2879
2880	/* Should we set the peer's IP address regardless? */
2881	if (st->st_connection->spd.this.modecfg_server &&
2882	IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0)) &&
2883	!st->hidden_variables.st_modecfg_vars_set &&
2884	!(st->st_connection->policy & POLICY_MODECFG_PULL((lset_t)1 << (POLICY_MODECFG_PULL_IX)))) {
2885	change_state(st, STATE_MODE_CFG_R1);
2886	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2886});
2887	log_state(RC_LOG, st, "Sending MODE CONFIG set");
2888	/*
2889	* ??? we ignore the result of modecfg.
2890	* But surely, if it fails, we ought to terminate this exchange.
2891	* What do the RFCs say?
2892	*/
2893	modecfg_start_set(st);
2894	break;
2895	}
2896
2897	/*
2898	* If we are the responder and the client is in "Contivity mode",
2899	* we need to initiate Quick mode
2900	*/
2901	if (!(smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) &&
2902	IS_MODE_CFG_ESTABLISHED(st->st_state)((st->st_state->kind) == STATE_MODE_CFG_R2) &&
2903	(st->st_seen_nortel_vid)) {
2904	log_state(RC_LOG, st, "Nortel 'Contivity Mode' detected, starting Quick Mode");
2905	change_state(st, STATE_MAIN_R3); /* ISAKMP is up... */
2906	set_cur_state(st)log_push_state(st, (where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2906});
2907	quick_outI1(st->st_whack_sockst_logger->object_whackfd, st, st->st_connection,
2908	st->st_connection->policy, 1, SOS_NOBODY0,
2909	NULL((void)0) / Setting NULL as this is responder and will not have sec ctx from a flow*/
2910	);
2911	break;
2912	}
2913
2914	/* wait for modecfg_set */
2915	if (st->st_connection->spd.this.modecfg_client &&
2916	IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0)) &&
2917	!st->hidden_variables.st_modecfg_vars_set) {
2918	dbg("waiting for modecfg set from server"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("waiting for modecfg set from server"); } };
2919	break;
2920	}
2921
2922	dbg("phase 1 is done, looking for phase 2 to unpend"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("phase 1 is done, looking for phase 2 to unpend" ); } };
2923
2924	if (smc->flags & SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6))) {
2925	/* Initiate any Quick Mode negotiations that
2926	* were waiting to piggyback on this Keying Channel.
2927	*
2928	* ??? there is a potential race condition
2929	* if we are the responder: the initial Phase 2
2930	* message might outrun the final Phase 1 message.
2931	*
2932	* so, instead of actually sending the traffic now,
2933	* we schedule an event to do so.
2934	*
2935	* but, in fact, quick_mode will enqueue a cryptographic operation
2936	* anyway, which will get done "later" anyway, so maybe it is just fine
2937	* as it is.
2938	*
2939	*/
2940	unpend(pexpect_ike_sa(st), NULL((void*)0));
2941	}
2942
2943	if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)((((lset_t)1 << (st->st_state->kind)) & (((lset_t )1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)) \| ((lset_t)1 << (STATE_V2_ESTABLISHED_IKE_SA )))) != ((lset_t)0)) \|\|
2944	IS_IPSEC_SA_ESTABLISHED(st)(((st)->st_clonedfrom != 0) && ((st->st_state-> kind) == STATE_QUICK_I2 \|\| (st->st_state->kind) == STATE_QUICK_R1 \|\| (st->st_state->kind) == STATE_QUICK_R2 \|\| (st->st_state ->kind) == STATE_V2_ESTABLISHED_CHILD_SA)))
2945	release_any_whack(st, HERE(where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2945}, "IKEv1 transitions finished");
2946
2947	if (IS_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_QUICK_R2))
2948	break;
2949
2950	break;
2951	}
2952
2953	case STF_INTERNAL_ERROR:
2954	/* update the previous packet history */
2955	remember_received_packet(st, md);
2956	log_state(RC_INTERNALERR + md->v1_note, st,
2957	"state transition function for %s had internal error",
2958	st->st_state->name);
2959	release_pending_whacks(st, "internal error");
2960	break;
2961
2962	case STF_FATAL:
2963	passert(st != NULL){ _Bool assertion__ = st != ((void*)0); if (!assertion__) { lsw_passert_fail ((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2963}, "%s", "st != NULL"); } };
2964	/* update the previous packet history */
2965	remember_received_packet(st, md);
2966	log_state(RC_FATAL, st, "encountered fatal error in state %s",
2967	st->st_state->name);
2968	#ifdef HAVE_NM1
2969	if (st->st_connection->remotepeertype == CISCO &&
2970	st->st_connection->nmconfigured) {
2971	if (!do_command(st->st_connection,
2972	&st->st_connection->spd,
2973	"disconnectNM", st))
2974	dbg("sending disconnect to NM failed, you may need to do it manually"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending disconnect to NM failed, you may need to do it manually" ); } };
2975	}
2976	#endif
2977	release_pending_whacks(st, "fatal error");
2978	delete_state(st);
2979	md->st = st = NULL((void*)0);
2980	break;
2981
2982	default: /* a shortcut to STF_FAIL, setting md->note */
2983	passert(result > STF_FAIL){ _Bool assertion__ = result > STF_FAIL; if (!assertion__) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 2983}, "%s", "result > STF_FAIL"); } };
2984	md->v1_note = result - STF_FAIL;
2985	/* FALL THROUGH */
2986	case STF_FAIL:
2987	{
2988	/* As it is, we act as if this message never happened:
2989	* whatever retrying was in place, remains in place.
2990	*/
2991	/*
2992	* Try to convert the notification into a non-NULL
2993	* string. For NOTHING_WRONG, be vague (at the time
2994	* of writing the enum_names didn't contain
2995	* NOTHING_WRONG, and even if it did "nothing wrong"
2996	* wouldn't exactly help here :-).
2997	*/
2998	const char *notify_name = (md->v1_note == NOTHING_WRONG ? "failed" :
2999	enum_name(&ikev1_notify_names, md->v1_note));
3000	if (notify_name == NULL((void*)0)) {
3001	notify_name = "internal error";
3002	}
3003	/*
3004	* ??? why no call of remember_received_packet?
3005	* Perhaps because the message hasn't been authenticated?
3006	* But then then any duplicate would lose too, I would think.
3007	*/
3008
3009	if (md->v1_note != NOTHING_WRONG) {
3010	/* this will log */
3011	SEND_NOTIFICATION(md->v1_note){ { const unsigned __pstat = (md->v1_note); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, md->v1_note ); else send_notification_from_md(md, md->v1_note); };
3012	} else {
3013	/* XXX: why whack only? */
3014	log_state(WHACK_STREAM \| (RC_NOTIFICATION + md->v1_note), st,
3015	"state transition failed: %s", notify_name);
3016	}
3017
3018	dbg("state transition function for %s failed: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("state transition function for %s failed: %s", st->st_state->name, notify_name); } }
3019	st->st_state->name, notify_name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("state transition function for %s failed: %s", st->st_state->name, notify_name); } };
3020
3021	#ifdef HAVE_NM1
3022	if (st->st_connection->remotepeertype == CISCO &&
3023	st->st_connection->nmconfigured) {
3024	if (!do_command(st->st_connection,
3025	&st->st_connection->spd,
3026	"disconnectNM", st))
3027	dbg("sending disconnect to NM failed, you may need to do it manually"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending disconnect to NM failed, you may need to do it manually" ); } };
3028	}
3029	#endif
3030	if (IS_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_QUICK_R2)) {
3031	delete_state(st);
3032	/* wipe out dangling pointer to st */
3033	md->st = NULL((void*)0);
3034	}
3035	break;
3036	}
3037	}
3038	}
3039
3040	/*
3041	* note: may change which connection is referenced by md->st->st_connection.
3042	* But only if we are a Main Mode Responder.
3043	*/
3044	bool_Bool ikev1_decode_peer_id(struct msg_digest *md, bool_Bool initiator, bool_Bool aggrmode)
3045	{
3046	struct state *const st = md->st;
3047	struct connection *c = st->st_connection;
3048	const struct payload_digest *const id_pld = md->chain[ISAKMP_NEXT_ID];
3049	const struct isakmp_id *const id = &id_pld->payload.id;
3050
3051	/*
3052	* I think that RFC2407 (IPSEC DOI) 4.6.2 is confused.
3053	* It talks about the protocol ID and Port fields of the ID
3054	* Payload, but they don't exist as such in Phase 1.
3055	* We use more appropriate names.
3056	* isaid_doi_specific_a is in place of Protocol ID.
3057	* isaid_doi_specific_b is in place of Port.
3058	* Besides, there is no good reason for allowing these to be
3059	* other than 0 in Phase 1.
3060	*/
3061	if (st->hidden_variables.st_nat_traversal != LEMPTY((lset_t)0) &&
3062	id->isaid_doi_specific_a == IPPROTO_UDPIPPROTO_UDP &&
3063	(id->isaid_doi_specific_b == 0 \|\|
3064	id->isaid_doi_specific_b == NAT_IKE_UDP_PORT4500)) {
3065	dbg("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T" , id->isaid_doi_specific_a, id->isaid_doi_specific_b); } }
3066	id->isaid_doi_specific_a, id->isaid_doi_specific_b){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T" , id->isaid_doi_specific_a, id->isaid_doi_specific_b); } };
3067	} else if (!(id->isaid_doi_specific_a == 0 &&
3068	id->isaid_doi_specific_b == 0) &&
3069	!(id->isaid_doi_specific_a == IPPROTO_UDPIPPROTO_UDP &&
3070	id->isaid_doi_specific_b == IKE_UDP_PORT500))
3071	{
3072	log_state(RC_LOG_SERIOUS, st,
3073	"protocol/port in Phase 1 ID Payload MUST be 0/0 or %d/%d but are %d/%d (attempting to continue)",
3074	IPPROTO_UDPIPPROTO_UDP, IKE_UDP_PORT500,
3075	id->isaid_doi_specific_a,
3076	id->isaid_doi_specific_b);
3077	/*
3078	* We have turned this into a warning because of bugs in other
3079	* vendors' products. Specifically CISCO VPN3000.
3080	*/
3081	/* return FALSE; */
3082	}
3083
3084	struct id peer;
3085
3086	if (!extract_peer_id(id->isaid_idtype, &peer, &id_pld->pbs))
3087	return FALSE0;
3088
3089	if (c->spd.that.id.kind == ID_FROMCERT) {
3090	/* breaks API, connection modified by %fromcert */
3091	duplicate_id(&c->spd.that.id, &peer);
3092	}
3093
3094	/*
3095	* For interop with SoftRemote/aggressive mode we need to remember some
3096	* things for checking the hash
3097	*/
3098	st->st_peeridentity_protocol = id->isaid_doi_specific_a;
3099	st->st_peeridentity_port = ntohs(id->isaid_doi_specific_b);
3100
3101	{
3102	id_buf buf;
3103
3104	log_state(RC_LOG, st, "Peer ID is %s: '%s'",
3105	enum_show(&ike_idtype_names, id->isaid_idtype),
3106	str_id(&peer, &buf));
3107	}
3108
3109	/* check for certificates */
3110	if (!v1_verify_certs(md)) {
3111	log_state(RC_LOG, st, "X509: CERT payload does not match connection ID");
3112	if (initiator \|\| aggrmode) {
3113	/* cannot switch connection so fail */
3114	return false0;
3115	}
3116	}
3117
3118	/* check for certificate requests */
3119	ikev1_decode_cr(md);
3120
3121	/*
3122	* Now that we've decoded the ID payload, let's see if we
3123	* need to switch connections.
3124	* Aggressive mode cannot switch connections.
3125	* We must not switch horses if we initiated:
3126	* - if the initiation was explicit, we'd be ignoring user's intent
3127	* - if opportunistic, we'll lose our HOLD info
3128	*/
3129
3130	if (initiator) {
3131	if (!st->st_peer_alt_id &&
3132	!same_id(&c->spd.that.id, &peer) &&
3133	c->spd.that.id.kind != ID_FROMCERT) {
3134	id_buf expect;
3135	id_buf found;
3136
3137	log_state(RC_LOG_SERIOUS, st,
3138	"we require IKEv1 peer to have ID '%s', but peer declares '%s'",
3139	str_id(&c->spd.that.id, &expect),
3140	str_id(&peer, &found));
3141	return FALSE0;
3142	} else if (c->spd.that.id.kind == ID_FROMCERT) {
3143	if (peer.kind != ID_DER_ASN1_DN) {
3144	log_state(RC_LOG_SERIOUS, st,
3145	"peer ID is not a certificate type");
3146	return FALSE0;
3147	}
3148	duplicate_id(&c->spd.that.id, &peer);
3149	}
3150	} else if (!aggrmode) {
3151	/* Main Mode Responder */
3152	uint16_t auth = xauth_calcbaseauth(st->st_oakley.auth);
3153	lset_t auth_policy;
3154
3155	switch (auth) {
3156	case OAKLEY_PRESHARED_KEY:
3157	auth_policy = POLICY_PSK((lset_t)1 << (POLICY_PSK_IX));
3158	break;
3159	case OAKLEY_RSA_SIG:
3160	auth_policy = POLICY_RSASIG((lset_t)1 << (POLICY_RSASIG_IX));
3161	break;
3162	/* Not implemented */
3163	case OAKLEY_DSS_SIG:
3164	case OAKLEY_RSA_ENC:
3165	case OAKLEY_RSA_REVISED_MODE:
3166	case OAKLEY_ECDSA_P256:
3167	case OAKLEY_ECDSA_P384:
3168	case OAKLEY_ECDSA_P521:
3169	default:
3170	dbg("ikev1 ike_decode_peer_id bad_case due to not supported policy"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ikev1 ike_decode_peer_id bad_case due to not supported policy" ); } };
3171	return FALSE0;
3172	}
3173
3174	bool_Bool fromcert;
3175	struct connection *r =
3176	refine_host_connection(st, &peer,
3177	NULL((void)0), / IKEv1 does not support 'you Tarzan, me Jane' */
3178	FALSE0, /* we are responder */
3179	auth_policy,
3180	AUTHBY_UNSET, /* ikev2 only */
3181	&fromcert);
3182
3183	if (r == NULL((void*)0)) {
3184	id_buf buf;
3185	dbg("no more suitable connection for peer '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("no more suitable connection for peer '%s'", str_id (&peer, &buf)); } }
3186	str_id(&peer, &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("no more suitable connection for peer '%s'", str_id (&peer, &buf)); } };
3187	/* can we continue with what we had? */
3188	if (!md->st->st_peer_alt_id &&
3189	!same_id(&c->spd.that.id, &peer) &&
3190	c->spd.that.id.kind != ID_FROMCERT) {
3191	log_state(RC_LOG, md->st, "Peer mismatch on first found connection and no better connection found");
3192	return FALSE0;
3193	} else {
3194	dbg("Peer ID matches and no better connection found - continuing with existing connection"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Peer ID matches and no better connection found - continuing with existing connection" ); } };
3195	r = c;
3196	}
3197	}
3198
3199	dn_buf buf;
3200	dbg("offered CA: '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("offered CA: '%s'", str_dn_or_null(r->spd.this .ca, "%none", &buf)); } }
3201	str_dn_or_null(r->spd.this.ca, "%none", &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("offered CA: '%s'", str_dn_or_null(r->spd.this .ca, "%none", &buf)); } };
3202
3203	if (r != c) {
3204	/*
3205	* We are changing st->st_connection!
3206	* Our caller might be surprised!
3207	*/
3208	connection_buf b1, b2;
3209
3210	/* apparently, r is an improvement on c -- replace */
3211	log_state(RC_LOG, st, "switched from "PRI_CONNECTION"\"%s\"%s"" to "PRI_CONNECTION"\"%s\"%s""",
3212	pri_connection(c, &b1)(c)->name, str_connection_instance(c, &b1), pri_connection(r, &b2)(r)->name, str_connection_instance(r, &b2));
3213
3214	if (r->kind == CK_TEMPLATE \|\| r->kind == CK_GROUP) {
3215	/* instantiate it, filling in peer's ID */
3216	r = rw_instantiate(r, &c->spd.that.host_addr,
3217	NULL((void*)0),
3218	&peer);
3219	}
3220
3221	update_state_connection(st, r);
3222	c = r; /* c not subsequently used */
	Value stored to 'c' is never read
3223	/* redo from scratch so we read and check CERT payload */
3224	dbg("retrying ike_decode_peer_id() with new conn"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("retrying ike_decode_peer_id() with new conn") ; } };
3225	passert(!initiator && !aggrmode){ _Bool assertion__ = !initiator && !aggrmode; if (!assertion__ ) { lsw_passert_fail((where_t) { .func = __func__, .basename = "ikev1.c" , .line = 3225}, "%s", "!initiator && !aggrmode" ); } };
3226	return ikev1_decode_peer_id(md, FALSE0, FALSE0);
3227	} else if (c->spd.that.has_id_wildcards) {
3228	duplicate_id(&c->spd.that.id, &peer);
3229	c->spd.that.has_id_wildcards = FALSE0;
3230	} else if (fromcert) {
3231	dbg("copying ID for fromcert"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("copying ID for fromcert"); } };
3232	duplicate_id(&c->spd.that.id, &peer);
3233	}
3234	}
3235
3236	return TRUE1;
3237	}
3238
3239	bool_Bool ikev1_ship_chain(chunk_t chain, int n, pb_stream outs,
3240	uint8_t type)
3241	{
3242	for (int i = 0; i < n; i++) {
3243	if (!ikev1_ship_CERT(type, chain[i], outs))
3244	return false0;
3245	}
3246
3247	return true1;
3248	}
3249
3250	void doi_log_cert_thinking(uint16_t auth,
3251	enum ike_cert_type certtype,
3252	enum certpolicy policy,
3253	bool_Bool gotcertrequest,
3254	bool_Bool send_cert,
3255	bool_Bool send_chain)
3256	{
3257	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
3258	DBG_log("thinking about whether to send my certificate:");
3259
3260	struct esb_buf oan;
3261	struct esb_buf ictn;
3262
3263	DBG_log(" I have RSA key: %s cert.type: %s ",
3264	enum_showb(&oakley_auth_names, auth, &oan),
3265	enum_showb(&ike_cert_type_names, certtype, &ictn));
3266
3267	struct esb_buf cptn;
3268
3269	DBG_log(" sendcert: %s and I did%s get a certificate request ",
3270	enum_showb(&certpolicy_type_names, policy, &cptn),
3271	gotcertrequest ? "" : " not");
3272
3273	DBG_log(" so %ssend cert.", send_cert ? "" : "do not ");
3274
3275	if (!send_cert) {
3276	if (auth == OAKLEY_PRESHARED_KEY) {
3277	DBG_log("I did not send a certificate because digital signatures are not being used. (PSK)");
3278	} else if (certtype == CERT_NONE) {
3279	DBG_log("I did not send a certificate because I do not have one.");
3280	} else if (policy == CERT_SENDIFASKED) {
3281	DBG_log("I did not send my certificate because I was not asked to.");
3282	} else {
3283	DBG_log("INVALID AUTH SETTING: %d", auth);
3284	}
3285	}
3286	if (send_chain)
3287	DBG_log("Sending one or more authcerts");
3288	}
3289	}
3290	/*
3291	* Reply messages are built in this nasty evil global buffer.
3292	*
3293	* Only one packet can be built at a time. That should be ok as
3294	* packets are only built on the main thread and code and a packet is
3295	* created using a single operation.
3296	*
3297	* In the good old days code would partially construct a packet,
3298	* wonder off to do crypto and process other packets, and then assume
3299	* things could be picked up where they were left off. Code to make
3300	* that work (saving restoring the buffer, re-initializing the buffer
3301	* in strange places, ....) has all been removed.
3302	*
3303	* Something else that should go is global access to REPLY_STREAM.
3304	* Instead all code should use open_reply_stream() and a reference
3305	* with only local scope. This should reduce the odds of code
3306	* meddling in reply_stream on the sly.
3307	*
3308	* Another possibility is to move the buffer onto the stack. However,
3309	* the PBS is 64K and that isn't so good for small machines. Then
3310	* again the send.[hc] and demux[hc] code both allocate 64K stack
3311	* buffers already. Oops.
3312	*/
3313
3314	pb_stream reply_stream;